From 74aa0bc6779af38018a03fd2cf4419fe85917904 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 07:31:45 +0200 Subject: Adding upstream version 2.9.4. Signed-off-by: Daniel Baumann --- src/man/Makefile.am | 270 + src/man/Makefile.in | 1075 + src/man/br/include/ad_modified_defaults.xml | 104 + src/man/br/include/autofs_attributes.xml | 66 + src/man/br/include/autofs_restart.xml | 5 + src/man/br/include/debug_levels.xml | 97 + src/man/br/include/debug_levels_tools.xml | 77 + src/man/br/include/failover.xml | 120 + src/man/br/include/homedir_substring.xml | 17 + src/man/br/include/ipa_modified_defaults.xml | 123 + src/man/br/include/krb5_options.xml | 153 + src/man/br/include/ldap_id_mapping.xml | 284 + src/man/br/include/ldap_search_bases.xml | 31 + src/man/br/include/local.xml | 17 + src/man/br/include/override_homedir.xml | 78 + src/man/br/include/param_help.xml | 10 + src/man/br/include/param_help_py.xml | 10 + src/man/br/include/seealso.xml | 49 + src/man/br/include/service_discovery.xml | 41 + src/man/br/include/upstream.xml | 3 + src/man/ca/include/ad_modified_defaults.xml | 104 + src/man/ca/include/autofs_attributes.xml | 66 + src/man/ca/include/autofs_restart.xml | 5 + src/man/ca/include/debug_levels.xml | 103 + src/man/ca/include/debug_levels_tools.xml | 82 + src/man/ca/include/failover.xml | 120 + src/man/ca/include/homedir_substring.xml | 17 + src/man/ca/include/ipa_modified_defaults.xml | 123 + src/man/ca/include/krb5_options.xml | 153 + src/man/ca/include/ldap_id_mapping.xml | 284 + src/man/ca/include/ldap_search_bases.xml | 31 + src/man/ca/include/local.xml | 17 + src/man/ca/include/override_homedir.xml | 78 + src/man/ca/include/param_help.xml | 10 + src/man/ca/include/param_help_py.xml | 10 + src/man/ca/include/seealso.xml | 49 + src/man/ca/include/service_discovery.xml | 41 + src/man/ca/include/upstream.xml | 3 + src/man/ca/sss_obfuscate.8.xml | 98 + src/man/ca/sss_rpcidmapd.5.xml | 113 + src/man/ca/sss_seed.8.xml | 169 + src/man/ca/sssd-simple.5.xml | 154 + src/man/cs/include/ad_modified_defaults.xml | 104 + src/man/cs/include/autofs_attributes.xml | 66 + src/man/cs/include/autofs_restart.xml | 5 + src/man/cs/include/debug_levels.xml | 97 + src/man/cs/include/debug_levels_tools.xml | 77 + src/man/cs/include/failover.xml | 120 + src/man/cs/include/homedir_substring.xml | 17 + src/man/cs/include/ipa_modified_defaults.xml | 123 + src/man/cs/include/krb5_options.xml | 153 + src/man/cs/include/ldap_id_mapping.xml | 284 + src/man/cs/include/ldap_search_bases.xml | 31 + src/man/cs/include/local.xml | 17 + src/man/cs/include/override_homedir.xml | 78 + src/man/cs/include/param_help.xml | 10 + src/man/cs/include/param_help_py.xml | 10 + src/man/cs/include/seealso.xml | 49 + src/man/cs/include/service_discovery.xml | 41 + src/man/cs/include/upstream.xml | 3 + src/man/de/include/ad_modified_defaults.xml | 104 + src/man/de/include/autofs_attributes.xml | 66 + src/man/de/include/autofs_restart.xml | 6 + src/man/de/include/debug_levels.xml | 100 + src/man/de/include/debug_levels_tools.xml | 80 + src/man/de/include/failover.xml | 125 + src/man/de/include/homedir_substring.xml | 18 + src/man/de/include/ipa_modified_defaults.xml | 123 + src/man/de/include/krb5_options.xml | 161 + src/man/de/include/ldap_id_mapping.xml | 294 + src/man/de/include/ldap_search_bases.xml | 33 + src/man/de/include/local.xml | 18 + src/man/de/include/override_homedir.xml | 79 + src/man/de/include/param_help.xml | 10 + src/man/de/include/param_help_py.xml | 10 + src/man/de/include/seealso.xml | 49 + src/man/de/include/service_discovery.xml | 43 + src/man/de/include/upstream.xml | 3 + src/man/de/sss_obfuscate.8.xml | 97 + src/man/de/sss_seed.8.xml | 169 + src/man/de/sss_ssh_knownhostsproxy.1.xml | 107 + src/man/de/sssd-krb5.5.xml | 461 + src/man/de/sssd-simple.5.xml | 155 + src/man/de/sssd-sudo.5.xml | 229 + src/man/es/include/ad_modified_defaults.xml | 104 + src/man/es/include/autofs_attributes.xml | 69 + src/man/es/include/autofs_restart.xml | 6 + src/man/es/include/debug_levels.xml | 98 + src/man/es/include/debug_levels_tools.xml | 78 + src/man/es/include/failover.xml | 131 + src/man/es/include/homedir_substring.xml | 17 + src/man/es/include/ipa_modified_defaults.xml | 123 + src/man/es/include/krb5_options.xml | 154 + src/man/es/include/ldap_id_mapping.xml | 289 + src/man/es/include/ldap_search_bases.xml | 33 + src/man/es/include/local.xml | 17 + src/man/es/include/override_homedir.xml | 78 + src/man/es/include/param_help.xml | 10 + src/man/es/include/param_help_py.xml | 10 + src/man/es/include/seealso.xml | 49 + src/man/es/include/service_discovery.xml | 44 + src/man/es/include/upstream.xml | 3 + src/man/es/sss-certmap.5.xml | 756 + src/man/es/sss_obfuscate.8.xml | 97 + src/man/es/sss_seed.8.xml | 165 + src/man/es/sssd-ipa.5.xml | 878 + src/man/es/sssd-ldap-attributes.5.xml | 1197 ++ src/man/es/sssd-ldap.5.xml | 1780 ++ src/man/es/sssd-simple.5.xml | 153 + src/man/es/sssd_krb5_locator_plugin.8.xml | 108 + src/man/eu/include/ad_modified_defaults.xml | 104 + src/man/eu/include/autofs_attributes.xml | 66 + src/man/eu/include/autofs_restart.xml | 5 + src/man/eu/include/debug_levels.xml | 97 + src/man/eu/include/debug_levels_tools.xml | 77 + src/man/eu/include/failover.xml | 120 + src/man/eu/include/homedir_substring.xml | 17 + src/man/eu/include/ipa_modified_defaults.xml | 123 + src/man/eu/include/krb5_options.xml | 153 + src/man/eu/include/ldap_id_mapping.xml | 284 + src/man/eu/include/ldap_search_bases.xml | 31 + src/man/eu/include/local.xml | 17 + src/man/eu/include/override_homedir.xml | 78 + src/man/eu/include/param_help.xml | 10 + src/man/eu/include/param_help_py.xml | 10 + src/man/eu/include/seealso.xml | 49 + src/man/eu/include/service_discovery.xml | 41 + src/man/eu/include/upstream.xml | 3 + src/man/fi/include/ad_modified_defaults.xml | 104 + src/man/fi/include/autofs_attributes.xml | 66 + src/man/fi/include/autofs_restart.xml | 5 + src/man/fi/include/debug_levels.xml | 97 + src/man/fi/include/debug_levels_tools.xml | 77 + src/man/fi/include/failover.xml | 120 + src/man/fi/include/homedir_substring.xml | 17 + src/man/fi/include/ipa_modified_defaults.xml | 123 + src/man/fi/include/krb5_options.xml | 153 + src/man/fi/include/ldap_id_mapping.xml | 284 + src/man/fi/include/ldap_search_bases.xml | 31 + src/man/fi/include/local.xml | 17 + src/man/fi/include/override_homedir.xml | 78 + src/man/fi/include/param_help.xml | 10 + src/man/fi/include/param_help_py.xml | 10 + src/man/fi/include/seealso.xml | 49 + src/man/fi/include/service_discovery.xml | 41 + src/man/fi/include/upstream.xml | 3 + src/man/fr/include/ad_modified_defaults.xml | 104 + src/man/fr/include/autofs_attributes.xml | 66 + src/man/fr/include/autofs_restart.xml | 6 + src/man/fr/include/debug_levels.xml | 100 + src/man/fr/include/debug_levels_tools.xml | 80 + src/man/fr/include/failover.xml | 126 + src/man/fr/include/homedir_substring.xml | 17 + src/man/fr/include/ipa_modified_defaults.xml | 123 + src/man/fr/include/krb5_options.xml | 162 + src/man/fr/include/ldap_id_mapping.xml | 293 + src/man/fr/include/ldap_search_bases.xml | 33 + src/man/fr/include/local.xml | 17 + src/man/fr/include/override_homedir.xml | 79 + src/man/fr/include/param_help.xml | 10 + src/man/fr/include/param_help_py.xml | 10 + src/man/fr/include/seealso.xml | 49 + src/man/fr/include/service_discovery.xml | 44 + src/man/fr/include/upstream.xml | 3 + src/man/fr/sss_obfuscate.8.xml | 97 + src/man/fr/sss_seed.8.xml | 169 + src/man/fr/sss_ssh_knownhostsproxy.1.xml | 107 + src/man/fr/sssd-simple.5.xml | 151 + src/man/idmap_sss.8.xml | 78 + src/man/include/ad_modified_defaults.xml | 110 + src/man/include/autofs_attributes.xml | 70 + src/man/include/autofs_restart.xml | 6 + src/man/include/debug_levels.xml | 113 + src/man/include/debug_levels_tools.xml | 87 + src/man/include/failover.xml | 132 + src/man/include/homedir_substring.xml | 18 + src/man/include/ipa_modified_defaults.xml | 123 + src/man/include/krb5_options.xml | 167 + src/man/include/ldap_id_mapping.xml | 317 + src/man/include/ldap_search_bases.xml | 36 + src/man/include/local.xml | 20 + src/man/include/override_homedir.xml | 84 + src/man/include/param_help.xml | 10 + src/man/include/param_help_py.xml | 10 + src/man/include/seealso.xml | 88 + src/man/include/service_discovery.xml | 48 + src/man/include/upstream.xml | 4 + src/man/ja/include/ad_modified_defaults.xml | 104 + src/man/ja/include/autofs_attributes.xml | 64 + src/man/ja/include/autofs_restart.xml | 5 + src/man/ja/include/debug_levels.xml | 97 + src/man/ja/include/debug_levels_tools.xml | 77 + src/man/ja/include/failover.xml | 118 + src/man/ja/include/homedir_substring.xml | 17 + src/man/ja/include/ipa_modified_defaults.xml | 123 + src/man/ja/include/krb5_options.xml | 148 + src/man/ja/include/ldap_id_mapping.xml | 282 + src/man/ja/include/ldap_search_bases.xml | 30 + src/man/ja/include/local.xml | 17 + src/man/ja/include/override_homedir.xml | 77 + src/man/ja/include/param_help.xml | 10 + src/man/ja/include/param_help_py.xml | 10 + src/man/ja/include/seealso.xml | 49 + src/man/ja/include/service_discovery.xml | 37 + src/man/ja/include/upstream.xml | 3 + src/man/ja/sss_obfuscate.8.xml | 91 + src/man/ja/sss_ssh_knownhostsproxy.1.xml | 103 + src/man/ja/sssd-simple.5.xml | 135 + src/man/lv/include/ad_modified_defaults.xml | 104 + src/man/lv/include/autofs_attributes.xml | 66 + src/man/lv/include/autofs_restart.xml | 5 + src/man/lv/include/debug_levels.xml | 97 + src/man/lv/include/debug_levels_tools.xml | 77 + src/man/lv/include/failover.xml | 120 + src/man/lv/include/homedir_substring.xml | 17 + src/man/lv/include/ipa_modified_defaults.xml | 123 + src/man/lv/include/krb5_options.xml | 153 + src/man/lv/include/ldap_id_mapping.xml | 284 + src/man/lv/include/ldap_search_bases.xml | 31 + src/man/lv/include/local.xml | 17 + src/man/lv/include/override_homedir.xml | 78 + src/man/lv/include/param_help.xml | 10 + src/man/lv/include/param_help_py.xml | 10 + src/man/lv/include/seealso.xml | 49 + src/man/lv/include/service_discovery.xml | 41 + src/man/lv/include/upstream.xml | 3 + src/man/man.stamp | 0 src/man/nl/include/ad_modified_defaults.xml | 104 + src/man/nl/include/autofs_attributes.xml | 66 + src/man/nl/include/autofs_restart.xml | 5 + src/man/nl/include/debug_levels.xml | 97 + src/man/nl/include/debug_levels_tools.xml | 77 + src/man/nl/include/failover.xml | 120 + src/man/nl/include/homedir_substring.xml | 17 + src/man/nl/include/ipa_modified_defaults.xml | 123 + src/man/nl/include/krb5_options.xml | 153 + src/man/nl/include/ldap_id_mapping.xml | 284 + src/man/nl/include/ldap_search_bases.xml | 31 + src/man/nl/include/local.xml | 17 + src/man/nl/include/override_homedir.xml | 78 + src/man/nl/include/param_help.xml | 10 + src/man/nl/include/param_help_py.xml | 10 + src/man/nl/include/seealso.xml | 49 + src/man/nl/include/service_discovery.xml | 41 + src/man/nl/include/upstream.xml | 3 + src/man/pam_sss.8.xml | 489 + src/man/pam_sss_gss.8.xml | 222 + src/man/po/br.po | 18292 ++++++++++++++++ src/man/po/ca.po | 19887 +++++++++++++++++ src/man/po/cs.po | 18399 ++++++++++++++++ src/man/po/de.po | 20981 ++++++++++++++++++ src/man/po/es.po | 22292 +++++++++++++++++++ src/man/po/eu.po | 18225 ++++++++++++++++ src/man/po/fi.po | 18285 ++++++++++++++++ src/man/po/fr.po | 20859 ++++++++++++++++++ src/man/po/ja.po | 19900 +++++++++++++++++ src/man/po/lv.po | 18318 ++++++++++++++++ src/man/po/nl.po | 18394 ++++++++++++++++ src/man/po/po4a.cfg | 49 + src/man/po/pt.po | 18561 ++++++++++++++++ src/man/po/pt_BR.po | 18228 ++++++++++++++++ src/man/po/ru.po | 24069 +++++++++++++++++++++ src/man/po/sssd-docs.pot | 18285 ++++++++++++++++ src/man/po/sv.po | 24344 +++++++++++++++++++++ src/man/po/tg.po | 18237 ++++++++++++++++ src/man/po/uk.po | 24824 ++++++++++++++++++++++ src/man/po/zh_CN.po | 18266 ++++++++++++++++ src/man/pt/include/ad_modified_defaults.xml | 104 + src/man/pt/include/autofs_attributes.xml | 66 + src/man/pt/include/autofs_restart.xml | 5 + src/man/pt/include/debug_levels.xml | 97 + src/man/pt/include/debug_levels_tools.xml | 77 + src/man/pt/include/failover.xml | 120 + src/man/pt/include/homedir_substring.xml | 17 + src/man/pt/include/ipa_modified_defaults.xml | 123 + src/man/pt/include/krb5_options.xml | 153 + src/man/pt/include/ldap_id_mapping.xml | 284 + src/man/pt/include/ldap_search_bases.xml | 31 + src/man/pt/include/local.xml | 17 + src/man/pt/include/override_homedir.xml | 78 + src/man/pt/include/param_help.xml | 10 + src/man/pt/include/param_help_py.xml | 10 + src/man/pt/include/seealso.xml | 49 + src/man/pt/include/service_discovery.xml | 41 + src/man/pt/include/upstream.xml | 3 + src/man/pt_BR/include/ad_modified_defaults.xml | 104 + src/man/pt_BR/include/autofs_attributes.xml | 66 + src/man/pt_BR/include/autofs_restart.xml | 5 + src/man/pt_BR/include/debug_levels.xml | 97 + src/man/pt_BR/include/debug_levels_tools.xml | 77 + src/man/pt_BR/include/failover.xml | 120 + src/man/pt_BR/include/homedir_substring.xml | 17 + src/man/pt_BR/include/ipa_modified_defaults.xml | 123 + src/man/pt_BR/include/krb5_options.xml | 153 + src/man/pt_BR/include/ldap_id_mapping.xml | 284 + src/man/pt_BR/include/ldap_search_bases.xml | 31 + src/man/pt_BR/include/local.xml | 17 + src/man/pt_BR/include/override_homedir.xml | 78 + src/man/pt_BR/include/param_help.xml | 10 + src/man/pt_BR/include/param_help_py.xml | 10 + src/man/pt_BR/include/seealso.xml | 49 + src/man/pt_BR/include/service_discovery.xml | 41 + src/man/pt_BR/include/upstream.xml | 3 + src/man/ru/idmap_sss.8.xml | 77 + src/man/ru/include/ad_modified_defaults.xml | 106 + src/man/ru/include/autofs_attributes.xml | 68 + src/man/ru/include/autofs_restart.xml | 7 + src/man/ru/include/debug_levels.xml | 104 + src/man/ru/include/debug_levels_tools.xml | 83 + src/man/ru/include/failover.xml | 124 + src/man/ru/include/homedir_substring.xml | 18 + src/man/ru/include/ipa_modified_defaults.xml | 124 + src/man/ru/include/krb5_options.xml | 162 + src/man/ru/include/ldap_id_mapping.xml | 298 + src/man/ru/include/ldap_search_bases.xml | 33 + src/man/ru/include/local.xml | 18 + src/man/ru/include/override_homedir.xml | 79 + src/man/ru/include/param_help.xml | 10 + src/man/ru/include/param_help_py.xml | 10 + src/man/ru/include/seealso.xml | 49 + src/man/ru/include/service_discovery.xml | 44 + src/man/ru/include/upstream.xml | 3 + src/man/ru/pam_sss.8.xml | 456 + src/man/ru/pam_sss_gss.8.xml | 218 + src/man/ru/sss-certmap.5.xml | 771 + src/man/ru/sss_cache.8.xml | 268 + src/man/ru/sss_debuglevel.8.xml | 38 + src/man/ru/sss_obfuscate.8.xml | 97 + src/man/ru/sss_override.8.xml | 266 + src/man/ru/sss_rpcidmapd.5.xml | 112 + src/man/ru/sss_seed.8.xml | 167 + src/man/ru/sss_ssh_authorizedkeys.1.xml | 145 + src/man/ru/sss_ssh_knownhostsproxy.1.xml | 106 + src/man/ru/sssctl.8.xml | 65 + src/man/ru/sssd-ad.5.xml | 1331 ++ src/man/ru/sssd-files.5.xml | 160 + src/man/ru/sssd-ifp.5.xml | 154 + src/man/ru/sssd-ipa.5.xml | 882 + src/man/ru/sssd-kcm.8.xml | 305 + src/man/ru/sssd-krb5.5.xml | 455 + src/man/ru/sssd-ldap-attributes.5.xml | 1187 ++ src/man/ru/sssd-ldap.5.xml | 1805 ++ src/man/ru/sssd-session-recording.5.xml | 179 + src/man/ru/sssd-simple.5.xml | 153 + src/man/ru/sssd-sudo.5.xml | 229 + src/man/ru/sssd-systemtap.5.xml | 434 + src/man/ru/sssd.8.xml | 246 + src/man/ru/sssd.conf.5.xml | 4160 ++++ src/man/ru/sssd_krb5_localauth_plugin.8.xml | 68 + src/man/ru/sssd_krb5_locator_plugin.8.xml | 106 + src/man/sss-certmap.5.xml | 789 + src/man/sss_cache.8.xml | 265 + src/man/sss_debuglevel.8.xml | 41 + src/man/sss_obfuscate.8.xml | 105 + src/man/sss_override.8.xml | 285 + src/man/sss_rpcidmapd.5.xml | 132 + src/man/sss_seed.8.xml | 177 + src/man/sss_ssh_authorizedkeys.1.xml | 151 + src/man/sss_ssh_knownhostsproxy.1.xml | 112 + src/man/sssctl.8.xml | 68 + src/man/sssd-ad.5.xml | 1446 ++ src/man/sssd-files.5.xml | 183 + src/man/sssd-ifp.5.xml | 171 + src/man/sssd-ipa.5.xml | 950 + src/man/sssd-kcm.8.xml | 327 + src/man/sssd-krb5.5.xml | 504 + src/man/sssd-ldap-attributes.5.xml | 1293 ++ src/man/sssd-ldap.5.xml | 1990 ++ src/man/sssd-session-recording.5.xml | 194 + src/man/sssd-simple.5.xml | 164 + src/man/sssd-sudo.5.xml | 250 + src/man/sssd-systemtap.5.xml | 460 + src/man/sssd.8.xml | 252 + src/man/sssd.conf.5.xml | 4627 ++++ src/man/sssd_krb5_localauth_plugin.8.xml | 70 + src/man/sssd_krb5_locator_plugin.8.xml | 110 + src/man/sv/idmap_sss.8.xml | 76 + src/man/sv/include/ad_modified_defaults.xml | 104 + src/man/sv/include/autofs_attributes.xml | 65 + src/man/sv/include/autofs_restart.xml | 5 + src/man/sv/include/debug_levels.xml | 99 + src/man/sv/include/debug_levels_tools.xml | 78 + src/man/sv/include/failover.xml | 120 + src/man/sv/include/homedir_substring.xml | 17 + src/man/sv/include/ipa_modified_defaults.xml | 123 + src/man/sv/include/krb5_options.xml | 158 + src/man/sv/include/ldap_id_mapping.xml | 292 + src/man/sv/include/ldap_search_bases.xml | 32 + src/man/sv/include/local.xml | 17 + src/man/sv/include/override_homedir.xml | 77 + src/man/sv/include/param_help.xml | 10 + src/man/sv/include/param_help_py.xml | 10 + src/man/sv/include/seealso.xml | 49 + src/man/sv/include/service_discovery.xml | 41 + src/man/sv/include/upstream.xml | 3 + src/man/sv/pam_sss.8.xml | 444 + src/man/sv/pam_sss_gss.8.xml | 212 + src/man/sv/sss-certmap.5.xml | 753 + src/man/sv/sss_cache.8.xml | 259 + src/man/sv/sss_debuglevel.8.xml | 38 + src/man/sv/sss_obfuscate.8.xml | 96 + src/man/sv/sss_override.8.xml | 260 + src/man/sv/sss_rpcidmapd.5.xml | 112 + src/man/sv/sss_seed.8.xml | 163 + src/man/sv/sss_ssh_authorizedkeys.1.xml | 142 + src/man/sv/sss_ssh_knownhostsproxy.1.xml | 107 + src/man/sv/sssctl.8.xml | 64 + src/man/sv/sssd-ad.5.xml | 1287 ++ src/man/sv/sssd-files.5.xml | 156 + src/man/sv/sssd-ifp.5.xml | 151 + src/man/sv/sssd-ipa.5.xml | 860 + src/man/sv/sssd-kcm.8.xml | 290 + src/man/sv/sssd-krb5.5.xml | 446 + src/man/sv/sssd-ldap-attributes.5.xml | 1179 + src/man/sv/sssd-ldap.5.xml | 1748 ++ src/man/sv/sssd-session-recording.5.xml | 178 + src/man/sv/sssd-simple.5.xml | 148 + src/man/sv/sssd-sudo.5.xml | 225 + src/man/sv/sssd-systemtap.5.xml | 435 + src/man/sv/sssd.8.xml | 245 + src/man/sv/sssd.conf.5.xml | 4039 ++++ src/man/sv/sssd_krb5_localauth_plugin.8.xml | 66 + src/man/sv/sssd_krb5_locator_plugin.8.xml | 109 + src/man/tg/include/ad_modified_defaults.xml | 104 + src/man/tg/include/autofs_attributes.xml | 66 + src/man/tg/include/autofs_restart.xml | 5 + src/man/tg/include/debug_levels.xml | 97 + src/man/tg/include/debug_levels_tools.xml | 77 + src/man/tg/include/failover.xml | 120 + src/man/tg/include/homedir_substring.xml | 17 + src/man/tg/include/ipa_modified_defaults.xml | 123 + src/man/tg/include/krb5_options.xml | 153 + src/man/tg/include/ldap_id_mapping.xml | 284 + src/man/tg/include/ldap_search_bases.xml | 31 + src/man/tg/include/local.xml | 17 + src/man/tg/include/override_homedir.xml | 78 + src/man/tg/include/param_help.xml | 10 + src/man/tg/include/param_help_py.xml | 10 + src/man/tg/include/seealso.xml | 49 + src/man/tg/include/service_discovery.xml | 41 + src/man/tg/include/upstream.xml | 3 + src/man/uk/idmap_sss.8.xml | 76 + src/man/uk/include/ad_modified_defaults.xml | 106 + src/man/uk/include/autofs_attributes.xml | 69 + src/man/uk/include/autofs_restart.xml | 6 + src/man/uk/include/debug_levels.xml | 104 + src/man/uk/include/debug_levels_tools.xml | 82 + src/man/uk/include/failover.xml | 129 + src/man/uk/include/homedir_substring.xml | 18 + src/man/uk/include/ipa_modified_defaults.xml | 124 + src/man/uk/include/krb5_options.xml | 164 + src/man/uk/include/ldap_id_mapping.xml | 297 + src/man/uk/include/ldap_search_bases.xml | 33 + src/man/uk/include/local.xml | 19 + src/man/uk/include/override_homedir.xml | 79 + src/man/uk/include/param_help.xml | 10 + src/man/uk/include/param_help_py.xml | 10 + src/man/uk/include/seealso.xml | 49 + src/man/uk/include/service_discovery.xml | 45 + src/man/uk/include/upstream.xml | 3 + src/man/uk/pam_sss.8.xml | 453 + src/man/uk/pam_sss_gss.8.xml | 217 + src/man/uk/sss-certmap.5.xml | 767 + src/man/uk/sss_cache.8.xml | 269 + src/man/uk/sss_debuglevel.8.xml | 39 + src/man/uk/sss_obfuscate.8.xml | 98 + src/man/uk/sss_override.8.xml | 266 + src/man/uk/sss_rpcidmapd.5.xml | 110 + src/man/uk/sss_seed.8.xml | 168 + src/man/uk/sss_ssh_authorizedkeys.1.xml | 145 + src/man/uk/sss_ssh_knownhostsproxy.1.xml | 107 + src/man/uk/sssctl.8.xml | 65 + src/man/uk/sssd-ad.5.xml | 1320 ++ src/man/uk/sssd-files.5.xml | 162 + src/man/uk/sssd-ifp.5.xml | 158 + src/man/uk/sssd-ipa.5.xml | 880 + src/man/uk/sssd-kcm.8.xml | 304 + src/man/uk/sssd-krb5.5.xml | 458 + src/man/uk/sssd-ldap-attributes.5.xml | 1187 ++ src/man/uk/sssd-ldap.5.xml | 1805 ++ src/man/uk/sssd-session-recording.5.xml | 181 + src/man/uk/sssd-simple.5.xml | 152 + src/man/uk/sssd-sudo.5.xml | 233 + src/man/uk/sssd-systemtap.5.xml | 433 + src/man/uk/sssd.8.xml | 249 + src/man/uk/sssd.conf.5.xml | 4157 ++++ src/man/uk/sssd_krb5_localauth_plugin.8.xml | 68 + src/man/uk/sssd_krb5_locator_plugin.8.xml | 108 + src/man/zh_CN/include/ad_modified_defaults.xml | 104 + src/man/zh_CN/include/autofs_attributes.xml | 66 + src/man/zh_CN/include/autofs_restart.xml | 5 + src/man/zh_CN/include/debug_levels.xml | 97 + src/man/zh_CN/include/debug_levels_tools.xml | 77 + src/man/zh_CN/include/failover.xml | 120 + src/man/zh_CN/include/homedir_substring.xml | 17 + src/man/zh_CN/include/ipa_modified_defaults.xml | 123 + src/man/zh_CN/include/krb5_options.xml | 153 + src/man/zh_CN/include/ldap_id_mapping.xml | 284 + src/man/zh_CN/include/ldap_search_bases.xml | 31 + src/man/zh_CN/include/local.xml | 17 + src/man/zh_CN/include/override_homedir.xml | 78 + src/man/zh_CN/include/param_help.xml | 10 + src/man/zh_CN/include/param_help_py.xml | 10 + src/man/zh_CN/include/seealso.xml | 49 + src/man/zh_CN/include/service_discovery.xml | 41 + src/man/zh_CN/include/upstream.xml | 3 + 506 files changed, 472048 insertions(+) create mode 100644 src/man/Makefile.am create mode 100644 src/man/Makefile.in create mode 100644 src/man/br/include/ad_modified_defaults.xml create mode 100644 src/man/br/include/autofs_attributes.xml create mode 100644 src/man/br/include/autofs_restart.xml create mode 100644 src/man/br/include/debug_levels.xml create mode 100644 src/man/br/include/debug_levels_tools.xml create mode 100644 src/man/br/include/failover.xml create mode 100644 src/man/br/include/homedir_substring.xml create mode 100644 src/man/br/include/ipa_modified_defaults.xml create mode 100644 src/man/br/include/krb5_options.xml create mode 100644 src/man/br/include/ldap_id_mapping.xml create mode 100644 src/man/br/include/ldap_search_bases.xml create mode 100644 src/man/br/include/local.xml create mode 100644 src/man/br/include/override_homedir.xml create mode 100644 src/man/br/include/param_help.xml create mode 100644 src/man/br/include/param_help_py.xml create mode 100644 src/man/br/include/seealso.xml create mode 100644 src/man/br/include/service_discovery.xml create mode 100644 src/man/br/include/upstream.xml create mode 100644 src/man/ca/include/ad_modified_defaults.xml create mode 100644 src/man/ca/include/autofs_attributes.xml create mode 100644 src/man/ca/include/autofs_restart.xml create mode 100644 src/man/ca/include/debug_levels.xml create mode 100644 src/man/ca/include/debug_levels_tools.xml create mode 100644 src/man/ca/include/failover.xml create mode 100644 src/man/ca/include/homedir_substring.xml create mode 100644 src/man/ca/include/ipa_modified_defaults.xml create mode 100644 src/man/ca/include/krb5_options.xml create mode 100644 src/man/ca/include/ldap_id_mapping.xml create mode 100644 src/man/ca/include/ldap_search_bases.xml create mode 100644 src/man/ca/include/local.xml create mode 100644 src/man/ca/include/override_homedir.xml create mode 100644 src/man/ca/include/param_help.xml create mode 100644 src/man/ca/include/param_help_py.xml create mode 100644 src/man/ca/include/seealso.xml create mode 100644 src/man/ca/include/service_discovery.xml create mode 100644 src/man/ca/include/upstream.xml create mode 100644 src/man/ca/sss_obfuscate.8.xml create mode 100644 src/man/ca/sss_rpcidmapd.5.xml create mode 100644 src/man/ca/sss_seed.8.xml create mode 100644 src/man/ca/sssd-simple.5.xml create mode 100644 src/man/cs/include/ad_modified_defaults.xml create mode 100644 src/man/cs/include/autofs_attributes.xml create mode 100644 src/man/cs/include/autofs_restart.xml create mode 100644 src/man/cs/include/debug_levels.xml create mode 100644 src/man/cs/include/debug_levels_tools.xml create mode 100644 src/man/cs/include/failover.xml create mode 100644 src/man/cs/include/homedir_substring.xml create mode 100644 src/man/cs/include/ipa_modified_defaults.xml create mode 100644 src/man/cs/include/krb5_options.xml create mode 100644 src/man/cs/include/ldap_id_mapping.xml create mode 100644 src/man/cs/include/ldap_search_bases.xml create mode 100644 src/man/cs/include/local.xml create mode 100644 src/man/cs/include/override_homedir.xml create mode 100644 src/man/cs/include/param_help.xml create mode 100644 src/man/cs/include/param_help_py.xml create mode 100644 src/man/cs/include/seealso.xml create mode 100644 src/man/cs/include/service_discovery.xml create mode 100644 src/man/cs/include/upstream.xml create mode 100644 src/man/de/include/ad_modified_defaults.xml create mode 100644 src/man/de/include/autofs_attributes.xml create mode 100644 src/man/de/include/autofs_restart.xml create mode 100644 src/man/de/include/debug_levels.xml create mode 100644 src/man/de/include/debug_levels_tools.xml create mode 100644 src/man/de/include/failover.xml create mode 100644 src/man/de/include/homedir_substring.xml create mode 100644 src/man/de/include/ipa_modified_defaults.xml create mode 100644 src/man/de/include/krb5_options.xml create mode 100644 src/man/de/include/ldap_id_mapping.xml create mode 100644 src/man/de/include/ldap_search_bases.xml create mode 100644 src/man/de/include/local.xml create mode 100644 src/man/de/include/override_homedir.xml create mode 100644 src/man/de/include/param_help.xml create mode 100644 src/man/de/include/param_help_py.xml create mode 100644 src/man/de/include/seealso.xml create mode 100644 src/man/de/include/service_discovery.xml create mode 100644 src/man/de/include/upstream.xml create mode 100644 src/man/de/sss_obfuscate.8.xml create mode 100644 src/man/de/sss_seed.8.xml create mode 100644 src/man/de/sss_ssh_knownhostsproxy.1.xml create mode 100644 src/man/de/sssd-krb5.5.xml create mode 100644 src/man/de/sssd-simple.5.xml create mode 100644 src/man/de/sssd-sudo.5.xml create mode 100644 src/man/es/include/ad_modified_defaults.xml create mode 100644 src/man/es/include/autofs_attributes.xml create mode 100644 src/man/es/include/autofs_restart.xml create mode 100644 src/man/es/include/debug_levels.xml create mode 100644 src/man/es/include/debug_levels_tools.xml create mode 100644 src/man/es/include/failover.xml create mode 100644 src/man/es/include/homedir_substring.xml create mode 100644 src/man/es/include/ipa_modified_defaults.xml create mode 100644 src/man/es/include/krb5_options.xml create mode 100644 src/man/es/include/ldap_id_mapping.xml create mode 100644 src/man/es/include/ldap_search_bases.xml create mode 100644 src/man/es/include/local.xml create mode 100644 src/man/es/include/override_homedir.xml create mode 100644 src/man/es/include/param_help.xml create mode 100644 src/man/es/include/param_help_py.xml create mode 100644 src/man/es/include/seealso.xml create mode 100644 src/man/es/include/service_discovery.xml create mode 100644 src/man/es/include/upstream.xml create mode 100644 src/man/es/sss-certmap.5.xml create mode 100644 src/man/es/sss_obfuscate.8.xml create mode 100644 src/man/es/sss_seed.8.xml create mode 100644 src/man/es/sssd-ipa.5.xml create mode 100644 src/man/es/sssd-ldap-attributes.5.xml create mode 100644 src/man/es/sssd-ldap.5.xml create mode 100644 src/man/es/sssd-simple.5.xml create mode 100644 src/man/es/sssd_krb5_locator_plugin.8.xml create mode 100644 src/man/eu/include/ad_modified_defaults.xml create mode 100644 src/man/eu/include/autofs_attributes.xml create mode 100644 src/man/eu/include/autofs_restart.xml create mode 100644 src/man/eu/include/debug_levels.xml create mode 100644 src/man/eu/include/debug_levels_tools.xml create mode 100644 src/man/eu/include/failover.xml create mode 100644 src/man/eu/include/homedir_substring.xml create mode 100644 src/man/eu/include/ipa_modified_defaults.xml create mode 100644 src/man/eu/include/krb5_options.xml create mode 100644 src/man/eu/include/ldap_id_mapping.xml create mode 100644 src/man/eu/include/ldap_search_bases.xml create mode 100644 src/man/eu/include/local.xml create mode 100644 src/man/eu/include/override_homedir.xml create mode 100644 src/man/eu/include/param_help.xml create mode 100644 src/man/eu/include/param_help_py.xml create mode 100644 src/man/eu/include/seealso.xml create mode 100644 src/man/eu/include/service_discovery.xml create mode 100644 src/man/eu/include/upstream.xml create mode 100644 src/man/fi/include/ad_modified_defaults.xml create mode 100644 src/man/fi/include/autofs_attributes.xml create mode 100644 src/man/fi/include/autofs_restart.xml create mode 100644 src/man/fi/include/debug_levels.xml create mode 100644 src/man/fi/include/debug_levels_tools.xml create mode 100644 src/man/fi/include/failover.xml create mode 100644 src/man/fi/include/homedir_substring.xml create mode 100644 src/man/fi/include/ipa_modified_defaults.xml create mode 100644 src/man/fi/include/krb5_options.xml create mode 100644 src/man/fi/include/ldap_id_mapping.xml create mode 100644 src/man/fi/include/ldap_search_bases.xml create mode 100644 src/man/fi/include/local.xml create mode 100644 src/man/fi/include/override_homedir.xml create mode 100644 src/man/fi/include/param_help.xml create mode 100644 src/man/fi/include/param_help_py.xml create mode 100644 src/man/fi/include/seealso.xml create mode 100644 src/man/fi/include/service_discovery.xml create mode 100644 src/man/fi/include/upstream.xml create mode 100644 src/man/fr/include/ad_modified_defaults.xml create mode 100644 src/man/fr/include/autofs_attributes.xml create mode 100644 src/man/fr/include/autofs_restart.xml create mode 100644 src/man/fr/include/debug_levels.xml create mode 100644 src/man/fr/include/debug_levels_tools.xml create mode 100644 src/man/fr/include/failover.xml create mode 100644 src/man/fr/include/homedir_substring.xml create mode 100644 src/man/fr/include/ipa_modified_defaults.xml create mode 100644 src/man/fr/include/krb5_options.xml create mode 100644 src/man/fr/include/ldap_id_mapping.xml create mode 100644 src/man/fr/include/ldap_search_bases.xml create mode 100644 src/man/fr/include/local.xml create mode 100644 src/man/fr/include/override_homedir.xml create mode 100644 src/man/fr/include/param_help.xml create mode 100644 src/man/fr/include/param_help_py.xml create mode 100644 src/man/fr/include/seealso.xml create mode 100644 src/man/fr/include/service_discovery.xml create mode 100644 src/man/fr/include/upstream.xml create mode 100644 src/man/fr/sss_obfuscate.8.xml create mode 100644 src/man/fr/sss_seed.8.xml create mode 100644 src/man/fr/sss_ssh_knownhostsproxy.1.xml create mode 100644 src/man/fr/sssd-simple.5.xml create mode 100644 src/man/idmap_sss.8.xml create mode 100644 src/man/include/ad_modified_defaults.xml create mode 100644 src/man/include/autofs_attributes.xml create mode 100644 src/man/include/autofs_restart.xml create mode 100644 src/man/include/debug_levels.xml create mode 100644 src/man/include/debug_levels_tools.xml create mode 100644 src/man/include/failover.xml create mode 100644 src/man/include/homedir_substring.xml create mode 100644 src/man/include/ipa_modified_defaults.xml create mode 100644 src/man/include/krb5_options.xml create mode 100644 src/man/include/ldap_id_mapping.xml create mode 100644 src/man/include/ldap_search_bases.xml create mode 100644 src/man/include/local.xml create mode 100644 src/man/include/override_homedir.xml create mode 100644 src/man/include/param_help.xml create mode 100644 src/man/include/param_help_py.xml create mode 100644 src/man/include/seealso.xml create mode 100644 src/man/include/service_discovery.xml create mode 100644 src/man/include/upstream.xml create mode 100644 src/man/ja/include/ad_modified_defaults.xml create mode 100644 src/man/ja/include/autofs_attributes.xml create mode 100644 src/man/ja/include/autofs_restart.xml create mode 100644 src/man/ja/include/debug_levels.xml create mode 100644 src/man/ja/include/debug_levels_tools.xml create mode 100644 src/man/ja/include/failover.xml create mode 100644 src/man/ja/include/homedir_substring.xml create mode 100644 src/man/ja/include/ipa_modified_defaults.xml create mode 100644 src/man/ja/include/krb5_options.xml create mode 100644 src/man/ja/include/ldap_id_mapping.xml create mode 100644 src/man/ja/include/ldap_search_bases.xml create mode 100644 src/man/ja/include/local.xml create mode 100644 src/man/ja/include/override_homedir.xml create mode 100644 src/man/ja/include/param_help.xml create mode 100644 src/man/ja/include/param_help_py.xml create mode 100644 src/man/ja/include/seealso.xml create mode 100644 src/man/ja/include/service_discovery.xml create mode 100644 src/man/ja/include/upstream.xml create mode 100644 src/man/ja/sss_obfuscate.8.xml create mode 100644 src/man/ja/sss_ssh_knownhostsproxy.1.xml create mode 100644 src/man/ja/sssd-simple.5.xml create mode 100644 src/man/lv/include/ad_modified_defaults.xml create mode 100644 src/man/lv/include/autofs_attributes.xml create mode 100644 src/man/lv/include/autofs_restart.xml create mode 100644 src/man/lv/include/debug_levels.xml create mode 100644 src/man/lv/include/debug_levels_tools.xml create mode 100644 src/man/lv/include/failover.xml create mode 100644 src/man/lv/include/homedir_substring.xml create mode 100644 src/man/lv/include/ipa_modified_defaults.xml create mode 100644 src/man/lv/include/krb5_options.xml create mode 100644 src/man/lv/include/ldap_id_mapping.xml create mode 100644 src/man/lv/include/ldap_search_bases.xml create mode 100644 src/man/lv/include/local.xml create mode 100644 src/man/lv/include/override_homedir.xml create mode 100644 src/man/lv/include/param_help.xml create mode 100644 src/man/lv/include/param_help_py.xml create mode 100644 src/man/lv/include/seealso.xml create mode 100644 src/man/lv/include/service_discovery.xml create mode 100644 src/man/lv/include/upstream.xml create mode 100644 src/man/man.stamp create mode 100644 src/man/nl/include/ad_modified_defaults.xml create mode 100644 src/man/nl/include/autofs_attributes.xml create mode 100644 src/man/nl/include/autofs_restart.xml create mode 100644 src/man/nl/include/debug_levels.xml create mode 100644 src/man/nl/include/debug_levels_tools.xml create mode 100644 src/man/nl/include/failover.xml create mode 100644 src/man/nl/include/homedir_substring.xml create mode 100644 src/man/nl/include/ipa_modified_defaults.xml create mode 100644 src/man/nl/include/krb5_options.xml create mode 100644 src/man/nl/include/ldap_id_mapping.xml create mode 100644 src/man/nl/include/ldap_search_bases.xml create mode 100644 src/man/nl/include/local.xml create mode 100644 src/man/nl/include/override_homedir.xml create mode 100644 src/man/nl/include/param_help.xml create mode 100644 src/man/nl/include/param_help_py.xml create mode 100644 src/man/nl/include/seealso.xml create mode 100644 src/man/nl/include/service_discovery.xml create mode 100644 src/man/nl/include/upstream.xml create mode 100644 src/man/pam_sss.8.xml create mode 100644 src/man/pam_sss_gss.8.xml create mode 100644 src/man/po/br.po create mode 100644 src/man/po/ca.po create mode 100644 src/man/po/cs.po create mode 100644 src/man/po/de.po create mode 100644 src/man/po/es.po create mode 100644 src/man/po/eu.po create mode 100644 src/man/po/fi.po create mode 100644 src/man/po/fr.po create mode 100644 src/man/po/ja.po create mode 100644 src/man/po/lv.po create mode 100644 src/man/po/nl.po create mode 100644 src/man/po/po4a.cfg create mode 100644 src/man/po/pt.po create mode 100644 src/man/po/pt_BR.po create mode 100644 src/man/po/ru.po create mode 100644 src/man/po/sssd-docs.pot create mode 100644 src/man/po/sv.po create mode 100644 src/man/po/tg.po create mode 100644 src/man/po/uk.po create mode 100644 src/man/po/zh_CN.po create mode 100644 src/man/pt/include/ad_modified_defaults.xml create mode 100644 src/man/pt/include/autofs_attributes.xml create mode 100644 src/man/pt/include/autofs_restart.xml create mode 100644 src/man/pt/include/debug_levels.xml create mode 100644 src/man/pt/include/debug_levels_tools.xml create mode 100644 src/man/pt/include/failover.xml create mode 100644 src/man/pt/include/homedir_substring.xml create mode 100644 src/man/pt/include/ipa_modified_defaults.xml create mode 100644 src/man/pt/include/krb5_options.xml create mode 100644 src/man/pt/include/ldap_id_mapping.xml create mode 100644 src/man/pt/include/ldap_search_bases.xml create mode 100644 src/man/pt/include/local.xml create mode 100644 src/man/pt/include/override_homedir.xml create mode 100644 src/man/pt/include/param_help.xml create mode 100644 src/man/pt/include/param_help_py.xml create mode 100644 src/man/pt/include/seealso.xml create mode 100644 src/man/pt/include/service_discovery.xml create mode 100644 src/man/pt/include/upstream.xml create mode 100644 src/man/pt_BR/include/ad_modified_defaults.xml create mode 100644 src/man/pt_BR/include/autofs_attributes.xml create mode 100644 src/man/pt_BR/include/autofs_restart.xml create mode 100644 src/man/pt_BR/include/debug_levels.xml create mode 100644 src/man/pt_BR/include/debug_levels_tools.xml create mode 100644 src/man/pt_BR/include/failover.xml create mode 100644 src/man/pt_BR/include/homedir_substring.xml create mode 100644 src/man/pt_BR/include/ipa_modified_defaults.xml create mode 100644 src/man/pt_BR/include/krb5_options.xml create mode 100644 src/man/pt_BR/include/ldap_id_mapping.xml create mode 100644 src/man/pt_BR/include/ldap_search_bases.xml create mode 100644 src/man/pt_BR/include/local.xml create mode 100644 src/man/pt_BR/include/override_homedir.xml create mode 100644 src/man/pt_BR/include/param_help.xml create mode 100644 src/man/pt_BR/include/param_help_py.xml create mode 100644 src/man/pt_BR/include/seealso.xml create mode 100644 src/man/pt_BR/include/service_discovery.xml create mode 100644 src/man/pt_BR/include/upstream.xml create mode 100644 src/man/ru/idmap_sss.8.xml create mode 100644 src/man/ru/include/ad_modified_defaults.xml create mode 100644 src/man/ru/include/autofs_attributes.xml create mode 100644 src/man/ru/include/autofs_restart.xml create mode 100644 src/man/ru/include/debug_levels.xml create mode 100644 src/man/ru/include/debug_levels_tools.xml create mode 100644 src/man/ru/include/failover.xml create mode 100644 src/man/ru/include/homedir_substring.xml create mode 100644 src/man/ru/include/ipa_modified_defaults.xml create mode 100644 src/man/ru/include/krb5_options.xml create mode 100644 src/man/ru/include/ldap_id_mapping.xml create mode 100644 src/man/ru/include/ldap_search_bases.xml create mode 100644 src/man/ru/include/local.xml create mode 100644 src/man/ru/include/override_homedir.xml create mode 100644 src/man/ru/include/param_help.xml create mode 100644 src/man/ru/include/param_help_py.xml create mode 100644 src/man/ru/include/seealso.xml create mode 100644 src/man/ru/include/service_discovery.xml create mode 100644 src/man/ru/include/upstream.xml create mode 100644 src/man/ru/pam_sss.8.xml create mode 100644 src/man/ru/pam_sss_gss.8.xml create mode 100644 src/man/ru/sss-certmap.5.xml create mode 100644 src/man/ru/sss_cache.8.xml create mode 100644 src/man/ru/sss_debuglevel.8.xml create mode 100644 src/man/ru/sss_obfuscate.8.xml create mode 100644 src/man/ru/sss_override.8.xml create mode 100644 src/man/ru/sss_rpcidmapd.5.xml create mode 100644 src/man/ru/sss_seed.8.xml create mode 100644 src/man/ru/sss_ssh_authorizedkeys.1.xml create mode 100644 src/man/ru/sss_ssh_knownhostsproxy.1.xml create mode 100644 src/man/ru/sssctl.8.xml create mode 100644 src/man/ru/sssd-ad.5.xml create mode 100644 src/man/ru/sssd-files.5.xml create mode 100644 src/man/ru/sssd-ifp.5.xml create mode 100644 src/man/ru/sssd-ipa.5.xml create mode 100644 src/man/ru/sssd-kcm.8.xml create mode 100644 src/man/ru/sssd-krb5.5.xml create mode 100644 src/man/ru/sssd-ldap-attributes.5.xml create mode 100644 src/man/ru/sssd-ldap.5.xml create mode 100644 src/man/ru/sssd-session-recording.5.xml create mode 100644 src/man/ru/sssd-simple.5.xml create mode 100644 src/man/ru/sssd-sudo.5.xml create mode 100644 src/man/ru/sssd-systemtap.5.xml create mode 100644 src/man/ru/sssd.8.xml create mode 100644 src/man/ru/sssd.conf.5.xml create mode 100644 src/man/ru/sssd_krb5_localauth_plugin.8.xml create mode 100644 src/man/ru/sssd_krb5_locator_plugin.8.xml create mode 100644 src/man/sss-certmap.5.xml create mode 100644 src/man/sss_cache.8.xml create mode 100644 src/man/sss_debuglevel.8.xml create mode 100644 src/man/sss_obfuscate.8.xml create mode 100644 src/man/sss_override.8.xml create mode 100644 src/man/sss_rpcidmapd.5.xml create mode 100644 src/man/sss_seed.8.xml create mode 100644 src/man/sss_ssh_authorizedkeys.1.xml create mode 100644 src/man/sss_ssh_knownhostsproxy.1.xml create mode 100644 src/man/sssctl.8.xml create mode 100644 src/man/sssd-ad.5.xml create mode 100644 src/man/sssd-files.5.xml create mode 100644 src/man/sssd-ifp.5.xml create mode 100644 src/man/sssd-ipa.5.xml create mode 100644 src/man/sssd-kcm.8.xml create mode 100644 src/man/sssd-krb5.5.xml create mode 100644 src/man/sssd-ldap-attributes.5.xml create mode 100644 src/man/sssd-ldap.5.xml create mode 100644 src/man/sssd-session-recording.5.xml create mode 100644 src/man/sssd-simple.5.xml create mode 100644 src/man/sssd-sudo.5.xml create mode 100644 src/man/sssd-systemtap.5.xml create mode 100644 src/man/sssd.8.xml create mode 100644 src/man/sssd.conf.5.xml create mode 100644 src/man/sssd_krb5_localauth_plugin.8.xml create mode 100644 src/man/sssd_krb5_locator_plugin.8.xml create mode 100644 src/man/sv/idmap_sss.8.xml create mode 100644 src/man/sv/include/ad_modified_defaults.xml create mode 100644 src/man/sv/include/autofs_attributes.xml create mode 100644 src/man/sv/include/autofs_restart.xml create mode 100644 src/man/sv/include/debug_levels.xml create mode 100644 src/man/sv/include/debug_levels_tools.xml create mode 100644 src/man/sv/include/failover.xml create mode 100644 src/man/sv/include/homedir_substring.xml create mode 100644 src/man/sv/include/ipa_modified_defaults.xml create mode 100644 src/man/sv/include/krb5_options.xml create mode 100644 src/man/sv/include/ldap_id_mapping.xml create mode 100644 src/man/sv/include/ldap_search_bases.xml create mode 100644 src/man/sv/include/local.xml create mode 100644 src/man/sv/include/override_homedir.xml create mode 100644 src/man/sv/include/param_help.xml create mode 100644 src/man/sv/include/param_help_py.xml create mode 100644 src/man/sv/include/seealso.xml create mode 100644 src/man/sv/include/service_discovery.xml create mode 100644 src/man/sv/include/upstream.xml create mode 100644 src/man/sv/pam_sss.8.xml create mode 100644 src/man/sv/pam_sss_gss.8.xml create mode 100644 src/man/sv/sss-certmap.5.xml create mode 100644 src/man/sv/sss_cache.8.xml create mode 100644 src/man/sv/sss_debuglevel.8.xml create mode 100644 src/man/sv/sss_obfuscate.8.xml create mode 100644 src/man/sv/sss_override.8.xml create mode 100644 src/man/sv/sss_rpcidmapd.5.xml create mode 100644 src/man/sv/sss_seed.8.xml create mode 100644 src/man/sv/sss_ssh_authorizedkeys.1.xml create mode 100644 src/man/sv/sss_ssh_knownhostsproxy.1.xml create mode 100644 src/man/sv/sssctl.8.xml create mode 100644 src/man/sv/sssd-ad.5.xml create mode 100644 src/man/sv/sssd-files.5.xml create mode 100644 src/man/sv/sssd-ifp.5.xml create mode 100644 src/man/sv/sssd-ipa.5.xml create mode 100644 src/man/sv/sssd-kcm.8.xml create mode 100644 src/man/sv/sssd-krb5.5.xml create mode 100644 src/man/sv/sssd-ldap-attributes.5.xml create mode 100644 src/man/sv/sssd-ldap.5.xml create mode 100644 src/man/sv/sssd-session-recording.5.xml create mode 100644 src/man/sv/sssd-simple.5.xml create mode 100644 src/man/sv/sssd-sudo.5.xml create mode 100644 src/man/sv/sssd-systemtap.5.xml create mode 100644 src/man/sv/sssd.8.xml create mode 100644 src/man/sv/sssd.conf.5.xml create mode 100644 src/man/sv/sssd_krb5_localauth_plugin.8.xml create mode 100644 src/man/sv/sssd_krb5_locator_plugin.8.xml create mode 100644 src/man/tg/include/ad_modified_defaults.xml create mode 100644 src/man/tg/include/autofs_attributes.xml create mode 100644 src/man/tg/include/autofs_restart.xml create mode 100644 src/man/tg/include/debug_levels.xml create mode 100644 src/man/tg/include/debug_levels_tools.xml create mode 100644 src/man/tg/include/failover.xml create mode 100644 src/man/tg/include/homedir_substring.xml create mode 100644 src/man/tg/include/ipa_modified_defaults.xml create mode 100644 src/man/tg/include/krb5_options.xml create mode 100644 src/man/tg/include/ldap_id_mapping.xml create mode 100644 src/man/tg/include/ldap_search_bases.xml create mode 100644 src/man/tg/include/local.xml create mode 100644 src/man/tg/include/override_homedir.xml create mode 100644 src/man/tg/include/param_help.xml create mode 100644 src/man/tg/include/param_help_py.xml create mode 100644 src/man/tg/include/seealso.xml create mode 100644 src/man/tg/include/service_discovery.xml create mode 100644 src/man/tg/include/upstream.xml create mode 100644 src/man/uk/idmap_sss.8.xml create mode 100644 src/man/uk/include/ad_modified_defaults.xml create mode 100644 src/man/uk/include/autofs_attributes.xml create mode 100644 src/man/uk/include/autofs_restart.xml create mode 100644 src/man/uk/include/debug_levels.xml create mode 100644 src/man/uk/include/debug_levels_tools.xml create mode 100644 src/man/uk/include/failover.xml create mode 100644 src/man/uk/include/homedir_substring.xml create mode 100644 src/man/uk/include/ipa_modified_defaults.xml create mode 100644 src/man/uk/include/krb5_options.xml create mode 100644 src/man/uk/include/ldap_id_mapping.xml create mode 100644 src/man/uk/include/ldap_search_bases.xml create mode 100644 src/man/uk/include/local.xml create mode 100644 src/man/uk/include/override_homedir.xml create mode 100644 src/man/uk/include/param_help.xml create mode 100644 src/man/uk/include/param_help_py.xml create mode 100644 src/man/uk/include/seealso.xml create mode 100644 src/man/uk/include/service_discovery.xml create mode 100644 src/man/uk/include/upstream.xml create mode 100644 src/man/uk/pam_sss.8.xml create mode 100644 src/man/uk/pam_sss_gss.8.xml create mode 100644 src/man/uk/sss-certmap.5.xml create mode 100644 src/man/uk/sss_cache.8.xml create mode 100644 src/man/uk/sss_debuglevel.8.xml create mode 100644 src/man/uk/sss_obfuscate.8.xml create mode 100644 src/man/uk/sss_override.8.xml create mode 100644 src/man/uk/sss_rpcidmapd.5.xml create mode 100644 src/man/uk/sss_seed.8.xml create mode 100644 src/man/uk/sss_ssh_authorizedkeys.1.xml create mode 100644 src/man/uk/sss_ssh_knownhostsproxy.1.xml create mode 100644 src/man/uk/sssctl.8.xml create mode 100644 src/man/uk/sssd-ad.5.xml create mode 100644 src/man/uk/sssd-files.5.xml create mode 100644 src/man/uk/sssd-ifp.5.xml create mode 100644 src/man/uk/sssd-ipa.5.xml create mode 100644 src/man/uk/sssd-kcm.8.xml create mode 100644 src/man/uk/sssd-krb5.5.xml create mode 100644 src/man/uk/sssd-ldap-attributes.5.xml create mode 100644 src/man/uk/sssd-ldap.5.xml create mode 100644 src/man/uk/sssd-session-recording.5.xml create mode 100644 src/man/uk/sssd-simple.5.xml create mode 100644 src/man/uk/sssd-sudo.5.xml create mode 100644 src/man/uk/sssd-systemtap.5.xml create mode 100644 src/man/uk/sssd.8.xml create mode 100644 src/man/uk/sssd.conf.5.xml create mode 100644 src/man/uk/sssd_krb5_localauth_plugin.8.xml create mode 100644 src/man/uk/sssd_krb5_locator_plugin.8.xml create mode 100644 src/man/zh_CN/include/ad_modified_defaults.xml create mode 100644 src/man/zh_CN/include/autofs_attributes.xml create mode 100644 src/man/zh_CN/include/autofs_restart.xml create mode 100644 src/man/zh_CN/include/debug_levels.xml create mode 100644 src/man/zh_CN/include/debug_levels_tools.xml create mode 100644 src/man/zh_CN/include/failover.xml create mode 100644 src/man/zh_CN/include/homedir_substring.xml create mode 100644 src/man/zh_CN/include/ipa_modified_defaults.xml create mode 100644 src/man/zh_CN/include/krb5_options.xml create mode 100644 src/man/zh_CN/include/ldap_id_mapping.xml create mode 100644 src/man/zh_CN/include/ldap_search_bases.xml create mode 100644 src/man/zh_CN/include/local.xml create mode 100644 src/man/zh_CN/include/override_homedir.xml create mode 100644 src/man/zh_CN/include/param_help.xml create mode 100644 src/man/zh_CN/include/param_help_py.xml create mode 100644 src/man/zh_CN/include/seealso.xml create mode 100644 src/man/zh_CN/include/service_discovery.xml create mode 100644 src/man/zh_CN/include/upstream.xml (limited to 'src/man') diff --git a/src/man/Makefile.am b/src/man/Makefile.am new file mode 100644 index 0000000..1e51aeb --- /dev/null +++ b/src/man/Makefile.am @@ -0,0 +1,270 @@ +# The following variable is dependent on placement of this file +top_builddir = ../.. + +############ +# MANPAGES # +############ + + +# If no conditions are given, *all* conditionals are expanded. We don't want +# to include any conditions by default, so we need to pass a phony conditional +if BUILD_SUDO +# conditionals are delimeted with a semicolon +SUDO_CONDS = ;with_sudo +endif +if BUILD_AUTOFS +AUTOFS_CONDS = ;with_autofs +endif +if BUILD_SSH +SSH_CONDS = ;with_ssh +endif +if BUILD_PAC_RESPONDER +PAC_RESPONDER_CONDS = ;with_pac_responder +endif +if BUILD_IFP +IFP_CONDS = ;with_ifp +endif +if BUILD_KCM +KCM_CONDS = ;with_kcm +endif +if BUILD_SYSTEMTAP +STAP_CONDS = ;with_stap +endif +if GPO_DEFAULT_ENFORCING +GPO_CONDS = ;gpo_default_enforcing +else +GPO_CONDS = ;gpo_default_permissive +endif +if HAVE_SYSTEMD_UNIT +SYSTEMD_CONDS = ;have_systemd +endif +if BUILD_KCM_RENEWAL +KCM_RENEWAL_CONDS = ;enable_kcm_renewal +endif +if BUILD_LOCKFREE_CLIENT +LOCKFREE_CLIENT_CONDS = ;enable_lockfree_support +endif +if HAVE_INOTIFY +HAVE_INOTIFY_CONDS = ;have_inotify +endif +if BUILD_PASSKEY +PASSKEY_CONDS = ;build_passkey +endif +if BUILD_FILES_PROVIDER +FILES_PROVIDER_CONDS = ;with_files_provider +else +FILES_PROVIDER_CONDS = ;without_files_provider +endif +if SSSD_NON_ROOT_USER +SSSD_NON_ROOT_USER_CONDS = ;with_non_root_user_support +endif + + +CONDS = with_false$(SUDO_CONDS)$(AUTOFS_CONDS)$(SSH_CONDS)$(PAC_RESPONDER_CONDS)$(IFP_CONDS)$(GPO_CONDS)$(SYSTEMD_CONDS)$(KCM_CONDS)$(STAP_CONDS)$(KCM_RENEWAL_CONDS)$(LOCKFREE_CLIENT_CONDS)$(HAVE_INOTIFY_CONDS)$(PASSKEY_CONDS)$(FILES_PROVIDER_CONDS)$(SSSD_NON_ROOT_USER_CONDS) + + +#Special Rules: +export SGML_CATALOG_FILES +DOCBOOK_XSLT = @DOCBOOK_XSLT@ +DOCBOOK_XSLT ?= http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl +XMLLINT_FLAGS = --catalogs --postvalid --nonet --noent --xinclude --noout +XSLTPROC_FLAGS = --catalogs --xinclude --nonet + +if HAVE_PROFILE_CATALOGS +XSLTPROC_FLAGS += --stringparam profile.condition "$(CONDS)" +endif + +EXTRA_DIST = $(wildcard $(srcdir)/*.xml) $(wildcard $(srcdir)/include/*.xml) +man_MANS = \ + sssd.8 sssd.conf.5 sssd-ldap.5 sssd-ldap-attributes.5 \ + sssd-krb5.5 sssd-simple.5 sss-certmap.5 \ + sssd_krb5_locator_plugin.8 sssd_krb5_localauth_plugin.8 \ + pam_sss.8 pam_sss_gss.8 sss_obfuscate.8 sss_cache.8 sss_debuglevel.8 \ + sss_seed.8 sss_override.8 idmap_sss.8 sssctl.8 sssd-session-recording.5 \ + $(NULL) + +if BUILD_SAMBA +man_MANS += sssd-ipa.5 sssd-ad.5 +endif + +if BUILD_SSH +man_MANS += sss_ssh_authorizedkeys.1 sss_ssh_knownhostsproxy.1 +endif + +if BUILD_SUDO +man_MANS += sssd-sudo.5 +endif + +if BUILD_IFP +man_MANS += sssd-ifp.5 +endif + +if BUILD_KCM +man_MANS += sssd-kcm.8 +endif + +if BUILD_SYSTEMTAP +man_MANS += sssd-systemtap.5 +endif + +if BUILD_NFS_IDMAP +man_MANS += sss_rpcidmapd.5 +endif + +if HAVE_INOTIFY +if BUILD_FILES_PROVIDER +man_MANS += sssd-files.5 +endif # BUILD_FILES_PROVIDER +endif + +$(builddir)/src/man/sssd_user_name.include: + @mkdir -p $(builddir)/src/man + @echo -n $(SSSD_USER) > $(builddir)/src/man/sssd_user_name.include + +%.1: %.1.xml + $(XMLLINT) $(XMLLINT_FLAGS) $< + $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< + +%.3: %.3.xml + $(XMLLINT) $(XMLLINT_FLAGS) $< + $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< + +%.5: %.5.xml $(builddir)/src/man/sssd_user_name.include + $(XMLLINT) --path "$(srcdir)/src/man:$(builddir)/src/man" $(XMLLINT_FLAGS) $< + $(XSLTPROC) --path "$(srcdir)/src/man:$(builddir)/src/man" -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< + +%.8: %.8.xml + $(XMLLINT) $(XMLLINT_FLAGS) $< + $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< + +######################## +# MANPAGE TRANSLATIONS # +######################## + +PO4A=@PO4A@ +SED=@SED@ + +PACKAGE_DOC=sssd-docs + +POTFILE = po/$(PACKAGE_DOC).pot +PO4A_CONFIG = po/po4a.cfg + +# Extract the list of languages from the po4a config file. +LINGUAS_DIST = `$(SED) -ne 's/^.*\[po4a_langs\] \(.*\)$$/\1/p' $(srcdir)/$(PO4A_CONFIG)` + +# If the user has not defined it let's use the default. +LINGUAS ?= $(LINGUAS_DIST) + +PO4A_COMMON_OPTS = --option doctype=docbook \ + --package-name $(PACKAGE_DOC) \ + --variable builddir=$(CURDIR) \ + --package-version $(PACKAGE_VERSION) \ + --msgid-bugs-address sssd-devel@redhat.com \ + --copyright-holder "Red Hat" + +PO4A_BUILD_OPTS = $(PO4A_COMMON_OPTS) --no-backups + +EXTRA_DIST += \ + $(POTFILE)\ + $(PO4A_CONFIG) + +XML_DOC = $(wildcard $(srcdir)/*.xml) $(wildcard $(srcdir)/include/*.xml) + +if HAVE_PO4A +CFG_PAGES = $(addprefix $(srcdir)/, $(shell grep '\[type:docbook\]' $(PO4A_CONFIG) | awk '{print $$2}' | tr '\n' ' ')) +NONTRANSLATED_PAGES = $(filter-out $(CFG_PAGES), $(XML_DOC)) + + +# FIXME: Use a stamp file until po4a supports them internally. +man.stamp: $(XML_DOC) $(POTFILE) $(PO4A_CONFIG) + cd $(srcdir) && \ + $(PO4A) $(PO4A_BUILD_OPTS) $(PO4A_CONFIG) + touch $@ + +update-po: + @if test x"$(NONTRANSLATED_PAGES)" != "x"; then \ + echo "The following pages are not translated" $(NONTRANSLATED_PAGES); \ + exit 1; \ + fi + cd $(srcdir) && \ + $(PO4A) $(PO4A_BUILD_OPTS) --force $(PO4A_CONFIG) + +dist-hook: man.stamp + if [ -f man.stamp ]; then \ + cp man.stamp $(distdir); \ + for lang in $(LINGUAS_DIST); do \ + cp $(srcdir)/po/$$lang.po $(distdir)/po; \ + $(mkdir_p) $(distdir)/$$lang; \ + cp -r $(builddir)/$$lang $(distdir)/; \ + done; \ + else \ + cp $(srcdir)/man.stamp $(distdir); \ + for lang in $(LINGUAS_DIST); do \ + cp $(srcdir)/po/$$lang.po $(distdir)/po; \ + $(mkdir_p) $(distdir)/$$lang; \ + cp -r $(srcdir)/$$lang $(distdir)/; \ + done; \ + fi + + +clean-local: + for lang in $(LINGUAS); do \ + if [ -d $$lang ]; then \ + rm -rf $$lang; \ + fi \ + done + rm -f $(man_MANS) + rm -f man.stamp + rm -f $(builddir)/src/man/sssd_user_name.include + +else + +man.stamp: $(XML_DOC) + touch $@ + +clean-local: + rm -f $(man_MANS) + rm -f man.stamp + rm -f $(builddir)/src/man/sssd_user_name.include + +endif + +# Generate translated manual pages +all-local: all-local-@USE_NLS@ +all-local-no: +all-local-yes: man.stamp + if [ -z $$recursion ]; then \ + for lang in $(LINGUAS); do \ + if [ -d $$lang ]; then \ + sources=$$(ls -1 $$lang/*.xml); \ + manpages=$$(echo $$sources | $(SED) 's/\.xml//g'); \ + $(MAKE) recursion=1 man_MANS="$$manpages"; \ + fi \ + done \ + fi + +install-data-local: install-data-local-@USE_NLS@ +install-data-local-no: +install-data-local-yes: + for lang in $(LINGUAS); do \ + if [ -d $$lang ]; then \ + sources=$$(ls -1 $$lang/*.xml); \ + manpages=$$(echo $$sources | $(SED) 's/\.xml//g'); \ + $(MAKE) install-man \ + mandir="$(mandir)/$$lang" \ + man_MANS="$$manpages"; \ + fi \ + done + +uninstall-local: uninstall-local-@USE_NLS@ +uninstall-local-no: +uninstall-local-yes: + for lang in $(LINGUAS); do \ + if [ -d $$lang ]; then \ + sources=$$(ls -1 $$lang/*.xml); \ + manpages=$$(echo $$sources | $(SED) 's/\.xml//g'); \ + $(MAKE) uninstall-man \ + mandir="$(mandir)/$$lang" \ + man_MANS="$$manpages"; \ + fi \ + done diff --git a/src/man/Makefile.in b/src/man/Makefile.in new file mode 100644 index 0000000..fcc4bb6 --- /dev/null +++ b/src/man/Makefile.in @@ -0,0 +1,1075 @@ +# Makefile.in generated by automake 1.16.5 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2021 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +@HAVE_PROFILE_CATALOGS_TRUE@am__append_1 = --stringparam profile.condition "$(CONDS)" +@BUILD_SAMBA_TRUE@am__append_2 = sssd-ipa.5 sssd-ad.5 +@BUILD_SSH_TRUE@am__append_3 = sss_ssh_authorizedkeys.1 sss_ssh_knownhostsproxy.1 +@BUILD_SUDO_TRUE@am__append_4 = sssd-sudo.5 +@BUILD_IFP_TRUE@am__append_5 = sssd-ifp.5 +@BUILD_KCM_TRUE@am__append_6 = sssd-kcm.8 +@BUILD_SYSTEMTAP_TRUE@am__append_7 = sssd-systemtap.5 +@BUILD_NFS_IDMAP_TRUE@am__append_8 = sss_rpcidmapd.5 +@BUILD_FILES_PROVIDER_TRUE@@HAVE_INOTIFY_TRUE@am__append_9 = sssd-files.5 +subdir = src/man +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ + $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ + $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/version.m4 $(top_srcdir)/src/build_macros.m4 \ + $(top_srcdir)/src/external/platform.m4 \ + $(top_srcdir)/src/conf_macros.m4 \ + $(top_srcdir)/src/external/pkg.m4 \ + $(top_srcdir)/src/external/libpopt.m4 \ + $(top_srcdir)/src/external/libtalloc.m4 \ + $(top_srcdir)/src/external/libtdb.m4 \ + $(top_srcdir)/src/external/libtevent.m4 \ + $(top_srcdir)/src/external/libldb.m4 \ + $(top_srcdir)/src/external/libdhash.m4 \ + $(top_srcdir)/src/external/libini_config.m4 \ + $(top_srcdir)/src/external/libgssapi_krb5.m4 \ + $(top_srcdir)/src/external/pam.m4 \ + $(top_srcdir)/src/external/ldap.m4 \ + $(top_srcdir)/src/external/libpcre.m4 \ + $(top_srcdir)/src/external/krb5.m4 \ + $(top_srcdir)/src/external/libcares.m4 \ + $(top_srcdir)/src/external/libcmocka.m4 \ + $(top_srcdir)/src/external/docbook.m4 \ + $(top_srcdir)/src/external/sizes.m4 \ + $(top_srcdir)/src/external/python.m4 \ + $(top_srcdir)/src/external/selinux.m4 \ + $(top_srcdir)/src/external/crypto.m4 \ + $(top_srcdir)/src/external/nsupdate.m4 \ + $(top_srcdir)/src/external/libkeyutils.m4 \ + $(top_srcdir)/src/external/libkrad.m4 \ + $(top_srcdir)/src/external/libnl.m4 \ + $(top_srcdir)/src/external/systemd.m4 \ + $(top_srcdir)/src/external/pac_responder.m4 \ + $(top_srcdir)/src/external/cifsidmap.m4 \ + $(top_srcdir)/src/external/signal.m4 \ + $(top_srcdir)/src/external/inotify.m4 \ + $(top_srcdir)/src/external/samba.m4 \ + $(top_srcdir)/src/external/sasl.m4 \ + $(top_srcdir)/src/external/libnfsidmap.m4 \ + $(top_srcdir)/src/external/cwrap.m4 \ + $(top_srcdir)/src/external/libresolv.m4 \ + $(top_srcdir)/src/external/intgcheck.m4 \ + $(top_srcdir)/src/external/systemtap.m4 \ + $(top_srcdir)/src/external/service.m4 \ + $(top_srcdir)/src/external/test_ca.m4 \ + $(top_srcdir)/src/external/ax_valgrind_check.m4 \ + $(top_srcdir)/src/external/libjansson.m4 \ + $(top_srcdir)/src/external/libcurl.m4 \ + $(top_srcdir)/src/external/libjose.m4 \ + $(top_srcdir)/src/external/libuuid.m4 \ + $(top_srcdir)/src/external/libunistring.m4 \ + $(top_srcdir)/src/external/libpasskey.m4 \ + $(top_srcdir)/src/external/p11-kit.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(SHELL) $(top_srcdir)/build/mkinstalldirs +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +man1dir = $(mandir)/man1 +am__installdirs = "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)" \ + "$(DESTDIR)$(man8dir)" +man5dir = $(mandir)/man5 +man8dir = $(mandir)/man8 +NROFF = nroff +MANS = $(man_MANS) +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in \ + $(top_srcdir)/build/mkinstalldirs +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CARES_CFLAGS = @CARES_CFLAGS@ +CARES_LIBS = @CARES_LIBS@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ +CMOCKA_CFLAGS = @CMOCKA_CFLAGS@ +CMOCKA_LIBS = @CMOCKA_LIBS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ +CRYPTO_LIBS = @CRYPTO_LIBS@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ +CURL_CFLAGS = @CURL_CFLAGS@ +CURL_LIBS = @CURL_LIBS@ +CYGPATH_W = @CYGPATH_W@ +DBUS_CFLAGS = @DBUS_CFLAGS@ +DBUS_LIBS = @DBUS_LIBS@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DHASH_CFLAGS = @DHASH_CFLAGS@ +DHASH_LIBS = @DHASH_LIBS@ +DLLTOOL = @DLLTOOL@ +DOCBOOK_XSLT = @DOCBOOK_XSLT@ +DOXYGEN = @DOXYGEN@ +DSYMUTIL = @DSYMUTIL@ +DTRACE = @DTRACE@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +ENABLE_VALGRIND_drd = @ENABLE_VALGRIND_drd@ +ENABLE_VALGRIND_helgrind = @ENABLE_VALGRIND_helgrind@ +ENABLE_VALGRIND_memcheck = @ENABLE_VALGRIND_memcheck@ +ENABLE_VALGRIND_sgcheck = @ENABLE_VALGRIND_sgcheck@ +ETAGS = @ETAGS@ +EXEEXT = @EXEEXT@ +FAKETIME = @FAKETIME@ +FGREP = @FGREP@ +FIDO2_CFLAGS = @FIDO2_CFLAGS@ +FIDO2_LIBS = @FIDO2_LIBS@ +FILECMD = @FILECMD@ +GDM_PAM_EXTENSIONS_CFLAGS = @GDM_PAM_EXTENSIONS_CFLAGS@ +GDM_PAM_EXTENSIONS_LIBS = @GDM_PAM_EXTENSIONS_LIBS@ +GMSGFMT = @GMSGFMT@ +GPO_DEFAULT = @GPO_DEFAULT@ +GREP = @GREP@ +GSSAPI_KRB5_CFLAGS = @GSSAPI_KRB5_CFLAGS@ +GSSAPI_KRB5_LIBS = @GSSAPI_KRB5_LIBS@ +HAVE_FAKEROOT = @HAVE_FAKEROOT@ +HAVE_LDAPMODIFY = @HAVE_LDAPMODIFY@ +HAVE_MANPAGES = @HAVE_MANPAGES@ +HAVE_NSS_WRAPPER = @HAVE_NSS_WRAPPER@ +HAVE_PAM_WRAPPER = @HAVE_PAM_WRAPPER@ +HAVE_PYTHON2 = @HAVE_PYTHON2@ +HAVE_PYTHON2_BINDINGS = @HAVE_PYTHON2_BINDINGS@ +HAVE_PYTHON3 = @HAVE_PYTHON3@ +HAVE_PYTHON3_BINDINGS = @HAVE_PYTHON3_BINDINGS@ +HAVE_SELINUX = @HAVE_SELINUX@ +HAVE_SEMANAGE = @HAVE_SEMANAGE@ +HAVE_UID_WRAPPER = @HAVE_UID_WRAPPER@ +INI_CONFIG_CFLAGS = @INI_CONFIG_CFLAGS@ +INI_CONFIG_LIBS = @INI_CONFIG_LIBS@ +INI_CONFIG_V0_CFLAGS = @INI_CONFIG_V0_CFLAGS@ +INI_CONFIG_V0_LIBS = @INI_CONFIG_V0_LIBS@ +INI_CONFIG_V1_1_CFLAGS = @INI_CONFIG_V1_1_CFLAGS@ +INI_CONFIG_V1_1_LIBS = @INI_CONFIG_V1_1_LIBS@ +INI_CONFIG_V1_3_CFLAGS = @INI_CONFIG_V1_3_CFLAGS@ +INI_CONFIG_V1_3_LIBS = @INI_CONFIG_V1_3_LIBS@ +INI_CONFIG_V1_CFLAGS = @INI_CONFIG_V1_CFLAGS@ +INI_CONFIG_V1_LIBS = @INI_CONFIG_V1_LIBS@ +INOTIFY_LIBS = @INOTIFY_LIBS@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INTLLIBS = @INTLLIBS@ +INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +JANSSON_CFLAGS = @JANSSON_CFLAGS@ +JANSSON_LIBS = @JANSSON_LIBS@ +JOSE_CFLAGS = @JOSE_CFLAGS@ +JOSE_LIBS = @JOSE_LIBS@ +JOURNALD_CFLAGS = @JOURNALD_CFLAGS@ +JOURNALD_LIBS = @JOURNALD_LIBS@ +KEYUTILS_LIBS = @KEYUTILS_LIBS@ +KRAD_LIBS = @KRAD_LIBS@ +KRB5_CFLAGS = @KRB5_CFLAGS@ +KRB5_CONFIG = @KRB5_CONFIG@ +KRB5_LIBS = @KRB5_LIBS@ +LD = @LD@ +LDB_CFLAGS = @LDB_CFLAGS@ +LDB_LIBS = @LDB_LIBS@ +LDFLAGS = @LDFLAGS@ +LIBADD_DL = @LIBADD_DL@ +LIBADD_DLD_LINK = @LIBADD_DLD_LINK@ +LIBADD_DLOPEN = @LIBADD_DLOPEN@ +LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@ +LIBADD_TIMER = @LIBADD_TIMER@ +LIBCLOCK_GETTIME = @LIBCLOCK_GETTIME@ +LIBICONV = @LIBICONV@ +LIBINTL = @LIBINTL@ +LIBNL1_CFLAGS = @LIBNL1_CFLAGS@ +LIBNL1_LIBS = @LIBNL1_LIBS@ +LIBNL3_CFLAGS = @LIBNL3_CFLAGS@ +LIBNL3_LIBS = @LIBNL3_LIBS@ +LIBNL_CFLAGS = @LIBNL_CFLAGS@ +LIBNL_LIBS = @LIBNL_LIBS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBICONV = @LTLIBICONV@ +LTLIBINTL = @LTLIBINTL@ +LTLIBOBJS = @LTLIBOBJS@ +LT_DLLOADERS = @LT_DLLOADERS@ +LT_DLPREOPEN = @LT_DLPREOPEN@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MKINSTALLDIRS = @MKINSTALLDIRS@ +MSGFMT = @MSGFMT@ +MSGMERGE = @MSGMERGE@ +NDR_KRB5PAC_CFLAGS = @NDR_KRB5PAC_CFLAGS@ +NDR_KRB5PAC_LIBS = @NDR_KRB5PAC_LIBS@ +NDR_NBT_CFLAGS = @NDR_NBT_CFLAGS@ +NDR_NBT_LIBS = @NDR_NBT_LIBS@ +NFSIDMAP_CFLAGS = @NFSIDMAP_CFLAGS@ +NFSIDMAP_LIBS = @NFSIDMAP_LIBS@ +NFSIDMAP_OBJ = @NFSIDMAP_OBJ@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NSUPDATE = @NSUPDATE@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENLDAP_CFLAGS = @OPENLDAP_CFLAGS@ +OPENLDAP_LIBS = @OPENLDAP_LIBS@ +OPENSSL = @OPENSSL@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +P11TOOL = @P11TOOL@ +P11_KIT_CFLAGS = @P11_KIT_CFLAGS@ +P11_KIT_LIBS = @P11_KIT_LIBS@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PAM_LIBS = @PAM_LIBS@ +PAM_MISC_LIBS = @PAM_MISC_LIBS@ +PASSKEY_CFLAGS = @PASSKEY_CFLAGS@ +PASSKEY_LIBS = @PASSKEY_LIBS@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PCRE_CFLAGS = @PCRE_CFLAGS@ +PCRE_LIBS = @PCRE_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ + +######################## +# MANPAGE TRANSLATIONS # +######################## +PO4A = @PO4A@ +POPT_CFLAGS = @POPT_CFLAGS@ +POPT_LIBS = @POPT_LIBS@ +POSUB = @POSUB@ +PRERELEASE_VERSION = @PRERELEASE_VERSION@ +PYTHON = @PYTHON@ +PYTHON2 = @PYTHON2@ +PYTHON2_CFLAGS = @PYTHON2_CFLAGS@ +PYTHON2_EXEC_PREFIX = @PYTHON2_EXEC_PREFIX@ +PYTHON2_INCLUDES = @PYTHON2_INCLUDES@ +PYTHON2_LIBS = @PYTHON2_LIBS@ +PYTHON2_PREFIX = @PYTHON2_PREFIX@ +PYTHON2_VERSION = @PYTHON2_VERSION@ +PYTHON3 = @PYTHON3@ +PYTHON3_CFLAGS = @PYTHON3_CFLAGS@ +PYTHON3_EXEC_PREFIX = @PYTHON3_EXEC_PREFIX@ +PYTHON3_INCLUDES = @PYTHON3_INCLUDES@ +PYTHON3_LIBS = @PYTHON3_LIBS@ +PYTHON3_PREFIX = @PYTHON3_PREFIX@ +PYTHON3_VERSION = @PYTHON3_VERSION@ +PYTHON_CONFIG = @PYTHON_CONFIG@ +PYTHON_EXEC = @PYTHON_EXEC@ +PYTHON_EXEC_INTG = @PYTHON_EXEC_INTG@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RANLIB = @RANLIB@ +RESOLV_CFLAGS = @RESOLV_CFLAGS@ +RESOLV_LIBS = @RESOLV_LIBS@ +SAMBA_UTIL_CFLAGS = @SAMBA_UTIL_CFLAGS@ +SAMBA_UTIL_LIBS = @SAMBA_UTIL_LIBS@ +SASL_CFLAGS = @SASL_CFLAGS@ +SASL_LIBS = @SASL_LIBS@ +SED = @SED@ +SELINUX_LIBS = @SELINUX_LIBS@ +SEMANAGE_LIBS = @SEMANAGE_LIBS@ +SERVICE = @SERVICE@ +SET_MAKE = @SET_MAKE@ +SGML_CATALOG_FILES = @SGML_CATALOG_FILES@ +SHELL = @SHELL@ +SLAPD = @SLAPD@ +SMBCLIENT_CFLAGS = @SMBCLIENT_CFLAGS@ +SMBCLIENT_LIBS = @SMBCLIENT_LIBS@ +SOFTHSM2_PATH = @SOFTHSM2_PATH@ +SOFTHSM2_UTIL = @SOFTHSM2_UTIL@ +SSH_KEYGEN = @SSH_KEYGEN@ +SSL_CFLAGS = @SSL_CFLAGS@ +SSL_LIBS = @SSL_LIBS@ +SSSD_USER = @SSSD_USER@ +STRIP = @STRIP@ +SYSTEMD_DAEMON_CFLAGS = @SYSTEMD_DAEMON_CFLAGS@ +SYSTEMD_DAEMON_LIBS = @SYSTEMD_DAEMON_LIBS@ +SYSTEMD_LOGIN_CFLAGS = @SYSTEMD_LOGIN_CFLAGS@ +SYSTEMD_LOGIN_LIBS = @SYSTEMD_LOGIN_LIBS@ +TALLOC_CFLAGS = @TALLOC_CFLAGS@ +TALLOC_LIBS = @TALLOC_LIBS@ +TDB_CFLAGS = @TDB_CFLAGS@ +TDB_LIBS = @TDB_LIBS@ +TEST_DIR = @TEST_DIR@ +TEVENT_CFLAGS = @TEVENT_CFLAGS@ +TEVENT_LIBS = @TEVENT_LIBS@ +UNICODE_LIBS = @UNICODE_LIBS@ +USE_NLS = @USE_NLS@ +UUID_CFLAGS = @UUID_CFLAGS@ +UUID_LIBS = @UUID_LIBS@ +VALGRIND = @VALGRIND@ +VALGRIND_ENABLED = @VALGRIND_ENABLED@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XMLLINT = @XMLLINT@ +XSLTPROC = @XSLTPROC@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +appmodpath = @appmodpath@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +cifspluginpath = @cifspluginpath@ +config_def_ccache_dir = @config_def_ccache_dir@ +config_def_ccname_template = @config_def_ccname_template@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbpath = @dbpath@ +docdir = @docdir@ +dvidir = @dvidir@ +environment_file = @environment_file@ +exec_prefix = @exec_prefix@ +gpocachepath = @gpocachepath@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +initdir = @initdir@ +install_sh = @install_sh@ +krb5authdatapluginpath = @krb5authdatapluginpath@ +krb5pluginpath = @krb5pluginpath@ +krb5rcachedir = @krb5rcachedir@ +ldblibdir = @ldblibdir@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +logpath = @logpath@ +mandir = @mandir@ +mcpath = @mcpath@ +mkdir_p = @mkdir_p@ +nfsidmaplibdir = @nfsidmaplibdir@ +nfslibpath = @nfslibpath@ +nsslibdir = @nsslibdir@ +oldincludedir = @oldincludedir@ +pammoddir = @pammoddir@ +pdfdir = @pdfdir@ +pidpath = @pidpath@ +pipepath = @pipepath@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pluginpath = @pluginpath@ +polkitdir = @polkitdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pubconfpath = @pubconfpath@ +py2execdir = @py2execdir@ +py3execdir = @py3execdir@ +pyexecdir = @pyexecdir@ +python2dir = @python2dir@ +python3dir = @python3dir@ +pythondir = @pythondir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +secdbpath = @secdbpath@ +session_recording_shell = @session_recording_shell@ +sharedbuilddir = @sharedbuilddir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subidlibpath = @subidlibpath@ +sudolibpath = @sudolibpath@ +sysconfdir = @sysconfdir@ +systemdconfdir = @systemdconfdir@ +systemdunitdir = @systemdunitdir@ +tapset_dir = @tapset_dir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ + +# The following variable is dependent on placement of this file +top_builddir = ../.. +top_srcdir = @top_srcdir@ +valgrind_enabled_tools = @valgrind_enabled_tools@ +valgrind_tools = @valgrind_tools@ +winbindpluginpath = @winbindpluginpath@ + +############ +# MANPAGES # +############ + +# If no conditions are given, *all* conditionals are expanded. We don't want +# to include any conditions by default, so we need to pass a phony conditional +# conditionals are delimeted with a semicolon +@BUILD_SUDO_TRUE@SUDO_CONDS = ;with_sudo +@BUILD_AUTOFS_TRUE@AUTOFS_CONDS = ;with_autofs +@BUILD_SSH_TRUE@SSH_CONDS = ;with_ssh +@BUILD_PAC_RESPONDER_TRUE@PAC_RESPONDER_CONDS = ;with_pac_responder +@BUILD_IFP_TRUE@IFP_CONDS = ;with_ifp +@BUILD_KCM_TRUE@KCM_CONDS = ;with_kcm +@BUILD_SYSTEMTAP_TRUE@STAP_CONDS = ;with_stap +@GPO_DEFAULT_ENFORCING_FALSE@GPO_CONDS = ;gpo_default_permissive +@GPO_DEFAULT_ENFORCING_TRUE@GPO_CONDS = ;gpo_default_enforcing +@HAVE_SYSTEMD_UNIT_TRUE@SYSTEMD_CONDS = ;have_systemd +@BUILD_KCM_RENEWAL_TRUE@KCM_RENEWAL_CONDS = ;enable_kcm_renewal +@BUILD_LOCKFREE_CLIENT_TRUE@LOCKFREE_CLIENT_CONDS = ;enable_lockfree_support +@HAVE_INOTIFY_TRUE@HAVE_INOTIFY_CONDS = ;have_inotify +@BUILD_PASSKEY_TRUE@PASSKEY_CONDS = ;build_passkey +@BUILD_FILES_PROVIDER_FALSE@FILES_PROVIDER_CONDS = ;without_files_provider +@BUILD_FILES_PROVIDER_TRUE@FILES_PROVIDER_CONDS = ;with_files_provider +@SSSD_NON_ROOT_USER_TRUE@SSSD_NON_ROOT_USER_CONDS = ;with_non_root_user_support +CONDS = with_false$(SUDO_CONDS)$(AUTOFS_CONDS)$(SSH_CONDS)$(PAC_RESPONDER_CONDS)$(IFP_CONDS)$(GPO_CONDS)$(SYSTEMD_CONDS)$(KCM_CONDS)$(STAP_CONDS)$(KCM_RENEWAL_CONDS)$(LOCKFREE_CLIENT_CONDS)$(HAVE_INOTIFY_CONDS)$(PASSKEY_CONDS)$(FILES_PROVIDER_CONDS)$(SSSD_NON_ROOT_USER_CONDS) +XMLLINT_FLAGS = --catalogs --postvalid --nonet --noent --xinclude --noout +XSLTPROC_FLAGS = --catalogs --xinclude --nonet $(am__append_1) +EXTRA_DIST = $(wildcard $(srcdir)/*.xml) $(wildcard \ + $(srcdir)/include/*.xml) $(POTFILE) $(PO4A_CONFIG) +man_MANS = sssd.8 sssd.conf.5 sssd-ldap.5 sssd-ldap-attributes.5 \ + sssd-krb5.5 sssd-simple.5 sss-certmap.5 \ + sssd_krb5_locator_plugin.8 sssd_krb5_localauth_plugin.8 \ + pam_sss.8 pam_sss_gss.8 sss_obfuscate.8 sss_cache.8 \ + sss_debuglevel.8 sss_seed.8 sss_override.8 idmap_sss.8 \ + sssctl.8 sssd-session-recording.5 $(NULL) $(am__append_2) \ + $(am__append_3) $(am__append_4) $(am__append_5) \ + $(am__append_6) $(am__append_7) $(am__append_8) \ + $(am__append_9) +PACKAGE_DOC = sssd-docs +POTFILE = po/$(PACKAGE_DOC).pot +PO4A_CONFIG = po/po4a.cfg + +# Extract the list of languages from the po4a config file. +LINGUAS_DIST = `$(SED) -ne 's/^.*\[po4a_langs\] \(.*\)$$/\1/p' $(srcdir)/$(PO4A_CONFIG)` +PO4A_COMMON_OPTS = --option doctype=docbook \ + --package-name $(PACKAGE_DOC) \ + --variable builddir=$(CURDIR) \ + --package-version $(PACKAGE_VERSION) \ + --msgid-bugs-address sssd-devel@redhat.com \ + --copyright-holder "Red Hat" + +PO4A_BUILD_OPTS = $(PO4A_COMMON_OPTS) --no-backups +XML_DOC = $(wildcard $(srcdir)/*.xml) $(wildcard $(srcdir)/include/*.xml) +@HAVE_PO4A_TRUE@CFG_PAGES = $(addprefix $(srcdir)/, $(shell grep '\[type:docbook\]' $(PO4A_CONFIG) | awk '{print $$2}' | tr '\n' ' ')) +@HAVE_PO4A_TRUE@NONTRANSLATED_PAGES = $(filter-out $(CFG_PAGES), $(XML_DOC)) +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/man/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign src/man/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-man1: $(man_MANS) + @$(NORMAL_INSTALL) + @list1=''; \ + list2='$(man_MANS)'; \ + test -n "$(man1dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.1[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + +uninstall-man1: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir) +install-man5: $(man_MANS) + @$(NORMAL_INSTALL) + @list1=''; \ + list2='$(man_MANS)'; \ + test -n "$(man5dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.5[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ + done; } + +uninstall-man5: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man5dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.5[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) +install-man8: $(man_MANS) + @$(NORMAL_INSTALL) + @list1=''; \ + list2='$(man_MANS)'; \ + test -n "$(man8dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.8[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + +uninstall-man8: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + +@HAVE_PO4A_FALSE@dist-hook: +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$(top_distdir)" distdir="$(distdir)" \ + dist-hook +check-am: all-am +check: check-am +all-am: Makefile $(MANS) all-local +installdirs: + for dir in "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-local mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-data-local install-man + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: install-man1 install-man5 install-man8 + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-local uninstall-man + +uninstall-man: uninstall-man1 uninstall-man5 uninstall-man8 + +.MAKE: install-am install-strip + +.PHONY: all all-am all-local check check-am clean clean-generic \ + clean-libtool clean-local cscopelist-am ctags-am dist-hook \ + distclean distclean-generic distclean-libtool distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-data-local install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-man1 install-man5 install-man8 install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \ + uninstall-am uninstall-local uninstall-man uninstall-man1 \ + uninstall-man5 uninstall-man8 + +.PRECIOUS: Makefile + + +#Special Rules: +export SGML_CATALOG_FILES +DOCBOOK_XSLT ?= http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl + +$(builddir)/src/man/sssd_user_name.include: + @mkdir -p $(builddir)/src/man + @echo -n $(SSSD_USER) > $(builddir)/src/man/sssd_user_name.include + +%.1: %.1.xml + $(XMLLINT) $(XMLLINT_FLAGS) $< + $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< + +%.3: %.3.xml + $(XMLLINT) $(XMLLINT_FLAGS) $< + $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< + +%.5: %.5.xml $(builddir)/src/man/sssd_user_name.include + $(XMLLINT) --path "$(srcdir)/src/man:$(builddir)/src/man" $(XMLLINT_FLAGS) $< + $(XSLTPROC) --path "$(srcdir)/src/man:$(builddir)/src/man" -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< + +%.8: %.8.xml + $(XMLLINT) $(XMLLINT_FLAGS) $< + $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< + +# If the user has not defined it let's use the default. +LINGUAS ?= $(LINGUAS_DIST) + +# FIXME: Use a stamp file until po4a supports them internally. +@HAVE_PO4A_TRUE@man.stamp: $(XML_DOC) $(POTFILE) $(PO4A_CONFIG) +@HAVE_PO4A_TRUE@ cd $(srcdir) && \ +@HAVE_PO4A_TRUE@ $(PO4A) $(PO4A_BUILD_OPTS) $(PO4A_CONFIG) +@HAVE_PO4A_TRUE@ touch $@ + +@HAVE_PO4A_TRUE@update-po: +@HAVE_PO4A_TRUE@ @if test x"$(NONTRANSLATED_PAGES)" != "x"; then \ +@HAVE_PO4A_TRUE@ echo "The following pages are not translated" $(NONTRANSLATED_PAGES); \ +@HAVE_PO4A_TRUE@ exit 1; \ +@HAVE_PO4A_TRUE@ fi +@HAVE_PO4A_TRUE@ cd $(srcdir) && \ +@HAVE_PO4A_TRUE@ $(PO4A) $(PO4A_BUILD_OPTS) --force $(PO4A_CONFIG) + +@HAVE_PO4A_TRUE@dist-hook: man.stamp +@HAVE_PO4A_TRUE@ if [ -f man.stamp ]; then \ +@HAVE_PO4A_TRUE@ cp man.stamp $(distdir); \ +@HAVE_PO4A_TRUE@ for lang in $(LINGUAS_DIST); do \ +@HAVE_PO4A_TRUE@ cp $(srcdir)/po/$$lang.po $(distdir)/po; \ +@HAVE_PO4A_TRUE@ $(mkdir_p) $(distdir)/$$lang; \ +@HAVE_PO4A_TRUE@ cp -r $(builddir)/$$lang $(distdir)/; \ +@HAVE_PO4A_TRUE@ done; \ +@HAVE_PO4A_TRUE@ else \ +@HAVE_PO4A_TRUE@ cp $(srcdir)/man.stamp $(distdir); \ +@HAVE_PO4A_TRUE@ for lang in $(LINGUAS_DIST); do \ +@HAVE_PO4A_TRUE@ cp $(srcdir)/po/$$lang.po $(distdir)/po; \ +@HAVE_PO4A_TRUE@ $(mkdir_p) $(distdir)/$$lang; \ +@HAVE_PO4A_TRUE@ cp -r $(srcdir)/$$lang $(distdir)/; \ +@HAVE_PO4A_TRUE@ done; \ +@HAVE_PO4A_TRUE@ fi + +@HAVE_PO4A_TRUE@clean-local: +@HAVE_PO4A_TRUE@ for lang in $(LINGUAS); do \ +@HAVE_PO4A_TRUE@ if [ -d $$lang ]; then \ +@HAVE_PO4A_TRUE@ rm -rf $$lang; \ +@HAVE_PO4A_TRUE@ fi \ +@HAVE_PO4A_TRUE@ done +@HAVE_PO4A_TRUE@ rm -f $(man_MANS) +@HAVE_PO4A_TRUE@ rm -f man.stamp +@HAVE_PO4A_TRUE@ rm -f $(builddir)/src/man/sssd_user_name.include + +@HAVE_PO4A_FALSE@man.stamp: $(XML_DOC) +@HAVE_PO4A_FALSE@ touch $@ + +@HAVE_PO4A_FALSE@clean-local: +@HAVE_PO4A_FALSE@ rm -f $(man_MANS) +@HAVE_PO4A_FALSE@ rm -f man.stamp +@HAVE_PO4A_FALSE@ rm -f $(builddir)/src/man/sssd_user_name.include + +# Generate translated manual pages +all-local: all-local-@USE_NLS@ +all-local-no: +all-local-yes: man.stamp + if [ -z $$recursion ]; then \ + for lang in $(LINGUAS); do \ + if [ -d $$lang ]; then \ + sources=$$(ls -1 $$lang/*.xml); \ + manpages=$$(echo $$sources | $(SED) 's/\.xml//g'); \ + $(MAKE) recursion=1 man_MANS="$$manpages"; \ + fi \ + done \ + fi + +install-data-local: install-data-local-@USE_NLS@ +install-data-local-no: +install-data-local-yes: + for lang in $(LINGUAS); do \ + if [ -d $$lang ]; then \ + sources=$$(ls -1 $$lang/*.xml); \ + manpages=$$(echo $$sources | $(SED) 's/\.xml//g'); \ + $(MAKE) install-man \ + mandir="$(mandir)/$$lang" \ + man_MANS="$$manpages"; \ + fi \ + done + +uninstall-local: uninstall-local-@USE_NLS@ +uninstall-local-no: +uninstall-local-yes: + for lang in $(LINGUAS); do \ + if [ -d $$lang ]; then \ + sources=$$(ls -1 $$lang/*.xml); \ + manpages=$$(echo $$sources | $(SED) 's/\.xml//g'); \ + $(MAKE) uninstall-man \ + mandir="$(mandir)/$$lang" \ + man_MANS="$$manpages"; \ + fi \ + done + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/man/br/include/ad_modified_defaults.xml b/src/man/br/include/ad_modified_defaults.xml new file mode 100644 index 0000000..6ee0537 --- /dev/null +++ b/src/man/br/include/ad_modified_defaults.xml @@ -0,0 +1,104 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and AD provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_enterprise_principal = true + + + + + + LDAP Provider + + + + ldap_schema = ad + + + + + ldap_force_upper_case_realm = true + + + + + ldap_id_mapping = true + + + + + ldap_sasl_mech = GSS-SPNEGO + + + + + ldap_referrals = false + + + + + ldap_account_expire_policy = ad + + + + + ldap_use_tokengroups = true + + + + + ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM) + + + The AD provider looks for a different principal than the LDAP provider by +default, because in an Active Directory environment the principals are +divided into two groups - User Principals and Service Principals. Only User +Principal can be used to obtain a TGT and by default, computer object's +principal is constructed from its sAMAccountName and the AD realm. The +well-known host/hostname@REALM principal is a Service Principal and thus +cannot be used to get a TGT with. + + + + + + NSS configuration + + + + fallback_homedir = /home/%d/%u + + + The AD provider automatically sets "fallback_homedir = /home/%d/%u" to +provide personal home directories for users without the homeDirectory +attribute. If your AD Domain is properly populated with Posix attributes, +and you want to avoid this fallback behavior, you can explicitly set +"fallback_homedir = %o". + + + Note that the system typically expects a home directory in /home/%u +folder. If you decide to use a different directory structure, some other +parts of your system may need adjustments. + + + For example automated creation of home directories in combination with +selinux requires selinux adjustment, otherwise the home directory will be +created with wrong selinux context. + + + + + diff --git a/src/man/br/include/autofs_attributes.xml b/src/man/br/include/autofs_attributes.xml new file mode 100644 index 0000000..8016b31 --- /dev/null +++ b/src/man/br/include/autofs_attributes.xml @@ -0,0 +1,66 @@ + + + ldap_autofs_map_object_class (string) + + + The object class of an automount map entry in LDAP. + + + Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap + + + + + + ldap_autofs_map_name (string) + + + The name of an automount map entry in LDAP. + + + Default: nisMapName (rfc2307, autofs_provider=ad), otherwise +automountMapName + + + + + + ldap_autofs_entry_object_class (string) + + + The object class of an automount entry in LDAP. The entry usually +corresponds to a mount point. + + + Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount + + + + + + ldap_autofs_entry_key (string) + + + The key of an automount entry in LDAP. The entry usually corresponds to a +mount point. + + + Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey + + + + + + ldap_autofs_entry_value (string) + + + The key of an automount entry in LDAP. The entry usually corresponds to a +mount point. + + + Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise +automountInformation + + + + diff --git a/src/man/br/include/autofs_restart.xml b/src/man/br/include/autofs_restart.xml new file mode 100644 index 0000000..f31efe5 --- /dev/null +++ b/src/man/br/include/autofs_restart.xml @@ -0,0 +1,5 @@ + + Please note that the automounter only reads the master map on startup, so if +any autofs-related changes are made to the sssd.conf, you typically also +need to restart the automounter daemon after restarting the SSSD. + diff --git a/src/man/br/include/debug_levels.xml b/src/man/br/include/debug_levels.xml new file mode 100644 index 0000000..1f51573 --- /dev/null +++ b/src/man/br/include/debug_levels.xml @@ -0,0 +1,97 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Please note that each SSSD service logs into its own log file. Also please +note that enabling debug_level in the [sssd] +section only enables debugging just for the sssd process itself, not for the +responder or provider processes. The debug_level parameter +should be added to all sections that you wish to produce debug logs from. + + + In addition to changing the log level in the config file using the +debug_level parameter, which is persistent, but requires SSSD +restart, it is also possible to change the debug level on the fly using the + sss_debuglevel +8 tool. + + + Currently supported debug levels: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 9, 0x20000: Performance and +statistical data, please note that due to the way requests are processed +internally the logged execution time of a request might be longer than it +actually was. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Example: To log fatal failures, critical failures, +serious failures and function data use 0x0270. + + + Example: To log fatal failures, configuration settings, +function data, trace messages for internal control functions use 0x1310. + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/br/include/debug_levels_tools.xml b/src/man/br/include/debug_levels_tools.xml new file mode 100644 index 0000000..23f2f89 --- /dev/null +++ b/src/man/br/include/debug_levels_tools.xml @@ -0,0 +1,77 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Currently supported debug levels: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Example: To log fatal failures, critical failures, +serious failures and function data use 0x0270. + + + Example: To log fatal failures, configuration settings, +function data, trace messages for internal control functions use 0x1310. + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/br/include/failover.xml b/src/man/br/include/failover.xml new file mode 100644 index 0000000..e5f8a25 --- /dev/null +++ b/src/man/br/include/failover.xml @@ -0,0 +1,120 @@ + + FAILOVER + + The failover feature allows back ends to automatically switch to a different +server if the current server fails. + + + Failover Syntax + + The list of servers is given as a comma-separated list; any number of spaces +is allowed around the comma. The servers are listed in order of +preference. The list can contain any number of servers. + + + For each failover-enabled config option, two variants exist: +primary and backup. The idea is +that servers in the primary list are preferred and backup servers are only +searched if no primary servers can be reached. If a backup server is +selected, a timeout of 31 seconds is set. After this timeout SSSD will +periodically try to reconnect to one of the primary servers. If it succeeds, +it will replace the current active (backup) server. + + + + The Failover Mechanism + + The failover mechanism distinguishes between a machine and a service. The +back end first tries to resolve the hostname of a given machine; if this +resolution attempt fails, the machine is considered offline. No further +attempts are made to connect to this machine for any other service. If the +resolution attempt succeeds, the back end tries to connect to a service on +this machine. If the service connection attempt fails, then only this +particular service is considered offline and the back end automatically +switches over to the next service. The machine is still considered online +and might still be tried for another service. + + + Further connection attempts are made to machines or services marked as +offline after a specified period of time; this is currently hard coded to 30 +seconds. + + + If there are no more machines to try, the back end as a whole switches to +offline mode, and then attempts to reconnect every 30 seconds. + + + + Failover time outs and tuning + + Resolving a server to connect to can be as simple as running a single DNS +query or can involve several steps, such as finding the correct site or +trying out multiple host names in case some of the configured servers are +not reachable. The more complex scenarios can take some time and SSSD needs +to balance between providing enough time to finish the resolution process +but on the other hand, not trying for too long before falling back to +offline mode. If the SSSD debug logs show that the server resolution is +timing out before a live server is contacted, you can consider changing the +time outs. + + + This section lists the available tunables. Please refer to their description +in the +sssd.conf5 +, manual page. + + + dns_resolver_server_timeout + + + + Time in milliseconds that sets how long would SSSD talk to a single DNS +server before trying next one. + + + Default: 1000 + + + + + + dns_resolver_op_timeout + + + + Time in seconds to tell how long would SSSD try to resolve single DNS query +(e.g. resolution of a hostname or an SRV record) before trying the next +hostname or discovery domain. + + + Dre ziouer : 3 + + + + + + dns_resolver_timeout + + + + How long would SSSD try to resolve a failover service. This service +resolution internally might include several steps, such as resolving DNS SRV +queries or locating the site. + + + Default: 6 + + + + + + + For LDAP-based providers, the resolve operation is performed as part of an +LDAP connection operation. Therefore, also the +ldap_opt_timeout timeout should be set to a larger value than +dns_resolver_timeout which in turn should be set to a larger +value than dns_resolver_op_timeout which should be larger +than dns_resolver_server_timeout. + + + diff --git a/src/man/br/include/homedir_substring.xml b/src/man/br/include/homedir_substring.xml new file mode 100644 index 0000000..d7533de --- /dev/null +++ b/src/man/br/include/homedir_substring.xml @@ -0,0 +1,17 @@ + + homedir_substring (string) + + + The value of this option will be used in the expansion of the +override_homedir option if the template contains the +format string %H. An LDAP directory entry can directly +contain this template so that this option can be used to expand the home +directory path for each client machine (or operating system). It can be set +per-domain or globally in the [nss] section. A value specified in a domain +section will override one set in the [nss] section. + + + Default: /home + + + diff --git a/src/man/br/include/ipa_modified_defaults.xml b/src/man/br/include/ipa_modified_defaults.xml new file mode 100644 index 0000000..4ad4b45 --- /dev/null +++ b/src/man/br/include/ipa_modified_defaults.xml @@ -0,0 +1,123 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and IPA provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_fast = try + + + + + krb5_canonicalize = true + + + + + + LDAP Provider - General + + + + ldap_schema = ipa_v1 + + + + + ldap_force_upper_case_realm = true + + + + + ldap_sasl_mech = GSSAPI + + + + + ldap_sasl_minssf = 56 + + + + + ldap_account_expire_policy = ipa + + + + + ldap_use_tokengroups = true + + + + + + LDAP Provider - User options + + + + ldap_user_member_of = memberOf + + + + + ldap_user_uuid = ipaUniqueID + + + + + ldap_user_ssh_public_key = ipaSshPubKey + + + + + ldap_user_auth_type = ipaUserAuthType + + + + + + LDAP Provider - Group options + + + + ldap_group_object_class = ipaUserGroup + + + + + ldap_group_object_class_alt = posixGroup + + + + + ldap_group_member = member + + + + + ldap_group_uuid = ipaUniqueID + + + + + ldap_group_objectsid = ipaNTSecurityIdentifier + + + + + ldap_group_external_member = ipaExternalMember + + + + + diff --git a/src/man/br/include/krb5_options.xml b/src/man/br/include/krb5_options.xml new file mode 100644 index 0000000..e13ba89 --- /dev/null +++ b/src/man/br/include/krb5_options.xml @@ -0,0 +1,153 @@ + + + krb5_auth_timeout (integer) + + + Timeout in seconds after an online authentication request or change password +request is aborted. If possible, the authentication request is continued +offline. + + + Default: 6 + + + + + + krb5_validate (boolean) + + + Verify with the help of krb5_keytab that the TGT obtained has not been +spoofed. The keytab is checked for entries sequentially, and the first entry +with a matching realm is used for validation. If no entry matches the realm, +the last entry in the keytab is used. This process can be used to validate +environments using cross-realm trust by placing the appropriate keytab entry +as the last entry or the only entry in the keytab file. + + + Default: false (IPA and AD provider: true) + + + Please note that the ticket validation is the first step when checking the +PAC (see 'pac_check' in the +sssd.conf 5 + manual page for details). If ticket validation is disabled +the PAC checks will be skipped as well. + + + + + + krb5_renewable_lifetime (string) + + + Request a renewable ticket with a total lifetime, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + Default: not set, i.e. the TGT is not renewable + + + + + + krb5_lifetime (string) + + + Request ticket with a lifetime, given as an integer immediately followed by +a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given s is assumed. + + + NOTE: It is not possible to mix units. To set the lifetime to one and a +half hours please use '90m' instead of '1h30m'. + + + Default: not set, i.e. the default ticket lifetime configured on the KDC. + + + + + + krb5_renew_interval (string) + + + The time in seconds between two checks if the TGT should be renewed. TGTs +are renewed if about half of their lifetime is exceeded, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + If this option is not set or is 0 the automatic renewal is disabled. + + + Default: not set + + + + + + krb5_canonicalize (boolean) + + + Specifies if the host and user principal should be canonicalized. This +feature is available with MIT Kerberos 1.7 and later versions. + + + + Default: false + + + + diff --git a/src/man/br/include/ldap_id_mapping.xml b/src/man/br/include/ldap_id_mapping.xml new file mode 100644 index 0000000..f80be8d --- /dev/null +++ b/src/man/br/include/ldap_id_mapping.xml @@ -0,0 +1,284 @@ + + ID MAPPING + + The ID-mapping feature allows SSSD to act as a client of Active Directory +without requiring administrators to extend user attributes to support POSIX +attributes for user and group identifiers. + + + NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are +ignored. This is to avoid the possibility of conflicts between +automatically-assigned and manually-assigned values. If you need to use +manually-assigned values, ALL values must be manually-assigned. + + + Please note that changing the ID mapping related configuration options will +cause user and group IDs to change. At the moment, SSSD does not support +changing IDs, so the SSSD database must be removed. Because cached passwords +are also stored in the database, removing the database should only be +performed while the authentication servers are reachable, otherwise users +might get locked out. In order to cache the password, an authentication must +be performed. It is not sufficient to use +sss_cache 8 + to remove the database, rather the process consists of: + + + + Making sure the remote servers are reachable + + + + + Stopping the SSSD service + + + + + Removing the database + + + + + Starting the SSSD service + + + + Moreover, as the change of IDs might necessitate the adjustment of other +system properties such as file and directory ownership, it's advisable to +plan ahead and test the ID mapping configuration thoroughly. + + + + Mapping Algorithm + + Active Directory provides an objectSID for every user and group object in +the directory. This objectSID can be broken up into components that +represent the Active Directory domain identity and the relative identifier +(RID) of the user or group object. + + + The SSSD ID-mapping algorithm takes a range of available UIDs and divides it +into equally-sized component sections - called "slices"-. Each slice +represents the space available to an Active Directory domain. + + + When a user or group entry for a particular domain is encountered for the +first time, the SSSD allocates one of the available slices for that +domain. In order to make this slice-assignment repeatable on different +client machines, we select the slice based on the following algorithm: + + + The SID string is passed through the murmurhash3 algorithm to convert it to +a 32-bit hashed value. We then take the modulus of this value with the total +number of available slices to pick the slice. + + + NOTE: It is possible to encounter collisions in the hash and subsequent +modulus. In these situations, we will select the next available slice, but +it may not be possible to reproduce the same exact set of slices on other +machines (since the order that they are encountered will determine their +slice). In this situation, it is recommended to either switch to using +explicit POSIX attributes in Active Directory (disabling ID-mapping) or +configure a default domain to guarantee that at least one is always +consistent. See Configuration for details. + + + + + Configuration + + Minimum configuration (in the [domain/DOMAINNAME] section): + + + +ldap_id_mapping = True +ldap_schema = ad + + + + The default configuration results in configuring 10,000 slices, each capable +of holding up to 200,000 IDs, starting from 200,000 and going up to +2,000,200,000. This should be sufficient for most deployments. + + + Advanced Configuration + + + ldap_idmap_range_min (integer) + + + Specifies the lower (inclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +can be used for the mapping. + + + NOTE: This option is different from min_id in that +min_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +min_id be less-than or equal to +ldap_idmap_range_min + + + Default: 200000 + + + + + ldap_idmap_range_max (integer) + + + Specifies the upper (exclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +cannot be used for the mapping anymore, i.e. one larger than the last one +which can be used for the mapping. + + + NOTE: This option is different from max_id in that +max_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +max_id be greater-than or equal to +ldap_idmap_range_max + + + Default: 2000200000 + + + + + ldap_idmap_range_size (integer) + + + Specifies the number of IDs available for each slice. If the range size +does not divide evenly into the min and max values, it will create as many +complete slices as it can. + + + NOTE: The value of this option must be at least as large as the highest user +RID planned for use on the Active Directory server. User lookups and login +will fail for any user whose RID is greater than this value. + + + For example, if your most recently-added Active Directory user has +objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, +ldap_idmap_range_size must be at least 1108 as range size is +equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1). + + + It is important to plan ahead for future expansion, as changing this value +will result in changing all of the ID mappings on the system, leading to +users with different local IDs than they previously had. + + + Default: 200000 + + + + + ldap_idmap_default_domain_sid (string) + + + Specify the domain SID of the default domain. This will guarantee that this +domain will always be assigned to slice zero in the ID map, bypassing the +murmurhash algorithm described above. + + + Default: not set + + + + + ldap_idmap_default_domain (string) + + + Specify the name of the default domain. + + + Default: not set + + + + + ldap_idmap_autorid_compat (boolean) + + + Changes the behavior of the ID-mapping algorithm to behave more similarly to +winbind's idmap_autorid algorithm. + + + When this option is configured, domains will be allocated starting with +slice zero and increasing monotonically with each additional domain. + + + NOTE: This algorithm is non-deterministic (it depends on the order that +users and groups are requested). If this mode is required for compatibility +with machines running winbind, it is recommended to also use the +ldap_idmap_default_domain_sid option to guarantee that at +least one domain is consistently allocated to slice zero. + + + Default: False + + + + + ldap_idmap_helper_table_size (integer) + + + Maximal number of secondary slices that is tried when performing mapping +from UNIX id to SID. + + + Note: Additional secondary slices might be generated when SID is being +mapped to UNIX id and RID part of SID is out of range for secondary slices +generated so far. If value of ldap_idmap_helper_table_size is equal to 0 +then no additional secondary slices are generated. + + + Default: 10 + + + + + + + + + Well-Known SIDs + + SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a +special hardcoded meaning. Since the generic users and groups related to +those Well-Known SIDs have no equivalent in a Linux/UNIX environment no +POSIX IDs are available for those objects. + + + The SID name space is organized in authorities which can be seen as +different domains. The authorities for the Well-Known SIDs are + + Null Authority + World Authority + Local Authority + Creator Authority + Mandatory Label Authority + Authentication Authority + NT Authority + Built-in + + The capitalized version of these names are used as domain names when +returning the fully qualified name of a Well-Known SID. + + + Since some utilities allow to modify SID based access control information +with the help of a name instead of using the SID directly SSSD supports to +look up the SID by the name as well. To avoid collisions only the fully +qualified names can be used to look up Well-Known SIDs. As a result the +domain names NULL AUTHORITY, WORLD AUTHORITY, +LOCAL AUTHORITY, CREATOR AUTHORITY, +MANDATORY LABEL AUTHORITY, AUTHENTICATION +AUTHORITY, NT AUTHORITY and BUILTIN +should not be used as domain names in sssd.conf. + + + + diff --git a/src/man/br/include/ldap_search_bases.xml b/src/man/br/include/ldap_search_bases.xml new file mode 100644 index 0000000..189f862 --- /dev/null +++ b/src/man/br/include/ldap_search_bases.xml @@ -0,0 +1,31 @@ + + + An optional base DN, search scope and LDAP filter to restrict LDAP searches +for this attribute type. + + + syntax: +search_base[?scope?[filter][?search_base?scope?[filter]]*] + + + + The scope can be one of "base", "onelevel" or "subtree". The scope functions +as specified in section 4.5.1.2 of http://tools.ietf.org/html/rfc4511 + + + The filter must be a valid LDAP search filter as specified by +http://www.ietf.org/rfc/rfc2254.txt + + + For examples of this syntax, please refer to the +ldap_search_base examples section. + + + Default: the value of ldap_search_base + + + Please note that specifying scope or filter is not supported for searches +against an Active Directory Server that might yield a large number of +results and trigger the Range Retrieval extension in the response. + + diff --git a/src/man/br/include/local.xml b/src/man/br/include/local.xml new file mode 100644 index 0000000..ce849a3 --- /dev/null +++ b/src/man/br/include/local.xml @@ -0,0 +1,17 @@ + + THE LOCAL DOMAIN + + In order to function correctly, a domain with +id_provider=local must be created and the SSSD must be +running. + + + The administrator might want to use the SSSD local users instead of +traditional UNIX users in cases where the group nesting (see +sss_groupadd 8 +) is needed. The local users are also useful for testing and +development of the SSSD without having to deploy a full remote server. The +sss_user* and sss_group* tools use a +local LDB storage to store users and groups. + + diff --git a/src/man/br/include/override_homedir.xml b/src/man/br/include/override_homedir.xml new file mode 100644 index 0000000..68a1c5e --- /dev/null +++ b/src/man/br/include/override_homedir.xml @@ -0,0 +1,78 @@ + +override_homedir (string) + + + Override the user's home directory. You can either provide an absolute value +or a template. In the template, the following sequences are substituted: + + + %u + login name + + + %U + UID number + + + %d + domain name + + + %f + fully qualified user name (user@domain) + + + %l + The first letter of the login name. + + + %P + UPN - User Principal Name (name@REALM) + + + %o + + The original home directory retrieved from the identity provider. + + + + %h + + The original home directory retrieved from the identity provider, but in +lower case. + + + + %H + + The value of configure option homedir_substring. + + + + %% + a literal '%' + + + + + + This option can also be set per-domain. + + + example: +override_homedir = /home/%u + + + + Default: Not set (SSSD will use the value retrieved from LDAP) + + + Please note, the home directory from a specific override for the user, +either locally (see +sss_override +8) or centrally managed IPA +id-overrides, has a higher precedence and will be used instead of the value +given by override_homedir. + + + diff --git a/src/man/br/include/param_help.xml b/src/man/br/include/param_help.xml new file mode 100644 index 0000000..d28020b --- /dev/null +++ b/src/man/br/include/param_help.xml @@ -0,0 +1,10 @@ + + + , + + + + Display help message and exit. + + + diff --git a/src/man/br/include/param_help_py.xml b/src/man/br/include/param_help_py.xml new file mode 100644 index 0000000..a2478bf --- /dev/null +++ b/src/man/br/include/param_help_py.xml @@ -0,0 +1,10 @@ + + + , + + + + Display help message and exit. + + + diff --git a/src/man/br/include/seealso.xml b/src/man/br/include/seealso.xml new file mode 100644 index 0000000..07c9eeb --- /dev/null +++ b/src/man/br/include/seealso.xml @@ -0,0 +1,49 @@ + + GWELET IVEZ + + sssd8 +, +sssd.conf5 +, +sssd-ldap5 +, +sssd-ldap-attributes5 +, +sssd-krb55 +, +sssd-simple5 +, +sssd-ipa5 +, +sssd-ad5 +, +sssd-files5 +, +sssd-sudo 5 +, +sssd-session-recording +5 , +sss_cache8 +, +sss_debuglevel8 +, +sss_obfuscate8 +, +sss_seed8 +, +sssd_krb5_locator_plugin8 +, +sss_ssh_authorizedkeys +8 , +sss_ssh_knownhostsproxy +8 , sssd-ifp +5 , +pam_sss8 +. +sss_rpcidmapd 5 + +sssd-systemtap 5 + + + diff --git a/src/man/br/include/service_discovery.xml b/src/man/br/include/service_discovery.xml new file mode 100644 index 0000000..2e417a9 --- /dev/null +++ b/src/man/br/include/service_discovery.xml @@ -0,0 +1,41 @@ + + SERVICE DISCOVERY + + The service discovery feature allows back ends to automatically find the +appropriate servers to connect to using a special DNS query. This feature is +not supported for backup servers. + + + Configuration + + If no servers are specified, the back end automatically uses service +discovery to try to find a server. Optionally, the user may choose to use +both fixed server addresses and service discovery by inserting a special +keyword, _srv_, in the list of servers. The order of +preference is maintained. This feature is useful if, for example, the user +prefers to use service discovery whenever possible, and fall back to a +specific server when no servers can be discovered using DNS. + + + + The domain name + + Please refer to the dns_discovery_domain parameter in the + sssd.conf +5 manual page for more details. + + + + The protocol + + The queries usually specify _tcp as the protocol. Exceptions are documented +in respective option description. + + + + See Also + + For more information on the service discovery mechanism, refer to RFC 2782. + + + diff --git a/src/man/br/include/upstream.xml b/src/man/br/include/upstream.xml new file mode 100644 index 0000000..2a4ad16 --- /dev/null +++ b/src/man/br/include/upstream.xml @@ -0,0 +1,3 @@ + +SSSD The SSSD upstream - +https://github.com/SSSD/sssd/ diff --git a/src/man/ca/include/ad_modified_defaults.xml b/src/man/ca/include/ad_modified_defaults.xml new file mode 100644 index 0000000..6ee0537 --- /dev/null +++ b/src/man/ca/include/ad_modified_defaults.xml @@ -0,0 +1,104 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and AD provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_enterprise_principal = true + + + + + + LDAP Provider + + + + ldap_schema = ad + + + + + ldap_force_upper_case_realm = true + + + + + ldap_id_mapping = true + + + + + ldap_sasl_mech = GSS-SPNEGO + + + + + ldap_referrals = false + + + + + ldap_account_expire_policy = ad + + + + + ldap_use_tokengroups = true + + + + + ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM) + + + The AD provider looks for a different principal than the LDAP provider by +default, because in an Active Directory environment the principals are +divided into two groups - User Principals and Service Principals. Only User +Principal can be used to obtain a TGT and by default, computer object's +principal is constructed from its sAMAccountName and the AD realm. The +well-known host/hostname@REALM principal is a Service Principal and thus +cannot be used to get a TGT with. + + + + + + NSS configuration + + + + fallback_homedir = /home/%d/%u + + + The AD provider automatically sets "fallback_homedir = /home/%d/%u" to +provide personal home directories for users without the homeDirectory +attribute. If your AD Domain is properly populated with Posix attributes, +and you want to avoid this fallback behavior, you can explicitly set +"fallback_homedir = %o". + + + Note that the system typically expects a home directory in /home/%u +folder. If you decide to use a different directory structure, some other +parts of your system may need adjustments. + + + For example automated creation of home directories in combination with +selinux requires selinux adjustment, otherwise the home directory will be +created with wrong selinux context. + + + + + diff --git a/src/man/ca/include/autofs_attributes.xml b/src/man/ca/include/autofs_attributes.xml new file mode 100644 index 0000000..2b30de5 --- /dev/null +++ b/src/man/ca/include/autofs_attributes.xml @@ -0,0 +1,66 @@ + + + ldap_autofs_map_object_class (cadena) + + + The object class of an automount map entry in LDAP. + + + Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap + + + + + + ldap_autofs_map_name (cadena) + + + The name of an automount map entry in LDAP. + + + Default: nisMapName (rfc2307, autofs_provider=ad), otherwise +automountMapName + + + + + + ldap_autofs_entry_object_class (cadena) + + + The object class of an automount entry in LDAP. The entry usually +corresponds to a mount point. + + + Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount + + + + + + ldap_autofs_entry_key (cadena) + + + The key of an automount entry in LDAP. The entry usually corresponds to a +mount point. + + + Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey + + + + + + ldap_autofs_entry_value (cadena) + + + The key of an automount entry in LDAP. The entry usually corresponds to a +mount point. + + + Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise +automountInformation + + + + diff --git a/src/man/ca/include/autofs_restart.xml b/src/man/ca/include/autofs_restart.xml new file mode 100644 index 0000000..f31efe5 --- /dev/null +++ b/src/man/ca/include/autofs_restart.xml @@ -0,0 +1,5 @@ + + Please note that the automounter only reads the master map on startup, so if +any autofs-related changes are made to the sssd.conf, you typically also +need to restart the automounter daemon after restarting the SSSD. + diff --git a/src/man/ca/include/debug_levels.xml b/src/man/ca/include/debug_levels.xml new file mode 100644 index 0000000..7be587c --- /dev/null +++ b/src/man/ca/include/debug_levels.xml @@ -0,0 +1,103 @@ + + + L'SSSD admet dues representacions per a l'especificació del nivell de +depuració. La més senzilla és especificar un número del 0-9, que representa +el que permet cada nivell i tots els missatges de depuració de nivell +baix. L'opció més exhaustiva és especificar una màscara de bits en +hexadecimal per activar o desactivar els nivells específics (per exemple, si +voleu suprimir un nivell). + + + Si us plau, tingueu en compte que cadascun dels serveis de l'SSSD registra +el seu fitxer propi de registre. També tingueu en compte que l'habilitació +del debug_level a la secció [sssd]únicament +habilita la depuració del mateix procés de l'sssd, no per al procés del +contestador o del proveïdor. El paràmetre debug_level s'ha +d'afegir en totes les seccions que vulgueu que generin registres. + + + A més de canviar el nivell del registre al fitxer de configuració amb el +paràmetre debug_level, que és permanent, però requereix que +es reiniciï l'SSSD, també és possible canviar el nivell de depuració al vol +amb l'eina sss_debuglevel +8 . + + + Els nivells de depuració que s'admeten actualment: + + + 0, 0x0010: Fallides +fatals. Qualsevol cosa que impedeixi la posada en marxa de l'SSSD o provoqui +el seu cessament. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Fallides serioses. Un +error que anuncia que una petició o una operació en particular ha fallat. + + + 3, 0x0080: Fallides +menors. Aquests són els errors que enterboleixen i poden fer fracassar +l'operació dels 2. + + + 4, 0x0100: Ajusts de la +configuració. + + + 5, 0x0200: Dades de les funcions. + + + 6, 0x0400: Missatges de traça per +al funcionament de les funcions. + + + 7, 0x1000: Missatges de traça per +a les funcions internes de control. + + + 8, 0x2000: Contingut de les +variables de les funcions internes que poden ser interessants. + + + 9, 0x4000: Informació de traçat +extremadament de baix nivell. + + + 9, 0x20000: Performance and +statistical data, please note that due to the way requests are processed +internally the logged execution time of a request might be longer than it +actually was. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + Per registrar els nivells de depuració de la màscara de bits que es +requereixi, només heu d'afegir els seus números com es mostra en els +següents exemples: + + + Exemple: Per registrar les fallides fatals, les +fallides crítiques, les fallides serioses i les dades de les funcions, +utilitzeu0x0270. + + + Exemple: Per registrar les fallides fatals, els ajusts +de la configuració, les dades de les funcions, els missatges de traça per a +les funcions internes de control, utilitzeu 0x1310. + + + Nota: El format de la màscara de bits dels nivells de +depuració es va introduir en la versió 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/ca/include/debug_levels_tools.xml b/src/man/ca/include/debug_levels_tools.xml new file mode 100644 index 0000000..97e0d12 --- /dev/null +++ b/src/man/ca/include/debug_levels_tools.xml @@ -0,0 +1,82 @@ + + + L'SSSD admet dues representacions per a l'especificació del nivell de +depuració. La més senzilla és especificar un número del 0-9, que representa +el que permet cada nivell i tots els missatges de depuració de nivell +baix. L'opció més exhaustiva és especificar una màscara de bits en +hexadecimal per activar o desactivar els nivells específics (per exemple, si +voleu suprimir un nivell). + + + Els nivells de depuració que s'admeten actualment: + + + 0, 0x0010: Fallides +fatals. Qualsevol cosa que impedeixi la posada en marxa de l'SSSD o provoqui +el seu cessament. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Fallides serioses. Un +error que anuncia que una petició o una operació en particular ha fallat. + + + 3, 0x0080: Fallides +menors. Aquests són els errors que enterboleixen i poden fer fracassar +l'operació dels 2. + + + 4, 0x0100: Ajusts de la +configuració. + + + 5, 0x0200: Dades de les funcions. + + + 6, 0x0400: Missatges de traça per +al funcionament de les funcions. + + + 7, 0x1000: Missatges de traça per +a les funcions internes de control. + + + 8, 0x2000: Contingut de les +variables de les funcions internes que poden ser interessants. + + + 9, 0x4000: Informació de traçat +extremadament de baix nivell. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + Per registrar els nivells de depuració de la màscara de bits que es +requereixi, només heu d'afegir els seus números com es mostra en els +següents exemples: + + + Exemple: Per registrar les fallides fatals, les +fallides crítiques, les fallides serioses i les dades de les funcions, +utilitzeu0x0270. + + + Exemple: Per registrar les fallides fatals, els ajusts +de la configuració, les dades de les funcions, els missatges de traça per a +les funcions internes de control, utilitzeu 0x1310. + + + Nota: El format de la màscara de bits dels nivells de +depuració es va introduir en la versió 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/ca/include/failover.xml b/src/man/ca/include/failover.xml new file mode 100644 index 0000000..f4c6bc1 --- /dev/null +++ b/src/man/ca/include/failover.xml @@ -0,0 +1,120 @@ + + FAILOVER + + The failover feature allows back ends to automatically switch to a different +server if the current server fails. + + + Failover Syntax + + The list of servers is given as a comma-separated list; any number of spaces +is allowed around the comma. The servers are listed in order of +preference. The list can contain any number of servers. + + + For each failover-enabled config option, two variants exist: +primary and backup. The idea is +that servers in the primary list are preferred and backup servers are only +searched if no primary servers can be reached. If a backup server is +selected, a timeout of 31 seconds is set. After this timeout SSSD will +periodically try to reconnect to one of the primary servers. If it succeeds, +it will replace the current active (backup) server. + + + + The Failover Mechanism + + The failover mechanism distinguishes between a machine and a service. The +back end first tries to resolve the hostname of a given machine; if this +resolution attempt fails, the machine is considered offline. No further +attempts are made to connect to this machine for any other service. If the +resolution attempt succeeds, the back end tries to connect to a service on +this machine. If the service connection attempt fails, then only this +particular service is considered offline and the back end automatically +switches over to the next service. The machine is still considered online +and might still be tried for another service. + + + Further connection attempts are made to machines or services marked as +offline after a specified period of time; this is currently hard coded to 30 +seconds. + + + If there are no more machines to try, the back end as a whole switches to +offline mode, and then attempts to reconnect every 30 seconds. + + + + Failover time outs and tuning + + Resolving a server to connect to can be as simple as running a single DNS +query or can involve several steps, such as finding the correct site or +trying out multiple host names in case some of the configured servers are +not reachable. The more complex scenarios can take some time and SSSD needs +to balance between providing enough time to finish the resolution process +but on the other hand, not trying for too long before falling back to +offline mode. If the SSSD debug logs show that the server resolution is +timing out before a live server is contacted, you can consider changing the +time outs. + + + This section lists the available tunables. Please refer to their description +in the +sssd.conf5 +, manual page. + + + dns_resolver_server_timeout + + + + Time in milliseconds that sets how long would SSSD talk to a single DNS +server before trying next one. + + + Per defecte: 1000 + + + + + + dns_resolver_op_timeout + + + + Time in seconds to tell how long would SSSD try to resolve single DNS query +(e.g. resolution of a hostname or an SRV record) before trying the next +hostname or discovery domain. + + + Per defecte: 3 + + + + + + dns_resolver_timeout + + + + How long would SSSD try to resolve a failover service. This service +resolution internally might include several steps, such as resolving DNS SRV +queries or locating the site. + + + Per defecte: 6 + + + + + + + For LDAP-based providers, the resolve operation is performed as part of an +LDAP connection operation. Therefore, also the +ldap_opt_timeout timeout should be set to a larger value than +dns_resolver_timeout which in turn should be set to a larger +value than dns_resolver_op_timeout which should be larger +than dns_resolver_server_timeout. + + + diff --git a/src/man/ca/include/homedir_substring.xml b/src/man/ca/include/homedir_substring.xml new file mode 100644 index 0000000..f7328c7 --- /dev/null +++ b/src/man/ca/include/homedir_substring.xml @@ -0,0 +1,17 @@ + + homedir_substring (cadena) + + + The value of this option will be used in the expansion of the +override_homedir option if the template contains the +format string %H. An LDAP directory entry can directly +contain this template so that this option can be used to expand the home +directory path for each client machine (or operating system). It can be set +per-domain or globally in the [nss] section. A value specified in a domain +section will override one set in the [nss] section. + + + Per defecte: /home + + + diff --git a/src/man/ca/include/ipa_modified_defaults.xml b/src/man/ca/include/ipa_modified_defaults.xml new file mode 100644 index 0000000..4ad4b45 --- /dev/null +++ b/src/man/ca/include/ipa_modified_defaults.xml @@ -0,0 +1,123 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and IPA provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_fast = try + + + + + krb5_canonicalize = true + + + + + + LDAP Provider - General + + + + ldap_schema = ipa_v1 + + + + + ldap_force_upper_case_realm = true + + + + + ldap_sasl_mech = GSSAPI + + + + + ldap_sasl_minssf = 56 + + + + + ldap_account_expire_policy = ipa + + + + + ldap_use_tokengroups = true + + + + + + LDAP Provider - User options + + + + ldap_user_member_of = memberOf + + + + + ldap_user_uuid = ipaUniqueID + + + + + ldap_user_ssh_public_key = ipaSshPubKey + + + + + ldap_user_auth_type = ipaUserAuthType + + + + + + LDAP Provider - Group options + + + + ldap_group_object_class = ipaUserGroup + + + + + ldap_group_object_class_alt = posixGroup + + + + + ldap_group_member = member + + + + + ldap_group_uuid = ipaUniqueID + + + + + ldap_group_objectsid = ipaNTSecurityIdentifier + + + + + ldap_group_external_member = ipaExternalMember + + + + + diff --git a/src/man/ca/include/krb5_options.xml b/src/man/ca/include/krb5_options.xml new file mode 100644 index 0000000..c26aa7b --- /dev/null +++ b/src/man/ca/include/krb5_options.xml @@ -0,0 +1,153 @@ + + + krb5_auth_timeout (enter) + + + Timeout in seconds after an online authentication request or change password +request is aborted. If possible, the authentication request is continued +offline. + + + Per defecte: 6 + + + + + + krb5_validate (booleà) + + + Verify with the help of krb5_keytab that the TGT obtained has not been +spoofed. The keytab is checked for entries sequentially, and the first entry +with a matching realm is used for validation. If no entry matches the realm, +the last entry in the keytab is used. This process can be used to validate +environments using cross-realm trust by placing the appropriate keytab entry +as the last entry or the only entry in the keytab file. + + + Default: false (IPA and AD provider: true) + + + Please note that the ticket validation is the first step when checking the +PAC (see 'pac_check' in the +sssd.conf 5 + manual page for details). If ticket validation is disabled +the PAC checks will be skipped as well. + + + + + + krb5_renewable_lifetime (cadena) + + + Request a renewable ticket with a total lifetime, given as an integer +immediately followed by a time unit: + + + s per segons + + + m per minuts + + + h per hores + + + d per dies. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + Default: not set, i.e. the TGT is not renewable + + + + + + krb5_lifetime (cadena) + + + Request ticket with a lifetime, given as an integer immediately followed by +a time unit: + + + s per segons + + + m per minuts + + + h per hores + + + d per dies. + + + If there is no unit given s is assumed. + + + NOTE: It is not possible to mix units. To set the lifetime to one and a +half hours please use '90m' instead of '1h30m'. + + + Default: not set, i.e. the default ticket lifetime configured on the KDC. + + + + + + krb5_renew_interval (cadena) + + + The time in seconds between two checks if the TGT should be renewed. TGTs +are renewed if about half of their lifetime is exceeded, given as an integer +immediately followed by a time unit: + + + s per segons + + + m per minuts + + + h per hores + + + d per dies. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + If this option is not set or is 0 the automatic renewal is disabled. + + + Per defecte: sense establir + + + + + + krb5_canonicalize (booleà) + + + Specifies if the host and user principal should be canonicalized. This +feature is available with MIT Kerberos 1.7 and later versions. + + + + Per defecte: false + + + + diff --git a/src/man/ca/include/ldap_id_mapping.xml b/src/man/ca/include/ldap_id_mapping.xml new file mode 100644 index 0000000..9ee509a --- /dev/null +++ b/src/man/ca/include/ldap_id_mapping.xml @@ -0,0 +1,284 @@ + + ID MAPPING + + The ID-mapping feature allows SSSD to act as a client of Active Directory +without requiring administrators to extend user attributes to support POSIX +attributes for user and group identifiers. + + + NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are +ignored. This is to avoid the possibility of conflicts between +automatically-assigned and manually-assigned values. If you need to use +manually-assigned values, ALL values must be manually-assigned. + + + Please note that changing the ID mapping related configuration options will +cause user and group IDs to change. At the moment, SSSD does not support +changing IDs, so the SSSD database must be removed. Because cached passwords +are also stored in the database, removing the database should only be +performed while the authentication servers are reachable, otherwise users +might get locked out. In order to cache the password, an authentication must +be performed. It is not sufficient to use +sss_cache 8 + to remove the database, rather the process consists of: + + + + Making sure the remote servers are reachable + + + + + Stopping the SSSD service + + + + + Removing the database + + + + + Starting the SSSD service + + + + Moreover, as the change of IDs might necessitate the adjustment of other +system properties such as file and directory ownership, it's advisable to +plan ahead and test the ID mapping configuration thoroughly. + + + + Mapping Algorithm + + Active Directory provides an objectSID for every user and group object in +the directory. This objectSID can be broken up into components that +represent the Active Directory domain identity and the relative identifier +(RID) of the user or group object. + + + The SSSD ID-mapping algorithm takes a range of available UIDs and divides it +into equally-sized component sections - called "slices"-. Each slice +represents the space available to an Active Directory domain. + + + When a user or group entry for a particular domain is encountered for the +first time, the SSSD allocates one of the available slices for that +domain. In order to make this slice-assignment repeatable on different +client machines, we select the slice based on the following algorithm: + + + The SID string is passed through the murmurhash3 algorithm to convert it to +a 32-bit hashed value. We then take the modulus of this value with the total +number of available slices to pick the slice. + + + NOTE: It is possible to encounter collisions in the hash and subsequent +modulus. In these situations, we will select the next available slice, but +it may not be possible to reproduce the same exact set of slices on other +machines (since the order that they are encountered will determine their +slice). In this situation, it is recommended to either switch to using +explicit POSIX attributes in Active Directory (disabling ID-mapping) or +configure a default domain to guarantee that at least one is always +consistent. See Configuration for details. + + + + + Configuració + + Minimum configuration (in the [domain/DOMAINNAME] section): + + + +ldap_id_mapping = True +ldap_schema = ad + + + + The default configuration results in configuring 10,000 slices, each capable +of holding up to 200,000 IDs, starting from 200,000 and going up to +2,000,200,000. This should be sufficient for most deployments. + + + Advanced Configuration + + + ldap_idmap_range_min (enter) + + + Specifies the lower (inclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +can be used for the mapping. + + + NOTE: This option is different from min_id in that +min_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +min_id be less-than or equal to +ldap_idmap_range_min + + + Per defecte: 200000 + + + + + ldap_idmap_range_max (enter) + + + Specifies the upper (exclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +cannot be used for the mapping anymore, i.e. one larger than the last one +which can be used for the mapping. + + + NOTE: This option is different from max_id in that +max_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +max_id be greater-than or equal to +ldap_idmap_range_max + + + Per defecte: 2000200000 + + + + + ldap_idmap_range_size (enter) + + + Specifies the number of IDs available for each slice. If the range size +does not divide evenly into the min and max values, it will create as many +complete slices as it can. + + + NOTE: The value of this option must be at least as large as the highest user +RID planned for use on the Active Directory server. User lookups and login +will fail for any user whose RID is greater than this value. + + + For example, if your most recently-added Active Directory user has +objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, +ldap_idmap_range_size must be at least 1108 as range size is +equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1). + + + It is important to plan ahead for future expansion, as changing this value +will result in changing all of the ID mappings on the system, leading to +users with different local IDs than they previously had. + + + Per defecte: 200000 + + + + + ldap_idmap_default_domain_sid (cadena) + + + Specify the domain SID of the default domain. This will guarantee that this +domain will always be assigned to slice zero in the ID map, bypassing the +murmurhash algorithm described above. + + + Per defecte: sense establir + + + + + ldap_idmap_default_domain (cadena) + + + Specify the name of the default domain. + + + Per defecte: sense establir + + + + + ldap_idmap_autorid_compat (booleà) + + + Changes the behavior of the ID-mapping algorithm to behave more similarly to +winbind's idmap_autorid algorithm. + + + When this option is configured, domains will be allocated starting with +slice zero and increasing monotonically with each additional domain. + + + NOTE: This algorithm is non-deterministic (it depends on the order that +users and groups are requested). If this mode is required for compatibility +with machines running winbind, it is recommended to also use the +ldap_idmap_default_domain_sid option to guarantee that at +least one domain is consistently allocated to slice zero. + + + Per defecte: False + + + + + ldap_idmap_helper_table_size (integer) + + + Maximal number of secondary slices that is tried when performing mapping +from UNIX id to SID. + + + Note: Additional secondary slices might be generated when SID is being +mapped to UNIX id and RID part of SID is out of range for secondary slices +generated so far. If value of ldap_idmap_helper_table_size is equal to 0 +then no additional secondary slices are generated. + + + Per defecte: 10 + + + + + + + + + Well-Known SIDs + + SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a +special hardcoded meaning. Since the generic users and groups related to +those Well-Known SIDs have no equivalent in a Linux/UNIX environment no +POSIX IDs are available for those objects. + + + The SID name space is organized in authorities which can be seen as +different domains. The authorities for the Well-Known SIDs are + + Null Authority + World Authority + Local Authority + Creator Authority + Mandatory Label Authority + Authentication Authority + NT Authority + Built-in + + The capitalized version of these names are used as domain names when +returning the fully qualified name of a Well-Known SID. + + + Since some utilities allow to modify SID based access control information +with the help of a name instead of using the SID directly SSSD supports to +look up the SID by the name as well. To avoid collisions only the fully +qualified names can be used to look up Well-Known SIDs. As a result the +domain names NULL AUTHORITY, WORLD AUTHORITY, +LOCAL AUTHORITY, CREATOR AUTHORITY, +MANDATORY LABEL AUTHORITY, AUTHENTICATION +AUTHORITY, NT AUTHORITY and BUILTIN +should not be used as domain names in sssd.conf. + + + + diff --git a/src/man/ca/include/ldap_search_bases.xml b/src/man/ca/include/ldap_search_bases.xml new file mode 100644 index 0000000..a97835a --- /dev/null +++ b/src/man/ca/include/ldap_search_bases.xml @@ -0,0 +1,31 @@ + + + An optional base DN, search scope and LDAP filter to restrict LDAP searches +for this attribute type. + + + syntax: +search_base[?scope?[filter][?search_base?scope?[filter]]*] + + + + The scope can be one of "base", "onelevel" or "subtree". The scope functions +as specified in section 4.5.1.2 of http://tools.ietf.org/html/rfc4511 + + + The filter must be a valid LDAP search filter as specified by +http://www.ietf.org/rfc/rfc2254.txt + + + For examples of this syntax, please refer to the +ldap_search_base examples section. + + + Per defecte: el valor de ldap_search_base + + + Please note that specifying scope or filter is not supported for searches +against an Active Directory Server that might yield a large number of +results and trigger the Range Retrieval extension in the response. + + diff --git a/src/man/ca/include/local.xml b/src/man/ca/include/local.xml new file mode 100644 index 0000000..38c058b --- /dev/null +++ b/src/man/ca/include/local.xml @@ -0,0 +1,17 @@ + + EL DOMINI LOCAL + + Per a un funcionament correcte, s'ha de crear un domini amb +id_provider=local i l'SSSD ha d'estar en execució. + + + L'administrador pot ser que vulgui utilitzar els usuaris locals de l'SSSD en +lloc dels usuaris tradicionals d'UNIX en els casos en què es requereixi la +imbricació dels grups (vegeu +sss_groupadd 8 +). Els usuaris locals també són útils per provar i desplegar +l'SSSD sense haver de desplegar tot un servidor remot. Les eines +sss_user* i sss_group* utilitzen +l'emmagatzematge LDB local per emmagatzemar els usuaris i els grups. + + diff --git a/src/man/ca/include/override_homedir.xml b/src/man/ca/include/override_homedir.xml new file mode 100644 index 0000000..858b46f --- /dev/null +++ b/src/man/ca/include/override_homedir.xml @@ -0,0 +1,78 @@ + +override_homedir (cadena) + + + Override the user's home directory. You can either provide an absolute value +or a template. In the template, the following sequences are substituted: + + + %u + nom d'usuari + + + %U + UID number + + + %d + domain name + + + %f + fully qualified user name (user@domain) + + + %l + The first letter of the login name. + + + %P + UPN - User Principal Name (name@REALM) + + + %o + + The original home directory retrieved from the identity provider. + + + + %h + + The original home directory retrieved from the identity provider, but in +lower case. + + + + %H + + The value of configure option homedir_substring. + + + + %% + a literal '%' + + + + + + This option can also be set per-domain. + + + exemple: +override_homedir = /home/%u + + + + Default: Not set (SSSD will use the value retrieved from LDAP) + + + Please note, the home directory from a specific override for the user, +either locally (see +sss_override +8) or centrally managed IPA +id-overrides, has a higher precedence and will be used instead of the value +given by override_homedir. + + + diff --git a/src/man/ca/include/param_help.xml b/src/man/ca/include/param_help.xml new file mode 100644 index 0000000..e7f3253 --- /dev/null +++ b/src/man/ca/include/param_help.xml @@ -0,0 +1,10 @@ + + + , + + + + Mostra el missatge d'ajuda i surt. + + + diff --git a/src/man/ca/include/param_help_py.xml b/src/man/ca/include/param_help_py.xml new file mode 100644 index 0000000..7c6afb5 --- /dev/null +++ b/src/man/ca/include/param_help_py.xml @@ -0,0 +1,10 @@ + + + , + + + + Mostra el missatge d'ajuda i surt. + + + diff --git a/src/man/ca/include/seealso.xml b/src/man/ca/include/seealso.xml new file mode 100644 index 0000000..eb1b27c --- /dev/null +++ b/src/man/ca/include/seealso.xml @@ -0,0 +1,49 @@ + + VEGEU TAMBÉ + + sssd8 +, +sssd.conf5 +, +sssd-ldap5 +, +sssd-ldap-attributes5 +, +sssd-krb55 +, +sssd-simple5 +, +sssd-ipa5 +, +sssd-ad5 +, +sssd-files5 +, +sssd-sudo 5 +, +sssd-session-recording +5 , +sss_cache8 +, +sss_debuglevel8 +, +sss_obfuscate8 +, +sss_seed8 +, +sssd_krb5_locator_plugin8 +, +sss_ssh_authorizedkeys +8 , +sss_ssh_knownhostsproxy +8 , sssd-ifp +5 , +pam_sss8 +. +sss_rpcidmapd 5 + +sssd-systemtap 5 + + + diff --git a/src/man/ca/include/service_discovery.xml b/src/man/ca/include/service_discovery.xml new file mode 100644 index 0000000..032d52c --- /dev/null +++ b/src/man/ca/include/service_discovery.xml @@ -0,0 +1,41 @@ + + SERVICE DISCOVERY + + The service discovery feature allows back ends to automatically find the +appropriate servers to connect to using a special DNS query. This feature is +not supported for backup servers. + + + Configuració + + If no servers are specified, the back end automatically uses service +discovery to try to find a server. Optionally, the user may choose to use +both fixed server addresses and service discovery by inserting a special +keyword, _srv_, in the list of servers. The order of +preference is maintained. This feature is useful if, for example, the user +prefers to use service discovery whenever possible, and fall back to a +specific server when no servers can be discovered using DNS. + + + + El nom del domini + + Please refer to the dns_discovery_domain parameter in the + sssd.conf +5 manual page for more details. + + + + El protocol + + The queries usually specify _tcp as the protocol. Exceptions are documented +in respective option description. + + + + Vegeu també + + For more information on the service discovery mechanism, refer to RFC 2782. + + + diff --git a/src/man/ca/include/upstream.xml b/src/man/ca/include/upstream.xml new file mode 100644 index 0000000..2a4ad16 --- /dev/null +++ b/src/man/ca/include/upstream.xml @@ -0,0 +1,3 @@ + +SSSD The SSSD upstream - +https://github.com/SSSD/sssd/ diff --git a/src/man/ca/sss_obfuscate.8.xml b/src/man/ca/sss_obfuscate.8.xml new file mode 100644 index 0000000..83cc0b0 --- /dev/null +++ b/src/man/ca/sss_obfuscate.8.xml @@ -0,0 +1,98 @@ + + + +Pàgines del manual de l'SSSD + + + + + sss_obfuscate + 8 + + + + sss_obfuscate + ofusca una contrasenya en text clar + + + + +sss_obfuscate +opcions [PASSWORD] + + + + DESCRIPCIÓ + + sss_obfuscate converteix una contrasenya especificada a +un format illegible per als humans i la posa a la secció del domini adequat +del fitxer de configuració de l'SSSD. + + + La contrasenya en text clar es llegeix de l'entrada estàndard o s'introdueix +de forma interactiva. La contrasenya ofuscada es fica al paràmetre +ldap_default_authtok del domini SSSD indicat, i el paràmetre +ldap_default_authtok_type s'estableix a +obfuscated_password. Consulteu +sssd-ldap 5 + per a més detalls sobre aquests paràmetres. + + + Tingueu en compte que ofuscar les contrasenyes no proporciona cap +benefici real de seguretat, ja que un atacant encara podria +extreure la contrasenya amb enginyeria inversa. Es recomana +aferrissadament l'ús de mecanismes d'autenticació +millors com els certificats al cantó del client o el GSSAPI. + + + + + OPCIONS + + + + + , + + + + La contrasenya per ofuscar es llegirà de l'entrada estàndard. + + + + + + , +DOMINI + + + + El domini SSSD on s'utilitza la contrasenya. El nom per defecte és +default. + + + + + + , +FITXER + + + + Llegeix el fitxer de configuració que s'especifica amb el paràmetre +posicional. + + + Per defecte: /etc/sssd/sssd.conf + + + + + + + + + + diff --git a/src/man/ca/sss_rpcidmapd.5.xml b/src/man/ca/sss_rpcidmapd.5.xml new file mode 100644 index 0000000..ea4f529 --- /dev/null +++ b/src/man/ca/sss_rpcidmapd.5.xml @@ -0,0 +1,113 @@ + + + +Pàgines del manual de l'SSSD + + +sss rpc.idmapd plugin +Noam Meltzer +Primary Data Inc. Desenvolupador +(2013-2014) Noam +Meltzer Desenvolupador (2014-) +tsnoam@gmail.com + + + sss_rpcidmapd + 5 + Formats i convencions dels fitxers + + + + sss_rpcidmapd + les directrius de configuració del complement sss per al rpc.idmapd + + + + FITXER DE CONFIGURACIÓ + + El fitxer de configuració rpc.idmapd normalment es troba a +/etc/idmapd.conf. Vegeu +idmapd.conf 5 + per més informació. + + + + + AMPLIACIÓ DE LA CONFIGURACIÓ DE L'SSS + + Habilita el complement SSS + + En la secció [Translation], modifiqueu o establiu l'atribut +Method per abastar sss. + + + + Secció de configuració [sss] + + Per canviar el valor per defecte d'un dels atributs de configuració del +connector de l'sss que es llisten a continuació, +necessitareu crear-li una secció de configuració, anomenada +[sss]. + + + Atributs de configuració + + memcache (booleà) + + + Indica si s'utilitza o no la tècnica d'optimització de la memòria cau. + + + Per defecte: True + + + + + + + + + INTEGRACIÓ DE L'SSSD + + El connector sss requereix que s'habiliti el contestador del +NSS al sssd. + + + L'atribut use_fully_qualified_names ha d'estar habilitat en +tots els dominis (els clients de NFSv4 esperen un FQN per a ser enviats al +cable). + + + + + EXEMPLE + + En el següent exemple es mostra un idmapd.conf mínim que fa ús del connector +sss. +[General] +Verbosity = 2 +# el domini ha de sincronitzar-se entre el servidor i els clients del NFSv4 +# Solaris/Illumos/AIX utilitzen "localdomain" com a predeterminat! +Domain = default + +[Mapping] +Nobody-User = nfsnobody +Nobody-Group = nfsnobody + +[Translation] +Method = sss + + + + + + VEGEU TAMBÉ + + sssd8 +, idmapd.conf +5 + + + + diff --git a/src/man/ca/sss_seed.8.xml b/src/man/ca/sss_seed.8.xml new file mode 100644 index 0000000..b63af2c --- /dev/null +++ b/src/man/ca/sss_seed.8.xml @@ -0,0 +1,169 @@ + + + +Pàgines del manual de l'SSSD + + + + + sss_seed + 8 + + + + sss_seed + implanta la memòria cau de l'SSSD amb un usuari + + + + +sss_seed +opcions -D +DOMINI -n +USUARI + + + + DESCRIPCIÓ + + sss_seed implanta la memòria cau de l'SSSD amb una +entrada d'un usuari i la contrasenya temporal. Si l'entrada d'un usuari ja +està present a la memòria cau de l'SSSD aleshores s'actualitza l'entrada amb +la contrasenya temporal. + + + + + + + OPCIONS + + + + , +DOMINI + + + + Proporciona el nom del domini en el qual l'usuari n'és membre. El domini +també s'utilitza per recuperar la informació de l'usuari. El domini ha +d'estar configurat a l'sssd.conf. S'ha de proporcionar l'opció del +DOMINI. La informació recuperada del domini +anul·la aquella que es proporcioni a les opcions. + + + + + + , +USER + + + + L'entrada del nom d'usuari a crear o modificar a la memòria cau. S'ha de +proporcionar l'opció de l'USUARI. + + + + + + , UID + + + + Estableix l'UID de l'usuari a UID. + + + + + + , GID + + + + Estableix el GID de l'usuari a GID. + + + + + + , +COMMENTARI + + + + Qualsevol cadena de text amb la descripció de l'usuari. Sovint s'utilitza +com a camp per al nom complet de l'usuari. + + + + + + , +DIRECTORI_INICIAL + + + + Establix el directori inicial de l'usuari a +DIRECTORI_INICIAL. + + + + + + , +SHELL + + + + Estableix el shell d'inici de sessió de l'usuari a +SHELL. + + + + + + , + + + + Mode interactiu per a la introducció de la informació de l'usuari. Aquesta +opció només demanà la informació no proporcionada a les opcions o que no es +recuperi del domini. + + + + + + , +FITXER_CONTRASENYA + + + + Especifica el fitxer des d'on llegir la contrasenya de l'usuari. (si no +s'especifica, es demana per la contrasenya) + + + + + + + + + NOTES + + La longitud de la contrasenya (o la mida del fitxer que s'especifica amb +l'opció -p o --password-file) ha de ser més petita o igual que PASS_MAX +bytes (64 bytes en els sistemes que no defineixen globalment el valor de +PASS_MAX). + + + + + + + + + + diff --git a/src/man/ca/sssd-simple.5.xml b/src/man/ca/sssd-simple.5.xml new file mode 100644 index 0000000..8a80d56 --- /dev/null +++ b/src/man/ca/sssd-simple.5.xml @@ -0,0 +1,154 @@ + + + +Pàgines del manual de l'SSSD + + + + + sssd-simple + 5 + Formats i convencions dels fitxers + + + + sssd-simple + el fitxer de configuració per al proveïdor de control d'accés 'simple' de +l'SSSD + + + + DESCRIPCIÓ + + En aquesta pàgina del manual es descriu la configuració del proveïdor de +control d'accés simple per a +sssd +8. Per a una referència detallada de +la sintaxi, aneu a la secció FORMAT DEL FITXER de la pàgina +del manual sssd.conf +5 . + + + El proveïdor d'accés simple concedeix o denega l'accés basat en una llista +d'accés o denegació dels noms dels usuaris o dels noms dels +grups. S'apliquen les regles següents: + + + Si totes les llistes estan buides, es concedeix l'accés + + + + Si es proporciona alguna llista, l'ordre d'avaluació és permissió, +denegació. Això vol dir que qualsevol coincidència amb la regla de denegació +reemplaçarà qualsevol coincidència amb la regla de permissió. + + + + + Si es proporcionen una o ambdues llistes de "permissió", tots els usuaris +són denegats excepte els que apareixen a la llista. + + + + + Si només es proporcionen llistes de "denegació", es concedeix l'accés a tots +els usuaris excepte els que apareixen a la llista. + + + + + + + + OPCIONS DE CONFIGURACIÓ + Per a més informació sobre la configuració d'un domini SSSD, consulteu la +secció SECCIONS DELS DOMINIS de la pàgina del manual + sssd.conf +5 . + + simple_allow_users (cadena) + + + Llista separada per comes dels usuaris a qui se'ls permet iniciar la sessió. + + + + + + simple_deny_users (cadena) + + + Llista separada per comes dels usuaris a qui se'ls denega explícitament +l'accés. + + + + + simple_allow_groups (cadena) + + + Llista separada per comes dels grups a qui se'ls permet iniciar la +sessió. Això s'aplica únicament als grups dins d'aquest domini SSSD. No +s'avaluen els grups locals. + + + + + + simple_deny_groups (cadena) + + + Llista separada per comes dels grups a qui se'ls denega explícitament +l'accés. Això s'aplica únicament als grups dins d'aquest domini SSSD. No +s'avaluen els grups locals. + + + + + + + Specifying no values for any of the lists is equivalent to skipping it +entirely. Beware of this while generating parameters for the simple provider +using automated scripts. + + + Si us plau, tingueu en compte que és un error de configuració si es +defineixen alhora simple_allow_users i simple_deny_users. + + + + + EXEMPLE + + En el següent exemple s'assumeix que l'SSD està configurat correctament i +que exemple.com és un dels dominis de la secció +[sssd]. En aquest exemple es mostren únicament +les opcions específiques del proveïdor d'accés simple. + + + +[domini/exemple.com] +access_provider = simple +simple_allow_users = usuari1, usuari2 + + + + + + NOTES + + La jerarquia completa de la pertinença a un grup es resol abans de la +comprovació de l'accés, de manera que fins i tot els grups imbricats es +poden incloure a les llistes d'accés. Si us plau, tingueu cura que l'opció +ldap_group_nesting_level pot influir amb els resultats i s'ha +d'establir amb un valor suficient. L'opció ( +sssd-ldap5 +). + + + + + + + diff --git a/src/man/cs/include/ad_modified_defaults.xml b/src/man/cs/include/ad_modified_defaults.xml new file mode 100644 index 0000000..0fba2ff --- /dev/null +++ b/src/man/cs/include/ad_modified_defaults.xml @@ -0,0 +1,104 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and AD provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_enterprise_principal = true + + + + + + LDAP Provider + + + + ldap_schema = ad + + + + + ldap_force_upper_case_realm = true + + + + + ldap_id_mapping = true + + + + + ldap_sasl_mech = GSS-SPNEGO + + + + + ldap_referrals = false + + + + + ldap_account_expire_policy = ad + + + + + ldap_use_tokengroups = true + + + + + ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM) + + + The AD provider looks for a different principal than the LDAP provider by +default, because in an Active Directory environment the principals are +divided into two groups - User Principals and Service Principals. Only User +Principal can be used to obtain a TGT and by default, computer object's +principal is constructed from its sAMAccountName and the AD realm. The +well-known host/hostname@REALM principal is a Service Principal and thus +cannot be used to get a TGT with. + + + + + + Nastavení NSS + + + + fallback_homedir = /home/%d/%u + + + The AD provider automatically sets "fallback_homedir = /home/%d/%u" to +provide personal home directories for users without the homeDirectory +attribute. If your AD Domain is properly populated with Posix attributes, +and you want to avoid this fallback behavior, you can explicitly set +"fallback_homedir = %o". + + + Note that the system typically expects a home directory in /home/%u +folder. If you decide to use a different directory structure, some other +parts of your system may need adjustments. + + + For example automated creation of home directories in combination with +selinux requires selinux adjustment, otherwise the home directory will be +created with wrong selinux context. + + + + + diff --git a/src/man/cs/include/autofs_attributes.xml b/src/man/cs/include/autofs_attributes.xml new file mode 100644 index 0000000..8016b31 --- /dev/null +++ b/src/man/cs/include/autofs_attributes.xml @@ -0,0 +1,66 @@ + + + ldap_autofs_map_object_class (string) + + + The object class of an automount map entry in LDAP. + + + Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap + + + + + + ldap_autofs_map_name (string) + + + The name of an automount map entry in LDAP. + + + Default: nisMapName (rfc2307, autofs_provider=ad), otherwise +automountMapName + + + + + + ldap_autofs_entry_object_class (string) + + + The object class of an automount entry in LDAP. The entry usually +corresponds to a mount point. + + + Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount + + + + + + ldap_autofs_entry_key (string) + + + The key of an automount entry in LDAP. The entry usually corresponds to a +mount point. + + + Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey + + + + + + ldap_autofs_entry_value (string) + + + The key of an automount entry in LDAP. The entry usually corresponds to a +mount point. + + + Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise +automountInformation + + + + diff --git a/src/man/cs/include/autofs_restart.xml b/src/man/cs/include/autofs_restart.xml new file mode 100644 index 0000000..f31efe5 --- /dev/null +++ b/src/man/cs/include/autofs_restart.xml @@ -0,0 +1,5 @@ + + Please note that the automounter only reads the master map on startup, so if +any autofs-related changes are made to the sssd.conf, you typically also +need to restart the automounter daemon after restarting the SSSD. + diff --git a/src/man/cs/include/debug_levels.xml b/src/man/cs/include/debug_levels.xml new file mode 100644 index 0000000..1f51573 --- /dev/null +++ b/src/man/cs/include/debug_levels.xml @@ -0,0 +1,97 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Please note that each SSSD service logs into its own log file. Also please +note that enabling debug_level in the [sssd] +section only enables debugging just for the sssd process itself, not for the +responder or provider processes. The debug_level parameter +should be added to all sections that you wish to produce debug logs from. + + + In addition to changing the log level in the config file using the +debug_level parameter, which is persistent, but requires SSSD +restart, it is also possible to change the debug level on the fly using the + sss_debuglevel +8 tool. + + + Currently supported debug levels: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 9, 0x20000: Performance and +statistical data, please note that due to the way requests are processed +internally the logged execution time of a request might be longer than it +actually was. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Example: To log fatal failures, critical failures, +serious failures and function data use 0x0270. + + + Example: To log fatal failures, configuration settings, +function data, trace messages for internal control functions use 0x1310. + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/cs/include/debug_levels_tools.xml b/src/man/cs/include/debug_levels_tools.xml new file mode 100644 index 0000000..23f2f89 --- /dev/null +++ b/src/man/cs/include/debug_levels_tools.xml @@ -0,0 +1,77 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Currently supported debug levels: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Example: To log fatal failures, critical failures, +serious failures and function data use 0x0270. + + + Example: To log fatal failures, configuration settings, +function data, trace messages for internal control functions use 0x1310. + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/cs/include/failover.xml b/src/man/cs/include/failover.xml new file mode 100644 index 0000000..2a799b2 --- /dev/null +++ b/src/man/cs/include/failover.xml @@ -0,0 +1,120 @@ + + FAILOVER + + The failover feature allows back ends to automatically switch to a different +server if the current server fails. + + + Failover Syntax + + The list of servers is given as a comma-separated list; any number of spaces +is allowed around the comma. The servers are listed in order of +preference. The list can contain any number of servers. + + + For each failover-enabled config option, two variants exist: +primary and backup. The idea is +that servers in the primary list are preferred and backup servers are only +searched if no primary servers can be reached. If a backup server is +selected, a timeout of 31 seconds is set. After this timeout SSSD will +periodically try to reconnect to one of the primary servers. If it succeeds, +it will replace the current active (backup) server. + + + + The Failover Mechanism + + The failover mechanism distinguishes between a machine and a service. The +back end first tries to resolve the hostname of a given machine; if this +resolution attempt fails, the machine is considered offline. No further +attempts are made to connect to this machine for any other service. If the +resolution attempt succeeds, the back end tries to connect to a service on +this machine. If the service connection attempt fails, then only this +particular service is considered offline and the back end automatically +switches over to the next service. The machine is still considered online +and might still be tried for another service. + + + Further connection attempts are made to machines or services marked as +offline after a specified period of time; this is currently hard coded to 30 +seconds. + + + If there are no more machines to try, the back end as a whole switches to +offline mode, and then attempts to reconnect every 30 seconds. + + + + Failover time outs and tuning + + Resolving a server to connect to can be as simple as running a single DNS +query or can involve several steps, such as finding the correct site or +trying out multiple host names in case some of the configured servers are +not reachable. The more complex scenarios can take some time and SSSD needs +to balance between providing enough time to finish the resolution process +but on the other hand, not trying for too long before falling back to +offline mode. If the SSSD debug logs show that the server resolution is +timing out before a live server is contacted, you can consider changing the +time outs. + + + This section lists the available tunables. Please refer to their description +in the +sssd.conf5 +, manual page. + + + dns_resolver_server_timeout + + + + Time in milliseconds that sets how long would SSSD talk to a single DNS +server before trying next one. + + + Default: 1000 + + + + + + dns_resolver_op_timeout + + + + Time in seconds to tell how long would SSSD try to resolve single DNS query +(e.g. resolution of a hostname or an SRV record) before trying the next +hostname or discovery domain. + + + Výchozí: 3 + + + + + + dns_resolver_timeout + + + + How long would SSSD try to resolve a failover service. This service +resolution internally might include several steps, such as resolving DNS SRV +queries or locating the site. + + + Default: 6 + + + + + + + For LDAP-based providers, the resolve operation is performed as part of an +LDAP connection operation. Therefore, also the +ldap_opt_timeout timeout should be set to a larger value than +dns_resolver_timeout which in turn should be set to a larger +value than dns_resolver_op_timeout which should be larger +than dns_resolver_server_timeout. + + + diff --git a/src/man/cs/include/homedir_substring.xml b/src/man/cs/include/homedir_substring.xml new file mode 100644 index 0000000..d7533de --- /dev/null +++ b/src/man/cs/include/homedir_substring.xml @@ -0,0 +1,17 @@ + + homedir_substring (string) + + + The value of this option will be used in the expansion of the +override_homedir option if the template contains the +format string %H. An LDAP directory entry can directly +contain this template so that this option can be used to expand the home +directory path for each client machine (or operating system). It can be set +per-domain or globally in the [nss] section. A value specified in a domain +section will override one set in the [nss] section. + + + Default: /home + + + diff --git a/src/man/cs/include/ipa_modified_defaults.xml b/src/man/cs/include/ipa_modified_defaults.xml new file mode 100644 index 0000000..4bbcf5a --- /dev/null +++ b/src/man/cs/include/ipa_modified_defaults.xml @@ -0,0 +1,123 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and IPA provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_fast = try + + + + + krb5_canonicalize = true + + + + + + LDAP poskytovatel – obecné + + + + ldap_schema = ipa_v1 + + + + + ldap_force_upper_case_realm = true + + + + + ldap_sasl_mech = GSSAPI + + + + + ldap_sasl_minssf = 56 + + + + + ldap_account_expire_policy = ipa + + + + + ldap_use_tokengroups = true + + + + + + LDAP Provider - User options + + + + ldap_user_member_of = memberOf + + + + + ldap_user_uuid = ipaUniqueID + + + + + ldap_user_ssh_public_key = ipaSshPubKey + + + + + ldap_user_auth_type = ipaUserAuthType + + + + + + LDAP Provider - Group options + + + + ldap_group_object_class = ipaUserGroup + + + + + ldap_group_object_class_alt = posixGroup + + + + + ldap_group_member = member + + + + + ldap_group_uuid = ipaUniqueID + + + + + ldap_group_objectsid = ipaNTSecurityIdentifier + + + + + ldap_group_external_member = ipaExternalMember + + + + + diff --git a/src/man/cs/include/krb5_options.xml b/src/man/cs/include/krb5_options.xml new file mode 100644 index 0000000..0e0e1fa --- /dev/null +++ b/src/man/cs/include/krb5_options.xml @@ -0,0 +1,153 @@ + + + krb5_auth_timeout (integer) + + + Timeout in seconds after an online authentication request or change password +request is aborted. If possible, the authentication request is continued +offline. + + + Default: 6 + + + + + + krb5_validate (boolean) + + + Verify with the help of krb5_keytab that the TGT obtained has not been +spoofed. The keytab is checked for entries sequentially, and the first entry +with a matching realm is used for validation. If no entry matches the realm, +the last entry in the keytab is used. This process can be used to validate +environments using cross-realm trust by placing the appropriate keytab entry +as the last entry or the only entry in the keytab file. + + + Default: false (IPA and AD provider: true) + + + Please note that the ticket validation is the first step when checking the +PAC (see 'pac_check' in the +sssd.conf 5 + manual page for details). If ticket validation is disabled +the PAC checks will be skipped as well. + + + + + + krb5_renewable_lifetime (string) + + + Request a renewable ticket with a total lifetime, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + Default: not set, i.e. the TGT is not renewable + + + + + + krb5_lifetime (string) + + + Request ticket with a lifetime, given as an integer immediately followed by +a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given s is assumed. + + + NOTE: It is not possible to mix units. To set the lifetime to one and a +half hours please use '90m' instead of '1h30m'. + + + Default: not set, i.e. the default ticket lifetime configured on the KDC. + + + + + + krb5_renew_interval (string) + + + The time in seconds between two checks if the TGT should be renewed. TGTs +are renewed if about half of their lifetime is exceeded, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + If this option is not set or is 0 the automatic renewal is disabled. + + + Default: not set + + + + + + krb5_canonicalize (boolean) + + + Specifies if the host and user principal should be canonicalized. This +feature is available with MIT Kerberos 1.7 and later versions. + + + + Výchozí: false (nepravda) + + + + diff --git a/src/man/cs/include/ldap_id_mapping.xml b/src/man/cs/include/ldap_id_mapping.xml new file mode 100644 index 0000000..979c825 --- /dev/null +++ b/src/man/cs/include/ldap_id_mapping.xml @@ -0,0 +1,284 @@ + + MAPOVÁNÍ IDENTIFIKÁTORŮ + + The ID-mapping feature allows SSSD to act as a client of Active Directory +without requiring administrators to extend user attributes to support POSIX +attributes for user and group identifiers. + + + NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are +ignored. This is to avoid the possibility of conflicts between +automatically-assigned and manually-assigned values. If you need to use +manually-assigned values, ALL values must be manually-assigned. + + + Please note that changing the ID mapping related configuration options will +cause user and group IDs to change. At the moment, SSSD does not support +changing IDs, so the SSSD database must be removed. Because cached passwords +are also stored in the database, removing the database should only be +performed while the authentication servers are reachable, otherwise users +might get locked out. In order to cache the password, an authentication must +be performed. It is not sufficient to use +sss_cache 8 + to remove the database, rather the process consists of: + + + + Making sure the remote servers are reachable + + + + + Zastavování služby SSSD + + + + + Odebrání databáze + + + + + Spuštění služby SSSD + + + + Moreover, as the change of IDs might necessitate the adjustment of other +system properties such as file and directory ownership, it's advisable to +plan ahead and test the ID mapping configuration thoroughly. + + + + Mapovací algoritmus + + Active Directory provides an objectSID for every user and group object in +the directory. This objectSID can be broken up into components that +represent the Active Directory domain identity and the relative identifier +(RID) of the user or group object. + + + The SSSD ID-mapping algorithm takes a range of available UIDs and divides it +into equally-sized component sections - called "slices"-. Each slice +represents the space available to an Active Directory domain. + + + When a user or group entry for a particular domain is encountered for the +first time, the SSSD allocates one of the available slices for that +domain. In order to make this slice-assignment repeatable on different +client machines, we select the slice based on the following algorithm: + + + The SID string is passed through the murmurhash3 algorithm to convert it to +a 32-bit hashed value. We then take the modulus of this value with the total +number of available slices to pick the slice. + + + NOTE: It is possible to encounter collisions in the hash and subsequent +modulus. In these situations, we will select the next available slice, but +it may not be possible to reproduce the same exact set of slices on other +machines (since the order that they are encountered will determine their +slice). In this situation, it is recommended to either switch to using +explicit POSIX attributes in Active Directory (disabling ID-mapping) or +configure a default domain to guarantee that at least one is always +consistent. See Configuration for details. + + + + + Nastavení + + Minimum configuration (in the [domain/DOMAINNAME] section): + + + +ldap_id_mapping = True +ldap_schema = ad + + + + The default configuration results in configuring 10,000 slices, each capable +of holding up to 200,000 IDs, starting from 200,000 and going up to +2,000,200,000. This should be sufficient for most deployments. + + + Pokročilé nastavení + + + ldap_idmap_range_min (celé číslo) + + + Specifies the lower (inclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +can be used for the mapping. + + + NOTE: This option is different from min_id in that +min_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +min_id be less-than or equal to +ldap_idmap_range_min + + + Výchozí: 200000 + + + + + ldap_idmap_range_max (celé číslo) + + + Specifies the upper (exclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +cannot be used for the mapping anymore, i.e. one larger than the last one +which can be used for the mapping. + + + NOTE: This option is different from max_id in that +max_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +max_id be greater-than or equal to +ldap_idmap_range_max + + + Výchozí: 2000200000 + + + + + ldap_idmap_range_size (celé číslo) + + + Specifies the number of IDs available for each slice. If the range size +does not divide evenly into the min and max values, it will create as many +complete slices as it can. + + + NOTE: The value of this option must be at least as large as the highest user +RID planned for use on the Active Directory server. User lookups and login +will fail for any user whose RID is greater than this value. + + + For example, if your most recently-added Active Directory user has +objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, +ldap_idmap_range_size must be at least 1108 as range size is +equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1). + + + It is important to plan ahead for future expansion, as changing this value +will result in changing all of the ID mappings on the system, leading to +users with different local IDs than they previously had. + + + Výchozí: 200000 + + + + + ldap_idmap_default_domain_sid (řetězec) + + + Specify the domain SID of the default domain. This will guarantee that this +domain will always be assigned to slice zero in the ID map, bypassing the +murmurhash algorithm described above. + + + Default: not set + + + + + ldap_idmap_default_domain (řetězec) + + + Specify the name of the default domain. + + + Default: not set + + + + + ldap_idmap_autorid_compat (boolean) + + + Changes the behavior of the ID-mapping algorithm to behave more similarly to +winbind's idmap_autorid algorithm. + + + When this option is configured, domains will be allocated starting with +slice zero and increasing monotonically with each additional domain. + + + NOTE: This algorithm is non-deterministic (it depends on the order that +users and groups are requested). If this mode is required for compatibility +with machines running winbind, it is recommended to also use the +ldap_idmap_default_domain_sid option to guarantee that at +least one domain is consistently allocated to slice zero. + + + Default: False + + + + + ldap_idmap_helper_table_size (celé číslo) + + + Maximal number of secondary slices that is tried when performing mapping +from UNIX id to SID. + + + Note: Additional secondary slices might be generated when SID is being +mapped to UNIX id and RID part of SID is out of range for secondary slices +generated so far. If value of ldap_idmap_helper_table_size is equal to 0 +then no additional secondary slices are generated. + + + Default: 10 + + + + + + + + + Well-Known SIDs + + SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a +special hardcoded meaning. Since the generic users and groups related to +those Well-Known SIDs have no equivalent in a Linux/UNIX environment no +POSIX IDs are available for those objects. + + + The SID name space is organized in authorities which can be seen as +different domains. The authorities for the Well-Known SIDs are + + Null Authority + World Authority + Local Authority + Creator Authority + Mandatory Label Authority + Authentication Authority + NT Authority + Vestavěné + + The capitalized version of these names are used as domain names when +returning the fully qualified name of a Well-Known SID. + + + Since some utilities allow to modify SID based access control information +with the help of a name instead of using the SID directly SSSD supports to +look up the SID by the name as well. To avoid collisions only the fully +qualified names can be used to look up Well-Known SIDs. As a result the +domain names NULL AUTHORITY, WORLD AUTHORITY, +LOCAL AUTHORITY, CREATOR AUTHORITY, +MANDATORY LABEL AUTHORITY, AUTHENTICATION +AUTHORITY, NT AUTHORITY and BUILTIN +should not be used as domain names in sssd.conf. + + + + diff --git a/src/man/cs/include/ldap_search_bases.xml b/src/man/cs/include/ldap_search_bases.xml new file mode 100644 index 0000000..115f751 --- /dev/null +++ b/src/man/cs/include/ldap_search_bases.xml @@ -0,0 +1,31 @@ + + + An optional base DN, search scope and LDAP filter to restrict LDAP searches +for this attribute type. + + + syntaxe: +search_base[?scope?[filter][?search_base?scope?[filter]]*] + + + + The scope can be one of "base", "onelevel" or "subtree". The scope functions +as specified in section 4.5.1.2 of http://tools.ietf.org/html/rfc4511 + + + The filter must be a valid LDAP search filter as specified by +http://www.ietf.org/rfc/rfc2254.txt + + + For examples of this syntax, please refer to the +ldap_search_base examples section. + + + Default: the value of ldap_search_base + + + Please note that specifying scope or filter is not supported for searches +against an Active Directory Server that might yield a large number of +results and trigger the Range Retrieval extension in the response. + + diff --git a/src/man/cs/include/local.xml b/src/man/cs/include/local.xml new file mode 100644 index 0000000..ce849a3 --- /dev/null +++ b/src/man/cs/include/local.xml @@ -0,0 +1,17 @@ + + THE LOCAL DOMAIN + + In order to function correctly, a domain with +id_provider=local must be created and the SSSD must be +running. + + + The administrator might want to use the SSSD local users instead of +traditional UNIX users in cases where the group nesting (see +sss_groupadd 8 +) is needed. The local users are also useful for testing and +development of the SSSD without having to deploy a full remote server. The +sss_user* and sss_group* tools use a +local LDB storage to store users and groups. + + diff --git a/src/man/cs/include/override_homedir.xml b/src/man/cs/include/override_homedir.xml new file mode 100644 index 0000000..1563f9c --- /dev/null +++ b/src/man/cs/include/override_homedir.xml @@ -0,0 +1,78 @@ + +override_homedir (řetězec) + + + Override the user's home directory. You can either provide an absolute value +or a template. In the template, the following sequences are substituted: + + + %u + login name + + + %U + UID number + + + %d + domain name + + + %f + fully qualified user name (user@domain) + + + %l + The first letter of the login name. + + + %P + UPN - User Principal Name (name@REALM) + + + %o + + The original home directory retrieved from the identity provider. + + + + %h + + The original home directory retrieved from the identity provider, but in +lower case. + + + + %H + + The value of configure option homedir_substring. + + + + %% + a literal '%' + + + + + + This option can also be set per-domain. + + + example: +override_homedir = /home/%u + + + + Default: Not set (SSSD will use the value retrieved from LDAP) + + + Please note, the home directory from a specific override for the user, +either locally (see +sss_override +8) or centrally managed IPA +id-overrides, has a higher precedence and will be used instead of the value +given by override_homedir. + + + diff --git a/src/man/cs/include/param_help.xml b/src/man/cs/include/param_help.xml new file mode 100644 index 0000000..f4bc454 --- /dev/null +++ b/src/man/cs/include/param_help.xml @@ -0,0 +1,10 @@ + + + , + + + + Zobraz nápovědu a ukonči program. + + + diff --git a/src/man/cs/include/param_help_py.xml b/src/man/cs/include/param_help_py.xml new file mode 100644 index 0000000..5dfb644 --- /dev/null +++ b/src/man/cs/include/param_help_py.xml @@ -0,0 +1,10 @@ + + + , + + + + Zobraz nápovědu a ukonči program. + + + diff --git a/src/man/cs/include/seealso.xml b/src/man/cs/include/seealso.xml new file mode 100644 index 0000000..822fc2f --- /dev/null +++ b/src/man/cs/include/seealso.xml @@ -0,0 +1,49 @@ + + VIZ TAKÉ + + sssd8 +, +sssd.conf5 +, +sssd-ldap5 +, +sssd-ldap-attributes5 +, +sssd-krb55 +, +sssd-simple5 +, +sssd-ipa5 +, +sssd-ad5 +, +sssd-files5 +, +sssd-sudo 5 +, +sssd-session-recording +5 , +sss_cache8 +, +sss_debuglevel8 +, +sss_obfuscate8 +, +sss_seed8 +, +sssd_krb5_locator_plugin8 +, +sss_ssh_authorizedkeys +8 , +sss_ssh_knownhostsproxy +8 , sssd-ifp +5 , +pam_sss8 +. +sss_rpcidmapd 5 + +sssd-systemtap 5 + + + diff --git a/src/man/cs/include/service_discovery.xml b/src/man/cs/include/service_discovery.xml new file mode 100644 index 0000000..fee16cd --- /dev/null +++ b/src/man/cs/include/service_discovery.xml @@ -0,0 +1,41 @@ + + OBJEVOVÁNÍ SLUŽBY + + The service discovery feature allows back ends to automatically find the +appropriate servers to connect to using a special DNS query. This feature is +not supported for backup servers. + + + Nastavení + + If no servers are specified, the back end automatically uses service +discovery to try to find a server. Optionally, the user may choose to use +both fixed server addresses and service discovery by inserting a special +keyword, _srv_, in the list of servers. The order of +preference is maintained. This feature is useful if, for example, the user +prefers to use service discovery whenever possible, and fall back to a +specific server when no servers can be discovered using DNS. + + + + Název domény + + Please refer to the dns_discovery_domain parameter in the + sssd.conf +5 manual page for more details. + + + + Protokol + + The queries usually specify _tcp as the protocol. Exceptions are documented +in respective option description. + + + + Viz také + + For more information on the service discovery mechanism, refer to RFC 2782. + + + diff --git a/src/man/cs/include/upstream.xml b/src/man/cs/include/upstream.xml new file mode 100644 index 0000000..2a4ad16 --- /dev/null +++ b/src/man/cs/include/upstream.xml @@ -0,0 +1,3 @@ + +SSSD The SSSD upstream - +https://github.com/SSSD/sssd/ diff --git a/src/man/de/include/ad_modified_defaults.xml b/src/man/de/include/ad_modified_defaults.xml new file mode 100644 index 0000000..6ee0537 --- /dev/null +++ b/src/man/de/include/ad_modified_defaults.xml @@ -0,0 +1,104 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and AD provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_enterprise_principal = true + + + + + + LDAP Provider + + + + ldap_schema = ad + + + + + ldap_force_upper_case_realm = true + + + + + ldap_id_mapping = true + + + + + ldap_sasl_mech = GSS-SPNEGO + + + + + ldap_referrals = false + + + + + ldap_account_expire_policy = ad + + + + + ldap_use_tokengroups = true + + + + + ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM) + + + The AD provider looks for a different principal than the LDAP provider by +default, because in an Active Directory environment the principals are +divided into two groups - User Principals and Service Principals. Only User +Principal can be used to obtain a TGT and by default, computer object's +principal is constructed from its sAMAccountName and the AD realm. The +well-known host/hostname@REALM principal is a Service Principal and thus +cannot be used to get a TGT with. + + + + + + NSS configuration + + + + fallback_homedir = /home/%d/%u + + + The AD provider automatically sets "fallback_homedir = /home/%d/%u" to +provide personal home directories for users without the homeDirectory +attribute. If your AD Domain is properly populated with Posix attributes, +and you want to avoid this fallback behavior, you can explicitly set +"fallback_homedir = %o". + + + Note that the system typically expects a home directory in /home/%u +folder. If you decide to use a different directory structure, some other +parts of your system may need adjustments. + + + For example automated creation of home directories in combination with +selinux requires selinux adjustment, otherwise the home directory will be +created with wrong selinux context. + + + + + diff --git a/src/man/de/include/autofs_attributes.xml b/src/man/de/include/autofs_attributes.xml new file mode 100644 index 0000000..179f7fe --- /dev/null +++ b/src/man/de/include/autofs_attributes.xml @@ -0,0 +1,66 @@ + + + ldap_autofs_map_object_class (Zeichenkette) + + + die Objektklasse eines Automount-Abbildungseintrags in LDAP + + + Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap + + + + + + ldap_autofs_map_name (Zeichenkette) + + + der Name eines Automount-Abbildungseintrags in LDAP + + + Default: nisMapName (rfc2307, autofs_provider=ad), otherwise +automountMapName + + + + + + ldap_autofs_entry_object_class (Zeichenkette) + + + The object class of an automount entry in LDAP. The entry usually +corresponds to a mount point. + + + Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount + + + + + + ldap_autofs_entry_key (Zeichenkette) + + + der Schlüssel eines Automount-Eintrags in LDAP. Normalerweise entspricht der +Eintrag einem Einhängepunkt. + + + Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey + + + + + + ldap_autofs_entry_value (Zeichenkette) + + + der Schlüssel eines Automount-Eintrags in LDAP. Normalerweise entspricht der +Eintrag einem Einhängepunkt. + + + Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise +automountInformation + + + + diff --git a/src/man/de/include/autofs_restart.xml b/src/man/de/include/autofs_restart.xml new file mode 100644 index 0000000..bcc6868 --- /dev/null +++ b/src/man/de/include/autofs_restart.xml @@ -0,0 +1,6 @@ + + Bitte beachten Sie, dass der Automounter beim Start nur die Master-Abbildung +liest. Daher müssen Sie normalerweise, falls irgendwelche zu Autofs +gehörigen Änderungen in der »sssd.conf« vorgenommen wurden, den +Automounter-Daemon nach dem SSSD-Neustart ebenfalls neu starten. + diff --git a/src/man/de/include/debug_levels.xml b/src/man/de/include/debug_levels.xml new file mode 100644 index 0000000..8ed308b --- /dev/null +++ b/src/man/de/include/debug_levels.xml @@ -0,0 +1,100 @@ + + + SSSD unterstützt zwei Darstellungsmodi für die Angabe der Debug-Stufe. Die +einfachste ist die Angabe eines Dezimalwerts von 0 bis 9, welche die +Aktivierung der Meldungen der entsprechenden Stufe und aller niederer Stufen +bewirkt. Eine umfassendere Option ist die Angabe einer hexadezimalen +Bitmaske, um spezifische Stufen zu aktivieren oder zu deaktivieren (wenn Sie +beispielsweise eine Stufe unterdrücken wollen). + + + Please note that each SSSD service logs into its own log file. Also please +note that enabling debug_level in the [sssd] +section only enables debugging just for the sssd process itself, not for the +responder or provider processes. The debug_level parameter +should be added to all sections that you wish to produce debug logs from. + + + In addition to changing the log level in the config file using the +debug_level parameter, which is persistent, but requires SSSD +restart, it is also possible to change the debug level on the fly using the + sss_debuglevel +8 tool. + + + derzeit unterstützte Debug-Stufen: + + + 0, 0x0010: Schwerwiegende +Fehler. Alles was SSSD am Start hindern oder es beenden könnte. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Ernsthafte Fehler. Dies +sind Fehler, bei denen eine bestimmte Anfrage oder Operation fehlgeschlagen +ist. + + + 3, 0x0080: Kleinere Fehler. Dies +sind Fehler, die von geringerer Bedeutung als die fehlgeschlagenen +Operationen in der Stufe 2 sind. + + + 4, 0x0100: +Konfigurationseinstellungen. + + + 5, 0x0200: Funktionsdaten. + + + 6, 0x0400: Meldungen aus der +Verfolgung von Operationsfunktionen. + + + 7, 0x1000: Meldungen aus der +Verfolgung interner Kontrollfunktionen. + + + 8, 0x2000: Inhalte +funktionsinterner Variablen, die von Interesse sein könnten. + + + 9, 0x4000: Verfolgungsmeldungen +extrem niederster Ebene. + + + 9, 0x20000: Performance and +statistical data, please note that due to the way requests are processed +internally the logged execution time of a request might be longer than it +actually was. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + Um die Debug-Stufen nach Bitmaske zu protokollieren, fügen Sie deren Nummern +hinzu, wie in den folgenden Beispielen gezeigt: + + + Beispiel: Um fatale, kritische, schwerwiegende Fehler +und Funktionsdaten zu protokollieren, benutzen Sie 0x0270. + + + Beispiel: Um fatale Fehler, +Konfigurationseinstellungen, Funktionsdaten und Verfolgungsnachrichten für +interne Steuerfunktionen zu protokollieren, benutzen Sie 0x1310. + + + Hinweis: Das Bitmasken-Format der Debug-Level wurde in +1.7.0 eingeführt. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/de/include/debug_levels_tools.xml b/src/man/de/include/debug_levels_tools.xml new file mode 100644 index 0000000..db3b9d4 --- /dev/null +++ b/src/man/de/include/debug_levels_tools.xml @@ -0,0 +1,80 @@ + + + SSSD unterstützt zwei Darstellungsmodi für die Angabe der Debug-Stufe. Die +einfachste ist die Angabe eines Dezimalwerts von 0 bis 9, welche die +Aktivierung der Meldungen der entsprechenden Stufe und aller niederer Stufen +bewirkt. Eine umfassendere Option ist die Angabe einer hexadezimalen +Bitmaske, um spezifische Stufen zu aktivieren oder zu deaktivieren (wenn Sie +beispielsweise eine Stufe unterdrücken wollen). + + + derzeit unterstützte Debug-Stufen: + + + 0, 0x0010: Schwerwiegende +Fehler. Alles was SSSD am Start hindern oder es beenden könnte. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Ernsthafte Fehler. Dies +sind Fehler, bei denen eine bestimmte Anfrage oder Operation fehlgeschlagen +ist. + + + 3, 0x0080: Kleinere Fehler. Dies +sind Fehler, die von geringerer Bedeutung als die fehlgeschlagenen +Operationen in der Stufe 2 sind. + + + 4, 0x0100: +Konfigurationseinstellungen. + + + 5, 0x0200: Funktionsdaten. + + + 6, 0x0400: Meldungen aus der +Verfolgung von Operationsfunktionen. + + + 7, 0x1000: Meldungen aus der +Verfolgung interner Kontrollfunktionen. + + + 8, 0x2000: Inhalte +funktionsinterner Variablen, die von Interesse sein könnten. + + + 9, 0x4000: Verfolgungsmeldungen +extrem niederster Ebene. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + Um die Debug-Stufen nach Bitmaske zu protokollieren, fügen Sie deren Nummern +hinzu, wie in den folgenden Beispielen gezeigt: + + + Beispiel: Um fatale, kritische, schwerwiegende Fehler +und Funktionsdaten zu protokollieren, benutzen Sie 0x0270. + + + Beispiel: Um fatale Fehler, +Konfigurationseinstellungen, Funktionsdaten und Verfolgungsnachrichten für +interne Steuerfunktionen zu protokollieren, benutzen Sie 0x1310. + + + Hinweis: Das Bitmasken-Format der Debug-Level wurde in +1.7.0 eingeführt. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/de/include/failover.xml b/src/man/de/include/failover.xml new file mode 100644 index 0000000..88a73be --- /dev/null +++ b/src/man/de/include/failover.xml @@ -0,0 +1,125 @@ + + AUSFALLSICHERUNG + + Die Ausfallsicherungsfunktionalität ermöglicht es, dass Backends automatisch +auf einen anderen Server wechseln, falls der aktuelle versagt. + + + AUSFALLSICHERUNGSSYNTAX + + Die Server werden als durch Kommata getrennte Liste angegeben. Um das Komma +herum ist eine beliebige Anzahl von Leerzeichen erlaubt. Die Server werden +in Reihenfolge der Bevorzugung aufgeführt. Die Liste kann eine beliebige +Anzahl von Servern enthalten. + + + Von jeder Konfigurationsoption mit aktivierter Ausfallsicherung existieren +zwei Varianten: primary und +backup. Die Idee dahinter ist, dass Server in der Liste +»primary« bevorzugt werden und nur nach »backup«-Servern gesucht wird, falls +kein »primary«-Server erreichbar ist. Falls ein »backup«-Server ausgewählt +wird, wird eine Dauer von 31 Sekunden bis zur Zeitüberschreitung +festgelegt. Nach dieser Zeit wird SSSD periodisch versuchen, sich mit einem +der primären Server zu verbinden. Ist dies erfolgreich, wird es den derzeit +aktiven (»backup«-)Server ersetzen. + + + + Der Ausfallsicherungsmechanismus + + Der Ausfallsicherungsmechanismus unterscheidet zwischen einer Maschine und +einem Dienst. Das Backend versucht zuerst, den Rechnernamen der angegebenen +Maschine aufzulösen. Falls dieser Versuch scheitert, wird davon ausgegangen, +dass die Maschine offline ist und sie auch für keinen anderen Dienst zur +Verfügung steht. Kann der den Namen erfolgreich aufgelöst werden, versucht +das Backend, sich mit einem Dienst auf dieser Maschine zu verbinden. Ist das +nicht möglich, dann wird nur dieser bestimmte Dienst als offline angesehen +und das Backend wechselt automatisch weiter zum nächsten. Die Maschine wird +weiterhin als online betrachtet und kann immer noch für andere Dienste +herangezogen werden. + + + Weitere Verbindungsversuche zu Maschinen oder Diensten, die als offline +gekennzeichnet sind, werden erst nach einer angegebenen Zeitspanne +unternommen. Diese ist derzeit hart auf 30 Sekunden codiert. + + + Falls es weitere Maschinen durchzuprobieren gibt, wechselt das Backend als +Ganzes in den Offline-Modus und versucht dann alle 30 Sekunden, sich erneut +zu verbinden. + + + + Failover time outs and tuning + + Resolving a server to connect to can be as simple as running a single DNS +query or can involve several steps, such as finding the correct site or +trying out multiple host names in case some of the configured servers are +not reachable. The more complex scenarios can take some time and SSSD needs +to balance between providing enough time to finish the resolution process +but on the other hand, not trying for too long before falling back to +offline mode. If the SSSD debug logs show that the server resolution is +timing out before a live server is contacted, you can consider changing the +time outs. + + + This section lists the available tunables. Please refer to their description +in the +sssd.conf5 +, manual page. + + + dns_resolver_server_timeout + + + + Time in milliseconds that sets how long would SSSD talk to a single DNS +server before trying next one. + + + Voreinstellung: 1000 + + + + + + dns_resolver_op_timeout + + + + Time in seconds to tell how long would SSSD try to resolve single DNS query +(e.g. resolution of a hostname or an SRV record) before trying the next +hostname or discovery domain. + + + Voreinstellung: 3 + + + + + + dns_resolver_timeout + + + + How long would SSSD try to resolve a failover service. This service +resolution internally might include several steps, such as resolving DNS SRV +queries or locating the site. + + + Voreinstellung: 6 + + + + + + + For LDAP-based providers, the resolve operation is performed as part of an +LDAP connection operation. Therefore, also the +ldap_opt_timeout timeout should be set to a larger value than +dns_resolver_timeout which in turn should be set to a larger +value than dns_resolver_op_timeout which should be larger +than dns_resolver_server_timeout. + + + diff --git a/src/man/de/include/homedir_substring.xml b/src/man/de/include/homedir_substring.xml new file mode 100644 index 0000000..0b16de4 --- /dev/null +++ b/src/man/de/include/homedir_substring.xml @@ -0,0 +1,18 @@ + + homedir_substring (Zeichenkette) + + + Der Wert dieser Option wird als Auflösung der Option +override_homedir verwendet, falls die Vorlage die +Formatzeichenkette %H enthält. Ein +LDAP-Verzeichniseintrag kann diese Schablone direkt enthalten, so dass diese +Option zum Auflösen des Pfades zum Home-Verzeichnis für jeden Client-Rechner +(oder Betriebssystem) verwendet werden kann. Sie kann pro-Domain oder global +im Abschnitt [nss] gesetzt werden. Ein im Domain-Abschnitt angegebener Wert +setzt jenen im [nss]-Abschnitt außer Kraft. + + + Voreinstellung: /home + + + diff --git a/src/man/de/include/ipa_modified_defaults.xml b/src/man/de/include/ipa_modified_defaults.xml new file mode 100644 index 0000000..4ad4b45 --- /dev/null +++ b/src/man/de/include/ipa_modified_defaults.xml @@ -0,0 +1,123 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and IPA provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_fast = try + + + + + krb5_canonicalize = true + + + + + + LDAP Provider - General + + + + ldap_schema = ipa_v1 + + + + + ldap_force_upper_case_realm = true + + + + + ldap_sasl_mech = GSSAPI + + + + + ldap_sasl_minssf = 56 + + + + + ldap_account_expire_policy = ipa + + + + + ldap_use_tokengroups = true + + + + + + LDAP Provider - User options + + + + ldap_user_member_of = memberOf + + + + + ldap_user_uuid = ipaUniqueID + + + + + ldap_user_ssh_public_key = ipaSshPubKey + + + + + ldap_user_auth_type = ipaUserAuthType + + + + + + LDAP Provider - Group options + + + + ldap_group_object_class = ipaUserGroup + + + + + ldap_group_object_class_alt = posixGroup + + + + + ldap_group_member = member + + + + + ldap_group_uuid = ipaUniqueID + + + + + ldap_group_objectsid = ipaNTSecurityIdentifier + + + + + ldap_group_external_member = ipaExternalMember + + + + + diff --git a/src/man/de/include/krb5_options.xml b/src/man/de/include/krb5_options.xml new file mode 100644 index 0000000..c5533c7 --- /dev/null +++ b/src/man/de/include/krb5_options.xml @@ -0,0 +1,161 @@ + + + krb5_auth_timeout (Ganzzahl) + + + Zeitüberschreitung in Sekunden, nach der eine Online-Anfrage zur +Authentifizierung oder Passwortänderung gescheitert ist. Falls möglich, wird +die Authentifizierung offline fortgesetzt. + + + Voreinstellung: 6 + + + + + + krb5_validate (Boolesch) + + + prüft mit Hilfe von »krb5_keytab«, ob das erhaltene TGT keine Täuschung +ist. Die Einträge der Keytab werden der Reihe nach kontrolliert und der +erste Eintrag mit einem passenden Realm wird für die Überprüfung +benutzt. Falls keine Einträge dem Realm entsprechen, wird der letzte Eintrag +der Keytab verwendet. Dieser Prozess kann zur Überprüfung von Umgebungen +mittels Realm-übergreifendem Vertrauen benutzt werden, indem der +dazugehörige Keytab-Eintrag als letzter oder einziger Eintrag in der +Keytab-Datei abgelegt wird. + + + Default: false (IPA and AD provider: true) + + + Please note that the ticket validation is the first step when checking the +PAC (see 'pac_check' in the +sssd.conf 5 + manual page for details). If ticket validation is disabled +the PAC checks will be skipped as well. + + + + + + krb5_renewable_lifetime (Zeichenkette) + + + fordert ein erneuerbares Ticket mit einer Gesamtlebensdauer an. Es wird als +Ganzzahl, der direkt eine Zeiteinheit folgt, angegeben: + + + s für Sekunden + + + m für Minuten + + + h für Stunden + + + d für Tage + + + Falls keine Einheit angegeben ist, wird s angenommen. + + + HINWEIS: Es ist nicht möglich, Einheiten zu mixen. Um die erneuerbare +Lebensdauer auf eineinhalb Stunden zu setzen, verwenden Sie »90m« statt +»1h30m«. + + + Voreinstellung: nicht gesetzt, d.h. das TGT ist nicht erneuerbar. + + + + + + krb5_lifetime (Zeichenkette) + + + Anforderungsticket mit einer Lebensdauer, angegeben als Ganzzahl, der direkt +eine Zeiteinheit folgt: + + + s für Sekunden + + + m für Minuten + + + h für Stunden + + + d für Tage + + + Falls keine Einheit angegeben ist, wird s angenommen. + + + HINWEIS: Es ist nicht möglich, Einheiten zu mixen. Um die Lebensdauer auf +eineinhalb Stunden zu setzen, verwenden Sie »90m« statt »1h30m«. + + + Voreinstellung: nicht gesetzt, d.h. die Standardlebenszeit des Tickets auf +der Schlüsselverwaltungszentrale (KDC) + + + + + + krb5_renew_interval (Zeichenkette) + + + die Zeit in Sekunden zwischen zwei Prüfungen, ob das TGT erneuert werden +soll. TGTs werden erneuert, wenn ungefähr die Hälfte ihrer Lebensdauer +überschritten ist. Sie wird als Ganzzahl, der unmittelbar eine Zeiteinheit +folgt, angegeben: + + + s für Sekunden + + + m für Minuten + + + h für Stunden + + + d für Tage + + + Falls keine Einheit angegeben ist, wird s angenommen. + + + HINWEIS: Es ist nicht möglich, Einheiten zu mixen. Um die erneuerbare +Lebensdauer auf eineinhalb Stunden zu setzen, verwenden Sie »90m« statt +»1h30m«. + + + Falls diese Option nicht oder auf 0 gesetzt ist, wird die automatische +Erneuerung deaktiviert. + + + Voreinstellung: nicht gesetzt + + + + + + krb5_canonicalize (Boolesch) + + + gibt an, ob der Rechner und User-Principal in die kanonische Form gebracht +werden sollen. Diese Funktionalität ist mit MIT-Kerberos 1.7 und neueren +Versionen verfügbar. + + + + Voreinstellung: »false« + + + + diff --git a/src/man/de/include/ldap_id_mapping.xml b/src/man/de/include/ldap_id_mapping.xml new file mode 100644 index 0000000..e4e5add --- /dev/null +++ b/src/man/de/include/ldap_id_mapping.xml @@ -0,0 +1,294 @@ + + ID-ABBILDUNG + + Die ID-Abbildungsfunktionalität ermöglicht es SSSD, als Client eines Active +Directorys zu agieren, ohne dass Administratoren Benutzerattribute erweitern +müssen, damit POSIX-Attribute für Benutzer- und Gruppenkennzeichner +unterstützt werden. + + + HINWEIS: Wenn ID-Abbildung aktiviert ist, werden die Attribute »uidNumber« +und »gidNumber« ignoriert. Dies geschieht, um mögliche Konflikte zwischen +automatisch und manuell zugewiesenen Werten zu vermeiden. Falls Sie manuell +zugewiesene Werte benutzen müssen, müssen Sie ALLE Werte manuell zuweisen. + + + Bitte beachten Sie, dass die Änderung der die ID-Abbildung betreffenden +Konfigurationsoptionen auch die Änderung der Benutzer- und Gruppen-IDs nach +sich zieht. Momentan unterstützt SSSD die Änderung der IDs nicht, daher muss +die Datenbank entfernt werden. Da auch zwischengespeicherte Passwörter in +der Datenbank enthalten sind, sollte diese nur entfernt werden, während die +Authentifizierungsserver erreichbar sind, anderenfalls könnten Benutzer +ausgesperrt werden. Um das Passwort zwischenzuspeichern, muss eine +Authentifizierung ausgeführt werden. Es reicht nicht aus, +sss_cache 8 + zum Löschen der Datenbank auszuführen, vielmehr sind +folgende Schritte erforderlich: + + + + Stellen Sie sicher, dass entfernte Server erreichbar sind. + + + + + Stoppen Sie den SSSD-Dienst. + + + + + Entfernen Sie die Datenbank. + + + + + Starten Sie den SSSD-Dienst. + + + + Außerdem ist es ratsam, vorauszuplanen und die ID-Abbildung gründlich zu +testen, da die Änderung der IDs Änderungen anderer Systemeigenschaften nach +sich ziehen könnte, wie die Besitzverhältnisse von Dateien und +Verzeichnissen. + + + + Abbildungsalgorithmus + + Active Directory stellt für jedes Benutzer- und Gruppenobjekt im Verzeichnis +eine »objectSID« bereit. Diese »objectSID« kann in Bestandteile zerlegt +werden, die die Active-Directory-Domain-Identität und den relativen +Bezeichner (RID) des Benutzer- oder Gruppenobjekts darstellen. + + + Der ID-Abbildungsalgorithmus von SSSD nimmt einen Bereich verfügbarer UIDs +und teilt sie in gleich große Bestandteile, »Slices« genannt. Jeder Slice +steht für den verfügbaren Speicher einer Active-Directory-Domain. + + + Wenn ein Benutzer- oder Gruppeneintrag für eine bestimmt Domain zum ersten +Mal vorgefunden wird, reserviert der SSSD einen der verfügbaren Slices für +diese Domain. Um eine Slice-Zuteilung auf verschiedenen Client-Maschinen +wiederholbar zu machen, wählen wir den Slice, der auf dem folgenden +Algorithmus basiert: + + + Die Zeichenkette durchläuft den Algorithmus Murmurhash3, um sie in einen +32-Bit-Hash-Wert umzuwandeln. Dann wird der Betrag dieses Werts mit der +Gesamtzahl verfügbarer Slices genommen, um den Slice auszusuchen. + + + HINWEIS: Es ist möglich, dass Kollisionen zwischen dem Hash und +nachfolgenden Beträgen auftreten. In diesen Situationen werden wir den +nächsten verfügbaren Slice auswählen, aber es ist wahrscheinlich nicht +möglich, den genau gleichen Satz von Slices auf anderen Maschinen zu +reproduzieren (da die Reihenfolge, in der sie vorgefunden werden, ihren +Slice bestimmt). In dieser Situtation wird empfohlen, entweder auf die +Verwendung expliziter POSIX-Attribute in Active Directory zu wechseln +(ID-Abbildung deaktivieren) oder eine Standard-Domain zu konfigurieren, um +sicherzustellen, dass wenigstens eine immer beständig ist. Einzelheiten +finden Sie unter »Konfiguration«. + + + + + Konfiguration + + Minimalkonfiguration (im Abschnitt »[domain/DOMAINNAME]«): + + + +ldap_id_mapping = True +ldap_schema = ad + + + + The default configuration results in configuring 10,000 slices, each capable +of holding up to 200,000 IDs, starting from 200,000 and going up to +2,000,200,000. This should be sufficient for most deployments. + + + Fortgeschrittene Konfiguration + + + ldap_idmap_range_min (Ganzzahl) + + + Specifies the lower (inclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +can be used for the mapping. + + + HINWEIS: Diese Option unterscheidet sich von »min_id«, wobei »min_id« als +Filter für die Ausgabe von Anfragen an diese Domain agiert, wohingegen diese +Option den Bereich der ID-Zuweisung steuert. Dies ist ein feiner +Unterschied, aber es wäre ein allgemein guter Ratschlag, dass »min_id« +kleiner oder gleich »ldap_idmap_range_min« sein sollte. + + + Voreinstellung: 200000 + + + + + ldap_idmap_range_max (Ganzzahl) + + + Specifies the upper (exclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +cannot be used for the mapping anymore, i.e. one larger than the last one +which can be used for the mapping. + + + HINWEIS: Diese Option unterscheidet sich von »max_id« wobei »max_id« als +Filter für die Ausgabe von Anfragen an diese Domain agiert, wohingegen diese +Option den Bereich der ID-Zuweisung steuert. Dies ist ein feiner +Unterschied, aber es wäre ein allgemein guter Ratschlag, dass »max_id« +größer oder gleich »ldap_idmap_range_max« sein sollte. + + + Voreinstellung: 2000200000 + + + + + ldap_idmap_range_size (Ganzzahl) + + + gibt die Anzahl der für jeden Slice verfügbaren IDs an. Falls sich die +Bereichsgröße nicht gleichmäßig in die minimalen und maximalen Werte teilen +lässt, werden so viele komplette Slices wie möglich erstellt. + + + HINWEIS: Der Wert dieser Option muss mindestens so groß sein wie die größte +Benutzer-RID, die jemals auf dem Active-Directory-Server verwendet werden +soll. Das Nachschlagen und Anmelden von Benutzern wird scheitern, wenn deren +RIDs größer sind als dieser Wert. + + + For example, if your most recently-added Active Directory user has +objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, +ldap_idmap_range_size must be at least 1108 as range size is +equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1). + + + Es ist wichtig, für spätere Erweiterungen vorauszuplanen, da die Änderung +dieses Wertes zur Änderung aller ID-Abbildungen des Systems führt. Dadurch +können Benutzer andere lokale IDs als vorher haben. + + + Voreinstellung: 200000 + + + + + ldap_idmap_default_domain_sid (Zeichenkette) + + + gibt die Domain-SID der Standard-Domain an. Dies wird sicherstellen, dass +diese Domain immer dem Slice null im ID-Abbild zugeordnet wird. Dabei wird +der oben beschriebene Murmurhash-Algorithmus umgangen. + + + Voreinstellung: nicht gesetzt + + + + + ldap_idmap_default_domain (Zeichenkette) + + + gibt den Namen der Standard-Domain an. + + + Voreinstellung: nicht gesetzt + + + + + ldap_idmap_autorid_compat (Boolesch) + + + ändert das Verhalten des ID-Abbildungsalgorithmus so, dass es dem +Algorithmus »idmap_autorid« von Winbind ähnlicher ist. + + + When this option is configured, domains will be allocated starting with +slice zero and increasing monotonically with each additional domain. + + + HINWEIS: Der Algorithmus ist nicht deterministisch (er hängt von der +Reihenfolge ab, in der Benutzer und Gruppen abgefragt werden). Falls dieser +Modus aus Kompatibilitätsgründen mit Maschinen, die Winbind ausführen, +erforderlich ist, wird empfohlen, auch die Option +»ldap_idmap_default_domain_sid« zu verwenden. Dies soll sicherstellen, dass +mindestens eine Domain beständig für den Slice null reserviert ist. + + + Voreinstellung: False + + + + + ldap_idmap_helper_table_size (integer) + + + Maximal number of secondary slices that is tried when performing mapping +from UNIX id to SID. + + + Note: Additional secondary slices might be generated when SID is being +mapped to UNIX id and RID part of SID is out of range for secondary slices +generated so far. If value of ldap_idmap_helper_table_size is equal to 0 +then no additional secondary slices are generated. + + + Voreinstellung: 10 + + + + + + + + + Bekannte Sicherheits-IDs + + SSSD unterstützt das Nachschlagen der Namen sogenannter bekannter +Sicherheits-IDs, die eine spezielle unveränderliche Bedeutung haben. Da +generische Benutzer und Gruppen, die sich auf diese bekannten SIDs beziehen, +keine Entsprechung in einer Linux/UNIX-Umgebung haben, sind für diese +Objekte keine POSIX-IDs verfügbar. + + + Der SID-Namensraum ist in Autoritäten organisiert, die als unterschiedliche +Domains betrachtet werden können. Die Autoritäten für die bekannten SIDs +sind + + Null-Autorität (Null Authority) + Weltweit anerkannte Autorität (World Authority) + Lokale Autorität (Local Authority) + Ersteller-Autorität (Creator Authority) + Mandatory Label Authority + Authentication Authority + NT-Autorität (NT Authority) + Eingebaut + + Die mit großem Anfangsbuchstaben geschriebenen Versionen dieser Namen werden +als Domainnamen verwendet, wenn der voll qualifizierte Name einer bekannten +Sicherheits-ID zurückgegeben wird. + + + Since some utilities allow to modify SID based access control information +with the help of a name instead of using the SID directly SSSD supports to +look up the SID by the name as well. To avoid collisions only the fully +qualified names can be used to look up Well-Known SIDs. As a result the +domain names NULL AUTHORITY, WORLD AUTHORITY, +LOCAL AUTHORITY, CREATOR AUTHORITY, +MANDATORY LABEL AUTHORITY, AUTHENTICATION +AUTHORITY, NT AUTHORITY and BUILTIN +should not be used as domain names in sssd.conf. + + + + diff --git a/src/man/de/include/ldap_search_bases.xml b/src/man/de/include/ldap_search_bases.xml new file mode 100644 index 0000000..40e2db9 --- /dev/null +++ b/src/man/de/include/ldap_search_bases.xml @@ -0,0 +1,33 @@ + + + ein optionaler Basis-DN, Gültigkeitsbereich für die Suche und LDAP-Filter, +um die LDAP-Suchen für diesen Attributtyp einzuschränken. + + + Syntax: +search_base[?Gültigkeitsbereich?[Filter][?Suchbasis?Gültigkeitsbereich?[Filter]]*] + + + + Der Bereich kann entweder »base«, »onlevel« oder »subtree« sein. Die +Bereiche funktionieren wie im Abschnitt 4.5.1.2 auf +http://tools.ietf.org/html/rfc4511 angegeben. + + + Der Filter muss ein gültiger LDAP-Suchfilter, wie durch +http://www.ietf.org/rfc/rfc2254.txt spezifiziert, sein. + + + Beispiele für diese Syntax finden Sie im Beispielabschnitt von +»ldap_search_base«. + + + Voreinstellung: der Wert von ldap_search_base + + + Bitte beachten Sie, dass die Angabe von Gültigkeitsbereich oder Filter nicht +beim Suchen auf einem Active-Directory-Server unterstützt wird, der +möglicherweise eine große Anzahl an Ergebnissen zurückliefern und in der +Antwort die Erweiterung »Range Retrieval« auslösen könnte. + + diff --git a/src/man/de/include/local.xml b/src/man/de/include/local.xml new file mode 100644 index 0000000..6b9a688 --- /dev/null +++ b/src/man/de/include/local.xml @@ -0,0 +1,18 @@ + + DIE LOKALE DOMAIN + + Für korrektes Funktionieren muss eine Domain mit »id_provider=local« +erstellt sein und SSSD muss laufen. + + + Möglicherweise möchte der Administrator in Fällen, in denen +Gruppenverschachtelung (siehe +sss_groupadd 8 +) benötigt wird, lokale Benutzer anstelle traditioneller +UNIX-Benutzer verwenden. Die lokalen Benutzer sind auch für das Testen und +Entwickeln von SSSD nützlich, ohne dass ein vollständiger ferner Server +bereitgestellt werden muss. Die sss_user*- und +sss_group*-Werkzeuge benutzen einen lokalen LDB-Speicher, +um Benutzer und Gruppen abzulegen. + + diff --git a/src/man/de/include/override_homedir.xml b/src/man/de/include/override_homedir.xml new file mode 100644 index 0000000..ab858d5 --- /dev/null +++ b/src/man/de/include/override_homedir.xml @@ -0,0 +1,79 @@ + +override_homedir (Zeichenkette) + + + setzt das Home-Verzeichnis des Benutzers außer Kraft. Sie können entweder +einen absoluten Wert oder eine Schablone bereitstellen. In der Schablone +werden die folgenden Sequenzen ersetzt: + + %u + Anmeldename + + + %U + UID-Nummer + + + %d + Domain-Name + + + %f + voll qualifizierter Benutzername (Benutzer@Domain) + + + %l + The first letter of the login name. + + + %P + UPN - User Principal Name (name@REALM) + + + %o + + das Original-Home-Verzeichnis, das vom Identitätsanbieter geholt wurde + + + + %h + + The original home directory retrieved from the identity provider, but in +lower case. + + + + %H + + Der Wert der Konfigurationsoption homedir_substring. + + + + %% + ein buchstäbliches »%« + + + + + + Diese Option kann auch pro Domain gesetzt werden. + + + Beispiel: +override_homedir = /home/%u + + + + Voreinstellung: nicht gesetzt (SSSD wird den von LDAP geholten Wert +benutzen) + + + Please note, the home directory from a specific override for the user, +either locally (see +sss_override +8) or centrally managed IPA +id-overrides, has a higher precedence and will be used instead of the value +given by override_homedir. + + + diff --git a/src/man/de/include/param_help.xml b/src/man/de/include/param_help.xml new file mode 100644 index 0000000..d6b147f --- /dev/null +++ b/src/man/de/include/param_help.xml @@ -0,0 +1,10 @@ + + + , + + + + zeigt den Hilfetext und beendet sich. + + + diff --git a/src/man/de/include/param_help_py.xml b/src/man/de/include/param_help_py.xml new file mode 100644 index 0000000..57fd0ef --- /dev/null +++ b/src/man/de/include/param_help_py.xml @@ -0,0 +1,10 @@ + + + , + + + + zeigt den Hilfetext und beendet sich. + + + diff --git a/src/man/de/include/seealso.xml b/src/man/de/include/seealso.xml new file mode 100644 index 0000000..8ffc59f --- /dev/null +++ b/src/man/de/include/seealso.xml @@ -0,0 +1,49 @@ + + SIEHE AUCH + + sssd8 +, +sssd.conf5 +, +sssd-ldap5 +, +sssd-ldap-attributes5 +, +sssd-krb55 +, +sssd-simple5 +, +sssd-ipa5 +, +sssd-ad5 +, +sssd-files5 +, +sssd-sudo 5 +, +sssd-session-recording +5 , +sss_cache8 +, +sss_debuglevel8 +, +sss_obfuscate8 +, +sss_seed8 +, +sssd_krb5_locator_plugin8 +, +sss_ssh_authorizedkeys +8 , +sss_ssh_knownhostsproxy +8 , sssd-ifp +5 , +pam_sss8 +. +sss_rpcidmapd 5 + +sssd-systemtap 5 + + + diff --git a/src/man/de/include/service_discovery.xml b/src/man/de/include/service_discovery.xml new file mode 100644 index 0000000..5a2dbbc --- /dev/null +++ b/src/man/de/include/service_discovery.xml @@ -0,0 +1,43 @@ + + DIENSTSUCHE + + Die Dienstsuchfunktionalität ermöglicht es Backends, automatisch mit Hilfe +einer speziellen DNS-Abfrage geeignete Server zu suchen, mit denen sie sich +verbinden können. Diese Funktionalität wird nicht für Datensicherungs-Server +unterstützt. + + + Konfiguration + + Falls keine Server angegeben wurden, benutzt das Backend die Dienstsuche, um +einen Server zu finden. Wahlweise kann der Benutzer sowohl feste +Server-Adressen als auch die Dienstsuche durch Eingabe des speziellen +Schlüsselworts »_srv_« in der Server-Liste auswählen. Die bevorzugte +Reihenfolge wird verwaltet. Diese Funktionalität ist zum Beispiel nützlich, +falls der Anwender es vorzieht, die Dienstsuche zu verwenden, wann immer +dies möglich ist, und auf einen bestimmten Server zurückzugreifen, wenn +mittels DNS keine Server gefunden werden. + + + + Der Domain-Name + + Weitere Einzelheiten finden Sie in der Handbuchseite +sssd.conf 5 + beim Parameter »dns_discovery_domain«. + + + + Das Protokoll + + Die Abfragen geben als Protokoll üblicherweise »_tcp« an. Ausnahmen sind in +der Beschreibung der entsprechenden Option dokumentiert. + + + + Siehe auch + + Weitere Informationen über den Dienstsuchmechanismus finden Sie in RFC 2782. + + + diff --git a/src/man/de/include/upstream.xml b/src/man/de/include/upstream.xml new file mode 100644 index 0000000..2a4ad16 --- /dev/null +++ b/src/man/de/include/upstream.xml @@ -0,0 +1,3 @@ + +SSSD The SSSD upstream - +https://github.com/SSSD/sssd/ diff --git a/src/man/de/sss_obfuscate.8.xml b/src/man/de/sss_obfuscate.8.xml new file mode 100644 index 0000000..a11a199 --- /dev/null +++ b/src/man/de/sss_obfuscate.8.xml @@ -0,0 +1,97 @@ + + + +SSSD-Handbuchseiten + + + + + sss_obfuscate + 8 + + + + sss_obfuscate + verschleiert ein Klartextpasswort + + + + +sss_obfuscate +Optionen [PASSWORT] + + + + BESCHREIBUNG + + sss_obfuscate wandelt ein angegebenes Passwort in ein von +Menschen nicht lesbares Format um und legt es in einem geeigneten +Domain-Abschnitt der SSSD-Konfigurationsdatei ab. + + + Das Klartextpasswort wird von der Standardeingabe gelesen oder interaktiv +eingegeben. Das verschleierte Passwort wird in den Parameter +»ldap_default_authtok« einer angegebenen SSSD-Domain abgelegt und der +Parameter »ldap_default_authtok_type« wird auf »obfuscated_password« +gesetzt. Weitere Einzelheiten über diese Parameter finden Sie unter + sssd-ldap +5 . + + + Bitte beachten Sie, dass das Verschleiern von Passwörtern keinen +wirklichen Sicherheitsgewinn bietet, da es einem Angreifer immer +noch möglich ist, das Passwort wieder herzuleiten. Es wird +dringend geraten, bessere Authentifizierungsmechanismen +wie Client-seitige Zertifikate oder GSSAPI zu verwenden. + + + + + OPTIONEN + + + + + , + + + + Das Passwort, das verschleiert werden soll, wird von der Standardeingabe +gelesen. + + + + + + , +DOMAIN + + + + die SSSD-Domain, in der das Passwort benutzt wird. Der Standardname ist +»default«. + + + + + + , DATEI + + + + liest die durch den Positionsparameter angegebene Konfigurationsdatei. + + + Voreinstellung: /etc/sssd/sssd.conf + + + + + + + + + + diff --git a/src/man/de/sss_seed.8.xml b/src/man/de/sss_seed.8.xml new file mode 100644 index 0000000..878f6a8 --- /dev/null +++ b/src/man/de/sss_seed.8.xml @@ -0,0 +1,169 @@ + + + +SSSD-Handbuchseiten + + + + + sss_seed + 8 + + + + sss_seed + füllt den SSSD-Zwischenspeicher mit einem Benutzer + + + + +sss_seed +Optionen -D +DOMAIN -n +BENUTZER + + + + BESCHREIBUNG + + sss_seed füllt den SSSD-Zwischenspeicher mit einem +Benutzereintrag und einem temporären Passwort. Falls bereits ein +Benutzereintrag im SSSD-Zwischenspeicher vorhanden ist, wird der Eintrag mit +dem temporären Passwort aktualisiert. + + + + + + + OPTIONEN + + + + , +DOMAIN + + + + stellt den Namen der Doamin bereit, in der der Benutzer Mitglied ist. Die +Domain wird auch zur Abfrage von Benutzerinformationen verwendet. Sie muss +in der »sssd.conf« konfiguriert sein. Die Option +DOMAIN muss bereitgestellt werden. Von der Domain +geholte Informationen setzen das, was in den Optionen bereitgestellt wurde, +außer Kraft. + + + + + + , +BENUTZER + + + + der Benutzername des Eintrags, der im Zwischenspeicher erstellt oder +verändert werden soll. Die Option BENUTZER muss +bereitgestellt werden. + + + + + + , UID + + + + setzt die UID des Benutzers auf UID. + + + + + + , GID + + + + setzt die GID des Benutzers auf GID. + + + + + + , +KOMMENTAR + + + + irgendeine Zeichenkette, die den Benutzer beschreibt. Dieses Feld wird oft +für den vollständigen Namen des Benutzers verwendet. + + + + + + , +HOME_VERZ + + + + setzt das Home-Verzeichnis des Benutzers auf +HOME_VERZ. + + + + + + , +SHELL + + + + setzt die Anmelde-Shell des Benutzers auf SHELL. + + + + + + , + + + + interaktiver Modus zur Eingabe von Benutzerinformationen. Diese Option wird +nur nach Informationen fragen, die nicht von den Optionen bereitgestellt +oder in der Domain geholt werden. + + + + + + , +PASSWORTDATEI + + + + gibt die Datei an, aus der das Passwort des Benutzers gelesen wird (ist es +nicht angegeben, wird nach dem Passwort gefragt). + + + + + + + + + ANMERKUNGEN + + Die Länge des Passworts (oder die Größe der mit der Option -p oder +--password-file angegebenen Datei) muss kleiner oder gleich PASS_MAX Byte +sein (64 Byte auf Systemen ohne global definiertem Wert für PASS_MAX). + + + + + + + + + + diff --git a/src/man/de/sss_ssh_knownhostsproxy.1.xml b/src/man/de/sss_ssh_knownhostsproxy.1.xml new file mode 100644 index 0000000..ea5c8b8 --- /dev/null +++ b/src/man/de/sss_ssh_knownhostsproxy.1.xml @@ -0,0 +1,107 @@ + + + +SSSD-Handbuchseiten + + + + + sss_ssh_knownhostsproxy + 1 + + + + sss_ssh_knownhostsproxy + holt OpenSSH-Rechnerschlüssel + + + + +sss_ssh_knownhostsproxy +Optionen RECHNER PROXY_BEFEHL + + + + BESCHREIBUNG + + sss_ssh_knownhostsproxy acquires SSH host public keys for +host HOST, stores them in a custom OpenSSH +known_hosts file (see the SSH_KNOWN_HOSTS FILE FORMAT section +of sshd +8 for more information) +/var/lib/sss/pubconf/known_hosts and establishes the +connection to the host. + + + Falls ein PROXY_BEFEHL angegeben wurde, wird er +zum Erstellen der Verbindung mit dem Rechner benutzt, anstatt ein Socket zu +öffnen. + + + ssh +1 kann durch Verwendung der folgenden +Richtlinien für die Konfiguration von +ssh +1 so eingerichtet werden, dass es +sss_ssh_knownhostsproxy zur Authentifizierung des +Rechnerschlüssels benutzt: +ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h +GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts + + + + + + OPTIONEN + + + + , PORT + + + + benutzt Port PORT zur Verbindung mit dem +Rechner. Standardmäßig wird Port 22 verwendet. + + + + + + , +DOMAIN + + + + sucht in der SSSD-Domain nach DOMAIN öffentlichen +Schlüsseln für den Rechner. + + + + + + , + + + + Print the host ssh public keys for host HOST. + + + + + + + + + EXIT-STATUS + + Im Erfolgsfall ist der Rückgabewert 0, andernfalls wird 1 zurückgegeben. + + + + + + + diff --git a/src/man/de/sssd-krb5.5.xml b/src/man/de/sssd-krb5.5.xml new file mode 100644 index 0000000..7cf1d1a --- /dev/null +++ b/src/man/de/sssd-krb5.5.xml @@ -0,0 +1,461 @@ + + + +SSSD-Handbuchseiten + + + + + sssd-krb5 + 5 + Dateiformate und Konventionen + + + + sssd-krb5 + SSSD Kerberos-Anbieter + + + + BESCHREIBUNG + + Diese Handbuchseite beschreibt die Konfiguration des +Authentifizierungs-Backends Kerberos 5 für +sssd 8 +. Eine ausführliche Syntax-Referenz finden Sie im Abschnitt +»DATEIFORMAT« der Handbuchseite +sssd.conf 5 +. + + + Das Authentifizierungs-Backend Kerberos 5 enthält Authentifizierungs- und +Chpass-Anbieter. Es muss mit einem Identitätsanbieter verbunden werden, +damit es sauber läuft (zum Beispiel »id_provider = ldap«). Einige vom +Kerberos-5-Authentifizierungs-Backend benötigten Informationen wie der +»Kerberos Principal Name« (UPN) des Benutzers müssen durch den +Identitätsanbieter bereitgestellt werden. Die Konfiguration des +Identitätsanbieters sollte einen Eintrag haben, der den UPN +angibt. Einzelheiten, wie dies konfiguriert wird, finden Sie in der +Handbuchseite des entsprechenden Identitätsanbieters. + + + This backend also provides access control based on the .k5login file in the +home directory of the user. See +k5login5 + for more details. Please note that an empty .k5login file +will deny all access to this user. To activate this feature, use +'access_provider = krb5' in your SSSD configuration. + + + Im Fall, dass UPN nicht im Identitäts-Backend verfügbar ist, wird +sssd mittels des Formats +Benutzername@Krb5_Realm +einen UPN konstruieren. + + + + + + KONFIGURATIONSOPTIONEN + + Falls das Authentifizierungsmodul Krb5 in einer SSSD-Domain benutzt wird, +müssen die folgenden Optionen verwendet werden. Einzelheiten über die +Konfiguration einer SSSD-Domain finden Sie im Abschnitt »DOMAIN-ABSCHNITTE« +der Handbuchseite sssd.conf +5 . + + krb5_server, krb5_backup_server (Zeichenkette) + + + gibt eine durch Kommata getrennte Liste von IP-Adressen oder Rechnernamen +der Kerberos-Server in der Reihenfolge an, in der sich SSSD mit ihnen +verbinden soll. Weitere Informationen über Ausfallsicherung und Redundanz +finden Sie im Abschnitt »AUSFALLSICHERUNG«. An die Adressen oder +Rechnernamen kann eine optionale Portnummer (der ein Doppelpunkt +vorangestellt ist) angehängt werden. Falls dies leer gelassen wurde, wird +die Dienstsuche aktiviert. Weitere Informationen finden Sie im Abschnitt +»DIENSTSUCHE«. + + + Wenn die Dienstsuche für Schlüsselverwaltungszentralen- (KDC) oder +Kpasswd-Server benutzt wird, durchsucht SSSD zuerst die DNS-Einträge, +die_udp als Protokoll angeben. Falls keine gefunden werden, weicht es auf +_tcp aus. + + + Diese Option hieß in früheren Veröffentlichungen von SSSD +»krb5_kdcip«. Obwohl der alte Name einstweilen noch in Erinnerung ist, wird +Anwendern geraten, ihre Konfigurationsdateien auf die Verwendung von +»krb5_server« zu migrieren. + + + + + + krb5_realm (Zeichenkette) + + + der Name des Kerberos-Realms. Diese Option wird benötigt und muss angegeben +werden. + + + + + + krb5_kpasswd, krb5_backup_kpasswd (Zeichenkette) + + + Falls der Dienst zum Ändern von Passwörtern auf der +Schlüsselverwaltungszentrale (KDC) nicht läuft, können hier alternative +Server definiert werden. An die Adressen oder Rechnernamen kann eine +optionale Portnummer (der ein Doppelpunkt vorangestellt ist) angehängt +werden. + + + Weitere Informationen über Ausfallsicherung und Redundanz finden Sie im +Abschnitt »AUSFALLSICHERUNG«. HINWEIS: Selbst wenn es keine weiteren +»kpasswd«-Server mehr auszuprobieren gibt, wird das Backend nicht offline +gehen, da eine Authentifizierung gegen die Schlüsselverwaltungszentrale +(KDC) immer noch möglich ist. + + + Voreinstellung: KDC benutzen + + + + + + krb5_ccachedir (Zeichenkette) + + + Das Verzeichnis zum Ablegen von Anmeldedaten-Zwischenspeichern. Alle +Ersetzungssequenzen von krb5_ccname_template können hier auch verwendet +werden, außer %d und %P. Das Verzeichnis wird als privat angelegt und ist +Eigentum des Benutzers. Die Zugriffsrechte werden auf 0700 gesetzt. + + + Voreinstellung: /tmp + + + + + + krb5_ccname_template (Zeichenkette) + + + Der Ort für die Zwischenspeicherung der Anmeldedaten des Benutzers. Drei +Zwischenspeichertypen werden derzeit unterstützt: FILE, +DIR und KEYRING:persistent. Der +Zwischenspeicher kann entweder als TYP:REST oder +als absoluter Pfad angegeben werden, wobei Letzteres den Typ +FILE beinhaltet. In der Schablone werden die folgenden +Sequenzen ersetzt: + + %u + Anmeldename + + + %U + Anmelde-UID + + + %p + Principal-Name + + + + %r + Realm-Name + + + %h + Home-Verzeichnis + + + + %d + Wert von krb5_ccachedir + + + + + %P + die Prozess-ID des SSSD-Clients + + + + %% + ein buchstäbliches »%« + + + Falls die +Vorlage mit »XXXXXX« endet, wird mkstemp(3) verwendet, um auf sichere Weise +einen eindeutigen Dateinamen zu erzeugen. + + + Wenn der KEYRING-Typ verwendet wird, ist +KEYRING:persistent:%U der einzige unterstützte +Mechanismus. Hierfür wird der Schlüsselbund des Linux-Kernels zum Speichern +der Anmeldedaten getrennt nach Benutzer-IDs verwendet. Dies wird auch +empfohlen, da es die sicherste und vorausberechenbarste Methode ist. + + + Der Vorgabewert für den Anmeldedaten-Zwischenspeicher wird aus dem im +Abschnitt [libdefaults] der Datei krb5.conf enthaltenen Profil der +systemweiten Konfiguration bezogen. Der Name der Option ist +default_ccache_name. Im Abschnitt PARAMETER EXPANSION der Handbuchseite zu +krb5.conf(5) finden Sie zusätzliche Informationen zu dem in krb5.conf +definierten Format. + + + NOTE: Please be aware that libkrb5 ccache expansion template from + krb5.conf +5 uses different expansion sequences +than SSSD. + + + Voreinstellung: (aus libkrb5) + + + + + + krb5_keytab (Zeichenkette) + + + der Speicherort der Keytab, der bei der Überprüfung von Berechtigungen +benutzt wird, die von Schlüsselverwaltungszentralen (KDCs) stammen. + + + Voreinstellung: Keytab des Systems, normalerweise +/etc/krb5.keytab + + + + + + krb5_store_password_if_offline (Boolesch) + + + speichert das Passwort des Benutzers, falls der Anbieter offline ist, und +benutzt es zur Abfrage des TGTs, wenn der Anbieter wieder online geht. + + + HINWEIS: Diese Funktionalität ist nur auf Linux verfügbar. Passwörter, die +auf diese Weise gespeichert wurden, werden im Klartext im Schlüsselbund des +Kernels aufbewahrt. Darauf kann unter Umständen (mit Mühe) durch den +Benutzer Root zugegriffen werden. + + + Voreinstellung: »false« + + + + + + krb5_use_fast (Zeichenkette) + + + Schaltet das flexible Authentifizierungs-Sicherheits-Tunneln (FAST) für die +Vorauthentifizierung von Kerberos ein. Die folgenden Optionen werden +unterstützt: + + + never: FAST wird nie benutzt. Dies ist so, als ob diese +Einstellung gar nicht gemacht würde. + + + try: Es wird versucht, FAST zu benutzen. Falls der +Server kein FAST unterstützt, fährt die Authentifizierung ohne fort. + + + demand: Fragt nach, ob FAST benutzt werden soll. Die +Authentifizierung schlägt fehl, falls der Server kein FAST erfordert. + + + Voreinstellung: nicht gesetzt, d.h. FAST wird nicht benutzt + + + NOTE: a keytab or support for anonymous PKINIT is required to use FAST. + + + HINWEIS: SSSD unterstützt FAST nur mit MIT-Kerberos-Version 1.8 und +neuer. Falls SSSD mit einer älteren Version von MIT-Kerberos benutzt wird, +ist die Verwendung dieser Option ein Konfigurationsfehler. + + + + + + krb5_fast_principal (Zeichenkette) + + + gibt den Server-Principal zur Benutzung von FAST an. + + + + + + krb5_fast_use_anonymous_pkinit (boolean) + + + If set to true try to use anonymous PKINIT instead of a keytab to get the +required credential for FAST. The krb5_fast_principal options is ignored in +this case. + + + Voreinstellung: »false« + + + + + + krb5_use_kdcinfo (Boolesch) + + + gibt an, ob SSSD die Kerberos-Bibliotheken anweisen soll, welcher Realm und +welche Schlüsselverwaltungszentralen (KDCs) benutzt werden sollen. Diese +Option ist standardmäßig eingeschaltet. Falls Sie sie ausschalten, müssen +Sie die Kerberos-Bibliothek mittels der Konfigurationsdatei +krb5.conf +5 einrichten. + + + Weitere Informationen über die Locator-Erweiterung finden Sie auf der +Handbuchseite +sssd_krb5_locator_plugin +8 . + + + Voreinstellung: »true« + + + + + + krb5_kdcinfo_lookahead (string) + + + When krb5_use_kdcinfo is set to true, you can limit the amount of servers +handed to +sssd_krb5_locator_plugin +8 . This might be helpful when there +are too many servers discovered using SRV record. + + + The krb5_kdcinfo_lookahead option contains two numbers separated by a +colon. The first number represents number of primary servers used and the +second number specifies the number of backup servers. + + + For example 10:0 means that up to 10 primary servers +will be handed to +sssd_krb5_locator_plugin +8 but no backup servers. + + + Default: 3:1 + + + + + + krb5_use_enterprise_principal (Boolesch) + + + gibt an, ob der User Principal als Enterprise Principal betrachtet werden +soll. Weitere Informationen über Enterprise Principals finden Sie in +Abschnitt 5 von RFC 6806. + + + + Voreinstellung: falsch (AD-Anbieter: wahr) + + + The IPA provider will set to option to 'true' if it detects that the server +is capable of handling enterprise principals and the option is not set +explicitly in the config file. + + + + + + krb5_use_subdomain_realm (boolean) + + + Specifies to use subdomains realms for the authentication of users from +trusted domains. This option can be set to 'true' if enterprise principals +are used with upnSuffixes which are not known on the parent domain KDCs. If +the option is set to 'true' SSSD will try to send the request directly to a +KDC of the trusted domain the user is coming from. + + + + Voreinstellung: »false« + + + + + + krb5_map_user (string) + + + The list of mappings is given as a comma-separated list of pairs +username:primary where username is a UNIX user +name and primary is a user part of a kerberos principal. This +mapping is used when user is authenticating using auth_provider = +krb5. + + + + Beispiel: +krb5_realm = REALM +krb5_map_user = joe:juser,dick:richard + + + + joe and dick are UNIX user names and +juser and richard are primaries of kerberos +principals. For user joe resp. dick SSSD will +try to kinit as juser@REALM resp. +richard@REALM. + + + + Voreinstellung: nicht gesetzt + + + + + + + + + + + + + + + BEISPIEL + + Das folgende Beispiel geht davon aus, dass SSSD korrekt konfiguriert wurde +und FOO eine der Domains im Abschnitt [sssd] +ist. Dieses Beispiel zeigt nur die Authentifizierung mit Kerberos, sie +umfasst keine Identitätsanbieter. + + + +[domain/FOO] +auth_provider = krb5 +krb5_server = 192.168.1.1 +krb5_realm = EXAMPLE.COM + + + + + + + + diff --git a/src/man/de/sssd-simple.5.xml b/src/man/de/sssd-simple.5.xml new file mode 100644 index 0000000..efb2838 --- /dev/null +++ b/src/man/de/sssd-simple.5.xml @@ -0,0 +1,155 @@ + + + +SSSD-Handbuchseiten + + + + + sssd-simple + 5 + Dateiformate und Konventionen + + + + sssd-simple + die Konfigurationsdatei für den »einfachen« Zugriffssteuerungsanbieter von +SSSD + + + + BESCHREIBUNG + + Diese Handbuchseite beschreibt die Konfiguration des einfachen +Zugriffssteuerungsanbieters für +sssd 8 +. Eine ausführliche Syntax-Referenz finden Sie im Abschnitt +»DATEIFORMAT« der Handbuchseite +sssd.conf 5 +. + + + Der einfache Zugriffsanbieter gewährt oder verweigert den Zugriff auf Basis +einer Zugriffs- oder Verbotsliste von Benutzer- oder Gruppennamen. Es gelten +die folgenden Regeln: + + + Falls alle Listen leer sind, wird Zugriff gewährt. + + + + Falls irgendeine Liste bereitgestellt wird, ist die Reihenfolge der +Auswertung »erlauben,verbieten«. Das heißt, dass eine passende verbietende +Regeln jede passende erlaubende Regel ersetzt. + + + + + Falls eine oder beide »Erlaubnislisten« bereitgestellt werden, ist der +Zugriff allen Benutzern verboten, sofern sie nicht auf der Liste erscheinen. + + + + + Falls nur »Verbotslisten« bereitgestellt werden, wird der Zugriff allen +Benutzern gewährt, sofern sie nicht auf der Liste stehen. + + + + + + + + KONFIGURATIONSOPTIONEN + Einzelheiten über die Konfiguration einer SSSD-Domain finden Sie im +Abschnitt »DOMAIN-ABSCHNITTE« der Handbuchseite +sssd.conf 5 +. + + simple_allow_users (Zeichenkette) + + + Durch Kommata getrennte Liste von Benutzern, die sich anmelden dürfen. + + + + + + simple_deny_users (Zeichenkette) + + + Durch Kommata getrennte Liste von Benutzern, denen der Zugriff explizit +verwehrt wird. + + + + + simple_allow_groups (Zeichenkette) + + + Durch Kommata getrennte Liste von Gruppen, die sich anmelden dürfen. Dies +gilt nur für Gruppen innerhalb dieser SSSD-Domain. Lokale Gruppen werden +nicht ausgewertet. + + + + + + simple_deny_groups (Zeichenkette) + + + Durch Kommata getrennte Liste von Gruppen, denen der Zugriff explizit +verwehrt wird. Dies gilt nur für Gruppen innerhalb dieser +SSSD-Domain. Lokale Gruppen werden nicht ausgewertet. + + + + + + + Keine Werte für eine der Listen anzugeben ist so, als ob sie ganz +übersprungen würde. Hüten Sie sich davor, solange Parameter für den +einfachen Anbieter mittels automatischer Skripte erzeugt werden. + + + Bitte beachten Sie, das es ein Konfigurationsfehler ist, wenn sowohl +»simple_allow_users« als auch »simple_deny_users« definiert sind. + + + + + BEISPIEL + + Das folgende Beispiel geht davon aus, dass SSSD korrekt konfiguriert ist und +example.com eine der im Abschnitt [sssd] +erwähnten Domains ist. Die Beispiele zeigen nur die anbieterspezifischen +Optionen des einfachen Anbieters. + + + +[domain/example.com] +access_provider = simple +simple_allow_users = user1, user2 + + + + + + ANMERKUNGEN + + Die vollständige Hierarchie der Gruppenmitgliedschaft wird aufgelöst, bevor +die Zugriffsprüfung ausgeführt wird. Daher können selbst verschachtelte +Gruppen Teil der Zugriffslisten werden. Bitte beachten Sie, dass die Option +ldap_group_nesting_level die Ergebnisse beeinflussen kann und +daher auf einen ausreichenden Wert gesetzt werden sollte. Siehe +( +sssd-ldap5 +). + + + + + + + diff --git a/src/man/de/sssd-sudo.5.xml b/src/man/de/sssd-sudo.5.xml new file mode 100644 index 0000000..964a73a --- /dev/null +++ b/src/man/de/sssd-sudo.5.xml @@ -0,0 +1,229 @@ + + + +SSSD-Handbuchseiten + + + + + sssd-sudo + 5 + Dateiformate und Konventionen + + + + sssd-sudo + Sudo mit dem SSSD-Backend konfigurieren + + + + BESCHREIBUNG + + Diese Handbuchseite beschreibt, wie +sudo 8 +konfiguriert wird, damit es zusammen mit +sssd 8 +funktioniert und wie SSSD Sudo-Regeln zwischenspeichert. + + + + + Sudo so konfigurieren, dass es mit SSSD zusammenarbeitet + + Um SSSD als eine Quelle von Sudo-Regeln zu aktivieren, fügen Sie dem Eintrag +sudoers in +nsswitch.conf 5 + sss hinzu. + + + Um zum Beispiel Sudo so zu konfigurieren, dass es zuerst die Regeln in der +Standarddatei sudoers +5 nachschlägt (diese sollten Regeln +umfassen, die für lokale Benutzer gelten) und dann die in SSSD, sollte die +Datei »nsswitch.conf« die folgende Zeile enthalten: + + + +sudoers: files sss + + + + Weitere Informationen über die Konfiguration der Suchreihenfolge der +»sudoers« aus der Datei »nsswitch.conf« sowie das LDAP-Schema, das zum +Speichern von Sudo-Regeln im Verzeichnis benutzt wird, können Sie unter + sudoers.ldap +5 finden. + + + Hinweis: Um Netzgruppen oder IPA-Hostgruppen in +sudo-Regeln verwenden zu können, muss +nisdomainname 1 + korrekt auf den entsprechenden NIS-Domainnamen gesetzt +werden. Dieser entspricht dem IPA-Domainnamen, wenn Hostgruppen verwendet +werden. + + + + + SSSD zum Abrufen von Sudo-Regeln konfigurieren + + Alle auf der SSSD-Seite erforderliche Konfiguration ist die Erweiterung der +Liste der Dienste mit "sudo" im Abschnitt [sssd] der +Handbuchseite zu sssd.conf +5 . Um LDAP-Suchvorgänge zu +beschleunigen, können Sie auch die Suchbasis für sudo-Regeln mit der Option +ldap_sudo_search_base festlegen. + + + Das folgende Beispiel zeigt, wie SSSD konfiguriert wird, damit es die +Sudo-Regeln von einem LDAP-Server herunterlädt. + + + +[sssd] +config_file_version = 2 +services = nss, pam, sudo +domains = EXAMPLE + +[domain/EXAMPLE] +id_provider = ldap +sudo_provider = ldap +ldap_uri = ldap://example.com +ldap_sudo_search_base = ou=sudoers,dc=example,dc=com + It's important to note that on platforms where +systemd is supported there's no need to add the "sudo" provider to the list +of services, as it became optional. However, sssd-sudo.socket must be +enabled instead. + + + When SSSD is configured to use IPA as the ID provider, the sudo provider is +automatically enabled. The sudo search base is configured to use the IPA +native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in +sssd.conf, this value will be used instead. The compat tree +(ou=sudoers,$SUFFIX) is no longer required for IPA sudo functionality. + + + + + Der Zwischenspeichermechanismus für Sudo-Regeln + + Die größte Herausforderung bei der Entwicklung von Sudo-Unterstützung in +SSSD war es, sicherzustellen, dass beim Ausführen von Sudo mit SSSD die +Datenquelle dieselbe Benutzererfahrung bereitstellt und so schnell wie Sudo +ist, aber weiterhin so viele aktuelle Regelsätze wie möglich +bereitstellt. Um diesen Anforderungen zu genügen, verwendet SSSD drei Arten +von Aktualisierungen. Sie werden als vollständiges Aktualisieren, kluges +Aktualisieren und Regelaktualisierung bezeichnet. + + + Das kluge Aktualisieren lädt periodisch Regeln +herunter, die neu sind oder seit der letzten Aktualisierung geändert +wurden. Das Hauptziel hierbei ist es, die Datenbank anwachsen zu lassen, +indem nur kleine Erweiterungen abgerufen werden, die keinen großen +Netzwerkverkehr erzeugen. + + + Das vollständige Aktualisieren löscht einfach alle im +Zwischenspeicher abgelegten Regeln und ersetzt sie durch die auf dem Server +gespeicherten Regeln. Dies wird benutzt, um den Zwischenspeicher dadurch +konsistent zu halten, dass jede von Server gelöschte Regel entfernt +wird. Ein vollständiges Aktualisieren kann jedoch eine hohe Last erzeugen +und sollte daher nur gelegentlich abhängig von der Größe und Stabilität der +Sudo-Regeln ausgeführt werden. + + + Die Regelaktualisierung stellt sicher, dass dem +Benutzer nicht mehr Rechte als definiert gewährt werden. Es wird jedesmal +ausgelöst, wenn der Benutzer Sudo ausführt. Regelaktualisierung wird alle +Regeln suchen, die für diesen Benutzer gelten, ihren Ablaufzeitpunkt prüfen +und sie erneut herunterladen, falls sie erloschen sind. Im Fall, dass +irgendwelche der Regeln auf dem Server fehlen, wird SSSD außer der Reihe ein +vollständiges Aktualisieren durchführen, da möglicherweise weitere Regeln +(die für andere Benutzer gelten) gelöscht wurden. + + + SSSD wird, falls aktiviert, nur Regeln speichern, die auf diese Maschine +angewandt werden können. Das bedeutet, Regeln, die einen der folgenden Werte +im Attribut sudoHost enthalten: + + + + + Schlüsselwort ALL + + + + + Platzhalter + + + + + Netzgruppe (in der Form »+Netzgruppe«) + + + + + Rechnername oder voll qualifizierter Domain-Namen dieser Maschine + + + + + eine der IP-Adressen dieser Maschine + + + + + eine der IP-Adressen des Netzwerks (in der Form »Adresse/Maske«) + + + + + Es gibt viele Konfigurationsoptionen, die benutzt werden können, um das +Verhalten anzupassen. Bitte lesen Sie »ldap_sudo_*« in +sssd-ldap 5 + und "sudo_*" in +sssd.conf 5 +. + + + + + Tuning the performance + + SSSD uses different kinds of mechanisms with more or less complex LDAP +filters to keep the cached sudo rules up to date. The default configuration +is set to values that should satisfy most of our users, but the following +paragraphs contain few tips on how to fine- tune the configuration to your +requirements. + + + 1. Index LDAP attributes. Make sure that following LDAP +attributes are indexed: objectClass, cn, entryUSN or modifyTimestamp. + + + 2. Set ldap_sudo_search_base. Set the search base to +the container that holds the sudo rules to limit the scope of the lookup. + + + 3. Set full and smart refresh interval. If your sudo +rules do not change often and you do not require quick update of cached +rules on your clients, you may consider increasing the +ldap_sudo_full_refresh_interval and +ldap_sudo_smart_refresh_interval. You may also consider +disabling the smart refresh by setting +ldap_sudo_smart_refresh_interval = 0. + + + 4. If you have large number of clients, you may consider increasing the +value of ldap_sudo_random_offset to distribute the load +on the server better. + + + + + + + diff --git a/src/man/es/include/ad_modified_defaults.xml b/src/man/es/include/ad_modified_defaults.xml new file mode 100644 index 0000000..6ee0537 --- /dev/null +++ b/src/man/es/include/ad_modified_defaults.xml @@ -0,0 +1,104 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and AD provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_enterprise_principal = true + + + + + + LDAP Provider + + + + ldap_schema = ad + + + + + ldap_force_upper_case_realm = true + + + + + ldap_id_mapping = true + + + + + ldap_sasl_mech = GSS-SPNEGO + + + + + ldap_referrals = false + + + + + ldap_account_expire_policy = ad + + + + + ldap_use_tokengroups = true + + + + + ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM) + + + The AD provider looks for a different principal than the LDAP provider by +default, because in an Active Directory environment the principals are +divided into two groups - User Principals and Service Principals. Only User +Principal can be used to obtain a TGT and by default, computer object's +principal is constructed from its sAMAccountName and the AD realm. The +well-known host/hostname@REALM principal is a Service Principal and thus +cannot be used to get a TGT with. + + + + + + NSS configuration + + + + fallback_homedir = /home/%d/%u + + + The AD provider automatically sets "fallback_homedir = /home/%d/%u" to +provide personal home directories for users without the homeDirectory +attribute. If your AD Domain is properly populated with Posix attributes, +and you want to avoid this fallback behavior, you can explicitly set +"fallback_homedir = %o". + + + Note that the system typically expects a home directory in /home/%u +folder. If you decide to use a different directory structure, some other +parts of your system may need adjustments. + + + For example automated creation of home directories in combination with +selinux requires selinux adjustment, otherwise the home directory will be +created with wrong selinux context. + + + + + diff --git a/src/man/es/include/autofs_attributes.xml b/src/man/es/include/autofs_attributes.xml new file mode 100644 index 0000000..938da2c --- /dev/null +++ b/src/man/es/include/autofs_attributes.xml @@ -0,0 +1,69 @@ + + + ldap_autofs_map_object_class (cadena) + + + El objeto clase de una entrada de mapa de automontaje en LDAP. + + + Predeterminado: nisMap (rfc2307, autofs_provider=ad), de otra manera +automountMap + + + + + + ldap_autofs_map_name (cadena) + + + El nombre de una entrada de mapa de automontaje en LDAP. + + + Predeterminado: nisMapName (rfc2307, autofs_provider=ad), de otra manera +automountMapName + + + + + + ldap_autofs_entry_object_class (cadena) + + + El objeto clase de una entrada de montaje automático en LDAP. La entrada +normalmente corresponde a un punto de montaje. + + + Predeterminado: nisObject (rfc2307, autofs_provider=ad), de otra manera +automount + + + + + + ldap_autofs_entry_key (cadena) + + + La clave de una entrada de automontaje en LDAP. La entrada corresponde +normalmente a un punto de montaje. + + + Predeterminado: cn (rfc2307, autofs_provider=ad), de otra manera +automountKey + + + + + + ldap_autofs_entry_value (cadena) + + + La clave de una entrada de automontaje en LDAP. La entrada corresponde +normalmente a un punto de montaje. + + + Predeterminado: nisMapEntry (rfc2307, autofs_provider=ad), de otra manera +automountInformation + + + + diff --git a/src/man/es/include/autofs_restart.xml b/src/man/es/include/autofs_restart.xml new file mode 100644 index 0000000..1bbd565 --- /dev/null +++ b/src/man/es/include/autofs_restart.xml @@ -0,0 +1,6 @@ + + Por favor advierta que el automontador sólo lee el mapa maestro en el +arranque, se modo que si se hace cualquier cambio relacionado con autofs al +sssd.conf, usted normalmente también necesitará reiniciar el demonio +automontador después de reiniciar el SSSD. + diff --git a/src/man/es/include/debug_levels.xml b/src/man/es/include/debug_levels.xml new file mode 100644 index 0000000..6017b42 --- /dev/null +++ b/src/man/es/include/debug_levels.xml @@ -0,0 +1,98 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Please note that each SSSD service logs into its own log file. Also please +note that enabling debug_level in the [sssd] +section only enables debugging just for the sssd process itself, not for the +responder or provider processes. The debug_level parameter +should be added to all sections that you wish to produce debug logs from. + + + In addition to changing the log level in the config file using the +debug_level parameter, which is persistent, but requires SSSD +restart, it is also possible to change the debug level on the fly using the + sss_debuglevel +8 tool. + + + Niveles de depuración actualmente soportados: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 9, 0x20000: Performance and +statistical data, please note that due to the way requests are processed +internally the logged execution time of a request might be longer than it +actually was. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Ejemplo: Para registrar fallos fatales, críticos y +serios y datos de función use 0x0270. + + + Example: Para registrar fallos fatales, ajustes de +configuración, datos de función, mensajes de traza para funciones de control +interno use 0x1310. + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/es/include/debug_levels_tools.xml b/src/man/es/include/debug_levels_tools.xml new file mode 100644 index 0000000..2fedd2e --- /dev/null +++ b/src/man/es/include/debug_levels_tools.xml @@ -0,0 +1,78 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Niveles de depuración actualmente soportados: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Ejemplo: Para registrar fallos fatales, críticos y +serios y datos de función use 0x0270. + + + Example: Para registrar fallos fatales, ajustes de +configuración, datos de función, mensajes de traza para funciones de control +interno use 0x1310. + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/es/include/failover.xml b/src/man/es/include/failover.xml new file mode 100644 index 0000000..f86e15d --- /dev/null +++ b/src/man/es/include/failover.xml @@ -0,0 +1,131 @@ + + CONMUTACIÓN POR ERROR + + La función conmutación en error permite a los finales conmutar +automáticamente a un servidor diferente si el servidor actual falla. + + + Sintaxis de conmutación por error + + La lista de servidores se da como una lista separada por comas; se permite +cualquier número de espacios a los lados de la coma. Los servidores son +listados en orden de preferencia. La lista puede contener cualquier número +de servidores. + + + For each failover-enabled config option, two variants exist: +primary and backup. The idea is +that servers in the primary list are preferred and backup servers are only +searched if no primary servers can be reached. If a backup server is +selected, a timeout of 31 seconds is set. After this timeout SSSD will +periodically try to reconnect to one of the primary servers. If it succeeds, +it will replace the current active (backup) server. + + + + El mecanismo de conmutación por errorEl mecanismo de failover distingue +entre una máquina y un servicio. El punto final intenta primero resolver el +nombre de host de una máquina dada; si el intento de resolución falla, la +máquina es considerada fuera de línea. No se harán más intentos de conexión +con esta máquina para ningún otro servicio. Si el intento de resolución +tiene éxito, el punto final intenta conectar a un servicio en esa +máquina. Si el intento de conexión al servicio falla, entonces sólo se +considera fuera de línea este servicio concreto y el punto final conmutará +automáticamente sobre el siguientes servicio. La máquina se considera que +sigue en línea y se puede intentar el acceso a otros servicios. + + El mecanismo de conmutación por error distingue entre una máquina y un +servicio. El punto final intenta primero resolver el nombre de host de una +máquina dada; si el intento de resolución falla, la máquina es considerada +fuera de línea. No se harán más intentos de conexión con esta máquina para +ningún otro servicio. Si el intento de resolución tiene éxito, el punto +final intenta conectar a un servicio en esa máquina. Si el intento de +conexión al servicio falla, entonces sólo se considera fuera de línea este +servicio concreto y el punto final conmutará automáticamente sobre el +siguientes servicio. La máquina se considera que sigue en línea y se puede +intentar el acceso a otros servicios. + + + Los intentos de conexión adicionales son hechos a máquinas o servicios +marcaros como fuera de línea después de un período de tiempo especificado; +esto está codificado a fuego actualmente en 30 segundos. + + + Si no hay más máquinas para intentarlo, el punto final al completo conmutará +al modo fuera de línea y después intentará reconectar cada 30 segundo. + + + + Failover time outs and tuning + + Resolving a server to connect to can be as simple as running a single DNS +query or can involve several steps, such as finding the correct site or +trying out multiple host names in case some of the configured servers are +not reachable. The more complex scenarios can take some time and SSSD needs +to balance between providing enough time to finish the resolution process +but on the other hand, not trying for too long before falling back to +offline mode. If the SSSD debug logs show that the server resolution is +timing out before a live server is contacted, you can consider changing the +time outs. + + + This section lists the available tunables. Please refer to their description +in the +sssd.conf5 +, manual page. + + + dns_resolver_server_timeout + + + + Time in milliseconds that sets how long would SSSD talk to a single DNS +server before trying next one. + + + Predeterminado: 1000 + + + + + + dns_resolver_op_timeout + + + + Time in seconds to tell how long would SSSD try to resolve single DNS query +(e.g. resolution of a hostname or an SRV record) before trying the next +hostname or discovery domain. + + + Predeterminado: 3 + + + + + + dns_resolver_timeout + + + + How long would SSSD try to resolve a failover service. This service +resolution internally might include several steps, such as resolving DNS SRV +queries or locating the site. + + + Predeterminado: 6 + + + + + + + For LDAP-based providers, the resolve operation is performed as part of an +LDAP connection operation. Therefore, also the +ldap_opt_timeout timeout should be set to a larger value than +dns_resolver_timeout which in turn should be set to a larger +value than dns_resolver_op_timeout which should be larger +than dns_resolver_server_timeout. + + + diff --git a/src/man/es/include/homedir_substring.xml b/src/man/es/include/homedir_substring.xml new file mode 100644 index 0000000..d7533de --- /dev/null +++ b/src/man/es/include/homedir_substring.xml @@ -0,0 +1,17 @@ + + homedir_substring (string) + + + The value of this option will be used in the expansion of the +override_homedir option if the template contains the +format string %H. An LDAP directory entry can directly +contain this template so that this option can be used to expand the home +directory path for each client machine (or operating system). It can be set +per-domain or globally in the [nss] section. A value specified in a domain +section will override one set in the [nss] section. + + + Default: /home + + + diff --git a/src/man/es/include/ipa_modified_defaults.xml b/src/man/es/include/ipa_modified_defaults.xml new file mode 100644 index 0000000..4ad4b45 --- /dev/null +++ b/src/man/es/include/ipa_modified_defaults.xml @@ -0,0 +1,123 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and IPA provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_fast = try + + + + + krb5_canonicalize = true + + + + + + LDAP Provider - General + + + + ldap_schema = ipa_v1 + + + + + ldap_force_upper_case_realm = true + + + + + ldap_sasl_mech = GSSAPI + + + + + ldap_sasl_minssf = 56 + + + + + ldap_account_expire_policy = ipa + + + + + ldap_use_tokengroups = true + + + + + + LDAP Provider - User options + + + + ldap_user_member_of = memberOf + + + + + ldap_user_uuid = ipaUniqueID + + + + + ldap_user_ssh_public_key = ipaSshPubKey + + + + + ldap_user_auth_type = ipaUserAuthType + + + + + + LDAP Provider - Group options + + + + ldap_group_object_class = ipaUserGroup + + + + + ldap_group_object_class_alt = posixGroup + + + + + ldap_group_member = member + + + + + ldap_group_uuid = ipaUniqueID + + + + + ldap_group_objectsid = ipaNTSecurityIdentifier + + + + + ldap_group_external_member = ipaExternalMember + + + + + diff --git a/src/man/es/include/krb5_options.xml b/src/man/es/include/krb5_options.xml new file mode 100644 index 0000000..11a1c0f --- /dev/null +++ b/src/man/es/include/krb5_options.xml @@ -0,0 +1,154 @@ + + + krb5_auth_timeout (entero) + + + Timeout in seconds after an online authentication request or change password +request is aborted. If possible, the authentication request is continued +offline. + + + Predeterminado: 6 + + + + + + krb5_validate (boolean) + + + Verify with the help of krb5_keytab that the TGT obtained has not been +spoofed. The keytab is checked for entries sequentially, and the first entry +with a matching realm is used for validation. If no entry matches the realm, +the last entry in the keytab is used. This process can be used to validate +environments using cross-realm trust by placing the appropriate keytab entry +as the last entry or the only entry in the keytab file. + + + Default: false (IPA and AD provider: true) + + + Please note that the ticket validation is the first step when checking the +PAC (see 'pac_check' in the +sssd.conf 5 + manual page for details). If ticket validation is disabled +the PAC checks will be skipped as well. + + + + + + krb5_renewable_lifetime (cadena) + + + Request a renewable ticket with a total lifetime, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + Por defecto: no fijado, esto es el TGT no es renovable + + + + + + krb5_lifetime (cadena) + + + Request ticket with a lifetime, given as an integer immediately followed by +a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given s is assumed. + + + NOTE: It is not possible to mix units. To set the lifetime to one and a +half hours please use '90m' instead of '1h30m'. + + + Por defecto: no fijado, esto es el tiempo de vida de la entrada por defecto +configurado en el KDC. + + + + + + krb5_renew_interval (string) + + + The time in seconds between two checks if the TGT should be renewed. TGTs +are renewed if about half of their lifetime is exceeded, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + If this option is not set or is 0 the automatic renewal is disabled. + + + Predeterminado: no definido + + + + + + krb5_canonicalize (boolean) + + + Specifies if the host and user principal should be canonicalized. This +feature is available with MIT Kerberos 1.7 and later versions. + + + + Predeterminado: false + + + + diff --git a/src/man/es/include/ldap_id_mapping.xml b/src/man/es/include/ldap_id_mapping.xml new file mode 100644 index 0000000..4809189 --- /dev/null +++ b/src/man/es/include/ldap_id_mapping.xml @@ -0,0 +1,289 @@ + + ASIGNACIÓN DE ID + + La función asignación de ID permite a SSSD actuar como un cliente de Active +Directory sin requerir de administradores para extender los atributos de +usuario para soportar atributos POSIX para los identificadores de usuario y +grupo. + + + NOTA: Cuando asignación de ID está habilitado, los atributos uidNumber y +gidNumber son ignorados. Esto es para evitar la posibilidad de conflictos +entre los valores automáticamente asignados y los asignados manualmente. Si +usted necesita usar los valore asignados manualmente, TODOS los valores +deben ser asignados manualmente. + + + Please note that changing the ID mapping related configuration options will +cause user and group IDs to change. At the moment, SSSD does not support +changing IDs, so the SSSD database must be removed. Because cached passwords +are also stored in the database, removing the database should only be +performed while the authentication servers are reachable, otherwise users +might get locked out. In order to cache the password, an authentication must +be performed. It is not sufficient to use +sss_cache 8 + to remove the database, rather the process consists of: + + + + Making sure the remote servers are reachable + + + + + Stopping the SSSD service + + + + + Removing the database + + + + + Starting the SSSD service + + + + Moreover, as the change of IDs might necessitate the adjustment of other +system properties such as file and directory ownership, it's advisable to +plan ahead and test the ID mapping configuration thoroughly. + + + + Algoritmo de asignación + + Active Directory suministra un objectSID para cada objeto usuario y grupo en +el directorio. El objectSID puede ser dividido en componente que representan +la identidad del dominio Active Directory y le identificador relativo (RID) +del objeto usuario y grupo. + + + El algoritmo de asignación de ID de SSSD tiene un rango de UIDs disponibles +y lo divide en secciones componente de igual tamaño – llamadas “rebanadas” +-. Cada rebanada representa el espacio disponible para un dominio Active +Directory. + + + Cuando se encuentra por primera vez una entrada de usuario o grupo para un +dominio concreto, SSSD asigna una de las rebanadas disponibles para ese +dominio. Con el objetivo de hacer esta asignación de rebanadas repetible +sobre diferentes máquinas clientes, seleccionamos la rebanada en base al +siguiente algoritmo: + + + La cadena SID pasada a través del algoritmo murmurhash3 para convertirlo en +un valor picado de 32 bit. Después tomamos los módulos de este valor con el +número total de rebanadas disponibles para recoger la rebanada. + + + NOTA: Es posible encontrar colisiones en el picadillo y los módulos +subsiguientes. En estas situaciones, seleccionaremos la siguiente rebanada +disponible, pero puede no ser posible reproducir los mismos conjuntos +exactos de rebanadas sobre otras máquinas (puesto que el orden en que se +encuentren desterminará sus rebanadas). En esta situación, se recomienda o +bien conmutar para usar los atributos explícitos POSIX en Active Directory +(deshabilitando la asignación de ID) o configurar un dominio por defecto +para garantizar que al menos uno sea siempre consistente. Vea +Configuración para detalles. + + + + + Configuración + + Configuración mínima (en la sección [domain/DOMAINNAME]): + + + +ldap_id_mapping = True ldap_schema = ad + + + + The default configuration results in configuring 10,000 slices, each capable +of holding up to 200,000 IDs, starting from 200,000 and going up to +2,000,200,000. This should be sufficient for most deployments. + + + Configuración Avanzada + + + ldap_idmap_range_min (entero) + + + Specifies the lower (inclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +can be used for the mapping. + + + NOTA: Esta opción es diferente de min_id en esta +min_id actúa para filtrar la salida de las peticiones a este +dominio, mientras esta opción controla el rango de la asignación de ID. Esto +es una sutil diferencia, pero el buen consejo general sería que +min_id fuera menor o igual que +ldap_idmap_range_min + + + Por defecto: 200000 + + + + + ldap_idmap_range_max (entero) + + + Specifies the upper (exclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +cannot be used for the mapping anymore, i.e. one larger than the last one +which can be used for the mapping. + + + NOTA: Esta opción es diferente de max_id en esta +max_id actúa para filtrar la salida de las peticiones a este +dominio, mientras esta opción controla el rango de la asignación de ID. Esto +es una sutil diferencia, pero el buen consejo general sería que +max_id fuera menor o igual que +ldap_idmap_range_max + + + Por defecto: 2000200000 + + + + + ldap_idmap_range_size (entero) + + + Especifica el número de IDs disponibles para cada rebanada. Si el rango no +se divide de forma igual entre los valores mínimo y máximo, creará tantas +rebanadas completas como sea posible. + + + NOTE: The value of this option must be at least as large as the highest user +RID planned for use on the Active Directory server. User lookups and login +will fail for any user whose RID is greater than this value. + + + For example, if your most recently-added Active Directory user has +objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, +ldap_idmap_range_size must be at least 1108 as range size is +equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1). + + + It is important to plan ahead for future expansion, as changing this value +will result in changing all of the ID mappings on the system, leading to +users with different local IDs than they previously had. + + + Por defecto: 200000 + + + + + ldap_idmap_default_domain_sid (cadena) + + + Especifica el SID de dominio del dominio por defecto. Esto garantizará que +este dominio será asignado siempre a la rebanada cero en el mapa de ID, +sobrepasando el algoritmo murmurhash descrito arriba. + + + Predeterminado: no definido + + + + + ldap_idmap_default_domain (cadena) + + + Especifica el nombre del dominio por defecto. + + + Predeterminado: no definido + + + + + ldap_idmap_autorid_compat (booleano) + + + Cambia el comportamiento del algoritmo de asignación de id para que se +comporte de un modo más similar al algoritmo idmap_autorid de +winbind. + + + When this option is configured, domains will be allocated starting with +slice zero and increasing monotonically with each additional domain. + + + NOTA: Este algoritmo no es determinista (depende del orden en que usuario y +grupos son pedidos). Si se requiere este modo para compatibilidad con +máquinas que ejecutan winbind, se recomienda que también use la opción +ldap_idmap_default_domain_sid para garantizar que al menos un +dominio está asignado consistentemente a la rebanada cero. + + + Por defecto: False + + + + + ldap_idmap_helper_table_size (integer) + + + Maximal number of secondary slices that is tried when performing mapping +from UNIX id to SID. + + + Note: Additional secondary slices might be generated when SID is being +mapped to UNIX id and RID part of SID is out of range for secondary slices +generated so far. If value of ldap_idmap_helper_table_size is equal to 0 +then no additional secondary slices are generated. + + + Predeterminado: 10 + + + + + + + + + Well-Known SIDs + + SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a +special hardcoded meaning. Since the generic users and groups related to +those Well-Known SIDs have no equivalent in a Linux/UNIX environment no +POSIX IDs are available for those objects. + + + The SID name space is organized in authorities which can be seen as +different domains. The authorities for the Well-Known SIDs are + + Null Authority + World Authority + Local Authority + Creator Authority + Mandatory Label Authority + Authentication Authority + NT Authority + Built-in + + The capitalized version of these names are used as domain names when +returning the fully qualified name of a Well-Known SID. + + + Since some utilities allow to modify SID based access control information +with the help of a name instead of using the SID directly SSSD supports to +look up the SID by the name as well. To avoid collisions only the fully +qualified names can be used to look up Well-Known SIDs. As a result the +domain names NULL AUTHORITY, WORLD AUTHORITY, +LOCAL AUTHORITY, CREATOR AUTHORITY, +MANDATORY LABEL AUTHORITY, AUTHENTICATION +AUTHORITY, NT AUTHORITY and BUILTIN +should not be used as domain names in sssd.conf. + + + + diff --git a/src/man/es/include/ldap_search_bases.xml b/src/man/es/include/ldap_search_bases.xml new file mode 100644 index 0000000..95a6edd --- /dev/null +++ b/src/man/es/include/ldap_search_bases.xml @@ -0,0 +1,33 @@ + + + Una base DN opcional, alcance de la búsqueda y filtro LDAP para búsquedas +LDAP de este tipo de atributo. + + + sintaxis: +search_base[?scope?[filter][?search_base?scope?[filter]]*] + + + + + The scope can be one of "base", "onelevel" or "subtree". The scope functions +as specified in section 4.5.1.2 of http://tools.ietf.org/html/rfc4511 + + + El filtro debe ser un filtro de búsqueda LDAP válido como se especifica en +http://www.ietf.org/rfc/rfc2254.txt + + + Para ejemplos de esta sintaxis, por favor vea la sección de ejemplos de +ldap_search_base + + + Predeterminado: el valor de ldap_search_base + + + Por favor advierta que especificar el alcance o el filtro no está soportado +para búsquedas contra un Active Directory Server que puede ceder un gran +número de resultados y disparar la extensión Range Retrieval en la +respuesta. + + diff --git a/src/man/es/include/local.xml b/src/man/es/include/local.xml new file mode 100644 index 0000000..ebbfa64 --- /dev/null +++ b/src/man/es/include/local.xml @@ -0,0 +1,17 @@ + + EL DOMINIO LOCAL + + Con el objetivo de que funcione correctamente, se debe crear un dominio con +id_provider=local y el SSSD debe estar corriendo. + + + El administrador puede desear usar los usuarios locales SSSD en lugar de los +usuarios tradicionales UNIX en los casos donde los grupos anidados (vea + sss_groupadd +8 ) sean necesarios. Los usuarios +locales son también útiles para la prueba y el desarrollo del SSSD sin tener +que desplegar un servidor remoto completo. Las herramientas +sss_user* y sss_group* usan un +almacenamiento LDB local para almacenar usuarios y grupos. + + diff --git a/src/man/es/include/override_homedir.xml b/src/man/es/include/override_homedir.xml new file mode 100644 index 0000000..8c97767 --- /dev/null +++ b/src/man/es/include/override_homedir.xml @@ -0,0 +1,78 @@ + +override_homedir (cadena) + + + Anula el directorio home del usuario. Usted puede suministras bien un valor +absoluto o una plantilla. En la plantilla, serán sustituidas las siguientes +secuencias: + + %u + nombre de acceso + + + %U + número UID + + + %d + nombre de dominio + + + %f + nombre totalmente cualificado del usuario (user@domain) + + + %l + The first letter of the login name. + + + %P + UPN - User Principal Name (name@REALM) + + + %o + + El directorio home original recuperado del proveedor de identidad. + + + + %h + + The original home directory retrieved from the identity provider, but in +lower case. + + + + %H + + The value of configure option homedir_substring. + + + + %% + un literal ‘%’ + + + + + + Esta opción puede ser también fijada por dominio. + + + ejemplo: +override_homedir = /home/%u + + + + Por defecto: No fijado (SSSD usará el valor recuperado desde LDAP) + + + Please note, the home directory from a specific override for the user, +either locally (see +sss_override +8) or centrally managed IPA +id-overrides, has a higher precedence and will be used instead of the value +given by override_homedir. + + + diff --git a/src/man/es/include/param_help.xml b/src/man/es/include/param_help.xml new file mode 100644 index 0000000..977be27 --- /dev/null +++ b/src/man/es/include/param_help.xml @@ -0,0 +1,10 @@ + + + , + + + + Muestra mensaje de ayuda y sale. + + + diff --git a/src/man/es/include/param_help_py.xml b/src/man/es/include/param_help_py.xml new file mode 100644 index 0000000..5256f44 --- /dev/null +++ b/src/man/es/include/param_help_py.xml @@ -0,0 +1,10 @@ + + + , + + + + Muestra mensaje de ayuda y sale. + + + diff --git a/src/man/es/include/seealso.xml b/src/man/es/include/seealso.xml new file mode 100644 index 0000000..a2e645a --- /dev/null +++ b/src/man/es/include/seealso.xml @@ -0,0 +1,49 @@ + + VEA TAMBIEN + + sssd8 +, +sssd.conf5 +, +sssd-ldap5 +, +sssd-ldap-attributes5 +, +sssd-krb55 +, +sssd-simple5 +, +sssd-ipa5 +, +sssd-ad5 +, +sssd-files5 +, +sssd-sudo 5 +, +sssd-session-recording +5 , +sss_cache8 +, +sss_debuglevel8 +, +sss_obfuscate8 +, +sss_seed8 +, +sssd_krb5_locator_plugin8 +, +sss_ssh_authorizedkeys +8 , +sss_ssh_knownhostsproxy +8 , sssd-ifp +5 , +pam_sss8 +. +sss_rpcidmapd 5 + +sssd-systemtap 5 + + + diff --git a/src/man/es/include/service_discovery.xml b/src/man/es/include/service_discovery.xml new file mode 100644 index 0000000..0c9fb55 --- /dev/null +++ b/src/man/es/include/service_discovery.xml @@ -0,0 +1,44 @@ + + SERVICIO DE DESCUBRIMIENTO + + La función servicio descubridor permite a los puntos finales encontrar +automáticamente los servidores apropiados a conectar para usar una pregunta +especial al DNS. Esta función no está soportada por los servidores de +respaldo. + + + Configuración + + Si no se especifican servidores, el punto final usar automáticamente el +servicio descubridor para intentar encontrar un servidor. Opcionalmente, el +usuario puede elegir utilizar tanto las direcciones de servidor fijadas como +el servicio descubridor para insertar una palabra clave especial, +_srv_, en la lista de servidores. El orden de preferencia se +mantiene. Esta función es útil sí, por ejemplo, el usuario prefiere usar el +servicio descubridor siempre que sea posible, el volver a un servidor +específico cuando no se pueden descubrir servidores usando DNS. + + + + El nombre de dominio + + Por favor vea el parámetro dns_discovery_domain en la página +de manual sssd.conf +5 para más detalles. + + + + El protocolo + + Las consultas normalmente especifican _tcp como protocolo. Las excepciones +se documentan en la descripción de la opción respectiva. + + + + Vea también + + Para más información sobre el mecanismo del servicio descubridor, vea el RFC +2782. + + + diff --git a/src/man/es/include/upstream.xml b/src/man/es/include/upstream.xml new file mode 100644 index 0000000..2a4ad16 --- /dev/null +++ b/src/man/es/include/upstream.xml @@ -0,0 +1,3 @@ + +SSSD The SSSD upstream - +https://github.com/SSSD/sssd/ diff --git a/src/man/es/sss-certmap.5.xml b/src/man/es/sss-certmap.5.xml new file mode 100644 index 0000000..54a255d --- /dev/null +++ b/src/man/es/sss-certmap.5.xml @@ -0,0 +1,756 @@ + + + +Páginas de manual de SSSD + + + + + sss-certmap + 5 + Formatos de archivo y convenciones + + + + sss-certmap + Reglas de Correspondencia y Asignación de Certificados SSSD + + + + DESCRIPCION + + La página de manual describe las reglas que pueden ser usadas por SSSD y +otros componentes para corresponder con los certificados X.509 y asignarlos +a cuentas. + + + Cada regla tiene cuatro componentes, una priority, una +matching rule, una mapping rule y una +domain list. Todos los componentes son opcionales. Si no hay +priority se añadirá la regla con el nivel de prioridad más +bajo. La matching rule predeterminada hará coincidir los +certificados con la clave de utilización digitalSignature y la clave de +utilización extendida clientAuth. Si mapping rule está vacía +los certificados serán buscados en el atributo userCertificate como DER +codificado en binario. Si no se dan dominios solo se buscará en el dominio +local. + + + To allow extensions or completely different style of rule the +mapping and matching rules can contain a +prefix separated with a ':' from the main part of the rule. The prefix may +only contain upper-case ASCII letters and numbers. If the prefix is omitted +the default type will be used which is 'KRB5' for the matching rules and +'LDAP' for the mapping rules. + + + The 'sssctl' utility provides the 'cert-eval-rule' command to check if a +given certificate matches a matching rules and how the output of a mapping +rule would look like. + + + + + COMPONENTES DE LA REGLA + + PRIORIDAD + + Las reglas son procesados por prioridad sabiendo que el número '0' (cero) +indica la prioridad más alta. Más alto en número más baja la prioridad. Un +valor desaparecido indica la prioridad más baja. Las reglas de procesamiento +se para cuando una regla coincidente y no se comprueban más reglas. + + + Internamente la prioridad se trata como un entero no firmado de 32 bitr, la +utilización de in valor de prioridad superior a 4294967295 causará un error. + + + If multiple rules have the same priority and only one of the related +matching rules applies, this rule will be chosen. If there are multiple +rules with the same priority which matches, one is chosen but which one is +undefined. To avoid this undefined behavior either use different priorities +or make the matching rules more specific e.g. by using distinct +<ISSUER> patterns. + + + + REGLA DE COINCIDENCIA + + La regla de coincidencia se usa para seleccionar un certificado al que sería +aplicado la regla de asignación. Usa un sistema similar al usado por la +opción pkinit_cert_match de MIT Kerberos. Consiste en una +clave encerrada entre '<' y '>' ue identifica una cierta parte del +certificado y un patrón para que la regla coincida. Se pueden unir varios +pares de palabras claves con '&&' (y) o '||' (o). + + + Given the similarity to MIT Kerberos the type prefix for this rule is +'KRB5'. But 'KRB5' will also be the default for matching +rules so that "<SUBJECT>.*,DC=MY,DC=DOMAIN" and +"KRB5:<SUBJECT>.*,DC=MY,DC=DOMAIN" are equivalent. + + + Las opciones disponibles son: + + <SUBJECT>regular-expression + + + Con esto una parte o todo el nombre de sujeto del certificado pueden +coincidir. Para la coincidencia se usa la sintaxis Expresión Regular +Extendida POSIX, vea detalles en regex(7). + + + Para coincidir el nombre sujeto almacenado en el certificado en codificación +DER ASN.1 se convierte en una cadena de acuerdo a RFC 4514. Esto significa +que el componente de nombre más específico es el primero. Por favor advierta +que no todos los posibles nombres de atributo están cubiertos por RFC +4514. Los nombres incluidos son 'CN', 'L', 'ST', 'O', 'OU', 'C', 'STREET', +'DC' y 'UID'. Otros nombres de atributo pueden ser mostrados de forma +diferente sobre plataformas distintas y por herramientas diferentes. Para +evitar la confusión es mejor que no se usen estos nombres de atributos o se +cubran por una expresión regular a medida. + + + Ejemplo: <SUBJECT>.*,DC=MY,DC=DOMAIN + + + Please note that the characters "^.[$()|*+?{\" have a special meaning in +regular expressions and must be escaped with the help of the '\' character +so that they are matched as ordinary characters. + + + Example: <SUBJECT>^CN=.* \(Admin\),DC=MY,DC=DOMAIN$ + + + + + <ISSUER>regular-expression + + + Con esto, se puede hacer coincidir una parte o el nombre completo del emisor +del certificado. Todos los comentarios para <SUBJECT> se le aplican +también. + + + Ejemplo: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$ + + + + + <KU>key-usage + + + Esta opción se puede usar para especificar que valores de uso clave debe +tener el certificado. Se pueden usar los siguientes valores en una lista +separados por comas: + + digitalSignature + nonRepudiation + keyEncipherment + dataEncipherment + keyAgreement + keyCertSign + cRLSign + encipherOnly + decipherOnly + + + + Un valor numérico en el rango de un entero sin signo de 32 bit se puede usar +también para cubrir casos de uso especiales. + + + Ejemplo: <KU>digitalSignature,keyEncipherment + + + + + <EKU>extended-key-usage + + + Esta opción se puede usar para especificar que uso de clave extendida puede +tener el certificado. El siguiente valor se puede usar en una lista separada +por comas: + + serverAuth + clientAuth + codeSigning + emailProtection + timeStamping + OCSPSigning + KPClientAuth + pkinit + msScLogin + + + + La utilización de claves extendidas que no están listadas arriba pueden ser +especificadas con sus OID en anotación decimal con puntos. + + + Ejemplo: <EKU>clientAuth,1.3.6.1.5.2.3.4 + + + + + <SAN>regular-expression + + + Para ser compatible con la utilización de MIT Kerberos esta opción +coincidirá con los principios de Kerberos en PKINIT o AD NT Principal SAN +como hace <SAN:Principal>. + + + Ejemplo: <SAN>.*@MY\.REALM + + + + + <SAN:Principal>regular-expression + + + Haga coincidir los principios principales de Kerberos en la SAN principal de +PKINIT o AD NT. + + + Example: <SAN:Principal>.*@MY\.REALM + + + + + <SAN:ntPrincipalName>regular-expression + + + Haga coincidir los principales de Kerberos de la SAN principal de AD NT. + + + Example: <SAN:ntPrincipalName>.*@MY.AD.REALM + + + + + <SAN:pkinit>regular-expression + + + Haga coincidir los principales de Kerberos con los PKINIT SAN. + + + Example: <SAN:ntPrincipalName>.*@MY\.PKINIT\.REALM + + + + + <SAN:dotted-decimal-oid>regular-expression + + + Toma el valor del componente SAN otherName dado por el de OID en anotación +decimal con puntos, lo interpreta como una cadena e intenta hacerlo +coincidir con la expresión regular. + + + Example: <SAN:1.2.3.4>test + + + + + <SAN:otherName>base64-string + + + Haga una coincidencia binaria con el blob codificado en base64 con todos los +demás componentes SAN otheName. Con esta opción es posible la coincidencia +con los componentes otherName personales con codificación especial que +podrían no ser tratados como cadenas. + + + Example: <SAN:otherName>MTIz + + + + + <SAN:rfc822Name>regular-expression + + + Haga coincidir el valor del rfc822Name SAN. + + + Example: <SAN:rfc822Name>.*@email\.domain + + + + + <SAN:dNSName>regular-expression + + + Haga coincidir el valor del dNSName SAN. + + + Example: <SAN:dNSName>.*\.my\.dns\.domain + + + + + <SAN:x400Address>base64-string + + + Binario coincide con el valor del x400Address SAN. + + + Example: <SAN:x400Address>MTIz + + + + + <SAN:directoryName>regular-expression + + + Haga coincidir el valor del directoryName SAN. Los mismos comentarios dados +para <ISSUER> and <SUBJECT> se aplican aquí también. + + + Example: <SAN:directoryName>.*,DC=com + + + + + <SAN:ediPartyName>base64-string + + + Hacer coincidir binario el valor del ediPartyName SAN. + + + Ejemplo: <SAN:ediPartyName>MTIz + + + + + <SAN:uniformResourceIdentifier>regular-expression + + + Hacer coincidir el valor del uniformResourceIdentifier SAN. + + + Ejemplo: <SAN:uniformResourceIdentifier>URN:.* + + + + + <SAN:iPAddress>regular-expression + + + Haga coincidir el valor del iPAddress SAN. + + + Ejemplo: <SAN:iPAddress>192\.168\..* + + + + + <SAN:registeredID>regular-expression + + + Haga coincidir el valor de registeredID SAN como cadena decimal con puntos. + + + Ejemplo: <SAN:registeredID>1\.2\.3\..* + + + + + + + + REGLA DE MAPEO + + La regla de mapeo se usa para asociar un certificado con una o mas +cuentas. Una Smartcard con el certificado y la clave privada correspondiente +puede ser usada entonces para autenticar una de estas cuentas. + + + Actualmente SSSD básicamente solo soporta LDAP para buscar información de +usuario (la excepción es el proveedor proxy que no tiene relevancia +aqui). Por esto la regla de mapeo se basa en una búsqueda por filtro de +sintaxis LDAP con plantillas para añadir el contenido del certificado al +filtro. Se espra que ese filtro solo contendrá los datos específicos para el +mapeo y que la persona que llama lo incrustará en otro filtro para hacer la +búsqueda real. Debido a esto la cadena de filtro de empezar y terminar con +'('and')' respectivamente. + + + En general se recomienda usar atributos del certificado y añadirlos a +atributos especiales al objeto usuario LDAP. E.g. el atributo +'altSecurityIdentities' en AD o el atributo 'ipaCertMapData' para IPA se +pueden usar. + + + Debería preferible leer datos específicos del usuario del certificado, +e.g. una dirección de correo electrónico y buscarla en el servidor LDAP. La +razón es que los datos específicos del usuario en el LDAP podrían cambiar +por diversas razones y romper el mapeo. Por otro lado, sería difícil romper +el mapeo a propósito para un usuario específico. + + + The default mapping rule type is 'LDAP' which can be added as +a prefix to a rule like e.g. +'LDAP:(userCertificate;binary={cert!bin})'. There is an extension called +'LDAPU1' which offer more templates for more flexibility. To allow older +versions of this library to ignore the extension the prefix 'LDAPU1' must be +used when using the new templates in a mapping rule otherwise +the old version of this library will fail with a parsing error. The new +templates are described in section . + + + La plantilla para añadir datos de certificado al filtro de búsqueda están +basados sobre cadenas formateadas en estilo Python. Consiste en una palabra +clave entre llaves con un subcomponente especificador opcional separado por +un '.' o una opción opcional de conversión/formateo separada por un '!'. Los +valores permitidos son: + + {issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]} + + + Esta plantilla agregará el DN del emisor completo convertido en una +plantilla de acuerdo con el RFC 4514. Si se ordena X.500 (más especifico RDN +viene el último) se debería usar un opción con el prefijo '_x500'. + + + Las opciones de conversión que empiezan con 'ad_' usarán nombres de +atributos como los usados por AD, p. ej. 'S' en lugar de 'ST'. + + + Las opciones de conversión que empiezan por 'nss_' usarán nombres de +atributos como los usados por NSS. + + + La opción de conversión predeterminada es 'nss', i.e. los nombres de +atributo de acuerdo con la ordenación NSS y LDAP/RFC 4514. + + + Ejemplo: +(ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!ad}) + + + + + {subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]} + + + Esta plantilla añadirá el sujeto completo DN convertido en una cadena de +acuerdo a RFC 4514. Si la ordenación X.500 (más específico RDN viene el +último) se usaría una opción con el prefijo '_x500'. + + + Las opciones de conversión que empiezan con 'ad_' usarán nombres de +atributos como los usados por AD, p. ej. 'S' en lugar de 'ST'. + + + Las opciones de conversión que empiezan por 'nss_' usarán nombres de +atributos como los usados por NSS. + + + La opción de conversión predeterminada es 'nss', i.e. los nombres de +atributo de acuerdo con la ordenación NSS y LDAP/RFC 4514. + + + Ejemplo: +(ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>{subject_dn!nss_x500}) + + + + + {cert[!(bin|base64)]} + + + Esta plantilla añadirá el certificado completo codificado DER como una +cadena al filtro de búsqueda. Dependiendo de la opción de conversión el +certificado binario se convierte en una secuencia hexadecimal escapada '\xx' +o base64. La secuencia hexadecimal escapada es la predeterminada y puede, +por ejemplo, ser usada con el atributo LDAP 'userCertificate;binary'. + + + Ejemplo: (userCertificate;binary={cert!bin}) + + + + + {subject_principal[.short_name]} + + + Esta plantilla añadirá el principal Kerberos bien desde el SAN usado por +pkinit o del usado por AD. El componente 'short_name' representa la primera +parte del principal antes del signo '@'. + + + Ejemplo: +(|(userPrincipal={subject_principal})(samAccountName={subject_principal.short_name})) + + + + + {subject_pkinit_principal[.short_name]} + + + Esta plantilla añadirá el principal Kerberos que es dado por el SAN usado +por pkinit. El componente 'short_name' representa la primera parte del +principal antes del signo '@'. + + + Ejemplo: +(|(userPrincipal={subject_pkinit_principal})(uid={subject_pkinit_principal.short_name})) + + + + + {subject_nt_principal[.short_name]} + + + Esta plantilla añadirá el principal Kerberos que es dado por el SAN usado +por AD. El componente 'short_name' represebta la primera parte del principal +antes del signo '@'. + + + Example: +(|(userPrincipalName={subject_nt_principal})(samAccountName={subject_nt_principal.short_name})) + + + + + {subject_rfc822_name[.short_name]} + + + Esta plantilla añadirá la cadena que está almacenada en el componente +rfc822Name del SAN, normalmente una dirección de correo electrónico. El +componente 'short_name' representa la primera parte de la dirección antes +del signo '@'. + + + Ejemplo: +(|(mail={subject_rfc822_name})(uid={subject_rfc822_name.short_name})) + + + + + {subject_dns_name[.short_name]} + + + Esta plantilla añadirá la cadena que está almacenada en el componente +dNSName del SAN, normalmente un nombre de host totalmente cualificado. El +componente 'short_name' representa la primera parte del nombre antes del +primer signo '.'. + + + Ejemplo: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name})) + + + + + {subject_uri} + + + Esta plantilla añadirá la cadena que está almacenada en el componente +uniformResourceIdentifier del SAN. + + + Ejemplo: (uri={subject_uri}) + + + + + {subject_ip_address} + + + Esta plantilla añadirá la cadena que está almacenada en el componente +iPAddress del SAN. + + + Ejemplo: (ip={subject_ip_address}) + + + + + {subject_x400_address} + + + Esta plantilla añadirá el valor que está almacenado en el componente +x400Address del SAN como secuencia hexadecimal escapada. + + + Ejemplo: (attr:binary={subject_x400_address}) + + + + + {subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]} + + + Esta plantilla añadirá la cadena DN del valor que está almacenado en el +componente directoryName del SAN. + + + Ejemplo: (orig_dn={subject_directory_name}) + + + + + {subject_ediparty_name} + + + Esta plantilla añadirá el valor que está almacenado en el componente +ediPartyName del SAN como secuencia hexadecimal escapada. + + + Ejemplo: (attr:binary={subject_ediparty_name}) + + + + + {subject_registered_id} + + + Esta plantilla añadirá la OID que está almacenada en el componente +registeredID del SAN como una cadena decimal con puntos.. + + + Ejemplo: (oid={subject_registered_id}) + + + + + + + LDAPU1 extension + + The following template are available when using the 'LDAPU1' extension: + + + + + {serial_number[!(dec|hex[_ucr])]} + + + This template will add the serial number of the certificate. By default it +will be printed as a hexadecimal number with lower-case letters. + + + With the formatting option '!dec' the number will be printed as decimal +string. The hexadecimal output can be printed with upper-case letters +('!hex_u'), with a colon separating the hexadecimal bytes ('!hex_c') or with +the hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can +be combined so that e.g. '!hex_uc' will produce a colon-separated +hexadecimal string with upper-case letters. + + + Example: LDAPU1:(serial={serial_number}) + + + + + + {subject_key_id[!hex[_ucr]]} + + + This template will add the subject key id of the certificate. By default it +will be printed as a hexadecimal number with lower-case letters. + + + The hexadecimal output can be printed with upper-case letters ('!hex_u'), +with a colon separating the hexadecimal bytes ('!hex_c') or with the +hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can be +combined so that e.g. '!hex_uc' will produce a colon-separated hexadecimal +string with upper-case letters. + + + Example: LDAPU1:(ski={subject_key_id}) + + + + + + {cert[!DIGEST[_ucr]]} + + + This template will add the hexadecimal digest/hash of the certificate where +DIGEST must be replaced with the name of a digest/hash function supported by +OpenSSL, e.g. 'sha512'. + + + The hexadecimal output can be printed with upper-case letters ('!sha512_u'), +with a colon separating the hexadecimal bytes ('!sha512_c') or with the +hexadecimal bytes in reverse order ('!sha512_r'). The postfix letters can be +combined so that e.g. '!sha512_uc' will produce a colon-separated +hexadecimal string with upper-case letters. + + + Example: LDAPU1:(dgst={cert!sha256}) + + + + + + {subject_dn_component[(.attr_name|[number]]} + + + This template will add an attribute value of a component of the subject DN, +by default the value of the most specific component. + + + A different component can it either selected by attribute name, +e.g. {subject_dn_component.uid} or by position, +e.g. {subject_dn_component.[2]} where positive numbers start counting from +the most specific component and negative numbers start counting from the +least specific component. Attribute name and the position can be combined as +e.g. {subject_dn_component.uid[2]} which means that the name of the second +component must be 'uid'. + + + Example: LDAPU1:(uid={subject_dn_component.uid}) + + + + + + {issuer_dn_component[(.attr_name|[number]]} + + + This template will add an attribute value of a component of the issuer DN, +by default the value of the most specific component. + + + See 'subject_dn_component' for details about the attribute name and position +specifiers. + + + Example: +LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component.dc[-1]}) + + + + + {sid[.rid]} + + + This template will add the SID if the corresponding extension introduced by +Microsoft with the OID 1.3.6.1.4.1.311.25.2 is available. With the '.rid' +selector only the last component, i.e. the RID, will be added. + + + Example: LDAPU1:(objectsid={sid}) + + + + + + + + + LISTA DE DOMINIO + + Si la lista de dominio no está vacía los usuarios mapeados a un certificado +dado no serán buscados solo en el dominio local sino también en los dominios +listados siempre que sean conocidos por SSSD. Los dominios no conocidos por +SSSD serán ignorados. + + + + + diff --git a/src/man/es/sss_obfuscate.8.xml b/src/man/es/sss_obfuscate.8.xml new file mode 100644 index 0000000..db8acdf --- /dev/null +++ b/src/man/es/sss_obfuscate.8.xml @@ -0,0 +1,97 @@ + + + +Páginas de manual de SSSD + + + + + sss_obfuscate + 8 + + + + sss_obfuscate + oscurecer un password en texto claro + + + + +sss_obfuscate +options [CONTRASEÑA] + + + + DESCRIPCION + + sss_obfuscate convierte una contraseña dada en un formato +no legible y la sitúa en la sección apropiada del dominio del fichero de +configuración SSSD. + + + La contraseña en texto claro es leída desde la entrada estándar e +introducida interactivamente. La contraseña ofuscada se pone en el parámetro +ldap_default_authtok de un dominio SSSD dado y el parámetro +ldap_default_authtok_type se fija a +obfuscated_password. Vea +sssd-ldap 5 + para más detalles sobre estos parámetros. + + + Por favor advierta que oscurecer la contraseña no suministra un +beneficio real de seguridad y es posible para un atacante +mediante ingeniería inversa volver atrás la contraseña. Se recomienda +firmemente el uso de mejores mecanismos de +autenticación como certificados en el lado cliente o GSSAPI. + + + + + OPCIONES + + + + + , + + + + La contraseña a oscurecer será leída desde la entrada estándar. + + + + + + , +DOMINIO + + + + El dominio SSSD en el que usar la contraseña. El nombre por defecto es +default. + + + + + + , +ARCHIVO + + + + Lee el fichero de configuración especificado por el parámetro posicional. + + + Predeterminado: /etc/sssd/sssd.conf + + + + + + + + + + diff --git a/src/man/es/sss_seed.8.xml b/src/man/es/sss_seed.8.xml new file mode 100644 index 0000000..76c4e67 --- /dev/null +++ b/src/man/es/sss_seed.8.xml @@ -0,0 +1,165 @@ + + + +Páginas de manual de SSSD + + + + + sss_seed + 8 + + + + sss_seed + alimenta el cache SSSD con un usuario + + + + +sss_seed +options -D +DOMAIN -n +USER + + + + DESCRIPCION + + sss_seed alimenta el cache SSSD con una entrada de +usuario y una contresañe temporal. Si una entrada de usuario está ya +presente en el cache SSSD la entrada se actualiza con la contraseña temporal + + + + + + + OPCIONES + + + + , +DOMAIN + + + + Suministra el nombre del dominio del que el usuario es miembro. El dominio +también se usa para recuperar información del usuario. El dominio debe estar +configurado en sssd.conf. La opción DOMAIN debe +ser suministrada. La información recuperada del dominio anula la que se ha +suministrado en las opciones. + + + + + + , +USER + + + + El nombre de usuario de la entrada a ser creado o modificado en el cache. Se +debe suministrar la opción USER. + + + + + + , UID + + + + Fija la UID del usuario a UID. + + + + + + , GID + + + + Fija la GID del usuario a GID. + + + + + + , +COMENTARIO + + + + Cualquier cadena de texto describiendo al usuario. Frecuentemente se usa +como el campo para el nombre completo del usuario. + + + + + + , +HOME_DIR + + + + Fija el directorio home del usuario a HOME_DIR. + + + + + + , +SHELL + + + + Fija la shell de acceso del usuario a SHELL. + + + + + + , + + + + Modo interactivo de introducir información del usuario. Esta opción sólo +preguntará por la información no suministrada en las opciones o recuperada +del dominio. + + + + + + , +PASS_FILE + + + + Especifica el fichero desde donde leer la contraseña del usuario (si no se +especifica se pregunta por la contraseña) + + + + + + + + + NOTAS + + La longitud de la contraseña (o el tamaño especificado con la opción -p or +--password-file) debe ser menos o igual a PASS_MAX bytes ( 64 bytes en +sistemas sin valor PASS_MAX globalmente definido). + + + + + + + + + + diff --git a/src/man/es/sssd-ipa.5.xml b/src/man/es/sssd-ipa.5.xml new file mode 100644 index 0000000..e9dcc80 --- /dev/null +++ b/src/man/es/sssd-ipa.5.xml @@ -0,0 +1,878 @@ + + + +Páginas de manual de SSSD + + + + + sssd-ipa + 5 + Formatos de archivo y convenciones + + + + sssd-ipa + Proveedor SSSD IPA + + + + DESCRIPCION + + Este página de manual describe la configuración del proveedor IPA para + sssd 8 +. Para una referencia de sintaxis detalladas, vea la sección +FILE FORMAT de la página de manual +sssd.conf 5 +. + + + El proveedor IPA es un back end usado para conectar a un servidor IPA. (Vea +el sitio web freeipa.org para información sobre los servidores IPA). Este +proveedor requiere que la máquina este unido al dominio IPA; la +configuración es casi enteramente auto descubierta y obtenida directamente +del servidor. + + + El proveedor IPA habilita a SSSD para usar el proveedor de identidad + sssd-ldap +5 y el proveedor de autenticación + sssd-krb5 +5 con optimizaciones para entornos +IPA. El proveedor IPA acepta las mismas opciones que las usadas por los +proveedores sssd-ldap y sssd-krb5 con algunas excepciones. Sin embargo, no +es necesario ni recomendable establecer estas opciones. + + + El proveedor IPA copia primariamente las opciones por defecto tradicionales +de los proveedores ldap y krb5 con algunas excepciones, las diferencias +están listadas en la sección OPCIONES PREDETERMINADAS +MODIFICADAS. + + + As an access provider, the IPA provider has a minimal configuration (see +ipa_access_order) as it mainly uses HBAC (host-based access +control) rules. Please refer to freeipa.org for more information about HBAC. + + + Si auth_provider=ipa o access_provider=ipa +está configurado en sssd.conf id_provider se debe establecer también a +ipa. + + + El porveedor IPA usara el respondedor PAC si las entradas Kerberos de los +usuario de reinos confiables contienen un PAC. Para hacer la configuración +más fácil el respondedor PAC es iniciado automáticamente si la ID del +proveedor IPA está configurada. + + + + + OPCIONES DE CONFIGURACIÓN + Vea la sección DOMAIN SECTIONS de la página de manual + sssd.conf +5 para detalles sobre la +configuración de un dominio SSSD. + + ipa_domain (cadena) + + + Especifica el nombre del dominio IPA. Esto es opcional. Si no se suministra, +se usa el nombre de configuración del dominio. + + + + + + ipa_server, ipa_backup_server (cadena) + + + La lista separada por comas de direcciones IP o nombres de host de los +servidores IPA a los que SSSD se conectaría en orden de preferencia. Para +más información sobre conmutación en error y redundancia de servidores, vea +la sección FAILOVER. Esto es opcional si autodiscovery está +habilitado. Para más información sobre el servicio descubridor, vea la +sección SERVICE DISCOVERY. + + + + + + ipa_hostname (cadena) + + + Opcional. Se puede establecer sobre máquinas donde el hostname(5) no refleje +el nombre totalmente cualificado usado en el dominio IPA para identificar +este host. El nombre de host debe ser totalmente cualificado. + + + + + + dyndns_update (booleano) + + + Opcional. Esta opción le dice a SSSD que actualice automáticamente el +servidor DNS incorporado a FreeIPA con la dirección IP de este cliente. La +actualización está asegurada utilizando GSS-TSIG. La dirección IP de la +conexión IPA LDAP se usa para las actualizaciones, si no se especifica de +otra manera utilizando la opción dyndns_iface. + + + NOTA: Sobre sistemas más antiguos (como RHEL 5), para que este +comportamiento trabaje fiablemente, el reino por defecto Kerberos debe ser +fijado apropiadamente en /etc/krb5.conf + + + AVISO: Aunque todas es posible usar la vieja opción +ipa_dyndns_update, los usuarios deberían migrar para +usar dyndns_update en su fichero de configuración. + + + Predeterminado: false + + + + + + dyndns_ttl (entero) + + + El TTL a aplicar al registro del cliente DNS cuando lo actualiza. Si +dyndns_update está a false esto no tiene efecto. Esto anula el TTL del lado +servidor si se establece por un administrador. + + + AVISO: Aunque todavía es posible usar la antigua opción +ipa_dyndns_ttl, los usuarios deberían migrar usando +dyndns_ttl en su fichero de configuración. + + + Por defecto: 1200 (segundos) + + + + + + dyndns_iface (cadena) + + + Opcional. Aplicable solo cuando dyndns_update está a true. Elija la interfaz +o la lista de interfaces cuyas direcciones IP serían usadas para las +actualizaciones DNS dinámicas. El valor especial * implica +que las IPs de todas las interfaces serían las usadas. + + + AVISO: Aunque todavía es posible usar la vieja opción +ipa_dyndns_iface, los usuarios deberían migrar usando +dyndns_iface en su fichero de configuración. + + + Predeterminado: Usa las direcciones IP de la interfaz que es usada para la +conexión IPA LDAP + + + Ejemplo: dyndns_iface = em1, vnet1, vnet2 + + + + + + dyndns_auth (cadena) + + + Si la utilidad nsupdate debe usar la autenticación GSS-TSIG para +actualizaciones seguras con el servidor DNS, las actualizaciones inseguras +se pueden enviar fijando esta opción a 'none'. + + + Predeterminado: GSS-TSIG + + + + + + dyndns_auth_ptr (string) + + + Whether the nsupdate utility should use GSS-TSIG authentication for secure +PTR updates with the DNS server, insecure updates can be sent by setting +this option to 'none'. + + + Default: Same as dyndns_auth + + + + + + ipa_enable_dns_sites (booleano) + + + Habilita sitios DNS - descubrimiento de servicio basado en la ubicación. + + + Si es ciertp y descubrimiento de servicio (vea el párrafo Descubrimiento del +Servicio en la parte inferior de la página de manual) está habilitado, SSSD +primero intentará la localización basada en el descubrimiento usando una +consulta que contenga "_location.hostname.example.com" y después irá al +descubrimiento tradicional SRV. Si la localización basada en el +descubrimiento tiene éxito, los servidores IPA localizados con la +localización basada en el descubrimiento son tratados como servidores +primarios y los servidores IPA localizados usando el descubrimiento +tradicional SRV son usados como servidores de respaldo + + + Predeterminado: false + + + + + + dyndns_refresh_interval (entero) + + + Con qué frecuencia el back-end debe realizar una actualización periódica de +DNS además de la actualización automática que se realiza cuando el back-end +se conecta. Esto es una posibilidad opcional y aplicable solo cuando +dyndns_update está a true. + + + Predeterminado: 0 (deshabilitado) + + + + + + dyndns_update_ptr (booleano) + + + Si el registro PTR debería ser explícitamente actualizado cuando se +actualizan los registros DNS del cliente. Aplicable solo cuando +dyndns_update está a true. + + + Esta opción debería estar a False en la mayoría de los despliegues IPA +puesto que el servidor IPA genera los registros PTR automáticamente cuando +se cambian los registros que envía. + + + Note that dyndns_update_per_family parameter does not +apply for PTR record updates. Those updates are always sent separately. + + + Predeterminado: False (deshabilitado) + + + + + + dyndns_force_tcp (booleano) + + + Si la utilidad nsupdate debería usar de manera predeterminada TCP cuando se +comunica con el servidor DNS. + + + Predeterminado: False (permitir a nsupdate elegir el protocolol) + + + + + + dyndns_server (cadena) + + + El servidor DNA a usar cuando se lleva a cabo una actualización DNS +update. En la mayoría de las configuraciones se recomienda dejar esta opción +sin establecer. + + + El establecimiento de esta opción tiene sentido en entornos donde el +servidor DNS es distinto del servidor de identidad. + + + Tenga en cuenta que esta opción solo se usará en un intento de recuperación +cuando el intento anterior de usar la configuración autodetectada falló. + + + Predeterminado: None (permitir a nsupdate elegir el servidor) + + + + + + dyndns_update_per_family (booleano) + + + La actualización DNS es llevada a cabo de manera predeterminada en dos pasos +- actualización IPv4 y después actualización IPv6. En algunos casos puede +ser deseable llevar a cabo la actualización IPv4 e IPv6 en un único paso. + + + Predeterminado: true + + + + + + ipa_access_order (string) + + + Lista separada por coma de opciones de control de acceso. Los valores +permitidos son: + + + expire: use IPA's account expiration policy. + + + pwd_expire_policy_reject, pwd_expire_policy_warn, +pwd_expire_policy_renew: Estas opciones son útiles si los +usuarios están interesados en que se les avise de que la contraseña está +próxima a expirar y la autenticación está basada en la utilización de un +método distinto a las contraseñas - por ejemplo claves SSH. + + + The difference between these options is the action taken if user password is +expired: + + + + pwd_expire_policy_reject - user is denied to log in, + + + + + pwd_expire_policy_warn - user is still able to log in, + + + + + pwd_expire_policy_renew - user is prompted to change their password +immediately. + + + + + + Please note that 'access_provider = ipa' must be set for this feature to +work. + + + + + + ipa_deskprofile_search_base (cadena) + + + Opcional. Usa la cadena dada como base de búsqueda de los objetos +relacionados con Desktop Profile. + + + Predeterminado: Utilizar DN base + + + + + + ipa_subid_ranges_search_base (string) + + + Optional. Use the given string as search base for subordinate ranges related +objects. + + + Default: the value of cn=subids,%basedn + + + + + + ipa_hbac_search_base (cadena) + + + Opcional. Usa la cadena dada como base de búsqueda para los objetos HBAC +relacionados. + + + Predeterminado: Utilizar DN base + + + + + + ipa_host_search_base (cadena) + + + Obsoleto. Usa en su lugar ldap_host_search_base. + + + + + + ipa_selinux_search_base (cadena)Opcional. + + + Opcional. Usa la cadena dada como base de búsqueda para los mapas de usuario +SELinux. + + + Vea ldap_search_base para información sobre la configuración +de múltiples bases de búsqueda. + + + Predeterminado: el valor de ldap_search_base + + + + + + ipa_subdomains_search_base (cadena) + + + Opcional: Usa la cadena dada como base de búsqueda de dominios de confianza. + + + Vea ldap_search_base para información sobre la configuración +de múltiples bases de búsqueda. + + + Por defecto: el valor de cn=trusts,%basedn + + + + + + ipa_master_domain_search_base (cadena) + + + Opcional: Usa la cadena dada como base de búsqueda para el objeto maestro de +dominio. + + + Vea ldap_search_base para información sobre la configuración +de múltiples bases de búsqueda. + + + Por defecto: el valor de cn=ad,cn=etc,%basedn + + + + + + ipa_views_search_base (cadena) + + + Opcional. Usa la cadena dada como base de búsqueda de contenedores de vista. + + + Vea ldap_search_base para información sobre la configuración +de múltiples bases de búsqueda. + + + Predeterminado: el valor de +cn=views,cn=accounts,%basedn + + + + + + krb5_realm (cadena) + + + El nombre del reino Kerberos. Esto es opcional y por defecto está al valor +de ipa_domain. + + + El nombre del reino Kerberos tiene un significado especial en IPA – es +convertido hacia la base DN para usarlo para llevar a cabo operaciones LDAP. + + + + + + krb5_confd_path (cadena) + + + Ruta absoluta de un directorio donde SSSD debe colocar fragmentos de +configuración de Kerberos. + + + Para deshabilitar la creación de fragmentos de configuración establezca el +parámetro a 'none'. + + + Predeterminado: no establecido (krb5.include.d subdirectorio del directorio +pubconf de SSSD) + + + + + + ipa_deskprofile_refresh (entero) + + + La cantidad de tiempo entre búsquedas de reglas Desktop Profile contra el +servidor IPA. Esto reducirá la latencia y la carga sobre el servidor IPA si +hay muchas solicitudes de perfiles de escritorio en un período corto. + + + Predeterminado: 5 (segundos) + + + + + + ipa_deskprofile_request_interval (entero) + + + La cantidad de tiempo entre búsquedas de las reglas Desktop Profile contra +el servidor IPA en el caso de que la última petición no devolvió ninguna +regla. + + + Predeterminado: 60 (minutos) + + + + + + ipa_hbac_refresh (entero) + + + La cantidad de tiempo entre vbúsquedas de las reglas HBAC contra el servidor +IPA. Esto reducirá la latencia y la carga sobre el servidor IPA si hay +muchas peticiones de control de acceso hechas en un corto período. + + + Predeterminado: 5 (segundos) + + + + + + ipa_hbac_selinux (entero) + + + La cantidad de tiempo entre búsquedas de los mapas SELinux contra el +servidor IPA. Esto reducirá la latencia y la carga sobre el servidor IPA si +hay muchas peticiones de acceso de usuario hechas en un corto período. + + + Predeterminado: 5 (segundos) + + + + + + ipa_server_mode (booleano) + + + Esta opción será establecida por el instalador IPA (ipa-server-install) +automáticamente y denota si SSSD está corriendo sobre un servidor IPA o no. + + + Sobre un servidor IPA SSSD buscara usuarios y grupos de los dominios de +confianza directamente mientras que sobre un cliente preguntará a un +servidor IPA. + + + NOTA: Actualmente hay algunas suposiciones que deben cumplirse cuando SSSD +se ejecuta en un servidor IPA. + + + + La opcion ipa_server debe configurarse para que apunte al +servidor IPA mismo. Esto está establecido de manera predeterminada por el +instalador IPA de modo que no se necesitan cambios manuales. + + + + + La opción full_name_format no debe modificarse para imprimir +solo nombres cortos de los usuarios de los dominios de confianza. + + + + + + Predeterminado: false + + + + + + ipa_automount_location (cadena) + + + La localización del automontador de este cliente IPA que será usada + + + Por defecto: La localización llamada “default” + + + + + + + + VISTAS Y ANULACIONES + + SSSD puede manejar vistas y anulaciones que son ofrecidas por FreeIPA 4.1 y +versiones posteriores. Como todas las rutas y objectclasses son fijadas en +el lado servidor no se necesita configurar nada. Para completar, las +opciones relacionadas son listadas aquí con sus valores +predeterminados. + + ipa_view_class (cadena) + + + Objectclass del contenedorde vistas. + + + Predeterminado: nsContainer + + + + + + ipa_view_name (cadena) + + + Nombre del atributo que contiene el nombre de la vista. + + + Predeterminado: cn + + + + + + ipa_override_object_class (cadena) + + + Objectclass de los objetos anulados. + + + Predeterminado: ipaOverrideAnchor + + + + + + ipa_anchor_uuid (cadena) + + + Nombre del atributo que contiene la referencia al objeto original en un +dominio remoto. + + + Predeterminado: ipaAnchorUUID + + + + + + ipa_user_override_object_class (cadena) + + + Nombre de los objectclass para los usuarios anulados. Se usa para determinar +si el objeto anulado encontrado está relacionado con un usuario o un grupo. + + + Las anulaciones de usuario pueden contener atributos dados por + + + ldap_user_name + + + ldap_user_uid_number + + + ldap_user_gid_number + + + ldap_user_gecos + + + ldap_user_home_directory + + + ldap_user_shell + + + ldap_user_ssh_public_key + + + + + Predeterminado: ipaUserOverride + + + + + + ipa_group_override_object_class (cadena) + + + Nombre del objectclass para grupos anulados. Se usa para determinar si el +objeto anulado encontrado está relacionado con un usuario o un grupo. + + + Las anulaciones de grupo pueden contener atributos dados por + + + ldap_group_name + + + ldap_group_gid_number + + + + + Predeterminado: ipaGroupOverride + + + + + + + + + + + + PROVEEDOR DE SUBDOMINIOS + + El proveedor de subdominios IPA se comporta de forma ligeramente diferente +si está configurado explícitamente o implícitamente. + + + Si la opción ' subdomains_provider = ipa' se encuentra en la sección de +dominio de sssd.conf, el proveedor de subdominios de IPA se configura +explícitamente, y todas las peticiones de subdominio se envían al servidor +de IPA si es necesario. + + + Si la opción 'subdomains_provider' no está establecida en la sección dominio +de sssd.conf pero hay la opción 'id_provider = ipa', el proveedor de +subdominios IPA está configurado implícitamente. En este caso, si una +petición de subdominio falla e indica que el servidor no soporta +subdominios, i.e. no está configurado para confianza, el proveedor de +subdominios IPA está deshabilitado. Después de una hora o después de que el +proveedor IPA esté en línea, el proveedor de subdominios está habilitado +otra vez. + + + + + CONFIGURACIÓN DE DOMINIOS DE CONFIANZA + + Some configuration options can also be set for a trusted domain. A trusted +domain configuration can be set using the trusted domain subsection as shown +in the example below. Alternatively, the subdomain_inherit +option can be used in the parent domain. +[domain/ipa.domain.com/ad.domain.com] +ad_server = dc.ad.domain.com + + + + For more details, see the +sssd.conf 5 + manual page. + + + Se pueden ajustar diferentes opciones de configuración para un dominio de +confianza dependiendo de si usted está configurando SSSD sobre un servidor +IPA o un cliente IPA. + + + OPCIONES AJUSTABLES EN IPA MAESTROS + + Se pueden establecer las siguientes opciones en una sección subdominio sobre +un IPA maestro: + + + ad_server + + + ad_backup_server + + + ad_site + + + ldap_search_base + + + ldap_user_search_base + + + ldap_group_search_base + + + use_fully_qualified_names + + + + + + OPCIONES AJUSTABLES SOBRE CLIENTES IPA + + Las siguientes opciones pueden ser establecidas en una sección subdominio +sobre un cliente IPA: + + + ad_server + + + ad_site + + + + + Advierta que si ambas opciones están establecidas solo se evalúa +ad_server. + + + Puesto que cualquier petición para una identidad de usuario o de grupo de un +dominio de confianza disparada desde un cliente IPA se resuelve por el +servidor IPA, las opciones ad_server y ad_site +solo afectan a que AD DC llevará a cabo la autenticación. En concreto, las +direcciones resueltas desde estas listas serán escritas a ficheros +kdcinfo leídos por el complemento localizador Kerberos. Por +favor vea la página de manual +sssd_krb5_locator_plugin +8 para mas detalles sobre el +complemento localizador Kerberos. + + + + + + + + + + EJEMPLO + + El siguiente ejemplo asume que SSSD está correctamente configurado y +example.com es uno de los dominios en la sección +[sssd]. Este ejemplo muestra sólo las opciones +específicas del proveedor ipa. + + + +[domain/example.com] +id_provider = ipa +ipa_server = ipaserver.example.com +ipa_hostname = myhost.example.com + + + + + + + + diff --git a/src/man/es/sssd-ldap-attributes.5.xml b/src/man/es/sssd-ldap-attributes.5.xml new file mode 100644 index 0000000..f5ffefa --- /dev/null +++ b/src/man/es/sssd-ldap-attributes.5.xml @@ -0,0 +1,1197 @@ + + + +Páginas de manual de SSSD + + + + + sssd-ldap-attributes + 5 + Formatos de archivo y convenciones + + + + sssd-ldap-attributes + SSSD LDAP Provider: Mapping Attributes + + + + DESCRIPCION + + This manual page describes the mapping attributes of SSSD LDAP provider + sssd-ldap +5 . Refer to the +sssd-ldap 5 + manual page for full details about SSSD LDAP provider +configuration options. + + + + + USER ATTRIBUTES + + + + ldap_user_object_class (cadena) + + + La clase de objeto de una entrada de usuario en LDAP. + + + Predeterminado: posixAccount + + + + + + ldap_user_name (cadena) + + + El atributo LDAP que corresponde al nombre de inicio de sesión del usuario. + + + Predeterminado: uid (rfc2307, rfc2307bis e IPA), sAMAccountName (AD) + + + + + + ldap_user_uid_number (cadena) + + + El atributo LDAP que corresponde al id de usuario. + + + Predeterminado: uidNumber + + + + + + ldap_user_gid_number (cadena) + + + El atributo LDAP que corresponde al id del grupo primario del usuario. + + + Predeterminado: gidNumber + + + + + + ldap_user_primary_group (cadena) + + + Atributo de grupo primario Active Directory para el mapeo de ID. Advierta +que este atributo debería solo ser establecido manualmente si usted está +ejecutando el proveedor ldap con mapeo ID. + + + Predeterminado: no establecido (LDAP), primaryGroupID (AD) + + + + + + ldap_user_gecos (cadena) + + + El atributo LDAP que corresponde al campo de gecos del usuario. + + + Predeterminado: gecos + + + + + + ldap_user_home_directory (cadena) + + + El atributo LDAP que contiene el nombre del directorio principal del +usuario. + + + Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD) + + + + + + ldap_user_shell (cadena) + + + El atributo LDAP que contiene la ruta de acceso a la shell predeterminada +del usuario. + + + Predeterminado: loginShell + + + + + + ldap_user_uuid (cadena) + + + El atributo LDAP que contiene el UUID/GUID de un objeto de usuario LDAP. + + + Predeterminado: no establecido en caso general, objectGUID para AD e +ipaUniqueID para IPA + + + + + + ldap_user_objectsid (cadena) + + + El atributo LDAP que contiene el objectSID de un objeto usuario LDAP. Esto +es normalmente sólo necesario para servidores ActiveDirectory. + + + Predeterminado: objectSid para ActiveDirectory, no establecido para otros +servidores. + + + + + + ldap_user_modify_timestamp (cadena) + + + El atributo LDAP que contiene la fecha y hora de la última modificación del +objeto primario. + + + Predeterminado: modifyTimestamp + + + + + + ldap_user_shadow_last_change (cadena) + + + Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre +de un atributo LDAP correspondiente a su +shadow 5 + homologo (fecha del último cambio de password). + + + Predeterminado: shadowLastChange + + + + + + ldap_user_shadow_min (cadena) + + + Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre +de un atributo LDAP correspondiente a su +shadow 5 + homologo (edad mínima del password). + + + Predeterminado: shadowMin + + + + + + ldap_user_shadow_max (cadena) + + + Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre +de un atributo LDAP correspondiente a su +shadow 5 + homologo (edad máxima del password). + + + Predeterminado: shadowMax + + + + + + ldap_user_shadow_warning (cadena) + + + Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre +de un atributo LDAP correspondiente a su +shadow 5 + homologo (período de aviso de password). + + + Predeterminado: shadowWarning + + + + + + ldap_user_shadow_inactive (cadena) + + + Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre +de un atributo LDAP correspondiente a su +shadow 5 + homologo (período de inactividad de password). + + + Predeterminado: shadowInactive + + + + + + ldap_user_shadow_expire (cadena) + + + Cuando se utiliza ldap_pwd_policy=shadow o +ldap_account_expire_policy=shadow, este parámetro contiene el nombre de un +atributo correspondiente con su +shadow 5 + homólogo (fecha de expiración de la cuenta). + + + Predeterminado: shadowExpire + + + + + + ldap_user_krb_last_pwd_change (cadena) + + + Cuando se utiliza ldap_pwd_policy=mit_kerberos, este parámetro contiene el +nombre de un atributo LDAP que almacena la fecha y la hora del último cambio +de password en kerberos. + + + Predeterminado: krbLastPwdChange + + + + + + ldap_user_krb_password_expiration (cadena) + + + Cuando se utiliza ldap_pwd_policy=mit_kerberos, este parámetro contiene el +nombre de un atributo LDAP que almacena la fecha y la hora en la que expira +el password actual. + + + Predeterminado: krbPasswordExpiration + + + + + + ldap_user_ad_account_expires (cadena) + + + Cuando se utiliza ldap_account_expire_policy=ad, este parámetro contiene el +nombre de un atributo LDAP que almacena el tiempo de expiración de la +cuenta. + + + Predeterminado: accountExpires + + + + + + ldap_user_ad_user_account_control (cadena) + + + Cuando se usa ldap_account_expire_policy=ad, este parámetro contiene el +nombre de un atributo LDAP que almacena el campo bit de control de la cuenta +de usuario. + + + Predeterminado: userAccountControl + + + + + + ldap_ns_account_lock (cadena) + + + Cuando se usa ldap_account_expire_policy=rhds o esquivalente, este parámetro +determina si el acceso está permitido o no. + + + Predeterminado: nsAccountLock + + + + + + ldap_user_nds_login_disabled (cadena) + + + Cuando se usa ldap_account_expire_policy=nds, este atributo determina si el +acceso está permitido o no. + + + Predeterminado: loginDisabled + + + + + + ldap_user_nds_login_expiration_time (cadena) + + + Cuando se usa ldap_account_expire_policy=nds, este atributo determina hasta +que fecha se concede el acceso. + + + Predeterminado: loginDisabled + + + + + + ldap_user_nds_login_allowed_time_map (cadena) + + + Cuando se utiliza ldap_account_expire_policy=nds, este atributo determina la +hora de un día en la semana cuando se concede el acceso. + + + Predeterminado: loginAllowedTimeMap + + + + + + ldap_user_principal (cadena) + + + El atributo LDAP que contiene le Nombre Principal de Usuario Kerberos (UPN) +del usuario. + + + Predeterminado: krbPrincipalName + + + + + + ldap_user_extra_attrs (cadena) + + + Lista separada por comas de atributos LDAP que SSSD debería ir a buscar con +el conjunto usual de atributos de usuario. + + + La lista puede contener bien nombres de atributo LDAP solamente o tuplas +separadas por comas de de nombre de atributo SSSD en caché y nombre de +atributo LDAP. En el caso de que solo sed especifique el nombre de atributo +LDAP, el atributo se salva al caché literal. El uso de un nombre de +atributo SSSD personal puede ser requerido por entornos que configuran +varios dominios SSSD con diferentes esquemas LDAP. + + + Por favor advierta que varios nombres de atributos están reservados por +SSSD, notablemente el atributo name. SSSD informaría de un +error si cualquiera de los nombres de atributo reservados es usado como un +nombre de atributo extra. + + + Ejemplos: + + + ldap_user_extra_attrs = telephoneNumber + + + Guarda el atributo telephoneNumber desde LDAP como +telephoneNumber al caché. + + + ldap_user_extra_attrs = phone:telephoneNumber + + + Guarda el atributo telephoneNumber desde LDAP como +phone al caché. + + + Predeterminado: no definido + + + + + + ldap_user_ssh_public_key (cadena) + + + El atributo LDAP que contiene las claves públicas SSH del usuario. + + + Predeterminado: sshPublicKey + + + + + + ldap_user_fullname (cadena) + + + El atributo LDAP que corresponde al nombre completo del usuario. + + + Predeterminado: cn + + + + + + ldap_user_member_of (cadena) + + + El atributo LDAP que lista los afiliación a grupo de usario. + + + Predeterminado: memberOf + + + + + + ldap_user_authorized_service (cadena) + + + Si access_provider=ldap y ldap_access_order=authorized_service, SSSD +utilizará la presencia del atributo authorizedService en la entrada LDAP del +usuario para determinar el privilegio de acceso. + + + Una denegación explícita (¡svc) se resuelve primero. Segundo, SSSD busca +permiso explícito (svc) y finalmente permitir todo (*). + + + Por favor advierta que la opcion de configuración ldap_access_order +debe incluir authorized_service con el +objetivo de que la opción ldap_user_authorized_service trabaje. + + + Some distributions (such as Fedora-29+ or RHEL-8) always include the +systemd-user PAM service as part of the login +process. Therefore when using service-based access control, the +systemd-user service might need to be added to the list of +allowed services. + + + Predeterminado: iluminada + + + + + + ldap_user_authorized_host (cadena) + + + Si access_provider=ldap y ldap_access_order=host, SSSD utilizará la +presencia del atributo host en la entrada LDAP del usuario para determinar +el privilegio de acceso. + + + Una denegación explícita (¡host) se resuelve primero. Segundo, la búsqueda +SSSD para permiso explícito (host) y finalmente permitir todo (*). + + + Por favor advierta que la opción de configuración ldap_access_order +debe incluir host con el objetivo de que +la opción ldap_user_authorized_host. + + + Default: host + + + + + + ldap_user_authorized_rhost (cadena) + + + Si access_provider=ldap y ldap_access_order=rhost, SSSD usará la presencia +del atributo rhost en la entrada LDAP de usuario para determinar el +privilegio de acceso. Similarmente al proceso de verificación de host. + + + Una denegación explícita (!rhost) se resuelve primero. Segundo, SSSD busca +permisos explícitos (rhost) y finalmente allow_all (*). + + + Por favor advierta que la opción de configuración ldap_access_order +debe incluir rhost con el objetivo de +que la opción ldap_user_authorized_rhost trabaje. + + + Predeterminado: rhost + + + + + + ldap_user_certificate (cadena) + + + Nombre del atributo LDAP que contiene el certificado X509 del usuario. + + + Predeterminado: userCertificate;binary + + + + + + ldap_user_email (cadena) + + + Nombre del atributo LDAP que contiene el correo electrónico del usuario. + + + Aviso: Si una dirección de correo electrónico de un usuario entra en +conflicto con una dirección de correo electrónico o el nombre totalmente +cualificado de otro usuario, SSSD no será capaz de servir adecuadamente a +esos usuarios. Si por alguna de varias razones los usuarios necesitan +compartir la misma dirección de correo electrónico establezca esta opción a +un nombre de atributo no existente con elobjetivo de deshabilitar la +búsqueda/acceso por correo electrónico. + + + Predeterminado: mail + + + + + ldap_user_passkey (string) + + + Name of the LDAP attribute containing the passkey mapping data of the user. + + + Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD) + + + + + + + + + GROUP ATTRIBUTES + + + + ldap_group_object_class (cadena) + + + La clase de objeto de una entrada de grupo LDAP. + + + Por defecto: posixGroup + + + + + + ldap_group_name (cadena) + + + The LDAP attribute that corresponds to the group name. In an environment +with nested groups, this value must be an LDAP attribute which has a unique +name for every group. This requirement includes non-POSIX groups in the tree +of nested groups. + + + Predeterminado: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD) + + + + + + ldap_group_gid_number (cadena) + + + El atributo LDAP que corresponde al id del grupo. + + + Predeterminado: gidNumber + + + + + + ldap_group_member (cadena) + + + El atributo LDAP que contiene los nombres de los miembros del grupo. + + + Valor predeterminado: memberuid (rfc2307) / member (rfc2307bis) + + + + + + ldap_group_uuid (cadena) + + + El atributo LDAP que contiene el UUID/GUID de un objeto grupo LDAP. + + + Predeterminado: no establecido en caso general, objectGUID para AD e +ipaUniqueID para IPA + + + + + + ldap_group_objectsid (cadena) + + + El atributo LDAP que contiene el objectSID de un objeto grupo LDAP. Esto es +normalmente sólo necesario para servidores ActiveDirectory. + + + Predeterminado: objectSid para ActiveDirectory, no establecido para otros +servidores. + + + + + + ldap_group_modify_timestamp (cadena) + + + El atributo LDAP que contiene la fecha y hora de la última modificación del +objeto primario. + + + Predeterminado: modifyTimestamp + + + + + + ldap_group_type (string) + + + El atributo LDAP que contiene un valor entero indicando el tipo del grupo y +puede ser otras banderas. + + + Este atributo es actualmente usado por el proveedor AD para determinar si un +grupo está en grupos de dominio local y ha de ser sacado de los dominios de +confianza. + + + Predeterminado: groupType en el proveedor AD, de otro modo no establecido + + + + + + ldap_group_external_member (cadena) + + + El atributo LDAP que referencia a los miembros de grupo que están definidos +en un dominio externo. En este momento, solo se soportan los miembros +externos de IPA. + + + Predeterminado: ipaExternalMember en el proveedor IPA, de otro modo no +estabecido. + + + + + + + + + NETGROUP ATTRIBUTES + + + + ldap_netgroup_object_class (cadena) + + + La clase objeto de una entrada de grupo de red en LDAP. + + + En proveedor IPA, ipa_netgroup_object_class, se usaría en su lugar. + + + Predeterminado: nisNetgroup + + + + + + ldap_netgroup_name (cadena) + + + El atributo LDAP que corresponde al nombre de grupo de red. + + + Un proveedor IPA, ipa_netgroup_name sería usado en su lugar. + + + Predeterminado: cn + + + + + + ldap_netgroup_member (cadena) + + + El atributo LDAP que contiene los nombres de los miembros de grupo de red. + + + Un proveedor IPA, ipa_netgroup_member sería usado en su lugar. + + + Predeterminado: memberNisNetgroup + + + + + + ldap_netgroup_triple (cadena) + + + El atributo LDAP que contiene los (host, usuario, dominio) triples de grupo +de red. + + + Esta opción no está disponible en el proveedor IPA. + + + Predeterminado: nisNetgroupTriple + + + + + + ldap_netgroup_modify_timestamp (cadena) + + + El atributo LDAP que contiene la fecha y hora de la última modificación del +objeto primario. + + + Esta opción no está disponible en el proveedor IPA. + + + Predeterminado: modifyTimestamp + + + + + + + + + HOST ATTRIBUTES + + + + ldap_host_object_class (cadena) + + + La clase de objeto de una entrada de host en LDAP. + + + Por defecto: ipService + + + + + + ldap_host_name (cadena) + + + El atributo LDAP que corresponde al nombre de host. + + + Predeterminado: cn + + + + + + ldap_host_fqdn (cadena) + + + El atributo LDAP que corresponde al nombre de dominio totalmente cualificado +del host. + + + Predeterminado: fqdn + + + + + + ldap_host_serverhostname (cadena) + + + El atributo LDAP que corresponde al nombre de host. + + + Predeterminado: serverHostname + + + + + + ldap_host_member_of (cadena) + + + Atributo LDAP que lista los miembros del grupo del host. + + + Predeterminado: memberOf + + + + + + ldap_host_ssh_public_key (cadena) + + + El atributo LDAP que contiene las claves públicas SSH del host. + + + Predeterminado: sshPublicKey + + + + + + ldap_host_uuid (cadena) + + + Atributo LDAP que contiene las UUID/GUID de un objeto host LDAP. + + + Predeterminado: no definido + + + + + + + + + SERVICE ATTRIBUTES + + + + ldap_service_object_class (cadena) + + + La clase objeto de una entrada de servicio en LDAP. + + + Por defecto: ipService + + + + + + ldap_service_name (cadena) + + + El atributo LDAP que contiene el nombre de servicio de atributos y sus +alias. + + + Predeterminado: cn + + + + + + ldap_service_port (cadena) + + + El atributo LDAP que contiene el puerto manejado por este servicio. + + + Por defecto: ipServicePort + + + + + + ldap_service_proto (cadena) + + + El atributo LDAP que contiene los protocolos entendidos por este servicio. + + + Por defecto: ipServiceProtocol + + + + + + + + + SUDO ATTRIBUTES + + + + ldap_sudorule_object_class (cadena) + + + El objeto clase de una regla de entrada sudo en LDAP. + + + Por defecto: sudoRole + + + + + + ldap_sudorule_name (cadena) + + + El atributo LDAP que corresponde a la regla nombre de sudo. + + + Predeterminado: cn + + + + + + ldap_sudorule_command (cadena) + + + El atributo LDAP que corresponde al nombre de comando. + + + Por defecto: sudoCommand + + + + + + ldap_sudorule_host (cadena) + + + El atributo LDAP que corresponde al nombre de host (o dirección IP del host, +red IP del host o grupo de red del host) + + + Por defecto: sudoHost + + + + + + ldap_sudorule_user (cadena) + + + El atributo LDAP que corresponde al nombre de usuario (o UID. nombre de +grupo o grupo de red del usuario) + + + Por defecto: sudoUser + + + + + + ldap_sudorule_option (cadena) + + + El atributo LDAP que corresponde a las opciones sudo. + + + Por defecto: sudoOption + + + + + + ldap_sudorule_runasuser (cadena) + + + El atributo LDAP que corresponde al nombre de usuario que los comandos +pueden ejecutar como. + + + Por defectot: sudoRunAsUser + + + + + + ldap_sudorule_runasgroup (cadena) + + + El atributo LDAP que corresponde al nombre de grupo o GID de grupo que puede +ejecutar comandos como. + + + Por defecto: sudoRunAsGroup + + + + + + ldap_sudorule_notbefore (cadena) + + + El atributo LDAP que corresponde al inicio de fecha/hora para cuando la +regla sudo es válida. + + + Por defecto: sudoNotBefore + + + + + + ldap_sudorule_notafter (cadena) + + + El atributo LDAP que corresponde a la fecha/hora final, después de la cual +la regla sudo dejará de ser válida. + + + Por defecto: sudoNotAfter + + + + + + ldap_sudorule_order (cadena) + + + El atributo LDAP que corresponde al índice de ordenación de la regla. + + + Por defecto: sudoOrder + + + + + + + + + AUTOFS ATTRIBUTES + + + + + + + IP HOST ATTRIBUTES + + + + ldap_iphost_object_class (string) + + + The object class of an iphost entry in LDAP. + + + Default: ipHost + + + + + + ldap_iphost_name (string) + + + The LDAP attribute that contains the name of the IP host attributes and +their aliases. + + + Predeterminado: cn + + + + + + ldap_iphost_number (string) + + + The LDAP attribute that contains the IP host address. + + + Default: ipHostNumber + + + + + + + + + IP NETWORK ATTRIBUTES + + + + ldap_ipnetwork_object_class (string) + + + The object class of an ipnetwork entry in LDAP. + + + Default: ipNetwork + + + + + + ldap_ipnetwork_name (string) + + + The LDAP attribute that contains the name of the IP network attributes and +their aliases. + + + Predeterminado: cn + + + + + + ldap_ipnetwork_number (string) + + + The LDAP attribute that contains the IP network address. + + + Default: ipNetworkNumber + + + + + + + + + + + diff --git a/src/man/es/sssd-ldap.5.xml b/src/man/es/sssd-ldap.5.xml new file mode 100644 index 0000000..d217939 --- /dev/null +++ b/src/man/es/sssd-ldap.5.xml @@ -0,0 +1,1780 @@ + + + +Páginas de manual de SSSD + + + + + sssd-ldap + 5 + Formatos de archivo y convenciones + + + + sssd-ldap + Proveedor SSSD LDAP + + + + DESCRIPCION + + Esta página de manual describe la configuración de dominios LDAP para + sssd 8 +. Vea la sección FILE FORMAT de la página de +manual sssd.conf +5 para información detallada de la +sintáxis. + + Puede configurar SSSD para usar más de un dominio LDAP. + + + LDAP back end supports id, auth, access and chpass providers. If you want to +authenticate against an LDAP server either TLS/SSL or LDAPS is +required. sssd does not support +authentication over an unencrypted channel. Even if the LDAP server is used +only as an identity provider, an encrypted channel is strongly +recommended. Please refer to ldap_access_filter config option +for more information about using LDAP as an access provider. + + + + + OPCIONES DE CONFIGURACIÓN + + Todas las opciones comunes de configuración que se aplican a los dominios +SSSD tambien se aplican a los dominios LDAP. Vea la sección DOMAIN +SECTIONS de la página de manual +sssd.conf 5 + para todos los detalles. Advierta que los atributos de mapeo +SSSD LDAP están descritos en la página de manual +sssd-ldap-attributes 5 +. + + ldap_uri, ldap_backup_uri (string) + + + Especifica una lista separada por comas de URIs del servidor LDAP al que +SSSD se conectaría en orden de preferencia. Vea la sección +CONMUTACIÓN EN ERROR para más información sobre la +conmutación en error y la redundancia de servidor. Si no hay opción +especificada, se habilita el descubridor de servicio. Para más información, +vea la sección DESCUBRIDOR DE SERVICIOS + + + El formato de la URI debe coincidir con el formato definido en RFC 2732: + + + ldap[s]://<host>[:port] + + + Para direcciones IPv6 explícitas, <host> debe estar entre corchetes [] + + + ejemplo: ldap://[fc00::126:25]:389 + + + + + + ldap_chpass_uri, ldap_chpass_backup_uri (cadena) + + + Especifica la lista separada por comas de URIs de los servidores LDAP a los +que SSSD se conectaría con el objetivo preferente de cambiar la contraseña +de un usuario. Vea la sección FAILOVER para más información +sobre failover y redundancia de servidor. + + + Para habilitar el servicio descubrimiento ldap_chpass_dns_service_name debe +ser establecido. + + + Por defecto: vacio, esto es ldap_uri se está usando. + + + + + + ldap_search_base (cadena) + + + El DN base por defecto que se usará para realizar operaciones LDAP de +usuario. + + + Desde SSSD 1.7.0, SSSD soporta múltiples bases de búsqueda usando la +sintaxis: + + + search_base[?scope?[filter][?search_base?scope?[filter]]*] + + + El alcance puede ser uno de “base”, “onlevel” o “subtree”. + + + El filtro debe ser un filtro de búsqueda LDAP válido como se especifica en +http://www.ietf.org/rfc/rfc2254.txt + + + Ejemplos: + + + ldap_search_base = dc=example,dc=com (que es equivalente a) ldap_search_base += dc=example,dc=com?subtree? + + + ldap_search_base = +cn=host_specific,dc=example,dc=com?subtree?(host=thishost)?dc=example.com?subtree? + + + Nota: No está soportado tener múltiples bases de búsqueda que se referencien +a objetos nombrados idénticamente (por ejemplo, grupos con el mismo nombre +en dos bases de búsqueda diferentes). Esto llevara a comportamientos +impredecibles sobre máquinas cliente. + + + Por defecto: no se fija, se usa el valor de los atributos +defaultNamingContext o namingContexts de RootDSE del servidor LDAP +usado. Si defaultNamingContext no existe o tiene un valor vacío se usa +namingContexts. El atributo namingContexts debe tener un único valor con el +DN de la base de búsqueda del servidor LDAP para hacer este trabajo. No se +soportan múltiples valores. + + + + + + ldap_schema (cadena) + + + Especifica el Tipo de Esquema en uso en el servidor LDAP +objetivo. Dependiendo del esquema seleccionado, los nombres de atributos por +defecto que se recuperan de los servidores pueden variar. La manera en que +algunos atributos son manejados puede también diferir. + + + Cuatro tipos de esquema son actualmente soportados: + + + + rfc2307 + + + + + rfc2307bis + + + + + IPA + + + + + AD + + + + + + La principal diferencia entre estos tipos de esquemas es como las +afiliaciones de grupo son grabadas en el servidor. Con rfc2307, los miembros +de grupos son listados por nombre en el atributo +memberUid. Con rfc2307bis e IPA, los miembros de grupo +son listados por DN y almacenados en el atributo +member. El tipo de esquema AD fija los atributos para +corresponderse con los valores Active Directory 2008r2. + + + Predeterminado: rfc2307 + + + + + + ldap_pwmodify_mode (cadena) + + + Especifica la operación que se usa para modificar la contraseña de usuario. + + + Actualmente se soportan dos modos: + + + + exop - Operación Extendida de Modificación de Contraseña (RFC 3062) + + + + + ldap_modify - Modificación directa de userPassword (no recomendado). + + + + + + Aviso: Primero, se establece una nueva conexión para verificar la contraseña +acutal uniendo con el usuario que ha pedido el cambio de contraseña. Si +tiene éxito, esta conexión se usa para el cambio de contraseña por lo tanto +el usuario debe haber escrito el atributo de acceos a userPassword. + + + Predeterminado: exop + + + + + + ldap_default_bind_dn (cadena) + + + El enlazador DN por defecto a usar para llevar a cabo operaciones LDAP. + + + + + + ldap_default_authtok_type (cadena) + + + El tipo de ficha de autenticación del enlazador DN por defecto. + + + Los dos mecanismos actualmente soportados son: + + + contraseña + + + obfuscated_password + + + Por defecto: contraseña + + + See the sss_obfuscate +8 manual page for more information. + + + + + + ldap_default_authtok (cadena) + + + The authentication token of the default bind DN. + + + + + + ldap_force_upper_case_realm (boolean) + + + Algunos servidores de directorio, por ejemplo Active Directory, pueden +entregar la parte real del UPN en minúsculas, lo que puede causar fallos de +autenticación. Fije esta opción en un valor distinto de cero si usted desea +usar mayúsculas reales. + + + Predeterminado: false + + + + + + ldap_enumeration_refresh_timeout (entero) + + + Especifica cuantos segundos SSSD tiene que esperar antes de refrescar su +escondrijo de los registros enumerados. + + + This option can be also set per subdomain or inherited via +subdomain_inherit. + + + Predeterminado: 300 + + + + + + ldap_purge_cache_timeout (entero) + + + Determina la frecuencia de comprobación del cache para entradas inactivas +(como grupos sin miembros y usuarios que nunca han accedido) y borrarlos +para guardar espacio. + + + Estableciendo esta opción a cero deshabilitará la operación de limpieza del +caché. Por favor advierta que si la enumeración está habilitada, se requiere +la tarea de limpieza con el objetivo de detectar entradas borradas desde el +servidor y no pueden ser deshabilitadas. Por defecto, la tarea de limpieza +correrá cada tres horas con la enumeración habilitada. + + + This option can be also set per subdomain or inherited via +subdomain_inherit. + + + Predeterminado: 0 (deshabilitado) + + + + + + ldap_group_nesting_level (entero) + + + Si ldap_schema está fijado en un formato de esquema que soporte los grupos +anidados (por ejemplo, RFC2307bis), entonces esta opción controla cuantos +niveles de anidamiento seguirá SSSD. Este opción no tiene efecto en el +esquema RFC2307. + + + Aviso: Esta opción especifica el nivel garantizado d grupos anidados a ser +procesados para cualquier búsqueda. Sin embargo, los grupos anidados detrás +de este límite pueden ser devueltos si las búsquedas +anteriores ya resueltas en os niveles más profundos de anidamiento. +También, las búsquedas subsiguientes para otros grupos pueden agrandar el +conjunto de resultados de la búsqueda origina si se requiere. + + + Si ldap_group_nesting_level está establecido a 0 no se procesan de ninguna +manera grupos anidados. Sin embargo, cuando está conectado a +Active-Directory Server 2008 y posteriores usando +id_provider=ad se recomienda además deshabilitar la +utilización de Token-Groups estableciendo ldap_use_tokengroups a false con +el objetivo de restringir el anidamiento de grupos. + + + Predeterminado: 2 + + + + + + ldap_use_tokengroups + + + Esta opción habilita o deshabilita el uso del atributo Token-Groups cuando +lleva a cabo un initgroup para usuarios de Active Directory Server 2008 y +posteriores. + + + This option can be also set per subdomain or inherited via +subdomain_inherit. + + + Predeterminado: True para AD e IPA en otro caso False. + + + + + + ldap_host_search_base (cadena) + + + Opcional. Usa la cadena dada como base de búsqueda para objetos host. + + + Vea ldap_search_base para información sobre la configuración +de múltiples bases de búsqueda. + + + Predeterminado: el valor de ldap_search_base + + + + + + ldap_service_search_base (cadena) + + + + + ldap_iphost_search_base (string) + + + + + ldap_ipnetwork_search_base (string) + + + + + ldap_search_timeout (entero) + + + Especifica el tiempo de salida (en segundos) que la búsqueda ldap está +permitida para correr antes que de quea cancelada y los resultados +escondidos devueltos (y se entra en modo fuera de línea) + + + Nota: esta opción será sujeto de cambios en las futuras versiones del +SSSD. Probablemente será sustituido en algunos puntos por una serie de +tiempos de espera para tipos específicos de búsqueda. + + + This option can be also set per subdomain or inherited via +subdomain_inherit. + + + Predeterminado: 6 + + + + + + ldap_enumeration_search_timeout (entero) + + + Especifica el tiempo de espera (en segundos) en los que las búsquedas ldap +de enumeraciones de usuario y grupo están permitidas de correr antes de que +sean canceladas y devueltos los resultados escondidos (y se entra en modo +fuera de línea) + + + This option can be also set per subdomain or inherited via +subdomain_inherit. + + + Predeterminado: 60 + + + + + + ldap_network_timeout (entero) + + + Especifica el tiempo de salida (en segudos) después del cual +poll 2 +/ select +2 siguiendo un +connect 2 + vuelve en caso de no actividad. + + + This option can be also set per subdomain or inherited via +subdomain_inherit. + + + Predeterminado: 6 + + + + + + ldap_opt_timeout (entero) + + + Especifica un tiempo de espera (en segundos) después del cual las llamadas a +LDAP APIs asíncronos se abortarán si no se recibe respuesta. También +controla el tiempo de espera cuando se comunica con el KDC en caso de enlace +SASL, el tiempo de espera de una operación de enlace LDAP, la operación de +cambio extendido de contraseña y las operación StartTLS. + + + This option can be also set per subdomain or inherited via +subdomain_inherit. + + + Predeterminado: 8 + + + + + + ldap_connection_expire_timeout (entero) + + + Especifica un tiempo de espera (en segundos) en el que se mantendrá una +conexión a un servidor LDAP. Después de este tiempo, la conexión será +restablecida. Si su usa en paralelo con SASL/GSSAPI, se usará el valor más +temprano (este valor contra el tiempo de vida TGT). + + + If the connection is idle (not actively running an operation) within +ldap_opt_timeout seconds of expiration, then it will be +closed early to ensure that a new query cannot require the connection to +remain open past its expiration. This implies that connections will always +be closed immediately and will never be reused if +ldap_connection_expire_timeout <= ldap_opt_timout + + + This timeout can be extended of a random value specified by +ldap_connection_expire_offset + + + This option can be also set per subdomain or inherited via +subdomain_inherit. + + + Predeterminado: 900 (15 minutos) + + + + + + ldap_connection_expire_offset (integer) + + + Random offset between 0 and configured value is added to +ldap_connection_expire_timeout. + + + This option can be also set per subdomain or inherited via +subdomain_inherit. + + + Predeterminado: 0 + + + + + + ldap_connection_idle_timeout (integer) + + + Specifies a timeout (in seconds) that an idle connection to an LDAP server +will be maintained. If the connection is idle for more than this time then +the connection will be closed. + + + You can disable this timeout by setting the value to 0. + + + This option can be also set per subdomain or inherited via +subdomain_inherit. + + + Predeterminado: 900 (15 minutos) + + + + + + ldap_page_size (entero) + + + Especifica el número de registros a recuperar desde una única petición +LDAP. Algunos servidores LDAP hacen cumplir un límite máximo por petición. + + + Predeterminado: 1000 + + + + + + ldap_disable_paging (booleano) + + + Deshabilita el control de paginación LDAP. Esta opción se debería usar si el +servidor LDAP reporta que soporta el control de paginación LDAP en sus +RootDSE pero no está habilitado o no se comporta apropiadamente. + + + Ejemplo: los servidores OpenLDAP con el módulo de control de paginación +instalado sobre el servidor pero no habilitado lo reportarán en el RootDSE +pero es incapaz de usarlo. + + + Ejemplo: 389 DS tiene un bug donde puede sólo soportar un control de +paginación a la vez en una única conexión. Sobre clientes ocupados, esto +puede ocasionar que algunas peticiones sean denegadas. + + + Por defecto: False + + + + + + ldap_disable_range_retrieval (booleano) + + + Deshabilitar la recuperación del rango de Active Directory. + + + Active Directory limita el número de miembros a recuperar en una única +búsqueda usando la política MaxValRange (que está predeterminada a 1500 +miembros). Si un grupo contiene mas miembros, la replica incluiría una +extensión de rango específica AD. Esta opción deshabilita el análisis de la +extensión del rango, por eso grupos grandes aparecerán como si no tuvieran +miembros. + + + Por defecto: False + + + + + + ldap_sasl_minssf (entero) + + + Cuando se está comunicando con un servidor LDAP usando SASL, especifica el +nivel de seguridad mínimo necesario para establecer la conexión. Los valores +de esta opción son definidos por OpenLDAP. + + + Por defecto: Usa el sistema por defecto (normalmente especificado por +ldap.conf) + + + + + + ldap_sasl_maxssf (integer) + + + When communicating with an LDAP server using SASL, specify the maximal +security level necessary to establish the connection. The values of this +option are defined by OpenLDAP. + + + Por defecto: Usa el sistema por defecto (normalmente especificado por +ldap.conf) + + + + + + ldap_deref_threshold (entero) + + + Especifica el número de miembros del grupo que deben estar desaparecidos +desde el escondrijo interno con el objetivo de disparar una búsqueda +deference. Si hay menos miembros desaparecidos, se buscarán individualmente. + + + Puede desactivar las búsquedas de desreferencia completamente estableciendo +el valor a 0. Tenga en cuenta que hay algunas rutas de código en SSSD, como +el proveedor IPA HBAC, que solo son implementadas usando la llamada de +desreferencia, de modo que solo con la desreferencia explícitamente +deshabilitada aquellas partes usarán todavía la desreferencia si el servidor +lo soporta y auncia el control de la desreferencia en el objeto rootDSE. + + + Una búsqueda dereference es un medio de descargar todos los miembros del +grupo en una única llamada LDAP. Servidores diferentes LDAP pueden +implementar diferentes métodos dereference. Los servidores actualmente +soportados son 389/RHDS, OpenLDAP y Active Directory. + + + Nota: Si alguna de las bases de búsqueda especifica un +filtro de búsqueda, la mejora del rendimiento de la búsqueda dereference +será deshabilitado sin tener en cuenta este ajuste. + + + Predeterminado: 10 + + + + + + ldap_ignore_unreadable_references (bool) + + + Ignore unreadable LDAP entries referenced in group's member attribute. If +this parameter is set to false an error will be returned and the operation +will fail instead of just ignoring the unreadable entry. + + + This parameter may be useful when using the AD provider and the computer +account that sssd uses to connect to AD does not have access to a particular +entry or LDAP sub-tree for security reasons. + + + Por defecto: False + + + + + + ldap_tls_reqcert (cadena) + + + Especifica que comprobaciones llevar a cabo sobre los certificados del +servidor en una sesión TLS, si las hay. Puede ser especificado como uno de +los siguientes valores: + + + never = El cliente no pedirá o comprobará ningún +certificado de servidor. + + + allow = Se pide el certificado del servidor. Si no se +suministra certificado, la sesión sigue normalmente. Si se suministra un +certificado malo, será ignorado y la sesión continua normalmente. + + + try = Se pide el certificado del servidor. Si no se +suministra certificado, la sesión continua normalmente. Si se suministra un +certificado malo, la sesión se termina inmediatamente. + + + demand = Se pide el certificado del servidor. Si no se +suministra certificado, o se suministra un certificado malo, la sesión se +termina inmediatamente. + + + hard = Igual que demand + + + Predeterminado: hard + + + + + + ldap_tls_cacert (cadena) + + + Especifica el fichero que contiene los certificados de todas las Autoridades +de Certificación que sssd reconocerá. + + + Por defecto: use los valores por defecto OpenLDAP, normalmente en +/etc/openldap/ldap.conf + + + + + + ldap_tls_cacertdir (cadena) + + + Especifica la ruta de un directorio que contiene los certificados de las +Autoridades de Certificación en ficheros individuales separados. Normalmente +los nombres de fichero necesita ser el hash del certificado seguido por +‘.0’. si esta disponible cacertdir_rehash puede ser usado +para crear los nombres correctos. + + + Por defecto: use los valores por defecto OpenLDAP, normalmente en +/etc/openldap/ldap.conf + + + + + + ldap_tls_cert (cadena) + + + Especifica el fichero que contiene el certificado para la clave del cliente. + + + Predeterminado: no definido + + + + + + ldap_tls_key (cadena) + + + Especifica el archivo que contiene la clave del cliente. + + + Predeterminado: no definido + + + + + + ldap_tls_cipher_suite (cadena) + + + Especifica conjuntos de cifrado aceptable. Por lo general, es una lista +searada por dos puntos. Vea el formato en +ldap.conf +5. + + + Por defecto: use los valores por defecto OpenLDAP, normalmente en +/etc/openldap/ldap.conf + + + + + + ldap_id_use_start_tls (booleano) + + + Specifies that the id_provider connection must also use tls to protect the channel. +true is strongly recommended for security reasons. + + + Predeterminado: false + + + + + + ldap_id_mapping (booleano) + + + Especifica que SSSD intentaría mapear las IDs de usuario y grupo desde los +atributos ldap_user_objectsid y ldap_group_objectsid en lugar de apoyarse en +ldap_user_uid_number y ldap_group_gid_number. + + + Actualmente está función soporta sólo mapeos de objectSID de +ActiveDirectory. + + + Predeterminado: false + + + + + + ldap_min_id, ldap_max_id (entero) + + + En contraste con el SID basado en mapeo de ID que se usa si ldap_id_mapping +está establecido a true el rango de ID permitido para ldap_user_uid_number y +ldap_group_gid_number está sin consolidar. En una configuración con +subdominios de confianza, esto podría producir colisiones de ID. Para evitar +las colisiones ldap_min_id y ldap_max_id pueden er establecidos para +restringir el rango permitido para las IDs que son leídas directamente desde +el servidor. Los subdominios pueden elegir otros rangos para asignar IDs. + + + Predeterminado: no establecido (ambas opciones se establecen a 0) + + + + + + ldap_sasl_mech (cadena) + + + Especifica el mecanismo SASL a usar. Actualmente solo están probados y +soportados GSSAPI y GSS-SPNEGO. + + + Si el backend admite subdominios el valor de ldap_sasl_mech es heredado +automáticamente por los subdominios. Si se necesita un valor diferente para +un subdominio puede ser sobrescrito estabeciendo ldap_sasl_mech para este +subdominio explícitamente. Por favor vea la SECCIÓN DOMINIO DE CONFIANZA es +sssd.conf +5 para más detalles. + + + Predeterminado: no definido + + + + + + ldap_sasl_authid (cadena) + + + Especifica la identificación de autorización SASL a usar. Cuando son usados +GSSAPI/GSS-SPNEGO, esto representa el principal Kerberos usado para +autenticación al directorio. Esta opción puede contener el principal +completo (por ejemplo host/myhost@EXAMPLE.COM) o solo el nombre principal +(por ejemplo host/myhost). Por defecto, el valor no está establecido y se +usan los siguientes principales: +hostname@REALM +netbiosname$@REALM +host/hostname@REALM +*$@REALM +host/*@REALM +host/* + +Si no se encuentra ninguno de ellos, se devuelve en primer principal en la +pestaña. + + + Por defecto: host/nombre_de_host@REALM + + + + + + ldap_sasl_realm (string) + + + Especifica el reino SASL a usar. Cuando no se especifica, esta opción se +pone por defecto al valor de krb5_realm. Si ldap_sasl_authid contiene el +reino también, esta opción se ignora. + + + Por defecto: el valor de krb5_realm. + + + + + + ldap_sasl_canonicalize (boolean) + + + Si se fija en true, la librería LDAP llevaría a cabo una búsqueda inversa +para para canocalizar el nombre de host durante una unión SASL. + + + Predeterminado: false; + + + + + + ldap_krb5_keytab (cadena) + + + Especifica la pestaña a usar cuando se utiliza SASL/GSSAPI/GSS-SPNEGO. + + + This option can be also set per subdomain or inherited via +subdomain_inherit. + + + Por defecto: Keytab del sistema, normalmente +/etc/krb5.keytab + + + + + + ldap_krb5_init_creds (booleano) + + + Especifica que id_provider debería iniciar las credenciales Kerberos (TGT). +Esta acción solo se lleva a cabo si se usa SASL y el mecanismo seleccionado +es GSSAPI o GSS-SPNEGO. + + + Predeterminado: true + + + + + + ldap_krb5_ticket_lifetime (entero) + + + Especifica el tiempo de vida en segundos del TGT si se usa GSSAPI o +GSS-SPNEGO. + + + This option can be also set per subdomain or inherited via +subdomain_inherit. + + + Predeterminado: 86400 (24 horas) + + + + + + krb5_server, krb5_backup_server (cadena) + + + Especifica una lista separada por comas de direcciones IP o nombres de host +de los servidores Kerberos a los cuales se conectaría SSSD en orden de +preferencia. Para más información sobre failover y redundancia de servidor, +vea la sección FAILOVER. Un número de puerto opcional +(precedido de dos puntos) puede ser añadido a las direcciones o nombres de +host. Si está vacío, el servicio descubridor está habilitado – para más +información, vea la sección SERVICE DISCOVERY. + + + Cuando se utiliza el servicio descubiertos para servidores KDC o kpasswd, +SSSD primero busca entradas DNS que especifiquen _udop como protocolo y +regresa a _tcp si no se encuentra nada. + + + Este opción se llamaba krb5_kdcip en las revisiones más +tempranas de SSSD. Mientras el legado de nombre se reconoce por el tiempo +que sea, los usuarios son advertidos para migrar sus ficheros de +configuración para usar krb5_server en su lugar. + + + + + + krb5_realm (cadena) + + + Especifica el REALM Kerberos (para autorización SASL/GSSAPI/GSS-SPNEGO). + + + Predeterminado: Predeterminados del sistema, vea +/etc/krb5.conf + + + + + + krb5_canonicalize (boolean) + + + Especifica si el host principal sería estandarizado cuando se conecte a un +servidor LDAP. Esta función está disponible con MIT Kerberos >= 1.7 + + + + Predeterminado: false + + + + + + krb5_use_kdcinfo (booleano) + + + Especifica si el SSSD debe instruir a las librerías Kerberos que ámbito y +que KDCs usar. Esta opción está por defecto, si la deshabilita, necesita +configurar las librerías Kerberos usando el fichero de configuración + krb5.conf +5 . + + + Vea la página de manual +sssd_krb5_locator_plugin +8 para más información sobre el +complemento localizador. + + + Predeterminado: true + + + + + + ldap_pwd_policy (cadena) + + + Seleccione la política para evaluar la caducidad de la contraseña en el lado +del cliente. Los siguientes valores son permitidos: + + + none - Sin evaluación en el lado cliente. Esta opción +no puede deshabilitar las políticas de password en el lado servidor. + + + shadow - Use +shadow +5 style attributes to evaluate if the +password has expired. Please see option "ldap_chpass_update_last_change" as +well. + + + mit_kerberos - Usa los atributos utilizados por MIT +Kerberos para determinar si el password ha expirado. Use +chpass_provider=krb5 para actualizar estos atributos cuando se cambia el +password. + + + Predeterminado: none + + + Aviso: si está configurada una política de contraseña +en el lado del servidor siempre tiene prioridad sobre la política +establecida por esta opción. + + + + + + ldap_referrals (boolean) + + + Especifica si el seguimiento de referencias automático debería ser +habilitado. + + + Por favor advierta que sssd sólo soporta seguimiento de referencias cuando +está compilado con OpenLDAP versión 2.4.13 o más alta. + + + Chasing referrals may incur a performance penalty in environments that use +them heavily, a notable example is Microsoft Active Directory. If your setup +does not in fact require the use of referrals, setting this option to false +might bring a noticeable performance improvement. Setting this option to +false is therefore recommended in case the SSSD LDAP provider is used +together with Microsoft Active Directory as a backend. Even if SSSD would be +able to follow the referral to a different AD DC no additional data would be +available. + + + Predeterminado: true + + + + + + ldap_dns_service_name (cadena) + + + Especifica el nombre del servicio para utilizar cuando está habilitado el +servicio de descubrimiento. + + + Predeterminado: ldap + + + + + + ldap_chpass_dns_service_name (cadena) + + + Especifica el nombre del servicio para utilizar al buscar un servidor LDAP +que permita cambios de contraseña cuando está habilitado el servicio de +descubrimiento. + + + Por defecto: no fijado, esto es servicio descubridor deshabilitado. + + + + + + ldap_chpass_update_last_change (booleano) + + + Especifica si actualizar el atributo ldap_user_shadow_last_change con días +desde el Epoch después de una operación de cambio de contraseña. + + + It is recommend to set this option explicitly if "ldap_pwd_policy = shadow" +is used to let SSSD know if the LDAP server will update shadowLastChange +LDAP attribute automatically after a password change or if SSSD has to +update it. + + + Por defecto: False + + + + + + ldap_access_filter (cadena) + + + Si está usando access_provider = ldap y ldap_access_order = filter +(predeterminado), esta opción es obligatoria. Especifica un criterio de +filtro de búsqueda LDAP que debe cumplirse para que el usuario obtenga +acceso a este host. Si access_provider = ldap, ldap_access_order = filter y +esta opción no estñan establecidos resultará que todos los usuarios tendrán +el acceso denegado. Use access_provider = permit para cambiar este +comportamiento predeterminado. Por favor advierta que este filtro se aplica +sobre la entrada LDAP del usuario y, por lo tanto, el filtrado basado en +grupos anidados puede no funcionar (e.g. el atributo memberOf sobre entradas +AD apunta solo a los parientes directos). Si se requiere el filtrado basado +en grupos anidados, vea por favor +sssd-simple5 +. + + + Ejemplo: + + +access_provider = ldap +ldap_access_filter = (employeeType=admin) + + + Este ejemplo significa que el acceso a este host está restringido a los +usuarios cuyo atributo employeeType esté establecido a "admin". + + + El almacenamiento en caché sin conexión para esta función está limitado a +determinar si el último inicio de sesión del usuario recibió permiso de +acceso. Si obtuvieron permiso de acceso durante su último inicio de sesión, +se les seguirán otorgando acceso sin conexión y viceversa. + + + Predeterminado: vacío + + + + + + ldap_account_expire_policy (cadena) + + + Con esta opción pueden ser habilitados los atributos de evaluación de +control de acceso del lado cliente. + + + Por favor advierta que siempre se recomienda utilizar el control de acceso +del lado servidor, esto es el servidor LDAP denegaría petición de enlace con +una código de error definible aunque el password sea correcto. + + + Los siguientes valores están permitidos: + + + shadow: usa el valor de ldap_user_shadow_expire para +determinar si la cuenta ha expirado. + + + ad: usa el valor del campo de 32 bit +ldap_user_ad_user_account_control y permite el acceso si el segundo bit no +está fijado. Si el atributo está desaparecido se concede el acceso. También +se comprueba el tiempo de expiración de la cuenta. + + + rhds, ipa, +389ds: usa el valor de ldap_ns_account_lock para +comprobar si se permite el acceso o no. + + + nds: los valores de +ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled y +ldap_user_nds_login_expiration_time se usan para comprobar si el acceso está +permitido. Si ambos atributos están desaparecidos se concede el acceso. + + + Por favor advierta que la opción de configuración ldap_access_order +debe incluir expire con el objetivo de +la opción ldap_account_expire_policy funcione. + + + Predeterminado: vacío + + + + + + ldap_access_order (cadena) + + + Lista separada por coma de opciones de control de acceso. Los valores +permitidos son: + + + filtro: utilizar ldap_access_filter + + + lockout: usar bloqueo de cuenta. Si se establece, esta +opción deniega el acceso en el caso de que el atributo ldap +'pwdAccountLockedTime' esté presente y tenga un valor de +'000001010000Z'. Por favor vea la opción ldap_pwdlockout_dn. Por favor +advieta que 'access_provider = ldap' debe ser establecido para que está +característica funciones. + + + Por favor tenga en cuenta que esta opción es reemplazada por la +opción ppolicy y puede ser quitada en un futuro lanzamiento. + + + + ppolicy: usar bloqueo de cuenta. Si se establece, esta +opción deniega el acceso en el caso de que el atributo ldap +'pwdAccountLockedTime' esté presente y tenga un valor de '000001010000Z' o +represente cualquier momento en el pasado. El valor del atributo +'pwdAccountLockedTime' debe terminar con 'Z', que denota la zona horaria +UTC. Otras zonas horarias no se soportan actualmente y llevarán a +"access-denied" cuando los usuarios intenten acceder. Por favor vea la +opción ldap_pwdlockout_dn. Por favor advierta que 'access_provider = ldap' +debe estar establecido para que esta característica funcione. + + + + caducar: utilizar ldap_account_expire_policy + + + pwd_expire_policy_reject, pwd_expire_policy_warn, +pwd_expire_policy_renew: Estas opciones son útiles si los +usuarios están interesados en que se les avise de que la contraseña está +próxima a expirar y la autenticación está basada en la utilización de un +método distinto a las contraseñas - por ejemplo claves SSH. + + + The difference between these options is the action taken if user password is +expired: + + + + pwd_expire_policy_reject - user is denied to log in, + + + + + pwd_expire_policy_warn - user is still able to log in, + + + + + pwd_expire_policy_renew - user is prompted to change their password +immediately. + + + + + + Por favor advierta que 'access_provider = ldap' debe estar establecido para +que esta función trabaje. También 'ldap_pwd_policy' debe estar establecido +para una política de contraseña apropiada. + + + authorized_service: utilizar el atributo +autorizedService para determinar el acceso + + + host: usa el atributo host para determinar el acceso + + + rhost: usar el atributo rhost para determinar si el +host remoto puede acceder + + + Por favor advierta el campo rhost en pam es establecido por la aplicación, +es mejor comprobar que la aplicación lo envía a pam, antes de habilitar esta +opción de control de acceso + + + Predeterminado: filter + + + Tenga en cuenta que es un error de configuración si un valor es usado más de +una vez. + + + + + + ldap_pwdlockout_dn (cadena) + + + Esta opción especifica la DN de la contraseña de entrada a la política sobre +un servidor LDAP. Tenga en cuenta que la ausencia de esta opción en +sssd.conf en caso de verificación de bloqueo de cuenta habilitada dará como +resultado el acceso denegado ya que los atributos ppolicy en el servidor +LDAP no pueden verificarse correctamente. + + + Ejemplo: cn=ppolicy,ou=policies,dc=example,dc=com + + + Predeterminado: cn=ppolicy,ou=policies,$ldap_search_base + + + + + + ldap_deref (cadena) + + + Especifica cómo se hace la eliminación de referencias al alias cuando se +lleva a cabo una búsqueda. Están permitidas las siguientes opciones: + + + never: Nunca serán eliminadas las referencias al alias. + + + searching: Las referencias al alias son eliminadas en +subordinadas del objeto base, pero no en localización del objeto base de la +búsqueda. + + + finding: Sólo se eliminarán las referencias a alias +cuando se localice el objeto base de la búsqueda. + + + always: Las referencias al alias se eliminarán tanto +para la búsqueda como en la localización del objeto base de la búsqueda. + + + Por defecto: Vacío (esto es manejado como nunca por las +librerías cliente LDAP) + + + + + + ldap_rfc2307_fallback_to_local_users (boolean) + + + Permite retener los usuarios locales como miembros de un grupo LDAP para +servidores que usan el esquema RFC2307. + + + En algunos entornos donde se usa el esquema RFC2307, los usuarios locales +son hechos miembros de los grupos LDAP añadiendo sus nombres al atributo +memberUid. La autoconsistencia del dominio se ve comprometida cuando se hace +esto, de modo que SSSD debería normalmente quitar los usuarios +“desparecidos” de las afiliaciones a grupos escondidas tan pronto como +nsswitch intenta ir a buscar información del usuario por medio de las +llamadas getpw*() o initgroups(). + + + Esta opción cae de nuevo en comprobar si los usuarios locales están +referenciados, y los almacena en caché de manera que más tarde las llamadas +initgroups() aumentará los usuarios locales con los grupos LDAP adicionales. + + + Predeterminado: false + + + + + + wildcard_limit (entero) + + + Especifica un límite superior sobre el número de entradas que son +descargadas durante una búsqueda de comodín. + + + En este momento solo el respondedor InfoPipe soporta búsqueda de comodín + + + Predeterminado: 1000 (frecuentemente el tamaño de una página) + + + + + + ldap_library_debug_level (integer) + + + Switches on libldap debugging with the given level. The libldap debug +messages will be written independent of the general debug_level. + + + OpenLDAP uses a bitmap to enable debugging for specific components, -1 will +enable full debug output. + + + Default: 0 (libldap debugging disabled) + + + + + + + + + + OPCIONES SUDO + + Las instrucciones detalladas para la configuración de sudo_provider están en +la página de manual sssd-sudo +5 . + + + + + + ldap_sudo_full_refresh_interval (entero) + + + Cuantos segundos esperará SSSD entre ejecutar un refresco total de las +reglas sudo (que descarga todas las reglas que están almacenadas en el +servidor). + + + El valor debe ser mayor que ldap_sudo_smart_refresh_interval + + + + You can disable full refresh by setting this option to 0. However, either +smart or full refresh must be enabled. + + + Por defecto: 21600 (6 horas) + + + + + + ldap_sudo_smart_refresh_interval (entero) + + + Cuantos segundos tiene SSSD que esperar antes de ejecutar una actualización +inteligente de las reglas sudo (lo que descarga todas las reglas que tienen +un USN más alto que el valor más alto del servidor USN que conoce +actualmente SSSD). + + + Si los atributos USN no se soportan por el servidor, se usa en su lugar el +atributo modifyTimestamp. + + + Aviso: el valor más alto de USN puede ser actualizado +por tres tareas: 1) Por una actualización total o inteligente de sudo (si se +encuentran reglas actualizadas), 2) por la enumeración de usuarios y grupos +(si se encuentran usuarios y grupos habilitados y actualizados) y 3) +reconectando con el servidor (por defecto cada 15 minutos, vea +ldap_connection_expire_timeout). + + + You can disable smart refresh by setting this option to 0. However, either +smart or full refresh must be enabled. + + + Predeterminado: 900 (15 minutos) + + + + + + ldap_sudo_random_offset (integer) + + + Random offset between 0 and configured value is added to smart and full +refresh periods each time the periodic task is scheduled. The value is in +seconds. + + + Note that this random offset is also applied on the first SSSD start which +delays the first sudo rules refresh. This prolongs the time when the sudo +rules are not available for use. + + + You can disable this offset by setting the value to 0. + + + Predeterminado: 0 (deshabilitado) + + + + + + ldap_sudo_use_host_filter (booleano) + + + Si es true, SSSD descargará sólo las reglas que son aplicables a esta +máquina (usando las direcciones de host/red y nombres de host IPv4 o IPv6). + + + Predeterminado: true + + + + + + ldap_sudo_hostnames (cadena) + + + Lista separada por espacios de nombres de host o nombres de dominio +totalmente cualificados que sería usada para filtrar las reglas. + + + Si esta opción está vacía, SSSD intentará descubrir el nombre de host y el +nombre de dominio totalmente cualificado automáticamente. + + + Si ldap_sudo_use_host_filter es +false esta opción no tiene efecto. + + + Por defecto: no especificado + + + + + + ldap_sudo_ip (cadena) + + + Lista separada por espacios de direcciones de host/red IPv4 o IPv6 que sería +usada para filtrar las reglas. + + + esta opción está vacía, SSSD intentará descrubrir las direcciones +automáticamente. + + + Si ldap_sudo_use_host_filter es +false esta opción no tiene efecto. + + + Por defecto: no especificado + + + + + + sudo_include_netgroups (booleano) + + + Si está a true SSSD descargará cada regla que contenga un grupo de red en el +atributo sudoHost. + + + Si ldap_sudo_use_host_filter es +false esta opción no tiene efecto. + + + Predeterminado: true + + + + + + ldap_sudo_include_regexp (booleano) + + + Si es verdad SSSD descargará cada regla que contenga un comodín en el +atributo sudoHost. + + + Si ldap_sudo_use_host_filter es +false esta opción no tiene efecto. + + + + ¡Usar comodines es una operación que es muy costosa de evaluar en el lado +del servidor LDAP! + + + + Predeterminado: false + + + + + + + Esta página de manual sólo describe el atributo de nombre mapping. Para una +explicación detallada de la semántica del atributo relacionada con sudo, vea + +sudoers.ldap5 + + + + + + OPCIONES AUTOFS + + Algunos de los valores por defecto para los parámetros de abajo dependen del +esquema LDAP. + + + + + ldap_autofs_map_master_name (cadena) + + + El nombre del mapa maestro de montaje automático en LDAP. + + + Pfredeterminado: auto.master + + + + + + + + + + + OPCIONES AVANZADAS + + Estas opciones están soportadas por dominios LDAP, pero deberían ser usadas +con precaución. Por favor incluyalas en su configuración si usted sabe lo +que está haciendo. + + ldap_netgroup_search_base (cadena) + + + + + ldap_user_search_base (cadena) + + + + + ldap_group_search_base (cadena) + + + + + + Si la opción ldap_use_tokengroups está habilitada, las +búsquedas contra Active Directory no serán restringidas y devolverán todos +los grupos miembros, incluso sin mapeo GID. Se recomienda deshabilitar esta +función, si los nombres de grupo no están siendo visualizados correctamente. + + + + ldap_sudo_search_base (cadena) + + + + + ldap_autofs_search_base (cadena) + + + + + + + + + + + + + + + EJEMPLO + + El siguiente ejemplo asume que SSSS está configurado correctamente y LDAP +está fijado a uno de los dominios de la sección +[domains]. + + + +[domain/LDAP] +id_provider = ldap +auth_provider = ldap +ldap_uri = ldap://ldap.mydomain.org +ldap_search_base = dc=mydomain,dc=org +ldap_tls_reqcert = demand +cache_credentials = true + + + + + EJEMPLO DE FILTRO DE ACCESO LDAP + + El siguiente ejemplo asume que SSSD está correctamente configurado y usa +ldap_access_order=lockout. + + + +[domain/LDAP] +id_provider = ldap +auth_provider = ldap +access_provider = ldap +ldap_access_order = lockout +ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org +ldap_uri = ldap://ldap.mydomain.org +ldap_search_base = dc=mydomain,dc=org +ldap_tls_reqcert = demand +cache_credentials = true + + + + + + NOTAS + + Las descripciones de algunas de las opciones de configuración en esta página +de manual están basadas en la página de manual +ldap.conf 5 + de la distribución OpenLDAP 2.4. + + + + + + + diff --git a/src/man/es/sssd-simple.5.xml b/src/man/es/sssd-simple.5.xml new file mode 100644 index 0000000..0f7f025 --- /dev/null +++ b/src/man/es/sssd-simple.5.xml @@ -0,0 +1,153 @@ + + + +Páginas de manual de SSSD + + + + + sssd-simple + 5 + Formatos de archivo y convenciones + + + + sssd-simple + el fichero de configuración para en proveedor de control de acceso 'simple' +de SSSD + + + + DESCRIPCION + + Esta página de manual describe la configuración del proveedor de control de +acceso simple para sssd +8 . Para una referencia detallada de +sintaxis, vea la sección FILE FORMAT de la página de manual + sssd.conf +5 . + + + El proveedor de acceso simple otorga o deniega el acceso en base a una lista +de acceso o denegación de usuarios o grupo de nombres. Se aplican las +siguientes reglas: + + + Si todas las listas están vacías, se concede acceso + + + + Si se ha suministrado alguna lista, el orden de evaluación es +permitir,denegar. Esto significa que cualquier regla de denegación será +saltada por cualquier regla de permiso coincidente. + + + + + Si una o ambas listas de "permiso" se suministran, todos los usuarios serán +denegados a no ser que aparezcan en la lista. + + + + + Si sólo se suministran listas de "denegación", todos los usuarios obtendran +acceso a no ser que aparezcan en la lista. + + + + + + + + OPCIONES DE CONFIGURACIÓN + Vea la sección DOMAIN SECTIONS de la página de manual + sssd.conf +5 para detalles sobre la +configuración de un dominio SSSD. + + simple_allow_users (cadena) + + + Lista separada por comas de usuarios a los está permitido el acceso. + + + + + + simple_deny_users (cadena) + + + Lista separada por comas de usuarios a los que explicítamente se les deniega +el acceso. + + + + + simple_allow_groups (cadena) + + + Lista separada por comas de grupos que tienen permitido el acceso. Esto se +aplica sólo a los grupos dentro del dominio SSSD. Los grupos locales no +serán evaluados. + + + + + + simple_deny_groups (cadena) + + + Lista separada por comas de grupos a los que explicítamente se les deniega +el acceso. Esto se aplica sólo a los grupos dentro del dominio SSSD. Los +grupos locales no serán evaluados. + + + + + + + No especificando valores para ninguna de las listas es equivalente a +saltarle totalmente. Tenga cuidado de esto mientras genera parámetros para +el simple proveedor usando secuencias de comandos automatizadas. + + + Por favor advierta que es un error de configuración si tanto, +simple_allow_users como simple_deny_user, están definidos. + + + + + EJEMPLO + + El siguiente ejemplo asume que SSSD está correctamente configurado y +example.com es uno de los dominios en la sección +[sssd]. Este ejemplo muestra sólo las opciones +específicas del proveedor de acceso simple. + + + +[domain/example.com] +access_provider = simple +simple_allow_users = user1, user2 + + + + + + NOTAS + + La jerarquía completa de membresía del grupo se resuelve antes de la +comprobación de acceso, así incluso los grupos anidados se pueden incluir en +las listas de acceso. Por favor tenga cuidado en que la opción +ldap_group_nesting_level puede impactar en los resultados y +deberia ser establecidad a un valor suficiente. Opción ( +sssd-ldap5 +). + + + + + + + diff --git a/src/man/es/sssd_krb5_locator_plugin.8.xml b/src/man/es/sssd_krb5_locator_plugin.8.xml new file mode 100644 index 0000000..3c88aaf --- /dev/null +++ b/src/man/es/sssd_krb5_locator_plugin.8.xml @@ -0,0 +1,108 @@ + + + +Páginas de manual de SSSD + + + + + sssd_krb5_locator_plugin + 8 + + + + sssd_krb5_locator_plugin + Complemento localizador Kerberos + + + + DESCRIPCION + + El complemento localizador Kerberos +sssd_krb5_locator_plugin es usado por libkrb5 para +encontrar KDCs en un reino Kerberos dado. SSSD proporciona dicho complemento +para guiar a todos los clientes Kerberos es un sistema a un único KDC. En +general, no debería importar con qué KDC está hablando un proceso de +cliente. Pero hay casos, e.g. después de un cambio de contraseña, donde no +todos los KDCs etán en el mismo estado porque los nuevos datos tienen que +ser replicados primero. Para evitar fallos de autenticación inesperados y +quizás bloqueos de cuentas sería bueno hablar con un único KDC todo lo que +sea posible. + + + libkrb5 buscará el complemento localizador en el subdirectorio libkrb5 del +directorio de complementos Kerberos, vea más detalles en plugin_base_dir en + krb5.conf +5 . El complemento solo se puede +deshabilitar borrando el fichero del complemento. No hay opción en a +configuración de Kerberos para deshabilitarlo. Pero la variable de entorno +SSSD_KRB5_LOCATOR_DISABLE puede ser usada para deshabilitar el complemento +en comandos individuales. Alternativamente la opción SSSD +krb5_use_kdcinfo=False puede ser usada para no generar los datos necesarios +para el complemento. Con esto, todavía se llama al complemento, pero no +proporcionará datos a la persona que llama para que libkrb5 pueda recurrir a +otros métodos definidos en krb5.conf. + + + El complemento lee la información sobre los KDCs de un reino dado desde un +fichero llamado kdcinfo.REALM. El fichero debería +contener uno o más nombres de DNS o direcciones IP ya sea en anotación +decimal con puntos IPv4 o en anotación hexadecimal IPv6. Su puede añadir un +número de puerto adicional al final separado con dos puntos, la dirección +IPv6 tiene que estar encerrada entre corchetes en este caso como es +usual. Las entradas válidas son: + + kdc.example.com + kdc.example.com:321 + 1.2.3.4 + 5.6.7.8:99 + 2001:db8:85a3::8a2e:370:7334 + [2001:db8:85a3::8a2e:370:7334]:321 + + Krb5 auth-provider de SSSD que es utilizado por IPA y los proveedores AD que +también agrega la dirección del actual KDC o controlador de dominio SSSD se +utiliza para este fichero. + + + En entornos con KDCs de solo lectura y lectura-escritura donde los clientes +esperan usar las instancias solo lectura para las operaciones generales y +solo KDC de lectura-escritura para cambio de configuración como cambios de +contraseña se utiliza kpasswdinfo.REALM también para +identificar KDCs de lectura-escritura. Si existe este fichero para el reino +dado el contenido será usado por el complemento para contestar las +peticiones de un servidor kpasswd o kadmin opara el maestro específico KDC +MIT Kerberos. Si la dirección contiene un número de puerto el puerto +predeterminado KDC 88 será usado para los posteriores. + + + + + NOTAS + + No todas las implementaciones Kerberos soportan el uso de plugins. Si +sssd_krb5_locator_plugin no está disponible en su sistema +usted tiene que editar /etc/krb5.conf para reflejar sus ajustes Kerberos. + + + Si la variable de entorno SSSD_KRB5_LOCATOR_DEBUR está fijada a cualquier +valor los mensajes de depuración se enviarán a stderr. + + + Si la variable de entorno SSSD_KRB5_LOCATOR_DISABLE está establecida a +cualquier valor el complemento es deshabilitado y y devolverá +KRB5_PLUGIN_NO_HANDLE al llamante. + + + Si la variable de entorno SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES etá +establecida a cualquier valor el complemento intentará resolver todos los +nombres DNS en el fichero kdcinfo. Por defecto el complemento devuelve +KRB5_PLUGIN_NO_HANDLE al llamante inmediatamente en el primer fallo +resolviendo DNS. + + + + + + + diff --git a/src/man/eu/include/ad_modified_defaults.xml b/src/man/eu/include/ad_modified_defaults.xml new file mode 100644 index 0000000..6ee0537 --- /dev/null +++ b/src/man/eu/include/ad_modified_defaults.xml @@ -0,0 +1,104 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and AD provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_enterprise_principal = true + + + + + + LDAP Provider + + + + ldap_schema = ad + + + + + ldap_force_upper_case_realm = true + + + + + ldap_id_mapping = true + + + + + ldap_sasl_mech = GSS-SPNEGO + + + + + ldap_referrals = false + + + + + ldap_account_expire_policy = ad + + + + + ldap_use_tokengroups = true + + + + + ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM) + + + The AD provider looks for a different principal than the LDAP provider by +default, because in an Active Directory environment the principals are +divided into two groups - User Principals and Service Principals. Only User +Principal can be used to obtain a TGT and by default, computer object's +principal is constructed from its sAMAccountName and the AD realm. The +well-known host/hostname@REALM principal is a Service Principal and thus +cannot be used to get a TGT with. + + + + + + NSS configuration + + + + fallback_homedir = /home/%d/%u + + + The AD provider automatically sets "fallback_homedir = /home/%d/%u" to +provide personal home directories for users without the homeDirectory +attribute. If your AD Domain is properly populated with Posix attributes, +and you want to avoid this fallback behavior, you can explicitly set +"fallback_homedir = %o". + + + Note that the system typically expects a home directory in /home/%u +folder. If you decide to use a different directory structure, some other +parts of your system may need adjustments. + + + For example automated creation of home directories in combination with +selinux requires selinux adjustment, otherwise the home directory will be +created with wrong selinux context. + + + + + diff --git a/src/man/eu/include/autofs_attributes.xml b/src/man/eu/include/autofs_attributes.xml new file mode 100644 index 0000000..8016b31 --- /dev/null +++ b/src/man/eu/include/autofs_attributes.xml @@ -0,0 +1,66 @@ + + + ldap_autofs_map_object_class (string) + + + The object class of an automount map entry in LDAP. + + + Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap + + + + + + ldap_autofs_map_name (string) + + + The name of an automount map entry in LDAP. + + + Default: nisMapName (rfc2307, autofs_provider=ad), otherwise +automountMapName + + + + + + ldap_autofs_entry_object_class (string) + + + The object class of an automount entry in LDAP. The entry usually +corresponds to a mount point. + + + Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount + + + + + + ldap_autofs_entry_key (string) + + + The key of an automount entry in LDAP. The entry usually corresponds to a +mount point. + + + Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey + + + + + + ldap_autofs_entry_value (string) + + + The key of an automount entry in LDAP. The entry usually corresponds to a +mount point. + + + Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise +automountInformation + + + + diff --git a/src/man/eu/include/autofs_restart.xml b/src/man/eu/include/autofs_restart.xml new file mode 100644 index 0000000..f31efe5 --- /dev/null +++ b/src/man/eu/include/autofs_restart.xml @@ -0,0 +1,5 @@ + + Please note that the automounter only reads the master map on startup, so if +any autofs-related changes are made to the sssd.conf, you typically also +need to restart the automounter daemon after restarting the SSSD. + diff --git a/src/man/eu/include/debug_levels.xml b/src/man/eu/include/debug_levels.xml new file mode 100644 index 0000000..1f51573 --- /dev/null +++ b/src/man/eu/include/debug_levels.xml @@ -0,0 +1,97 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Please note that each SSSD service logs into its own log file. Also please +note that enabling debug_level in the [sssd] +section only enables debugging just for the sssd process itself, not for the +responder or provider processes. The debug_level parameter +should be added to all sections that you wish to produce debug logs from. + + + In addition to changing the log level in the config file using the +debug_level parameter, which is persistent, but requires SSSD +restart, it is also possible to change the debug level on the fly using the + sss_debuglevel +8 tool. + + + Currently supported debug levels: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 9, 0x20000: Performance and +statistical data, please note that due to the way requests are processed +internally the logged execution time of a request might be longer than it +actually was. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Example: To log fatal failures, critical failures, +serious failures and function data use 0x0270. + + + Example: To log fatal failures, configuration settings, +function data, trace messages for internal control functions use 0x1310. + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/eu/include/debug_levels_tools.xml b/src/man/eu/include/debug_levels_tools.xml new file mode 100644 index 0000000..23f2f89 --- /dev/null +++ b/src/man/eu/include/debug_levels_tools.xml @@ -0,0 +1,77 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Currently supported debug levels: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Example: To log fatal failures, critical failures, +serious failures and function data use 0x0270. + + + Example: To log fatal failures, configuration settings, +function data, trace messages for internal control functions use 0x1310. + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/eu/include/failover.xml b/src/man/eu/include/failover.xml new file mode 100644 index 0000000..c1835eb --- /dev/null +++ b/src/man/eu/include/failover.xml @@ -0,0 +1,120 @@ + + FAILOVER + + The failover feature allows back ends to automatically switch to a different +server if the current server fails. + + + Failover Syntax + + The list of servers is given as a comma-separated list; any number of spaces +is allowed around the comma. The servers are listed in order of +preference. The list can contain any number of servers. + + + For each failover-enabled config option, two variants exist: +primary and backup. The idea is +that servers in the primary list are preferred and backup servers are only +searched if no primary servers can be reached. If a backup server is +selected, a timeout of 31 seconds is set. After this timeout SSSD will +periodically try to reconnect to one of the primary servers. If it succeeds, +it will replace the current active (backup) server. + + + + The Failover Mechanism + + The failover mechanism distinguishes between a machine and a service. The +back end first tries to resolve the hostname of a given machine; if this +resolution attempt fails, the machine is considered offline. No further +attempts are made to connect to this machine for any other service. If the +resolution attempt succeeds, the back end tries to connect to a service on +this machine. If the service connection attempt fails, then only this +particular service is considered offline and the back end automatically +switches over to the next service. The machine is still considered online +and might still be tried for another service. + + + Further connection attempts are made to machines or services marked as +offline after a specified period of time; this is currently hard coded to 30 +seconds. + + + If there are no more machines to try, the back end as a whole switches to +offline mode, and then attempts to reconnect every 30 seconds. + + + + Failover time outs and tuning + + Resolving a server to connect to can be as simple as running a single DNS +query or can involve several steps, such as finding the correct site or +trying out multiple host names in case some of the configured servers are +not reachable. The more complex scenarios can take some time and SSSD needs +to balance between providing enough time to finish the resolution process +but on the other hand, not trying for too long before falling back to +offline mode. If the SSSD debug logs show that the server resolution is +timing out before a live server is contacted, you can consider changing the +time outs. + + + This section lists the available tunables. Please refer to their description +in the +sssd.conf5 +, manual page. + + + dns_resolver_server_timeout + + + + Time in milliseconds that sets how long would SSSD talk to a single DNS +server before trying next one. + + + Default: 1000 + + + + + + dns_resolver_op_timeout + + + + Time in seconds to tell how long would SSSD try to resolve single DNS query +(e.g. resolution of a hostname or an SRV record) before trying the next +hostname or discovery domain. + + + Default: 3 + + + + + + dns_resolver_timeout + + + + How long would SSSD try to resolve a failover service. This service +resolution internally might include several steps, such as resolving DNS SRV +queries or locating the site. + + + Default: 6 + + + + + + + For LDAP-based providers, the resolve operation is performed as part of an +LDAP connection operation. Therefore, also the +ldap_opt_timeout timeout should be set to a larger value than +dns_resolver_timeout which in turn should be set to a larger +value than dns_resolver_op_timeout which should be larger +than dns_resolver_server_timeout. + + + diff --git a/src/man/eu/include/homedir_substring.xml b/src/man/eu/include/homedir_substring.xml new file mode 100644 index 0000000..d7533de --- /dev/null +++ b/src/man/eu/include/homedir_substring.xml @@ -0,0 +1,17 @@ + + homedir_substring (string) + + + The value of this option will be used in the expansion of the +override_homedir option if the template contains the +format string %H. An LDAP directory entry can directly +contain this template so that this option can be used to expand the home +directory path for each client machine (or operating system). It can be set +per-domain or globally in the [nss] section. A value specified in a domain +section will override one set in the [nss] section. + + + Default: /home + + + diff --git a/src/man/eu/include/ipa_modified_defaults.xml b/src/man/eu/include/ipa_modified_defaults.xml new file mode 100644 index 0000000..4ad4b45 --- /dev/null +++ b/src/man/eu/include/ipa_modified_defaults.xml @@ -0,0 +1,123 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and IPA provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_fast = try + + + + + krb5_canonicalize = true + + + + + + LDAP Provider - General + + + + ldap_schema = ipa_v1 + + + + + ldap_force_upper_case_realm = true + + + + + ldap_sasl_mech = GSSAPI + + + + + ldap_sasl_minssf = 56 + + + + + ldap_account_expire_policy = ipa + + + + + ldap_use_tokengroups = true + + + + + + LDAP Provider - User options + + + + ldap_user_member_of = memberOf + + + + + ldap_user_uuid = ipaUniqueID + + + + + ldap_user_ssh_public_key = ipaSshPubKey + + + + + ldap_user_auth_type = ipaUserAuthType + + + + + + LDAP Provider - Group options + + + + ldap_group_object_class = ipaUserGroup + + + + + ldap_group_object_class_alt = posixGroup + + + + + ldap_group_member = member + + + + + ldap_group_uuid = ipaUniqueID + + + + + ldap_group_objectsid = ipaNTSecurityIdentifier + + + + + ldap_group_external_member = ipaExternalMember + + + + + diff --git a/src/man/eu/include/krb5_options.xml b/src/man/eu/include/krb5_options.xml new file mode 100644 index 0000000..e13ba89 --- /dev/null +++ b/src/man/eu/include/krb5_options.xml @@ -0,0 +1,153 @@ + + + krb5_auth_timeout (integer) + + + Timeout in seconds after an online authentication request or change password +request is aborted. If possible, the authentication request is continued +offline. + + + Default: 6 + + + + + + krb5_validate (boolean) + + + Verify with the help of krb5_keytab that the TGT obtained has not been +spoofed. The keytab is checked for entries sequentially, and the first entry +with a matching realm is used for validation. If no entry matches the realm, +the last entry in the keytab is used. This process can be used to validate +environments using cross-realm trust by placing the appropriate keytab entry +as the last entry or the only entry in the keytab file. + + + Default: false (IPA and AD provider: true) + + + Please note that the ticket validation is the first step when checking the +PAC (see 'pac_check' in the +sssd.conf 5 + manual page for details). If ticket validation is disabled +the PAC checks will be skipped as well. + + + + + + krb5_renewable_lifetime (string) + + + Request a renewable ticket with a total lifetime, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + Default: not set, i.e. the TGT is not renewable + + + + + + krb5_lifetime (string) + + + Request ticket with a lifetime, given as an integer immediately followed by +a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given s is assumed. + + + NOTE: It is not possible to mix units. To set the lifetime to one and a +half hours please use '90m' instead of '1h30m'. + + + Default: not set, i.e. the default ticket lifetime configured on the KDC. + + + + + + krb5_renew_interval (string) + + + The time in seconds between two checks if the TGT should be renewed. TGTs +are renewed if about half of their lifetime is exceeded, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + If this option is not set or is 0 the automatic renewal is disabled. + + + Default: not set + + + + + + krb5_canonicalize (boolean) + + + Specifies if the host and user principal should be canonicalized. This +feature is available with MIT Kerberos 1.7 and later versions. + + + + Default: false + + + + diff --git a/src/man/eu/include/ldap_id_mapping.xml b/src/man/eu/include/ldap_id_mapping.xml new file mode 100644 index 0000000..f80be8d --- /dev/null +++ b/src/man/eu/include/ldap_id_mapping.xml @@ -0,0 +1,284 @@ + + ID MAPPING + + The ID-mapping feature allows SSSD to act as a client of Active Directory +without requiring administrators to extend user attributes to support POSIX +attributes for user and group identifiers. + + + NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are +ignored. This is to avoid the possibility of conflicts between +automatically-assigned and manually-assigned values. If you need to use +manually-assigned values, ALL values must be manually-assigned. + + + Please note that changing the ID mapping related configuration options will +cause user and group IDs to change. At the moment, SSSD does not support +changing IDs, so the SSSD database must be removed. Because cached passwords +are also stored in the database, removing the database should only be +performed while the authentication servers are reachable, otherwise users +might get locked out. In order to cache the password, an authentication must +be performed. It is not sufficient to use +sss_cache 8 + to remove the database, rather the process consists of: + + + + Making sure the remote servers are reachable + + + + + Stopping the SSSD service + + + + + Removing the database + + + + + Starting the SSSD service + + + + Moreover, as the change of IDs might necessitate the adjustment of other +system properties such as file and directory ownership, it's advisable to +plan ahead and test the ID mapping configuration thoroughly. + + + + Mapping Algorithm + + Active Directory provides an objectSID for every user and group object in +the directory. This objectSID can be broken up into components that +represent the Active Directory domain identity and the relative identifier +(RID) of the user or group object. + + + The SSSD ID-mapping algorithm takes a range of available UIDs and divides it +into equally-sized component sections - called "slices"-. Each slice +represents the space available to an Active Directory domain. + + + When a user or group entry for a particular domain is encountered for the +first time, the SSSD allocates one of the available slices for that +domain. In order to make this slice-assignment repeatable on different +client machines, we select the slice based on the following algorithm: + + + The SID string is passed through the murmurhash3 algorithm to convert it to +a 32-bit hashed value. We then take the modulus of this value with the total +number of available slices to pick the slice. + + + NOTE: It is possible to encounter collisions in the hash and subsequent +modulus. In these situations, we will select the next available slice, but +it may not be possible to reproduce the same exact set of slices on other +machines (since the order that they are encountered will determine their +slice). In this situation, it is recommended to either switch to using +explicit POSIX attributes in Active Directory (disabling ID-mapping) or +configure a default domain to guarantee that at least one is always +consistent. See Configuration for details. + + + + + Configuration + + Minimum configuration (in the [domain/DOMAINNAME] section): + + + +ldap_id_mapping = True +ldap_schema = ad + + + + The default configuration results in configuring 10,000 slices, each capable +of holding up to 200,000 IDs, starting from 200,000 and going up to +2,000,200,000. This should be sufficient for most deployments. + + + Advanced Configuration + + + ldap_idmap_range_min (integer) + + + Specifies the lower (inclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +can be used for the mapping. + + + NOTE: This option is different from min_id in that +min_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +min_id be less-than or equal to +ldap_idmap_range_min + + + Default: 200000 + + + + + ldap_idmap_range_max (integer) + + + Specifies the upper (exclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +cannot be used for the mapping anymore, i.e. one larger than the last one +which can be used for the mapping. + + + NOTE: This option is different from max_id in that +max_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +max_id be greater-than or equal to +ldap_idmap_range_max + + + Default: 2000200000 + + + + + ldap_idmap_range_size (integer) + + + Specifies the number of IDs available for each slice. If the range size +does not divide evenly into the min and max values, it will create as many +complete slices as it can. + + + NOTE: The value of this option must be at least as large as the highest user +RID planned for use on the Active Directory server. User lookups and login +will fail for any user whose RID is greater than this value. + + + For example, if your most recently-added Active Directory user has +objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, +ldap_idmap_range_size must be at least 1108 as range size is +equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1). + + + It is important to plan ahead for future expansion, as changing this value +will result in changing all of the ID mappings on the system, leading to +users with different local IDs than they previously had. + + + Default: 200000 + + + + + ldap_idmap_default_domain_sid (string) + + + Specify the domain SID of the default domain. This will guarantee that this +domain will always be assigned to slice zero in the ID map, bypassing the +murmurhash algorithm described above. + + + Default: not set + + + + + ldap_idmap_default_domain (string) + + + Specify the name of the default domain. + + + Default: not set + + + + + ldap_idmap_autorid_compat (boolean) + + + Changes the behavior of the ID-mapping algorithm to behave more similarly to +winbind's idmap_autorid algorithm. + + + When this option is configured, domains will be allocated starting with +slice zero and increasing monotonically with each additional domain. + + + NOTE: This algorithm is non-deterministic (it depends on the order that +users and groups are requested). If this mode is required for compatibility +with machines running winbind, it is recommended to also use the +ldap_idmap_default_domain_sid option to guarantee that at +least one domain is consistently allocated to slice zero. + + + Default: False + + + + + ldap_idmap_helper_table_size (integer) + + + Maximal number of secondary slices that is tried when performing mapping +from UNIX id to SID. + + + Note: Additional secondary slices might be generated when SID is being +mapped to UNIX id and RID part of SID is out of range for secondary slices +generated so far. If value of ldap_idmap_helper_table_size is equal to 0 +then no additional secondary slices are generated. + + + Default: 10 + + + + + + + + + Well-Known SIDs + + SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a +special hardcoded meaning. Since the generic users and groups related to +those Well-Known SIDs have no equivalent in a Linux/UNIX environment no +POSIX IDs are available for those objects. + + + The SID name space is organized in authorities which can be seen as +different domains. The authorities for the Well-Known SIDs are + + Null Authority + World Authority + Local Authority + Creator Authority + Mandatory Label Authority + Authentication Authority + NT Authority + Built-in + + The capitalized version of these names are used as domain names when +returning the fully qualified name of a Well-Known SID. + + + Since some utilities allow to modify SID based access control information +with the help of a name instead of using the SID directly SSSD supports to +look up the SID by the name as well. To avoid collisions only the fully +qualified names can be used to look up Well-Known SIDs. As a result the +domain names NULL AUTHORITY, WORLD AUTHORITY, +LOCAL AUTHORITY, CREATOR AUTHORITY, +MANDATORY LABEL AUTHORITY, AUTHENTICATION +AUTHORITY, NT AUTHORITY and BUILTIN +should not be used as domain names in sssd.conf. + + + + diff --git a/src/man/eu/include/ldap_search_bases.xml b/src/man/eu/include/ldap_search_bases.xml new file mode 100644 index 0000000..189f862 --- /dev/null +++ b/src/man/eu/include/ldap_search_bases.xml @@ -0,0 +1,31 @@ + + + An optional base DN, search scope and LDAP filter to restrict LDAP searches +for this attribute type. + + + syntax: +search_base[?scope?[filter][?search_base?scope?[filter]]*] + + + + The scope can be one of "base", "onelevel" or "subtree". The scope functions +as specified in section 4.5.1.2 of http://tools.ietf.org/html/rfc4511 + + + The filter must be a valid LDAP search filter as specified by +http://www.ietf.org/rfc/rfc2254.txt + + + For examples of this syntax, please refer to the +ldap_search_base examples section. + + + Default: the value of ldap_search_base + + + Please note that specifying scope or filter is not supported for searches +against an Active Directory Server that might yield a large number of +results and trigger the Range Retrieval extension in the response. + + diff --git a/src/man/eu/include/local.xml b/src/man/eu/include/local.xml new file mode 100644 index 0000000..ce849a3 --- /dev/null +++ b/src/man/eu/include/local.xml @@ -0,0 +1,17 @@ + + THE LOCAL DOMAIN + + In order to function correctly, a domain with +id_provider=local must be created and the SSSD must be +running. + + + The administrator might want to use the SSSD local users instead of +traditional UNIX users in cases where the group nesting (see +sss_groupadd 8 +) is needed. The local users are also useful for testing and +development of the SSSD without having to deploy a full remote server. The +sss_user* and sss_group* tools use a +local LDB storage to store users and groups. + + diff --git a/src/man/eu/include/override_homedir.xml b/src/man/eu/include/override_homedir.xml new file mode 100644 index 0000000..68a1c5e --- /dev/null +++ b/src/man/eu/include/override_homedir.xml @@ -0,0 +1,78 @@ + +override_homedir (string) + + + Override the user's home directory. You can either provide an absolute value +or a template. In the template, the following sequences are substituted: + + + %u + login name + + + %U + UID number + + + %d + domain name + + + %f + fully qualified user name (user@domain) + + + %l + The first letter of the login name. + + + %P + UPN - User Principal Name (name@REALM) + + + %o + + The original home directory retrieved from the identity provider. + + + + %h + + The original home directory retrieved from the identity provider, but in +lower case. + + + + %H + + The value of configure option homedir_substring. + + + + %% + a literal '%' + + + + + + This option can also be set per-domain. + + + example: +override_homedir = /home/%u + + + + Default: Not set (SSSD will use the value retrieved from LDAP) + + + Please note, the home directory from a specific override for the user, +either locally (see +sss_override +8) or centrally managed IPA +id-overrides, has a higher precedence and will be used instead of the value +given by override_homedir. + + + diff --git a/src/man/eu/include/param_help.xml b/src/man/eu/include/param_help.xml new file mode 100644 index 0000000..d28020b --- /dev/null +++ b/src/man/eu/include/param_help.xml @@ -0,0 +1,10 @@ + + + , + + + + Display help message and exit. + + + diff --git a/src/man/eu/include/param_help_py.xml b/src/man/eu/include/param_help_py.xml new file mode 100644 index 0000000..a2478bf --- /dev/null +++ b/src/man/eu/include/param_help_py.xml @@ -0,0 +1,10 @@ + + + , + + + + Display help message and exit. + + + diff --git a/src/man/eu/include/seealso.xml b/src/man/eu/include/seealso.xml new file mode 100644 index 0000000..1a8ed32 --- /dev/null +++ b/src/man/eu/include/seealso.xml @@ -0,0 +1,49 @@ + + SEE ALSO + + sssd8 +, +sssd.conf5 +, +sssd-ldap5 +, +sssd-ldap-attributes5 +, +sssd-krb55 +, +sssd-simple5 +, +sssd-ipa5 +, +sssd-ad5 +, +sssd-files5 +, +sssd-sudo 5 +, +sssd-session-recording +5 , +sss_cache8 +, +sss_debuglevel8 +, +sss_obfuscate8 +, +sss_seed8 +, +sssd_krb5_locator_plugin8 +, +sss_ssh_authorizedkeys +8 , +sss_ssh_knownhostsproxy +8 , sssd-ifp +5 , +pam_sss8 +. +sss_rpcidmapd 5 + +sssd-systemtap 5 + + + diff --git a/src/man/eu/include/service_discovery.xml b/src/man/eu/include/service_discovery.xml new file mode 100644 index 0000000..2e417a9 --- /dev/null +++ b/src/man/eu/include/service_discovery.xml @@ -0,0 +1,41 @@ + + SERVICE DISCOVERY + + The service discovery feature allows back ends to automatically find the +appropriate servers to connect to using a special DNS query. This feature is +not supported for backup servers. + + + Configuration + + If no servers are specified, the back end automatically uses service +discovery to try to find a server. Optionally, the user may choose to use +both fixed server addresses and service discovery by inserting a special +keyword, _srv_, in the list of servers. The order of +preference is maintained. This feature is useful if, for example, the user +prefers to use service discovery whenever possible, and fall back to a +specific server when no servers can be discovered using DNS. + + + + The domain name + + Please refer to the dns_discovery_domain parameter in the + sssd.conf +5 manual page for more details. + + + + The protocol + + The queries usually specify _tcp as the protocol. Exceptions are documented +in respective option description. + + + + See Also + + For more information on the service discovery mechanism, refer to RFC 2782. + + + diff --git a/src/man/eu/include/upstream.xml b/src/man/eu/include/upstream.xml new file mode 100644 index 0000000..2a4ad16 --- /dev/null +++ b/src/man/eu/include/upstream.xml @@ -0,0 +1,3 @@ + +SSSD The SSSD upstream - +https://github.com/SSSD/sssd/ diff --git a/src/man/fi/include/ad_modified_defaults.xml b/src/man/fi/include/ad_modified_defaults.xml new file mode 100644 index 0000000..5fea27d --- /dev/null +++ b/src/man/fi/include/ad_modified_defaults.xml @@ -0,0 +1,104 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and AD provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_enterprise_principal = true + + + + + + LDAP Provider + + + + ldap_schema = ad + + + + + ldap_force_upper_case_realm = true + + + + + ldap_id_mapping = true + + + + + ldap_sasl_mech = GSS-SPNEGO + + + + + ldap_referrals = false + + + + + ldap_account_expire_policy = ad + + + + + ldap_use_tokengroups = true + + + + + ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM) + + + The AD provider looks for a different principal than the LDAP provider by +default, because in an Active Directory environment the principals are +divided into two groups - User Principals and Service Principals. Only User +Principal can be used to obtain a TGT and by default, computer object's +principal is constructed from its sAMAccountName and the AD realm. The +well-known host/hostname@REALM principal is a Service Principal and thus +cannot be used to get a TGT with. + + + + + + NSS-määritykset + + + + fallback_homedir = /home/%d/%u + + + The AD provider automatically sets "fallback_homedir = /home/%d/%u" to +provide personal home directories for users without the homeDirectory +attribute. If your AD Domain is properly populated with Posix attributes, +and you want to avoid this fallback behavior, you can explicitly set +"fallback_homedir = %o". + + + Note that the system typically expects a home directory in /home/%u +folder. If you decide to use a different directory structure, some other +parts of your system may need adjustments. + + + For example automated creation of home directories in combination with +selinux requires selinux adjustment, otherwise the home directory will be +created with wrong selinux context. + + + + + diff --git a/src/man/fi/include/autofs_attributes.xml b/src/man/fi/include/autofs_attributes.xml new file mode 100644 index 0000000..8016b31 --- /dev/null +++ b/src/man/fi/include/autofs_attributes.xml @@ -0,0 +1,66 @@ + + + ldap_autofs_map_object_class (string) + + + The object class of an automount map entry in LDAP. + + + Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap + + + + + + ldap_autofs_map_name (string) + + + The name of an automount map entry in LDAP. + + + Default: nisMapName (rfc2307, autofs_provider=ad), otherwise +automountMapName + + + + + + ldap_autofs_entry_object_class (string) + + + The object class of an automount entry in LDAP. The entry usually +corresponds to a mount point. + + + Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount + + + + + + ldap_autofs_entry_key (string) + + + The key of an automount entry in LDAP. The entry usually corresponds to a +mount point. + + + Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey + + + + + + ldap_autofs_entry_value (string) + + + The key of an automount entry in LDAP. The entry usually corresponds to a +mount point. + + + Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise +automountInformation + + + + diff --git a/src/man/fi/include/autofs_restart.xml b/src/man/fi/include/autofs_restart.xml new file mode 100644 index 0000000..f31efe5 --- /dev/null +++ b/src/man/fi/include/autofs_restart.xml @@ -0,0 +1,5 @@ + + Please note that the automounter only reads the master map on startup, so if +any autofs-related changes are made to the sssd.conf, you typically also +need to restart the automounter daemon after restarting the SSSD. + diff --git a/src/man/fi/include/debug_levels.xml b/src/man/fi/include/debug_levels.xml new file mode 100644 index 0000000..1f51573 --- /dev/null +++ b/src/man/fi/include/debug_levels.xml @@ -0,0 +1,97 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Please note that each SSSD service logs into its own log file. Also please +note that enabling debug_level in the [sssd] +section only enables debugging just for the sssd process itself, not for the +responder or provider processes. The debug_level parameter +should be added to all sections that you wish to produce debug logs from. + + + In addition to changing the log level in the config file using the +debug_level parameter, which is persistent, but requires SSSD +restart, it is also possible to change the debug level on the fly using the + sss_debuglevel +8 tool. + + + Currently supported debug levels: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 9, 0x20000: Performance and +statistical data, please note that due to the way requests are processed +internally the logged execution time of a request might be longer than it +actually was. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Example: To log fatal failures, critical failures, +serious failures and function data use 0x0270. + + + Example: To log fatal failures, configuration settings, +function data, trace messages for internal control functions use 0x1310. + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/fi/include/debug_levels_tools.xml b/src/man/fi/include/debug_levels_tools.xml new file mode 100644 index 0000000..23f2f89 --- /dev/null +++ b/src/man/fi/include/debug_levels_tools.xml @@ -0,0 +1,77 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Currently supported debug levels: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Example: To log fatal failures, critical failures, +serious failures and function data use 0x0270. + + + Example: To log fatal failures, configuration settings, +function data, trace messages for internal control functions use 0x1310. + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/fi/include/failover.xml b/src/man/fi/include/failover.xml new file mode 100644 index 0000000..c1835eb --- /dev/null +++ b/src/man/fi/include/failover.xml @@ -0,0 +1,120 @@ + + FAILOVER + + The failover feature allows back ends to automatically switch to a different +server if the current server fails. + + + Failover Syntax + + The list of servers is given as a comma-separated list; any number of spaces +is allowed around the comma. The servers are listed in order of +preference. The list can contain any number of servers. + + + For each failover-enabled config option, two variants exist: +primary and backup. The idea is +that servers in the primary list are preferred and backup servers are only +searched if no primary servers can be reached. If a backup server is +selected, a timeout of 31 seconds is set. After this timeout SSSD will +periodically try to reconnect to one of the primary servers. If it succeeds, +it will replace the current active (backup) server. + + + + The Failover Mechanism + + The failover mechanism distinguishes between a machine and a service. The +back end first tries to resolve the hostname of a given machine; if this +resolution attempt fails, the machine is considered offline. No further +attempts are made to connect to this machine for any other service. If the +resolution attempt succeeds, the back end tries to connect to a service on +this machine. If the service connection attempt fails, then only this +particular service is considered offline and the back end automatically +switches over to the next service. The machine is still considered online +and might still be tried for another service. + + + Further connection attempts are made to machines or services marked as +offline after a specified period of time; this is currently hard coded to 30 +seconds. + + + If there are no more machines to try, the back end as a whole switches to +offline mode, and then attempts to reconnect every 30 seconds. + + + + Failover time outs and tuning + + Resolving a server to connect to can be as simple as running a single DNS +query or can involve several steps, such as finding the correct site or +trying out multiple host names in case some of the configured servers are +not reachable. The more complex scenarios can take some time and SSSD needs +to balance between providing enough time to finish the resolution process +but on the other hand, not trying for too long before falling back to +offline mode. If the SSSD debug logs show that the server resolution is +timing out before a live server is contacted, you can consider changing the +time outs. + + + This section lists the available tunables. Please refer to their description +in the +sssd.conf5 +, manual page. + + + dns_resolver_server_timeout + + + + Time in milliseconds that sets how long would SSSD talk to a single DNS +server before trying next one. + + + Default: 1000 + + + + + + dns_resolver_op_timeout + + + + Time in seconds to tell how long would SSSD try to resolve single DNS query +(e.g. resolution of a hostname or an SRV record) before trying the next +hostname or discovery domain. + + + Default: 3 + + + + + + dns_resolver_timeout + + + + How long would SSSD try to resolve a failover service. This service +resolution internally might include several steps, such as resolving DNS SRV +queries or locating the site. + + + Default: 6 + + + + + + + For LDAP-based providers, the resolve operation is performed as part of an +LDAP connection operation. Therefore, also the +ldap_opt_timeout timeout should be set to a larger value than +dns_resolver_timeout which in turn should be set to a larger +value than dns_resolver_op_timeout which should be larger +than dns_resolver_server_timeout. + + + diff --git a/src/man/fi/include/homedir_substring.xml b/src/man/fi/include/homedir_substring.xml new file mode 100644 index 0000000..d7533de --- /dev/null +++ b/src/man/fi/include/homedir_substring.xml @@ -0,0 +1,17 @@ + + homedir_substring (string) + + + The value of this option will be used in the expansion of the +override_homedir option if the template contains the +format string %H. An LDAP directory entry can directly +contain this template so that this option can be used to expand the home +directory path for each client machine (or operating system). It can be set +per-domain or globally in the [nss] section. A value specified in a domain +section will override one set in the [nss] section. + + + Default: /home + + + diff --git a/src/man/fi/include/ipa_modified_defaults.xml b/src/man/fi/include/ipa_modified_defaults.xml new file mode 100644 index 0000000..4ad4b45 --- /dev/null +++ b/src/man/fi/include/ipa_modified_defaults.xml @@ -0,0 +1,123 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and IPA provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_fast = try + + + + + krb5_canonicalize = true + + + + + + LDAP Provider - General + + + + ldap_schema = ipa_v1 + + + + + ldap_force_upper_case_realm = true + + + + + ldap_sasl_mech = GSSAPI + + + + + ldap_sasl_minssf = 56 + + + + + ldap_account_expire_policy = ipa + + + + + ldap_use_tokengroups = true + + + + + + LDAP Provider - User options + + + + ldap_user_member_of = memberOf + + + + + ldap_user_uuid = ipaUniqueID + + + + + ldap_user_ssh_public_key = ipaSshPubKey + + + + + ldap_user_auth_type = ipaUserAuthType + + + + + + LDAP Provider - Group options + + + + ldap_group_object_class = ipaUserGroup + + + + + ldap_group_object_class_alt = posixGroup + + + + + ldap_group_member = member + + + + + ldap_group_uuid = ipaUniqueID + + + + + ldap_group_objectsid = ipaNTSecurityIdentifier + + + + + ldap_group_external_member = ipaExternalMember + + + + + diff --git a/src/man/fi/include/krb5_options.xml b/src/man/fi/include/krb5_options.xml new file mode 100644 index 0000000..230cb0f --- /dev/null +++ b/src/man/fi/include/krb5_options.xml @@ -0,0 +1,153 @@ + + + krb5_auth_timeout (integer) + + + Timeout in seconds after an online authentication request or change password +request is aborted. If possible, the authentication request is continued +offline. + + + Default: 6 + + + + + + krb5_validate (boolean) + + + Verify with the help of krb5_keytab that the TGT obtained has not been +spoofed. The keytab is checked for entries sequentially, and the first entry +with a matching realm is used for validation. If no entry matches the realm, +the last entry in the keytab is used. This process can be used to validate +environments using cross-realm trust by placing the appropriate keytab entry +as the last entry or the only entry in the keytab file. + + + Default: false (IPA and AD provider: true) + + + Please note that the ticket validation is the first step when checking the +PAC (see 'pac_check' in the +sssd.conf 5 + manual page for details). If ticket validation is disabled +the PAC checks will be skipped as well. + + + + + + krb5_renewable_lifetime (string) + + + Request a renewable ticket with a total lifetime, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + Default: not set, i.e. the TGT is not renewable + + + + + + krb5_lifetime (string) + + + Request ticket with a lifetime, given as an integer immediately followed by +a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given s is assumed. + + + NOTE: It is not possible to mix units. To set the lifetime to one and a +half hours please use '90m' instead of '1h30m'. + + + Default: not set, i.e. the default ticket lifetime configured on the KDC. + + + + + + krb5_renew_interval (string) + + + The time in seconds between two checks if the TGT should be renewed. TGTs +are renewed if about half of their lifetime is exceeded, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + If this option is not set or is 0 the automatic renewal is disabled. + + + Oletus: ei asetettu + + + + + + krb5_canonicalize (boolean) + + + Specifies if the host and user principal should be canonicalized. This +feature is available with MIT Kerberos 1.7 and later versions. + + + + Oletus:epätosi + + + + diff --git a/src/man/fi/include/ldap_id_mapping.xml b/src/man/fi/include/ldap_id_mapping.xml new file mode 100644 index 0000000..9ab6838 --- /dev/null +++ b/src/man/fi/include/ldap_id_mapping.xml @@ -0,0 +1,284 @@ + + ID MAPPING + + The ID-mapping feature allows SSSD to act as a client of Active Directory +without requiring administrators to extend user attributes to support POSIX +attributes for user and group identifiers. + + + NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are +ignored. This is to avoid the possibility of conflicts between +automatically-assigned and manually-assigned values. If you need to use +manually-assigned values, ALL values must be manually-assigned. + + + Please note that changing the ID mapping related configuration options will +cause user and group IDs to change. At the moment, SSSD does not support +changing IDs, so the SSSD database must be removed. Because cached passwords +are also stored in the database, removing the database should only be +performed while the authentication servers are reachable, otherwise users +might get locked out. In order to cache the password, an authentication must +be performed. It is not sufficient to use +sss_cache 8 + to remove the database, rather the process consists of: + + + + Making sure the remote servers are reachable + + + + + Stopping the SSSD service + + + + + Removing the database + + + + + Starting the SSSD service + + + + Moreover, as the change of IDs might necessitate the adjustment of other +system properties such as file and directory ownership, it's advisable to +plan ahead and test the ID mapping configuration thoroughly. + + + + Mapping Algorithm + + Active Directory provides an objectSID for every user and group object in +the directory. This objectSID can be broken up into components that +represent the Active Directory domain identity and the relative identifier +(RID) of the user or group object. + + + The SSSD ID-mapping algorithm takes a range of available UIDs and divides it +into equally-sized component sections - called "slices"-. Each slice +represents the space available to an Active Directory domain. + + + When a user or group entry for a particular domain is encountered for the +first time, the SSSD allocates one of the available slices for that +domain. In order to make this slice-assignment repeatable on different +client machines, we select the slice based on the following algorithm: + + + The SID string is passed through the murmurhash3 algorithm to convert it to +a 32-bit hashed value. We then take the modulus of this value with the total +number of available slices to pick the slice. + + + NOTE: It is possible to encounter collisions in the hash and subsequent +modulus. In these situations, we will select the next available slice, but +it may not be possible to reproduce the same exact set of slices on other +machines (since the order that they are encountered will determine their +slice). In this situation, it is recommended to either switch to using +explicit POSIX attributes in Active Directory (disabling ID-mapping) or +configure a default domain to guarantee that at least one is always +consistent. See Configuration for details. + + + + + Asetukset + + Minimum configuration (in the [domain/DOMAINNAME] section): + + + +ldap_id_mapping = True +ldap_schema = ad + + + + The default configuration results in configuring 10,000 slices, each capable +of holding up to 200,000 IDs, starting from 200,000 and going up to +2,000,200,000. This should be sufficient for most deployments. + + + Advanced Configuration + + + ldap_idmap_range_min (integer) + + + Specifies the lower (inclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +can be used for the mapping. + + + NOTE: This option is different from min_id in that +min_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +min_id be less-than or equal to +ldap_idmap_range_min + + + Default: 200000 + + + + + ldap_idmap_range_max (integer) + + + Specifies the upper (exclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +cannot be used for the mapping anymore, i.e. one larger than the last one +which can be used for the mapping. + + + NOTE: This option is different from max_id in that +max_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +max_id be greater-than or equal to +ldap_idmap_range_max + + + Default: 2000200000 + + + + + ldap_idmap_range_size (integer) + + + Specifies the number of IDs available for each slice. If the range size +does not divide evenly into the min and max values, it will create as many +complete slices as it can. + + + NOTE: The value of this option must be at least as large as the highest user +RID planned for use on the Active Directory server. User lookups and login +will fail for any user whose RID is greater than this value. + + + For example, if your most recently-added Active Directory user has +objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, +ldap_idmap_range_size must be at least 1108 as range size is +equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1). + + + It is important to plan ahead for future expansion, as changing this value +will result in changing all of the ID mappings on the system, leading to +users with different local IDs than they previously had. + + + Default: 200000 + + + + + ldap_idmap_default_domain_sid (string) + + + Specify the domain SID of the default domain. This will guarantee that this +domain will always be assigned to slice zero in the ID map, bypassing the +murmurhash algorithm described above. + + + Oletus: ei asetettu + + + + + ldap_idmap_default_domain (string) + + + Specify the name of the default domain. + + + Oletus: ei asetettu + + + + + ldap_idmap_autorid_compat (boolean) + + + Changes the behavior of the ID-mapping algorithm to behave more similarly to +winbind's idmap_autorid algorithm. + + + When this option is configured, domains will be allocated starting with +slice zero and increasing monotonically with each additional domain. + + + NOTE: This algorithm is non-deterministic (it depends on the order that +users and groups are requested). If this mode is required for compatibility +with machines running winbind, it is recommended to also use the +ldap_idmap_default_domain_sid option to guarantee that at +least one domain is consistently allocated to slice zero. + + + Oletus:epätosi + + + + + ldap_idmap_helper_table_size (integer) + + + Maximal number of secondary slices that is tried when performing mapping +from UNIX id to SID. + + + Note: Additional secondary slices might be generated when SID is being +mapped to UNIX id and RID part of SID is out of range for secondary slices +generated so far. If value of ldap_idmap_helper_table_size is equal to 0 +then no additional secondary slices are generated. + + + Default: 10 + + + + + + + + + Well-Known SIDs + + SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a +special hardcoded meaning. Since the generic users and groups related to +those Well-Known SIDs have no equivalent in a Linux/UNIX environment no +POSIX IDs are available for those objects. + + + The SID name space is organized in authorities which can be seen as +different domains. The authorities for the Well-Known SIDs are + + Null Authority + World Authority + Local Authority + Creator Authority + Mandatory Label Authority + Authentication Authority + NT Authority + Built-in + + The capitalized version of these names are used as domain names when +returning the fully qualified name of a Well-Known SID. + + + Since some utilities allow to modify SID based access control information +with the help of a name instead of using the SID directly SSSD supports to +look up the SID by the name as well. To avoid collisions only the fully +qualified names can be used to look up Well-Known SIDs. As a result the +domain names NULL AUTHORITY, WORLD AUTHORITY, +LOCAL AUTHORITY, CREATOR AUTHORITY, +MANDATORY LABEL AUTHORITY, AUTHENTICATION +AUTHORITY, NT AUTHORITY and BUILTIN +should not be used as domain names in sssd.conf. + + + + diff --git a/src/man/fi/include/ldap_search_bases.xml b/src/man/fi/include/ldap_search_bases.xml new file mode 100644 index 0000000..1cf979b --- /dev/null +++ b/src/man/fi/include/ldap_search_bases.xml @@ -0,0 +1,31 @@ + + + An optional base DN, search scope and LDAP filter to restrict LDAP searches +for this attribute type. + + + Esimerkki: +search_base[?scope?[filter][?search_base?scope?[filter]]*] + + + + The scope can be one of "base", "onelevel" or "subtree". The scope functions +as specified in section 4.5.1.2 of http://tools.ietf.org/html/rfc4511 + + + The filter must be a valid LDAP search filter as specified by +http://www.ietf.org/rfc/rfc2254.txt + + + For examples of this syntax, please refer to the +ldap_search_base examples section. + + + Default: the value of ldap_search_base + + + Please note that specifying scope or filter is not supported for searches +against an Active Directory Server that might yield a large number of +results and trigger the Range Retrieval extension in the response. + + diff --git a/src/man/fi/include/local.xml b/src/man/fi/include/local.xml new file mode 100644 index 0000000..ce849a3 --- /dev/null +++ b/src/man/fi/include/local.xml @@ -0,0 +1,17 @@ + + THE LOCAL DOMAIN + + In order to function correctly, a domain with +id_provider=local must be created and the SSSD must be +running. + + + The administrator might want to use the SSSD local users instead of +traditional UNIX users in cases where the group nesting (see +sss_groupadd 8 +) is needed. The local users are also useful for testing and +development of the SSSD without having to deploy a full remote server. The +sss_user* and sss_group* tools use a +local LDB storage to store users and groups. + + diff --git a/src/man/fi/include/override_homedir.xml b/src/man/fi/include/override_homedir.xml new file mode 100644 index 0000000..dbfc0dd --- /dev/null +++ b/src/man/fi/include/override_homedir.xml @@ -0,0 +1,78 @@ + +override_homedir (string) + + + Override the user's home directory. You can either provide an absolute value +or a template. In the template, the following sequences are substituted: + + + %u + Kirjautumisnimi + + + %U + UID number + + + %d + Toimialueen nimi + + + %f + fully qualified user name (user@domain) + + + %l + The first letter of the login name. + + + %P + UPN - User Principal Name (name@REALM) + + + %o + + The original home directory retrieved from the identity provider. + + + + %h + + The original home directory retrieved from the identity provider, but in +lower case. + + + + %H + + The value of configure option homedir_substring. + + + + %% + a literal '%' + + + + + + This option can also be set per-domain. + + + Esimerkki: +override_homedir = /home/%u + + + + Default: Not set (SSSD will use the value retrieved from LDAP) + + + Please note, the home directory from a specific override for the user, +either locally (see +sss_override +8) or centrally managed IPA +id-overrides, has a higher precedence and will be used instead of the value +given by override_homedir. + + + diff --git a/src/man/fi/include/param_help.xml b/src/man/fi/include/param_help.xml new file mode 100644 index 0000000..d28020b --- /dev/null +++ b/src/man/fi/include/param_help.xml @@ -0,0 +1,10 @@ + + + , + + + + Display help message and exit. + + + diff --git a/src/man/fi/include/param_help_py.xml b/src/man/fi/include/param_help_py.xml new file mode 100644 index 0000000..a2478bf --- /dev/null +++ b/src/man/fi/include/param_help_py.xml @@ -0,0 +1,10 @@ + + + , + + + + Display help message and exit. + + + diff --git a/src/man/fi/include/seealso.xml b/src/man/fi/include/seealso.xml new file mode 100644 index 0000000..1a8ed32 --- /dev/null +++ b/src/man/fi/include/seealso.xml @@ -0,0 +1,49 @@ + + SEE ALSO + + sssd8 +, +sssd.conf5 +, +sssd-ldap5 +, +sssd-ldap-attributes5 +, +sssd-krb55 +, +sssd-simple5 +, +sssd-ipa5 +, +sssd-ad5 +, +sssd-files5 +, +sssd-sudo 5 +, +sssd-session-recording +5 , +sss_cache8 +, +sss_debuglevel8 +, +sss_obfuscate8 +, +sss_seed8 +, +sssd_krb5_locator_plugin8 +, +sss_ssh_authorizedkeys +8 , +sss_ssh_knownhostsproxy +8 , sssd-ifp +5 , +pam_sss8 +. +sss_rpcidmapd 5 + +sssd-systemtap 5 + + + diff --git a/src/man/fi/include/service_discovery.xml b/src/man/fi/include/service_discovery.xml new file mode 100644 index 0000000..4c3c8d6 --- /dev/null +++ b/src/man/fi/include/service_discovery.xml @@ -0,0 +1,41 @@ + + SERVICE DISCOVERY + + The service discovery feature allows back ends to automatically find the +appropriate servers to connect to using a special DNS query. This feature is +not supported for backup servers. + + + Asetukset + + If no servers are specified, the back end automatically uses service +discovery to try to find a server. Optionally, the user may choose to use +both fixed server addresses and service discovery by inserting a special +keyword, _srv_, in the list of servers. The order of +preference is maintained. This feature is useful if, for example, the user +prefers to use service discovery whenever possible, and fall back to a +specific server when no servers can be discovered using DNS. + + + + Toimialueen nimi + + Please refer to the dns_discovery_domain parameter in the + sssd.conf +5 manual page for more details. + + + + The protocol + + The queries usually specify _tcp as the protocol. Exceptions are documented +in respective option description. + + + + See Also + + For more information on the service discovery mechanism, refer to RFC 2782. + + + diff --git a/src/man/fi/include/upstream.xml b/src/man/fi/include/upstream.xml new file mode 100644 index 0000000..2a4ad16 --- /dev/null +++ b/src/man/fi/include/upstream.xml @@ -0,0 +1,3 @@ + +SSSD The SSSD upstream - +https://github.com/SSSD/sssd/ diff --git a/src/man/fr/include/ad_modified_defaults.xml b/src/man/fr/include/ad_modified_defaults.xml new file mode 100644 index 0000000..6ee0537 --- /dev/null +++ b/src/man/fr/include/ad_modified_defaults.xml @@ -0,0 +1,104 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and AD provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_enterprise_principal = true + + + + + + LDAP Provider + + + + ldap_schema = ad + + + + + ldap_force_upper_case_realm = true + + + + + ldap_id_mapping = true + + + + + ldap_sasl_mech = GSS-SPNEGO + + + + + ldap_referrals = false + + + + + ldap_account_expire_policy = ad + + + + + ldap_use_tokengroups = true + + + + + ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM) + + + The AD provider looks for a different principal than the LDAP provider by +default, because in an Active Directory environment the principals are +divided into two groups - User Principals and Service Principals. Only User +Principal can be used to obtain a TGT and by default, computer object's +principal is constructed from its sAMAccountName and the AD realm. The +well-known host/hostname@REALM principal is a Service Principal and thus +cannot be used to get a TGT with. + + + + + + NSS configuration + + + + fallback_homedir = /home/%d/%u + + + The AD provider automatically sets "fallback_homedir = /home/%d/%u" to +provide personal home directories for users without the homeDirectory +attribute. If your AD Domain is properly populated with Posix attributes, +and you want to avoid this fallback behavior, you can explicitly set +"fallback_homedir = %o". + + + Note that the system typically expects a home directory in /home/%u +folder. If you decide to use a different directory structure, some other +parts of your system may need adjustments. + + + For example automated creation of home directories in combination with +selinux requires selinux adjustment, otherwise the home directory will be +created with wrong selinux context. + + + + + diff --git a/src/man/fr/include/autofs_attributes.xml b/src/man/fr/include/autofs_attributes.xml new file mode 100644 index 0000000..2beae02 --- /dev/null +++ b/src/man/fr/include/autofs_attributes.xml @@ -0,0 +1,66 @@ + + + ldap_autofs_map_object_class (string) + + + La classe d'objet d'une entrée de table de montage automatique dans LDAP. + + + Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap + + + + + + ldap_autofs_map_name (string) + + + Le nom d'une entrée de table de montage automatique dans LDAP. + + + Default: nisMapName (rfc2307, autofs_provider=ad), otherwise +automountMapName + + + + + + ldap_autofs_entry_object_class (string) + + + The object class of an automount entry in LDAP. The entry usually +corresponds to a mount point. + + + Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount + + + + + + ldap_autofs_entry_key (string) + + + La clé d'une entrée de montage automatique dans LDAP. L'entrée correspond +généralement à un point de montage. + + + Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey + + + + + + ldap_autofs_entry_value (string) + + + La clé d'une entrée de montage automatique dans LDAP. L'entrée correspond +généralement à un point de montage. + + + Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise +automountInformation + + + + diff --git a/src/man/fr/include/autofs_restart.xml b/src/man/fr/include/autofs_restart.xml new file mode 100644 index 0000000..3873c56 --- /dev/null +++ b/src/man/fr/include/autofs_restart.xml @@ -0,0 +1,6 @@ + + Veuillez noter que l'automounter ne lit que la carte maîtresse au +démarrage. Ainsi, si des modifications liées à autofs sont apportées à +sssd.conf, vous devrez généralement redémarrer le démon automounter après le +redémarrage de SSSD + diff --git a/src/man/fr/include/debug_levels.xml b/src/man/fr/include/debug_levels.xml new file mode 100644 index 0000000..902be1b --- /dev/null +++ b/src/man/fr/include/debug_levels.xml @@ -0,0 +1,100 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Please note that each SSSD service logs into its own log file. Also please +note that enabling debug_level in the [sssd] +section only enables debugging just for the sssd process itself, not for the +responder or provider processes. The debug_level parameter +should be added to all sections that you wish to produce debug logs from. + + + In addition to changing the log level in the config file using the +debug_level parameter, which is persistent, but requires SSSD +restart, it is also possible to change the debug level on the fly using the + sss_debuglevel +8 tool. + + + Niveaux de débogage actuellement pris en charge : + + + 0, 0x0010 : défaillances +fatales. Tout ce qui empêcherait SSSD de démarrer ou provoquerait son arrêt. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040 : défaillances +graves. Une erreur qui annonce qu'une requête particulière ou une opération +a échoué. + + + 3, 0x0080 : erreurs mineures. Ce +sont les erreurs qui seraient susceptibles d'empirer pour provoquer l'erreur +en 2. + + + 4, 0x0100 : paramètres de +configuration. + + + 5, 0x0200 : données de +fonctionnement. + + + 6, 0x0400 : traçage des fonctions +opérationnelles. + + + 7, 0x1000 : traçage des fonctions +de contrôles internes. + + + 8, 0x2000 : contenu des variables +internes de fonctions pouvent être intéressantes. + + + 9, 0x4000 : informations de +traçage de bas niveau. + + + 9, 0x20000: Performance and +statistical data, please note that due to the way requests are processed +internally the logged execution time of a request might be longer than it +actually was. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Exemple : pour suivre erreurs fatales, critiques, +graves et les données de fonction, utiliser 0x0270. + + + Exemple : pour consigner les erreurs fatales, les +paramètres de configuration, les données de fonction, les messages de trace +pour les fonctions de contrôle interne, utiliser 0x1310. + + + Note : le format des niveaux de débogage a été +introduit dans la version 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/fr/include/debug_levels_tools.xml b/src/man/fr/include/debug_levels_tools.xml new file mode 100644 index 0000000..94ea6a8 --- /dev/null +++ b/src/man/fr/include/debug_levels_tools.xml @@ -0,0 +1,80 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Niveaux de débogage actuellement pris en charge : + + + 0, 0x0010 : défaillances +fatales. Tout ce qui empêcherait SSSD de démarrer ou provoquerait son arrêt. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040 : défaillances +graves. Une erreur qui annonce qu'une requête particulière ou une opération +a échoué. + + + 3, 0x0080 : erreurs mineures. Ce +sont les erreurs qui seraient susceptibles d'empirer pour provoquer l'erreur +en 2. + + + 4, 0x0100 : paramètres de +configuration. + + + 5, 0x0200 : données de +fonctionnement. + + + 6, 0x0400 : traçage des fonctions +opérationnelles. + + + 7, 0x1000 : traçage des fonctions +de contrôles internes. + + + 8, 0x2000 : contenu des variables +internes de fonctions pouvent être intéressantes. + + + 9, 0x4000 : informations de +traçage de bas niveau. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Exemple : pour suivre erreurs fatales, critiques, +graves et les données de fonction, utiliser 0x0270. + + + Exemple : pour consigner les erreurs fatales, les +paramètres de configuration, les données de fonction, les messages de trace +pour les fonctions de contrôle interne, utiliser 0x1310. + + + Note : le format des niveaux de débogage a été +introduit dans la version 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/fr/include/failover.xml b/src/man/fr/include/failover.xml new file mode 100644 index 0000000..c702a49 --- /dev/null +++ b/src/man/fr/include/failover.xml @@ -0,0 +1,126 @@ + + BASCULE + + La fonctionnalité de bascule autorise le moteur à basculer automatiquement +sur un serveur différent si le serveur actuel est défaillant. + + + Syntaxe de bascule + + La liste des serveurs est donnée sous forme de liste séparée par des +virgules ; un nombre quelconque d'espaces est autorisé autour de la +virgule. Les serveurs sont répertoriés par ordre de préférence. La liste +peut contenir un nombre quelconque de serveurs. + + + Pour chaque option de configuration alors que la bascule est activée, il +existe deux variantes : primary et +backup. L'idée est que les serveurs dans la liste +principale sont préférés et les serveurs de secours sont interrogés +uniquement si aucun serveur primaire ne peut être atteint. Si un serveur de +secours est sélectionné, un délai d'attente de 31 secondes est défini. Après +ce délai d'attente, SSSD tentera périodiquement de se reconnecter à un des +serveurs primaires. S'il réussit, il remplacera l'actuel serveur (de +secours) actif. + + + + Mécanisme de bascule + + Le mécanisme de bascule fait la distinction entre une machine et d'un +service. Le moteur tente d'abord de résoudre le nom d'hôte d'un ordinateur +donné ; en cas d'échec de cette tentative de résolution, la machine est +considérée comme hors ligne. Aucune autre tentative n'est faite pour se +connecter à cette machine pour tout autre service. Si la tentative de +résolution réussit, le serveur principal tente de se connecter à un service +sur cette machine. Si la tentative de connexion de service échoue, alors ce +seul service est considéré comme hors ligne et le moteur passe +automatiquement au service suivant. La machine est toujours considérée en +ligne et peut toujours être considérée pour une tentative d'accès à un autre +service. + + + Les tentatives de connexion ultérieures sont faites vers des machines ou des +services marqués comme hors connexion après un délai spécifié ; ce délai est +actuellement spécifié en dur à 30 secondes. + + + S'il n'y a plus aucune machine à essayer, le moteur dans son ensemble +bascule dans le mode hors connexion et tente ensuite de se reconnecter +toutes les 30 secondes. + + + + Failover time outs and tuning + + Resolving a server to connect to can be as simple as running a single DNS +query or can involve several steps, such as finding the correct site or +trying out multiple host names in case some of the configured servers are +not reachable. The more complex scenarios can take some time and SSSD needs +to balance between providing enough time to finish the resolution process +but on the other hand, not trying for too long before falling back to +offline mode. If the SSSD debug logs show that the server resolution is +timing out before a live server is contacted, you can consider changing the +time outs. + + + This section lists the available tunables. Please refer to their description +in the +sssd.conf5 +, manual page. + + + dns_resolver_server_timeout + + + + Time in milliseconds that sets how long would SSSD talk to a single DNS +server before trying next one. + + + Par défaut : 1000 + + + + + + dns_resolver_op_timeout + + + + Time in seconds to tell how long would SSSD try to resolve single DNS query +(e.g. resolution of a hostname or an SRV record) before trying the next +hostname or discovery domain. + + + Par défaut : 3 + + + + + + dns_resolver_timeout + + + + How long would SSSD try to resolve a failover service. This service +resolution internally might include several steps, such as resolving DNS SRV +queries or locating the site. + + + Par défaut : 6 + + + + + + + For LDAP-based providers, the resolve operation is performed as part of an +LDAP connection operation. Therefore, also the +ldap_opt_timeout timeout should be set to a larger value than +dns_resolver_timeout which in turn should be set to a larger +value than dns_resolver_op_timeout which should be larger +than dns_resolver_server_timeout. + + + diff --git a/src/man/fr/include/homedir_substring.xml b/src/man/fr/include/homedir_substring.xml new file mode 100644 index 0000000..77e861a --- /dev/null +++ b/src/man/fr/include/homedir_substring.xml @@ -0,0 +1,17 @@ + + homedir_substring (chaîne) + + + The value of this option will be used in the expansion of the +override_homedir option if the template contains the +format string %H. An LDAP directory entry can directly +contain this template so that this option can be used to expand the home +directory path for each client machine (or operating system). It can be set +per-domain or globally in the [nss] section. A value specified in a domain +section will override one set in the [nss] section. + + + Par défaut : /home + + + diff --git a/src/man/fr/include/ipa_modified_defaults.xml b/src/man/fr/include/ipa_modified_defaults.xml new file mode 100644 index 0000000..4ad4b45 --- /dev/null +++ b/src/man/fr/include/ipa_modified_defaults.xml @@ -0,0 +1,123 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and IPA provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_fast = try + + + + + krb5_canonicalize = true + + + + + + LDAP Provider - General + + + + ldap_schema = ipa_v1 + + + + + ldap_force_upper_case_realm = true + + + + + ldap_sasl_mech = GSSAPI + + + + + ldap_sasl_minssf = 56 + + + + + ldap_account_expire_policy = ipa + + + + + ldap_use_tokengroups = true + + + + + + LDAP Provider - User options + + + + ldap_user_member_of = memberOf + + + + + ldap_user_uuid = ipaUniqueID + + + + + ldap_user_ssh_public_key = ipaSshPubKey + + + + + ldap_user_auth_type = ipaUserAuthType + + + + + + LDAP Provider - Group options + + + + ldap_group_object_class = ipaUserGroup + + + + + ldap_group_object_class_alt = posixGroup + + + + + ldap_group_member = member + + + + + ldap_group_uuid = ipaUniqueID + + + + + ldap_group_objectsid = ipaNTSecurityIdentifier + + + + + ldap_group_external_member = ipaExternalMember + + + + + diff --git a/src/man/fr/include/krb5_options.xml b/src/man/fr/include/krb5_options.xml new file mode 100644 index 0000000..2d3dcd0 --- /dev/null +++ b/src/man/fr/include/krb5_options.xml @@ -0,0 +1,162 @@ + + + krb5_auth_timeout (entier) + + + Délai d'attente, en secondes, après l'annulation d'une requête +d'authentification en ligne ou de changement de mot de passe. La requête +d'authentification sera effectuée hors-ligne si cela est possible. + + + Par défaut : 6 + + + + + + krb5_validate (booléen) + + + Vérifie à l'aide de krb5_keytab que le TGT obtenu n'a pas été usurpé. Les +entrées d'un fichier keytab sont vérifiées dans l'ordre, et la première +entrée avec un domaine correspondant est utilisée pour la validation. Si +aucune entrée ne correspond au domaine, la dernière entrée dans le fichier +keytab est utilisée. Ce processus peut être utilisé pour valider des +environnements utilisant l'approbation entre domaines en plaçant l'entrée +keytab appropriée comme dernière ou comme seule entrée dans le fichier +keytab. + + + Default: false (IPA and AD provider: true) + + + Please note that the ticket validation is the first step when checking the +PAC (see 'pac_check' in the +sssd.conf 5 + manual page for details). If ticket validation is disabled +the PAC checks will be skipped as well. + + + + + + krb5_renewable_lifetime (chaîne) + + + Demande un ticket renouvelable avec une durée de vie totale, donnée par un +entier immédiatement suivi par une unité de temps : + + + s pour secondes + + + m pour minutes + + + h pour heures + + + d pour jours. + + + Si aucune unité n'est spécifiée, s est utilisé. + + + NOTE : il n'est pas possible de mélanger les unités. Pour indiquer une durée +de vie renouvelable de une heure et trente minutes, utiliser « 90m » au lieu +de « 1h30m ». + + + Par défaut : non défini, c'est-à-dire que le TGT n'est pas renouvelable + + + + + + krb5_lifetime (chaîne) + + + Demande un ticket avec une durée de vie, donnée par un entier immédiatement +suivi par une unité de temps : + + + s pour secondes + + + m pour minutes + + + h pour heures + + + d pour jours. + + + Si aucune unité n'est spécifiée, s est utilisé. + + + NOTE : il n'est pas possible de mélanger les unités. Pour indiquer une durée +de vie de une heure et trente minutes, utiliser « 90m » au lieu de « 1h30m +». + + + Par défaut : non défini, c'est-à-dire la durée de vie par défaut configurée +dans le KDC. + + + + + + krb5_renew_interval (chaîne) + + + La durée, en secondes, entre deux vérifications pour savoir si le TGT doit +être renouvelé. Les TGT sont renouvelés si environ la moitié de leur durée +de vie est dépassée. Indiquée par un entier immédiatement suivi d'une unité +de temps : + + + s pour secondes + + + m pour minutes + + + h pour heures + + + d pour jours. + + + Si aucune unité n'est spécifiée, s est utilisé. + + + NOTE : il n'est pas possible de mélanger les unités. Pour indiquer une durée +de vie renouvelable de une heure et trente minutes, utiliser « 90m » au lieu +de « 1h30m ». + + + Si cette option n'est pas définie ou définie à 0, le renouvellement +automatique est désactivé. + + + Par défaut : non défini + + + + + + krb5_canonicalize (booléen) + + + Spécifie si les principaux du système et de l'utilisateur doivent être +rendus canoniques. Cette fonctionnalité est disponible avec MIT Kerberos 1.7 +et versions suivantes. + + + + Par défaut : false + + + + diff --git a/src/man/fr/include/ldap_id_mapping.xml b/src/man/fr/include/ldap_id_mapping.xml new file mode 100644 index 0000000..accab09 --- /dev/null +++ b/src/man/fr/include/ldap_id_mapping.xml @@ -0,0 +1,293 @@ + + CORRESPONDANCE D'IDENTIFIANTS + + La fonctionnalité de correspondance d'ID permet à SSSD d'agir comme un +client de Active Directory sans demander aux administrateurs d'étendre les +attributs utilisateur pour prendre en charge les attributs POSIX pour les +identifiants d'utilisateur et de groupe. + + + Remarque : Lorsque la mise en correspondance des ID est activée, les +attributs uidNumber et gidNumber sont ignorés. Ceci afin d'éviter les +risques de conflit entre les valeurs attribuées automatiquement et assignées +manuellement. Si vous avez besoin d'utiliser des valeurs attribuées +manuellement, TOUTES les valeurs doivent être assignées manuellement. + + + Please note that changing the ID mapping related configuration options will +cause user and group IDs to change. At the moment, SSSD does not support +changing IDs, so the SSSD database must be removed. Because cached passwords +are also stored in the database, removing the database should only be +performed while the authentication servers are reachable, otherwise users +might get locked out. In order to cache the password, an authentication must +be performed. It is not sufficient to use +sss_cache 8 + to remove the database, rather the process consists of: + + + + Making sure the remote servers are reachable + + + + + Arrêter le service SSSD + + + + + Supprimer la base de donnée + + + + + Démarrer le service SSSD + + + + Moreover, as the change of IDs might necessitate the adjustment of other +system properties such as file and directory ownership, it's advisable to +plan ahead and test the ID mapping configuration thoroughly. + + + + Algorithme de correspondance + + Active Directory fournit un objectSID pour chaque objet d'utilisateur et de +groupe dans l'annuaire. Cet objectSID peut être divisé en composants qui +représentent l'identité de domaine Active Directory et l'identificateur +relatif (RID) de l'objet utilisateur ou groupe. + + + L'algorithme de mise en correspondance des ID de SSSD tient un éventail +d'uid disponibles et le divise en sections de même taille, appelées « +tranches ». Chaque tranche représente l'espace disponible dans un domaine +Active Directory. + + + Lorsqu'une entrée d'utilisateur ou de groupe pour un domaine particulier est +rencontrée pour la première fois, SSSD alloue une des plages disponibles +pour ce domaine. Afin de rendre cette affectation de plage reproductible sur +les ordinateurs clients différents, l'algorithme de sélection de plage +suivant est utilisé : + + + La chaîne du SID est passée par l'intermédiaire de l'algorithme murmurhash3 +pour le convertir en une valeur de hachage de 32 bits. Nous prenons ensuite +le modulo de cette valeur avec le nombre total des tranches disponibles pour +prendre la tranche. + + + Remarque : Il est possible de rencontrer les collisions dans le hachage et +le modulo en découlant. Dans ces situations, la tranche suivante disponible +sera sélectionnée, mais il n'est pas possible de reproduire le même jeu +exact des tranches sur d'autres machines (puisque l'ordre dans lequel elles +sont rencontrées déterminera leur tranche). Dans ce cas, il est recommandé +de passer à l'utilisation des attributs POSIX explicites dans Active +Directory (en désactivant la correspondance d'ID) ou configurer un domaine +par défaut afin de garantir qu'au moins un est toujours cohérent. Pour plus +d'informations, voir Configuration. + + + + + Configuration + + Configuration minimale (dans la section [domain/DOMAINNAME]) +: + + + +ldap_id_mapping = True +ldap_schema = ad + + + + The default configuration results in configuring 10,000 slices, each capable +of holding up to 200,000 IDs, starting from 200,000 and going up to +2,000,200,000. This should be sufficient for most deployments. + + + Configuration avancée + + + ldap_idmap_range_min (integer) + + + Specifies the lower (inclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +can be used for the mapping. + + + NOTE : Cette option est différente de min_id en ce sens que +min_id agit comme filtre sur le résultat des requêtes vers ce +domaine, alors que cette option contrôle les plages de correspondance +d'ID. Il s'agit d'une distinction subtile, mais les bonnes pratiques +conseillent d'avoir min_id inférieur ou égal à +ldap_idmap_range_min + + + Par défaut : 200000 + + + + + ldap_idmap_range_max (integer) + + + Specifies the upper (exclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +cannot be used for the mapping anymore, i.e. one larger than the last one +which can be used for the mapping. + + + NOTE : Cette option est différente de max_id en ce sens que +max_id agit comme filtre sur le résultat des requêtes vers ce +domaine, alors que cette option contrôle les plages de correspondance +d'ID. Il s'agit d'une distinction subtile, mais les bonnes pratiques +conseillent d'avoir max_id supérieur ou égal à +ldap_idmap_range_max + + + Par défaut : 2000200000 + + + + + ldap_idmap_range_size (integer) + + + Spécifie le nombre d'identifiants pour chaque tranche. Si la taille de la +plage ne divise pas uniformément dans les valeurs minimale et maximale, des +tranches complètes seront créées autant que possible. + + + NOTE: The value of this option must be at least as large as the highest user +RID planned for use on the Active Directory server. User lookups and login +will fail for any user whose RID is greater than this value. + + + For example, if your most recently-added Active Directory user has +objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, +ldap_idmap_range_size must be at least 1108 as range size is +equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1). + + + It is important to plan ahead for future expansion, as changing this value +will result in changing all of the ID mappings on the system, leading to +users with different local IDs than they previously had. + + + Par défaut : 200000 + + + + + ldap_idmap_default_domain_sid (chaîne) + + + Spécifier le SID de domaine du domaine par défaut. Cela garantira que ce +domaine est toujours affecté à la tranche zéro dans la carte d'ID, sans +passer par l'algorithme murmurhash décrit ci-dessus. + + + Par défaut : non défini + + + + + ldap_idmap_default_domain (chaîne) + + + Spécifier le nom de domaine par défaut. + + + Par défaut : non défini + + + + + ldap_idmap_autorid_compat (boolean) + + + Modifie le comportement de l'algorithme de mise en correspondance des ID +afin qu'il se comporte de manière identique à celui +idmap_autorid de winbind. + + + When this option is configured, domains will be allocated starting with +slice zero and increasing monotonically with each additional domain. + + + Remarque : Cet algorithme n'est pas déterministe (il dépend de l'ordre dans +lequel utilisateurs et groupes sont invités). Si ce mode est nécessaire pour +assurer la compatibilité avec les ordinateurs qui utilisent winbind, il est +recommandé d'utiliser également l'option +ldap_idmap_default_domain_sid pour garantir qu'au moins un +domaine est systématiquement alloué à la tranche zéro. + + + Par défaut : False + + + + + ldap_idmap_helper_table_size (integer) + + + Maximal number of secondary slices that is tried when performing mapping +from UNIX id to SID. + + + Note: Additional secondary slices might be generated when SID is being +mapped to UNIX id and RID part of SID is out of range for secondary slices +generated so far. If value of ldap_idmap_helper_table_size is equal to 0 +then no additional secondary slices are generated. + + + Par défaut : 10 + + + + + + + + + SID bien connus + + SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a +special hardcoded meaning. Since the generic users and groups related to +those Well-Known SIDs have no equivalent in a Linux/UNIX environment no +POSIX IDs are available for those objects. + + + The SID name space is organized in authorities which can be seen as +different domains. The authorities for the Well-Known SIDs are + + Null Authority + World Authority + Local Authority + Creator Authority + Mandatory Label Authority + Authentication Authority + NT Authority + Built-in + + The capitalized version of these names are used as domain names when +returning the fully qualified name of a Well-Known SID. + + + Since some utilities allow to modify SID based access control information +with the help of a name instead of using the SID directly SSSD supports to +look up the SID by the name as well. To avoid collisions only the fully +qualified names can be used to look up Well-Known SIDs. As a result the +domain names NULL AUTHORITY, WORLD AUTHORITY, +LOCAL AUTHORITY, CREATOR AUTHORITY, +MANDATORY LABEL AUTHORITY, AUTHENTICATION +AUTHORITY, NT AUTHORITY and BUILTIN +should not be used as domain names in sssd.conf. + + + + diff --git a/src/man/fr/include/ldap_search_bases.xml b/src/man/fr/include/ldap_search_bases.xml new file mode 100644 index 0000000..b75b30b --- /dev/null +++ b/src/man/fr/include/ldap_search_bases.xml @@ -0,0 +1,33 @@ + + + Un DN de base facultatif, une étendue de recherche et un filtre LDAP afin de +restreindre les recherches LDAP pour ce type d'attribut. + + + syntaxe : +search_base[?scope?[filter][?search_base?scope?[filter]]*] + + + + La portée peut être l'une des « base », « onelevel » ou « subtree ». Les +fonctions de portée sont spécifiées dans la section 4.5.1.2 de +http://tools.ietf.org/html/rfc4511 + + + Le filtre doit être un filtre de recherche LDAP valide tel que spécifié par +http://www.ietf.org/rfc/rfc2254.txt + + + Pour obtenir des exemples de cette syntaxe, reportez-vous à la section +d'exemples ldap_search_base. + + + Par défaut : la valeur de ldap_search_base + + + Noter que la spécification de portée ou de filtre n'est pas prise en charge +pour les recherches sur un serveur Active Directory qui serait susceptible +de produire un grand nombre de résultats et de déclencher l'extension Range +Retrieval dans sa réponse. + + diff --git a/src/man/fr/include/local.xml b/src/man/fr/include/local.xml new file mode 100644 index 0000000..1a7c8a2 --- /dev/null +++ b/src/man/fr/include/local.xml @@ -0,0 +1,17 @@ + + LE DOMAINE LOCAL + + Pour fonctionner correctement, un domaine avec id_provider = +local doit être créé et SSSD doit s'exécuter. + + + L'administrateur peut vouloir utiliser les utilisateurs locaux SSSD au lieu +des utilisateurs UNIX traditionnels dans les cas où l'imbrication de groupes +(cf. sss_groupadd +8) est nécessaire. Les utilisateurs +locaux sont également utiles pour les tests et le développement de SSSD sans +avoir à déployer un serveur distant complet. Les outils sss_user +* et sss_group * utilisent alors un stockage +local de type LDB pour les utilisateurs et les groupes. + + diff --git a/src/man/fr/include/override_homedir.xml b/src/man/fr/include/override_homedir.xml new file mode 100644 index 0000000..9c35be0 --- /dev/null +++ b/src/man/fr/include/override_homedir.xml @@ -0,0 +1,79 @@ + +override_homedir (chaîne) + + + Réécrit le répertoire personnel de l'utilisateur. Il est possible de fournir +une valeur absolue ou un patron. Dans le cas d'un patron, les séquences +suivantes sont substituées : + + %u + identifiant de connexion + + + %U + numéro d'UID + + + %d + nom de domaine + + + %f + nom d'utilisateur pleinement qualifié (utilisateur@domaine) + + + %l + The first letter of the login name. + + + %P + UPN - Nom de principal d'utilisateur (User principal name, nom@ROYAUME) + + + %o + + Le répertoire utilisateur original provenant du fournisseur d'identité. + + + + %h + + The original home directory retrieved from the identity provider, but in +lower case. + + + + %H + + La valeur de l'option de configuration +homedir_substring. + + + + %% + un « % » littéral + + + + + + Cette option peut aussi être définie pour chaque domaine. + + + exemple : +override_homedir = /home/%u + + + + Par défaut : Indéfini (SSSD utilisera la valeur récupérée de LDAP) + + + Please note, the home directory from a specific override for the user, +either locally (see +sss_override +8) or centrally managed IPA +id-overrides, has a higher precedence and will be used instead of the value +given by override_homedir. + + + diff --git a/src/man/fr/include/param_help.xml b/src/man/fr/include/param_help.xml new file mode 100644 index 0000000..89c1343 --- /dev/null +++ b/src/man/fr/include/param_help.xml @@ -0,0 +1,10 @@ + + + , + + + + Affiche l'aide et quitte. + + + diff --git a/src/man/fr/include/param_help_py.xml b/src/man/fr/include/param_help_py.xml new file mode 100644 index 0000000..22cd5fa --- /dev/null +++ b/src/man/fr/include/param_help_py.xml @@ -0,0 +1,10 @@ + + + , + + + + Affiche l'aide et quitte. + + + diff --git a/src/man/fr/include/seealso.xml b/src/man/fr/include/seealso.xml new file mode 100644 index 0000000..828a941 --- /dev/null +++ b/src/man/fr/include/seealso.xml @@ -0,0 +1,49 @@ + + VOIR AUSSI + + sssd8 +, +sssd.conf5 +, +sssd-ldap5 +, +sssd-ldap-attributes5 +, +sssd-krb55 +, +sssd-simple5 +, +sssd-ipa5 +, +sssd-ad5 +, +sssd-files5 +, +sssd-sudo 5 +, +sssd-session-recording +5 , +sss_cache8 +, +sss_debuglevel8 +, +sss_obfuscate8 +, +sss_seed8 +, +sssd_krb5_locator_plugin8 +, +sss_ssh_authorizedkeys +8 , +sss_ssh_knownhostsproxy +8 , sssd-ifp +5 , +pam_sss8 +. +sss_rpcidmapd 5 + +sssd-systemtap 5 + + + diff --git a/src/man/fr/include/service_discovery.xml b/src/man/fr/include/service_discovery.xml new file mode 100644 index 0000000..6ad86ae --- /dev/null +++ b/src/man/fr/include/service_discovery.xml @@ -0,0 +1,44 @@ + + DÉCOUVERTE DE SERVICE + + La fonctionnalité de découverte de services permet aux moteurs de trouver +automatiquement les serveurs appropriés auxquels se connecter à l'aide d'une +requête DNS spéciale. Cette fonctionnalité n'est pas pris en charge pour sur +les serveurs secondaires. + + + Configuration + + Si aucun serveur n'est spécifié, le moteur utilise automatiquement la +découverte de services pour tenter de trouver un serveur. L'utilisateur peut +aussi choisir d'utiliser des adresses de serveur et de découverte de +services fixes en insérant un mot-clé spécial, _srv_, dans la +liste des serveurs. L'ordre de préférence est maintenu. Cette fonctionnalité +est utile si, par exemple, l'utilisateur préfère utiliser la découverte de +services chaque fois que possible et se replier vers un serveur spécifique +lorsqu'aucun serveur ne peut être découvert à l'aide du DNS. + + + + Le nom de domaine + + Se reporter au paramètre dns_discovery_domain dans la page de +manuel sssd.conf +5 pour plus de détails. + + + + Le protocole + + Les requêtes spécifient généralement _tcp comme protocole. Les exceptions +sont documentées dans les descriptions respectives des options. + + + + Voir aussi + + Pour plus d'informations sur le mécanisme de découverte de services, se +reporter à la RFC 2782. + + + diff --git a/src/man/fr/include/upstream.xml b/src/man/fr/include/upstream.xml new file mode 100644 index 0000000..2a4ad16 --- /dev/null +++ b/src/man/fr/include/upstream.xml @@ -0,0 +1,3 @@ + +SSSD The SSSD upstream - +https://github.com/SSSD/sssd/ diff --git a/src/man/fr/sss_obfuscate.8.xml b/src/man/fr/sss_obfuscate.8.xml new file mode 100644 index 0000000..4981237 --- /dev/null +++ b/src/man/fr/sss_obfuscate.8.xml @@ -0,0 +1,97 @@ + + + +Pages de manuel de SSSD + + + + + sss_obfuscate + 8 + + + + sss_obfuscate + obscurcir un mot de passe en clair + + + + +sss_obfuscate +options [PASSWORD] + + + + DESCRIPTION + + sss_obfuscate convertit un mot de passe donné en un +format illisible par un humain et le place dans la section de domaine +appropriée du fichier de configuration SSSD. + + + Le mot de passe en clair est lu dans l'entrée standard ou entré +interactivement. Les mots de passes chiffrés sont mis dans +ldap_default_authtok pour un domaine SSSD donné et le +paramètre ldap_default_authtok_type est défini à +obfuscated_password. Cf. +sssd-ldap 5 + pour plus de détails sur ces paramètres. + + + Veuillez noter que les mots de passe chiffrés ne fournissent aucun +réel bénéfice de sécurité étant donné qu'il est possible de +retrouver le mot de passe par ingénierie-inverse. Utiliser un meilleur +mécanisme d'authentification tel que les certificats côté client ou GSSAPI +est très conseillé. + + + + + OPTIONS + + + + + , + + + + Le mot de passe chiffré sera lu sur l'entrée standard. + + + + + + , +DOMAINE + + + + Le domaine SSSD auquel est lié le mot de passe. Le nom par défaut est +default. + + + + + + , +FICHIER + + + + Lit le fichier de configuration spécifié par le paramètre. + + + Par défaut : /etc/sssd/sssd.conf + + + + + + + + + + diff --git a/src/man/fr/sss_seed.8.xml b/src/man/fr/sss_seed.8.xml new file mode 100644 index 0000000..89634ed --- /dev/null +++ b/src/man/fr/sss_seed.8.xml @@ -0,0 +1,169 @@ + + + +Pages de manuel de SSSD + + + + + sss_seed + 8 + + + + sss_seed + initialise le cache SSSD avec un utilisateur + + + + +sss_seed +options -D +DOMAIN -n +USER + + + + DESCRIPTION + + sss_seed initialise le cache SSSD avec une entrée +d'utilisateur et le mot de passe temporaire. Si une entrée d'utilisateur est +déjà présente dans le cache de SSSD, l'entrée est mise à jour avec le mot de +passe temporaire. + + + + + + + OPTIONS + + + + , +DOMAIN + + + + Indique le nom de domaine duquel l'utilisateur est membre. Le domaine est +également utilisé pour récupérer les informations sur l'utilisateur. Le +domaine doit être configuré dans sssd.conf. L'option +DOMAIN doit être fournie. Les informations +récupérées depuis le domaine prennent le pas sur ce qui est fourni dans les +options. + + + + + + , +USER + + + + Le nom d'utilisateur de l'entrée devant être créée ou modifiée dans le +cache. L'option USER doit être fournie. + + + + + + , UID + + + + Définit l'UID de l'utilisateur à UID. + + + + + + , GID + + + + Définit le GID de l'utilisateur à GID. + + + + + + , +COMMENTAIRE + + + + Toute chaîne de caractère décrivant l'utilisateur. Souvent utilisé comme +champ pour le nom entier de l'utilisateur. + + + + + + , +HOME_DIR + + + + Définit le répertoire de l'utilisateur à +HOME_DIR. + + + + + + , +SHELL + + + + Définit l'interpréteur de commande de l'utilisateur à +SHELL. + + + + + + , + + + + Mode interactif pour la saisie des informations de l'utilisateur. Cette +option invite uniquement à la saisir des renseignements non fournis dans les +options ou non récupérés à partir du domaine. + + + + + + , +PASS_FILE + + + + Spécifie le fichier dans lequel lire le mot de passe de l'utilisateur. (si +aucun mot de passe n'est spécifié, il sera demandé) + + + + + + + + + NOTES + + La taille du mot de passe (ou la taille du fichier spécifié avec l'option -p +ou --password-file) doit être inférieure ou égale à PASS_MAX octets (64 +octets sur les systèmes sans valeur globale définie de PASS_MAX). + + + + + + + + + + diff --git a/src/man/fr/sss_ssh_knownhostsproxy.1.xml b/src/man/fr/sss_ssh_knownhostsproxy.1.xml new file mode 100644 index 0000000..74af794 --- /dev/null +++ b/src/man/fr/sss_ssh_knownhostsproxy.1.xml @@ -0,0 +1,107 @@ + + + +Pages de manuel de SSSD + + + + + sss_ssh_knownhostsproxy + 1 + + + + sss_ssh_knownhostsproxy + obtenir les clés d'hôtes OpenSSH + + + + +sss_ssh_knownhostsproxy +options HOST PROXY_COMMAND + + + + DESCRIPTION + + sss_ssh_knownhostsproxy acquires SSH host public keys for +host HOST, stores them in a custom OpenSSH +known_hosts file (see the SSH_KNOWN_HOSTS FILE FORMAT section +of sshd +8 for more information) +/var/lib/sss/pubconf/known_hosts and establishes the +connection to the host. + + + Si PROXY_COMMAND est indiqué, elle est alors +utilisée pour établier la connexion vers le système au lieu d'ouvrir une +socket. + + + ssh +1 peut être configuré pour utiliser +sss_ssh_knownhostsproxy pour l'authentication par clés en +utilisant les directives suivantes pour la configuration de +ssh +1 : +ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h +GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts + + + + + + OPTIONS + + + + , PORT + + + + Utiliser le port PORT pour se connecter au +système. Par défaut, le port 22 est utilisé. + + + + + + , +DOMAINE + + + + Rechercher les clés publiques dans le domaine SSSD +DOMAINE hôte. + + + + + + , + + + + Print the host ssh public keys for host HOST. + + + + + + + + + CODE RETOUR + + Dans le cas d'un opération achevée avec succès, une valeur de retour de 0 +est renvoyée. Dans le cas contraire, 1 est renvoyé. + + + + + + + diff --git a/src/man/fr/sssd-simple.5.xml b/src/man/fr/sssd-simple.5.xml new file mode 100644 index 0000000..f8ebdc8 --- /dev/null +++ b/src/man/fr/sssd-simple.5.xml @@ -0,0 +1,151 @@ + + + +Pages de manuel de SSSD + + + + + sssd-simple + 5 + Formats de fichier et conventions + + + + sssd-simple + le fichier de configuration pour le fournisseur de contrôle d'accès « +simple » de SSSD. + + + + DESCRIPTION + + Cette page de manuel décrit la configuration du fournisseur de contrôle +d'accès simple de sssd +8 . Pour plus de détails sur la +syntaxe, cf. la section FORMAT DE FICHIER de la page de +manuel sssd.conf +5 . + + + Le fournisseur d'accès simple autorise les accès à partir de listes +d'autorisation ou de refus de noms d'utilisateurs ou de groupes. Les règles +suivantes s'appliquent : + + + Si toutes les listes sont vides, l'accès est autorisé + + + + Si une liste est fournie, quelle qu'elle soit, l'ordre d'évaluation est +allow,deny. Autrement dit une règle de refus écrasera une règle +d'autorisation. + + + + + Si la ou les listes fournies sont seulement de type « allow », tous les +utilisateurs sont refusés à moins qu'ils ne soient dans la liste. + + + + + Si seulement les listes « deny » sont utilisées, tous les utlisateurs sont +autorisés à moins qu'ils ne soient dans la liste. + + + + + + + + OPTIONS DE CONFIGURATION + Se référer à la section SECTIONS DE DOMAINE de la page de +manuel sssd.conf +5 pour les détails sur la +configuration d'un domaine SSSD. + + simple_allow_users (chaîne) + + + Liste séparée par des virgules d'utilisateurs autorisés à se connecter. + + + + + + simple_deny_users (chaîne) + + + Liste séparée par des virgules d'utilisateurs dont l'accès sera refusé. + + + + + simple_allow_groups (chaîne) + + + Liste séparée par des virgules de groupes autorisés à se connecter. Ceci ne +s'applique qu'à des groupes dans un domaine SSSD. Les groupes locaux ne sont +pas pris en compte. + + + + + + simple_deny_groups (chaîne) + + + Liste séparée par des virgules de groupes dont l'accès sera refusé. Ceci ne +s'applique qu'à des groupes dans un domaine SSSD. Les groupes locaux ne sont +pas pris en compte. + + + + + + + Ne spécifier aucune valeur pour aucune des listes revient à l'ignorer +complètement. Se méfier de ceci lors de la création des paramètres pour le +fournisseur simple à l'aide automatique de scripts. + + + Veuillez noter que la configuration simultanée de simple_allow_users et +simple_deny_users est une erreur. + + + + + EXEMPLE + + L'exemple suivant suppose que SSSD est correctement configuré et que +example.com est un des domaines dans la section +[sssd]. Ces exemples montrent seulement les +options spécifiques du fournisseur d'accès simple. + + + +[domain/example.com] +access_provider = simple +simple_allow_users = user1, user2 + + + + + + NOTES + + The complete group membership hierarchy is resolved before the access check, +thus even nested groups can be included in the access lists. Please be +aware that the ldap_group_nesting_level option may impact the +results and should be set to a sufficient value. ( +sssd-ldap5 +) option. + + + + + + + diff --git a/src/man/idmap_sss.8.xml b/src/man/idmap_sss.8.xml new file mode 100644 index 0000000..a316c32 --- /dev/null +++ b/src/man/idmap_sss.8.xml @@ -0,0 +1,78 @@ + + + +SSSD Manual pages + + + + + idmap_sss + 8 + + + + idmap_sss + SSSD's idmap_sss Backend for Winbind + + + + DESCRIPTION + + The idmap_sss module provides a way to call SSSD to map UIDs/GIDs + and SIDs. No database is required in this case as the mapping is + done by SSSD. + + + + + IDMAP OPTIONS + + + + range = low - high + + Defines the available matching UID and GID range for which the + backend is authoritative. + + + + + + + EXAMPLES + + This example shows how to configure idmap_sss as the default mapping + module. + + + +[global] +security = ads +workgroup = <AD-DOMAIN-SHORTNAME> + +idmap config <AD-DOMAIN-SHORTNAME> : backend = sss +idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647 + +idmap config * : backend = tdb +idmap config * : range = 100000-199999 + + + + Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain + name of the AD domain. If multiple AD domains should be used each + domain needs an idmap config line with + backend = sss and a line with a suitable + range. + + + Since Winbind requires a writeable default backend and idmap_sss is + read-only the example includes backend = tdb as + default. + + + + + + + diff --git a/src/man/include/ad_modified_defaults.xml b/src/man/include/ad_modified_defaults.xml new file mode 100644 index 0000000..65c9a01 --- /dev/null +++ b/src/man/include/ad_modified_defaults.xml @@ -0,0 +1,110 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend + provider defaults, these option names and AD provider-specific + defaults are listed below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_enterprise_principal = true + + + + + + LDAP Provider + + + + ldap_schema = ad + + + + + ldap_force_upper_case_realm = true + + + + + ldap_id_mapping = true + + + + + ldap_sasl_mech = GSS-SPNEGO + + + + + ldap_referrals = false + + + + + ldap_account_expire_policy = ad + + + + + ldap_use_tokengroups = true + + + + + ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM) + + + The AD provider looks for a different principal than the + LDAP provider by default, because in an Active Directory + environment the principals are divided into two groups + - User Principals and Service Principals. Only User + Principal can be used to obtain a TGT and by default, + computer object's principal is constructed from + its sAMAccountName and the AD realm. The well-known + host/hostname@REALM principal is a Service Principal + and thus cannot be used to get a TGT with. + + + + + + NSS configuration + + + + fallback_homedir = /home/%d/%u + + + The AD provider automatically sets + "fallback_homedir = /home/%d/%u" to provide personal + home directories for users without the homeDirectory + attribute. If your AD Domain is properly + populated with Posix attributes, and you want to avoid + this fallback behavior, you can explicitly + set "fallback_homedir = %o". + + + Note that the system typically expects a home directory + in /home/%u folder. If you decide to use a different + directory structure, some other parts of your system may + need adjustments. + + + For example automated creation of home directories in + combination with selinux requires selinux adjustment, + otherwise the home directory will be created with wrong + selinux context. + + + + + diff --git a/src/man/include/autofs_attributes.xml b/src/man/include/autofs_attributes.xml new file mode 100644 index 0000000..9775a57 --- /dev/null +++ b/src/man/include/autofs_attributes.xml @@ -0,0 +1,70 @@ + + + ldap_autofs_map_object_class (string) + + + The object class of an automount map entry in LDAP. + + + Default: nisMap (rfc2307, autofs_provider=ad), + otherwise automountMap + + + + + + ldap_autofs_map_name (string) + + + The name of an automount map entry in LDAP. + + + Default: nisMapName (rfc2307, + autofs_provider=ad), otherwise automountMapName + + + + + + ldap_autofs_entry_object_class (string) + + + The object class of an automount entry + in LDAP. The entry usually corresponds to a mount + point. + + + Default: nisObject (rfc2307, autofs_provider=ad), + otherwise automount + + + + + + ldap_autofs_entry_key (string) + + + The key of an automount entry in LDAP. The + entry usually corresponds to a mount point. + + + Default: cn (rfc2307, autofs_provider=ad), + otherwise automountKey + + + + + + ldap_autofs_entry_value (string) + + + The key of an automount entry in LDAP. The + entry usually corresponds to a mount point. + + + Default: nisMapEntry (rfc2307, + autofs_provider=ad), otherwise automountInformation + + + + diff --git a/src/man/include/autofs_restart.xml b/src/man/include/autofs_restart.xml new file mode 100644 index 0000000..901855b --- /dev/null +++ b/src/man/include/autofs_restart.xml @@ -0,0 +1,6 @@ + + Please note that the automounter only reads the master + map on startup, so if any autofs-related changes are made + to the sssd.conf, you typically also need to restart the + automounter daemon after restarting the SSSD. + diff --git a/src/man/include/debug_levels.xml b/src/man/include/debug_levels.xml new file mode 100644 index 0000000..f43091e --- /dev/null +++ b/src/man/include/debug_levels.xml @@ -0,0 +1,113 @@ + + + SSSD supports two representations for specifying the debug level. The + simplest is to specify a decimal value from 0-9, which represents + enabling that level and all lower-level debug messages. The more + comprehensive option is to specify a hexadecimal bitmask to enable or + disable specific levels (such as if you wish to suppress a level). + + + Please note that each SSSD service logs into its own log + file. Also please note that enabling debug_level + in the [sssd] section only enables debugging just + for the sssd process itself, not for the responder or provider + processes. The debug_level parameter should be + added to all sections that you wish to produce debug logs from. + + + In addition to changing the log level in the config file using + the debug_level parameter, which is persistent, but + requires SSSD restart, it is also possible to change the debug level + on the fly using the + + sss_debuglevel + 8 + + tool. + + + Currently supported debug levels: + + + 0, + 0x0010: + Fatal failures. Anything that would prevent SSSD from starting up or + causes it to cease running. + + + 1, + 0x0020: + Critical failures. An error that doesn't kill SSSD, but one that + indicates that at least one major feature is not going to work + properly. + + + 2, + 0x0040: Serious failures. An error announcing + that a particular request or operation has failed. + + + 3, + 0x0080: Minor failures. These are the errors that + would percolate down to cause the operation failure of 2. + + + 4, + 0x0100: Configuration settings. + + + 5, + 0x0200: Function data. + + + 6, + 0x0400: Trace messages for operation functions. + + + 7, + 0x1000: Trace messages for internal control + functions. + + + 8, + 0x2000: Contents of function-internal variables + that may be interesting. + + + 9, + 0x4000: Extremely low-level tracing information. + + + 9, + 0x20000: Performance and statistical data, + please note that due to the way requests are processed internally the + logged execution time of a request might be longer than it actually + was. + + + 10, + 0x10000: Even more low-level libldb tracing + information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together + as shown in following examples: + + + Example: To log fatal failures, critical failures, + serious failures and function data use 0x0270. + + + Example: To log fatal failures, configuration + settings, function data, trace messages for internal control functions + use 0x1310. + + + Note: The bitmask format of debug levels was + introduced in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious + failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/include/debug_levels_tools.xml b/src/man/include/debug_levels_tools.xml new file mode 100644 index 0000000..46a3c7d --- /dev/null +++ b/src/man/include/debug_levels_tools.xml @@ -0,0 +1,87 @@ + + + SSSD supports two representations for specifying the debug level. The + simplest is to specify a decimal value from 0-9, which represents + enabling that level and all lower-level debug messages. The more + comprehensive option is to specify a hexadecimal bitmask to enable or + disable specific levels (such as if you wish to suppress a level). + + + Currently supported debug levels: + + + 0, + 0x0010: + Fatal failures. Anything that would prevent SSSD from starting up or + causes it to cease running. + + + 1, + 0x0020: + Critical failures. An error that doesn't kill SSSD, but one that + indicates that at least one major feature is not going to work + properly. + + + 2, + 0x0040: Serious failures. An error announcing + that a particular request or operation has failed. + + + 3, + 0x0080: Minor failures. These are the errors that + would percolate down to cause the operation failure of 2. + + + 4, + 0x0100: Configuration settings. + + + 5, + 0x0200: Function data. + + + 6, + 0x0400: Trace messages for operation functions. + + + 7, + 0x1000: Trace messages for internal control + functions. + + + 8, + 0x2000: Contents of function-internal variables + that may be interesting. + + + 9, + 0x4000: Extremely low-level tracing information. + + + 10, + 0x10000: Even more low-level libldb tracing + information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together + as shown in following examples: + + + Example: To log fatal failures, critical failures, + serious failures and function data use 0x0270. + + + Example: To log fatal failures, configuration + settings, function data, trace messages for internal control functions + use 0x1310. + + + Note: The bitmask format of debug levels was + introduced in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious + failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/include/failover.xml b/src/man/include/failover.xml new file mode 100644 index 0000000..758270d --- /dev/null +++ b/src/man/include/failover.xml @@ -0,0 +1,132 @@ + + FAILOVER + + The failover feature allows back ends to automatically switch to + a different server if the current server fails. + + + Failover Syntax + + The list of servers is given as a comma-separated list; any + number of spaces is allowed around the comma. The servers are + listed in order of preference. The list can contain any number + of servers. + + + For each failover-enabled config option, two variants exist: + primary and backup. + The idea is that servers in the primary list are preferred and + backup servers are only searched if no primary servers can be + reached. If a backup server is selected, a timeout of 31 seconds + is set. After this timeout SSSD will periodically try to reconnect + to one of the primary servers. If it succeeds, it will replace + the current active (backup) server. + + + + The Failover Mechanism + + The failover mechanism distinguishes between a machine and a + service. The back end first tries to resolve the hostname of a + given machine; if this resolution attempt fails, the machine is + considered offline. No further attempts are made to connect + to this machine for any other service. If the resolution + attempt succeeds, the back end tries to connect to a service + on this machine. If the service connection attempt fails, + then only this particular service is considered offline and + the back end automatically switches over to the next service. + The machine is still considered online and might still be tried + for another service. + + + Further connection attempts are made to machines or services + marked as offline after a specified period of time; this is + currently hard coded to 30 seconds. + + + If there are no more machines to try, the back end as a whole + switches to offline mode, and then attempts to reconnect + every 30 seconds. + + + + Failover time outs and tuning + + Resolving a server to connect to can be as simple as running + a single DNS query or can involve several steps, such as finding + the correct site or trying out multiple host names in case some + of the configured servers are not reachable. The more complex + scenarios can take some time and SSSD needs to balance between + providing enough time to finish the resolution process but on + the other hand, not trying for too long before falling back + to offline mode. If the SSSD debug logs show that the server + resolution is timing out before a live server is contacted, + you can consider changing the time outs. + + + This section lists the available tunables. Please refer to their + description in the + + sssd.conf5 + , + manual page. + + + + dns_resolver_server_timeout + + + + Time in milliseconds that sets how long would SSSD + talk to a single DNS server before trying next one. + + + Default: 1000 + + + + + + dns_resolver_op_timeout + + + + Time in seconds to tell how long would SSSD try + to resolve single DNS query (e.g. resolution of a + hostname or an SRV record) before trying the next + hostname or discovery domain. + + + Default: 3 + + + + + + dns_resolver_timeout + + + + How long would SSSD try to resolve a failover + service. This service resolution internally might + include several steps, such as resolving DNS SRV + queries or locating the site. + + + Default: 6 + + + + + + + For LDAP-based providers, the resolve operation is performed + as part of an LDAP connection operation. Therefore, also the + ldap_opt_timeout timeout should be set to + a larger value than dns_resolver_timeout + which in turn should be set to a larger value than + dns_resolver_op_timeout which should be larger + than dns_resolver_server_timeout. + + + diff --git a/src/man/include/homedir_substring.xml b/src/man/include/homedir_substring.xml new file mode 100644 index 0000000..54d9bc9 --- /dev/null +++ b/src/man/include/homedir_substring.xml @@ -0,0 +1,18 @@ + + homedir_substring (string) + + + The value of this option will be used in the expansion of the + override_homedir option if the template + contains the format string %H. An LDAP + directory entry can directly contain this template so that this + option can be used to expand the home directory path for each + client machine (or operating system). It can be set per-domain or + globally in the [nss] section. A value specified in a domain + section will override one set in the [nss] section. + + + Default: /home + + + diff --git a/src/man/include/ipa_modified_defaults.xml b/src/man/include/ipa_modified_defaults.xml new file mode 100644 index 0000000..1f4d48b --- /dev/null +++ b/src/man/include/ipa_modified_defaults.xml @@ -0,0 +1,123 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend + provider defaults, these option names and IPA provider-specific + defaults are listed below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_fast = try + + + + + krb5_canonicalize = true + + + + + + LDAP Provider - General + + + + ldap_schema = ipa_v1 + + + + + ldap_force_upper_case_realm = true + + + + + ldap_sasl_mech = GSSAPI + + + + + ldap_sasl_minssf = 56 + + + + + ldap_account_expire_policy = ipa + + + + + ldap_use_tokengroups = true + + + + + + LDAP Provider - User options + + + + ldap_user_member_of = memberOf + + + + + ldap_user_uuid = ipaUniqueID + + + + + ldap_user_ssh_public_key = ipaSshPubKey + + + + + ldap_user_auth_type = ipaUserAuthType + + + + + + LDAP Provider - Group options + + + + ldap_group_object_class = ipaUserGroup + + + + + ldap_group_object_class_alt = posixGroup + + + + + ldap_group_member = member + + + + + ldap_group_uuid = ipaUniqueID + + + + + ldap_group_objectsid = ipaNTSecurityIdentifier + + + + + ldap_group_external_member = ipaExternalMember + + + + + diff --git a/src/man/include/krb5_options.xml b/src/man/include/krb5_options.xml new file mode 100644 index 0000000..d82be7b --- /dev/null +++ b/src/man/include/krb5_options.xml @@ -0,0 +1,167 @@ + + + krb5_auth_timeout (integer) + + + Timeout in seconds after an online authentication request + or change password request is aborted. If possible, the + authentication request is continued offline. + + + Default: 6 + + + + + + krb5_validate (boolean) + + + Verify with the help of krb5_keytab that the TGT + obtained has not been spoofed. The keytab is checked for + entries sequentially, and the first entry with a matching + realm is used for validation. If no entry matches the realm, the last + entry in the keytab is used. This process can be used to validate + environments using cross-realm trust by placing the appropriate + keytab entry as the last entry or the only entry in the keytab file. + + + Default: false (IPA and AD provider: true) + + + Please note that the ticket validation is the first step when + checking the PAC (see 'pac_check' in the + + sssd.conf + 5 + manual page for details). If ticket + validation is disabled the PAC checks will be skipped as well. + + + + + + krb5_renewable_lifetime (string) + + + Request a renewable ticket with a total + lifetime, given as an integer immediately followed + by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is + assumed. + + + NOTE: It is not possible to mix units. To set + the renewable lifetime to one and a half hours, + use '90m' instead of '1h30m'. + + + Default: not set, i.e. the TGT is not renewable + + + + + + krb5_lifetime (string) + + + Request ticket with a lifetime, given as an + integer immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given s is + assumed. + + + NOTE: It is not possible to mix units. + To set the lifetime to one and a half + hours please use '90m' instead of '1h30m'. + + + Default: not set, i.e. the default ticket lifetime + configured on the KDC. + + + + + + krb5_renew_interval (string) + + + The time in seconds between two checks if the TGT + should be renewed. TGTs are renewed if about half + of their lifetime is exceeded, given as an integer + immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is + assumed. + + + NOTE: It is not possible to mix units. To set + the renewable lifetime to one and a half hours, + use '90m' instead of '1h30m'. + + + If this option is not set or is 0 the automatic + renewal is disabled. + + + Default: not set + + + + + + krb5_canonicalize (boolean) + + + Specifies if the host and user principal should be + canonicalized. This feature is available with MIT + Kerberos 1.7 and later versions. + + + + Default: false + + + + diff --git a/src/man/include/ldap_id_mapping.xml b/src/man/include/ldap_id_mapping.xml new file mode 100644 index 0000000..25cb6e5 --- /dev/null +++ b/src/man/include/ldap_id_mapping.xml @@ -0,0 +1,317 @@ + + ID MAPPING + + The ID-mapping feature allows SSSD to act as a client of Active + Directory without requiring administrators to extend user attributes + to support POSIX attributes for user and group identifiers. + + + NOTE: When ID-mapping is enabled, the uidNumber and gidNumber + attributes are ignored. This is to avoid the possibility of conflicts + between automatically-assigned and manually-assigned values. If you + need to use manually-assigned values, ALL values must be + manually-assigned. + + + Please note that changing the ID mapping related configuration + options will cause user and group IDs to change. At the moment, + SSSD does not support changing IDs, so the SSSD database must + be removed. Because cached passwords are also stored in the + database, removing the database should only be performed while + the authentication servers are reachable, otherwise users might + get locked out. In order to cache the password, an authentication + must be performed. It is not sufficient to use + + sss_cache + 8 + + to remove the database, rather the process + consists of: + + + + Making sure the remote servers are reachable + + + + + Stopping the SSSD service + + + + + Removing the database + + + + + Starting the SSSD service + + + + Moreover, as the change of IDs might necessitate the adjustment + of other system properties such as file and directory ownership, + it's advisable to plan ahead and test the ID mapping configuration + thoroughly. + + + + Mapping Algorithm + + Active Directory provides an objectSID for every user and group + object in the directory. This objectSID can be broken up into + components that represent the Active Directory domain identity and + the relative identifier (RID) of the user or group object. + + + The SSSD ID-mapping algorithm takes a range of available UIDs and + divides it into equally-sized component sections - called + "slices"-. Each slice represents the space available to an Active + Directory domain. + + + When a user or group entry for a particular domain is encountered + for the first time, the SSSD allocates one of the available slices + for that domain. In order to make this slice-assignment repeatable + on different client machines, we select the slice based on the + following algorithm: + + + The SID string is passed through the murmurhash3 algorithm to + convert it to a 32-bit hashed value. We then take the modulus of + this value with the total number of available slices to pick the + slice. + + + NOTE: It is possible to encounter collisions in the hash and + subsequent modulus. In these situations, we will select the next + available slice, but it may not be possible to reproduce the same + exact set of slices on other machines (since the order that they + are encountered will determine their slice). In this situation, it + is recommended to either switch to using explicit POSIX attributes + in Active Directory (disabling ID-mapping) or configure a default + domain to guarantee that at least one is always consistent. See + Configuration for details. + + + + + Configuration + + Minimum configuration (in the [domain/DOMAINNAME] + section): + + + +ldap_id_mapping = True +ldap_schema = ad + + + + The default configuration results in configuring 10,000 slices, + each capable of holding up to 200,000 IDs, starting from 200,000 + and going up to 2,000,200,000. This should be sufficient for + most deployments. + + + Advanced Configuration + + + ldap_idmap_range_min (integer) + + + Specifies the lower (inclusive) bound of the range + of POSIX IDs to use for mapping Active Directory + user and group SIDs. It is the first POSIX ID which + can be used for the mapping. + + + NOTE: This option is different from + min_id in that min_id + acts to filter the output of requests to this domain, + whereas this option controls the range of ID + assignment. This is a subtle distinction, but the + good general advice would be to have + min_id be less-than or equal to + ldap_idmap_range_min + + + Default: 200000 + + + + + ldap_idmap_range_max (integer) + + + Specifies the upper (exclusive) bound of the range + of POSIX IDs to use for mapping Active Directory + user and group SIDs. It is the first POSIX ID which + cannot be used for the mapping anymore, i.e. one + larger than the last one which can be used for the + mapping. + + + NOTE: This option is different from + max_id in that max_id + acts to filter the output of requests to this domain, + whereas this option controls the range of ID + assignment. This is a subtle distinction, but the + good general advice would be to have + max_id be greater-than or equal to + ldap_idmap_range_max + + + Default: 2000200000 + + + + + ldap_idmap_range_size (integer) + + + Specifies the number of IDs available for each slice. + If the range size does not divide evenly into the min + and max values, it will create as many complete slices + as it can. + + + NOTE: The value of this option must be at least as large as the + highest user RID planned for use on the Active Directory server. User + lookups and login will fail for any user whose RID is greater than + this value. + + + For example, if your most recently-added Active Directory user has + objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, + ldap_idmap_range_size must be at least 1108 as + range size is equal to maximal SID minus minimal SID plus one + (e.g. 1108 = 1107 - 0 + 1). + + + It is important to plan ahead for future expansion, as changing this + value will result in changing all of the ID mappings on the system, + leading to users with different local IDs than they previously had. + + + Default: 200000 + + + + + ldap_idmap_default_domain_sid (string) + + + Specify the domain SID of the default domain. This + will guarantee that this domain will always be + assigned to slice zero in the ID map, bypassing + the murmurhash algorithm described above. + + + Default: not set + + + + + ldap_idmap_default_domain (string) + + + Specify the name of the default domain. + + + Default: not set + + + + + ldap_idmap_autorid_compat (boolean) + + + Changes the behavior of the ID-mapping algorithm + to behave more similarly to winbind's + idmap_autorid algorithm. + + + When this option is configured, domains will be + allocated starting with slice zero and increasing + monotonically with each additional domain. + + + NOTE: This algorithm is non-deterministic (it + depends on the order that users and groups are + requested). If this mode is required for + compatibility with machines running winbind, it + is recommended to also use the + ldap_idmap_default_domain_sid + option to guarantee that at least one domain is + consistently allocated to slice zero. + + + Default: False + + + + + ldap_idmap_helper_table_size (integer) + + + Maximal number of secondary slices that is tried when + performing mapping from UNIX id to SID. + + + Note: Additional secondary slices might be generated + when SID is being mapped to UNIX id and RID part of + SID is out of range for secondary slices generated so + far. If value of ldap_idmap_helper_table_size is equal + to 0 then no additional secondary slices are + generated. + + + Default: 10 + + + + + + + + + Well-Known SIDs + + SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs + with a special hardcoded meaning. Since the generic users and groups + related to those Well-Known SIDs have no equivalent in a Linux/UNIX + environment no POSIX IDs are available for those objects. + + + The SID name space is organized in authorities which can be seen as + different domains. The authorities for the Well-Known SIDs are + + Null Authority + World Authority + Local Authority + Creator Authority + Mandatory Label Authority + Authentication Authority + NT Authority + Built-in + + The capitalized version of these names are used as domain names when + returning the fully qualified name of a Well-Known SID. + + + Since some utilities allow to modify SID based access control + information with the help of a name instead of using the SID + directly SSSD supports to look up the SID by the name as well. To + avoid collisions only the fully qualified names can be used to look + up Well-Known SIDs. As a result the domain names NULL + AUTHORITY, WORLD AUTHORITY, LOCAL + AUTHORITY, CREATOR AUTHORITY, + MANDATORY LABEL AUTHORITY, AUTHENTICATION + AUTHORITY, NT AUTHORITY and + BUILTIN should not be used as domain names in + sssd.conf. + + + + diff --git a/src/man/include/ldap_search_bases.xml b/src/man/include/ldap_search_bases.xml new file mode 100644 index 0000000..49dd940 --- /dev/null +++ b/src/man/include/ldap_search_bases.xml @@ -0,0 +1,36 @@ + + + An optional base DN, search scope and LDAP filter + to restrict LDAP searches for this attribute type. + + + syntax: + +search_base[?scope?[filter][?search_base?scope?[filter]]*] + + + + The scope can be one of "base", "onelevel" or "subtree". The + scope functions as specified in section 4.5.1.2 of + http://tools.ietf.org/html/rfc4511 + + + The filter must be a valid LDAP search + filter as specified by + http://www.ietf.org/rfc/rfc2254.txt + + + For examples of this syntax, please refer to the + ldap_search_base examples section. + + + Default: the value of + ldap_search_base + + + Please note that specifying scope or filter is not supported for + searches against an Active Directory Server that might yield a + large number of results and trigger the Range Retrieval extension + in the response. + + diff --git a/src/man/include/local.xml b/src/man/include/local.xml new file mode 100644 index 0000000..913ed82 --- /dev/null +++ b/src/man/include/local.xml @@ -0,0 +1,20 @@ + + THE LOCAL DOMAIN + + In order to function correctly, a domain with + id_provider=local must be created and the SSSD must + be running. + + + The administrator might want to use the SSSD local users instead + of traditional UNIX users in cases where the group nesting (see + + sss_groupadd + 8 + ) is needed. The local users are also useful for + testing and development of the SSSD without having to deploy + a full remote server. The sss_user* and + sss_group* tools use a local LDB storage to + store users and groups. + + diff --git a/src/man/include/override_homedir.xml b/src/man/include/override_homedir.xml new file mode 100644 index 0000000..be6663b --- /dev/null +++ b/src/man/include/override_homedir.xml @@ -0,0 +1,84 @@ + +override_homedir (string) + + + Override the user's home directory. You + can either provide an absolute value or a + template. In the template, the following + sequences are substituted: + + + %u + login name + + + %U + UID number + + + %d + domain name + + + %f + fully qualified user name (user@domain) + + + %l + The first letter of the login name. + + + %P + UPN - User Principal Name (name@REALM) + + + %o + + The original home directory retrieved + from the identity provider. + + + + %h + + The original home directory retrieved + from the identity provider, but in lower case. + + + + %H + + The value of configure option + homedir_substring. + + + + %% + a literal '%' + + + + + + This option can also be set per-domain. + + + example: + +override_homedir = /home/%u + + + + Default: Not set (SSSD will use the value + retrieved from LDAP) + + + Please note, the home directory from a specific override for the user, + either locally (see + sss_override + 8) or centrally managed IPA + id-overrides, has a higher precedence and will be used instead of the + value given by override_homedir. + + + diff --git a/src/man/include/param_help.xml b/src/man/include/param_help.xml new file mode 100644 index 0000000..d28020b --- /dev/null +++ b/src/man/include/param_help.xml @@ -0,0 +1,10 @@ + + + , + + + + Display help message and exit. + + + diff --git a/src/man/include/param_help_py.xml b/src/man/include/param_help_py.xml new file mode 100644 index 0000000..a2478bf --- /dev/null +++ b/src/man/include/param_help_py.xml @@ -0,0 +1,10 @@ + + + , + + + + Display help message and exit. + + + diff --git a/src/man/include/seealso.xml b/src/man/include/seealso.xml new file mode 100644 index 0000000..747691b --- /dev/null +++ b/src/man/include/seealso.xml @@ -0,0 +1,88 @@ + + SEE ALSO + + + sssd8 + , + + sssd.conf5 + , + + sssd-ldap5 + , + + sssd-ldap-attributes5 + , + + sssd-krb55 + , + + sssd-simple5 + , + + sssd-ipa5 + , + + sssd-ad5 + , + + + sssd-files5 + , + + + + sssd-sudo + 5 + , + + + sssd-session-recording + 5 + , + + sss_cache8 + , + + sss_debuglevel8 + , + + sss_obfuscate8 + , + + sss_seed8 + , + + sssd_krb5_locator_plugin8 + , + + + sss_ssh_authorizedkeys + 8 + , + + sss_ssh_knownhostsproxy + 8 + , + + + + sssd-ifp + 5 + , + + + pam_sss8 + . + + sss_rpcidmapd + 5 + + + + sssd-systemtap + 5 + + + + diff --git a/src/man/include/service_discovery.xml b/src/man/include/service_discovery.xml new file mode 100644 index 0000000..5b96ad8 --- /dev/null +++ b/src/man/include/service_discovery.xml @@ -0,0 +1,48 @@ + + SERVICE DISCOVERY + + The service discovery feature allows back ends to automatically + find the appropriate servers to connect to using a special DNS + query. This feature is not supported for backup servers. + + + Configuration + + If no servers are specified, the back end automatically + uses service discovery to try to find a server. Optionally, + the user may choose to use both fixed server addresses + and service discovery by inserting a special keyword, + _srv_, in the list of servers. The order + of preference is maintained. This feature is useful if, for + example, the user prefers to use service discovery whenever + possible, and fall back to a specific server when no servers + can be discovered using DNS. + + + + The domain name + + Please refer to the dns_discovery_domain + parameter in the + + sssd.conf + 5 + + manual page for more details. + + + + The protocol + + The queries usually specify _tcp as the protocol. Exceptions + are documented in respective option description. + + + + See Also + + For more information on the service discovery mechanism, + refer to RFC 2782. + + + diff --git a/src/man/include/upstream.xml b/src/man/include/upstream.xml new file mode 100644 index 0000000..53726b2 --- /dev/null +++ b/src/man/include/upstream.xml @@ -0,0 +1,4 @@ + + SSSD + The SSSD upstream - https://github.com/SSSD/sssd/ + diff --git a/src/man/ja/include/ad_modified_defaults.xml b/src/man/ja/include/ad_modified_defaults.xml new file mode 100644 index 0000000..6ee0537 --- /dev/null +++ b/src/man/ja/include/ad_modified_defaults.xml @@ -0,0 +1,104 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and AD provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_enterprise_principal = true + + + + + + LDAP Provider + + + + ldap_schema = ad + + + + + ldap_force_upper_case_realm = true + + + + + ldap_id_mapping = true + + + + + ldap_sasl_mech = GSS-SPNEGO + + + + + ldap_referrals = false + + + + + ldap_account_expire_policy = ad + + + + + ldap_use_tokengroups = true + + + + + ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM) + + + The AD provider looks for a different principal than the LDAP provider by +default, because in an Active Directory environment the principals are +divided into two groups - User Principals and Service Principals. Only User +Principal can be used to obtain a TGT and by default, computer object's +principal is constructed from its sAMAccountName and the AD realm. The +well-known host/hostname@REALM principal is a Service Principal and thus +cannot be used to get a TGT with. + + + + + + NSS configuration + + + + fallback_homedir = /home/%d/%u + + + The AD provider automatically sets "fallback_homedir = /home/%d/%u" to +provide personal home directories for users without the homeDirectory +attribute. If your AD Domain is properly populated with Posix attributes, +and you want to avoid this fallback behavior, you can explicitly set +"fallback_homedir = %o". + + + Note that the system typically expects a home directory in /home/%u +folder. If you decide to use a different directory structure, some other +parts of your system may need adjustments. + + + For example automated creation of home directories in combination with +selinux requires selinux adjustment, otherwise the home directory will be +created with wrong selinux context. + + + + + diff --git a/src/man/ja/include/autofs_attributes.xml b/src/man/ja/include/autofs_attributes.xml new file mode 100644 index 0000000..0a453aa --- /dev/null +++ b/src/man/ja/include/autofs_attributes.xml @@ -0,0 +1,64 @@ + + + ldap_autofs_map_object_class (文字列) + + + LDAP にある automount マップエントリーのオブジェクトクラスです。 + + + Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap + + + + + + ldap_autofs_map_name (文字列) + + + LDAP における automount のマップエントリーの名前です。 + + + Default: nisMapName (rfc2307, autofs_provider=ad), otherwise +automountMapName + + + + + + ldap_autofs_entry_object_class (文字列) + + + The object class of an automount entry in LDAP. The entry usually +corresponds to a mount point. + + + Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount + + + + + + ldap_autofs_entry_key (文字列) + + + LDAP にある automount エントリーのキーです。エントリーは一般的にマウントポイントと対応します。 + + + Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey + + + + + + ldap_autofs_entry_value (文字列) + + + LDAP にある automount エントリーのキーです。エントリーは一般的にマウントポイントと対応します。 + + + Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise +automountInformation + + + + diff --git a/src/man/ja/include/autofs_restart.xml b/src/man/ja/include/autofs_restart.xml new file mode 100644 index 0000000..f31efe5 --- /dev/null +++ b/src/man/ja/include/autofs_restart.xml @@ -0,0 +1,5 @@ + + Please note that the automounter only reads the master map on startup, so if +any autofs-related changes are made to the sssd.conf, you typically also +need to restart the automounter daemon after restarting the SSSD. + diff --git a/src/man/ja/include/debug_levels.xml b/src/man/ja/include/debug_levels.xml new file mode 100644 index 0000000..70361f1 --- /dev/null +++ b/src/man/ja/include/debug_levels.xml @@ -0,0 +1,97 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Please note that each SSSD service logs into its own log file. Also please +note that enabling debug_level in the [sssd] +section only enables debugging just for the sssd process itself, not for the +responder or provider processes. The debug_level parameter +should be added to all sections that you wish to produce debug logs from. + + + In addition to changing the log level in the config file using the +debug_level parameter, which is persistent, but requires SSSD +restart, it is also possible to change the debug level on the fly using the + sss_debuglevel +8 tool. + + + 現在サポートされるデバッグレベル: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 9, 0x20000: Performance and +statistical data, please note that due to the way requests are processed +internally the logged execution time of a request might be longer than it +actually was. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + : 致命的なエラー、重大なエラー、深刻なエラーおよび関数データをログに取得するには 0x0270 +を使用します。 + + + : 致命的なエラー、設定値の設定、関数データ、内部制御関数のトレースメッセージをログに取得するには +0x1310 を使用します。 + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/ja/include/debug_levels_tools.xml b/src/man/ja/include/debug_levels_tools.xml new file mode 100644 index 0000000..57f81cc --- /dev/null +++ b/src/man/ja/include/debug_levels_tools.xml @@ -0,0 +1,77 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + 現在サポートされるデバッグレベル: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + : 致命的なエラー、重大なエラー、深刻なエラーおよび関数データをログに取得するには 0x0270 +を使用します。 + + + : 致命的なエラー、設定値の設定、関数データ、内部制御関数のトレースメッセージをログに取得するには +0x1310 を使用します。 + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/ja/include/failover.xml b/src/man/ja/include/failover.xml new file mode 100644 index 0000000..bd16e22 --- /dev/null +++ b/src/man/ja/include/failover.xml @@ -0,0 +1,118 @@ + + フェイルオーバー + + The failover feature allows back ends to automatically switch to a different +server if the current server fails. + + + フェイルオーバーの構文 + + サーバーの一覧がカンマ区切り一覧として与えられます。カンマの前後で空白はいくつでも許されます。サーバーは性能の順番で一覧化されます。一覧はサーバーをいくつでも含められます。 + + + For each failover-enabled config option, two variants exist: +primary and backup. The idea is +that servers in the primary list are preferred and backup servers are only +searched if no primary servers can be reached. If a backup server is +selected, a timeout of 31 seconds is set. After this timeout SSSD will +periodically try to reconnect to one of the primary servers. If it succeeds, +it will replace the current active (backup) server. + + + + フェイルオーバーのメカニズム + + The failover mechanism distinguishes between a machine and a service. The +back end first tries to resolve the hostname of a given machine; if this +resolution attempt fails, the machine is considered offline. No further +attempts are made to connect to this machine for any other service. If the +resolution attempt succeeds, the back end tries to connect to a service on +this machine. If the service connection attempt fails, then only this +particular service is considered offline and the back end automatically +switches over to the next service. The machine is still considered online +and might still be tried for another service. + + + Further connection attempts are made to machines or services marked as +offline after a specified period of time; this is currently hard coded to 30 +seconds. + + + If there are no more machines to try, the back end as a whole switches to +offline mode, and then attempts to reconnect every 30 seconds. + + + + Failover time outs and tuning + + Resolving a server to connect to can be as simple as running a single DNS +query or can involve several steps, such as finding the correct site or +trying out multiple host names in case some of the configured servers are +not reachable. The more complex scenarios can take some time and SSSD needs +to balance between providing enough time to finish the resolution process +but on the other hand, not trying for too long before falling back to +offline mode. If the SSSD debug logs show that the server resolution is +timing out before a live server is contacted, you can consider changing the +time outs. + + + This section lists the available tunables. Please refer to their description +in the +sssd.conf5 +, manual page. + + + dns_resolver_server_timeout + + + + Time in milliseconds that sets how long would SSSD talk to a single DNS +server before trying next one. + + + 初期値: 1000 + + + + + + dns_resolver_op_timeout + + + + Time in seconds to tell how long would SSSD try to resolve single DNS query +(e.g. resolution of a hostname or an SRV record) before trying the next +hostname or discovery domain. + + + 初期値: 3 + + + + + + dns_resolver_timeout + + + + How long would SSSD try to resolve a failover service. This service +resolution internally might include several steps, such as resolving DNS SRV +queries or locating the site. + + + 初期値: 6 + + + + + + + For LDAP-based providers, the resolve operation is performed as part of an +LDAP connection operation. Therefore, also the +ldap_opt_timeout timeout should be set to a larger value than +dns_resolver_timeout which in turn should be set to a larger +value than dns_resolver_op_timeout which should be larger +than dns_resolver_server_timeout. + + + diff --git a/src/man/ja/include/homedir_substring.xml b/src/man/ja/include/homedir_substring.xml new file mode 100644 index 0000000..d7533de --- /dev/null +++ b/src/man/ja/include/homedir_substring.xml @@ -0,0 +1,17 @@ + + homedir_substring (string) + + + The value of this option will be used in the expansion of the +override_homedir option if the template contains the +format string %H. An LDAP directory entry can directly +contain this template so that this option can be used to expand the home +directory path for each client machine (or operating system). It can be set +per-domain or globally in the [nss] section. A value specified in a domain +section will override one set in the [nss] section. + + + Default: /home + + + diff --git a/src/man/ja/include/ipa_modified_defaults.xml b/src/man/ja/include/ipa_modified_defaults.xml new file mode 100644 index 0000000..4ad4b45 --- /dev/null +++ b/src/man/ja/include/ipa_modified_defaults.xml @@ -0,0 +1,123 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and IPA provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_fast = try + + + + + krb5_canonicalize = true + + + + + + LDAP Provider - General + + + + ldap_schema = ipa_v1 + + + + + ldap_force_upper_case_realm = true + + + + + ldap_sasl_mech = GSSAPI + + + + + ldap_sasl_minssf = 56 + + + + + ldap_account_expire_policy = ipa + + + + + ldap_use_tokengroups = true + + + + + + LDAP Provider - User options + + + + ldap_user_member_of = memberOf + + + + + ldap_user_uuid = ipaUniqueID + + + + + ldap_user_ssh_public_key = ipaSshPubKey + + + + + ldap_user_auth_type = ipaUserAuthType + + + + + + LDAP Provider - Group options + + + + ldap_group_object_class = ipaUserGroup + + + + + ldap_group_object_class_alt = posixGroup + + + + + ldap_group_member = member + + + + + ldap_group_uuid = ipaUniqueID + + + + + ldap_group_objectsid = ipaNTSecurityIdentifier + + + + + ldap_group_external_member = ipaExternalMember + + + + + diff --git a/src/man/ja/include/krb5_options.xml b/src/man/ja/include/krb5_options.xml new file mode 100644 index 0000000..65c5246 --- /dev/null +++ b/src/man/ja/include/krb5_options.xml @@ -0,0 +1,148 @@ + + + krb5_auth_timeout (整数) + + + オンライン認証またはパスワード変更要求が中止された後の秒単位のタイムアウトです。可能ならば、認証要求がオフラインで継続されます。 + + + 初期値: 6 + + + + + + krb5_validate (論理値) + + + Verify with the help of krb5_keytab that the TGT obtained has not been +spoofed. The keytab is checked for entries sequentially, and the first entry +with a matching realm is used for validation. If no entry matches the realm, +the last entry in the keytab is used. This process can be used to validate +environments using cross-realm trust by placing the appropriate keytab entry +as the last entry or the only entry in the keytab file. + + + Default: false (IPA and AD provider: true) + + + Please note that the ticket validation is the first step when checking the +PAC (see 'pac_check' in the +sssd.conf 5 + manual page for details). If ticket validation is disabled +the PAC checks will be skipped as well. + + + + + + krb5_renewable_lifetime (文字列) + + + Request a renewable ticket with a total lifetime, given as an integer +immediately followed by a time unit: + + + 秒は s + + + 分は m + + + 時間は h + + + 日は d + + + 単位が指定されていないと、s と仮定されます。 + + + 注: 単位を混在できないことに注意してください。更新可能な生存期間を1時間30分に指定したい場合、'1h30m' の代わりに '90m' を使用します。 + + + 初期値: 設定されません、つまり TGT は更新可能ではありません + + + + + + krb5_lifetime (文字列) + + + Request ticket with a lifetime, given as an integer immediately followed by +a time unit: + + + 秒は s + + + 分は m + + + 時間は h + + + 日は d + + + 単位が指定されていないと、s と仮定されます。 + + + 注: 単位を混在できないことに注意してください。更新可能な生存期間を1時間30分に指定したい場合、'1h30m' の代わりに '90m' +を使用してください。 + + + 初期値: 設定されません、つまり KDC において設定されているチケット有効期間の初期値です。 + + + + + + krb5_renew_interval (文字列) + + + The time in seconds between two checks if the TGT should be renewed. TGTs +are renewed if about half of their lifetime is exceeded, given as an integer +immediately followed by a time unit: + + + 秒は s + + + 分は m + + + 時間は h + + + 日は d + + + 単位が指定されていないと、s と仮定されます。 + + + 注: 単位を混在できないことに注意してください。更新可能な生存期間を1時間30分に指定したい場合、'1h30m' の代わりに '90m' を使用します。 + + + このオプションが設定されていない場合、または 0 に設定されている場合、自動更新は無効になります。 + + + 初期値: 設定されません + + + + + + krb5_canonicalize (論理値) + + + ホストとユーザーのプリンシパルが正規化されるかどうかを指定します。この機能は MIT Kerberos 1.7 およびそれ以降で利用可能です。 + + + + 初期値: false + + + + diff --git a/src/man/ja/include/ldap_id_mapping.xml b/src/man/ja/include/ldap_id_mapping.xml new file mode 100644 index 0000000..e4ec141 --- /dev/null +++ b/src/man/ja/include/ldap_id_mapping.xml @@ -0,0 +1,282 @@ + + ID マッピング + + The ID-mapping feature allows SSSD to act as a client of Active Directory +without requiring administrators to extend user attributes to support POSIX +attributes for user and group identifiers. + + + NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are +ignored. This is to avoid the possibility of conflicts between +automatically-assigned and manually-assigned values. If you need to use +manually-assigned values, ALL values must be manually-assigned. + + + Please note that changing the ID mapping related configuration options will +cause user and group IDs to change. At the moment, SSSD does not support +changing IDs, so the SSSD database must be removed. Because cached passwords +are also stored in the database, removing the database should only be +performed while the authentication servers are reachable, otherwise users +might get locked out. In order to cache the password, an authentication must +be performed. It is not sufficient to use +sss_cache 8 + to remove the database, rather the process consists of: + + + + Making sure the remote servers are reachable + + + + + Stopping the SSSD service + + + + + Removing the database + + + + + Starting the SSSD service + + + + Moreover, as the change of IDs might necessitate the adjustment of other +system properties such as file and directory ownership, it's advisable to +plan ahead and test the ID mapping configuration thoroughly. + + + + マッピング・アルゴリズム + + Active Directory provides an objectSID for every user and group object in +the directory. This objectSID can be broken up into components that +represent the Active Directory domain identity and the relative identifier +(RID) of the user or group object. + + + The SSSD ID-mapping algorithm takes a range of available UIDs and divides it +into equally-sized component sections - called "slices"-. Each slice +represents the space available to an Active Directory domain. + + + When a user or group entry for a particular domain is encountered for the +first time, the SSSD allocates one of the available slices for that +domain. In order to make this slice-assignment repeatable on different +client machines, we select the slice based on the following algorithm: + + + The SID string is passed through the murmurhash3 algorithm to convert it to +a 32-bit hashed value. We then take the modulus of this value with the total +number of available slices to pick the slice. + + + NOTE: It is possible to encounter collisions in the hash and subsequent +modulus. In these situations, we will select the next available slice, but +it may not be possible to reproduce the same exact set of slices on other +machines (since the order that they are encountered will determine their +slice). In this situation, it is recommended to either switch to using +explicit POSIX attributes in Active Directory (disabling ID-mapping) or +configure a default domain to guarantee that at least one is always +consistent. See Configuration for details. + + + + + 設定 + + 最小の設定 ([domain/DOMAINNAME] セクションにおいて): + + + +ldap_id_mapping = True +ldap_schema = ad + + + + The default configuration results in configuring 10,000 slices, each capable +of holding up to 200,000 IDs, starting from 200,000 and going up to +2,000,200,000. This should be sufficient for most deployments. + + + 高度な設定 + + + ldap_idmap_range_min (整数) + + + Specifies the lower (inclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +can be used for the mapping. + + + NOTE: This option is different from min_id in that +min_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +min_id be less-than or equal to +ldap_idmap_range_min + + + 初期値: 200000 + + + + + ldap_idmap_range_max (整数) + + + Specifies the upper (exclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +cannot be used for the mapping anymore, i.e. one larger than the last one +which can be used for the mapping. + + + NOTE: This option is different from max_id in that +max_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +max_id be greater-than or equal to +ldap_idmap_range_max + + + 初期値: 2000200000 + + + + + ldap_idmap_range_size (整数) + + + 各スライスに利用可能な ID +番号を指定します。範囲の大きさが最小値、最大値の中にうまく分けられなければ、できる限り多くの完全なスライスとして作成されます。 + + + NOTE: The value of this option must be at least as large as the highest user +RID planned for use on the Active Directory server. User lookups and login +will fail for any user whose RID is greater than this value. + + + For example, if your most recently-added Active Directory user has +objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, +ldap_idmap_range_size must be at least 1108 as range size is +equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1). + + + It is important to plan ahead for future expansion, as changing this value +will result in changing all of the ID mappings on the system, leading to +users with different local IDs than they previously had. + + + 初期値: 200000 + + + + + ldap_idmap_default_domain_sid (文字列) + + + Specify the domain SID of the default domain. This will guarantee that this +domain will always be assigned to slice zero in the ID map, bypassing the +murmurhash algorithm described above. + + + 初期値: 設定されません + + + + + ldap_idmap_default_domain (文字列) + + + 初期ドメインの名前を指定します。 + + + 初期値: 設定されません + + + + + ldap_idmap_autorid_compat (論理値) + + + winbind の idmap_autorid アルゴリズムとより同じように振る舞うために ID +マッピングのアルゴリズムの振る舞いを変更します。 + + + When this option is configured, domains will be allocated starting with +slice zero and increasing monotonically with each additional domain. + + + 注記: このアルゴリズムは非決定的です (ユーザーとグループが要求された順番に依存します)。このモードはマシンが実行中の winbind +と互換性が必要ならば、少なくとも一つのドメインが一貫してスライス 0 +に割り当てられることを保証するために、ldap_idmap_default_domain_sid +オプションも使用することが推奨されます。 + + + 初期値: 偽 + + + + + ldap_idmap_helper_table_size (integer) + + + Maximal number of secondary slices that is tried when performing mapping +from UNIX id to SID. + + + Note: Additional secondary slices might be generated when SID is being +mapped to UNIX id and RID part of SID is out of range for secondary slices +generated so far. If value of ldap_idmap_helper_table_size is equal to 0 +then no additional secondary slices are generated. + + + 初期値: 10 + + + + + + + + + Well-Known SIDs + + SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a +special hardcoded meaning. Since the generic users and groups related to +those Well-Known SIDs have no equivalent in a Linux/UNIX environment no +POSIX IDs are available for those objects. + + + The SID name space is organized in authorities which can be seen as +different domains. The authorities for the Well-Known SIDs are + + Null Authority + World Authority + Local Authority + Creator Authority + Mandatory Label Authority + Authentication Authority + NT Authority + Built-in + + The capitalized version of these names are used as domain names when +returning the fully qualified name of a Well-Known SID. + + + Since some utilities allow to modify SID based access control information +with the help of a name instead of using the SID directly SSSD supports to +look up the SID by the name as well. To avoid collisions only the fully +qualified names can be used to look up Well-Known SIDs. As a result the +domain names NULL AUTHORITY, WORLD AUTHORITY, +LOCAL AUTHORITY, CREATOR AUTHORITY, +MANDATORY LABEL AUTHORITY, AUTHENTICATION +AUTHORITY, NT AUTHORITY and BUILTIN +should not be used as domain names in sssd.conf. + + + + diff --git a/src/man/ja/include/ldap_search_bases.xml b/src/man/ja/include/ldap_search_bases.xml new file mode 100644 index 0000000..9b3118b --- /dev/null +++ b/src/man/ja/include/ldap_search_bases.xml @@ -0,0 +1,30 @@ + + + オプションのベース DN。この属性の種別に対する LDAP 検索を制限する、検索範囲および LDAP フィルター。 + + + 構文: +search_base[?scope?[filter][?search_base?scope?[filter]]*] + + + + The scope can be one of "base", "onelevel" or "subtree". The scope functions +as specified in section 4.5.1.2 of http://tools.ietf.org/html/rfc4511 + + + フィルターは http://www.ietf.org/rfc/rfc2254.txt により指定されたような有効な LDAP +検索フィルターである必要があります。 + + + For examples of this syntax, please refer to the +ldap_search_base examples section. + + + 初期値: ldap_search_base の値 + + + Please note that specifying scope or filter is not supported for searches +against an Active Directory Server that might yield a large number of +results and trigger the Range Retrieval extension in the response. + + diff --git a/src/man/ja/include/local.xml b/src/man/ja/include/local.xml new file mode 100644 index 0000000..d293c3b --- /dev/null +++ b/src/man/ja/include/local.xml @@ -0,0 +1,17 @@ + + ローカルドメイン + + In order to function correctly, a domain with +id_provider=local must be created and the SSSD must be +running. + + + The administrator might want to use the SSSD local users instead of +traditional UNIX users in cases where the group nesting (see +sss_groupadd 8 +) is needed. The local users are also useful for testing and +development of the SSSD without having to deploy a full remote server. The +sss_user* and sss_group* tools use a +local LDB storage to store users and groups. + + diff --git a/src/man/ja/include/override_homedir.xml b/src/man/ja/include/override_homedir.xml new file mode 100644 index 0000000..13bafd7 --- /dev/null +++ b/src/man/ja/include/override_homedir.xml @@ -0,0 +1,77 @@ + +override_homedir (文字列) + + + ユーザーのホームディレクトリーを上書きします。絶対パスまたはテンプレートを提供できます。テンプレートでは、以下のシーケンスが置換されます: + + + %u + ログイン名 + + + %U + UID 番号 + + + %d + ドメイン名 + + + %f + 完全修飾ユーザー名 (user@domain) + + + %l + The first letter of the login name. + + + %P + UPN - User Principal Name (name@REALM) + + + %o + + The original home directory retrieved from the identity provider. + + + + %h + + The original home directory retrieved from the identity provider, but in +lower case. + + + + %H + + The value of configure option homedir_substring. + + + + %% + 文字 '%' + + + + + + このオプションはドメインごとに設定できます。 + + + 例: +override_homedir = /home/%u + + + + 初期値: 設定なし (SSSD は LDAP から取得された値を使用します) + + + Please note, the home directory from a specific override for the user, +either locally (see +sss_override +8) or centrally managed IPA +id-overrides, has a higher precedence and will be used instead of the value +given by override_homedir. + + + diff --git a/src/man/ja/include/param_help.xml b/src/man/ja/include/param_help.xml new file mode 100644 index 0000000..49af3ff --- /dev/null +++ b/src/man/ja/include/param_help.xml @@ -0,0 +1,10 @@ + + + , + + + + ヘルプメッセージを表示して終了します。 + + + diff --git a/src/man/ja/include/param_help_py.xml b/src/man/ja/include/param_help_py.xml new file mode 100644 index 0000000..c239492 --- /dev/null +++ b/src/man/ja/include/param_help_py.xml @@ -0,0 +1,10 @@ + + + , + + + + ヘルプメッセージを表示して終了します。 + + + diff --git a/src/man/ja/include/seealso.xml b/src/man/ja/include/seealso.xml new file mode 100644 index 0000000..82d0d32 --- /dev/null +++ b/src/man/ja/include/seealso.xml @@ -0,0 +1,49 @@ + + 関連項目 + + sssd8 +, +sssd.conf5 +, +sssd-ldap5 +, +sssd-ldap-attributes5 +, +sssd-krb55 +, +sssd-simple5 +, +sssd-ipa5 +, +sssd-ad5 +, +sssd-files5 +, +sssd-sudo 5 +, +sssd-session-recording +5 , +sss_cache8 +, +sss_debuglevel8 +, +sss_obfuscate8 +, +sss_seed8 +, +sssd_krb5_locator_plugin8 +, +sss_ssh_authorizedkeys +8 , +sss_ssh_knownhostsproxy +8 , sssd-ifp +5 , +pam_sss8 +. +sss_rpcidmapd 5 + +sssd-systemtap 5 + + + diff --git a/src/man/ja/include/service_discovery.xml b/src/man/ja/include/service_discovery.xml new file mode 100644 index 0000000..1e0efb9 --- /dev/null +++ b/src/man/ja/include/service_discovery.xml @@ -0,0 +1,37 @@ + + サービス探索 + + The service discovery feature allows back ends to automatically find the +appropriate servers to connect to using a special DNS query. This feature is +not supported for backup servers. + + + 設定 + + 何もサーバーが指定されていなければ、バックエンドがサーバーを見つけようとするために、サービス探索を自動的に使用します。オプションとして、サーバーの一覧に特別なキーワード +_srv_ +を挿入することにより、ユーザーが固定サーバーアドレスおよびサービス探索のどちらも使用することを選択できます。これは設定の順番が維持されます。たとえば、ユーザーができる限りサービス探索を使用し、DNS +を使用してサーバーを探索できないときに特定のサーバーにフォールバックしたい場合、この機能は有用です。 + + + + ドメイン名 + + 詳細は sssd.conf +5 マニュアルページにある +dns_discovery_domain パラメーターを参照してください。 + + + + プロトコル + + 問い合わせは通常プロトコルとして _tcp を指定します。その他はそれぞれのオプションの説明にドキュメント化されています。 + + + + 関連項目 + + サービス検索メカニズムに関する詳細は RFC 2782 を参照してください。 + + + diff --git a/src/man/ja/include/upstream.xml b/src/man/ja/include/upstream.xml new file mode 100644 index 0000000..2a4ad16 --- /dev/null +++ b/src/man/ja/include/upstream.xml @@ -0,0 +1,3 @@ + +SSSD The SSSD upstream - +https://github.com/SSSD/sssd/ diff --git a/src/man/ja/sss_obfuscate.8.xml b/src/man/ja/sss_obfuscate.8.xml new file mode 100644 index 0000000..9bf071f --- /dev/null +++ b/src/man/ja/sss_obfuscate.8.xml @@ -0,0 +1,91 @@ + + + +SSSD マニュアル ページ + + + + + sss_obfuscate + 8 + + + + sss_obfuscate + 平文パスワードをわかりにくくする + + + + +sss_obfuscate +options [PASSWORD] + + + + 概要 + + sss_obfuscate は、与えられたパスワードを人間が読みにくい形式に変換して、SSSD +設定ファイルの適切なドメインセクションに置きます。 + + + 平文のパスワードは、標準入力から読み込まれます、または対話的に入力されます。解読しにくくされたパスワードが指定された SSSD ドメインの +ldap_default_authtok パラメータに置かれます。また +ldap_default_authtok_type パラメーターが +obfuscated_password に設定されます。これらのパラメーターの詳細は +sssd-ldap 5 + を参照してください。 + + + パスワードをわかりにくくすることは、攻撃者がパスワードをリバースエンジニアリングできるので +実際にセキュリティの便益 は提供されません。クライアントサイド証明書や GSSAPI +のようなより良い認証機構を使用することを 強く 推奨します。 + + + + + オプション + + + + + , + + + + 解読しにくくするパスワードが標準入力から読み込まれます。 + + + + + + , +DOMAIN + + + + パスワードに使用する SSSD ドメインです。名前の初期値は default です。 + + + + + + , FILE + + + + 位置パラメーターにより指定された設定ファイルを読み込みます。 + + + 初期値: /etc/sssd/sssd.conf + + + + + + + + + + diff --git a/src/man/ja/sss_ssh_knownhostsproxy.1.xml b/src/man/ja/sss_ssh_knownhostsproxy.1.xml new file mode 100644 index 0000000..4790c28 --- /dev/null +++ b/src/man/ja/sss_ssh_knownhostsproxy.1.xml @@ -0,0 +1,103 @@ + + + +SSSD マニュアル ページ + + + + + sss_ssh_knownhostsproxy + 1 + + + + sss_ssh_knownhostsproxy + OpenSSH ホストキーを取得します + + + + +sss_ssh_knownhostsproxy +options HOST PROXY_COMMAND + + + + 概要 + + sss_ssh_knownhostsproxy acquires SSH host public keys for +host HOST, stores them in a custom OpenSSH +known_hosts file (see the SSH_KNOWN_HOSTS FILE FORMAT section +of sshd +8 for more information) +/var/lib/sss/pubconf/known_hosts and establishes the +connection to the host. + + + PROXY_COMMAND +が指定されていると、ソケットを開く代わりにホストへの接続を作成するために使用されます。 + + + ssh +1 は +ssh +1 設定に対して以下のディレクティブを使用することにより、ホストキー認証に +sss_ssh_knownhostsproxy を使用するために設定できます: +ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h +GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts + + + + + + オプション + + + + , PORT + + + + ホストに接続するためにポート PORT を使用します。初期値ではポート 22 が使用されます。 + + + + + + , +DOMAIN + + + + SSSD ドメイン DOMAIN においてホスト公開鍵を検索します。 + + + + + + , + + + + Print the host ssh public keys for host HOST. + + + + + + + + + 終了コード + + In case of success, an exit value of 0 is returned. Otherwise, 1 is +returned. + + + + + + + diff --git a/src/man/ja/sssd-simple.5.xml b/src/man/ja/sssd-simple.5.xml new file mode 100644 index 0000000..abb4fea --- /dev/null +++ b/src/man/ja/sssd-simple.5.xml @@ -0,0 +1,135 @@ + + + +SSSD マニュアル ページ + + + + + sssd-simple + 5 + ファイル形式および変換 + + + + sssd-simple + SSSD の 'simple' アクセス制御プロバイダーの設定ファイルです。 + + + + 概要 + + このマニュアルは sssd +8 に対して簡単なアクセス制御の設定を説明しています。詳細は + sssd.conf +5 マニュアルページの ファイル形式 +セクションを参照してください。 + + + シンプルアクセスプロバイダーは、ユーザー名またはグループ名のアクセスまたは拒否の一覧に基づいてアクセスを許可または拒否します。以下の例を適用します: + + + すべての一覧が空白ならば、アクセスが認められます + + + + 何らかの一覧が提供されていると、許可(allow)、拒否(deny)の順に評価されます。拒否ルールに一致するすべてのものは、許可ルールに一致するすべてのものを更新することを意味します。 + + + + + "allow" 一覧が提供されていると、すべてのユーザーはこの一覧に表れなければ拒否されます。 + + + + + "deny" 一覧のみが提供されていると、ユーザーがこの一覧に表れない限り、すべてのユーザーがアクセスを許可されます。 + + + + + + + + 設定オプション + SSSD ドメインの設定に関する詳細は sssd.conf +5 マニュアルページの ドメインセクション +のセクションを参照してください。 + + simple_allow_users (文字列) + + + ログインが許可されたユーザーのカンマ区切り一覧です。 + + + + + + simple_deny_users (文字列) + + + アクセスが明示的に拒否されたユーザーのカンマ区切り一覧です。 + + + + + simple_allow_groups (文字列) + + + ログインが許可されたグループのカンマ区切り一覧です。この SSSD ドメインの中のグループのみに適用されます。ローカルグループは評価されません。 + + + + + + simple_deny_groups (文字列) + + + アクセスが明示的に拒否されたグループのカンマ区切り一覧です。この SSSD ドメインの中のグループのみに適用されます。ローカルグループは評価されません。 + + + + + + + Specifying no values for any of the lists is equivalent to skipping it +entirely. Beware of this while generating parameters for the simple provider +using automated scripts. + + + simple_allow_users と simple_deny_users がどちらも定義されると、設定エラーになることに注意してください。 + + + + + + + 以下の例は、SSSD が正しく設定され、example.com が [sssd] +セクションにあるドメインの 1 つであると仮定します。この例はアクセスプロバイダー固有の簡単なオプションのみを示します。 + + + +[domain/example.com] +access_provider = simple +simple_allow_users = user1, user2 + + + + + + 注記 + + The complete group membership hierarchy is resolved before the access check, +thus even nested groups can be included in the access lists. Please be +aware that the ldap_group_nesting_level option may impact the +results and should be set to a sufficient value. ( +sssd-ldap5 +) option. + + + + + + + diff --git a/src/man/lv/include/ad_modified_defaults.xml b/src/man/lv/include/ad_modified_defaults.xml new file mode 100644 index 0000000..6ee0537 --- /dev/null +++ b/src/man/lv/include/ad_modified_defaults.xml @@ -0,0 +1,104 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and AD provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_enterprise_principal = true + + + + + + LDAP Provider + + + + ldap_schema = ad + + + + + ldap_force_upper_case_realm = true + + + + + ldap_id_mapping = true + + + + + ldap_sasl_mech = GSS-SPNEGO + + + + + ldap_referrals = false + + + + + ldap_account_expire_policy = ad + + + + + ldap_use_tokengroups = true + + + + + ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM) + + + The AD provider looks for a different principal than the LDAP provider by +default, because in an Active Directory environment the principals are +divided into two groups - User Principals and Service Principals. Only User +Principal can be used to obtain a TGT and by default, computer object's +principal is constructed from its sAMAccountName and the AD realm. The +well-known host/hostname@REALM principal is a Service Principal and thus +cannot be used to get a TGT with. + + + + + + NSS configuration + + + + fallback_homedir = /home/%d/%u + + + The AD provider automatically sets "fallback_homedir = /home/%d/%u" to +provide personal home directories for users without the homeDirectory +attribute. If your AD Domain is properly populated with Posix attributes, +and you want to avoid this fallback behavior, you can explicitly set +"fallback_homedir = %o". + + + Note that the system typically expects a home directory in /home/%u +folder. If you decide to use a different directory structure, some other +parts of your system may need adjustments. + + + For example automated creation of home directories in combination with +selinux requires selinux adjustment, otherwise the home directory will be +created with wrong selinux context. + + + + + diff --git a/src/man/lv/include/autofs_attributes.xml b/src/man/lv/include/autofs_attributes.xml new file mode 100644 index 0000000..8016b31 --- /dev/null +++ b/src/man/lv/include/autofs_attributes.xml @@ -0,0 +1,66 @@ + + + ldap_autofs_map_object_class (string) + + + The object class of an automount map entry in LDAP. + + + Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap + + + + + + ldap_autofs_map_name (string) + + + The name of an automount map entry in LDAP. + + + Default: nisMapName (rfc2307, autofs_provider=ad), otherwise +automountMapName + + + + + + ldap_autofs_entry_object_class (string) + + + The object class of an automount entry in LDAP. The entry usually +corresponds to a mount point. + + + Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount + + + + + + ldap_autofs_entry_key (string) + + + The key of an automount entry in LDAP. The entry usually corresponds to a +mount point. + + + Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey + + + + + + ldap_autofs_entry_value (string) + + + The key of an automount entry in LDAP. The entry usually corresponds to a +mount point. + + + Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise +automountInformation + + + + diff --git a/src/man/lv/include/autofs_restart.xml b/src/man/lv/include/autofs_restart.xml new file mode 100644 index 0000000..f31efe5 --- /dev/null +++ b/src/man/lv/include/autofs_restart.xml @@ -0,0 +1,5 @@ + + Please note that the automounter only reads the master map on startup, so if +any autofs-related changes are made to the sssd.conf, you typically also +need to restart the automounter daemon after restarting the SSSD. + diff --git a/src/man/lv/include/debug_levels.xml b/src/man/lv/include/debug_levels.xml new file mode 100644 index 0000000..1f51573 --- /dev/null +++ b/src/man/lv/include/debug_levels.xml @@ -0,0 +1,97 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Please note that each SSSD service logs into its own log file. Also please +note that enabling debug_level in the [sssd] +section only enables debugging just for the sssd process itself, not for the +responder or provider processes. The debug_level parameter +should be added to all sections that you wish to produce debug logs from. + + + In addition to changing the log level in the config file using the +debug_level parameter, which is persistent, but requires SSSD +restart, it is also possible to change the debug level on the fly using the + sss_debuglevel +8 tool. + + + Currently supported debug levels: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 9, 0x20000: Performance and +statistical data, please note that due to the way requests are processed +internally the logged execution time of a request might be longer than it +actually was. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Example: To log fatal failures, critical failures, +serious failures and function data use 0x0270. + + + Example: To log fatal failures, configuration settings, +function data, trace messages for internal control functions use 0x1310. + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/lv/include/debug_levels_tools.xml b/src/man/lv/include/debug_levels_tools.xml new file mode 100644 index 0000000..23f2f89 --- /dev/null +++ b/src/man/lv/include/debug_levels_tools.xml @@ -0,0 +1,77 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Currently supported debug levels: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Example: To log fatal failures, critical failures, +serious failures and function data use 0x0270. + + + Example: To log fatal failures, configuration settings, +function data, trace messages for internal control functions use 0x1310. + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/lv/include/failover.xml b/src/man/lv/include/failover.xml new file mode 100644 index 0000000..1e6d084 --- /dev/null +++ b/src/man/lv/include/failover.xml @@ -0,0 +1,120 @@ + + FAILOVER + + The failover feature allows back ends to automatically switch to a different +server if the current server fails. + + + Failover Syntax + + The list of servers is given as a comma-separated list; any number of spaces +is allowed around the comma. The servers are listed in order of +preference. The list can contain any number of servers. + + + For each failover-enabled config option, two variants exist: +primary and backup. The idea is +that servers in the primary list are preferred and backup servers are only +searched if no primary servers can be reached. If a backup server is +selected, a timeout of 31 seconds is set. After this timeout SSSD will +periodically try to reconnect to one of the primary servers. If it succeeds, +it will replace the current active (backup) server. + + + + The Failover Mechanism + + The failover mechanism distinguishes between a machine and a service. The +back end first tries to resolve the hostname of a given machine; if this +resolution attempt fails, the machine is considered offline. No further +attempts are made to connect to this machine for any other service. If the +resolution attempt succeeds, the back end tries to connect to a service on +this machine. If the service connection attempt fails, then only this +particular service is considered offline and the back end automatically +switches over to the next service. The machine is still considered online +and might still be tried for another service. + + + Further connection attempts are made to machines or services marked as +offline after a specified period of time; this is currently hard coded to 30 +seconds. + + + If there are no more machines to try, the back end as a whole switches to +offline mode, and then attempts to reconnect every 30 seconds. + + + + Failover time outs and tuning + + Resolving a server to connect to can be as simple as running a single DNS +query or can involve several steps, such as finding the correct site or +trying out multiple host names in case some of the configured servers are +not reachable. The more complex scenarios can take some time and SSSD needs +to balance between providing enough time to finish the resolution process +but on the other hand, not trying for too long before falling back to +offline mode. If the SSSD debug logs show that the server resolution is +timing out before a live server is contacted, you can consider changing the +time outs. + + + This section lists the available tunables. Please refer to their description +in the +sssd.conf5 +, manual page. + + + dns_resolver_server_timeout + + + + Time in milliseconds that sets how long would SSSD talk to a single DNS +server before trying next one. + + + Default: 1000 + + + + + + dns_resolver_op_timeout + + + + Time in seconds to tell how long would SSSD try to resolve single DNS query +(e.g. resolution of a hostname or an SRV record) before trying the next +hostname or discovery domain. + + + Default: 3 + + + + + + dns_resolver_timeout + + + + How long would SSSD try to resolve a failover service. This service +resolution internally might include several steps, such as resolving DNS SRV +queries or locating the site. + + + Noklusējuma: 6 + + + + + + + For LDAP-based providers, the resolve operation is performed as part of an +LDAP connection operation. Therefore, also the +ldap_opt_timeout timeout should be set to a larger value than +dns_resolver_timeout which in turn should be set to a larger +value than dns_resolver_op_timeout which should be larger +than dns_resolver_server_timeout. + + + diff --git a/src/man/lv/include/homedir_substring.xml b/src/man/lv/include/homedir_substring.xml new file mode 100644 index 0000000..d7533de --- /dev/null +++ b/src/man/lv/include/homedir_substring.xml @@ -0,0 +1,17 @@ + + homedir_substring (string) + + + The value of this option will be used in the expansion of the +override_homedir option if the template contains the +format string %H. An LDAP directory entry can directly +contain this template so that this option can be used to expand the home +directory path for each client machine (or operating system). It can be set +per-domain or globally in the [nss] section. A value specified in a domain +section will override one set in the [nss] section. + + + Default: /home + + + diff --git a/src/man/lv/include/ipa_modified_defaults.xml b/src/man/lv/include/ipa_modified_defaults.xml new file mode 100644 index 0000000..4ad4b45 --- /dev/null +++ b/src/man/lv/include/ipa_modified_defaults.xml @@ -0,0 +1,123 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and IPA provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_fast = try + + + + + krb5_canonicalize = true + + + + + + LDAP Provider - General + + + + ldap_schema = ipa_v1 + + + + + ldap_force_upper_case_realm = true + + + + + ldap_sasl_mech = GSSAPI + + + + + ldap_sasl_minssf = 56 + + + + + ldap_account_expire_policy = ipa + + + + + ldap_use_tokengroups = true + + + + + + LDAP Provider - User options + + + + ldap_user_member_of = memberOf + + + + + ldap_user_uuid = ipaUniqueID + + + + + ldap_user_ssh_public_key = ipaSshPubKey + + + + + ldap_user_auth_type = ipaUserAuthType + + + + + + LDAP Provider - Group options + + + + ldap_group_object_class = ipaUserGroup + + + + + ldap_group_object_class_alt = posixGroup + + + + + ldap_group_member = member + + + + + ldap_group_uuid = ipaUniqueID + + + + + ldap_group_objectsid = ipaNTSecurityIdentifier + + + + + ldap_group_external_member = ipaExternalMember + + + + + diff --git a/src/man/lv/include/krb5_options.xml b/src/man/lv/include/krb5_options.xml new file mode 100644 index 0000000..135f710 --- /dev/null +++ b/src/man/lv/include/krb5_options.xml @@ -0,0 +1,153 @@ + + + krb5_auth_timeout (integer) + + + Timeout in seconds after an online authentication request or change password +request is aborted. If possible, the authentication request is continued +offline. + + + Noklusējuma: 6 + + + + + + krb5_validate (boolean) + + + Verify with the help of krb5_keytab that the TGT obtained has not been +spoofed. The keytab is checked for entries sequentially, and the first entry +with a matching realm is used for validation. If no entry matches the realm, +the last entry in the keytab is used. This process can be used to validate +environments using cross-realm trust by placing the appropriate keytab entry +as the last entry or the only entry in the keytab file. + + + Default: false (IPA and AD provider: true) + + + Please note that the ticket validation is the first step when checking the +PAC (see 'pac_check' in the +sssd.conf 5 + manual page for details). If ticket validation is disabled +the PAC checks will be skipped as well. + + + + + + krb5_renewable_lifetime (string) + + + Request a renewable ticket with a total lifetime, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + Default: not set, i.e. the TGT is not renewable + + + + + + krb5_lifetime (string) + + + Request ticket with a lifetime, given as an integer immediately followed by +a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given s is assumed. + + + NOTE: It is not possible to mix units. To set the lifetime to one and a +half hours please use '90m' instead of '1h30m'. + + + Default: not set, i.e. the default ticket lifetime configured on the KDC. + + + + + + krb5_renew_interval (string) + + + The time in seconds between two checks if the TGT should be renewed. TGTs +are renewed if about half of their lifetime is exceeded, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + If this option is not set or is 0 the automatic renewal is disabled. + + + Default: not set + + + + + + krb5_canonicalize (boolean) + + + Specifies if the host and user principal should be canonicalized. This +feature is available with MIT Kerberos 1.7 and later versions. + + + + Default: false + + + + diff --git a/src/man/lv/include/ldap_id_mapping.xml b/src/man/lv/include/ldap_id_mapping.xml new file mode 100644 index 0000000..fb24b02 --- /dev/null +++ b/src/man/lv/include/ldap_id_mapping.xml @@ -0,0 +1,284 @@ + + ID MAPPING + + The ID-mapping feature allows SSSD to act as a client of Active Directory +without requiring administrators to extend user attributes to support POSIX +attributes for user and group identifiers. + + + NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are +ignored. This is to avoid the possibility of conflicts between +automatically-assigned and manually-assigned values. If you need to use +manually-assigned values, ALL values must be manually-assigned. + + + Please note that changing the ID mapping related configuration options will +cause user and group IDs to change. At the moment, SSSD does not support +changing IDs, so the SSSD database must be removed. Because cached passwords +are also stored in the database, removing the database should only be +performed while the authentication servers are reachable, otherwise users +might get locked out. In order to cache the password, an authentication must +be performed. It is not sufficient to use +sss_cache 8 + to remove the database, rather the process consists of: + + + + Making sure the remote servers are reachable + + + + + Stopping the SSSD service + + + + + Removing the database + + + + + Starting the SSSD service + + + + Moreover, as the change of IDs might necessitate the adjustment of other +system properties such as file and directory ownership, it's advisable to +plan ahead and test the ID mapping configuration thoroughly. + + + + Mapping Algorithm + + Active Directory provides an objectSID for every user and group object in +the directory. This objectSID can be broken up into components that +represent the Active Directory domain identity and the relative identifier +(RID) of the user or group object. + + + The SSSD ID-mapping algorithm takes a range of available UIDs and divides it +into equally-sized component sections - called "slices"-. Each slice +represents the space available to an Active Directory domain. + + + When a user or group entry for a particular domain is encountered for the +first time, the SSSD allocates one of the available slices for that +domain. In order to make this slice-assignment repeatable on different +client machines, we select the slice based on the following algorithm: + + + The SID string is passed through the murmurhash3 algorithm to convert it to +a 32-bit hashed value. We then take the modulus of this value with the total +number of available slices to pick the slice. + + + NOTE: It is possible to encounter collisions in the hash and subsequent +modulus. In these situations, we will select the next available slice, but +it may not be possible to reproduce the same exact set of slices on other +machines (since the order that they are encountered will determine their +slice). In this situation, it is recommended to either switch to using +explicit POSIX attributes in Active Directory (disabling ID-mapping) or +configure a default domain to guarantee that at least one is always +consistent. See Configuration for details. + + + + + Configuration + + Minimum configuration (in the [domain/DOMAINNAME] section): + + + +ldap_id_mapping = True +ldap_schema = ad + + + + The default configuration results in configuring 10,000 slices, each capable +of holding up to 200,000 IDs, starting from 200,000 and going up to +2,000,200,000. This should be sufficient for most deployments. + + + Advanced Configuration + + + ldap_idmap_range_min (integer) + + + Specifies the lower (inclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +can be used for the mapping. + + + NOTE: This option is different from min_id in that +min_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +min_id be less-than or equal to +ldap_idmap_range_min + + + Default: 200000 + + + + + ldap_idmap_range_max (integer) + + + Specifies the upper (exclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +cannot be used for the mapping anymore, i.e. one larger than the last one +which can be used for the mapping. + + + NOTE: This option is different from max_id in that +max_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +max_id be greater-than or equal to +ldap_idmap_range_max + + + Default: 2000200000 + + + + + ldap_idmap_range_size (integer) + + + Specifies the number of IDs available for each slice. If the range size +does not divide evenly into the min and max values, it will create as many +complete slices as it can. + + + NOTE: The value of this option must be at least as large as the highest user +RID planned for use on the Active Directory server. User lookups and login +will fail for any user whose RID is greater than this value. + + + For example, if your most recently-added Active Directory user has +objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, +ldap_idmap_range_size must be at least 1108 as range size is +equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1). + + + It is important to plan ahead for future expansion, as changing this value +will result in changing all of the ID mappings on the system, leading to +users with different local IDs than they previously had. + + + Default: 200000 + + + + + ldap_idmap_default_domain_sid (string) + + + Specify the domain SID of the default domain. This will guarantee that this +domain will always be assigned to slice zero in the ID map, bypassing the +murmurhash algorithm described above. + + + Default: not set + + + + + ldap_idmap_default_domain (string) + + + Specify the name of the default domain. + + + Default: not set + + + + + ldap_idmap_autorid_compat (boolean) + + + Changes the behavior of the ID-mapping algorithm to behave more similarly to +winbind's idmap_autorid algorithm. + + + When this option is configured, domains will be allocated starting with +slice zero and increasing monotonically with each additional domain. + + + NOTE: This algorithm is non-deterministic (it depends on the order that +users and groups are requested). If this mode is required for compatibility +with machines running winbind, it is recommended to also use the +ldap_idmap_default_domain_sid option to guarantee that at +least one domain is consistently allocated to slice zero. + + + Default: False + + + + + ldap_idmap_helper_table_size (integer) + + + Maximal number of secondary slices that is tried when performing mapping +from UNIX id to SID. + + + Note: Additional secondary slices might be generated when SID is being +mapped to UNIX id and RID part of SID is out of range for secondary slices +generated so far. If value of ldap_idmap_helper_table_size is equal to 0 +then no additional secondary slices are generated. + + + Noklusējuma: 10 + + + + + + + + + Well-Known SIDs + + SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a +special hardcoded meaning. Since the generic users and groups related to +those Well-Known SIDs have no equivalent in a Linux/UNIX environment no +POSIX IDs are available for those objects. + + + The SID name space is organized in authorities which can be seen as +different domains. The authorities for the Well-Known SIDs are + + Null Authority + World Authority + Local Authority + Creator Authority + Mandatory Label Authority + Authentication Authority + NT Authority + Built-in + + The capitalized version of these names are used as domain names when +returning the fully qualified name of a Well-Known SID. + + + Since some utilities allow to modify SID based access control information +with the help of a name instead of using the SID directly SSSD supports to +look up the SID by the name as well. To avoid collisions only the fully +qualified names can be used to look up Well-Known SIDs. As a result the +domain names NULL AUTHORITY, WORLD AUTHORITY, +LOCAL AUTHORITY, CREATOR AUTHORITY, +MANDATORY LABEL AUTHORITY, AUTHENTICATION +AUTHORITY, NT AUTHORITY and BUILTIN +should not be used as domain names in sssd.conf. + + + + diff --git a/src/man/lv/include/ldap_search_bases.xml b/src/man/lv/include/ldap_search_bases.xml new file mode 100644 index 0000000..189f862 --- /dev/null +++ b/src/man/lv/include/ldap_search_bases.xml @@ -0,0 +1,31 @@ + + + An optional base DN, search scope and LDAP filter to restrict LDAP searches +for this attribute type. + + + syntax: +search_base[?scope?[filter][?search_base?scope?[filter]]*] + + + + The scope can be one of "base", "onelevel" or "subtree". The scope functions +as specified in section 4.5.1.2 of http://tools.ietf.org/html/rfc4511 + + + The filter must be a valid LDAP search filter as specified by +http://www.ietf.org/rfc/rfc2254.txt + + + For examples of this syntax, please refer to the +ldap_search_base examples section. + + + Default: the value of ldap_search_base + + + Please note that specifying scope or filter is not supported for searches +against an Active Directory Server that might yield a large number of +results and trigger the Range Retrieval extension in the response. + + diff --git a/src/man/lv/include/local.xml b/src/man/lv/include/local.xml new file mode 100644 index 0000000..ce849a3 --- /dev/null +++ b/src/man/lv/include/local.xml @@ -0,0 +1,17 @@ + + THE LOCAL DOMAIN + + In order to function correctly, a domain with +id_provider=local must be created and the SSSD must be +running. + + + The administrator might want to use the SSSD local users instead of +traditional UNIX users in cases where the group nesting (see +sss_groupadd 8 +) is needed. The local users are also useful for testing and +development of the SSSD without having to deploy a full remote server. The +sss_user* and sss_group* tools use a +local LDB storage to store users and groups. + + diff --git a/src/man/lv/include/override_homedir.xml b/src/man/lv/include/override_homedir.xml new file mode 100644 index 0000000..68a1c5e --- /dev/null +++ b/src/man/lv/include/override_homedir.xml @@ -0,0 +1,78 @@ + +override_homedir (string) + + + Override the user's home directory. You can either provide an absolute value +or a template. In the template, the following sequences are substituted: + + + %u + login name + + + %U + UID number + + + %d + domain name + + + %f + fully qualified user name (user@domain) + + + %l + The first letter of the login name. + + + %P + UPN - User Principal Name (name@REALM) + + + %o + + The original home directory retrieved from the identity provider. + + + + %h + + The original home directory retrieved from the identity provider, but in +lower case. + + + + %H + + The value of configure option homedir_substring. + + + + %% + a literal '%' + + + + + + This option can also be set per-domain. + + + example: +override_homedir = /home/%u + + + + Default: Not set (SSSD will use the value retrieved from LDAP) + + + Please note, the home directory from a specific override for the user, +either locally (see +sss_override +8) or centrally managed IPA +id-overrides, has a higher precedence and will be used instead of the value +given by override_homedir. + + + diff --git a/src/man/lv/include/param_help.xml b/src/man/lv/include/param_help.xml new file mode 100644 index 0000000..d28020b --- /dev/null +++ b/src/man/lv/include/param_help.xml @@ -0,0 +1,10 @@ + + + , + + + + Display help message and exit. + + + diff --git a/src/man/lv/include/param_help_py.xml b/src/man/lv/include/param_help_py.xml new file mode 100644 index 0000000..a2478bf --- /dev/null +++ b/src/man/lv/include/param_help_py.xml @@ -0,0 +1,10 @@ + + + , + + + + Display help message and exit. + + + diff --git a/src/man/lv/include/seealso.xml b/src/man/lv/include/seealso.xml new file mode 100644 index 0000000..4d62f00 --- /dev/null +++ b/src/man/lv/include/seealso.xml @@ -0,0 +1,49 @@ + + SKATĪT ARĪ + + sssd8 +, +sssd.conf5 +, +sssd-ldap5 +, +sssd-ldap-attributes5 +, +sssd-krb55 +, +sssd-simple5 +, +sssd-ipa5 +, +sssd-ad5 +, +sssd-files5 +, +sssd-sudo 5 +, +sssd-session-recording +5 , +sss_cache8 +, +sss_debuglevel8 +, +sss_obfuscate8 +, +sss_seed8 +, +sssd_krb5_locator_plugin8 +, +sss_ssh_authorizedkeys +8 , +sss_ssh_knownhostsproxy +8 , sssd-ifp +5 , +pam_sss8 +. +sss_rpcidmapd 5 + +sssd-systemtap 5 + + + diff --git a/src/man/lv/include/service_discovery.xml b/src/man/lv/include/service_discovery.xml new file mode 100644 index 0000000..2e417a9 --- /dev/null +++ b/src/man/lv/include/service_discovery.xml @@ -0,0 +1,41 @@ + + SERVICE DISCOVERY + + The service discovery feature allows back ends to automatically find the +appropriate servers to connect to using a special DNS query. This feature is +not supported for backup servers. + + + Configuration + + If no servers are specified, the back end automatically uses service +discovery to try to find a server. Optionally, the user may choose to use +both fixed server addresses and service discovery by inserting a special +keyword, _srv_, in the list of servers. The order of +preference is maintained. This feature is useful if, for example, the user +prefers to use service discovery whenever possible, and fall back to a +specific server when no servers can be discovered using DNS. + + + + The domain name + + Please refer to the dns_discovery_domain parameter in the + sssd.conf +5 manual page for more details. + + + + The protocol + + The queries usually specify _tcp as the protocol. Exceptions are documented +in respective option description. + + + + See Also + + For more information on the service discovery mechanism, refer to RFC 2782. + + + diff --git a/src/man/lv/include/upstream.xml b/src/man/lv/include/upstream.xml new file mode 100644 index 0000000..2a4ad16 --- /dev/null +++ b/src/man/lv/include/upstream.xml @@ -0,0 +1,3 @@ + +SSSD The SSSD upstream - +https://github.com/SSSD/sssd/ diff --git a/src/man/man.stamp b/src/man/man.stamp new file mode 100644 index 0000000..e69de29 diff --git a/src/man/nl/include/ad_modified_defaults.xml b/src/man/nl/include/ad_modified_defaults.xml new file mode 100644 index 0000000..6ee0537 --- /dev/null +++ b/src/man/nl/include/ad_modified_defaults.xml @@ -0,0 +1,104 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and AD provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_enterprise_principal = true + + + + + + LDAP Provider + + + + ldap_schema = ad + + + + + ldap_force_upper_case_realm = true + + + + + ldap_id_mapping = true + + + + + ldap_sasl_mech = GSS-SPNEGO + + + + + ldap_referrals = false + + + + + ldap_account_expire_policy = ad + + + + + ldap_use_tokengroups = true + + + + + ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM) + + + The AD provider looks for a different principal than the LDAP provider by +default, because in an Active Directory environment the principals are +divided into two groups - User Principals and Service Principals. Only User +Principal can be used to obtain a TGT and by default, computer object's +principal is constructed from its sAMAccountName and the AD realm. The +well-known host/hostname@REALM principal is a Service Principal and thus +cannot be used to get a TGT with. + + + + + + NSS configuration + + + + fallback_homedir = /home/%d/%u + + + The AD provider automatically sets "fallback_homedir = /home/%d/%u" to +provide personal home directories for users without the homeDirectory +attribute. If your AD Domain is properly populated with Posix attributes, +and you want to avoid this fallback behavior, you can explicitly set +"fallback_homedir = %o". + + + Note that the system typically expects a home directory in /home/%u +folder. If you decide to use a different directory structure, some other +parts of your system may need adjustments. + + + For example automated creation of home directories in combination with +selinux requires selinux adjustment, otherwise the home directory will be +created with wrong selinux context. + + + + + diff --git a/src/man/nl/include/autofs_attributes.xml b/src/man/nl/include/autofs_attributes.xml new file mode 100644 index 0000000..8016b31 --- /dev/null +++ b/src/man/nl/include/autofs_attributes.xml @@ -0,0 +1,66 @@ + + + ldap_autofs_map_object_class (string) + + + The object class of an automount map entry in LDAP. + + + Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap + + + + + + ldap_autofs_map_name (string) + + + The name of an automount map entry in LDAP. + + + Default: nisMapName (rfc2307, autofs_provider=ad), otherwise +automountMapName + + + + + + ldap_autofs_entry_object_class (string) + + + The object class of an automount entry in LDAP. The entry usually +corresponds to a mount point. + + + Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount + + + + + + ldap_autofs_entry_key (string) + + + The key of an automount entry in LDAP. The entry usually corresponds to a +mount point. + + + Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey + + + + + + ldap_autofs_entry_value (string) + + + The key of an automount entry in LDAP. The entry usually corresponds to a +mount point. + + + Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise +automountInformation + + + + diff --git a/src/man/nl/include/autofs_restart.xml b/src/man/nl/include/autofs_restart.xml new file mode 100644 index 0000000..f31efe5 --- /dev/null +++ b/src/man/nl/include/autofs_restart.xml @@ -0,0 +1,5 @@ + + Please note that the automounter only reads the master map on startup, so if +any autofs-related changes are made to the sssd.conf, you typically also +need to restart the automounter daemon after restarting the SSSD. + diff --git a/src/man/nl/include/debug_levels.xml b/src/man/nl/include/debug_levels.xml new file mode 100644 index 0000000..1f51573 --- /dev/null +++ b/src/man/nl/include/debug_levels.xml @@ -0,0 +1,97 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Please note that each SSSD service logs into its own log file. Also please +note that enabling debug_level in the [sssd] +section only enables debugging just for the sssd process itself, not for the +responder or provider processes. The debug_level parameter +should be added to all sections that you wish to produce debug logs from. + + + In addition to changing the log level in the config file using the +debug_level parameter, which is persistent, but requires SSSD +restart, it is also possible to change the debug level on the fly using the + sss_debuglevel +8 tool. + + + Currently supported debug levels: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 9, 0x20000: Performance and +statistical data, please note that due to the way requests are processed +internally the logged execution time of a request might be longer than it +actually was. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Example: To log fatal failures, critical failures, +serious failures and function data use 0x0270. + + + Example: To log fatal failures, configuration settings, +function data, trace messages for internal control functions use 0x1310. + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/nl/include/debug_levels_tools.xml b/src/man/nl/include/debug_levels_tools.xml new file mode 100644 index 0000000..23f2f89 --- /dev/null +++ b/src/man/nl/include/debug_levels_tools.xml @@ -0,0 +1,77 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Currently supported debug levels: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Example: To log fatal failures, critical failures, +serious failures and function data use 0x0270. + + + Example: To log fatal failures, configuration settings, +function data, trace messages for internal control functions use 0x1310. + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/nl/include/failover.xml b/src/man/nl/include/failover.xml new file mode 100644 index 0000000..c89a9fa --- /dev/null +++ b/src/man/nl/include/failover.xml @@ -0,0 +1,120 @@ + + FAILOVER + + The failover feature allows back ends to automatically switch to a different +server if the current server fails. + + + Failover Syntax + + The list of servers is given as a comma-separated list; any number of spaces +is allowed around the comma. The servers are listed in order of +preference. The list can contain any number of servers. + + + For each failover-enabled config option, two variants exist: +primary and backup. The idea is +that servers in the primary list are preferred and backup servers are only +searched if no primary servers can be reached. If a backup server is +selected, a timeout of 31 seconds is set. After this timeout SSSD will +periodically try to reconnect to one of the primary servers. If it succeeds, +it will replace the current active (backup) server. + + + + The Failover Mechanism + + The failover mechanism distinguishes between a machine and a service. The +back end first tries to resolve the hostname of a given machine; if this +resolution attempt fails, the machine is considered offline. No further +attempts are made to connect to this machine for any other service. If the +resolution attempt succeeds, the back end tries to connect to a service on +this machine. If the service connection attempt fails, then only this +particular service is considered offline and the back end automatically +switches over to the next service. The machine is still considered online +and might still be tried for another service. + + + Further connection attempts are made to machines or services marked as +offline after a specified period of time; this is currently hard coded to 30 +seconds. + + + If there are no more machines to try, the back end as a whole switches to +offline mode, and then attempts to reconnect every 30 seconds. + + + + Failover time outs and tuning + + Resolving a server to connect to can be as simple as running a single DNS +query or can involve several steps, such as finding the correct site or +trying out multiple host names in case some of the configured servers are +not reachable. The more complex scenarios can take some time and SSSD needs +to balance between providing enough time to finish the resolution process +but on the other hand, not trying for too long before falling back to +offline mode. If the SSSD debug logs show that the server resolution is +timing out before a live server is contacted, you can consider changing the +time outs. + + + This section lists the available tunables. Please refer to their description +in the +sssd.conf5 +, manual page. + + + dns_resolver_server_timeout + + + + Time in milliseconds that sets how long would SSSD talk to a single DNS +server before trying next one. + + + Default: 1000 + + + + + + dns_resolver_op_timeout + + + + Time in seconds to tell how long would SSSD try to resolve single DNS query +(e.g. resolution of a hostname or an SRV record) before trying the next +hostname or discovery domain. + + + Standaard: 3 + + + + + + dns_resolver_timeout + + + + How long would SSSD try to resolve a failover service. This service +resolution internally might include several steps, such as resolving DNS SRV +queries or locating the site. + + + Default: 6 + + + + + + + For LDAP-based providers, the resolve operation is performed as part of an +LDAP connection operation. Therefore, also the +ldap_opt_timeout timeout should be set to a larger value than +dns_resolver_timeout which in turn should be set to a larger +value than dns_resolver_op_timeout which should be larger +than dns_resolver_server_timeout. + + + diff --git a/src/man/nl/include/homedir_substring.xml b/src/man/nl/include/homedir_substring.xml new file mode 100644 index 0000000..d7533de --- /dev/null +++ b/src/man/nl/include/homedir_substring.xml @@ -0,0 +1,17 @@ + + homedir_substring (string) + + + The value of this option will be used in the expansion of the +override_homedir option if the template contains the +format string %H. An LDAP directory entry can directly +contain this template so that this option can be used to expand the home +directory path for each client machine (or operating system). It can be set +per-domain or globally in the [nss] section. A value specified in a domain +section will override one set in the [nss] section. + + + Default: /home + + + diff --git a/src/man/nl/include/ipa_modified_defaults.xml b/src/man/nl/include/ipa_modified_defaults.xml new file mode 100644 index 0000000..4ad4b45 --- /dev/null +++ b/src/man/nl/include/ipa_modified_defaults.xml @@ -0,0 +1,123 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and IPA provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_fast = try + + + + + krb5_canonicalize = true + + + + + + LDAP Provider - General + + + + ldap_schema = ipa_v1 + + + + + ldap_force_upper_case_realm = true + + + + + ldap_sasl_mech = GSSAPI + + + + + ldap_sasl_minssf = 56 + + + + + ldap_account_expire_policy = ipa + + + + + ldap_use_tokengroups = true + + + + + + LDAP Provider - User options + + + + ldap_user_member_of = memberOf + + + + + ldap_user_uuid = ipaUniqueID + + + + + ldap_user_ssh_public_key = ipaSshPubKey + + + + + ldap_user_auth_type = ipaUserAuthType + + + + + + LDAP Provider - Group options + + + + ldap_group_object_class = ipaUserGroup + + + + + ldap_group_object_class_alt = posixGroup + + + + + ldap_group_member = member + + + + + ldap_group_uuid = ipaUniqueID + + + + + ldap_group_objectsid = ipaNTSecurityIdentifier + + + + + ldap_group_external_member = ipaExternalMember + + + + + diff --git a/src/man/nl/include/krb5_options.xml b/src/man/nl/include/krb5_options.xml new file mode 100644 index 0000000..e13ba89 --- /dev/null +++ b/src/man/nl/include/krb5_options.xml @@ -0,0 +1,153 @@ + + + krb5_auth_timeout (integer) + + + Timeout in seconds after an online authentication request or change password +request is aborted. If possible, the authentication request is continued +offline. + + + Default: 6 + + + + + + krb5_validate (boolean) + + + Verify with the help of krb5_keytab that the TGT obtained has not been +spoofed. The keytab is checked for entries sequentially, and the first entry +with a matching realm is used for validation. If no entry matches the realm, +the last entry in the keytab is used. This process can be used to validate +environments using cross-realm trust by placing the appropriate keytab entry +as the last entry or the only entry in the keytab file. + + + Default: false (IPA and AD provider: true) + + + Please note that the ticket validation is the first step when checking the +PAC (see 'pac_check' in the +sssd.conf 5 + manual page for details). If ticket validation is disabled +the PAC checks will be skipped as well. + + + + + + krb5_renewable_lifetime (string) + + + Request a renewable ticket with a total lifetime, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + Default: not set, i.e. the TGT is not renewable + + + + + + krb5_lifetime (string) + + + Request ticket with a lifetime, given as an integer immediately followed by +a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given s is assumed. + + + NOTE: It is not possible to mix units. To set the lifetime to one and a +half hours please use '90m' instead of '1h30m'. + + + Default: not set, i.e. the default ticket lifetime configured on the KDC. + + + + + + krb5_renew_interval (string) + + + The time in seconds between two checks if the TGT should be renewed. TGTs +are renewed if about half of their lifetime is exceeded, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + If this option is not set or is 0 the automatic renewal is disabled. + + + Default: not set + + + + + + krb5_canonicalize (boolean) + + + Specifies if the host and user principal should be canonicalized. This +feature is available with MIT Kerberos 1.7 and later versions. + + + + Default: false + + + + diff --git a/src/man/nl/include/ldap_id_mapping.xml b/src/man/nl/include/ldap_id_mapping.xml new file mode 100644 index 0000000..f80be8d --- /dev/null +++ b/src/man/nl/include/ldap_id_mapping.xml @@ -0,0 +1,284 @@ + + ID MAPPING + + The ID-mapping feature allows SSSD to act as a client of Active Directory +without requiring administrators to extend user attributes to support POSIX +attributes for user and group identifiers. + + + NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are +ignored. This is to avoid the possibility of conflicts between +automatically-assigned and manually-assigned values. If you need to use +manually-assigned values, ALL values must be manually-assigned. + + + Please note that changing the ID mapping related configuration options will +cause user and group IDs to change. At the moment, SSSD does not support +changing IDs, so the SSSD database must be removed. Because cached passwords +are also stored in the database, removing the database should only be +performed while the authentication servers are reachable, otherwise users +might get locked out. In order to cache the password, an authentication must +be performed. It is not sufficient to use +sss_cache 8 + to remove the database, rather the process consists of: + + + + Making sure the remote servers are reachable + + + + + Stopping the SSSD service + + + + + Removing the database + + + + + Starting the SSSD service + + + + Moreover, as the change of IDs might necessitate the adjustment of other +system properties such as file and directory ownership, it's advisable to +plan ahead and test the ID mapping configuration thoroughly. + + + + Mapping Algorithm + + Active Directory provides an objectSID for every user and group object in +the directory. This objectSID can be broken up into components that +represent the Active Directory domain identity and the relative identifier +(RID) of the user or group object. + + + The SSSD ID-mapping algorithm takes a range of available UIDs and divides it +into equally-sized component sections - called "slices"-. Each slice +represents the space available to an Active Directory domain. + + + When a user or group entry for a particular domain is encountered for the +first time, the SSSD allocates one of the available slices for that +domain. In order to make this slice-assignment repeatable on different +client machines, we select the slice based on the following algorithm: + + + The SID string is passed through the murmurhash3 algorithm to convert it to +a 32-bit hashed value. We then take the modulus of this value with the total +number of available slices to pick the slice. + + + NOTE: It is possible to encounter collisions in the hash and subsequent +modulus. In these situations, we will select the next available slice, but +it may not be possible to reproduce the same exact set of slices on other +machines (since the order that they are encountered will determine their +slice). In this situation, it is recommended to either switch to using +explicit POSIX attributes in Active Directory (disabling ID-mapping) or +configure a default domain to guarantee that at least one is always +consistent. See Configuration for details. + + + + + Configuration + + Minimum configuration (in the [domain/DOMAINNAME] section): + + + +ldap_id_mapping = True +ldap_schema = ad + + + + The default configuration results in configuring 10,000 slices, each capable +of holding up to 200,000 IDs, starting from 200,000 and going up to +2,000,200,000. This should be sufficient for most deployments. + + + Advanced Configuration + + + ldap_idmap_range_min (integer) + + + Specifies the lower (inclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +can be used for the mapping. + + + NOTE: This option is different from min_id in that +min_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +min_id be less-than or equal to +ldap_idmap_range_min + + + Default: 200000 + + + + + ldap_idmap_range_max (integer) + + + Specifies the upper (exclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +cannot be used for the mapping anymore, i.e. one larger than the last one +which can be used for the mapping. + + + NOTE: This option is different from max_id in that +max_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +max_id be greater-than or equal to +ldap_idmap_range_max + + + Default: 2000200000 + + + + + ldap_idmap_range_size (integer) + + + Specifies the number of IDs available for each slice. If the range size +does not divide evenly into the min and max values, it will create as many +complete slices as it can. + + + NOTE: The value of this option must be at least as large as the highest user +RID planned for use on the Active Directory server. User lookups and login +will fail for any user whose RID is greater than this value. + + + For example, if your most recently-added Active Directory user has +objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, +ldap_idmap_range_size must be at least 1108 as range size is +equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1). + + + It is important to plan ahead for future expansion, as changing this value +will result in changing all of the ID mappings on the system, leading to +users with different local IDs than they previously had. + + + Default: 200000 + + + + + ldap_idmap_default_domain_sid (string) + + + Specify the domain SID of the default domain. This will guarantee that this +domain will always be assigned to slice zero in the ID map, bypassing the +murmurhash algorithm described above. + + + Default: not set + + + + + ldap_idmap_default_domain (string) + + + Specify the name of the default domain. + + + Default: not set + + + + + ldap_idmap_autorid_compat (boolean) + + + Changes the behavior of the ID-mapping algorithm to behave more similarly to +winbind's idmap_autorid algorithm. + + + When this option is configured, domains will be allocated starting with +slice zero and increasing monotonically with each additional domain. + + + NOTE: This algorithm is non-deterministic (it depends on the order that +users and groups are requested). If this mode is required for compatibility +with machines running winbind, it is recommended to also use the +ldap_idmap_default_domain_sid option to guarantee that at +least one domain is consistently allocated to slice zero. + + + Default: False + + + + + ldap_idmap_helper_table_size (integer) + + + Maximal number of secondary slices that is tried when performing mapping +from UNIX id to SID. + + + Note: Additional secondary slices might be generated when SID is being +mapped to UNIX id and RID part of SID is out of range for secondary slices +generated so far. If value of ldap_idmap_helper_table_size is equal to 0 +then no additional secondary slices are generated. + + + Default: 10 + + + + + + + + + Well-Known SIDs + + SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a +special hardcoded meaning. Since the generic users and groups related to +those Well-Known SIDs have no equivalent in a Linux/UNIX environment no +POSIX IDs are available for those objects. + + + The SID name space is organized in authorities which can be seen as +different domains. The authorities for the Well-Known SIDs are + + Null Authority + World Authority + Local Authority + Creator Authority + Mandatory Label Authority + Authentication Authority + NT Authority + Built-in + + The capitalized version of these names are used as domain names when +returning the fully qualified name of a Well-Known SID. + + + Since some utilities allow to modify SID based access control information +with the help of a name instead of using the SID directly SSSD supports to +look up the SID by the name as well. To avoid collisions only the fully +qualified names can be used to look up Well-Known SIDs. As a result the +domain names NULL AUTHORITY, WORLD AUTHORITY, +LOCAL AUTHORITY, CREATOR AUTHORITY, +MANDATORY LABEL AUTHORITY, AUTHENTICATION +AUTHORITY, NT AUTHORITY and BUILTIN +should not be used as domain names in sssd.conf. + + + + diff --git a/src/man/nl/include/ldap_search_bases.xml b/src/man/nl/include/ldap_search_bases.xml new file mode 100644 index 0000000..189f862 --- /dev/null +++ b/src/man/nl/include/ldap_search_bases.xml @@ -0,0 +1,31 @@ + + + An optional base DN, search scope and LDAP filter to restrict LDAP searches +for this attribute type. + + + syntax: +search_base[?scope?[filter][?search_base?scope?[filter]]*] + + + + The scope can be one of "base", "onelevel" or "subtree". The scope functions +as specified in section 4.5.1.2 of http://tools.ietf.org/html/rfc4511 + + + The filter must be a valid LDAP search filter as specified by +http://www.ietf.org/rfc/rfc2254.txt + + + For examples of this syntax, please refer to the +ldap_search_base examples section. + + + Default: the value of ldap_search_base + + + Please note that specifying scope or filter is not supported for searches +against an Active Directory Server that might yield a large number of +results and trigger the Range Retrieval extension in the response. + + diff --git a/src/man/nl/include/local.xml b/src/man/nl/include/local.xml new file mode 100644 index 0000000..ce849a3 --- /dev/null +++ b/src/man/nl/include/local.xml @@ -0,0 +1,17 @@ + + THE LOCAL DOMAIN + + In order to function correctly, a domain with +id_provider=local must be created and the SSSD must be +running. + + + The administrator might want to use the SSSD local users instead of +traditional UNIX users in cases where the group nesting (see +sss_groupadd 8 +) is needed. The local users are also useful for testing and +development of the SSSD without having to deploy a full remote server. The +sss_user* and sss_group* tools use a +local LDB storage to store users and groups. + + diff --git a/src/man/nl/include/override_homedir.xml b/src/man/nl/include/override_homedir.xml new file mode 100644 index 0000000..68a1c5e --- /dev/null +++ b/src/man/nl/include/override_homedir.xml @@ -0,0 +1,78 @@ + +override_homedir (string) + + + Override the user's home directory. You can either provide an absolute value +or a template. In the template, the following sequences are substituted: + + + %u + login name + + + %U + UID number + + + %d + domain name + + + %f + fully qualified user name (user@domain) + + + %l + The first letter of the login name. + + + %P + UPN - User Principal Name (name@REALM) + + + %o + + The original home directory retrieved from the identity provider. + + + + %h + + The original home directory retrieved from the identity provider, but in +lower case. + + + + %H + + The value of configure option homedir_substring. + + + + %% + a literal '%' + + + + + + This option can also be set per-domain. + + + example: +override_homedir = /home/%u + + + + Default: Not set (SSSD will use the value retrieved from LDAP) + + + Please note, the home directory from a specific override for the user, +either locally (see +sss_override +8) or centrally managed IPA +id-overrides, has a higher precedence and will be used instead of the value +given by override_homedir. + + + diff --git a/src/man/nl/include/param_help.xml b/src/man/nl/include/param_help.xml new file mode 100644 index 0000000..d28020b --- /dev/null +++ b/src/man/nl/include/param_help.xml @@ -0,0 +1,10 @@ + + + , + + + + Display help message and exit. + + + diff --git a/src/man/nl/include/param_help_py.xml b/src/man/nl/include/param_help_py.xml new file mode 100644 index 0000000..a2478bf --- /dev/null +++ b/src/man/nl/include/param_help_py.xml @@ -0,0 +1,10 @@ + + + , + + + + Display help message and exit. + + + diff --git a/src/man/nl/include/seealso.xml b/src/man/nl/include/seealso.xml new file mode 100644 index 0000000..c695446 --- /dev/null +++ b/src/man/nl/include/seealso.xml @@ -0,0 +1,49 @@ + + ZIE OOK + + sssd8 +, +sssd.conf5 +, +sssd-ldap5 +, +sssd-ldap-attributes5 +, +sssd-krb55 +, +sssd-simple5 +, +sssd-ipa5 +, +sssd-ad5 +, +sssd-files5 +, +sssd-sudo 5 +, +sssd-session-recording +5 , +sss_cache8 +, +sss_debuglevel8 +, +sss_obfuscate8 +, +sss_seed8 +, +sssd_krb5_locator_plugin8 +, +sss_ssh_authorizedkeys +8 , +sss_ssh_knownhostsproxy +8 , sssd-ifp +5 , +pam_sss8 +. +sss_rpcidmapd 5 + +sssd-systemtap 5 + + + diff --git a/src/man/nl/include/service_discovery.xml b/src/man/nl/include/service_discovery.xml new file mode 100644 index 0000000..2e417a9 --- /dev/null +++ b/src/man/nl/include/service_discovery.xml @@ -0,0 +1,41 @@ + + SERVICE DISCOVERY + + The service discovery feature allows back ends to automatically find the +appropriate servers to connect to using a special DNS query. This feature is +not supported for backup servers. + + + Configuration + + If no servers are specified, the back end automatically uses service +discovery to try to find a server. Optionally, the user may choose to use +both fixed server addresses and service discovery by inserting a special +keyword, _srv_, in the list of servers. The order of +preference is maintained. This feature is useful if, for example, the user +prefers to use service discovery whenever possible, and fall back to a +specific server when no servers can be discovered using DNS. + + + + The domain name + + Please refer to the dns_discovery_domain parameter in the + sssd.conf +5 manual page for more details. + + + + The protocol + + The queries usually specify _tcp as the protocol. Exceptions are documented +in respective option description. + + + + See Also + + For more information on the service discovery mechanism, refer to RFC 2782. + + + diff --git a/src/man/nl/include/upstream.xml b/src/man/nl/include/upstream.xml new file mode 100644 index 0000000..2a4ad16 --- /dev/null +++ b/src/man/nl/include/upstream.xml @@ -0,0 +1,3 @@ + +SSSD The SSSD upstream - +https://github.com/SSSD/sssd/ diff --git a/src/man/pam_sss.8.xml b/src/man/pam_sss.8.xml new file mode 100644 index 0000000..ff9be59 --- /dev/null +++ b/src/man/pam_sss.8.xml @@ -0,0 +1,489 @@ + + + +SSSD Manual pages + + + + + pam_sss + 8 + + + + pam_sss + PAM module for SSSD + + + + + pam_sss.so + + quiet + + + forward_pass + + + use_first_pass + + + use_authtok + + + retry=N + + + ignore_unknown_user + + + ignore_authinfo_unavail + + + domains=X + + + allow_missing_name + + + prompt_always + + + try_cert_auth + + + require_cert_auth + + + + + + DESCRIPTION + pam_sss.so is the PAM interface to the System + Security Services daemon (SSSD). Errors and results are logged through + syslog(3) with the LOG_AUTHPRIV facility. + + + + OPTIONS + + + + + + + Suppress log messages for unknown users. + + + + + + + + If is set the entered + password is put on the stack for other PAM modules to use. + + + + + + + + + The argument use_first_pass forces the module to use + a previous stacked modules password and will never prompt + the user - if no password is available or the password is + not appropriate, the user will be denied access. + + + + + + + + When password changing enforce the module to set the + new password to the one provided by a previously stacked + password module. + + + + + + + + If specified the user is asked another N times for a + password if authentication fails. Default is 0. + Please note that this option might not work as + expected if the application calling PAM handles the user + dialog on its own. A typical example is + sshd with + . + + + + + + + + If this option is specified and the user does not + exist, the PAM module will return PAM_IGNORE. This causes + the PAM framework to ignore this module. + + + + + + + + + Specifies that the PAM module should return PAM_IGNORE + if it cannot contact the SSSD daemon. This causes + the PAM framework to ignore this module. + + + + + + + + + Allows the administrator to restrict the domains a + particular PAM service is allowed to authenticate + against. The format is a comma-separated list of + SSSD domain names, as specified in the sssd.conf file. + + + NOTE: If this is used for a service not running as root + user, e.g. a web-server, it must be used in conjunction + with the pam_trusted_users and + pam_public_domains options. + Please see the + + sssd.conf + 5 + manual page for more information + on these two PAM responder options. + + + + + + + + + + The main purpose of this option is to let SSSD determine + the user name based on additional information, e.g. the + certificate from a Smartcard. + + + The current use case are login managers which can + monitor a Smartcard reader for card events. In case a + Smartcard is inserted the login manager will call a PAM + stack which includes a line like + +auth sufficient pam_sss.so allow_missing_name + + In this case SSSD will try to determine the user name + based on the content of the Smartcard, returns it to + pam_sss which will finally put it on the PAM stack. + + + + + + + + + + Always prompt the user for credentials. With this + option credentials requested by other PAM modules, + typically a password, will be ignored and pam_sss will + prompt for credentials again. Based on the pre-auth + reply by SSSD pam_sss might prompt for a password, a + Smartcard PIN or other credentials. + + + + + + + + + + Try to use certificate based authentication, i.e. + authentication with a Smartcard or similar devices. If a + Smartcard is available and the service is allowed for + Smartcard authentication the user will be prompted for a + PIN and the certificate based authentication will + continue + + + If no Smartcard is available or certificate based + authentication is not allowed for the current service + PAM_AUTHINFO_UNAVAIL is returned. + + + + + + + + + + Do certificate based authentication, i.e. + authentication with a Smartcard or similar devices. If a + Smartcard is not available the user will be prompted to + insert one. SSSD will wait for a Smartcard until the + timeout defined by p11_wait_for_card_timeout passed, + please see + sssd.conf + 5 for details. + + + If no Smartcard is available after the timeout or + certificate based authentication is not allowed for the + current service PAM_AUTHINFO_UNAVAIL is returned. + + + + + + + + MODULE TYPES PROVIDED + All module types (, , + and ) are provided. + + If SSSD's PAM responder is not running, e.g. if the PAM responder + socket is not available, pam_sss will return PAM_USER_UNKNOWN when + called as module to avoid issues with users + from other sources during access control. + + + + RETURN VALUES + + + PAM_SUCCESS + + + The PAM operation finished successfully. + + + + + PAM_USER_UNKNOWN + + + The user is not known to the authentication service or + the SSSD's PAM responder is not running. + + + + + PAM_AUTH_ERR + + + Authentication failure. Also, could be returned when there + is a problem with getting the certificate. + + + + + PAM_PERM_DENIED + + + Permission denied. The SSSD log files may contain additional + information about the error. + + + + + PAM_IGNORE + + + See options and + . + + + + + PAM_AUTHTOK_ERR + + + Unable to obtain the new authentication token. Also, could be + returned when the user authenticates with certificates and + multiple certificates are available, but the installed version + of GDM does not support selection from multiple certificates. + + + + + PAM_AUTHINFO_UNAVAIL + + + Unable to access the authentication information. + This might be due to a network or hardware failure. + + + + + PAM_BUF_ERR + + + A memory error occurred. Also, could be returned when options + use_first_pass or use_authtok were set, but no password was + found from the previously stacked PAM module. + + + + + PAM_SYSTEM_ERR + + + A system error occurred. The SSSD log files may contain additional + information about the error. + + + + + PAM_CRED_ERR + + + Unable to set the credentials of the user. + + + + + PAM_CRED_INSUFFICIENT + + + The application does not have sufficient credentials + to authenticate the user. For example, missing PIN during + smartcard authentication or missing factor during + two-factor authentication. + + + + + PAM_SERVICE_ERR + + + Error in service module. + + + + + PAM_NEW_AUTHTOK_REQD + + + The user's authentication token has expired. + + + + + PAM_ACCT_EXPIRED + + + The user account has expired. + + + + + PAM_SESSION_ERR + + + Unable to fetch IPA Desktop Profile rules or user info. + + + + + PAM_CRED_UNAVAIL + + + Unable to retrieve Kerberos user credentials. + + + + + PAM_NO_MODULE_DATA + + + No authentication method was found by Kerberos. + This might happen if the user has a Smartcard assigned but + the pkint plugin is not available on the client. + + + + + PAM_CONV_ERR + + + Conversation failure. + + + + + PAM_AUTHTOK_LOCK_BUSY + + + No KDC suitable for password change is available. + + + + + PAM_ABORT + + + Unknown PAM call. + + + + + PAM_MODULE_UNKNOWN + + + Unsupported PAM task or command. + + + + + PAM_BAD_ITEM + + + The authentication module cannot handle Smartcard credentials. + + + + + + + + FILES + If a password reset by root fails, because the corresponding SSSD + provider does not support password resets, an individual message can be + displayed. This message can e.g. contain instructions about how to reset + a password. + + The message is read from the file + pam_sss_pw_reset_message.LOC where LOC stands for a + locale string returned by + setlocale3 + . If there is no matching file the content of + pam_sss_pw_reset_message.txt is displayed. Root + must be the owner of the files and only root may have read and write + permissions while all other users must have only read + permissions. + + These files are searched in the directory + /etc/sssd/customize/DOMAIN_NAME/. If no matching + file is present a generic message is displayed. + + + + + + diff --git a/src/man/pam_sss_gss.8.xml b/src/man/pam_sss_gss.8.xml new file mode 100644 index 0000000..5cde974 --- /dev/null +++ b/src/man/pam_sss_gss.8.xml @@ -0,0 +1,222 @@ + + + +SSSD Manual pages + + + + + pam_sss_gss + 8 + + + + pam_sss_gss + PAM module for SSSD GSSAPI authentication + + + + + pam_sss_gss.so + + debug + + + + + + DESCRIPTION + + pam_sss_gss.so authenticates user + over GSSAPI in cooperation with SSSD. + + + This module will try to authenticate the user using the GSSAPI + hostbased service name host@hostname which translates to + host/hostname@REALM Kerberos principal. The + REALM part of the Kerberos principal name is + derived by Kerberos internal mechanisms and it can be set explicitly + in configuration of [domain_realm] section in /etc/krb5.conf. + + + SSSD is used to provide desired service name and to validate the + user's credentials using GSSAPI calls. If the service ticket is + already present in the Kerberos credentials cache or if user's + ticket granting ticket can be used to get the correct service ticket + then the user will be authenticated. + + + If is True (default) then SSSD + requires that the credentials used to obtain the service tickets can + be associated with the user. This means that the principal that owns + the Kerberos credentials must match with the user principal name as + defined in LDAP. + + + To enable GSSAPI authentication in SSSD, set + option in [pam] or domain + section of sssd.conf. The service credentials need to be stored + in SSSD's keytab (it is already present if you use ipa or ad + provider). The keytab location can be set with + option. See + + sssd.conf + 5 + and + + sssd-krb5 + 5 + for more details on these options. + + + Some Kerberos deployments allow to associate authentication + indicators with a particular pre-authentication method used to + obtain the ticket granting ticket by the user. + pam_sss_gss.so allows to enforce presence of + authentication indicators in the service tickets before a particular + PAM service can be accessed. + + + If is set in the [pam] or + domain section of sssd.conf, then SSSD will perform a check of the + presence of any configured indicators in the service ticket. + + + + + OPTIONS + + + + + + + Print debugging information. + + + + + + + MODULE TYPES PROVIDED + Only the module type is provided. + + + + RETURN VALUES + + + PAM_SUCCESS + + + The PAM operation finished successfully. + + + + + PAM_USER_UNKNOWN + + + The user is not known to the authentication service or + the GSSAPI authentication is not supported. + + + + + PAM_AUTH_ERR + + + Authentication failure. + + + + + PAM_AUTHINFO_UNAVAIL + + + Unable to access the authentication information. + This might be due to a network or hardware failure. + + + + + PAM_SYSTEM_ERR + + + A system error occurred. The SSSD log files may contain + additional information about the error. + + + + + + + + EXAMPLES + + The main use case is to provide password-less authentication in + sudo but without the need to disable authentication completely. + To achieve this, first enable GSSAPI authentication for sudo in + sssd.conf: + + +[domain/MYDOMAIN] +pam_gssapi_services = sudo, sudo-i + + + And then enable the module in desired PAM stack + (e.g. /etc/pam.d/sudo and /etc/pam.d/sudo-i). + + +... +auth sufficient pam_sss_gss.so +... + + + + + TROUBLESHOOTING + + SSSD logs, pam_sss_gss debug output and syslog may contain helpful + information about the error. Here are some common issues: + + + 1. I have KRB5CCNAME environment variable set and the authentication + does not work: Depending on your sudo version, it is possible that + sudo does not pass this variable to the PAM environment. Try adding + KRB5CCNAME to in /etc/sudoers or in your + LDAP sudo rules default options. + + + 2. Authentication does not work and syslog contains "Server not + found in Kerberos database": Kerberos is probably not able to + resolve correct realm for the service ticket based on the hostname. + Try adding the hostname directly to + in /etc/krb5.conf like so: + + + 3. Authentication does not work and syslog contains "No Kerberos + credentials available": You don't have any credentials that can be + used to obtain the required service ticket. Use kinit or authenticate + over SSSD to acquire those credentials. + + + 4. Authentication does not work and SSSD sssd-pam log contains "User + with UPN [$UPN] was not found." or "UPN [$UPN] does not match target + user [$username].": You are using credentials that can not be mapped + to the user that is being authenticated. Try to use kswitch to + select different principal, make sure you authenticated with SSSD or + consider disabling . + + +[domain_realm] +.myhostname = MYREALM + + + + + + + diff --git a/src/man/po/br.po b/src/man/po/br.po new file mode 100644 index 0000000..b2f7800 --- /dev/null +++ b/src/man/po/br.po @@ -0,0 +1,18292 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# Fulup , 2012 +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 2.3.0\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" +"PO-Revision-Date: 2014-12-14 11:51-0500\n" +"Last-Translator: Copied by Zanata \n" +"Language-Team: Breton (http://www.transifex.com/projects/p/sssd/language/" +"br/)\n" +"Language: br\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" +"X-Generator: Zanata 4.6.2\n" + +#. type: Content of: +#: sssd.conf.5.xml:8 sssd-ldap.5.xml:5 pam_sss.8.xml:5 pam_sss_gss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5 +#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 +#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sssd-krb5.5.xml:5 +#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5 +#: sssd-files.5.xml:5 sssd-session-recording.5.xml:5 sssd-kcm.8.xml:5 +#: sssd-systemtap.5.xml:5 sssd-ldap-attributes.5.xml:5 +#: sssd_krb5_localauth_plugin.8.xml:5 +msgid "SSSD Manual pages" +msgstr "Dornlevr SSSD" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:13 sssd.conf.5.xml:19 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:14 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 +#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +#: sssd-files.5.xml:11 sssd-session-recording.5.xml:11 sssd-systemtap.5.xml:11 +#: sssd-ldap-attributes.5.xml:11 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:15 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 +#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +#: sssd-files.5.xml:12 sssd-session-recording.5.xml:12 sssd-kcm.8.xml:12 +#: sssd-systemtap.5.xml:12 sssd-ldap-attributes.5.xml:12 +msgid "File Formats and Conventions" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:20 +msgid "the configuration file for SSSD" +msgstr "Ar restr gefluniañ evit SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:24 +msgid "FILE FORMAT" +msgstr "FURMAD RESTR" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:32 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:27 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:39 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:44 +msgid "" +"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:50 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:56 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:62 +msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:65 +msgid "" +"The configuration file <filename>sssd.conf</filename> will include " +"configuration snippets using the include directory <filename>conf.d</" +"filename>. This feature is available if SSSD was compiled with libini " +"version 1.3.0 or later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:72 +msgid "" +"Any file placed in <filename>conf.d</filename> that ends in " +"<quote><filename>.conf</filename></quote> and does not begin with a dot " +"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> " +"to configure SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:80 +msgid "" +"The configuration snippets from <filename>conf.d</filename> have higher " +"priority than <filename>sssd.conf</filename> and will override " +"<filename>sssd.conf</filename> when conflicts occur. If several snippets are " +"present in <filename>conf.d</filename>, then they are included in " +"alphabetical order (based on locale). Files included later have higher " +"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, " +"<filename>02_snippet.conf</filename> etc.) can help visualize the priority " +"(higher number means higher priority)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:94 +msgid "" +"The snippet files require the same owner and permissions as <filename>sssd." +"conf</filename>. Which are by default root:root and 0600." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:101 +msgid "GENERAL OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:103 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:107 +msgid "Options usable in all sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:111 +msgid "debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:115 +msgid "debug (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:118 +msgid "" +"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias " +"for <replaceable>debug_level</replaceable> as a convenience feature. If both " +"are specified, the value of <replaceable>debug_level</replaceable> will be " +"used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:128 +msgid "debug_timestamps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:131 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 +msgid "Default: true" +msgstr "Dre ziouer : true" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:141 +msgid "debug_microseconds (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:144 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 +#: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 +#: include/krb5_options.xml:163 +msgid "Default: false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:154 +msgid "debug_backtrace_enabled (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:157 +msgid "Enable debug backtrace." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:160 +msgid "" +"In case SSSD is run with debug_level less than 9, everything is logged to a " +"ring buffer in memory and flushed to a log file on any error up to and " +"including `min(0x0040, debug_level)` (i.e. if debug_level is explicitly set " +"to 0 or 1 then only those error levels will trigger backtrace, otherwise up " +"to 2)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:169 +msgid "" +"Feature is only supported for `logger == files` (i.e. setting doesn't have " +"effect for other logger types)." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 +#: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 +#: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 +#: sssd-ldap-attributes.5.xml:890 sssd-ldap-attributes.5.xml:987 +#: sssd-ldap-attributes.5.xml:1045 sssd-ldap-attributes.5.xml:1203 +#: sssd-ldap-attributes.5.xml:1248 include/autofs_attributes.xml:1 +#: include/krb5_options.xml:1 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:182 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:186 +msgid "timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:189 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests. Note " +"that after three missed heartbeats the process will terminate itself." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +msgid "Default: 10" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:206 +msgid "SPECIAL SECTIONS" +msgstr "RANNOÙ DIBAR" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:209 +msgid "The [sssd] section" +msgstr "Ar rann [sssd]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><title> +#: sssd.conf.5.xml:218 +msgid "Section parameters" +msgstr "Arventennoù ar rann" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:220 +msgid "config_file_version (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:223 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:229 +msgid "services" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:232 +msgid "" +"Comma separated list of services that are started when sssd itself starts. " +"<phrase condition=\"have_systemd\"> The services' list is optional on " +"platforms where systemd is supported, as they will either be socket or D-Bus " +"activated when needed. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:241 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:249 +msgid "" +"<phrase condition=\"have_systemd\"> By default, all services are disabled " +"and the administrator must enable the ones allowed to be used by executing: " +"\"systemctl enable sssd-@service@.socket\". </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 +msgid "reconnection_retries (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 +#: include/failover.xml:100 +msgid "Default: 3" +msgstr "Dre ziouer : 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:271 +msgid "domains" +msgstr "domanioù" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:274 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter describes the list of domains in the order you want " +"them to be queried. A domain name is recommended to contain only " +"alphanumeric ASCII characters, dashes, dots and underscores. '/' character " +"is forbidden." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 +msgid "re_expression (string)" +msgstr "re_expression (neudennad)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:290 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:295 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN SECTIONS " +"for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 +msgid "full_name_format (string)" +msgstr "full_name_format (neudennad)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 +msgid "%1$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 +msgid "user name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 +msgid "%2$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 +msgid "domain name as specified in the SSSD config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 +msgid "%3$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:344 +msgid "" +"Each domain can have an individual format string configured. See DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:350 +msgid "monitor_resolv_conf (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:353 +msgid "" +"Controls if SSSD should monitor the state of resolv.conf to identify when it " +"needs to update its internal DNS resolver." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:363 +msgid "try_inotify (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:366 +msgid "" +"By default, SSSD will attempt to use inotify to monitor configuration files " +"changes and will fall back to polling every five seconds if inotify cannot " +"be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:378 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:382 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:389 +msgid "krb5_rcache_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:396 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:402 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:409 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:412 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user. Currently the only supported value is '&sssd_user_name;'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:419 +msgid "" +"This option does not work when running socket-activated services, as the " +"user set up to run the processes is set up during compilation time. The way " +"to override the systemd unit files is by creating the appropriate files in /" +"etc/systemd/system/. Keep in mind that any change in the socket user, group " +"or permissions may result in a non-usable SSSD. The same may occur in case " +"of changes of the user running the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:433 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:438 +msgid "default_domain_suffix (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:441 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:451 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False. <phrase condition=\"with_files_provider\"> One exception from " +"this rule are domains with <quote>id_provider=files</quote> that always try " +"to match the behaviour of nss_files and therefore their output is not " +"qualified even when the default_domain_suffix option is used. </phrase>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 +#: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 +#: include/krb5_options.xml:148 +msgid "Default: not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:473 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:476 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:485 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:498 +msgid "certificate_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:506 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:508 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:516 +msgid "soft_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:518 +msgid "" +"If a connection cannot be established to an OCSP responder the OCSP check is " +"skipped. This option should be used to allow authentication when the system " +"is offline and the OCSP responder cannot be reached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:528 +msgid "ocsp_dgst" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "" +"Digest (hash) function used to create the certificate ID for the OCSP " +"request. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:534 +msgid "sha1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:535 +msgid "sha256" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:536 +msgid "sha384" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:537 +msgid "sha512" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:540 +msgid "Default: sha1 (to allow compatibility with RFC5019-compliant responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:546 +msgid "no_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:548 +msgid "" +"Disables verification completely. This option should only be used for " +"testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "partial_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:556 +msgid "" +"Allow verification to succeed even if a <replaceable>complete</replaceable> " +"chain cannot be built to a self-signed trust-anchor, provided it is possible " +"to construct a chain to a trusted certificate that might not be self-signed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:565 +msgid "ocsp_default_responder=URL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:567 +msgid "" +"Sets the OCSP default responder which should be used instead of the one " +"mentioned in the certificate. URL must be replaced with the URL of the OCSP " +"default responder e.g. http://example.com:80/ocsp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:577 +msgid "ocsp_default_responder_signing_cert=NAME" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:579 +msgid "" +"This option is currently ignored. All needed certificates must be available " +"in the PEM file given by pam_cert_db_path." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:587 +msgid "crl_file=/PATH/TO/CRL/FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:589 +msgid "" +"Use the Certificate Revocation List (CRL) from the given file during the " +"verification of the certificate. The CRL must be given in PEM format, see " +"<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</" +"manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:602 +msgid "soft_crl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:605 +msgid "" +"If a Certificate Revocation List (CRL) is expired ignore the CRL checks for " +"the related certificates. This option should be used to allow authentication " +"when the system is offline and the CRL cannot be renewed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:616 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:619 +msgid "Default: not set, i.e. do not restrict certificate verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:625 +msgid "disable_netlink (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "" +"SSSD hooks into the netlink interface to monitor changes to routes, " +"addresses, links and trigger certain actions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:633 +msgid "" +"The SSSD state changes caused by netlink events may be undesirable and can " +"be disabled by setting this option to 'true'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:638 +msgid "Default: false (netlink changes are detected)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:643 +msgid "enable_files_domain (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:646 +msgid "" +"When this option is enabled, SSSD prepends an implicit domain with " +"<quote>id_provider=files</quote> before any explicitly configured domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:657 +msgid "domain_resolution_order" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:660 +msgid "" +"Comma separated list of domains and subdomains representing the lookup order " +"that will be followed. The list doesn't have to include all possible " +"domains as the missing domains will be looked up based on the order they're " +"presented in the <quote>domains</quote> configuration option. The " +"subdomains which are not listed as part of <quote>lookup_order</quote> will " +"be looked up in a random order for each parent domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:672 +msgid "" +"Please, note that when this option is set the output format of all commands " +"is always fully-qualified even when using short names for input <phrase " +"condition=\"with_files_provider\"> , for all users but the ones managed by " +"the files provider </phrase>. In case the administrator wants the output " +"not fully-qualified, the full_name_format option can be used as shown below: " +"<quote>full_name_format=%1$s</quote> However, keep in mind that during " +"login, login applications often canonicalize the username by calling " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> which, if a shortname is returned for a qualified " +"input (while trying to reach a user which exists in multiple domains) might " +"re-route the login attempt into the domain which uses shortnames, making " +"this workaround totally not recommended in cases where usernames may overlap " +"between domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 +#: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 +msgid "Default: Not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:705 +msgid "implicit_pac_responder (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:708 +msgid "" +"The PAC responder is enabled automatically for the IPA and AD provider to " +"evaluate and check the PAC. If it has to be disabled set this option to " +"'false'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:719 +msgid "core_dumpable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:722 +msgid "" +"This option can be used for general system hardening: setting it to 'false' " +"forbids core dumps for all SSSD processes to avoid leaking plain text " +"passwords. See man page prctl:PR_SET_DUMPABLE for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:734 +#, fuzzy +#| msgid "re_expression (string)" +msgid "passkey_verification (string)" +msgstr "re_expression (neudennad)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +#, fuzzy +#| msgid "re_expression (string)" +msgid "user_verification (boolean)" +msgstr "re_expression (neudennad)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:744 +msgid "" +"Enable or disable the user verification (i.e. PIN, fingerprint) during " +"authentication. If enabled, the PIN will always be requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:750 +msgid "" +"The default is that the key settings decide what to do. In the IPA or " +"kerberos pre-authentication case, this value will be overwritten by the " +"server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "" +"With this parameter the passkey verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:211 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:769 +msgid "SERVICES SECTIONS" +msgstr "RANNOÙ SERVIJOÙ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:771 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:778 +msgid "General service configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:780 +msgid "These options can be used to configure any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:797 +msgid "fd_limit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:800 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:814 +msgid "client_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:817 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system. The timeout " +"can't be shorter than 10 seconds. If a lower value is configured, it will be " +"adjusted to 10 seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: 60, KCM: 300" +msgstr "Dre ziouer : 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:831 +msgid "offline_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:834 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. By " +"default SSSD uses incremental behaviour to calculate delay in between " +"retries. So, the wait time for a given retry will be longer than the wait " +"time for the previous ones. After each unsuccessful attempt to go online, " +"the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 +msgid "" +"new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." +"offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:848 +msgid "" +"The offline_timeout default value is 60. The offline_timeout_max default " +"value is 3600. The offline_timeout_random_offset default value is 30. The " +"end result is amount of seconds before next retry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:854 +msgid "" +"Note that the maximum length of each interval is defined by " +"offline_timeout_max (apart of random part)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 +msgid "Default: 60" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:863 +msgid "offline_timeout_max (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:866 +msgid "" +"Controls by how much the time between attempts to go online can be " +"incremented following unsuccessful attempts to go online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:871 +msgid "A value of 0 disables the incrementing behaviour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:874 +msgid "" +"The value of this parameter should be set in correlation to offline_timeout " +"parameter value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "" +"With offline_timeout set to 60 (default value) there is no point in setting " +"offlinet_timeout_max to less than 120 as it will saturate instantly. General " +"rule here should be to set offline_timeout_max to at least 4 times " +"offline_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "" +"Although a value between 0 and offline_timeout may be specified, it has the " +"effect of overriding the offline_timeout value so is of little use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:889 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: 3600" +msgstr "Dre ziouer : 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:894 +msgid "offline_timeout_random_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:897 +msgid "" +"When SSSD is in offline mode it keeps probing backend servers in specified " +"time intervals:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:904 +msgid "" +"This parameter controls the value of the random offset used for the above " +"equation. Final random_offset value will be random number in range:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "[0 - offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:912 +msgid "A value of 0 disables the random offset addition." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:915 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: 30" +msgstr "Dre ziouer : 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:920 +msgid "responder_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:923 +msgid "" +"This option specifies the number of seconds that an SSSD responder process " +"can be up without being used. This value is limited in order to avoid " +"resource exhaustion on the system. The minimum acceptable value for this " +"option is 60 seconds. Setting this option to 0 (zero) means that no timeout " +"will be set up to the responder. This option only has effect when SSSD is " +"built with systemd support and when services are either socket or D-Bus " +"activated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 +msgid "Default: 300" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:942 +msgid "cache_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 +msgid "" +"This option specifies whether the responder should query all caches before " +"querying the Data Providers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:960 +msgid "NSS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:962 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:967 +msgid "enum_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:970 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:974 +msgid "Default: 120" +msgstr "Dre ziouer : 120" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:979 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:982 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:988 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:998 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 +msgid "Default: 50" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1011 +msgid "entry_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 +msgid "Default: 15" +msgstr "Dre ziouer : 15" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1025 +msgid "local_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1028 +msgid "" +"Specifies for how many seconds nss_sss should keep local users and groups in " +"negative cache before trying to look it up in the back end again. Setting " +"the option to 0 disables this feature." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "Default: 14400 (4 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1039 +msgid "filter_users, filter_groups (string)" +msgstr "filter_users, filter_groups (neudennad)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1042 +msgid "" +"Exclude certain users or groups from being fetched from the sss NSS " +"database. This is particularly useful for system accounts. This option can " +"also be set per-domain or include fully-qualified names to filter only users " +"from the particular domain or by a user principal name (UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1050 +msgid "" +"NOTE: The filter_groups option doesn't affect inheritance of nested group " +"members, since filtering happens after they are propagated for returning via " +"NSS. E.g. a group having a member group filtered out will still have the " +"member users of the latter listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1058 +msgid "Default: root" +msgstr "Dre zoiuer : root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1063 +msgid "filter_users_in_groups (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1066 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1077 +msgid "fallback_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1080 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1085 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1091 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1095 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1101 +msgid "override_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1104 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1116 +msgid "allowed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1119 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1122 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1126 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1131 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1136 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1139 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1146 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1149 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1153 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1158 +msgid "vetoed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1161 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1166 +msgid "shell_fallback (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1169 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1173 +msgid "Default: /bin/sh" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1178 +msgid "default_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1181 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1187 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 +msgid "get_domains_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1206 +msgid "memcache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1209 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid. Setting this option to zero will disable the in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1217 +msgid "" +"WARNING: Disabling the in-memory cache will have significant negative impact " +"on SSSD's performance and should only be used for testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1231 +msgid "memcache_size_passwd (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1234 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for passwd requests. Setting the size to 0 will disable the passwd in-" +"memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 +msgid "" +"WARNING: Disabled or too small in-memory cache can have significant negative " +"impact on SSSD's performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1256 +msgid "memcache_size_group (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1259 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for group requests. Setting the size to 0 will disable the group in-memory " +"cache." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 +#: include/krb5_options.xml:11 +msgid "Default: 6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1281 +msgid "memcache_size_initgroups (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1284 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for initgroups requests. Setting the size to 0 will disable the initgroups " +"in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1306 +msgid "memcache_size_sid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1309 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for SID related requests. Only SID-by-ID and ID-by-SID requests are " +"currently cached in fast in-memory cache. Setting the size to 0 will " +"disable the SID in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1336 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1349 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1354 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1359 +msgid "pwfield (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1362 +msgid "" +"The value that NSS operations that return users or groups will return for " +"the <quote>password</quote> field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1367 +#, fuzzy +#| msgid "Default: true" +msgid "Default: <quote>*</quote>" +msgstr "Dre ziouer : true" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1370 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[nss] section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1374 +msgid "" +"Default: <quote>not set</quote> (remote domains), <phrase " +"condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" +"phrase> <quote>x</quote> (proxy domain with nss_files and sssd-shadowutils " +"target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1386 +msgid "PAM configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1388 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1393 +msgid "offline_credentials_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1396 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 +msgid "Default: 0 (No limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1407 +msgid "offline_failed_login_attempts (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1410 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1420 +msgid "offline_failed_login_delay (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1423 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1428 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 +msgid "Default: 5" +msgstr "Dre zoiuer : 5" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1440 +msgid "pam_verbosity (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1443 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1448 +msgid "Currently sssd supports the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1451 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1454 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1458 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1465 sssd.8.xml:63 +msgid "Default: 1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1471 +#, fuzzy +#| msgid "re_expression (string)" +msgid "pam_response_filter (string)" +msgstr "re_expression (neudennad)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1474 +msgid "" +"A comma separated list of strings which allows to remove (filter) data sent " +"by the PAM responder to pam_sss PAM module. There are different kind of " +"responses sent to pam_sss e.g. messages displayed to the user or environment " +"variables which should be set by pam_sss." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1482 +msgid "" +"While messages already can be controlled with the help of the pam_verbosity " +"option this option allows to filter out other kind of responses as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1489 +msgid "ENV" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1490 +msgid "Do not send any environment variables to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1493 +msgid "ENV:var_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1494 +msgid "Do not send environment variable var_name to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1498 +msgid "ENV:var_name:service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1499 +msgid "Do not send environment variable var_name to service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1487 +msgid "" +"Currently the following filters are supported: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1506 +msgid "" +"The list of strings can either be the list of filters which would set this " +"list of filters and overwrite the defaults. Or each element of the list can " +"be prefixed by a '+' or '-' character which would add the filter to the " +"existing default or remove it from the defaults, respectively. Please note " +"that either all list elements must have a '+' or '-' prefix or none. It is " +"considered as an error to mix both styles." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1517 +msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1520 +msgid "" +"Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1527 +msgid "pam_id_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1530 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1536 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1550 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1556 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1567 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 +msgid "Default: 0" +msgstr "Dre ziouer : 0" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1589 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1592 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to run PAM conversations against trusted domains. Users not " +"included in this list can only access domains marked as public with " +"<quote>pam_public_domains</quote>. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 +msgid "Default: All users are considered trusted by default" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1606 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1620 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1624 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1628 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 +msgid "Default: none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1637 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1640 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbosity is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1653 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1662 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1665 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1672 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1681 +msgid "pam_passkey_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 +msgid "Enable passkey device based authentication." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 +msgid "Default: False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1692 +msgid "passkey_debug_libfido2 (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1695 +msgid "Enable libfido2 library debug messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1703 +msgid "pam_cert_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1706 +msgid "" +"Enable certificate based Smartcard authentication. Since this requires " +"additional communication with the Smartcard which will delay the " +"authentication process this option is disabled by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1717 +msgid "pam_cert_db_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1720 +msgid "The path to the certificate database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 +msgid "Default:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 +msgid "" +"/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " +"certificates in PEM format)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1735 +#, fuzzy +#| msgid "re_expression (string)" +msgid "pam_cert_verification (string)" +msgstr "re_expression (neudennad)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1738 +msgid "" +"With this parameter the PAM certificate verification can be tuned with a " +"comma separated list of options that override the " +"<quote>certificate_verification</quote> value in <quote>[sssd]</quote> " +"section. Supported options are the same of <quote>certificate_verification</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1749 +#, no-wrap +msgid "" +"pam_cert_verification = partial_chain\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1753 +msgid "" +"Default: not set, i.e. use default <quote>certificate_verification</quote> " +"option defined in <quote>[sssd]</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1760 +msgid "p11_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1763 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1772 +msgid "passkey_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1775 +msgid "" +"How many seconds will the PAM responder wait for passkey_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1784 +msgid "pam_app_services (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1787 +msgid "" +"Which PAM services are permitted to contact domains of type " +"<quote>application</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1796 +msgid "pam_p11_allowed_services (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1799 +msgid "" +"A comma-separated list of PAM service names for which it will be allowed to " +"use Smartcards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1814 +#, no-wrap +msgid "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1803 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in order " +"to replace a default PAM service name for authentication with Smartcards (e." +"g. <quote>login</quote>) with a custom PAM service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd-ad.5.xml:869 sssd-ad.5.xml:947 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1863 +msgid "gnome-screensaver" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1871 +msgid "p11_wait_for_card_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1874 +msgid "" +"If Smartcard authentication is required how many extra seconds in addition " +"to p11_child_timeout should the PAM responder wait until a Smartcard is " +"inserted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1885 +msgid "p11_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1888 +msgid "" +"PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " +"selection of devices used for Smartcard authentication. By default SSSD's " +"p11_child will search for a PKCS#11 slot (reader) where the 'removable' " +"flags is set and read the certificates from the inserted token from the " +"first slot found. If multiple readers are connected p11_uri can be used to " +"tell p11_child to use a specific reader." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1901 +#, no-wrap +msgid "" +"p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1905 +#, no-wrap +msgid "" +"p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1899 +msgid "" +"Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " +"type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " +"debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' " +"with e.g. the '--list-all' will show PKCS#11 URIs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1918 +msgid "pam_initgroups_scheme" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1926 +msgid "always" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1927 +msgid "" +"Always do an online lookup, please note that pam_id_timeout still applies" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1931 +msgid "no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1932 +msgid "" +"Only do an online lookup if there is no active session of the user, i.e. if " +"the user is currently not logged in" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1937 +msgid "never" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1938 +msgid "" +"Never force an online lookup, use the data from the cache as long as they " +"are not expired" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1921 +msgid "" +"The PAM responder can force an online lookup to get the current group " +"memberships of the user trying to log in. This option controls when this " +"should be done and the following values are allowed: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1945 +msgid "Default: no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 +msgid "pam_gssapi_services" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1953 +msgid "" +"Comma separated list of PAM services that are allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1958 +msgid "" +"To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[pam] section. It can also be set for trusted domain which overwrites the " +"value in the domain section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1970 +#, no-wrap +msgid "" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1974 +msgid "Default: - (GSSAPI authentication is disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 +msgid "pam_gssapi_check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1982 +msgid "" +"If True, SSSD will require that the Kerberos user principal that " +"successfully authenticated through GSSAPI can be associated with the user " +"who is being authenticated. Authentication will fail if the check fails." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1989 +msgid "" +"If False, every user that is able to obtained required service ticket will " +"be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 +#: sssd-files.5.xml:145 +msgid "Default: True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2004 +msgid "pam_gssapi_indicators_map" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2007 +msgid "" +"Comma separated list of authentication indicators required to be present in " +"a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2013 +msgid "" +"Each element of the list can be either an authentication indicator name or a " +"pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " +"service name will be required to access any PAM service configured to be " +"used with <option>pam_gssapi_services</option>. A resulting list of " +"indicators per PAM service is then checked against indicators in the " +"Kerberos ticket during authentication by pam_sss_gss.so. Any indicator from " +"the ticket that matches the resulting list of indicators for the PAM service " +"would grant access. If none of the indicators in the list match, access will " +"be denied. If the resulting list of indicators for the PAM service is empty, " +"the check will not prevent the access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"To disable GSSAPI authentication indicator check, set this option to <quote>-" +"</quote> (dash). To disable the check for a specific PAM service, add " +"<quote>service:-</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "" +"Following authentication indicators are supported by IPA Kerberos " +"deployments:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"pkinit -- pre-authentication using X.509 certificates -- whether stored in " +"files or on smart cards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2043 +msgid "" +"hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " +"FAST channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2046 +msgid "radius -- pre-authentication with the help of a RADIUS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2049 +msgid "" +"otp -- pre-authentication using integrated two-factor authentication (2FA or " +"one-time password, OTP) in IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2052 +msgid "idp -- pre-authentication using external identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:2062 +#, no-wrap +msgid "" +"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2057 +msgid "" +"Example: to require access to SUDO services only for users which obtained " +"their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " +"set <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2066 +msgid "Default: not set (use of authentication indicators is not required)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2074 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2076 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2093 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2096 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2108 +msgid "sudo_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2111 +msgid "" +"Maximum number of expired rules that can be refreshed at once. If number of " +"expired rules is below threshold, those rules are refreshed with " +"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a " +"<quote>full refresh</quote> of sudo rules is triggered instead. This " +"threshold number also applies to IPA sudo command and command group searches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2130 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2132 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2136 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2139 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2155 +msgid "SSH configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2157 +msgid "These options can be used to configure the SSH service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2161 +msgid "ssh_hash_known_hosts (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2164 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2173 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2176 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2180 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2185 +msgid "ssh_use_certificate_keys (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2188 +msgid "" +"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " +"keys derived from the public key of X.509 certificates stored in the user " +"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2203 +msgid "ssh_use_certificate_matching_rules (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2206 +msgid "" +"By default the ssh responder will use all available certificate matching " +"rules to filter the certificates so that ssh keys are only derived from the " +"matching ones. With this option the used rules can be restricted with a " +"comma separated list of mapping and matching rule names. All other rules " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2215 +msgid "" +"There are two special key words 'all_rules' and 'no_rules' which will enable " +"all or no rules, respectively. The latter means that no certificates will be " +"filtered out and ssh keys will be generated from all valid certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2222 +msgid "" +"If no rules are configured using 'all_rules' will enable a default rule " +"which enables all certificates suitable for client authentication. This is " +"the same behavior as for the PAM responder if certificate authentication is " +"enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2229 +msgid "" +"A non-existing rule name is considered an error. If as a result no rule is " +"selected all certificates will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2234 +msgid "" +"Default: not set, equivalent to 'all_rules', all found rules or the default " +"rule are used" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2240 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2243 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2263 +msgid "PAC responder configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2265 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. If " +"the PAC is decoded and evaluated some of the following operations are done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2274 +msgid "" +"If the remote user does not exist in the cache, it is created. The UID is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"GID will have the same value as the UID. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2282 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2288 +msgid "These options can be used to configure the PAC responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 +msgid "allowed_uids (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2295 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2301 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2305 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2314 +msgid "pac_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2317 +msgid "" +"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " +"data can be used to determine the group memberships of a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2327 +#, fuzzy +#| msgid "re_expression (string)" +msgid "pac_check (string)" +msgstr "re_expression (neudennad)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2330 +msgid "" +"Apply additional checks on the PAC of the Kerberos ticket which is available " +"in Active Directory and FreeIPA domains, if configured. Please note that " +"Kerberos ticket validation must be enabled to be able to check the PAC, i.e. " +"the krb5_validate option must be set to 'True' which is the default for the " +"IPA and AD provider. If krb5_validate is set to 'False' the PAC checks will " +"be skipped." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2344 +msgid "no_check" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2346 +msgid "" +"The PAC must not be present and even if it is present no additional checks " +"will be done." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2352 +msgid "pac_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2354 +msgid "" +"The PAC must be present in the service ticket which SSSD will request with " +"the help of the user's TGT. If the PAC is not available the authentication " +"will fail." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2362 +msgid "check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2364 +msgid "" +"If the PAC is present check if the user principal name (UPN) information is " +"consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2370 +msgid "check_upn_allow_missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2372 +msgid "" +"This option should be used together with 'check_upn' and handles the case " +"where a UPN is set on the server-side but is not read by SSSD. The typical " +"example is a FreeIPA domain where 'ldap_user_principal' is set to a not " +"existing attribute name. This was typically done to work-around issues in " +"the handling of enterprise principals. But this is fixed since quite some " +"time and FreeIPA can handle enterprise principals just fine and there is no " +"need anymore to set 'ldap_user_principal'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2384 +msgid "" +"Currently this option is set by default to avoid regressions in such " +"environments. A log message will be added to the system log and SSSD's debug " +"log in case a UPN is found in the PAC but not in SSSD's cache. To avoid this " +"log message it would be best to evaluate if the 'ldap_user_principal' option " +"can be removed. If this is not possible, removing 'check_upn' will skip the " +"test and avoid the log message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2398 +msgid "upn_dns_info_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2400 +msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2405 +msgid "check_upn_dns_info_ex" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2407 +msgid "" +"If the PAC is present and the extension to the UPN-DNS-INFO buffer is " +"available check if the information in the extension is consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2414 +msgid "upn_dns_info_ex_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2416 +msgid "" +"The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " +"'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2340 +msgid "" +"The following options can be used alone or in a comma-separated list: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2426 +msgid "" +"Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " +"check_upn_dns_info_ex')" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2435 +msgid "Session recording configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2437 +msgid "" +"Session recording works in conjunction with <citerefentry> " +"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>, a part of tlog package, to log what users see and type when " +"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-" +"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2450 +msgid "These options can be used to configure session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 +msgid "scope (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 +msgid "\"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 +msgid "No users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 +msgid "\"some\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 +msgid "" +"Users/groups specified by <replaceable>users</replaceable> and " +"<replaceable>groups</replaceable> options are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 +msgid "\"all\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 +msgid "All users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 +msgid "" +"One of the following strings specifying the scope of session recording: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 +msgid "Default: \"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 +msgid "users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 +msgid "" +"A comma-separated list of users which should have session recording enabled. " +"Matches user names as returned by NSS. I.e. after the possible space " +"replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 +msgid "Default: Empty. Matches no users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 +msgid "groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 +msgid "" +"A comma-separated list of groups, members of which should have session " +"recording enabled. Matches group names as returned by NSS. I.e. after the " +"possible space replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 +#: sssd-session-recording.5.xml:161 +msgid "" +"NOTE: using this option (having it set to anything) has a considerable " +"performance cost, because each uncached request for a user requires " +"retrieving and matching the groups the user is member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 +msgid "Default: Empty. Matches no groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 +#, fuzzy +#| msgid "re_expression (string)" +msgid "exclude_users (string)" +msgstr "re_expression (neudennad)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 +msgid "" +"A comma-separated list of users to be excluded from recording, only " +"applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 +msgid "Default: Empty. No users excluded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 +#, fuzzy +#| msgid "filter_users, filter_groups (string)" +msgid "exclude_groups (string)" +msgstr "filter_users, filter_groups (neudennad)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 +msgid "" +"A comma-separated list of groups, members of which should be excluded from " +"recording. Only applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 +msgid "Default: Empty. No groups excluded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2568 +msgid "DOMAIN SECTIONS" +msgstr "RANNOÙ DOMANI" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2575 +msgid "enabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2578 +msgid "" +"Explicitly enable or disable the domain. If <quote>true</quote>, the domain " +"is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " +"always <quote>disabled</quote>. If this option is not set, the domain is " +"enabled only if it is listed in the domains option in the <quote>[sssd]</" +"quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2590 +msgid "domain_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2593 +msgid "" +"Specifies whether the domain is meant to be used by POSIX-aware clients such " +"as the Name Service Switch or by applications that do not need POSIX data to " +"be present or generated. Only objects from POSIX domains are available to " +"the operating system interfaces and utilities." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2601 +msgid "" +"Allowed values for this option are <quote>posix</quote> and " +"<quote>application</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2605 +msgid "" +"POSIX domains are reachable by all services. Application domains are only " +"reachable from the InfoPipe responder (see <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>) and the PAM responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2613 +msgid "" +"NOTE: The application domains are currently well tested with " +"<quote>id_provider=ldap</quote> only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2617 +msgid "" +"For an easy way to configure a non-POSIX domains, please see the " +"<quote>Application domains</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2621 +msgid "Default: posix" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2627 +msgid "min_id,max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2630 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2635 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2642 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2646 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2652 +msgid "enumerate (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2655 +msgid "" +"Determines if a domain can be enumerated, that is, whether the domain can " +"list all the users and group it contains. Note that it is not required to " +"enable enumeration in order for secondary groups to be displayed. This " +"parameter can have one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2663 +msgid "TRUE = Users and groups are enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2666 +msgid "FALSE = No enumerations for this domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 +msgid "Default: FALSE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2672 +msgid "" +"Enumerating a domain requires SSSD to download and store ALL user and group " +"entries from the remote server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2677 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed. This can lead to the <quote>sssd_be</" +"quote> process becoming unresponsive or even restarted by the internal " +"watchdog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2692 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2697 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2705 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2713 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2720 +msgid "all" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2721 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2724 +msgid "none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2725 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2716 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2739 +msgid "entry_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2742 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2746 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2759 +msgid "Default: 5400" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2765 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2768 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2778 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2781 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2791 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2794 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2804 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2807 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2817 +msgid "entry_cache_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2820 +msgid "" +"How many seconds should nss_sss consider hosts and networks entries valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2831 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2834 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2844 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2847 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2858 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2861 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2872 +msgid "entry_cache_computer_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2875 +msgid "" +"How many seconds to keep the local computer entry before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2885 +msgid "refresh_expired_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2888 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2893 +msgid "" +"The background refresh will process users, groups and netgroups in the " +"cache. For users who have performed the initgroups (get group membership for " +"user, typically ran at login) operation in the past, both the user entry " +"and the group membership are updated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2901 +msgid "This option is automatically inherited for all trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2905 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2909 +msgid "" +"Cache entry will be refreshed by background task when 2/3 of cache timeout " +"has already passed. If there are existing cached entries, the background " +"task will refer to their original cache timeout values instead of current " +"configuration value. This may lead to a situation in which background " +"refresh task appears to not be working. This is done by design to improve " +"offline mode operation and reuse of existing valid cache entries. To make " +"this change instant the user may want to manually invalidate existing cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 +#: sssd-ipa.5.xml:270 +msgid "Default: 0 (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2928 +msgid "cache_credentials (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2942 +msgid "" +"Take a note that while credentials are stored as a salted SHA512 hash, this " +"still potentially poses some security risk in case an attacker manages to " +"get access to a cache file (normally requires privileged access) and to " +"break a password using brute force attack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2956 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2959 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2966 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2977 +msgid "account_cache_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2980 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2987 +msgid "Default: 0 (unlimited)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2992 +msgid "pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3003 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3010 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3016 +msgid "id_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3019 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3023 +msgid "<quote>proxy</quote>: Support a legacy NSS provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3026 +msgid "" +"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" +"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on how to mirror local users and groups into SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3034 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3062 +msgid "use_fully_qualified_names (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3065 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3070 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3078 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3085 +msgid "" +"Default: FALSE (TRUE for trusted domain/sub-domains or if " +"default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3092 +msgid "ignore_group_members (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3095 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3098 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3116 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 +msgid "" +"This option can be also set per subdomain or inherited via " +"<emphasis>subdomain_inherit</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3132 +msgid "auth_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3135 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3146 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3170 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3173 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3176 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3182 +msgid "access_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3185 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3191 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3194 +msgid "<quote>deny</quote> always deny access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3221 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3228 +msgid "" +"<quote>krb5</quote>: .k5login based access control. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3235 +msgid "<quote>proxy</quote> for relaying access control to another PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3238 +msgid "Default: <quote>permit</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3243 +msgid "chpass_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3246 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3251 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3259 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3284 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3288 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3291 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3298 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3301 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3305 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3313 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3317 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3321 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3328 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3343 +msgid "" +"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " +"background unless the sudo provider is explicitly disabled. Set " +"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related " +"activity in SSSD if you do not want to use sudo with SSSD at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3353 +msgid "selinux_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3356 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3362 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3370 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3373 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3379 +msgid "subdomains_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3382 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3388 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3397 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3406 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3416 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3419 +msgid "" +"The provider which configures and manages user session related tasks. The " +"only user session task currently provided is the integration with Fleet " +"Commander, which works only with IPA. Supported session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3426 +msgid "<quote>ipa</quote> to allow performing user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3430 +msgid "" +"<quote>none</quote> does not perform any kind of user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3434 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can perform " +"session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3438 +msgid "" +"<emphasis>NOTE:</emphasis> In order to have this feature working as expected " +"SSSD must be running as \"root\" and not as the unprivileged user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3446 +msgid "autofs_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3449 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3453 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3460 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3468 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3477 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3487 +msgid "hostid_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3490 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3494 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3502 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3512 +msgid "resolver_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3515 +msgid "" +"The provider which should handle hosts and networks lookups. Supported " +"resolver providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3519 +msgid "" +"<quote>proxy</quote> to forward lookups to another NSS library. See " +"<quote>proxy_resolver_lib_name</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3523 +msgid "" +"<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3530 +msgid "" +"<quote>ad</quote> to fetch hosts and networks stored in AD. See " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring the AD " +"provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3538 +msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3551 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3560 +msgid "" +"Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" +"[^@]+))$</quote> which allows two different styles for user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 +msgid "username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 +msgid "username@domain.name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3573 +msgid "" +"Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" +"name>[^@\\\\]+)))$</quote> which allows three different styles for user " +"names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3585 +msgid "domain\\username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3588 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3593 +msgid "" +"The default re_expression uses the <quote>@</quote> character as a separator " +"between the name and the domain. As a result of this setting the default " +"does not accept the <quote>@</quote> character in short names (as it is " +"allowed in Windows group names). If a user wishes to use short names with " +"<quote>@</quote> they must create their own re_expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3645 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3651 +msgid "lookup_family_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3654 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3658 +msgid "Supported values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3661 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3664 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3667 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3670 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3673 +msgid "Default: ipv4_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3679 +msgid "dns_resolver_server_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3682 +msgid "" +"Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " +"server before trying next DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3687 +msgid "" +"The AD provider will use this option for the CLDAP ping timeouts as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 +msgid "" +"Please see the section <quote>FAILOVER</quote> for more information about " +"the service resolution." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 +msgid "Default: 1000" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3702 +msgid "dns_resolver_op_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3705 +msgid "" +"Defines the amount of time (in seconds) to wait to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or DNS discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3722 +msgid "dns_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3725 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the " +"internal fail over service before assuming that the service is unreachable. " +"If this timeout is reached, the domain will continue to operate in offline " +"mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3743 +msgid "dns_resolver_use_search_list (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3746 +msgid "" +"Normally, the DNS resolver searches the domain list defined in the " +"\"search\" directive from the resolv.conf file. This can lead to delays in " +"environments with improperly configured DNS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3752 +msgid "" +"If fully qualified domain names (or _srv_) are used in the SSSD " +"configuration, setting this option to FALSE can prevent unnecessary DNS " +"lookups in such environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3758 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: TRUE" +msgstr "Dre ziouer : 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3764 +msgid "dns_discovery_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3767 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3771 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3777 +msgid "override_gid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3780 +msgid "Override the primary GID value with the one specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3786 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3793 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3796 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3802 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3804 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3808 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3811 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3819 +msgid "" +"If you want to set this value for trusted domain with IPA provider, you need " +"to set it on both the client and SSSD on the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3789 +msgid "" +"Treat user and group names as case sensitive. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3834 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3840 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3843 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3849 +msgid "ldap_search_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3852 +msgid "ldap_network_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3855 +msgid "ldap_opt_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3858 +msgid "ldap_offline_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3861 +msgid "ldap_enumeration_refresh_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3864 +msgid "ldap_enumeration_refresh_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3867 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3870 +msgid "ldap_purge_cache_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3873 +msgid "" +"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " +"is not set explicitly)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3877 +msgid "ldap_krb5_ticket_lifetime" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3880 +msgid "ldap_enumeration_search_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3883 +msgid "ldap_connection_expire_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3886 +msgid "ldap_connection_expire_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3889 +msgid "ldap_connection_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 +msgid "ldap_use_tokengroups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3895 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3898 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3901 +msgid "auto_private_groups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3904 +msgid "case_sensitive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:3909 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3916 +msgid "Note: This option only works with the IPA and AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3923 +msgid "subdomain_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3934 +msgid "%F" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3935 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3926 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3940 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3944 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3949 +msgid "realmd_tags (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3952 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3958 +msgid "cached_auth_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3961 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode. If the credentials are incorrect, SSSD falls back to online " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3969 +msgid "" +"This option's value is inherited by all trusted domains. At the moment it is " +"not possible to set a different value per trusted domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3974 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3978 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "re_expression (string)" +msgid "local_auth_policy (string)" +msgstr "re_expression (neudennad)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: match" +msgstr "Dre ziouer : 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 +msgid "auto_private_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4050 +msgid "true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4053 +msgid "" +"Create user's private group unconditionally from user's UID number. The GID " +"number is ignored in this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4057 +msgid "" +"NOTE: Because the GID number and the user private group are inferred from " +"the UID number, it is not supported to have multiple entries with the same " +"UID or GID number with this option. In other words, enabling this option " +"enforces uniqueness across the ID space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4066 +msgid "false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4069 +msgid "" +"Always use the user's primary GID number. The GID number must refer to a " +"group object in the LDAP database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4075 +msgid "hybrid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4078 +msgid "" +"A primary group is autogenerated for user entries whose UID and GID numbers " +"have the same value and at the same time the GID number does not correspond " +"to a real group object in LDAP. If the values are the same, but the primary " +"GID in the user entry is also used by a group object, the primary GID of the " +"user resolves to that group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4091 +msgid "" +"If the UID and GID of a user are different, then the GID must correspond to " +"a group entry, otherwise the GID is simply not resolvable." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4098 +msgid "" +"This feature is useful for environments that wish to stop maintaining a " +"separate group objects for the user private groups, but also wish to retain " +"the existing user private groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4047 +msgid "" +"This option takes any of three available values: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4110 +msgid "" +"For subdomains, the default value is False for subdomains that use assigned " +"POSIX IDs and True for subdomains that use automatic ID-mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4118 +#, no-wrap +msgid "" +"[domain/forest.domain/sub.domain]\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4124 +#, no-wrap +msgid "" +"[domain/forest.domain]\n" +"subdomain_inherit = auto_private_groups\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4115 +msgid "" +"The value of auto_private_groups can either be set per subdomains in a " +"subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " +"globally for all subdomains in the main domain section using the " +"subdomain_inherit option: <placeholder type=\"programlisting\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2570 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4139 +msgid "proxy_pam_target (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4142 +msgid "The proxy target PAM proxies to." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4145 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4155 +msgid "proxy_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4158 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4168 +msgid "proxy_resolver_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4171 +msgid "" +"The name of the NSS library to use for hosts and networks lookups in proxy " +"domains. The NSS functions searched for in the library are in the form of " +"_nss_$(libName)_$(function), for example _nss_dns_gethostbyname2_r." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4182 +msgid "proxy_fast_alias (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4185 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4199 +msgid "proxy_max_children (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4202 +msgid "" +"This option specifies the number of pre-forked proxy children. It is useful " +"for high-load SSSD environments where sssd may run out of available child " +"slots, which would cause some issues due to the requests being queued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4135 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:4218 +msgid "Application domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4220 +msgid "" +"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " +"applications as a gateway to an LDAP directory where users and groups are " +"stored. However, contrary to the traditional SSSD deployment where all users " +"and groups either have POSIX attributes or those attributes can be inferred " +"from the Windows SIDs, in many cases the users and groups in the application " +"support scenario have no POSIX attributes. Instead of setting a " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the " +"administrator can set up an <quote>[application/<replaceable>NAME</" +"replaceable>]</quote> section that internally represents a domain with type " +"<quote>application</quote> optionally inherits settings from a tradition " +"SSSD domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4240 +msgid "" +"Please note that the application domain must still be explicitly enabled in " +"the <quote>domains</quote> parameter so that the lookup order between the " +"application domain and its POSIX sibling domain is set correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:4246 +msgid "Application domain parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4248 +msgid "inherit_from (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4251 +msgid "" +"The SSSD POSIX-type domain the application domain inherits all settings " +"from. The application domain can moreover add its own settings to the " +"application settings that augment or override the <quote>sibling</quote> " +"domain settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4265 +msgid "" +"The following example illustrates the use of an application domain. In this " +"setup, the POSIX domain is connected to an LDAP server and is used by the OS " +"through the NSS responder. In addition, the application domain also requests " +"the telephoneNumber attribute, stores it as the phone attribute in the cache " +"and makes the phone attribute reachable through the D-Bus interface." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> +#: sssd.conf.5.xml:4273 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = appdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +phone\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/appdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = phone:telephoneNumber\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4293 +msgid "TRUSTED DOMAIN SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4295 +msgid "" +"Some options used in the domain section can also be used in the trusted " +"domain section, that is, in a section called <quote>[domain/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</" +"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base " +"domain. Please refer to examples below for explanation. Currently supported " +"options in the trusted domain section are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4302 +msgid "ldap_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4303 +msgid "ldap_user_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4304 +msgid "ldap_group_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4305 +msgid "ldap_netgroup_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4306 +msgid "ldap_service_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4307 +msgid "ldap_sasl_mech," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4308 +msgid "ad_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4309 +msgid "ad_backup_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4310 +msgid "ad_site," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 +msgid "use_fully_qualified_names" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4315 +msgid "" +"For more details about these options see their individual description in the " +"manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4321 +msgid "CERTIFICATE MAPPING SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4323 +msgid "" +"To allow authentication with Smartcards and certificates SSSD must be able " +"to map certificates to users. This can be done by adding the full " +"certificate to the LDAP object of the user or to a local override. While " +"using the full certificate is required to use the Smartcard authentication " +"feature of SSH (see <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> for details) it " +"might be cumbersome or not even possible to do this for the general case " +"where local services use PAM for authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4337 +msgid "" +"To make the mapping more flexible mapping and matching rules were added to " +"SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4346 +msgid "" +"A mapping and matching rule can be added to the SSSD configuration in a " +"section on its own with a name like <quote>[certmap/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</" +"replaceable>]</quote>. In this section the following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4353 +msgid "matchrule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4356 +msgid "" +"Only certificates from the Smartcard which matches this rule will be " +"processed, all others are ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4360 +msgid "" +"Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " +"Extended Key Usage <quote>clientAuth</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4367 +msgid "maprule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4370 +msgid "Defines how the user is found for a given certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4376 +msgid "" +"LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " +"<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4382 +msgid "" +"The RULE_NAME for the <quote>files</quote> provider which tries to find a " +"user with the same name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4391 +msgid "domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4394 +msgid "" +"Comma separated list of domain names the rule should be applied. By default " +"a rule is only valid in the domain configured in sssd.conf. If the provider " +"supports subdomains this option can be used to add the rule to subdomains as " +"well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4401 +msgid "Default: the configured domain in sssd.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4406 +msgid "priority (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4409 +msgid "" +"Unsigned integer value defining the priority of the rule. The higher the " +"number the lower the priority. <quote>0</quote> stands for the highest " +"priority while <quote>4294967295</quote> is the lowest." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4415 +msgid "Default: the lowest priority" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4421 +msgid "" +"To make the configuration simple and reduce the amount of configuration " +"options the <quote>files</quote> provider has some special properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4427 +msgid "" +"if maprule is not set the RULE_NAME name is assumed to be the name of the " +"matching user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4433 +msgid "" +"if a maprule is used both a single user name or a template like " +"<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " +"<quote>(username)</quote> or <quote>({subject_rfc822_name.short_name})</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4442 +msgid "the <quote>domains</quote> option is ignored" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4450 +msgid "PROMPTING CONFIGURATION SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4452 +msgid "" +"If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" +"filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " +"which authentication methods are available for the user trying to log in. " +"Based on the results pam_sss will prompt the user for appropriate " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4460 +msgid "" +"With the growing number of authentication methods and the possibility that " +"there are multiple ones for a single user the heuristic used by pam_sss to " +"select the prompting might not be suitable for all use cases. The following " +"options should provide a better flexibility here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4472 +msgid "[prompting/password]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4475 +msgid "password_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4476 +msgid "to change the string of the password prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4474 +msgid "" +"to configure password prompting, allowed options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4484 +msgid "[prompting/2fa]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4488 +msgid "first_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4489 +msgid "to change the string of the prompt for the first factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4492 +msgid "second_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4493 +msgid "to change the string of the prompt for the second factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4496 +msgid "single_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4497 +msgid "" +"boolean value, if True there will be only a single prompt using the value of " +"first_prompt where it is expected that both factors are entered as a single " +"string. Please note that both factors have to be entered here, even if the " +"second factor is optional." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4486 +msgid "" +"to configure two-factor authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " +"optional and it should be possible to log in either only with the password " +"or with both factors two-step prompting has to be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4514 +msgid "[prompting/passkey]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4522 +msgid "" +"boolean value, if True prompt a message and wait before testing the presence " +"of a passkey device. Recommended if your device doesn’t have a tactile " +"trigger." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4530 +msgid "interactive_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4532 +msgid "to change the message of the interactive prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4537 +msgid "touch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4539 +msgid "" +"boolean value, if True prompt a message to remind the user to touch the " +"device." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4545 +msgid "touch_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4547 +msgid "to change the message of the touch prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4516 +msgid "" +"to configure passkey authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4467 +msgid "" +"Each supported authentication method has its own configuration subsection " +"under <quote>[prompting/...]</quote>. Currently there are: <placeholder " +"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/" +"> <placeholder type=\"variablelist\" id=\"2\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4558 +msgid "" +"It is possible to add a subsection for specific PAM services, e.g. " +"<quote>[prompting/password/sshd]</quote> to individual change the prompting " +"for this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +msgid "EXAMPLES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4571 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4567 +msgid "" +"1. The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4604 +#, no-wrap +msgid "" +"[domain/ipa.com/child.ad.com]\n" +"use_fully_qualified_names = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4598 +msgid "" +"2. The following example shows configuration of IPA AD trust where the AD " +"forest consists of two domains in a parent-child structure. Suppose IPA " +"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain " +"(child.ad.com). To enable shortnames in the child domain the following " +"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/" +">" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4615 +#, no-wrap +msgid "" +"[certmap/my.domain/rule_name]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +"maprule = (userCertificate;binary={cert!bin})\n" +"domains = my.domain, your.domain\n" +"priority = 10\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4609 +msgid "" +"3. The following example shows the configuration of a certificate mapping " +"rule. It is valid for the configured domain <quote>my.domain</quote> and " +"additionally for the subdomains <quote>your.domain</quote> and uses the full " +"certificate in the search filter. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:21 pam_sss.8.xml:63 pam_sss_gss.8.xml:30 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21 +#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 +#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sssd-krb5.5.xml:21 +#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 +#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 +#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30 +#: sssd-files.5.xml:21 sssd-session-recording.5.xml:21 sssd-kcm.8.xml:21 +#: sssd-systemtap.5.xml:21 sssd-ldap-attributes.5.xml:21 +#: sssd_krb5_localauth_plugin.8.xml:20 +msgid "DESCRIPTION" +msgstr "DESKRIVADUR" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 +#: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 +msgid "CONFIGURATION OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:67 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:77 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:80 +msgid "ldap[s]://<host>[:port]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:83 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:86 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:92 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:102 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:106 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:112 +msgid "ldap_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:115 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:123 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 +msgid "Examples:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:136 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:141 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:151 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:165 +msgid "ldap_schema (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:175 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:179 +msgid "rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:184 +msgid "rfc2307bis" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:189 +msgid "IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:194 +msgid "AD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:200 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:210 +msgid "Default: rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:216 +msgid "ldap_pwmodify_mode (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:219 +msgid "Specify the operation that is used to modify user password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:223 +msgid "Two modes are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:227 +msgid "exop - Password Modify Extended Operation (RFC 3062)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:233 +msgid "ldap_modify - Direct modification of userPassword (not recommended)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:240 +msgid "" +"Note: First, a new connection is established to verify current password by " +"binding as the user that requested password change. If successful, this " +"connection is used to change the password therefore the user must have write " +"access to userPassword attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:248 +msgid "Default: exop" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:254 +msgid "ldap_default_bind_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:264 +msgid "ldap_default_authtok_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:267 +msgid "The type of the authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:271 +msgid "The two mechanisms currently supported are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:274 +msgid "password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:277 +msgid "obfuscated_password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:280 +msgid "Default: password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "" +"See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:294 +msgid "ldap_default_authtok (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:297 +msgid "The authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:303 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:306 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:319 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:338 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:341 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:347 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:367 +msgid "ldap_group_nesting_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:370 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:395 +msgid "Default: 2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:404 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:439 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:444 +msgid "ldap_iphost_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:449 +msgid "ldap_ipnetwork_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:454 +msgid "ldap_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:457 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:463 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:480 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:483 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:501 +msgid "ldap_network_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:532 +msgid "ldap_opt_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:535 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:555 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:558 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:566 +msgid "" +"If the connection is idle (not actively running an operation) within " +"<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " +"closed early to ensure that a new query cannot require the connection to " +"remain open past its expiration. This implies that connections will always " +"be closed immediately and will never be reused if " +"<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:578 +msgid "" +"This timeout can be extended of a random value specified by " +"<emphasis>ldap_connection_expire_offset</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_connection_expire_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"Random offset between 0 and configured value is added to " +"<emphasis>ldap_connection_expire_timeout</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:613 +msgid "ldap_connection_idle_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:616 +msgid "" +"Specifies a timeout (in seconds) that an idle connection to an LDAP server " +"will be maintained. If the connection is idle for more than this time then " +"the connection will be closed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:622 +msgid "You can disable this timeout by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:637 +msgid "ldap_page_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:640 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:651 +msgid "ldap_disable_paging (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:654 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:660 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:666 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:678 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:681 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:684 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:699 +msgid "ldap_sasl_minssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:702 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:715 +msgid "ldap_sasl_maxssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:718 +msgid "" +"When communicating with an LDAP server using SASL, specify the maximal " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:731 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:734 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:740 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0. " +"Please note that there are some codepaths in SSSD, like the IPA HBAC " +"provider, that are only implemented using the dereference call, so even with " +"dereference explicitly disabled, those parts will still use dereference if " +"the server supports it and advertises the dereference control in the rootDSE " +"object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:751 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:759 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:772 +msgid "ldap_ignore_unreadable_references (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:775 +msgid "" +"Ignore unreadable LDAP entries referenced in group's member attribute. If " +"this parameter is set to false an error will be returned and the operation " +"will fail instead of just ignoring the unreadable entry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:782 +msgid "" +"This parameter may be useful when using the AD provider and the computer " +"account that sssd uses to connect to AD does not have access to a particular " +"entry or LDAP sub-tree for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:795 +msgid "ldap_tls_reqcert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:798 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:808 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:815 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:821 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:827 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:831 +msgid "Default: hard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:837 +msgid "ldap_tls_cacert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:840 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:852 +msgid "ldap_tls_cacertdir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:855 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:870 +msgid "ldap_tls_cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:873 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:883 +msgid "ldap_tls_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:886 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:895 +msgid "ldap_tls_cipher_suite (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:898 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:914 +msgid "" +"Specifies that the id_provider connection must also use <systemitem " +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_id_mapping (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:934 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:944 +msgid "ldap_min_id, ldap_max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:947 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:959 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:965 +msgid "ldap_sasl_mech (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:968 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " +"tested and supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:972 +msgid "" +"If the backend supports sub-domains the value of ldap_sasl_mech is " +"automatically inherited to the sub-domains. If a different value is needed " +"for a sub-domain it can be overwritten by setting ldap_sasl_mech for this " +"sub-domain explicitly. Please see TRUSTED DOMAIN SECTION in " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:988 +msgid "ldap_sasl_authid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ldap.5.xml:1000 +#, no-wrap +msgid "" +"hostname@REALM\n" +"netbiosname$@REALM\n" +"host/hostname@REALM\n" +"*$@REALM\n" +"host/*@REALM\n" +"host/*\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:991 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " +"this represents the Kerberos principal used for authentication to the " +"directory. This option can either contain the full principal (for example " +"host/myhost@EXAMPLE.COM) or just the principal name (for example host/" +"myhost). By default, the value is not set and the following principals are " +"used: <placeholder type=\"programlisting\" id=\"0\"/> If none of them are " +"found, the first principal in keytab is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1011 +msgid "Default: host/hostname@REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1017 +msgid "ldap_sasl_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1026 +msgid "Default: the value of krb5_realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1032 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1035 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1040 +msgid "Default: false;" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1046 +msgid "ldap_krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1049 +msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1064 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1067 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI or GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1079 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 +msgid "Default: 86400 (24 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1100 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1129 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1133 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 +msgid "krb5_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1142 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1182 +msgid "ldap_pwd_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1185 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1190 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired. Please see option " +"\"ldap_chpass_update_last_change\" as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1203 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1212 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1220 +msgid "ldap_referrals (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1223 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1227 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1232 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement. Setting this option to " +"false is therefore recommended in case the SSSD LDAP provider is used " +"together with Microsoft Active Directory as a backend. Even if SSSD would be " +"able to follow the referral to a different AD DC no additional data would be " +"available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1251 +msgid "ldap_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1254 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1258 +msgid "Default: ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1264 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1267 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1278 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1281 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1287 +msgid "" +"It is recommend to set this option explicitly if \"ldap_pwd_policy = " +"shadow\" is used to let SSSD know if the LDAP server will update " +"shadowLastChange LDAP attribute automatically after a password change or if " +"SSSD has to update it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1301 +msgid "ldap_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1304 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1324 +msgid "Example:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1327 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1331 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1336 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 +msgid "Default: Empty" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1350 +msgid "ldap_account_expire_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1353 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1357 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1364 +msgid "The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1367 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1372 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1379 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1393 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1406 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1413 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1416 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1426 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1433 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1450 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 +msgid "" +"The difference between these options is the action taken if user password is " +"expired:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 +msgid "pwd_expire_policy_reject - user is denied to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 +msgid "pwd_expire_policy_warn - user is still able to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 +msgid "" +"pwd_expire_policy_renew - user is prompted to change their password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1489 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1499 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1503 +msgid "" +"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " +"remote host can access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "" +"Please note, rhost field in pam is set by application, it is better to check " +"what the application sends to pam, before enabling this access control option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1512 +msgid "Default: filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1515 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1522 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1525 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1533 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1536 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1542 +msgid "ldap_deref (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1545 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1550 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1559 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1564 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1569 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1577 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1580 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1584 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1595 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 +msgid "wildcard_limit (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1610 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1614 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1624 +msgid "ldap_library_debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1627 +msgid "" +"Switches on libldap debugging with the given level. The libldap debug " +"messages will be written independent of the general debug_level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1632 +msgid "" +"OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " +"enable full debug output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1637 +msgid "Default: 0 (libldap debugging disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:52 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. Note that SSSD " +"LDAP mapping attributes are described in the <citerefentry> " +"<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1647 +msgid "SUDO OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1649 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1660 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1663 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1668 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1673 +msgid "" +"You can disable full refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 +msgid "Default: 21600 (6 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest " +"server USN value that is currently known by SSSD)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1693 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1697 +msgid "" +"<emphasis>Note:</emphasis> the highest USN value can be updated by three " +"tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +"enumeration of users and groups (if enabled and updated users or groups are " +"found) and 3) by reconnecting to the server (by default every 15 minutes, " +"see <emphasis>ldap_connection_expire_timeout</emphasis>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1708 +msgid "" +"You can disable smart refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1719 +msgid "ldap_sudo_random_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1722 +msgid "" +"Random offset between 0 and configured value is added to smart and full " +"refresh periods each time the periodic task is scheduled. The value is in " +"seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Note that this random offset is also applied on the first SSSD start which " +"delays the first sudo rules refresh. This prolongs the time when the sudo " +"rules are not available for use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1734 +msgid "You can disable this offset by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1744 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1747 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1758 +msgid "ldap_sudo_hostnames (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1761 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1766 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 +msgid "Default: not specified" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1782 +msgid "ldap_sudo_ip (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1785 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1790 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1805 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1808 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1823 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1826 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +#: sssd-ldap.5.xml:1836 +msgid "" +"Using wildcard is an operation that is very costly to evaluate on the LDAP " +"server side!" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1848 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1858 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1866 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1869 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1872 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1883 +msgid "ADVANCED OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1890 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1895 +msgid "ldap_user_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1900 +msgid "ldap_group_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:1905 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no GID mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:1914 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1916 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1885 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder " +"type=\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 +msgid "EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1944 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 +#: include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1955 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1957 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1962 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1979 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:11 pam_sss.8.xml:16 +msgid "pam_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: pam_sss.8.xml:12 pam_sss_gss.8.xml:12 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11 +#: sssd_krb5_localauth_plugin.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:17 +msgid "PAM module for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:22 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg " +"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg " +"choice='opt'> <replaceable>prompt_always</replaceable> </arg> <arg " +"choice='opt'> <replaceable>try_cert_auth</replaceable> </arg> <arg " +"choice='opt'> <replaceable>require_cert_auth</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:64 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123 +#: sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "DIBARZHIOÙ" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:74 +msgid "<option>quiet</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:77 +msgid "Suppress log messages for unknown users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>forward_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:92 +msgid "<option>use_first_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:95 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>use_authtok</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:113 +msgid "<option>retry=N</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:116 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:118 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:130 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:137 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:141 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:148 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:152 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:158 +msgid "" +"NOTE: If this is used for a service not running as root user, e.g. a web-" +"server, it must be used in conjunction with the <quote>pam_trusted_users</" +"quote> and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:173 +msgid "<option>allow_missing_name</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:177 +msgid "" +"The main purpose of this option is to let SSSD determine the user name based " +"on additional information, e.g. the certificate from a Smartcard." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: pam_sss.8.xml:187 +#, no-wrap +msgid "" +"auth sufficient pam_sss.so allow_missing_name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:182 +msgid "" +"The current use case are login managers which can monitor a Smartcard reader " +"for card events. In case a Smartcard is inserted the login manager will call " +"a PAM stack which includes a line like <placeholder type=\"programlisting\" " +"id=\"0\"/> In this case SSSD will try to determine the user name based on " +"the content of the Smartcard, returns it to pam_sss which will finally put " +"it on the PAM stack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:197 +msgid "<option>prompt_always</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:201 +msgid "" +"Always prompt the user for credentials. With this option credentials " +"requested by other PAM modules, typically a password, will be ignored and " +"pam_sss will prompt for credentials again. Based on the pre-auth reply by " +"SSSD pam_sss might prompt for a password, a Smartcard PIN or other " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:212 +msgid "<option>try_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:216 +msgid "" +"Try to use certificate based authentication, i.e. authentication with a " +"Smartcard or similar devices. If a Smartcard is available and the service is " +"allowed for Smartcard authentication the user will be prompted for a PIN and " +"the certificate based authentication will continue" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:224 +msgid "" +"If no Smartcard is available or certificate based authentication is not " +"allowed for the current service PAM_AUTHINFO_UNAVAIL is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:232 +msgid "<option>require_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:236 +msgid "" +"Do certificate based authentication, i.e. authentication with a Smartcard " +"or similar devices. If a Smartcard is not available the user will be " +"prompted to insert one. SSSD will wait for a Smartcard until the timeout " +"defined by p11_wait_for_card_timeout passed, please see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:246 +msgid "" +"If no Smartcard is available after the timeout or certificate based " +"authentication is not allowed for the current service PAM_AUTHINFO_UNAVAIL " +"is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:256 pam_sss_gss.8.xml:103 +msgid "MODULE TYPES PROVIDED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:257 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:260 +msgid "" +"If SSSD's PAM responder is not running, e.g. if the PAM responder socket is " +"not available, pam_sss will return PAM_USER_UNKNOWN when called as " +"<option>account</option> module to avoid issues with users from other " +"sources during access control." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:267 pam_sss_gss.8.xml:108 +msgid "RETURN VALUES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:270 pam_sss_gss.8.xml:111 +msgid "PAM_SUCCESS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:273 pam_sss_gss.8.xml:114 +msgid "The PAM operation finished successfully." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:278 pam_sss_gss.8.xml:119 +msgid "PAM_USER_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:281 +msgid "" +"The user is not known to the authentication service or the SSSD's PAM " +"responder is not running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:287 pam_sss_gss.8.xml:128 +msgid "PAM_AUTH_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:290 +msgid "" +"Authentication failure. Also, could be returned when there is a problem with " +"getting the certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:296 +msgid "PAM_PERM_DENIED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:299 +msgid "" +"Permission denied. The SSSD log files may contain additional information " +"about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:305 +msgid "PAM_IGNORE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:308 +msgid "" +"See options <option>ignore_unknown_user</option> and " +"<option>ignore_authinfo_unavail</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:314 +msgid "PAM_AUTHTOK_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:317 +msgid "" +"Unable to obtain the new authentication token. Also, could be returned when " +"the user authenticates with certificates and multiple certificates are " +"available, but the installed version of GDM does not support selection from " +"multiple certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:325 pam_sss_gss.8.xml:136 +msgid "PAM_AUTHINFO_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:328 pam_sss_gss.8.xml:139 +msgid "" +"Unable to access the authentication information. This might be due to a " +"network or hardware failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:334 +msgid "PAM_BUF_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:337 +msgid "" +"A memory error occurred. Also, could be returned when options use_first_pass " +"or use_authtok were set, but no password was found from the previously " +"stacked PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:344 pam_sss_gss.8.xml:145 +msgid "PAM_SYSTEM_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:347 pam_sss_gss.8.xml:148 +msgid "" +"A system error occurred. The SSSD log files may contain additional " +"information about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:353 +msgid "PAM_CRED_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:356 +msgid "Unable to set the credentials of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:361 +msgid "PAM_CRED_INSUFFICIENT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:364 +msgid "" +"The application does not have sufficient credentials to authenticate the " +"user. For example, missing PIN during smartcard authentication or missing " +"factor during two-factor authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:372 +msgid "PAM_SERVICE_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:375 +msgid "Error in service module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:380 +msgid "PAM_NEW_AUTHTOK_REQD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:383 +msgid "The user's authentication token has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:388 +msgid "PAM_ACCT_EXPIRED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:391 +msgid "The user account has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:396 +msgid "PAM_SESSION_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:399 +msgid "Unable to fetch IPA Desktop Profile rules or user info." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:404 +msgid "PAM_CRED_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:407 +msgid "Unable to retrieve Kerberos user credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:412 +msgid "PAM_NO_MODULE_DATA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:415 +msgid "" +"No authentication method was found by Kerberos. This might happen if the " +"user has a Smartcard assigned but the pkint plugin is not available on the " +"client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:422 +msgid "PAM_CONV_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:425 +msgid "Conversation failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:430 +msgid "PAM_AUTHTOK_LOCK_BUSY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:433 +msgid "No KDC suitable for password change is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:438 +msgid "PAM_ABORT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:441 +msgid "Unknown PAM call." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:446 +msgid "PAM_MODULE_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:449 +msgid "Unsupported PAM task or command." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:454 +msgid "PAM_BAD_ITEM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:457 +msgid "The authentication module cannot handle Smartcard credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:465 +msgid "FILES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:466 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:471 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:481 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss_gss.8.xml:11 pam_sss_gss.8.xml:16 +msgid "pam_sss_gss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss_gss.8.xml:17 +msgid "PAM module for SSSD GSSAPI authentication" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss_gss.8.xml:22 +#, fuzzy +#| msgid "" +#| "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +#| "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#| "arg>" +msgid "" +"<command>pam_sss_gss.so</command> <arg choice='opt'> <replaceable>debug</" +"replaceable> </arg>" +msgstr "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:32 +msgid "" +"<command>pam_sss_gss.so</command> authenticates user over GSSAPI in " +"cooperation with SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:36 +msgid "" +"This module will try to authenticate the user using the GSSAPI hostbased " +"service name host@hostname which translates to host/hostname@REALM Kerberos " +"principal. The <emphasis>REALM</emphasis> part of the Kerberos principal " +"name is derived by Kerberos internal mechanisms and it can be set explicitly " +"in configuration of [domain_realm] section in /etc/krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:44 +msgid "" +"SSSD is used to provide desired service name and to validate the user's " +"credentials using GSSAPI calls. If the service ticket is already present in " +"the Kerberos credentials cache or if user's ticket granting ticket can be " +"used to get the correct service ticket then the user will be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:51 +msgid "" +"If <option>pam_gssapi_check_upn</option> is True (default) then SSSD " +"requires that the credentials used to obtain the service tickets can be " +"associated with the user. This means that the principal that owns the " +"Kerberos credentials must match with the user principal name as defined in " +"LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:58 +msgid "" +"To enable GSSAPI authentication in SSSD, set <option>pam_gssapi_services</" +"option> option in [pam] or domain section of sssd.conf. The service " +"credentials need to be stored in SSSD's keytab (it is already present if you " +"use ipa or ad provider). The keytab location can be set with " +"<option>krb5_keytab</option> option. See <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> and " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more details on these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:74 +msgid "" +"Some Kerberos deployments allow to associate authentication indicators with " +"a particular pre-authentication method used to obtain the ticket granting " +"ticket by the user. <command>pam_sss_gss.so</command> allows to enforce " +"presence of authentication indicators in the service tickets before a " +"particular PAM service can be accessed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:82 +msgid "" +"If <option>pam_gssapi_indicators_map</option> is set in the [pam] or domain " +"section of sssd.conf, then SSSD will perform a check of the presence of any " +"configured indicators in the service ticket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss_gss.8.xml:93 +msgid "<option>debug</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:96 +msgid "Print debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:104 +msgid "Only the <option>auth</option> module type is provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:122 +msgid "" +"The user is not known to the authentication service or the GSSAPI " +"authentication is not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:131 +msgid "Authentication failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:159 +msgid "" +"The main use case is to provide password-less authentication in sudo but " +"without the need to disable authentication completely. To achieve this, " +"first enable GSSAPI authentication for sudo in sssd.conf:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:165 +#, no-wrap +msgid "" +"[domain/MYDOMAIN]\n" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:169 +msgid "" +"And then enable the module in desired PAM stack (e.g. /etc/pam.d/sudo and /" +"etc/pam.d/sudo-i)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:173 +#, no-wrap +msgid "" +"...\n" +"auth sufficient pam_sss_gss.so\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss_gss.8.xml:180 +msgid "TROUBLESHOOTING" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:182 +msgid "" +"SSSD logs, pam_sss_gss debug output and syslog may contain helpful " +"information about the error. Here are some common issues:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:186 +msgid "" +"1. I have KRB5CCNAME environment variable set and the authentication does " +"not work: Depending on your sudo version, it is possible that sudo does not " +"pass this variable to the PAM environment. Try adding KRB5CCNAME to " +"<option>env_keep</option> in /etc/sudoers or in your LDAP sudo rules default " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:193 +msgid "" +"2. Authentication does not work and syslog contains \"Server not found in " +"Kerberos database\": Kerberos is probably not able to resolve correct realm " +"for the service ticket based on the hostname. Try adding the hostname " +"directly to <option>[domain_realm]</option> in /etc/krb5.conf like so:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:200 +msgid "" +"3. Authentication does not work and syslog contains \"No Kerberos " +"credentials available\": You don't have any credentials that can be used to " +"obtain the required service ticket. Use kinit or authenticate over SSSD to " +"acquire those credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:206 +msgid "" +"4. Authentication does not work and SSSD sssd-pam log contains \"User with " +"UPN [$UPN] was not found.\" or \"UPN [$UPN] does not match target user " +"[$username].\": You are using credentials that can not be mapped to the user " +"that is being authenticated. Try to use kswitch to select different " +"principal, make sure you authenticated with SSSD or consider disabling " +"<option>pam_gssapi_check_upn</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:214 +#, no-wrap +msgid "" +"[domain_realm]\n" +".myhostname = MYREALM\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by libkrb5 to find KDCs for a given Kerberos realm. SSSD provides such " +"a plugin to guide all Kerberos clients on a system to a single KDC. In " +"general it should not matter to which KDC a client process is talking to. " +"But there are cases, e.g. after a password change, where not all KDCs are in " +"the same state because the new data has to be replicated first. To avoid " +"unexpected authentication failures and maybe even account lockings it would " +"be good to talk to a single KDC as long as possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:34 +msgid "" +"libkrb5 will search the locator plugin in the libkrb5 sub-directory of the " +"Kerberos plugin directory, see plugin_base_dir in <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for details. The plugin can only be disabled by removing the " +"plugin file. There is no option in the Kerberos configuration to disable it. " +"But the SSSD_KRB5_LOCATOR_DISABLE environment variable can be used to " +"disable the plugin for individual commands. Alternatively the SSSD option " +"krb5_use_kdcinfo=False can be used to not generate the data needed by the " +"plugin. With this the plugin is still called but will provide no data to the " +"caller so that libkrb5 can fall back to other methods defined in krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:50 +msgid "" +"The plugin reads the information about the KDCs of a given realm from a file " +"called <filename>kdcinfo.REALM</filename>. The file should contain one or " +"more DNS names or IP addresses either in dotted-decimal IPv4 notation or the " +"hexadecimal IPv6 notation. An optional port number can be added to the end " +"separated with a colon, the IPv6 address has to be enclosed in squared " +"brackets in this case as usual. Valid entries are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:58 +msgid "kdc.example.com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:59 +msgid "kdc.example.com:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:60 +msgid "1.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:61 +msgid "5.6.7.8:99" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:62 +msgid "2001:db8:85a3::8a2e:370:7334" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "[2001:db8:85a3::8a2e:370:7334]:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:65 +msgid "" +"SSSD's krb5 auth-provider which is used by the IPA and AD providers as well " +"adds the address of the current KDC or domain controller SSSD is using to " +"this file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:70 +msgid "" +"In environments with read-only and read-write KDCs where clients are " +"expected to use the read-only instances for the general operations and only " +"the read-write KDC for config changes like password changes a " +"<filename>kpasswdinfo.REALM</filename> is used as well to identify read-" +"write KDCs. If this file exists for the given realm the content will be used " +"by the plugin to reply to requests for a kpasswd or kadmin server or for the " +"MIT Kerberos specific master KDC. If the address contains a port number the " +"default KDC port 88 will be used for the latter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:85 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:91 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:95 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value " +"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the " +"caller." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:100 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES is set to " +"any value plugin will try to resolve all DNS names in kdcinfo file. By " +"default plugin returns KRB5_PLUGIN_NO_HANDLE to the caller immediately on " +"first DNS resolving failure." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:83 sssd-ad.5.xml:131 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss-certmap.5.xml:10 sss-certmap.5.xml:16 +msgid "sss-certmap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss-certmap.5.xml:17 +msgid "SSSD Certificate Matching and Mapping Rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:23 +msgid "" +"The manual page describes the rules which can be used by SSSD and other " +"components to match X.509 certificates and map them to accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:28 +msgid "" +"Each rule has four components, a <quote>priority</quote>, a <quote>matching " +"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</" +"quote>. All components are optional. A missing <quote>priority</quote> will " +"add the rule with the lowest priority. The default <quote>matching rule</" +"quote> will match certificates with the digitalSignature key usage and " +"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty " +"the certificates will be searched in the userCertificate attribute as DER " +"encoded binary. If no domains are given only the local domain will be " +"searched." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:39 +msgid "" +"To allow extensions or completely different style of rule the " +"<quote>mapping</quote> and <quote>matching rules</quote> can contain a " +"prefix separated with a ':' from the main part of the rule. The prefix may " +"only contain upper-case ASCII letters and numbers. If the prefix is omitted " +"the default type will be used which is 'KRB5' for the matching rules and " +"'LDAP' for the mapping rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:48 +msgid "" +"The 'sssctl' utility provides the 'cert-eval-rule' command to check if a " +"given certificate matches a matching rules and how the output of a mapping " +"rule would look like." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss-certmap.5.xml:55 +msgid "RULE COMPONENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:57 +msgid "PRIORITY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:59 +msgid "" +"The rules are processed by priority while the number '0' (zero) indicates " +"the highest priority. The higher the number the lower is the priority. A " +"missing value indicates the lowest priority. The rules processing is stopped " +"when a matched rule is found and no further rules are checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:66 +msgid "" +"Internally the priority is treated as unsigned 32bit integer, using a " +"priority value larger than 4294967295 will cause an error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:70 +msgid "" +"If multiple rules have the same priority and only one of the related " +"matching rules applies, this rule will be chosen. If there are multiple " +"rules with the same priority which matches, one is chosen but which one is " +"undefined. To avoid this undefined behavior either use different priorities " +"or make the matching rules more specific e.g. by using distinct <" +"ISSUER> patterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:79 +msgid "MATCHING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:81 +msgid "" +"The matching rule is used to select a certificate to which the mapping rule " +"should be applied. It uses a system similar to the one used by " +"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a " +"keyword enclosed by '<' and '>' which identified a certain part of the " +"certificate and a pattern which should be found for the rule to match. " +"Multiple keyword pattern pairs can be either joined with '&&' (and) " +"or '||' (or)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:90 +msgid "" +"Given the similarity to MIT Kerberos the type prefix for this rule is " +"'KRB5'. But 'KRB5' will also be the default for <quote>matching rules</" +"quote> so that \"<SUBJECT>.*,DC=MY,DC=DOMAIN\" and \"KRB5:<" +"SUBJECT>.*,DC=MY,DC=DOMAIN\" are equivalent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:99 +msgid "<SUBJECT>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:102 +msgid "" +"With this a part or the whole subject name of the certificate can be " +"matched. For the matching POSIX Extended Regular Expression syntax is used, " +"see regex(7) for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:108 +msgid "" +"For the matching the subject name stored in the certificate in DER encoded " +"ASN.1 is converted into a string according to RFC 4514. This means the most " +"specific name component comes first. Please note that not all possible " +"attribute names are covered by RFC 4514. The names included are 'CN', 'L', " +"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might " +"be shown differently on different platform and by different tools. To avoid " +"confusion those attribute names are best not used or covered by a suitable " +"regular-expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:121 +msgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:124 +msgid "" +"Please note that the characters \"^.[$()|*+?{\\\" have a special meaning in " +"regular expressions and must be escaped with the help of the '\\' character " +"so that they are matched as ordinary characters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:130 +msgid "Example: <SUBJECT>^CN=.* \\(Admin\\),DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:135 +msgid "<ISSUER>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:138 +msgid "" +"With this a part or the whole issuer name of the certificate can be matched. " +"All comments for <SUBJECT> apply her as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:143 +msgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:148 +msgid "<KU>key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:151 +msgid "" +"This option can be used to specify which key usage values the certificate " +"should have. The following values can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:155 +msgid "digitalSignature" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:156 +msgid "nonRepudiation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:157 +msgid "keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:158 +msgid "dataEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:159 +msgid "keyAgreement" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:160 +msgid "keyCertSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:161 +msgid "cRLSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:162 +msgid "encipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:163 +msgid "decipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:167 +msgid "" +"A numerical value in the range of a 32bit unsigned integer can be used as " +"well to cover special use cases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:171 +msgid "Example: <KU>digitalSignature,keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:176 +msgid "<EKU>extended-key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:179 +msgid "" +"This option can be used to specify which extended key usage the certificate " +"should have. The following value can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:183 +msgid "serverAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:184 +msgid "clientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:185 +msgid "codeSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:186 +msgid "emailProtection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:187 +msgid "timeStamping" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:188 +msgid "OCSPSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:189 +msgid "KPClientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:190 +msgid "pkinit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:191 +msgid "msScLogin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:195 +msgid "" +"Extended key usages which are not listed above can be specified with their " +"OID in dotted-decimal notation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:199 +msgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:204 +msgid "<SAN>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:207 +msgid "" +"To be compatible with the usage of MIT Kerberos this option will match the " +"Kerberos principals in the PKINIT or AD NT Principal SAN as <SAN:" +"Principal> does." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:212 +msgid "Example: <SAN>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:217 +msgid "<SAN:Principal>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:220 +msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:224 +msgid "Example: <SAN:Principal>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:229 +msgid "<SAN:ntPrincipalName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:232 +msgid "Match the Kerberos principals from the AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:236 +msgid "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:241 +msgid "<SAN:pkinit>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:244 +msgid "Match the Kerberos principals from the PKINIT SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:247 +msgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:252 +msgid "<SAN:dotted-decimal-oid>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:255 +msgid "" +"Take the value of the otherName SAN component given by the OID in dotted-" +"decimal notation, interpret it as string and try to match it against the " +"regular expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:261 +msgid "Example: <SAN:1.2.3.4>test" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:266 +msgid "<SAN:otherName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:269 +msgid "" +"Do a binary match with the base64 encoded blob against all otherName SAN " +"components. With this option it is possible to match against custom " +"otherName components with special encodings which could not be treated as " +"strings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:276 +msgid "Example: <SAN:otherName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:281 +msgid "<SAN:rfc822Name>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:284 +msgid "Match the value of the rfc822Name SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:287 +msgid "Example: <SAN:rfc822Name>.*@email\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:292 +msgid "<SAN:dNSName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:295 +msgid "Match the value of the dNSName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:298 +msgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:303 +msgid "<SAN:x400Address>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:306 +msgid "Binary match the value of the x400Address SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:309 +msgid "Example: <SAN:x400Address>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:314 +msgid "<SAN:directoryName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:317 +msgid "" +"Match the value of the directoryName SAN. The same comments as given for <" +"ISSUER> and <SUBJECT> apply here as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:322 +msgid "Example: <SAN:directoryName>.*,DC=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:327 +msgid "<SAN:ediPartyName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:330 +msgid "Binary match the value of the ediPartyName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:333 +msgid "Example: <SAN:ediPartyName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:338 +msgid "<SAN:uniformResourceIdentifier>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:341 +msgid "Match the value of the uniformResourceIdentifier SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:344 +msgid "Example: <SAN:uniformResourceIdentifier>URN:.*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:349 +msgid "<SAN:iPAddress>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:352 +msgid "Match the value of the iPAddress SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:355 +msgid "Example: <SAN:iPAddress>192\\.168\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:360 +msgid "<SAN:registeredID>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:363 +msgid "Match the value of the registeredID SAN as dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:367 +msgid "Example: <SAN:registeredID>1\\.2\\.3\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:96 +msgid "" +"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:375 +msgid "MAPPING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:377 +msgid "" +"The mapping rule is used to associate a certificate with one or more " +"accounts. A Smartcard with the certificate and the matching private key can " +"then be used to authenticate as one of those accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:382 +msgid "" +"Currently SSSD basically only supports LDAP to lookup user information (the " +"exception is the proxy provider which is not of relevance here). Because of " +"this the mapping rule is based on LDAP search filter syntax with templates " +"to add certificate content to the filter. It is expected that the filter " +"will only contain the specific data needed for the mapping and that the " +"caller will embed it in another filter to do the actual search. Because of " +"this the filter string should start and stop with '(' and ')' respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:392 +msgid "" +"In general it is recommended to use attributes from the certificate and add " +"them to special attributes to the LDAP user object. E.g. the " +"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute " +"for IPA can be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:398 +msgid "" +"This should be preferred to read user specific data from the certificate " +"like e.g. an email address and search for it in the LDAP server. The reason " +"is that the user specific data in LDAP might change for various reasons " +"would break the mapping. On the other hand it would be hard to break the " +"mapping on purpose for a specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:406 +msgid "" +"The default <quote>mapping rule</quote> type is 'LDAP' which can be added as " +"a prefix to a rule like e.g. 'LDAP:(userCertificate;binary={cert!bin})'. " +"There is an extension called 'LDAPU1' which offer more templates for more " +"flexibility. To allow older versions of this library to ignore the extension " +"the prefix 'LDAPU1' must be used when using the new templates in a " +"<quote>mapping rule</quote> otherwise the old version of this library will " +"fail with a parsing error. The new templates are described in section <xref " +"linkend=\"map_ldapu1\"/>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:424 +msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:427 +msgid "" +"This template will add the full issuer DN converted to a string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:433 sss-certmap.5.xml:459 +msgid "" +"The conversion options starting with 'ad_' will use attribute names as used " +"by AD, e.g. 'S' instead of 'ST'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:437 sss-certmap.5.xml:463 +msgid "" +"The conversion options starting with 'nss_' will use attribute names as used " +"by NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:441 sss-certmap.5.xml:467 +msgid "" +"The default conversion option is 'nss', i.e. attribute names according to " +"NSS and LDAP/RFC 4514 ordering." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:445 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!" +"ad})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:450 +msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:453 +msgid "" +"This template will add the full subject DN converted to string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:471 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>" +"{subject_dn!nss_x500})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:476 +msgid "{cert[!(bin|base64)]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:479 +msgid "" +"This template will add the whole DER encoded certificate as a string to the " +"search filter. Depending on the conversion option the binary certificate is " +"either converted to an escaped hex sequence '\\xx' or base64. The escaped " +"hex sequence is the default and can e.g. be used with the LDAP attribute " +"'userCertificate;binary'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:487 +msgid "Example: (userCertificate;binary={cert!bin})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:492 +msgid "{subject_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:495 +msgid "" +"This template will add the Kerberos principal which is taken either from the " +"SAN used by pkinit or the one used by AD. The 'short_name' component " +"represents the first part of the principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:501 +msgid "" +"Example: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:506 +msgid "{subject_pkinit_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:509 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by pkinit. The 'short_name' component represents the first part of the " +"principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:515 +msgid "" +"Example: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:520 +msgid "{subject_nt_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:523 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by AD. The 'short_name' component represent the first part of the principal " +"before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:529 +msgid "" +"Example: (|(userPrincipalName={subject_nt_principal})" +"(samAccountName={subject_nt_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:534 +msgid "{subject_rfc822_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:537 +msgid "" +"This template will add the string which is stored in the rfc822Name " +"component of the SAN, typically an email address. The 'short_name' component " +"represents the first part of the address before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:543 +msgid "" +"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name." +"short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:548 +msgid "{subject_dns_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:551 +msgid "" +"This template will add the string which is stored in the dNSName component " +"of the SAN, typically a fully-qualified host name. The 'short_name' " +"component represents the first part of the name before the first '.' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:557 +msgid "" +"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:562 +msgid "{subject_uri}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:565 +msgid "" +"This template will add the string which is stored in the " +"uniformResourceIdentifier component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:569 +msgid "Example: (uri={subject_uri})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:574 +msgid "{subject_ip_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:577 +msgid "" +"This template will add the string which is stored in the iPAddress component " +"of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:581 +msgid "Example: (ip={subject_ip_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:586 +msgid "{subject_x400_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:589 +msgid "" +"This template will add the value which is stored in the x400Address " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:594 +msgid "Example: (attr:binary={subject_x400_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:599 +msgid "" +"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:602 +msgid "" +"This template will add the DN string of the value which is stored in the " +"directoryName component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:606 +msgid "Example: (orig_dn={subject_directory_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:611 +msgid "{subject_ediparty_name}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:614 +msgid "" +"This template will add the value which is stored in the ediPartyName " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:619 +msgid "Example: (attr:binary={subject_ediparty_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:624 +msgid "{subject_registered_id}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:627 +msgid "" +"This template will add the OID which is stored in the registeredID component " +"of the SAN as a dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:632 +msgid "Example: (oid={subject_registered_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:417 +msgid "" +"The templates to add certificate data to the search filter are based on " +"Python-style formatting strings. They consist of a keyword in curly braces " +"with an optional sub-component specifier separated by a '.' or an optional " +"conversion/formatting option separated by a '!'. Allowed values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><title> +#: sss-certmap.5.xml:639 +msgid "LDAPU1 extension" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para> +#: sss-certmap.5.xml:641 +msgid "The following template are available when using the 'LDAPU1' extension:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:647 +msgid "{serial_number[!(dec|hex[_ucr])]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:650 +msgid "" +"This template will add the serial number of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:655 +msgid "" +"With the formatting option '!dec' the number will be printed as decimal " +"string. The hexadecimal output can be printed with upper-case letters ('!" +"hex_u'), with a colon separating the hexadecimal bytes ('!hex_c') or with " +"the hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can " +"be combined so that e.g. '!hex_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:665 +msgid "Example: LDAPU1:(serial={serial_number})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:671 +msgid "{subject_key_id[!hex[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:674 +msgid "" +"This template will add the subject key id of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:679 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!hex_u'), " +"with a colon separating the hexadecimal bytes ('!hex_c') or with the " +"hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can be " +"combined so that e.g. '!hex_uc' will produce a colon-separated hexadecimal " +"string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:688 +msgid "Example: LDAPU1:(ski={subject_key_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:694 +msgid "{cert[!DIGEST[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:697 +msgid "" +"This template will add the hexadecimal digest/hash of the certificate where " +"DIGEST must be replaced with the name of a digest/hash function supported by " +"OpenSSL, e.g. 'sha512'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:703 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!sha512_u'), " +"with a colon separating the hexadecimal bytes ('!sha512_c') or with the " +"hexadecimal bytes in reverse order ('!sha512_r'). The postfix letters can be " +"combined so that e.g. '!sha512_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:712 +msgid "Example: LDAPU1:(dgst={cert!sha256})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:718 +msgid "{subject_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:721 +msgid "" +"This template will add an attribute value of a component of the subject DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:726 +msgid "" +"A different component can it either selected by attribute name, e.g. " +"{subject_dn_component.uid} or by position, e.g. {subject_dn_component.[2]} " +"where positive numbers start counting from the most specific component and " +"negative numbers start counting from the least specific component. Attribute " +"name and the position can be combined as e.g. {subject_dn_component.uid[2]} " +"which means that the name of the second component must be 'uid'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:737 +msgid "Example: LDAPU1:(uid={subject_dn_component.uid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:743 +msgid "{issuer_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:746 +msgid "" +"This template will add an attribute value of a component of the issuer DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:751 +msgid "" +"See 'subject_dn_component' for details about the attribute name and position " +"specifiers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:755 +msgid "" +"Example: LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component." +"dc[-1]})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:760 +msgid "{sid[.rid]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:763 +msgid "" +"This template will add the SID if the corresponding extension introduced by " +"Microsoft with the OID 1.3.6.1.4.1.311.25.2 is available. With the '.rid' " +"selector only the last component, i.e. the RID, will be added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:770 +msgid "Example: LDAPU1:(objectsid={sid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:779 +msgid "DOMAIN LIST" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:781 +msgid "" +"If the domain list is not empty users mapped to a given certificate are not " +"only searched in the local domain but in the listed domains as well as long " +"as they are know by SSSD. Domains not know to SSSD will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for IPA environments. The IPA provider accepts the same " +"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. " +"However, it is neither necessary nor recommended to set these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:57 +msgid "" +"The IPA provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"As an access provider, the IPA provider has a minimal configuration (see " +"<quote>ipa_access_order</quote>) as it mainly uses HBAC (host-based access " +"control) rules. Please refer to freeipa.org for more information about HBAC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:68 +msgid "" +"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ipa</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:74 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:90 +msgid "ipa_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:93 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:101 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:104 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:117 +msgid "ipa_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:120 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host. The " +"hostname must be fully qualified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:129 sssd-ad.5.xml:1181 +msgid "dyndns_update (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:132 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA with the IP address of this client. The update is secured " +"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the " +"updates, if it is not otherwise specified by using the <quote>dyndns_iface</" +"quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:141 sssd-ad.5.xml:1195 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:146 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:158 sssd-ad.5.xml:1206 +msgid "dyndns_ttl (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:161 sssd-ad.5.xml:1209 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:166 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:172 +msgid "Default: 1200 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:178 sssd-ad.5.xml:1220 +msgid "dyndns_iface (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 sssd-ad.5.xml:1223 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:188 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 sssd-ad.5.xml:1234 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 +msgid "dyndns_auth (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"updates with the DNS server, insecure updates can be sent by setting this " +"option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 +msgid "Default: GSS-TSIG" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 +msgid "dyndns_auth_ptr (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"PTR updates with the DNS server, insecure updates can be sent by setting " +"this option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 +msgid "Default: Same as dyndns_auth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:234 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:237 sssd-ad.5.xml:238 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example." +"com\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1240 +msgid "dyndns_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:263 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:276 sssd-ad.5.xml:1258 +msgid "dyndns_update_ptr (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:1261 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 +msgid "Default: False (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 +msgid "dyndns_force_tcp (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 +msgid "dyndns_update_per_family (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 +msgid "" +"DNS update is by default performed in two steps - IPv4 update and then IPv6 " +"update. In some cases it might be desirable to perform IPv4 and IPv6 update " +"in single step." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:353 +#, fuzzy +#| msgid "re_expression (string)" +msgid "ipa_access_order (string)" +msgstr "re_expression (neudennad)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:360 +msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:399 +msgid "" +"Please note that 'access_provider = ipa' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:406 +msgid "ipa_deskprofile_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:409 +msgid "" +"Optional. Use the given string as search base for Desktop Profile related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 +msgid "Default: Use base DN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:419 +msgid "ipa_subid_ranges_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"Optional. Use the given string as search base for subordinate ranges related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:426 +msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:433 +msgid "ipa_hbac_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:436 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 +msgid "Deprecated. Use ldap_host_search_base instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:455 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:458 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:474 +msgid "ipa_subdomains_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:477 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:486 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:493 +msgid "ipa_master_domain_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:496 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:505 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:524 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:534 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:538 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:564 +msgid "ipa_deskprofile_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:567 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server. This will reduce the latency and load on the IPA server if there " +"are many desktop profiles requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 +msgid "Default: 5 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:580 +msgid "ipa_deskprofile_request_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:583 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server in case the last request did not return any rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:588 +msgid "Default: 60 (minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:594 +msgid "ipa_hbac_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:597 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:610 +msgid "ipa_hbac_selinux (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:613 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:626 +msgid "ipa_server_mode (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "" +"This option will be set by the IPA installer (ipa-server-install) " +"automatically and denotes if SSSD is running on an IPA server or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:634 +msgid "" +"On an IPA server SSSD will lookup users and groups from trusted domains " +"directly while on a client it will ask an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:639 +msgid "" +"NOTE: There are currently some assumptions that must be met when SSSD is " +"running on an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "" +"The <quote>ipa_server</quote> option must be configured to point to the IPA " +"server itself. This is already the default set by the IPA installer, so no " +"manual change is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:653 +msgid "" +"The <quote>full_name_format</quote> option must not be tweaked to only print " +"short names for users from trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:668 +msgid "ipa_automount_location (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:671 +msgid "The automounter location this IPA client will be using" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:674 +msgid "Default: The location named \"default\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:682 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:691 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:694 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:697 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:703 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:706 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 +#: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 +#: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 +#: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 +msgid "Default: cn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:716 +msgid "ipa_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:719 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:722 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:728 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:731 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:735 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:741 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:744 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:749 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:752 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:755 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:758 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:761 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:764 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:767 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:770 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:775 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:781 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:784 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:789 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:792 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:795 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:800 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:684 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:812 +msgid "SUBDOMAINS PROVIDER" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:814 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:818 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:824 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:835 +msgid "TRUSTED DOMAINS CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:843 +#, no-wrap +msgid "" +"[domain/ipa.domain.com/ad.domain.com]\n" +"ad_server = dc.ad.domain.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:837 +msgid "" +"Some configuration options can also be set for a trusted domain. A trusted " +"domain configuration can be set using the trusted domain subsection as shown " +"in the example below. Alternatively, the <quote>subdomain_inherit</quote> " +"option can be used in the parent domain. <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:848 +msgid "" +"For more details, see the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:855 +msgid "" +"Different configuration options are tunable for a trusted domain depending " +"on whether you are configuring SSSD on an IPA server or an IPA client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:860 +msgid "OPTIONS TUNABLE ON IPA MASTERS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:862 +msgid "" +"The following options can be set in a subdomain section on an IPA master:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 +msgid "ad_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:869 +msgid "ad_backup_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 +msgid "ad_site" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:875 +msgid "ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:878 +msgid "ldap_user_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:881 +msgid "ldap_group_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:890 +msgid "OPTIONS TUNABLE ON IPA CLIENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:892 +msgid "" +"The following options can be set in a subdomain section on an IPA client:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:904 +msgid "" +"Note that if both options are set, only <quote>ad_server</quote> is " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:908 +msgid "" +"Since any request for a user or a group identity from a trusted domain " +"triggered from an IPA client is resolved by the IPA server, the " +"<quote>ad_server</quote> and <quote>ad_site</quote> options only affect " +"which AD DC will the authentication be performed against. In particular, the " +"addresses resolved from these lists will be written to <quote>kdcinfo</" +"quote> files read by the Kerberos locator plugin. Please refer to the " +"<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more details on the " +"Kerberos locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:932 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:939 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available. Back end communication occurs over a GSSAPI-encrypted " +"channel, SSL/TLS options should not be used with the AD provider and will be " +"superseded by Kerberos usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:44 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:48 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:54 +msgid "" +"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for Active Directory environments. The AD provider accepts the " +"same options used by the sssd-ldap and sssd-krb5 providers with some " +"exceptions. However, it is neither necessary nor recommended to set these " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"The AD provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:74 +msgid "" +"The AD provider can also be used as an access, chpass, sudo and autofs " +"provider. No configuration of the access provider is required on the client " +"side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:79 +msgid "" +"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ad</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:91 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:85 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should " +"be used, it is recommended for performance reasons that the attributes are " +"also replicated to the Global Catalog. If POSIX attributes are replicated, " +"SSSD will attempt to locate the domain of a requested numerical ID with the " +"help of the Global Catalog and only search that domain. In contrast, if " +"POSIX attributes are not replicated to the Global Catalog, SSSD must search " +"all the domains in the forest sequentially. Please note that the " +"<quote>cache_first</quote> option might be also helpful in speeding up " +"domainless searches. Note that if only a subset of POSIX attributes is " +"present in the Global Catalog, the non-replicated attributes are currently " +"not read from the LDAP port." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:108 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:113 +msgid "" +"SSSD only resolves Active Directory Security Groups. For more information " +"about AD group types see: <ulink url=\"https://docs.microsoft.com/en-us/" +"windows-server/identity/ad-ds/manage/understand-security-groups\"> Active " +"Directory security groups</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:120 +msgid "" +"SSSD filters out Domain Local groups from remote domains in the AD forest. " +"By default they are filtered out e.g. when following a nested group " +"hierarchy in remote domains because they are not valid in the local domain. " +"This is done to be in agreement with Active Directory's group-membership " +"assignment which can be seen in the PAC of the Kerberos ticket of a user " +"issued by Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:138 +msgid "ad_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:141 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:146 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:151 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:158 +msgid "ad_enabled_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:161 +msgid "" +"A comma-separated list of enabled Active Directory domains. If provided, " +"SSSD will ignore any domains not listed in this option. If left unset, all " +"discovered domains from the AD forest will be available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:168 +msgid "" +"During the discovery of the domains SSSD will filter out some domains where " +"flags or attributes indicate that they do not belong to the local forest or " +"are not trusted. If ad_enabled_domains is set, SSSD will try to enable all " +"listed domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:179 +#, no-wrap +msgid "" +"ad_enabled_domains = sales.example.com, eng.example.com\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:175 +msgid "" +"For proper operation, this option must be specified in all lower-case and as " +"the fully qualified domain name of the Active Directory domain. For example: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) will be " +"autodetected by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:193 +msgid "ad_server, ad_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:196 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:203 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:208 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:216 +msgid "ad_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:219 +msgid "" +"Optional. On machines where the hostname(5) does not reflect the fully " +"qualified name, sssd will try to expand the short name. If it is not " +"possible or the short name should be really used instead, set this parameter " +"explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:226 +msgid "" +"This field is used to determine the host principal in use in the keytab and " +"to perform dynamic DNS updates. It must match the hostname for which the " +"keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:235 +msgid "ad_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:258 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:261 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:269 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:277 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:285 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"Nested group membership must be searched for using a special OID " +"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain." +"example.org: syntax to ensure the parser does not attempt to interpret the " +"colon characters associated with the OID. If you do not use this OID then " +"nested group membership will not be resolved. See usage example below and " +"refer here for further information about the OID: <ulink url=\"https://msdn." +"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP " +"extensions</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:303 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:314 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +"\n" +"# apply filter for a member of a nested group in dom1:\n" +"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:333 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:347 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:350 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:358 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:372 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:384 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to the host. For more " +"information on the supported policy settings please refer to the " +"<quote>ad_gpo_map</quote> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:392 +msgid "" +"Please note that current version of SSSD does not support Active Directory's " +"built-in groups. Built-in groups (such as Administrators with SID " +"S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See " +"upstream issue tracker https://github.com/SSSD/sssd/issues/5063 ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:401 +msgid "" +"Before performing access control SSSD applies group policy security " +"filtering on the GPOs. For every single user login, the applicability of the " +"GPOs that are linked to the host is checked. In order for a GPO to apply to " +"a user, the user or at least one of the groups to which it belongs must have " +"following permissions on the GPO:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:411 +msgid "" +"Read: The user or one of its groups must have read access to the properties " +"of the GPO (RIGHT_DS_READ_PROPERTY)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:418 +msgid "" +"Apply Group Policy: The user or at least one of its groups must be allowed " +"to apply the GPO (RIGHT_DS_CONTROL_ACCESS)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:426 +msgid "" +"By default, the Authenticated Users group is present on a GPO and this group " +"has both Read and Apply Group Policy access rights. Since authentication of " +"a user must have been completed successfully before GPO security filtering " +"and access control are started, the Authenticated Users group permissions on " +"the GPO always apply also to the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:435 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing. For logging GPO-based access control debug level 'trace " +"functions' is required (see <citerefentry> <refentrytitle>sssctl</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:458 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:464 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:470 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:481 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:484 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:490 +msgid "ad_gpo_implicit_deny (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:493 +msgid "" +"Normally when no applicable GPOs are found the users are allowed access. " +"When this option is set to True users will be allowed access only when " +"explicitly allowed by a GPO rule. Otherwise users will be denied access. " +"This can be used to harden security but be careful when using this option " +"because it can deny access even to users in the built-in Administrators " +"group if no GPO rules apply to them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:509 +msgid "" +"The following 2 tables should illustrate when a user is allowed or rejected " +"based on the allow and deny login rights defined on the server-side and the " +"setting of ad_gpo_implicit_deny." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:521 +msgid "ad_gpo_implicit_deny = False (default)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "allow-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "deny-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:523 sssd-ad.5.xml:549 +msgid "results" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:526 sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:552 +#: sssd-ad.5.xml:555 sssd-ad.5.xml:558 +msgid "missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:527 +msgid "all users are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:535 sssd-ad.5.xml:555 +#: sssd-ad.5.xml:558 sssd-ad.5.xml:561 +msgid "present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:530 +msgid "only users not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:533 sssd-ad.5.xml:559 +msgid "only users in allow-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:536 sssd-ad.5.xml:562 +msgid "only users in allow-rules and not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:547 +msgid "ad_gpo_implicit_deny = True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:553 sssd-ad.5.xml:556 +msgid "no users are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:569 +msgid "ad_gpo_ignore_unreadable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:572 +msgid "" +"Normally when some group policy containers (AD object) of applicable group " +"policy objects are not readable by SSSD then users are denied access. This " +"option allows to ignore group policy containers and with them associated " +"policies if their attributes in group policy containers are not readable for " +"SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:589 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:605 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:608 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings. Only those GPOs are evaluated " +"for which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny interactive logon setting for the user or one of its groups, the user " +"is denied local access. If none of the evaluated GPOs has an interactive " +"logon right defined, the user is granted local access. If at least one " +"evaluated GPO contains interactive logon right settings, the user is granted " +"local access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:626 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:640 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:631 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:663 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:683 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:688 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:693 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:698 +msgid "unity" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:703 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:712 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:715 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings. Only those GPOs are " +"evaluated for which the user has Read and Apply Group Policy permission (see " +"option <quote>ad_gpo_access_control</quote>). If an evaluated GPO contains " +"the deny remote logon setting for the user or one of its groups, the user is " +"denied remote interactive access. If none of the evaluated GPOs has a " +"remote interactive logon right defined, the user is granted remote access. " +"If at least one evaluated GPO contains remote interactive logon right " +"settings, the user is granted remote access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:734 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:749 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:740 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:757 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:762 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:771 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny network logon setting for the user or one of its groups, the user is " +"denied network logon access. If none of the evaluated GPOs has a network " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains network logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:792 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:807 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:798 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:815 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:820 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:829 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:832 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings. Only those GPOs are evaluated for which the user has Read " +"and Apply Group Policy permission (see option <quote>ad_gpo_access_control</" +"quote>). If an evaluated GPO contains the deny batch logon setting for the " +"user or one of its groups, the user is denied batch logon access. If none " +"of the evaluated GPOs has a batch logon right defined, the user is granted " +"logon access. If at least one evaluated GPO contains batch logon right " +"settings, the user is granted logon access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:850 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:864 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:855 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:867 +msgid "" +"Note: Cron service name may differ depending on Linux distribution used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:873 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:882 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:885 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny service logon setting for the user or one of its groups, the user is " +"denied service logon access. If none of the evaluated GPOs has a service " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains service logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:903 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:916 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:908 sssd-ad.5.xml:983 +msgid "" +"It is possible to add a PAM service name to the default set by using " +"<quote>+service_name</quote>. Since the default set is empty, it is not " +"possible to remove a PAM service name from the default set. For example, in " +"order to add a custom pam service name (e.g. <quote>my_pam_service</quote>), " +"you would use the following configuration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:926 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:929 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:943 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:934 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:951 +msgid "polkit-1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:966 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:975 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:978 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:991 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1001 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1004 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1017 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1026 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1031 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1036 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1041 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1046 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1051 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1057 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1063 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1066 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1072 +msgid "Default: 30 days" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1078 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1081 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expects 2 integers separated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the initial timeout in seconds before the task is run for the " +"first time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1090 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1096 +msgid "ad_update_samba_machine_account_password (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1099 +msgid "" +"If enabled, when SSSD renews the machine account password, it will also be " +"updated in Samba's database. This prevents Samba's copy of the machine " +"account password from getting out of date when it is set up to use AD for " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1112 +msgid "ad_use_ldaps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1115 +msgid "" +"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " +"3628. If this option is set to True SSSD will use the LDAPS port 636 and " +"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " +"have multiple encryption layers on a single connection and we still want to " +"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " +"property maxssf is set to 0 (zero) for those connections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1132 +msgid "ad_allow_remote_domain_local_groups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1135 +msgid "" +"If this option is set to <quote>true</quote> SSSD will not filter out Domain " +"Local groups from remote domains in the AD forest. By default they are " +"filtered out e.g. when following a nested group hierarchy in remote domains " +"because they are not valid in the local domain. To be compatible with other " +"solutions which make AD users and groups available on Linux client this " +"option was added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1145 +msgid "" +"Please note that setting this option to <quote>true</quote> will be against " +"the intention of Domain Local group in Active Directory and <emphasis>SHOULD " +"ONLY BE USED TO FACILITATE MIGRATION FROM OTHER SOLUTIONS</emphasis>. " +"Although the group exists and user can be member of the group the intention " +"is that the group should be only used in the domain it is defined and in no " +"others. Since there is only one type of POSIX groups the only way to achieve " +"this on the Linux side is to ignore those groups. This is also done by " +"Active Directory as can be seen in the PAC of the Kerberos ticket for a " +"local service or in tokenGroups requests where remote Domain Local groups " +"are missing as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1161 +msgid "" +"Given the comments above, if this option is set to <quote>true</quote> the " +"tokenGroups request must be disabled by setting <quote>ldap_use_tokengroups</" +"quote> to <quote>false</quote> to get consistent group-memberships of a " +"users. Additionally the Global Catalog lookup should be skipped as well by " +"setting <quote>ad_enable_gc</quote> to <quote>false</quote>. Finally it " +"might be necessary to modify <quote>ldap_group_nesting_level</quote> if the " +"remote Domain Local groups can only be found with a deeper nesting level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1184 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1214 +msgid "Default: 3600 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1230 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1243 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true. Note that the " +"lowest possible value is 60 seconds in-case if value is provided less than " +"60, parameter will assume lowest value only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1393 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1400 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1420 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1416 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1426 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1434 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included in the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:98 +msgid "" +"<placeholder type=\"programlisting\" id=\"0\"/> <phrase " +"condition=\"have_systemd\"> It's important to note that on platforms where " +"systemd is supported there's no need to add the \"sudo\" provider to the " +"list of services, as it became optional. However, sssd-sudo.socket must be " +"enabled instead. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:118 +msgid "" +"When SSSD is configured to use IPA as the ID provider, the sudo provider is " +"automatically enabled. The sudo search base is configured to use the IPA " +"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in " +"sssd.conf, this value will be used instead. The compat tree (ou=sudoers," +"$SUFFIX) is no longer required for IPA sudo functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:128 +msgid "The SUDO rule caching mechanism" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:130 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:138 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:144 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:161 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:168 +msgid "keyword ALL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:173 +msgid "wildcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:178 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:183 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:188 +msgid "one of the IP addresses of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:193 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:199 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:213 +msgid "Tuning the performance" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:215 +msgid "" +"SSSD uses different kinds of mechanisms with more or less complex LDAP " +"filters to keep the cached sudo rules up to date. The default configuration " +"is set to values that should satisfy most of our users, but the following " +"paragraphs contain few tips on how to fine- tune the configuration to your " +"requirements." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:222 +msgid "" +"1. <emphasis>Index LDAP attributes</emphasis>. Make sure that following LDAP " +"attributes are indexed: objectClass, cn, entryUSN or modifyTimestamp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:227 +msgid "" +"2. <emphasis>Set ldap_sudo_search_base</emphasis>. Set the search base to " +"the container that holds the sudo rules to limit the scope of the lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:232 +msgid "" +"3. <emphasis>Set full and smart refresh interval</emphasis>. If your sudo " +"rules do not change often and you do not require quick update of cached " +"rules on your clients, you may consider increasing the " +"<emphasis>ldap_sudo_full_refresh_interval</emphasis> and " +"<emphasis>ldap_sudo_smart_refresh_interval</emphasis>. You may also consider " +"disabling the smart refresh by setting " +"<emphasis>ldap_sudo_smart_refresh_interval = 0</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:241 +msgid "" +"4. If you have large number of clients, you may consider increasing the " +"value of <emphasis>ldap_sudo_random_offset</emphasis> to distribute the load " +"on the server better." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>--logger=</option><replaceable>value</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "Location where SSSD will send log messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:92 +msgid "" +"<emphasis>stderr</emphasis>: Redirect debug messages to standard error " +"output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:96 +msgid "" +"<emphasis>files</emphasis>: Redirect debug messages to the log files. By " +"default, the log files are stored in <filename>/var/log/sssd</filename> and " +"there are separate log files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:102 +msgid "" +"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:106 +msgid "" +"Default: not set (fall back to journald if available, otherwise to stderr)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:113 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:117 +msgid "Become a daemon after starting up." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:123 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:127 +msgid "Run in the foreground, don't become a daemon." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:133 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:137 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "<option>-g</option>,<option>--genconf</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:154 +msgid "" +"Do not start the SSSD, but refresh the configuration database from the " +"contents of <filename>/etc/sssd/sssd.conf</filename> and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:162 +msgid "<option>-s</option>,<option>--genconf-section</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:166 +msgid "" +"Similar to <quote>--genconf</quote>, but only refresh a single section from " +"the configuration file. This option is useful mainly to be called from " +"systemd unit files to allow socket-activated responders to refresh their " +"configuration without requiring the administrator to restart the whole SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:178 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:182 +msgid "Print version number and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:190 +msgid "Signals" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:193 +msgid "SIGTERM/SIGINT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:196 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:202 +msgid "SIGHUP" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:205 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:213 +msgid "SIGUSR1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:216 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:225 +msgid "SIGUSR2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:228 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:240 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:244 +msgid "" +"If the environment variable SSS_LOCKFREE is set to \"NO\", requests from " +"multiple threads of a single application will be serialized." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:48 +msgid "" +"<emphasis>NOTE:</emphasis> The options provided in this man page only work " +"with <quote>ldap</quote> and <quote>AD</quote> <quote> id_provider</quote>. " +"IPA overrides can be managed centrally on the IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:56 sssctl.8.xml:41 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:58 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:65 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED " +"CERTIFICATE</optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:78 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:86 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:91 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:100 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:105 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:113 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:118 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:124 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:134 +msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:137 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:146 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:149 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:155 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:160 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:168 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:175 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:183 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:188 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:197 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:202 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:210 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:215 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:221 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:231 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:234 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:243 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:246 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:252 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:257 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:267 sssctl.8.xml:50 +msgid "COMMON OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:269 sssctl.8.xml:52 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:274 sssctl.8.xml:57 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 include/override_homedir.xml:42 +msgid "%h" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:124 +msgid "home directory" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:31 +msgid "%P" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:56 +msgid "%%" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:57 +msgid "a literal '%'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:253 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:256 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:261 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:274 +msgid "krb5_use_fast (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:277 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:282 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:286 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:291 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:296 +msgid "Default: not set, i.e. FAST is not used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:299 +msgid "NOTE: a keytab or support for anonymous PKINIT is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:303 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:312 +msgid "krb5_fast_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:315 +msgid "Specifies the server principal to use for FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:321 +msgid "krb5_fast_use_anonymous_pkinit (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:324 +msgid "" +"If set to true try to use anonymous PKINIT instead of a keytab to get the " +"required credential for FAST. The krb5_fast_principal options is ignored in " +"this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:364 +msgid "krb5_kdcinfo_lookahead (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:367 +msgid "" +"When krb5_use_kdcinfo is set to true, you can limit the amount of servers " +"handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. This might be " +"helpful when there are too many servers discovered using SRV record." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:377 +msgid "" +"The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. " +"The first number represents number of primary servers used and the second " +"number specifies the number of backup servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:383 +msgid "" +"For example <emphasis>10:0</emphasis> means that up to 10 primary servers " +"will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " +"servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:392 +msgid "Default: 3:1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:398 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:401 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:407 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:410 +msgid "" +"The IPA provider will set to option to 'true' if it detects that the server " +"is capable of handling enterprise principals and the option is not set " +"explicitly in the config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:419 +msgid "krb5_use_subdomain_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:422 +msgid "" +"Specifies to use subdomains realms for the authentication of users from " +"trusted domains. This option can be set to 'true' if enterprise principals " +"are used with upnSuffixes which are not known on the parent domain KDCs. If " +"the option is set to 'true' SSSD will try to send the request directly to a " +"KDC of the trusted domain the user is coming from." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:438 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:453 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:458 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:485 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:493 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online. Options that invalidate a single object only accept a " +"single provided argument." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:43 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:47 +msgid "Invalidate all cached entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:53 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:58 +msgid "Invalidate specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:64 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:68 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:75 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:80 +msgid "Invalidate specific group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:86 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:90 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:97 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:102 +msgid "Invalidate specific netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:108 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:112 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:119 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:124 +msgid "Invalidate specific service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:130 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:134 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:141 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:146 +msgid "Invalidate specific autofs maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:152 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:156 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:163 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:168 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:174 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:178 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:186 +msgid "" +"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:191 +msgid "Invalidate particular sudo rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:197 +msgid "<option>-R</option>,<option>--sudo-rules</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:201 +msgid "" +"Invalidate all cached sudo rules. This option overrides invalidation of " +"specific sudo rule if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:209 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:214 +msgid "Restrict invalidation process only to a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_cache.8.xml:224 +msgid "EFFECTS ON THE FAST MEMORY CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:226 +msgid "" +"<command>sss_cache</command> also invalidates the memory cache. Since the " +"memory cache is a file which is mapped into the memory of each process which " +"called SSSD to resolve users or groups the file cannot be truncated. A " +"special flag is set in the header of the file to indicate that the content " +"is invalid and then the file is unlinked by SSSD's NSS responder and a new " +"cache file is created. Whenever a process is now doing a new lookup for a " +"user or a group it will see the flag, close the old memory cache file and " +"map the new one into its memory. When all processes which had opened the old " +"memory cache file have closed it while looking up a user or a group the " +"kernel can release the occupied disk space and the old memory cache file is " +"finally removed completely." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:240 +msgid "" +"A special case is long running processes which are doing user or group " +"lookups only at startup, e.g. to determine the name of the user the process " +"is running as. For those lookups the memory cache file is mapped into the " +"memory of the process. But since there will be no further lookups this " +"process would never detect if the memory cache file was invalidated and " +"hence it will be kept in memory and will occupy disk space until the process " +"stops. As a result calling <command>sss_cache</command> might increase the " +"disk usage because old memory cache files cannot be removed from the disk " +"because they are still mapped by long running processes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:252 +msgid "" +"A possible work-around for long running processes which are looking up users " +"and groups only at startup or very rarely is to run them with the " +"environment variable SSS_NSS_USE_MEMCACHE set to \"NO\" so that they won't " +"use the memory cache at all and not map the memory cache file into the " +"memory. In general a better solution is to tune the cache timeout parameters " +"so that they meet the local expectations and calling <command>sss_cache</" +"command> is not needed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "[DEPRECATED] change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl " +"debug-level command. Please refer to the <command>sssctl</command> man page " +"for more information on sssctl usage." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ifp.5.xml:43 +msgid "FIND BY VALID CERTIFICATE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:45 +msgid "" +"The following options can be used to control how the certificates are " +"validated when using the FindByValidCertificate() API:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:48 sss_ssh_authorizedkeys.1.xml:92 +msgid "ca_db" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:49 sss_ssh_authorizedkeys.1.xml:93 +msgid "p11_child_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:50 sss_ssh_authorizedkeys.1.xml:94 +msgid "certificate_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:52 +msgid "" +"For more details about the options see <citerefentry><refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:62 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:69 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:75 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:79 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:93 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:108 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:115 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:116 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:119 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:120 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:123 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:127 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:128 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:97 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:141 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:133 +msgid "" +"It is possible to add another attribute to this set by using " +"<quote>+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:145 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:155 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:160 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:316 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "GWELET IVEZ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the " +"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> man page for more details about this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:59 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:52 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_ssh_authorizedkeys.1.xml:65 +msgid "KEYS FROM CERTIFICATES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:67 +msgid "" +"In addition to the public SSH keys for user <replaceable>USER</replaceable> " +"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived " +"from the public key of a X.509 certificate as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:73 +msgid "" +"To enable this the <quote>ssh_use_certificate_keys</quote> option must be " +"set to true (default) in the [ssh] section of <filename>sssd.conf</" +"filename>. If the user entry contains certificates (see " +"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or " +"there is a certificate in an override entry for the user (see " +"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the " +"certificate is valid SSSD will extract the public key from the certificate " +"and convert it into the format expected by sshd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:90 +msgid "Besides <quote>ssh_use_certificate_keys</quote> the options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:96 +msgid "" +"can be used to control how the certificates are validated (see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:101 +msgid "" +"The validation is the benefit of using X.509 certificates instead of SSH " +"keys directly because e.g. it gives a better control of the lifetime of the " +"keys. When the ssh client is configured to use the private keys from a " +"Smartcard with the help of a PKCS#11 shared library (see " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> for details) it might be irritating that authentication is " +"still working even if the related X.509 certificate on the Smartcard is " +"already expired because neither <command>ssh</command> nor <command>sshd</" +"command> will look at the certificate at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:114 +msgid "" +"It has to be noted that the derived public SSH key can still be added to the " +"<filename>authorized_keys</filename> file of the user to bypass the " +"certificate validation if the <command>sshd</command> configuration permits " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:132 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:102 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:104 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and establishes the connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:89 +msgid "<option>-k</option>,<option>--pubkey</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:93 +msgid "" +"Print the host ssh public keys for host <replaceable>HOST</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: idmap_sss.8.xml:10 idmap_sss.8.xml:15 +msgid "idmap_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: idmap_sss.8.xml:16 +msgid "SSSD's idmap_sss Backend for Winbind" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:22 +msgid "" +"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. " +"No database is required in this case as the mapping is done by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: idmap_sss.8.xml:29 +msgid "IDMAP OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: idmap_sss.8.xml:33 +msgid "range = low - high" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: idmap_sss.8.xml:35 +msgid "" +"Defines the available matching UID and GID range for which the backend is " +"authoritative." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:45 +msgid "" +"This example shows how to configure idmap_sss as the default mapping module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: idmap_sss.8.xml:50 +#, no-wrap +msgid "" +"[global]\n" +"security = ads\n" +"workgroup = <AD-DOMAIN-SHORTNAME>\n" +"\n" +"idmap config <AD-DOMAIN-SHORTNAME> : backend = sss\n" +"idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647\n" +"\n" +"idmap config * : backend = tdb\n" +"idmap config * : range = 100000-199999\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:62 +msgid "" +"Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of " +"the AD domain. If multiple AD domains should be used each domain needs an " +"<literal>idmap config</literal> line with <literal>backend = sss</literal> " +"and a line with a suitable <literal>range</literal>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:69 +msgid "" +"Since Winbind requires a writeable default backend and idmap_sss is read-" +"only the example includes <literal>backend = tdb</literal> as default." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssctl.8.xml:10 sssctl.8.xml:15 +msgid "sssctl" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssctl.8.xml:16 +msgid "SSSD control and status utility" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssctl.8.xml:21 +msgid "" +"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:32 +msgid "" +"<command>sssctl</command> provides a simple and unified way to obtain " +"information about SSSD status, such as active server, auto-discovered " +"servers, domains and cached objects. In addition, it can manage SSSD data " +"files for troubleshooting in such a way that is safe to manipulate while " +"SSSD is running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:43 +msgid "" +"To list all available commands run <command>sssctl</command> without any " +"parameters. To print help for selected command run <command>sssctl COMMAND --" +"help</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-files.5.xml:10 sssd-files.5.xml:16 +msgid "sssd-files" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-files.5.xml:17 +msgid "SSSD files provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:23 +msgid "" +"This manual page describes the files provider for <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:36 +msgid "" +"The files provider mirrors the content of the <citerefentry> " +"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files " +"provider is to make the users and groups traditionally only accessible with " +"NSS interfaces also available through the SSSD interfaces such as " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:55 +msgid "" +"Another reason is to provide efficient caching of local users and groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:58 +msgid "" +"Please note that besides explicit domain definition the files provider can " +"be configured also implicitly using 'enable_files_domain' option. See " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:66 +msgid "" +"SSSD never handles resolution of user/group \"root\". Also resolution of UID/" +"GID 0 is not handled by SSSD. Such requests are passed to next NSS module " +"(usually files)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:71 +msgid "" +"When SSSD is not running or responding, nss_sss returns the UNAVAIL code " +"which causes the request to be passed to the next module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:95 +msgid "passwd_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:98 +msgid "" +"Comma-separated list of one or multiple password filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:104 +msgid "Default: /etc/passwd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:110 +msgid "group_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:113 +msgid "" +"Comma-separated list of one or multiple group filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:119 +msgid "Default: /etc/group" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:125 +msgid "fallback_to_nss (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:128 +msgid "" +"While updating the internal data SSSD will return an error and let the " +"client continue with the next NSS module. This helps to avoid delays when " +"using the default system files <filename>/etc/passwd</filename> and " +"<filename>/etc/group</filename> and the NSS configuration has 'sss' before " +"'files' for the 'passwd' and 'group' maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:138 +msgid "" +"If the files provider is configured to monitor other files it makes sense to " +"set this option to 'False' to avoid inconsistent behavior because in general " +"there would be no other NSS module which can be used as a fallback." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:79 +msgid "" +"In addition to the options listed below, generic SSSD domain options can be " +"set where applicable. Refer to the section <quote>DOMAIN SECTIONS</quote> " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for details on the configuration of " +"an SSSD domain. But the purpose of the files provider is to expose the same " +"data as the UNIX files, just through the SSSD interfaces. Therefore not all " +"generic domain options are supported. Likewise, some global options, such as " +"overriding the shell in the <quote>nss</quote> section for all domains has " +"no effect on the files domain unless explicitly specified per-domain. " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:157 +msgid "" +"The following example assumes that SSSD is correctly configured and files is " +"one of the domains in the <replaceable>[sssd]</replaceable> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:163 +#, no-wrap +msgid "" +"[domain/files]\n" +"id_provider = files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:168 +msgid "" +"To leverage caching of local users and groups by SSSD nss_sss module must be " +"listed before nss_files module in /etc/nsswitch.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:174 +#, no-wrap +msgid "" +"passwd: sss files\n" +"group: sss files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16 +msgid "sssd-session-recording" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-session-recording.5.xml:17 +msgid "Configuring session recording with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to " +"implement user session recording on text terminals. For a detailed " +"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> " +"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:41 +msgid "" +"SSSD can be set up to enable recording of everything specific users see or " +"type during their sessions on text terminals. E.g. when users log in on the " +"console, or via SSH. SSSD itself doesn't record anything, but makes sure " +"tlog-rec-session is started upon user login, so it can record according to " +"its configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:48 +msgid "" +"For users with session recording enabled, SSSD replaces the user shell with " +"tlog-rec-session in NSS responses, and adds a variable specifying the " +"original shell to the user environment, upon PAM session setup. This way " +"tlog-rec-session can be started in place of the user shell, and know which " +"actual shell to start, once it set up the recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:60 +msgid "These options can be used to configure the session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:178 +msgid "" +"The following snippet of sssd.conf enables session recording for users " +"\"contractor1\" and \"contractor2\", and group \"students\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-session-recording.5.xml:183 +#, no-wrap +msgid "" +"[session_recording]\n" +"scope = some\n" +"users = contractor1, contractor2\n" +"groups = students\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16 +msgid "sssd-kcm" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-kcm.8.xml:17 +msgid "SSSD Kerberos Cache Manager" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:23 +msgid "" +"This manual page describes the configuration of the SSSD Kerberos Cache " +"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos " +"credential caches. It originates in the Heimdal Kerberos project, although " +"the MIT Kerberos library also provides client side (more details on that " +"below) support for the KCM credential cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:31 +msgid "" +"In a setup where Kerberos caches are managed by KCM, the Kerberos library " +"(typically used through an application, like e.g., <citerefentry> " +"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </" +"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is " +"being referred to as a <quote>\"KCM server\"</quote>. The client and server " +"communicate over a UNIX socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:42 +msgid "" +"The KCM server keeps track of each credential caches's owner and performs " +"access check control based on the UID and GID of the KCM client. The root " +"user has access to all credential caches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:47 +msgid "The KCM credential cache has several interesting properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:51 +msgid "" +"since the process runs in userspace, it is subject to UID namespacing, " +"unlike the kernel keyring" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:56 +msgid "" +"unlike the kernel keyring-based cache, which is shared between all " +"containers, the KCM server is a separate process whose entry point is a UNIX " +"socket" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:61 +msgid "" +"the SSSD implementation stores the ccaches in a database, typically located " +"at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to " +"survive KCM server restarts or machine reboots." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:67 +msgid "" +"This allows the system to use a collection-aware credential cache, yet share " +"the credential cache between some or no containers by bind-mounting the " +"socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:72 +msgid "" +"The KCM default client idle timeout is 5 minutes, this allows more time for " +"user interaction with command line tools such as kinit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:78 +msgid "USING THE KCM CREDENTIAL CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:88 +#, no-wrap +msgid "" +"[libdefaults]\n" +" default_ccache_name = KCM:\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:80 +msgid "" +"In order to use KCM credential cache, it must be selected as the default " +"credential type in <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials " +"cache name must be only <quote>KCM:</quote> without any template " +"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:93 +msgid "" +"Next, make sure the Kerberos client libraries and the KCM server must agree " +"on the UNIX socket path. By default, both use the same path <replaceable>/" +"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos " +"library, change its <quote>kcm_socket</quote> option which is described in " +"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:115 +#, no-wrap +msgid "" +"systemctl start sssd-kcm.socket\n" +"systemctl enable sssd-kcm.socket\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:104 +msgid "" +"Finally, make sure the SSSD KCM server can be contacted. The KCM service is " +"typically socket-activated by <citerefentry> <refentrytitle>systemd</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD " +"services, it cannot be started by adding the <quote>kcm</quote> string to " +"the <quote>service</quote> directive. <placeholder type=\"programlisting\" " +"id=\"0\"/> Please note your distribution may already configure the units for " +"you." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:124 +msgid "THE CREDENTIAL CACHE STORAGE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:126 +msgid "" +"The credential caches are stored in a database, much like SSSD caches user " +"or group entries. The database is typically located at <quote>/var/lib/sss/" +"secrets</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:133 +msgid "OBTAINING DEBUG LOGS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:144 +#, no-wrap +msgid "" +"[kcm]\n" +"debug_level = 10\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:149 sssd-kcm.8.xml:211 +#, no-wrap +msgid "" +"systemctl restart sssd-kcm.service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:135 +msgid "" +"The sssd-kcm service is typically socket-activated <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry>. To generate debug logs, add the following either to the " +"<filename>/etc/sssd/sssd.conf</filename> file directly or as a configuration " +"snippet to <filename>/etc/sssd/conf.d/</filename> directory: <placeholder " +"type=\"programlisting\" id=\"0\"/> Then, restart the sssd-kcm service: " +"<placeholder type=\"programlisting\" id=\"1\"/> Finally, run whatever use-" +"case doesn't work for you. The KCM logs will be generated at <filename>/var/" +"log/sssd/sssd_kcm.log</filename>. It is recommended to disable the debug " +"logs when you no longer need the debugging to be enabled as the sssd-kcm " +"service can generate quite a large amount of debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:159 +msgid "" +"Please note that configuration snippets are, at the moment, only processed " +"if the main configuration file at <filename>/etc/sssd/sssd.conf</filename> " +"exists at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:166 +msgid "RENEWALS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:174 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"krb5_renew_interval = 60m\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:168 +msgid "" +"The sssd-kcm service can be configured to attempt TGT renewal for renewable " +"TGTs stored in the KCM ccache. Renewals are only attempted when half of the " +"ticket lifetime has been reached. KCM Renewals are configured when the " +"following options are set in the [kcm] section: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:179 +msgid "" +"SSSD can also inherit krb5 options for renewals from an existing domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: sssd-kcm.8.xml:183 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"tgt_renewal_inherit = domain-name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:191 +#, no-wrap +msgid "" +"krb5_renew_interval\n" +"krb5_renewable_lifetime\n" +"krb5_lifetime\n" +"krb5_validate\n" +"krb5_canonicalize\n" +"krb5_auth_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:187 +msgid "" +"The following krb5 options can be configured in the [kcm] section to control " +"renewal behavior, these options are described in detail below <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:204 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> section of the sssd." +"conf file. Please note that because the KCM service is typically socket-" +"activated, it is enough to just restart the <quote>sssd-kcm</quote> service " +"after changing options in the <quote>kcm</quote> section of sssd.conf: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:215 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> For a detailed " +"syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:223 +msgid "" +"The generic SSSD service options such as <quote>debug_level</quote> or " +"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for a complete list. In addition, " +"there are some KCM-specific options as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:234 +msgid "socket_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:237 +msgid "The socket the KCM service will listen on." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:240 +msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:243 +msgid "" +"<phrase condition=\"have_systemd\"> Note: on platforms where systemd is " +"supported, the socket path is overwritten by the one defined in the sssd-kcm." +"socket unit file. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:252 +msgid "max_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:255 +msgid "How many credential caches does the KCM database allow for all users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:259 +msgid "Default: 0 (unlimited, only the per-UID quota is enforced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:264 +msgid "max_uid_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:267 +msgid "" +"How many credential caches does the KCM database allow per UID. This is " +"equivalent to <quote>with how many principals you can kinit</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:272 +msgid "Default: 64" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:277 +msgid "max_ccache_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:280 +msgid "" +"How big can a credential cache be per ccache. Each service ticket accounts " +"into this quota." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:284 +msgid "Default: 65536" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:289 +msgid "tgt_renewal (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:292 +msgid "Enables TGT renewals functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:295 +msgid "Default: False (Automatic renewals disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:300 +#, fuzzy +#| msgid "re_expression (string)" +msgid "tgt_renewal_inherit (string)" +msgstr "re_expression (neudennad)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:303 +msgid "Domain to inherit krb5_* options from, for use with TGT renewals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:307 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: NULL" +msgstr "Dre ziouer : 3" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:318 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>," +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16 +msgid "sssd-systemtap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-systemtap.5.xml:17 +msgid "SSSD systemtap information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:23 +msgid "" +"This manual page provides information about the systemtap functionality in " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:32 +msgid "" +"SystemTap Probe points have been added into various locations in SSSD code " +"to assist in troubleshooting and analyzing performance related issues." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:40 +msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:46 +msgid "" +"Probes and miscellaneous functions are defined in /usr/share/systemtap/" +"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp " +"respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:57 +msgid "PROBE POINTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:367 +msgid "" +"The information below lists the probe points and arguments available in the " +"following format:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:64 +msgid "probe $name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:67 +msgid "Description of probe point" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:70 +#, no-wrap +msgid "" +"variable1:datatype\n" +"variable2:datatype\n" +"variable3:datatype\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:80 +msgid "Database Transaction Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:84 +msgid "probe sssd_transaction_start" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:87 +msgid "" +"Start of a sysdb transaction, probes the sysdb_transaction_start() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118 +#: sssd-systemtap.5.xml:131 +#, no-wrap +msgid "" +"nesting:integer\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:97 +msgid "probe sssd_transaction_cancel" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:100 +msgid "" +"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() " +"function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:111 +msgid "probe sssd_transaction_commit_before" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:114 +msgid "Probes the sysdb_transaction_commit_before() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:124 +msgid "probe sssd_transaction_commit_after" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:127 +msgid "Probes the sysdb_transaction_commit_after() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:141 +msgid "LDAP Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:145 +msgid "probe sdap_search_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:148 +msgid "Probes the sdap_get_generic_ext_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:152 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"attrs:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:161 +msgid "probe sdap_search_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:164 +msgid "Probes the sdap_get_generic_ext_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:168 sssd-systemtap.5.xml:222 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:176 +msgid "probe sdap_parse_entry" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:179 +msgid "" +"Probes the sdap_parse_entry() function. It is called repeatedly with every " +"received attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:184 +#, no-wrap +msgid "" +"attr:string\n" +"value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:190 +msgid "probe sdap_parse_entry_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:193 +msgid "" +"Probes the sdap_parse_entry() function. It is called when parsing of " +"received object is finished." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:201 +msgid "probe sdap_deref_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:204 +msgid "Probes the sdap_deref_search_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:208 +#, no-wrap +msgid "" +"base_dn:string\n" +"deref_attr:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:215 +msgid "probe sdap_deref_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:218 +msgid "Probes the sdap_deref_search_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:234 +msgid "LDAP Account Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:238 +msgid "probe sdap_acct_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:241 +msgid "Probes the sdap_acct_req_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:245 sssd-systemtap.5.xml:260 +#, no-wrap +msgid "" +"entry_type:int\n" +"filter_type:int\n" +"filter_value:string\n" +"extra_value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:253 +msgid "probe sdap_acct_req_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:256 +msgid "Probes the sdap_acct_req_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:272 +msgid "LDAP User Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:276 +msgid "probe sdap_search_user_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:279 +msgid "Probes the sdap_search_user_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:283 sssd-systemtap.5.xml:295 sssd-systemtap.5.xml:307 +#: sssd-systemtap.5.xml:319 +#, no-wrap +msgid "" +"filter:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:288 +msgid "probe sdap_search_user_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:291 +msgid "Probes the sdap_search_user_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:300 +msgid "probe sdap_search_user_save_begin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:303 +msgid "Probes the sdap_search_user_save_begin() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:312 +msgid "probe sdap_search_user_save_end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:315 +msgid "Probes the sdap_search_user_save_end() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:328 +msgid "Data Provider Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:332 +msgid "probe dp_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:335 +msgid "A Data Provider request is submitted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:338 +#, no-wrap +msgid "" +"dp_req_domain:string\n" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:346 +msgid "probe dp_req_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:349 +msgid "A Data Provider request is completed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:352 +#, no-wrap +msgid "" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +"dp_ret:int\n" +"dp_errorstr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:365 +msgid "MISCELLANEOUS FUNCTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:372 +msgid "function acct_req_desc(entry_type)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:375 +msgid "Convert entry_type to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:380 +msgid "" +"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, " +"filter_value, extra_value)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:384 +msgid "Create probe string based on filter type" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:389 +msgid "function dp_target_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:392 +msgid "Convert target to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:397 +msgid "function dp_method_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:400 +msgid "Convert method to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:410 +msgid "SAMPLE SYSTEMTAP SCRIPTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:412 +msgid "" +"Start the SystemTap script (<command>stap /usr/share/sssd/systemtap/<" +"script_name>.stp</command>), then perform an identity operation and the " +"script will collect information from probes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:418 +msgid "Provided SystemTap scripts are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:422 +msgid "dp_request.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:425 +msgid "Monitoring of data provider request performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:430 +msgid "id_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:433 +msgid "Monitoring of <command>id</command> command performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:439 +msgid "ldap_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:442 +msgid "Monitoring of LDAP queries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:447 +msgid "nested_group_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:450 +msgid "Performance of nested groups resolving." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +msgid "sssd-ldap-attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap-attributes.5.xml:17 +msgid "SSSD LDAP Provider: Mapping Attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap-attributes.5.xml:23 +msgid "" +"This manual page describes the mapping attributes of SSSD LDAP provider " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. Refer to the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " +"for full details about SSSD LDAP provider configuration options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:38 +msgid "USER ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:42 +msgid "ldap_user_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:45 +msgid "The object class of a user entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:48 +msgid "Default: posixAccount" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:54 +msgid "ldap_user_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:57 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:61 +msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:68 +msgid "ldap_user_uid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:71 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:75 +msgid "Default: uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:81 +msgid "ldap_user_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:84 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:88 sssd-ldap-attributes.5.xml:698 +msgid "Default: gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:94 +msgid "ldap_user_primary_group (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:97 +msgid "" +"Active Directory primary group attribute for ID-mapping. Note that this " +"attribute should only be set manually if you are running the <quote>ldap</" +"quote> provider with ID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:103 +msgid "Default: unset (LDAP), primaryGroupID (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:109 +msgid "ldap_user_gecos (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:112 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:116 +msgid "Default: gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:122 +msgid "ldap_user_home_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:125 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:129 +msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:135 +msgid "ldap_user_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:138 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:142 +msgid "Default: loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:148 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:151 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:155 sssd-ldap-attributes.5.xml:724 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:162 +msgid "ldap_user_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:165 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:170 sssd-ldap-attributes.5.xml:739 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:177 +msgid "ldap_user_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:180 sssd-ldap-attributes.5.xml:749 +#: sssd-ldap-attributes.5.xml:872 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:184 sssd-ldap-attributes.5.xml:753 +#: sssd-ldap-attributes.5.xml:879 +msgid "Default: modifyTimestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:190 +msgid "ldap_user_shadow_last_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:193 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:203 +msgid "Default: shadowLastChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:209 +msgid "ldap_user_shadow_min (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:212 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:221 +msgid "Default: shadowMin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:227 +msgid "ldap_user_shadow_max (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:230 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:239 +msgid "Default: shadowMax" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:245 +msgid "ldap_user_shadow_warning (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:248 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:258 +msgid "Default: shadowWarning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:264 +msgid "ldap_user_shadow_inactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:267 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:277 +msgid "Default: shadowInactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:283 +msgid "ldap_user_shadow_expire (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:286 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:296 +msgid "Default: shadowExpire" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:302 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:305 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:311 +msgid "Default: krbLastPwdChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:317 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:320 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:326 +msgid "Default: krbPasswordExpiration" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:332 +msgid "ldap_user_ad_account_expires (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:335 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:340 +msgid "Default: accountExpires" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:346 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:349 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:354 +msgid "Default: userAccountControl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:360 +msgid "ldap_ns_account_lock (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:363 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:368 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:374 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:377 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:381 sssd-ldap-attributes.5.xml:395 +msgid "Default: loginDisabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:387 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:390 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:401 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:404 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:409 +msgid "Default: loginAllowedTimeMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:415 +msgid "ldap_user_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:418 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:422 +msgid "Default: krbPrincipalName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:428 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:431 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:436 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:446 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:456 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:459 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:463 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:466 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:476 +msgid "ldap_user_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:479 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:483 sssd-ldap-attributes.5.xml:963 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:489 +msgid "ldap_user_fullname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:492 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:502 +msgid "ldap_user_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:505 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:509 sssd-ldap-attributes.5.xml:950 +msgid "Default: memberOf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:515 +msgid "ldap_user_authorized_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:518 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:525 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:530 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:537 +msgid "" +"Some distributions (such as Fedora-29+ or RHEL-8) always include the " +"<quote>systemd-user</quote> PAM service as part of the login process. " +"Therefore when using service-based access control, the <quote>systemd-user</" +"quote> service might need to be added to the list of allowed services." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:545 +msgid "Default: authorizedService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:551 +msgid "ldap_user_authorized_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:554 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:560 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:565 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:572 +msgid "Default: host" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:578 +msgid "ldap_user_authorized_rhost (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:581 +msgid "" +"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the " +"presence of the rhost attribute in the user's LDAP entry to determine access " +"privilege. Similarly to host verification process." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:588 +msgid "" +"An explicit deny (!rhost) is resolved first. Second, SSSD searches for " +"explicit allow (rhost) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:593 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>rhost</quote> in order for the " +"ldap_user_authorized_rhost option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:600 +msgid "Default: rhost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:606 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:609 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:613 +msgid "Default: userCertificate;binary" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:619 +msgid "ldap_user_email (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:622 +msgid "Name of the LDAP attribute containing the email address of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:626 +msgid "" +"Note: If an email address of a user conflicts with an email address or fully " +"qualified name of another user, then SSSD will not be able to serve those " +"users properly. If for some reason several users need to share the same " +"email address then set this option to a nonexistent attribute name in order " +"to disable user lookup/login by email." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:635 +msgid "Default: mail" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:640 +#, fuzzy +#| msgid "re_expression (string)" +msgid "ldap_user_passkey (string)" +msgstr "re_expression (neudennad)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:643 +msgid "" +"Name of the LDAP attribute containing the passkey mapping data of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:647 +msgid "Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:657 +msgid "GROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:661 +msgid "ldap_group_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:664 +msgid "The object class of a group entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:667 +msgid "Default: posixGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:673 +msgid "ldap_group_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:676 +msgid "" +"The LDAP attribute that corresponds to the group name. In an environment " +"with nested groups, this value must be an LDAP attribute which has a unique " +"name for every group. This requirement includes non-POSIX groups in the tree " +"of nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:684 +msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:691 +msgid "ldap_group_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:694 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:704 +msgid "ldap_group_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:707 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:711 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:717 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:720 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:731 +msgid "ldap_group_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:734 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:746 +msgid "ldap_group_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:759 +msgid "ldap_group_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:762 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:767 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:773 +msgid "Default: groupType in the AD provider, otherwise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:780 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:783 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:789 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:799 +msgid "NETGROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:803 +msgid "ldap_netgroup_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:806 +msgid "The object class of a netgroup entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:809 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:813 +msgid "Default: nisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:819 +msgid "ldap_netgroup_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:822 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:826 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:836 +msgid "ldap_netgroup_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:839 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:843 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:847 +msgid "Default: memberNisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:853 +msgid "ldap_netgroup_triple (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:856 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:860 sssd-ldap-attributes.5.xml:876 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:863 +msgid "Default: nisNetgroupTriple" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:869 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:888 +msgid "HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:892 +msgid "ldap_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:895 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:898 sssd-ldap-attributes.5.xml:995 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:904 +msgid "ldap_host_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:907 sssd-ldap-attributes.5.xml:933 +msgid "The LDAP attribute that corresponds to the host's name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:917 +msgid "ldap_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:920 +msgid "" +"The LDAP attribute that corresponds to the host's fully-qualified domain " +"name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:924 +msgid "Default: fqdn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:930 +msgid "ldap_host_serverhostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:937 +msgid "Default: serverHostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:943 +msgid "ldap_host_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:946 +msgid "The LDAP attribute that lists the host's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:956 +msgid "ldap_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:959 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:969 +msgid "ldap_host_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:972 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:985 +msgid "SERVICE ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:989 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:992 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1001 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1004 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1014 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1017 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1021 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1027 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1030 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1034 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1043 +msgid "SUDO ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1047 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1050 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1053 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1059 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1062 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1072 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1075 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1079 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1085 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1088 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1093 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1099 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1102 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1106 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1112 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1115 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1119 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1125 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1128 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1132 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1138 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1141 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1145 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1151 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1154 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1158 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1164 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1167 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1172 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1178 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1181 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1185 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1194 +msgid "AUTOFS ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1201 +msgid "IP HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1205 +msgid "ldap_iphost_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1208 +msgid "The object class of an iphost entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1211 +msgid "Default: ipHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1217 +msgid "ldap_iphost_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1220 +msgid "" +"The LDAP attribute that contains the name of the IP host attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1230 +msgid "ldap_iphost_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1233 +msgid "The LDAP attribute that contains the IP host address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1237 +msgid "Default: ipHostNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1246 +msgid "IP NETWORK ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1250 +msgid "ldap_ipnetwork_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1253 +msgid "The object class of an ipnetwork entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1256 +msgid "Default: ipNetwork" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1262 +msgid "ldap_ipnetwork_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1265 +msgid "" +"The LDAP attribute that contains the name of the IP network attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1275 +msgid "ldap_ipnetwork_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1278 +msgid "The LDAP attribute that contains the IP network address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1282 +msgid "Default: ipNetworkNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_localauth_plugin.8.xml:10 sssd_krb5_localauth_plugin.8.xml:15 +msgid "sssd_krb5_localauth_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_localauth_plugin.8.xml:16 +msgid "Kerberos local authorization plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:22 +msgid "" +"The Kerberos local authorization plugin <command>sssd_krb5_localauth_plugin</" +"command> is used by libkrb5 to either find the local name for a given " +"Kerberos principal or to check if a given local name and a given Kerberos " +"principal relate to each other." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:29 +msgid "" +"SSSD handles the local names for users from a remote source and can read the " +"Kerberos user principal name from the remote source as well. With this " +"information SSSD can easily handle the mappings mentioned above even if the " +"local name and the Kerberos principal differ considerably." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:36 +msgid "" +"Additionally with the information read from the remote source SSSD can help " +"to prevent unexpected or unwanted mappings in case the user part of the " +"Kerberos principal accidentally corresponds to a local name of a different " +"user. By default libkrb5 might just strip the realm part of the Kerberos " +"principal to get the local name which would lead to wrong mappings in this " +"case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd_krb5_localauth_plugin.8.xml:46 +msgid "CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd_krb5_localauth_plugin.8.xml:56 +#, no-wrap +msgid "" +"[plugins]\n" +" localauth = {\n" +" module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so\n" +" }\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:48 +msgid "" +"The Kerberos local authorization plugin must be enabled explicitly in the " +"Kerberos configuration, see <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. SSSD will create a " +"config snippet with the content like e.g. <placeholder " +"type=\"programlisting\" id=\"0\"/> automatically in the SSSD's public " +"Kerberos configuration snippet directory. If this directory is included in " +"the local Kerberos configuration the plugin will be enabled automatically." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:3 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:6 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:9 +msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:16 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:19 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:22 +msgid "" +"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:29 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:32 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:37 +msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:44 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:47 include/autofs_attributes.xml:61 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:51 +msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:58 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:65 +msgid "" +"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise " +"automountInformation" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" + +#. type: Content of: <refentryinfo> +#: include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - https://github." +"com/SSSD/sssd/</orgname>" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:53 +msgid "Failover time outs and tuning" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:55 +msgid "" +"Resolving a server to connect to can be as simple as running a single DNS " +"query or can involve several steps, such as finding the correct site or " +"trying out multiple host names in case some of the configured servers are " +"not reachable. The more complex scenarios can take some time and SSSD needs " +"to balance between providing enough time to finish the resolution process " +"but on the other hand, not trying for too long before falling back to " +"offline mode. If the SSSD debug logs show that the server resolution is " +"timing out before a live server is contacted, you can consider changing the " +"time outs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:76 +msgid "dns_resolver_server_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:80 +msgid "" +"Time in milliseconds that sets how long would SSSD talk to a single DNS " +"server before trying next one." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:90 +msgid "dns_resolver_op_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:94 +msgid "" +"Time in seconds to tell how long would SSSD try to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or discovery domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:106 +msgid "dns_resolver_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:110 +msgid "" +"How long would SSSD try to resolve a failover service. This service " +"resolution internally might include several steps, such as resolving DNS SRV " +"queries or locating the site." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:67 +msgid "" +"This section lists the available tunables. Please refer to their description " +"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:123 +msgid "" +"For LDAP-based providers, the resolve operation is performed as part of an " +"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout</" +"quote> timeout should be set to a larger value than " +"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger " +"value than <quote>dns_resolver_op_timeout</quote> which should be larger " +"than <quote>dns_resolver_server_timeout</quote>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 200,000 and going up to " +"2,000,200,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower (inclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:129 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:139 include/ldap_id_mapping.xml:197 +msgid "Default: 200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:144 +msgid "ldap_idmap_range_max (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:147 +msgid "" +"Specifies the upper (exclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"cannot be used for the mapping anymore, i.e. one larger than the last one " +"which can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:155 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:165 +msgid "Default: 2000200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:170 +msgid "ldap_idmap_range_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:185 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:192 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:202 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:205 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:216 +msgid "ldap_idmap_default_domain (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:219 +msgid "Specify the name of the default domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:227 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:230 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:235 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monotonically with each additional domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:240 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:255 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:258 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:262 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:279 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:287 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:290 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:291 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:292 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:293 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:294 +msgid "Mandatory Label Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:295 +msgid "Authentication Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:296 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:297 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:299 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:303 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote>LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, " +"<quote>MANDATORY LABEL AUTHORITY</quote>, <quote>AUTHENTICATION AUTHORITY</" +"quote>, <quote>NT AUTHORITY</quote> and <quote>BUILTIN</quote> should not be " +"used as domain names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10 +msgid "Currently supported debug levels:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill SSSD, but one that indicates that at least one major " +"feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x20000</emphasis>: Performance and " +"statistical data, please note that due to the way requests are processed " +"internally the logged execution time of a request might be longer than it " +"actually was." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:88 include/debug_levels_tools.xml:62 +msgid "" +"<emphasis>10</emphasis>, <emphasis>0x10000</emphasis>: Even more low-level " +"libldb tracing information. Almost never really required." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:93 include/debug_levels_tools.xml:67 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:97 include/debug_levels_tools.xml:71 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:101 include/debug_levels_tools.xml:75 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:106 include/debug_levels_tools.xml:80 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:110 include/debug_levels_tools.xml:84 +msgid "" +"<emphasis>Default</emphasis>: 0x0070 (i.e. fatal, critical and serious " +"failures; corresponds to setting 2 in decimal notation)" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ldap-attributes</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ad</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +"condition=\"with_files_provider\"> <citerefentry> <refentrytitle>sssd-files</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, </phrase> <phrase " +"condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +"<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> " +"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> </phrase>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:27 +msgid "%l" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "The first letter of the login name." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:32 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:35 +msgid "%o" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:37 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:44 +msgid "" +"The original home directory retrieved from the identity provider, but in " +"lower case." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:49 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:51 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:63 +msgid "This option can also be set per-domain." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:68 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:72 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:76 +msgid "" +"Please note, the home directory from a specific override for the user, " +"either locally (see <citerefentry><refentrytitle>sss_override</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry>) or centrally managed " +"IPA id-overrides, has a higher precedence and will be used instead of the " +"value given by override_homedir." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2 +msgid "MODIFIED DEFAULT OPTIONS" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ad_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and AD provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9 +msgid "KRB5 Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13 +msgid "krb5_validate = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:18 +msgid "krb5_use_enterprise_principal = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:24 +msgid "LDAP Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:28 +msgid "ldap_schema = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38 +msgid "ldap_force_upper_case_realm = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:38 +msgid "ldap_id_mapping = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSS-SPNEGO" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:48 +msgid "ldap_referrals = false" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58 +msgid "ldap_use_tokengroups = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:63 +msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:66 +msgid "" +"The AD provider looks for a different principal than the LDAP provider by " +"default, because in an Active Directory environment the principals are " +"divided into two groups - User Principals and Service Principals. Only User " +"Principal can be used to obtain a TGT and by default, computer object's " +"principal is constructed from its sAMAccountName and the AD realm. The well-" +"known host/hostname@REALM principal is a Service Principal and thus cannot " +"be used to get a TGT with." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:80 +msgid "NSS configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:84 +msgid "fallback_homedir = /home/%d/%u" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:87 +msgid "" +"The AD provider automatically sets \"fallback_homedir = /home/%d/%u\" to " +"provide personal home directories for users without the homeDirectory " +"attribute. If your AD Domain is properly populated with Posix attributes, " +"and you want to avoid this fallback behavior, you can explicitly set " +"\"fallback_homedir = %o\"." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:96 +msgid "" +"Note that the system typically expects a home directory in /home/%u folder. " +"If you decide to use a different directory structure, some other parts of " +"your system may need adjustments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:102 +msgid "" +"For example automated creation of home directories in combination with " +"selinux requires selinux adjustment, otherwise the home directory will be " +"created with wrong selinux context." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ipa_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and IPA provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:18 +msgid "krb5_use_fast = try" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:23 +msgid "krb5_canonicalize = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:29 +msgid "LDAP Provider - General" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:33 +msgid "ldap_schema = ipa_v1" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSSAPI" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:48 +msgid "ldap_sasl_minssf = 56" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ipa" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:64 +msgid "LDAP Provider - User options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:68 +msgid "ldap_user_member_of = memberOf" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:73 +msgid "ldap_user_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:78 +msgid "ldap_user_ssh_public_key = ipaSshPubKey" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:83 +msgid "ldap_user_auth_type = ipaUserAuthType" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:89 +msgid "LDAP Provider - Group options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:93 +msgid "ldap_group_object_class = ipaUserGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:98 +msgid "ldap_group_object_class_alt = posixGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:103 +msgid "ldap_group_member = member" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:108 +msgid "ldap_group_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:113 +msgid "ldap_group_objectsid = ipaNTSecurityIdentifier" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:118 +msgid "ldap_group_external_member = ipaExternalMember" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:3 +msgid "krb5_auth_timeout (integer)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:6 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:17 +msgid "krb5_validate (boolean)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:20 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:29 +msgid "Default: false (IPA and AD provider: true)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:32 +msgid "" +"Please note that the ticket validation is the first step when checking the " +"PAC (see 'pac_check' in the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page for " +"details). If ticket validation is disabled the PAC checks will be skipped as " +"well." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:44 +msgid "krb5_renewable_lifetime (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:47 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:52 include/krb5_options.xml:86 +#: include/krb5_options.xml:123 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:55 include/krb5_options.xml:89 +#: include/krb5_options.xml:126 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:58 include/krb5_options.xml:92 +#: include/krb5_options.xml:129 +msgid "<emphasis>h</emphasis> for hours" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:61 include/krb5_options.xml:95 +#: include/krb5_options.xml:132 +msgid "<emphasis>d</emphasis> for days." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:64 include/krb5_options.xml:135 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:68 include/krb5_options.xml:139 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:73 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:79 +msgid "krb5_lifetime (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:82 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:98 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:102 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:107 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:114 +msgid "krb5_renew_interval (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:117 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:144 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:157 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" + +#~ msgid "sss_groupmod" +#~ msgstr "sss_groupmod" + +#~ msgid "modify a group" +#~ msgstr "Kemmañur strollad" + +#~ msgid "" +#~ "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +#~ "replaceable>" diff --git a/src/man/po/ca.po b/src/man/po/ca.po new file mode 100644 index 0000000..45f2e26 --- /dev/null +++ b/src/man/po/ca.po @@ -0,0 +1,19887 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# Jordi Mas <jmas@softcatala.org>, 2012 +# Jordi Mas <jmas@softcatala.org>, 2012 +# Jordi Mas <jmas@softcatala.org>, 2014 +# muzzol <muzzol@gmail.com>, 2012 +# muzzol <muzzol@gmail.com>, 2012 +# Robert Antoni Buj i Gelonch, 2013 +# Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>, 2015. #zanata +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 2.3.0\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" +"PO-Revision-Date: 2015-10-18 04:13-0400\n" +"Last-Translator: Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>\n" +"Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/" +"ca/)\n" +"Language: ca\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Zanata 4.6.2\n" + +#. type: Content of: <reference><title> +#: sssd.conf.5.xml:8 sssd-ldap.5.xml:5 pam_sss.8.xml:5 pam_sss_gss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5 +#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 +#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sssd-krb5.5.xml:5 +#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5 +#: sssd-files.5.xml:5 sssd-session-recording.5.xml:5 sssd-kcm.8.xml:5 +#: sssd-systemtap.5.xml:5 sssd-ldap-attributes.5.xml:5 +#: sssd_krb5_localauth_plugin.8.xml:5 +msgid "SSSD Manual pages" +msgstr "Pàgines del manual de l'SSSD" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:13 sssd.conf.5.xml:19 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:14 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 +#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +#: sssd-files.5.xml:11 sssd-session-recording.5.xml:11 sssd-systemtap.5.xml:11 +#: sssd-ldap-attributes.5.xml:11 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:15 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 +#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +#: sssd-files.5.xml:12 sssd-session-recording.5.xml:12 sssd-kcm.8.xml:12 +#: sssd-systemtap.5.xml:12 sssd-ldap-attributes.5.xml:12 +msgid "File Formats and Conventions" +msgstr "Formats i convencions dels fitxers" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:20 +msgid "the configuration file for SSSD" +msgstr "el fitxer de configuració per a l'SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:24 +msgid "FILE FORMAT" +msgstr "FORMAT DEL FITXER" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:32 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" +"<replaceable>[secció]</replaceable>\n" +"<replaceable>clau</replaceable> = <replaceable>valor</replaceable>\n" +"<replaceable>clau2</replaceable> = <replaceable>valor2,valor3</replaceable>\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:27 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"El fitxer té un estil de sintaxi del tipus ini i està format per seccions i " +"paràmetres. Una secció comença amb el nom de la secció entre claudàtors i " +"continua fins a l'inici de la següent secció. Un exemple de secció amb " +"paràmetres amb un sol valor i amb valors múltiples: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:39 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" +"Els tipus de dades que s'utilitzen són cadenes (no necessiten cometes), " +"enters i booleans (amb valors <quote>TRUE/FALSE</quote>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:44 +msgid "" +"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:50 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" +"Totes les seccions poden tenir un paràmetre opcional de " +"<replaceable>descripció</replaceable>. La seva funció tan sols és una " +"etiqueta per a la secció." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:56 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" +"<filename>sssd.conf</filename> ha de ser un fitxer normal, amb root com a " +"propietari i només l'usuari root hi pot llegir o escriure." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:62 +msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:65 +msgid "" +"The configuration file <filename>sssd.conf</filename> will include " +"configuration snippets using the include directory <filename>conf.d</" +"filename>. This feature is available if SSSD was compiled with libini " +"version 1.3.0 or later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:72 +msgid "" +"Any file placed in <filename>conf.d</filename> that ends in " +"<quote><filename>.conf</filename></quote> and does not begin with a dot " +"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> " +"to configure SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:80 +msgid "" +"The configuration snippets from <filename>conf.d</filename> have higher " +"priority than <filename>sssd.conf</filename> and will override " +"<filename>sssd.conf</filename> when conflicts occur. If several snippets are " +"present in <filename>conf.d</filename>, then they are included in " +"alphabetical order (based on locale). Files included later have higher " +"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, " +"<filename>02_snippet.conf</filename> etc.) can help visualize the priority " +"(higher number means higher priority)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:94 +msgid "" +"The snippet files require the same owner and permissions as <filename>sssd." +"conf</filename>. Which are by default root:root and 0600." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:101 +msgid "GENERAL OPTIONS" +msgstr "OPCIONS GENERALS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:103 +msgid "Following options are usable in more than one configuration sections." +msgstr "" +"Les següents opcions es poden utilitzar en més d'una secció de configuració." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:107 +msgid "Options usable in all sections" +msgstr "Opcions que es poden utilitzar en totes les seccions" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:111 +msgid "debug_level (integer)" +msgstr "debug_level (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:115 +msgid "debug (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:118 +msgid "" +"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias " +"for <replaceable>debug_level</replaceable> as a convenience feature. If both " +"are specified, the value of <replaceable>debug_level</replaceable> will be " +"used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:128 +msgid "debug_timestamps (bool)" +msgstr "debug_timestamps (booleà)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:131 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" +"Afegeix una marca temporal al registre de depuració. Si el journald està " +"habilitat per enregistrar la depuració de l'SSSD, aleshores s'ignora aquesta " +"opció." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 +msgid "Default: true" +msgstr "Per defecte: true" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:141 +msgid "debug_microseconds (bool)" +msgstr "debug_microseconds (booleà)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:144 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" +"Afegeix els mil·lisegons a les marques temporals als missatges de depuració. " +"Si el journald està habilitat per enregistrar la depuració de l'SSSD, " +"aleshores s'ignora aquesta opció." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 +#: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 +#: include/krb5_options.xml:163 +msgid "Default: false" +msgstr "Per defecte: false" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:154 +#, fuzzy +#| msgid "debug_microseconds (bool)" +msgid "debug_backtrace_enabled (bool)" +msgstr "debug_microseconds (booleà)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:157 +msgid "Enable debug backtrace." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:160 +msgid "" +"In case SSSD is run with debug_level less than 9, everything is logged to a " +"ring buffer in memory and flushed to a log file on any error up to and " +"including `min(0x0040, debug_level)` (i.e. if debug_level is explicitly set " +"to 0 or 1 then only those error levels will trigger backtrace, otherwise up " +"to 2)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:169 +msgid "" +"Feature is only supported for `logger == files` (i.e. setting doesn't have " +"effect for other logger types)." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 +#: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 +#: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 +#: sssd-ldap-attributes.5.xml:890 sssd-ldap-attributes.5.xml:987 +#: sssd-ldap-attributes.5.xml:1045 sssd-ldap-attributes.5.xml:1203 +#: sssd-ldap-attributes.5.xml:1248 include/autofs_attributes.xml:1 +#: include/krb5_options.xml:1 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:182 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "Opcions que es poden utilitzar a les seccions SERVEI i DOMINI" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:186 +msgid "timeout (integer)" +msgstr "timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:189 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests. Note " +"that after three missed heartbeats the process will terminate itself." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +msgid "Default: 10" +msgstr "Per defecte: 10" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:206 +msgid "SPECIAL SECTIONS" +msgstr "SECCIONS ESPECIALS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:209 +msgid "The [sssd] section" +msgstr "La secció [sssd]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><title> +#: sssd.conf.5.xml:218 +msgid "Section parameters" +msgstr "Paràmetres de la secció" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:220 +msgid "config_file_version (integer)" +msgstr "config_file_version (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:223 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" +"Indica quina és la sintaxi del fitxer de configuració. La versió 0.6.0 i les " +"posteriors versions de l'SSSD utilitzen la versió 2." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:229 +msgid "services" +msgstr "services" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:232 +msgid "" +"Comma separated list of services that are started when sssd itself starts. " +"<phrase condition=\"have_systemd\"> The services' list is optional on " +"platforms where systemd is supported, as they will either be socket or D-Bus " +"activated when needed. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:241 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" +msgstr "" +"Serveis admesos: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:249 +msgid "" +"<phrase condition=\"have_systemd\"> By default, all services are disabled " +"and the administrator must enable the ones allowed to be used by executing: " +"\"systemctl enable sssd-@service@.socket\". </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 +msgid "reconnection_retries (integer)" +msgstr "reconnection_retries (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" +"El nombre de vegades que els serveis haurien d'intentar tornar a connectar " +"en cas de caiguda o reinici del proveïdor de dades abans de donar-se per " +"vençuts" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 +#: include/failover.xml:100 +msgid "Default: 3" +msgstr "Per defecte: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:271 +msgid "domains" +msgstr "domains" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:274 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter describes the list of domains in the order you want " +"them to be queried. A domain name is recommended to contain only " +"alphanumeric ASCII characters, dashes, dots and underscores. '/' character " +"is forbidden." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 +msgid "re_expression (string)" +msgstr "re_expression (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:290 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" +"L'expressió regular per defecte que descriu com analitzar la cadena que " +"conté el nom d'usuari i el domini en aquests components." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:295 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN SECTIONS " +"for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 +msgid "full_name_format (string)" +msgstr "full_name_format (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" +"Un format compatible amb <citerefentry> <refentrytitle>printf</" +"refentrytitle> <manvolnum>3</manvolnum> </citerefentry>-que descriu com " +"compondre un FQN des dels components del nom d'usuari i del nom del domini." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 +msgid "%1$s" +msgstr "%1$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 +msgid "user name" +msgstr "nom d'usuari" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 +msgid "%2$s" +msgstr "%2$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 +msgid "domain name as specified in the SSSD config file." +msgstr "" +"el nom del domini tal com s'especifica al fitxer de configuració de l'SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 +msgid "%3$s" +msgstr "%3$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"S'admeten les següents ampliacions: <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:344 +msgid "" +"Each domain can have an individual format string configured. See DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:350 +msgid "monitor_resolv_conf (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:353 +msgid "" +"Controls if SSSD should monitor the state of resolv.conf to identify when it " +"needs to update its internal DNS resolver." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:363 +msgid "try_inotify (boolean)" +msgstr "try_inotify (booleà)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:366 +msgid "" +"By default, SSSD will attempt to use inotify to monitor configuration files " +"changes and will fall back to polling every five seconds if inotify cannot " +"be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" +"Hi ha algunes situacions limitades on es prefereix ignorar fins i tot " +"l'intent d'ús de l'inotify. En aquestes estranyes circumstàncies, s'hauria " +"d'establir aquesta opció a «false»" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:378 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" +"Per defecte: true en les plataformes on està suportat l'inotify. Fals en les " +"altres plataformes." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:382 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" +"Nota: aquesta opció no afectarà les plataformes on l'inotify no està " +"disponible. En aquestes plataformes, sempre s'utilitzarà el sondeig." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:389 +msgid "krb5_rcache_dir (string)" +msgstr "krb5_rcache_dir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" +"El directori al sistema de fitxers on l'SSSD ha d'emmagatzemar els fitxers " +"cau de repetició del Kerberos." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:396 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" +"Aquesta opció accepta un valor especial __LIBKRB5_DEFAULTS__ que instruirà a " +"l'SSSD per permetre a libkrb5 decidir la ubicació apropiada per a la memòria " +"auxiliar de reproducció." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:402 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" +"Per defecte: Específic de la distribució i s'especifica en temps de " +"construcció. (__LIBKRB5_DEFAULTS__ si no està configurat)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:409 +msgid "user (string)" +msgstr "user (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:412 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user. Currently the only supported value is '&sssd_user_name;'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:419 +msgid "" +"This option does not work when running socket-activated services, as the " +"user set up to run the processes is set up during compilation time. The way " +"to override the systemd unit files is by creating the appropriate files in /" +"etc/systemd/system/. Keep in mind that any change in the socket user, group " +"or permissions may result in a non-usable SSSD. The same may occur in case " +"of changes of the user running the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:433 +msgid "Default: not set, process will run as root" +msgstr "Per defecte: sense establir, els processos s'executaran com a root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:438 +msgid "default_domain_suffix (string)" +msgstr "default_domain_suffix (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:441 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" +"Aquesta cadena s'utilitzarà un nom de domini per defecte per a tots els noms " +"que no tinguin el component del nom del domini. El cas d'ús principal està " +"als entorns on el domini principal està destinat a la gestió de les " +"polítiques dels amfitrions i tots els usuaris es troben en un domini de " +"confiança. L'opció permet que els usuaris iniciïn la sessió sols amb el seu " +"nom d'usuari sense donar també un nom de domini." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:451 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False. <phrase condition=\"with_files_provider\"> One exception from " +"this rule are domains with <quote>id_provider=files</quote> that always try " +"to match the behaviour of nss_files and therefore their output is not " +"qualified even when the default_domain_suffix option is used. </phrase>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 +#: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 +#: include/krb5_options.xml:148 +msgid "Default: not set" +msgstr "Per defecte: sense establir" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:473 +msgid "override_space (string)" +msgstr "override_space (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:476 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:485 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "Default: not set (spaces will not be replaced)" +msgstr "Per defecte: sense establir (no se substituiran els espais)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:498 +msgid "certificate_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:506 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:508 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:516 +msgid "soft_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:518 +msgid "" +"If a connection cannot be established to an OCSP responder the OCSP check is " +"skipped. This option should be used to allow authentication when the system " +"is offline and the OCSP responder cannot be reached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:528 +msgid "ocsp_dgst" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "" +"Digest (hash) function used to create the certificate ID for the OCSP " +"request. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:534 +msgid "sha1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:535 +msgid "sha256" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:536 +msgid "sha384" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:537 +msgid "sha512" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:540 +msgid "Default: sha1 (to allow compatibility with RFC5019-compliant responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:546 +msgid "no_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:548 +msgid "" +"Disables verification completely. This option should only be used for " +"testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "partial_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:556 +msgid "" +"Allow verification to succeed even if a <replaceable>complete</replaceable> " +"chain cannot be built to a self-signed trust-anchor, provided it is possible " +"to construct a chain to a trusted certificate that might not be self-signed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:565 +msgid "ocsp_default_responder=URL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:567 +msgid "" +"Sets the OCSP default responder which should be used instead of the one " +"mentioned in the certificate. URL must be replaced with the URL of the OCSP " +"default responder e.g. http://example.com:80/ocsp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:577 +msgid "ocsp_default_responder_signing_cert=NAME" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:579 +msgid "" +"This option is currently ignored. All needed certificates must be available " +"in the PEM file given by pam_cert_db_path." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:587 +msgid "crl_file=/PATH/TO/CRL/FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:589 +#, fuzzy +#| msgid "" +#| "The skeleton directory, which contains files and directories to be copied " +#| "in the user's home directory, when the home directory is created by " +#| "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +#| "manvolnum> </citerefentry>" +msgid "" +"Use the Certificate Revocation List (CRL) from the given file during the " +"verification of the certificate. The CRL must be given in PEM format, see " +"<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</" +"manvolnum> </citerefentry> for details." +msgstr "" +"El directori esquemàtic que conté els fitxers i els directoris per copiar al " +"directori inicial, quan el directori inicial de l'usuari es crea amb " +"<citerefentry><refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:602 +msgid "soft_crl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:605 +msgid "" +"If a Certificate Revocation List (CRL) is expired ignore the CRL checks for " +"the related certificates. This option should be used to allow authentication " +"when the system is offline and the CRL cannot be renewed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:616 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:619 +msgid "Default: not set, i.e. do not restrict certificate verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:625 +msgid "disable_netlink (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "" +"SSSD hooks into the netlink interface to monitor changes to routes, " +"addresses, links and trigger certain actions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:633 +msgid "" +"The SSSD state changes caused by netlink events may be undesirable and can " +"be disabled by setting this option to 'true'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:638 +msgid "Default: false (netlink changes are detected)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:643 +msgid "enable_files_domain (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:646 +msgid "" +"When this option is enabled, SSSD prepends an implicit domain with " +"<quote>id_provider=files</quote> before any explicitly configured domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:657 +msgid "domain_resolution_order" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:660 +msgid "" +"Comma separated list of domains and subdomains representing the lookup order " +"that will be followed. The list doesn't have to include all possible " +"domains as the missing domains will be looked up based on the order they're " +"presented in the <quote>domains</quote> configuration option. The " +"subdomains which are not listed as part of <quote>lookup_order</quote> will " +"be looked up in a random order for each parent domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:672 +msgid "" +"Please, note that when this option is set the output format of all commands " +"is always fully-qualified even when using short names for input <phrase " +"condition=\"with_files_provider\"> , for all users but the ones managed by " +"the files provider </phrase>. In case the administrator wants the output " +"not fully-qualified, the full_name_format option can be used as shown below: " +"<quote>full_name_format=%1$s</quote> However, keep in mind that during " +"login, login applications often canonicalize the username by calling " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> which, if a shortname is returned for a qualified " +"input (while trying to reach a user which exists in multiple domains) might " +"re-route the login attempt into the domain which uses shortnames, making " +"this workaround totally not recommended in cases where usernames may overlap " +"between domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 +#: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 +msgid "Default: Not set" +msgstr "Per defecte: Sense establir" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:705 +#, fuzzy +#| msgid "ipa_server_mode (boolean)" +msgid "implicit_pac_responder (boolean)" +msgstr "ipa_server_mode (booleà)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:708 +msgid "" +"The PAC responder is enabled automatically for the IPA and AD provider to " +"evaluate and check the PAC. If it has to be disabled set this option to " +"'false'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:719 +#, fuzzy +#| msgid "ad_enable_gc (boolean)" +msgid "core_dumpable (boolean)" +msgstr "ad_enable_gc (booleà)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:722 +msgid "" +"This option can be used for general system hardening: setting it to 'false' " +"forbids core dumps for all SSSD processes to avoid leaking plain text " +"passwords. See man page prctl:PR_SET_DUMPABLE for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:734 +#, fuzzy +#| msgid "ldap_user_certificate (string)" +msgid "passkey_verification (string)" +msgstr "ldap_user_certificate (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +#, fuzzy +#| msgid "ldap_user_certificate (string)" +msgid "user_verification (boolean)" +msgstr "ldap_user_certificate (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:744 +msgid "" +"Enable or disable the user verification (i.e. PIN, fingerprint) during " +"authentication. If enabled, the PIN will always be requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:750 +msgid "" +"The default is that the key settings decide what to do. In the IPA or " +"kerberos pre-authentication case, this value will be overwritten by the " +"server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +#, fuzzy +#| msgid "" +#| "The following expansions are supported: <placeholder " +#| "type=\"variablelist\" id=\"0\"/>" +msgid "" +"With this parameter the passkey verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"S'admeten les següents ampliacions: <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:211 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Les peces individuals de la funcionalitat de l'SSSD es proporcionen amb " +"serveis especials que s'inicien i s'aturen juntament amb l'SSSD. Els " +"serveis es gestionen amb un servei especial anomenat <quote>monitor</quote>. " +"La secció <quote>[sssd]</quote> s'utilitza per configurar el monitor així " +"com altres opcions importants com els dominis d'identitats. <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:769 +msgid "SERVICES SECTIONS" +msgstr "SECCIONS DELS SERVEIS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:771 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" +"Ajustos que es poden utilitzar per configurar diferents serveis que es " +"descriuen en aquesta secció. Han de residir a la secció [<replaceable>$Nom</" +"replaceable>], per exemple, per a servei NSS, la secció seria <quote>[nss]</" +"quote>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:778 +msgid "General service configuration options" +msgstr "Opcions de configuració del servei general" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:780 +msgid "These options can be used to configure any service." +msgstr "Es poden utilitzar aquestes opcions per configurar qualsevol servei." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:797 +msgid "fd_limit" +msgstr "fd_limit" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:800 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:814 +msgid "client_idle_timeout" +msgstr "client_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:817 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system. The timeout " +"can't be shorter than 10 seconds. If a lower value is configured, it will be " +"adjusted to 10 seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 60, KCM: 300" +msgstr "Per defecte: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:831 +msgid "offline_timeout (integer)" +msgstr "offline_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:834 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. By " +"default SSSD uses incremental behaviour to calculate delay in between " +"retries. So, the wait time for a given retry will be longer than the wait " +"time for the previous ones. After each unsuccessful attempt to go online, " +"the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 +msgid "" +"new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." +"offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:848 +msgid "" +"The offline_timeout default value is 60. The offline_timeout_max default " +"value is 3600. The offline_timeout_random_offset default value is 30. The " +"end result is amount of seconds before next retry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:854 +msgid "" +"Note that the maximum length of each interval is defined by " +"offline_timeout_max (apart of random part)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 +msgid "Default: 60" +msgstr "Per defecte: 60" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:863 +#, fuzzy +#| msgid "offline_timeout (integer)" +msgid "offline_timeout_max (integer)" +msgstr "offline_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:866 +msgid "" +"Controls by how much the time between attempts to go online can be " +"incremented following unsuccessful attempts to go online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:871 +msgid "A value of 0 disables the incrementing behaviour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:874 +msgid "" +"The value of this parameter should be set in correlation to offline_timeout " +"parameter value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "" +"With offline_timeout set to 60 (default value) there is no point in setting " +"offlinet_timeout_max to less than 120 as it will saturate instantly. General " +"rule here should be to set offline_timeout_max to at least 4 times " +"offline_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "" +"Although a value between 0 and offline_timeout may be specified, it has the " +"effect of overriding the offline_timeout value so is of little use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:889 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 3600" +msgstr "Per defecte: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:894 +#, fuzzy +#| msgid "offline_timeout + random_offset" +msgid "offline_timeout_random_offset (integer)" +msgstr "offline_timeout + random_offset" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:897 +msgid "" +"When SSSD is in offline mode it keeps probing backend servers in specified " +"time intervals:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:904 +msgid "" +"This parameter controls the value of the random offset used for the above " +"equation. Final random_offset value will be random number in range:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +#, fuzzy +#| msgid "offline_timeout + random_offset" +msgid "[0 - offline_timeout_random_offset]" +msgstr "offline_timeout + random_offset" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:912 +msgid "A value of 0 disables the random offset addition." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:915 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 30" +msgstr "Per defecte: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:920 +msgid "responder_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:923 +msgid "" +"This option specifies the number of seconds that an SSSD responder process " +"can be up without being used. This value is limited in order to avoid " +"resource exhaustion on the system. The minimum acceptable value for this " +"option is 60 seconds. Setting this option to 0 (zero) means that no timeout " +"will be set up to the responder. This option only has effect when SSSD is " +"built with systemd support and when services are either socket or D-Bus " +"activated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 +msgid "Default: 300" +msgstr "Per defecte: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:942 +msgid "cache_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 +msgid "" +"This option specifies whether the responder should query all caches before " +"querying the Data Providers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:960 +msgid "NSS configuration options" +msgstr "Opcions de configuració de l'NSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:962 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" +"Es poden utilitzar aquestes opcions per configurar el servei del NSS (Name " +"Service Switch)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:967 +msgid "enum_cache_timeout (integer)" +msgstr "enum_cache_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:970 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" +"El número de segons que nss_sss emmagatzema a la meòria cau les enumeracions " +"(peticions d'informació sobre tots els usuaris)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:974 +msgid "Default: 120" +msgstr "Per defecte: 120" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:979 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "entry_cache_nowait_percentage (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:982 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" +"El valor de la memòria cau es pot establir per actualitzar a automàticament " +"les entrades en rerefons, si se sol·liciten més enllà d'un percentatge del " +"valor entry_cache_timeout per al domini." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:988 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" +"Per exemple, si s'estableix entry_cache_timeout del domini a 30 s i " +"entry_cache_nowait_percentage està establert a 50 (per cent), les entrades " +"que arriben després de 15 segons més enllà de l'última actualització de la " +"memòria cau es retornaran immediatament, però l'SSSD anirà actualitzant la " +"memòria cau pel seu propi compte, de manera que no caldrà bloquejar les " +"peticions que esperen per a una actualització de la memòria cau." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:998 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" +"Els valors vàlids per a aquesta opció són 0-99 i representen un percentatge " +"de la entry_cache_timeout per a cada domini. Per raons de rendiment, aquest " +"percentatge mai reduirà el temps d'espera de nowait a menys de 10 segons. " +"(0 desactiva aquesta característica)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 +msgid "Default: 50" +msgstr "Per defecte: 50" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1011 +msgid "entry_negative_timeout (integer)" +msgstr "entry_negative_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"Especifica quants segons nss_sss hauria d'emmagatzemar els intents de la " +"memòria cau negatius (és a dir, consultes per a les entrades incorrectes de " +"la base de dades, com les inexistents) abans de preguntar al rerefons una " +"altra vegada." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 +msgid "Default: 15" +msgstr "Per defecte: 15" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1025 +msgid "local_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1028 +msgid "" +"Specifies for how many seconds nss_sss should keep local users and groups in " +"negative cache before trying to look it up in the back end again. Setting " +"the option to 0 disables this feature." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "Default: 14400 (4 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1039 +msgid "filter_users, filter_groups (string)" +msgstr "filter_users, filter_groups (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1042 +msgid "" +"Exclude certain users or groups from being fetched from the sss NSS " +"database. This is particularly useful for system accounts. This option can " +"also be set per-domain or include fully-qualified names to filter only users " +"from the particular domain or by a user principal name (UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1050 +msgid "" +"NOTE: The filter_groups option doesn't affect inheritance of nested group " +"members, since filtering happens after they are propagated for returning via " +"NSS. E.g. a group having a member group filtered out will still have the " +"member users of the latter listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1058 +msgid "Default: root" +msgstr "Per defecte: root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1063 +msgid "filter_users_in_groups (bool)" +msgstr "filter_users_in_groups (booleà)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1066 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" +"Si voleu que els usuaris filtrats encara siguin membres del grup establiu " +"aquesta opció a false." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1077 +msgid "fallback_homedir (string)" +msgstr "fallback_homedir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1080 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" +"Estableix una plantilla predeterminada per al directori inicial de l'usuari " +"si no se n'especifica cap explícitament amb el proveïdor de dades del domini." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1085 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" +"Els valors disponibles per aquesta opció són els mateixos que per " +"override_homedir." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1091 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" +"fallback_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "exemple: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1095 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" +"Per defecte: sense establir (cap substitució per als directoris inicials no " +"establerts)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1101 +msgid "override_shell (string)" +msgstr "override_shell (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1104 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" +"Substitueix el shell d'inici de sessió per a tots els usuaris. Aquesta opció " +"substitueix qualsevol de les altres opcions del shell si entra en vigor i es " +"pot configurar ja sigui en la secció [nss] o per cada domini." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" +"Per defecte: sense establir (SSSD utilitzarà el valor recuperat del LDAP)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1116 +msgid "allowed_shells (string)" +msgstr "allowed_shells (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1119 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" +"Restringeix el shell de l'usuari a un dels valors llistats. L'ordre " +"d'avaluació és:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1122 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "1. Si el shell està present al <quote>/etc/shells</quote>, s'utilitza." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1126 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1131 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1136 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1139 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1146 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1149 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1153 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1158 +msgid "vetoed_shells (string)" +msgstr "vetoed_shells (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1161 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1166 +msgid "shell_fallback (string)" +msgstr "shell_fallback (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1169 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1173 +msgid "Default: /bin/sh" +msgstr "Per defecte: /bin/sh" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1178 +msgid "default_shell" +msgstr "default_shell" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1181 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1187 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 +msgid "get_domains_timeout (int)" +msgstr "get_domains_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1206 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_timeout (integer)" +msgstr "enum_cache_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1209 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid. Setting this option to zero will disable the in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1217 +msgid "" +"WARNING: Disabling the in-memory cache will have significant negative impact " +"on SSSD's performance and should only be used for testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1231 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_passwd (integer)" +msgstr "enum_cache_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1234 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for passwd requests. Setting the size to 0 will disable the passwd in-" +"memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 +msgid "Default: 8" +msgstr "Per defecte: 8" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 +msgid "" +"WARNING: Disabled or too small in-memory cache can have significant negative " +"impact on SSSD's performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1256 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_group (integer)" +msgstr "enum_cache_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1259 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for group requests. Setting the size to 0 will disable the group in-memory " +"cache." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 +#: include/krb5_options.xml:11 +msgid "Default: 6" +msgstr "Per defecte: 6" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1281 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_initgroups (integer)" +msgstr "enum_cache_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1284 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for initgroups requests. Setting the size to 0 will disable the initgroups " +"in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1306 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_sid (integer)" +msgstr "enum_cache_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1309 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for SID related requests. Only SID-by-ID and ID-by-SID requests are " +"currently cached in fast in-memory cache. Setting the size to 0 will " +"disable the SID in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 +msgid "user_attributes (string)" +msgstr "user_attributes (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1336 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1349 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1354 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1359 +msgid "pwfield (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1362 +msgid "" +"The value that NSS operations that return users or groups will return for " +"the <quote>password</quote> field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1367 +#, fuzzy +#| msgid "Default: <quote>permit</quote>" +msgid "Default: <quote>*</quote>" +msgstr "Per defecte: <quote>permit</quote>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1370 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[nss] section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1374 +msgid "" +"Default: <quote>not set</quote> (remote domains), <phrase " +"condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" +"phrase> <quote>x</quote> (proxy domain with nss_files and sssd-shadowutils " +"target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1386 +msgid "PAM configuration options" +msgstr "Opcions de configuració del PAM" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1388 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" +"Es poden utilitzar aquestes opcions per configurar el servei del PAM " +"(Pluggable Authentication Module)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1393 +msgid "offline_credentials_expiration (integer)" +msgstr "offline_credentials_expiration (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1396 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" +"Si el proveïdor d'autenticació està fora de línia, quant de temps s'haurien " +"de permetre inicis de sessió de la memòria cau (en dies des de l'últim inici " +"de sessió)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 +msgid "Default: 0 (No limit)" +msgstr "Per defecte: 0 (sense límit)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1407 +msgid "offline_failed_login_attempts (integer)" +msgstr "offline_failed_login_attempts (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1410 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" +"Si el proveïdor d'autenticació està fora de línia, quants intents d'accés " +"fallits es permet." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1420 +msgid "offline_failed_login_delay (integer)" +msgstr "offline_failed_login_delay (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1423 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" +"El temps en minuts que ha de passar després que s'ha assolit " +"offline_failed_login_attempts abans que un nou intent de connexió sigui " +"possible." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1428 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 +msgid "Default: 5" +msgstr "Per defecte: 5" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1440 +msgid "pam_verbosity (integer)" +msgstr "pam_verbosity (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1443 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" +"Controla quin tipus de missatges es mostren a l'usuari durant " +"l'autenticació. Com més gran sigui el nombre més missatges es mostren." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1448 +msgid "Currently sssd supports the following values:" +msgstr "L'sssd actualment admet els següents valors:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1451 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "<emphasis>0</emphasis>: no mostris cap missatge" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1454 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "<emphasis>1</emphasis>: Mostra només missatges importants" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1458 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "<emphasis>2</emphasis>: Mostra missatges informatius" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" +"<emphasis>3</emphasis>: Mostra tots els missatges i informació de depuració" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1465 sssd.8.xml:63 +msgid "Default: 1" +msgstr "Per defecte: 1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1471 +#, fuzzy +#| msgid "ad_access_filter (string)" +msgid "pam_response_filter (string)" +msgstr "ad_access_filter (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1474 +msgid "" +"A comma separated list of strings which allows to remove (filter) data sent " +"by the PAM responder to pam_sss PAM module. There are different kind of " +"responses sent to pam_sss e.g. messages displayed to the user or environment " +"variables which should be set by pam_sss." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1482 +msgid "" +"While messages already can be controlled with the help of the pam_verbosity " +"option this option allows to filter out other kind of responses as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1489 +msgid "ENV" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1490 +msgid "Do not send any environment variables to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1493 +msgid "ENV:var_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1494 +msgid "Do not send environment variable var_name to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1498 +msgid "ENV:var_name:service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1499 +msgid "Do not send environment variable var_name to service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1487 +msgid "" +"Currently the following filters are supported: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1506 +msgid "" +"The list of strings can either be the list of filters which would set this " +"list of filters and overwrite the defaults. Or each element of the list can " +"be prefixed by a '+' or '-' character which would add the filter to the " +"existing default or remove it from the defaults, respectively. Please note " +"that either all list elements must have a '+' or '-' prefix or none. It is " +"considered as an error to mix both styles." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1517 +msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1520 +msgid "" +"Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1527 +msgid "pam_id_timeout (integer)" +msgstr "pam_id_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1530 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" +"Per a qualsevol petició de PAM mentre és en línia, l'SSSD intentarà " +"actualitzar immediatament la informació d'identitat en memòria cau per a " +"l'usuari per tal de garantir que l'autenticació es porta a terme amb " +"l'última informació." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1536 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" +"Una conversa completa de PAM pot realitzar múltiples peticions de PAM, com " +"ara la gestió del compte i la sessió d'inici. Aquesta opció controla (en " +"funció d'una aplicació client) quant de temps (en segons) es pot " +"emmagatzemar en memòria cau la informació d'identitat per evitar peticions " +"excessives al proveïdor d'identitat." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1550 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "pam_pwd_expiration_warning (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1556 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1567 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 +msgid "Default: 0" +msgstr "Per defecte: 0" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1589 +msgid "pam_trusted_users (string)" +msgstr "pam_trusted_users (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1592 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to run PAM conversations against trusted domains. Users not " +"included in this list can only access domains marked as public with " +"<quote>pam_public_domains</quote>. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 +msgid "Default: All users are considered trusted by default" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1606 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "pam_public_domains (string)" +msgstr "pam_public_domains (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1620 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1624 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1628 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 +msgid "Default: none" +msgstr "Per defecte: none" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1637 +msgid "pam_account_expired_message (string)" +msgstr "pam_account_expired_message (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1640 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbosity is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1653 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1662 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1665 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1672 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1681 +#, fuzzy +#| msgid "ldap_chpass_update_last_change (bool)" +msgid "pam_passkey_auth (bool)" +msgstr "ldap_chpass_update_last_change (booleà)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 +msgid "Enable passkey device based authentication." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 +msgid "Default: False" +msgstr "Per defecte: False" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1692 +msgid "passkey_debug_libfido2 (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1695 +msgid "Enable libfido2 library debug messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1703 +msgid "pam_cert_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1706 +msgid "" +"Enable certificate based Smartcard authentication. Since this requires " +"additional communication with the Smartcard which will delay the " +"authentication process this option is disabled by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1717 +msgid "pam_cert_db_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1720 +msgid "The path to the certificate database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 +msgid "Default:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 +msgid "" +"/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " +"certificates in PEM format)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1735 +#, fuzzy +#| msgid "ldap_user_certificate (string)" +msgid "pam_cert_verification (string)" +msgstr "ldap_user_certificate (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1738 +msgid "" +"With this parameter the PAM certificate verification can be tuned with a " +"comma separated list of options that override the " +"<quote>certificate_verification</quote> value in <quote>[sssd]</quote> " +"section. Supported options are the same of <quote>certificate_verification</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1749 +#, fuzzy, no-wrap +#| msgid "" +#| "ad_gpo_map_service = +my_pam_service\n" +#| " " +msgid "" +"pam_cert_verification = partial_chain\n" +" " +msgstr "" +"ad_gpo_map_service = +my_pam_service\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1753 +msgid "" +"Default: not set, i.e. use default <quote>certificate_verification</quote> " +"option defined in <quote>[sssd]</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1760 +msgid "p11_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1763 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1772 +#, fuzzy +#| msgid "pam_id_timeout (integer)" +msgid "passkey_child_timeout (integer)" +msgstr "pam_id_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1775 +msgid "" +"How many seconds will the PAM responder wait for passkey_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1784 +msgid "pam_app_services (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1787 +msgid "" +"Which PAM services are permitted to contact domains of type " +"<quote>application</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1796 +msgid "pam_p11_allowed_services (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1799 +msgid "" +"A comma-separated list of PAM service names for which it will be allowed to " +"use Smartcards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1814 +#, no-wrap +msgid "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1803 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in order " +"to replace a default PAM service name for authentication with Smartcards (e." +"g. <quote>login</quote>) with a custom PAM service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd-ad.5.xml:869 sssd-ad.5.xml:947 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 +msgid "login" +msgstr "login" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 +msgid "su" +msgstr "su" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 +msgid "su-l" +msgstr "su-l" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 +msgid "gdm-smartcard" +msgstr "gdm-smartcard" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 +msgid "gdm-password" +msgstr "gdm-password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 +msgid "kdm" +msgstr "kdm" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 +msgid "sudo" +msgstr "sudo" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 +msgid "sudo-i" +msgstr "sudo-i" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1863 +msgid "gnome-screensaver" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1871 +msgid "p11_wait_for_card_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1874 +msgid "" +"If Smartcard authentication is required how many extra seconds in addition " +"to p11_child_timeout should the PAM responder wait until a Smartcard is " +"inserted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1885 +msgid "p11_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1888 +msgid "" +"PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " +"selection of devices used for Smartcard authentication. By default SSSD's " +"p11_child will search for a PKCS#11 slot (reader) where the 'removable' " +"flags is set and read the certificates from the inserted token from the " +"first slot found. If multiple readers are connected p11_uri can be used to " +"tell p11_child to use a specific reader." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1901 +#, no-wrap +msgid "" +"p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1905 +#, no-wrap +msgid "" +"p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1899 +msgid "" +"Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " +"type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " +"debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' " +"with e.g. the '--list-all' will show PKCS#11 URIs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1918 +msgid "pam_initgroups_scheme" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1926 +msgid "always" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1927 +msgid "" +"Always do an online lookup, please note that pam_id_timeout still applies" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1931 +msgid "no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1932 +msgid "" +"Only do an online lookup if there is no active session of the user, i.e. if " +"the user is currently not logged in" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1937 +msgid "never" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1938 +msgid "" +"Never force an online lookup, use the data from the cache as long as they " +"are not expired" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1921 +msgid "" +"The PAM responder can force an online lookup to get the current group " +"memberships of the user trying to log in. This option controls when this " +"should be done and the following values are allowed: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1945 +msgid "Default: no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 +#, fuzzy +#| msgid "ad_gpo_map_service (string)" +msgid "pam_gssapi_services" +msgstr "ad_gpo_map_service (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1953 +#, fuzzy +#| msgid "Comma separated list of users who are allowed to log in." +msgid "" +"Comma separated list of PAM services that are allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" +"Llista separada per comes dels usuaris a qui se'ls permet iniciar la sessió." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1958 +msgid "" +"To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[pam] section. It can also be set for trusted domain which overwrites the " +"value in the domain section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1970 +#, fuzzy, no-wrap +#| msgid "" +#| "ad_gpo_map_service = +my_pam_service\n" +#| " " +msgid "" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" +"ad_gpo_map_service = +my_pam_service\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "Exemple: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1974 +msgid "Default: - (GSSAPI authentication is disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 +msgid "pam_gssapi_check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1982 +msgid "" +"If True, SSSD will require that the Kerberos user principal that " +"successfully authenticated through GSSAPI can be associated with the user " +"who is being authenticated. Authentication will fail if the check fails." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1989 +msgid "" +"If False, every user that is able to obtained required service ticket will " +"be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 +#: sssd-files.5.xml:145 +msgid "Default: True" +msgstr "Per defecte: True" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2004 +msgid "pam_gssapi_indicators_map" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2007 +msgid "" +"Comma separated list of authentication indicators required to be present in " +"a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2013 +msgid "" +"Each element of the list can be either an authentication indicator name or a " +"pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " +"service name will be required to access any PAM service configured to be " +"used with <option>pam_gssapi_services</option>. A resulting list of " +"indicators per PAM service is then checked against indicators in the " +"Kerberos ticket during authentication by pam_sss_gss.so. Any indicator from " +"the ticket that matches the resulting list of indicators for the PAM service " +"would grant access. If none of the indicators in the list match, access will " +"be denied. If the resulting list of indicators for the PAM service is empty, " +"the check will not prevent the access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"To disable GSSAPI authentication indicator check, set this option to <quote>-" +"</quote> (dash). To disable the check for a specific PAM service, add " +"<quote>service:-</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "" +"Following authentication indicators are supported by IPA Kerberos " +"deployments:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"pkinit -- pre-authentication using X.509 certificates -- whether stored in " +"files or on smart cards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2043 +msgid "" +"hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " +"FAST channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2046 +msgid "radius -- pre-authentication with the help of a RADIUS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2049 +msgid "" +"otp -- pre-authentication using integrated two-factor authentication (2FA or " +"one-time password, OTP) in IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2052 +msgid "idp -- pre-authentication using external identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:2062 +#, fuzzy, no-wrap +#| msgid "" +#| "ad_gpo_map_permit = +my_pam_service, -sudo\n" +#| " " +msgid "" +"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" +" " +msgstr "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2057 +msgid "" +"Example: to require access to SUDO services only for users which obtained " +"their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " +"set <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2066 +#, fuzzy +#| msgid "Default: not set (no substitution for unset home directories)" +msgid "Default: not set (use of authentication indicators is not required)" +msgstr "" +"Per defecte: sense establir (cap substitució per als directoris inicials no " +"establerts)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2074 +msgid "SUDO configuration options" +msgstr "Opcions de configuració de SUDO" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2076 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Es poden utilitzar aquestes opcions per configurar el servei del sudo. Les " +"instruccions detallades per la configuració del <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"perquè funcioni amb <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> estan en la pàgina del manual " +"<citerefentry> <refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2093 +msgid "sudo_timed (bool)" +msgstr "sudo_timed (booleà)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2096 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2108 +msgid "sudo_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2111 +msgid "" +"Maximum number of expired rules that can be refreshed at once. If number of " +"expired rules is below threshold, those rules are refreshed with " +"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a " +"<quote>full refresh</quote> of sudo rules is triggered instead. This " +"threshold number also applies to IPA sudo command and command group searches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2130 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2132 +msgid "These options can be used to configure the autofs service." +msgstr "" +"Es poden utilitzar aquestes opcions per configurar el servei de l'autofs." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2136 +msgid "autofs_negative_timeout (integer)" +msgstr "autofs_negative_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2139 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2155 +msgid "SSH configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2157 +msgid "These options can be used to configure the SSH service." +msgstr "Es poden utilitzar aquestes opcions per configurar el servei de l'SSH." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2161 +msgid "ssh_hash_known_hosts (bool)" +msgstr "ssh_hash_known_hosts (booleà)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2164 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2173 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "ssh_known_hosts_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2176 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2180 +msgid "Default: 180" +msgstr "Per defecte: 180" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2185 +msgid "ssh_use_certificate_keys (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2188 +msgid "" +"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " +"keys derived from the public key of X.509 certificates stored in the user " +"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2203 +msgid "ssh_use_certificate_matching_rules (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2206 +msgid "" +"By default the ssh responder will use all available certificate matching " +"rules to filter the certificates so that ssh keys are only derived from the " +"matching ones. With this option the used rules can be restricted with a " +"comma separated list of mapping and matching rule names. All other rules " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2215 +msgid "" +"There are two special key words 'all_rules' and 'no_rules' which will enable " +"all or no rules, respectively. The latter means that no certificates will be " +"filtered out and ssh keys will be generated from all valid certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2222 +msgid "" +"If no rules are configured using 'all_rules' will enable a default rule " +"which enables all certificates suitable for client authentication. This is " +"the same behavior as for the PAM responder if certificate authentication is " +"enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2229 +msgid "" +"A non-existing rule name is considered an error. If as a result no rule is " +"selected all certificates will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2234 +msgid "" +"Default: not set, equivalent to 'all_rules', all found rules or the default " +"rule are used" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2240 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2243 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2263 +msgid "PAC responder configuration options" +msgstr "Opcions de configuració del contestador del PAC." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2265 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. If " +"the PAC is decoded and evaluated some of the following operations are done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2274 +msgid "" +"If the remote user does not exist in the cache, it is created. The UID is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"GID will have the same value as the UID. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2282 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2288 +msgid "These options can be used to configure the PAC responder." +msgstr "" +"Es poden utilitzar aquestes opcions per configurar el contestador del PAC." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 +msgid "allowed_uids (string)" +msgstr "allowed_uids (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2295 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2301 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2305 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2314 +msgid "pac_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2317 +msgid "" +"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " +"data can be used to determine the group memberships of a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2327 +#, fuzzy +#| msgid "ldap_schema (string)" +msgid "pac_check (string)" +msgstr "ldap_schema (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2330 +msgid "" +"Apply additional checks on the PAC of the Kerberos ticket which is available " +"in Active Directory and FreeIPA domains, if configured. Please note that " +"Kerberos ticket validation must be enabled to be able to check the PAC, i.e. " +"the krb5_validate option must be set to 'True' which is the default for the " +"IPA and AD provider. If krb5_validate is set to 'False' the PAC checks will " +"be skipped." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2344 +msgid "no_check" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2346 +msgid "" +"The PAC must not be present and even if it is present no additional checks " +"will be done." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2352 +msgid "pac_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2354 +msgid "" +"The PAC must be present in the service ticket which SSSD will request with " +"the help of the user's TGT. If the PAC is not available the authentication " +"will fail." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2362 +msgid "check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2364 +msgid "" +"If the PAC is present check if the user principal name (UPN) information is " +"consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2370 +msgid "check_upn_allow_missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2372 +msgid "" +"This option should be used together with 'check_upn' and handles the case " +"where a UPN is set on the server-side but is not read by SSSD. The typical " +"example is a FreeIPA domain where 'ldap_user_principal' is set to a not " +"existing attribute name. This was typically done to work-around issues in " +"the handling of enterprise principals. But this is fixed since quite some " +"time and FreeIPA can handle enterprise principals just fine and there is no " +"need anymore to set 'ldap_user_principal'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2384 +msgid "" +"Currently this option is set by default to avoid regressions in such " +"environments. A log message will be added to the system log and SSSD's debug " +"log in case a UPN is found in the PAC but not in SSSD's cache. To avoid this " +"log message it would be best to evaluate if the 'ldap_user_principal' option " +"can be removed. If this is not possible, removing 'check_upn' will skip the " +"test and avoid the log message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2398 +msgid "upn_dns_info_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2400 +msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2405 +msgid "check_upn_dns_info_ex" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2407 +msgid "" +"If the PAC is present and the extension to the UPN-DNS-INFO buffer is " +"available check if the information in the extension is consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2414 +msgid "upn_dns_info_ex_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2416 +msgid "" +"The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " +"'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2340 +#, fuzzy +#| msgid "" +#| "The following expansions are supported: <placeholder " +#| "type=\"variablelist\" id=\"0\"/>" +msgid "" +"The following options can be used alone or in a comma-separated list: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"S'admeten les següents ampliacions: <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2426 +msgid "" +"Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " +"check_upn_dns_info_ex')" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2435 +msgid "Session recording configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2437 +msgid "" +"Session recording works in conjunction with <citerefentry> " +"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>, a part of tlog package, to log what users see and type when " +"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-" +"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2450 +msgid "These options can be used to configure session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 +msgid "scope (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 +msgid "\"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 +msgid "No users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 +msgid "\"some\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 +msgid "" +"Users/groups specified by <replaceable>users</replaceable> and " +"<replaceable>groups</replaceable> options are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 +msgid "\"all\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 +msgid "All users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 +msgid "" +"One of the following strings specifying the scope of session recording: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 +msgid "Default: \"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 +msgid "users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 +msgid "" +"A comma-separated list of users which should have session recording enabled. " +"Matches user names as returned by NSS. I.e. after the possible space " +"replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 +msgid "Default: Empty. Matches no users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 +msgid "groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 +msgid "" +"A comma-separated list of groups, members of which should have session " +"recording enabled. Matches group names as returned by NSS. I.e. after the " +"possible space replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 +#: sssd-session-recording.5.xml:161 +msgid "" +"NOTE: using this option (having it set to anything) has a considerable " +"performance cost, because each uncached request for a user requires " +"retrieving and matching the groups the user is member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 +msgid "Default: Empty. Matches no groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 +#, fuzzy +#| msgid "simple_deny_users (string)" +msgid "exclude_users (string)" +msgstr "simple_deny_users (cadena)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 +msgid "" +"A comma-separated list of users to be excluded from recording, only " +"applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 +#, fuzzy +#| msgid "Default: empty, i.e. ldap_uri is used." +msgid "Default: Empty. No users excluded." +msgstr "Per defecte: buit, és a dir, s'utilitza ldap_uri." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 +#, fuzzy +#| msgid "simple_deny_groups (string)" +msgid "exclude_groups (string)" +msgstr "simple_deny_groups (cadena)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 +msgid "" +"A comma-separated list of groups, members of which should be excluded from " +"recording. Only applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 +#, fuzzy +#| msgid "Default: empty, i.e. ldap_uri is used." +msgid "Default: Empty. No groups excluded." +msgstr "Per defecte: buit, és a dir, s'utilitza ldap_uri." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2568 +msgid "DOMAIN SECTIONS" +msgstr "SECCIONS DE DOMINI" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2575 +msgid "enabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2578 +msgid "" +"Explicitly enable or disable the domain. If <quote>true</quote>, the domain " +"is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " +"always <quote>disabled</quote>. If this option is not set, the domain is " +"enabled only if it is listed in the domains option in the <quote>[sssd]</" +"quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2590 +msgid "domain_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2593 +msgid "" +"Specifies whether the domain is meant to be used by POSIX-aware clients such " +"as the Name Service Switch or by applications that do not need POSIX data to " +"be present or generated. Only objects from POSIX domains are available to " +"the operating system interfaces and utilities." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2601 +msgid "" +"Allowed values for this option are <quote>posix</quote> and " +"<quote>application</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2605 +msgid "" +"POSIX domains are reachable by all services. Application domains are only " +"reachable from the InfoPipe responder (see <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>) and the PAM responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2613 +msgid "" +"NOTE: The application domains are currently well tested with " +"<quote>id_provider=ldap</quote> only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2617 +msgid "" +"For an easy way to configure a non-POSIX domains, please see the " +"<quote>Application domains</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2621 +msgid "Default: posix" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2627 +msgid "min_id,max_id (integer)" +msgstr "min_id, max_id (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2630 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" +"Els límits UID i GID per al domini. Si un domini conté una entrada que està " +"fora d'aquests límits, s'ignora." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2635 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" +"Per a usuaris, això afecta el límit del GID primari. L'usuari no es " +"retornarà a l'NSS si l'UID o el GID primari és fora de l'interval. Per als " +"membres dels grups secundaris, els que estan dins l'interval es comunicaran " +"com s'esperava." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2642 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2646 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "Per defecte: 1 per a min_id, 0 (sense límit) per a max_id" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2652 +msgid "enumerate (bool)" +msgstr "enumerate (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2655 +msgid "" +"Determines if a domain can be enumerated, that is, whether the domain can " +"list all the users and group it contains. Note that it is not required to " +"enable enumeration in order for secondary groups to be displayed. This " +"parameter can have one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2663 +msgid "TRUE = Users and groups are enumerated" +msgstr "TRUE = Els usuaris i grups s'enumeren" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2666 +msgid "FALSE = No enumerations for this domain" +msgstr "FALSE = Cap enumeració per a aquest domini" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 +msgid "Default: FALSE" +msgstr "Per defecte: FALSE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2672 +msgid "" +"Enumerating a domain requires SSSD to download and store ALL user and group " +"entries from the remote server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2677 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed. This can lead to the <quote>sssd_be</" +"quote> process becoming unresponsive or even restarted by the internal " +"watchdog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2692 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" +"Mentre s'està executant la primera enumeració, les peticions de llistes " +"completes d'usuaris o grups poden no retornar cap resultat fins que aquest " +"finalitzi." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2697 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" +"A més a més, permetre l'enumeració pot augmentar el temps necessari detectar " +"desconnexions de xarxa, ja que temps d'espera més llargs són necessaris per " +"assegurar-se que les cerques de l'enumeració s'han completat amb èxit. Per " +"a més informació, aneu a les pàgines de manual de l'id_provider específic en " +"ús." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2705 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2713 +msgid "subdomain_enumerate (string)" +msgstr "subdomain_enumerate (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2720 +msgid "all" +msgstr "all" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2721 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2724 +msgid "none" +msgstr "none" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2725 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2716 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2739 +msgid "entry_cache_timeout (integer)" +msgstr "entry_cache_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2742 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" +"Quants segons el nss_sss hauria de considerar les entrades vàlides abans de " +"demanar al rerefons una altra vegada" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2746 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2759 +msgid "Default: 5400" +msgstr "Per defecte: 5400" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2765 +msgid "entry_cache_user_timeout (integer)" +msgstr "entry_cache_user_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2768 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 +msgid "Default: entry_cache_timeout" +msgstr "Per defecte: entry_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2778 +msgid "entry_cache_group_timeout (integer)" +msgstr "entry_cache_group_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2781 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2791 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "entry_cache_netgroup_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2794 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2804 +msgid "entry_cache_service_timeout (integer)" +msgstr "entry_cache_service_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2807 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2817 +msgid "entry_cache_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2820 +msgid "" +"How many seconds should nss_sss consider hosts and networks entries valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2831 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "entry_cache_sudo_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2834 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2844 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "entry_cache_autofs_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2847 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2858 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "entry_cache_ssh_host_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2861 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2872 +msgid "entry_cache_computer_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2875 +msgid "" +"How many seconds to keep the local computer entry before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2885 +msgid "refresh_expired_interval (integer)" +msgstr "refresh_expired_interval (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2888 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2893 +msgid "" +"The background refresh will process users, groups and netgroups in the " +"cache. For users who have performed the initgroups (get group membership for " +"user, typically ran at login) operation in the past, both the user entry " +"and the group membership are updated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2901 +msgid "This option is automatically inherited for all trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2905 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2909 +msgid "" +"Cache entry will be refreshed by background task when 2/3 of cache timeout " +"has already passed. If there are existing cached entries, the background " +"task will refer to their original cache timeout values instead of current " +"configuration value. This may lead to a situation in which background " +"refresh task appears to not be working. This is done by design to improve " +"offline mode operation and reuse of existing valid cache entries. To make " +"this change instant the user may want to manually invalidate existing cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 +#: sssd-ipa.5.xml:270 +msgid "Default: 0 (disabled)" +msgstr "Per defecte: 0 (inhabilitat)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2928 +msgid "cache_credentials (bool)" +msgstr "cache_credentials (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2942 +msgid "" +"Take a note that while credentials are stored as a salted SHA512 hash, this " +"still potentially poses some security risk in case an attacker manages to " +"get access to a cache file (normally requires privileged access) and to " +"break a password using brute force attack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2956 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2959 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2966 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2977 +msgid "account_cache_expiration (integer)" +msgstr "account_cache_expiration (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2980 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" +"Nombre de dies que les entrades es queden a la memòria cau després del " +"darrer inici de sessió vàlid abans de ser eliminat durant una neteja de la " +"memòria cau. 0 significa mantenir per sempre. El valor d'aquest paràmetre " +"ha de ser superior o igual que offline_credentials_expiration." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2987 +msgid "Default: 0 (unlimited)" +msgstr "Per defecte: 0 (sense límit)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2992 +msgid "pwd_expiration_warning (integer)" +msgstr "pwd_expiration_warning (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3003 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3010 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "Per defecte: 7 (Kerberos), 0 (LDAP)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3016 +msgid "id_provider (string)" +msgstr "id_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3019 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3023 +msgid "<quote>proxy</quote>: Support a legacy NSS provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3026 +msgid "" +"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" +"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on how to mirror local users and groups into SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3034 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +#| "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +#| "citerefentry> for more information on configuring LDAP." +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." +msgstr "" +"<quote>ldap</quote> per autenticació nativa LDAP. Vegeu " +"<citerefentry><refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> per a més informació sobre configuració d'LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3062 +msgid "use_fully_qualified_names (bool)" +msgstr "use_fully_qualified_names (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3065 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3070 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" +"Si s'estableix a TRUE, totes les peticions a aquest domini han d'utilitzar " +"noms de domini qualificats. Per exemple, si s'utilitza a un domini LOCAL que " +"conté un usuari \"test\", <command>getent passwd test</command> no trobaria " +"l'usuari mentre que <command>getent passwd test@LOCAL</command> sí." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3078 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3085 +msgid "" +"Default: FALSE (TRUE for trusted domain/sub-domains or if " +"default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3092 +msgid "ignore_group_members (bool)" +msgstr "ignore_group_members (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3095 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3098 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3116 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 +msgid "" +"This option can be also set per subdomain or inherited via " +"<emphasis>subdomain_inherit</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3132 +msgid "auth_provider (string)" +msgstr "auth_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3135 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" +"El proveïdor d'autenticació utilitzat per al domini. Els proveïdors " +"d'autenticació suportats són:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> per autenticació nativa LDAP. Vegeu " +"<citerefentry><refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> per a més informació sobre configuració d'LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3146 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> per a l'autenticació Kerberos. Vegeu " +"<citerefentry><refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> per a més informació sobre configurar Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3170 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" +"<quote>proxy</quote> per a l'autenticació reenviada a algun altre objectiu " +"de PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3173 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "<quote>none</quote> impossibilita l'autenticació explícitament." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3176 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" +"Per defecte: <quote>id_provider</quote> s'utilitza si s'ha establert i pot " +"gestionar les sol·licituds d'autenticació." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3182 +msgid "access_provider (string)" +msgstr "access_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3185 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" +"El proveïdor d'accés de control utilitzat per al domini. Hi ha dos " +"proveïdors d'accés incorporats (a més de qualsevol dels rerefons " +"instal·lats) Els proveïdors especials interns són:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3191 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3194 +msgid "<quote>deny</quote> always deny access." +msgstr "<quote>deny</quote> sempre denega l'accés." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3221 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" +"<quote>simple</quote> control d'accés basat en llistes d'acceptació o " +"denegació. Vegeu <citerefentry><refentrytitle>sssd-simple</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> per a més informació sobre la " +"configuració del mòdul d'accés simple." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3228 +msgid "" +"<quote>krb5</quote>: .k5login based access control. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3235 +msgid "<quote>proxy</quote> for relaying access control to another PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3238 +msgid "Default: <quote>permit</quote>" +msgstr "Per defecte: <quote>permit</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3243 +msgid "chpass_provider (string)" +msgstr "chpass_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3246 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" +"El proveïdor que hauria de gestionar les operacions de canvi contrasenya per " +"al domini. Els proveïdors de canvi de contrasenya compatibles són:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3251 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3259 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> per canviar la contrasenya Kerberos. Vegeu " +"<citerefentry><refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> per a més informació sobre configurar Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3284 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" +"<quote>proxy</quote> per al canvi de contrasenya reenviat a algun altre " +"objectiu PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3288 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "<quote>none</quote> rebutja els canvis de contrasenya explícitament." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3291 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" +"Per defecte: <quote>auth_provider</quote> s'utilitza si s'ha establert i pot " +"gestionar peticions de canvi de contrasenya." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3298 +msgid "sudo_provider (string)" +msgstr "sudo_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3301 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3305 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3313 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3317 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3321 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3328 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3343 +msgid "" +"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " +"background unless the sudo provider is explicitly disabled. Set " +"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related " +"activity in SSSD if you do not want to use sudo with SSSD at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3353 +msgid "selinux_provider (string)" +msgstr "selinux_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3356 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3362 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3370 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3373 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3379 +msgid "subdomains_provider (string)" +msgstr "subdomains_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3382 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3388 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3397 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3406 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3416 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3419 +msgid "" +"The provider which configures and manages user session related tasks. The " +"only user session task currently provided is the integration with Fleet " +"Commander, which works only with IPA. Supported session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3426 +msgid "<quote>ipa</quote> to allow performing user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3430 +msgid "" +"<quote>none</quote> does not perform any kind of user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3434 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can perform " +"session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3438 +msgid "" +"<emphasis>NOTE:</emphasis> In order to have this feature working as expected " +"SSSD must be running as \"root\" and not as the unprivileged user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3446 +msgid "autofs_provider (string)" +msgstr "autofs_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3449 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3453 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3460 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3468 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3477 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3487 +msgid "hostid_provider (string)" +msgstr "hostid_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3490 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3494 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3502 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3512 +msgid "resolver_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3515 +msgid "" +"The provider which should handle hosts and networks lookups. Supported " +"resolver providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3519 +msgid "" +"<quote>proxy</quote> to forward lookups to another NSS library. See " +"<quote>proxy_resolver_lib_name</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3523 +msgid "" +"<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3530 +msgid "" +"<quote>ad</quote> to fetch hosts and networks stored in AD. See " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring the AD " +"provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3538 +msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3551 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3560 +msgid "" +"Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" +"[^@]+))$</quote> which allows two different styles for user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 +msgid "username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 +msgid "username@domain.name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3573 +msgid "" +"Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" +"name>[^@\\\\]+)))$</quote> which allows three different styles for user " +"names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3585 +msgid "domain\\username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3588 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3593 +msgid "" +"The default re_expression uses the <quote>@</quote> character as a separator " +"between the name and the domain. As a result of this setting the default " +"does not accept the <quote>@</quote> character in short names (as it is " +"allowed in Windows group names). If a user wishes to use short names with " +"<quote>@</quote> they must create their own re_expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3645 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "Per defecte: <quote>%1$s@%2$s</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3651 +msgid "lookup_family_order (string)" +msgstr "lookup_family_order (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3654 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" +"Proporciona la capacitat de seleccionar la família d'adreces preferida en " +"realitzar cerques de DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3658 +msgid "Supported values:" +msgstr "Valors admesos:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3661 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "ipv4_first: Intenta resoldre l'adreça IPv4, si falla, intenta IPv6" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3664 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "ipv4_only: Intenta resoldre només noms màquina a adreces IPv4." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3667 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "ipv6_first: Intenta resoldre l'adreça IPv6, si falla, intenta IPv4" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3670 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "ipv6_only: Intenta resoldre només noms màquina a adreces IPv6." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3673 +msgid "Default: ipv4_first" +msgstr "Per defecte: ipv4_first" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3679 +#, fuzzy +#| msgid "dns_resolver_timeout (integer)" +msgid "dns_resolver_server_timeout (integer)" +msgstr "dns_resolver_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3682 +msgid "" +"Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " +"server before trying next DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3687 +msgid "" +"The AD provider will use this option for the CLDAP ping timeouts as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 +msgid "" +"Please see the section <quote>FAILOVER</quote> for more information about " +"the service resolution." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 +msgid "Default: 1000" +msgstr "Per defecte: 1000" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3702 +#, fuzzy +#| msgid "dns_resolver_timeout (integer)" +msgid "dns_resolver_op_timeout (integer)" +msgstr "dns_resolver_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3705 +msgid "" +"Defines the amount of time (in seconds) to wait to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or DNS discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3722 +msgid "dns_resolver_timeout (integer)" +msgstr "dns_resolver_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3725 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the " +"internal fail over service before assuming that the service is unreachable. " +"If this timeout is reached, the domain will continue to operate in offline " +"mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3743 +#, fuzzy +#| msgid "dns_resolver_timeout (integer)" +msgid "dns_resolver_use_search_list (bool)" +msgstr "dns_resolver_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3746 +msgid "" +"Normally, the DNS resolver searches the domain list defined in the " +"\"search\" directive from the resolv.conf file. This can lead to delays in " +"environments with improperly configured DNS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3752 +msgid "" +"If fully qualified domain names (or _srv_) are used in the SSSD " +"configuration, setting this option to FALSE can prevent unnecessary DNS " +"lookups in such environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3758 +msgid "Default: TRUE" +msgstr "Per defecte: TRUE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3764 +msgid "dns_discovery_domain (string)" +msgstr "dns_discovery_domain (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3767 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" +"Si el servei de descobriment s'utilitza en el rerefons, especifica la part " +"del domini de la consulta DNS del servei de descobriment." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3771 +msgid "Default: Use the domain part of machine's hostname" +msgstr "Per defecte: Utilitza la part del domini del nom de màquina" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3777 +msgid "override_gid (integer)" +msgstr "override_gid (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3780 +msgid "Override the primary GID value with the one specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3786 +msgid "case_sensitive (string)" +msgstr "case_sensitive (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3793 +msgid "True" +msgstr "True" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3796 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3802 +msgid "False" +msgstr "False" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3804 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3808 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3811 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3819 +msgid "" +"If you want to set this value for trusted domain with IPA provider, you need " +"to set it on both the client and SSSD on the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3789 +#, fuzzy +#| msgid "" +#| "The following expansions are supported: <placeholder " +#| "type=\"variablelist\" id=\"0\"/>" +msgid "" +"Treat user and group names as case sensitive. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"S'admeten les següents ampliacions: <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3834 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3840 +msgid "subdomain_inherit (string)" +msgstr "subdomain_inherit (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3843 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3849 +#, fuzzy +#| msgid "ldap_search_timeout (integer)" +msgid "ldap_search_timeout" +msgstr "ldap_search_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3852 +#, fuzzy +#| msgid "ldap_network_timeout (integer)" +msgid "ldap_network_timeout" +msgstr "ldap_network_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3855 +#, fuzzy +#| msgid "ldap_opt_timeout (integer)" +msgid "ldap_opt_timeout" +msgstr "ldap_opt_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3858 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_offline_timeout" +msgstr "ldap_connection_expire_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3861 +#, fuzzy +#| msgid "ldap_enumeration_refresh_timeout (integer)" +msgid "ldap_enumeration_refresh_timeout" +msgstr "ldap_enumeration_refresh_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3864 +#, fuzzy +#| msgid "ldap_enumeration_refresh_timeout (integer)" +msgid "ldap_enumeration_refresh_offset" +msgstr "ldap_enumeration_refresh_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3867 +msgid "ldap_purge_cache_timeout" +msgstr "ldap_purge_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3870 +#, fuzzy +#| msgid "ldap_purge_cache_timeout" +msgid "ldap_purge_cache_offset" +msgstr "ldap_purge_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3873 +msgid "" +"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " +"is not set explicitly)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3877 +#, fuzzy +#| msgid "ldap_krb5_ticket_lifetime (integer)" +msgid "ldap_krb5_ticket_lifetime" +msgstr "ldap_krb5_ticket_lifetime (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3880 +#, fuzzy +#| msgid "ldap_enumeration_search_timeout (integer)" +msgid "ldap_enumeration_search_timeout" +msgstr "ldap_enumeration_search_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3883 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_connection_expire_timeout" +msgstr "ldap_connection_expire_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3886 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_connection_expire_offset" +msgstr "ldap_connection_expire_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3889 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_connection_idle_timeout" +msgstr "ldap_connection_expire_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 +msgid "ldap_use_tokengroups" +msgstr "ldap_use_tokengroups" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3895 +msgid "ldap_user_principal" +msgstr "ldap_user_principal" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3898 +msgid "ignore_group_members" +msgstr "ignore_group_members" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3901 +msgid "auto_private_groups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3904 +#, fuzzy +#| msgid "case_sensitive (string)" +msgid "case_sensitive" +msgstr "case_sensitive (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:3909 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3916 +msgid "Note: This option only works with the IPA and AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3923 +msgid "subdomain_homedir (string)" +msgstr "subdomain_homedir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3934 +msgid "%F" +msgstr "%F" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3935 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3926 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3940 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3944 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "Per defecte: <filename>/home/%d/%u</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3949 +msgid "realmd_tags (string)" +msgstr "realmd_tags (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3952 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3958 +msgid "cached_auth_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3961 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode. If the credentials are incorrect, SSSD falls back to online " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3969 +msgid "" +"This option's value is inherited by all trusted domains. At the moment it is " +"not possible to set a different value per trusted domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3974 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3978 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "" +#| "The following example shows a minimal idmapd.conf which makes use of the " +#| "sss plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"En el següent exemple es mostra un idmapd.conf mínim que fa ús del connector " +"sss. <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: cn" +msgid "Default: match" +msgstr "Per defecte: cn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 +msgid "auto_private_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4050 +msgid "true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4053 +msgid "" +"Create user's private group unconditionally from user's UID number. The GID " +"number is ignored in this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4057 +msgid "" +"NOTE: Because the GID number and the user private group are inferred from " +"the UID number, it is not supported to have multiple entries with the same " +"UID or GID number with this option. In other words, enabling this option " +"enforces uniqueness across the ID space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4066 +msgid "false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4069 +msgid "" +"Always use the user's primary GID number. The GID number must refer to a " +"group object in the LDAP database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4075 +msgid "hybrid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4078 +msgid "" +"A primary group is autogenerated for user entries whose UID and GID numbers " +"have the same value and at the same time the GID number does not correspond " +"to a real group object in LDAP. If the values are the same, but the primary " +"GID in the user entry is also used by a group object, the primary GID of the " +"user resolves to that group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4091 +msgid "" +"If the UID and GID of a user are different, then the GID must correspond to " +"a group entry, otherwise the GID is simply not resolvable." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4098 +msgid "" +"This feature is useful for environments that wish to stop maintaining a " +"separate group objects for the user private groups, but also wish to retain " +"the existing user private groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4047 +msgid "" +"This option takes any of three available values: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4110 +msgid "" +"For subdomains, the default value is False for subdomains that use assigned " +"POSIX IDs and True for subdomains that use automatic ID-mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4118 +#, no-wrap +msgid "" +"[domain/forest.domain/sub.domain]\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4124 +#, no-wrap +msgid "" +"[domain/forest.domain]\n" +"subdomain_inherit = auto_private_groups\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4115 +msgid "" +"The value of auto_private_groups can either be set per subdomains in a " +"subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " +"globally for all subdomains in the main domain section using the " +"subdomain_inherit option: <placeholder type=\"programlisting\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2570 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Aquestes opcions de configuració poden ser presents a una secció de " +"configuració de domini anomenada <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4139 +msgid "proxy_pam_target (string)" +msgstr "proxy_pam_target (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4142 +msgid "The proxy target PAM proxies to." +msgstr "El servidor intermediari on reenvia PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4145 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." +msgstr "" +"Per defecte: No està establit per defecte, heu de prendre una configuració " +"de pam existent o crear-ne una de nova i afegir aquí el nom del servei." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4155 +msgid "proxy_lib_name (string)" +msgstr "proxy_lib_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4158 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" +"El nom de la biblioteca NSS per utilitzar als dominis del servidor " +"intermediari. Les funcions NSS que se cerquen a la biblioteca tenen el " +"format _nss_$(libName)_$(function), per exemple _nss_files_getpwent." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4168 +msgid "proxy_resolver_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4171 +msgid "" +"The name of the NSS library to use for hosts and networks lookups in proxy " +"domains. The NSS functions searched for in the library are in the form of " +"_nss_$(libName)_$(function), for example _nss_dns_gethostbyname2_r." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4182 +msgid "proxy_fast_alias (boolean)" +msgstr "proxy_fast_alias (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4185 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4199 +msgid "proxy_max_children (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4202 +msgid "" +"This option specifies the number of pre-forked proxy children. It is useful " +"for high-load SSSD environments where sssd may run out of available child " +"slots, which would cause some issues due to the requests being queued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4135 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"Opcions vàlides per als dominis del servidor intermediari. <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:4218 +msgid "Application domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4220 +msgid "" +"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " +"applications as a gateway to an LDAP directory where users and groups are " +"stored. However, contrary to the traditional SSSD deployment where all users " +"and groups either have POSIX attributes or those attributes can be inferred " +"from the Windows SIDs, in many cases the users and groups in the application " +"support scenario have no POSIX attributes. Instead of setting a " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the " +"administrator can set up an <quote>[application/<replaceable>NAME</" +"replaceable>]</quote> section that internally represents a domain with type " +"<quote>application</quote> optionally inherits settings from a tradition " +"SSSD domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4240 +msgid "" +"Please note that the application domain must still be explicitly enabled in " +"the <quote>domains</quote> parameter so that the lookup order between the " +"application domain and its POSIX sibling domain is set correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:4246 +msgid "Application domain parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4248 +msgid "inherit_from (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4251 +msgid "" +"The SSSD POSIX-type domain the application domain inherits all settings " +"from. The application domain can moreover add its own settings to the " +"application settings that augment or override the <quote>sibling</quote> " +"domain settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4265 +msgid "" +"The following example illustrates the use of an application domain. In this " +"setup, the POSIX domain is connected to an LDAP server and is used by the OS " +"through the NSS responder. In addition, the application domain also requests " +"the telephoneNumber attribute, stores it as the phone attribute in the cache " +"and makes the phone attribute reachable through the D-Bus interface." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> +#: sssd.conf.5.xml:4273 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = appdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +phone\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/appdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = phone:telephoneNumber\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4293 +msgid "TRUSTED DOMAIN SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4295 +msgid "" +"Some options used in the domain section can also be used in the trusted " +"domain section, that is, in a section called <quote>[domain/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</" +"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base " +"domain. Please refer to examples below for explanation. Currently supported " +"options in the trusted domain section are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4302 +msgid "ldap_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4303 +msgid "ldap_user_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4304 +msgid "ldap_group_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4305 +msgid "ldap_netgroup_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4306 +msgid "ldap_service_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4307 +msgid "ldap_sasl_mech," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4308 +msgid "ad_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4309 +msgid "ad_backup_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4310 +msgid "ad_site," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 +msgid "use_fully_qualified_names" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4315 +msgid "" +"For more details about these options see their individual description in the " +"manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4321 +msgid "CERTIFICATE MAPPING SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4323 +msgid "" +"To allow authentication with Smartcards and certificates SSSD must be able " +"to map certificates to users. This can be done by adding the full " +"certificate to the LDAP object of the user or to a local override. While " +"using the full certificate is required to use the Smartcard authentication " +"feature of SSH (see <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> for details) it " +"might be cumbersome or not even possible to do this for the general case " +"where local services use PAM for authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4337 +msgid "" +"To make the mapping more flexible mapping and matching rules were added to " +"SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4346 +msgid "" +"A mapping and matching rule can be added to the SSSD configuration in a " +"section on its own with a name like <quote>[certmap/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</" +"replaceable>]</quote>. In this section the following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4353 +msgid "matchrule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4356 +msgid "" +"Only certificates from the Smartcard which matches this rule will be " +"processed, all others are ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4360 +msgid "" +"Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " +"Extended Key Usage <quote>clientAuth</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4367 +msgid "maprule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4370 +msgid "Defines how the user is found for a given certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4376 +msgid "" +"LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " +"<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4382 +msgid "" +"The RULE_NAME for the <quote>files</quote> provider which tries to find a " +"user with the same name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4391 +msgid "domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4394 +msgid "" +"Comma separated list of domain names the rule should be applied. By default " +"a rule is only valid in the domain configured in sssd.conf. If the provider " +"supports subdomains this option can be used to add the rule to subdomains as " +"well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4401 +msgid "Default: the configured domain in sssd.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4406 +msgid "priority (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4409 +msgid "" +"Unsigned integer value defining the priority of the rule. The higher the " +"number the lower the priority. <quote>0</quote> stands for the highest " +"priority while <quote>4294967295</quote> is the lowest." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4415 +msgid "Default: the lowest priority" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4421 +msgid "" +"To make the configuration simple and reduce the amount of configuration " +"options the <quote>files</quote> provider has some special properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4427 +msgid "" +"if maprule is not set the RULE_NAME name is assumed to be the name of the " +"matching user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4433 +msgid "" +"if a maprule is used both a single user name or a template like " +"<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " +"<quote>(username)</quote> or <quote>({subject_rfc822_name.short_name})</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4442 +msgid "the <quote>domains</quote> option is ignored" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4450 +msgid "PROMPTING CONFIGURATION SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4452 +msgid "" +"If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" +"filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " +"which authentication methods are available for the user trying to log in. " +"Based on the results pam_sss will prompt the user for appropriate " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4460 +msgid "" +"With the growing number of authentication methods and the possibility that " +"there are multiple ones for a single user the heuristic used by pam_sss to " +"select the prompting might not be suitable for all use cases. The following " +"options should provide a better flexibility here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4472 +msgid "[prompting/password]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4475 +msgid "password_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4476 +msgid "to change the string of the password prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4474 +msgid "" +"to configure password prompting, allowed options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4484 +msgid "[prompting/2fa]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4488 +msgid "first_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4489 +msgid "to change the string of the prompt for the first factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4492 +msgid "second_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4493 +msgid "to change the string of the prompt for the second factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4496 +msgid "single_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4497 +msgid "" +"boolean value, if True there will be only a single prompt using the value of " +"first_prompt where it is expected that both factors are entered as a single " +"string. Please note that both factors have to be entered here, even if the " +"second factor is optional." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4486 +msgid "" +"to configure two-factor authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " +"optional and it should be possible to log in either only with the password " +"or with both factors two-step prompting has to be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4514 +msgid "[prompting/passkey]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4522 +msgid "" +"boolean value, if True prompt a message and wait before testing the presence " +"of a passkey device. Recommended if your device doesn’t have a tactile " +"trigger." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4530 +msgid "interactive_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4532 +msgid "to change the message of the interactive prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4537 +msgid "touch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4539 +msgid "" +"boolean value, if True prompt a message to remind the user to touch the " +"device." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4545 +msgid "touch_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4547 +msgid "to change the message of the touch prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4516 +#, fuzzy +#| msgid "" +#| "The following expansions are supported: <placeholder " +#| "type=\"variablelist\" id=\"0\"/>" +msgid "" +"to configure passkey authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"S'admeten les següents ampliacions: <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4467 +msgid "" +"Each supported authentication method has its own configuration subsection " +"under <quote>[prompting/...]</quote>. Currently there are: <placeholder " +"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/" +"> <placeholder type=\"variablelist\" id=\"2\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4558 +msgid "" +"It is possible to add a subsection for specific PAM services, e.g. " +"<quote>[prompting/password/sshd]</quote> to individual change the prompting " +"for this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +msgid "EXAMPLES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4571 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.exemple.com\n" +"ldap_search_base = dc=exemple,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.exemple.com\n" +"krb5_realm = EXEMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4567 +msgid "" +"1. The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4604 +#, no-wrap +msgid "" +"[domain/ipa.com/child.ad.com]\n" +"use_fully_qualified_names = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4598 +msgid "" +"2. The following example shows configuration of IPA AD trust where the AD " +"forest consists of two domains in a parent-child structure. Suppose IPA " +"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain " +"(child.ad.com). To enable shortnames in the child domain the following " +"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/" +">" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4615 +#, no-wrap +msgid "" +"[certmap/my.domain/rule_name]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +"maprule = (userCertificate;binary={cert!bin})\n" +"domains = my.domain, your.domain\n" +"priority = 10\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4609 +msgid "" +"3. The following example shows the configuration of a certificate mapping " +"rule. It is valid for the configured domain <quote>my.domain</quote> and " +"additionally for the subdomains <quote>your.domain</quote> and uses the full " +"certificate in the search filter. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "sssd-ldap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "Proveïdor de LDAP de l'SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:21 pam_sss.8.xml:63 pam_sss_gss.8.xml:30 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21 +#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 +#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sssd-krb5.5.xml:21 +#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 +#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 +#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30 +#: sssd-files.5.xml:21 sssd-session-recording.5.xml:21 sssd-kcm.8.xml:21 +#: sssd-systemtap.5.xml:21 sssd-ldap-attributes.5.xml:21 +#: sssd_krb5_localauth_plugin.8.xml:20 +msgid "DESCRIPTION" +msgstr "DESCRIPCIÓ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" +"En aquesta pàgina del manual es descriu la configuració de dominis LDAP per " +"a <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>. Consulteu la secció <quote>FORMAT DE FITXER</" +"quote> de la pàgina del manual <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> per obtenir " +"informació detallada de la sintaxi." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "Podeu configurar SSSD per utilitzar més d'un domini d'LDAP." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." +msgstr "" +"El rerefons LDAP suporta proveïdors d'identificació, autenticació, accés i " +"canvi de contrasenya. Si voleu autenticar contra un servidor LDAP s'exigeix " +"TLS/SSL o LDAPS. L'<command>sssd</command> <emphasis>no</emphasis> suporta " +"autenticació sobre un canal sense xifrar. Si el servidor de LDAP s'utilitza " +"només com a un proveïdor d'identitats, no és necessari un canal xifrat. Si " +"us plau, refereiu-vos a l'opció <quote>ldap_access_filter</quote> per a més " +"informació sobre l'ús d'LDAP com un proveïdor d'accés." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 +#: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 +msgid "CONFIGURATION OPTIONS" +msgstr "OPCIONS DE CONFIGURACIÓ" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:67 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "ldap_uri, ldap_backup_uri (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:77 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:80 +msgid "ldap[s]://<host>[:port]" +msgstr "ldap[s]://<host>[:port]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:83 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:86 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "exemple: ldap://[fc00::126:25]:389" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:92 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:102 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" +"Per habilitar el servei descobriment s'ha d'establir " +"ldap_chpass_dns_service_name." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:106 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "Per defecte: buit, és a dir, s'utilitza ldap_uri." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:112 +msgid "ldap_search_base (string)" +msgstr "ldap_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:115 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" +"El DN base per defecte a utilitzar per realitzar operacions d'usuari d'LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:123 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 +msgid "Examples:" +msgstr "Exemples:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:136 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:141 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" +"ldap_search_base = cn=host_specific,dc=exemple,dc=com?subtree?" +"(host=thishost)?dc=exemple.com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:151 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:165 +msgid "ldap_schema (string)" +msgstr "ldap_schema (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:175 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:179 +msgid "rfc2307" +msgstr "rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:184 +msgid "rfc2307bis" +msgstr "rfc2307bis" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:189 +msgid "IPA" +msgstr "IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:194 +msgid "AD" +msgstr "AD" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:200 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:210 +msgid "Default: rfc2307" +msgstr "Per defecte: rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:216 +msgid "ldap_pwmodify_mode (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:219 +msgid "Specify the operation that is used to modify user password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:223 +msgid "Two modes are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:227 +msgid "exop - Password Modify Extended Operation (RFC 3062)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:233 +msgid "ldap_modify - Direct modification of userPassword (not recommended)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:240 +msgid "" +"Note: First, a new connection is established to verify current password by " +"binding as the user that requested password change. If successful, this " +"connection is used to change the password therefore the user must have write " +"access to userPassword attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:248 +msgid "Default: exop" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:254 +msgid "ldap_default_bind_dn (string)" +msgstr "ldap_default_bind_dn (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" +"El vincle DN per defecte per utilitzar en realitzar les operacions d'LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:264 +msgid "ldap_default_authtok_type (string)" +msgstr "ldap_default_authtok_type (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:267 +msgid "The type of the authentication token of the default bind DN." +msgstr "El tipus de testimoni d'autenticació del vincle DN per defecte." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:271 +msgid "The two mechanisms currently supported are:" +msgstr "Els dos mecanismes suportats actualment són:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:274 +msgid "password" +msgstr "contrasenya" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:277 +msgid "obfuscated_password" +msgstr "obfuscated_password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:280 +msgid "Default: password" +msgstr "Per defecte: password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "" +"See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:294 +msgid "ldap_default_authtok (string)" +msgstr "ldap_default_authtok (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:297 +msgid "The authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:303 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "ldap_force_upper_case_realm (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:306 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" +"Alguns servidors de directori, per exemple Active Directory, podria entregar " +"la part de l'àmbit de l'UPN en minúscules, que podria provocar que " +"l'autenticació fallàs. Definiu aquesta opció a un valor diferent de zero si " +"voleu utilitzar un àmbit en majúscules." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:319 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "ldap_enumeration_refresh_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:338 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "ldap_purge_cache_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:341 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" +"Determina cada quant es comprova la memòria cau per entrades inactives " +"(grups sense membres i usuaris que mai no han iniciat una sessió) i eliminar-" +"los per estalviar espai." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:347 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:367 +msgid "ldap_group_nesting_level (integer)" +msgstr "ldap_group_nesting_level (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:370 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" +"Si ldap_schema s'estableix a un format d'esquema que admeti els grups niats " +"(p. ex. RFC2307bis), llavors aquesta opció controla quants nivells de " +"nidificació seguirà l'SSSD. Aquesta opció no té cap efecte sobre l'esquema " +"RFC2307." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:395 +msgid "Default: 2" +msgstr "Per defecte: 2" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:404 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "Per defecte: el valor de <emphasis>ldap_search_base</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:439 +msgid "ldap_service_search_base (string)" +msgstr "ldap_service_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:444 +msgid "ldap_iphost_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:449 +msgid "ldap_ipnetwork_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:454 +msgid "ldap_search_timeout (integer)" +msgstr "ldap_search_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:457 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:463 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:480 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "ldap_enumeration_search_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:483 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:501 +msgid "ldap_network_timeout (integer)" +msgstr "ldap_network_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" +"Especifica el temps d'espera (en segons) després que el " +"<citerefentry><refentrytitle>sondeig</refentrytitle> <manvolnum>2</" +"manvolnum></citerefentry>/<citerefentry><refentrytitle>selecció</" +"refentrytitle> <manvolnum>2</manvolnum></citerefentry> seguit d'una " +"<citerefentry><refentrytitle>connexió</refentrytitle> <manvolnum>2</" +"manvolnum></citerefentry> retorna en cas de cap activitat." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:532 +msgid "ldap_opt_timeout (integer)" +msgstr "ldap_opt_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:535 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:555 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "ldap_connection_expire_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:558 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:566 +msgid "" +"If the connection is idle (not actively running an operation) within " +"<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " +"closed early to ensure that a new query cannot require the connection to " +"remain open past its expiration. This implies that connections will always " +"be closed immediately and will never be reused if " +"<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:578 +msgid "" +"This timeout can be extended of a random value specified by " +"<emphasis>ldap_connection_expire_offset</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 +msgid "Default: 900 (15 minutes)" +msgstr "Per defecte: 900 (15 minuts)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_connection_expire_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"Random offset between 0 and configured value is added to " +"<emphasis>ldap_connection_expire_timeout</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:613 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_connection_idle_timeout (integer)" +msgstr "ldap_connection_expire_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:616 +msgid "" +"Specifies a timeout (in seconds) that an idle connection to an LDAP server " +"will be maintained. If the connection is idle for more than this time then " +"the connection will be closed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:622 +msgid "You can disable this timeout by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:637 +msgid "ldap_page_size (integer)" +msgstr "ldap_page_size (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:640 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:651 +msgid "ldap_disable_paging (boolean)" +msgstr "ldap_disable_paging (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:654 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:660 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:666 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:678 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "ldap_disable_range_retrieval (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:681 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:684 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:699 +msgid "ldap_sasl_minssf (integer)" +msgstr "ldap_sasl_minssf (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:702 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:715 +msgid "ldap_sasl_maxssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:718 +msgid "" +"When communicating with an LDAP server using SASL, specify the maximal " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:731 +msgid "ldap_deref_threshold (integer)" +msgstr "ldap_deref_threshold (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:734 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:740 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0. " +"Please note that there are some codepaths in SSSD, like the IPA HBAC " +"provider, that are only implemented using the dereference call, so even with " +"dereference explicitly disabled, those parts will still use dereference if " +"the server supports it and advertises the dereference control in the rootDSE " +"object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:751 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:759 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:772 +msgid "ldap_ignore_unreadable_references (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:775 +msgid "" +"Ignore unreadable LDAP entries referenced in group's member attribute. If " +"this parameter is set to false an error will be returned and the operation " +"will fail instead of just ignoring the unreadable entry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:782 +msgid "" +"This parameter may be useful when using the AD provider and the computer " +"account that sssd uses to connect to AD does not have access to a particular " +"entry or LDAP sub-tree for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:795 +msgid "ldap_tls_reqcert (string)" +msgstr "ldap_tls_reqcert (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:798 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" +"Especifica quines comprovacions s'han de realitzar sobre els certificats de " +"servidor en una sessió TLS, si s'escau. Es pot especificar com un dels " +"valors següents:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" +"<emphasis>never</emphasis> = El client no demanarà o comprovarà cap " +"certificat del servidor." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:808 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" +"<emphasis>allow</emphasis> = El certificat del servidor se sol·licitarà. Si " +"no es proporciona cap certificat, la sessió avança normalment. Si es " +"proporciona un certificat dolent, s'ignorarà i la sessió procedirà " +"normalment." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:815 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" +"<emphasis>try</emphasis> = El certificat del servidor se sol·licitarà. Si no " +"es proporciona cap certificat, la sessió avança normalment. Si es " +"proporciona un certificat dolent, immediatament s'acaba la sessió." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:821 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" +"<emphasis>demand</emphasis> = El certificat del servidor se sol·licitarà. Si " +"no es proporciona cap certificat, o se'n proporciona un de dolent, " +"immediatament s'acaba la sessió." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:827 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:831 +msgid "Default: hard" +msgstr "Per defecte: hard" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:837 +msgid "ldap_tls_cacert (string)" +msgstr "ldap_tls_cacert (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:840 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" +"Especifica el fitxer que conté els certificats per a totes les Autoritats de " +"Certificació que reconeixerà l'<command>sssd</command>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" +"Per defecte: Utilitza els valors per defecte d'OpenLDAP, normalment a " +"<filename>/etc/openldap/ldap.conf</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:852 +msgid "ldap_tls_cacertdir (string)" +msgstr "ldap_tls_cacertdir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:855 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" +"Especifica el camí al directori que conté els certificats de l'autoritat " +"certificadora en fitxers separats independents. Normalment els noms dels " +"fitxers són el hash del certificat seguit de '. 0'. Si està disponible, " +"<command>cacertdir_rehash</command> es pot utilitzar per crear els noms " +"correctes." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:870 +msgid "ldap_tls_cert (string)" +msgstr "ldap_tls_cert (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:873 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:883 +msgid "ldap_tls_key (string)" +msgstr "ldap_tls_key (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:886 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:895 +msgid "ldap_tls_cipher_suite (string)" +msgstr "ldap_tls_cipher_suite (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:898 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "ldap_id_use_start_tls (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." +msgid "" +"Specifies that the id_provider connection must also use <systemitem " +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." +msgstr "" +"Especifica que la connexió id_provider també ha d'utilitzar <systemitem " +"class=\"protocol\">tls</systemitem> per a protegir el canal." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_id_mapping (boolean)" +msgstr "ldap_id_mapping (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:934 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:944 +msgid "ldap_min_id, ldap_max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:947 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:959 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:965 +msgid "ldap_sasl_mech (string)" +msgstr "ldap_sasl_mech (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:968 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " +"tested and supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:972 +msgid "" +"If the backend supports sub-domains the value of ldap_sasl_mech is " +"automatically inherited to the sub-domains. If a different value is needed " +"for a sub-domain it can be overwritten by setting ldap_sasl_mech for this " +"sub-domain explicitly. Please see TRUSTED DOMAIN SECTION in " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:988 +msgid "ldap_sasl_authid (string)" +msgstr "ldap_sasl_authid (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ldap.5.xml:1000 +#, no-wrap +msgid "" +"hostname@REALM\n" +"netbiosname$@REALM\n" +"host/hostname@REALM\n" +"*$@REALM\n" +"host/*@REALM\n" +"host/*\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:991 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " +"this represents the Kerberos principal used for authentication to the " +"directory. This option can either contain the full principal (for example " +"host/myhost@EXAMPLE.COM) or just the principal name (for example host/" +"myhost). By default, the value is not set and the following principals are " +"used: <placeholder type=\"programlisting\" id=\"0\"/> If none of them are " +"found, the first principal in keytab is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1011 +msgid "Default: host/hostname@REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1017 +msgid "ldap_sasl_realm (string)" +msgstr "ldap_sasl_realm (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1026 +msgid "Default: the value of krb5_realm." +msgstr "Per defecte: el valor de krb5_realm." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1032 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "ldap_sasl_canonicalize (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1035 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1040 +msgid "Default: false;" +msgstr "Per defecte: false;" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1046 +msgid "ldap_krb5_keytab (string)" +msgstr "ldap_krb5_keytab (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1049 +msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" +"Per defecte: Fitxer keytab de sistema, normalment <filename>/etc/krb5." +"keytab</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1064 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "ldap_krb5_init_creds (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1067 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI or GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1079 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "ldap_krb5_ticket_lifetime (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 +msgid "Default: 86400 (24 hours)" +msgstr "Per defecte: 86400 (24 hores)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "krb5_server, krb5_backup_server (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1100 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" +"Quan s'utilitza el servei de descobriment per als servidors KDC o kpasswd, " +"l'SSSD primer cerca les entrades DNS que especifiquen _udp com el protocol i " +"retorna a _tcp si no se'n troba cap." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" +"Aquesta opció s'anomenava <quote>krb5_kdcip</quote> en les primeres versions " +"de l'SSSD. Mentre que el nom antic és reconegut de moment, s'aconsella als " +"usuaris que migrin els seus fitxers de configuració per utilitzar " +"<quote>krb5_server</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "krb5_realm (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1129 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1133 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" +"Per defecte: Paràmetres predeterminats del sistema, vegeu <filename>/etc/" +"krb5.conf</filename>" + +#. type: Content of: <variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 +msgid "krb5_canonicalize (boolean)" +msgstr "krb5_canonicalize (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1142 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "krb5_use_kdcinfo (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1182 +msgid "ldap_pwd_policy (string)" +msgstr "ldap_pwd_policy (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1185 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" +"Selecciona la política per avaluar la caducitat de la contrasenya en el " +"costat del client. S'admeten els valors següents:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1190 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" +"<emphasis>none</emphasis> - Cap avaluació del costat del client. Aquesta " +"opció no inhabilita les polítiques de contrasenya de servidor." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired. Please see option " +"\"ldap_chpass_update_last_change\" as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1203 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" +"<emphasis>mit_kerberos</emphasis> - Usa els atributs utilitzats per MIT " +"Kerberos per determinar si la contrasenya ha caducat. Utilitza " +"chpass_provider=krb5 per actualitzar aquests atributs quan es canvia la " +"contrasenya." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1212 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1220 +msgid "ldap_referrals (boolean)" +msgstr "ldap_referrals (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1223 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" +"Especifica si el seguiment automàtic del referenciador s'hauria d'habilitar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1227 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" +"Tingueu en compte que l'sssd només admet l'encadenament de les referències " +"quan es compila amb la versió 2.4.13 o superiors d'OpenLDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1232 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement. Setting this option to " +"false is therefore recommended in case the SSSD LDAP provider is used " +"together with Microsoft Active Directory as a backend. Even if SSSD would be " +"able to follow the referral to a different AD DC no additional data would be " +"available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1251 +msgid "ldap_dns_service_name (string)" +msgstr "ldap_dns_service_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1254 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" +"Especifica el nom de servei per utilitzar quan està habilitada la detecció " +"de serveis." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1258 +msgid "Default: ldap" +msgstr "Per defecte: ldap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1264 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "ldap_chpass_dns_service_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1267 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" +"Especifica el nom del servei a utilitzar per trobar un servidor LDAP que " +"permeti els canvis de contrasenyes quan estigui habilitat el descobriment " +"dels serveis." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" +"Defecte: no definit, és a dir, el descobriment de serveis està inhabilitat" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1278 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "ldap_chpass_update_last_change (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1281 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1287 +msgid "" +"It is recommend to set this option explicitly if \"ldap_pwd_policy = " +"shadow\" is used to let SSSD know if the LDAP server will update " +"shadowLastChange LDAP attribute automatically after a password change or if " +"SSSD has to update it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1301 +msgid "ldap_access_filter (string)" +msgstr "ldap_access_filter (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1304 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1324 +msgid "Example:" +msgstr "Exemple:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1327 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1331 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1336 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 +msgid "Default: Empty" +msgstr "Per defecte: Buit" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1350 +msgid "ldap_account_expire_policy (string)" +msgstr "ldap_account_expire_policy (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1353 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" +"Amb aquesta opció es pot habilitar una avaluació del costat de client " +"d'atributs de control d'accés." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1357 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" +"Si us plau, tingueu en compte que sempre és recomanable utilitzar el control " +"d'accés del costat de servidor, és a dir, el servidor d'LDAP hauria de " +"denegar la petició de vincle amb un codi d'error adequat fins i tot si la " +"contrasenya és correcta." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1364 +msgid "The following values are allowed:" +msgstr "S'admeten els valors següents:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1367 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" +"<emphasis>shadow</emphasis>: utilitza el valor ldap_user_shadow_expire per " +"determinar si el compte ha caducat." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1372 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1379 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1393 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1406 +msgid "ldap_access_order (string)" +msgstr "ldap_access_order (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" +"Llista separada per comes d'opcions de control d'accés. Els valors permesos " +"són:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1413 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "<emphasis>filter</emphasis>: utilitza ldap_access_filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1416 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1426 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1433 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1450 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "<emphasis>expire</emphasis>: utilitza ldap_account_expire_policy" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 +msgid "" +"The difference between these options is the action taken if user password is " +"expired:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 +msgid "pwd_expire_policy_reject - user is denied to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 +msgid "pwd_expire_policy_warn - user is still able to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 +msgid "" +"pwd_expire_policy_renew - user is prompted to change their password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1489 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" +"<emphasis>authorized_service</emphasis>: utilitza l'atribut " +"authorizedService per determinar l'accés" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1499 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1503 +msgid "" +"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " +"remote host can access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "" +"Please note, rhost field in pam is set by application, it is better to check " +"what the application sends to pam, before enabling this access control option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1512 +msgid "Default: filter" +msgstr "Per defecte: filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1515 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" +"Si us plau, tingueu en compte que és un error de configuració si un valor " +"s'utilitza més d'una vegada." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1522 +msgid "ldap_pwdlockout_dn (string)" +msgstr "ldap_pwdlockout_dn (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1525 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1533 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "Exemple: cn=ppolicy,ou=policies,dc=exemple,dc=com" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1536 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "Per defecte: cn=ppolicy,ou=policies,$ldap_search_base" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1542 +msgid "ldap_deref (string)" +msgstr "ldap_deref (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1545 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" +"Especifica com es realitza l'eliminació de les referències dels àlies quan " +"es fa una cerca. S'admeten les opcions següents:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1550 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" +"<emphasis>never</emphasis>: les referències dels àlies mai són eliminades." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" +"<emphasis>searching</emphasis>: les referències dels àlies són eliminades en " +"subordinats de l'objecte base, però no en la localització de l'objecte base " +"de la cerca." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1559 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" +"<emphasis>finding</emphasis>: les referències dels àlies són eliminades " +"només en localitzar l'objecte base de la cerca." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1564 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" +"<emphasis>always</emphasis>: les referències dels àlies són eliminades tant " +"en la recerca i en la localització de l'objecte base de la cerca." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1569 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" +"Per defecte: Buit (això es tractarà com a <emphasis>never</emphasis> amb les " +"biblioteques de client LDAP)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1577 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "ldap_rfc2307_fallback_to_local_users (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1580 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1584 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1595 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 +msgid "wildcard_limit (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1610 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1614 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1624 +#, fuzzy +#| msgid "debug_level (integer)" +msgid "ldap_library_debug_level (integer)" +msgstr "debug_level (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1627 +msgid "" +"Switches on libldap debugging with the given level. The libldap debug " +"messages will be written independent of the general debug_level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1632 +msgid "" +"OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " +"enable full debug output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1637 +#, fuzzy +#| msgid "Default: 0 (disabled)" +msgid "Default: 0 (libldap debugging disabled)" +msgstr "Per defecte: 0 (inhabilitat)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:52 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. Note that SSSD " +"LDAP mapping attributes are described in the <citerefentry> " +"<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1647 +msgid "SUDO OPTIONS" +msgstr "OPCIONS DE SUDO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1649 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1660 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "ldap_sudo_full_refresh_interval (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1663 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1668 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1673 +msgid "" +"You can disable full refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 +msgid "Default: 21600 (6 hours)" +msgstr "Per defecte: 21600 (6 hores)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "ldap_sudo_smart_refresh_interval (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest " +"server USN value that is currently known by SSSD)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1693 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1697 +msgid "" +"<emphasis>Note:</emphasis> the highest USN value can be updated by three " +"tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +"enumeration of users and groups (if enabled and updated users or groups are " +"found) and 3) by reconnecting to the server (by default every 15 minutes, " +"see <emphasis>ldap_connection_expire_timeout</emphasis>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1708 +msgid "" +"You can disable smart refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1719 +#, fuzzy +#| msgid "ldap_idmap_range_size (integer)" +msgid "ldap_sudo_random_offset (integer)" +msgstr "ldap_idmap_range_size (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1722 +msgid "" +"Random offset between 0 and configured value is added to smart and full " +"refresh periods each time the periodic task is scheduled. The value is in " +"seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Note that this random offset is also applied on the first SSSD start which " +"delays the first sudo rules refresh. This prolongs the time when the sudo " +"rules are not available for use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1734 +msgid "You can disable this offset by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1744 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "ldap_sudo_use_host_filter (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1747 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1758 +msgid "ldap_sudo_hostnames (string)" +msgstr "ldap_sudo_hostnames (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1761 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1766 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 +msgid "Default: not specified" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1782 +msgid "ldap_sudo_ip (string)" +msgstr "ldap_sudo_ip (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1785 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1790 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1805 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "ldap_sudo_include_netgroups (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1808 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1823 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "ldap_sudo_include_regexp (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1826 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +#: sssd-ldap.5.xml:1836 +msgid "" +"Using wildcard is an operation that is very costly to evaluate on the LDAP " +"server side!" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1848 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1858 +msgid "AUTOFS OPTIONS" +msgstr "OPCIONS D'AUTOFS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1866 +msgid "ldap_autofs_map_master_name (string)" +msgstr "ldap_autofs_map_master_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1869 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1872 +msgid "Default: auto.master" +msgstr "Per defecte: auto.master" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1883 +msgid "ADVANCED OPTIONS" +msgstr "OPCIONS AVANÇADES" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1890 +msgid "ldap_netgroup_search_base (string)" +msgstr "ldap_netgroup_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1895 +msgid "ldap_user_search_base (string)" +msgstr "ldap_user_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1900 +msgid "ldap_group_search_base (string)" +msgstr "ldap_group_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:1905 +msgid "<note>" +msgstr "<note>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no GID mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:1914 +msgid "</note>" +msgstr "</note>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1916 +msgid "ldap_sudo_search_base (string)" +msgstr "ldap_sudo_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_autofs_search_base (string)" +msgstr "ldap_autofs_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1885 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder " +"type=\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 +msgid "EXAMPLE" +msgstr "EXEMPLE" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" +"L'exemple següent presuposa que l'SSSD està correctament configurat i l'LDAP " +"està definit com a un dels dominis a la secció <replaceable>[domains]</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1944 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 +#: include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1955 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1957 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1962 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "NOTES" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1979 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" +"Les descripcions d'algunes de les opcions de configuració en aquesta pàgina " +"del manual es basen en la pàgina del manual <citerefentry>de " +"<refentrytitle>ldap.conf</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> de la distribució d'OpenLDAP 2.4." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:11 pam_sss.8.xml:16 +msgid "pam_sss" +msgstr "pam_sss" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: pam_sss.8.xml:12 pam_sss_gss.8.xml:12 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11 +#: sssd_krb5_localauth_plugin.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:17 +msgid "PAM module for SSSD" +msgstr "Mòdul de PAM per SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:22 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg " +"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg " +"choice='opt'> <replaceable>prompt_always</replaceable> </arg> <arg " +"choice='opt'> <replaceable>try_cert_auth</replaceable> </arg> <arg " +"choice='opt'> <replaceable>require_cert_auth</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:64 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" +"<command>pam_sss.so</command> és la interfície PAM a l'SSSD (System Security " +"Services daemon). Els errors i els resultats es registren a través de " +"<command>syslog(3)</command> amb el canal LOG_AUTHPRIV." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123 +#: sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "OPCIONS" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:74 +msgid "<option>quiet</option>" +msgstr "<option>quiet</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:77 +msgid "Suppress log messages for unknown users." +msgstr "Suprimeix el registre dels missatges per als usuaris desconeguts." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>forward_pass</option>" +msgstr "<option>forward_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" +"Si s'estableix <option>forward_pass</option>, la contrasenya que " +"s'introdueix es posa a la pila perquè els altres mòduls del PAM l'utilitzin." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:92 +msgid "<option>use_first_pass</option>" +msgstr "<option>use_first_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:95 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" +"L'argument use_first_pass obliga al mòdul que utilitzi una contrasenya " +"apilada anteriorment dels mòduls i mai ho demanarà l'usuari - si no hi ha " +"cap contrasenya o no és correcta, es denegarà l'accés a l'usuari." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>use_authtok</option>" +msgstr "<option>use_authtok</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" +"Quan el canvi de contrasenya força al mòdul a establir la nova contrasenya a " +"la proporcionada per un mòdul de contrasenya prèviament apilat." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:113 +msgid "<option>retry=N</option>" +msgstr "<option>retry=N</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:116 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" +"Si s'especifica, en cas de fallar l'autenticació a l'usuari se li demanarà N " +"vegades més una contrasenya. Per defecte és 0." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:118 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" +"Si us plau, tingueu en compte que aquesta opció podria no funcionar com " +"s'espera si l'aplicació que crida PAM gestiona pel seu compte el diàleg amb " +"l'usuari. Un exemple típic és <command>sshd</command> amb " +"<option>PasswordAuthentication</option>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_unknown_user</option>" +msgstr "<option>ignore_unknown_user</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:130 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" +"Si s'especifica aquesta opció i no existeix l'usuari, el mòdul PAM retornarà " +"PAM_IGNORE. Això provoca que el marc de treball del PAM ignori aquest mòdul." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:137 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "<option>ignore_authinfo_unavail</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:141 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" +"Especifica que el mòdul PAM ha de retornar PAM_IGNORE si no pot contactar " +"amb el domini SSSD. Això provoca que el marc de treball del PAM ignori " +"aquest mòdul." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:148 +msgid "<option>domains</option>" +msgstr "<option>domains</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:152 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" +"Permet a l'administrador que restringeixi els dominis que un servei PAM " +"concret pot autentificar-s'hi. El format és una llista separada per comes " +"dels noms dels dominis SSSD, com s'especifica al fitxer sssd.conf." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:158 +#, fuzzy +#| msgid "" +#| "NOTE: Must be used in conjunction with the <quote>pam_trusted_users</" +#| "quote> and <quote>pam_public_domains</quote> options. Please see the " +#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> manual page for more information on these two " +#| "PAM responder options." +msgid "" +"NOTE: If this is used for a service not running as root user, e.g. a web-" +"server, it must be used in conjunction with the <quote>pam_trusted_users</" +"quote> and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" +"NOTA: Ha d'utilitzar-se juntament amb les opcions <quote>pam_trusted_users</" +"quote> i <quote>pam_public_domains</quote>. Si us plau, vegeu la pàgina del " +"manual de <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> per a més informació sobre aquestes " +"dues opcions del contestador del PAM." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:173 +msgid "<option>allow_missing_name</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:177 +msgid "" +"The main purpose of this option is to let SSSD determine the user name based " +"on additional information, e.g. the certificate from a Smartcard." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: pam_sss.8.xml:187 +#, no-wrap +msgid "" +"auth sufficient pam_sss.so allow_missing_name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:182 +msgid "" +"The current use case are login managers which can monitor a Smartcard reader " +"for card events. In case a Smartcard is inserted the login manager will call " +"a PAM stack which includes a line like <placeholder type=\"programlisting\" " +"id=\"0\"/> In this case SSSD will try to determine the user name based on " +"the content of the Smartcard, returns it to pam_sss which will finally put " +"it on the PAM stack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:197 +msgid "<option>prompt_always</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:201 +msgid "" +"Always prompt the user for credentials. With this option credentials " +"requested by other PAM modules, typically a password, will be ignored and " +"pam_sss will prompt for credentials again. Based on the pre-auth reply by " +"SSSD pam_sss might prompt for a password, a Smartcard PIN or other " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:212 +msgid "<option>try_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:216 +msgid "" +"Try to use certificate based authentication, i.e. authentication with a " +"Smartcard or similar devices. If a Smartcard is available and the service is " +"allowed for Smartcard authentication the user will be prompted for a PIN and " +"the certificate based authentication will continue" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:224 +msgid "" +"If no Smartcard is available or certificate based authentication is not " +"allowed for the current service PAM_AUTHINFO_UNAVAIL is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:232 +msgid "<option>require_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:236 +msgid "" +"Do certificate based authentication, i.e. authentication with a Smartcard " +"or similar devices. If a Smartcard is not available the user will be " +"prompted to insert one. SSSD will wait for a Smartcard until the timeout " +"defined by p11_wait_for_card_timeout passed, please see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:246 +msgid "" +"If no Smartcard is available after the timeout or certificate based " +"authentication is not allowed for the current service PAM_AUTHINFO_UNAVAIL " +"is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:256 pam_sss_gss.8.xml:103 +msgid "MODULE TYPES PROVIDED" +msgstr "TIPUS DE MÒDULS PROPORCIONATS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:257 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" +"Es proporcionen tots els tipus de mòduls (<option>account</option>, " +"<option>auth</option>, <option>password</option> i <option>session</option>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:260 +msgid "" +"If SSSD's PAM responder is not running, e.g. if the PAM responder socket is " +"not available, pam_sss will return PAM_USER_UNKNOWN when called as " +"<option>account</option> module to avoid issues with users from other " +"sources during access control." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:267 pam_sss_gss.8.xml:108 +msgid "RETURN VALUES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:270 pam_sss_gss.8.xml:111 +msgid "PAM_SUCCESS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:273 pam_sss_gss.8.xml:114 +msgid "The PAM operation finished successfully." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:278 pam_sss_gss.8.xml:119 +msgid "PAM_USER_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:281 +msgid "" +"The user is not known to the authentication service or the SSSD's PAM " +"responder is not running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:287 pam_sss_gss.8.xml:128 +msgid "PAM_AUTH_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:290 +msgid "" +"Authentication failure. Also, could be returned when there is a problem with " +"getting the certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:296 +msgid "PAM_PERM_DENIED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:299 +msgid "" +"Permission denied. The SSSD log files may contain additional information " +"about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:305 +msgid "PAM_IGNORE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:308 +msgid "" +"See options <option>ignore_unknown_user</option> and " +"<option>ignore_authinfo_unavail</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:314 +msgid "PAM_AUTHTOK_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:317 +msgid "" +"Unable to obtain the new authentication token. Also, could be returned when " +"the user authenticates with certificates and multiple certificates are " +"available, but the installed version of GDM does not support selection from " +"multiple certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:325 pam_sss_gss.8.xml:136 +msgid "PAM_AUTHINFO_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:328 pam_sss_gss.8.xml:139 +msgid "" +"Unable to access the authentication information. This might be due to a " +"network or hardware failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:334 +msgid "PAM_BUF_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:337 +msgid "" +"A memory error occurred. Also, could be returned when options use_first_pass " +"or use_authtok were set, but no password was found from the previously " +"stacked PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:344 pam_sss_gss.8.xml:145 +msgid "PAM_SYSTEM_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:347 pam_sss_gss.8.xml:148 +msgid "" +"A system error occurred. The SSSD log files may contain additional " +"information about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:353 +msgid "PAM_CRED_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:356 +msgid "Unable to set the credentials of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:361 +msgid "PAM_CRED_INSUFFICIENT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:364 +msgid "" +"The application does not have sufficient credentials to authenticate the " +"user. For example, missing PIN during smartcard authentication or missing " +"factor during two-factor authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:372 +msgid "PAM_SERVICE_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:375 +msgid "Error in service module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:380 +msgid "PAM_NEW_AUTHTOK_REQD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:383 +msgid "The user's authentication token has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:388 +msgid "PAM_ACCT_EXPIRED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:391 +msgid "The user account has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:396 +msgid "PAM_SESSION_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:399 +msgid "Unable to fetch IPA Desktop Profile rules or user info." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:404 +msgid "PAM_CRED_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:407 +msgid "Unable to retrieve Kerberos user credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:412 +msgid "PAM_NO_MODULE_DATA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:415 +msgid "" +"No authentication method was found by Kerberos. This might happen if the " +"user has a Smartcard assigned but the pkint plugin is not available on the " +"client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:422 +msgid "PAM_CONV_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:425 +msgid "Conversation failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:430 +msgid "PAM_AUTHTOK_LOCK_BUSY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:433 +msgid "No KDC suitable for password change is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:438 +msgid "PAM_ABORT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:441 +msgid "Unknown PAM call." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:446 +msgid "PAM_MODULE_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:449 +msgid "Unsupported PAM task or command." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:454 +msgid "PAM_BAD_ITEM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:457 +msgid "The authentication module cannot handle Smartcard credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:465 +msgid "FILES" +msgstr "FITXERS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:466 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" +"Si falla el restabliment d'una contrasenya per root, perquè el proveïdor " +"SSSD corresponent no admet el restabliment de les contrasenyes, es pot " +"mostrar un missatge concret. Aquest missatge per exemple pot contenir les " +"instruccions sobre com es restableix una contrasenya." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:471 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" +"El missatge es llegeix del fitxer <filename>pam_sss_pw_reset_message.LOC</" +"filename> on LOC representa una cadena de la configuració regional retornada " +"amb <citerefentry> <refentrytitle>setlocale</refentrytitle><manvolnum>3</" +"manvolnum> </citerefentry>. Si no hi ha cap coincidència, es mostra el " +"contingut del fitxer <filename>pam_sss_pw_reset_message.txt</filename>. El " +"propietari dels fitxers ha de ser root i tan sols root ha de tenir els " +"permisos de lectura i escriptura, mentre que tots els altres usuaris " +"únicament han de tenir els permisos de lectura." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:481 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" +"Aquests fitxers se cerquen al directori <filename>/etc/sssd/customize/" +"NOM_DOMINI/</filename>. Si no hi ha present cap fitxer que hi coincideixi, " +"es mostrarà un missatge genèric." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss_gss.8.xml:11 pam_sss_gss.8.xml:16 +#, fuzzy +#| msgid "pam_sss" +msgid "pam_sss_gss" +msgstr "pam_sss" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss_gss.8.xml:17 +#, fuzzy +#| msgid "PAM module for SSSD" +msgid "PAM module for SSSD GSSAPI authentication" +msgstr "Mòdul de PAM per SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss_gss.8.xml:22 +#, fuzzy +#| msgid "" +#| "<command>sssd</command> <arg choice='opt'> <replaceable>options</" +#| "replaceable> </arg>" +msgid "" +"<command>pam_sss_gss.so</command> <arg choice='opt'> <replaceable>debug</" +"replaceable> </arg>" +msgstr "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:32 +msgid "" +"<command>pam_sss_gss.so</command> authenticates user over GSSAPI in " +"cooperation with SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:36 +msgid "" +"This module will try to authenticate the user using the GSSAPI hostbased " +"service name host@hostname which translates to host/hostname@REALM Kerberos " +"principal. The <emphasis>REALM</emphasis> part of the Kerberos principal " +"name is derived by Kerberos internal mechanisms and it can be set explicitly " +"in configuration of [domain_realm] section in /etc/krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:44 +msgid "" +"SSSD is used to provide desired service name and to validate the user's " +"credentials using GSSAPI calls. If the service ticket is already present in " +"the Kerberos credentials cache or if user's ticket granting ticket can be " +"used to get the correct service ticket then the user will be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:51 +msgid "" +"If <option>pam_gssapi_check_upn</option> is True (default) then SSSD " +"requires that the credentials used to obtain the service tickets can be " +"associated with the user. This means that the principal that owns the " +"Kerberos credentials must match with the user principal name as defined in " +"LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:58 +msgid "" +"To enable GSSAPI authentication in SSSD, set <option>pam_gssapi_services</" +"option> option in [pam] or domain section of sssd.conf. The service " +"credentials need to be stored in SSSD's keytab (it is already present if you " +"use ipa or ad provider). The keytab location can be set with " +"<option>krb5_keytab</option> option. See <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> and " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more details on these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:74 +msgid "" +"Some Kerberos deployments allow to associate authentication indicators with " +"a particular pre-authentication method used to obtain the ticket granting " +"ticket by the user. <command>pam_sss_gss.so</command> allows to enforce " +"presence of authentication indicators in the service tickets before a " +"particular PAM service can be accessed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:82 +msgid "" +"If <option>pam_gssapi_indicators_map</option> is set in the [pam] or domain " +"section of sssd.conf, then SSSD will perform a check of the presence of any " +"configured indicators in the service ticket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss_gss.8.xml:93 +#, fuzzy +#| msgid "<option>quiet</option>" +msgid "<option>debug</option>" +msgstr "<option>quiet</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:96 +msgid "Print debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:104 +msgid "Only the <option>auth</option> module type is provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:122 +msgid "" +"The user is not known to the authentication service or the GSSAPI " +"authentication is not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:131 +msgid "Authentication failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:159 +msgid "" +"The main use case is to provide password-less authentication in sudo but " +"without the need to disable authentication completely. To achieve this, " +"first enable GSSAPI authentication for sudo in sssd.conf:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:165 +#, no-wrap +msgid "" +"[domain/MYDOMAIN]\n" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:169 +msgid "" +"And then enable the module in desired PAM stack (e.g. /etc/pam.d/sudo and /" +"etc/pam.d/sudo-i)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:173 +#, no-wrap +msgid "" +"...\n" +"auth sufficient pam_sss_gss.so\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss_gss.8.xml:180 +msgid "TROUBLESHOOTING" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:182 +msgid "" +"SSSD logs, pam_sss_gss debug output and syslog may contain helpful " +"information about the error. Here are some common issues:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:186 +msgid "" +"1. I have KRB5CCNAME environment variable set and the authentication does " +"not work: Depending on your sudo version, it is possible that sudo does not " +"pass this variable to the PAM environment. Try adding KRB5CCNAME to " +"<option>env_keep</option> in /etc/sudoers or in your LDAP sudo rules default " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:193 +msgid "" +"2. Authentication does not work and syslog contains \"Server not found in " +"Kerberos database\": Kerberos is probably not able to resolve correct realm " +"for the service ticket based on the hostname. Try adding the hostname " +"directly to <option>[domain_realm]</option> in /etc/krb5.conf like so:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:200 +msgid "" +"3. Authentication does not work and syslog contains \"No Kerberos " +"credentials available\": You don't have any credentials that can be used to " +"obtain the required service ticket. Use kinit or authenticate over SSSD to " +"acquire those credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:206 +msgid "" +"4. Authentication does not work and SSSD sssd-pam log contains \"User with " +"UPN [$UPN] was not found.\" or \"UPN [$UPN] does not match target user " +"[$username].\": You are using credentials that can not be mapped to the user " +"that is being authenticated. Try to use kswitch to select different " +"principal, make sure you authenticated with SSSD or consider disabling " +"<option>pam_gssapi_check_upn</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:214 +#, no-wrap +msgid "" +"[domain_realm]\n" +".myhostname = MYREALM\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "sssd_krb5_locator_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by libkrb5 to find KDCs for a given Kerberos realm. SSSD provides such " +"a plugin to guide all Kerberos clients on a system to a single KDC. In " +"general it should not matter to which KDC a client process is talking to. " +"But there are cases, e.g. after a password change, where not all KDCs are in " +"the same state because the new data has to be replicated first. To avoid " +"unexpected authentication failures and maybe even account lockings it would " +"be good to talk to a single KDC as long as possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:34 +msgid "" +"libkrb5 will search the locator plugin in the libkrb5 sub-directory of the " +"Kerberos plugin directory, see plugin_base_dir in <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for details. The plugin can only be disabled by removing the " +"plugin file. There is no option in the Kerberos configuration to disable it. " +"But the SSSD_KRB5_LOCATOR_DISABLE environment variable can be used to " +"disable the plugin for individual commands. Alternatively the SSSD option " +"krb5_use_kdcinfo=False can be used to not generate the data needed by the " +"plugin. With this the plugin is still called but will provide no data to the " +"caller so that libkrb5 can fall back to other methods defined in krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:50 +msgid "" +"The plugin reads the information about the KDCs of a given realm from a file " +"called <filename>kdcinfo.REALM</filename>. The file should contain one or " +"more DNS names or IP addresses either in dotted-decimal IPv4 notation or the " +"hexadecimal IPv6 notation. An optional port number can be added to the end " +"separated with a colon, the IPv6 address has to be enclosed in squared " +"brackets in this case as usual. Valid entries are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:58 +msgid "kdc.example.com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:59 +msgid "kdc.example.com:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:60 +msgid "1.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:61 +msgid "5.6.7.8:99" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:62 +msgid "2001:db8:85a3::8a2e:370:7334" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "[2001:db8:85a3::8a2e:370:7334]:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:65 +msgid "" +"SSSD's krb5 auth-provider which is used by the IPA and AD providers as well " +"adds the address of the current KDC or domain controller SSSD is using to " +"this file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:70 +msgid "" +"In environments with read-only and read-write KDCs where clients are " +"expected to use the read-only instances for the general operations and only " +"the read-write KDC for config changes like password changes a " +"<filename>kpasswdinfo.REALM</filename> is used as well to identify read-" +"write KDCs. If this file exists for the given realm the content will be used " +"by the plugin to reply to requests for a kpasswd or kadmin server or for the " +"MIT Kerberos specific master KDC. If the address contains a port number the " +"default KDC port 88 will be used for the latter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:85 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" +"No totes les implementacions del Kerberos admeten l'ús de connectors. Si " +"<command>sssd_krb5_locator_plugin</command> no estigués disponible al vostre " +"sistema, heu d'editar /etc/krb5.conf per reflectir la vostra configuració " +"del Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:91 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:95 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value " +"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the " +"caller." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:100 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES is set to " +"any value plugin will try to resolve all DNS names in kdcinfo file. By " +"default plugin returns KRB5_PLUGIN_NO_HANDLE to the caller immediately on " +"first DNS resolving failure." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "sssd-simple" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" +"el fitxer de configuració per al proveïdor de control d'accés 'simple' de " +"l'SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" +"En aquesta pàgina del manual es descriu la configuració del proveïdor de " +"control d'accés simple per a <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry>. Per a una " +"referència detallada de la sintaxi, aneu a la secció <quote>FORMAT DEL " +"FITXER</quote> de la pàgina del manual <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" +"El proveïdor d'accés simple concedeix o denega l'accés basat en una llista " +"d'accés o denegació dels noms dels usuaris o dels noms dels grups. " +"S'apliquen les regles següents:" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "Si totes les llistes estan buides, es concedeix l'accés" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" +"Si es proporciona alguna llista, l'ordre d'avaluació és permissió, " +"denegació. Això vol dir que qualsevol coincidència amb la regla de denegació " +"reemplaçarà qualsevol coincidència amb la regla de permissió." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" +"Si es proporcionen una o ambdues llistes de \"permissió\", tots els usuaris " +"són denegats excepte els que apareixen a la llista." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" +"Si només es proporcionen llistes de \"denegació\", es concedeix l'accés a " +"tots els usuaris excepte els que apareixen a la llista." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "simple_allow_users (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" +"Llista separada per comes dels usuaris a qui se'ls permet iniciar la sessió." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "simple_deny_users (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" +"Llista separada per comes dels usuaris a qui se'ls denega explícitament " +"l'accés." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "simple_allow_groups (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" +"Llista separada per comes dels grups a qui se'ls permet iniciar la sessió. " +"Això s'aplica únicament als grups dins d'aquest domini SSSD. No s'avaluen " +"els grups locals." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "simple_deny_groups (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" +"Llista separada per comes dels grups a qui se'ls denega explícitament " +"l'accés. Això s'aplica únicament als grups dins d'aquest domini SSSD. No " +"s'avaluen els grups locals." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:83 sssd-ad.5.xml:131 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Per a més informació sobre la configuració d'un domini SSSD, consulteu la " +"secció <quote>SECCIONS DELS DOMINIS</quote> de la pàgina del manual " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" +"Si us plau, tingueu en compte que és un error de configuració si es " +"defineixen alhora simple_allow_users i simple_deny_users." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" +"En el següent exemple s'assumeix que l'SSD està configurat correctament i " +"que exemple.com és un dels dominis de la secció <replaceable>[sssd]</" +"replaceable>. En aquest exemple es mostren únicament les opcions " +"específiques del proveïdor d'accés simple." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" +"[domini/exemple.com]\n" +"access_provider = simple\n" +"simple_allow_users = usuari1, usuari2\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" +"La jerarquia completa de la pertinença a un grup es resol abans de la " +"comprovació de l'accés, de manera que fins i tot els grups imbricats es " +"poden incloure a les llistes d'accés. Si us plau, tingueu cura que l'opció " +"<quote>ldap_group_nesting_level</quote> pot influir amb els resultats i s'ha " +"d'establir amb un valor suficient. L'opció (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>)." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss-certmap.5.xml:10 sss-certmap.5.xml:16 +msgid "sss-certmap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss-certmap.5.xml:17 +msgid "SSSD Certificate Matching and Mapping Rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:23 +msgid "" +"The manual page describes the rules which can be used by SSSD and other " +"components to match X.509 certificates and map them to accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:28 +msgid "" +"Each rule has four components, a <quote>priority</quote>, a <quote>matching " +"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</" +"quote>. All components are optional. A missing <quote>priority</quote> will " +"add the rule with the lowest priority. The default <quote>matching rule</" +"quote> will match certificates with the digitalSignature key usage and " +"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty " +"the certificates will be searched in the userCertificate attribute as DER " +"encoded binary. If no domains are given only the local domain will be " +"searched." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:39 +msgid "" +"To allow extensions or completely different style of rule the " +"<quote>mapping</quote> and <quote>matching rules</quote> can contain a " +"prefix separated with a ':' from the main part of the rule. The prefix may " +"only contain upper-case ASCII letters and numbers. If the prefix is omitted " +"the default type will be used which is 'KRB5' for the matching rules and " +"'LDAP' for the mapping rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:48 +msgid "" +"The 'sssctl' utility provides the 'cert-eval-rule' command to check if a " +"given certificate matches a matching rules and how the output of a mapping " +"rule would look like." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss-certmap.5.xml:55 +msgid "RULE COMPONENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:57 +msgid "PRIORITY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:59 +msgid "" +"The rules are processed by priority while the number '0' (zero) indicates " +"the highest priority. The higher the number the lower is the priority. A " +"missing value indicates the lowest priority. The rules processing is stopped " +"when a matched rule is found and no further rules are checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:66 +msgid "" +"Internally the priority is treated as unsigned 32bit integer, using a " +"priority value larger than 4294967295 will cause an error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:70 +msgid "" +"If multiple rules have the same priority and only one of the related " +"matching rules applies, this rule will be chosen. If there are multiple " +"rules with the same priority which matches, one is chosen but which one is " +"undefined. To avoid this undefined behavior either use different priorities " +"or make the matching rules more specific e.g. by using distinct <" +"ISSUER> patterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:79 +msgid "MATCHING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:81 +msgid "" +"The matching rule is used to select a certificate to which the mapping rule " +"should be applied. It uses a system similar to the one used by " +"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a " +"keyword enclosed by '<' and '>' which identified a certain part of the " +"certificate and a pattern which should be found for the rule to match. " +"Multiple keyword pattern pairs can be either joined with '&&' (and) " +"or '||' (or)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:90 +msgid "" +"Given the similarity to MIT Kerberos the type prefix for this rule is " +"'KRB5'. But 'KRB5' will also be the default for <quote>matching rules</" +"quote> so that \"<SUBJECT>.*,DC=MY,DC=DOMAIN\" and \"KRB5:<" +"SUBJECT>.*,DC=MY,DC=DOMAIN\" are equivalent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:99 +msgid "<SUBJECT>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:102 +msgid "" +"With this a part or the whole subject name of the certificate can be " +"matched. For the matching POSIX Extended Regular Expression syntax is used, " +"see regex(7) for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:108 +msgid "" +"For the matching the subject name stored in the certificate in DER encoded " +"ASN.1 is converted into a string according to RFC 4514. This means the most " +"specific name component comes first. Please note that not all possible " +"attribute names are covered by RFC 4514. The names included are 'CN', 'L', " +"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might " +"be shown differently on different platform and by different tools. To avoid " +"confusion those attribute names are best not used or covered by a suitable " +"regular-expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:121 +msgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:124 +msgid "" +"Please note that the characters \"^.[$()|*+?{\\\" have a special meaning in " +"regular expressions and must be escaped with the help of the '\\' character " +"so that they are matched as ordinary characters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:130 +msgid "Example: <SUBJECT>^CN=.* \\(Admin\\),DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:135 +msgid "<ISSUER>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:138 +msgid "" +"With this a part or the whole issuer name of the certificate can be matched. " +"All comments for <SUBJECT> apply her as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:143 +msgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:148 +msgid "<KU>key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:151 +msgid "" +"This option can be used to specify which key usage values the certificate " +"should have. The following values can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:155 +msgid "digitalSignature" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:156 +msgid "nonRepudiation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:157 +msgid "keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:158 +msgid "dataEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:159 +msgid "keyAgreement" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:160 +msgid "keyCertSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:161 +msgid "cRLSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:162 +msgid "encipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:163 +msgid "decipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:167 +msgid "" +"A numerical value in the range of a 32bit unsigned integer can be used as " +"well to cover special use cases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:171 +msgid "Example: <KU>digitalSignature,keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:176 +msgid "<EKU>extended-key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:179 +msgid "" +"This option can be used to specify which extended key usage the certificate " +"should have. The following value can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:183 +msgid "serverAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:184 +msgid "clientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:185 +msgid "codeSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:186 +msgid "emailProtection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:187 +msgid "timeStamping" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:188 +msgid "OCSPSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:189 +msgid "KPClientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:190 +msgid "pkinit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:191 +msgid "msScLogin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:195 +msgid "" +"Extended key usages which are not listed above can be specified with their " +"OID in dotted-decimal notation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:199 +msgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:204 +msgid "<SAN>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:207 +msgid "" +"To be compatible with the usage of MIT Kerberos this option will match the " +"Kerberos principals in the PKINIT or AD NT Principal SAN as <SAN:" +"Principal> does." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:212 +msgid "Example: <SAN>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:217 +msgid "<SAN:Principal>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:220 +msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:224 +msgid "Example: <SAN:Principal>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:229 +msgid "<SAN:ntPrincipalName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:232 +msgid "Match the Kerberos principals from the AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:236 +msgid "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:241 +msgid "<SAN:pkinit>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:244 +msgid "Match the Kerberos principals from the PKINIT SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:247 +msgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:252 +msgid "<SAN:dotted-decimal-oid>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:255 +msgid "" +"Take the value of the otherName SAN component given by the OID in dotted-" +"decimal notation, interpret it as string and try to match it against the " +"regular expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:261 +msgid "Example: <SAN:1.2.3.4>test" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:266 +msgid "<SAN:otherName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:269 +msgid "" +"Do a binary match with the base64 encoded blob against all otherName SAN " +"components. With this option it is possible to match against custom " +"otherName components with special encodings which could not be treated as " +"strings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:276 +msgid "Example: <SAN:otherName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:281 +msgid "<SAN:rfc822Name>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:284 +msgid "Match the value of the rfc822Name SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:287 +msgid "Example: <SAN:rfc822Name>.*@email\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:292 +msgid "<SAN:dNSName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:295 +msgid "Match the value of the dNSName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:298 +msgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:303 +msgid "<SAN:x400Address>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:306 +msgid "Binary match the value of the x400Address SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:309 +msgid "Example: <SAN:x400Address>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:314 +msgid "<SAN:directoryName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:317 +msgid "" +"Match the value of the directoryName SAN. The same comments as given for <" +"ISSUER> and <SUBJECT> apply here as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:322 +msgid "Example: <SAN:directoryName>.*,DC=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:327 +msgid "<SAN:ediPartyName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:330 +msgid "Binary match the value of the ediPartyName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:333 +msgid "Example: <SAN:ediPartyName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:338 +msgid "<SAN:uniformResourceIdentifier>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:341 +msgid "Match the value of the uniformResourceIdentifier SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:344 +msgid "Example: <SAN:uniformResourceIdentifier>URN:.*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:349 +msgid "<SAN:iPAddress>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:352 +msgid "Match the value of the iPAddress SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:355 +msgid "Example: <SAN:iPAddress>192\\.168\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:360 +msgid "<SAN:registeredID>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:363 +msgid "Match the value of the registeredID SAN as dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:367 +msgid "Example: <SAN:registeredID>1\\.2\\.3\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:96 +msgid "" +"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:375 +msgid "MAPPING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:377 +msgid "" +"The mapping rule is used to associate a certificate with one or more " +"accounts. A Smartcard with the certificate and the matching private key can " +"then be used to authenticate as one of those accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:382 +msgid "" +"Currently SSSD basically only supports LDAP to lookup user information (the " +"exception is the proxy provider which is not of relevance here). Because of " +"this the mapping rule is based on LDAP search filter syntax with templates " +"to add certificate content to the filter. It is expected that the filter " +"will only contain the specific data needed for the mapping and that the " +"caller will embed it in another filter to do the actual search. Because of " +"this the filter string should start and stop with '(' and ')' respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:392 +msgid "" +"In general it is recommended to use attributes from the certificate and add " +"them to special attributes to the LDAP user object. E.g. the " +"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute " +"for IPA can be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:398 +msgid "" +"This should be preferred to read user specific data from the certificate " +"like e.g. an email address and search for it in the LDAP server. The reason " +"is that the user specific data in LDAP might change for various reasons " +"would break the mapping. On the other hand it would be hard to break the " +"mapping on purpose for a specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:406 +msgid "" +"The default <quote>mapping rule</quote> type is 'LDAP' which can be added as " +"a prefix to a rule like e.g. 'LDAP:(userCertificate;binary={cert!bin})'. " +"There is an extension called 'LDAPU1' which offer more templates for more " +"flexibility. To allow older versions of this library to ignore the extension " +"the prefix 'LDAPU1' must be used when using the new templates in a " +"<quote>mapping rule</quote> otherwise the old version of this library will " +"fail with a parsing error. The new templates are described in section <xref " +"linkend=\"map_ldapu1\"/>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:424 +msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:427 +msgid "" +"This template will add the full issuer DN converted to a string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:433 sss-certmap.5.xml:459 +msgid "" +"The conversion options starting with 'ad_' will use attribute names as used " +"by AD, e.g. 'S' instead of 'ST'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:437 sss-certmap.5.xml:463 +msgid "" +"The conversion options starting with 'nss_' will use attribute names as used " +"by NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:441 sss-certmap.5.xml:467 +msgid "" +"The default conversion option is 'nss', i.e. attribute names according to " +"NSS and LDAP/RFC 4514 ordering." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:445 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!" +"ad})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:450 +msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:453 +msgid "" +"This template will add the full subject DN converted to string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:471 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>" +"{subject_dn!nss_x500})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:476 +msgid "{cert[!(bin|base64)]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:479 +msgid "" +"This template will add the whole DER encoded certificate as a string to the " +"search filter. Depending on the conversion option the binary certificate is " +"either converted to an escaped hex sequence '\\xx' or base64. The escaped " +"hex sequence is the default and can e.g. be used with the LDAP attribute " +"'userCertificate;binary'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:487 +msgid "Example: (userCertificate;binary={cert!bin})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:492 +msgid "{subject_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:495 +msgid "" +"This template will add the Kerberos principal which is taken either from the " +"SAN used by pkinit or the one used by AD. The 'short_name' component " +"represents the first part of the principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:501 +msgid "" +"Example: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:506 +msgid "{subject_pkinit_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:509 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by pkinit. The 'short_name' component represents the first part of the " +"principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:515 +msgid "" +"Example: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:520 +msgid "{subject_nt_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:523 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by AD. The 'short_name' component represent the first part of the principal " +"before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:529 +msgid "" +"Example: (|(userPrincipalName={subject_nt_principal})" +"(samAccountName={subject_nt_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:534 +msgid "{subject_rfc822_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:537 +msgid "" +"This template will add the string which is stored in the rfc822Name " +"component of the SAN, typically an email address. The 'short_name' component " +"represents the first part of the address before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:543 +msgid "" +"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name." +"short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:548 +msgid "{subject_dns_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:551 +msgid "" +"This template will add the string which is stored in the dNSName component " +"of the SAN, typically a fully-qualified host name. The 'short_name' " +"component represents the first part of the name before the first '.' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:557 +msgid "" +"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:562 +msgid "{subject_uri}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:565 +msgid "" +"This template will add the string which is stored in the " +"uniformResourceIdentifier component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:569 +msgid "Example: (uri={subject_uri})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:574 +msgid "{subject_ip_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:577 +msgid "" +"This template will add the string which is stored in the iPAddress component " +"of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:581 +msgid "Example: (ip={subject_ip_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:586 +msgid "{subject_x400_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:589 +msgid "" +"This template will add the value which is stored in the x400Address " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:594 +msgid "Example: (attr:binary={subject_x400_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:599 +msgid "" +"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:602 +msgid "" +"This template will add the DN string of the value which is stored in the " +"directoryName component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:606 +msgid "Example: (orig_dn={subject_directory_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:611 +msgid "{subject_ediparty_name}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:614 +msgid "" +"This template will add the value which is stored in the ediPartyName " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:619 +msgid "Example: (attr:binary={subject_ediparty_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:624 +msgid "{subject_registered_id}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:627 +msgid "" +"This template will add the OID which is stored in the registeredID component " +"of the SAN as a dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:632 +msgid "Example: (oid={subject_registered_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:417 +msgid "" +"The templates to add certificate data to the search filter are based on " +"Python-style formatting strings. They consist of a keyword in curly braces " +"with an optional sub-component specifier separated by a '.' or an optional " +"conversion/formatting option separated by a '!'. Allowed values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><title> +#: sss-certmap.5.xml:639 +msgid "LDAPU1 extension" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para> +#: sss-certmap.5.xml:641 +msgid "The following template are available when using the 'LDAPU1' extension:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:647 +msgid "{serial_number[!(dec|hex[_ucr])]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:650 +msgid "" +"This template will add the serial number of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:655 +msgid "" +"With the formatting option '!dec' the number will be printed as decimal " +"string. The hexadecimal output can be printed with upper-case letters ('!" +"hex_u'), with a colon separating the hexadecimal bytes ('!hex_c') or with " +"the hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can " +"be combined so that e.g. '!hex_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:665 +msgid "Example: LDAPU1:(serial={serial_number})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:671 +msgid "{subject_key_id[!hex[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:674 +msgid "" +"This template will add the subject key id of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:679 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!hex_u'), " +"with a colon separating the hexadecimal bytes ('!hex_c') or with the " +"hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can be " +"combined so that e.g. '!hex_uc' will produce a colon-separated hexadecimal " +"string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:688 +msgid "Example: LDAPU1:(ski={subject_key_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:694 +msgid "{cert[!DIGEST[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:697 +msgid "" +"This template will add the hexadecimal digest/hash of the certificate where " +"DIGEST must be replaced with the name of a digest/hash function supported by " +"OpenSSL, e.g. 'sha512'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:703 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!sha512_u'), " +"with a colon separating the hexadecimal bytes ('!sha512_c') or with the " +"hexadecimal bytes in reverse order ('!sha512_r'). The postfix letters can be " +"combined so that e.g. '!sha512_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:712 +msgid "Example: LDAPU1:(dgst={cert!sha256})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:718 +msgid "{subject_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:721 +msgid "" +"This template will add an attribute value of a component of the subject DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:726 +msgid "" +"A different component can it either selected by attribute name, e.g. " +"{subject_dn_component.uid} or by position, e.g. {subject_dn_component.[2]} " +"where positive numbers start counting from the most specific component and " +"negative numbers start counting from the least specific component. Attribute " +"name and the position can be combined as e.g. {subject_dn_component.uid[2]} " +"which means that the name of the second component must be 'uid'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:737 +msgid "Example: LDAPU1:(uid={subject_dn_component.uid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:743 +msgid "{issuer_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:746 +msgid "" +"This template will add an attribute value of a component of the issuer DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:751 +msgid "" +"See 'subject_dn_component' for details about the attribute name and position " +"specifiers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:755 +msgid "" +"Example: LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component." +"dc[-1]})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:760 +msgid "{sid[.rid]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:763 +msgid "" +"This template will add the SID if the corresponding extension introduced by " +"Microsoft with the OID 1.3.6.1.4.1.311.25.2 is available. With the '.rid' " +"selector only the last component, i.e. the RID, will be added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:770 +msgid "Example: LDAPU1:(objectsid={sid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:779 +msgid "DOMAIN LIST" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:781 +msgid "" +"If the domain list is not empty users mapped to a given certificate are not " +"only searched in the local domain but in the listed domains as well as long " +"as they are know by SSSD. Domains not know to SSSD will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "sssd-ipa" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "Proveïdor d'IPA de l'SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"En aquesta pàgina del manual es descriu la configuració del proveïdor IPA " +"per a <citerefentry><refentrytitle>sssd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry>. Per una referència detallada sintaxi, aneu a la " +"secció de <quote>FORMAT DE FITXER</quote> de la pàgina del manual " +"<citerefentry>d'<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" +"El proveïdor d'IPA és un programari especialitzat que s'utilitza per " +"connectar a un servidor IPA. (Consulteu el lloc web freeipa.org per obtenir " +"informació sobre els servidors IPA). Aquest proveïdor requereix que " +"s'afegeixi la màquina al domini d'IPA; la configuració s'autodescobreix " +"gairebé totalment i s'obté directament del servidor." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for IPA environments. The IPA provider accepts the same " +"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. " +"However, it is neither necessary nor recommended to set these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:57 +msgid "" +"The IPA provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"As an access provider, the IPA provider has a minimal configuration (see " +"<quote>ipa_access_order</quote>) as it mainly uses HBAC (host-based access " +"control) rules. Please refer to freeipa.org for more information about HBAC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:68 +msgid "" +"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ipa</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:74 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:90 +msgid "ipa_domain (string)" +msgstr "ipa_domain (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:93 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" +"Especifica el nom del domini IPA. És opcional. Si no se n'especifica cap, " +"s'utilitza el nom de domini de la configuració." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:101 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "ipa_server, ipa_backup_server (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:104 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:117 +msgid "ipa_hostname (string)" +msgstr "ipa_hostname (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:120 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host. The " +"hostname must be fully qualified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:129 sssd-ad.5.xml:1181 +msgid "dyndns_update (boolean)" +msgstr "dyndns_update (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:132 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA with the IP address of this client. The update is secured " +"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the " +"updates, if it is not otherwise specified by using the <quote>dyndns_iface</" +"quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:141 sssd-ad.5.xml:1195 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:146 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:158 sssd-ad.5.xml:1206 +msgid "dyndns_ttl (integer)" +msgstr "dyndns_ttl (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:161 sssd-ad.5.xml:1209 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:166 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:172 +msgid "Default: 1200 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:178 sssd-ad.5.xml:1220 +msgid "dyndns_iface (string)" +msgstr "dyndns_iface (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 sssd-ad.5.xml:1223 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:188 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 sssd-ad.5.xml:1234 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 +msgid "dyndns_auth (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"updates with the DNS server, insecure updates can be sent by setting this " +"option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 +msgid "Default: GSS-TSIG" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 +#, fuzzy +#| msgid "dyndns_iface (string)" +msgid "dyndns_auth_ptr (string)" +msgstr "dyndns_iface (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"PTR updates with the DNS server, insecure updates can be sent by setting " +"this option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 +msgid "Default: Same as dyndns_auth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:234 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "ipa_enable_dns_sites (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:237 sssd-ad.5.xml:238 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example." +"com\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1240 +msgid "dyndns_refresh_interval (integer)" +msgstr "dyndns_refresh_interval (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:263 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:276 sssd-ad.5.xml:1258 +msgid "dyndns_update_ptr (bool)" +msgstr "dyndns_update_ptr (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:1261 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 +msgid "Default: False (disabled)" +msgstr "Per defecte: False (inhabilitat)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 +msgid "dyndns_force_tcp (bool)" +msgstr "dyndns_force_tcp (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 +msgid "dyndns_update_per_family (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 +msgid "" +"DNS update is by default performed in two steps - IPv4 update and then IPv6 " +"update. In some cases it might be desirable to perform IPv4 and IPv6 update " +"in single step." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:353 +#, fuzzy +#| msgid "ldap_access_order (string)" +msgid "ipa_access_order (string)" +msgstr "ldap_access_order (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:360 +#, fuzzy +#| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." +msgstr "<emphasis>expire</emphasis>: utilitza ldap_account_expire_policy" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:399 +msgid "" +"Please note that 'access_provider = ipa' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:406 +msgid "ipa_deskprofile_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:409 +msgid "" +"Optional. Use the given string as search base for Desktop Profile related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 +msgid "Default: Use base DN" +msgstr "Per defecte: Utilitza el DN base" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:419 +#, fuzzy +#| msgid "ipa_subdomains_search_base (string)" +msgid "ipa_subid_ranges_search_base (string)" +msgstr "ipa_subdomains_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"Optional. Use the given string as search base for subordinate ranges related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:426 +#, fuzzy +#| msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" +msgstr "Per defecte: el valor de <emphasis>ldap_search_base</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:433 +msgid "ipa_hbac_search_base (string)" +msgstr "ipa_hbac_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:436 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 +msgid "ipa_host_search_base (string)" +msgstr "ipa_host_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 +msgid "Deprecated. Use ldap_host_search_base instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:455 +msgid "ipa_selinux_search_base (string)" +msgstr "ipa_selinux_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:458 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:474 +msgid "ipa_subdomains_search_base (string)" +msgstr "ipa_subdomains_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:477 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:486 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:493 +msgid "ipa_master_domain_search_base (string)" +msgstr "ipa_master_domain_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:496 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:505 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_views_search_base (string)" +msgstr "ipa_views_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:524 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:534 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:538 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 +msgid "krb5_confd_path (string)" +msgstr "krb5_confd_path (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:564 +msgid "ipa_deskprofile_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:567 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server. This will reduce the latency and load on the IPA server if there " +"are many desktop profiles requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 +msgid "Default: 5 (seconds)" +msgstr "Per defecte: 5 (segons)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:580 +msgid "ipa_deskprofile_request_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:583 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server in case the last request did not return any rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:588 +msgid "Default: 60 (minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:594 +msgid "ipa_hbac_refresh (integer)" +msgstr "ipa_hbac_refresh (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:597 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:610 +msgid "ipa_hbac_selinux (integer)" +msgstr "ipa_hbac_selinux (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:613 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:626 +msgid "ipa_server_mode (boolean)" +msgstr "ipa_server_mode (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "" +"This option will be set by the IPA installer (ipa-server-install) " +"automatically and denotes if SSSD is running on an IPA server or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:634 +msgid "" +"On an IPA server SSSD will lookup users and groups from trusted domains " +"directly while on a client it will ask an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:639 +msgid "" +"NOTE: There are currently some assumptions that must be met when SSSD is " +"running on an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "" +"The <quote>ipa_server</quote> option must be configured to point to the IPA " +"server itself. This is already the default set by the IPA installer, so no " +"manual change is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:653 +msgid "" +"The <quote>full_name_format</quote> option must not be tweaked to only print " +"short names for users from trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:668 +msgid "ipa_automount_location (string)" +msgstr "ipa_automount_location (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:671 +msgid "The automounter location this IPA client will be using" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:674 +msgid "Default: The location named \"default\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:682 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:691 +msgid "ipa_view_class (string)" +msgstr "ipa_view_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:694 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:697 +msgid "Default: nsContainer" +msgstr "Per defecte: nsContainer" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:703 +msgid "ipa_view_name (string)" +msgstr "ipa_view_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:706 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 +#: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 +#: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 +#: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 +msgid "Default: cn" +msgstr "Per defecte: cn" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:716 +msgid "ipa_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:719 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:722 +msgid "Default: ipaOverrideAnchor" +msgstr "Per defecte: ipaOverrideAnchor" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:728 +msgid "ipa_anchor_uuid (string)" +msgstr "ipa_anchor_uuid (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:731 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:735 +msgid "Default: ipaAnchorUUID" +msgstr "Per defecte: ipaAnchorUUID" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:741 +msgid "ipa_user_override_object_class (string)" +msgstr "ipa_user_override_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:744 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:749 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:752 +msgid "ldap_user_name" +msgstr "ldap_user_name" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:755 +msgid "ldap_user_uid_number" +msgstr "ldap_user_uid_number" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:758 +msgid "ldap_user_gid_number" +msgstr "ldap_user_gid_number" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:761 +msgid "ldap_user_gecos" +msgstr "ldap_user_gecos" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:764 +msgid "ldap_user_home_directory" +msgstr "ldap_user_home_directory" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:767 +msgid "ldap_user_shell" +msgstr "ldap_user_shell" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:770 +msgid "ldap_user_ssh_public_key" +msgstr "ldap_user_ssh_public_key" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:775 +msgid "Default: ipaUserOverride" +msgstr "Per defecte: ipaUserOverride" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:781 +msgid "ipa_group_override_object_class (string)" +msgstr "ipa_group_override_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:784 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:789 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:792 +msgid "ldap_group_name" +msgstr "ldap_group_name" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:795 +msgid "ldap_group_gid_number" +msgstr "ldap_group_gid_number" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:800 +msgid "Default: ipaGroupOverride" +msgstr "Per defecte: ipaGroupOverride" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:684 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:812 +msgid "SUBDOMAINS PROVIDER" +msgstr "PROVEÏDOR DELS SUBDOMINIS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:814 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:818 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:824 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:835 +msgid "TRUSTED DOMAINS CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:843 +#, no-wrap +msgid "" +"[domain/ipa.domain.com/ad.domain.com]\n" +"ad_server = dc.ad.domain.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:837 +msgid "" +"Some configuration options can also be set for a trusted domain. A trusted " +"domain configuration can be set using the trusted domain subsection as shown " +"in the example below. Alternatively, the <quote>subdomain_inherit</quote> " +"option can be used in the parent domain. <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:848 +msgid "" +"For more details, see the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:855 +msgid "" +"Different configuration options are tunable for a trusted domain depending " +"on whether you are configuring SSSD on an IPA server or an IPA client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:860 +msgid "OPTIONS TUNABLE ON IPA MASTERS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:862 +msgid "" +"The following options can be set in a subdomain section on an IPA master:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 +msgid "ad_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:869 +msgid "ad_backup_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 +msgid "ad_site" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:875 +msgid "ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:878 +msgid "ldap_user_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:881 +msgid "ldap_group_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:890 +msgid "OPTIONS TUNABLE ON IPA CLIENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:892 +msgid "" +"The following options can be set in a subdomain section on an IPA client:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:904 +msgid "" +"Note that if both options are set, only <quote>ad_server</quote> is " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:908 +msgid "" +"Since any request for a user or a group identity from a trusted domain " +"triggered from an IPA client is resolved by the IPA server, the " +"<quote>ad_server</quote> and <quote>ad_site</quote> options only affect " +"which AD DC will the authentication be performed against. In particular, the " +"addresses resolved from these lists will be written to <quote>kdcinfo</" +"quote> files read by the Kerberos locator plugin. Please refer to the " +"<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more details on the " +"Kerberos locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:932 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" +"En el següent exemple s'assumeix que l'SSD està configurat correctament i " +"que exemple.com és un dels dominis de la secció <replaceable>[sssd]</" +"replaceable>. En aquest exemple es mostren únicament les opcions " +"específiques del proveïdor IPA." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:939 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" +"[domini/exemple.com]\n" +"id_provider = ipa\n" +"ipa_server = servidoripa.exemple.com\n" +"ipa_hostname = elmeuanfitrio.exemple.com\n" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "sssd-ad" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "Proveïdor d'Active Directory de l'SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available. Back end communication occurs over a GSSAPI-encrypted " +"channel, SSL/TLS options should not be used with the AD provider and will be " +"superseded by Kerberos usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:44 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:48 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:54 +msgid "" +"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for Active Directory environments. The AD provider accepts the " +"same options used by the sssd-ldap and sssd-krb5 providers with some " +"exceptions. However, it is neither necessary nor recommended to set these " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"The AD provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:74 +msgid "" +"The AD provider can also be used as an access, chpass, sudo and autofs " +"provider. No configuration of the access provider is required on the client " +"side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:79 +msgid "" +"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ad</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:91 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" +"ldap_id_mapping = False\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:85 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should " +"be used, it is recommended for performance reasons that the attributes are " +"also replicated to the Global Catalog. If POSIX attributes are replicated, " +"SSSD will attempt to locate the domain of a requested numerical ID with the " +"help of the Global Catalog and only search that domain. In contrast, if " +"POSIX attributes are not replicated to the Global Catalog, SSSD must search " +"all the domains in the forest sequentially. Please note that the " +"<quote>cache_first</quote> option might be also helpful in speeding up " +"domainless searches. Note that if only a subset of POSIX attributes is " +"present in the Global Catalog, the non-replicated attributes are currently " +"not read from the LDAP port." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:108 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:113 +msgid "" +"SSSD only resolves Active Directory Security Groups. For more information " +"about AD group types see: <ulink url=\"https://docs.microsoft.com/en-us/" +"windows-server/identity/ad-ds/manage/understand-security-groups\"> Active " +"Directory security groups</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:120 +msgid "" +"SSSD filters out Domain Local groups from remote domains in the AD forest. " +"By default they are filtered out e.g. when following a nested group " +"hierarchy in remote domains because they are not valid in the local domain. " +"This is done to be in agreement with Active Directory's group-membership " +"assignment which can be seen in the PAC of the Kerberos ticket of a user " +"issued by Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:138 +msgid "ad_domain (string)" +msgstr "ad_domain (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:141 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:146 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:151 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:158 +msgid "ad_enabled_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:161 +msgid "" +"A comma-separated list of enabled Active Directory domains. If provided, " +"SSSD will ignore any domains not listed in this option. If left unset, all " +"discovered domains from the AD forest will be available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:168 +msgid "" +"During the discovery of the domains SSSD will filter out some domains where " +"flags or attributes indicate that they do not belong to the local forest or " +"are not trusted. If ad_enabled_domains is set, SSSD will try to enable all " +"listed domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:179 +#, no-wrap +msgid "" +"ad_enabled_domains = sales.example.com, eng.example.com\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:175 +msgid "" +"For proper operation, this option must be specified in all lower-case and as " +"the fully qualified domain name of the Active Directory domain. For example: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) will be " +"autodetected by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:193 +msgid "ad_server, ad_backup_server (string)" +msgstr "ad_server, ad_backup_server (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:196 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:203 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:208 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:216 +msgid "ad_hostname (string)" +msgstr "ad_hostname (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:219 +msgid "" +"Optional. On machines where the hostname(5) does not reflect the fully " +"qualified name, sssd will try to expand the short name. If it is not " +"possible or the short name should be really used instead, set this parameter " +"explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:226 +msgid "" +"This field is used to determine the host principal in use in the keytab and " +"to perform dynamic DNS updates. It must match the hostname for which the " +"keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:235 +msgid "ad_enable_dns_sites (boolean)" +msgstr "ad_enable_dns_sites (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:258 +msgid "ad_access_filter (string)" +msgstr "ad_access_filter (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:261 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:269 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:277 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:285 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"Nested group membership must be searched for using a special OID " +"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain." +"example.org: syntax to ensure the parser does not attempt to interpret the " +"colon characters associated with the OID. If you do not use this OID then " +"nested group membership will not be resolved. See usage example below and " +"refer here for further information about the OID: <ulink url=\"https://msdn." +"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP " +"extensions</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:303 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:314 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +"\n" +"# apply filter for a member of a nested group in dom1:\n" +"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:333 +msgid "ad_site (string)" +msgstr "ad_site (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:347 +msgid "ad_enable_gc (boolean)" +msgstr "ad_enable_gc (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:350 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:358 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:372 +msgid "ad_gpo_access_control (string)" +msgstr "ad_gpo_access_control (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:384 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to the host. For more " +"information on the supported policy settings please refer to the " +"<quote>ad_gpo_map</quote> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:392 +msgid "" +"Please note that current version of SSSD does not support Active Directory's " +"built-in groups. Built-in groups (such as Administrators with SID " +"S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See " +"upstream issue tracker https://github.com/SSSD/sssd/issues/5063 ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:401 +msgid "" +"Before performing access control SSSD applies group policy security " +"filtering on the GPOs. For every single user login, the applicability of the " +"GPOs that are linked to the host is checked. In order for a GPO to apply to " +"a user, the user or at least one of the groups to which it belongs must have " +"following permissions on the GPO:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:411 +msgid "" +"Read: The user or one of its groups must have read access to the properties " +"of the GPO (RIGHT_DS_READ_PROPERTY)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:418 +msgid "" +"Apply Group Policy: The user or at least one of its groups must be allowed " +"to apply the GPO (RIGHT_DS_CONTROL_ACCESS)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:426 +msgid "" +"By default, the Authenticated Users group is present on a GPO and this group " +"has both Read and Apply Group Policy access rights. Since authentication of " +"a user must have been completed successfully before GPO security filtering " +"and access control are started, the Authenticated Users group permissions on " +"the GPO always apply also to the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:435 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing. For logging GPO-based access control debug level 'trace " +"functions' is required (see <citerefentry> <refentrytitle>sssctl</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:458 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:464 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:470 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:481 +msgid "Default: permissive" +msgstr "Per defecte: permissive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:484 +msgid "Default: enforcing" +msgstr "Per defecte: enforcing" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:490 +msgid "ad_gpo_implicit_deny (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:493 +msgid "" +"Normally when no applicable GPOs are found the users are allowed access. " +"When this option is set to True users will be allowed access only when " +"explicitly allowed by a GPO rule. Otherwise users will be denied access. " +"This can be used to harden security but be careful when using this option " +"because it can deny access even to users in the built-in Administrators " +"group if no GPO rules apply to them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:509 +msgid "" +"The following 2 tables should illustrate when a user is allowed or rejected " +"based on the allow and deny login rights defined on the server-side and the " +"setting of ad_gpo_implicit_deny." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:521 +msgid "ad_gpo_implicit_deny = False (default)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "allow-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "deny-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:523 sssd-ad.5.xml:549 +msgid "results" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:526 sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:552 +#: sssd-ad.5.xml:555 sssd-ad.5.xml:558 +msgid "missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:527 +#, fuzzy +#| msgid "The following values are allowed:" +msgid "all users are allowed" +msgstr "S'admeten els valors següents:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:535 sssd-ad.5.xml:555 +#: sssd-ad.5.xml:558 sssd-ad.5.xml:561 +msgid "present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:530 +msgid "only users not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:533 sssd-ad.5.xml:559 +#, fuzzy +#| msgid "The following values are allowed:" +msgid "only users in allow-rules are allowed" +msgstr "S'admeten els valors següents:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:536 sssd-ad.5.xml:562 +msgid "only users in allow-rules and not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:547 +#, fuzzy +#| msgid "ad_gpo_map_deny (string)" +msgid "ad_gpo_implicit_deny = True" +msgstr "ad_gpo_map_deny (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:553 sssd-ad.5.xml:556 +#, fuzzy +#| msgid "The following values are allowed:" +msgid "no users are allowed" +msgstr "S'admeten els valors següents:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:569 +msgid "ad_gpo_ignore_unreadable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:572 +msgid "" +"Normally when some group policy containers (AD object) of applicable group " +"policy objects are not readable by SSSD then users are denied access. This " +"option allows to ignore group policy containers and with them associated " +"policies if their attributes in group policy containers are not readable for " +"SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:589 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "ad_gpo_cache_timeout (enter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:605 +msgid "ad_gpo_map_interactive (string)" +msgstr "ad_gpo_map_interactive (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:608 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings. Only those GPOs are evaluated " +"for which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny interactive logon setting for the user or one of its groups, the user " +"is denied local access. If none of the evaluated GPOs has an interactive " +"logon right defined, the user is granted local access. If at least one " +"evaluated GPO contains interactive logon right settings, the user is granted " +"local access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:626 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:640 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:631 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:663 +msgid "gdm-fingerprint" +msgstr "gdm-fingerprint" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:683 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:688 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:693 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:698 +msgid "unity" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:703 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:712 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "ad_gpo_map_remote_interactive (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:715 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings. Only those GPOs are " +"evaluated for which the user has Read and Apply Group Policy permission (see " +"option <quote>ad_gpo_access_control</quote>). If an evaluated GPO contains " +"the deny remote logon setting for the user or one of its groups, the user is " +"denied remote interactive access. If none of the evaluated GPOs has a " +"remote interactive logon right defined, the user is granted remote access. " +"If at least one evaluated GPO contains remote interactive logon right " +"settings, the user is granted remote access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:734 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:749 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:740 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:757 +msgid "sshd" +msgstr "sshd" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:762 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:771 +msgid "ad_gpo_map_network (string)" +msgstr "ad_gpo_map_network (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny network logon setting for the user or one of its groups, the user is " +"denied network logon access. If none of the evaluated GPOs has a network " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains network logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:792 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:807 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:798 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:815 +msgid "ftp" +msgstr "ftp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:820 +msgid "samba" +msgstr "samba" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:829 +msgid "ad_gpo_map_batch (string)" +msgstr "ad_gpo_map_batch (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:832 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings. Only those GPOs are evaluated for which the user has Read " +"and Apply Group Policy permission (see option <quote>ad_gpo_access_control</" +"quote>). If an evaluated GPO contains the deny batch logon setting for the " +"user or one of its groups, the user is denied batch logon access. If none " +"of the evaluated GPOs has a batch logon right defined, the user is granted " +"logon access. If at least one evaluated GPO contains batch logon right " +"settings, the user is granted logon access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:850 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:864 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:855 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:867 +msgid "" +"Note: Cron service name may differ depending on Linux distribution used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:873 +msgid "crond" +msgstr "crond" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:882 +msgid "ad_gpo_map_service (string)" +msgstr "ad_gpo_map_service (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:885 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny service logon setting for the user or one of its groups, the user is " +"denied service logon access. If none of the evaluated GPOs has a service " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains service logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:903 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:916 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" +"ad_gpo_map_service = +my_pam_service\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:908 sssd-ad.5.xml:983 +msgid "" +"It is possible to add a PAM service name to the default set by using " +"<quote>+service_name</quote>. Since the default set is empty, it is not " +"possible to remove a PAM service name from the default set. For example, in " +"order to add a custom pam service name (e.g. <quote>my_pam_service</quote>), " +"you would use the following configuration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:926 +msgid "ad_gpo_map_permit (string)" +msgstr "ad_gpo_map_permit (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:929 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:943 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:934 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:951 +msgid "polkit-1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:966 +msgid "systemd-user" +msgstr "systemd-user" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:975 +msgid "ad_gpo_map_deny (string)" +msgstr "ad_gpo_map_deny (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:978 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:991 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" +"ad_gpo_map_deny = +my_pam_service\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1001 +msgid "ad_gpo_default_right (string)" +msgstr "ad_gpo_default_right (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1004 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1017 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1026 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1031 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1036 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1041 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1046 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1051 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1057 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1063 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1066 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1072 +msgid "Default: 30 days" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1078 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1081 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expects 2 integers separated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the initial timeout in seconds before the task is run for the " +"first time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1090 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1096 +msgid "ad_update_samba_machine_account_password (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1099 +msgid "" +"If enabled, when SSSD renews the machine account password, it will also be " +"updated in Samba's database. This prevents Samba's copy of the machine " +"account password from getting out of date when it is set up to use AD for " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1112 +msgid "ad_use_ldaps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1115 +msgid "" +"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " +"3628. If this option is set to True SSSD will use the LDAPS port 636 and " +"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " +"have multiple encryption layers on a single connection and we still want to " +"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " +"property maxssf is set to 0 (zero) for those connections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1132 +#, fuzzy +#| msgid "ldap_sudo_include_netgroups (boolean)" +msgid "ad_allow_remote_domain_local_groups (boolean)" +msgstr "ldap_sudo_include_netgroups (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1135 +msgid "" +"If this option is set to <quote>true</quote> SSSD will not filter out Domain " +"Local groups from remote domains in the AD forest. By default they are " +"filtered out e.g. when following a nested group hierarchy in remote domains " +"because they are not valid in the local domain. To be compatible with other " +"solutions which make AD users and groups available on Linux client this " +"option was added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1145 +msgid "" +"Please note that setting this option to <quote>true</quote> will be against " +"the intention of Domain Local group in Active Directory and <emphasis>SHOULD " +"ONLY BE USED TO FACILITATE MIGRATION FROM OTHER SOLUTIONS</emphasis>. " +"Although the group exists and user can be member of the group the intention " +"is that the group should be only used in the domain it is defined and in no " +"others. Since there is only one type of POSIX groups the only way to achieve " +"this on the Linux side is to ignore those groups. This is also done by " +"Active Directory as can be seen in the PAC of the Kerberos ticket for a " +"local service or in tokenGroups requests where remote Domain Local groups " +"are missing as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1161 +msgid "" +"Given the comments above, if this option is set to <quote>true</quote> the " +"tokenGroups request must be disabled by setting <quote>ldap_use_tokengroups</" +"quote> to <quote>false</quote> to get consistent group-memberships of a " +"users. Additionally the Global Catalog lookup should be skipped as well by " +"setting <quote>ad_enable_gc</quote> to <quote>false</quote>. Finally it " +"might be necessary to modify <quote>ldap_group_nesting_level</quote> if the " +"remote Domain Local groups can only be found with a deeper nesting level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1184 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1214 +msgid "Default: 3600 (seconds)" +msgstr "Per defecte: 3600 (segons)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1230 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1243 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true. Note that the " +"lowest possible value is 60 seconds in-case if value is provided less than " +"60, parameter will assume lowest value only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1393 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1400 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" +"[domain/EXEMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.exemple.com\n" +"ad_hostname = client.exemple.com\n" +"ad_domain = exemple.com\n" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1420 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1416 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1426 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1434 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included in the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "sssd-sudo" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "sudoers: files sss\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXEMPLE\n" +"\n" +"[domain/EXEMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://exemple.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=exemple,dc=com\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:98 +msgid "" +"<placeholder type=\"programlisting\" id=\"0\"/> <phrase " +"condition=\"have_systemd\"> It's important to note that on platforms where " +"systemd is supported there's no need to add the \"sudo\" provider to the " +"list of services, as it became optional. However, sssd-sudo.socket must be " +"enabled instead. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:118 +msgid "" +"When SSSD is configured to use IPA as the ID provider, the sudo provider is " +"automatically enabled. The sudo search base is configured to use the IPA " +"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in " +"sssd.conf, this value will be used instead. The compat tree (ou=sudoers," +"$SUFFIX) is no longer required for IPA sudo functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:128 +msgid "The SUDO rule caching mechanism" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:130 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:138 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:144 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:161 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:168 +msgid "keyword ALL" +msgstr "paraula clau ALL" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:173 +msgid "wildcard" +msgstr "comodí" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:178 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:183 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:188 +msgid "one of the IP addresses of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:193 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:199 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:213 +msgid "Tuning the performance" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:215 +msgid "" +"SSSD uses different kinds of mechanisms with more or less complex LDAP " +"filters to keep the cached sudo rules up to date. The default configuration " +"is set to values that should satisfy most of our users, but the following " +"paragraphs contain few tips on how to fine- tune the configuration to your " +"requirements." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:222 +msgid "" +"1. <emphasis>Index LDAP attributes</emphasis>. Make sure that following LDAP " +"attributes are indexed: objectClass, cn, entryUSN or modifyTimestamp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:227 +msgid "" +"2. <emphasis>Set ldap_sudo_search_base</emphasis>. Set the search base to " +"the container that holds the sudo rules to limit the scope of the lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:232 +msgid "" +"3. <emphasis>Set full and smart refresh interval</emphasis>. If your sudo " +"rules do not change often and you do not require quick update of cached " +"rules on your clients, you may consider increasing the " +"<emphasis>ldap_sudo_full_refresh_interval</emphasis> and " +"<emphasis>ldap_sudo_smart_refresh_interval</emphasis>. You may also consider " +"disabling the smart refresh by setting " +"<emphasis>ldap_sudo_smart_refresh_interval = 0</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:241 +msgid "" +"4. If you have large number of clients, you may consider increasing the " +"value of <emphasis>ldap_sudo_random_offset</emphasis> to distribute the load " +"on the server better." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "sssd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "" +"dimoni dels serveis de seguretat del sistema (System Security Services " +"Daemon)" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" +"L'<command>SSSD</command> proporciona un conjunt de dimonis per gestionar " +"l'accés als directoris remots i els mecanismes d'autenticació. Proporciona " +"una interfície NSS i PAM cap al sistema i un sistema d'accés a la capa de " +"dades amb connectors per connectar a orígens múltiples de comptes diferents, " +"com ara la interfície D-Bus. També és la base per proporcionar l'auditoria " +"dels clients i les polítiques dels serveis per a projectes com FreeIPA. " +"Proporciona una base de dades més robusta on emmagatzemar els usuaris " +"locals, així com dades addicionals de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>NIVELL</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" +"<emphasis>1</emphasis>: Afegeix una marca temporal als registres de depuració" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" +"<emphasis>0</emphasis>: Inhabilita la marca temporal als registres de " +"depuració" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" +"<emphasis>1</emphasis>: Afegeix els mil·lisegons a les marques temporals als " +"missatges de depuració" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" +"<emphasis>0</emphasis>: Inhabilita els mil·lisegons a les marques temporals" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>--logger=</option><replaceable>value</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "Location where SSSD will send log messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:92 +msgid "" +"<emphasis>stderr</emphasis>: Redirect debug messages to standard error " +"output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:96 +msgid "" +"<emphasis>files</emphasis>: Redirect debug messages to the log files. By " +"default, the log files are stored in <filename>/var/log/sssd</filename> and " +"there are separate log files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:102 +msgid "" +"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:106 +msgid "" +"Default: not set (fall back to journald if available, otherwise to stderr)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:113 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "<option>-D</option>,<option>--daemon</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:117 +msgid "Become a daemon after starting up." +msgstr "Esdevé un dimoni després de la posada en marxa." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:123 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "<option>-i</option>,<option>--interactive</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:127 +msgid "Run in the foreground, don't become a daemon." +msgstr "Executa en primer pla, no esdevinguis un dimoni." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:133 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "<option>-c</option>,<option>--config</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:137 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Especifica un fitxer de configuració diferent al predeterminat. Per defecte " +"és <filename>/etc/sssd/sssd.conf</filename>. Per consultar la sintaxi del " +"fitxer de configuració i les opcions, aneu a la pàgina del manual del " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "<option>-g</option>,<option>--genconf</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:154 +msgid "" +"Do not start the SSSD, but refresh the configuration database from the " +"contents of <filename>/etc/sssd/sssd.conf</filename> and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:162 +msgid "<option>-s</option>,<option>--genconf-section</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:166 +msgid "" +"Similar to <quote>--genconf</quote>, but only refresh a single section from " +"the configuration file. This option is useful mainly to be called from " +"systemd unit files to allow socket-activated responders to refresh their " +"configuration without requiring the administrator to restart the whole SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:178 +msgid "<option>--version</option>" +msgstr "<option>--version</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:182 +msgid "Print version number and exit." +msgstr "Imprimeix el número de la versió i surt." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:190 +msgid "Signals" +msgstr "Senyals" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:193 +msgid "SIGTERM/SIGINT" +msgstr "SIGTERM/SIGINT" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:196 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" +"Informa l'SSSD per finalitzar elegantment tots els seus processos fills i " +"després atura el monitor." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:202 +msgid "SIGHUP" +msgstr "SIGHUP" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:205 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" +"Diu a l'SSSD que deixi d'escriure als actuals descriptors de fitxers de " +"depuració i que els tanqui i els reobri. Això intenta facilitar la rotació " +"dels registres amb programes com logrotate." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:213 +msgid "SIGUSR1" +msgstr "SIGUSR1" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:216 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" +"Diu a l'SSSD que simuli l'operació sense connexió pel període del paràmetre " +"<quote>offline_timeout</quote>. Això és útil per fer proves. El senyal es " +"pot enviar directament al procés sssd o sssd_be." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:225 +msgid "SIGUSR2" +msgstr "SIGUSR2" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:228 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" +"Diu a l'SSSD que es desconnecti immediatament. Això és útil per fer proves. " +"El senyal es pot enviar directament al procés sssd o sssd_be." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:240 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:244 +msgid "" +"If the environment variable SSS_LOCKFREE is set to \"NO\", requests from " +"multiple threads of a single application will be serialized." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "sss_obfuscate" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "ofusca una contrasenya en text clar" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>opcions</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" +"<command>sss_obfuscate</command> converteix una contrasenya especificada a " +"un format illegible per als humans i la posa a la secció del domini adequat " +"del fitxer de configuració de l'SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" +"La contrasenya en text clar es llegeix de l'entrada estàndard o s'introdueix " +"de forma interactiva. La contrasenya ofuscada es fica al paràmetre " +"<quote>ldap_default_authtok</quote> del domini SSSD indicat, i el paràmetre " +"<quote>ldap_default_authtok_type</quote> s'estableix a " +"<quote>obfuscated_password</quote>. Consulteu <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> per a més detalls sobre aquests paràmetres." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" +"Tingueu en compte que ofuscar les contrasenyes <emphasis>no proporciona cap " +"benefici real de seguretat</emphasis>, ja que un atacant encara podria " +"extreure la contrasenya amb enginyeria inversa. Es recomana " +"<emphasis>aferrissadament</emphasis> l'ús de mecanismes d'autenticació " +"millors com els certificats al cantó del client o el GSSAPI." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "<option>-s</option>,<option>--stdin</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "La contrasenya per ofuscar es llegirà de l'entrada estàndard." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMINI</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" +"El domini SSSD on s'utilitza la contrasenya. El nom per defecte és " +"<quote>default</quote>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" +"<option>-f</option>,<option>--file</option> <replaceable>FITXER</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" +"Llegeix el fitxer de configuració que s'especifica amb el paràmetre " +"posicional." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "Per defecte: <filename>/etc/sssd/sssd.conf</filename>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:48 +msgid "" +"<emphasis>NOTE:</emphasis> The options provided in this man page only work " +"with <quote>ldap</quote> and <quote>AD</quote> <quote> id_provider</quote>. " +"IPA overrides can be managed centrally on the IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:56 sssctl.8.xml:41 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:58 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:65 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED " +"CERTIFICATE</optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:78 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:86 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:91 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:100 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:105 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:113 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:118 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:124 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:134 +msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:137 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:146 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:149 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:155 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:160 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:168 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:175 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:183 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:188 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:197 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:202 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:210 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:215 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:221 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:231 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:234 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:243 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:246 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:252 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:257 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:267 sssctl.8.xml:50 +msgid "COMMON OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:269 sssctl.8.xml:52 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:274 sssctl.8.xml:57 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "sssd-krb5" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "krb5_kpasswd, krb5_backup_kpasswd (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "Per defecte: Utilitza el KDC" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "krb5_ccachedir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "Per defecte: /tmp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "krb5_ccname_template (cadena)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "%u" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "nom d'usuari" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "%U" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "UID de l'usuari" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "%p" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "%r" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "nom real" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 include/override_homedir.xml:42 +msgid "%h" +msgstr "%h" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:124 +msgid "home directory" +msgstr "directori inicial" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:31 +msgid "%P" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:56 +msgid "%%" +msgstr "%%" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:57 +msgid "a literal '%'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "Per defecte: (del libkrb5)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_keytab (string)" +msgstr "krb5_keytab (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:253 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "krb5_store_password_if_offline (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:256 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:261 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:274 +msgid "krb5_use_fast (string)" +msgstr "krb5_use_fast (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:277 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:282 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:286 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:291 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:296 +msgid "Default: not set, i.e. FAST is not used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:299 +msgid "NOTE: a keytab or support for anonymous PKINIT is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:303 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:312 +msgid "krb5_fast_principal (string)" +msgstr "krb5_fast_principal (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:315 +msgid "Specifies the server principal to use for FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:321 +#, fuzzy +#| msgid "krb5_use_kdcinfo (boolean)" +msgid "krb5_fast_use_anonymous_pkinit (boolean)" +msgstr "krb5_use_kdcinfo (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:324 +msgid "" +"If set to true try to use anonymous PKINIT instead of a keytab to get the " +"required credential for FAST. The krb5_fast_principal options is ignored in " +"this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:364 +msgid "krb5_kdcinfo_lookahead (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:367 +msgid "" +"When krb5_use_kdcinfo is set to true, you can limit the amount of servers " +"handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. This might be " +"helpful when there are too many servers discovered using SRV record." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:377 +msgid "" +"The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. " +"The first number represents number of primary servers used and the second " +"number specifies the number of backup servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:383 +msgid "" +"For example <emphasis>10:0</emphasis> means that up to 10 primary servers " +"will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " +"servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:392 +msgid "Default: 3:1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:398 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "krb5_use_enterprise_principal (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:401 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:407 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:410 +msgid "" +"The IPA provider will set to option to 'true' if it detects that the server " +"is capable of handling enterprise principals and the option is not set " +"explicitly in the config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:419 +#, fuzzy +#| msgid "krb5_use_kdcinfo (boolean)" +msgid "krb5_use_subdomain_realm (boolean)" +msgstr "krb5_use_kdcinfo (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:422 +msgid "" +"Specifies to use subdomains realms for the authentication of users from " +"trusted domains. This option can be set to 'true' if enterprise principals " +"are used with upnSuffixes which are not known on the parent domain KDCs. If " +"the option is set to 'true' SSSD will try to send the request directly to a " +"KDC of the trusted domain the user is coming from." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:438 +msgid "krb5_map_user (string)" +msgstr "krb5_map_user (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:453 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:458 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:485 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:493 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXEMPLE.COM\n" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "sss_cache" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "fa neteja de la memòria cau" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>opcions</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online. Options that invalidate a single object only accept a " +"single provided argument." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:43 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "<option>-E</option>,<option>--everything</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:47 +msgid "Invalidate all cached entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:53 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" +"<option>-u</option>,<option>--user</option> <replaceable>usuari</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:58 +msgid "Invalidate specific user." +msgstr "Invalida un usuari específic." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:64 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "<option>-U</option>,<option>--users</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:68 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" +"Invalida tots els registres dels usuaris. Aquesta opció anul·la la " +"invalidació d'un usuari específic, si també es va especificar." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:75 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" +"<option>-g</option>,<option>--group</option> <replaceable>grup</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:80 +msgid "Invalidate specific group." +msgstr "Invalida un grup específic." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:86 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "<option>-G</option>,<option>--groups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:90 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" +"Invalida tots els registres dels grups. Aquesta opció anul·la la invalidació " +"d'un grup específic, si també es va especificar." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:97 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>grup-de-xarxa</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:102 +msgid "Invalidate specific netgroup." +msgstr "invalida un grup de xarxa específic." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:108 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "<option>-N</option>,<option>--netgroups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:112 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" +"Invalida tots els registres dels grups de xarxa. Aquesta opció anul·la la " +"invalidació d'un grup de xarxa específic, si també es va especificar." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:119 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" +"<option>-s</option>,<option>--service</option> <replaceable>servei</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:124 +msgid "Invalidate specific service." +msgstr "invalida un servei específic." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:130 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "<option>-S</option>,<option>--services</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:134 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" +"Invalida tots els registres dels serveis. Aquesta opció anul·la la " +"invalidació d'un servei específic, si també es va especificar." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:141 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>assignació-" +"autofs</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:146 +msgid "Invalidate specific autofs maps." +msgstr "Invalida una assignació autofs específica." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:152 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "<option>-A</option>,<option>--autofs-maps</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:156 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" +"Invalida tots els registres de les assignacions autofs. Aquesta opció " +"anul·la la invalidació d'una assignació autofs específica, si també es va " +"especificar." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:163 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>nom-amfitrió</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:168 +msgid "Invalidate SSH public keys of a specific host." +msgstr "Invalida les claus públiques SSH d'un amfitrió especific." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:174 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "<option>-H</option>,<option>--ssh-hosts</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:178 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" +"Invalida tots els registres de les claus públiques SSH de tots els " +"amfitrions. Aquesta opció anul·la la invalidació d'una clau pública SSH d'un " +"amfitrió específic, si també es va especificar." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:186 +msgid "" +"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:191 +msgid "Invalidate particular sudo rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:197 +msgid "<option>-R</option>,<option>--sudo-rules</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:201 +msgid "" +"Invalidate all cached sudo rules. This option overrides invalidation of " +"specific sudo rule if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:209 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>domini</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:214 +msgid "Restrict invalidation process only to a particular domain." +msgstr "Restringeix el procés d'invalidació a tan sols un domini concret." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_cache.8.xml:224 +msgid "EFFECTS ON THE FAST MEMORY CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:226 +msgid "" +"<command>sss_cache</command> also invalidates the memory cache. Since the " +"memory cache is a file which is mapped into the memory of each process which " +"called SSSD to resolve users or groups the file cannot be truncated. A " +"special flag is set in the header of the file to indicate that the content " +"is invalid and then the file is unlinked by SSSD's NSS responder and a new " +"cache file is created. Whenever a process is now doing a new lookup for a " +"user or a group it will see the flag, close the old memory cache file and " +"map the new one into its memory. When all processes which had opened the old " +"memory cache file have closed it while looking up a user or a group the " +"kernel can release the occupied disk space and the old memory cache file is " +"finally removed completely." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:240 +msgid "" +"A special case is long running processes which are doing user or group " +"lookups only at startup, e.g. to determine the name of the user the process " +"is running as. For those lookups the memory cache file is mapped into the " +"memory of the process. But since there will be no further lookups this " +"process would never detect if the memory cache file was invalidated and " +"hence it will be kept in memory and will occupy disk space until the process " +"stops. As a result calling <command>sss_cache</command> might increase the " +"disk usage because old memory cache files cannot be removed from the disk " +"because they are still mapped by long running processes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:252 +msgid "" +"A possible work-around for long running processes which are looking up users " +"and groups only at startup or very rarely is to run them with the " +"environment variable SSS_NSS_USE_MEMCACHE set to \"NO\" so that they won't " +"use the memory cache at all and not map the memory cache file into the " +"memory. In general a better solution is to tune the cache timeout parameters " +"so that they meet the local expectations and calling <command>sss_cache</" +"command> is not needed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "sss_debuglevel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "[DEPRECATED] change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>opcions</" +"replaceable> </arg> <arg " +"choice='plain'><replaceable>NOU_NIVELL_DE_DEPURACIÓ</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl " +"debug-level command. Please refer to the <command>sssctl</command> man page " +"for more information on sssctl usage." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "sss_seed" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "implanta la memòria cau de l'SSSD amb un usuari" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>opcions</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMINI</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USUARI</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" +"<command>sss_seed</command> implanta la memòria cau de l'SSSD amb una " +"entrada d'un usuari i la contrasenya temporal. Si l'entrada d'un usuari ja " +"està present a la memòria cau de l'SSSD aleshores s'actualitza l'entrada amb " +"la contrasenya temporal." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMINI</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" +"Proporciona el nom del domini en el qual l'usuari n'és membre. El domini " +"també s'utilitza per recuperar la informació de l'usuari. El domini ha " +"d'estar configurat a l'sssd.conf. S'ha de proporcionar l'opció del " +"<replaceable>DOMINI</replaceable>. La informació recuperada del domini " +"anul·la aquella que es proporcioni a les opcions." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" +"L'entrada del nom d'usuari a crear o modificar a la memòria cau. S'ha de " +"proporcionar l'opció de l'<replaceable>USUARI</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "Estableix l'UID de l'usuari a <replaceable>UID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "Estableix el GID de l'usuari a <replaceable>GID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENTARI</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" +"Qualsevol cadena de text amb la descripció de l'usuari. Sovint s'utilitza " +"com a camp per al nom complet de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" +"<option>-h</option>,<option>--home</option> <replaceable>DIRECTORI_INICIAL</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" +"Establix el directori inicial de l'usuari a <replaceable>DIRECTORI_INICIAL</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" +"Estableix el shell d'inici de sessió de l'usuari a <replaceable>SHELL</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" +"Mode interactiu per a la introducció de la informació de l'usuari. Aquesta " +"opció només demanà la informació no proporcionada a les opcions o que no es " +"recuperi del domini." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" +"<option>-p</option>,<option>--password-file</option> " +"<replaceable>FITXER_CONTRASENYA</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" +"Especifica el fitxer des d'on llegir la contrasenya de l'usuari. (si no " +"s'especifica, es demana per la contrasenya)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" +"La longitud de la contrasenya (o la mida del fitxer que s'especifica amb " +"l'opció -p o --password-file) ha de ser més petita o igual que PASS_MAX " +"bytes (64 bytes en els sistemes que no defineixen globalment el valor de " +"PASS_MAX)." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "sssd-ifp" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "contestador de l'InfoPipe de l'SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"En aquesta pàgina del manual es descriu la configuració del contestador de " +"l'InfoPipe per a <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. Per a una referència detallada de " +"la sintaxi, consulteu la secció <quote>FORMAT DEL FITXER</quote> de la " +"pàgina del manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" +"El contestador de l'InfoPipe proporciona una interfície D-Bus publica que es " +"pot accedir a través del bus del sistema. La interfície permet que l'usuari " +"consulti informació sobre els usuaris i els grups remots a través del bus " +"del sistema." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ifp.5.xml:43 +msgid "FIND BY VALID CERTIFICATE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:45 +msgid "" +"The following options can be used to control how the certificates are " +"validated when using the FindByValidCertificate() API:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:48 sss_ssh_authorizedkeys.1.xml:92 +msgid "ca_db" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:49 sss_ssh_authorizedkeys.1.xml:93 +msgid "p11_child_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:50 sss_ssh_authorizedkeys.1.xml:94 +msgid "certificate_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:52 +#, fuzzy +#| msgid "" +#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +#| "citerefentry> for more information on configuring Kerberos." +msgid "" +"For more details about the options see <citerefentry><refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." +msgstr "" +"<quote>krb5</quote> per a l'autenticació Kerberos. Vegeu " +"<citerefentry><refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> per a més informació sobre configurar Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:62 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" +"Es poden utilitzar aquestes opcions per configurar el contestador de " +"l'InfoPipe." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:69 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" +"Especifica una llista separada per comes dels valors dels UID o dels noms " +"d'usuaris que estan assignats per accedir al contestador de l'InfoPipe. Els " +"noms d'usuaris es resolen als UID en la preparació." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:75 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" +"Per defecte: 0 (únicament a l'usuari root se li permet l'accés al " +"contestador de l'InfoPipe)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:79 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" +"Tingueu en compte que encara que s'utilitzi l'UID 0 com a valor per defecte " +"se sobreescriurà amb aquesta opció. Si encara voleu permetre que l'usuari " +"root accedeixi al contestador de l'InfoPipe, el que seria el cas típic, " +"també cal afegir 0 a la llista dels UID permesos." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:93 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" +"Especifica una llista separada per comes dels atributs de la llista negra o " +"blanca." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "name" +msgstr "name" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:108 +msgid "user's login name" +msgstr "nom d'inici de sessió de l'usuari" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "uidNumber" +msgstr "uidNumber" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user ID" +msgstr "id. de l'usuari" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:115 +msgid "gidNumber" +msgstr "gidNumber" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:116 +msgid "primary group ID" +msgstr "id. del grup primari" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:119 +msgid "gecos" +msgstr "gecos" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:120 +msgid "user information, typically full name" +msgstr "informació de l'usuari, normalment el nom complet " + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:123 +msgid "homeDirectory" +msgstr "homeDirectory" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:127 +msgid "loginShell" +msgstr "loginShell" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:128 +msgid "user shell" +msgstr "shell de l'usuari" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:97 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"Per defecte, el contestador de l'InfoPipe únicament permet que se " +"sol·licitin el conjunt per defecte dels atributs POSIX. Aquest conjunt és el " +"mateix que es retorna amb <citerefentry> <refentrytitle>getpwnam</" +"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> i inclou: " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:141 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:133 +msgid "" +"It is possible to add another attribute to this set by using " +"<quote>+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Es poden afegir altres atributs a aquest conjunt amb <quote>+nom_atribut</" +"quote> o suprimir explícitament un atribut amb <quote>-nom_atribut</quote>. " +"Per exemple, per permetre <quote>telephoneNumber</quote> però denegar " +"<quote>loginShell</quote>, podríeu utilitzar la següent configuració: " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:145 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" +"Per defecte: sense establir. Únicament es permet el conjunt per defecte dels " +"atributs POSIX." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:155 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:160 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Desenvolupador (2013-2014)</contrib> " +"</author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Desenvolupador (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "sss_rpcidmapd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "les directrius de configuració del complement sss per al rpc.idmapd" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "FITXER DE CONFIGURACIÓ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" +"El fitxer de configuració rpc.idmapd normalment es troba a <emphasis>/etc/" +"idmapd.conf</emphasis>. Vegeu <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> per més informació." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "AMPLIACIÓ DE LA CONFIGURACIÓ DE L'SSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "Habilita el complement SSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" +"En la secció <quote>[Translation]</quote>, modifiqueu o establiu l'atribut " +"<quote>Method</quote> per abastar <emphasis>sss</emphasis>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "Secció de configuració [sss]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" +"Per canviar el valor per defecte d'un dels atributs de configuració del " +"connector de l'<emphasis>sss</emphasis> que es llisten a continuació, " +"necessitareu crear-li una secció de configuració, anomenada <quote>[sss]</" +"quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "Atributs de configuració" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "memcache (booleà)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "Indica si s'utilitza o no la tècnica d'optimització de la memòria cau." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "INTEGRACIÓ DE L'SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" +"El connector sss requereix que s'habiliti el <emphasis>contestador del NSS</" +"emphasis> al sssd." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" +"L'atribut <quote>use_fully_qualified_names</quote> ha d'estar habilitat en " +"tots els dominis (els clients de NFSv4 esperen un FQN per a ser enviats al " +"cable)." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" +"[General]\n" +"Verbosity = 2\n" +"# el domini ha de sincronitzar-se entre el servidor i els clients del NFSv4\n" +"# Solaris/Illumos/AIX utilitzen \"localdomain\" com a predeterminat!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"En el següent exemple es mostra un idmapd.conf mínim que fa ús del connector " +"sss. <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:316 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "VEGEU TAMBÉ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "sss_ssh_authorizedkeys" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "1" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "obté les claus autoritzades de l'OpenSSH" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>opcions</replaceable> </arg> <arg " +"choice='plain'><replaceable>USUARI</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the " +"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> man page for more details about this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:59 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:52 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_ssh_authorizedkeys.1.xml:65 +msgid "KEYS FROM CERTIFICATES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:67 +msgid "" +"In addition to the public SSH keys for user <replaceable>USER</replaceable> " +"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived " +"from the public key of a X.509 certificate as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:73 +msgid "" +"To enable this the <quote>ssh_use_certificate_keys</quote> option must be " +"set to true (default) in the [ssh] section of <filename>sssd.conf</" +"filename>. If the user entry contains certificates (see " +"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or " +"there is a certificate in an override entry for the user (see " +"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the " +"certificate is valid SSSD will extract the public key from the certificate " +"and convert it into the format expected by sshd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:90 +msgid "Besides <quote>ssh_use_certificate_keys</quote> the options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:96 +msgid "" +"can be used to control how the certificates are validated (see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:101 +msgid "" +"The validation is the benefit of using X.509 certificates instead of SSH " +"keys directly because e.g. it gives a better control of the lifetime of the " +"keys. When the ssh client is configured to use the private keys from a " +"Smartcard with the help of a PKCS#11 shared library (see " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> for details) it might be irritating that authentication is " +"still working even if the related X.509 certificate on the Smartcard is " +"already expired because neither <command>ssh</command> nor <command>sshd</" +"command> will look at the certificate at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:114 +msgid "" +"It has to be noted that the derived public SSH key can still be added to the " +"<filename>authorized_keys</filename> file of the user to bypass the " +"certificate validation if the <command>sshd</command> configuration permits " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:132 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:102 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:104 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "sss_ssh_knownhostsproxy" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "obté les claus de l'amfitrió de l'OpenSSH" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and establishes the connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:89 +msgid "<option>-k</option>,<option>--pubkey</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:93 +msgid "" +"Print the host ssh public keys for host <replaceable>HOST</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: idmap_sss.8.xml:10 idmap_sss.8.xml:15 +msgid "idmap_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: idmap_sss.8.xml:16 +msgid "SSSD's idmap_sss Backend for Winbind" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:22 +msgid "" +"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. " +"No database is required in this case as the mapping is done by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: idmap_sss.8.xml:29 +msgid "IDMAP OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: idmap_sss.8.xml:33 +msgid "range = low - high" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: idmap_sss.8.xml:35 +msgid "" +"Defines the available matching UID and GID range for which the backend is " +"authoritative." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:45 +msgid "" +"This example shows how to configure idmap_sss as the default mapping module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: idmap_sss.8.xml:50 +#, no-wrap +msgid "" +"[global]\n" +"security = ads\n" +"workgroup = <AD-DOMAIN-SHORTNAME>\n" +"\n" +"idmap config <AD-DOMAIN-SHORTNAME> : backend = sss\n" +"idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647\n" +"\n" +"idmap config * : backend = tdb\n" +"idmap config * : range = 100000-199999\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:62 +msgid "" +"Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of " +"the AD domain. If multiple AD domains should be used each domain needs an " +"<literal>idmap config</literal> line with <literal>backend = sss</literal> " +"and a line with a suitable <literal>range</literal>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:69 +msgid "" +"Since Winbind requires a writeable default backend and idmap_sss is read-" +"only the example includes <literal>backend = tdb</literal> as default." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssctl.8.xml:10 sssctl.8.xml:15 +msgid "sssctl" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssctl.8.xml:16 +msgid "SSSD control and status utility" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssctl.8.xml:21 +msgid "" +"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:32 +msgid "" +"<command>sssctl</command> provides a simple and unified way to obtain " +"information about SSSD status, such as active server, auto-discovered " +"servers, domains and cached objects. In addition, it can manage SSSD data " +"files for troubleshooting in such a way that is safe to manipulate while " +"SSSD is running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:43 +msgid "" +"To list all available commands run <command>sssctl</command> without any " +"parameters. To print help for selected command run <command>sssctl COMMAND --" +"help</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-files.5.xml:10 sssd-files.5.xml:16 +msgid "sssd-files" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-files.5.xml:17 +msgid "SSSD files provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:23 +msgid "" +"This manual page describes the files provider for <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:36 +msgid "" +"The files provider mirrors the content of the <citerefentry> " +"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files " +"provider is to make the users and groups traditionally only accessible with " +"NSS interfaces also available through the SSSD interfaces such as " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:55 +msgid "" +"Another reason is to provide efficient caching of local users and groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:58 +#, fuzzy +#| msgid "" +#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +#| "citerefentry> for more information on configuring Kerberos." +msgid "" +"Please note that besides explicit domain definition the files provider can " +"be configured also implicitly using 'enable_files_domain' option. See " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details." +msgstr "" +"<quote>krb5</quote> per a l'autenticació Kerberos. Vegeu " +"<citerefentry><refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> per a més informació sobre configurar Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:66 +msgid "" +"SSSD never handles resolution of user/group \"root\". Also resolution of UID/" +"GID 0 is not handled by SSSD. Such requests are passed to next NSS module " +"(usually files)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:71 +msgid "" +"When SSSD is not running or responding, nss_sss returns the UNAVAIL code " +"which causes the request to be passed to the next module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:95 +msgid "passwd_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:98 +msgid "" +"Comma-separated list of one or multiple password filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:104 +msgid "Default: /etc/passwd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:110 +msgid "group_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:113 +msgid "" +"Comma-separated list of one or multiple group filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:119 +msgid "Default: /etc/group" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:125 +#, fuzzy +#| msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgid "fallback_to_nss (boolean)" +msgstr "ldap_rfc2307_fallback_to_local_users (booleà)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:128 +msgid "" +"While updating the internal data SSSD will return an error and let the " +"client continue with the next NSS module. This helps to avoid delays when " +"using the default system files <filename>/etc/passwd</filename> and " +"<filename>/etc/group</filename> and the NSS configuration has 'sss' before " +"'files' for the 'passwd' and 'group' maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:138 +msgid "" +"If the files provider is configured to monitor other files it makes sense to " +"set this option to 'False' to avoid inconsistent behavior because in general " +"there would be no other NSS module which can be used as a fallback." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:79 +msgid "" +"In addition to the options listed below, generic SSSD domain options can be " +"set where applicable. Refer to the section <quote>DOMAIN SECTIONS</quote> " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for details on the configuration of " +"an SSSD domain. But the purpose of the files provider is to expose the same " +"data as the UNIX files, just through the SSSD interfaces. Therefore not all " +"generic domain options are supported. Likewise, some global options, such as " +"overriding the shell in the <quote>nss</quote> section for all domains has " +"no effect on the files domain unless explicitly specified per-domain. " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:157 +msgid "" +"The following example assumes that SSSD is correctly configured and files is " +"one of the domains in the <replaceable>[sssd]</replaceable> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:163 +#, no-wrap +msgid "" +"[domain/files]\n" +"id_provider = files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:168 +msgid "" +"To leverage caching of local users and groups by SSSD nss_sss module must be " +"listed before nss_files module in /etc/nsswitch.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:174 +#, no-wrap +msgid "" +"passwd: sss files\n" +"group: sss files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16 +msgid "sssd-session-recording" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-session-recording.5.xml:17 +msgid "Configuring session recording with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to " +"implement user session recording on text terminals. For a detailed " +"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> " +"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:41 +msgid "" +"SSSD can be set up to enable recording of everything specific users see or " +"type during their sessions on text terminals. E.g. when users log in on the " +"console, or via SSH. SSSD itself doesn't record anything, but makes sure " +"tlog-rec-session is started upon user login, so it can record according to " +"its configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:48 +msgid "" +"For users with session recording enabled, SSSD replaces the user shell with " +"tlog-rec-session in NSS responses, and adds a variable specifying the " +"original shell to the user environment, upon PAM session setup. This way " +"tlog-rec-session can be started in place of the user shell, and know which " +"actual shell to start, once it set up the recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:60 +msgid "These options can be used to configure the session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:178 +msgid "" +"The following snippet of sssd.conf enables session recording for users " +"\"contractor1\" and \"contractor2\", and group \"students\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-session-recording.5.xml:183 +#, no-wrap +msgid "" +"[session_recording]\n" +"scope = some\n" +"users = contractor1, contractor2\n" +"groups = students\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16 +msgid "sssd-kcm" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-kcm.8.xml:17 +msgid "SSSD Kerberos Cache Manager" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:23 +msgid "" +"This manual page describes the configuration of the SSSD Kerberos Cache " +"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos " +"credential caches. It originates in the Heimdal Kerberos project, although " +"the MIT Kerberos library also provides client side (more details on that " +"below) support for the KCM credential cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:31 +msgid "" +"In a setup where Kerberos caches are managed by KCM, the Kerberos library " +"(typically used through an application, like e.g., <citerefentry> " +"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </" +"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is " +"being referred to as a <quote>\"KCM server\"</quote>. The client and server " +"communicate over a UNIX socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:42 +msgid "" +"The KCM server keeps track of each credential caches's owner and performs " +"access check control based on the UID and GID of the KCM client. The root " +"user has access to all credential caches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:47 +msgid "The KCM credential cache has several interesting properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:51 +msgid "" +"since the process runs in userspace, it is subject to UID namespacing, " +"unlike the kernel keyring" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:56 +msgid "" +"unlike the kernel keyring-based cache, which is shared between all " +"containers, the KCM server is a separate process whose entry point is a UNIX " +"socket" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:61 +msgid "" +"the SSSD implementation stores the ccaches in a database, typically located " +"at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to " +"survive KCM server restarts or machine reboots." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:67 +msgid "" +"This allows the system to use a collection-aware credential cache, yet share " +"the credential cache between some or no containers by bind-mounting the " +"socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:72 +msgid "" +"The KCM default client idle timeout is 5 minutes, this allows more time for " +"user interaction with command line tools such as kinit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:78 +msgid "USING THE KCM CREDENTIAL CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:88 +#, no-wrap +msgid "" +"[libdefaults]\n" +" default_ccache_name = KCM:\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:80 +msgid "" +"In order to use KCM credential cache, it must be selected as the default " +"credential type in <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials " +"cache name must be only <quote>KCM:</quote> without any template " +"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:93 +msgid "" +"Next, make sure the Kerberos client libraries and the KCM server must agree " +"on the UNIX socket path. By default, both use the same path <replaceable>/" +"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos " +"library, change its <quote>kcm_socket</quote> option which is described in " +"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:115 +#, no-wrap +msgid "" +"systemctl start sssd-kcm.socket\n" +"systemctl enable sssd-kcm.socket\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:104 +msgid "" +"Finally, make sure the SSSD KCM server can be contacted. The KCM service is " +"typically socket-activated by <citerefentry> <refentrytitle>systemd</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD " +"services, it cannot be started by adding the <quote>kcm</quote> string to " +"the <quote>service</quote> directive. <placeholder type=\"programlisting\" " +"id=\"0\"/> Please note your distribution may already configure the units for " +"you." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:124 +msgid "THE CREDENTIAL CACHE STORAGE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:126 +msgid "" +"The credential caches are stored in a database, much like SSSD caches user " +"or group entries. The database is typically located at <quote>/var/lib/sss/" +"secrets</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:133 +msgid "OBTAINING DEBUG LOGS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:144 +#, no-wrap +msgid "" +"[kcm]\n" +"debug_level = 10\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:149 sssd-kcm.8.xml:211 +#, no-wrap +msgid "" +"systemctl restart sssd-kcm.service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:135 +msgid "" +"The sssd-kcm service is typically socket-activated <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry>. To generate debug logs, add the following either to the " +"<filename>/etc/sssd/sssd.conf</filename> file directly or as a configuration " +"snippet to <filename>/etc/sssd/conf.d/</filename> directory: <placeholder " +"type=\"programlisting\" id=\"0\"/> Then, restart the sssd-kcm service: " +"<placeholder type=\"programlisting\" id=\"1\"/> Finally, run whatever use-" +"case doesn't work for you. The KCM logs will be generated at <filename>/var/" +"log/sssd/sssd_kcm.log</filename>. It is recommended to disable the debug " +"logs when you no longer need the debugging to be enabled as the sssd-kcm " +"service can generate quite a large amount of debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:159 +msgid "" +"Please note that configuration snippets are, at the moment, only processed " +"if the main configuration file at <filename>/etc/sssd/sssd.conf</filename> " +"exists at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:166 +msgid "RENEWALS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:174 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"krb5_renew_interval = 60m\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:168 +msgid "" +"The sssd-kcm service can be configured to attempt TGT renewal for renewable " +"TGTs stored in the KCM ccache. Renewals are only attempted when half of the " +"ticket lifetime has been reached. KCM Renewals are configured when the " +"following options are set in the [kcm] section: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:179 +msgid "" +"SSSD can also inherit krb5 options for renewals from an existing domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: sssd-kcm.8.xml:183 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"tgt_renewal_inherit = domain-name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:191 +#, no-wrap +msgid "" +"krb5_renew_interval\n" +"krb5_renewable_lifetime\n" +"krb5_lifetime\n" +"krb5_validate\n" +"krb5_canonicalize\n" +"krb5_auth_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:187 +msgid "" +"The following krb5 options can be configured in the [kcm] section to control " +"renewal behavior, these options are described in detail below <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:204 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> section of the sssd." +"conf file. Please note that because the KCM service is typically socket-" +"activated, it is enough to just restart the <quote>sssd-kcm</quote> service " +"after changing options in the <quote>kcm</quote> section of sssd.conf: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:215 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> For a detailed " +"syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:223 +msgid "" +"The generic SSSD service options such as <quote>debug_level</quote> or " +"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for a complete list. In addition, " +"there are some KCM-specific options as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:234 +msgid "socket_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:237 +msgid "The socket the KCM service will listen on." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:240 +msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:243 +msgid "" +"<phrase condition=\"have_systemd\"> Note: on platforms where systemd is " +"supported, the socket path is overwritten by the one defined in the sssd-kcm." +"socket unit file. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:252 +msgid "max_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:255 +msgid "How many credential caches does the KCM database allow for all users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:259 +msgid "Default: 0 (unlimited, only the per-UID quota is enforced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:264 +msgid "max_uid_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:267 +msgid "" +"How many credential caches does the KCM database allow per UID. This is " +"equivalent to <quote>with how many principals you can kinit</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:272 +msgid "Default: 64" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:277 +msgid "max_ccache_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:280 +msgid "" +"How big can a credential cache be per ccache. Each service ticket accounts " +"into this quota." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:284 +msgid "Default: 65536" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:289 +#, fuzzy +#| msgid "enumerate (bool)" +msgid "tgt_renewal (bool)" +msgstr "enumerate (booleà)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:292 +msgid "Enables TGT renewals functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:295 +#, fuzzy +#| msgid "Default: False (disabled)" +msgid "Default: False (Automatic renewals disabled)" +msgstr "Per defecte: False (inhabilitat)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:300 +#, fuzzy +#| msgid "krb5_renew_interval (string)" +msgid "tgt_renewal_inherit (string)" +msgstr "krb5_renew_interval (cadena)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:303 +msgid "Domain to inherit krb5_* options from, for use with TGT renewals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:307 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: NULL" +msgstr "Per defecte: 3" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:318 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>," +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16 +msgid "sssd-systemtap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-systemtap.5.xml:17 +msgid "SSSD systemtap information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:23 +msgid "" +"This manual page provides information about the systemtap functionality in " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:32 +msgid "" +"SystemTap Probe points have been added into various locations in SSSD code " +"to assist in troubleshooting and analyzing performance related issues." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:40 +msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:46 +msgid "" +"Probes and miscellaneous functions are defined in /usr/share/systemtap/" +"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp " +"respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:57 +msgid "PROBE POINTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:367 +msgid "" +"The information below lists the probe points and arguments available in the " +"following format:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:64 +msgid "probe $name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:67 +msgid "Description of probe point" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:70 +#, no-wrap +msgid "" +"variable1:datatype\n" +"variable2:datatype\n" +"variable3:datatype\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:80 +msgid "Database Transaction Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:84 +msgid "probe sssd_transaction_start" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:87 +msgid "" +"Start of a sysdb transaction, probes the sysdb_transaction_start() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118 +#: sssd-systemtap.5.xml:131 +#, no-wrap +msgid "" +"nesting:integer\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:97 +msgid "probe sssd_transaction_cancel" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:100 +msgid "" +"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() " +"function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:111 +msgid "probe sssd_transaction_commit_before" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:114 +msgid "Probes the sysdb_transaction_commit_before() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:124 +msgid "probe sssd_transaction_commit_after" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:127 +msgid "Probes the sysdb_transaction_commit_after() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:141 +msgid "LDAP Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:145 +msgid "probe sdap_search_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:148 +msgid "Probes the sdap_get_generic_ext_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:152 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"attrs:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:161 +msgid "probe sdap_search_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:164 +msgid "Probes the sdap_get_generic_ext_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:168 sssd-systemtap.5.xml:222 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:176 +msgid "probe sdap_parse_entry" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:179 +msgid "" +"Probes the sdap_parse_entry() function. It is called repeatedly with every " +"received attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:184 +#, no-wrap +msgid "" +"attr:string\n" +"value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:190 +msgid "probe sdap_parse_entry_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:193 +msgid "" +"Probes the sdap_parse_entry() function. It is called when parsing of " +"received object is finished." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:201 +msgid "probe sdap_deref_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:204 +msgid "Probes the sdap_deref_search_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:208 +#, no-wrap +msgid "" +"base_dn:string\n" +"deref_attr:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:215 +msgid "probe sdap_deref_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:218 +msgid "Probes the sdap_deref_search_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:234 +msgid "LDAP Account Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:238 +msgid "probe sdap_acct_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:241 +msgid "Probes the sdap_acct_req_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:245 sssd-systemtap.5.xml:260 +#, no-wrap +msgid "" +"entry_type:int\n" +"filter_type:int\n" +"filter_value:string\n" +"extra_value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:253 +msgid "probe sdap_acct_req_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:256 +msgid "Probes the sdap_acct_req_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:272 +msgid "LDAP User Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:276 +msgid "probe sdap_search_user_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:279 +msgid "Probes the sdap_search_user_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:283 sssd-systemtap.5.xml:295 sssd-systemtap.5.xml:307 +#: sssd-systemtap.5.xml:319 +#, no-wrap +msgid "" +"filter:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:288 +msgid "probe sdap_search_user_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:291 +msgid "Probes the sdap_search_user_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:300 +msgid "probe sdap_search_user_save_begin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:303 +msgid "Probes the sdap_search_user_save_begin() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:312 +msgid "probe sdap_search_user_save_end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:315 +msgid "Probes the sdap_search_user_save_end() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:328 +msgid "Data Provider Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:332 +msgid "probe dp_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:335 +msgid "A Data Provider request is submitted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:338 +#, no-wrap +msgid "" +"dp_req_domain:string\n" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:346 +msgid "probe dp_req_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:349 +msgid "A Data Provider request is completed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:352 +#, no-wrap +msgid "" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +"dp_ret:int\n" +"dp_errorstr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:365 +msgid "MISCELLANEOUS FUNCTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:372 +msgid "function acct_req_desc(entry_type)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:375 +msgid "Convert entry_type to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:380 +msgid "" +"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, " +"filter_value, extra_value)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:384 +msgid "Create probe string based on filter type" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:389 +msgid "function dp_target_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:392 +msgid "Convert target to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:397 +msgid "function dp_method_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:400 +msgid "Convert method to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:410 +msgid "SAMPLE SYSTEMTAP SCRIPTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:412 +msgid "" +"Start the SystemTap script (<command>stap /usr/share/sssd/systemtap/<" +"script_name>.stp</command>), then perform an identity operation and the " +"script will collect information from probes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:418 +msgid "Provided SystemTap scripts are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:422 +msgid "dp_request.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:425 +msgid "Monitoring of data provider request performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:430 +msgid "id_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:433 +msgid "Monitoring of <command>id</command> command performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:439 +msgid "ldap_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:442 +msgid "Monitoring of LDAP queries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:447 +msgid "nested_group_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:450 +msgid "Performance of nested groups resolving." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +msgid "sssd-ldap-attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap-attributes.5.xml:17 +msgid "SSSD LDAP Provider: Mapping Attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap-attributes.5.xml:23 +msgid "" +"This manual page describes the mapping attributes of SSSD LDAP provider " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. Refer to the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " +"for full details about SSSD LDAP provider configuration options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:38 +msgid "USER ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:42 +msgid "ldap_user_object_class (string)" +msgstr "ldap_user_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:45 +msgid "The object class of a user entry in LDAP." +msgstr "La classe d'objecte d'una entrada d'usuari a LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:48 +msgid "Default: posixAccount" +msgstr "Per defecte: posixAccount" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:54 +msgid "ldap_user_name (string)" +msgstr "ldap_user_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:57 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "L'atribut LDAP que correspon al nom de compte de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:61 +msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:68 +msgid "ldap_user_uid_number (string)" +msgstr "ldap_user_uid_number (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:71 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "" +"L'atribut LDAP que correspon al númerdo de l'identificador de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:75 +msgid "Default: uidNumber" +msgstr "Per defecte: uidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:81 +msgid "ldap_user_gid_number (string)" +msgstr "ldap_user_gid_number (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:84 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" +"L'atribut LDAP que correspon a l'identificador del grup primari de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:88 sssd-ldap-attributes.5.xml:698 +msgid "Default: gidNumber" +msgstr "Per defecte: gidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:94 +msgid "ldap_user_primary_group (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:97 +msgid "" +"Active Directory primary group attribute for ID-mapping. Note that this " +"attribute should only be set manually if you are running the <quote>ldap</" +"quote> provider with ID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:103 +msgid "Default: unset (LDAP), primaryGroupID (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:109 +msgid "ldap_user_gecos (string)" +msgstr "ldap_user_gecos (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:112 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "L'atribut LDAP que correspon al camp gecos de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:116 +msgid "Default: gecos" +msgstr "Per defecte: gecos" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:122 +msgid "ldap_user_home_directory (string)" +msgstr "ldap_user_home_directory (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:125 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "L'atribut LDAP que conté el nom del directori inicial de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:129 +msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:135 +msgid "ldap_user_shell (string)" +msgstr "ldap_user_shell (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:138 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "L'atribut LDAP que conté el camí al shell per defecte de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:142 +msgid "Default: loginShell" +msgstr "Per defecte: loginShell" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:148 +msgid "ldap_user_uuid (string)" +msgstr "ldap_user_uuid (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:151 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:155 sssd-ldap-attributes.5.xml:724 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:162 +msgid "ldap_user_objectsid (string)" +msgstr "ldap_user_objectsid (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:165 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:170 sssd-ldap-attributes.5.xml:739 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:177 +msgid "ldap_user_modify_timestamp (string)" +msgstr "ldap_user_modify_timestamp (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:180 sssd-ldap-attributes.5.xml:749 +#: sssd-ldap-attributes.5.xml:872 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" +"L'atribut LDAP que conté la data i hora de l'última modificació de l'objecte " +"pare." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:184 sssd-ldap-attributes.5.xml:753 +#: sssd-ldap-attributes.5.xml:879 +msgid "Default: modifyTimestamp" +msgstr "Per defecte: modifyTimestamp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:190 +msgid "ldap_user_shadow_last_change (string)" +msgstr "ldap_user_shadow_last_change (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:193 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" +"En utilitzar ldap_pwd_policy=shadow, aquest paràmetre conté el nom d'un " +"atribut d'LDAP corresponent al seu homòleg " +"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> (data de l'últim canvi de contrasenya)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:203 +msgid "Default: shadowLastChange" +msgstr "Per defecte: shadowLastChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:209 +msgid "ldap_user_shadow_min (string)" +msgstr "ldap_user_shadow_min (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:212 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" +"En utilitzar ldap_pwd_policy=shadow, aquest paràmetre conté el nom d'un " +"atribut d'LDAP corresponent al seu homòleg " +"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> (edat mínima de la contrasenya)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:221 +msgid "Default: shadowMin" +msgstr "Per defecte: shadowMin" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:227 +msgid "ldap_user_shadow_max (string)" +msgstr "ldap_user_shadow_max (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:230 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" +"En utilitzar ldap_pwd_policy=shadow, aquest paràmetre conté el nom d'un " +"atribut d'LDAP corresponent al seu homòleg " +"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> (edat màxima de la contrasenya)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:239 +msgid "Default: shadowMax" +msgstr "Per defecte: shadowMax" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:245 +msgid "ldap_user_shadow_warning (string)" +msgstr "ldap_user_shadow_warning (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:248 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" +"En utilitzar ldap_pwd_policy=shadow, aquest paràmetre conté el nom d'un " +"atribut d'LDAP corresponent al seu homòleg " +"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> (període d'advertència de contrasenya)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:258 +msgid "Default: shadowWarning" +msgstr "Per defecte: shadowWarning" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:264 +msgid "ldap_user_shadow_inactive (string)" +msgstr "ldap_user_shadow_inactive (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:267 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" +"En utilitzar ldap_pwd_policy=shadow, aquest paràmetre conté el nom d'un " +"atribut d'LDAP corresponent al seu homòleg " +"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> (període d'inactivitat de contrasenya)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:277 +msgid "Default: shadowInactive" +msgstr "Per defecte: shadowInactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:283 +msgid "ldap_user_shadow_expire (string)" +msgstr "ldap_user_shadow_expire (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:286 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" +"En utilitzar ldap_pwd_policy=shadow o ldap_account_expire_policy=shadow, " +"aquest paràmetre conté el nom d'un atribut d'LDAP corresponent al seu " +"homòleg <citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> (data de caducitat del compte)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:296 +msgid "Default: shadowExpire" +msgstr "Per defecte: shadowExpire" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:302 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "ldap_user_krb_last_pwd_change (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:305 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" +"En utilitzar ldap_pwd_policy=mit_kerberos, aquest paràmetre conté el nom " +"d'un atribut d'LDAP que emmagatzema la data i hora del darrer canvi de " +"contrasenya en kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:311 +msgid "Default: krbLastPwdChange" +msgstr "Per defecte: krbLastPwdChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:317 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "ldap_user_krb_password_expiration (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:320 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" +"En utilitzar ldap_pwd_policy=mit_kerberos, aquest paràmetre conté el nom " +"d'un atribut d'LDAP que emmagatzema la data i hora d'expiració de la " +"contrasenya actual." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:326 +msgid "Default: krbPasswordExpiration" +msgstr "Per defecte: krbPasswordExpiration" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:332 +msgid "ldap_user_ad_account_expires (string)" +msgstr "ldap_user_ad_account_expires (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:335 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:340 +msgid "Default: accountExpires" +msgstr "Per defecte: accountExpires" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:346 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "ldap_user_ad_user_account_control (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:349 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:354 +msgid "Default: userAccountControl" +msgstr "Per defecte: userAccountControl" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:360 +msgid "ldap_ns_account_lock (string)" +msgstr "ldap_ns_account_lock (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:363 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:368 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:374 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "ldap_user_nds_login_disabled (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:377 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:381 sssd-ldap-attributes.5.xml:395 +msgid "Default: loginDisabled" +msgstr "Per defecte: loginDisabled" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:387 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "ldap_user_nds_login_expiration_time (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:390 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:401 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "ldap_user_nds_login_allowed_time_map (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:404 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:409 +msgid "Default: loginAllowedTimeMap" +msgstr "Per defecte: loginAllowedTimeMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:415 +msgid "ldap_user_principal (string)" +msgstr "ldap_user_principal (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:418 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" +"L'atribut LDAP que conté el Nom Principal d'Usuari (UPN) de l'usuari de " +"Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:422 +msgid "Default: krbPrincipalName" +msgstr "Per defecte: krbPrincipalName" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:428 +msgid "ldap_user_extra_attrs (string)" +msgstr "ldap_user_extra_attrs (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:431 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:436 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:446 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:456 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "ldap_user_extra_attrs = telephoneNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:459 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:463 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "ldap_user_extra_attrs = phone:telephoneNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:466 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:476 +msgid "ldap_user_ssh_public_key (string)" +msgstr "ldap_user_ssh_public_key (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:479 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:483 sssd-ldap-attributes.5.xml:963 +msgid "Default: sshPublicKey" +msgstr "Per defecte: sshPublicKey" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:489 +msgid "ldap_user_fullname (string)" +msgstr "ldap_user_fullname (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:492 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "L'atribut LDAP que correspon al nom complet de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:502 +msgid "ldap_user_member_of (string)" +msgstr "ldap_user_member_of (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:505 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "L'atribut LDAP que llista la pertanença a grups de l'usuari." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:509 sssd-ldap-attributes.5.xml:950 +msgid "Default: memberOf" +msgstr "Per defecte: memberOf" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:515 +msgid "ldap_user_authorized_service (string)" +msgstr "ldap_user_authorized_service (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:518 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" +"Si access_provider=ldap i ldap_access_order=authorized_service, l'SSSD farà " +"servir la presència de l'atribut authorizedService a l'entrada LDAP de " +"l'usuari per determinar els privilegis d'accés." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:525 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" +"Una denegació explícita (!svc) es resol en primer lloc. En segon lloc, " +"l'SSSD cerca autoritzacions explícites (svc) i, finalment, allow_all (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:530 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:537 +msgid "" +"Some distributions (such as Fedora-29+ or RHEL-8) always include the " +"<quote>systemd-user</quote> PAM service as part of the login process. " +"Therefore when using service-based access control, the <quote>systemd-user</" +"quote> service might need to be added to the list of allowed services." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:545 +msgid "Default: authorizedService" +msgstr "Per defecte: authorizedService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:551 +msgid "ldap_user_authorized_host (string)" +msgstr "ldap_user_authorized_host (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:554 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:560 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:565 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:572 +msgid "Default: host" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:578 +msgid "ldap_user_authorized_rhost (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:581 +msgid "" +"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the " +"presence of the rhost attribute in the user's LDAP entry to determine access " +"privilege. Similarly to host verification process." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:588 +msgid "" +"An explicit deny (!rhost) is resolved first. Second, SSSD searches for " +"explicit allow (rhost) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:593 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>rhost</quote> in order for the " +"ldap_user_authorized_rhost option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:600 +msgid "Default: rhost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:606 +msgid "ldap_user_certificate (string)" +msgstr "ldap_user_certificate (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:609 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:613 +msgid "Default: userCertificate;binary" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:619 +msgid "ldap_user_email (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:622 +msgid "Name of the LDAP attribute containing the email address of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:626 +msgid "" +"Note: If an email address of a user conflicts with an email address or fully " +"qualified name of another user, then SSSD will not be able to serve those " +"users properly. If for some reason several users need to share the same " +"email address then set this option to a nonexistent attribute name in order " +"to disable user lookup/login by email." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:635 +msgid "Default: mail" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:640 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ldap_user_passkey (string)" +msgstr "ldap_user_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:643 +#, fuzzy +#| msgid "The LDAP attribute that contains the names of the group's members." +msgid "" +"Name of the LDAP attribute containing the passkey mapping data of the user." +msgstr "L'atribut LDAP que conté els noms dels membres del grup." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:647 +msgid "Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:657 +msgid "GROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:661 +msgid "ldap_group_object_class (string)" +msgstr "ldap_group_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:664 +msgid "The object class of a group entry in LDAP." +msgstr "La classe d'objecte d'una entrada de grup a LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:667 +msgid "Default: posixGroup" +msgstr "Per defecte: posixGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:673 +msgid "ldap_group_name (string)" +msgstr "ldap_group_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:676 +msgid "" +"The LDAP attribute that corresponds to the group name. In an environment " +"with nested groups, this value must be an LDAP attribute which has a unique " +"name for every group. This requirement includes non-POSIX groups in the tree " +"of nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:684 +msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:691 +msgid "ldap_group_gid_number (string)" +msgstr "ldap_group_gid_number (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:694 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "L'atribut LDAP que correspon a l'identificador del grup." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:704 +msgid "ldap_group_member (string)" +msgstr "ldap_group_member (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:707 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "L'atribut LDAP que conté els noms dels membres del grup." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:711 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "Per defecte: memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:717 +msgid "ldap_group_uuid (string)" +msgstr "ldap_group_uuid (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:720 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:731 +msgid "ldap_group_objectsid (string)" +msgstr "ldap_group_objectsid (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:734 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:746 +msgid "ldap_group_modify_timestamp (string)" +msgstr "ldap_group_modify_timestamp (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:759 +msgid "ldap_group_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:762 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:767 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:773 +msgid "Default: groupType in the AD provider, otherwise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:780 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:783 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:789 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:799 +msgid "NETGROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:803 +msgid "ldap_netgroup_object_class (string)" +msgstr "ldap_netgroup_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:806 +msgid "The object class of a netgroup entry in LDAP." +msgstr "La classe d'objecte d'una entrada de netgroup a LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:809 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:813 +msgid "Default: nisNetgroup" +msgstr "Per defecte: nisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:819 +msgid "ldap_netgroup_name (string)" +msgstr "ldap_netgroup_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:822 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "L'atribut LDAP que es correspon amb el nom del netgroup." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:826 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:836 +msgid "ldap_netgroup_member (string)" +msgstr "ldap_netgroup_member (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:839 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "L'atribut LDAP que conté els noms dels membres del netgroup." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:843 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:847 +msgid "Default: memberNisNetgroup" +msgstr "Per defecte: memberNisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:853 +msgid "ldap_netgroup_triple (string)" +msgstr "ldap_netgroup_triple (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:856 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" +"L'atribut LDAP que conté les tripletes netgroup (maquina, usuari, domini)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:860 sssd-ldap-attributes.5.xml:876 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:863 +msgid "Default: nisNetgroupTriple" +msgstr "Per defecte: nisNetgroupTriple" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:869 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "ldap_netgroup_modify_timestamp (cadena)" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:888 +msgid "HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:892 +msgid "ldap_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:895 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:898 sssd-ldap-attributes.5.xml:995 +msgid "Default: ipService" +msgstr "Per defecte: ipService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:904 +msgid "ldap_host_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:907 sssd-ldap-attributes.5.xml:933 +msgid "The LDAP attribute that corresponds to the host's name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:917 +msgid "ldap_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:920 +msgid "" +"The LDAP attribute that corresponds to the host's fully-qualified domain " +"name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:924 +msgid "Default: fqdn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:930 +msgid "ldap_host_serverhostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:937 +msgid "Default: serverHostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:943 +msgid "ldap_host_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:946 +msgid "The LDAP attribute that lists the host's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:956 +msgid "ldap_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:959 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:969 +msgid "ldap_host_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:972 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:985 +msgid "SERVICE ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:989 +msgid "ldap_service_object_class (string)" +msgstr "ldap_service_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:992 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1001 +msgid "ldap_service_name (string)" +msgstr "ldap_service_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1004 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1014 +msgid "ldap_service_port (string)" +msgstr "ldap_service_port (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1017 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1021 +msgid "Default: ipServicePort" +msgstr "Per defecte: ipServicePort" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1027 +msgid "ldap_service_proto (string)" +msgstr "ldap_service_proto (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1030 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1034 +msgid "Default: ipServiceProtocol" +msgstr "Per defecte: ipServiceProtocol" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1043 +msgid "SUDO ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1047 +msgid "ldap_sudorule_object_class (string)" +msgstr "ldap_sudorule_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1050 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1053 +msgid "Default: sudoRole" +msgstr "Per defecte: sudoRole" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1059 +msgid "ldap_sudorule_name (string)" +msgstr "ldap_sudorule_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1062 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1072 +msgid "ldap_sudorule_command (string)" +msgstr "ldap_sudorule_command (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1075 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1079 +msgid "Default: sudoCommand" +msgstr "Per defecte: sudoCommand" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1085 +msgid "ldap_sudorule_host (string)" +msgstr "ldap_sudorule_host (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1088 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1093 +msgid "Default: sudoHost" +msgstr "Per defecte: sudoHost" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1099 +msgid "ldap_sudorule_user (string)" +msgstr "ldap_sudorule_user (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1102 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1106 +msgid "Default: sudoUser" +msgstr "Per defecte: sudoUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1112 +msgid "ldap_sudorule_option (string)" +msgstr "ldap_sudorule_option (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1115 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1119 +msgid "Default: sudoOption" +msgstr "Per defecte: sudoOption" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1125 +msgid "ldap_sudorule_runasuser (string)" +msgstr "ldap_sudorule_runasuser (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1128 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1132 +msgid "Default: sudoRunAsUser" +msgstr "Per defecte: sudoRunAsUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1138 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "ldap_sudorule_runasgroup (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1141 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1145 +msgid "Default: sudoRunAsGroup" +msgstr "Per defecte: sudoRunAsGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1151 +msgid "ldap_sudorule_notbefore (string)" +msgstr "ldap_sudorule_notbefore (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1154 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1158 +msgid "Default: sudoNotBefore" +msgstr "Per defecte: sudoNotBefore" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1164 +msgid "ldap_sudorule_notafter (string)" +msgstr "ldap_sudorule_notafter (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1167 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1172 +msgid "Default: sudoNotAfter" +msgstr "Per defecte: sudoNotAfter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1178 +msgid "ldap_sudorule_order (string)" +msgstr "ldap_sudorule_order (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1181 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1185 +msgid "Default: sudoOrder" +msgstr "Per defecte: sudoOrder" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1194 +msgid "AUTOFS ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1201 +msgid "IP HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1205 +msgid "ldap_iphost_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1208 +msgid "The object class of an iphost entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1211 +msgid "Default: ipHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1217 +msgid "ldap_iphost_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1220 +msgid "" +"The LDAP attribute that contains the name of the IP host attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1230 +msgid "ldap_iphost_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1233 +msgid "The LDAP attribute that contains the IP host address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1237 +msgid "Default: ipHostNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1246 +msgid "IP NETWORK ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1250 +msgid "ldap_ipnetwork_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1253 +msgid "The object class of an ipnetwork entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1256 +msgid "Default: ipNetwork" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1262 +msgid "ldap_ipnetwork_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1265 +msgid "" +"The LDAP attribute that contains the name of the IP network attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1275 +msgid "ldap_ipnetwork_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1278 +msgid "The LDAP attribute that contains the IP network address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1282 +msgid "Default: ipNetworkNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_localauth_plugin.8.xml:10 sssd_krb5_localauth_plugin.8.xml:15 +#, fuzzy +#| msgid "sssd_krb5_locator_plugin" +msgid "sssd_krb5_localauth_plugin" +msgstr "sssd_krb5_locator_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_localauth_plugin.8.xml:16 +msgid "Kerberos local authorization plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:22 +msgid "" +"The Kerberos local authorization plugin <command>sssd_krb5_localauth_plugin</" +"command> is used by libkrb5 to either find the local name for a given " +"Kerberos principal or to check if a given local name and a given Kerberos " +"principal relate to each other." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:29 +msgid "" +"SSSD handles the local names for users from a remote source and can read the " +"Kerberos user principal name from the remote source as well. With this " +"information SSSD can easily handle the mappings mentioned above even if the " +"local name and the Kerberos principal differ considerably." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:36 +msgid "" +"Additionally with the information read from the remote source SSSD can help " +"to prevent unexpected or unwanted mappings in case the user part of the " +"Kerberos principal accidentally corresponds to a local name of a different " +"user. By default libkrb5 might just strip the realm part of the Kerberos " +"principal to get the local name which would lead to wrong mappings in this " +"case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd_krb5_localauth_plugin.8.xml:46 +#, fuzzy +#| msgid "CONFIGURATION FILE" +msgid "CONFIGURATION" +msgstr "FITXER DE CONFIGURACIÓ" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd_krb5_localauth_plugin.8.xml:56 +#, no-wrap +msgid "" +"[plugins]\n" +" localauth = {\n" +" module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so\n" +" }\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:48 +msgid "" +"The Kerberos local authorization plugin must be enabled explicitly in the " +"Kerberos configuration, see <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. SSSD will create a " +"config snippet with the content like e.g. <placeholder " +"type=\"programlisting\" id=\"0\"/> automatically in the SSSD's public " +"Kerberos configuration snippet directory. If this directory is included in " +"the local Kerberos configuration the plugin will be enabled automatically." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:3 +msgid "ldap_autofs_map_object_class (string)" +msgstr "ldap_autofs_map_object_class (cadena)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:6 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:9 +msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:16 +msgid "ldap_autofs_map_name (string)" +msgstr "ldap_autofs_map_name (cadena)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:19 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:22 +msgid "" +"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:29 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "ldap_autofs_entry_object_class (cadena)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:32 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:37 +msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:44 +msgid "ldap_autofs_entry_key (string)" +msgstr "ldap_autofs_entry_key (cadena)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:47 include/autofs_attributes.xml:61 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:51 +msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:58 +msgid "ldap_autofs_entry_value (string)" +msgstr "ldap_autofs_entry_value (cadena)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:65 +msgid "" +"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise " +"automountInformation" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "Configuració" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "El nom del domini" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "El protocol" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "Vegeu també" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" + +#. type: Content of: <refentryinfo> +#: include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - https://github." +"com/SSSD/sssd/</orgname>" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:53 +msgid "Failover time outs and tuning" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:55 +msgid "" +"Resolving a server to connect to can be as simple as running a single DNS " +"query or can involve several steps, such as finding the correct site or " +"trying out multiple host names in case some of the configured servers are " +"not reachable. The more complex scenarios can take some time and SSSD needs " +"to balance between providing enough time to finish the resolution process " +"but on the other hand, not trying for too long before falling back to " +"offline mode. If the SSSD debug logs show that the server resolution is " +"timing out before a live server is contacted, you can consider changing the " +"time outs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:76 +msgid "dns_resolver_server_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:80 +msgid "" +"Time in milliseconds that sets how long would SSSD talk to a single DNS " +"server before trying next one." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:90 +msgid "dns_resolver_op_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:94 +msgid "" +"Time in seconds to tell how long would SSSD try to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or discovery domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:106 +msgid "dns_resolver_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:110 +msgid "" +"How long would SSSD try to resolve a failover service. This service " +"resolution internally might include several steps, such as resolving DNS SRV " +"queries or locating the site." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:67 +msgid "" +"This section lists the available tunables. Please refer to their description " +"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:123 +msgid "" +"For LDAP-based providers, the resolve operation is performed as part of an " +"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout</" +"quote> timeout should be set to a larger value than " +"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger " +"value than <quote>dns_resolver_op_timeout</quote> which should be larger " +"than <quote>dns_resolver_server_timeout</quote>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 200,000 and going up to " +"2,000,200,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "ldap_idmap_range_min (enter)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower (inclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:129 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:139 include/ldap_id_mapping.xml:197 +msgid "Default: 200000" +msgstr "Per defecte: 200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:144 +msgid "ldap_idmap_range_max (integer)" +msgstr "ldap_idmap_range_max (enter)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:147 +msgid "" +"Specifies the upper (exclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"cannot be used for the mapping anymore, i.e. one larger than the last one " +"which can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:155 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:165 +msgid "Default: 2000200000" +msgstr "Per defecte: 2000200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:170 +msgid "ldap_idmap_range_size (integer)" +msgstr "ldap_idmap_range_size (enter)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:185 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:192 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:202 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "ldap_idmap_default_domain_sid (cadena)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:205 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:216 +msgid "ldap_idmap_default_domain (string)" +msgstr "ldap_idmap_default_domain (cadena)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:219 +msgid "Specify the name of the default domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:227 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "ldap_idmap_autorid_compat (booleà)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:230 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:235 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monotonically with each additional domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:240 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:255 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:258 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:262 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:279 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:287 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:290 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:291 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:292 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:293 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:294 +msgid "Mandatory Label Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:295 +msgid "Authentication Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:296 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:297 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:299 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:303 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote>LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, " +"<quote>MANDATORY LABEL AUTHORITY</quote>, <quote>AUTHENTICATION AUTHORITY</" +"quote>, <quote>NT AUTHORITY</quote> and <quote>BUILTIN</quote> should not be " +"used as domain names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "Mostra el missatge d'ajuda i surt." + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "<option>-h</option>,<option>--help</option>" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" +"L'SSSD admet dues representacions per a l'especificació del nivell de " +"depuració. La més senzilla és especificar un número del 0-9, que representa " +"el que permet cada nivell i tots els missatges de depuració de nivell baix. " +"L'opció més exhaustiva és especificar una màscara de bits en hexadecimal per " +"activar o desactivar els nivells específics (per exemple, si voleu suprimir " +"un nivell)." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" +"Si us plau, tingueu en compte que cadascun dels serveis de l'SSSD registra " +"el seu fitxer propi de registre. També tingueu en compte que l'habilitació " +"del <quote>debug_level</quote> a la secció <quote>[sssd]</quote>únicament " +"habilita la depuració del mateix procés de l'sssd, no per al procés del " +"contestador o del proveïdor. El paràmetre <quote>debug_level</quote> s'ha " +"d'afegir en totes les seccions que vulgueu que generin registres." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" +"A més de canviar el nivell del registre al fitxer de configuració amb el " +"paràmetre <quote>debug_level</quote>, que és permanent, però requereix que " +"es reiniciï l'SSSD, també és possible canviar el nivell de depuració al vol " +"amb l'eina <citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10 +msgid "Currently supported debug levels:" +msgstr "Els nivells de depuració que s'admeten actualment:" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fallides fatals. " +"Qualsevol cosa que impedeixi la posada en marxa de l'SSSD o provoqui el seu " +"cessament." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill SSSD, but one that indicates that at least one major " +"feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Fallides serioses. Un " +"error que anuncia que una petició o una operació en particular ha fallat." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Fallides menors. " +"Aquests són els errors que enterboleixen i poden fer fracassar l'operació " +"dels 2." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Ajusts de la " +"configuració." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" +"<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Dades de les funcions." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Missatges de traça per " +"al funcionament de les funcions." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Missatges de traça per " +"a les funcions internes de control." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contingut de les " +"variables de les funcions internes que poden ser interessants." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Informació de traçat " +"extremadament de baix nivell." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x20000</emphasis>: Performance and " +"statistical data, please note that due to the way requests are processed " +"internally the logged execution time of a request might be longer than it " +"actually was." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:88 include/debug_levels_tools.xml:62 +msgid "" +"<emphasis>10</emphasis>, <emphasis>0x10000</emphasis>: Even more low-level " +"libldb tracing information. Almost never really required." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:93 include/debug_levels_tools.xml:67 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" +"Per registrar els nivells de depuració de la màscara de bits que es " +"requereixi, només heu d'afegir els seus números com es mostra en els " +"següents exemples:" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:97 include/debug_levels_tools.xml:71 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" +"<emphasis>Exemple</emphasis>: Per registrar les fallides fatals, les " +"fallides crítiques, les fallides serioses i les dades de les funcions, " +"utilitzeu0x0270." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:101 include/debug_levels_tools.xml:75 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" +"<emphasis>Exemple</emphasis>: Per registrar les fallides fatals, els ajusts " +"de la configuració, les dades de les funcions, els missatges de traça per a " +"les funcions internes de control, utilitzeu 0x1310." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:106 include/debug_levels_tools.xml:80 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" +"<emphasis>Nota</emphasis>: El format de la màscara de bits dels nivells de " +"depuració es va introduir en la versió 1.7.0." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:110 include/debug_levels_tools.xml:84 +msgid "" +"<emphasis>Default</emphasis>: 0x0070 (i.e. fatal, critical and serious " +"failures; corresponds to setting 2 in decimal notation)" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "EL DOMINI LOCAL" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" +"Per a un funcionament correcte, s'ha de crear un domini amb " +"<quote>id_provider=local</quote> i l'SSSD ha d'estar en execució." + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" +"L'administrador pot ser que vulgui utilitzar els usuaris locals de l'SSSD en " +"lloc dels usuaris tradicionals d'UNIX en els casos en què es requereixi la " +"imbricació dels grups (vegeu <citerefentry> <refentrytitle>sss_groupadd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>). Els usuaris locals " +"també són útils per provar i desplegar l'SSSD sense haver de desplegar tot " +"un servidor remot. Les eines <command>sss_user*</command> i " +"<command>sss_group*</command> utilitzen l'emmagatzematge LDB local per " +"emmagatzemar els usuaris i els grups." + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ldap-attributes</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ad</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +"condition=\"with_files_provider\"> <citerefentry> <refentrytitle>sssd-files</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, </phrase> <phrase " +"condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +"<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> " +"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> </phrase>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "override_homedir (cadena)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:27 +msgid "%l" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "The first letter of the login name." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:32 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:35 +msgid "%o" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:37 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:44 +msgid "" +"The original home directory retrieved from the identity provider, but in " +"lower case." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:49 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:51 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:63 +msgid "This option can also be set per-domain." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:68 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:72 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:76 +msgid "" +"Please note, the home directory from a specific override for the user, " +"either locally (see <citerefentry><refentrytitle>sss_override</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry>) or centrally managed " +"IPA id-overrides, has a higher precedence and will be used instead of the " +"value given by override_homedir." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "homedir_substring (cadena)" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "Per defecte: /home" + +#. type: Content of: <refsect1><title> +#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2 +msgid "MODIFIED DEFAULT OPTIONS" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ad_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and AD provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9 +msgid "KRB5 Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13 +msgid "krb5_validate = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:18 +msgid "krb5_use_enterprise_principal = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:24 +msgid "LDAP Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:28 +msgid "ldap_schema = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38 +msgid "ldap_force_upper_case_realm = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:38 +msgid "ldap_id_mapping = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSS-SPNEGO" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:48 +msgid "ldap_referrals = false" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58 +msgid "ldap_use_tokengroups = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:63 +msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:66 +msgid "" +"The AD provider looks for a different principal than the LDAP provider by " +"default, because in an Active Directory environment the principals are " +"divided into two groups - User Principals and Service Principals. Only User " +"Principal can be used to obtain a TGT and by default, computer object's " +"principal is constructed from its sAMAccountName and the AD realm. The well-" +"known host/hostname@REALM principal is a Service Principal and thus cannot " +"be used to get a TGT with." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:80 +msgid "NSS configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:84 +msgid "fallback_homedir = /home/%d/%u" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:87 +msgid "" +"The AD provider automatically sets \"fallback_homedir = /home/%d/%u\" to " +"provide personal home directories for users without the homeDirectory " +"attribute. If your AD Domain is properly populated with Posix attributes, " +"and you want to avoid this fallback behavior, you can explicitly set " +"\"fallback_homedir = %o\"." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:96 +msgid "" +"Note that the system typically expects a home directory in /home/%u folder. " +"If you decide to use a different directory structure, some other parts of " +"your system may need adjustments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:102 +msgid "" +"For example automated creation of home directories in combination with " +"selinux requires selinux adjustment, otherwise the home directory will be " +"created with wrong selinux context." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ipa_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and IPA provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:18 +msgid "krb5_use_fast = try" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:23 +msgid "krb5_canonicalize = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:29 +msgid "LDAP Provider - General" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:33 +msgid "ldap_schema = ipa_v1" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSSAPI" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:48 +msgid "ldap_sasl_minssf = 56" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ipa" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:64 +msgid "LDAP Provider - User options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:68 +msgid "ldap_user_member_of = memberOf" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:73 +msgid "ldap_user_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:78 +msgid "ldap_user_ssh_public_key = ipaSshPubKey" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:83 +msgid "ldap_user_auth_type = ipaUserAuthType" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:89 +msgid "LDAP Provider - Group options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:93 +msgid "ldap_group_object_class = ipaUserGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:98 +msgid "ldap_group_object_class_alt = posixGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:103 +msgid "ldap_group_member = member" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:108 +msgid "ldap_group_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:113 +msgid "ldap_group_objectsid = ipaNTSecurityIdentifier" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:118 +msgid "ldap_group_external_member = ipaExternalMember" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:3 +msgid "krb5_auth_timeout (integer)" +msgstr "krb5_auth_timeout (enter)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:6 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:17 +msgid "krb5_validate (boolean)" +msgstr "krb5_validate (booleà)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:20 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:29 +msgid "Default: false (IPA and AD provider: true)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:32 +#, fuzzy +#| msgid "" +#| "The descriptions of some of the configuration options in this manual page " +#| "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP " +#| "2.4 distribution." +msgid "" +"Please note that the ticket validation is the first step when checking the " +"PAC (see 'pac_check' in the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page for " +"details). If ticket validation is disabled the PAC checks will be skipped as " +"well." +msgstr "" +"Les descripcions d'algunes de les opcions de configuració en aquesta pàgina " +"del manual es basen en la pàgina del manual <citerefentry>de " +"<refentrytitle>ldap.conf</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> de la distribució d'OpenLDAP 2.4." + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:44 +msgid "krb5_renewable_lifetime (string)" +msgstr "krb5_renewable_lifetime (cadena)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:47 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:52 include/krb5_options.xml:86 +#: include/krb5_options.xml:123 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "<emphasis>s</emphasis> per segons" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:55 include/krb5_options.xml:89 +#: include/krb5_options.xml:126 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "<emphasis>m</emphasis> per minuts" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:58 include/krb5_options.xml:92 +#: include/krb5_options.xml:129 +msgid "<emphasis>h</emphasis> for hours" +msgstr "<emphasis>h</emphasis> per hores" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:61 include/krb5_options.xml:95 +#: include/krb5_options.xml:132 +msgid "<emphasis>d</emphasis> for days." +msgstr "<emphasis>d</emphasis> per dies." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:64 include/krb5_options.xml:135 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:68 include/krb5_options.xml:139 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:73 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:79 +msgid "krb5_lifetime (string)" +msgstr "krb5_lifetime (cadena)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:82 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:98 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:102 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:107 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:114 +msgid "krb5_renew_interval (string)" +msgstr "krb5_renew_interval (cadena)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:117 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:144 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:157 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" + +#, fuzzy +#~| msgid "These options can be used to configure the InfoPipe responder." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "" +#~ "Es poden utilitzar aquestes opcions per configurar el contestador de " +#~ "l'InfoPipe." + +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "" +#~ "Determina si les credencials d'usuari també són emmagatzemades en la " +#~ "memòria cau local de LDB" + +#~ msgid "" +#~ "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +#~ "which translates to \"the name is everything up to the <quote>@</quote> " +#~ "sign, the domain everything after that\"" +#~ msgstr "" +#~ "Per defecte: <quote>(?P<nom>[^@]+)@?(?P<domini>[^@]*$)</" +#~ "quote> que es tradueix per \"el nom és tot el que hi ha fins al símbol " +#~ "<quote>@</quote> , el domini és tot el que hi ha després\"" + +#~ msgid "The LDAP attribute that corresponds to the group name." +#~ msgstr "L'atribut LDAP que es correspon amb el nom del grup." + +#~ msgid "sss_groupmod" +#~ msgstr "sss_groupmod" + +#~ msgid "modify a group" +#~ msgstr "modifica un grup" + +#~ msgid "" +#~ "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>opcions</" +#~ "replaceable></arg> <arg choice='plain'> <replaceable>GRUP</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_groupmod</command> modifies the group to reflect the changes " +#~ "that are specified on the command line." +#~ msgstr "" +#~ "<command>sss_groupmod</command> modifica el grup per reflectir els canvis " +#~ "que s'especifiquen a la línia d'ordres." + +#~ msgid "" +#~ "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-a</option>,<option>--append-group</option> <replaceable>GRUPS</" +#~ "replaceable>" + +#~ msgid "" +#~ "Append this group to groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter " +#~ "is a comma separated list of group names." +#~ msgstr "" +#~ "Afegeix aquest grup als grups especificats amb el paràmetre " +#~ "<replaceable>GRUPS</replaceable>. El paràmetre <replaceable>GRUPS</" +#~ "replaceable> és una llista delimitada per comes dels noms dels grups." + +#~ msgid "" +#~ "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-r</option>,<option>--remove-group</option> <replaceable>GRUPS</" +#~ "replaceable>" + +#~ msgid "" +#~ "Remove this group from groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter." +#~ msgstr "" +#~ "Suprimeix aquest grup dels grups especificats amb el paràmetre " +#~ "<replaceable>GRUPS</replaceable>." + +#~ msgid "The local domain section" +#~ msgstr "La secció del domini local" + +#~ msgid "" +#~ "This section contains settings for domain that stores users and groups in " +#~ "SSSD native database, that is, a domain that uses " +#~ "<replaceable>id_provider=local</replaceable>." +#~ msgstr "" +#~ "Aquesta secció conté paràmetres per a dominis que emmagatzemen els " +#~ "usuaris i grups a la base de dades SSSD nadiu de, és a dir, un domini que " +#~ "utilitza <replaceable>id_provider = local</replaceable>." + +#~ msgid "default_shell (string)" +#~ msgstr "default_shell (cadena)" + +#~ msgid "The default shell for users created with SSSD userspace tools." +#~ msgstr "" +#~ "El shell predeterminat per als usuaris que es creen amb eines de l'espai " +#~ "d'usuari de l'SSSD." + +#~ msgid "Default: <filename>/bin/bash</filename>" +#~ msgstr "Per defecte: <filename>/bin/bash</filename>" + +#~ msgid "base_directory (string)" +#~ msgstr "base_directory (cadena)" + +#~ msgid "" +#~ "The tools append the login name to <replaceable>base_directory</" +#~ "replaceable> and use that as the home directory." +#~ msgstr "" +#~ "Les eines concatenen el nom d'usuari a <replaceable>base_directory</" +#~ "replaceable> i utilitzen aquest com el directori inicial." + +#~ msgid "Default: <filename>/home</filename>" +#~ msgstr "Per defecte: <filename>/home</filename>" + +#~ msgid "create_homedir (bool)" +#~ msgstr "create_homedir (booleà)" + +#~ msgid "remove_homedir (bool)" +#~ msgstr "remove_homedir (booleà)" + +#~ msgid "homedir_umask (integer)" +#~ msgstr "homedir_umask (enter)" + +#~ msgid "" +#~ "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +#~ "<manvolnum>8</manvolnum> </citerefentry> to specify the default " +#~ "permissions on a newly created home directory." +#~ msgstr "" +#~ "Utilitzat per <citerefentry><refentrytitle>sss_useradd</refentrytitle> " +#~ "<manvolnum>8</manvolnum></citerefentry> per especificar els permisos per " +#~ "defecte en un directori inicial acabat de crear." + +#~ msgid "Default: 077" +#~ msgstr "Per defecte: 077" + +#~ msgid "skel_dir (string)" +#~ msgstr "skel_dir (cadena)" + +#~ msgid "" +#~ "The skeleton directory, which contains files and directories to be copied " +#~ "in the user's home directory, when the home directory is created by " +#~ "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +#~ "manvolnum> </citerefentry>" +#~ msgstr "" +#~ "El directori esquemàtic que conté els fitxers i els directoris per copiar " +#~ "al directori inicial, quan el directori inicial de l'usuari es crea amb " +#~ "<citerefentry><refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +#~ "manvolnum></citerefentry>" + +#~ msgid "Default: <filename>/etc/skel</filename>" +#~ msgstr "Per defecte: <filename>/etc/skel</filename>" + +#~ msgid "mail_dir (string)" +#~ msgstr "mail_dir (cadena)" + +#~ msgid "" +#~ "The mail spool directory. This is needed to manipulate the mailbox when " +#~ "its corresponding user account is modified or deleted. If not specified, " +#~ "a default value is used." +#~ msgstr "" +#~ "El directori de gestió de cues del correu. Aquest és necessari per " +#~ "manipular la bústia de correu quan el compte d'usuari corresponent és " +#~ "modificat o suprimit. Si no s'especifica, s'utilitzarà un valor per " +#~ "defecte." + +#~ msgid "Default: <filename>/var/mail</filename>" +#~ msgstr "Per defecte: <filename>/var/correu</filename>" + +#~ msgid "userdel_cmd (string)" +#~ msgstr "userdel_cmd (cadena)" + +#~ msgid "" +#~ "The command that is run after a user is removed. The command us passed " +#~ "the username of the user being removed as the first and only parameter. " +#~ "The return code of the command is not taken into account." +#~ msgstr "" +#~ "L'ordre que s'executa després d'eliminar un usuari. L'ordre passa el nom " +#~ "d'usuari com el primer i únic paràmetre. El codi de retorn de l'ordre no " +#~ "es té en compte." + +#~ msgid "Default: None, no command is run" +#~ msgstr "Per defecte: Cap, no s'executa cap comanda" + +#~ msgid "sss_useradd" +#~ msgstr "sss_useradd" + +#~ msgid "create a new user" +#~ msgstr "crea un nou usuari" + +#~ msgid "" +#~ "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_useradd</command> <arg choice='opt'> <replaceable>OPCIONS</" +#~ "replaceable></arg> <arg choice='plain'> <replaceable>USUARI</" +#~ "replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_useradd</command> creates a new user account using the " +#~ "values specified on the command line plus the default values from the " +#~ "system." +#~ msgstr "" +#~ "<command>sss_useradd</command> crea un nou compte d'usuari amb els valors " +#~ "que s'especifiquen en la línia d'ordres més els valors per defecte del " +#~ "sistema." + +#~ msgid "" +#~ "Set the UID of the user to the value of <replaceable>UID</replaceable>. " +#~ "If not given, it is chosen automatically." +#~ msgstr "" +#~ "Estableix l'UID de l'usuari al valor de l'<replaceable>UID</replaceable>. " +#~ "Si no se'n proporciona cap, es tria automàticament." + +#~ msgid "" +#~ "The home directory of the user account. The default is to append the " +#~ "<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and " +#~ "use that as the home directory. The base that is prepended before " +#~ "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" +#~ "baseDirectory</quote> setting in sssd.conf." +#~ msgstr "" +#~ "El directori inicial del compte de l'usuari. Per defecte s'afegeix " +#~ "l'<replaceable>USUARI</replaceable> a <filename>/home</filename> i " +#~ "s'utilitza aquest com el directori inicial. La base que s'afegeix abans " +#~ "de l'<replaceable>USUARI</replaceable> es pot personalitzar amb l'ajust " +#~ "<quote>user_defaults/baseDirectory</quote> a l'sssd.conf." + +#~ msgid "" +#~ "The user's login shell. The default is currently <filename>/bin/bash</" +#~ "filename>. The default can be changed with <quote>user_defaults/" +#~ "defaultShell</quote> setting in sssd.conf." +#~ msgstr "" +#~ "El shell d'inici de sessió de l'usuari. Per defecte és <filename>/bin/" +#~ "bash</filename>. Es pot canviar el valor per defecte amb l'ajust " +#~ "<quote>user_defaults/defaultShell</quote> de l'sssd.conf." + +#~ msgid "" +#~ "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-G</option>,<option>--groups</option> <replaceable>GRUPS</" +#~ "replaceable>" + +#~ msgid "A list of existing groups this user is also a member of." +#~ msgstr "" +#~ "Una llista dels grups existents que aquest usuari també n'és membre." + +#~ msgid "<option>-m</option>,<option>--create-home</option>" +#~ msgstr "<option>-m</option>,<option>--create-home</option>" + +#~ msgid "" +#~ "Create the user's home directory if it does not exist. The files and " +#~ "directories contained in the skeleton directory (which can be defined " +#~ "with the -k option or in the config file) will be copied to the home " +#~ "directory." +#~ msgstr "" +#~ "Crea el directori inicial de l'usuari si no existeix. Al directori " +#~ "inicial es copiaran els fitxers i els directoris continguts al directori " +#~ "esquemàtic (que es pot definir amb l'opció -k o al fitxer de " +#~ "configuració)." + +#~ msgid "<option>-M</option>,<option>--no-create-home</option>" +#~ msgstr "<option>-M</option>,<option>--no-create-home</option>" + +#~ msgid "" +#~ "Do not create the user's home directory. Overrides configuration settings." +#~ msgstr "" +#~ "No crea el directori inicial de l'usuari. Substitueix els ajusts de la " +#~ "configuració." + +#~ msgid "" +#~ "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-k</option>,<option>--skel</option> " +#~ "<replaceable>DIRECTORI_ESQUEMÀTIC</replaceable>" + +#~ msgid "" +#~ "The skeleton directory, which contains files and directories to be copied " +#~ "in the user's home directory, when the home directory is created by " +#~ "<command>sss_useradd</command>." +#~ msgstr "" +#~ "El directori esquemàtic que conté els fitxers i els directoris per copiar " +#~ "al directori inicial de l'usuari, quan es crea el directori inicial amb " +#~ "<command>sss_useradd</command>." + +#~ msgid "" +#~ "Special files (block devices, character devices, named pipes and unix " +#~ "sockets) will not be copied." +#~ msgstr "" +#~ "No es copiaran els fitxers especials (dispositius de blocs, dispositius " +#~ "de caràcters, canonades amb noms i sòcols d'UNIX)." + +#~ msgid "" +#~ "This option is only valid if the <option>-m</option> (or <option>--create-" +#~ "home</option>) option is specified, or creation of home directories is " +#~ "set to TRUE in the configuration." +#~ msgstr "" +#~ "Aquesta opció tan sols és vàlida si s'especifica l'opció <option>-m</" +#~ "option> (o <option>--create-home</option>), o bé la creació dels " +#~ "directoris inicials està establerta a TRUE a la configuració." + +#~ msgid "" +#~ "The SELinux user for the user's login. If not specified, the system " +#~ "default will be used." +#~ msgstr "" +#~ "L'usuari de SELinux per a l'inici de sessió de l'usuari. Si no " +#~ "s'especifica, s'utilitzarà el predeterminat del sistema." + +#~ msgid "sss_groupadd" +#~ msgstr "sss_groupadd" + +#~ msgid "create a new group" +#~ msgstr "crea un nou grup" + +#~ msgid "" +#~ "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>opcions</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GRUP</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_groupadd</command> creates a new group. These groups are " +#~ "compatible with POSIX groups, with the additional feature that they can " +#~ "contain other groups as members." +#~ msgstr "" +#~ "<command>sss_groupadd</command> crea un nou grup. Aquests grups són " +#~ "compatibles amb els grups POSIX, amb la característica addicional que " +#~ "poden contenir altres grups com a membres." + +#~ msgid "" +#~ "Set the GID of the group to the value of <replaceable>GID</replaceable>. " +#~ "If not given, it is chosen automatically." +#~ msgstr "" +#~ "Estableix el GID del grup al valor del <replaceable>GID</replaceable>. Si " +#~ "no se'n proporciona cap, es tria automàticament." + +#~ msgid "sss_userdel" +#~ msgstr "sss_userdel" + +#~ msgid "delete a user account" +#~ msgstr "suprimeix el compte d'un usuari" + +#~ msgid "" +#~ "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_userdel</command> <arg choice='opt'> <replaceable>opcions</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>USUARI</" +#~ "replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_userdel</command> deletes a user identified by login name " +#~ "<replaceable>LOGIN</replaceable> from the system." +#~ msgstr "" +#~ "<command>sss_userdel</command> suprimeix un usuari identificat amb el nom " +#~ "d'usuari <replaceable>USUARI</replaceable> del sistema." + +#~ msgid "<option>-r</option>,<option>--remove</option>" +#~ msgstr "<option>-r</option>,<option>--remove</option>" + +#~ msgid "" +#~ "Files in the user's home directory will be removed along with the home " +#~ "directory itself and the user's mail spool. Overrides the configuration." +#~ msgstr "" +#~ "Els fitxers al directori inicial de l'usuari seran eliminats juntament " +#~ "amb el mateix directori inicial i la gestió de cues del correu de " +#~ "l'usuari. Substitueix la configuració." + +#~ msgid "" +#~ "Files in the user's home directory will NOT be removed along with the " +#~ "home directory itself and the user's mail spool. Overrides the " +#~ "configuration." +#~ msgstr "" +#~ "Els fitxers al directori inicial de l'usuari no seran eliminats juntament " +#~ "amb el mateix directori inicial i la gestió de cues del correu de " +#~ "l'usuari. Substitueix la configuració." + +#~ msgid "" +#~ "This option forces <command>sss_userdel</command> to remove the user's " +#~ "home directory and mail spool, even if they are not owned by the " +#~ "specified user." +#~ msgstr "" +#~ "Aquesta opció obliga a <command>sss_userdel</command> a suprimir el " +#~ "directori inicial i la gestió de cues del correu de l'usuari, encara que " +#~ "no siguin de la propietat de l'usuari especificat." + +#~ msgid "<option>-k</option>,<option>--kick</option>" +#~ msgstr "<option>-k</option>,<option>--kick</option>" + +#~ msgid "Before actually deleting the user, terminate all his processes." +#~ msgstr "" +#~ "Abans d'eliminar realment a l'usuari, acaba tots els seus processos." + +#~ msgid "sss_groupdel" +#~ msgstr "sss_groupdel" + +#~ msgid "delete a group" +#~ msgstr "suprimeix un grup" + +#~ msgid "" +#~ "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>opcions</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GRUP</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_groupdel</command> deletes a group identified by its name " +#~ "<replaceable>GROUP</replaceable> from the system." +#~ msgstr "" +#~ "<command>sss_groupdel</command> suprimeix un grup identificat amb el seu " +#~ "nom de <replaceable>GRUP</replaceable> del sistema." + +#~ msgid "sss_groupshow" +#~ msgstr "sss_groupshow" + +#~ msgid "print properties of a group" +#~ msgstr "imprimeix les propietats d'un grup" + +#~ msgid "" +#~ "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>opcions</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GRUP</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_groupshow</command> displays information about a group " +#~ "identified by its name <replaceable>GROUP</replaceable>. The information " +#~ "includes the group ID number, members of the group and the parent group." +#~ msgstr "" +#~ "<command>sss_groupshow</command> mostra la informació sobre un grup " +#~ "identificat amb el seu nom de <replaceable>GRUP</replaceable>. La " +#~ "informació inclou el número de l'id. del grup, els membres del grup i el " +#~ "grup primari." + +#~ msgid "<option>-R</option>,<option>--recursive</option>" +#~ msgstr "<option>-R</option>,<option>--recursive</option>" + +#~ msgid "sss_usermod" +#~ msgstr "sss_usermod" + +#~ msgid "modify a user account" +#~ msgstr "modifica el compte d'un usuari" + +#~ msgid "" +#~ "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_usermod</command> <arg choice='opt'> <replaceable>OPCIONS</" +#~ "replaceable></arg> <arg choice='plain'> <replaceable>USUARI</" +#~ "replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_usermod</command> modifies the account specified by " +#~ "<replaceable>LOGIN</replaceable> to reflect the changes that are " +#~ "specified on the command line." +#~ msgstr "" +#~ "<command>sss_usermod</command> modifica el compte especificat amb " +#~ "<replaceable>USUARI</replaceable> per reflectir els canvis que " +#~ "s'especifiquen a la línia d'ordres." + +#~ msgid "The home directory of the user account." +#~ msgstr "El directori inicial del compte de l'usuari." + +#~ msgid "The user's login shell." +#~ msgstr "El shell d'inici de sessió de l'usuari." + +#~ msgid "" +#~ "Append this user to groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter " +#~ "is a comma separated list of group names." +#~ msgstr "" +#~ "Annexa aquest usuari als grups que s'especifiquen amb el paràmetre dels " +#~ "<replaceable>GRUPS</replaceable>. El paràmetre dels <replaceable>GRUPS</" +#~ "replaceable> és una llista delimitada per comes dels noms dels grups." + +#~ msgid "<option>-l</option>,<option>--lock</option>" +#~ msgstr "<option>-l</option>,<option>--lock</option>" + +#~ msgid "Lock the user account. The user won't be able to log in." +#~ msgstr "" +#~ "Bloqueja el compte de l'usuari. L'usuari no podrà iniciar la sessió." + +#~ msgid "<option>-u</option>,<option>--unlock</option>" +#~ msgstr "<option>-u</option>,<option>--unlock</option>" + +#~ msgid "Unlock the user account." +#~ msgstr "Desbloqueja el compte de l'usuari." + +#~ msgid "The SELinux user for the user's login." +#~ msgstr "L'usuari de SELinux per a l'inici de sessió de l'usuari." + +#~ msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +#~ msgstr "" +#~ "<option>--addattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>" + +#~ msgid "Add an attribute/value pair. The format is attrname=value." +#~ msgstr "Afegeix una parella atribut/valor. El format és nomatribut=valor." + +#~ msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +#~ msgstr "" +#~ "<option>--setattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>" + +#~ msgid "" +#~ "Set an attribute to a name/value pair. The format is attrname=value. For " +#~ "multi-valued attributes, the command replaces the values already present" +#~ msgstr "" +#~ "Estableix un atribut a la parella nom/valor. El format és " +#~ "nomatribut=valor. Per als atributs amb múltiples valors, l'ordre " +#~ "substitueix els valors ja presents" + +#~ msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +#~ msgstr "" +#~ "<option>--delattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>" + +#~ msgid "Delete an attribute/value pair. The format is attrname=value." +#~ msgstr "Elimina una parella atribut/valor. El format és nomatribut=valor." + +#~ msgid "Default: /etc/krb5.keytab" +#~ msgstr "Per defecte: /etc/krb5.keytab" + +#~ msgid "new_interval = old_interval*2 + random_offset" +#~ msgstr "new_interval = old_interval*2 + random_offset" + +#~ msgid "memcache_timeout (int)" +#~ msgstr "memcache_timeout (enter)" + +#~ msgid "<option>-f</option>,<option>--debug-to-files</option>" +#~ msgstr "<option>-f</option>,<option>--debug-to-files</option>" + +#~ msgid "" +#~ "Send the debug output to files instead of stderr. By default, the log " +#~ "files are stored in <filename>/var/log/sssd</filename> and there are " +#~ "separate log files for every SSSD service and domain." +#~ msgstr "" +#~ "Envia la sortida de depuració als fitxers en comptes de l'stderr. Per " +#~ "defecte, els fitxers dels registres s'emmagatzemen a <filename>/var/log/" +#~ "sssd</filename> i hi ha fitxers dels registres que se separen per a " +#~ "cadascun dels serveis i dels dominis de l'SSSD." + +#~ msgid "<emphasis>Default</emphasis>: 0" +#~ msgstr "<emphasis>Per defecte</emphasis>: 0" diff --git a/src/man/po/cs.po b/src/man/po/cs.po new file mode 100644 index 0000000..d9646b5 --- /dev/null +++ b/src/man/po/cs.po @@ -0,0 +1,18399 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# sgallagh <sgallagh@redhat.com>, 2011 +# Zdenek <chmelarz@gmail.com>, 2017. #zanata +# Pavel Borecki <pavel.borecki@gmail.com>, 2019. #zanata +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 2.3.0\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" +"PO-Revision-Date: 2022-05-20 09:18+0000\n" +"Last-Translator: Pavel Borecki <pavel.borecki@gmail.com>\n" +"Language-Team: Czech <https://translate.fedoraproject.org/projects/sssd/sssd-" +"manpage-master/cs/>\n" +"Language: cs\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" +"X-Generator: Weblate 4.12.2\n" + +#. type: Content of: <reference><title> +#: sssd.conf.5.xml:8 sssd-ldap.5.xml:5 pam_sss.8.xml:5 pam_sss_gss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5 +#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 +#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sssd-krb5.5.xml:5 +#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5 +#: sssd-files.5.xml:5 sssd-session-recording.5.xml:5 sssd-kcm.8.xml:5 +#: sssd-systemtap.5.xml:5 sssd-ldap-attributes.5.xml:5 +#: sssd_krb5_localauth_plugin.8.xml:5 +msgid "SSSD Manual pages" +msgstr "Manuálové stránky SSSD" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:13 sssd.conf.5.xml:19 +msgid "sssd.conf" +msgstr "sssd.conf" + +# auto translated by TM merge from project: Fedora Elections Guide, version: +# master, DocId: Methods +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:14 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 +#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +#: sssd-files.5.xml:11 sssd-session-recording.5.xml:11 sssd-systemtap.5.xml:11 +#: sssd-ldap-attributes.5.xml:11 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:15 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 +#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +#: sssd-files.5.xml:12 sssd-session-recording.5.xml:12 sssd-kcm.8.xml:12 +#: sssd-systemtap.5.xml:12 sssd-ldap-attributes.5.xml:12 +msgid "File Formats and Conventions" +msgstr "Formáty souborů a konvence" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:20 +msgid "the configuration file for SSSD" +msgstr "soubor s nastaveními pro SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:24 +msgid "FILE FORMAT" +msgstr "FORMÁT SOUBORU" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:32 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" +"<replaceable>[sekce]</replaceable>\n" +"<replaceable>klíč</replaceable> = <replaceable>hodnota</replaceable>\n" +"<replaceable>klíč2</replaceable> = <replaceable>hodnota2,hodnota3</replaceable>\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:27 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Forma zápisu v souboru je ve stylu ini a sestává se ze sekcí a parametrů. " +"Sekce začíná jejím názvem (v hranatých závorkách) a pokračuje až po začátek " +"následující sekce. Příklad jedné sekce s jedno a vícehodnotovými parametry: " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:39 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" +"Používané datové typy jsou řetězce (není třeba obklopovat uvozovkami), celá " +"čísla bolean (s hodnotami <quote>TRUE/FALSE</quote>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:44 +msgid "" +"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" +"Řádek s komentářem začíná na znak # (křížek) (<quote>#</quote>) nebo " +"středník (<quote>;</quote>). Komentáře v rámci řádku nejsou podporovány." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:50 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" +"Všechny sekce mohou mít volitelný <replaceable>popis</replaceable> " +"parametry. Jeho funkcí je pouze oštítkování sekce." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:56 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:62 +msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:65 +msgid "" +"The configuration file <filename>sssd.conf</filename> will include " +"configuration snippets using the include directory <filename>conf.d</" +"filename>. This feature is available if SSSD was compiled with libini " +"version 1.3.0 or later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:72 +msgid "" +"Any file placed in <filename>conf.d</filename> that ends in " +"<quote><filename>.conf</filename></quote> and does not begin with a dot " +"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> " +"to configure SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:80 +msgid "" +"The configuration snippets from <filename>conf.d</filename> have higher " +"priority than <filename>sssd.conf</filename> and will override " +"<filename>sssd.conf</filename> when conflicts occur. If several snippets are " +"present in <filename>conf.d</filename>, then they are included in " +"alphabetical order (based on locale). Files included later have higher " +"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, " +"<filename>02_snippet.conf</filename> etc.) can help visualize the priority " +"(higher number means higher priority)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:94 +msgid "" +"The snippet files require the same owner and permissions as <filename>sssd." +"conf</filename>. Which are by default root:root and 0600." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:101 +msgid "GENERAL OPTIONS" +msgstr "OBECNÉ VOLBY" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:103 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:107 +msgid "Options usable in all sections" +msgstr "Volby použitelné ve všech sekcích" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:111 +msgid "debug_level (integer)" +msgstr "debug_level (celé kladné číslo)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:115 +msgid "debug (integer)" +msgstr "debug (celé kladné číslo)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:118 +msgid "" +"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias " +"for <replaceable>debug_level</replaceable> as a convenience feature. If both " +"are specified, the value of <replaceable>debug_level</replaceable> will be " +"used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:128 +msgid "debug_timestamps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:131 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 +msgid "Default: true" +msgstr "Výchozí: true (pravda)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:141 +msgid "debug_microseconds (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:144 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 +#: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 +#: include/krb5_options.xml:163 +msgid "Default: false" +msgstr "Výchozí: false (nepravda)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:154 +msgid "debug_backtrace_enabled (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:157 +msgid "Enable debug backtrace." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:160 +msgid "" +"In case SSSD is run with debug_level less than 9, everything is logged to a " +"ring buffer in memory and flushed to a log file on any error up to and " +"including `min(0x0040, debug_level)` (i.e. if debug_level is explicitly set " +"to 0 or 1 then only those error levels will trigger backtrace, otherwise up " +"to 2)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:169 +msgid "" +"Feature is only supported for `logger == files` (i.e. setting doesn't have " +"effect for other logger types)." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 +#: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 +#: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 +#: sssd-ldap-attributes.5.xml:890 sssd-ldap-attributes.5.xml:987 +#: sssd-ldap-attributes.5.xml:1045 sssd-ldap-attributes.5.xml:1203 +#: sssd-ldap-attributes.5.xml:1248 include/autofs_attributes.xml:1 +#: include/krb5_options.xml:1 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:182 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "Volby použitelné v sekcích SERVICE a DOMAIN" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:186 +msgid "timeout (integer)" +msgstr "timeout (celé kladné číslo)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:189 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests. Note " +"that after three missed heartbeats the process will terminate itself." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +msgid "Default: 10" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:206 +msgid "SPECIAL SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:209 +msgid "The [sssd] section" +msgstr "Sekce [sssd]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><title> +#: sssd.conf.5.xml:218 +msgid "Section parameters" +msgstr "Parametry sekce" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:220 +msgid "config_file_version (integer)" +msgstr "config_file_version (celé kladné číslo)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:223 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" +"Značí jaká je syntaxe souboru s nastaveními. SSSD 0.6.0 a novější používají " +"verzi 2." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:229 +msgid "services" +msgstr "služby" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:232 +msgid "" +"Comma separated list of services that are started when sssd itself starts. " +"<phrase condition=\"have_systemd\"> The services' list is optional on " +"platforms where systemd is supported, as they will either be socket or D-Bus " +"activated when needed. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:241 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:249 +msgid "" +"<phrase condition=\"have_systemd\"> By default, all services are disabled " +"and the administrator must enable the ones allowed to be used by executing: " +"\"systemctl enable sssd-@service@.socket\". </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 +msgid "reconnection_retries (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 +#: include/failover.xml:100 +msgid "Default: 3" +msgstr "Výchozí: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:271 +msgid "domains" +msgstr "domény" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:274 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter describes the list of domains in the order you want " +"them to be queried. A domain name is recommended to contain only " +"alphanumeric ASCII characters, dashes, dots and underscores. '/' character " +"is forbidden." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 +msgid "re_expression (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:290 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:295 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN SECTIONS " +"for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 +msgid "full_name_format (string)" +msgstr "full_name_format (řetězec)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 +msgid "%1$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 +msgid "user name" +msgstr "uživatelské jméno" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 +msgid "%2$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 +msgid "domain name as specified in the SSSD config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 +msgid "%3$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:344 +msgid "" +"Each domain can have an individual format string configured. See DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:350 +msgid "monitor_resolv_conf (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:353 +msgid "" +"Controls if SSSD should monitor the state of resolv.conf to identify when it " +"needs to update its internal DNS resolver." +msgstr "" +"Ovládá zda SSSD má sledovat stav resolv.conf a zjišťovat tak, zda je " +"zapotřebí aktualizovat svůj vestavěný překlad DNS názvů." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:363 +msgid "try_inotify (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:366 +msgid "" +"By default, SSSD will attempt to use inotify to monitor configuration files " +"changes and will fall back to polling every five seconds if inotify cannot " +"be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:378 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:382 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:389 +msgid "krb5_rcache_dir (string)" +msgstr "krb5_rcache_dir (řetězec)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" +"Složka na souborovém systému kde by SSSD mělo ukládat soubory pro kerberos " +"replay." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:396 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:402 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:409 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:412 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user. Currently the only supported value is '&sssd_user_name;'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:419 +msgid "" +"This option does not work when running socket-activated services, as the " +"user set up to run the processes is set up during compilation time. The way " +"to override the systemd unit files is by creating the appropriate files in /" +"etc/systemd/system/. Keep in mind that any change in the socket user, group " +"or permissions may result in a non-usable SSSD. The same may occur in case " +"of changes of the user running the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:433 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:438 +msgid "default_domain_suffix (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:441 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:451 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False. <phrase condition=\"with_files_provider\"> One exception from " +"this rule are domains with <quote>id_provider=files</quote> that always try " +"to match the behaviour of nss_files and therefore their output is not " +"qualified even when the default_domain_suffix option is used. </phrase>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 +#: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 +#: include/krb5_options.xml:148 +msgid "Default: not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:473 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:476 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:485 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "Default: not set (spaces will not be replaced)" +msgstr "Výchozí: nenastaveno (mezery nebudou nahrazovány)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:498 +msgid "certificate_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:506 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:508 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:516 +msgid "soft_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:518 +msgid "" +"If a connection cannot be established to an OCSP responder the OCSP check is " +"skipped. This option should be used to allow authentication when the system " +"is offline and the OCSP responder cannot be reached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:528 +msgid "ocsp_dgst" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "" +"Digest (hash) function used to create the certificate ID for the OCSP " +"request. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:534 +msgid "sha1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:535 +msgid "sha256" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:536 +msgid "sha384" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:537 +msgid "sha512" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:540 +msgid "Default: sha1 (to allow compatibility with RFC5019-compliant responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:546 +msgid "no_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:548 +msgid "" +"Disables verification completely. This option should only be used for " +"testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "partial_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:556 +msgid "" +"Allow verification to succeed even if a <replaceable>complete</replaceable> " +"chain cannot be built to a self-signed trust-anchor, provided it is possible " +"to construct a chain to a trusted certificate that might not be self-signed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:565 +msgid "ocsp_default_responder=URL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:567 +msgid "" +"Sets the OCSP default responder which should be used instead of the one " +"mentioned in the certificate. URL must be replaced with the URL of the OCSP " +"default responder e.g. http://example.com:80/ocsp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:577 +msgid "ocsp_default_responder_signing_cert=NAME" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:579 +msgid "" +"This option is currently ignored. All needed certificates must be available " +"in the PEM file given by pam_cert_db_path." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:587 +msgid "crl_file=/PATH/TO/CRL/FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:589 +msgid "" +"Use the Certificate Revocation List (CRL) from the given file during the " +"verification of the certificate. The CRL must be given in PEM format, see " +"<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</" +"manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:602 +msgid "soft_crl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:605 +msgid "" +"If a Certificate Revocation List (CRL) is expired ignore the CRL checks for " +"the related certificates. This option should be used to allow authentication " +"when the system is offline and the CRL cannot be renewed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:616 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:619 +msgid "Default: not set, i.e. do not restrict certificate verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:625 +msgid "disable_netlink (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "" +"SSSD hooks into the netlink interface to monitor changes to routes, " +"addresses, links and trigger certain actions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:633 +msgid "" +"The SSSD state changes caused by netlink events may be undesirable and can " +"be disabled by setting this option to 'true'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:638 +msgid "Default: false (netlink changes are detected)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:643 +msgid "enable_files_domain (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:646 +msgid "" +"When this option is enabled, SSSD prepends an implicit domain with " +"<quote>id_provider=files</quote> before any explicitly configured domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:657 +msgid "domain_resolution_order" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:660 +msgid "" +"Comma separated list of domains and subdomains representing the lookup order " +"that will be followed. The list doesn't have to include all possible " +"domains as the missing domains will be looked up based on the order they're " +"presented in the <quote>domains</quote> configuration option. The " +"subdomains which are not listed as part of <quote>lookup_order</quote> will " +"be looked up in a random order for each parent domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:672 +msgid "" +"Please, note that when this option is set the output format of all commands " +"is always fully-qualified even when using short names for input <phrase " +"condition=\"with_files_provider\"> , for all users but the ones managed by " +"the files provider </phrase>. In case the administrator wants the output " +"not fully-qualified, the full_name_format option can be used as shown below: " +"<quote>full_name_format=%1$s</quote> However, keep in mind that during " +"login, login applications often canonicalize the username by calling " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> which, if a shortname is returned for a qualified " +"input (while trying to reach a user which exists in multiple domains) might " +"re-route the login attempt into the domain which uses shortnames, making " +"this workaround totally not recommended in cases where usernames may overlap " +"between domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 +#: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 +msgid "Default: Not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:705 +msgid "implicit_pac_responder (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:708 +msgid "" +"The PAC responder is enabled automatically for the IPA and AD provider to " +"evaluate and check the PAC. If it has to be disabled set this option to " +"'false'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:719 +msgid "core_dumpable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:722 +msgid "" +"This option can be used for general system hardening: setting it to 'false' " +"forbids core dumps for all SSSD processes to avoid leaking plain text " +"passwords. See man page prctl:PR_SET_DUMPABLE for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:734 +msgid "passkey_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "user_verification (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:744 +msgid "" +"Enable or disable the user verification (i.e. PIN, fingerprint) during " +"authentication. If enabled, the PIN will always be requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:750 +msgid "" +"The default is that the key settings decide what to do. In the IPA or " +"kerberos pre-authentication case, this value will be overwritten by the " +"server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "" +"With this parameter the passkey verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:211 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:769 +msgid "SERVICES SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:771 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:778 +msgid "General service configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:780 +msgid "These options can be used to configure any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:797 +msgid "fd_limit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:800 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:814 +msgid "client_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:817 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system. The timeout " +"can't be shorter than 10 seconds. If a lower value is configured, it will be " +"adjusted to 10 seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +#, fuzzy +#| msgid "Default: 200000" +msgid "Default: 60, KCM: 300" +msgstr "Výchozí: 200000" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:831 +msgid "offline_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:834 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. By " +"default SSSD uses incremental behaviour to calculate delay in between " +"retries. So, the wait time for a given retry will be longer than the wait " +"time for the previous ones. After each unsuccessful attempt to go online, " +"the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 +msgid "" +"new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." +"offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:848 +msgid "" +"The offline_timeout default value is 60. The offline_timeout_max default " +"value is 3600. The offline_timeout_random_offset default value is 30. The " +"end result is amount of seconds before next retry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:854 +msgid "" +"Note that the maximum length of each interval is defined by " +"offline_timeout_max (apart of random part)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 +msgid "Default: 60" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:863 +#, fuzzy +#| msgid "ldap_idmap_range_max (integer)" +msgid "offline_timeout_max (integer)" +msgstr "ldap_idmap_range_max (celé číslo)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:866 +msgid "" +"Controls by how much the time between attempts to go online can be " +"incremented following unsuccessful attempts to go online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:871 +msgid "A value of 0 disables the incrementing behaviour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:874 +msgid "" +"The value of this parameter should be set in correlation to offline_timeout " +"parameter value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "" +"With offline_timeout set to 60 (default value) there is no point in setting " +"offlinet_timeout_max to less than 120 as it will saturate instantly. General " +"rule here should be to set offline_timeout_max to at least 4 times " +"offline_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "" +"Although a value between 0 and offline_timeout may be specified, it has the " +"effect of overriding the offline_timeout value so is of little use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:889 +#, fuzzy +#| msgid "Default: 200000" +msgid "Default: 3600" +msgstr "Výchozí: 200000" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:894 +#, fuzzy +#| msgid "ldap_idmap_range_size (integer)" +msgid "offline_timeout_random_offset (integer)" +msgstr "ldap_idmap_range_size (celé číslo)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:897 +msgid "" +"When SSSD is in offline mode it keeps probing backend servers in specified " +"time intervals:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:904 +msgid "" +"This parameter controls the value of the random offset used for the above " +"equation. Final random_offset value will be random number in range:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "[0 - offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:912 +msgid "A value of 0 disables the random offset addition." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:915 +#, fuzzy +#| msgid "Default: 200000" +msgid "Default: 30" +msgstr "Výchozí: 200000" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:920 +msgid "responder_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:923 +msgid "" +"This option specifies the number of seconds that an SSSD responder process " +"can be up without being used. This value is limited in order to avoid " +"resource exhaustion on the system. The minimum acceptable value for this " +"option is 60 seconds. Setting this option to 0 (zero) means that no timeout " +"will be set up to the responder. This option only has effect when SSSD is " +"built with systemd support and when services are either socket or D-Bus " +"activated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 +msgid "Default: 300" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:942 +msgid "cache_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 +msgid "" +"This option specifies whether the responder should query all caches before " +"querying the Data Providers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:960 +msgid "NSS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:962 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:967 +msgid "enum_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:970 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:974 +msgid "Default: 120" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:979 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:982 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" +"Mezipaměť položek může být nastavena na automatické aktualizování položek na " +"pozadí, pokud jsou požadovány za procentem hodnoty entry_cache_timeout pro " +"doménu." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:988 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:998 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 +msgid "Default: 50" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1011 +msgid "entry_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 +msgid "Default: 15" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1025 +msgid "local_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1028 +msgid "" +"Specifies for how many seconds nss_sss should keep local users and groups in " +"negative cache before trying to look it up in the back end again. Setting " +"the option to 0 disables this feature." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "Default: 14400 (4 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1039 +msgid "filter_users, filter_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1042 +msgid "" +"Exclude certain users or groups from being fetched from the sss NSS " +"database. This is particularly useful for system accounts. This option can " +"also be set per-domain or include fully-qualified names to filter only users " +"from the particular domain or by a user principal name (UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1050 +msgid "" +"NOTE: The filter_groups option doesn't affect inheritance of nested group " +"members, since filtering happens after they are propagated for returning via " +"NSS. E.g. a group having a member group filtered out will still have the " +"member users of the latter listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1058 +msgid "Default: root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1063 +msgid "filter_users_in_groups (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1066 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1077 +msgid "fallback_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1080 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1085 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1091 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1095 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1101 +msgid "override_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1104 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1116 +msgid "allowed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1119 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1122 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1126 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1131 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1136 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1139 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1146 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1149 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1153 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1158 +msgid "vetoed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1161 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1166 +msgid "shell_fallback (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1169 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1173 +msgid "Default: /bin/sh" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1178 +msgid "default_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1181 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1187 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 +msgid "get_domains_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" +"Určuje dobu (v sekundách) po které bude seznam dílčích domén považován za " +"platný." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1206 +msgid "memcache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1209 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid. Setting this option to zero will disable the in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1217 +msgid "" +"WARNING: Disabling the in-memory cache will have significant negative impact " +"on SSSD's performance and should only be used for testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1231 +msgid "memcache_size_passwd (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1234 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for passwd requests. Setting the size to 0 will disable the passwd in-" +"memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 +msgid "" +"WARNING: Disabled or too small in-memory cache can have significant negative " +"impact on SSSD's performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1256 +#, fuzzy +#| msgid "ldap_idmap_range_size (integer)" +msgid "memcache_size_group (integer)" +msgstr "ldap_idmap_range_size (celé číslo)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1259 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for group requests. Setting the size to 0 will disable the group in-memory " +"cache." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 +#: include/krb5_options.xml:11 +msgid "Default: 6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1281 +msgid "memcache_size_initgroups (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1284 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for initgroups requests. Setting the size to 0 will disable the initgroups " +"in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1306 +#, fuzzy +#| msgid "ldap_idmap_range_size (integer)" +msgid "memcache_size_sid (integer)" +msgstr "ldap_idmap_range_size (celé číslo)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1309 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for SID related requests. Only SID-by-ID and ID-by-SID requests are " +"currently cached in fast in-memory cache. Setting the size to 0 will " +"disable the SID in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1336 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1349 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1354 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1359 +msgid "pwfield (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1362 +msgid "" +"The value that NSS operations that return users or groups will return for " +"the <quote>password</quote> field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1367 +msgid "Default: <quote>*</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1370 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[nss] section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1374 +msgid "" +"Default: <quote>not set</quote> (remote domains), <phrase " +"condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" +"phrase> <quote>x</quote> (proxy domain with nss_files and sssd-shadowutils " +"target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1386 +msgid "PAM configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1388 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1393 +msgid "offline_credentials_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1396 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 +msgid "Default: 0 (No limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1407 +msgid "offline_failed_login_attempts (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1410 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1420 +msgid "offline_failed_login_delay (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1423 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1428 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 +msgid "Default: 5" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1440 +msgid "pam_verbosity (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1443 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1448 +msgid "Currently sssd supports the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1451 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1454 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1458 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1465 sssd.8.xml:63 +msgid "Default: 1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1471 +msgid "pam_response_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1474 +msgid "" +"A comma separated list of strings which allows to remove (filter) data sent " +"by the PAM responder to pam_sss PAM module. There are different kind of " +"responses sent to pam_sss e.g. messages displayed to the user or environment " +"variables which should be set by pam_sss." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1482 +msgid "" +"While messages already can be controlled with the help of the pam_verbosity " +"option this option allows to filter out other kind of responses as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1489 +msgid "ENV" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1490 +msgid "Do not send any environment variables to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1493 +msgid "ENV:var_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1494 +msgid "Do not send environment variable var_name to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1498 +msgid "ENV:var_name:service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1499 +msgid "Do not send environment variable var_name to service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1487 +msgid "" +"Currently the following filters are supported: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1506 +msgid "" +"The list of strings can either be the list of filters which would set this " +"list of filters and overwrite the defaults. Or each element of the list can " +"be prefixed by a '+' or '-' character which would add the filter to the " +"existing default or remove it from the defaults, respectively. Please note " +"that either all list elements must have a '+' or '-' prefix or none. It is " +"considered as an error to mix both styles." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1517 +msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1520 +msgid "" +"Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1527 +msgid "pam_id_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1530 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1536 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1550 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 +msgid "Display a warning N days before the password expires." +msgstr "Zobrazit varování N dnů před skončením platnosti hesla." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1556 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1567 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 +msgid "Default: 0" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1589 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1592 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to run PAM conversations against trusted domains. Users not " +"included in this list can only access domains marked as public with " +"<quote>pam_public_domains</quote>. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 +msgid "Default: All users are considered trusted by default" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1606 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1620 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1624 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1628 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 +msgid "Default: none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1637 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1640 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbosity is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1653 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1662 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1665 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1672 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1681 +msgid "pam_passkey_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 +msgid "Enable passkey device based authentication." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 +msgid "Default: False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1692 +msgid "passkey_debug_libfido2 (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1695 +msgid "Enable libfido2 library debug messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1703 +msgid "pam_cert_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1706 +msgid "" +"Enable certificate based Smartcard authentication. Since this requires " +"additional communication with the Smartcard which will delay the " +"authentication process this option is disabled by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1717 +msgid "pam_cert_db_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1720 +msgid "The path to the certificate database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 +msgid "Default:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 +msgid "" +"/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " +"certificates in PEM format)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1735 +msgid "pam_cert_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1738 +msgid "" +"With this parameter the PAM certificate verification can be tuned with a " +"comma separated list of options that override the " +"<quote>certificate_verification</quote> value in <quote>[sssd]</quote> " +"section. Supported options are the same of <quote>certificate_verification</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1749 +#, no-wrap +msgid "" +"pam_cert_verification = partial_chain\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1753 +msgid "" +"Default: not set, i.e. use default <quote>certificate_verification</quote> " +"option defined in <quote>[sssd]</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1760 +msgid "p11_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1763 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1772 +#, fuzzy +#| msgid "timeout (integer)" +msgid "passkey_child_timeout (integer)" +msgstr "timeout (celé kladné číslo)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1775 +msgid "" +"How many seconds will the PAM responder wait for passkey_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1784 +msgid "pam_app_services (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1787 +msgid "" +"Which PAM services are permitted to contact domains of type " +"<quote>application</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1796 +msgid "pam_p11_allowed_services (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1799 +msgid "" +"A comma-separated list of PAM service names for which it will be allowed to " +"use Smartcards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1814 +#, no-wrap +msgid "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1803 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in order " +"to replace a default PAM service name for authentication with Smartcards (e." +"g. <quote>login</quote>) with a custom PAM service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd-ad.5.xml:869 sssd-ad.5.xml:947 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1863 +msgid "gnome-screensaver" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1871 +msgid "p11_wait_for_card_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1874 +msgid "" +"If Smartcard authentication is required how many extra seconds in addition " +"to p11_child_timeout should the PAM responder wait until a Smartcard is " +"inserted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1885 +msgid "p11_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1888 +msgid "" +"PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " +"selection of devices used for Smartcard authentication. By default SSSD's " +"p11_child will search for a PKCS#11 slot (reader) where the 'removable' " +"flags is set and read the certificates from the inserted token from the " +"first slot found. If multiple readers are connected p11_uri can be used to " +"tell p11_child to use a specific reader." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1901 +#, no-wrap +msgid "" +"p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1905 +#, no-wrap +msgid "" +"p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1899 +msgid "" +"Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " +"type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " +"debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' " +"with e.g. the '--list-all' will show PKCS#11 URIs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1918 +msgid "pam_initgroups_scheme" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1926 +msgid "always" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1927 +msgid "" +"Always do an online lookup, please note that pam_id_timeout still applies" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1931 +msgid "no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1932 +msgid "" +"Only do an online lookup if there is no active session of the user, i.e. if " +"the user is currently not logged in" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1937 +msgid "never" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1938 +msgid "" +"Never force an online lookup, use the data from the cache as long as they " +"are not expired" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1921 +msgid "" +"The PAM responder can force an online lookup to get the current group " +"memberships of the user trying to log in. This option controls when this " +"should be done and the following values are allowed: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1945 +msgid "Default: no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 +msgid "pam_gssapi_services" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1953 +msgid "" +"Comma separated list of PAM services that are allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1958 +msgid "" +"To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[pam] section. It can also be set for trusted domain which overwrites the " +"value in the domain section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1970 +#, no-wrap +msgid "" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1974 +msgid "Default: - (GSSAPI authentication is disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 +msgid "pam_gssapi_check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1982 +msgid "" +"If True, SSSD will require that the Kerberos user principal that " +"successfully authenticated through GSSAPI can be associated with the user " +"who is being authenticated. Authentication will fail if the check fails." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1989 +msgid "" +"If False, every user that is able to obtained required service ticket will " +"be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 +#: sssd-files.5.xml:145 +msgid "Default: True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2004 +msgid "pam_gssapi_indicators_map" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2007 +msgid "" +"Comma separated list of authentication indicators required to be present in " +"a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2013 +msgid "" +"Each element of the list can be either an authentication indicator name or a " +"pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " +"service name will be required to access any PAM service configured to be " +"used with <option>pam_gssapi_services</option>. A resulting list of " +"indicators per PAM service is then checked against indicators in the " +"Kerberos ticket during authentication by pam_sss_gss.so. Any indicator from " +"the ticket that matches the resulting list of indicators for the PAM service " +"would grant access. If none of the indicators in the list match, access will " +"be denied. If the resulting list of indicators for the PAM service is empty, " +"the check will not prevent the access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"To disable GSSAPI authentication indicator check, set this option to <quote>-" +"</quote> (dash). To disable the check for a specific PAM service, add " +"<quote>service:-</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "" +"Following authentication indicators are supported by IPA Kerberos " +"deployments:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"pkinit -- pre-authentication using X.509 certificates -- whether stored in " +"files or on smart cards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2043 +msgid "" +"hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " +"FAST channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2046 +msgid "radius -- pre-authentication with the help of a RADIUS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2049 +msgid "" +"otp -- pre-authentication using integrated two-factor authentication (2FA or " +"one-time password, OTP) in IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2052 +msgid "idp -- pre-authentication using external identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:2062 +#, no-wrap +msgid "" +"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2057 +msgid "" +"Example: to require access to SUDO services only for users which obtained " +"their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " +"set <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2066 +msgid "Default: not set (use of authentication indicators is not required)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2074 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2076 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2093 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2096 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2108 +msgid "sudo_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2111 +msgid "" +"Maximum number of expired rules that can be refreshed at once. If number of " +"expired rules is below threshold, those rules are refreshed with " +"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a " +"<quote>full refresh</quote> of sudo rules is triggered instead. This " +"threshold number also applies to IPA sudo command and command group searches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2130 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2132 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2136 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2139 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2155 +msgid "SSH configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2157 +msgid "These options can be used to configure the SSH service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2161 +msgid "ssh_hash_known_hosts (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2164 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2173 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2176 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2180 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2185 +msgid "ssh_use_certificate_keys (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2188 +msgid "" +"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " +"keys derived from the public key of X.509 certificates stored in the user " +"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2203 +msgid "ssh_use_certificate_matching_rules (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2206 +msgid "" +"By default the ssh responder will use all available certificate matching " +"rules to filter the certificates so that ssh keys are only derived from the " +"matching ones. With this option the used rules can be restricted with a " +"comma separated list of mapping and matching rule names. All other rules " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2215 +msgid "" +"There are two special key words 'all_rules' and 'no_rules' which will enable " +"all or no rules, respectively. The latter means that no certificates will be " +"filtered out and ssh keys will be generated from all valid certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2222 +msgid "" +"If no rules are configured using 'all_rules' will enable a default rule " +"which enables all certificates suitable for client authentication. This is " +"the same behavior as for the PAM responder if certificate authentication is " +"enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2229 +msgid "" +"A non-existing rule name is considered an error. If as a result no rule is " +"selected all certificates will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2234 +msgid "" +"Default: not set, equivalent to 'all_rules', all found rules or the default " +"rule are used" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2240 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2243 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2263 +msgid "PAC responder configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2265 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. If " +"the PAC is decoded and evaluated some of the following operations are done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2274 +msgid "" +"If the remote user does not exist in the cache, it is created. The UID is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"GID will have the same value as the UID. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2282 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2288 +msgid "These options can be used to configure the PAC responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 +msgid "allowed_uids (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2295 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2301 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2305 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2314 +msgid "pac_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2317 +msgid "" +"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " +"data can be used to determine the group memberships of a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2327 +#, fuzzy +#| msgid "krb5_rcache_dir (string)" +msgid "pac_check (string)" +msgstr "krb5_rcache_dir (řetězec)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2330 +msgid "" +"Apply additional checks on the PAC of the Kerberos ticket which is available " +"in Active Directory and FreeIPA domains, if configured. Please note that " +"Kerberos ticket validation must be enabled to be able to check the PAC, i.e. " +"the krb5_validate option must be set to 'True' which is the default for the " +"IPA and AD provider. If krb5_validate is set to 'False' the PAC checks will " +"be skipped." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2344 +msgid "no_check" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2346 +msgid "" +"The PAC must not be present and even if it is present no additional checks " +"will be done." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2352 +msgid "pac_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2354 +msgid "" +"The PAC must be present in the service ticket which SSSD will request with " +"the help of the user's TGT. If the PAC is not available the authentication " +"will fail." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2362 +msgid "check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2364 +msgid "" +"If the PAC is present check if the user principal name (UPN) information is " +"consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2370 +msgid "check_upn_allow_missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2372 +msgid "" +"This option should be used together with 'check_upn' and handles the case " +"where a UPN is set on the server-side but is not read by SSSD. The typical " +"example is a FreeIPA domain where 'ldap_user_principal' is set to a not " +"existing attribute name. This was typically done to work-around issues in " +"the handling of enterprise principals. But this is fixed since quite some " +"time and FreeIPA can handle enterprise principals just fine and there is no " +"need anymore to set 'ldap_user_principal'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2384 +msgid "" +"Currently this option is set by default to avoid regressions in such " +"environments. A log message will be added to the system log and SSSD's debug " +"log in case a UPN is found in the PAC but not in SSSD's cache. To avoid this " +"log message it would be best to evaluate if the 'ldap_user_principal' option " +"can be removed. If this is not possible, removing 'check_upn' will skip the " +"test and avoid the log message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2398 +msgid "upn_dns_info_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2400 +msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2405 +msgid "check_upn_dns_info_ex" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2407 +msgid "" +"If the PAC is present and the extension to the UPN-DNS-INFO buffer is " +"available check if the information in the extension is consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2414 +msgid "upn_dns_info_ex_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2416 +msgid "" +"The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " +"'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2340 +msgid "" +"The following options can be used alone or in a comma-separated list: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2426 +msgid "" +"Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " +"check_upn_dns_info_ex')" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2435 +msgid "Session recording configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2437 +msgid "" +"Session recording works in conjunction with <citerefentry> " +"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>, a part of tlog package, to log what users see and type when " +"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-" +"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2450 +msgid "These options can be used to configure session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 +msgid "scope (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 +msgid "\"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 +msgid "No users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 +msgid "\"some\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 +msgid "" +"Users/groups specified by <replaceable>users</replaceable> and " +"<replaceable>groups</replaceable> options are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 +msgid "\"all\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 +msgid "All users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 +msgid "" +"One of the following strings specifying the scope of session recording: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 +msgid "Default: \"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 +msgid "users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 +msgid "" +"A comma-separated list of users which should have session recording enabled. " +"Matches user names as returned by NSS. I.e. after the possible space " +"replacement, case changes, etc." +msgstr "" +"Čárkou oddělovaný seznam uživatelů, kterým zapnout zaznamenávání relace. " +"Shodující se uživatelská jména jsou vrácena z NSS. T.j. po možném nahrazení " +"mezer, změně velikosti písmen, atd." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 +msgid "Default: Empty. Matches no users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 +msgid "groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 +msgid "" +"A comma-separated list of groups, members of which should have session " +"recording enabled. Matches group names as returned by NSS. I.e. after the " +"possible space replacement, case changes, etc." +msgstr "" +"Čárkou oddělovaný seznam skupin, dále členů, pro které zapnout zaznamenávání " +"relace. Odpovídající názvy skupin jsou vráceny z NSS. Tj. po možném " +"nahrazení mezer, změn velikosti písmen, atd." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 +#: sssd-session-recording.5.xml:161 +msgid "" +"NOTE: using this option (having it set to anything) has a considerable " +"performance cost, because each uncached request for a user requires " +"retrieving and matching the groups the user is member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 +msgid "Default: Empty. Matches no groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 +#, fuzzy +#| msgid "simple_deny_users (string)" +msgid "exclude_users (string)" +msgstr "simple_deny_users (řetězec)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 +msgid "" +"A comma-separated list of users to be excluded from recording, only " +"applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 +msgid "Default: Empty. No users excluded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 +#, fuzzy +#| msgid "simple_deny_groups (string)" +msgid "exclude_groups (string)" +msgstr "simple_deny_groups (řetězec)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 +msgid "" +"A comma-separated list of groups, members of which should be excluded from " +"recording. Only applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 +msgid "Default: Empty. No groups excluded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2568 +msgid "DOMAIN SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2575 +msgid "enabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2578 +msgid "" +"Explicitly enable or disable the domain. If <quote>true</quote>, the domain " +"is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " +"always <quote>disabled</quote>. If this option is not set, the domain is " +"enabled only if it is listed in the domains option in the <quote>[sssd]</" +"quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2590 +msgid "domain_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2593 +msgid "" +"Specifies whether the domain is meant to be used by POSIX-aware clients such " +"as the Name Service Switch or by applications that do not need POSIX data to " +"be present or generated. Only objects from POSIX domains are available to " +"the operating system interfaces and utilities." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2601 +msgid "" +"Allowed values for this option are <quote>posix</quote> and " +"<quote>application</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2605 +msgid "" +"POSIX domains are reachable by all services. Application domains are only " +"reachable from the InfoPipe responder (see <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>) and the PAM responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2613 +msgid "" +"NOTE: The application domains are currently well tested with " +"<quote>id_provider=ldap</quote> only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2617 +msgid "" +"For an easy way to configure a non-POSIX domains, please see the " +"<quote>Application domains</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2621 +msgid "Default: posix" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2627 +msgid "min_id,max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2630 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2635 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2642 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2646 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2652 +msgid "enumerate (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2655 +msgid "" +"Determines if a domain can be enumerated, that is, whether the domain can " +"list all the users and group it contains. Note that it is not required to " +"enable enumeration in order for secondary groups to be displayed. This " +"parameter can have one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2663 +msgid "TRUE = Users and groups are enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2666 +msgid "FALSE = No enumerations for this domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 +msgid "Default: FALSE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2672 +msgid "" +"Enumerating a domain requires SSSD to download and store ALL user and group " +"entries from the remote server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2677 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed. This can lead to the <quote>sssd_be</" +"quote> process becoming unresponsive or even restarted by the internal " +"watchdog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2692 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2697 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2705 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2713 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2720 +msgid "all" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2721 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2724 +msgid "none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2725 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2716 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2739 +msgid "entry_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2742 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2746 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2759 +msgid "Default: 5400" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2765 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2768 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2778 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2781 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2791 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2794 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2804 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2807 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2817 +msgid "entry_cache_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2820 +msgid "" +"How many seconds should nss_sss consider hosts and networks entries valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2831 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2834 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2844 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2847 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2858 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2861 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" +"Kolik sekund ponechat ssh klíč hostitele po opětovném načtení. T.j. po jak " +"dlouhou dobu ponechávat klíč hostitel v mezipaměti." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2872 +msgid "entry_cache_computer_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2875 +msgid "" +"How many seconds to keep the local computer entry before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2885 +msgid "refresh_expired_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2888 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2893 +msgid "" +"The background refresh will process users, groups and netgroups in the " +"cache. For users who have performed the initgroups (get group membership for " +"user, typically ran at login) operation in the past, both the user entry " +"and the group membership are updated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2901 +msgid "This option is automatically inherited for all trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2905 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2909 +msgid "" +"Cache entry will be refreshed by background task when 2/3 of cache timeout " +"has already passed. If there are existing cached entries, the background " +"task will refer to their original cache timeout values instead of current " +"configuration value. This may lead to a situation in which background " +"refresh task appears to not be working. This is done by design to improve " +"offline mode operation and reuse of existing valid cache entries. To make " +"this change instant the user may want to manually invalidate existing cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 +#: sssd-ipa.5.xml:270 +msgid "Default: 0 (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2928 +msgid "cache_credentials (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2942 +msgid "" +"Take a note that while credentials are stored as a salted SHA512 hash, this " +"still potentially poses some security risk in case an attacker manages to " +"get access to a cache file (normally requires privileged access) and to " +"break a password using brute force attack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2956 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2959 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" +"Pokud je používáno dvoufaktorové ověřování (2FA) a přihlašovací údaje mají " +"být ukládány, tato hodnota určuje nejkratší umožněnou délku pro hlavní " +"faktor ověřování (dlouhodobé heslo), od které je třeba ho uložit jako SHA512 " +"otisk do mezipaměti." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2966 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2977 +msgid "account_cache_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2980 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2987 +msgid "Default: 0 (unlimited)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2992 +msgid "pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3003 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3010 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3016 +msgid "id_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3019 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3023 +msgid "<quote>proxy</quote>: Support a legacy NSS provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3026 +msgid "" +"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" +"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on how to mirror local users and groups into SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3034 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3062 +msgid "use_fully_qualified_names (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3065 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3070 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3078 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3085 +msgid "" +"Default: FALSE (TRUE for trusted domain/sub-domains or if " +"default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3092 +msgid "ignore_group_members (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3095 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3098 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3116 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 +msgid "" +"This option can be also set per subdomain or inherited via " +"<emphasis>subdomain_inherit</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3132 +msgid "auth_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3135 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3146 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3170 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3173 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3176 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3182 +msgid "access_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3185 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3191 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3194 +msgid "<quote>deny</quote> always deny access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3221 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3228 +msgid "" +"<quote>krb5</quote>: .k5login based access control. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3235 +msgid "<quote>proxy</quote> for relaying access control to another PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3238 +msgid "Default: <quote>permit</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3243 +msgid "chpass_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3246 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3251 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3259 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3284 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3288 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3291 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3298 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3301 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3305 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3313 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3317 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3321 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3328 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3343 +msgid "" +"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " +"background unless the sudo provider is explicitly disabled. Set " +"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related " +"activity in SSSD if you do not want to use sudo with SSSD at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3353 +msgid "selinux_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3356 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3362 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3370 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3373 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3379 +msgid "subdomains_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3382 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3388 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3397 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3406 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3416 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3419 +msgid "" +"The provider which configures and manages user session related tasks. The " +"only user session task currently provided is the integration with Fleet " +"Commander, which works only with IPA. Supported session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3426 +msgid "<quote>ipa</quote> to allow performing user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3430 +msgid "" +"<quote>none</quote> does not perform any kind of user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3434 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can perform " +"session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3438 +msgid "" +"<emphasis>NOTE:</emphasis> In order to have this feature working as expected " +"SSSD must be running as \"root\" and not as the unprivileged user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3446 +msgid "autofs_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3449 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3453 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3460 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3468 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3477 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3487 +msgid "hostid_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3490 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3494 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3502 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3512 +msgid "resolver_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3515 +msgid "" +"The provider which should handle hosts and networks lookups. Supported " +"resolver providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3519 +msgid "" +"<quote>proxy</quote> to forward lookups to another NSS library. See " +"<quote>proxy_resolver_lib_name</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3523 +msgid "" +"<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3530 +msgid "" +"<quote>ad</quote> to fetch hosts and networks stored in AD. See " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring the AD " +"provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3538 +msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3551 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3560 +msgid "" +"Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" +"[^@]+))$</quote> which allows two different styles for user names:" +msgstr "" + +# auto translated by TM merge from project: Fedora Websites, version: +# fedorahosted.org, DocId: po/fedorahosted +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 +msgid "username" +msgstr "username" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 +msgid "username@domain.name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3573 +msgid "" +"Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" +"name>[^@\\\\]+)))$</quote> which allows three different styles for user " +"names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3585 +msgid "domain\\username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3588 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3593 +msgid "" +"The default re_expression uses the <quote>@</quote> character as a separator " +"between the name and the domain. As a result of this setting the default " +"does not accept the <quote>@</quote> character in short names (as it is " +"allowed in Windows group names). If a user wishes to use short names with " +"<quote>@</quote> they must create their own re_expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3645 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3651 +msgid "lookup_family_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3654 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3658 +msgid "Supported values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3661 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3664 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3667 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3670 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3673 +msgid "Default: ipv4_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3679 +#, fuzzy +#| msgid "dns_resolver_timeout" +msgid "dns_resolver_server_timeout (integer)" +msgstr "dns_resolver_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3682 +msgid "" +"Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " +"server before trying next DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3687 +msgid "" +"The AD provider will use this option for the CLDAP ping timeouts as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 +msgid "" +"Please see the section <quote>FAILOVER</quote> for more information about " +"the service resolution." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 +msgid "Default: 1000" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3702 +#, fuzzy +#| msgid "dns_resolver_op_timeout" +msgid "dns_resolver_op_timeout (integer)" +msgstr "dns_resolver_op_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3705 +msgid "" +"Defines the amount of time (in seconds) to wait to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or DNS discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3722 +msgid "dns_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3725 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the " +"internal fail over service before assuming that the service is unreachable. " +"If this timeout is reached, the domain will continue to operate in offline " +"mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3743 +#, fuzzy +#| msgid "dns_resolver_timeout" +msgid "dns_resolver_use_search_list (bool)" +msgstr "dns_resolver_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3746 +msgid "" +"Normally, the DNS resolver searches the domain list defined in the " +"\"search\" directive from the resolv.conf file. This can lead to delays in " +"environments with improperly configured DNS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3752 +msgid "" +"If fully qualified domain names (or _srv_) are used in the SSSD " +"configuration, setting this option to FALSE can prevent unnecessary DNS " +"lookups in such environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3758 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: TRUE" +msgstr "Výchozí: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3764 +msgid "dns_discovery_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3767 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3771 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3777 +msgid "override_gid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3780 +msgid "Override the primary GID value with the one specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3786 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3793 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3796 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3802 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3804 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3808 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3811 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3819 +msgid "" +"If you want to set this value for trusted domain with IPA provider, you need " +"to set it on both the client and SSSD on the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3789 +msgid "" +"Treat user and group names as case sensitive. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3834 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3840 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3843 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3849 +#, fuzzy +#| msgid "dns_resolver_timeout" +msgid "ldap_search_timeout" +msgstr "dns_resolver_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3852 +#, fuzzy +#| msgid "dns_resolver_timeout" +msgid "ldap_network_timeout" +msgstr "dns_resolver_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3855 +#, fuzzy +#| msgid "dns_resolver_op_timeout" +msgid "ldap_opt_timeout" +msgstr "dns_resolver_op_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3858 +#, fuzzy +#| msgid "dns_resolver_timeout" +msgid "ldap_offline_timeout" +msgstr "dns_resolver_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3861 +#, fuzzy +#| msgid "dns_resolver_op_timeout" +msgid "ldap_enumeration_refresh_timeout" +msgstr "dns_resolver_op_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3864 +msgid "ldap_enumeration_refresh_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3867 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3870 +msgid "ldap_purge_cache_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3873 +msgid "" +"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " +"is not set explicitly)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3877 +msgid "ldap_krb5_ticket_lifetime" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3880 +#, fuzzy +#| msgid "dns_resolver_op_timeout" +msgid "ldap_enumeration_search_timeout" +msgstr "dns_resolver_op_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3883 +#, fuzzy +#| msgid "dns_resolver_op_timeout" +msgid "ldap_connection_expire_timeout" +msgstr "dns_resolver_op_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3886 +#, fuzzy +#| msgid "dns_resolver_op_timeout" +msgid "ldap_connection_expire_offset" +msgstr "dns_resolver_op_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3889 +msgid "ldap_connection_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 +msgid "ldap_use_tokengroups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3895 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3898 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3901 +msgid "auto_private_groups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3904 +msgid "case_sensitive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:3909 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3916 +msgid "Note: This option only works with the IPA and AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3923 +msgid "subdomain_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3934 +msgid "%F" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3935 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3926 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3940 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3944 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3949 +msgid "realmd_tags (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3952 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "Různé štítky uložené službou nastavování realmd pro tuto doménu." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3958 +msgid "cached_auth_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3961 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode. If the credentials are incorrect, SSSD falls back to online " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3969 +msgid "" +"This option's value is inherited by all trusted domains. At the moment it is " +"not possible to set a different value per trusted domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3974 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3978 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "simple_deny_users (string)" +msgid "local_auth_policy (string)" +msgstr "simple_deny_users (řetězec)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: match" +msgstr "Výchozí: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 +msgid "auto_private_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4050 +msgid "true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4053 +msgid "" +"Create user's private group unconditionally from user's UID number. The GID " +"number is ignored in this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4057 +msgid "" +"NOTE: Because the GID number and the user private group are inferred from " +"the UID number, it is not supported to have multiple entries with the same " +"UID or GID number with this option. In other words, enabling this option " +"enforces uniqueness across the ID space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4066 +msgid "false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4069 +msgid "" +"Always use the user's primary GID number. The GID number must refer to a " +"group object in the LDAP database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4075 +msgid "hybrid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4078 +msgid "" +"A primary group is autogenerated for user entries whose UID and GID numbers " +"have the same value and at the same time the GID number does not correspond " +"to a real group object in LDAP. If the values are the same, but the primary " +"GID in the user entry is also used by a group object, the primary GID of the " +"user resolves to that group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4091 +msgid "" +"If the UID and GID of a user are different, then the GID must correspond to " +"a group entry, otherwise the GID is simply not resolvable." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4098 +msgid "" +"This feature is useful for environments that wish to stop maintaining a " +"separate group objects for the user private groups, but also wish to retain " +"the existing user private groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4047 +msgid "" +"This option takes any of three available values: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4110 +msgid "" +"For subdomains, the default value is False for subdomains that use assigned " +"POSIX IDs and True for subdomains that use automatic ID-mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4118 +#, no-wrap +msgid "" +"[domain/forest.domain/sub.domain]\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4124 +#, no-wrap +msgid "" +"[domain/forest.domain]\n" +"subdomain_inherit = auto_private_groups\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4115 +msgid "" +"The value of auto_private_groups can either be set per subdomains in a " +"subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " +"globally for all subdomains in the main domain section using the " +"subdomain_inherit option: <placeholder type=\"programlisting\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2570 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4139 +msgid "proxy_pam_target (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4142 +msgid "The proxy target PAM proxies to." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4145 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4155 +msgid "proxy_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4158 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4168 +msgid "proxy_resolver_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4171 +msgid "" +"The name of the NSS library to use for hosts and networks lookups in proxy " +"domains. The NSS functions searched for in the library are in the form of " +"_nss_$(libName)_$(function), for example _nss_dns_gethostbyname2_r." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4182 +msgid "proxy_fast_alias (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4185 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4199 +msgid "proxy_max_children (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4202 +msgid "" +"This option specifies the number of pre-forked proxy children. It is useful " +"for high-load SSSD environments where sssd may run out of available child " +"slots, which would cause some issues due to the requests being queued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4135 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:4218 +msgid "Application domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4220 +msgid "" +"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " +"applications as a gateway to an LDAP directory where users and groups are " +"stored. However, contrary to the traditional SSSD deployment where all users " +"and groups either have POSIX attributes or those attributes can be inferred " +"from the Windows SIDs, in many cases the users and groups in the application " +"support scenario have no POSIX attributes. Instead of setting a " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the " +"administrator can set up an <quote>[application/<replaceable>NAME</" +"replaceable>]</quote> section that internally represents a domain with type " +"<quote>application</quote> optionally inherits settings from a tradition " +"SSSD domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4240 +msgid "" +"Please note that the application domain must still be explicitly enabled in " +"the <quote>domains</quote> parameter so that the lookup order between the " +"application domain and its POSIX sibling domain is set correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:4246 +msgid "Application domain parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4248 +msgid "inherit_from (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4251 +msgid "" +"The SSSD POSIX-type domain the application domain inherits all settings " +"from. The application domain can moreover add its own settings to the " +"application settings that augment or override the <quote>sibling</quote> " +"domain settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4265 +msgid "" +"The following example illustrates the use of an application domain. In this " +"setup, the POSIX domain is connected to an LDAP server and is used by the OS " +"through the NSS responder. In addition, the application domain also requests " +"the telephoneNumber attribute, stores it as the phone attribute in the cache " +"and makes the phone attribute reachable through the D-Bus interface." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> +#: sssd.conf.5.xml:4273 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = appdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +phone\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/appdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = phone:telephoneNumber\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4293 +msgid "TRUSTED DOMAIN SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4295 +msgid "" +"Some options used in the domain section can also be used in the trusted " +"domain section, that is, in a section called <quote>[domain/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</" +"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base " +"domain. Please refer to examples below for explanation. Currently supported " +"options in the trusted domain section are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4302 +msgid "ldap_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4303 +msgid "ldap_user_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4304 +msgid "ldap_group_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4305 +msgid "ldap_netgroup_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4306 +msgid "ldap_service_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4307 +msgid "ldap_sasl_mech," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4308 +msgid "ad_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4309 +msgid "ad_backup_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4310 +msgid "ad_site," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 +msgid "use_fully_qualified_names" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4315 +msgid "" +"For more details about these options see their individual description in the " +"manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4321 +msgid "CERTIFICATE MAPPING SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4323 +msgid "" +"To allow authentication with Smartcards and certificates SSSD must be able " +"to map certificates to users. This can be done by adding the full " +"certificate to the LDAP object of the user or to a local override. While " +"using the full certificate is required to use the Smartcard authentication " +"feature of SSH (see <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> for details) it " +"might be cumbersome or not even possible to do this for the general case " +"where local services use PAM for authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4337 +msgid "" +"To make the mapping more flexible mapping and matching rules were added to " +"SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4346 +msgid "" +"A mapping and matching rule can be added to the SSSD configuration in a " +"section on its own with a name like <quote>[certmap/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</" +"replaceable>]</quote>. In this section the following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4353 +msgid "matchrule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4356 +msgid "" +"Only certificates from the Smartcard which matches this rule will be " +"processed, all others are ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4360 +msgid "" +"Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " +"Extended Key Usage <quote>clientAuth</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4367 +msgid "maprule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4370 +msgid "Defines how the user is found for a given certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4376 +msgid "" +"LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " +"<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4382 +msgid "" +"The RULE_NAME for the <quote>files</quote> provider which tries to find a " +"user with the same name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4391 +msgid "domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4394 +msgid "" +"Comma separated list of domain names the rule should be applied. By default " +"a rule is only valid in the domain configured in sssd.conf. If the provider " +"supports subdomains this option can be used to add the rule to subdomains as " +"well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4401 +msgid "Default: the configured domain in sssd.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4406 +msgid "priority (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4409 +msgid "" +"Unsigned integer value defining the priority of the rule. The higher the " +"number the lower the priority. <quote>0</quote> stands for the highest " +"priority while <quote>4294967295</quote> is the lowest." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4415 +msgid "Default: the lowest priority" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4421 +msgid "" +"To make the configuration simple and reduce the amount of configuration " +"options the <quote>files</quote> provider has some special properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4427 +msgid "" +"if maprule is not set the RULE_NAME name is assumed to be the name of the " +"matching user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4433 +msgid "" +"if a maprule is used both a single user name or a template like " +"<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " +"<quote>(username)</quote> or <quote>({subject_rfc822_name.short_name})</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4442 +msgid "the <quote>domains</quote> option is ignored" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4450 +msgid "PROMPTING CONFIGURATION SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4452 +msgid "" +"If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" +"filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " +"which authentication methods are available for the user trying to log in. " +"Based on the results pam_sss will prompt the user for appropriate " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4460 +msgid "" +"With the growing number of authentication methods and the possibility that " +"there are multiple ones for a single user the heuristic used by pam_sss to " +"select the prompting might not be suitable for all use cases. The following " +"options should provide a better flexibility here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4472 +msgid "[prompting/password]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4475 +msgid "password_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4476 +msgid "to change the string of the password prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4474 +msgid "" +"to configure password prompting, allowed options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4484 +msgid "[prompting/2fa]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4488 +msgid "first_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4489 +msgid "to change the string of the prompt for the first factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4492 +msgid "second_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4493 +msgid "to change the string of the prompt for the second factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4496 +msgid "single_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4497 +msgid "" +"boolean value, if True there will be only a single prompt using the value of " +"first_prompt where it is expected that both factors are entered as a single " +"string. Please note that both factors have to be entered here, even if the " +"second factor is optional." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4486 +msgid "" +"to configure two-factor authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " +"optional and it should be possible to log in either only with the password " +"or with both factors two-step prompting has to be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4514 +msgid "[prompting/passkey]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4522 +msgid "" +"boolean value, if True prompt a message and wait before testing the presence " +"of a passkey device. Recommended if your device doesn’t have a tactile " +"trigger." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4530 +msgid "interactive_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4532 +msgid "to change the message of the interactive prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4537 +msgid "touch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4539 +msgid "" +"boolean value, if True prompt a message to remind the user to touch the " +"device." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4545 +msgid "touch_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4547 +msgid "to change the message of the touch prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4516 +msgid "" +"to configure passkey authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4467 +msgid "" +"Each supported authentication method has its own configuration subsection " +"under <quote>[prompting/...]</quote>. Currently there are: <placeholder " +"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/" +"> <placeholder type=\"variablelist\" id=\"2\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4558 +msgid "" +"It is possible to add a subsection for specific PAM services, e.g. " +"<quote>[prompting/password/sshd]</quote> to individual change the prompting " +"for this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +msgid "EXAMPLES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4571 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4567 +msgid "" +"1. The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4604 +#, no-wrap +msgid "" +"[domain/ipa.com/child.ad.com]\n" +"use_fully_qualified_names = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4598 +msgid "" +"2. The following example shows configuration of IPA AD trust where the AD " +"forest consists of two domains in a parent-child structure. Suppose IPA " +"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain " +"(child.ad.com). To enable shortnames in the child domain the following " +"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/" +">" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4615 +#, no-wrap +msgid "" +"[certmap/my.domain/rule_name]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +"maprule = (userCertificate;binary={cert!bin})\n" +"domains = my.domain, your.domain\n" +"priority = 10\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4609 +msgid "" +"3. The following example shows the configuration of a certificate mapping " +"rule. It is valid for the configured domain <quote>my.domain</quote> and " +"additionally for the subdomains <quote>your.domain</quote> and uses the full " +"certificate in the search filter. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:21 pam_sss.8.xml:63 pam_sss_gss.8.xml:30 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21 +#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 +#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sssd-krb5.5.xml:21 +#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 +#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 +#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30 +#: sssd-files.5.xml:21 sssd-session-recording.5.xml:21 sssd-kcm.8.xml:21 +#: sssd-systemtap.5.xml:21 sssd-ldap-attributes.5.xml:21 +#: sssd_krb5_localauth_plugin.8.xml:20 +msgid "DESCRIPTION" +msgstr "POPIS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 +#: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 +msgid "CONFIGURATION OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:67 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:77 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:80 +msgid "ldap[s]://<host>[:port]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:83 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:86 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:92 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:102 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:106 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:112 +msgid "ldap_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:115 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:123 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 +msgid "Examples:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:136 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:141 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:151 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:165 +msgid "ldap_schema (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:175 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:179 +msgid "rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:184 +msgid "rfc2307bis" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:189 +msgid "IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:194 +msgid "AD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:200 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:210 +msgid "Default: rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:216 +msgid "ldap_pwmodify_mode (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:219 +msgid "Specify the operation that is used to modify user password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:223 +msgid "Two modes are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:227 +msgid "exop - Password Modify Extended Operation (RFC 3062)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:233 +msgid "ldap_modify - Direct modification of userPassword (not recommended)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:240 +msgid "" +"Note: First, a new connection is established to verify current password by " +"binding as the user that requested password change. If successful, this " +"connection is used to change the password therefore the user must have write " +"access to userPassword attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:248 +msgid "Default: exop" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:254 +msgid "ldap_default_bind_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:264 +msgid "ldap_default_authtok_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:267 +msgid "The type of the authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:271 +msgid "The two mechanisms currently supported are:" +msgstr "" + +# auto translated by TM merge from project: FreeIPA, version: ipa-4-5, DocId: +# po/ipa +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:274 +msgid "password" +msgstr "heslo" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:277 +msgid "obfuscated_password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:280 +msgid "Default: password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "" +"See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:294 +msgid "ldap_default_authtok (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:297 +msgid "The authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:303 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:306 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:319 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:338 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:341 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:347 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:367 +msgid "ldap_group_nesting_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:370 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:395 +msgid "Default: 2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:404 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:439 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:444 +msgid "ldap_iphost_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:449 +msgid "ldap_ipnetwork_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:454 +msgid "ldap_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:457 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:463 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:480 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:483 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:501 +msgid "ldap_network_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:532 +msgid "ldap_opt_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:535 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:555 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:558 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:566 +msgid "" +"If the connection is idle (not actively running an operation) within " +"<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " +"closed early to ensure that a new query cannot require the connection to " +"remain open past its expiration. This implies that connections will always " +"be closed immediately and will never be reused if " +"<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:578 +msgid "" +"This timeout can be extended of a random value specified by " +"<emphasis>ldap_connection_expire_offset</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_connection_expire_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"Random offset between 0 and configured value is added to " +"<emphasis>ldap_connection_expire_timeout</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:613 +#, fuzzy +#| msgid "dns_resolver_op_timeout" +msgid "ldap_connection_idle_timeout (integer)" +msgstr "dns_resolver_op_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:616 +msgid "" +"Specifies a timeout (in seconds) that an idle connection to an LDAP server " +"will be maintained. If the connection is idle for more than this time then " +"the connection will be closed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:622 +msgid "You can disable this timeout by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:637 +msgid "ldap_page_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:640 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:651 +msgid "ldap_disable_paging (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:654 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:660 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:666 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:678 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:681 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:684 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:699 +msgid "ldap_sasl_minssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:702 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:715 +msgid "ldap_sasl_maxssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:718 +msgid "" +"When communicating with an LDAP server using SASL, specify the maximal " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:731 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:734 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:740 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0. " +"Please note that there are some codepaths in SSSD, like the IPA HBAC " +"provider, that are only implemented using the dereference call, so even with " +"dereference explicitly disabled, those parts will still use dereference if " +"the server supports it and advertises the dereference control in the rootDSE " +"object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:751 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:759 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:772 +msgid "ldap_ignore_unreadable_references (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:775 +msgid "" +"Ignore unreadable LDAP entries referenced in group's member attribute. If " +"this parameter is set to false an error will be returned and the operation " +"will fail instead of just ignoring the unreadable entry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:782 +msgid "" +"This parameter may be useful when using the AD provider and the computer " +"account that sssd uses to connect to AD does not have access to a particular " +"entry or LDAP sub-tree for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:795 +msgid "ldap_tls_reqcert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:798 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:808 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:815 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:821 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:827 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:831 +msgid "Default: hard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:837 +msgid "ldap_tls_cacert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:840 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:852 +msgid "ldap_tls_cacertdir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:855 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:870 +msgid "ldap_tls_cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:873 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:883 +msgid "ldap_tls_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:886 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:895 +msgid "ldap_tls_cipher_suite (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:898 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:914 +msgid "" +"Specifies that the id_provider connection must also use <systemitem " +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_id_mapping (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:934 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:944 +msgid "ldap_min_id, ldap_max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:947 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:959 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:965 +msgid "ldap_sasl_mech (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:968 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " +"tested and supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:972 +msgid "" +"If the backend supports sub-domains the value of ldap_sasl_mech is " +"automatically inherited to the sub-domains. If a different value is needed " +"for a sub-domain it can be overwritten by setting ldap_sasl_mech for this " +"sub-domain explicitly. Please see TRUSTED DOMAIN SECTION in " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:988 +msgid "ldap_sasl_authid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ldap.5.xml:1000 +#, no-wrap +msgid "" +"hostname@REALM\n" +"netbiosname$@REALM\n" +"host/hostname@REALM\n" +"*$@REALM\n" +"host/*@REALM\n" +"host/*\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:991 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " +"this represents the Kerberos principal used for authentication to the " +"directory. This option can either contain the full principal (for example " +"host/myhost@EXAMPLE.COM) or just the principal name (for example host/" +"myhost). By default, the value is not set and the following principals are " +"used: <placeholder type=\"programlisting\" id=\"0\"/> If none of them are " +"found, the first principal in keytab is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1011 +msgid "Default: host/hostname@REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1017 +msgid "ldap_sasl_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1026 +msgid "Default: the value of krb5_realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1032 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1035 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1040 +msgid "Default: false;" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1046 +msgid "ldap_krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1049 +msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1064 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1067 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI or GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1079 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 +msgid "Default: 86400 (24 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1100 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1129 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1133 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 +msgid "krb5_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1142 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1182 +msgid "ldap_pwd_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1185 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1190 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired. Please see option " +"\"ldap_chpass_update_last_change\" as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1203 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1212 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1220 +msgid "ldap_referrals (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1223 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1227 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1232 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement. Setting this option to " +"false is therefore recommended in case the SSSD LDAP provider is used " +"together with Microsoft Active Directory as a backend. Even if SSSD would be " +"able to follow the referral to a different AD DC no additional data would be " +"available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1251 +msgid "ldap_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1254 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1258 +msgid "Default: ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1264 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1267 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1278 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1281 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1287 +msgid "" +"It is recommend to set this option explicitly if \"ldap_pwd_policy = " +"shadow\" is used to let SSSD know if the LDAP server will update " +"shadowLastChange LDAP attribute automatically after a password change or if " +"SSSD has to update it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1301 +msgid "ldap_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1304 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1324 +msgid "Example:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1327 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1331 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1336 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 +msgid "Default: Empty" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1350 +msgid "ldap_account_expire_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1353 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1357 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1364 +msgid "The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1367 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1372 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1379 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1393 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1406 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1413 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1416 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1426 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1433 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1450 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 +msgid "" +"The difference between these options is the action taken if user password is " +"expired:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 +msgid "pwd_expire_policy_reject - user is denied to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 +msgid "pwd_expire_policy_warn - user is still able to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 +msgid "" +"pwd_expire_policy_renew - user is prompted to change their password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1489 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1499 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1503 +msgid "" +"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " +"remote host can access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "" +"Please note, rhost field in pam is set by application, it is better to check " +"what the application sends to pam, before enabling this access control option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1512 +msgid "Default: filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1515 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1522 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1525 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1533 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1536 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1542 +msgid "ldap_deref (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1545 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1550 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1559 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1564 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1569 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1577 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1580 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" +"Umožňuje držet místní uživatele coby členy LDAP skupiny pro servery, které " +"používají schéma dle normy RFC2307." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1584 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1595 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 +msgid "wildcard_limit (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1610 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1614 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1624 +#, fuzzy +#| msgid "ldap_idmap_range_size (integer)" +msgid "ldap_library_debug_level (integer)" +msgstr "ldap_idmap_range_size (celé číslo)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1627 +msgid "" +"Switches on libldap debugging with the given level. The libldap debug " +"messages will be written independent of the general debug_level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1632 +msgid "" +"OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " +"enable full debug output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1637 +msgid "Default: 0 (libldap debugging disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:52 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. Note that SSSD " +"LDAP mapping attributes are described in the <citerefentry> " +"<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1647 +msgid "SUDO OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1649 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1660 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1663 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1668 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1673 +msgid "" +"You can disable full refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 +msgid "Default: 21600 (6 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest " +"server USN value that is currently known by SSSD)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1693 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1697 +msgid "" +"<emphasis>Note:</emphasis> the highest USN value can be updated by three " +"tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +"enumeration of users and groups (if enabled and updated users or groups are " +"found) and 3) by reconnecting to the server (by default every 15 minutes, " +"see <emphasis>ldap_connection_expire_timeout</emphasis>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1708 +msgid "" +"You can disable smart refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1719 +#, fuzzy +#| msgid "ldap_idmap_range_size (integer)" +msgid "ldap_sudo_random_offset (integer)" +msgstr "ldap_idmap_range_size (celé číslo)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1722 +msgid "" +"Random offset between 0 and configured value is added to smart and full " +"refresh periods each time the periodic task is scheduled. The value is in " +"seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Note that this random offset is also applied on the first SSSD start which " +"delays the first sudo rules refresh. This prolongs the time when the sudo " +"rules are not available for use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1734 +msgid "You can disable this offset by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1744 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1747 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1758 +msgid "ldap_sudo_hostnames (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1761 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1766 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 +msgid "Default: not specified" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1782 +msgid "ldap_sudo_ip (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1785 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1790 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1805 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1808 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1823 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1826 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +#: sssd-ldap.5.xml:1836 +msgid "" +"Using wildcard is an operation that is very costly to evaluate on the LDAP " +"server side!" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1848 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1858 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1866 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1869 +msgid "The name of the automount master map in LDAP." +msgstr "Název v LDAP hlavní mapy pro automatické připojování." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1872 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1883 +msgid "ADVANCED OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1890 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1895 +msgid "ldap_user_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1900 +msgid "ldap_group_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:1905 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no GID mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:1914 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1916 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1885 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder " +"type=\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 +msgid "EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1944 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 +#: include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1955 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1957 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1962 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1979 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:11 pam_sss.8.xml:16 +msgid "pam_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: pam_sss.8.xml:12 pam_sss_gss.8.xml:12 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11 +#: sssd_krb5_localauth_plugin.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:17 +msgid "PAM module for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:22 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg " +"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg " +"choice='opt'> <replaceable>prompt_always</replaceable> </arg> <arg " +"choice='opt'> <replaceable>try_cert_auth</replaceable> </arg> <arg " +"choice='opt'> <replaceable>require_cert_auth</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:64 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123 +#: sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "VOLBY" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:74 +msgid "<option>quiet</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:77 +msgid "Suppress log messages for unknown users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>forward_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:92 +msgid "<option>use_first_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:95 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>use_authtok</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:113 +msgid "<option>retry=N</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:116 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:118 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:130 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:137 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:141 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:148 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:152 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:158 +msgid "" +"NOTE: If this is used for a service not running as root user, e.g. a web-" +"server, it must be used in conjunction with the <quote>pam_trusted_users</" +"quote> and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:173 +msgid "<option>allow_missing_name</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:177 +msgid "" +"The main purpose of this option is to let SSSD determine the user name based " +"on additional information, e.g. the certificate from a Smartcard." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: pam_sss.8.xml:187 +#, no-wrap +msgid "" +"auth sufficient pam_sss.so allow_missing_name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:182 +msgid "" +"The current use case are login managers which can monitor a Smartcard reader " +"for card events. In case a Smartcard is inserted the login manager will call " +"a PAM stack which includes a line like <placeholder type=\"programlisting\" " +"id=\"0\"/> In this case SSSD will try to determine the user name based on " +"the content of the Smartcard, returns it to pam_sss which will finally put " +"it on the PAM stack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:197 +msgid "<option>prompt_always</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:201 +msgid "" +"Always prompt the user for credentials. With this option credentials " +"requested by other PAM modules, typically a password, will be ignored and " +"pam_sss will prompt for credentials again. Based on the pre-auth reply by " +"SSSD pam_sss might prompt for a password, a Smartcard PIN or other " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:212 +msgid "<option>try_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:216 +msgid "" +"Try to use certificate based authentication, i.e. authentication with a " +"Smartcard or similar devices. If a Smartcard is available and the service is " +"allowed for Smartcard authentication the user will be prompted for a PIN and " +"the certificate based authentication will continue" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:224 +msgid "" +"If no Smartcard is available or certificate based authentication is not " +"allowed for the current service PAM_AUTHINFO_UNAVAIL is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:232 +msgid "<option>require_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:236 +msgid "" +"Do certificate based authentication, i.e. authentication with a Smartcard " +"or similar devices. If a Smartcard is not available the user will be " +"prompted to insert one. SSSD will wait for a Smartcard until the timeout " +"defined by p11_wait_for_card_timeout passed, please see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:246 +msgid "" +"If no Smartcard is available after the timeout or certificate based " +"authentication is not allowed for the current service PAM_AUTHINFO_UNAVAIL " +"is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:256 pam_sss_gss.8.xml:103 +msgid "MODULE TYPES PROVIDED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:257 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:260 +msgid "" +"If SSSD's PAM responder is not running, e.g. if the PAM responder socket is " +"not available, pam_sss will return PAM_USER_UNKNOWN when called as " +"<option>account</option> module to avoid issues with users from other " +"sources during access control." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:267 pam_sss_gss.8.xml:108 +msgid "RETURN VALUES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:270 pam_sss_gss.8.xml:111 +msgid "PAM_SUCCESS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:273 pam_sss_gss.8.xml:114 +msgid "The PAM operation finished successfully." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:278 pam_sss_gss.8.xml:119 +msgid "PAM_USER_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:281 +msgid "" +"The user is not known to the authentication service or the SSSD's PAM " +"responder is not running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:287 pam_sss_gss.8.xml:128 +msgid "PAM_AUTH_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:290 +msgid "" +"Authentication failure. Also, could be returned when there is a problem with " +"getting the certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:296 +msgid "PAM_PERM_DENIED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:299 +msgid "" +"Permission denied. The SSSD log files may contain additional information " +"about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:305 +msgid "PAM_IGNORE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:308 +msgid "" +"See options <option>ignore_unknown_user</option> and " +"<option>ignore_authinfo_unavail</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:314 +msgid "PAM_AUTHTOK_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:317 +msgid "" +"Unable to obtain the new authentication token. Also, could be returned when " +"the user authenticates with certificates and multiple certificates are " +"available, but the installed version of GDM does not support selection from " +"multiple certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:325 pam_sss_gss.8.xml:136 +msgid "PAM_AUTHINFO_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:328 pam_sss_gss.8.xml:139 +msgid "" +"Unable to access the authentication information. This might be due to a " +"network or hardware failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:334 +msgid "PAM_BUF_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:337 +msgid "" +"A memory error occurred. Also, could be returned when options use_first_pass " +"or use_authtok were set, but no password was found from the previously " +"stacked PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:344 pam_sss_gss.8.xml:145 +msgid "PAM_SYSTEM_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:347 pam_sss_gss.8.xml:148 +msgid "" +"A system error occurred. The SSSD log files may contain additional " +"information about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:353 +msgid "PAM_CRED_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:356 +msgid "Unable to set the credentials of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:361 +msgid "PAM_CRED_INSUFFICIENT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:364 +msgid "" +"The application does not have sufficient credentials to authenticate the " +"user. For example, missing PIN during smartcard authentication or missing " +"factor during two-factor authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:372 +msgid "PAM_SERVICE_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:375 +msgid "Error in service module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:380 +msgid "PAM_NEW_AUTHTOK_REQD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:383 +msgid "The user's authentication token has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:388 +msgid "PAM_ACCT_EXPIRED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:391 +msgid "The user account has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:396 +msgid "PAM_SESSION_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:399 +msgid "Unable to fetch IPA Desktop Profile rules or user info." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:404 +msgid "PAM_CRED_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:407 +msgid "Unable to retrieve Kerberos user credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:412 +msgid "PAM_NO_MODULE_DATA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:415 +msgid "" +"No authentication method was found by Kerberos. This might happen if the " +"user has a Smartcard assigned but the pkint plugin is not available on the " +"client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:422 +msgid "PAM_CONV_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:425 +msgid "Conversation failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:430 +msgid "PAM_AUTHTOK_LOCK_BUSY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:433 +msgid "No KDC suitable for password change is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:438 +msgid "PAM_ABORT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:441 +msgid "Unknown PAM call." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:446 +msgid "PAM_MODULE_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:449 +msgid "Unsupported PAM task or command." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:454 +msgid "PAM_BAD_ITEM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:457 +msgid "The authentication module cannot handle Smartcard credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:465 +msgid "FILES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:466 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:471 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:481 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss_gss.8.xml:11 pam_sss_gss.8.xml:16 +msgid "pam_sss_gss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss_gss.8.xml:17 +msgid "PAM module for SSSD GSSAPI authentication" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss_gss.8.xml:22 +#, fuzzy +#| msgid "" +#| "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +#| "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#| "arg>" +msgid "" +"<command>pam_sss_gss.so</command> <arg choice='opt'> <replaceable>debug</" +"replaceable> </arg>" +msgstr "" +"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>volby</" +"replaceable> </arg> <arg choice='plain'><replaceable>SKUPINA</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:32 +msgid "" +"<command>pam_sss_gss.so</command> authenticates user over GSSAPI in " +"cooperation with SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:36 +msgid "" +"This module will try to authenticate the user using the GSSAPI hostbased " +"service name host@hostname which translates to host/hostname@REALM Kerberos " +"principal. The <emphasis>REALM</emphasis> part of the Kerberos principal " +"name is derived by Kerberos internal mechanisms and it can be set explicitly " +"in configuration of [domain_realm] section in /etc/krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:44 +msgid "" +"SSSD is used to provide desired service name and to validate the user's " +"credentials using GSSAPI calls. If the service ticket is already present in " +"the Kerberos credentials cache or if user's ticket granting ticket can be " +"used to get the correct service ticket then the user will be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:51 +msgid "" +"If <option>pam_gssapi_check_upn</option> is True (default) then SSSD " +"requires that the credentials used to obtain the service tickets can be " +"associated with the user. This means that the principal that owns the " +"Kerberos credentials must match with the user principal name as defined in " +"LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:58 +msgid "" +"To enable GSSAPI authentication in SSSD, set <option>pam_gssapi_services</" +"option> option in [pam] or domain section of sssd.conf. The service " +"credentials need to be stored in SSSD's keytab (it is already present if you " +"use ipa or ad provider). The keytab location can be set with " +"<option>krb5_keytab</option> option. See <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> and " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more details on these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:74 +msgid "" +"Some Kerberos deployments allow to associate authentication indicators with " +"a particular pre-authentication method used to obtain the ticket granting " +"ticket by the user. <command>pam_sss_gss.so</command> allows to enforce " +"presence of authentication indicators in the service tickets before a " +"particular PAM service can be accessed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:82 +msgid "" +"If <option>pam_gssapi_indicators_map</option> is set in the [pam] or domain " +"section of sssd.conf, then SSSD will perform a check of the presence of any " +"configured indicators in the service ticket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss_gss.8.xml:93 +msgid "<option>debug</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:96 +msgid "Print debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:104 +msgid "Only the <option>auth</option> module type is provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:122 +msgid "" +"The user is not known to the authentication service or the GSSAPI " +"authentication is not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:131 +msgid "Authentication failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:159 +msgid "" +"The main use case is to provide password-less authentication in sudo but " +"without the need to disable authentication completely. To achieve this, " +"first enable GSSAPI authentication for sudo in sssd.conf:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:165 +#, no-wrap +msgid "" +"[domain/MYDOMAIN]\n" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:169 +msgid "" +"And then enable the module in desired PAM stack (e.g. /etc/pam.d/sudo and /" +"etc/pam.d/sudo-i)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:173 +#, no-wrap +msgid "" +"...\n" +"auth sufficient pam_sss_gss.so\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss_gss.8.xml:180 +msgid "TROUBLESHOOTING" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:182 +msgid "" +"SSSD logs, pam_sss_gss debug output and syslog may contain helpful " +"information about the error. Here are some common issues:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:186 +msgid "" +"1. I have KRB5CCNAME environment variable set and the authentication does " +"not work: Depending on your sudo version, it is possible that sudo does not " +"pass this variable to the PAM environment. Try adding KRB5CCNAME to " +"<option>env_keep</option> in /etc/sudoers or in your LDAP sudo rules default " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:193 +msgid "" +"2. Authentication does not work and syslog contains \"Server not found in " +"Kerberos database\": Kerberos is probably not able to resolve correct realm " +"for the service ticket based on the hostname. Try adding the hostname " +"directly to <option>[domain_realm]</option> in /etc/krb5.conf like so:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:200 +msgid "" +"3. Authentication does not work and syslog contains \"No Kerberos " +"credentials available\": You don't have any credentials that can be used to " +"obtain the required service ticket. Use kinit or authenticate over SSSD to " +"acquire those credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:206 +msgid "" +"4. Authentication does not work and SSSD sssd-pam log contains \"User with " +"UPN [$UPN] was not found.\" or \"UPN [$UPN] does not match target user " +"[$username].\": You are using credentials that can not be mapped to the user " +"that is being authenticated. Try to use kswitch to select different " +"principal, make sure you authenticated with SSSD or consider disabling " +"<option>pam_gssapi_check_upn</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:214 +#, no-wrap +msgid "" +"[domain_realm]\n" +".myhostname = MYREALM\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by libkrb5 to find KDCs for a given Kerberos realm. SSSD provides such " +"a plugin to guide all Kerberos clients on a system to a single KDC. In " +"general it should not matter to which KDC a client process is talking to. " +"But there are cases, e.g. after a password change, where not all KDCs are in " +"the same state because the new data has to be replicated first. To avoid " +"unexpected authentication failures and maybe even account lockings it would " +"be good to talk to a single KDC as long as possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:34 +msgid "" +"libkrb5 will search the locator plugin in the libkrb5 sub-directory of the " +"Kerberos plugin directory, see plugin_base_dir in <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for details. The plugin can only be disabled by removing the " +"plugin file. There is no option in the Kerberos configuration to disable it. " +"But the SSSD_KRB5_LOCATOR_DISABLE environment variable can be used to " +"disable the plugin for individual commands. Alternatively the SSSD option " +"krb5_use_kdcinfo=False can be used to not generate the data needed by the " +"plugin. With this the plugin is still called but will provide no data to the " +"caller so that libkrb5 can fall back to other methods defined in krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:50 +msgid "" +"The plugin reads the information about the KDCs of a given realm from a file " +"called <filename>kdcinfo.REALM</filename>. The file should contain one or " +"more DNS names or IP addresses either in dotted-decimal IPv4 notation or the " +"hexadecimal IPv6 notation. An optional port number can be added to the end " +"separated with a colon, the IPv6 address has to be enclosed in squared " +"brackets in this case as usual. Valid entries are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:58 +msgid "kdc.example.com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:59 +msgid "kdc.example.com:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:60 +msgid "1.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:61 +msgid "5.6.7.8:99" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:62 +msgid "2001:db8:85a3::8a2e:370:7334" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "[2001:db8:85a3::8a2e:370:7334]:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:65 +msgid "" +"SSSD's krb5 auth-provider which is used by the IPA and AD providers as well " +"adds the address of the current KDC or domain controller SSSD is using to " +"this file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:70 +msgid "" +"In environments with read-only and read-write KDCs where clients are " +"expected to use the read-only instances for the general operations and only " +"the read-write KDC for config changes like password changes a " +"<filename>kpasswdinfo.REALM</filename> is used as well to identify read-" +"write KDCs. If this file exists for the given realm the content will be used " +"by the plugin to reply to requests for a kpasswd or kadmin server or for the " +"MIT Kerberos specific master KDC. If the address contains a port number the " +"default KDC port 88 will be used for the latter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:85 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:91 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:95 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value " +"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the " +"caller." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:100 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES is set to " +"any value plugin will try to resolve all DNS names in kdcinfo file. By " +"default plugin returns KRB5_PLUGIN_NO_HANDLE to the caller immediately on " +"first DNS resolving failure." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "sssd-simple" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "Pokud jsou všechny seznamy prázdné, přístup je udělen" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "simple_allow_users (řetězec)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "simple_deny_users (řetězec)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "simple_allow_groups (řetězec)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" +"Čárkou oddělovaný seznam skupin, kterým je dovoleno se přihlásit. Toto se " +"uplatní pouze na skupiny v rámci SSSD domény. Místní skupiny nejsou takto " +"vyhodnocovány." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "simple_deny_groups (řetězec)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" +"Čárkou oddělovaný seznam skupin, kterým je výslovně odepřen přístup. Toto se " +"uplatní pouze na skupiny v rámci SSSD domény. Místní skupiny nejsou takto " +"vyhodnocovány." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:83 sssd-ad.5.xml:131 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss-certmap.5.xml:10 sss-certmap.5.xml:16 +msgid "sss-certmap" +msgstr "sss-certmap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss-certmap.5.xml:17 +msgid "SSSD Certificate Matching and Mapping Rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:23 +msgid "" +"The manual page describes the rules which can be used by SSSD and other " +"components to match X.509 certificates and map them to accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:28 +msgid "" +"Each rule has four components, a <quote>priority</quote>, a <quote>matching " +"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</" +"quote>. All components are optional. A missing <quote>priority</quote> will " +"add the rule with the lowest priority. The default <quote>matching rule</" +"quote> will match certificates with the digitalSignature key usage and " +"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty " +"the certificates will be searched in the userCertificate attribute as DER " +"encoded binary. If no domains are given only the local domain will be " +"searched." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:39 +msgid "" +"To allow extensions or completely different style of rule the " +"<quote>mapping</quote> and <quote>matching rules</quote> can contain a " +"prefix separated with a ':' from the main part of the rule. The prefix may " +"only contain upper-case ASCII letters and numbers. If the prefix is omitted " +"the default type will be used which is 'KRB5' for the matching rules and " +"'LDAP' for the mapping rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:48 +msgid "" +"The 'sssctl' utility provides the 'cert-eval-rule' command to check if a " +"given certificate matches a matching rules and how the output of a mapping " +"rule would look like." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss-certmap.5.xml:55 +msgid "RULE COMPONENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:57 +msgid "PRIORITY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:59 +msgid "" +"The rules are processed by priority while the number '0' (zero) indicates " +"the highest priority. The higher the number the lower is the priority. A " +"missing value indicates the lowest priority. The rules processing is stopped " +"when a matched rule is found and no further rules are checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:66 +msgid "" +"Internally the priority is treated as unsigned 32bit integer, using a " +"priority value larger than 4294967295 will cause an error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:70 +msgid "" +"If multiple rules have the same priority and only one of the related " +"matching rules applies, this rule will be chosen. If there are multiple " +"rules with the same priority which matches, one is chosen but which one is " +"undefined. To avoid this undefined behavior either use different priorities " +"or make the matching rules more specific e.g. by using distinct <" +"ISSUER> patterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:79 +msgid "MATCHING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:81 +msgid "" +"The matching rule is used to select a certificate to which the mapping rule " +"should be applied. It uses a system similar to the one used by " +"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a " +"keyword enclosed by '<' and '>' which identified a certain part of the " +"certificate and a pattern which should be found for the rule to match. " +"Multiple keyword pattern pairs can be either joined with '&&' (and) " +"or '||' (or)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:90 +msgid "" +"Given the similarity to MIT Kerberos the type prefix for this rule is " +"'KRB5'. But 'KRB5' will also be the default for <quote>matching rules</" +"quote> so that \"<SUBJECT>.*,DC=MY,DC=DOMAIN\" and \"KRB5:<" +"SUBJECT>.*,DC=MY,DC=DOMAIN\" are equivalent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:99 +msgid "<SUBJECT>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:102 +msgid "" +"With this a part or the whole subject name of the certificate can be " +"matched. For the matching POSIX Extended Regular Expression syntax is used, " +"see regex(7) for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:108 +msgid "" +"For the matching the subject name stored in the certificate in DER encoded " +"ASN.1 is converted into a string according to RFC 4514. This means the most " +"specific name component comes first. Please note that not all possible " +"attribute names are covered by RFC 4514. The names included are 'CN', 'L', " +"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might " +"be shown differently on different platform and by different tools. To avoid " +"confusion those attribute names are best not used or covered by a suitable " +"regular-expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:121 +msgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN" +msgstr "Příklad: <SUBJECT>.*,DC=MOJE,DC=DOMENA" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:124 +msgid "" +"Please note that the characters \"^.[$()|*+?{\\\" have a special meaning in " +"regular expressions and must be escaped with the help of the '\\' character " +"so that they are matched as ordinary characters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:130 +msgid "Example: <SUBJECT>^CN=.* \\(Admin\\),DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:135 +msgid "<ISSUER>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:138 +msgid "" +"With this a part or the whole issuer name of the certificate can be matched. " +"All comments for <SUBJECT> apply her as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:143 +msgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:148 +msgid "<KU>key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:151 +msgid "" +"This option can be used to specify which key usage values the certificate " +"should have. The following values can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:155 +msgid "digitalSignature" +msgstr "digitalSignature" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:156 +msgid "nonRepudiation" +msgstr "nonRepudiation" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:157 +msgid "keyEncipherment" +msgstr "keyEncipherment" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:158 +msgid "dataEncipherment" +msgstr "dataEncipherment" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:159 +msgid "keyAgreement" +msgstr "keyAgreement" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:160 +msgid "keyCertSign" +msgstr "keyCertSign" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:161 +msgid "cRLSign" +msgstr "cRLSign" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:162 +msgid "encipherOnly" +msgstr "encipherOnly" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:163 +msgid "decipherOnly" +msgstr "decipherOnly" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:167 +msgid "" +"A numerical value in the range of a 32bit unsigned integer can be used as " +"well to cover special use cases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:171 +msgid "Example: <KU>digitalSignature,keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:176 +msgid "<EKU>extended-key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:179 +msgid "" +"This option can be used to specify which extended key usage the certificate " +"should have. The following value can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:183 +msgid "serverAuth" +msgstr "serverAuth" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:184 +msgid "clientAuth" +msgstr "clientAuth" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:185 +msgid "codeSigning" +msgstr "codeSigning" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:186 +msgid "emailProtection" +msgstr "emailProtection" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:187 +msgid "timeStamping" +msgstr "timeStamping" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:188 +msgid "OCSPSigning" +msgstr "OCSPSigning" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:189 +msgid "KPClientAuth" +msgstr "KPClientAuth" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:190 +msgid "pkinit" +msgstr "pkinit" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:191 +msgid "msScLogin" +msgstr "msScLogin" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:195 +msgid "" +"Extended key usages which are not listed above can be specified with their " +"OID in dotted-decimal notation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:199 +msgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:204 +msgid "<SAN>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:207 +msgid "" +"To be compatible with the usage of MIT Kerberos this option will match the " +"Kerberos principals in the PKINIT or AD NT Principal SAN as <SAN:" +"Principal> does." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:212 +msgid "Example: <SAN>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:217 +msgid "<SAN:Principal>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:220 +msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:224 +msgid "Example: <SAN:Principal>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:229 +msgid "<SAN:ntPrincipalName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:232 +msgid "Match the Kerberos principals from the AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:236 +msgid "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:241 +msgid "<SAN:pkinit>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:244 +msgid "Match the Kerberos principals from the PKINIT SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:247 +msgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:252 +msgid "<SAN:dotted-decimal-oid>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:255 +msgid "" +"Take the value of the otherName SAN component given by the OID in dotted-" +"decimal notation, interpret it as string and try to match it against the " +"regular expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:261 +msgid "Example: <SAN:1.2.3.4>test" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:266 +msgid "<SAN:otherName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:269 +msgid "" +"Do a binary match with the base64 encoded blob against all otherName SAN " +"components. With this option it is possible to match against custom " +"otherName components with special encodings which could not be treated as " +"strings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:276 +msgid "Example: <SAN:otherName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:281 +msgid "<SAN:rfc822Name>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:284 +msgid "Match the value of the rfc822Name SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:287 +msgid "Example: <SAN:rfc822Name>.*@email\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:292 +msgid "<SAN:dNSName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:295 +msgid "Match the value of the dNSName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:298 +msgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:303 +msgid "<SAN:x400Address>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:306 +msgid "Binary match the value of the x400Address SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:309 +msgid "Example: <SAN:x400Address>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:314 +msgid "<SAN:directoryName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:317 +msgid "" +"Match the value of the directoryName SAN. The same comments as given for <" +"ISSUER> and <SUBJECT> apply here as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:322 +msgid "Example: <SAN:directoryName>.*,DC=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:327 +msgid "<SAN:ediPartyName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:330 +msgid "Binary match the value of the ediPartyName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:333 +msgid "Example: <SAN:ediPartyName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:338 +msgid "<SAN:uniformResourceIdentifier>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:341 +msgid "Match the value of the uniformResourceIdentifier SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:344 +msgid "Example: <SAN:uniformResourceIdentifier>URN:.*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:349 +msgid "<SAN:iPAddress>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:352 +msgid "Match the value of the iPAddress SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:355 +msgid "Example: <SAN:iPAddress>192\\.168\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:360 +msgid "<SAN:registeredID>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:363 +msgid "Match the value of the registeredID SAN as dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:367 +msgid "Example: <SAN:registeredID>1\\.2\\.3\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:96 +msgid "" +"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:375 +msgid "MAPPING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:377 +msgid "" +"The mapping rule is used to associate a certificate with one or more " +"accounts. A Smartcard with the certificate and the matching private key can " +"then be used to authenticate as one of those accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:382 +msgid "" +"Currently SSSD basically only supports LDAP to lookup user information (the " +"exception is the proxy provider which is not of relevance here). Because of " +"this the mapping rule is based on LDAP search filter syntax with templates " +"to add certificate content to the filter. It is expected that the filter " +"will only contain the specific data needed for the mapping and that the " +"caller will embed it in another filter to do the actual search. Because of " +"this the filter string should start and stop with '(' and ')' respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:392 +msgid "" +"In general it is recommended to use attributes from the certificate and add " +"them to special attributes to the LDAP user object. E.g. the " +"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute " +"for IPA can be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:398 +msgid "" +"This should be preferred to read user specific data from the certificate " +"like e.g. an email address and search for it in the LDAP server. The reason " +"is that the user specific data in LDAP might change for various reasons " +"would break the mapping. On the other hand it would be hard to break the " +"mapping on purpose for a specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:406 +msgid "" +"The default <quote>mapping rule</quote> type is 'LDAP' which can be added as " +"a prefix to a rule like e.g. 'LDAP:(userCertificate;binary={cert!bin})'. " +"There is an extension called 'LDAPU1' which offer more templates for more " +"flexibility. To allow older versions of this library to ignore the extension " +"the prefix 'LDAPU1' must be used when using the new templates in a " +"<quote>mapping rule</quote> otherwise the old version of this library will " +"fail with a parsing error. The new templates are described in section <xref " +"linkend=\"map_ldapu1\"/>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:424 +msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:427 +msgid "" +"This template will add the full issuer DN converted to a string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:433 sss-certmap.5.xml:459 +msgid "" +"The conversion options starting with 'ad_' will use attribute names as used " +"by AD, e.g. 'S' instead of 'ST'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:437 sss-certmap.5.xml:463 +msgid "" +"The conversion options starting with 'nss_' will use attribute names as used " +"by NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:441 sss-certmap.5.xml:467 +msgid "" +"The default conversion option is 'nss', i.e. attribute names according to " +"NSS and LDAP/RFC 4514 ordering." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:445 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!" +"ad})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:450 +msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:453 +msgid "" +"This template will add the full subject DN converted to string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:471 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>" +"{subject_dn!nss_x500})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:476 +msgid "{cert[!(bin|base64)]}" +msgstr "{cert[!(bin|base64)]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:479 +msgid "" +"This template will add the whole DER encoded certificate as a string to the " +"search filter. Depending on the conversion option the binary certificate is " +"either converted to an escaped hex sequence '\\xx' or base64. The escaped " +"hex sequence is the default and can e.g. be used with the LDAP attribute " +"'userCertificate;binary'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:487 +msgid "Example: (userCertificate;binary={cert!bin})" +msgstr "Příklad: (userCertificate;binary={cert!bin})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:492 +msgid "{subject_principal[.short_name]}" +msgstr "{subject_principal[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:495 +msgid "" +"This template will add the Kerberos principal which is taken either from the " +"SAN used by pkinit or the one used by AD. The 'short_name' component " +"represents the first part of the principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:501 +msgid "" +"Example: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:506 +msgid "{subject_pkinit_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:509 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by pkinit. The 'short_name' component represents the first part of the " +"principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:515 +msgid "" +"Example: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" +msgstr "" +"Příklad: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:520 +msgid "{subject_nt_principal[.short_name]}" +msgstr "{subject_nt_principal[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:523 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by AD. The 'short_name' component represent the first part of the principal " +"before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:529 +#, fuzzy +#| msgid "" +#| "Example: (|(userPrincipal={subject_pkinit_principal})" +#| "(uid={subject_pkinit_principal.short_name}))" +msgid "" +"Example: (|(userPrincipalName={subject_nt_principal})" +"(samAccountName={subject_nt_principal.short_name}))" +msgstr "" +"Příklad: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:534 +msgid "{subject_rfc822_name[.short_name]}" +msgstr "{subject_rfc822_name[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:537 +msgid "" +"This template will add the string which is stored in the rfc822Name " +"component of the SAN, typically an email address. The 'short_name' component " +"represents the first part of the address before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:543 +msgid "" +"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name." +"short_name}))" +msgstr "" +"Příklad: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name." +"short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:548 +msgid "{subject_dns_name[.short_name]}" +msgstr "{subject_dns_name[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:551 +msgid "" +"This template will add the string which is stored in the dNSName component " +"of the SAN, typically a fully-qualified host name. The 'short_name' " +"component represents the first part of the name before the first '.' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:557 +msgid "" +"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" +msgstr "" +"Příklad: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:562 +msgid "{subject_uri}" +msgstr "{subject_uri}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:565 +msgid "" +"This template will add the string which is stored in the " +"uniformResourceIdentifier component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:569 +msgid "Example: (uri={subject_uri})" +msgstr "Příklad: (uri={subject_uri})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:574 +msgid "{subject_ip_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:577 +msgid "" +"This template will add the string which is stored in the iPAddress component " +"of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:581 +msgid "Example: (ip={subject_ip_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:586 +msgid "{subject_x400_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:589 +msgid "" +"This template will add the value which is stored in the x400Address " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:594 +msgid "Example: (attr:binary={subject_x400_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:599 +msgid "" +"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:602 +msgid "" +"This template will add the DN string of the value which is stored in the " +"directoryName component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:606 +msgid "Example: (orig_dn={subject_directory_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:611 +msgid "{subject_ediparty_name}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:614 +msgid "" +"This template will add the value which is stored in the ediPartyName " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:619 +msgid "Example: (attr:binary={subject_ediparty_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:624 +msgid "{subject_registered_id}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:627 +msgid "" +"This template will add the OID which is stored in the registeredID component " +"of the SAN as a dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:632 +msgid "Example: (oid={subject_registered_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:417 +msgid "" +"The templates to add certificate data to the search filter are based on " +"Python-style formatting strings. They consist of a keyword in curly braces " +"with an optional sub-component specifier separated by a '.' or an optional " +"conversion/formatting option separated by a '!'. Allowed values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><title> +#: sss-certmap.5.xml:639 +msgid "LDAPU1 extension" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para> +#: sss-certmap.5.xml:641 +msgid "The following template are available when using the 'LDAPU1' extension:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:647 +msgid "{serial_number[!(dec|hex[_ucr])]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:650 +msgid "" +"This template will add the serial number of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:655 +msgid "" +"With the formatting option '!dec' the number will be printed as decimal " +"string. The hexadecimal output can be printed with upper-case letters ('!" +"hex_u'), with a colon separating the hexadecimal bytes ('!hex_c') or with " +"the hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can " +"be combined so that e.g. '!hex_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:665 +#, fuzzy +#| msgid "Example: (uri={subject_uri})" +msgid "Example: LDAPU1:(serial={serial_number})" +msgstr "Příklad: (uri={subject_uri})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:671 +msgid "{subject_key_id[!hex[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:674 +msgid "" +"This template will add the subject key id of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:679 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!hex_u'), " +"with a colon separating the hexadecimal bytes ('!hex_c') or with the " +"hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can be " +"combined so that e.g. '!hex_uc' will produce a colon-separated hexadecimal " +"string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:688 +#, fuzzy +#| msgid "Example: (uri={subject_uri})" +msgid "Example: LDAPU1:(ski={subject_key_id})" +msgstr "Příklad: (uri={subject_uri})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:694 +msgid "{cert[!DIGEST[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:697 +msgid "" +"This template will add the hexadecimal digest/hash of the certificate where " +"DIGEST must be replaced with the name of a digest/hash function supported by " +"OpenSSL, e.g. 'sha512'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:703 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!sha512_u'), " +"with a colon separating the hexadecimal bytes ('!sha512_c') or with the " +"hexadecimal bytes in reverse order ('!sha512_r'). The postfix letters can be " +"combined so that e.g. '!sha512_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:712 +msgid "Example: LDAPU1:(dgst={cert!sha256})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:718 +#, fuzzy +#| msgid "{subject_dns_name[.short_name]}" +msgid "{subject_dn_component[(.attr_name|[number]]}" +msgstr "{subject_dns_name[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:721 +msgid "" +"This template will add an attribute value of a component of the subject DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:726 +msgid "" +"A different component can it either selected by attribute name, e.g. " +"{subject_dn_component.uid} or by position, e.g. {subject_dn_component.[2]} " +"where positive numbers start counting from the most specific component and " +"negative numbers start counting from the least specific component. Attribute " +"name and the position can be combined as e.g. {subject_dn_component.uid[2]} " +"which means that the name of the second component must be 'uid'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:737 +#, fuzzy +#| msgid "Example: (uri={subject_uri})" +msgid "Example: LDAPU1:(uid={subject_dn_component.uid})" +msgstr "Příklad: (uri={subject_uri})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:743 +msgid "{issuer_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:746 +msgid "" +"This template will add an attribute value of a component of the issuer DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:751 +msgid "" +"See 'subject_dn_component' for details about the attribute name and position " +"specifiers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:755 +msgid "" +"Example: LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component." +"dc[-1]})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:760 +msgid "{sid[.rid]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:763 +msgid "" +"This template will add the SID if the corresponding extension introduced by " +"Microsoft with the OID 1.3.6.1.4.1.311.25.2 is available. With the '.rid' " +"selector only the last component, i.e. the RID, will be added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:770 +msgid "Example: LDAPU1:(objectsid={sid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:779 +msgid "DOMAIN LIST" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:781 +msgid "" +"If the domain list is not empty users mapped to a given certificate are not " +"only searched in the local domain but in the listed domains as well as long " +"as they are know by SSSD. Domains not know to SSSD will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for IPA environments. The IPA provider accepts the same " +"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. " +"However, it is neither necessary nor recommended to set these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:57 +msgid "" +"The IPA provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"As an access provider, the IPA provider has a minimal configuration (see " +"<quote>ipa_access_order</quote>) as it mainly uses HBAC (host-based access " +"control) rules. Please refer to freeipa.org for more information about HBAC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:68 +msgid "" +"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ipa</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:74 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:90 +msgid "ipa_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:93 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:101 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:104 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:117 +msgid "ipa_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:120 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host. The " +"hostname must be fully qualified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:129 sssd-ad.5.xml:1181 +msgid "dyndns_update (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:132 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA with the IP address of this client. The update is secured " +"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the " +"updates, if it is not otherwise specified by using the <quote>dyndns_iface</" +"quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:141 sssd-ad.5.xml:1195 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:146 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:158 sssd-ad.5.xml:1206 +msgid "dyndns_ttl (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:161 sssd-ad.5.xml:1209 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:166 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:172 +msgid "Default: 1200 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:178 sssd-ad.5.xml:1220 +msgid "dyndns_iface (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 sssd-ad.5.xml:1223 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:188 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 sssd-ad.5.xml:1234 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 +msgid "dyndns_auth (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"updates with the DNS server, insecure updates can be sent by setting this " +"option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 +msgid "Default: GSS-TSIG" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 +msgid "dyndns_auth_ptr (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"PTR updates with the DNS server, insecure updates can be sent by setting " +"this option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 +msgid "Default: Same as dyndns_auth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:234 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:237 sssd-ad.5.xml:238 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example." +"com\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1240 +msgid "dyndns_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:263 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:276 sssd-ad.5.xml:1258 +msgid "dyndns_update_ptr (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:1261 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 +msgid "Default: False (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 +msgid "dyndns_force_tcp (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 +msgid "dyndns_update_per_family (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 +msgid "" +"DNS update is by default performed in two steps - IPv4 update and then IPv6 " +"update. In some cases it might be desirable to perform IPv4 and IPv6 update " +"in single step." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:353 +#, fuzzy +#| msgid "krb5_rcache_dir (string)" +msgid "ipa_access_order (string)" +msgstr "krb5_rcache_dir (řetězec)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:360 +msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:399 +msgid "" +"Please note that 'access_provider = ipa' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:406 +msgid "ipa_deskprofile_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:409 +msgid "" +"Optional. Use the given string as search base for Desktop Profile related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 +msgid "Default: Use base DN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:419 +#, fuzzy +#| msgid "simple_deny_users (string)" +msgid "ipa_subid_ranges_search_base (string)" +msgstr "simple_deny_users (řetězec)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"Optional. Use the given string as search base for subordinate ranges related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:426 +msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:433 +msgid "ipa_hbac_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:436 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 +msgid "Deprecated. Use ldap_host_search_base instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:455 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:458 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:474 +msgid "ipa_subdomains_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:477 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:486 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:493 +msgid "ipa_master_domain_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:496 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:505 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:524 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:534 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:538 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:564 +msgid "ipa_deskprofile_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:567 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server. This will reduce the latency and load on the IPA server if there " +"are many desktop profiles requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 +msgid "Default: 5 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:580 +msgid "ipa_deskprofile_request_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:583 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server in case the last request did not return any rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:588 +msgid "Default: 60 (minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:594 +msgid "ipa_hbac_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:597 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:610 +msgid "ipa_hbac_selinux (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:613 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:626 +msgid "ipa_server_mode (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "" +"This option will be set by the IPA installer (ipa-server-install) " +"automatically and denotes if SSSD is running on an IPA server or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:634 +msgid "" +"On an IPA server SSSD will lookup users and groups from trusted domains " +"directly while on a client it will ask an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:639 +msgid "" +"NOTE: There are currently some assumptions that must be met when SSSD is " +"running on an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "" +"The <quote>ipa_server</quote> option must be configured to point to the IPA " +"server itself. This is already the default set by the IPA installer, so no " +"manual change is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:653 +msgid "" +"The <quote>full_name_format</quote> option must not be tweaked to only print " +"short names for users from trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:668 +msgid "ipa_automount_location (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:671 +msgid "The automounter location this IPA client will be using" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:674 +msgid "Default: The location named \"default\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:682 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:691 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:694 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:697 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:703 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:706 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 +#: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 +#: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 +#: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 +msgid "Default: cn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:716 +msgid "ipa_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:719 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:722 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:728 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:731 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:735 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:741 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:744 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:749 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:752 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:755 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:758 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:761 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:764 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:767 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:770 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:775 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:781 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:784 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:789 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:792 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:795 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:800 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:684 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:812 +msgid "SUBDOMAINS PROVIDER" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:814 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:818 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:824 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:835 +msgid "TRUSTED DOMAINS CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:843 +#, no-wrap +msgid "" +"[domain/ipa.domain.com/ad.domain.com]\n" +"ad_server = dc.ad.domain.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:837 +msgid "" +"Some configuration options can also be set for a trusted domain. A trusted " +"domain configuration can be set using the trusted domain subsection as shown " +"in the example below. Alternatively, the <quote>subdomain_inherit</quote> " +"option can be used in the parent domain. <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:848 +msgid "" +"For more details, see the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:855 +msgid "" +"Different configuration options are tunable for a trusted domain depending " +"on whether you are configuring SSSD on an IPA server or an IPA client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:860 +msgid "OPTIONS TUNABLE ON IPA MASTERS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:862 +msgid "" +"The following options can be set in a subdomain section on an IPA master:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 +msgid "ad_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:869 +msgid "ad_backup_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 +msgid "ad_site" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:875 +msgid "ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:878 +msgid "ldap_user_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:881 +msgid "ldap_group_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:890 +msgid "OPTIONS TUNABLE ON IPA CLIENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:892 +msgid "" +"The following options can be set in a subdomain section on an IPA client:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:904 +msgid "" +"Note that if both options are set, only <quote>ad_server</quote> is " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:908 +msgid "" +"Since any request for a user or a group identity from a trusted domain " +"triggered from an IPA client is resolved by the IPA server, the " +"<quote>ad_server</quote> and <quote>ad_site</quote> options only affect " +"which AD DC will the authentication be performed against. In particular, the " +"addresses resolved from these lists will be written to <quote>kdcinfo</" +"quote> files read by the Kerberos locator plugin. Please refer to the " +"<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more details on the " +"Kerberos locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:932 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:939 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available. Back end communication occurs over a GSSAPI-encrypted " +"channel, SSL/TLS options should not be used with the AD provider and will be " +"superseded by Kerberos usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:44 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:48 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:54 +msgid "" +"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for Active Directory environments. The AD provider accepts the " +"same options used by the sssd-ldap and sssd-krb5 providers with some " +"exceptions. However, it is neither necessary nor recommended to set these " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"The AD provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:74 +msgid "" +"The AD provider can also be used as an access, chpass, sudo and autofs " +"provider. No configuration of the access provider is required on the client " +"side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:79 +msgid "" +"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ad</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:91 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:85 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should " +"be used, it is recommended for performance reasons that the attributes are " +"also replicated to the Global Catalog. If POSIX attributes are replicated, " +"SSSD will attempt to locate the domain of a requested numerical ID with the " +"help of the Global Catalog and only search that domain. In contrast, if " +"POSIX attributes are not replicated to the Global Catalog, SSSD must search " +"all the domains in the forest sequentially. Please note that the " +"<quote>cache_first</quote> option might be also helpful in speeding up " +"domainless searches. Note that if only a subset of POSIX attributes is " +"present in the Global Catalog, the non-replicated attributes are currently " +"not read from the LDAP port." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:108 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:113 +msgid "" +"SSSD only resolves Active Directory Security Groups. For more information " +"about AD group types see: <ulink url=\"https://docs.microsoft.com/en-us/" +"windows-server/identity/ad-ds/manage/understand-security-groups\"> Active " +"Directory security groups</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:120 +msgid "" +"SSSD filters out Domain Local groups from remote domains in the AD forest. " +"By default they are filtered out e.g. when following a nested group " +"hierarchy in remote domains because they are not valid in the local domain. " +"This is done to be in agreement with Active Directory's group-membership " +"assignment which can be seen in the PAC of the Kerberos ticket of a user " +"issued by Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:138 +msgid "ad_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:141 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:146 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:151 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:158 +msgid "ad_enabled_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:161 +msgid "" +"A comma-separated list of enabled Active Directory domains. If provided, " +"SSSD will ignore any domains not listed in this option. If left unset, all " +"discovered domains from the AD forest will be available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:168 +msgid "" +"During the discovery of the domains SSSD will filter out some domains where " +"flags or attributes indicate that they do not belong to the local forest or " +"are not trusted. If ad_enabled_domains is set, SSSD will try to enable all " +"listed domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:179 +#, no-wrap +msgid "" +"ad_enabled_domains = sales.example.com, eng.example.com\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:175 +msgid "" +"For proper operation, this option must be specified in all lower-case and as " +"the fully qualified domain name of the Active Directory domain. For example: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) will be " +"autodetected by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:193 +msgid "ad_server, ad_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:196 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:203 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:208 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:216 +msgid "ad_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:219 +msgid "" +"Optional. On machines where the hostname(5) does not reflect the fully " +"qualified name, sssd will try to expand the short name. If it is not " +"possible or the short name should be really used instead, set this parameter " +"explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:226 +msgid "" +"This field is used to determine the host principal in use in the keytab and " +"to perform dynamic DNS updates. It must match the hostname for which the " +"keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:235 +msgid "ad_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:258 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:261 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:269 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:277 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:285 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"Nested group membership must be searched for using a special OID " +"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain." +"example.org: syntax to ensure the parser does not attempt to interpret the " +"colon characters associated with the OID. If you do not use this OID then " +"nested group membership will not be resolved. See usage example below and " +"refer here for further information about the OID: <ulink url=\"https://msdn." +"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP " +"extensions</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:303 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:314 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +"\n" +"# apply filter for a member of a nested group in dom1:\n" +"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:333 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:347 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:350 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:358 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:372 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:384 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to the host. For more " +"information on the supported policy settings please refer to the " +"<quote>ad_gpo_map</quote> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:392 +msgid "" +"Please note that current version of SSSD does not support Active Directory's " +"built-in groups. Built-in groups (such as Administrators with SID " +"S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See " +"upstream issue tracker https://github.com/SSSD/sssd/issues/5063 ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:401 +msgid "" +"Before performing access control SSSD applies group policy security " +"filtering on the GPOs. For every single user login, the applicability of the " +"GPOs that are linked to the host is checked. In order for a GPO to apply to " +"a user, the user or at least one of the groups to which it belongs must have " +"following permissions on the GPO:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:411 +msgid "" +"Read: The user or one of its groups must have read access to the properties " +"of the GPO (RIGHT_DS_READ_PROPERTY)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:418 +msgid "" +"Apply Group Policy: The user or at least one of its groups must be allowed " +"to apply the GPO (RIGHT_DS_CONTROL_ACCESS)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:426 +msgid "" +"By default, the Authenticated Users group is present on a GPO and this group " +"has both Read and Apply Group Policy access rights. Since authentication of " +"a user must have been completed successfully before GPO security filtering " +"and access control are started, the Authenticated Users group permissions on " +"the GPO always apply also to the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:435 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing. For logging GPO-based access control debug level 'trace " +"functions' is required (see <citerefentry> <refentrytitle>sssctl</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:458 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:464 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:470 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:481 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:484 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:490 +msgid "ad_gpo_implicit_deny (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:493 +msgid "" +"Normally when no applicable GPOs are found the users are allowed access. " +"When this option is set to True users will be allowed access only when " +"explicitly allowed by a GPO rule. Otherwise users will be denied access. " +"This can be used to harden security but be careful when using this option " +"because it can deny access even to users in the built-in Administrators " +"group if no GPO rules apply to them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:509 +msgid "" +"The following 2 tables should illustrate when a user is allowed or rejected " +"based on the allow and deny login rights defined on the server-side and the " +"setting of ad_gpo_implicit_deny." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:521 +msgid "ad_gpo_implicit_deny = False (default)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "allow-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "deny-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:523 sssd-ad.5.xml:549 +msgid "results" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:526 sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:552 +#: sssd-ad.5.xml:555 sssd-ad.5.xml:558 +msgid "missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:527 +msgid "all users are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:535 sssd-ad.5.xml:555 +#: sssd-ad.5.xml:558 sssd-ad.5.xml:561 +msgid "present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:530 +msgid "only users not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:533 sssd-ad.5.xml:559 +msgid "only users in allow-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:536 sssd-ad.5.xml:562 +msgid "only users in allow-rules and not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:547 +msgid "ad_gpo_implicit_deny = True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:553 sssd-ad.5.xml:556 +msgid "no users are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:569 +msgid "ad_gpo_ignore_unreadable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:572 +msgid "" +"Normally when some group policy containers (AD object) of applicable group " +"policy objects are not readable by SSSD then users are denied access. This " +"option allows to ignore group policy containers and with them associated " +"policies if their attributes in group policy containers are not readable for " +"SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:589 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:605 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:608 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings. Only those GPOs are evaluated " +"for which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny interactive logon setting for the user or one of its groups, the user " +"is denied local access. If none of the evaluated GPOs has an interactive " +"logon right defined, the user is granted local access. If at least one " +"evaluated GPO contains interactive logon right settings, the user is granted " +"local access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:626 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:640 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:631 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:663 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:683 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:688 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:693 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:698 +msgid "unity" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:703 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:712 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:715 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings. Only those GPOs are " +"evaluated for which the user has Read and Apply Group Policy permission (see " +"option <quote>ad_gpo_access_control</quote>). If an evaluated GPO contains " +"the deny remote logon setting for the user or one of its groups, the user is " +"denied remote interactive access. If none of the evaluated GPOs has a " +"remote interactive logon right defined, the user is granted remote access. " +"If at least one evaluated GPO contains remote interactive logon right " +"settings, the user is granted remote access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:734 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:749 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:740 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:757 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:762 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:771 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny network logon setting for the user or one of its groups, the user is " +"denied network logon access. If none of the evaluated GPOs has a network " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains network logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:792 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:807 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:798 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:815 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:820 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:829 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:832 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings. Only those GPOs are evaluated for which the user has Read " +"and Apply Group Policy permission (see option <quote>ad_gpo_access_control</" +"quote>). If an evaluated GPO contains the deny batch logon setting for the " +"user or one of its groups, the user is denied batch logon access. If none " +"of the evaluated GPOs has a batch logon right defined, the user is granted " +"logon access. If at least one evaluated GPO contains batch logon right " +"settings, the user is granted logon access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:850 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:864 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:855 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:867 +msgid "" +"Note: Cron service name may differ depending on Linux distribution used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:873 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:882 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:885 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny service logon setting for the user or one of its groups, the user is " +"denied service logon access. If none of the evaluated GPOs has a service " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains service logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:903 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:916 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:908 sssd-ad.5.xml:983 +msgid "" +"It is possible to add a PAM service name to the default set by using " +"<quote>+service_name</quote>. Since the default set is empty, it is not " +"possible to remove a PAM service name from the default set. For example, in " +"order to add a custom pam service name (e.g. <quote>my_pam_service</quote>), " +"you would use the following configuration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:926 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:929 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:943 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:934 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:951 +msgid "polkit-1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:966 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:975 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:978 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:991 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1001 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1004 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1017 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1026 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1031 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1036 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1041 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1046 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1051 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1057 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1063 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1066 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1072 +msgid "Default: 30 days" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1078 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1081 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expects 2 integers separated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the initial timeout in seconds before the task is run for the " +"first time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1090 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1096 +msgid "ad_update_samba_machine_account_password (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1099 +msgid "" +"If enabled, when SSSD renews the machine account password, it will also be " +"updated in Samba's database. This prevents Samba's copy of the machine " +"account password from getting out of date when it is set up to use AD for " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1112 +msgid "ad_use_ldaps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1115 +msgid "" +"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " +"3628. If this option is set to True SSSD will use the LDAPS port 636 and " +"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " +"have multiple encryption layers on a single connection and we still want to " +"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " +"property maxssf is set to 0 (zero) for those connections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1132 +msgid "ad_allow_remote_domain_local_groups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1135 +msgid "" +"If this option is set to <quote>true</quote> SSSD will not filter out Domain " +"Local groups from remote domains in the AD forest. By default they are " +"filtered out e.g. when following a nested group hierarchy in remote domains " +"because they are not valid in the local domain. To be compatible with other " +"solutions which make AD users and groups available on Linux client this " +"option was added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1145 +msgid "" +"Please note that setting this option to <quote>true</quote> will be against " +"the intention of Domain Local group in Active Directory and <emphasis>SHOULD " +"ONLY BE USED TO FACILITATE MIGRATION FROM OTHER SOLUTIONS</emphasis>. " +"Although the group exists and user can be member of the group the intention " +"is that the group should be only used in the domain it is defined and in no " +"others. Since there is only one type of POSIX groups the only way to achieve " +"this on the Linux side is to ignore those groups. This is also done by " +"Active Directory as can be seen in the PAC of the Kerberos ticket for a " +"local service or in tokenGroups requests where remote Domain Local groups " +"are missing as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1161 +msgid "" +"Given the comments above, if this option is set to <quote>true</quote> the " +"tokenGroups request must be disabled by setting <quote>ldap_use_tokengroups</" +"quote> to <quote>false</quote> to get consistent group-memberships of a " +"users. Additionally the Global Catalog lookup should be skipped as well by " +"setting <quote>ad_enable_gc</quote> to <quote>false</quote>. Finally it " +"might be necessary to modify <quote>ldap_group_nesting_level</quote> if the " +"remote Domain Local groups can only be found with a deeper nesting level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1184 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1214 +msgid "Default: 3600 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1230 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1243 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true. Note that the " +"lowest possible value is 60 seconds in-case if value is provided less than " +"60, parameter will assume lowest value only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1393 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1400 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1420 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1416 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1426 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1434 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included in the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:98 +msgid "" +"<placeholder type=\"programlisting\" id=\"0\"/> <phrase " +"condition=\"have_systemd\"> It's important to note that on platforms where " +"systemd is supported there's no need to add the \"sudo\" provider to the " +"list of services, as it became optional. However, sssd-sudo.socket must be " +"enabled instead. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:118 +msgid "" +"When SSSD is configured to use IPA as the ID provider, the sudo provider is " +"automatically enabled. The sudo search base is configured to use the IPA " +"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in " +"sssd.conf, this value will be used instead. The compat tree (ou=sudoers," +"$SUFFIX) is no longer required for IPA sudo functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:128 +msgid "The SUDO rule caching mechanism" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:130 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:138 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:144 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:161 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:168 +msgid "keyword ALL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:173 +msgid "wildcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:178 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:183 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:188 +msgid "one of the IP addresses of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:193 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:199 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:213 +msgid "Tuning the performance" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:215 +msgid "" +"SSSD uses different kinds of mechanisms with more or less complex LDAP " +"filters to keep the cached sudo rules up to date. The default configuration " +"is set to values that should satisfy most of our users, but the following " +"paragraphs contain few tips on how to fine- tune the configuration to your " +"requirements." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:222 +msgid "" +"1. <emphasis>Index LDAP attributes</emphasis>. Make sure that following LDAP " +"attributes are indexed: objectClass, cn, entryUSN or modifyTimestamp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:227 +msgid "" +"2. <emphasis>Set ldap_sudo_search_base</emphasis>. Set the search base to " +"the container that holds the sudo rules to limit the scope of the lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:232 +msgid "" +"3. <emphasis>Set full and smart refresh interval</emphasis>. If your sudo " +"rules do not change often and you do not require quick update of cached " +"rules on your clients, you may consider increasing the " +"<emphasis>ldap_sudo_full_refresh_interval</emphasis> and " +"<emphasis>ldap_sudo_smart_refresh_interval</emphasis>. You may also consider " +"disabling the smart refresh by setting " +"<emphasis>ldap_sudo_smart_refresh_interval = 0</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:241 +msgid "" +"4. If you have large number of clients, you may consider increasing the " +"value of <emphasis>ldap_sudo_random_offset</emphasis> to distribute the load " +"on the server better." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>--logger=</option><replaceable>value</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "Location where SSSD will send log messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:92 +msgid "" +"<emphasis>stderr</emphasis>: Redirect debug messages to standard error " +"output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:96 +msgid "" +"<emphasis>files</emphasis>: Redirect debug messages to the log files. By " +"default, the log files are stored in <filename>/var/log/sssd</filename> and " +"there are separate log files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:102 +msgid "" +"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:106 +msgid "" +"Default: not set (fall back to journald if available, otherwise to stderr)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:113 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:117 +msgid "Become a daemon after starting up." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:123 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:127 +msgid "Run in the foreground, don't become a daemon." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:133 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:137 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "<option>-g</option>,<option>--genconf</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:154 +msgid "" +"Do not start the SSSD, but refresh the configuration database from the " +"contents of <filename>/etc/sssd/sssd.conf</filename> and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:162 +msgid "<option>-s</option>,<option>--genconf-section</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:166 +msgid "" +"Similar to <quote>--genconf</quote>, but only refresh a single section from " +"the configuration file. This option is useful mainly to be called from " +"systemd unit files to allow socket-activated responders to refresh their " +"configuration without requiring the administrator to restart the whole SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:178 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:182 +msgid "Print version number and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:190 +msgid "Signals" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:193 +msgid "SIGTERM/SIGINT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:196 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:202 +msgid "SIGHUP" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:205 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:213 +msgid "SIGUSR1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:216 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:225 +msgid "SIGUSR2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:228 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:240 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:244 +msgid "" +"If the environment variable SSS_LOCKFREE is set to \"NO\", requests from " +"multiple threads of a single application will be serialized." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:48 +msgid "" +"<emphasis>NOTE:</emphasis> The options provided in this man page only work " +"with <quote>ldap</quote> and <quote>AD</quote> <quote> id_provider</quote>. " +"IPA overrides can be managed centrally on the IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:56 sssctl.8.xml:41 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:58 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:65 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED " +"CERTIFICATE</optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:78 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:86 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:91 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:100 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:105 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:113 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:118 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:124 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:134 +msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:137 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:146 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:149 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:155 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:160 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:168 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:175 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:183 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:188 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:197 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:202 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:210 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:215 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:221 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:231 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:234 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:243 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:246 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:252 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:257 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:267 sssctl.8.xml:50 +msgid "COMMON OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:269 sssctl.8.xml:52 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:274 sssctl.8.xml:57 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 include/override_homedir.xml:42 +msgid "%h" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:124 +msgid "home directory" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:31 +msgid "%P" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:56 +msgid "%%" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:57 +msgid "a literal '%'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:253 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:256 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:261 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:274 +msgid "krb5_use_fast (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:277 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:282 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:286 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:291 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:296 +msgid "Default: not set, i.e. FAST is not used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:299 +msgid "NOTE: a keytab or support for anonymous PKINIT is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:303 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:312 +msgid "krb5_fast_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:315 +msgid "Specifies the server principal to use for FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:321 +msgid "krb5_fast_use_anonymous_pkinit (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:324 +msgid "" +"If set to true try to use anonymous PKINIT instead of a keytab to get the " +"required credential for FAST. The krb5_fast_principal options is ignored in " +"this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:364 +msgid "krb5_kdcinfo_lookahead (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:367 +msgid "" +"When krb5_use_kdcinfo is set to true, you can limit the amount of servers " +"handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. This might be " +"helpful when there are too many servers discovered using SRV record." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:377 +msgid "" +"The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. " +"The first number represents number of primary servers used and the second " +"number specifies the number of backup servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:383 +msgid "" +"For example <emphasis>10:0</emphasis> means that up to 10 primary servers " +"will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " +"servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:392 +msgid "Default: 3:1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:398 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:401 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:407 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:410 +msgid "" +"The IPA provider will set to option to 'true' if it detects that the server " +"is capable of handling enterprise principals and the option is not set " +"explicitly in the config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:419 +msgid "krb5_use_subdomain_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:422 +msgid "" +"Specifies to use subdomains realms for the authentication of users from " +"trusted domains. This option can be set to 'true' if enterprise principals " +"are used with upnSuffixes which are not known on the parent domain KDCs. If " +"the option is set to 'true' SSSD will try to send the request directly to a " +"KDC of the trusted domain the user is coming from." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:438 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:453 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:458 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:485 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:493 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online. Options that invalidate a single object only accept a " +"single provided argument." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:43 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:47 +msgid "Invalidate all cached entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:53 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:58 +msgid "Invalidate specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:64 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:68 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:75 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:80 +msgid "Invalidate specific group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:86 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:90 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:97 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:102 +msgid "Invalidate specific netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:108 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:112 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:119 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:124 +msgid "Invalidate specific service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:130 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:134 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:141 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:146 +msgid "Invalidate specific autofs maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:152 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:156 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:163 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:168 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:174 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:178 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:186 +msgid "" +"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:191 +msgid "Invalidate particular sudo rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:197 +msgid "<option>-R</option>,<option>--sudo-rules</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:201 +msgid "" +"Invalidate all cached sudo rules. This option overrides invalidation of " +"specific sudo rule if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:209 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:214 +msgid "Restrict invalidation process only to a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_cache.8.xml:224 +msgid "EFFECTS ON THE FAST MEMORY CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:226 +msgid "" +"<command>sss_cache</command> also invalidates the memory cache. Since the " +"memory cache is a file which is mapped into the memory of each process which " +"called SSSD to resolve users or groups the file cannot be truncated. A " +"special flag is set in the header of the file to indicate that the content " +"is invalid and then the file is unlinked by SSSD's NSS responder and a new " +"cache file is created. Whenever a process is now doing a new lookup for a " +"user or a group it will see the flag, close the old memory cache file and " +"map the new one into its memory. When all processes which had opened the old " +"memory cache file have closed it while looking up a user or a group the " +"kernel can release the occupied disk space and the old memory cache file is " +"finally removed completely." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:240 +msgid "" +"A special case is long running processes which are doing user or group " +"lookups only at startup, e.g. to determine the name of the user the process " +"is running as. For those lookups the memory cache file is mapped into the " +"memory of the process. But since there will be no further lookups this " +"process would never detect if the memory cache file was invalidated and " +"hence it will be kept in memory and will occupy disk space until the process " +"stops. As a result calling <command>sss_cache</command> might increase the " +"disk usage because old memory cache files cannot be removed from the disk " +"because they are still mapped by long running processes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:252 +msgid "" +"A possible work-around for long running processes which are looking up users " +"and groups only at startup or very rarely is to run them with the " +"environment variable SSS_NSS_USE_MEMCACHE set to \"NO\" so that they won't " +"use the memory cache at all and not map the memory cache file into the " +"memory. In general a better solution is to tune the cache timeout parameters " +"so that they meet the local expectations and calling <command>sss_cache</" +"command> is not needed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "[DEPRECATED] change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl " +"debug-level command. Please refer to the <command>sssctl</command> man page " +"for more information on sssctl usage." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ifp.5.xml:43 +msgid "FIND BY VALID CERTIFICATE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:45 +msgid "" +"The following options can be used to control how the certificates are " +"validated when using the FindByValidCertificate() API:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:48 sss_ssh_authorizedkeys.1.xml:92 +msgid "ca_db" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:49 sss_ssh_authorizedkeys.1.xml:93 +msgid "p11_child_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:50 sss_ssh_authorizedkeys.1.xml:94 +msgid "certificate_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:52 +msgid "" +"For more details about the options see <citerefentry><refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:62 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:69 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:75 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:79 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:93 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:108 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:115 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:116 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:119 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:120 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:123 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:127 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:128 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:97 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:141 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:133 +msgid "" +"It is possible to add another attribute to this set by using " +"<quote>+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:145 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:155 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:160 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:316 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "VIZ TAKÉ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the " +"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> man page for more details about this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:59 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:52 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_ssh_authorizedkeys.1.xml:65 +msgid "KEYS FROM CERTIFICATES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:67 +msgid "" +"In addition to the public SSH keys for user <replaceable>USER</replaceable> " +"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived " +"from the public key of a X.509 certificate as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:73 +msgid "" +"To enable this the <quote>ssh_use_certificate_keys</quote> option must be " +"set to true (default) in the [ssh] section of <filename>sssd.conf</" +"filename>. If the user entry contains certificates (see " +"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or " +"there is a certificate in an override entry for the user (see " +"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the " +"certificate is valid SSSD will extract the public key from the certificate " +"and convert it into the format expected by sshd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:90 +msgid "Besides <quote>ssh_use_certificate_keys</quote> the options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:96 +msgid "" +"can be used to control how the certificates are validated (see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:101 +msgid "" +"The validation is the benefit of using X.509 certificates instead of SSH " +"keys directly because e.g. it gives a better control of the lifetime of the " +"keys. When the ssh client is configured to use the private keys from a " +"Smartcard with the help of a PKCS#11 shared library (see " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> for details) it might be irritating that authentication is " +"still working even if the related X.509 certificate on the Smartcard is " +"already expired because neither <command>ssh</command> nor <command>sshd</" +"command> will look at the certificate at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:114 +msgid "" +"It has to be noted that the derived public SSH key can still be added to the " +"<filename>authorized_keys</filename> file of the user to bypass the " +"certificate validation if the <command>sshd</command> configuration permits " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:132 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:102 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:104 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and establishes the connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:89 +msgid "<option>-k</option>,<option>--pubkey</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:93 +msgid "" +"Print the host ssh public keys for host <replaceable>HOST</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: idmap_sss.8.xml:10 idmap_sss.8.xml:15 +msgid "idmap_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: idmap_sss.8.xml:16 +msgid "SSSD's idmap_sss Backend for Winbind" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:22 +msgid "" +"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. " +"No database is required in this case as the mapping is done by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: idmap_sss.8.xml:29 +msgid "IDMAP OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: idmap_sss.8.xml:33 +msgid "range = low - high" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: idmap_sss.8.xml:35 +msgid "" +"Defines the available matching UID and GID range for which the backend is " +"authoritative." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:45 +msgid "" +"This example shows how to configure idmap_sss as the default mapping module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: idmap_sss.8.xml:50 +#, no-wrap +msgid "" +"[global]\n" +"security = ads\n" +"workgroup = <AD-DOMAIN-SHORTNAME>\n" +"\n" +"idmap config <AD-DOMAIN-SHORTNAME> : backend = sss\n" +"idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647\n" +"\n" +"idmap config * : backend = tdb\n" +"idmap config * : range = 100000-199999\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:62 +msgid "" +"Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of " +"the AD domain. If multiple AD domains should be used each domain needs an " +"<literal>idmap config</literal> line with <literal>backend = sss</literal> " +"and a line with a suitable <literal>range</literal>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:69 +msgid "" +"Since Winbind requires a writeable default backend and idmap_sss is read-" +"only the example includes <literal>backend = tdb</literal> as default." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssctl.8.xml:10 sssctl.8.xml:15 +msgid "sssctl" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssctl.8.xml:16 +msgid "SSSD control and status utility" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssctl.8.xml:21 +msgid "" +"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:32 +msgid "" +"<command>sssctl</command> provides a simple and unified way to obtain " +"information about SSSD status, such as active server, auto-discovered " +"servers, domains and cached objects. In addition, it can manage SSSD data " +"files for troubleshooting in such a way that is safe to manipulate while " +"SSSD is running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:43 +msgid "" +"To list all available commands run <command>sssctl</command> without any " +"parameters. To print help for selected command run <command>sssctl COMMAND --" +"help</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-files.5.xml:10 sssd-files.5.xml:16 +msgid "sssd-files" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-files.5.xml:17 +msgid "SSSD files provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:23 +msgid "" +"This manual page describes the files provider for <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:36 +msgid "" +"The files provider mirrors the content of the <citerefentry> " +"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files " +"provider is to make the users and groups traditionally only accessible with " +"NSS interfaces also available through the SSSD interfaces such as " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:55 +msgid "" +"Another reason is to provide efficient caching of local users and groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:58 +msgid "" +"Please note that besides explicit domain definition the files provider can " +"be configured also implicitly using 'enable_files_domain' option. See " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:66 +msgid "" +"SSSD never handles resolution of user/group \"root\". Also resolution of UID/" +"GID 0 is not handled by SSSD. Such requests are passed to next NSS module " +"(usually files)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:71 +msgid "" +"When SSSD is not running or responding, nss_sss returns the UNAVAIL code " +"which causes the request to be passed to the next module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:95 +msgid "passwd_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:98 +msgid "" +"Comma-separated list of one or multiple password filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:104 +msgid "Default: /etc/passwd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:110 +msgid "group_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:113 +msgid "" +"Comma-separated list of one or multiple group filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:119 +msgid "Default: /etc/group" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:125 +msgid "fallback_to_nss (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:128 +msgid "" +"While updating the internal data SSSD will return an error and let the " +"client continue with the next NSS module. This helps to avoid delays when " +"using the default system files <filename>/etc/passwd</filename> and " +"<filename>/etc/group</filename> and the NSS configuration has 'sss' before " +"'files' for the 'passwd' and 'group' maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:138 +msgid "" +"If the files provider is configured to monitor other files it makes sense to " +"set this option to 'False' to avoid inconsistent behavior because in general " +"there would be no other NSS module which can be used as a fallback." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:79 +msgid "" +"In addition to the options listed below, generic SSSD domain options can be " +"set where applicable. Refer to the section <quote>DOMAIN SECTIONS</quote> " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for details on the configuration of " +"an SSSD domain. But the purpose of the files provider is to expose the same " +"data as the UNIX files, just through the SSSD interfaces. Therefore not all " +"generic domain options are supported. Likewise, some global options, such as " +"overriding the shell in the <quote>nss</quote> section for all domains has " +"no effect on the files domain unless explicitly specified per-domain. " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:157 +msgid "" +"The following example assumes that SSSD is correctly configured and files is " +"one of the domains in the <replaceable>[sssd]</replaceable> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:163 +#, no-wrap +msgid "" +"[domain/files]\n" +"id_provider = files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:168 +msgid "" +"To leverage caching of local users and groups by SSSD nss_sss module must be " +"listed before nss_files module in /etc/nsswitch.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:174 +#, no-wrap +msgid "" +"passwd: sss files\n" +"group: sss files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16 +msgid "sssd-session-recording" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-session-recording.5.xml:17 +msgid "Configuring session recording with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to " +"implement user session recording on text terminals. For a detailed " +"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> " +"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:41 +msgid "" +"SSSD can be set up to enable recording of everything specific users see or " +"type during their sessions on text terminals. E.g. when users log in on the " +"console, or via SSH. SSSD itself doesn't record anything, but makes sure " +"tlog-rec-session is started upon user login, so it can record according to " +"its configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:48 +msgid "" +"For users with session recording enabled, SSSD replaces the user shell with " +"tlog-rec-session in NSS responses, and adds a variable specifying the " +"original shell to the user environment, upon PAM session setup. This way " +"tlog-rec-session can be started in place of the user shell, and know which " +"actual shell to start, once it set up the recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:60 +msgid "These options can be used to configure the session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:178 +msgid "" +"The following snippet of sssd.conf enables session recording for users " +"\"contractor1\" and \"contractor2\", and group \"students\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-session-recording.5.xml:183 +#, no-wrap +msgid "" +"[session_recording]\n" +"scope = some\n" +"users = contractor1, contractor2\n" +"groups = students\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16 +msgid "sssd-kcm" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-kcm.8.xml:17 +msgid "SSSD Kerberos Cache Manager" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:23 +msgid "" +"This manual page describes the configuration of the SSSD Kerberos Cache " +"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos " +"credential caches. It originates in the Heimdal Kerberos project, although " +"the MIT Kerberos library also provides client side (more details on that " +"below) support for the KCM credential cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:31 +msgid "" +"In a setup where Kerberos caches are managed by KCM, the Kerberos library " +"(typically used through an application, like e.g., <citerefentry> " +"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </" +"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is " +"being referred to as a <quote>\"KCM server\"</quote>. The client and server " +"communicate over a UNIX socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:42 +msgid "" +"The KCM server keeps track of each credential caches's owner and performs " +"access check control based on the UID and GID of the KCM client. The root " +"user has access to all credential caches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:47 +msgid "The KCM credential cache has several interesting properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:51 +msgid "" +"since the process runs in userspace, it is subject to UID namespacing, " +"unlike the kernel keyring" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:56 +msgid "" +"unlike the kernel keyring-based cache, which is shared between all " +"containers, the KCM server is a separate process whose entry point is a UNIX " +"socket" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:61 +msgid "" +"the SSSD implementation stores the ccaches in a database, typically located " +"at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to " +"survive KCM server restarts or machine reboots." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:67 +msgid "" +"This allows the system to use a collection-aware credential cache, yet share " +"the credential cache between some or no containers by bind-mounting the " +"socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:72 +msgid "" +"The KCM default client idle timeout is 5 minutes, this allows more time for " +"user interaction with command line tools such as kinit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:78 +msgid "USING THE KCM CREDENTIAL CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:88 +#, no-wrap +msgid "" +"[libdefaults]\n" +" default_ccache_name = KCM:\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:80 +msgid "" +"In order to use KCM credential cache, it must be selected as the default " +"credential type in <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials " +"cache name must be only <quote>KCM:</quote> without any template " +"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:93 +msgid "" +"Next, make sure the Kerberos client libraries and the KCM server must agree " +"on the UNIX socket path. By default, both use the same path <replaceable>/" +"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos " +"library, change its <quote>kcm_socket</quote> option which is described in " +"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:115 +#, no-wrap +msgid "" +"systemctl start sssd-kcm.socket\n" +"systemctl enable sssd-kcm.socket\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:104 +msgid "" +"Finally, make sure the SSSD KCM server can be contacted. The KCM service is " +"typically socket-activated by <citerefentry> <refentrytitle>systemd</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD " +"services, it cannot be started by adding the <quote>kcm</quote> string to " +"the <quote>service</quote> directive. <placeholder type=\"programlisting\" " +"id=\"0\"/> Please note your distribution may already configure the units for " +"you." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:124 +msgid "THE CREDENTIAL CACHE STORAGE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:126 +msgid "" +"The credential caches are stored in a database, much like SSSD caches user " +"or group entries. The database is typically located at <quote>/var/lib/sss/" +"secrets</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:133 +msgid "OBTAINING DEBUG LOGS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:144 +#, no-wrap +msgid "" +"[kcm]\n" +"debug_level = 10\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:149 sssd-kcm.8.xml:211 +#, no-wrap +msgid "" +"systemctl restart sssd-kcm.service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:135 +msgid "" +"The sssd-kcm service is typically socket-activated <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry>. To generate debug logs, add the following either to the " +"<filename>/etc/sssd/sssd.conf</filename> file directly or as a configuration " +"snippet to <filename>/etc/sssd/conf.d/</filename> directory: <placeholder " +"type=\"programlisting\" id=\"0\"/> Then, restart the sssd-kcm service: " +"<placeholder type=\"programlisting\" id=\"1\"/> Finally, run whatever use-" +"case doesn't work for you. The KCM logs will be generated at <filename>/var/" +"log/sssd/sssd_kcm.log</filename>. It is recommended to disable the debug " +"logs when you no longer need the debugging to be enabled as the sssd-kcm " +"service can generate quite a large amount of debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:159 +msgid "" +"Please note that configuration snippets are, at the moment, only processed " +"if the main configuration file at <filename>/etc/sssd/sssd.conf</filename> " +"exists at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:166 +msgid "RENEWALS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:174 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"krb5_renew_interval = 60m\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:168 +msgid "" +"The sssd-kcm service can be configured to attempt TGT renewal for renewable " +"TGTs stored in the KCM ccache. Renewals are only attempted when half of the " +"ticket lifetime has been reached. KCM Renewals are configured when the " +"following options are set in the [kcm] section: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:179 +msgid "" +"SSSD can also inherit krb5 options for renewals from an existing domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: sssd-kcm.8.xml:183 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"tgt_renewal_inherit = domain-name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:191 +#, no-wrap +msgid "" +"krb5_renew_interval\n" +"krb5_renewable_lifetime\n" +"krb5_lifetime\n" +"krb5_validate\n" +"krb5_canonicalize\n" +"krb5_auth_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:187 +msgid "" +"The following krb5 options can be configured in the [kcm] section to control " +"renewal behavior, these options are described in detail below <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:204 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> section of the sssd." +"conf file. Please note that because the KCM service is typically socket-" +"activated, it is enough to just restart the <quote>sssd-kcm</quote> service " +"after changing options in the <quote>kcm</quote> section of sssd.conf: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:215 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> For a detailed " +"syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:223 +msgid "" +"The generic SSSD service options such as <quote>debug_level</quote> or " +"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for a complete list. In addition, " +"there are some KCM-specific options as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:234 +msgid "socket_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:237 +msgid "The socket the KCM service will listen on." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:240 +msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:243 +msgid "" +"<phrase condition=\"have_systemd\"> Note: on platforms where systemd is " +"supported, the socket path is overwritten by the one defined in the sssd-kcm." +"socket unit file. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:252 +msgid "max_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:255 +msgid "How many credential caches does the KCM database allow for all users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:259 +msgid "Default: 0 (unlimited, only the per-UID quota is enforced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:264 +msgid "max_uid_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:267 +msgid "" +"How many credential caches does the KCM database allow per UID. This is " +"equivalent to <quote>with how many principals you can kinit</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:272 +msgid "Default: 64" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:277 +msgid "max_ccache_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:280 +msgid "" +"How big can a credential cache be per ccache. Each service ticket accounts " +"into this quota." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:284 +msgid "Default: 65536" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:289 +msgid "tgt_renewal (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:292 +msgid "Enables TGT renewals functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:295 +msgid "Default: False (Automatic renewals disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:300 +msgid "tgt_renewal_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:303 +msgid "Domain to inherit krb5_* options from, for use with TGT renewals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:307 +#, fuzzy +#| msgid "Default: 200000" +msgid "Default: NULL" +msgstr "Výchozí: 200000" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:318 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>," +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16 +msgid "sssd-systemtap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-systemtap.5.xml:17 +msgid "SSSD systemtap information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:23 +msgid "" +"This manual page provides information about the systemtap functionality in " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:32 +msgid "" +"SystemTap Probe points have been added into various locations in SSSD code " +"to assist in troubleshooting and analyzing performance related issues." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:40 +msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:46 +msgid "" +"Probes and miscellaneous functions are defined in /usr/share/systemtap/" +"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp " +"respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:57 +msgid "PROBE POINTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:367 +msgid "" +"The information below lists the probe points and arguments available in the " +"following format:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:64 +msgid "probe $name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:67 +msgid "Description of probe point" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:70 +#, no-wrap +msgid "" +"variable1:datatype\n" +"variable2:datatype\n" +"variable3:datatype\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:80 +msgid "Database Transaction Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:84 +msgid "probe sssd_transaction_start" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:87 +msgid "" +"Start of a sysdb transaction, probes the sysdb_transaction_start() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118 +#: sssd-systemtap.5.xml:131 +#, no-wrap +msgid "" +"nesting:integer\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:97 +msgid "probe sssd_transaction_cancel" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:100 +msgid "" +"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() " +"function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:111 +msgid "probe sssd_transaction_commit_before" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:114 +msgid "Probes the sysdb_transaction_commit_before() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:124 +msgid "probe sssd_transaction_commit_after" +msgstr "vyzkoušet sssd_transaction_commit_after" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:127 +msgid "Probes the sysdb_transaction_commit_after() function." +msgstr "Vyzkouší funkci sysdb_transaction_commit_after()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:141 +msgid "LDAP Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:145 +msgid "probe sdap_search_send" +msgstr "vyzkouší sdap_search_send" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:148 +msgid "Probes the sdap_get_generic_ext_send() function." +msgstr "Vyzkouší funkci sdap_get_generic_ext_send()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:152 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"attrs:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:161 +msgid "probe sdap_search_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:164 +msgid "Probes the sdap_get_generic_ext_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:168 sssd-systemtap.5.xml:222 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:176 +msgid "probe sdap_parse_entry" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:179 +msgid "" +"Probes the sdap_parse_entry() function. It is called repeatedly with every " +"received attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:184 +#, no-wrap +msgid "" +"attr:string\n" +"value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:190 +msgid "probe sdap_parse_entry_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:193 +msgid "" +"Probes the sdap_parse_entry() function. It is called when parsing of " +"received object is finished." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:201 +msgid "probe sdap_deref_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:204 +msgid "Probes the sdap_deref_search_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:208 +#, no-wrap +msgid "" +"base_dn:string\n" +"deref_attr:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:215 +msgid "probe sdap_deref_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:218 +msgid "Probes the sdap_deref_search_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:234 +msgid "LDAP Account Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:238 +msgid "probe sdap_acct_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:241 +msgid "Probes the sdap_acct_req_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:245 sssd-systemtap.5.xml:260 +#, no-wrap +msgid "" +"entry_type:int\n" +"filter_type:int\n" +"filter_value:string\n" +"extra_value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:253 +msgid "probe sdap_acct_req_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:256 +msgid "Probes the sdap_acct_req_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:272 +msgid "LDAP User Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:276 +msgid "probe sdap_search_user_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:279 +msgid "Probes the sdap_search_user_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:283 sssd-systemtap.5.xml:295 sssd-systemtap.5.xml:307 +#: sssd-systemtap.5.xml:319 +#, no-wrap +msgid "" +"filter:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:288 +msgid "probe sdap_search_user_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:291 +msgid "Probes the sdap_search_user_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:300 +msgid "probe sdap_search_user_save_begin" +msgstr "probe sdap_search_user_save_begin" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:303 +msgid "Probes the sdap_search_user_save_begin() function." +msgstr "Zkouší funkci sdap_search_user_save_begin()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:312 +msgid "probe sdap_search_user_save_end" +msgstr "vyzkoušet sdap_search_user_save_end" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:315 +msgid "Probes the sdap_search_user_save_end() function." +msgstr "Vyzkouší funkci sdap_search_user_save_end()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:328 +msgid "Data Provider Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:332 +msgid "probe dp_req_send" +msgstr "probe dp_req_send" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:335 +msgid "A Data Provider request is submitted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:338 +#, no-wrap +msgid "" +"dp_req_domain:string\n" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:346 +msgid "probe dp_req_done" +msgstr "probe dp_req_done" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:349 +msgid "A Data Provider request is completed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:352 +#, no-wrap +msgid "" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +"dp_ret:int\n" +"dp_errorstr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:365 +msgid "MISCELLANEOUS FUNCTIONS" +msgstr "RŮZNÉ FUNKCE" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:372 +msgid "function acct_req_desc(entry_type)" +msgstr "function acct_req_desc(entry_type)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:375 +msgid "Convert entry_type to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:380 +msgid "" +"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, " +"filter_value, extra_value)" +msgstr "" +"funkce sssd_acct_req_probestr(fc_name, entry_type, filter_type, " +"filter_value, extra_value)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:384 +msgid "Create probe string based on filter type" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:389 +msgid "function dp_target_str(target)" +msgstr "funkce dp_target_str(target)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:392 +msgid "Convert target to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:397 +msgid "function dp_method_str(target)" +msgstr "funkce dp_method_str(target)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:400 +msgid "Convert method to string and return string" +msgstr "Převést metodu na řetězec a vrátit řetězec" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:410 +msgid "SAMPLE SYSTEMTAP SCRIPTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:412 +msgid "" +"Start the SystemTap script (<command>stap /usr/share/sssd/systemtap/<" +"script_name>.stp</command>), then perform an identity operation and the " +"script will collect information from probes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:418 +msgid "Provided SystemTap scripts are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:422 +msgid "dp_request.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:425 +msgid "Monitoring of data provider request performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:430 +msgid "id_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:433 +msgid "Monitoring of <command>id</command> command performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:439 +msgid "ldap_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:442 +msgid "Monitoring of LDAP queries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:447 +msgid "nested_group_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:450 +msgid "Performance of nested groups resolving." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +msgid "sssd-ldap-attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap-attributes.5.xml:17 +msgid "SSSD LDAP Provider: Mapping Attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap-attributes.5.xml:23 +msgid "" +"This manual page describes the mapping attributes of SSSD LDAP provider " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. Refer to the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " +"for full details about SSSD LDAP provider configuration options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:38 +msgid "USER ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:42 +msgid "ldap_user_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:45 +msgid "The object class of a user entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:48 +msgid "Default: posixAccount" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:54 +msgid "ldap_user_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:57 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:61 +msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:68 +msgid "ldap_user_uid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:71 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:75 +msgid "Default: uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:81 +msgid "ldap_user_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:84 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:88 sssd-ldap-attributes.5.xml:698 +msgid "Default: gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:94 +msgid "ldap_user_primary_group (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:97 +msgid "" +"Active Directory primary group attribute for ID-mapping. Note that this " +"attribute should only be set manually if you are running the <quote>ldap</" +"quote> provider with ID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:103 +msgid "Default: unset (LDAP), primaryGroupID (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:109 +msgid "ldap_user_gecos (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:112 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:116 +msgid "Default: gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:122 +msgid "ldap_user_home_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:125 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:129 +msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:135 +msgid "ldap_user_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:138 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:142 +msgid "Default: loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:148 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:151 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:155 sssd-ldap-attributes.5.xml:724 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:162 +msgid "ldap_user_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:165 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:170 sssd-ldap-attributes.5.xml:739 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:177 +msgid "ldap_user_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:180 sssd-ldap-attributes.5.xml:749 +#: sssd-ldap-attributes.5.xml:872 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:184 sssd-ldap-attributes.5.xml:753 +#: sssd-ldap-attributes.5.xml:879 +msgid "Default: modifyTimestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:190 +msgid "ldap_user_shadow_last_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:193 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:203 +msgid "Default: shadowLastChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:209 +msgid "ldap_user_shadow_min (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:212 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:221 +msgid "Default: shadowMin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:227 +msgid "ldap_user_shadow_max (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:230 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:239 +msgid "Default: shadowMax" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:245 +msgid "ldap_user_shadow_warning (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:248 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:258 +msgid "Default: shadowWarning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:264 +msgid "ldap_user_shadow_inactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:267 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:277 +msgid "Default: shadowInactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:283 +msgid "ldap_user_shadow_expire (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:286 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:296 +msgid "Default: shadowExpire" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:302 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:305 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:311 +msgid "Default: krbLastPwdChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:317 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:320 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:326 +msgid "Default: krbPasswordExpiration" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:332 +msgid "ldap_user_ad_account_expires (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:335 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:340 +msgid "Default: accountExpires" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:346 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:349 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:354 +msgid "Default: userAccountControl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:360 +msgid "ldap_ns_account_lock (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:363 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:368 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:374 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:377 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:381 sssd-ldap-attributes.5.xml:395 +msgid "Default: loginDisabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:387 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:390 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:401 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:404 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:409 +msgid "Default: loginAllowedTimeMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:415 +msgid "ldap_user_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:418 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:422 +msgid "Default: krbPrincipalName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:428 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:431 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:436 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:446 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:456 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:459 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:463 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:466 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:476 +msgid "ldap_user_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:479 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:483 sssd-ldap-attributes.5.xml:963 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:489 +msgid "ldap_user_fullname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:492 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:502 +msgid "ldap_user_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:505 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:509 sssd-ldap-attributes.5.xml:950 +msgid "Default: memberOf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:515 +msgid "ldap_user_authorized_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:518 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:525 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:530 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:537 +msgid "" +"Some distributions (such as Fedora-29+ or RHEL-8) always include the " +"<quote>systemd-user</quote> PAM service as part of the login process. " +"Therefore when using service-based access control, the <quote>systemd-user</" +"quote> service might need to be added to the list of allowed services." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:545 +msgid "Default: authorizedService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:551 +msgid "ldap_user_authorized_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:554 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:560 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:565 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:572 +msgid "Default: host" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:578 +msgid "ldap_user_authorized_rhost (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:581 +msgid "" +"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the " +"presence of the rhost attribute in the user's LDAP entry to determine access " +"privilege. Similarly to host verification process." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:588 +msgid "" +"An explicit deny (!rhost) is resolved first. Second, SSSD searches for " +"explicit allow (rhost) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:593 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>rhost</quote> in order for the " +"ldap_user_authorized_rhost option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:600 +msgid "Default: rhost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:606 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:609 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:613 +msgid "Default: userCertificate;binary" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:619 +msgid "ldap_user_email (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:622 +msgid "Name of the LDAP attribute containing the email address of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:626 +msgid "" +"Note: If an email address of a user conflicts with an email address or fully " +"qualified name of another user, then SSSD will not be able to serve those " +"users properly. If for some reason several users need to share the same " +"email address then set this option to a nonexistent attribute name in order " +"to disable user lookup/login by email." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:635 +msgid "Default: mail" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:640 +#, fuzzy +#| msgid "simple_deny_users (string)" +msgid "ldap_user_passkey (string)" +msgstr "simple_deny_users (řetězec)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:643 +#, fuzzy +#| msgid "" +#| "The LDAP attribute that contains the names of the netgroup's members." +msgid "" +"Name of the LDAP attribute containing the passkey mapping data of the user." +msgstr "LDAP atribut, který obsahuje jména členů síťové skupiny." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:647 +msgid "Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:657 +msgid "GROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:661 +msgid "ldap_group_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:664 +msgid "The object class of a group entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:667 +msgid "Default: posixGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:673 +msgid "ldap_group_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:676 +msgid "" +"The LDAP attribute that corresponds to the group name. In an environment " +"with nested groups, this value must be an LDAP attribute which has a unique " +"name for every group. This requirement includes non-POSIX groups in the tree " +"of nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:684 +msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:691 +msgid "ldap_group_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:694 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:704 +msgid "ldap_group_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:707 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:711 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:717 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:720 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:731 +msgid "ldap_group_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:734 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:746 +msgid "ldap_group_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:759 +msgid "ldap_group_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:762 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:767 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:773 +msgid "Default: groupType in the AD provider, otherwise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:780 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:783 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:789 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:799 +msgid "NETGROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:803 +msgid "ldap_netgroup_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:806 +msgid "The object class of a netgroup entry in LDAP." +msgstr "Třída objektu položky dané netgroup v LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:809 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:813 +msgid "Default: nisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:819 +msgid "ldap_netgroup_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:822 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "LDAP atribut, který odpovídá názvu netgroup." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:826 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:836 +msgid "ldap_netgroup_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:839 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "LDAP atribut, který obsahuje jména členů síťové skupiny." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:843 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:847 +msgid "Default: memberNisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:853 +msgid "ldap_netgroup_triple (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:856 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:860 sssd-ldap-attributes.5.xml:876 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:863 +msgid "Default: nisNetgroupTriple" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:869 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:888 +msgid "HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:892 +msgid "ldap_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:895 +msgid "The object class of a host entry in LDAP." +msgstr "Třída objektu položky hostitele v LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:898 sssd-ldap-attributes.5.xml:995 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:904 +msgid "ldap_host_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:907 sssd-ldap-attributes.5.xml:933 +msgid "The LDAP attribute that corresponds to the host's name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:917 +msgid "ldap_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:920 +msgid "" +"The LDAP attribute that corresponds to the host's fully-qualified domain " +"name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:924 +msgid "Default: fqdn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:930 +msgid "ldap_host_serverhostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:937 +msgid "Default: serverHostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:943 +msgid "ldap_host_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:946 +msgid "The LDAP attribute that lists the host's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:956 +msgid "ldap_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:959 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "LDAP atribut, který obsahuje veřejné části SSH klíčů hostitele." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:969 +msgid "ldap_host_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:972 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:985 +msgid "SERVICE ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:989 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:992 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1001 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1004 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1014 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1017 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1021 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1027 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1030 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1034 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1043 +msgid "SUDO ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1047 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1050 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1053 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1059 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1062 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1072 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1075 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1079 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1085 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1088 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1093 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1099 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1102 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1106 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1112 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1115 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1119 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1125 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1128 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1132 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1138 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1141 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1145 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1151 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1154 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1158 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1164 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1167 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1172 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1178 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1181 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1185 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1194 +msgid "AUTOFS ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1201 +msgid "IP HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1205 +msgid "ldap_iphost_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1208 +msgid "The object class of an iphost entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1211 +msgid "Default: ipHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1217 +msgid "ldap_iphost_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1220 +msgid "" +"The LDAP attribute that contains the name of the IP host attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1230 +msgid "ldap_iphost_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1233 +msgid "The LDAP attribute that contains the IP host address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1237 +msgid "Default: ipHostNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1246 +msgid "IP NETWORK ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1250 +msgid "ldap_ipnetwork_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1253 +msgid "The object class of an ipnetwork entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1256 +msgid "Default: ipNetwork" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1262 +msgid "ldap_ipnetwork_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1265 +msgid "" +"The LDAP attribute that contains the name of the IP network attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1275 +msgid "ldap_ipnetwork_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1278 +msgid "The LDAP attribute that contains the IP network address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1282 +msgid "Default: ipNetworkNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_localauth_plugin.8.xml:10 sssd_krb5_localauth_plugin.8.xml:15 +msgid "sssd_krb5_localauth_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_localauth_plugin.8.xml:16 +msgid "Kerberos local authorization plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:22 +msgid "" +"The Kerberos local authorization plugin <command>sssd_krb5_localauth_plugin</" +"command> is used by libkrb5 to either find the local name for a given " +"Kerberos principal or to check if a given local name and a given Kerberos " +"principal relate to each other." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:29 +msgid "" +"SSSD handles the local names for users from a remote source and can read the " +"Kerberos user principal name from the remote source as well. With this " +"information SSSD can easily handle the mappings mentioned above even if the " +"local name and the Kerberos principal differ considerably." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:36 +msgid "" +"Additionally with the information read from the remote source SSSD can help " +"to prevent unexpected or unwanted mappings in case the user part of the " +"Kerberos principal accidentally corresponds to a local name of a different " +"user. By default libkrb5 might just strip the realm part of the Kerberos " +"principal to get the local name which would lead to wrong mappings in this " +"case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd_krb5_localauth_plugin.8.xml:46 +msgid "CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd_krb5_localauth_plugin.8.xml:56 +#, no-wrap +msgid "" +"[plugins]\n" +" localauth = {\n" +" module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so\n" +" }\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:48 +msgid "" +"The Kerberos local authorization plugin must be enabled explicitly in the " +"Kerberos configuration, see <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. SSSD will create a " +"config snippet with the content like e.g. <placeholder " +"type=\"programlisting\" id=\"0\"/> automatically in the SSSD's public " +"Kerberos configuration snippet directory. If this directory is included in " +"the local Kerberos configuration the plugin will be enabled automatically." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:3 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:6 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:9 +msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:16 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:19 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:22 +msgid "" +"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:29 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:32 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:37 +msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:44 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:47 include/autofs_attributes.xml:61 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:51 +msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:58 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:65 +msgid "" +"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise " +"automountInformation" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "OBJEVOVÁNÍ SLUŽBY" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "Nastavení" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "Název domény" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "Protokol" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "Viz také" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" + +#. type: Content of: <refentryinfo> +#: include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - https://github." +"com/SSSD/sssd/</orgname>" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:53 +msgid "Failover time outs and tuning" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:55 +msgid "" +"Resolving a server to connect to can be as simple as running a single DNS " +"query or can involve several steps, such as finding the correct site or " +"trying out multiple host names in case some of the configured servers are " +"not reachable. The more complex scenarios can take some time and SSSD needs " +"to balance between providing enough time to finish the resolution process " +"but on the other hand, not trying for too long before falling back to " +"offline mode. If the SSSD debug logs show that the server resolution is " +"timing out before a live server is contacted, you can consider changing the " +"time outs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:76 +msgid "dns_resolver_server_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:80 +msgid "" +"Time in milliseconds that sets how long would SSSD talk to a single DNS " +"server before trying next one." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:90 +msgid "dns_resolver_op_timeout" +msgstr "dns_resolver_op_timeout" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:94 +msgid "" +"Time in seconds to tell how long would SSSD try to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or discovery domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:106 +msgid "dns_resolver_timeout" +msgstr "dns_resolver_timeout" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:110 +msgid "" +"How long would SSSD try to resolve a failover service. This service " +"resolution internally might include several steps, such as resolving DNS SRV " +"queries or locating the site." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:67 +msgid "" +"This section lists the available tunables. Please refer to their description " +"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:123 +msgid "" +"For LDAP-based providers, the resolve operation is performed as part of an " +"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout</" +"quote> timeout should be set to a larger value than " +"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger " +"value than <quote>dns_resolver_op_timeout</quote> which should be larger " +"than <quote>dns_resolver_server_timeout</quote>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "MAPOVÁNÍ IDENTIFIKÁTORŮ" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "Zastavování služby SSSD" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "Odebrání databáze" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "Spuštění služby SSSD" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "Mapovací algoritmus" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 200,000 and going up to " +"2,000,200,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "Pokročilé nastavení" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "ldap_idmap_range_min (celé číslo)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower (inclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:129 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:139 include/ldap_id_mapping.xml:197 +msgid "Default: 200000" +msgstr "Výchozí: 200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:144 +msgid "ldap_idmap_range_max (integer)" +msgstr "ldap_idmap_range_max (celé číslo)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:147 +msgid "" +"Specifies the upper (exclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"cannot be used for the mapping anymore, i.e. one larger than the last one " +"which can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:155 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:165 +msgid "Default: 2000200000" +msgstr "Výchozí: 2000200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:170 +msgid "ldap_idmap_range_size (integer)" +msgstr "ldap_idmap_range_size (celé číslo)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:185 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:192 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:202 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "ldap_idmap_default_domain_sid (řetězec)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:205 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:216 +msgid "ldap_idmap_default_domain (string)" +msgstr "ldap_idmap_default_domain (řetězec)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:219 +msgid "Specify the name of the default domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:227 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:230 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:235 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monotonically with each additional domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:240 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:255 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "ldap_idmap_helper_table_size (celé číslo)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:258 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:262 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:279 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:287 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:290 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:291 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:292 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:293 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:294 +msgid "Mandatory Label Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:295 +msgid "Authentication Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:296 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:297 +msgid "Built-in" +msgstr "Vestavěné" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:299 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:303 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote>LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, " +"<quote>MANDATORY LABEL AUTHORITY</quote>, <quote>AUTHENTICATION AUTHORITY</" +"quote>, <quote>NT AUTHORITY</quote> and <quote>BUILTIN</quote> should not be " +"used as domain names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "<option>-?</option>,<option>--help</option>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "Zobraz nápovědu a ukonči program." + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "<option>-h</option>,<option>--help</option>" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10 +msgid "Currently supported debug levels:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill SSSD, but one that indicates that at least one major " +"feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x20000</emphasis>: Performance and " +"statistical data, please note that due to the way requests are processed " +"internally the logged execution time of a request might be longer than it " +"actually was." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:88 include/debug_levels_tools.xml:62 +msgid "" +"<emphasis>10</emphasis>, <emphasis>0x10000</emphasis>: Even more low-level " +"libldb tracing information. Almost never really required." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:93 include/debug_levels_tools.xml:67 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:97 include/debug_levels_tools.xml:71 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:101 include/debug_levels_tools.xml:75 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:106 include/debug_levels_tools.xml:80 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:110 include/debug_levels_tools.xml:84 +msgid "" +"<emphasis>Default</emphasis>: 0x0070 (i.e. fatal, critical and serious " +"failures; corresponds to setting 2 in decimal notation)" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ldap-attributes</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ad</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +"condition=\"with_files_provider\"> <citerefentry> <refentrytitle>sssd-files</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, </phrase> <phrase " +"condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +"<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> " +"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> </phrase>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "syntaxe: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "override_homedir (řetězec)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "%f" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:27 +msgid "%l" +msgstr "%l" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "The first letter of the login name." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:32 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:35 +msgid "%o" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:37 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:44 +msgid "" +"The original home directory retrieved from the identity provider, but in " +"lower case." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:49 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:51 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:63 +msgid "This option can also be set per-domain." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:68 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:72 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:76 +msgid "" +"Please note, the home directory from a specific override for the user, " +"either locally (see <citerefentry><refentrytitle>sss_override</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry>) or centrally managed " +"IPA id-overrides, has a higher precedence and will be used instead of the " +"value given by override_homedir." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2 +msgid "MODIFIED DEFAULT OPTIONS" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ad_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and AD provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9 +msgid "KRB5 Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13 +msgid "krb5_validate = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:18 +msgid "krb5_use_enterprise_principal = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:24 +msgid "LDAP Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:28 +msgid "ldap_schema = ad" +msgstr "ldap_schema = ad" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38 +msgid "ldap_force_upper_case_realm = true" +msgstr "ldap_force_upper_case_realm = true" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:38 +msgid "ldap_id_mapping = true" +msgstr "ldap_id_mapping = true" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSS-SPNEGO" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:48 +msgid "ldap_referrals = false" +msgstr "ldap_referrals = false" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ad" +msgstr "ldap_account_expire_policy = ad" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58 +msgid "ldap_use_tokengroups = true" +msgstr "ldap_use_tokengroups = true" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:63 +msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:66 +msgid "" +"The AD provider looks for a different principal than the LDAP provider by " +"default, because in an Active Directory environment the principals are " +"divided into two groups - User Principals and Service Principals. Only User " +"Principal can be used to obtain a TGT and by default, computer object's " +"principal is constructed from its sAMAccountName and the AD realm. The well-" +"known host/hostname@REALM principal is a Service Principal and thus cannot " +"be used to get a TGT with." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:80 +msgid "NSS configuration" +msgstr "Nastavení NSS" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:84 +msgid "fallback_homedir = /home/%d/%u" +msgstr "fallback_homedir = /home/%d/%u" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:87 +msgid "" +"The AD provider automatically sets \"fallback_homedir = /home/%d/%u\" to " +"provide personal home directories for users without the homeDirectory " +"attribute. If your AD Domain is properly populated with Posix attributes, " +"and you want to avoid this fallback behavior, you can explicitly set " +"\"fallback_homedir = %o\"." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:96 +msgid "" +"Note that the system typically expects a home directory in /home/%u folder. " +"If you decide to use a different directory structure, some other parts of " +"your system may need adjustments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:102 +msgid "" +"For example automated creation of home directories in combination with " +"selinux requires selinux adjustment, otherwise the home directory will be " +"created with wrong selinux context." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ipa_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and IPA provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:18 +msgid "krb5_use_fast = try" +msgstr "krb5_use_fast = try" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:23 +msgid "krb5_canonicalize = true" +msgstr "krb5_canonicalize = true" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:29 +msgid "LDAP Provider - General" +msgstr "LDAP poskytovatel – obecné" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:33 +msgid "ldap_schema = ipa_v1" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSSAPI" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:48 +msgid "ldap_sasl_minssf = 56" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ipa" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:64 +msgid "LDAP Provider - User options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:68 +msgid "ldap_user_member_of = memberOf" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:73 +msgid "ldap_user_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:78 +msgid "ldap_user_ssh_public_key = ipaSshPubKey" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:83 +msgid "ldap_user_auth_type = ipaUserAuthType" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:89 +msgid "LDAP Provider - Group options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:93 +msgid "ldap_group_object_class = ipaUserGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:98 +msgid "ldap_group_object_class_alt = posixGroup" +msgstr "ldap_group_object_class_alt = posixGroup" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:103 +msgid "ldap_group_member = member" +msgstr "ldap_group_member = member" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:108 +msgid "ldap_group_uuid = ipaUniqueID" +msgstr "ldap_group_uuid = ipaUniqueID" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:113 +msgid "ldap_group_objectsid = ipaNTSecurityIdentifier" +msgstr "ldap_group_objectsid = ipaNTSecurityIdentifier" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:118 +msgid "ldap_group_external_member = ipaExternalMember" +msgstr "ldap_group_external_member = ipaExternalMember" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:3 +msgid "krb5_auth_timeout (integer)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:6 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:17 +msgid "krb5_validate (boolean)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:20 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:29 +msgid "Default: false (IPA and AD provider: true)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:32 +msgid "" +"Please note that the ticket validation is the first step when checking the " +"PAC (see 'pac_check' in the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page for " +"details). If ticket validation is disabled the PAC checks will be skipped as " +"well." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:44 +msgid "krb5_renewable_lifetime (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:47 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:52 include/krb5_options.xml:86 +#: include/krb5_options.xml:123 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:55 include/krb5_options.xml:89 +#: include/krb5_options.xml:126 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:58 include/krb5_options.xml:92 +#: include/krb5_options.xml:129 +msgid "<emphasis>h</emphasis> for hours" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:61 include/krb5_options.xml:95 +#: include/krb5_options.xml:132 +msgid "<emphasis>d</emphasis> for days." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:64 include/krb5_options.xml:135 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:68 include/krb5_options.xml:139 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:73 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:79 +msgid "krb5_lifetime (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:82 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:98 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:102 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:107 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:114 +msgid "krb5_renew_interval (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:117 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:144 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:157 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" + +#~ msgid "sss_groupdel" +#~ msgstr "sss_groupdel" + +#~ msgid "delete a group" +#~ msgstr "vymazat skupinu" + +#~ msgid "" +#~ "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>volby</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>SKUPINA</" +#~ "replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_groupdel</command> deletes a group identified by its name " +#~ "<replaceable>GROUP</replaceable> from the system." +#~ msgstr "" +#~ "<command>sss_groupdel</command> odstraní ze systému skupinu určenou jejím " +#~ "jménem<replaceable>SKUPINA</replaceable>." diff --git a/src/man/po/de.po b/src/man/po/de.po new file mode 100644 index 0000000..81afc72 --- /dev/null +++ b/src/man/po/de.po @@ -0,0 +1,20981 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# Chris Leick <c.leick@vollbio.de>, 2013 +# Fabian Affolter <fab@fedoraproject.org>, 2011 +# Mario Blättermann <mario.blaettermann@gmail.com>, 2014 +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 2.3.0\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" +"PO-Revision-Date: 2021-02-02 14:40+0000\n" +"Last-Translator: Sumit Bose <sbose@redhat.com>\n" +"Language-Team: German <https://translate.fedoraproject.org/projects/sssd/" +"sssd-manpage-master/de/>\n" +"Language: de\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" +"X-Generator: Weblate 4.4.2\n" + +#. type: Content of: <reference><title> +#: sssd.conf.5.xml:8 sssd-ldap.5.xml:5 pam_sss.8.xml:5 pam_sss_gss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5 +#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 +#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sssd-krb5.5.xml:5 +#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5 +#: sssd-files.5.xml:5 sssd-session-recording.5.xml:5 sssd-kcm.8.xml:5 +#: sssd-systemtap.5.xml:5 sssd-ldap-attributes.5.xml:5 +#: sssd_krb5_localauth_plugin.8.xml:5 +msgid "SSSD Manual pages" +msgstr "SSSD-Handbuchseiten" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:13 sssd.conf.5.xml:19 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:14 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 +#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +#: sssd-files.5.xml:11 sssd-session-recording.5.xml:11 sssd-systemtap.5.xml:11 +#: sssd-ldap-attributes.5.xml:11 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:15 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 +#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +#: sssd-files.5.xml:12 sssd-session-recording.5.xml:12 sssd-kcm.8.xml:12 +#: sssd-systemtap.5.xml:12 sssd-ldap-attributes.5.xml:12 +msgid "File Formats and Conventions" +msgstr "Dateiformate und Konventionen" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:20 +msgid "the configuration file for SSSD" +msgstr "die Konfigurationsdatei für SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:24 +msgid "FILE FORMAT" +msgstr "DATEIFORMAT" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:32 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:27 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Die Datei hat eine Syntax im Ini-Stil. Sie besteht aus Abschnitten und " +"Parametern. Ein Abschnitt beginnt mit dem Namen des Abschnitts in eckigen " +"Klammern und dauert bis zum Anfang des nächsten Abschnitts. Ein Beispiel " +"eines Abschnitts mit Parametern, die einzelne und mehrere Werte haben: " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:39 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" +"Die benutzten Datentypen sind Zeichenkette (keine Anführungszeichen nötig), " +"Ganzzahl und Boolesch (mit den Werten »TRUE« und »FALSE«)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:44 +msgid "" +"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:50 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" +"Alle Abschnitte können einen optionalen Parameter <replaceable>Beschreibung</" +"replaceable> haben. Er dient nur als Beschriftung eines Abschnitts." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:56 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" +"<filename>sssd.conf</filename> muss eine normale Datei sein, die Root gehört " +"und die nur von Root gelesen oder geschrieben werden darf." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:62 +msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:65 +msgid "" +"The configuration file <filename>sssd.conf</filename> will include " +"configuration snippets using the include directory <filename>conf.d</" +"filename>. This feature is available if SSSD was compiled with libini " +"version 1.3.0 or later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:72 +msgid "" +"Any file placed in <filename>conf.d</filename> that ends in " +"<quote><filename>.conf</filename></quote> and does not begin with a dot " +"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> " +"to configure SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:80 +msgid "" +"The configuration snippets from <filename>conf.d</filename> have higher " +"priority than <filename>sssd.conf</filename> and will override " +"<filename>sssd.conf</filename> when conflicts occur. If several snippets are " +"present in <filename>conf.d</filename>, then they are included in " +"alphabetical order (based on locale). Files included later have higher " +"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, " +"<filename>02_snippet.conf</filename> etc.) can help visualize the priority " +"(higher number means higher priority)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:94 +msgid "" +"The snippet files require the same owner and permissions as <filename>sssd." +"conf</filename>. Which are by default root:root and 0600." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:101 +msgid "GENERAL OPTIONS" +msgstr "ALLGEMEINE OPTIONEN" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:103 +msgid "Following options are usable in more than one configuration sections." +msgstr "" +"Die folgenden Optionen sind in mehreren Konfigurationsabschnitten verfügbar." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:107 +msgid "Options usable in all sections" +msgstr "In allen Abschnitten verfügbare Optionen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:111 +msgid "debug_level (integer)" +msgstr "debug_level (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:115 +msgid "debug (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:118 +msgid "" +"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias " +"for <replaceable>debug_level</replaceable> as a convenience feature. If both " +"are specified, the value of <replaceable>debug_level</replaceable> will be " +"used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:128 +msgid "debug_timestamps (bool)" +msgstr "debug_timestamps (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:131 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 +msgid "Default: true" +msgstr "Voreinstellung: »true«" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:141 +msgid "debug_microseconds (bool)" +msgstr "debug_microseconds (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:144 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 +#: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 +#: include/krb5_options.xml:163 +msgid "Default: false" +msgstr "Voreinstellung: »false«" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:154 +#, fuzzy +#| msgid "debug_microseconds (bool)" +msgid "debug_backtrace_enabled (bool)" +msgstr "debug_microseconds (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:157 +msgid "Enable debug backtrace." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:160 +msgid "" +"In case SSSD is run with debug_level less than 9, everything is logged to a " +"ring buffer in memory and flushed to a log file on any error up to and " +"including `min(0x0040, debug_level)` (i.e. if debug_level is explicitly set " +"to 0 or 1 then only those error levels will trigger backtrace, otherwise up " +"to 2)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:169 +msgid "" +"Feature is only supported for `logger == files` (i.e. setting doesn't have " +"effect for other logger types)." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 +#: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 +#: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 +#: sssd-ldap-attributes.5.xml:890 sssd-ldap-attributes.5.xml:987 +#: sssd-ldap-attributes.5.xml:1045 sssd-ldap-attributes.5.xml:1203 +#: sssd-ldap-attributes.5.xml:1248 include/autofs_attributes.xml:1 +#: include/krb5_options.xml:1 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:182 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "In den Abschnitten SERVICE und DOMAIN verwendbare Optionen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:186 +msgid "timeout (integer)" +msgstr "timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:189 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests. Note " +"that after three missed heartbeats the process will terminate itself." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +msgid "Default: 10" +msgstr "Voreinstellung: 10" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:206 +msgid "SPECIAL SECTIONS" +msgstr "BESONDERE ABSCHNITTE" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:209 +msgid "The [sssd] section" +msgstr "Der Abschnitt [sssd]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><title> +#: sssd.conf.5.xml:218 +msgid "Section parameters" +msgstr "Abschnittsparameter" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:220 +msgid "config_file_version (integer)" +msgstr "config_file_version (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:223 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" +"gibt die Syntax der Konfigurationsdatei an. SSSD 0.6.0 und neuer benutzen " +"Version 2." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:229 +msgid "services" +msgstr "Dienste" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:232 +msgid "" +"Comma separated list of services that are started when sssd itself starts. " +"<phrase condition=\"have_systemd\"> The services' list is optional on " +"platforms where systemd is supported, as they will either be socket or D-Bus " +"activated when needed. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:241 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" +msgstr "" +"Unterstützte Dienste sind: nss, pam <phrase condition=\"with_sudo\">, sudo</" +"phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:249 +msgid "" +"<phrase condition=\"have_systemd\"> By default, all services are disabled " +"and the administrator must enable the ones allowed to be used by executing: " +"\"systemctl enable sssd-@service@.socket\". </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 +msgid "reconnection_retries (integer)" +msgstr "reconnection_retries (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" +"Anzahl der Versuche, die ein Dienst unternehmen sollte, um sich erneut zu " +"verbinden, bevor er aufgibt, falls ein Datenanbieter abgestürzt ist oder neu " +"startet." + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 +#: include/failover.xml:100 +msgid "Default: 3" +msgstr "Voreinstellung: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:271 +msgid "domains" +msgstr "Domains" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:274 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter describes the list of domains in the order you want " +"them to be queried. A domain name is recommended to contain only " +"alphanumeric ASCII characters, dashes, dots and underscores. '/' character " +"is forbidden." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 +msgid "re_expression (string)" +msgstr "re_expression (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:290 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" +"voreingestellter regulärer Ausdruck, der beschreibt, in welche Bestandteile " +"die Zeichenkette mit Benutzernamen und Domain bei der Auswertung zerlegt " +"werden sollen." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:295 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN SECTIONS " +"for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 +msgid "full_name_format (string)" +msgstr "full_name_format (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" +"ein mit <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> kompatibles Format, das beschreibt, wie ein voll " +"qualifizierter Name aus den Bestandteilen Benutzername und Domain-Name " +"zusammengestellt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 +msgid "%1$s" +msgstr "%1$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 +msgid "user name" +msgstr "Benutzername" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 +msgid "%2$s" +msgstr "%2$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 +msgid "domain name as specified in the SSSD config file." +msgstr "Domain-Name, wie er durch die SSSD-Konfigurationsdatei angegeben wird" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 +msgid "%3$s" +msgstr "%3$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" +"flacher Name der Domain; meist für Active-Directory-Domains nützlich, sowohl " +"direkt konfiguriert als auch über IPA-Trust" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"Die folgenden Erweiterungen werden unterstützt: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:344 +msgid "" +"Each domain can have an individual format string configured. See DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:350 +msgid "monitor_resolv_conf (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:353 +msgid "" +"Controls if SSSD should monitor the state of resolv.conf to identify when it " +"needs to update its internal DNS resolver." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:363 +msgid "try_inotify (boolean)" +msgstr "try_inotify (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:366 +msgid "" +"By default, SSSD will attempt to use inotify to monitor configuration files " +"changes and will fall back to polling every five seconds if inotify cannot " +"be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" +"Es gibt ein paar begrenzte Situationen, in denen wir den Versuch, Inotify zu " +"benutzen, vorzugsweise überspringen sollten. In diesen seltenen Fällen " +"sollte diese Option auf »false« gesetzt werden." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:378 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" +"Voreinstellung: »true« auf Plattformen, auf denen Inotify unterstützt wird, " +"»false« auf anderen Plattformen." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:382 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" +"Hinweis: Diese Option wird auf Plattformen, auf denen Inotify nicht " +"verfügbar ist, keine Auswirkungen haben." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:389 +msgid "krb5_rcache_dir (string)" +msgstr "krb5_rcache_dir (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" +"Verzeichnis im Dateisystem, in welchem SSSD den Kerberos Replay-Cache ablegt." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:396 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" +"Diese Option akzeptiert einen besonderen Wert, __LIBKRB5_DEFAULTS__, der " +"SSSD anweisen wird, Libkrb5 die Entscheidung zu überlassen, wo der geeignete " +"Ort für den Replay-Zwischenspeicher ist." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:402 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" +"Voreinstellung: ahängig von der Distribution und zur Bauzeit angegeben " +"(__LIBKRB5_DEFAULTS__, falls nicht konfiguriert)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:409 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:412 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user. Currently the only supported value is '&sssd_user_name;'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:419 +msgid "" +"This option does not work when running socket-activated services, as the " +"user set up to run the processes is set up during compilation time. The way " +"to override the systemd unit files is by creating the appropriate files in /" +"etc/systemd/system/. Keep in mind that any change in the socket user, group " +"or permissions may result in a non-usable SSSD. The same may occur in case " +"of changes of the user running the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:433 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:438 +msgid "default_domain_suffix (string)" +msgstr "default_domain_suffix (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:441 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" +"Diese Zeichenkette wird als Standard-Domain-Name für alle Namen ohne einen " +"Domain-Namensbestandteil benutzt. Hauptsächlich wird dies in Umgebungen " +"benutzt, in denen die primäre Domain zur Verwaltung von Rechnerrichtlinien " +"gedacht ist und sich alle Anwender in einer vertrauenswürdigen Domain " +"befinden. Die Option ermöglicht diesen Anwendern die Anmeldung allein mit " +"ihrem Benutzernamen ohne auch eine Domain anzugeben." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:451 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False. <phrase condition=\"with_files_provider\"> One exception from " +"this rule are domains with <quote>id_provider=files</quote> that always try " +"to match the behaviour of nss_files and therefore their output is not " +"qualified even when the default_domain_suffix option is used. </phrase>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 +#: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 +#: include/krb5_options.xml:148 +msgid "Default: not set" +msgstr "Voreinstellung: nicht gesetzt" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:473 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:476 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:485 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:498 +msgid "certificate_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:506 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:508 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:516 +msgid "soft_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:518 +msgid "" +"If a connection cannot be established to an OCSP responder the OCSP check is " +"skipped. This option should be used to allow authentication when the system " +"is offline and the OCSP responder cannot be reached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:528 +msgid "ocsp_dgst" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "" +"Digest (hash) function used to create the certificate ID for the OCSP " +"request. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:534 +msgid "sha1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:535 +msgid "sha256" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:536 +msgid "sha384" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:537 +msgid "sha512" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:540 +msgid "Default: sha1 (to allow compatibility with RFC5019-compliant responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:546 +msgid "no_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:548 +msgid "" +"Disables verification completely. This option should only be used for " +"testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "partial_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:556 +msgid "" +"Allow verification to succeed even if a <replaceable>complete</replaceable> " +"chain cannot be built to a self-signed trust-anchor, provided it is possible " +"to construct a chain to a trusted certificate that might not be self-signed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:565 +msgid "ocsp_default_responder=URL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:567 +msgid "" +"Sets the OCSP default responder which should be used instead of the one " +"mentioned in the certificate. URL must be replaced with the URL of the OCSP " +"default responder e.g. http://example.com:80/ocsp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:577 +msgid "ocsp_default_responder_signing_cert=NAME" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:579 +msgid "" +"This option is currently ignored. All needed certificates must be available " +"in the PEM file given by pam_cert_db_path." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:587 +msgid "crl_file=/PATH/TO/CRL/FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:589 +#, fuzzy +#| msgid "" +#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> manual page for more details." +msgid "" +"Use the Certificate Revocation List (CRL) from the given file during the " +"verification of the certificate. The CRL must be given in PEM format, see " +"<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</" +"manvolnum> </citerefentry> for details." +msgstr "" +"Weitere Einzelheiten finden Sie in der Handbuchseite <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> beim Parameter »dns_discovery_domain«." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:602 +msgid "soft_crl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:605 +msgid "" +"If a Certificate Revocation List (CRL) is expired ignore the CRL checks for " +"the related certificates. This option should be used to allow authentication " +"when the system is offline and the CRL cannot be renewed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:616 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:619 +msgid "Default: not set, i.e. do not restrict certificate verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:625 +msgid "disable_netlink (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "" +"SSSD hooks into the netlink interface to monitor changes to routes, " +"addresses, links and trigger certain actions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:633 +msgid "" +"The SSSD state changes caused by netlink events may be undesirable and can " +"be disabled by setting this option to 'true'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:638 +msgid "Default: false (netlink changes are detected)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:643 +msgid "enable_files_domain (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:646 +msgid "" +"When this option is enabled, SSSD prepends an implicit domain with " +"<quote>id_provider=files</quote> before any explicitly configured domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:657 +msgid "domain_resolution_order" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:660 +msgid "" +"Comma separated list of domains and subdomains representing the lookup order " +"that will be followed. The list doesn't have to include all possible " +"domains as the missing domains will be looked up based on the order they're " +"presented in the <quote>domains</quote> configuration option. The " +"subdomains which are not listed as part of <quote>lookup_order</quote> will " +"be looked up in a random order for each parent domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:672 +msgid "" +"Please, note that when this option is set the output format of all commands " +"is always fully-qualified even when using short names for input <phrase " +"condition=\"with_files_provider\"> , for all users but the ones managed by " +"the files provider </phrase>. In case the administrator wants the output " +"not fully-qualified, the full_name_format option can be used as shown below: " +"<quote>full_name_format=%1$s</quote> However, keep in mind that during " +"login, login applications often canonicalize the username by calling " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> which, if a shortname is returned for a qualified " +"input (while trying to reach a user which exists in multiple domains) might " +"re-route the login attempt into the domain which uses shortnames, making " +"this workaround totally not recommended in cases where usernames may overlap " +"between domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 +#: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 +msgid "Default: Not set" +msgstr "Voreinstellung: Nicht gesetzt" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:705 +#, fuzzy +#| msgid "ipa_server_mode (boolean)" +msgid "implicit_pac_responder (boolean)" +msgstr "ipa_server_mode (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:708 +msgid "" +"The PAC responder is enabled automatically for the IPA and AD provider to " +"evaluate and check the PAC. If it has to be disabled set this option to " +"'false'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:719 +#, fuzzy +#| msgid "ad_enable_gc (boolean)" +msgid "core_dumpable (boolean)" +msgstr "ad_enable_gc (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:722 +msgid "" +"This option can be used for general system hardening: setting it to 'false' " +"forbids core dumps for all SSSD processes to avoid leaking plain text " +"passwords. See man page prctl:PR_SET_DUMPABLE for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:734 +#, fuzzy +#| msgid "ipa_automount_location (string)" +msgid "passkey_verification (string)" +msgstr "ipa_automount_location (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +#, fuzzy +#| msgid "ipa_automount_location (string)" +msgid "user_verification (boolean)" +msgstr "ipa_automount_location (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:744 +msgid "" +"Enable or disable the user verification (i.e. PIN, fingerprint) during " +"authentication. If enabled, the PIN will always be requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:750 +msgid "" +"The default is that the key settings decide what to do. In the IPA or " +"kerberos pre-authentication case, this value will be overwritten by the " +"server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +#, fuzzy +#| msgid "" +#| "The following expansions are supported: <placeholder " +#| "type=\"variablelist\" id=\"0\"/>" +msgid "" +"With this parameter the passkey verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Die folgenden Erweiterungen werden unterstützt: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:211 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Individuelle Teile der SSSD-Funktionalität werden durch spezielle SSSD-" +"Dienste bereitgestellt, die zusammen mit SSSD gestartet und gestoppt werden. " +"Die Dienste werden durch einen speziellen Dienst, oft »Monitor« genannt, " +"verwaltet. Der Abschnitt »[sssd]« wird sowohl zum Konfigurieren des Monitors " +"als auch einiger anderer wichtiger Optionen wie den »Identity Domains« " +"verwendet. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:769 +msgid "SERVICES SECTIONS" +msgstr "DIENSTABSCHNITTE" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:771 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" +"Dieser Abschnitt beschreibt Einstellungen, die zum Konfigurieren mehrerer " +"unterschiedlicher Dienste benutzt werden. Sie sollten im Abschnitt " +"[<replaceable>$NAME</replaceable>] liegen, für den Dienst NSS wäre der " +"Abschnitt zum Beispiel <quote>[nss]</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:778 +msgid "General service configuration options" +msgstr "Allgemeine Optionen zum Konfigurieren von Diensten" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:780 +msgid "These options can be used to configure any service." +msgstr "Diese Optionen können zur Konfiguration jedes Dienstes benutzt werden." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:797 +msgid "fd_limit" +msgstr "fd_limit" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:800 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" +"Diese Option gibt die maximale Anzahl von Dateideskriptoren an, die " +"gleichzeitig durch diesen SSSD-Prozess geöffnet sein können. Auf Systemen, " +"auf denen SSSD die Fähigkeit CAP_SYS_RESOURCE gewährt wird, wird dies eine " +"absolute Einstellung sein. Auf Systemen ohne diese Fähigkeit wird der " +"resultierende Wert der niedrigere Wert hiervon oder der der »harten« " +"Begrenzung in der »limit.conf« sein." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "Voreinstellung: 8192 (oder die »harte« Begrenzung der »limit.conf«)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:814 +msgid "client_idle_timeout" +msgstr "client_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:817 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system. The timeout " +"can't be shorter than 10 seconds. If a lower value is configured, it will be " +"adjusted to 10 seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 60, KCM: 300" +msgstr "Voreinstellung: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:831 +msgid "offline_timeout (integer)" +msgstr "offline_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:834 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. By " +"default SSSD uses incremental behaviour to calculate delay in between " +"retries. So, the wait time for a given retry will be longer than the wait " +"time for the previous ones. After each unsuccessful attempt to go online, " +"the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 +msgid "" +"new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." +"offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:848 +msgid "" +"The offline_timeout default value is 60. The offline_timeout_max default " +"value is 3600. The offline_timeout_random_offset default value is 30. The " +"end result is amount of seconds before next retry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:854 +msgid "" +"Note that the maximum length of each interval is defined by " +"offline_timeout_max (apart of random part)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 +msgid "Default: 60" +msgstr "Voreinstellung: 60" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:863 +#, fuzzy +#| msgid "offline_timeout (integer)" +msgid "offline_timeout_max (integer)" +msgstr "offline_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:866 +msgid "" +"Controls by how much the time between attempts to go online can be " +"incremented following unsuccessful attempts to go online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:871 +msgid "A value of 0 disables the incrementing behaviour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:874 +msgid "" +"The value of this parameter should be set in correlation to offline_timeout " +"parameter value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "" +"With offline_timeout set to 60 (default value) there is no point in setting " +"offlinet_timeout_max to less than 120 as it will saturate instantly. General " +"rule here should be to set offline_timeout_max to at least 4 times " +"offline_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "" +"Although a value between 0 and offline_timeout may be specified, it has the " +"effect of overriding the offline_timeout value so is of little use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:889 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 3600" +msgstr "Voreinstellung: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:894 +#, fuzzy +#| msgid "offline_timeout (integer)" +msgid "offline_timeout_random_offset (integer)" +msgstr "offline_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:897 +msgid "" +"When SSSD is in offline mode it keeps probing backend servers in specified " +"time intervals:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:904 +msgid "" +"This parameter controls the value of the random offset used for the above " +"equation. Final random_offset value will be random number in range:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "[0 - offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:912 +msgid "A value of 0 disables the random offset addition." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:915 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 30" +msgstr "Voreinstellung: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:920 +msgid "responder_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:923 +msgid "" +"This option specifies the number of seconds that an SSSD responder process " +"can be up without being used. This value is limited in order to avoid " +"resource exhaustion on the system. The minimum acceptable value for this " +"option is 60 seconds. Setting this option to 0 (zero) means that no timeout " +"will be set up to the responder. This option only has effect when SSSD is " +"built with systemd support and when services are either socket or D-Bus " +"activated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 +msgid "Default: 300" +msgstr "Voreinstellung: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:942 +msgid "cache_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 +msgid "" +"This option specifies whether the responder should query all caches before " +"querying the Data Providers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:960 +msgid "NSS configuration options" +msgstr "NSS-Konfigurationsoptionen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:962 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" +"Diese Optionen können zum Konfigurieren des »Name Service Switch« (NSS) " +"benutzt werden" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:967 +msgid "enum_cache_timeout (integer)" +msgstr "enum_cache_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:970 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" +"Wieviele Sekunden soll »nss_sss« Aufzählungen (Abfragen von Informationen " +"über alle Nutzer) zwischenspeichern?" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:974 +msgid "Default: 120" +msgstr "Voreinstellung: 120" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:979 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "entry_cache_nowait_percentage (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:982 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" +"Der Eintragszwischenspeicher kann auf automatisch im Hintergrund " +"aktualisierte Einträge gestellt werden, falls sie jenseits eines " +"Prozentsatzes des Wertes »entry_cache_timeout« für die Domain abgefragt " +"werden." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:988 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" +"Falls zum Beispiel die Zeitüberschreitung für den Eintragszwischenspeicher " +"der Domain auf 30s und »entry_cache_nowait_percentage« auf 50 Prozent " +"gesetzt wurde, werden Einträge, die in den letzten 15 Sekunden nach der " +"letzen Zwischenspeicheraktualisierung hereinkamen, sofort zurückgegeben, " +"SSSD wird aber den Zwischenspeicher selbst aktualisieren, so dass zukünftige " +"Abfragen nicht blockiert werden müssen, um auf eine " +"Zwischenspeicheraktualisierung zu warten." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:998 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" +"Gültige Werte für diese Option sind 0-99. Sie geben die Prozentzahl des " +"»entry_cache_timeout« für jede Domain an. Aus Leistungsgründen wird diese " +"Prozentzahl die »nowait«-Zeitüberschreitung nie auf weniger als zehn " +"Sekunden senken. (0 schaltet diese Funktionalität aus.)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 +msgid "Default: 50" +msgstr "Voreinstellung: 50" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1011 +msgid "entry_negative_timeout (integer)" +msgstr "entry_negative_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"gibt an, für wie viele Sekunden lang »nss_sss« negative " +"Zwischenspeichertreffer zwischenspeichern soll (das heißt, Abfragen " +"ungültiger Datenbankeinträge, wie solche, die nicht existieren), bevor das " +"Backend erneut gefragt wird)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 +msgid "Default: 15" +msgstr "Voreinstellung: 15" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1025 +msgid "local_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1028 +msgid "" +"Specifies for how many seconds nss_sss should keep local users and groups in " +"negative cache before trying to look it up in the back end again. Setting " +"the option to 0 disables this feature." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "Default: 14400 (4 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1039 +msgid "filter_users, filter_groups (string)" +msgstr "filter_users, filter_groups (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1042 +msgid "" +"Exclude certain users or groups from being fetched from the sss NSS " +"database. This is particularly useful for system accounts. This option can " +"also be set per-domain or include fully-qualified names to filter only users " +"from the particular domain or by a user principal name (UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1050 +msgid "" +"NOTE: The filter_groups option doesn't affect inheritance of nested group " +"members, since filtering happens after they are propagated for returning via " +"NSS. E.g. a group having a member group filtered out will still have the " +"member users of the latter listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1058 +msgid "Default: root" +msgstr "Voreinstellung: root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1063 +msgid "filter_users_in_groups (bool)" +msgstr "filter_users_in_groups (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1066 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" +"Falls Sie möchten, dass gefilterte Nutzer weiterhin Gruppenmitglieder sind, " +"setzen Sie diese Option auf »false«." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1077 +msgid "fallback_homedir (string)" +msgstr "fallback_homedir (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1080 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" +"setzt eine Standardschablone für das Home-Verzeichnis eines Nutzers, falls " +"es nicht explizit durch den Datenanbieter der Domain angegeben wurde." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1085 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" +"Die für diese Option verfügbaren Werte sind dieselben wie für " +"»override_homedir«." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1091 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" +"fallback_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "Beispiel: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1095 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" +"Voreinstellung: nicht gesetzt (kein Ersetzen nicht gesetzter Home-" +"Verzeichnisse)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1101 +msgid "override_shell (string)" +msgstr "override_shell (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1104 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" +"Setzt die Anmeldeshell für alle Benutzer außer Kraft. Diese Option genießt " +"Vorrecht vor allen anderen Shell-Optionen, falls sie Wirkung zeigt und kann " +"entweder im Abschnitt [nss] oder für jede Domain gesetzt werden." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" +"Voreinstellung: nicht gesetzt (SSSD wird den von LDAP erhaltenen Wert " +"benutzen)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1116 +msgid "allowed_shells (string)" +msgstr "allowed_shells (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1119 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" +"beschränkt die Shell des Nutzers auf eine der aufgeführten Werte. Die " +"Reihenfolge der Auswertung ist:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1122 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "1. Falls die Shell in »/etc/shells« vorhanden ist, wird sie benutzt." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1126 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" +"2. Falls die Shell in der Liste »allowed_shells«, aber nicht in »/etc/" +"shells« steht, wird der Wert des Parameters »shell_fallback« verwendet." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1131 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" +"3. Falls die Shell weder in der Liste »allowed_shells« noch in »/etc/shells« " +"steht, wird eine Nicht-Login-Shell benutzt." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1136 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1139 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1146 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" +"Eine leere Zeichenkette als Shell wird, so wie sie ist, an Libc übergeben." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1149 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" +"»/etc/shells« wird nur beim Start von SSSD gelesen. Das bedeutet, dass im " +"Fall einer neu installierten Shell ein Neustart von SSSD nötig ist." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1153 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" +"Voreinstellung: nicht gesetzt. Die Benutzer-Shell wird automatisch verwendet." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1158 +msgid "vetoed_shells (string)" +msgstr "vetoed_shells (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1161 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "ersetzt jedwede Instanz dieser Shells durch die aus »shell_fallback«." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1166 +msgid "shell_fallback (string)" +msgstr "shell_fallback (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1169 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" +"Die Standard-Shell, die benutzt werden soll, falls eine erlaubte Shell nicht " +"auf dem Rechner installiert ist." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1173 +msgid "Default: /bin/sh" +msgstr "Voreinstellung: /bin/sh" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1178 +msgid "default_shell" +msgstr "default_shell" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1181 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" +"Die zu verwendende Vorgabeshell, falls der Anbieter während des Suchvorgangs " +"nichts zurückgibt. Diese Option kann entweder im Abschnitt [nss] oder für " +"jede Domain gesetzt werden." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1187 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" +"Voreinstellung: nicht gesetzt (Falls keine Shell angegeben wurde, wird NULL " +"zurückgegeben und darauf vertraut, dass Libc es, wenn nötig, durch etwas " +"Vernünftiges, üblicherweise /bin/sh, ersetzt.)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 +msgid "get_domains_timeout (int)" +msgstr "get_domains_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" +"gibt die Zeit in Sekunden an, während der die Liste der Subdomains als " +"gültig erachtet wird." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1206 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_timeout (integer)" +msgstr "enum_cache_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1209 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid. Setting this option to zero will disable the in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1217 +msgid "" +"WARNING: Disabling the in-memory cache will have significant negative impact " +"on SSSD's performance and should only be used for testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1231 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_passwd (integer)" +msgstr "enum_cache_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1234 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for passwd requests. Setting the size to 0 will disable the passwd in-" +"memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 +msgid "" +"WARNING: Disabled or too small in-memory cache can have significant negative " +"impact on SSSD's performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1256 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_group (integer)" +msgstr "enum_cache_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1259 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for group requests. Setting the size to 0 will disable the group in-memory " +"cache." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 +#: include/krb5_options.xml:11 +msgid "Default: 6" +msgstr "Voreinstellung: 6" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1281 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_initgroups (integer)" +msgstr "enum_cache_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1284 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for initgroups requests. Setting the size to 0 will disable the initgroups " +"in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1306 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_sid (integer)" +msgstr "enum_cache_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1309 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for SID related requests. Only SID-by-ID and ID-by-SID requests are " +"currently cached in fast in-memory cache. Setting the size to 0 will " +"disable the SID in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 +msgid "user_attributes (string)" +msgstr "user_attributes (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1336 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1349 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1354 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1359 +msgid "pwfield (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1362 +msgid "" +"The value that NSS operations that return users or groups will return for " +"the <quote>password</quote> field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1367 +#, fuzzy +#| msgid "Default: <quote>permit</quote>" +msgid "Default: <quote>*</quote>" +msgstr "Voreinstellung: »permit«" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1370 +#, fuzzy +#| msgid "This option can also be set per-domain." +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[nss] section." +msgstr "Diese Option kann auch pro Domain gesetzt werden." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1374 +msgid "" +"Default: <quote>not set</quote> (remote domains), <phrase " +"condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" +"phrase> <quote>x</quote> (proxy domain with nss_files and sssd-shadowutils " +"target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1386 +msgid "PAM configuration options" +msgstr "PAM-Konfigurationsoptionen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1388 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" +"Diese Optionen können benutzt werden, um den Dienst »Pluggable " +"Authentication Module« (PAM) einzurichten." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1393 +msgid "offline_credentials_expiration (integer)" +msgstr "offline_credentials_expiration (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1396 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" +"Wie lange sollen zwischengespeicherte Anmeldungen erlaubt werden, falls der " +"Authentifizierungsanbieter offline ist (in Tagen seit der letzten " +"erfolgreichen Anmeldung)?" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 +msgid "Default: 0 (No limit)" +msgstr "Voreinstellung: 0 (unbegrenzt)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1407 +msgid "offline_failed_login_attempts (integer)" +msgstr "offline_failed_login_attempts (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1410 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" +"Wieviele fehlgeschlagene Anmeldeversuche sind erlaubt, falls der " +"Authentifizierungsanbieter offline ist?" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1420 +msgid "offline_failed_login_delay (integer)" +msgstr "offline_failed_login_delay (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1423 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" +"die Zeit in Minuten, die nach dem Erreichen von " +"»offline_failed_login_attempts« vergehen muss, bevor ein neuer " +"Anmeldeversuch möglich ist." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1428 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" +"Falls dies auf 0 gesetzt ist, kann der Benutzer sich nicht offline " +"authentifizieren, wenn »offline_failed_login_attempts« erreicht wurde. Nur " +"eine erfolgreiche Online-Authentifizierung kann die Offline-" +"Authentifizierung reaktivieren." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 +msgid "Default: 5" +msgstr "Voreinstellung: 5" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1440 +msgid "pam_verbosity (integer)" +msgstr "pam_verbosity (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1443 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" +"steuert, welche Arten von Nachrichten während der Benutzerauthentifizierung " +"angezeigt werden. Je höher die Zahl, desto mehr Nachrichten werden angezeigt." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1448 +msgid "Currently sssd supports the following values:" +msgstr "Derzeit unterstützt SSSD folgende Werte:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1451 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "<emphasis>0</emphasis>: keine Nachricht anzeigen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1454 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "<emphasis>1</emphasis>: nur wichtige Nachrichten anzeigen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1458 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "<emphasis>2</emphasis>: nur informative Nachrichten anzeigen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" +"<emphasis>3</emphasis>: alle Nachrichten und Debug-Informationen anzeigen" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1465 sssd.8.xml:63 +msgid "Default: 1" +msgstr "Voreinstellung: 1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1471 +#, fuzzy +#| msgid "ad_access_filter (string)" +msgid "pam_response_filter (string)" +msgstr "ad_access_filter (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1474 +msgid "" +"A comma separated list of strings which allows to remove (filter) data sent " +"by the PAM responder to pam_sss PAM module. There are different kind of " +"responses sent to pam_sss e.g. messages displayed to the user or environment " +"variables which should be set by pam_sss." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1482 +msgid "" +"While messages already can be controlled with the help of the pam_verbosity " +"option this option allows to filter out other kind of responses as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1489 +msgid "ENV" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1490 +msgid "Do not send any environment variables to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1493 +msgid "ENV:var_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1494 +msgid "Do not send environment variable var_name to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1498 +msgid "ENV:var_name:service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1499 +msgid "Do not send environment variable var_name to service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1487 +msgid "" +"Currently the following filters are supported: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1506 +msgid "" +"The list of strings can either be the list of filters which would set this " +"list of filters and overwrite the defaults. Or each element of the list can " +"be prefixed by a '+' or '-' character which would add the filter to the " +"existing default or remove it from the defaults, respectively. Please note " +"that either all list elements must have a '+' or '-' prefix or none. It is " +"considered as an error to mix both styles." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1517 +msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1520 +msgid "" +"Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1527 +msgid "pam_id_timeout (integer)" +msgstr "pam_id_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1530 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" +"Für alle PAM-Anfragen, während SSSD online ist, wird SSSD versuchen, sofort " +"die zwischengespeicherten Identitätsinformationen für den Benutzer zu " +"aktualisieren. Dadurch wird sichergestellt, dass die Authentifizierung mit " +"den neusten Informationen erfolgt." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1536 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" +"Eine vollständige PAM-Konversation kann mehrere PAM-Abfragen durchführen, " +"wie die Kontenverwaltung und das Öffnen von Sitzungen. Diese Option steuert " +"(auf Basis von Client-Anwendungen) wie lange (in Sekunden) die " +"Identitätsinformationen zwischengespeichert werden können, um übermäßig " +"viele Abfragen der Identitätsanbieter zu vermeiden." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1550 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "pam_pwd_expiration_warning (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 +msgid "Display a warning N days before the password expires." +msgstr "zeigt N Tage vor Ablauf des Passworts eine Warnung an." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1556 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" +"Bitte beachten Sie, dass der Backend-Server Informationen über die " +"Ablaufzeit des Passworts bereitstellen muss. Fehlt diese Information, kann " +"SSSD keine Warnung anzeigen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" +"Falls dies auf Null gesetzt ist, wird dieser Filter nicht angewendet, d.h., " +"falls die Ablaufwarnung vom Backend-Server empfangen wurde, wird sie " +"automatisch angezeigt." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1567 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" +"Diese Einstellung kann durch Setzen von <emphasis>pwd_expiration_warning</" +"emphasis> für eine bestimmte Domain außer Kraft gesetzt werden." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 +msgid "Default: 0" +msgstr "Voreinstellung: 0" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1589 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1592 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to run PAM conversations against trusted domains. Users not " +"included in this list can only access domains marked as public with " +"<quote>pam_public_domains</quote>. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 +msgid "Default: All users are considered trusted by default" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1606 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1620 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1624 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1628 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 +msgid "Default: none" +msgstr "Voreinstellung: none" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1637 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1640 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbosity is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1653 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1662 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1665 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1672 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1681 +#, fuzzy +#| msgid "ldap_chpass_update_last_change (bool)" +msgid "pam_passkey_auth (bool)" +msgstr "ldap_chpass_update_last_change (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 +msgid "Enable passkey device based authentication." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 +msgid "Default: False" +msgstr "Voreinstellung: False" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1692 +msgid "passkey_debug_libfido2 (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1695 +msgid "Enable libfido2 library debug messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1703 +msgid "pam_cert_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1706 +msgid "" +"Enable certificate based Smartcard authentication. Since this requires " +"additional communication with the Smartcard which will delay the " +"authentication process this option is disabled by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1717 +msgid "pam_cert_db_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1720 +msgid "The path to the certificate database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 +msgid "Default:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 +msgid "" +"/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " +"certificates in PEM format)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1735 +#, fuzzy +#| msgid "ipa_automount_location (string)" +msgid "pam_cert_verification (string)" +msgstr "ipa_automount_location (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1738 +msgid "" +"With this parameter the PAM certificate verification can be tuned with a " +"comma separated list of options that override the " +"<quote>certificate_verification</quote> value in <quote>[sssd]</quote> " +"section. Supported options are the same of <quote>certificate_verification</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1749 +#, fuzzy, no-wrap +#| msgid "" +#| "fallback_homedir = /home/%u\n" +#| " " +msgid "" +"pam_cert_verification = partial_chain\n" +" " +msgstr "" +"fallback_homedir = /home/%u\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1753 +msgid "" +"Default: not set, i.e. use default <quote>certificate_verification</quote> " +"option defined in <quote>[sssd]</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1760 +msgid "p11_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1763 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1772 +#, fuzzy +#| msgid "pam_id_timeout (integer)" +msgid "passkey_child_timeout (integer)" +msgstr "pam_id_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1775 +msgid "" +"How many seconds will the PAM responder wait for passkey_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1784 +msgid "pam_app_services (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1787 +msgid "" +"Which PAM services are permitted to contact domains of type " +"<quote>application</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1796 +msgid "pam_p11_allowed_services (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1799 +msgid "" +"A comma-separated list of PAM service names for which it will be allowed to " +"use Smartcards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1814 +#, no-wrap +msgid "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1803 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in order " +"to replace a default PAM service name for authentication with Smartcards (e." +"g. <quote>login</quote>) with a custom PAM service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd-ad.5.xml:869 sssd-ad.5.xml:947 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1863 +msgid "gnome-screensaver" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1871 +msgid "p11_wait_for_card_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1874 +msgid "" +"If Smartcard authentication is required how many extra seconds in addition " +"to p11_child_timeout should the PAM responder wait until a Smartcard is " +"inserted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1885 +msgid "p11_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1888 +msgid "" +"PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " +"selection of devices used for Smartcard authentication. By default SSSD's " +"p11_child will search for a PKCS#11 slot (reader) where the 'removable' " +"flags is set and read the certificates from the inserted token from the " +"first slot found. If multiple readers are connected p11_uri can be used to " +"tell p11_child to use a specific reader." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1901 +#, no-wrap +msgid "" +"p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1905 +#, no-wrap +msgid "" +"p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1899 +msgid "" +"Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " +"type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " +"debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' " +"with e.g. the '--list-all' will show PKCS#11 URIs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1918 +msgid "pam_initgroups_scheme" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1926 +msgid "always" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1927 +msgid "" +"Always do an online lookup, please note that pam_id_timeout still applies" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1931 +msgid "no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1932 +msgid "" +"Only do an online lookup if there is no active session of the user, i.e. if " +"the user is currently not logged in" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1937 +msgid "never" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1938 +msgid "" +"Never force an online lookup, use the data from the cache as long as they " +"are not expired" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1921 +msgid "" +"The PAM responder can force an online lookup to get the current group " +"memberships of the user trying to log in. This option controls when this " +"should be done and the following values are allowed: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1945 +msgid "Default: no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 +msgid "pam_gssapi_services" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1953 +#, fuzzy +#| msgid "Comma separated list of users who are allowed to log in." +msgid "" +"Comma separated list of PAM services that are allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "Durch Kommata getrennte Liste von Benutzern, die sich anmelden dürfen." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1958 +msgid "" +"To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[pam] section. It can also be set for trusted domain which overwrites the " +"value in the domain section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1970 +#, fuzzy, no-wrap +#| msgid "" +#| "fallback_homedir = /home/%u\n" +#| " " +msgid "" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" +"fallback_homedir = /home/%u\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1974 +msgid "Default: - (GSSAPI authentication is disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 +msgid "pam_gssapi_check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1982 +msgid "" +"If True, SSSD will require that the Kerberos user principal that " +"successfully authenticated through GSSAPI can be associated with the user " +"who is being authenticated. Authentication will fail if the check fails." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1989 +msgid "" +"If False, every user that is able to obtained required service ticket will " +"be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 +#: sssd-files.5.xml:145 +msgid "Default: True" +msgstr "Voreinstellung: True" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2004 +msgid "pam_gssapi_indicators_map" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2007 +msgid "" +"Comma separated list of authentication indicators required to be present in " +"a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2013 +msgid "" +"Each element of the list can be either an authentication indicator name or a " +"pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " +"service name will be required to access any PAM service configured to be " +"used with <option>pam_gssapi_services</option>. A resulting list of " +"indicators per PAM service is then checked against indicators in the " +"Kerberos ticket during authentication by pam_sss_gss.so. Any indicator from " +"the ticket that matches the resulting list of indicators for the PAM service " +"would grant access. If none of the indicators in the list match, access will " +"be denied. If the resulting list of indicators for the PAM service is empty, " +"the check will not prevent the access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"To disable GSSAPI authentication indicator check, set this option to <quote>-" +"</quote> (dash). To disable the check for a specific PAM service, add " +"<quote>service:-</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "" +"Following authentication indicators are supported by IPA Kerberos " +"deployments:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"pkinit -- pre-authentication using X.509 certificates -- whether stored in " +"files or on smart cards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2043 +msgid "" +"hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " +"FAST channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2046 +msgid "radius -- pre-authentication with the help of a RADIUS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2049 +msgid "" +"otp -- pre-authentication using integrated two-factor authentication (2FA or " +"one-time password, OTP) in IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2052 +msgid "idp -- pre-authentication using external identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:2062 +#, no-wrap +msgid "" +"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2057 +msgid "" +"Example: to require access to SUDO services only for users which obtained " +"their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " +"set <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2066 +#, fuzzy +#| msgid "Default: not set (no substitution for unset home directories)" +msgid "Default: not set (use of authentication indicators is not required)" +msgstr "" +"Voreinstellung: nicht gesetzt (kein Ersetzen nicht gesetzter Home-" +"Verzeichnisse)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2074 +msgid "SUDO configuration options" +msgstr "Sudo-Konfigurationsoptionen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2076 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Diese Optionen können zur Konfiguration des Sudo-Dienstes verwendet werden. " +"Detaillierte Informationen zur Konfiguration von <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"zur Verwendung mit <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> finden Sie in der Handbuchseite zu " +"<citerefentry> <refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2093 +msgid "sudo_timed (bool)" +msgstr "sudo_timed (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2096 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" +"bestimmt, ob die Attribute »sudoNotBefore« und »sudoNotAfter«, die " +"zeitabhängige »sudoers«-Einträge implementieren, ausgewertet werden oder " +"nicht." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2108 +msgid "sudo_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2111 +msgid "" +"Maximum number of expired rules that can be refreshed at once. If number of " +"expired rules is below threshold, those rules are refreshed with " +"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a " +"<quote>full refresh</quote> of sudo rules is triggered instead. This " +"threshold number also applies to IPA sudo command and command group searches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2130 +msgid "AUTOFS configuration options" +msgstr "AUTOFS-Konfigurationsoptionen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2132 +msgid "These options can be used to configure the autofs service." +msgstr "" +"Diese Optionen können zum Konfigurieren des Dienstes »autofs« benutzt werden." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2136 +msgid "autofs_negative_timeout (integer)" +msgstr "autofs_negative_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2139 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"gibt an, wie viele Sekunden der Autofs-Responder negative Treffer " +"zwischenspeichert (das bedeutet, Abfragen ungültiger Abbildeinträge, wie " +"nicht existierende), bevor das Backend erneut befragt wird." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2155 +msgid "SSH configuration options" +msgstr "SSH-Konfigurationsoptionen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2157 +msgid "These options can be used to configure the SSH service." +msgstr "" +"Diese Optionen können zum Konfigurieren des SSH-Dienstes benutzt werden." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2161 +msgid "ssh_hash_known_hosts (bool)" +msgstr "ssh_hash_known_hosts (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2164 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" +"bestimmt, ob Rechnernamen und Adressen in der verwalteten Datei " +"»known_hosts« zusammengemischt werden oder nicht." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2173 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "ssh_known_hosts_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2176 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" +"bestimmt, wie viele Sekunden lang ein Rechner in der verwalteten Datei " +"»known_hosts« behalten wird, bevor seine Rechnerschlüssel abgefragt werden." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2180 +msgid "Default: 180" +msgstr "Voreinstellung: 180" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2185 +msgid "ssh_use_certificate_keys (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2188 +msgid "" +"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " +"keys derived from the public key of X.509 certificates stored in the user " +"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2203 +msgid "ssh_use_certificate_matching_rules (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2206 +msgid "" +"By default the ssh responder will use all available certificate matching " +"rules to filter the certificates so that ssh keys are only derived from the " +"matching ones. With this option the used rules can be restricted with a " +"comma separated list of mapping and matching rule names. All other rules " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2215 +msgid "" +"There are two special key words 'all_rules' and 'no_rules' which will enable " +"all or no rules, respectively. The latter means that no certificates will be " +"filtered out and ssh keys will be generated from all valid certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2222 +msgid "" +"If no rules are configured using 'all_rules' will enable a default rule " +"which enables all certificates suitable for client authentication. This is " +"the same behavior as for the PAM responder if certificate authentication is " +"enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2229 +msgid "" +"A non-existing rule name is considered an error. If as a result no rule is " +"selected all certificates will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2234 +msgid "" +"Default: not set, equivalent to 'all_rules', all found rules or the default " +"rule are used" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2240 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2243 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2263 +msgid "PAC responder configuration options" +msgstr "PAC-Responder-Konfigurationsoptionen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2265 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. If " +"the PAC is decoded and evaluated some of the following operations are done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2274 +msgid "" +"If the remote user does not exist in the cache, it is created. The UID is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"GID will have the same value as the UID. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2282 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" +"Falls es Gruppen-SIDs von Domains gibt, die SSSD kennt, wird der Benutzer zu " +"diesen Gruppen hinzugefügt." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2288 +msgid "These options can be used to configure the PAC responder." +msgstr "" +"Diese Optionen können zur Konfiguration des PAC-Responders verwendet werden." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 +msgid "allowed_uids (string)" +msgstr "allowed_uids (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2295 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" +"gibt die durch Kommata getrennte Liste von UID-Werten oder Benutzernamen an, " +"denen der Zugriff auf den PAC-Responder erlaubt ist. Benutzernamen werden " +"beim Starten zu UIDs aufgelöst." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2301 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" +"Voreinstellung: 0 (Nur dem Benutzer Root ist der Zugriff auf den PAC-" +"Responder gestattet.)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2305 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" +"Bitte beachten Sie, dass, obwohl die UID 0 als Voreinstellung benutzt wird, " +"diese Option sie überschriebt. Falls Sie weiterhin dem Benutzer Root Zugriff " +"auf den PAC-Responder gewähren möchten, was der Normalfall ist, müssen Sie " +"der Liste der erlaubten UIDs auch die 0 hinzufügen." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2314 +msgid "pac_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2317 +msgid "" +"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " +"data can be used to determine the group memberships of a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2327 +#, fuzzy +#| msgid "ldap_schema (string)" +msgid "pac_check (string)" +msgstr "ldap_schema (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2330 +msgid "" +"Apply additional checks on the PAC of the Kerberos ticket which is available " +"in Active Directory and FreeIPA domains, if configured. Please note that " +"Kerberos ticket validation must be enabled to be able to check the PAC, i.e. " +"the krb5_validate option must be set to 'True' which is the default for the " +"IPA and AD provider. If krb5_validate is set to 'False' the PAC checks will " +"be skipped." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2344 +msgid "no_check" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2346 +msgid "" +"The PAC must not be present and even if it is present no additional checks " +"will be done." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2352 +msgid "pac_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2354 +msgid "" +"The PAC must be present in the service ticket which SSSD will request with " +"the help of the user's TGT. If the PAC is not available the authentication " +"will fail." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2362 +msgid "check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2364 +msgid "" +"If the PAC is present check if the user principal name (UPN) information is " +"consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2370 +msgid "check_upn_allow_missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2372 +msgid "" +"This option should be used together with 'check_upn' and handles the case " +"where a UPN is set on the server-side but is not read by SSSD. The typical " +"example is a FreeIPA domain where 'ldap_user_principal' is set to a not " +"existing attribute name. This was typically done to work-around issues in " +"the handling of enterprise principals. But this is fixed since quite some " +"time and FreeIPA can handle enterprise principals just fine and there is no " +"need anymore to set 'ldap_user_principal'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2384 +msgid "" +"Currently this option is set by default to avoid regressions in such " +"environments. A log message will be added to the system log and SSSD's debug " +"log in case a UPN is found in the PAC but not in SSSD's cache. To avoid this " +"log message it would be best to evaluate if the 'ldap_user_principal' option " +"can be removed. If this is not possible, removing 'check_upn' will skip the " +"test and avoid the log message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2398 +msgid "upn_dns_info_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2400 +msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2405 +msgid "check_upn_dns_info_ex" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2407 +msgid "" +"If the PAC is present and the extension to the UPN-DNS-INFO buffer is " +"available check if the information in the extension is consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2414 +msgid "upn_dns_info_ex_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2416 +msgid "" +"The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " +"'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2340 +#, fuzzy +#| msgid "" +#| "The following expansions are supported: <placeholder " +#| "type=\"variablelist\" id=\"0\"/>" +msgid "" +"The following options can be used alone or in a comma-separated list: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Die folgenden Erweiterungen werden unterstützt: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2426 +msgid "" +"Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " +"check_upn_dns_info_ex')" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2435 +msgid "Session recording configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2437 +msgid "" +"Session recording works in conjunction with <citerefentry> " +"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>, a part of tlog package, to log what users see and type when " +"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-" +"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2450 +msgid "These options can be used to configure session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 +msgid "scope (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 +msgid "\"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 +msgid "No users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 +msgid "\"some\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 +msgid "" +"Users/groups specified by <replaceable>users</replaceable> and " +"<replaceable>groups</replaceable> options are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 +msgid "\"all\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 +msgid "All users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 +msgid "" +"One of the following strings specifying the scope of session recording: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 +msgid "Default: \"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 +msgid "users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 +msgid "" +"A comma-separated list of users which should have session recording enabled. " +"Matches user names as returned by NSS. I.e. after the possible space " +"replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 +msgid "Default: Empty. Matches no users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 +msgid "groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 +msgid "" +"A comma-separated list of groups, members of which should have session " +"recording enabled. Matches group names as returned by NSS. I.e. after the " +"possible space replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 +#: sssd-session-recording.5.xml:161 +msgid "" +"NOTE: using this option (having it set to anything) has a considerable " +"performance cost, because each uncached request for a user requires " +"retrieving and matching the groups the user is member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 +msgid "Default: Empty. Matches no groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 +#, fuzzy +#| msgid "simple_deny_users (string)" +msgid "exclude_users (string)" +msgstr "simple_deny_users (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 +msgid "" +"A comma-separated list of users to be excluded from recording, only " +"applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 +#, fuzzy +#| msgid "Default: empty, i.e. ldap_uri is used." +msgid "Default: Empty. No users excluded." +msgstr "Voreinstellung: leer, d.h., dass »ldap_uri« benutzt wird" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 +#, fuzzy +#| msgid "simple_deny_groups (string)" +msgid "exclude_groups (string)" +msgstr "simple_deny_groups (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 +msgid "" +"A comma-separated list of groups, members of which should be excluded from " +"recording. Only applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 +#, fuzzy +#| msgid "Default: empty, i.e. ldap_uri is used." +msgid "Default: Empty. No groups excluded." +msgstr "Voreinstellung: leer, d.h., dass »ldap_uri« benutzt wird" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2568 +msgid "DOMAIN SECTIONS" +msgstr "DOMAIN-ABSCHNITTE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2575 +msgid "enabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2578 +msgid "" +"Explicitly enable or disable the domain. If <quote>true</quote>, the domain " +"is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " +"always <quote>disabled</quote>. If this option is not set, the domain is " +"enabled only if it is listed in the domains option in the <quote>[sssd]</" +"quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2590 +msgid "domain_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2593 +msgid "" +"Specifies whether the domain is meant to be used by POSIX-aware clients such " +"as the Name Service Switch or by applications that do not need POSIX data to " +"be present or generated. Only objects from POSIX domains are available to " +"the operating system interfaces and utilities." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2601 +msgid "" +"Allowed values for this option are <quote>posix</quote> and " +"<quote>application</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2605 +msgid "" +"POSIX domains are reachable by all services. Application domains are only " +"reachable from the InfoPipe responder (see <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>) and the PAM responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2613 +msgid "" +"NOTE: The application domains are currently well tested with " +"<quote>id_provider=ldap</quote> only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2617 +msgid "" +"For an easy way to configure a non-POSIX domains, please see the " +"<quote>Application domains</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2621 +msgid "Default: posix" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2627 +msgid "min_id,max_id (integer)" +msgstr "min_id,max_id (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2630 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" +"UID- und GID-Beschränkungen für die Domain. Falls eine Domain einen Eintrag " +"enthält, der jenseits dieser Beschränkungen liegt, wird er ignoriert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2635 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" +"Dies beeinflusst die Haupt-GID-Beschränkung für Benutzer. Der Benutzer wird " +"nicht an NSS zurückgegeben, falls entweder die UID oder die Haupt-GID " +"außerhalb des Bereichs liegt. Bei Mitgliedschaften in Nichthauptgruppen " +"werden jene, die im Bereich liegen, wie erwartet gemeldet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2642 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" +"Diese ID-Beschränkungen beeinflussen sogar das Speichern von Einträgen in " +"den Zwischenspeicher und nicht nur ihre Rückgabe über Name oder ID." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2646 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "Voreinstellung: 1 für »min_id«, 0 (keine Beschränkung) für »max_id«" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2652 +msgid "enumerate (bool)" +msgstr "enumerate (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2655 +msgid "" +"Determines if a domain can be enumerated, that is, whether the domain can " +"list all the users and group it contains. Note that it is not required to " +"enable enumeration in order for secondary groups to be displayed. This " +"parameter can have one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2663 +msgid "TRUE = Users and groups are enumerated" +msgstr "TRUE = Benutzer und Gruppen werden aufgezählt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2666 +msgid "FALSE = No enumerations for this domain" +msgstr "FALSE = keine Aufzählungen für diese Domain" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 +msgid "Default: FALSE" +msgstr "Voreinstellung: FALSE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2672 +msgid "" +"Enumerating a domain requires SSSD to download and store ALL user and group " +"entries from the remote server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2677 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed. This can lead to the <quote>sssd_be</" +"quote> process becoming unresponsive or even restarted by the internal " +"watchdog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2692 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" +"Während die erste Aufzählung läuft, geben Anfragen nach vollständigen " +"Benutzer- oder Gruppenlisten möglicherweise bis zur Fertigstellung keine " +"Ergebnisse zurück." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2697 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" +"Darüber hinaus kann das Aktivieren der Aufzählung dazu führen, dass " +"Netzwerkausfälle erst später entdeckt werden. Dies kommt daher, dass längere " +"Zeitüberschreitungen vonnöten sind, um sicherzustellen, dass das " +"Nachschlagen von Aufzählungen vollständig erfolgreich war. Weitere " +"Informationen finden Sie in den Handbuchseiten für den jeweils aktuell " +"benutzten »id_provider«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2705 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" +"Aus den oben genannten Gründen wird das Aktivieren von Aufzählungen, " +"insbesondere in großen Umgebungen, nicht empfohlen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2713 +msgid "subdomain_enumerate (string)" +msgstr "subdomain_enumerate (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2720 +msgid "all" +msgstr "all" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2721 +msgid "All discovered trusted domains will be enumerated" +msgstr "Alle entdeckten vertrauenswürdigen Domains werden aufgezählt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2724 +msgid "none" +msgstr "none" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2725 +msgid "No discovered trusted domains will be enumerated" +msgstr "Keine der entdeckten vertrauenswürdigen Domains wird aufgezählt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2716 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" +"Legt fest, ob eventuell automatisch erkannte vertrauenswürdige Domains " +"aufgezählt werden sollen. Folgende Werte werden unterstützt: <placeholder " +"type=\"variablelist\" id=\"0\"/> Optional wird eine Liste aus einer oder " +"mehreren Domain-Namen die Aufzählung für genau diese vertrauenswürdigen " +"Domains aktivieren." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2739 +msgid "entry_cache_timeout (integer)" +msgstr "entry_cache_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2742 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" +"bestimmt, wie viele Sekunden lang »nss_sss« Einträge als gültig betrachten " +"soll, bevor das Backend erneut abgefragt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2746 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" +"Die Ablaufzeitstempel werden als Attribute individueller Objekte im " +"Zwischenspeicher gespeichert. Daher zeigt die Änderung der Ablaufzeiten im " +"Zwischenspeicher nur Wirkung bei neu hinzugefügten oder abgelaufenen " +"Einträgen. Sie sollten <citerefentry> <refentrytitle>sss_cache</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> ausführen, um die " +"Aktualisierung von Einträgen zu erzwingen, die bereits zwischengespeichert " +"wurden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2759 +msgid "Default: 5400" +msgstr "Voreinstellung: 5400" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2765 +msgid "entry_cache_user_timeout (integer)" +msgstr "entry_cache_user_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2768 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" +"bestimmt, wie viele Sekunden lang »nss_sss« Benutzereinträge als gültig " +"betrachten soll, bevor das Backend erneut abgefragt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 +msgid "Default: entry_cache_timeout" +msgstr "Voreinstellung: entry_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2778 +msgid "entry_cache_group_timeout (integer)" +msgstr "entry_cache_group_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2781 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" +"bestimmt, wie viele Sekunden lang »nss_sss« Gruppeneinträge als gültig " +"betrachten soll, bevor das Backend erneut abgefragt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2791 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "entry_cache_netgroup_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2794 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" +"bestimmt, wie viele Sekunden lang »nss_sss« Netzgruppeneinträge als gültig " +"betrachten soll, bevor das Backend erneut abgefragt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2804 +msgid "entry_cache_service_timeout (integer)" +msgstr "entry_cache_service_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2807 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" +"bestimmt, wie viele Sekunden lang »nss_sss« Diensteinträge als gültig " +"betrachten soll, bevor das Backend erneut abgefragt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2817 +msgid "entry_cache_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2820 +msgid "" +"How many seconds should nss_sss consider hosts and networks entries valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2831 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "entry_cache_sudo_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2834 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" +"bestimmt, wie viele Sekunden lang Sudo Regeln als gültig betrachten soll, " +"bevor das Backend erneut abgefragt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2844 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "entry_cache_autofs_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2847 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" +"bestimmt, wie viele Sekunden lang der Dienst »autofs« Abbilder des " +"Automounters als gültig betrachten soll, bevor das Backend erneut abgefragt " +"wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2858 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2861 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2872 +msgid "entry_cache_computer_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2875 +msgid "" +"How many seconds to keep the local computer entry before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2885 +msgid "refresh_expired_interval (integer)" +msgstr "refresh_expired_interval (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2888 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" +"Legt die Anzahl der Sekunden fest, die SSSD warten soll, bevor eine neuer " +"Prozess der Aktualisierung im Hintergrund ausgelöst wird, bei dem alle " +"abgelaufenen oder beinahe abgelaufenen Daten aktualisiert werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2893 +msgid "" +"The background refresh will process users, groups and netgroups in the " +"cache. For users who have performed the initgroups (get group membership for " +"user, typically ran at login) operation in the past, both the user entry " +"and the group membership are updated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2901 +msgid "This option is automatically inherited for all trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2905 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" +"Sie können in Betracht ziehen, diesen Wert auf 3/4 * entry_cache_timeout zu " +"setzen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2909 +msgid "" +"Cache entry will be refreshed by background task when 2/3 of cache timeout " +"has already passed. If there are existing cached entries, the background " +"task will refer to their original cache timeout values instead of current " +"configuration value. This may lead to a situation in which background " +"refresh task appears to not be working. This is done by design to improve " +"offline mode operation and reuse of existing valid cache entries. To make " +"this change instant the user may want to manually invalidate existing cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 +#: sssd-ipa.5.xml:270 +msgid "Default: 0 (disabled)" +msgstr "Voreinstellung: 0 (deaktiviert)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2928 +msgid "cache_credentials (bool)" +msgstr "cache_credentials (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2942 +msgid "" +"Take a note that while credentials are stored as a salted SHA512 hash, this " +"still potentially poses some security risk in case an attacker manages to " +"get access to a cache file (normally requires privileged access) and to " +"break a password using brute force attack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2956 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2959 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" +"Falls 2-Faktor-Authentifizierung genutzt wird und die Anmeldedaten " +"gespeichert werden sollen, gibt dieser Wert an wie lang der erste Faktor " +"(langlebiges Passwort) mindestens sein muss um als SHA512 Hash-Wert im Cache " +"gespeichert zu werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2966 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2977 +msgid "account_cache_expiration (integer)" +msgstr "account_cache_expiration (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2980 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" +"Anzahl der Tage, während der Einträge nach einer erfolgreichen Anmeldung im " +"Zwischenspeicher bleiben, bevor sie im Laufe der Zwischenspeicherbereinigung " +"entfernt werden. 0 bedeutet, für immer aufbewahren. Der Wert dieses " +"Parameters muss größer oder gleich »offline_credentials_expiration« sein." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2987 +msgid "Default: 0 (unlimited)" +msgstr "Voreinstellung: 0 (unbegrenzt)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2992 +msgid "pwd_expiration_warning (integer)" +msgstr "pwd_expiration_warning (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3003 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" +"Bitte beachten Sie, dass der Backend-Server Informationen über die " +"Ablaufzeit des Passworts bereitstellen muss. Fehlt diese Information, kann " +"SSSD keine Warnung anzeigen. Außerdem muss für das Backend ein " +"Authentifizierungsanbieter konfiguriert werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3010 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "Voreinstellung: 7 (Kerberos), 0 (LDAP)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3016 +msgid "id_provider (string)" +msgstr "id_provider (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3019 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" +"der für die Domain benutzte Authentifizierungsanbieter. Folgende ID-Anbieter " +"werden unterstützt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3023 +msgid "<quote>proxy</quote>: Support a legacy NSS provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3026 +msgid "" +"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" +"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on how to mirror local users and groups into SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3034 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" +"»ldap«: LDAP-Anbieter: Weitere Informationen über die Konfiguration von LDAP " +"finden Sie unter <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +#| "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> for more information on " +#| "configuring FreeIPA." +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." +msgstr "" +"»ipa«: Anbieter von FreeIPA und Red Hat Enterprise Identity Management. " +"Weitere Informationen über die Konfiguration von FreeIPA finden Sie unter " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" +"»ad«: Active-Directory-Anbieter: Weitere Informationen über die " +"Konfiguration von Active Directory finden Sie unter <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3062 +msgid "use_fully_qualified_names (bool)" +msgstr "use_fully_qualified_names (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3065 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" +"benutzt den vollständigen Namen und die Domain (wie sie durch das " +"»full_name_format« der Domain formatiert wurde) als Anmeldenamen des " +"Benutzers, der an NSS gemeldet wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3070 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" +"Ist dies auf TRUE gesetzt, müssen Anfragen an diese Domain voll " +"qualifizierte Namen benutzen. Falls zum Beispiel <command>getent passwd " +"test</command> in der Domain LOCAL benutzt wird, die einen Benutzer »test« " +"enthält, würde der Benutzer nicht gefunden, <command>getent passwd " +"test@LOCAL</command> würde ihn hingegen finden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3078 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" +"ACHTUNG: Diese Option ist bei Netzgruppen-Suchanfragen wirkungslos, da diese " +"dazu tendieren, verschachtelte Netzgruppen ohne voll qualifizierte Namen " +"einzubeziehen. Bei Netzgruppen werden alle Domains durchsucht, wenn ein " +"nicht voll qualifizierter Name angefragt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3085 +msgid "" +"Default: FALSE (TRUE for trusted domain/sub-domains or if " +"default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3092 +msgid "ignore_group_members (bool)" +msgstr "ignore_group_members (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3095 +msgid "Do not return group members for group lookups." +msgstr "gibt beim Nachschlagen der Gruppe nicht die Gruppenmitglieder zurück." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3098 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3116 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 +msgid "" +"This option can be also set per subdomain or inherited via " +"<emphasis>subdomain_inherit</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3132 +msgid "auth_provider (string)" +msgstr "auth_provider (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3135 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" +"der für diese Domain benutzte Authentifizierungsanbieter. Folgende " +"Authentifizierungsanbieter werden unterstützt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"»ldap« für native LDAP-Authentifizierung. Weitere Informationen über die " +"Konfiguration von LDAP finden Sie unter <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3146 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"»krb5« für Kerberos-Authentifizierung. Weitere Informationen über die " +"Konfiguration von Kerberos finden Sie unter <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3170 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" +"»proxy« zur Weitergabe der Authentifizierung an irgendein anderes PAM-Ziel" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3173 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "»none« deaktiviert explizit die Authentifizierung." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3176 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" +"Voreinstellung: »id_provider« wird, falls es gesetzt ist, benutzt und kann " +"mit Authentifizierungsanfragen umgehen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3182 +msgid "access_provider (string)" +msgstr "access_provider (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3185 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" +"der für diese Domain benutzte Zugriffssteuerungsanbieter. Es gibt zwei " +"integrierte Zugriffsanbieter (zusätzlich zu denen, die in den installierten " +"Backends enthalten sind). Interne Spezialanbieter sind:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3191 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" +"»permit« gibt immer Zugriff. Es ist der einzige erlaubte Zugriffsanbieter " +"für eine lokale Domain." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3194 +msgid "<quote>deny</quote> always deny access." +msgstr "»deny« verweigert dem Zugriff immer." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3221 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" +"»simple«: Zugriffssteuerung basierend auf Zugriffs- oder " +"Verweigerungslisten. Weitere Informationen über die Konfiguration des " +"einfachen Zugriffsmoduls finden sie unter <citerefentry> <refentrytitle>sssd-" +"simple</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3228 +msgid "" +"<quote>krb5</quote>: .k5login based access control. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3235 +msgid "<quote>proxy</quote> for relaying access control to another PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3238 +msgid "Default: <quote>permit</quote>" +msgstr "Voreinstellung: »permit«" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3243 +msgid "chpass_provider (string)" +msgstr "chpass_provider (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3246 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" +"der Anbieter, der Passwortänderungsaktionen für die Domain handhaben soll. " +"Folgende Anbieter von Passwortänderungen werden unterstützt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3251 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3259 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"»krb5« zum Ändern des Kerberos-Passworts. Weitere Informationen über die " +"Konfiguration von Kerberos finden Sie unter <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3284 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" +"»proxy« zur Weitergabe der Passwortänderung an irgendein anderes PAM-Ziel" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3288 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "»none« verbietet explizit Passwortänderungen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3291 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" +"Voreinstellung: »auth_provider« wird, falls es gesetzt ist, benutzt und " +"kann mit Passwortänderungsanfragen umgehen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3298 +msgid "sudo_provider (string)" +msgstr "sudo_provider (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3301 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" +"der für diese Domain benutzte Sudo-Anbieter. Folgende Sudo-Anbieter werden " +"unterstützt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3305 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"»ldap« für die in LDAP gespeicherten Regeln. Weitere Informationen über die " +"Konfiguration von LDAP finden Sie unter <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3313 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" +"<quote>ipa</quote> ist gleichbedeutend mit <quote>ldap</quote>, aber mit den " +"Vorgabeeinstellungen für IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3317 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" +"<quote>ad</quote> ist gleichbedeutend mit <quote>ldap</quote>, aber mit den " +"Vorgabeeinstellungen für AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3321 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "»none« deaktiviert explizit Sudo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" +"Voreinstellung: Falls gesetzt, wird der Wert von »id_provider« benutzt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3328 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Detaillierte Informationen zur Konfiguration von sudo_provider finden Sie in " +"der Handbuchseite zu <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. Es gibt zahlreiche verwendbare " +"Konfigurationsoptionen, mit denen das Verhalten angepasst werden kann. Siehe " +"»ldap_sudo_*« in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3343 +msgid "" +"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " +"background unless the sudo provider is explicitly disabled. Set " +"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related " +"activity in SSSD if you do not want to use sudo with SSSD at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3353 +msgid "selinux_provider (string)" +msgstr "selinux_provider (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3356 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" +"der Anbieter, der das Laden der SELinux-Einstellungen handhaben soll. " +"Beachten Sie, dass dieser Anbieter direkt aufgerufen wird, nachdem sich der " +"Zugriffsanbieter beendet hat. Folgende SELinux-Anbieter werden unterstützt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3362 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"»ipa«, um SELinux-Einstellungen von einem IPA-Server zu laden. Weitere " +"Informationen über die Konfiguration von FreeIPA finden Sie unter " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3370 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "»none« verbietet explizit das Abholen von SELinux-Einstellungen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3373 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" +"Voreinstellung: Falls gesetzt, wird der Wert von »id_provider« benutzt. Er " +"kann SELinux-Ladeanfragen handhaben." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3379 +msgid "subdomains_provider (string)" +msgstr "subdomains_provider (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3382 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" +"der Anbieter, der das Abholen von Subdomains handhaben soll. Dieser Wert " +"sollte immer derselbe sein wie »id_provider«. Folgende Subdomain-Anbieter " +"werden unterstützt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3388 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"»ipa«, um eine Liste mit Subdomains von einem IPA-Server zu laden. Weitere " +"Informationen über die Konfiguration von IPA finden Sie unter <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3397 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3406 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "»none« deaktiviert explizit das Abholen von Subdomains." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3416 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3419 +msgid "" +"The provider which configures and manages user session related tasks. The " +"only user session task currently provided is the integration with Fleet " +"Commander, which works only with IPA. Supported session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3426 +msgid "<quote>ipa</quote> to allow performing user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3430 +msgid "" +"<quote>none</quote> does not perform any kind of user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3434 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can perform " +"session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3438 +msgid "" +"<emphasis>NOTE:</emphasis> In order to have this feature working as expected " +"SSSD must be running as \"root\" and not as the unprivileged user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3446 +msgid "autofs_provider (string)" +msgstr "autofs_provider (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3449 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" +"der für diese Domain benutzte Anbieter von »autofs«. Folgende Anbieter von " +"»autofs« werden unterstützt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3453 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"»ldap«, um in LDAP gespeicherte Abbilder zu laden. Weitere Informationen " +"über die Konfiguration von LDAP finden Sie unter <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3460 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" +"»ipa«, um auf einem IPA-Server gespeicherte Abbilder zu laden. Weitere " +"Informationen über die Konfiguration von IPA finden Sie unter <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3468 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3477 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "»none« deaktiviert explizit »autofs«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3487 +msgid "hostid_provider (string)" +msgstr "hostid_provider (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3490 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" +"der Anbieter, der zum Abfragen der Rechneridentitätsinformationen benutzt " +"wird. Folgende Anbieter von »hostid« werden unterstützt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3494 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"»ipa«, um die auf einem IPA-Server gespeicherte Rechneridentität zu laden. " +"Weitere Informationen über die Konfiguration von IPA finden Sie unter " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3502 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "»none« deaktiviert explizit »hostid«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3512 +msgid "resolver_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3515 +msgid "" +"The provider which should handle hosts and networks lookups. Supported " +"resolver providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3519 +msgid "" +"<quote>proxy</quote> to forward lookups to another NSS library. See " +"<quote>proxy_resolver_lib_name</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3523 +msgid "" +"<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3530 +msgid "" +"<quote>ad</quote> to fetch hosts and networks stored in AD. See " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring the AD " +"provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3538 +msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3551 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" +"regulärer Ausdruck, der beschreibt, in welche Bestandteile die Zeichenkette " +"mit Benutzernamen und Domain bei der Auswertung zerlegt werden soll. Die " +"»Domain« kann entweder dem Domain-Namen der SSSD-Konfiguration oder im Fall " +"vertrauenswürdiger IPA-Subdomains und Active-Directory-Domains dem flachen " +"(NetBIOS-) Namen der Domain entsprechen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3560 +#, fuzzy +#| msgid "" +#| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +#| "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +#| "P<name>[^@\\\\]+)$))</quote> which allows three different styles " +#| "for user names:" +msgid "" +"Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" +"[^@]+))$</quote> which allows two different styles for user names:" +msgstr "" +"Voreinstellung für den AD- oder IPA-Anbieter: »(((?P<Domain>[^\\\\]+)\\" +"\\(?P<Name>.+$))|((?P<Name>[^@]+)@(?P<Domain>.+$))|(^(?" +"P<Name>[^@\\\\]+)$))« " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 +msgid "username" +msgstr "Benutzername" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 +msgid "username@domain.name" +msgstr "Benutzername@Domain.Name" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3573 +#, fuzzy +#| msgid "" +#| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +#| "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +#| "P<name>[^@\\\\]+)$))</quote> which allows three different styles " +#| "for user names:" +msgid "" +"Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" +"name>[^@\\\\]+)))$</quote> which allows three different styles for user " +"names:" +msgstr "" +"Voreinstellung für den AD- oder IPA-Anbieter: »(((?P<Domain>[^\\\\]+)\\" +"\\(?P<Name>.+$))|((?P<Name>[^@]+)@(?P<Domain>.+$))|(^(?" +"P<Name>[^@\\\\]+)$))« " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3585 +msgid "domain\\username" +msgstr "Domain\\Benutzername" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3588 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" +"Während die ersten beiden der allgemeinen Voreinstellung entsprechen, wurde " +"die dritte eingeführt, um eine einfache Eingliederung von Benutzern aus " +"Windows-Domains zu ermöglichen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3593 +msgid "" +"The default re_expression uses the <quote>@</quote> character as a separator " +"between the name and the domain. As a result of this setting the default " +"does not accept the <quote>@</quote> character in short names (as it is " +"allowed in Windows group names). If a user wishes to use short names with " +"<quote>@</quote> they must create their own re_expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3645 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "Voreinstellung: »%1$s@%2$s«" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3651 +msgid "lookup_family_order (string)" +msgstr "lookup_family_order (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3654 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" +"ermöglicht es, die bei DNS-Abfragen zu bevorzugende Adressfamilie zu wählen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3658 +msgid "Supported values:" +msgstr "unterstützte Werte:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3661 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" +"ipv4_first: versucht die IPv4- und, falls dies fehlschlägt, die IPv6-Adresse " +"nachzuschlagen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3664 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "ipv4_only: versucht, nur Rechnernamen zu IPv4-Adressen aufzulösen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3667 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" +"ipv6_first: versucht die IPv6- und, falls dies fehlschlägt, die IPv4-Adresse " +"nachzuschlagen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3670 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "ipv6_only: versucht, nur Rechnernamen zu IPv6-Adressen aufzulösen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3673 +msgid "Default: ipv4_first" +msgstr "Voreinstellung: ipv4_first" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3679 +#, fuzzy +#| msgid "dns_resolver_timeout (integer)" +msgid "dns_resolver_server_timeout (integer)" +msgstr "dns_resolver_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3682 +msgid "" +"Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " +"server before trying next DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3687 +msgid "" +"The AD provider will use this option for the CLDAP ping timeouts as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 +msgid "" +"Please see the section <quote>FAILOVER</quote> for more information about " +"the service resolution." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 +msgid "Default: 1000" +msgstr "Voreinstellung: 1000" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3702 +#, fuzzy +#| msgid "dns_resolver_timeout (integer)" +msgid "dns_resolver_op_timeout (integer)" +msgstr "dns_resolver_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3705 +msgid "" +"Defines the amount of time (in seconds) to wait to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or DNS discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3722 +msgid "dns_resolver_timeout (integer)" +msgstr "dns_resolver_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3725 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the " +"internal fail over service before assuming that the service is unreachable. " +"If this timeout is reached, the domain will continue to operate in offline " +"mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3743 +#, fuzzy +#| msgid "dns_resolver_timeout (integer)" +msgid "dns_resolver_use_search_list (bool)" +msgstr "dns_resolver_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3746 +msgid "" +"Normally, the DNS resolver searches the domain list defined in the " +"\"search\" directive from the resolv.conf file. This can lead to delays in " +"environments with improperly configured DNS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3752 +msgid "" +"If fully qualified domain names (or _srv_) are used in the SSSD " +"configuration, setting this option to FALSE can prevent unnecessary DNS " +"lookups in such environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3758 +msgid "Default: TRUE" +msgstr "Voreinstellung: TRUE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3764 +msgid "dns_discovery_domain (string)" +msgstr "dns_discovery_domain (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3767 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" +"Falls die Dienstsuche im Backend benutzt wird, gibt dies den Domain-Teil der " +"DNS-Dienstabfrage an." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3771 +msgid "Default: Use the domain part of machine's hostname" +msgstr "Voreinstellung: Der Domain-Teil des Rechnernamens wird benutzt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3777 +msgid "override_gid (integer)" +msgstr "override_gid (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3780 +msgid "Override the primary GID value with the one specified." +msgstr "überschreibt die Haupt-GID mit der angegebenen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3786 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3793 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3796 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3802 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3804 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3808 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3811 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3819 +msgid "" +"If you want to set this value for trusted domain with IPA provider, you need " +"to set it on both the client and SSSD on the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3789 +#, fuzzy +#| msgid "" +#| "The following expansions are supported: <placeholder " +#| "type=\"variablelist\" id=\"0\"/>" +msgid "" +"Treat user and group names as case sensitive. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Die folgenden Erweiterungen werden unterstützt: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3834 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3840 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3843 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3849 +#, fuzzy +#| msgid "ldap_search_timeout (integer)" +msgid "ldap_search_timeout" +msgstr "ldap_search_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3852 +#, fuzzy +#| msgid "ldap_network_timeout (integer)" +msgid "ldap_network_timeout" +msgstr "ldap_network_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3855 +#, fuzzy +#| msgid "ldap_opt_timeout (integer)" +msgid "ldap_opt_timeout" +msgstr "ldap_opt_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3858 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_offline_timeout" +msgstr "ldap_connection_expire_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3861 +#, fuzzy +#| msgid "ldap_enumeration_refresh_timeout (integer)" +msgid "ldap_enumeration_refresh_timeout" +msgstr "ldap_enumeration_refresh_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3864 +#, fuzzy +#| msgid "ldap_enumeration_refresh_timeout (integer)" +msgid "ldap_enumeration_refresh_offset" +msgstr "ldap_enumeration_refresh_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3867 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3870 +#, fuzzy +#| msgid "ldap_purge_cache_timeout (integer)" +msgid "ldap_purge_cache_offset" +msgstr "ldap_purge_cache_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3873 +msgid "" +"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " +"is not set explicitly)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3877 +#, fuzzy +#| msgid "ldap_krb5_ticket_lifetime (integer)" +msgid "ldap_krb5_ticket_lifetime" +msgstr "ldap_krb5_ticket_lifetime (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3880 +#, fuzzy +#| msgid "ldap_enumeration_search_timeout (integer)" +msgid "ldap_enumeration_search_timeout" +msgstr "ldap_enumeration_search_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3883 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_connection_expire_timeout" +msgstr "ldap_connection_expire_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3886 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_connection_expire_offset" +msgstr "ldap_connection_expire_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3889 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_connection_idle_timeout" +msgstr "ldap_connection_expire_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 +msgid "ldap_use_tokengroups" +msgstr "ldap_use_tokengroups" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3895 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3898 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3901 +msgid "auto_private_groups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3904 +msgid "case_sensitive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:3909 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3916 +msgid "Note: This option only works with the IPA and AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3923 +msgid "subdomain_homedir (string)" +msgstr "subdomain_homedir (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3934 +msgid "%F" +msgstr "%F" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3935 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "flacher (NetBIOS-) Name einer Subdomain" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3926 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Dieses Home-Verzeichnis wird als Vorgabewert für alle Subdomains innerhalb " +"dieser Domain im IPA-AD-Trust verwendet. In <emphasis>override_homedir</" +"emphasis> finden Sie Informationen zu möglichen Werten. Außerdem kann die " +"nachfolgende Expansion nur mit <emphasis>subdomain_homedir</emphasis> " +"verwendet werden. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3940 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" +"Der Wert kann mit der Option <emphasis>override_homedir</emphasis> " +"überschrieben werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3944 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "Voreinstellung: <filename>/home/%d/%u</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3949 +msgid "realmd_tags (string)" +msgstr "realmd_tags (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3952 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" +"verschiedene vom Konfigurationsdienst »realmd« für diese Domain gespeicherte " +"Kennzeichnungen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3958 +msgid "cached_auth_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3961 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode. If the credentials are incorrect, SSSD falls back to online " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3969 +msgid "" +"This option's value is inherited by all trusted domains. At the moment it is " +"not possible to set a different value per trusted domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3974 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3978 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: cn" +msgid "Default: match" +msgstr "Voreinstellung: cn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 +msgid "auto_private_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4050 +msgid "true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4053 +msgid "" +"Create user's private group unconditionally from user's UID number. The GID " +"number is ignored in this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4057 +msgid "" +"NOTE: Because the GID number and the user private group are inferred from " +"the UID number, it is not supported to have multiple entries with the same " +"UID or GID number with this option. In other words, enabling this option " +"enforces uniqueness across the ID space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4066 +msgid "false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4069 +msgid "" +"Always use the user's primary GID number. The GID number must refer to a " +"group object in the LDAP database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4075 +msgid "hybrid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4078 +msgid "" +"A primary group is autogenerated for user entries whose UID and GID numbers " +"have the same value and at the same time the GID number does not correspond " +"to a real group object in LDAP. If the values are the same, but the primary " +"GID in the user entry is also used by a group object, the primary GID of the " +"user resolves to that group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4091 +msgid "" +"If the UID and GID of a user are different, then the GID must correspond to " +"a group entry, otherwise the GID is simply not resolvable." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4098 +msgid "" +"This feature is useful for environments that wish to stop maintaining a " +"separate group objects for the user private groups, but also wish to retain " +"the existing user private groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4047 +msgid "" +"This option takes any of three available values: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4110 +msgid "" +"For subdomains, the default value is False for subdomains that use assigned " +"POSIX IDs and True for subdomains that use automatic ID-mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4118 +#, no-wrap +msgid "" +"[domain/forest.domain/sub.domain]\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4124 +#, no-wrap +msgid "" +"[domain/forest.domain]\n" +"subdomain_inherit = auto_private_groups\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4115 +msgid "" +"The value of auto_private_groups can either be set per subdomains in a " +"subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " +"globally for all subdomains in the main domain section using the " +"subdomain_inherit option: <placeholder type=\"programlisting\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2570 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Diese Konfigurationsoptionen können in einem Abschnitt einer Domain-" +"Konfiguration vorhanden sein, das heißt, in einem Abschnitt namens " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4139 +msgid "proxy_pam_target (string)" +msgstr "proxy_pam_target (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4142 +msgid "The proxy target PAM proxies to." +msgstr "das Proxy-Ziel, an das PAM weiterleitet" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4145 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." +msgstr "" +"Voreinstellung: standardmäßig nicht gesetzt, Sie müssen eine bestehende PAM-" +"Konfiguration nehmen oder eine neue erstellen und hier den Dienstnamen " +"hinzufügen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4155 +msgid "proxy_lib_name (string)" +msgstr "proxy_lib_name (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4158 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" +"der Name der NSS-Bibliothek, der für die Proxy-Domains benutzt werden soll. " +"Die in der NSS-Funktionen gesuchten Funktionen haben die Form " +"»_nss_$(libName)_$(function)«, zum Beispiel »_nss_files_getpwent«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4168 +msgid "proxy_resolver_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4171 +msgid "" +"The name of the NSS library to use for hosts and networks lookups in proxy " +"domains. The NSS functions searched for in the library are in the form of " +"_nss_$(libName)_$(function), for example _nss_dns_gethostbyname2_r." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4182 +msgid "proxy_fast_alias (boolean)" +msgstr "proxy_fast_alias (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4185 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" +"Wenn ein Benutzer oder eine Gruppe anhand des Namen im Anbieter »proxy« " +"nachgeschlagen wird, wird zusätzlich auch die ID aufgelöst. So wird der Name " +"für den Fall, dass er ein Alias ist, in eine »kanonische« Form gebracht. " +"Diese Option auf »True« zu setzen würde SSSD aus Leistungsgründen dazu " +"veranlassen, die ID im Zwischenspeicher nachzuschlagen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4199 +msgid "proxy_max_children (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4202 +msgid "" +"This option specifies the number of pre-forked proxy children. It is useful " +"for high-load SSSD environments where sssd may run out of available child " +"slots, which would cause some issues due to the requests being queued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4135 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"gültige Optionen für Proxy-Domains. <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:4218 +msgid "Application domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4220 +msgid "" +"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " +"applications as a gateway to an LDAP directory where users and groups are " +"stored. However, contrary to the traditional SSSD deployment where all users " +"and groups either have POSIX attributes or those attributes can be inferred " +"from the Windows SIDs, in many cases the users and groups in the application " +"support scenario have no POSIX attributes. Instead of setting a " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the " +"administrator can set up an <quote>[application/<replaceable>NAME</" +"replaceable>]</quote> section that internally represents a domain with type " +"<quote>application</quote> optionally inherits settings from a tradition " +"SSSD domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4240 +msgid "" +"Please note that the application domain must still be explicitly enabled in " +"the <quote>domains</quote> parameter so that the lookup order between the " +"application domain and its POSIX sibling domain is set correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:4246 +msgid "Application domain parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4248 +msgid "inherit_from (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4251 +msgid "" +"The SSSD POSIX-type domain the application domain inherits all settings " +"from. The application domain can moreover add its own settings to the " +"application settings that augment or override the <quote>sibling</quote> " +"domain settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4265 +msgid "" +"The following example illustrates the use of an application domain. In this " +"setup, the POSIX domain is connected to an LDAP server and is used by the OS " +"through the NSS responder. In addition, the application domain also requests " +"the telephoneNumber attribute, stores it as the phone attribute in the cache " +"and makes the phone attribute reachable through the D-Bus interface." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> +#: sssd.conf.5.xml:4273 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = appdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +phone\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/appdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = phone:telephoneNumber\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4293 +msgid "TRUSTED DOMAIN SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4295 +msgid "" +"Some options used in the domain section can also be used in the trusted " +"domain section, that is, in a section called <quote>[domain/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</" +"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base " +"domain. Please refer to examples below for explanation. Currently supported " +"options in the trusted domain section are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4302 +msgid "ldap_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4303 +msgid "ldap_user_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4304 +msgid "ldap_group_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4305 +msgid "ldap_netgroup_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4306 +msgid "ldap_service_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4307 +msgid "ldap_sasl_mech," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4308 +msgid "ad_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4309 +msgid "ad_backup_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4310 +msgid "ad_site," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 +msgid "use_fully_qualified_names" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4315 +msgid "" +"For more details about these options see their individual description in the " +"manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4321 +msgid "CERTIFICATE MAPPING SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4323 +msgid "" +"To allow authentication with Smartcards and certificates SSSD must be able " +"to map certificates to users. This can be done by adding the full " +"certificate to the LDAP object of the user or to a local override. While " +"using the full certificate is required to use the Smartcard authentication " +"feature of SSH (see <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> for details) it " +"might be cumbersome or not even possible to do this for the general case " +"where local services use PAM for authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4337 +msgid "" +"To make the mapping more flexible mapping and matching rules were added to " +"SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4346 +msgid "" +"A mapping and matching rule can be added to the SSSD configuration in a " +"section on its own with a name like <quote>[certmap/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</" +"replaceable>]</quote>. In this section the following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4353 +msgid "matchrule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4356 +msgid "" +"Only certificates from the Smartcard which matches this rule will be " +"processed, all others are ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4360 +msgid "" +"Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " +"Extended Key Usage <quote>clientAuth</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4367 +msgid "maprule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4370 +msgid "Defines how the user is found for a given certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4376 +msgid "" +"LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " +"<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4382 +msgid "" +"The RULE_NAME for the <quote>files</quote> provider which tries to find a " +"user with the same name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4391 +msgid "domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4394 +msgid "" +"Comma separated list of domain names the rule should be applied. By default " +"a rule is only valid in the domain configured in sssd.conf. If the provider " +"supports subdomains this option can be used to add the rule to subdomains as " +"well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4401 +msgid "Default: the configured domain in sssd.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4406 +msgid "priority (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4409 +msgid "" +"Unsigned integer value defining the priority of the rule. The higher the " +"number the lower the priority. <quote>0</quote> stands for the highest " +"priority while <quote>4294967295</quote> is the lowest." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4415 +msgid "Default: the lowest priority" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4421 +msgid "" +"To make the configuration simple and reduce the amount of configuration " +"options the <quote>files</quote> provider has some special properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4427 +msgid "" +"if maprule is not set the RULE_NAME name is assumed to be the name of the " +"matching user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4433 +msgid "" +"if a maprule is used both a single user name or a template like " +"<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " +"<quote>(username)</quote> or <quote>({subject_rfc822_name.short_name})</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4442 +msgid "the <quote>domains</quote> option is ignored" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4450 +msgid "PROMPTING CONFIGURATION SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4452 +msgid "" +"If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" +"filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " +"which authentication methods are available for the user trying to log in. " +"Based on the results pam_sss will prompt the user for appropriate " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4460 +msgid "" +"With the growing number of authentication methods and the possibility that " +"there are multiple ones for a single user the heuristic used by pam_sss to " +"select the prompting might not be suitable for all use cases. The following " +"options should provide a better flexibility here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4472 +msgid "[prompting/password]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4475 +msgid "password_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4476 +msgid "to change the string of the password prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4474 +msgid "" +"to configure password prompting, allowed options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4484 +msgid "[prompting/2fa]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4488 +msgid "first_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4489 +msgid "to change the string of the prompt for the first factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4492 +msgid "second_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4493 +msgid "to change the string of the prompt for the second factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4496 +msgid "single_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4497 +msgid "" +"boolean value, if True there will be only a single prompt using the value of " +"first_prompt where it is expected that both factors are entered as a single " +"string. Please note that both factors have to be entered here, even if the " +"second factor is optional." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4486 +msgid "" +"to configure two-factor authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " +"optional and it should be possible to log in either only with the password " +"or with both factors two-step prompting has to be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4514 +msgid "[prompting/passkey]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4522 +msgid "" +"boolean value, if True prompt a message and wait before testing the presence " +"of a passkey device. Recommended if your device doesn’t have a tactile " +"trigger." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4530 +msgid "interactive_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4532 +msgid "to change the message of the interactive prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4537 +msgid "touch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4539 +msgid "" +"boolean value, if True prompt a message to remind the user to touch the " +"device." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4545 +msgid "touch_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4547 +msgid "to change the message of the touch prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4516 +#, fuzzy +#| msgid "" +#| "The following expansions are supported: <placeholder " +#| "type=\"variablelist\" id=\"0\"/>" +msgid "" +"to configure passkey authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Die folgenden Erweiterungen werden unterstützt: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4467 +msgid "" +"Each supported authentication method has its own configuration subsection " +"under <quote>[prompting/...]</quote>. Currently there are: <placeholder " +"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/" +"> <placeholder type=\"variablelist\" id=\"2\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4558 +msgid "" +"It is possible to add a subsection for specific PAM services, e.g. " +"<quote>[prompting/password/sshd]</quote> to individual change the prompting " +"for this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +msgid "EXAMPLES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4571 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4567 +msgid "" +"1. The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4604 +#, no-wrap +msgid "" +"[domain/ipa.com/child.ad.com]\n" +"use_fully_qualified_names = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4598 +msgid "" +"2. The following example shows configuration of IPA AD trust where the AD " +"forest consists of two domains in a parent-child structure. Suppose IPA " +"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain " +"(child.ad.com). To enable shortnames in the child domain the following " +"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/" +">" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4615 +#, no-wrap +msgid "" +"[certmap/my.domain/rule_name]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +"maprule = (userCertificate;binary={cert!bin})\n" +"domains = my.domain, your.domain\n" +"priority = 10\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4609 +msgid "" +"3. The following example shows the configuration of a certificate mapping " +"rule. It is valid for the configured domain <quote>my.domain</quote> and " +"additionally for the subdomains <quote>your.domain</quote> and uses the full " +"certificate in the search filter. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "sssd-ldap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "SSSD LDAP-Anbieter" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:21 pam_sss.8.xml:63 pam_sss_gss.8.xml:30 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21 +#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 +#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sssd-krb5.5.xml:21 +#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 +#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 +#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30 +#: sssd-files.5.xml:21 sssd-session-recording.5.xml:21 sssd-kcm.8.xml:21 +#: sssd-systemtap.5.xml:21 sssd-ldap-attributes.5.xml:21 +#: sssd_krb5_localauth_plugin.8.xml:20 +msgid "DESCRIPTION" +msgstr "BESCHREIBUNG" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" +"Diese Handbuchseite beschreibt die Konfiguration von LDAP-Domains für " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Detaillierte Syntax-Informationen finden Sie im Abschnitt " +"»DATEIFORMAT« der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" +"Sie können SSSD so konfigurieren, dass es mehr als eine LDAP-Domain benutzt." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." +msgstr "" +"Das LDAP-Backend unterstützt ID-, Authentifizierungs-, Zugriffs- und Chpass-" +"Anbieter. Falls Sie sich bei einem LDAP-Server authentifizieren möchten, " +"wird entweder TLS/SSL oder LDAPS benötigt. <command>sssd</command> " +"unterstützt <emphasis>keine</emphasis> Authentifizierung über einen " +"unverschlüsselten Kanal. Falls der LDAP-Server nur als Identitätsanbieter " +"benutzt wird, wird kein verschlüsselter Kanal benötigt. Weitere " +"Informationen über die Verwendung von LDAP als Zugriffsanbieter finden Sie " +"unter »ldap_access_filter«." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 +#: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 +msgid "CONFIGURATION OPTIONS" +msgstr "KONFIGURATIONSOPTIONEN" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:67 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "ldap_uri, ldap_backup_uri (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"gibt eine durch Kommata getrennte Liste der LDAP-Server-URIs in der " +"Reihenfolge an, in der sich SSSD mit ihnen verbinden soll. Weitere " +"Informationen über Ausfallsicherung und Redundanz finden Sie im Abschnitt " +"»AUSFALLSICHERUNG«. Falls keine Option angegeben wurde, wird die Dienstsuche " +"aktiviert. Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:77 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" +"Das Format der URI muss dem in RFC 2732 definierten Format entsprechen:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:80 +msgid "ldap[s]://<host>[:port]" +msgstr "ldap[s]://<Rechner>[:Port]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:83 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" +"Wenn Sie explizit IPv6-Adressen verwenden möchten, muss <Rechner> in " +"eckigen Klammern [] stehen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:86 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "Beispiel: ldap://[fc00::126:25]:389" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:92 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" +"gibt eine durch Kommata getrennte Liste von URIs der LDAP-Server an, mit " +"denen SSSD sich in dieser Reihenfolge verbinden soll, um das Passwort eines " +"Benutzers zu ändern. Weitere Informationen über Ausfallsicherung und " +"Redundanz finden Sie im Abschnitt »AUSFALLSICHERUNG«. " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:102 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" +"Um die Dienstsuche zu aktivieren, muss »ldap_chpass_dns_service_name« " +"gesetzt sein." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:106 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "Voreinstellung: leer, d.h., dass »ldap_uri« benutzt wird" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:112 +msgid "ldap_search_base (string)" +msgstr "ldap_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:115 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" +"der Standardbasis-Domain-Name, der zur Durchführung von LDAP-" +"Benutzeraktionen benutzt wird" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" +"Beginnend mit SSSD 1.7.0 unterstützt SSSD mehrere Suchgrundlagen mittels der " +"Syntax:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:123 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "" +"search_base[?Gültigkeitsbereich?[Filter][?search_base?Gültigkeitsbereich?" +"[Filter]]*]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" +"Der Gültigkeitsbereich kann entweder »base«, »onelevel« oder »subtree« sein." + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" +"Der Filter muss ein gültiger LDAP-Suchfilter, wie durch http://www.ietf.org/" +"rfc/rfc2254.txt spezifiziert, sein." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 +msgid "Examples:" +msgstr "Beispiele:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:136 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" +"ldap_search_base = dc=example,dc=com (dies entspricht) ldap_search_base = " +"dc=example,dc=com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:141 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" +"ldap_search_base = cn=host_specific,dc=Beispiel,dc=com?Unterverzeichnis?" +"(host=Dieser_Rechner)?dc=example.com?Unterverzeichnis?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" +"Hinweis: Mehrere Suchgrundlagen, die sich auf Objekte mit gleichem Namen " +"beziehen, werden nicht unterstützt (zum Beispiel Gruppen mit demselben Namen " +"in zwei unterschiedlichen Suchgrundlagen). Dies wird zu unvorhersehbarem " +"Verhalten auf Client-Rechnern führen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:151 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" +"Voreinstellung: Falls nicht gesetzt, wird der Wert der Attribute " +"»defaultNamingContext« oder »namingContexts« vom RootDSE des LDAP-Servers " +"benutzt. Falls »defaultNamingContext« nicht existiert oder ihr Wert leer " +"ist, wird »namingContexts« verwendet. Das Attribut »namingContexts« muss " +"einen einzelnen Wert mit dem Domain-Namen der Suchgrundlage des LDAP-Servers " +"haben, damit dies funktioniert. Mehrere Werte werden nicht unterstützt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:165 +msgid "ldap_schema (string)" +msgstr "ldap_schema (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" +"gibt den Schematyp an, der gerade auf dem Ziel-LDAP-Server benutzt wird. " +"Abhängig vom ausgewählten Schema können sich die von den Servern geholten " +"Standardattributnamen stark unterscheiden. Die Art, wie einige Attribute " +"gehandhabt werden, kann sich ebenfalls unterscheiden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:175 +msgid "Four schema types are currently supported:" +msgstr "Derzeit werden vier Schematypen unterstützt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:179 +msgid "rfc2307" +msgstr "rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:184 +msgid "rfc2307bis" +msgstr "rfc2307bis" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:189 +msgid "IPA" +msgstr "IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:194 +msgid "AD" +msgstr "AD" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:200 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" +"Der Hauptunterschied zwischen diesen Schematypen besteht darin, wie " +"Gruppenmitgliedschaften auf dem Server aufgezeichnet werden. Mit »rfc2307« " +"werden Gruppenmitglieder nach Namen im Attribut <emphasis>memberUid</" +"emphasis> aufgeführt. Mit »rfc2307bis« bis »IPA« werden die " +"Gruppenmitglieder nach Domain-Namen aufgeführt und im Attribut " +"<emphasis>member</emphasis> gespeichert. Der Schematyp »AD« setzt die " +"Attribute passend zu den Werten von Active Directory 2008r2." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:210 +msgid "Default: rfc2307" +msgstr "Voreinstellung: rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:216 +msgid "ldap_pwmodify_mode (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:219 +msgid "Specify the operation that is used to modify user password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:223 +msgid "Two modes are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:227 +msgid "exop - Password Modify Extended Operation (RFC 3062)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:233 +msgid "ldap_modify - Direct modification of userPassword (not recommended)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:240 +msgid "" +"Note: First, a new connection is established to verify current password by " +"binding as the user that requested password change. If successful, this " +"connection is used to change the password therefore the user must have write " +"access to userPassword attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:248 +msgid "Default: exop" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:254 +msgid "ldap_default_bind_dn (string)" +msgstr "ldap_default_bind_dn (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" +"der Standard-Bind-Domain-Name, der zum Durchführen von LDAP-Aktionen benutzt " +"wird" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:264 +msgid "ldap_default_authtok_type (string)" +msgstr "ldap_default_authtok_type (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:267 +msgid "The type of the authentication token of the default bind DN." +msgstr "der Typ des Authentifizierungs-Tokens des Standard-Bind-Domain-Namens" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:271 +msgid "The two mechanisms currently supported are:" +msgstr "Die beiden derzeit unterstützten Mechanismen sind:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:274 +msgid "password" +msgstr "password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:277 +msgid "obfuscated_password" +msgstr "obfuscated_password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:280 +msgid "Default: password" +msgstr "Voreinstellung: password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "" +"See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:294 +msgid "ldap_default_authtok (string)" +msgstr "ldap_default_authtok (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:297 +msgid "The authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:303 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "ldap_force_upper_case_realm (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:306 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" +"Einige Verzeichnisserver, zum Beispiel Active Directory, könnten den Realm-" +"Teil der UPN in Kleinbuchstaben liefern, was zum Scheitern der " +"Authentifizierung führen kann. Setzen Sie diese Option auf einen Wert " +"ungleich Null, falls Sie einen Realm in Großbuchstaben wünschen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:319 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "ldap_enumeration_refresh_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" +"gibt an, wie viele Sekunden lang SSSD warten soll, bevor es seinen " +"Zwischenspeicher aufgezählter Datensätze aktualisiert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:338 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "ldap_purge_cache_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:341 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" +"bestimmt, wie oft der Zwischenspeicher auf inaktive Einträge überprüft wird " +"(wie Gruppen ohne Mitglieder und Benutzer, die sich noch nie angemeldet " +"haben) und diese entfernt werden, um Platz zu sparen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:347 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:367 +msgid "ldap_group_nesting_level (integer)" +msgstr "ldap_group_nesting_level (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:370 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" +"Falls »ldap_schema« auf ein Format gesetzt ist, das verschachtelte Gruppen " +"(z.B. RFC2307bis) unterstützt, dann steuert diese Option, wie viele Stufen " +"tief SSSD der Verschachtelung folgt. Diese Option hat keine Auswirkungen auf " +"das Schema RFC2307." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" +"Hinweis: Diese Option gibt die garantierte Tiefe verschachtelter Gruppen an, " +"die bei Suchvorgängen verarbeitet werden soll. Dennoch <emphasis>können</" +"emphasis> auch tiefer verschachtelte Gruppen einbezogen werden, falls bei " +"früheren Suchvorgängen die tieferen Ebenen bereits einmal berücksichtigt " +"wurden. Außerdem können folgende Suchvorgänge für andere Gruppen die " +"Ergebnisse des ursprünglichen Suchvorgangs vergrößern, wenn die Suche erneut " +"erfolgt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:395 +msgid "Default: 2" +msgstr "Voreinstellung: 2" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:404 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" +"Diese Optionen aktivieren oder deaktivieren die Verwendung des Token-Gruppen-" +"Attributs, wenn »initgroup« für Benutzers des Active Directory Servers 2008 " +"und neuere Versionen ausgeführt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" +"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für " +"Rechnerobjekte" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" +"Informationen über das Konfigurieren mehrerer Suchgrundlagen finden Sie " +"unter »ldap_search_base«." + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "Voreinstellung: der Wert von <emphasis>ldap_search_base</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:439 +msgid "ldap_service_search_base (string)" +msgstr "ldap_service_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:444 +msgid "ldap_iphost_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:449 +msgid "ldap_ipnetwork_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:454 +msgid "ldap_search_timeout (integer)" +msgstr "ldap_search_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:457 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" +"gibt den Zeitpunkt der Zeitüberschreitung (in Sekunden) an, bis zu dem LDAP-" +"Suchen laufen dürfen, bevor sie abgebrochen und die zwischengespeicherten " +"Ergebnisse zurückgegeben werden (und in den Offline-Modus gegangen wird)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:463 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" +"Hinweis: Diese Option ist in zukünftigen Versionen von SSSD Gegenstand von " +"Änderungen. Sie wird wahrscheinlich an einigen Stellen durch Serien von " +"Zeitüberschreitungspunkten für spezielle Nachschlagetypen ersetzt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:480 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "ldap_enumeration_search_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:483 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" +"gibt den Zeitpunkt der Zeitüberschreitung (in Sekunden) an, bis zu dem LDAP-" +"Suchen nach Benutzer- und Gruppenaufzählungen laufen dürfen, bevor sie " +"abgebrochen und die zwischengespeicherten Ergebnisse zurückgegeben werden " +"(und in den Offline-Modus gegangen wird)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:501 +msgid "ldap_network_timeout (integer)" +msgstr "ldap_network_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" +"gibt den Zeitpunkt der Zeitüberschreitung (in Sekunden) an, nach dem " +"<citerefentry> <refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> " +"</citerefentry>/<citerefentry> <refentrytitle>select</refentrytitle> " +"<manvolnum>2</manvolnum> </citerefentry> gefolgt von einem <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> zurückkehrt, falls keine Aktivität stattfindet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:532 +msgid "ldap_opt_timeout (integer)" +msgstr "ldap_opt_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:535 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:555 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "ldap_connection_expire_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:558 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" +"gibt den Zeitpunkt der Zeitüberschreitung (in Sekunden) an, bis zu dem eine " +"Verbindung zu einem LDAP-Server aufrechterhalten wird. Nach dieser Zeit wird " +"die Verbindung erneut aufgebaut. Wird dies parallel zu SASL/GSSAPI benutzt, " +"wird der frühere der beiden Werte (dieser Wert gegenüber der TGT-" +"Lebensdauer) verwendet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:566 +msgid "" +"If the connection is idle (not actively running an operation) within " +"<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " +"closed early to ensure that a new query cannot require the connection to " +"remain open past its expiration. This implies that connections will always " +"be closed immediately and will never be reused if " +"<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:578 +msgid "" +"This timeout can be extended of a random value specified by " +"<emphasis>ldap_connection_expire_offset</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 +msgid "Default: 900 (15 minutes)" +msgstr "Voreinstellung: 900 (15 Minuten)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_connection_expire_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"Random offset between 0 and configured value is added to " +"<emphasis>ldap_connection_expire_timeout</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:613 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_connection_idle_timeout (integer)" +msgstr "ldap_connection_expire_timeout (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:616 +#, fuzzy +#| msgid "" +#| "Specifies a timeout (in seconds) that a connection to an LDAP server will " +#| "be maintained. After this time, the connection will be re-established. If " +#| "used in parallel with SASL/GSSAPI, the sooner of the two values (this " +#| "value vs. the TGT lifetime) will be used." +msgid "" +"Specifies a timeout (in seconds) that an idle connection to an LDAP server " +"will be maintained. If the connection is idle for more than this time then " +"the connection will be closed." +msgstr "" +"gibt den Zeitpunkt der Zeitüberschreitung (in Sekunden) an, bis zu dem eine " +"Verbindung zu einem LDAP-Server aufrechterhalten wird. Nach dieser Zeit wird " +"die Verbindung erneut aufgebaut. Wird dies parallel zu SASL/GSSAPI benutzt, " +"wird der frühere der beiden Werte (dieser Wert gegenüber der TGT-" +"Lebensdauer) verwendet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:622 +msgid "You can disable this timeout by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:637 +msgid "ldap_page_size (integer)" +msgstr "ldap_page_size (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:640 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" +"gibt die Anzahl der Datensätze an, die in einer einzelnen Anfrage von LDAP " +"empfangen werden. Einige LDAP-Server erzwingen eine Begrenzung des Maximums " +"pro Anfrage." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:651 +msgid "ldap_disable_paging (boolean)" +msgstr "ldap_disable_paging (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:654 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" +"deaktiviert die Seitenadressierungssteuerung von LDAP. Diese Option sollte " +"benutzt werden, falls der LDAP-Server meldet, dass er die LDAP-" +"Seitenadressierungssteuerung in seinem RootDSE unterstützt, sie jedoch " +"deaktiviert ist oder sich nicht ordnungsgemäß verhält." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:660 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" +"Beispiel: OpenLDAP-Server, bei denen das Seitenadressierungssteuerungsmodul " +"installiert, aber nicht aktiviert ist, werden es im RootDSE melden, sind " +"aber nicht in der Lage, es zu benutzen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:666 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" +"Beispiel: 389 DS hat einen Fehler, durch den es gleichzeitig nur eine " +"einzige Seitenadressierungssteuerung für eine einzelne Verbindung benutzen " +"kann. Bei ausgelasteten Clients kann dies dazu führen, dass manche Anfragen " +"abgelehnt werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:678 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "ldap_disable_range_retrieval (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:681 +msgid "Disable Active Directory range retrieval." +msgstr "deaktiviert die Bereichsabfrage von Active Directory" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:684 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" +"Active Directory begrenzt die Anzahl der Mitglieder, die in einem einzigen " +"Nachschlagen mittels der MaxValRange-Richtlinie empfangen werden können (die " +"Voreinstellung sind 1.500 Mitglieder). Falls eine Gruppe mehr Mitglieder " +"enthält, wird die Antwort eine AD-spezifische Bereichserweiterung enthalten. " +"Diese Option deaktiviert das Auswerten der Bereichserweiterung, daher wird " +"es so aussehen, als ob große Gruppen keine Mitglieder hätten." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:699 +msgid "ldap_sasl_minssf (integer)" +msgstr "ldap_sasl_minssf (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:702 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" +"Wenn mittels SASL mit einem LDAP-Server kommuniziert wird, gibt dies die " +"mindestens nötige Sicherheitsstufe zum Herstellen der Verbindung an. Die " +"Werte dieser Option werden durch OpenLDAP definiert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" +"Voreinstellung: verwendet die Voreinstellungen des System (normalerweise in " +"»ldap.conf« angegeben)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:715 +msgid "ldap_sasl_maxssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:718 +msgid "" +"When communicating with an LDAP server using SASL, specify the maximal " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:731 +msgid "ldap_deref_threshold (integer)" +msgstr "ldap_deref_threshold (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:734 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" +"gibt die Anzahl der Gruppenmitglieder an, die aus dem internen " +"Zwischenspeicher fehlen muss, um ein dereferenzierendes Nachschlagen " +"auszulösen. Falls weniger Mitglieder fehlen, werden sie individuell " +"nachgeschlagen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:740 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0. " +"Please note that there are some codepaths in SSSD, like the IPA HBAC " +"provider, that are only implemented using the dereference call, so even with " +"dereference explicitly disabled, those parts will still use dereference if " +"the server supports it and advertises the dereference control in the rootDSE " +"object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:751 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" +"Dereferenzierendes Nachschlagen ist ein Mittel, um alle Gruppenmitglieder in " +"einem einzigen LDAP-Aufruf abzuholen. Verschiedene LDAP-Server können " +"unterschiedliche Methoden zum Dereferenzieren implementieren. Die derzeit " +"unterstützten Server sind 389/RHDS, OpenLDAP und Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:759 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" +"<emphasis>Hinweis:</emphasis> Falls eine der Suchgrundlagen einen Suchfilter " +"angibt, wird die Verbesserung der Leistung beim dereferenzierenden " +"Nachschlagen ohne Rücksicht auf die Einstellung deaktiviert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:772 +msgid "ldap_ignore_unreadable_references (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:775 +msgid "" +"Ignore unreadable LDAP entries referenced in group's member attribute. If " +"this parameter is set to false an error will be returned and the operation " +"will fail instead of just ignoring the unreadable entry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:782 +msgid "" +"This parameter may be useful when using the AD provider and the computer " +"account that sssd uses to connect to AD does not have access to a particular " +"entry or LDAP sub-tree for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:795 +msgid "ldap_tls_reqcert (string)" +msgstr "ldap_tls_reqcert (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:798 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" +"gibt an, welche Prüfungen von Server-Zertifikaten in einer TLS-Sitzung " +"durchgeführt werden, falls vorhanden. Dies kann in Form einer der folgenden " +"Werte angegeben werden:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" +"<emphasis>never</emphasis> = Der Client wird kein Server-Zertifikat prüfen " +"oder anfordern." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:808 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" +"<emphasis>allow</emphasis> = Das Server-Zertifikat wird angefordert. Falls " +"kein Zertifikat bereitgestellt wird, fährt die Sitzung normal fort. Falls " +"ein ungültiges Zertifikat bereitgestellt wird, wird es ignoriert und die " +"Sitzung fährt normal fort." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:815 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" +"<emphasis>try</emphasis> = Das Server-Zertifikat wird angefordert. Falls das " +"Zertifikat bereitgestellt wird, fährt die Sitzung normal fort. Falls ein " +"ungültiges Zertifikat bereitgestellt wird, wird die Sitzung sofort beendet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:821 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" +"<emphasis>demand</emphasis> = Das Server-Zertifikat wird angefordert. Falls " +"kein oder ein ungültiges Zertifikat bereitgestellt wird, wird die Sitzung " +"sofort beendet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:827 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "<emphasis>hard</emphasis> = entspricht »demand«" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:831 +msgid "Default: hard" +msgstr "Voreinstellung: hard" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:837 +msgid "ldap_tls_cacert (string)" +msgstr "ldap_tls_cacert (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:840 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" +"gibt die Datei an, die Zertifikate für alle Zertifizierungstellen enthält, " +"die <command>sssd</command> erkennen wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" +"Voreinstellung: verwendet OpenLDAP-Voreinstellungen, normalerweise aus " +"<filename>/etc/openldap/ldap.conf</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:852 +msgid "ldap_tls_cacertdir (string)" +msgstr "ldap_tls_cacertdir (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:855 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" +"gibt den Pfad eines Verzeichnisses an, das Zertifikate von " +"Zertifizierungstellen in separaten individuellen Dateien enthält. Die " +"Dateinamen sollen normalerweise ein Hash-Wert des Zertifikats gefolgt von " +"».0« sein. Falls verfügbar, kann <command>cacertdir_rehash</command> zum " +"Erstellen der korrekten Namen verwendet werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:870 +msgid "ldap_tls_cert (string)" +msgstr "ldap_tls_cert (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:873 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" +"gibt die Datei an, die das Zertifikat für den Schlüssel des Clients enthält." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:883 +msgid "ldap_tls_key (string)" +msgstr "ldap_tls_key (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:886 +msgid "Specifies the file that contains the client's key." +msgstr "gibt die Datei an, die den Schlüssel des Clients enthält." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:895 +msgid "ldap_tls_cipher_suite (string)" +msgstr "ldap_tls_cipher_suite (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:898 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "ldap_id_use_start_tls (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." +msgid "" +"Specifies that the id_provider connection must also use <systemitem " +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." +msgstr "" +"gibt an, dass die Verbindung »id_provider« auch <systemitem " +"class=\"protocol\">tls</systemitem> benutzen muss, um den Kanal abzusichern." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_id_mapping (boolean)" +msgstr "ldap_id_mapping (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" +"gibt an, dass SSSD versuchen soll, die Benutzer- und Gruppen-ID von den " +"Attributen »ldap_user_objectsid« und »ldap_group_objectsid« abzubilden, " +"statt sich auf »ldap_user_uid_number« und »ldap_group_gid_number« zu " +"verlassen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:934 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" +"Derzeit unterstützt diese Funktionalität nur das Abbilden von Active-" +"Directory-ObjectSIDs." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:944 +msgid "ldap_min_id, ldap_max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:947 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" +"Im Gegensatz zum SID-basierten ID-Abbilden, das benutzt wird, falls " +"»ldap_id_mapping« auf »true« gesetzt ist, ist der erlaubte ID-Bereich für " +"»ldap_user_uid_number« und »ldap_group_gid_number« offen. In einer " +"Konfiguration mit Unter-Domains und vertrauenswürdigen Domains könnte dies " +"zu ID-Kollisionen führen. Um Kollisionen zu vermeiden, können »ldap_min_id« " +"und »ldap_max_id« zum Begrenzen des erlaubten Bereichs für direkt vom Server " +"gelesene IDs verwendet werden. Unter-Domains können dann andere Bereiche zur " +"Abbildung von IDs wählen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:959 +msgid "Default: not set (both options are set to 0)" +msgstr "Voreinstellung: nicht gesetzt (beide Optionen sind auf 0 gesetzt)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:965 +msgid "ldap_sasl_mech (string)" +msgstr "ldap_sasl_mech (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:968 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " +"tested and supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:972 +msgid "" +"If the backend supports sub-domains the value of ldap_sasl_mech is " +"automatically inherited to the sub-domains. If a different value is needed " +"for a sub-domain it can be overwritten by setting ldap_sasl_mech for this " +"sub-domain explicitly. Please see TRUSTED DOMAIN SECTION in " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:988 +msgid "ldap_sasl_authid (string)" +msgstr "ldap_sasl_authid (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ldap.5.xml:1000 +#, no-wrap +msgid "" +"hostname@REALM\n" +"netbiosname$@REALM\n" +"host/hostname@REALM\n" +"*$@REALM\n" +"host/*@REALM\n" +"host/*\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:991 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " +"this represents the Kerberos principal used for authentication to the " +"directory. This option can either contain the full principal (for example " +"host/myhost@EXAMPLE.COM) or just the principal name (for example host/" +"myhost). By default, the value is not set and the following principals are " +"used: <placeholder type=\"programlisting\" id=\"0\"/> If none of them are " +"found, the first principal in keytab is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1011 +msgid "Default: host/hostname@REALM" +msgstr "Voreinstellung Rechner/MeinRechner@BEREICH" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1017 +msgid "ldap_sasl_realm (string)" +msgstr "ldap_sasl_realm (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" +"gibt den SASL-Realm an, der benutzt werden soll. Wurde diese Option nicht " +"angegeben, ist die Voreinstellung der Wert von »krb5_realm«. Falls " +"»ldap_sasl_authid« ebenfalls den Realm enthält, wird diese Option ignoriert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1026 +msgid "Default: the value of krb5_realm." +msgstr "Voreinstellung: der Wert von »krb5_realm«" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1032 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "ldap_sasl_canonicalize (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1035 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" +"Falls dies auf »true« gesetzt wäre, würde die LDAP-Bibliothek ein " +"umgekehrtes Nachschlagen durchführen, um den Rechnernamen während eines SASL-" +"Bind in eine kanonische Form zu bringen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1040 +msgid "Default: false;" +msgstr "Voreinstellung: false;" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1046 +msgid "ldap_krb5_keytab (string)" +msgstr "ldap_krb5_keytab (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1049 +msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" +"Voreinstellung: Keytab des Systems, normalerweise <filename>/etc/krb5." +"keytab</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1064 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "ldap_krb5_init_creds (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1067 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI or GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1079 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "ldap_krb5_ticket_lifetime (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 +msgid "Default: 86400 (24 hours)" +msgstr "Voreinstellung: 86400 (24 Stunden)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "krb5_server, krb5_backup_server (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1100 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" +"gibt die durch Kommata getrennte Liste von IP-Adressen bzw. Rechnernamen von " +"Kerberos-Servern in der Reihenfolge an, in der sich SSSD mit ihnen verbinden " +"soll. Weitere Informationen über Ausfallsicherung und Redundanz finden Sie " +"im Abschnitt »AUSFALLSICHERUNG«. An die Adressen oder Rechnernamen kann eine " +"optionale Portnummer (der ein Doppelpunkt vorangestellt ist) angehängt " +"werden. Falls dies leer gelassen wurde, wird die Dienstsuche aktiviert. " +"Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" +"Wenn die Dienstsuche für Schlüsselverwaltungszentralen- (KDC) oder Kpasswd-" +"Server benutzt wird, durchsucht SSSD zuerst die DNS-Einträge, die_udp als " +"Protokoll angeben. Falls keine gefunden werden, weicht es auf _tcp aus." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" +"Diese Option hieß in früheren Veröffentlichungen von SSSD »krb5_kdcip«. " +"Obwohl der alte Name einstweilen noch in Erinnerung ist, wird Anwendern " +"geraten, ihre Konfigurationsdateien auf die Verwendung von »krb5_server« zu " +"migrieren." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "krb5_realm (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1129 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1133 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" +"Voreinstellung: Systemvoreinstellungen, siehe <filename>/etc/krb5.conf</" +"filename>" + +#. type: Content of: <variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 +msgid "krb5_canonicalize (boolean)" +msgstr "krb5_canonicalize (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1142 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" +"gibt an, ob der Host Principal beim Verbinden mit einem LDAP-Server in eine " +"kanonische Form gebracht werden soll. Diese Funktionalität ist mit MIT " +"Kerberos >= 1.7 verfügbar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "krb5_use_kdcinfo (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" +"gibt an, ob SSSD die Kerberos-Bibliotheken anweisen soll, welcher Realm und " +"welche Schlüsselverwaltungszentralen (KDCs) benutzt werden sollen. Diese " +"Option ist standardmäßig eingeschaltet. Falls Sie sie ausschalten, müssen " +"Sie die Kerberos-Bibliothek mittels der Konfigurationsdatei " +"<citerefentry><refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> einrichten." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" +"Weitere Informationen über die Locator-Erweiterung finden Sie auf der " +"Handbuchseite <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1182 +msgid "ldap_pwd_policy (string)" +msgstr "ldap_pwd_policy (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1185 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" +"wählt das Regelwerk, anhand dessen das Client-seitige Erlöschen des " +"Passworts abgeschätzt werden soll. Die folgenden Werte sind erlaubt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1190 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" +"<emphasis>none</emphasis> – keine Client-seitige Abschätzung. Diese Option " +"kann keine Server-seitigen Passwortregelwerke deaktivieren." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +#, fuzzy +#| msgid "" +#| "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +#| "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes " +#| "to evaluate if the password has expired." +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired. Please see option " +"\"ldap_chpass_update_last_change\" as well." +msgstr "" +"<emphasis>shadow</emphasis> – benutzt Attribute im Stil von " +"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>, um abzuschätzen, ob das Passwort erloschen ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1203 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" +"<emphasis>mit_kerberos</emphasis> – verwendet die von MIT Kerberos benutzten " +"Attribute, um zu bestimmen, ob das Passwort erloschen ist. Verwenden Sie " +"»chpass_provider=krb5«, um diese Attribute zu aktualisieren, wenn das " +"Passwort geändert wurde." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1212 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" +"<emphasis>Hinweis</emphasis>: Falls serverseitig eine Passwortregel " +"konfiguriert ist, hat diese stets Vorrang vor der mit dieser Option " +"festgelegten Regel." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1220 +msgid "ldap_referrals (boolean)" +msgstr "ldap_referrals (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1223 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "gibt an, ob automatische Verweisverfolgung aktiviert werden soll." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1227 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" +"Bitte beachten Sie, dass SSSD nur Verweisverfolgung unterstützt, falls es " +"mit OpenLDAP Version 2.4.13 oder höher kompiliert wurde." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1232 +#, fuzzy +#| msgid "" +#| "Chasing referrals may incur a performance penalty in environments that " +#| "use them heavily, a notable example is Microsoft Active Directory. If " +#| "your setup does not in fact require the use of referrals, setting this " +#| "option to false might bring a noticeable performance improvement." +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement. Setting this option to " +"false is therefore recommended in case the SSSD LDAP provider is used " +"together with Microsoft Active Directory as a backend. Even if SSSD would be " +"able to follow the referral to a different AD DC no additional data would be " +"available." +msgstr "" +"Verweisverfolgungen können in Umgebungen, die ausgiebig von ihnen Gebrauch " +"machen, einen Leistungsnachteil erleiden, ein beachtenswertes Beispiel ist " +"Microsoft Active Directory. Falls ihre Installation Verweisverfolgungen " +"nicht tatsächlich benötigt, könnte diese Option auf »false« zu setzen eine " +"merkliche Leistungsverbesserung bringen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1251 +msgid "ldap_dns_service_name (string)" +msgstr "ldap_dns_service_name (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1254 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" +"gibt an, welcher Dienstname bei aktivierter Dienstsuche benutzt werden soll." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1258 +msgid "Default: ldap" +msgstr "Voreinstellung: ldap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1264 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "ldap_chpass_dns_service_name (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1267 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" +"gibt den Dienstnamen an, der zum Finden eines LDAP-Servers benutzt werden " +"soll, der Passwortänderungen bei aktivierter Dienstsuche ermöglicht." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "Voreinstellung: nicht gesetzt, d.h. Dienstsuche ist deaktiviert" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1278 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "ldap_chpass_update_last_change (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1281 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" +"gibt an, ob das Attribut »ldap_user_shadow_last_change« nach einer " +"Passwortänderung mit Unix-Zeit geändert wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1287 +msgid "" +"It is recommend to set this option explicitly if \"ldap_pwd_policy = " +"shadow\" is used to let SSSD know if the LDAP server will update " +"shadowLastChange LDAP attribute automatically after a password change or if " +"SSSD has to update it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1301 +msgid "ldap_access_filter (string)" +msgstr "ldap_access_filter (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1304 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" +"Falls access_provider = ldap und ldap_access_order = filter ist " +"(Voreinstellung), dann ist diese Option obligatorisch. Sie gibt ein " +"Suchfilterkriterium für LDAP an, dass auf den Benutzer passen muss, damit " +"diesem Zugriff auf den Host gewährt wird. Falls access_provider = ldap und " +"ldap_access_order = filter ist und diese Option nicht gesetzt ist, wird " +"allen Benutzern der Zugriff verweigert. Verwenden Sie access_provider = " +"permit, um dieses Standardverhalten zu ändern. Bitte beachten Sie, dass " +"dieser Filter nur auf den LDAP-Benutzereintrag angewendet wird und daher die " +"auf verschachtelten Gruppen basierende Filterung nicht funktioniert. " +"Beispielsweise zeigt das Active-Directory-Attribut »memberOf« nur auf die " +"unmittelbaren Eltern. Falls die Filterung basierend auf verschachtelten " +"Gruppen erforderlich sein sollte, finden Sie genauere Anweisungen in der " +"Handbuchseite zu <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1324 +msgid "Example:" +msgstr "Beispiel:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1327 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1331 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" +"In diesem Beispiel wird der Zugriff auf diesen Host auf jene Benutzer " +"beschränkt, deren employeeType-Attribut auf »admin« gesetzt ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1336 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 +msgid "Default: Empty" +msgstr "Voreinstellung: leer" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1350 +msgid "ldap_account_expire_policy (string)" +msgstr "ldap_account_expire_policy (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1353 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" +"Mit dieser Option kann eine Client-seitige Abschätzung der " +"Zugriffssteuerungsattribute aktiviert werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1357 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" +"Bitte beachten Sie, dass die Server-seitige Zugriffssteuerung generell " +"empfohlen wird, d.h. der LDAP-Server sollte die Bind-Abfrage sogar dann mit " +"einem geeigneten Fehlercode zurückweisen, wenn das Passwort korrekt ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1364 +msgid "The following values are allowed:" +msgstr "Die folgenden Werte sind erlaubt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1367 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" +"<emphasis>shadow</emphasis>: verwendet den Wert von " +"»ldap_user_shadow_expire«, um zu bestimmen, ob das Konto abgelaufen ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1372 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" +"<emphasis>ad</emphasis>: verwendet den Wert des 32-Bit-Felds " +"»ldap_user_ad_user_account_control« und ermöglicht den Zugriff, falls das " +"zweite Bit nicht gesetzt ist. Falls das Attribut fehlt, wird Zugriff " +"gewährt. Außerdem wird die Ablaufzeit des Kontos geprüft." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1379 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: verwenden den Wert von »ldap_ns_account_lock«, um zu prüfen, ob " +"Zugriff erlaubt wird oder nicht." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" +"<emphasis>nds</emphasis>: Die Werte von " +"»ldap_user_nds_login_allowed_time_map«, »ldap_user_nds_login_disabled« und " +"»ldap_user_nds_login_expiration_time« werden benutzt, um zu überprüfen, ob " +"Zugriff gewährt wird. Falls diese Attribute fehlen, wird Zugriff erteilt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1393 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" +"Bitte beachten Sie, dass die Konfigurationsoption »ldap_access_order« " +"»expire« enthalten <emphasis>muss</emphasis>, damit die Option " +"»ldap_account_expire_policy« funktioniert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1406 +msgid "ldap_access_order (string)" +msgstr "ldap_access_order (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" +"durch Kommata getrennte Liste von Zugriffssteuerungsoptionen. Folgende Werte " +"sind erlaubt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1413 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "<emphasis>filter</emphasis>: verwendet »ldap_access_filter«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1416 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1426 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1433 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1450 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "<emphasis>expire</emphasis>: verwendet »ldap_account_expire_policy«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 +msgid "" +"The difference between these options is the action taken if user password is " +"expired:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 +msgid "pwd_expire_policy_reject - user is denied to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 +msgid "pwd_expire_policy_warn - user is still able to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 +msgid "" +"pwd_expire_policy_renew - user is prompted to change their password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1489 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" +"<emphasis>authorized_service</emphasis>: verwendet das Attribut " +"»authorizedService«, um zu bestimmen, ob Zugriff gewährt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1499 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" +"<emphasis>host</emphasis>: verwendet das Attribut »host«, um zu bestimmen, " +"ob Zugriff gewährt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1503 +msgid "" +"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " +"remote host can access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "" +"Please note, rhost field in pam is set by application, it is better to check " +"what the application sends to pam, before enabling this access control option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1512 +msgid "Default: filter" +msgstr "Voreinstellung: filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1515 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" +"Bitte beachten Sie, dass es ein Konfigurationsfehler ist, falls ein Wert " +"mehr als einmal benutzt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1522 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1525 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1533 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1536 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1542 +msgid "ldap_deref (string)" +msgstr "ldap_deref (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1545 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" +"gibt an, wie Alias-Dereferenzierung bei einer Suche erledigt wird. Die " +"folgenden Optionen sind erlaubt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1550 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "<emphasis>never</emphasis>: Alias werden nie dereferenziert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" +"<emphasis>searching</emphasis>: Alias werden auf Unterebenen des " +"Basisobjekts dereferenziert, nicht jedoch beim Orten des Basisobjekts der " +"Suche." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1559 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" +"<emphasis>finding</emphasis>: Alias werden nur beim Orten des Basisobjekts " +"der Suche dereferenziert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1564 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" +"<emphasis>always</emphasis>: Alias werden sowohl bei der Suche als auch beim " +"Orten des Basisobjekts der Suche dereferenziert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1569 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" +"Voreinstellung: leer (Dies wird durch LDAP-Client-Bibliotheken wie " +"<emphasis>never</emphasis> gehandhabt.)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1577 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "ldap_rfc2307_fallback_to_local_users (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1580 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" +"ermöglich, lokale Anwender als Mitglieder einer LDAP-Gruppe für Server " +"beizubehalten, die das Schema RFC2307 benutzen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1584 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" +"In einigen Umgebungen, in denen das Schema RFC2307 verwendet wird, werden " +"lokale Benutzer zu Mitgliedern einer LDAP-Gruppe gemacht, indem ihre Namen " +"dem Attribut »memberUid« hinzugefügt werden. Die eigene Stimmigkeit der " +"Domain wird dabei kompromittiert, daher würde SSSD normalerweise »fehlende« " +"Anwender aus den zwischengespeicherten Gruppenmitgliedschaften entfernen, " +"sobald Nsswitch versucht, Informationen über den Anwender durch Aufrufen von " +"getpw*() oder initgroups() abzurufen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1595 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" +"Diese Option greift auf das Prüfen zurück, ob auf lokale Benutzer Bezug " +"genommen wird und speichert sie, so dass spätere Aufrufe von »initgroups() " +"die lokalen Benutzer um zusätzliche LDAP-Gruppen erweitert werden." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 +msgid "wildcard_limit (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1610 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1614 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1624 +#, fuzzy +#| msgid "debug_level (integer)" +msgid "ldap_library_debug_level (integer)" +msgstr "debug_level (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1627 +msgid "" +"Switches on libldap debugging with the given level. The libldap debug " +"messages will be written independent of the general debug_level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1632 +msgid "" +"OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " +"enable full debug output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1637 +#, fuzzy +#| msgid "Default: 0 (disabled)" +msgid "Default: 0 (libldap debugging disabled)" +msgstr "Voreinstellung: 0 (deaktiviert)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:52 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. Note that SSSD " +"LDAP mapping attributes are described in the <citerefentry> " +"<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1647 +msgid "SUDO OPTIONS" +msgstr "SUDO-OPTIONEN" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1649 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Detaillierte Anweisungen zur Konfiguration von sudo_provider finden Sie in " +"der Handbuchseite zu <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1660 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "ldap_sudo_full_refresh_interval (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1663 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" +"wie viele Sekunden SSSD zwischen einer vollständigen Aktualisierung von Sudo-" +"Regeln warten wird (wodurch alle auf dem Server gespeicherten Regeln " +"heruntergeladen werden)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1668 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" +"Der Wert muss größer als <emphasis>ldap_sudo_smart_refresh_interval</" +"emphasis> sein." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1673 +msgid "" +"You can disable full refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 +msgid "Default: 21600 (6 hours)" +msgstr "Voreinstellung: 21600 (6 Stunden)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "ldap_sudo_smart_refresh_interval (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest " +"server USN value that is currently known by SSSD)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1693 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" +"Falls vom Server keine USN-Attribute unterstützt werden, wird stattdessen " +"das Attribut »modifyTimestamp« benutzt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1697 +msgid "" +"<emphasis>Note:</emphasis> the highest USN value can be updated by three " +"tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +"enumeration of users and groups (if enabled and updated users or groups are " +"found) and 3) by reconnecting to the server (by default every 15 minutes, " +"see <emphasis>ldap_connection_expire_timeout</emphasis>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1708 +msgid "" +"You can disable smart refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1719 +#, fuzzy +#| msgid "ldap_idmap_range_size (integer)" +msgid "ldap_sudo_random_offset (integer)" +msgstr "ldap_idmap_range_size (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1722 +msgid "" +"Random offset between 0 and configured value is added to smart and full " +"refresh periods each time the periodic task is scheduled. The value is in " +"seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Note that this random offset is also applied on the first SSSD start which " +"delays the first sudo rules refresh. This prolongs the time when the sudo " +"rules are not available for use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1734 +msgid "You can disable this offset by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1744 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "ldap_sudo_use_host_filter (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1747 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" +"Falls dies auf »true« gesetzt ist, wird SSSD nur die Regeln herunterladen, " +"die auf diese Maschine angewandt werden können (mittels der IPv4- oder IPv6-" +"Netzwerkadressen und Rechnernamen)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1758 +msgid "ldap_sudo_hostnames (string)" +msgstr "ldap_sudo_hostnames (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1761 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" +"durch Leerzeichen getrennte Listen von Rechnernamen oder voll qualifizierten " +"Domain-Namen, die zum Filtern der Regeln benutzt werden sollen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1766 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" +"Falls diese Option leer ist, wird SSSD versuchen, den Rechnernamen und den " +"voll qualifizierten Domain-Namen automatisch herauszufinden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" +"Falls <emphasis>ldap_sudo_use_host_filter</emphasis> <emphasis>false</" +"emphasis> ist, hat diese Option keine Auswirkungen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 +msgid "Default: not specified" +msgstr "Voreinstellung: nicht angegeben" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1782 +msgid "ldap_sudo_ip (string)" +msgstr "ldap_sudo_ip (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1785 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" +"durch Kommata getrennte Liste von IPv4- oder IPv6-Rechner- beziehungsweise " +"Netzwerkadressen, die zum Filtern der Regeln benutzt werden sollen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1790 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" +"Falls diese Option leer ist, wird SSSD versuchen, die Adressen automatisch " +"herauszufinden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1805 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "ldap_sudo_include_netgroups (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1808 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" +"Falls dies auf »true« gesetzt ist, wird SSSD jede Regel herunterladen, die " +"eine Netzgruppe im Attribut »sudoHost« enthält." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1823 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "ldap_sudo_include_regexp (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1826 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" +"Falls dies auf »true« gesetzt ist, wird SSSD jede Regel herunterladen, die " +"einen Platzhalter im Attribut »sudoHost« enthält." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +#: sssd-ldap.5.xml:1836 +msgid "" +"Using wildcard is an operation that is very costly to evaluate on the LDAP " +"server side!" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1848 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" +"Diese Handbuchseite beschreibt nur das Abbilden von Attributnamen. Eine " +"umfassende Erklärung der Sudo-bezogenen Attributsemantik finden Sie unter " +"<citerefentry> <refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1858 +msgid "AUTOFS OPTIONS" +msgstr "AUTOFS-OPTIONEN" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1866 +msgid "ldap_autofs_map_master_name (string)" +msgstr "ldap_autofs_map_master_name (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1869 +msgid "The name of the automount master map in LDAP." +msgstr "Der Name der Automount-Master-Abbildung in LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1872 +msgid "Default: auto.master" +msgstr "Voreinstellung: auto.master" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1883 +msgid "ADVANCED OPTIONS" +msgstr "ERWEITERTE OPTIONEN" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1890 +msgid "ldap_netgroup_search_base (string)" +msgstr "ldap_netgroup_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1895 +msgid "ldap_user_search_base (string)" +msgstr "ldap_user_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1900 +msgid "ldap_group_search_base (string)" +msgstr "ldap_group_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:1905 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no GID mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:1914 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1916 +msgid "ldap_sudo_search_base (string)" +msgstr "ldap_sudo_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_autofs_search_base (string)" +msgstr "ldap_autofs_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1885 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder " +"type=\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 +msgid "EXAMPLE" +msgstr "BEISPIEL" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" +"Das folgende Beispiel geht davon aus, dass SSSD korrekt konfiguriert ist und " +"LDAP auf eine der Domains im Abschnitt <replaceable>[domains]</replaceable> " +"gesetzt ist." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1944 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 +#: include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1955 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1957 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1962 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "ANMERKUNGEN" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1979 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" +"Die Beschreibungen einiger Konfigurationsoptionen auf dieser Handbuchseite " +"basieren auf der Handbuchseite <citerefentry> <refentrytitle>ldap.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> der Distribution " +"OpenLDAP 2.4." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:11 pam_sss.8.xml:16 +msgid "pam_sss" +msgstr "pam_sss" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: pam_sss.8.xml:12 pam_sss_gss.8.xml:12 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11 +#: sssd_krb5_localauth_plugin.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:17 +msgid "PAM module for SSSD" +msgstr "PAM-Modul für SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:22 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg " +"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg " +"choice='opt'> <replaceable>prompt_always</replaceable> </arg> <arg " +"choice='opt'> <replaceable>try_cert_auth</replaceable> </arg> <arg " +"choice='opt'> <replaceable>require_cert_auth</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:64 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" +"<command>pam_sss.so</command> ist die PAM-Schnittstelle des " +"Systemsicherheitsdienst-Daemons (»System Security Services daemon«/SSSD). " +"Fehler und Ergebnisse werden durch <command>syslog(3)</command> mit der " +"Fertigkeit LOG_AUTHPRIV protokolliert." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123 +#: sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "OPTIONEN" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:74 +msgid "<option>quiet</option>" +msgstr "<option>quiet</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:77 +msgid "Suppress log messages for unknown users." +msgstr "unterdrückt Protokollnachrichten für unbekannte Benutzer" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>forward_pass</option>" +msgstr "<option>forward_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" +"Falls <option>forward_pass</option> gesetzt ist, wird das eingegebene " +"Passwort in den Stapelverabeitungsspeicher gelegt, damit andere PAM-Module " +"es nutzen können." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:92 +msgid "<option>use_first_pass</option>" +msgstr "<option>use_first_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:95 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" +"Das Argument »use_first_pass« zwingt das Modul ein vorher im " +"Stapelverabeitungsspeicher abgelegtes Passwort zu benutzen. Es wird den " +"Anwender nie fragen. Falls kein Passwort verfügbar oder das Passwort " +"ungeeignet ist, wird dem Benutzer der Zugriff verwehrt." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>use_authtok</option>" +msgstr "<option>use_authtok</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" +"Wenn das Passwort geändert wird, erzwingt das Modul, dass das neue Passwort " +"von einem vorher im Stapelverabeitungsspeicher abgelegten Passwortmodul " +"bereitgestellt wird." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:113 +msgid "<option>retry=N</option>" +msgstr "<option>retry=N</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:116 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" +"Ist dies angegeben, wird der Benutzer weitere N mal nach einem Passwort " +"gefragt, falls die Authentifizierung fehlschlägt. Voreinstellung ist 0." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:118 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" +"Bitte beachten Sie, dass diese Option möglicherweise nicht wie erwartet " +"funktioniert, falls eine Anwendung, die PAM aufruft, den Benutzerdialog " +"selbst abwickelt. Ein typisches Beispiel ist <command>sshd</command> mit " +"<option>PasswordAuthentication</option>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_unknown_user</option>" +msgstr "<option>ignore_unknown_user</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:130 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" +"Falls diese Option angegeben ist, aber der Benutzer nicht existiert, gibt " +"das PAM-Modul den Wert PAM_IGNORE zurück. Dies hat zur Folge, dass das PAM-" +"Framework dieses Modul ignoriert." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:137 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "<option>ignore_authinfo_unavail</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:141 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" +"Gibt an, dass das PAM-Modul PAM_IGNORE zurückgeben soll, falls der SSSD-" +"Daemon nicht kontaktiert werden kann. Dies hat zur Folge, dass das PAM-" +"Framework dieses Modul ignoriert." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:148 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:152 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:158 +#, fuzzy +#| msgid "" +#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> manual page for more details." +msgid "" +"NOTE: If this is used for a service not running as root user, e.g. a web-" +"server, it must be used in conjunction with the <quote>pam_trusted_users</" +"quote> and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" +"Weitere Einzelheiten finden Sie in der Handbuchseite <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> beim Parameter »dns_discovery_domain«." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:173 +msgid "<option>allow_missing_name</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:177 +msgid "" +"The main purpose of this option is to let SSSD determine the user name based " +"on additional information, e.g. the certificate from a Smartcard." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: pam_sss.8.xml:187 +#, no-wrap +msgid "" +"auth sufficient pam_sss.so allow_missing_name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:182 +msgid "" +"The current use case are login managers which can monitor a Smartcard reader " +"for card events. In case a Smartcard is inserted the login manager will call " +"a PAM stack which includes a line like <placeholder type=\"programlisting\" " +"id=\"0\"/> In this case SSSD will try to determine the user name based on " +"the content of the Smartcard, returns it to pam_sss which will finally put " +"it on the PAM stack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:197 +msgid "<option>prompt_always</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:201 +msgid "" +"Always prompt the user for credentials. With this option credentials " +"requested by other PAM modules, typically a password, will be ignored and " +"pam_sss will prompt for credentials again. Based on the pre-auth reply by " +"SSSD pam_sss might prompt for a password, a Smartcard PIN or other " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:212 +msgid "<option>try_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:216 +msgid "" +"Try to use certificate based authentication, i.e. authentication with a " +"Smartcard or similar devices. If a Smartcard is available and the service is " +"allowed for Smartcard authentication the user will be prompted for a PIN and " +"the certificate based authentication will continue" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:224 +msgid "" +"If no Smartcard is available or certificate based authentication is not " +"allowed for the current service PAM_AUTHINFO_UNAVAIL is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:232 +msgid "<option>require_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:236 +msgid "" +"Do certificate based authentication, i.e. authentication with a Smartcard " +"or similar devices. If a Smartcard is not available the user will be " +"prompted to insert one. SSSD will wait for a Smartcard until the timeout " +"defined by p11_wait_for_card_timeout passed, please see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:246 +msgid "" +"If no Smartcard is available after the timeout or certificate based " +"authentication is not allowed for the current service PAM_AUTHINFO_UNAVAIL " +"is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:256 pam_sss_gss.8.xml:103 +msgid "MODULE TYPES PROVIDED" +msgstr "BEREITGESTELLTE MODULTYPEN" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:257 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" +"Alle Modultypen (<option>account</option>, <option>auth</option>, " +"<option>password</option> und <option>session</option>) werden " +"bereitgestellt." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:260 +msgid "" +"If SSSD's PAM responder is not running, e.g. if the PAM responder socket is " +"not available, pam_sss will return PAM_USER_UNKNOWN when called as " +"<option>account</option> module to avoid issues with users from other " +"sources during access control." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:267 pam_sss_gss.8.xml:108 +msgid "RETURN VALUES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:270 pam_sss_gss.8.xml:111 +msgid "PAM_SUCCESS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:273 pam_sss_gss.8.xml:114 +msgid "The PAM operation finished successfully." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:278 pam_sss_gss.8.xml:119 +msgid "PAM_USER_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:281 +msgid "" +"The user is not known to the authentication service or the SSSD's PAM " +"responder is not running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:287 pam_sss_gss.8.xml:128 +msgid "PAM_AUTH_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:290 +msgid "" +"Authentication failure. Also, could be returned when there is a problem with " +"getting the certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:296 +msgid "PAM_PERM_DENIED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:299 +msgid "" +"Permission denied. The SSSD log files may contain additional information " +"about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:305 +msgid "PAM_IGNORE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:308 +msgid "" +"See options <option>ignore_unknown_user</option> and " +"<option>ignore_authinfo_unavail</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:314 +msgid "PAM_AUTHTOK_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:317 +msgid "" +"Unable to obtain the new authentication token. Also, could be returned when " +"the user authenticates with certificates and multiple certificates are " +"available, but the installed version of GDM does not support selection from " +"multiple certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:325 pam_sss_gss.8.xml:136 +msgid "PAM_AUTHINFO_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:328 pam_sss_gss.8.xml:139 +msgid "" +"Unable to access the authentication information. This might be due to a " +"network or hardware failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:334 +msgid "PAM_BUF_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:337 +msgid "" +"A memory error occurred. Also, could be returned when options use_first_pass " +"or use_authtok were set, but no password was found from the previously " +"stacked PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:344 pam_sss_gss.8.xml:145 +msgid "PAM_SYSTEM_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:347 pam_sss_gss.8.xml:148 +msgid "" +"A system error occurred. The SSSD log files may contain additional " +"information about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:353 +msgid "PAM_CRED_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:356 +msgid "Unable to set the credentials of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:361 +msgid "PAM_CRED_INSUFFICIENT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:364 +msgid "" +"The application does not have sufficient credentials to authenticate the " +"user. For example, missing PIN during smartcard authentication or missing " +"factor during two-factor authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:372 +msgid "PAM_SERVICE_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:375 +msgid "Error in service module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:380 +msgid "PAM_NEW_AUTHTOK_REQD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:383 +msgid "The user's authentication token has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:388 +msgid "PAM_ACCT_EXPIRED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:391 +msgid "The user account has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:396 +msgid "PAM_SESSION_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:399 +msgid "Unable to fetch IPA Desktop Profile rules or user info." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:404 +msgid "PAM_CRED_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:407 +msgid "Unable to retrieve Kerberos user credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:412 +msgid "PAM_NO_MODULE_DATA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:415 +msgid "" +"No authentication method was found by Kerberos. This might happen if the " +"user has a Smartcard assigned but the pkint plugin is not available on the " +"client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:422 +msgid "PAM_CONV_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:425 +msgid "Conversation failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:430 +msgid "PAM_AUTHTOK_LOCK_BUSY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:433 +msgid "No KDC suitable for password change is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:438 +msgid "PAM_ABORT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:441 +msgid "Unknown PAM call." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:446 +msgid "PAM_MODULE_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:449 +msgid "Unsupported PAM task or command." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:454 +msgid "PAM_BAD_ITEM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:457 +msgid "The authentication module cannot handle Smartcard credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:465 +msgid "FILES" +msgstr "DATEIEN" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:466 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" +"Falls ein Zurücksetzen des Passworts durch Root fehlschlägt, weil der " +"zugehörige SSSD-Anbieter das Zurücksetzen von Passwörtern nicht unterstützt, " +"kann eine individuelle Nachricht angezeigt werden. Diese Nachricht kann z.B. " +"Anweisungen enthalten, wie ein Passwort zurückgesetzt wird." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:471 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" +"Die Nachricht wird aus der Datei <filename>pam_sss_pw_reset_message.LOC</" +"filename> gelesen, wobei LOC für eine durch <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry> zurückgegebene Zeichenkette steht. Falls dort keine passende " +"Datei ist, wird der Inhalt von <filename>pam_sss_pw_reset_message.txt</" +"filename> angezeigt. Root muss der Besitzer der Dateien sein und nur Root " +"kann Lese- und Schreibrechte haben, während alle anderen Anwender nur " +"Leserechte haben dürfen." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:481 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" +"Diese Dateien werden im Verzeichnis <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename> gesucht. Falls keine passende Datei vorhanden ist, " +"wird eine allgemeine Nachricht angezeigt." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss_gss.8.xml:11 pam_sss_gss.8.xml:16 +#, fuzzy +#| msgid "pam_sss" +msgid "pam_sss_gss" +msgstr "pam_sss" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss_gss.8.xml:17 +#, fuzzy +#| msgid "PAM module for SSSD" +msgid "PAM module for SSSD GSSAPI authentication" +msgstr "PAM-Modul für SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss_gss.8.xml:22 +#, fuzzy +#| msgid "" +#| "<command>sssd</command> <arg choice='opt'> <replaceable>options</" +#| "replaceable> </arg>" +msgid "" +"<command>pam_sss_gss.so</command> <arg choice='opt'> <replaceable>debug</" +"replaceable> </arg>" +msgstr "" +"<command>sssd</command> <arg choice='opt'> <replaceable>Optionen</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:32 +msgid "" +"<command>pam_sss_gss.so</command> authenticates user over GSSAPI in " +"cooperation with SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:36 +msgid "" +"This module will try to authenticate the user using the GSSAPI hostbased " +"service name host@hostname which translates to host/hostname@REALM Kerberos " +"principal. The <emphasis>REALM</emphasis> part of the Kerberos principal " +"name is derived by Kerberos internal mechanisms and it can be set explicitly " +"in configuration of [domain_realm] section in /etc/krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:44 +msgid "" +"SSSD is used to provide desired service name and to validate the user's " +"credentials using GSSAPI calls. If the service ticket is already present in " +"the Kerberos credentials cache or if user's ticket granting ticket can be " +"used to get the correct service ticket then the user will be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:51 +msgid "" +"If <option>pam_gssapi_check_upn</option> is True (default) then SSSD " +"requires that the credentials used to obtain the service tickets can be " +"associated with the user. This means that the principal that owns the " +"Kerberos credentials must match with the user principal name as defined in " +"LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:58 +msgid "" +"To enable GSSAPI authentication in SSSD, set <option>pam_gssapi_services</" +"option> option in [pam] or domain section of sssd.conf. The service " +"credentials need to be stored in SSSD's keytab (it is already present if you " +"use ipa or ad provider). The keytab location can be set with " +"<option>krb5_keytab</option> option. See <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> and " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more details on these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:74 +msgid "" +"Some Kerberos deployments allow to associate authentication indicators with " +"a particular pre-authentication method used to obtain the ticket granting " +"ticket by the user. <command>pam_sss_gss.so</command> allows to enforce " +"presence of authentication indicators in the service tickets before a " +"particular PAM service can be accessed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:82 +msgid "" +"If <option>pam_gssapi_indicators_map</option> is set in the [pam] or domain " +"section of sssd.conf, then SSSD will perform a check of the presence of any " +"configured indicators in the service ticket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss_gss.8.xml:93 +#, fuzzy +#| msgid "<option>quiet</option>" +msgid "<option>debug</option>" +msgstr "<option>quiet</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:96 +msgid "Print debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:104 +msgid "Only the <option>auth</option> module type is provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:122 +msgid "" +"The user is not known to the authentication service or the GSSAPI " +"authentication is not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:131 +msgid "Authentication failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:159 +msgid "" +"The main use case is to provide password-less authentication in sudo but " +"without the need to disable authentication completely. To achieve this, " +"first enable GSSAPI authentication for sudo in sssd.conf:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:165 +#, no-wrap +msgid "" +"[domain/MYDOMAIN]\n" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:169 +msgid "" +"And then enable the module in desired PAM stack (e.g. /etc/pam.d/sudo and /" +"etc/pam.d/sudo-i)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:173 +#, no-wrap +msgid "" +"...\n" +"auth sufficient pam_sss_gss.so\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss_gss.8.xml:180 +msgid "TROUBLESHOOTING" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:182 +msgid "" +"SSSD logs, pam_sss_gss debug output and syslog may contain helpful " +"information about the error. Here are some common issues:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:186 +msgid "" +"1. I have KRB5CCNAME environment variable set and the authentication does " +"not work: Depending on your sudo version, it is possible that sudo does not " +"pass this variable to the PAM environment. Try adding KRB5CCNAME to " +"<option>env_keep</option> in /etc/sudoers or in your LDAP sudo rules default " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:193 +msgid "" +"2. Authentication does not work and syslog contains \"Server not found in " +"Kerberos database\": Kerberos is probably not able to resolve correct realm " +"for the service ticket based on the hostname. Try adding the hostname " +"directly to <option>[domain_realm]</option> in /etc/krb5.conf like so:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:200 +msgid "" +"3. Authentication does not work and syslog contains \"No Kerberos " +"credentials available\": You don't have any credentials that can be used to " +"obtain the required service ticket. Use kinit or authenticate over SSSD to " +"acquire those credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:206 +msgid "" +"4. Authentication does not work and SSSD sssd-pam log contains \"User with " +"UPN [$UPN] was not found.\" or \"UPN [$UPN] does not match target user " +"[$username].\": You are using credentials that can not be mapped to the user " +"that is being authenticated. Try to use kswitch to select different " +"principal, make sure you authenticated with SSSD or consider disabling " +"<option>pam_gssapi_check_upn</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:214 +#, no-wrap +msgid "" +"[domain_realm]\n" +".myhostname = MYREALM\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "sssd_krb5_locator_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "Kerberos Locator-Plugin" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by libkrb5 to find KDCs for a given Kerberos realm. SSSD provides such " +"a plugin to guide all Kerberos clients on a system to a single KDC. In " +"general it should not matter to which KDC a client process is talking to. " +"But there are cases, e.g. after a password change, where not all KDCs are in " +"the same state because the new data has to be replicated first. To avoid " +"unexpected authentication failures and maybe even account lockings it would " +"be good to talk to a single KDC as long as possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:34 +msgid "" +"libkrb5 will search the locator plugin in the libkrb5 sub-directory of the " +"Kerberos plugin directory, see plugin_base_dir in <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for details. The plugin can only be disabled by removing the " +"plugin file. There is no option in the Kerberos configuration to disable it. " +"But the SSSD_KRB5_LOCATOR_DISABLE environment variable can be used to " +"disable the plugin for individual commands. Alternatively the SSSD option " +"krb5_use_kdcinfo=False can be used to not generate the data needed by the " +"plugin. With this the plugin is still called but will provide no data to the " +"caller so that libkrb5 can fall back to other methods defined in krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:50 +msgid "" +"The plugin reads the information about the KDCs of a given realm from a file " +"called <filename>kdcinfo.REALM</filename>. The file should contain one or " +"more DNS names or IP addresses either in dotted-decimal IPv4 notation or the " +"hexadecimal IPv6 notation. An optional port number can be added to the end " +"separated with a colon, the IPv6 address has to be enclosed in squared " +"brackets in this case as usual. Valid entries are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:58 +msgid "kdc.example.com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:59 +msgid "kdc.example.com:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:60 +msgid "1.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:61 +msgid "5.6.7.8:99" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:62 +msgid "2001:db8:85a3::8a2e:370:7334" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "[2001:db8:85a3::8a2e:370:7334]:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:65 +msgid "" +"SSSD's krb5 auth-provider which is used by the IPA and AD providers as well " +"adds the address of the current KDC or domain controller SSSD is using to " +"this file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:70 +msgid "" +"In environments with read-only and read-write KDCs where clients are " +"expected to use the read-only instances for the general operations and only " +"the read-write KDC for config changes like password changes a " +"<filename>kpasswdinfo.REALM</filename> is used as well to identify read-" +"write KDCs. If this file exists for the given realm the content will be used " +"by the plugin to reply to requests for a kpasswd or kadmin server or for the " +"MIT Kerberos specific master KDC. If the address contains a port number the " +"default KDC port 88 will be used for the latter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:85 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" +"Nicht alle Kerberos-Implementierungen unterstützen die Verwendung von " +"Erweiterungen. Falls <command>sssd_krb5_locator_plugin</command> nicht auf " +"Ihrem System vorhanden ist, müssen Sie /etc/krb5.conf bearbeiten, damit sie " +"Ihre Kerberos-Einrichtung widerspiegelt." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:91 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" +"Falls die Umgebungsvariable SSSD_KRB5_LOCATOR_DEBUG auf irgendeinen Wert " +"gesetzt ist, werden Debug-Nachrichten an »stderr« gesandt." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:95 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value " +"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the " +"caller." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:100 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES is set to " +"any value plugin will try to resolve all DNS names in kdcinfo file. By " +"default plugin returns KRB5_PLUGIN_NO_HANDLE to the caller immediately on " +"first DNS resolving failure." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "sssd-simple" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" +"die Konfigurationsdatei für den »einfachen« Zugriffssteuerungsanbieter von " +"SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" +"Diese Handbuchseite beschreibt die Konfiguration des einfachen " +"Zugriffssteuerungsanbieters für <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. Eine ausführliche " +"Syntax-Referenz finden Sie im Abschnitt »DATEIFORMAT« der Handbuchseite " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" +"Der einfache Zugriffsanbieter gewährt oder verweigert den Zugriff auf Basis " +"einer Zugriffs- oder Verbotsliste von Benutzer- oder Gruppennamen. Es gelten " +"die folgenden Regeln:" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "Falls alle Listen leer sind, wird Zugriff gewährt." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" +"Falls irgendeine Liste bereitgestellt wird, ist die Reihenfolge der " +"Auswertung »erlauben,verbieten«. Das heißt, dass eine passende verbietende " +"Regeln jede passende erlaubende Regel ersetzt." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" +"Falls eine oder beide »Erlaubnislisten« bereitgestellt werden, ist der " +"Zugriff allen Benutzern verboten, sofern sie nicht auf der Liste erscheinen." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" +"Falls nur »Verbotslisten« bereitgestellt werden, wird der Zugriff allen " +"Benutzern gewährt, sofern sie nicht auf der Liste stehen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "simple_allow_users (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "Durch Kommata getrennte Liste von Benutzern, die sich anmelden dürfen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "simple_deny_users (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" +"Durch Kommata getrennte Liste von Benutzern, denen der Zugriff explizit " +"verwehrt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "simple_allow_groups (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" +"Durch Kommata getrennte Liste von Gruppen, die sich anmelden dürfen. Dies " +"gilt nur für Gruppen innerhalb dieser SSSD-Domain. Lokale Gruppen werden " +"nicht ausgewertet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "simple_deny_groups (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" +"Durch Kommata getrennte Liste von Gruppen, denen der Zugriff explizit " +"verwehrt wird. Dies gilt nur für Gruppen innerhalb dieser SSSD-Domain. " +"Lokale Gruppen werden nicht ausgewertet." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:83 sssd-ad.5.xml:131 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Einzelheiten über die Konfiguration einer SSSD-Domain finden Sie im " +"Abschnitt »DOMAIN-ABSCHNITTE« der Handbuchseite <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" +"Keine Werte für eine der Listen anzugeben ist so, als ob sie ganz " +"übersprungen würde. Hüten Sie sich davor, solange Parameter für den " +"einfachen Anbieter mittels automatischer Skripte erzeugt werden." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" +"Bitte beachten Sie, das es ein Konfigurationsfehler ist, wenn sowohl " +"»simple_allow_users« als auch »simple_deny_users« definiert sind." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" +"Das folgende Beispiel geht davon aus, dass SSSD korrekt konfiguriert ist und " +"example.com eine der im Abschnitt <replaceable>[sssd]</replaceable> " +"erwähnten Domains ist. Die Beispiele zeigen nur die anbieterspezifischen " +"Optionen des einfachen Anbieters." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" +"Die vollständige Hierarchie der Gruppenmitgliedschaft wird aufgelöst, bevor " +"die Zugriffsprüfung ausgeführt wird. Daher können selbst verschachtelte " +"Gruppen Teil der Zugriffslisten werden. Bitte beachten Sie, dass die Option " +"<quote>ldap_group_nesting_level</quote> die Ergebnisse beeinflussen kann und " +"daher auf einen ausreichenden Wert gesetzt werden sollte. Siehe " +"(<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>)." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss-certmap.5.xml:10 sss-certmap.5.xml:16 +msgid "sss-certmap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss-certmap.5.xml:17 +msgid "SSSD Certificate Matching and Mapping Rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:23 +msgid "" +"The manual page describes the rules which can be used by SSSD and other " +"components to match X.509 certificates and map them to accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:28 +msgid "" +"Each rule has four components, a <quote>priority</quote>, a <quote>matching " +"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</" +"quote>. All components are optional. A missing <quote>priority</quote> will " +"add the rule with the lowest priority. The default <quote>matching rule</" +"quote> will match certificates with the digitalSignature key usage and " +"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty " +"the certificates will be searched in the userCertificate attribute as DER " +"encoded binary. If no domains are given only the local domain will be " +"searched." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:39 +msgid "" +"To allow extensions or completely different style of rule the " +"<quote>mapping</quote> and <quote>matching rules</quote> can contain a " +"prefix separated with a ':' from the main part of the rule. The prefix may " +"only contain upper-case ASCII letters and numbers. If the prefix is omitted " +"the default type will be used which is 'KRB5' for the matching rules and " +"'LDAP' for the mapping rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:48 +msgid "" +"The 'sssctl' utility provides the 'cert-eval-rule' command to check if a " +"given certificate matches a matching rules and how the output of a mapping " +"rule would look like." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss-certmap.5.xml:55 +msgid "RULE COMPONENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:57 +msgid "PRIORITY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:59 +msgid "" +"The rules are processed by priority while the number '0' (zero) indicates " +"the highest priority. The higher the number the lower is the priority. A " +"missing value indicates the lowest priority. The rules processing is stopped " +"when a matched rule is found and no further rules are checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:66 +msgid "" +"Internally the priority is treated as unsigned 32bit integer, using a " +"priority value larger than 4294967295 will cause an error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:70 +msgid "" +"If multiple rules have the same priority and only one of the related " +"matching rules applies, this rule will be chosen. If there are multiple " +"rules with the same priority which matches, one is chosen but which one is " +"undefined. To avoid this undefined behavior either use different priorities " +"or make the matching rules more specific e.g. by using distinct <" +"ISSUER> patterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:79 +msgid "MATCHING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:81 +msgid "" +"The matching rule is used to select a certificate to which the mapping rule " +"should be applied. It uses a system similar to the one used by " +"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a " +"keyword enclosed by '<' and '>' which identified a certain part of the " +"certificate and a pattern which should be found for the rule to match. " +"Multiple keyword pattern pairs can be either joined with '&&' (and) " +"or '||' (or)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:90 +msgid "" +"Given the similarity to MIT Kerberos the type prefix for this rule is " +"'KRB5'. But 'KRB5' will also be the default for <quote>matching rules</" +"quote> so that \"<SUBJECT>.*,DC=MY,DC=DOMAIN\" and \"KRB5:<" +"SUBJECT>.*,DC=MY,DC=DOMAIN\" are equivalent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:99 +msgid "<SUBJECT>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:102 +msgid "" +"With this a part or the whole subject name of the certificate can be " +"matched. For the matching POSIX Extended Regular Expression syntax is used, " +"see regex(7) for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:108 +msgid "" +"For the matching the subject name stored in the certificate in DER encoded " +"ASN.1 is converted into a string according to RFC 4514. This means the most " +"specific name component comes first. Please note that not all possible " +"attribute names are covered by RFC 4514. The names included are 'CN', 'L', " +"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might " +"be shown differently on different platform and by different tools. To avoid " +"confusion those attribute names are best not used or covered by a suitable " +"regular-expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:121 +msgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:124 +msgid "" +"Please note that the characters \"^.[$()|*+?{\\\" have a special meaning in " +"regular expressions and must be escaped with the help of the '\\' character " +"so that they are matched as ordinary characters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:130 +msgid "Example: <SUBJECT>^CN=.* \\(Admin\\),DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:135 +msgid "<ISSUER>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:138 +msgid "" +"With this a part or the whole issuer name of the certificate can be matched. " +"All comments for <SUBJECT> apply her as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:143 +msgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:148 +msgid "<KU>key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:151 +msgid "" +"This option can be used to specify which key usage values the certificate " +"should have. The following values can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:155 +msgid "digitalSignature" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:156 +msgid "nonRepudiation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:157 +msgid "keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:158 +msgid "dataEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:159 +msgid "keyAgreement" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:160 +msgid "keyCertSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:161 +msgid "cRLSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:162 +msgid "encipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:163 +msgid "decipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:167 +msgid "" +"A numerical value in the range of a 32bit unsigned integer can be used as " +"well to cover special use cases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:171 +msgid "Example: <KU>digitalSignature,keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:176 +msgid "<EKU>extended-key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:179 +msgid "" +"This option can be used to specify which extended key usage the certificate " +"should have. The following value can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:183 +msgid "serverAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:184 +msgid "clientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:185 +msgid "codeSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:186 +msgid "emailProtection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:187 +msgid "timeStamping" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:188 +msgid "OCSPSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:189 +msgid "KPClientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:190 +msgid "pkinit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:191 +msgid "msScLogin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:195 +msgid "" +"Extended key usages which are not listed above can be specified with their " +"OID in dotted-decimal notation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:199 +msgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:204 +msgid "<SAN>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:207 +msgid "" +"To be compatible with the usage of MIT Kerberos this option will match the " +"Kerberos principals in the PKINIT or AD NT Principal SAN as <SAN:" +"Principal> does." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:212 +msgid "Example: <SAN>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:217 +msgid "<SAN:Principal>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:220 +msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:224 +msgid "Example: <SAN:Principal>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:229 +msgid "<SAN:ntPrincipalName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:232 +msgid "Match the Kerberos principals from the AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:236 +msgid "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:241 +msgid "<SAN:pkinit>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:244 +msgid "Match the Kerberos principals from the PKINIT SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:247 +msgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:252 +msgid "<SAN:dotted-decimal-oid>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:255 +msgid "" +"Take the value of the otherName SAN component given by the OID in dotted-" +"decimal notation, interpret it as string and try to match it against the " +"regular expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:261 +msgid "Example: <SAN:1.2.3.4>test" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:266 +msgid "<SAN:otherName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:269 +msgid "" +"Do a binary match with the base64 encoded blob against all otherName SAN " +"components. With this option it is possible to match against custom " +"otherName components with special encodings which could not be treated as " +"strings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:276 +msgid "Example: <SAN:otherName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:281 +msgid "<SAN:rfc822Name>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:284 +msgid "Match the value of the rfc822Name SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:287 +msgid "Example: <SAN:rfc822Name>.*@email\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:292 +msgid "<SAN:dNSName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:295 +msgid "Match the value of the dNSName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:298 +msgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:303 +msgid "<SAN:x400Address>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:306 +msgid "Binary match the value of the x400Address SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:309 +msgid "Example: <SAN:x400Address>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:314 +msgid "<SAN:directoryName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:317 +msgid "" +"Match the value of the directoryName SAN. The same comments as given for <" +"ISSUER> and <SUBJECT> apply here as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:322 +msgid "Example: <SAN:directoryName>.*,DC=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:327 +msgid "<SAN:ediPartyName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:330 +msgid "Binary match the value of the ediPartyName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:333 +msgid "Example: <SAN:ediPartyName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:338 +msgid "<SAN:uniformResourceIdentifier>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:341 +msgid "Match the value of the uniformResourceIdentifier SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:344 +msgid "Example: <SAN:uniformResourceIdentifier>URN:.*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:349 +msgid "<SAN:iPAddress>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:352 +msgid "Match the value of the iPAddress SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:355 +msgid "Example: <SAN:iPAddress>192\\.168\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:360 +msgid "<SAN:registeredID>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:363 +msgid "Match the value of the registeredID SAN as dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:367 +msgid "Example: <SAN:registeredID>1\\.2\\.3\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:96 +msgid "" +"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:375 +msgid "MAPPING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:377 +msgid "" +"The mapping rule is used to associate a certificate with one or more " +"accounts. A Smartcard with the certificate and the matching private key can " +"then be used to authenticate as one of those accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:382 +msgid "" +"Currently SSSD basically only supports LDAP to lookup user information (the " +"exception is the proxy provider which is not of relevance here). Because of " +"this the mapping rule is based on LDAP search filter syntax with templates " +"to add certificate content to the filter. It is expected that the filter " +"will only contain the specific data needed for the mapping and that the " +"caller will embed it in another filter to do the actual search. Because of " +"this the filter string should start and stop with '(' and ')' respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:392 +msgid "" +"In general it is recommended to use attributes from the certificate and add " +"them to special attributes to the LDAP user object. E.g. the " +"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute " +"for IPA can be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:398 +msgid "" +"This should be preferred to read user specific data from the certificate " +"like e.g. an email address and search for it in the LDAP server. The reason " +"is that the user specific data in LDAP might change for various reasons " +"would break the mapping. On the other hand it would be hard to break the " +"mapping on purpose for a specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:406 +msgid "" +"The default <quote>mapping rule</quote> type is 'LDAP' which can be added as " +"a prefix to a rule like e.g. 'LDAP:(userCertificate;binary={cert!bin})'. " +"There is an extension called 'LDAPU1' which offer more templates for more " +"flexibility. To allow older versions of this library to ignore the extension " +"the prefix 'LDAPU1' must be used when using the new templates in a " +"<quote>mapping rule</quote> otherwise the old version of this library will " +"fail with a parsing error. The new templates are described in section <xref " +"linkend=\"map_ldapu1\"/>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:424 +msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:427 +msgid "" +"This template will add the full issuer DN converted to a string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:433 sss-certmap.5.xml:459 +msgid "" +"The conversion options starting with 'ad_' will use attribute names as used " +"by AD, e.g. 'S' instead of 'ST'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:437 sss-certmap.5.xml:463 +msgid "" +"The conversion options starting with 'nss_' will use attribute names as used " +"by NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:441 sss-certmap.5.xml:467 +msgid "" +"The default conversion option is 'nss', i.e. attribute names according to " +"NSS and LDAP/RFC 4514 ordering." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:445 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!" +"ad})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:450 +msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:453 +msgid "" +"This template will add the full subject DN converted to string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:471 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>" +"{subject_dn!nss_x500})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:476 +msgid "{cert[!(bin|base64)]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:479 +msgid "" +"This template will add the whole DER encoded certificate as a string to the " +"search filter. Depending on the conversion option the binary certificate is " +"either converted to an escaped hex sequence '\\xx' or base64. The escaped " +"hex sequence is the default and can e.g. be used with the LDAP attribute " +"'userCertificate;binary'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:487 +msgid "Example: (userCertificate;binary={cert!bin})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:492 +msgid "{subject_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:495 +msgid "" +"This template will add the Kerberos principal which is taken either from the " +"SAN used by pkinit or the one used by AD. The 'short_name' component " +"represents the first part of the principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:501 +msgid "" +"Example: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:506 +msgid "{subject_pkinit_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:509 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by pkinit. The 'short_name' component represents the first part of the " +"principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:515 +msgid "" +"Example: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:520 +msgid "{subject_nt_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:523 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by AD. The 'short_name' component represent the first part of the principal " +"before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:529 +msgid "" +"Example: (|(userPrincipalName={subject_nt_principal})" +"(samAccountName={subject_nt_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:534 +msgid "{subject_rfc822_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:537 +msgid "" +"This template will add the string which is stored in the rfc822Name " +"component of the SAN, typically an email address. The 'short_name' component " +"represents the first part of the address before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:543 +msgid "" +"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name." +"short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:548 +msgid "{subject_dns_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:551 +msgid "" +"This template will add the string which is stored in the dNSName component " +"of the SAN, typically a fully-qualified host name. The 'short_name' " +"component represents the first part of the name before the first '.' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:557 +msgid "" +"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:562 +msgid "{subject_uri}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:565 +msgid "" +"This template will add the string which is stored in the " +"uniformResourceIdentifier component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:569 +msgid "Example: (uri={subject_uri})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:574 +msgid "{subject_ip_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:577 +msgid "" +"This template will add the string which is stored in the iPAddress component " +"of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:581 +msgid "Example: (ip={subject_ip_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:586 +msgid "{subject_x400_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:589 +msgid "" +"This template will add the value which is stored in the x400Address " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:594 +msgid "Example: (attr:binary={subject_x400_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:599 +msgid "" +"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:602 +msgid "" +"This template will add the DN string of the value which is stored in the " +"directoryName component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:606 +msgid "Example: (orig_dn={subject_directory_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:611 +msgid "{subject_ediparty_name}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:614 +msgid "" +"This template will add the value which is stored in the ediPartyName " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:619 +msgid "Example: (attr:binary={subject_ediparty_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:624 +msgid "{subject_registered_id}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:627 +msgid "" +"This template will add the OID which is stored in the registeredID component " +"of the SAN as a dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:632 +msgid "Example: (oid={subject_registered_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:417 +msgid "" +"The templates to add certificate data to the search filter are based on " +"Python-style formatting strings. They consist of a keyword in curly braces " +"with an optional sub-component specifier separated by a '.' or an optional " +"conversion/formatting option separated by a '!'. Allowed values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><title> +#: sss-certmap.5.xml:639 +msgid "LDAPU1 extension" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para> +#: sss-certmap.5.xml:641 +msgid "The following template are available when using the 'LDAPU1' extension:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:647 +msgid "{serial_number[!(dec|hex[_ucr])]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:650 +msgid "" +"This template will add the serial number of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:655 +msgid "" +"With the formatting option '!dec' the number will be printed as decimal " +"string. The hexadecimal output can be printed with upper-case letters ('!" +"hex_u'), with a colon separating the hexadecimal bytes ('!hex_c') or with " +"the hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can " +"be combined so that e.g. '!hex_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:665 +msgid "Example: LDAPU1:(serial={serial_number})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:671 +msgid "{subject_key_id[!hex[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:674 +msgid "" +"This template will add the subject key id of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:679 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!hex_u'), " +"with a colon separating the hexadecimal bytes ('!hex_c') or with the " +"hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can be " +"combined so that e.g. '!hex_uc' will produce a colon-separated hexadecimal " +"string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:688 +msgid "Example: LDAPU1:(ski={subject_key_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:694 +msgid "{cert[!DIGEST[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:697 +msgid "" +"This template will add the hexadecimal digest/hash of the certificate where " +"DIGEST must be replaced with the name of a digest/hash function supported by " +"OpenSSL, e.g. 'sha512'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:703 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!sha512_u'), " +"with a colon separating the hexadecimal bytes ('!sha512_c') or with the " +"hexadecimal bytes in reverse order ('!sha512_r'). The postfix letters can be " +"combined so that e.g. '!sha512_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:712 +msgid "Example: LDAPU1:(dgst={cert!sha256})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:718 +msgid "{subject_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:721 +msgid "" +"This template will add an attribute value of a component of the subject DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:726 +msgid "" +"A different component can it either selected by attribute name, e.g. " +"{subject_dn_component.uid} or by position, e.g. {subject_dn_component.[2]} " +"where positive numbers start counting from the most specific component and " +"negative numbers start counting from the least specific component. Attribute " +"name and the position can be combined as e.g. {subject_dn_component.uid[2]} " +"which means that the name of the second component must be 'uid'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:737 +msgid "Example: LDAPU1:(uid={subject_dn_component.uid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:743 +msgid "{issuer_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:746 +msgid "" +"This template will add an attribute value of a component of the issuer DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:751 +msgid "" +"See 'subject_dn_component' for details about the attribute name and position " +"specifiers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:755 +msgid "" +"Example: LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component." +"dc[-1]})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:760 +msgid "{sid[.rid]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:763 +msgid "" +"This template will add the SID if the corresponding extension introduced by " +"Microsoft with the OID 1.3.6.1.4.1.311.25.2 is available. With the '.rid' " +"selector only the last component, i.e. the RID, will be added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:770 +msgid "Example: LDAPU1:(objectsid={sid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:779 +msgid "DOMAIN LIST" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:781 +msgid "" +"If the domain list is not empty users mapped to a given certificate are not " +"only searched in the local domain but in the listed domains as well as long " +"as they are know by SSSD. Domains not know to SSSD will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "sssd-ipa" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "SSSD IPA-Anbieter" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Diese Handbuchseite beschreibt die Konfiguration des IPA-Anbieters für " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Eine ausführliche Syntax-Referenz finden Sie im Abschnitt " +"»DATEIFORMAT« der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" +"Der IPA-Anbieter ist ein Backend, das zum Verbinden mit einem IPA-Server " +"benutzt wird. (Informationen über IPA-Server finden Sie auf der Website " +"»freeipa.org«.) Dieser Anbieter erfordert, dass der Rechner einer IPA-Domain " +"beitritt. Die Konfiguration wird nahezu vollständig selbst ermittelt und " +"direkt vom Server genommen." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for IPA environments. The IPA provider accepts the same " +"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. " +"However, it is neither necessary nor recommended to set these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:57 +msgid "" +"The IPA provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"As an access provider, the IPA provider has a minimal configuration (see " +"<quote>ipa_access_order</quote>) as it mainly uses HBAC (host-based access " +"control) rules. Please refer to freeipa.org for more information about HBAC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:68 +msgid "" +"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ipa</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:74 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" +"Der IPA-Anbieter wird den PAC-Responder benutzen, falls die Kerberos-Tickets " +"von Anwendern vertrauenswürdiger Realms ein PAC enthalten. Um die " +"Konfiguration zu vereinfachen, wird der PAC-Responder automatisch gestartet, " +"falls der IPA-ID-Anbieter konfiguriert ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:90 +msgid "ipa_domain (string)" +msgstr "ipa_domain (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:93 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" +"gibt den Namen der IPA-Domain an. Dies ist optional. Ist er nicht angegeben, " +"wird der Domain-Name der Konfiguration benutzt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:101 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "ipa_server, ipa_backup_server (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:104 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"Die durch Kommata getrennte Liste von IP-Adressen oder Rechnernamen der IPA-" +"Server in der Reihenfolge, in der sich SSSD mit ihnen verbinden soll. " +"Weitere Informationen über Ausfallsicherung und Redundanz finden Sie im " +"Abschnitt »AUSFALLSICHERUNG«. Falls automatisches Auffinden aktiviert ist, " +"ist dies optional. Weitere Informationen finden Sie im Abschnitt " +"»DIENSTSUCHE«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:117 +msgid "ipa_hostname (string)" +msgstr "ipa_hostname (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:120 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host. The " +"hostname must be fully qualified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:129 sssd-ad.5.xml:1181 +msgid "dyndns_update (boolean)" +msgstr "dyndns_update (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:132 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA with the IP address of this client. The update is secured " +"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the " +"updates, if it is not otherwise specified by using the <quote>dyndns_iface</" +"quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:141 sssd-ad.5.xml:1195 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" +"HINWEIS: Auf älteren Systemen (wie RHEL 5) muss der Standard-Kerberos-Realm " +"ordentlich in /etc/krb5.conf gesetzt sein, damit dies zuverlässig " +"funktioniert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:146 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" +"HINWEIS: Obwohl es immer noch möglich ist, die alte Option " +"<emphasis>ipa_dyndns_update</emphasis> zu benutzen, sollten Anwender auf die " +"Verwendung von <emphasis>dyndns_update</emphasis> in ihrer " +"Konfigurationsdatei migrieren." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:158 sssd-ad.5.xml:1206 +msgid "dyndns_ttl (integer)" +msgstr "dyndns_ttl (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:161 sssd-ad.5.xml:1209 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" +"die TTL, die beim Aktualisieren auf den Client-DNS-Datensatz angewandt wird. " +"Falls »dyndns_update« »false« ist, hat dies keine Auswirkungen. Diese wird " +"die Server-seitige TTL außer Kraft setzen, falls diese durch einen " +"Administrator gesetzt wurde." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:166 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" +"HINWEIS: Obwohl es immer noch möglich ist, die alte Option " +"<emphasis>ipa_dyndns_ttl</emphasis> zu benutzen, sollten Anwender auf die " +"Verwendung von <emphasis>dyndns_ttl</emphasis> in ihrer Konfigurationsdatei " +"migrieren." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:172 +msgid "Default: 1200 (seconds)" +msgstr "Voreinstellung: 1200 (Sekunden)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:178 sssd-ad.5.xml:1220 +msgid "dyndns_iface (string)" +msgstr "dyndns_iface (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 sssd-ad.5.xml:1223 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:188 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" +"HINWEIS: Obwohl es immer noch möglich ist, die alte Option " +"<emphasis>ipa_dyndns_iface</emphasis> zu benutzen, sollten Anwender auf die " +"Verwendung von <emphasis>dyndns_iface</emphasis> in ihrer " +"Konfigurationsdatei migrieren." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 sssd-ad.5.xml:1234 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 +msgid "dyndns_auth (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"updates with the DNS server, insecure updates can be sent by setting this " +"option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 +msgid "Default: GSS-TSIG" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 +#, fuzzy +#| msgid "dyndns_iface (string)" +msgid "dyndns_auth_ptr (string)" +msgstr "dyndns_iface (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"PTR updates with the DNS server, insecure updates can be sent by setting " +"this option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 +msgid "Default: Same as dyndns_auth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:234 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "ipa_enable_dns_sites (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:237 sssd-ad.5.xml:238 +msgid "Enables DNS sites - location based service discovery." +msgstr "aktiviert DNS-Sites – standortbasierte Dienstsuche" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example." +"com\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" +"Ist dies »true« und die Dienstsuche aktiviert (siehe den Abschnitt " +"Dienstsuche am Ende der Handbuchseite), dann wird SSSD zuerst versuchen, " +"eine standortbasierte Suche mittels einer Abfrage, die »_location.hostname." +"example.com« enthält, durchzuführen und dann auf die traditionelle SRV-Suche " +"zurückgreifen. Falls die standortbasierte Suche erfolgreich ist, werden die " +"georteten IPA-Server, die mit der standortbasierten Suche gefunden wurden, " +"als primäre Server betrachtet und die mit der traditionellen SRV-Suche " +"gefundenen als Sicherungsserver." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1240 +msgid "dyndns_refresh_interval (integer)" +msgstr "dyndns_refresh_interval (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:263 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" +"wie oft das Backend periodische DNS-Aktualisierungen zusätzlich zur " +"automatisch beim Online-Gehen durchgeführten Aktualisierung vornehmen soll. " +"Diese Option ist optional und nur anwendbar, wenn »dyndns_update« »true« ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:276 sssd-ad.5.xml:1258 +msgid "dyndns_update_ptr (bool)" +msgstr "dyndns_update_ptr (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:1261 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" +"ob der PTR-Datensatz ebenfalls explizit aktualisiert werden soll, wenn die " +"DNS-Datensätze des Clients aktualisiert werden; nur anwendbar, wenn " +"»dyndns_update« »true« ist" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" +"Diese Option sollte in den meisten IPA-Bereitstellungen »False« sein, da der " +"IPA-Server die PTR-Datensätze automatisch erzeugt, wenn sich " +"Weiterleitungsdatensätze ändern." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 +msgid "Default: False (disabled)" +msgstr "Voreinstellung: False (deaktiviert)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 +msgid "dyndns_force_tcp (bool)" +msgstr "dyndns_force_tcp (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" +"ob das Hilfswerkzeug Nsupdate standardmäßig TCP zur Kommunikation mit dem " +"DNS-Server verwenden soll" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "Voreinstellung: False (lässt Nsupdate das Protokoll auswählen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 +msgid "dyndns_update_per_family (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 +msgid "" +"DNS update is by default performed in two steps - IPv4 update and then IPv6 " +"update. In some cases it might be desirable to perform IPv4 and IPv6 update " +"in single step." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:353 +#, fuzzy +#| msgid "ldap_access_order (string)" +msgid "ipa_access_order (string)" +msgstr "ldap_access_order (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:360 +#, fuzzy +#| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." +msgstr "<emphasis>expire</emphasis>: verwendet »ldap_account_expire_policy«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:399 +msgid "" +"Please note that 'access_provider = ipa' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:406 +msgid "ipa_deskprofile_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:409 +msgid "" +"Optional. Use the given string as search base for Desktop Profile related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 +msgid "Default: Use base DN" +msgstr "Voreinstellung: verwendet Basis-DN" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:419 +#, fuzzy +#| msgid "ipa_subdomains_search_base (string)" +msgid "ipa_subid_ranges_search_base (string)" +msgstr "ipa_subdomains_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +#, fuzzy +#| msgid "" +#| "Optional. Use the given string as search base for HBAC related objects." +msgid "" +"Optional. Use the given string as search base for subordinate ranges related " +"objects." +msgstr "" +"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für HBAC-" +"bezogene Objekte" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:426 +#, fuzzy +#| msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" +msgstr "Voreinstellung: der Wert von <emphasis>cn=trusts,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:433 +msgid "ipa_hbac_search_base (string)" +msgstr "ipa_hbac_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:436 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" +"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für HBAC-" +"bezogene Objekte" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 +msgid "ipa_host_search_base (string)" +msgstr "ipa_host_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 +msgid "Deprecated. Use ldap_host_search_base instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:455 +msgid "ipa_selinux_search_base (string)" +msgstr "ipa_selinux_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:458 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" +"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für " +"SELinux-Benutzerabbildungen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:474 +msgid "ipa_subdomains_search_base (string)" +msgstr "ipa_subdomains_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:477 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" +"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für " +"vertrauenswürdige Domains" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:486 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "Voreinstellung: der Wert von <emphasis>cn=trusts,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:493 +msgid "ipa_master_domain_search_base (string)" +msgstr "ipa_master_domain_search_base (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:496 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" +"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für das " +"Master-Domain-Objekt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:505 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "Voreinstellung: der Wert von <emphasis>cn=ad,cn=etc,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:524 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:534 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" +"der Name des Kerberos-Realm. Dieser ist optional. Standardmäßig ist es der " +"Wert von »ipa_domain«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:538 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" +"der Name des Kerberos-Realms hat in IPA eine besondere Bedeutung – er wird " +"in den Basis-DN umgewandelt, um ihn zur Durchführung von LDAP-Transaktionen " +"zu verwenden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:564 +msgid "ipa_deskprofile_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:567 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server. This will reduce the latency and load on the IPA server if there " +"are many desktop profiles requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 +msgid "Default: 5 (seconds)" +msgstr "Voreinstellung: 5 (Sekunden)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:580 +msgid "ipa_deskprofile_request_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:583 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server in case the last request did not return any rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:588 +msgid "Default: 60 (minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:594 +msgid "ipa_hbac_refresh (integer)" +msgstr "ipa_hbac_refresh (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:597 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" +"die Zeit zwischen dem Abrufen der HBAC-Regeln beim IPA-Server. Dies wird die " +"Wartezeit und Belastung des IPA-Servers verringern, falls dort viele " +"Zugriffssteuerungsanfragen in einer kurzen Zeitspanne ankommen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:610 +msgid "ipa_hbac_selinux (integer)" +msgstr "ipa_hbac_selinux (Ganzzahl)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:613 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" +"die Zeit zwischen den Abrufen der SELinux-Abbildungen beim IPA-Server. Dies " +"wird die Wartezeit und Belastung des IPA-Servers verringern, falls dort " +"viele Benutzeranmeldeanfragen in einer kurzen Zeitspanne ankommen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:626 +msgid "ipa_server_mode (boolean)" +msgstr "ipa_server_mode (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "" +"This option will be set by the IPA installer (ipa-server-install) " +"automatically and denotes if SSSD is running on an IPA server or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:634 +msgid "" +"On an IPA server SSSD will lookup users and groups from trusted domains " +"directly while on a client it will ask an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:639 +msgid "" +"NOTE: There are currently some assumptions that must be met when SSSD is " +"running on an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "" +"The <quote>ipa_server</quote> option must be configured to point to the IPA " +"server itself. This is already the default set by the IPA installer, so no " +"manual change is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:653 +msgid "" +"The <quote>full_name_format</quote> option must not be tweaked to only print " +"short names for users from trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:668 +msgid "ipa_automount_location (string)" +msgstr "ipa_automount_location (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:671 +msgid "The automounter location this IPA client will be using" +msgstr "der Ort des Automounters, den dieser IPA-Client benutzen wird" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:674 +msgid "Default: The location named \"default\"" +msgstr "Voreinstellung: der Ort namens »default«" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:682 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:691 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:694 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:697 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:703 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:706 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 +#: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 +#: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 +#: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 +msgid "Default: cn" +msgstr "Voreinstellung: cn" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:716 +msgid "ipa_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:719 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:722 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:728 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:731 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:735 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:741 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:744 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:749 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:752 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:755 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:758 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:761 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:764 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:767 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:770 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:775 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:781 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:784 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:789 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:792 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:795 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:800 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:684 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:812 +msgid "SUBDOMAINS PROVIDER" +msgstr "ANBIETER VON UNTER-DOMAINS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:814 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" +"Der Anbieter für IPA-Subdomains verhält sich geringfügig anders, je nachdem, " +"ob er explizit oder implizit konfiguriert wurde." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:818 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" +"Falls die Option »subdomains_provider = ipa« im Domain-Abschnitt der »sssd." +"conf« gefunden wird, wird der IPA-Subdomain-Anbieter explizit konfiguriert " +"und alle Subdomain-Anfragen werden, falls nötig, an den IPA-Server gesandt." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:824 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" +"Falls die Option »subdomains_provider« nicht im Domain-Abschnitt der »sssd." +"conf« gesetzt ist, es dort aber die Option »id_provider = ipa« gibt, wird " +"der IPA-Subdomain-Anbieter implizit konfiguriert. In diesem Fall wird der " +"IPA-Anbieter deaktiviert, falls eine Subdomain-Anfrage fehlschlägt und " +"anzeigt, dass der Server keine Subdomains unterstützt, d.h. nicht zum " +"Vertrauen konfiguriert ist. Nach einer Stunde oder nachdem der IPA-Server " +"online gegangen ist, wird der Subdomain-Anbieter erneut aktiviert." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:835 +msgid "TRUSTED DOMAINS CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:843 +#, no-wrap +msgid "" +"[domain/ipa.domain.com/ad.domain.com]\n" +"ad_server = dc.ad.domain.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:837 +msgid "" +"Some configuration options can also be set for a trusted domain. A trusted " +"domain configuration can be set using the trusted domain subsection as shown " +"in the example below. Alternatively, the <quote>subdomain_inherit</quote> " +"option can be used in the parent domain. <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:848 +msgid "" +"For more details, see the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:855 +msgid "" +"Different configuration options are tunable for a trusted domain depending " +"on whether you are configuring SSSD on an IPA server or an IPA client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:860 +msgid "OPTIONS TUNABLE ON IPA MASTERS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:862 +msgid "" +"The following options can be set in a subdomain section on an IPA master:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 +msgid "ad_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:869 +msgid "ad_backup_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 +msgid "ad_site" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:875 +msgid "ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:878 +msgid "ldap_user_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:881 +msgid "ldap_group_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:890 +msgid "OPTIONS TUNABLE ON IPA CLIENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:892 +msgid "" +"The following options can be set in a subdomain section on an IPA client:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:904 +msgid "" +"Note that if both options are set, only <quote>ad_server</quote> is " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:908 +msgid "" +"Since any request for a user or a group identity from a trusted domain " +"triggered from an IPA client is resolved by the IPA server, the " +"<quote>ad_server</quote> and <quote>ad_site</quote> options only affect " +"which AD DC will the authentication be performed against. In particular, the " +"addresses resolved from these lists will be written to <quote>kdcinfo</" +"quote> files read by the Kerberos locator plugin. Please refer to the " +"<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more details on the " +"Kerberos locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:932 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" +"Das folgende Beispiel geht davon aus, dass SSSD korrekt konfiguriert und " +"example.com eine der im Abschnitt <replaceable>[sssd]</replaceable> " +"erwähnten Domänen ist. Diese Beispiele zeigen nur die anbieterspezifischen " +"Optionen von IPA." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:939 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "sssd-ad" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "SSSD Active-Directory-Anbieter" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Diese Handbuchseite beschreibt die Konfiguration des AD-Anbieters für " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Eine ausführliche Syntax-Referenz finden Sie im Abschnitt " +"»DATEIFORMAT« der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available. Back end communication occurs over a GSSAPI-encrypted " +"channel, SSL/TLS options should not be used with the AD provider and will be " +"superseded by Kerberos usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:44 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" +"Der AD-Anbieter unterstützt das Verbinden mit Active Directory 2008 R2 oder " +"neuer. Frühere Versionen könnten funktionieren, werden aber nicht " +"unterstützt." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:48 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:54 +msgid "" +"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for Active Directory environments. The AD provider accepts the " +"same options used by the sssd-ldap and sssd-krb5 providers with some " +"exceptions. However, it is neither necessary nor recommended to set these " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"The AD provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:74 +msgid "" +"The AD provider can also be used as an access, chpass, sudo and autofs " +"provider. No configuration of the access provider is required on the client " +"side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:79 +msgid "" +"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ad</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:91 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" +"ldap_id_mapping = False\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:85 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should " +"be used, it is recommended for performance reasons that the attributes are " +"also replicated to the Global Catalog. If POSIX attributes are replicated, " +"SSSD will attempt to locate the domain of a requested numerical ID with the " +"help of the Global Catalog and only search that domain. In contrast, if " +"POSIX attributes are not replicated to the Global Catalog, SSSD must search " +"all the domains in the forest sequentially. Please note that the " +"<quote>cache_first</quote> option might be also helpful in speeding up " +"domainless searches. Note that if only a subset of POSIX attributes is " +"present in the Global Catalog, the non-replicated attributes are currently " +"not read from the LDAP port." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:108 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" +"Für Benutzer, Gruppen und weitere von SSSD bereitgestellt Einträge wird die " +"Groß- oder Kleinschreibung nicht beachtet, um die Kompatibilität zur LDAP-" +"Implementation in Active Directory zu gewährleisten." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:113 +msgid "" +"SSSD only resolves Active Directory Security Groups. For more information " +"about AD group types see: <ulink url=\"https://docs.microsoft.com/en-us/" +"windows-server/identity/ad-ds/manage/understand-security-groups\"> Active " +"Directory security groups</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:120 +msgid "" +"SSSD filters out Domain Local groups from remote domains in the AD forest. " +"By default they are filtered out e.g. when following a nested group " +"hierarchy in remote domains because they are not valid in the local domain. " +"This is done to be in agreement with Active Directory's group-membership " +"assignment which can be seen in the PAC of the Kerberos ticket of a user " +"issued by Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:138 +msgid "ad_domain (string)" +msgstr "ad_domain (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:141 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" +"gibt den Namen der Active-Directory-Domain an. Dieser ist optional. Ist er " +"nicht angegeben, wird der Name der konfigurierten Domain benutzt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:146 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" +"Damit dies ordentlich funktioniert, sollte diese Option in der " +"kleingeschriebenen Variante der langen Version der Active-Directory-Domain " +"angegeben werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:151 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" +"Der kurze Domain-Name (auch als NetBIOS- oder flacher Name bekannt) wird von " +"SSSD automatisch ermittelt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:158 +msgid "ad_enabled_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:161 +msgid "" +"A comma-separated list of enabled Active Directory domains. If provided, " +"SSSD will ignore any domains not listed in this option. If left unset, all " +"discovered domains from the AD forest will be available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:168 +msgid "" +"During the discovery of the domains SSSD will filter out some domains where " +"flags or attributes indicate that they do not belong to the local forest or " +"are not trusted. If ad_enabled_domains is set, SSSD will try to enable all " +"listed domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:179 +#, no-wrap +msgid "" +"ad_enabled_domains = sales.example.com, eng.example.com\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:175 +msgid "" +"For proper operation, this option must be specified in all lower-case and as " +"the fully qualified domain name of the Active Directory domain. For example: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) will be " +"autodetected by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:193 +msgid "ad_server, ad_backup_server (string)" +msgstr "ad_server, ad_backup_server (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:196 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:203 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:208 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:216 +msgid "ad_hostname (string)" +msgstr "ad_hostname (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:219 +msgid "" +"Optional. On machines where the hostname(5) does not reflect the fully " +"qualified name, sssd will try to expand the short name. If it is not " +"possible or the short name should be really used instead, set this parameter " +"explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:226 +msgid "" +"This field is used to determine the host principal in use in the keytab and " +"to perform dynamic DNS updates. It must match the hostname for which the " +"keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:235 +msgid "ad_enable_dns_sites (boolean)" +msgstr "ad_enable_dns_sites (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" +"Ist dies »true« und die Dienstsuche aktiviert (siehe den Abschnitt " +"Dienstsuche am Ende der Handbuchseite), dann wird SSSD zuerst versuchen, " +"sich mit dem Active-Directory-Server zu verbinden, um die Active Directory " +"Site Discovery zu benutzen und dann auf die DNS-SRV-Datensätze " +"zurückgreifen, falls keine AD-Site gefunden wurde. Die DNS-SRV-Konfiguration " +"wird ebenfalls einschließlich der Domain zur Aufdeckung bei der Site-" +"Aufdeckung verwendet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:258 +msgid "ad_access_filter (string)" +msgstr "ad_access_filter (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:261 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" +"Diese Option gibt Zugriffskontrollfilter für LDAP an, die auf den Benutzer " +"passen müssen, damit ihm Zugriff gewährt werden kann. Bitte beachten Sie, " +"dass die Option <quote>access_provider</quote> explizit auf <quote>ad</" +"quote> gesetzt werden muss, damit sie wirksam ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:269 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" +"Diese Option unterstützt auch die Angabe verschiedener Filter pro Domain " +"oder Wald. Dieser erweiterte Filter würde bestehen aus: <quote>SCHLÜSSELWORT:" +"NAME:FILTER</quote>. Das Schlüsselwort kann entweder <quote>DOM</quote> oder " +"<quote>FOREST</quote> sein oder auch weggelassen werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:277 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" +"Falls das Schlüsselwort <quote>DOM</quote> ist oder fehlt, dann gibt der " +"<quote>NAME</quote> die Domain oder Subdomain an, auf die der Filter " +"angewendet werden soll. Ist das Schlüsselwort <quote>FOREST</quote>, dann " +"gilt der Filter für alle angegebenen Domains aus dem Wald, der in " +"<quote>NAME</quote> angegeben ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:285 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" +"Mehrere Filter können durch Fragezeichen <quote>?</quote> getrennt werden, " +"so wie es auch in Suchmaschinen üblich ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"Nested group membership must be searched for using a special OID " +"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain." +"example.org: syntax to ensure the parser does not attempt to interpret the " +"colon characters associated with the OID. If you do not use this OID then " +"nested group membership will not be resolved. See usage example below and " +"refer here for further information about the OID: <ulink url=\"https://msdn." +"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP " +"extensions</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:303 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" +"Es wird stets der spezifischste Treffer verwendet. Wenn zum Beispiel in der " +"den Filter angebenden Option der Benutzer ein Mitglied ist und es sich um " +"einen globalen Filter handelt, wird der pro-Domain-Filter angewendet. Gibt " +"es mehrere Treffer, die der angeforderten Spezifikation entsprechen, wird " +"der erste verwendet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:314 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +"\n" +"# apply filter for a member of a nested group in dom1:\n" +"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:333 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:347 +msgid "ad_enable_gc (boolean)" +msgstr "ad_enable_gc (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:350 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" +"Standardmäßig verbindet sich SSSD zuerst mit dem Globalen Katalog, um " +"Benutzer von vertrauenswürdigen Domains abfragen zu können. Der LDAP-Port " +"wird zum Ermitteln von Gruppenmitgliedschaften oder als Ausweichmöglichkeit " +"verwendet. Wenn Sie diese Option deaktivieren, verbindet sich SSSD nur mit " +"dem LDAP-Port des aktuellen Servers." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:358 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" +"Bitte beachten Sie, dass die Deaktivierung der Unterstützung für den " +"Globalen Katalog die Abfrage von Benutzern von vertrauenswürdigen Domains " +"nicht deaktiviert. SSSD würde sich stattdessen mit dem LDAP-Port der " +"vertrauenswürdigen Domains verbinden. Jedoch muss der Globale Katalog " +"verwendet werden, um domainübergreifende Gruppenmitgliedschaften auflösen zu " +"können." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:372 +msgid "ad_gpo_access_control (string)" +msgstr "ad_gpo_access_control (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" +"Diese Option legt den Operationsmodus für GPO-basierte Zugriffskontrolle " +"fest. Verfügbar sind die Modi »disabled«, »enforcing« und »permissive«. " +"Bitte beachten Sie, dass die Option <quote>access_provider</quote> explizit " +"auf <quote>ad</quote> gesetzt werden muss, damit sie wirksam ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:384 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to the host. For more " +"information on the supported policy settings please refer to the " +"<quote>ad_gpo_map</quote> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:392 +msgid "" +"Please note that current version of SSSD does not support Active Directory's " +"built-in groups. Built-in groups (such as Administrators with SID " +"S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See " +"upstream issue tracker https://github.com/SSSD/sssd/issues/5063 ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:401 +msgid "" +"Before performing access control SSSD applies group policy security " +"filtering on the GPOs. For every single user login, the applicability of the " +"GPOs that are linked to the host is checked. In order for a GPO to apply to " +"a user, the user or at least one of the groups to which it belongs must have " +"following permissions on the GPO:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:411 +msgid "" +"Read: The user or one of its groups must have read access to the properties " +"of the GPO (RIGHT_DS_READ_PROPERTY)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:418 +msgid "" +"Apply Group Policy: The user or at least one of its groups must be allowed " +"to apply the GPO (RIGHT_DS_CONTROL_ACCESS)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:426 +msgid "" +"By default, the Authenticated Users group is present on a GPO and this group " +"has both Read and Apply Group Policy access rights. Since authentication of " +"a user must have been completed successfully before GPO security filtering " +"and access control are started, the Authenticated Users group permissions on " +"the GPO always apply also to the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:435 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing. For logging GPO-based access control debug level 'trace " +"functions' is required (see <citerefentry> <refentrytitle>sssctl</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "There are three supported values for this option:" +msgstr "Für diese Option werden drei Werte unterstützt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:458 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" +"disabled: GPO-basierte Zugriffskontrollregeln werden weder ausgewertet noch " +"deren Anwendung erzwungen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:464 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" +"enforcing: GPO-basierte Zugriffskontrollregeln werden sowohl ausgewertet als " +"auch deren Anwendung erzwungen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:470 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" +"permissive: GPO-basierte Zugriffskontrollregeln werden zwar ausgewertet, " +"aber deren Anwendung nicht erzwungen. Stattdessen wird eine Meldung an das " +"Systemprotokoll ausgelöst, mit dem Inhalt, dass dem Benutzer der Zugriff " +"verweigert werden würde, wenn die Option auf »enforcing« gesetzt wäre." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:481 +msgid "Default: permissive" +msgstr "Voreinstellung: permissive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:484 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:490 +msgid "ad_gpo_implicit_deny (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:493 +msgid "" +"Normally when no applicable GPOs are found the users are allowed access. " +"When this option is set to True users will be allowed access only when " +"explicitly allowed by a GPO rule. Otherwise users will be denied access. " +"This can be used to harden security but be careful when using this option " +"because it can deny access even to users in the built-in Administrators " +"group if no GPO rules apply to them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:509 +msgid "" +"The following 2 tables should illustrate when a user is allowed or rejected " +"based on the allow and deny login rights defined on the server-side and the " +"setting of ad_gpo_implicit_deny." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:521 +msgid "ad_gpo_implicit_deny = False (default)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "allow-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "deny-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:523 sssd-ad.5.xml:549 +msgid "results" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:526 sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:552 +#: sssd-ad.5.xml:555 sssd-ad.5.xml:558 +msgid "missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:527 +#, fuzzy +#| msgid "The following values are allowed:" +msgid "all users are allowed" +msgstr "Die folgenden Werte sind erlaubt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:535 sssd-ad.5.xml:555 +#: sssd-ad.5.xml:558 sssd-ad.5.xml:561 +msgid "present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:530 +msgid "only users not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:533 sssd-ad.5.xml:559 +#, fuzzy +#| msgid "The following values are allowed:" +msgid "only users in allow-rules are allowed" +msgstr "Die folgenden Werte sind erlaubt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:536 sssd-ad.5.xml:562 +msgid "only users in allow-rules and not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:547 +msgid "ad_gpo_implicit_deny = True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:553 sssd-ad.5.xml:556 +#, fuzzy +#| msgid "The following values are allowed:" +msgid "no users are allowed" +msgstr "Die folgenden Werte sind erlaubt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:569 +msgid "ad_gpo_ignore_unreadable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:572 +msgid "" +"Normally when some group policy containers (AD object) of applicable group " +"policy objects are not readable by SSSD then users are denied access. This " +"option allows to ignore group policy containers and with them associated " +"policies if their attributes in group policy containers are not readable for " +"SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:589 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:605 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:608 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings. Only those GPOs are evaluated " +"for which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny interactive logon setting for the user or one of its groups, the user " +"is denied local access. If none of the evaluated GPOs has an interactive " +"logon right defined, the user is granted local access. If at least one " +"evaluated GPO contains interactive logon right settings, the user is granted " +"local access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:626 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:640 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:631 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:663 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:683 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:688 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:693 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:698 +msgid "unity" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:703 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:712 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:715 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings. Only those GPOs are " +"evaluated for which the user has Read and Apply Group Policy permission (see " +"option <quote>ad_gpo_access_control</quote>). If an evaluated GPO contains " +"the deny remote logon setting for the user or one of its groups, the user is " +"denied remote interactive access. If none of the evaluated GPOs has a " +"remote interactive logon right defined, the user is granted remote access. " +"If at least one evaluated GPO contains remote interactive logon right " +"settings, the user is granted remote access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:734 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:749 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:740 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:757 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:762 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:771 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny network logon setting for the user or one of its groups, the user is " +"denied network logon access. If none of the evaluated GPOs has a network " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains network logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:792 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:807 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:798 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:815 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:820 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:829 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:832 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings. Only those GPOs are evaluated for which the user has Read " +"and Apply Group Policy permission (see option <quote>ad_gpo_access_control</" +"quote>). If an evaluated GPO contains the deny batch logon setting for the " +"user or one of its groups, the user is denied batch logon access. If none " +"of the evaluated GPOs has a batch logon right defined, the user is granted " +"logon access. If at least one evaluated GPO contains batch logon right " +"settings, the user is granted logon access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:850 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:864 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:855 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:867 +msgid "" +"Note: Cron service name may differ depending on Linux distribution used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:873 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:882 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:885 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny service logon setting for the user or one of its groups, the user is " +"denied service logon access. If none of the evaluated GPOs has a service " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains service logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:903 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:916 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:908 sssd-ad.5.xml:983 +msgid "" +"It is possible to add a PAM service name to the default set by using " +"<quote>+service_name</quote>. Since the default set is empty, it is not " +"possible to remove a PAM service name from the default set. For example, in " +"order to add a custom pam service name (e.g. <quote>my_pam_service</quote>), " +"you would use the following configuration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:926 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:929 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:943 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:934 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:951 +msgid "polkit-1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:966 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:975 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:978 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:991 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1001 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1004 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1017 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1026 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1031 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1036 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1041 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1046 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1051 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1057 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1063 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1066 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1072 +msgid "Default: 30 days" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1078 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1081 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expects 2 integers separated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the initial timeout in seconds before the task is run for the " +"first time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1090 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1096 +msgid "ad_update_samba_machine_account_password (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1099 +msgid "" +"If enabled, when SSSD renews the machine account password, it will also be " +"updated in Samba's database. This prevents Samba's copy of the machine " +"account password from getting out of date when it is set up to use AD for " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1112 +msgid "ad_use_ldaps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1115 +msgid "" +"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " +"3628. If this option is set to True SSSD will use the LDAPS port 636 and " +"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " +"have multiple encryption layers on a single connection and we still want to " +"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " +"property maxssf is set to 0 (zero) for those connections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1132 +#, fuzzy +#| msgid "ldap_sudo_include_netgroups (boolean)" +msgid "ad_allow_remote_domain_local_groups (boolean)" +msgstr "ldap_sudo_include_netgroups (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1135 +msgid "" +"If this option is set to <quote>true</quote> SSSD will not filter out Domain " +"Local groups from remote domains in the AD forest. By default they are " +"filtered out e.g. when following a nested group hierarchy in remote domains " +"because they are not valid in the local domain. To be compatible with other " +"solutions which make AD users and groups available on Linux client this " +"option was added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1145 +msgid "" +"Please note that setting this option to <quote>true</quote> will be against " +"the intention of Domain Local group in Active Directory and <emphasis>SHOULD " +"ONLY BE USED TO FACILITATE MIGRATION FROM OTHER SOLUTIONS</emphasis>. " +"Although the group exists and user can be member of the group the intention " +"is that the group should be only used in the domain it is defined and in no " +"others. Since there is only one type of POSIX groups the only way to achieve " +"this on the Linux side is to ignore those groups. This is also done by " +"Active Directory as can be seen in the PAC of the Kerberos ticket for a " +"local service or in tokenGroups requests where remote Domain Local groups " +"are missing as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1161 +msgid "" +"Given the comments above, if this option is set to <quote>true</quote> the " +"tokenGroups request must be disabled by setting <quote>ldap_use_tokengroups</" +"quote> to <quote>false</quote> to get consistent group-memberships of a " +"users. Additionally the Global Catalog lookup should be skipped as well by " +"setting <quote>ad_enable_gc</quote> to <quote>false</quote>. Finally it " +"might be necessary to modify <quote>ldap_group_nesting_level</quote> if the " +"remote Domain Local groups can only be found with a deeper nesting level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1184 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" +"Optional. Diese Option teilt SSSD mit, dass es den Active-Directory-DNS-" +"Server mit der IP-Adresse dieses Clients aktualisieren soll. Die " +"Aktualisierung wird mittels GSS-TSIG abgesichert. Infolgedessen muss der " +"Active-Directory-Verwalter nur sichere Aktualisierungen für die DNS-Zone " +"erlauben. Die IP-Adresse der AD-LDAP-Verbindung wird für die " +"Aktualisierungen verwendet, falls sie nicht anderweitig mittels der Option " +"»dyndns_iface« angegeben wurde." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1214 +msgid "Default: 3600 (seconds)" +msgstr "Voreinstellung: 3600 (Sekunden)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1230 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1243 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true. Note that the " +"lowest possible value is 60 seconds in-case if value is provided less than " +"60, parameter will assume lowest value only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1393 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" +"Das folgende Beispiel geht davon aus, dass SSSD korrekt konfiguriert ist und " +"example.com auf eine der Domains im Abschnitt <replaceable>[sssd]</" +"replaceable> gesetzt ist. Dieses Beispiel zeigt nur die anbieterspezifischen " +"Optionen von AD." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1400 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1420 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1416 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Der AD-Zugriffssteuerungsanbieter prüft, ob das Konto erloschen ist. Es hat " +"dieselben Auswirkungen wie die folgende Konfiguration des LDAP-Anbieters: " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1426 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1434 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included in the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "sssd-sudo" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "Sudo mit dem SSSD-Backend konfigurieren" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" +"Diese Handbuchseite beschreibt, wie <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> konfiguriert wird, " +"damit es zusammen mit <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> funktioniert und wie SSSD Sudo-" +"Regeln zwischenspeichert." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "Sudo so konfigurieren, dass es mit SSSD zusammenarbeitet" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" +"Um SSSD als eine Quelle von Sudo-Regeln zu aktivieren, fügen Sie dem Eintrag " +"<emphasis>sudoers</emphasis> in <citerefentry> <refentrytitle>nsswitch.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> <emphasis>sss</" +"emphasis> hinzu." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" +"Um zum Beispiel Sudo so zu konfigurieren, dass es zuerst die Regeln in der " +"Standarddatei <citerefentry> <refentrytitle>sudoers</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> nachschlägt (diese sollten Regeln " +"umfassen, die für lokale Benutzer gelten) und dann die in SSSD, sollte die " +"Datei »nsswitch.conf« die folgende Zeile enthalten:" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "sudoers: files sss\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" +"Weitere Informationen über die Konfiguration der Suchreihenfolge der " +"»sudoers« aus der Datei »nsswitch.conf« sowie das LDAP-Schema, das zum " +"Speichern von Sudo-Regeln im Verzeichnis benutzt wird, können Sie unter " +"<citerefentry> <refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> finden." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" +"<emphasis>Hinweis</emphasis>: Um Netzgruppen oder IPA-Hostgruppen in sudo-" +"Regeln verwenden zu können, muss <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> korrekt auf den entsprechenden NIS-Domainnamen gesetzt werden. " +"Dieser entspricht dem IPA-Domainnamen, wenn Hostgruppen verwendet werden." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "SSSD zum Abrufen von Sudo-Regeln konfigurieren" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" +"Alle auf der SSSD-Seite erforderliche Konfiguration ist die Erweiterung der " +"Liste der <emphasis>Dienste</emphasis> mit \"sudo\" im Abschnitt [sssd] der " +"Handbuchseite zu <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. Um LDAP-Suchvorgänge zu " +"beschleunigen, können Sie auch die Suchbasis für sudo-Regeln mit der Option " +"<emphasis>ldap_sudo_search_base</emphasis> festlegen." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" +"Das folgende Beispiel zeigt, wie SSSD konfiguriert wird, damit es die Sudo-" +"Regeln von einem LDAP-Server herunterlädt." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:98 +msgid "" +"<placeholder type=\"programlisting\" id=\"0\"/> <phrase " +"condition=\"have_systemd\"> It's important to note that on platforms where " +"systemd is supported there's no need to add the \"sudo\" provider to the " +"list of services, as it became optional. However, sssd-sudo.socket must be " +"enabled instead. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:118 +msgid "" +"When SSSD is configured to use IPA as the ID provider, the sudo provider is " +"automatically enabled. The sudo search base is configured to use the IPA " +"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in " +"sssd.conf, this value will be used instead. The compat tree (ou=sudoers," +"$SUFFIX) is no longer required for IPA sudo functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:128 +msgid "The SUDO rule caching mechanism" +msgstr "Der Zwischenspeichermechanismus für Sudo-Regeln" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:130 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" +"Die größte Herausforderung bei der Entwicklung von Sudo-Unterstützung in " +"SSSD war es, sicherzustellen, dass beim Ausführen von Sudo mit SSSD die " +"Datenquelle dieselbe Benutzererfahrung bereitstellt und so schnell wie Sudo " +"ist, aber weiterhin so viele aktuelle Regelsätze wie möglich bereitstellt. " +"Um diesen Anforderungen zu genügen, verwendet SSSD drei Arten von " +"Aktualisierungen. Sie werden als vollständiges Aktualisieren, kluges " +"Aktualisieren und Regelaktualisierung bezeichnet." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:138 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" +"Das <emphasis>kluge Aktualisieren</emphasis> lädt periodisch Regeln " +"herunter, die neu sind oder seit der letzten Aktualisierung geändert wurden. " +"Das Hauptziel hierbei ist es, die Datenbank anwachsen zu lassen, indem nur " +"kleine Erweiterungen abgerufen werden, die keinen großen Netzwerkverkehr " +"erzeugen." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:144 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" +"Das <emphasis>vollständige Aktualisieren</emphasis> löscht einfach alle im " +"Zwischenspeicher abgelegten Regeln und ersetzt sie durch die auf dem Server " +"gespeicherten Regeln. Dies wird benutzt, um den Zwischenspeicher dadurch " +"konsistent zu halten, dass jede von Server gelöschte Regel entfernt wird. " +"Ein vollständiges Aktualisieren kann jedoch eine hohe Last erzeugen und " +"sollte daher nur gelegentlich abhängig von der Größe und Stabilität der Sudo-" +"Regeln ausgeführt werden." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" +"Die <emphasis>Regelaktualisierung</emphasis> stellt sicher, dass dem " +"Benutzer nicht mehr Rechte als definiert gewährt werden. Es wird jedesmal " +"ausgelöst, wenn der Benutzer Sudo ausführt. Regelaktualisierung wird alle " +"Regeln suchen, die für diesen Benutzer gelten, ihren Ablaufzeitpunkt prüfen " +"und sie erneut herunterladen, falls sie erloschen sind. Im Fall, dass " +"irgendwelche der Regeln auf dem Server fehlen, wird SSSD außer der Reihe ein " +"vollständiges Aktualisieren durchführen, da möglicherweise weitere Regeln " +"(die für andere Benutzer gelten) gelöscht wurden." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:161 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" +"SSSD wird, falls aktiviert, nur Regeln speichern, die auf diese Maschine " +"angewandt werden können. Das bedeutet, Regeln, die einen der folgenden Werte " +"im Attribut <emphasis>sudoHost</emphasis> enthalten:" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:168 +msgid "keyword ALL" +msgstr "Schlüsselwort ALL" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:173 +msgid "wildcard" +msgstr "Platzhalter" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:178 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "Netzgruppe (in der Form »+Netzgruppe«)" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:183 +msgid "hostname or fully qualified domain name of this machine" +msgstr "Rechnername oder voll qualifizierter Domain-Namen dieser Maschine" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:188 +msgid "one of the IP addresses of this machine" +msgstr "eine der IP-Adressen dieser Maschine" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:193 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "eine der IP-Adressen des Netzwerks (in der Form »Adresse/Maske«)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:199 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Es gibt viele Konfigurationsoptionen, die benutzt werden können, um das " +"Verhalten anzupassen. Bitte lesen Sie »ldap_sudo_*« in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> und \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:213 +msgid "Tuning the performance" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:215 +msgid "" +"SSSD uses different kinds of mechanisms with more or less complex LDAP " +"filters to keep the cached sudo rules up to date. The default configuration " +"is set to values that should satisfy most of our users, but the following " +"paragraphs contain few tips on how to fine- tune the configuration to your " +"requirements." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:222 +msgid "" +"1. <emphasis>Index LDAP attributes</emphasis>. Make sure that following LDAP " +"attributes are indexed: objectClass, cn, entryUSN or modifyTimestamp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:227 +msgid "" +"2. <emphasis>Set ldap_sudo_search_base</emphasis>. Set the search base to " +"the container that holds the sudo rules to limit the scope of the lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:232 +msgid "" +"3. <emphasis>Set full and smart refresh interval</emphasis>. If your sudo " +"rules do not change often and you do not require quick update of cached " +"rules on your clients, you may consider increasing the " +"<emphasis>ldap_sudo_full_refresh_interval</emphasis> and " +"<emphasis>ldap_sudo_smart_refresh_interval</emphasis>. You may also consider " +"disabling the smart refresh by setting " +"<emphasis>ldap_sudo_smart_refresh_interval = 0</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:241 +msgid "" +"4. If you have large number of clients, you may consider increasing the " +"value of <emphasis>ldap_sudo_random_offset</emphasis> to distribute the load " +"on the server better." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "sssd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "System Security Services Daemon (Systemsicherheitsdienst-Daemon)" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sssd</command> <arg choice='opt'> <replaceable>Optionen</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" +"<command>SSSD</command> stellt einen Satz Daemons bereit, um den Zugriff auf " +"ferne Verzeichnisse und Authentifizierungsmechanismen zu verwalten. Es " +"bietet eine NSS- und PAM-Schnittstelle zum System und ein erweiterbares " +"Backend-System zum Verbinden mit mehreren unterschiedlichen Kontenquellen " +"sowie der D-Bus-Schnittstelle. Es bildet außerdem die Grundlage für das " +"Bereitstellen von Client-Überprüfungen und Richtliniendiensten für Projekte " +"wie FreeIPA. Es stellt eine robustere Datenbank bereit, um lokale Benutzer " +"sowie erweiterte Benutzerdaten zu speichern." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>STUFE</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-timestamps=</option><replaceable>Modus</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" +"<emphasis>1</emphasis>: Den Debug-Nachrichten wird ein Zeitstempel " +"hinzugefügt." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" +"<emphasis>0</emphasis>: Zeitstempel in Debug-Nachrichten werden deaktiviert." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-microseconds=</option><replaceable>Modus</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" +"<emphasis>1</emphasis>: Dem Zeitstempel in Debug-Nachrichten werden " +"Millisekunden hinzugefügt." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" +"<emphasis>0</emphasis>: Millisekunden werden in Zeitstempeln deaktiviert" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>--logger=</option><replaceable>value</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "Location where SSSD will send log messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:92 +msgid "" +"<emphasis>stderr</emphasis>: Redirect debug messages to standard error " +"output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:96 +msgid "" +"<emphasis>files</emphasis>: Redirect debug messages to the log files. By " +"default, the log files are stored in <filename>/var/log/sssd</filename> and " +"there are separate log files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:102 +msgid "" +"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:106 +msgid "" +"Default: not set (fall back to journald if available, otherwise to stderr)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:113 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "<option>-D</option>,<option>--daemon</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:117 +msgid "Become a daemon after starting up." +msgstr "wird nach dem Start ein Daemon." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:123 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "<option>-i</option>,<option>--interactive</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:127 +msgid "Run in the foreground, don't become a daemon." +msgstr "läuft im Vordergrund und wird kein Daemon." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:133 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "<option>-c</option>,<option>--config</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:137 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"gibt eine Konfigurationsdatei an, die nicht Standard ist. Die Voreinstellung " +"ist <filename>/etc/sssd/sssd.conf</filename>. Auskunft über die Syntax und " +"Optionen der Konfigurationsdatei finden Sie in der Handbuchseite " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "<option>-g</option>,<option>--genconf</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:154 +msgid "" +"Do not start the SSSD, but refresh the configuration database from the " +"contents of <filename>/etc/sssd/sssd.conf</filename> and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:162 +msgid "<option>-s</option>,<option>--genconf-section</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:166 +msgid "" +"Similar to <quote>--genconf</quote>, but only refresh a single section from " +"the configuration file. This option is useful mainly to be called from " +"systemd unit files to allow socket-activated responders to refresh their " +"configuration without requiring the administrator to restart the whole SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:178 +msgid "<option>--version</option>" +msgstr "<option>--version</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:182 +msgid "Print version number and exit." +msgstr "gibt die Versionsnummer aus und beendet sich." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:190 +msgid "Signals" +msgstr "Signale" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:193 +msgid "SIGTERM/SIGINT" +msgstr "SIGTERM/SIGINT" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:196 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" +"Informiert SSSD, dass es anstandslos alle Kindprozesse beenden und dann das " +"Überwachungsprogramm herunterfahren soll." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:202 +msgid "SIGHUP" +msgstr "SIGHUP" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:205 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" +"teilt SSSD mit, dass es das Schreiben des aktuellen Dateideskriptors zur " +"Fehlersuche stoppen, ihn schließen und erneut öffnen soll. Dies ist dazu " +"gedacht, das Rotieren von Protokolldateien mit Programmen wie Logrotate zu " +"erleichtern." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:213 +msgid "SIGUSR1" +msgstr "SIGUSR1" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:216 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:225 +msgid "SIGUSR2" +msgstr "SIGUSR2" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:228 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:240 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:244 +msgid "" +"If the environment variable SSS_LOCKFREE is set to \"NO\", requests from " +"multiple threads of a single application will be serialized." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "sss_obfuscate" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "verschleiert ein Klartextpasswort" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>Optionen</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORT]</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" +"<command>sss_obfuscate</command> wandelt ein angegebenes Passwort in ein von " +"Menschen nicht lesbares Format um und legt es in einem geeigneten Domain-" +"Abschnitt der SSSD-Konfigurationsdatei ab." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" +"Das Klartextpasswort wird von der Standardeingabe gelesen oder interaktiv " +"eingegeben. Das verschleierte Passwort wird in den Parameter " +"»ldap_default_authtok« einer angegebenen SSSD-Domain abgelegt und der " +"Parameter »ldap_default_authtok_type« wird auf »obfuscated_password« " +"gesetzt. Weitere Einzelheiten über diese Parameter finden Sie unter " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" +"Bitte beachten Sie, dass das Verschleiern von Passwörtern <emphasis>keinen " +"wirklichen Sicherheitsgewinn</emphasis> bietet, da es einem Angreifer immer " +"noch möglich ist, das Passwort wieder herzuleiten. Es wird " +"<emphasis>dringend</emphasis> geraten, bessere Authentifizierungsmechanismen " +"wie Client-seitige Zertifikate oder GSSAPI zu verwenden." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "<option>-s</option>,<option>--stdin</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" +"Das Passwort, das verschleiert werden soll, wird von der Standardeingabe " +"gelesen." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" +"die SSSD-Domain, in der das Passwort benutzt wird. Der Standardname ist " +"»default«." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" +"<option>-f</option>,<option>--file</option> <replaceable>DATEI</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "liest die durch den Positionsparameter angegebene Konfigurationsdatei." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "Voreinstellung: <filename>/etc/sssd/sssd.conf</filename>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:48 +msgid "" +"<emphasis>NOTE:</emphasis> The options provided in this man page only work " +"with <quote>ldap</quote> and <quote>AD</quote> <quote> id_provider</quote>. " +"IPA overrides can be managed centrally on the IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:56 sssctl.8.xml:41 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:58 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:65 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED " +"CERTIFICATE</optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:78 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:86 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:91 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:100 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:105 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:113 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:118 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:124 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:134 +msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:137 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:146 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:149 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:155 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:160 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:168 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:175 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:183 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:188 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:197 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:202 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:210 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:215 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:221 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:231 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:234 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:243 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:246 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:252 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:257 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:267 sssctl.8.xml:50 +msgid "COMMON OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:269 sssctl.8.xml:52 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:274 sssctl.8.xml:57 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "sssd-krb5" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "SSSD Kerberos-Anbieter" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" +"Diese Handbuchseite beschreibt die Konfiguration des Authentifizierungs-" +"Backends Kerberos 5 für <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. Eine ausführliche Syntax-Referenz " +"finden Sie im Abschnitt »DATEIFORMAT« der Handbuchseite <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" +"Das Authentifizierungs-Backend Kerberos 5 enthält Authentifizierungs- und " +"Chpass-Anbieter. Es muss mit einem Identitätsanbieter verbunden werden, " +"damit es sauber läuft (zum Beispiel »id_provider = ldap«). Einige vom " +"Kerberos-5-Authentifizierungs-Backend benötigten Informationen wie der " +"»Kerberos Principal Name« (UPN) des Benutzers müssen durch den " +"Identitätsanbieter bereitgestellt werden. Die Konfiguration des " +"Identitätsanbieters sollte einen Eintrag haben, der den UPN angibt. " +"Einzelheiten, wie dies konfiguriert wird, finden Sie in der Handbuchseite " +"des entsprechenden Identitätsanbieters." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" +"Im Fall, dass UPN nicht im Identitäts-Backend verfügbar ist, wird " +"<command>sssd</command> mittels des Formats <replaceable>Benutzername</" +"replaceable>@<replaceable>Krb5_Realm</replaceable> einen UPN konstruieren." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" +"gibt eine durch Kommata getrennte Liste von IP-Adressen oder Rechnernamen " +"der Kerberos-Server in der Reihenfolge an, in der sich SSSD mit ihnen " +"verbinden soll. Weitere Informationen über Ausfallsicherung und Redundanz " +"finden Sie im Abschnitt »AUSFALLSICHERUNG«. An die Adressen oder " +"Rechnernamen kann eine optionale Portnummer (der ein Doppelpunkt " +"vorangestellt ist) angehängt werden. Falls dies leer gelassen wurde, wird " +"die Dienstsuche aktiviert. Weitere Informationen finden Sie im Abschnitt " +"»DIENSTSUCHE«." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" +"der Name des Kerberos-Realms. Diese Option wird benötigt und muss angegeben " +"werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "krb5_kpasswd, krb5_backup_kpasswd (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" +"Falls der Dienst zum Ändern von Passwörtern auf der " +"Schlüsselverwaltungszentrale (KDC) nicht läuft, können hier alternative " +"Server definiert werden. An die Adressen oder Rechnernamen kann eine " +"optionale Portnummer (der ein Doppelpunkt vorangestellt ist) angehängt " +"werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" +"Weitere Informationen über Ausfallsicherung und Redundanz finden Sie im " +"Abschnitt »AUSFALLSICHERUNG«. HINWEIS: Selbst wenn es keine weiteren " +"»kpasswd«-Server mehr auszuprobieren gibt, wird das Backend nicht offline " +"gehen, da eine Authentifizierung gegen die Schlüsselverwaltungszentrale " +"(KDC) immer noch möglich ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "Voreinstellung: KDC benutzen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "krb5_ccachedir (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" +"Das Verzeichnis zum Ablegen von Anmeldedaten-Zwischenspeichern. Alle " +"Ersetzungssequenzen von krb5_ccname_template können hier auch verwendet " +"werden, außer %d und %P. Das Verzeichnis wird als privat angelegt und ist " +"Eigentum des Benutzers. Die Zugriffsrechte werden auf 0700 gesetzt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "Voreinstellung: /tmp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "krb5_ccname_template (Zeichenkette)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "%u" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "Anmeldename" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "%U" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "Anmelde-UID" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "%p" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "Principal-Name" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "%r" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "Realm-Name" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 include/override_homedir.xml:42 +msgid "%h" +msgstr "%h" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:124 +msgid "home directory" +msgstr "Home-Verzeichnis" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "%d" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "Wert von krb5_ccachedir" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:31 +msgid "%P" +msgstr "%P" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "die Prozess-ID des SSSD-Clients" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:56 +msgid "%%" +msgstr "%%" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:57 +msgid "a literal '%'" +msgstr "ein buchstäbliches »%«" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" +"Der Ort für die Zwischenspeicherung der Anmeldedaten des Benutzers. Drei " +"Zwischenspeichertypen werden derzeit unterstützt: <quote>FILE</quote>, " +"<quote>DIR</quote> und <quote>KEYRING:persistent</quote>. Der " +"Zwischenspeicher kann entweder als <replaceable>TYP:REST</replaceable> oder " +"als absoluter Pfad angegeben werden, wobei Letzteres den Typ <quote>FILE</" +"quote> beinhaltet. In der Schablone werden die folgenden Sequenzen ersetzt: " +"<placeholder type=\"variablelist\" id=\"0\"/> Falls die Vorlage mit »XXXXXX« " +"endet, wird mkstemp(3) verwendet, um auf sichere Weise einen eindeutigen " +"Dateinamen zu erzeugen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" +"Wenn der KEYRING-Typ verwendet wird, ist <quote>KEYRING:persistent:%U</" +"quote> der einzige unterstützte Mechanismus. Hierfür wird der Schlüsselbund " +"des Linux-Kernels zum Speichern der Anmeldedaten getrennt nach Benutzer-IDs " +"verwendet. Dies wird auch empfohlen, da es die sicherste und " +"vorausberechenbarste Methode ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" +"Der Vorgabewert für den Anmeldedaten-Zwischenspeicher wird aus dem im " +"Abschnitt [libdefaults] der Datei krb5.conf enthaltenen Profil der " +"systemweiten Konfiguration bezogen. Der Name der Option ist " +"default_ccache_name. Im Abschnitt PARAMETER EXPANSION der Handbuchseite zu " +"krb5.conf(5) finden Sie zusätzliche Informationen zu dem in krb5.conf " +"definierten Format." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "Voreinstellung: (aus libkrb5)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_keytab (string)" +msgstr "krb5_keytab (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" +"der Speicherort der Keytab, der bei der Überprüfung von Berechtigungen " +"benutzt wird, die von Schlüsselverwaltungszentralen (KDCs) stammen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:253 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "krb5_store_password_if_offline (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:256 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" +"speichert das Passwort des Benutzers, falls der Anbieter offline ist, und " +"benutzt es zur Abfrage des TGTs, wenn der Anbieter wieder online geht." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:261 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" +"HINWEIS: Diese Funktionalität ist nur auf Linux verfügbar. Passwörter, die " +"auf diese Weise gespeichert wurden, werden im Klartext im Schlüsselbund des " +"Kernels aufbewahrt. Darauf kann unter Umständen (mit Mühe) durch den " +"Benutzer Root zugegriffen werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:274 +msgid "krb5_use_fast (string)" +msgstr "krb5_use_fast (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:277 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" +"Schaltet das flexible Authentifizierungs-Sicherheits-Tunneln (FAST) für die " +"Vorauthentifizierung von Kerberos ein. Die folgenden Optionen werden " +"unterstützt:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:282 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" +"<emphasis>never</emphasis>: FAST wird nie benutzt. Dies ist so, als ob diese " +"Einstellung gar nicht gemacht würde." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:286 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" +"<emphasis>try</emphasis>: Es wird versucht, FAST zu benutzen. Falls der " +"Server kein FAST unterstützt, fährt die Authentifizierung ohne fort." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:291 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" +"<emphasis>demand</emphasis>: Fragt nach, ob FAST benutzt werden soll. Die " +"Authentifizierung schlägt fehl, falls der Server kein FAST erfordert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:296 +msgid "Default: not set, i.e. FAST is not used." +msgstr "Voreinstellung: nicht gesetzt, d.h. FAST wird nicht benutzt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:299 +#, fuzzy +#| msgid "NOTE: a keytab is required to use FAST." +msgid "NOTE: a keytab or support for anonymous PKINIT is required to use FAST." +msgstr "HINWEIS: Zur Benutzung von FAST ist eine Keytab erforderlich." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:303 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" +"HINWEIS: SSSD unterstützt FAST nur mit MIT-Kerberos-Version 1.8 und neuer. " +"Falls SSSD mit einer älteren Version von MIT-Kerberos benutzt wird, ist die " +"Verwendung dieser Option ein Konfigurationsfehler." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:312 +msgid "krb5_fast_principal (string)" +msgstr "krb5_fast_principal (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:315 +msgid "Specifies the server principal to use for FAST." +msgstr "gibt den Server-Principal zur Benutzung von FAST an." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:321 +#, fuzzy +#| msgid "krb5_use_kdcinfo (boolean)" +msgid "krb5_fast_use_anonymous_pkinit (boolean)" +msgstr "krb5_use_kdcinfo (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:324 +msgid "" +"If set to true try to use anonymous PKINIT instead of a keytab to get the " +"required credential for FAST. The krb5_fast_principal options is ignored in " +"this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:364 +msgid "krb5_kdcinfo_lookahead (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:367 +msgid "" +"When krb5_use_kdcinfo is set to true, you can limit the amount of servers " +"handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. This might be " +"helpful when there are too many servers discovered using SRV record." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:377 +msgid "" +"The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. " +"The first number represents number of primary servers used and the second " +"number specifies the number of backup servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:383 +msgid "" +"For example <emphasis>10:0</emphasis> means that up to 10 primary servers " +"will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " +"servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:392 +msgid "Default: 3:1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:398 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "krb5_use_enterprise_principal (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:401 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" +"gibt an, ob der User Principal als Enterprise Principal betrachtet werden " +"soll. Weitere Informationen über Enterprise Principals finden Sie in " +"Abschnitt 5 von RFC 6806." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:407 +msgid "Default: false (AD provider: true)" +msgstr "Voreinstellung: falsch (AD-Anbieter: wahr)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:410 +msgid "" +"The IPA provider will set to option to 'true' if it detects that the server " +"is capable of handling enterprise principals and the option is not set " +"explicitly in the config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:419 +#, fuzzy +#| msgid "krb5_use_kdcinfo (boolean)" +msgid "krb5_use_subdomain_realm (boolean)" +msgstr "krb5_use_kdcinfo (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:422 +msgid "" +"Specifies to use subdomains realms for the authentication of users from " +"trusted domains. This option can be set to 'true' if enterprise principals " +"are used with upnSuffixes which are not known on the parent domain KDCs. If " +"the option is set to 'true' SSSD will try to send the request directly to a " +"KDC of the trusted domain the user is coming from." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:438 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:453 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:458 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Falls das Authentifizierungsmodul Krb5 in einer SSSD-Domain benutzt wird, " +"müssen die folgenden Optionen verwendet werden. Einzelheiten über die " +"Konfiguration einer SSSD-Domain finden Sie im Abschnitt »DOMAIN-ABSCHNITTE« " +"der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:485 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" +"Das folgende Beispiel geht davon aus, dass SSSD korrekt konfiguriert wurde " +"und FOO eine der Domains im Abschnitt <replaceable>[sssd]</replaceable> ist. " +"Dieses Beispiel zeigt nur die Authentifizierung mit Kerberos, sie umfasst " +"keine Identitätsanbieter." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:493 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "sss_cache" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "führt eine Bereinigung des Zwischenspeichers durch." + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>Optionen</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online. Options that invalidate a single object only accept a " +"single provided argument." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:43 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "<option>-E</option>,<option>--everything</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:47 +msgid "Invalidate all cached entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:53 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" +"<option>-u</option>,<option>--user</option> <replaceable>Anmeldung</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:58 +msgid "Invalidate specific user." +msgstr "annulliert einen bestimmten Benutzer." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:64 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "<option>-U</option>,<option>--users</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:68 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" +"annulliert alle Benutzerdatensätze. Diese Option setzt das Annullieren " +"bestimmter Benutzer außer Kraft, falls es ebenfalls gesetzt war." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:75 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" +"<option>-g</option>,<option>--group</option> <replaceable>Gruppe</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:80 +msgid "Invalidate specific group." +msgstr "annulliert eine bestimmte Gruppe." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:86 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "<option>-G</option>,<option>--groups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:90 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" +"annulliert alle Gruppendatensätze. Diese Option setzt das Annullieren " +"bestimmter Gruppen außer Kraft, falls es ebenfalls gesetzt war." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:97 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>Netzgruppe</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:102 +msgid "Invalidate specific netgroup." +msgstr "annulliert eine bestimmte Netzgruppe." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:108 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "<option>-N</option>,<option>--netgroups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:112 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" +"annulliert alle Netzgruppendatensätze. Diese Option setzt das Annullieren " +"bestimmter Netzgruppen außer Kraft, falls es ebenfalls gesetzt war." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:119 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" +"<option>-s</option>,<option>--service</option> <replaceable>Dienst</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:124 +msgid "Invalidate specific service." +msgstr "annulliert einen bestimmten Dienst." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:130 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "<option>-S</option>,<option>--services</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:134 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" +"annulliert alle Dienstdatensätze. Diese Option setzt das Annullieren " +"bestimmter Dienste außer Kraft, falls es ebenfalls gesetzt war." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:141 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>Autofs-" +"Abbildung</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:146 +msgid "Invalidate specific autofs maps." +msgstr "annulliert eine bestimmte Autofs-Abbildung." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:152 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "<option>-A</option>,<option>--autofs-maps</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:156 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" +"annulliert alle Autofs-Abbildungen. Diese Option setzt das Annullieren " +"bestimmter Abbildungen außer Kraft, falls es ebenfalls gesetzt war." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:163 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:168 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:174 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:178 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:186 +msgid "" +"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:191 +msgid "Invalidate particular sudo rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:197 +msgid "<option>-R</option>,<option>--sudo-rules</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:201 +msgid "" +"Invalidate all cached sudo rules. This option overrides invalidation of " +"specific sudo rule if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:209 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>Domain</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:214 +msgid "Restrict invalidation process only to a particular domain." +msgstr "begrenzt den Annullierungsprozess auf eine bestimmte Domain." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_cache.8.xml:224 +msgid "EFFECTS ON THE FAST MEMORY CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:226 +msgid "" +"<command>sss_cache</command> also invalidates the memory cache. Since the " +"memory cache is a file which is mapped into the memory of each process which " +"called SSSD to resolve users or groups the file cannot be truncated. A " +"special flag is set in the header of the file to indicate that the content " +"is invalid and then the file is unlinked by SSSD's NSS responder and a new " +"cache file is created. Whenever a process is now doing a new lookup for a " +"user or a group it will see the flag, close the old memory cache file and " +"map the new one into its memory. When all processes which had opened the old " +"memory cache file have closed it while looking up a user or a group the " +"kernel can release the occupied disk space and the old memory cache file is " +"finally removed completely." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:240 +msgid "" +"A special case is long running processes which are doing user or group " +"lookups only at startup, e.g. to determine the name of the user the process " +"is running as. For those lookups the memory cache file is mapped into the " +"memory of the process. But since there will be no further lookups this " +"process would never detect if the memory cache file was invalidated and " +"hence it will be kept in memory and will occupy disk space until the process " +"stops. As a result calling <command>sss_cache</command> might increase the " +"disk usage because old memory cache files cannot be removed from the disk " +"because they are still mapped by long running processes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:252 +msgid "" +"A possible work-around for long running processes which are looking up users " +"and groups only at startup or very rarely is to run them with the " +"environment variable SSS_NSS_USE_MEMCACHE set to \"NO\" so that they won't " +"use the memory cache at all and not map the memory cache file into the " +"memory. In general a better solution is to tune the cache timeout parameters " +"so that they meet the local expectations and calling <command>sss_cache</" +"command> is not needed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "sss_debuglevel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "[DEPRECATED] change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>Optionen</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEUE_DEBUG_STUFE</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl " +"debug-level command. Please refer to the <command>sssctl</command> man page " +"for more information on sssctl usage." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "sss_seed" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "füllt den SSSD-Zwischenspeicher mit einem Benutzer" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>Optionen</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>BENUTZER</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" +"<command>sss_seed</command> füllt den SSSD-Zwischenspeicher mit einem " +"Benutzereintrag und einem temporären Passwort. Falls bereits ein " +"Benutzereintrag im SSSD-Zwischenspeicher vorhanden ist, wird der Eintrag mit " +"dem temporären Passwort aktualisiert." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" +"stellt den Namen der Doamin bereit, in der der Benutzer Mitglied ist. Die " +"Domain wird auch zur Abfrage von Benutzerinformationen verwendet. Sie muss " +"in der »sssd.conf« konfiguriert sein. Die Option <replaceable>DOMAIN</" +"replaceable> muss bereitgestellt werden. Von der Domain geholte " +"Informationen setzen das, was in den Optionen bereitgestellt wurde, außer " +"Kraft." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--username</option> <replaceable>BENUTZER</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" +"der Benutzername des Eintrags, der im Zwischenspeicher erstellt oder " +"verändert werden soll. Die Option <replaceable>BENUTZER</replaceable> muss " +"bereitgestellt werden." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "setzt die UID des Benutzers auf <replaceable>UID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "setzt die GID des Benutzers auf <replaceable>GID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" +"<option>-c</option>,<option>--gecos</option> <replaceable>KOMMENTAR</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" +"irgendeine Zeichenkette, die den Benutzer beschreibt. Dieses Feld wird oft " +"für den vollständigen Namen des Benutzers verwendet." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_VERZ</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" +"setzt das Home-Verzeichnis des Benutzers auf <replaceable>HOME_VERZ</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" +"setzt die Anmelde-Shell des Benutzers auf <replaceable>SHELL</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" +"interaktiver Modus zur Eingabe von Benutzerinformationen. Diese Option wird " +"nur nach Informationen fragen, die nicht von den Optionen bereitgestellt " +"oder in der Domain geholt werden." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" +"<option>-p</option>,<option>--password-file</option> " +"<replaceable>PASSWORTDATEI</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" +"gibt die Datei an, aus der das Passwort des Benutzers gelesen wird (ist es " +"nicht angegeben, wird nach dem Passwort gefragt)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" +"Die Länge des Passworts (oder die Größe der mit der Option -p oder --" +"password-file angegebenen Datei) muss kleiner oder gleich PASS_MAX Byte sein " +"(64 Byte auf Systemen ohne global definiertem Wert für PASS_MAX)." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "sssd-ifp" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "SSSD InfoPipe-Responder" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Diese Handbuchseite beschreibt die Konfiguration des InfoPipe-Responders für " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Eine detaillierte Syntaxreferenz finden Sie im Abschnitt " +"<quote>DATEIFORMAT</quote> in der Handbuchseite zu <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" +"Der InfoPipe-Responder stellt eine öffentliche D-Bus-Schnittstelle bereit, " +"auf die über den Systembus zugegriffen werden kann. Die Schnittstelle " +"ermöglicht die Abfrage von Informationen zu entfernten Benutzern und Gruppen " +"über den Systembus." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ifp.5.xml:43 +msgid "FIND BY VALID CERTIFICATE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:45 +msgid "" +"The following options can be used to control how the certificates are " +"validated when using the FindByValidCertificate() API:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:48 sss_ssh_authorizedkeys.1.xml:92 +msgid "ca_db" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:49 sss_ssh_authorizedkeys.1.xml:93 +msgid "p11_child_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:50 sss_ssh_authorizedkeys.1.xml:94 +msgid "certificate_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:52 +#, fuzzy +#| msgid "" +#| "The detailed instructions for configuration of sudo_provider are in the " +#| "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry>." +msgid "" +"For more details about the options see <citerefentry><refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." +msgstr "" +"Detaillierte Anweisungen zur Konfiguration von sudo_provider finden Sie in " +"der Handbuchseite zu <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:62 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" +"Diese Optionen können zur Konfiguration des InfoPipe-Responders verwendet " +"werden." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:69 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" +"Gibt eine durch Kommata getrennte Liste der Benutzer-ID-Werte oder " +"Benutzernamen an, denen der Zugriff auf den InfoPipe-Responder erlaubt ist. " +"Benutzernamen werden beim Start in Benutzer-IDs aufgelöst." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:75 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" +"Voreinstellung: 0 (nur der Benutzer »root« darf auf den InfoPipe-Responder " +"zugreifen)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:79 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" +"Beachten Sie, dass trotz der Verwendung der Benutzer-ID 0 als Voreinstellung " +"diese durch die Option überschrieben wird. Falls Sie wollen, dass dem Root-" +"Benutzer der Zugriff auf den InfoPipe-Responder gewährt werden soll, was der " +"typische Fall ist, müssen Sie 0 ebenfalls zur Liste der erlaubten Benutzer-" +"IDs hinzufügen." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:93 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" +"Gibt eine durch Kommata getrennte Liste der auf die weiße (erlaubt) " +"beziehungsweise schwarze Liste (blockiert) gesetzten Attribute an." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "name" +msgstr "name" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:108 +msgid "user's login name" +msgstr "Anmeldename des Benutzers" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "uidNumber" +msgstr "uidNumber" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user ID" +msgstr "Benutzer-ID" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:115 +msgid "gidNumber" +msgstr "gidNumber" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:116 +msgid "primary group ID" +msgstr "primäre Gruppen-ID" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:119 +msgid "gecos" +msgstr "gecos" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:120 +msgid "user information, typically full name" +msgstr "Benutzerinformation, typischerweise der vollständige Name" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:123 +msgid "homeDirectory" +msgstr "homeDirectory" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:127 +msgid "loginShell" +msgstr "loginShell" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:128 +msgid "user shell" +msgstr "Benutzershell" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:97 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"In der Voreinstellung erlaubt der InfoPipe-Responder nur die Abfrage des " +"Standardsatzes an POSIX-Attributen. Dieser Satz ist der gleiche, wie er von " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> zurückgegeben wird und enthält Folgendes: " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:141 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:133 +msgid "" +"It is possible to add another attribute to this set by using " +"<quote>+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Es ist möglich, ein weiteres Attribut zu diesem Satz hinzuzufügen, indem Sie " +"<quote>+attr_name</quote> verwenden. Explizit entfernen lässt sich ein " +"Attribut mit <quote>-attr_name</quote>. Um beispielsweise " +"<quote>telephoneNumber</quote> zu erlauben, aber <quote>loginShell</quote> " +"abzuweisen, können Sie folgende Konfiguration verwenden: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:145 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" +"Voreinstellung: Nicht gesetzt. Nur der Standardsatz an POSIX-Attributen ist " +"erlaubt." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:155 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:160 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:316 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "SIEHE AUCH" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "sss_ssh_authorizedkeys" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "1" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "holt autorisierte OpenSSH-Schlüssel" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>Optionen</replaceable> </arg> <arg " +"choice='plain'><replaceable>BENUTZER</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" +"<command>sss_ssh_authorizedkeys</command> beschafft öffentliche SSH-" +"Schlüssel für den Anwender <replaceable>BENUTZER</replaceable> und gibt sie " +"im OpenSSH-Format »authorized_keys« aus (weitere Informationen finden Sie im " +"Abschnitt »AUTHORIZED_KEYS-DATEIFORMAT« von " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the " +"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> man page for more details about this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:59 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:52 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_ssh_authorizedkeys.1.xml:65 +msgid "KEYS FROM CERTIFICATES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:67 +msgid "" +"In addition to the public SSH keys for user <replaceable>USER</replaceable> " +"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived " +"from the public key of a X.509 certificate as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:73 +msgid "" +"To enable this the <quote>ssh_use_certificate_keys</quote> option must be " +"set to true (default) in the [ssh] section of <filename>sssd.conf</" +"filename>. If the user entry contains certificates (see " +"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or " +"there is a certificate in an override entry for the user (see " +"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the " +"certificate is valid SSSD will extract the public key from the certificate " +"and convert it into the format expected by sshd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:90 +msgid "Besides <quote>ssh_use_certificate_keys</quote> the options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:96 +msgid "" +"can be used to control how the certificates are validated (see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:101 +msgid "" +"The validation is the benefit of using X.509 certificates instead of SSH " +"keys directly because e.g. it gives a better control of the lifetime of the " +"keys. When the ssh client is configured to use the private keys from a " +"Smartcard with the help of a PKCS#11 shared library (see " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> for details) it might be irritating that authentication is " +"still working even if the related X.509 certificate on the Smartcard is " +"already expired because neither <command>ssh</command> nor <command>sshd</" +"command> will look at the certificate at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:114 +msgid "" +"It has to be noted that the derived public SSH key can still be added to the " +"<filename>authorized_keys</filename> file of the user to bypass the " +"certificate validation if the <command>sshd</command> configuration permits " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:132 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"sucht nach öffentlichen Schlüsseln von Benutzern in der SSSD-Domain " +"<replaceable>DOMAIN</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:102 +msgid "EXIT STATUS" +msgstr "EXIT-STATUS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:104 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" +"Im Erfolgsfall ist der Rückgabewert 0, andernfalls wird 1 zurückgegeben." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "sss_ssh_knownhostsproxy" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "holt OpenSSH-Rechnerschlüssel" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>Optionen</replaceable> </arg> <arg " +"choice='plain'><replaceable>RECHNER</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_BEFEHL</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and establishes the connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" +"Falls ein <replaceable>PROXY_BEFEHL</replaceable> angegeben wurde, wird er " +"zum Erstellen der Verbindung mit dem Rechner benutzt, anstatt ein Socket zu " +"öffnen." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> kann durch Verwendung der folgenden Richtlinien für die " +"Konfiguration von <citerefentry><refentrytitle>ssh</refentrytitle> " +"<manvolnum>1</manvolnum></citerefentry> so eingerichtet werden, dass es " +"<command>sss_ssh_knownhostsproxy</command> zur Authentifizierung des " +"Rechnerschlüssels benutzt: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" +"benutzt Port <replaceable>PORT</replaceable> zur Verbindung mit dem Rechner. " +"Standardmäßig wird Port 22 verwendet." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"sucht in der SSSD-Domain nach <replaceable>DOMAIN</replaceable> öffentlichen " +"Schlüsseln für den Rechner." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:89 +msgid "<option>-k</option>,<option>--pubkey</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:93 +msgid "" +"Print the host ssh public keys for host <replaceable>HOST</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: idmap_sss.8.xml:10 idmap_sss.8.xml:15 +msgid "idmap_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: idmap_sss.8.xml:16 +msgid "SSSD's idmap_sss Backend for Winbind" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:22 +msgid "" +"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. " +"No database is required in this case as the mapping is done by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: idmap_sss.8.xml:29 +msgid "IDMAP OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: idmap_sss.8.xml:33 +msgid "range = low - high" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: idmap_sss.8.xml:35 +msgid "" +"Defines the available matching UID and GID range for which the backend is " +"authoritative." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:45 +msgid "" +"This example shows how to configure idmap_sss as the default mapping module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: idmap_sss.8.xml:50 +#, no-wrap +msgid "" +"[global]\n" +"security = ads\n" +"workgroup = <AD-DOMAIN-SHORTNAME>\n" +"\n" +"idmap config <AD-DOMAIN-SHORTNAME> : backend = sss\n" +"idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647\n" +"\n" +"idmap config * : backend = tdb\n" +"idmap config * : range = 100000-199999\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:62 +msgid "" +"Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of " +"the AD domain. If multiple AD domains should be used each domain needs an " +"<literal>idmap config</literal> line with <literal>backend = sss</literal> " +"and a line with a suitable <literal>range</literal>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:69 +msgid "" +"Since Winbind requires a writeable default backend and idmap_sss is read-" +"only the example includes <literal>backend = tdb</literal> as default." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssctl.8.xml:10 sssctl.8.xml:15 +msgid "sssctl" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssctl.8.xml:16 +msgid "SSSD control and status utility" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssctl.8.xml:21 +msgid "" +"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:32 +msgid "" +"<command>sssctl</command> provides a simple and unified way to obtain " +"information about SSSD status, such as active server, auto-discovered " +"servers, domains and cached objects. In addition, it can manage SSSD data " +"files for troubleshooting in such a way that is safe to manipulate while " +"SSSD is running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:43 +msgid "" +"To list all available commands run <command>sssctl</command> without any " +"parameters. To print help for selected command run <command>sssctl COMMAND --" +"help</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-files.5.xml:10 sssd-files.5.xml:16 +msgid "sssd-files" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-files.5.xml:17 +msgid "SSSD files provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:23 +msgid "" +"This manual page describes the files provider for <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:36 +msgid "" +"The files provider mirrors the content of the <citerefentry> " +"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files " +"provider is to make the users and groups traditionally only accessible with " +"NSS interfaces also available through the SSSD interfaces such as " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:55 +msgid "" +"Another reason is to provide efficient caching of local users and groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:58 +#, fuzzy +#| msgid "" +#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> manual page for more details." +msgid "" +"Please note that besides explicit domain definition the files provider can " +"be configured also implicitly using 'enable_files_domain' option. See " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details." +msgstr "" +"Weitere Einzelheiten finden Sie in der Handbuchseite <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> beim Parameter »dns_discovery_domain«." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:66 +msgid "" +"SSSD never handles resolution of user/group \"root\". Also resolution of UID/" +"GID 0 is not handled by SSSD. Such requests are passed to next NSS module " +"(usually files)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:71 +msgid "" +"When SSSD is not running or responding, nss_sss returns the UNAVAIL code " +"which causes the request to be passed to the next module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:95 +msgid "passwd_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:98 +msgid "" +"Comma-separated list of one or multiple password filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:104 +msgid "Default: /etc/passwd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:110 +msgid "group_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:113 +msgid "" +"Comma-separated list of one or multiple group filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:119 +msgid "Default: /etc/group" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:125 +#, fuzzy +#| msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgid "fallback_to_nss (boolean)" +msgstr "ldap_rfc2307_fallback_to_local_users (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:128 +msgid "" +"While updating the internal data SSSD will return an error and let the " +"client continue with the next NSS module. This helps to avoid delays when " +"using the default system files <filename>/etc/passwd</filename> and " +"<filename>/etc/group</filename> and the NSS configuration has 'sss' before " +"'files' for the 'passwd' and 'group' maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:138 +msgid "" +"If the files provider is configured to monitor other files it makes sense to " +"set this option to 'False' to avoid inconsistent behavior because in general " +"there would be no other NSS module which can be used as a fallback." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:79 +msgid "" +"In addition to the options listed below, generic SSSD domain options can be " +"set where applicable. Refer to the section <quote>DOMAIN SECTIONS</quote> " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for details on the configuration of " +"an SSSD domain. But the purpose of the files provider is to expose the same " +"data as the UNIX files, just through the SSSD interfaces. Therefore not all " +"generic domain options are supported. Likewise, some global options, such as " +"overriding the shell in the <quote>nss</quote> section for all domains has " +"no effect on the files domain unless explicitly specified per-domain. " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:157 +msgid "" +"The following example assumes that SSSD is correctly configured and files is " +"one of the domains in the <replaceable>[sssd]</replaceable> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:163 +#, no-wrap +msgid "" +"[domain/files]\n" +"id_provider = files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:168 +msgid "" +"To leverage caching of local users and groups by SSSD nss_sss module must be " +"listed before nss_files module in /etc/nsswitch.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:174 +#, no-wrap +msgid "" +"passwd: sss files\n" +"group: sss files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16 +msgid "sssd-session-recording" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-session-recording.5.xml:17 +msgid "Configuring session recording with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to " +"implement user session recording on text terminals. For a detailed " +"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> " +"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:41 +msgid "" +"SSSD can be set up to enable recording of everything specific users see or " +"type during their sessions on text terminals. E.g. when users log in on the " +"console, or via SSH. SSSD itself doesn't record anything, but makes sure " +"tlog-rec-session is started upon user login, so it can record according to " +"its configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:48 +msgid "" +"For users with session recording enabled, SSSD replaces the user shell with " +"tlog-rec-session in NSS responses, and adds a variable specifying the " +"original shell to the user environment, upon PAM session setup. This way " +"tlog-rec-session can be started in place of the user shell, and know which " +"actual shell to start, once it set up the recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:60 +msgid "These options can be used to configure the session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:178 +msgid "" +"The following snippet of sssd.conf enables session recording for users " +"\"contractor1\" and \"contractor2\", and group \"students\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-session-recording.5.xml:183 +#, no-wrap +msgid "" +"[session_recording]\n" +"scope = some\n" +"users = contractor1, contractor2\n" +"groups = students\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16 +msgid "sssd-kcm" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-kcm.8.xml:17 +msgid "SSSD Kerberos Cache Manager" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:23 +msgid "" +"This manual page describes the configuration of the SSSD Kerberos Cache " +"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos " +"credential caches. It originates in the Heimdal Kerberos project, although " +"the MIT Kerberos library also provides client side (more details on that " +"below) support for the KCM credential cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:31 +msgid "" +"In a setup where Kerberos caches are managed by KCM, the Kerberos library " +"(typically used through an application, like e.g., <citerefentry> " +"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </" +"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is " +"being referred to as a <quote>\"KCM server\"</quote>. The client and server " +"communicate over a UNIX socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:42 +msgid "" +"The KCM server keeps track of each credential caches's owner and performs " +"access check control based on the UID and GID of the KCM client. The root " +"user has access to all credential caches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:47 +msgid "The KCM credential cache has several interesting properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:51 +msgid "" +"since the process runs in userspace, it is subject to UID namespacing, " +"unlike the kernel keyring" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:56 +msgid "" +"unlike the kernel keyring-based cache, which is shared between all " +"containers, the KCM server is a separate process whose entry point is a UNIX " +"socket" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:61 +msgid "" +"the SSSD implementation stores the ccaches in a database, typically located " +"at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to " +"survive KCM server restarts or machine reboots." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:67 +msgid "" +"This allows the system to use a collection-aware credential cache, yet share " +"the credential cache between some or no containers by bind-mounting the " +"socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:72 +msgid "" +"The KCM default client idle timeout is 5 minutes, this allows more time for " +"user interaction with command line tools such as kinit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:78 +msgid "USING THE KCM CREDENTIAL CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:88 +#, no-wrap +msgid "" +"[libdefaults]\n" +" default_ccache_name = KCM:\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:80 +msgid "" +"In order to use KCM credential cache, it must be selected as the default " +"credential type in <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials " +"cache name must be only <quote>KCM:</quote> without any template " +"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:93 +msgid "" +"Next, make sure the Kerberos client libraries and the KCM server must agree " +"on the UNIX socket path. By default, both use the same path <replaceable>/" +"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos " +"library, change its <quote>kcm_socket</quote> option which is described in " +"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:115 +#, no-wrap +msgid "" +"systemctl start sssd-kcm.socket\n" +"systemctl enable sssd-kcm.socket\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:104 +msgid "" +"Finally, make sure the SSSD KCM server can be contacted. The KCM service is " +"typically socket-activated by <citerefentry> <refentrytitle>systemd</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD " +"services, it cannot be started by adding the <quote>kcm</quote> string to " +"the <quote>service</quote> directive. <placeholder type=\"programlisting\" " +"id=\"0\"/> Please note your distribution may already configure the units for " +"you." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:124 +msgid "THE CREDENTIAL CACHE STORAGE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:126 +msgid "" +"The credential caches are stored in a database, much like SSSD caches user " +"or group entries. The database is typically located at <quote>/var/lib/sss/" +"secrets</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:133 +msgid "OBTAINING DEBUG LOGS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:144 +#, no-wrap +msgid "" +"[kcm]\n" +"debug_level = 10\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:149 sssd-kcm.8.xml:211 +#, no-wrap +msgid "" +"systemctl restart sssd-kcm.service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:135 +msgid "" +"The sssd-kcm service is typically socket-activated <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry>. To generate debug logs, add the following either to the " +"<filename>/etc/sssd/sssd.conf</filename> file directly or as a configuration " +"snippet to <filename>/etc/sssd/conf.d/</filename> directory: <placeholder " +"type=\"programlisting\" id=\"0\"/> Then, restart the sssd-kcm service: " +"<placeholder type=\"programlisting\" id=\"1\"/> Finally, run whatever use-" +"case doesn't work for you. The KCM logs will be generated at <filename>/var/" +"log/sssd/sssd_kcm.log</filename>. It is recommended to disable the debug " +"logs when you no longer need the debugging to be enabled as the sssd-kcm " +"service can generate quite a large amount of debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:159 +msgid "" +"Please note that configuration snippets are, at the moment, only processed " +"if the main configuration file at <filename>/etc/sssd/sssd.conf</filename> " +"exists at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:166 +msgid "RENEWALS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:174 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"krb5_renew_interval = 60m\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:168 +msgid "" +"The sssd-kcm service can be configured to attempt TGT renewal for renewable " +"TGTs stored in the KCM ccache. Renewals are only attempted when half of the " +"ticket lifetime has been reached. KCM Renewals are configured when the " +"following options are set in the [kcm] section: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:179 +msgid "" +"SSSD can also inherit krb5 options for renewals from an existing domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: sssd-kcm.8.xml:183 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"tgt_renewal_inherit = domain-name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:191 +#, no-wrap +msgid "" +"krb5_renew_interval\n" +"krb5_renewable_lifetime\n" +"krb5_lifetime\n" +"krb5_validate\n" +"krb5_canonicalize\n" +"krb5_auth_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:187 +msgid "" +"The following krb5 options can be configured in the [kcm] section to control " +"renewal behavior, these options are described in detail below <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:204 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> section of the sssd." +"conf file. Please note that because the KCM service is typically socket-" +"activated, it is enough to just restart the <quote>sssd-kcm</quote> service " +"after changing options in the <quote>kcm</quote> section of sssd.conf: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:215 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> For a detailed " +"syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:223 +msgid "" +"The generic SSSD service options such as <quote>debug_level</quote> or " +"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for a complete list. In addition, " +"there are some KCM-specific options as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:234 +msgid "socket_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:237 +msgid "The socket the KCM service will listen on." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:240 +msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:243 +msgid "" +"<phrase condition=\"have_systemd\"> Note: on platforms where systemd is " +"supported, the socket path is overwritten by the one defined in the sssd-kcm." +"socket unit file. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:252 +msgid "max_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:255 +msgid "How many credential caches does the KCM database allow for all users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:259 +msgid "Default: 0 (unlimited, only the per-UID quota is enforced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:264 +msgid "max_uid_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:267 +msgid "" +"How many credential caches does the KCM database allow per UID. This is " +"equivalent to <quote>with how many principals you can kinit</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:272 +msgid "Default: 64" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:277 +msgid "max_ccache_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:280 +msgid "" +"How big can a credential cache be per ccache. Each service ticket accounts " +"into this quota." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:284 +msgid "Default: 65536" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:289 +#, fuzzy +#| msgid "enumerate (bool)" +msgid "tgt_renewal (bool)" +msgstr "enumerate (Boolesch)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:292 +msgid "Enables TGT renewals functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:295 +#, fuzzy +#| msgid "Default: False (disabled)" +msgid "Default: False (Automatic renewals disabled)" +msgstr "Voreinstellung: False (deaktiviert)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:300 +#, fuzzy +#| msgid "krb5_renew_interval (string)" +msgid "tgt_renewal_inherit (string)" +msgstr "krb5_renew_interval (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:303 +msgid "Domain to inherit krb5_* options from, for use with TGT renewals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:307 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: NULL" +msgstr "Voreinstellung: 3" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:318 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>," +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16 +msgid "sssd-systemtap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-systemtap.5.xml:17 +msgid "SSSD systemtap information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:23 +msgid "" +"This manual page provides information about the systemtap functionality in " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:32 +msgid "" +"SystemTap Probe points have been added into various locations in SSSD code " +"to assist in troubleshooting and analyzing performance related issues." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:40 +msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:46 +msgid "" +"Probes and miscellaneous functions are defined in /usr/share/systemtap/" +"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp " +"respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:57 +msgid "PROBE POINTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:367 +msgid "" +"The information below lists the probe points and arguments available in the " +"following format:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:64 +msgid "probe $name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:67 +msgid "Description of probe point" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:70 +#, no-wrap +msgid "" +"variable1:datatype\n" +"variable2:datatype\n" +"variable3:datatype\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:80 +msgid "Database Transaction Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:84 +msgid "probe sssd_transaction_start" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:87 +msgid "" +"Start of a sysdb transaction, probes the sysdb_transaction_start() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118 +#: sssd-systemtap.5.xml:131 +#, no-wrap +msgid "" +"nesting:integer\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:97 +msgid "probe sssd_transaction_cancel" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:100 +msgid "" +"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() " +"function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:111 +msgid "probe sssd_transaction_commit_before" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:114 +msgid "Probes the sysdb_transaction_commit_before() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:124 +msgid "probe sssd_transaction_commit_after" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:127 +msgid "Probes the sysdb_transaction_commit_after() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:141 +msgid "LDAP Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:145 +msgid "probe sdap_search_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:148 +msgid "Probes the sdap_get_generic_ext_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:152 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"attrs:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:161 +msgid "probe sdap_search_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:164 +msgid "Probes the sdap_get_generic_ext_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:168 sssd-systemtap.5.xml:222 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:176 +msgid "probe sdap_parse_entry" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:179 +msgid "" +"Probes the sdap_parse_entry() function. It is called repeatedly with every " +"received attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:184 +#, no-wrap +msgid "" +"attr:string\n" +"value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:190 +msgid "probe sdap_parse_entry_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:193 +msgid "" +"Probes the sdap_parse_entry() function. It is called when parsing of " +"received object is finished." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:201 +msgid "probe sdap_deref_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:204 +msgid "Probes the sdap_deref_search_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:208 +#, no-wrap +msgid "" +"base_dn:string\n" +"deref_attr:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:215 +msgid "probe sdap_deref_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:218 +msgid "Probes the sdap_deref_search_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:234 +msgid "LDAP Account Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:238 +msgid "probe sdap_acct_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:241 +msgid "Probes the sdap_acct_req_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:245 sssd-systemtap.5.xml:260 +#, no-wrap +msgid "" +"entry_type:int\n" +"filter_type:int\n" +"filter_value:string\n" +"extra_value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:253 +msgid "probe sdap_acct_req_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:256 +msgid "Probes the sdap_acct_req_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:272 +msgid "LDAP User Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:276 +msgid "probe sdap_search_user_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:279 +msgid "Probes the sdap_search_user_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:283 sssd-systemtap.5.xml:295 sssd-systemtap.5.xml:307 +#: sssd-systemtap.5.xml:319 +#, no-wrap +msgid "" +"filter:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:288 +msgid "probe sdap_search_user_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:291 +msgid "Probes the sdap_search_user_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:300 +msgid "probe sdap_search_user_save_begin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:303 +msgid "Probes the sdap_search_user_save_begin() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:312 +msgid "probe sdap_search_user_save_end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:315 +msgid "Probes the sdap_search_user_save_end() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:328 +msgid "Data Provider Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:332 +msgid "probe dp_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:335 +msgid "A Data Provider request is submitted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:338 +#, no-wrap +msgid "" +"dp_req_domain:string\n" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:346 +msgid "probe dp_req_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:349 +msgid "A Data Provider request is completed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:352 +#, no-wrap +msgid "" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +"dp_ret:int\n" +"dp_errorstr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:365 +msgid "MISCELLANEOUS FUNCTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:372 +msgid "function acct_req_desc(entry_type)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:375 +msgid "Convert entry_type to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:380 +msgid "" +"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, " +"filter_value, extra_value)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:384 +msgid "Create probe string based on filter type" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:389 +msgid "function dp_target_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:392 +msgid "Convert target to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:397 +msgid "function dp_method_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:400 +msgid "Convert method to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:410 +msgid "SAMPLE SYSTEMTAP SCRIPTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:412 +msgid "" +"Start the SystemTap script (<command>stap /usr/share/sssd/systemtap/<" +"script_name>.stp</command>), then perform an identity operation and the " +"script will collect information from probes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:418 +msgid "Provided SystemTap scripts are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:422 +msgid "dp_request.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:425 +msgid "Monitoring of data provider request performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:430 +msgid "id_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:433 +msgid "Monitoring of <command>id</command> command performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:439 +msgid "ldap_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:442 +msgid "Monitoring of LDAP queries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:447 +msgid "nested_group_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:450 +msgid "Performance of nested groups resolving." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +msgid "sssd-ldap-attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap-attributes.5.xml:17 +msgid "SSSD LDAP Provider: Mapping Attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap-attributes.5.xml:23 +msgid "" +"This manual page describes the mapping attributes of SSSD LDAP provider " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. Refer to the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " +"for full details about SSSD LDAP provider configuration options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:38 +msgid "USER ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:42 +msgid "ldap_user_object_class (string)" +msgstr "ldap_user_object_class (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:45 +msgid "The object class of a user entry in LDAP." +msgstr "die Objektklasse eines Benutzereintrags in LDAP" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:48 +msgid "Default: posixAccount" +msgstr "Voreinstellung: posixAccount" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:54 +msgid "ldap_user_name (string)" +msgstr "ldap_user_name (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:57 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "das LDAP-Attribut, das zum Anmeldenamen des Benutzers gehört" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:61 +msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:68 +msgid "ldap_user_uid_number (string)" +msgstr "ldap_user_uid_number (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:71 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "das LDAP-Attribut, das zu der ID des Benutzers gehört" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:75 +msgid "Default: uidNumber" +msgstr "Voreinstellung: uidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:81 +msgid "ldap_user_gid_number (string)" +msgstr "ldap_user_gid_number (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:84 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "das LDAP-Attribut, das zu der Hauptgruppen-ID des Benutzers gehört" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:88 sssd-ldap-attributes.5.xml:698 +msgid "Default: gidNumber" +msgstr "Voreinstellung: gidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:94 +msgid "ldap_user_primary_group (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:97 +msgid "" +"Active Directory primary group attribute for ID-mapping. Note that this " +"attribute should only be set manually if you are running the <quote>ldap</" +"quote> provider with ID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:103 +msgid "Default: unset (LDAP), primaryGroupID (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:109 +msgid "ldap_user_gecos (string)" +msgstr "ldap_user_gecos (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:112 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "das LDAP-Attribut, das zum Gecos-Feld des Benutzers gehört" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:116 +msgid "Default: gecos" +msgstr "Voreinstellung: gecos" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:122 +msgid "ldap_user_home_directory (string)" +msgstr "ldap_user_home_directory (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:125 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" +"das LDAP-Attribut, das den Namen des Home-Verzeichnisses des Benutzers " +"enthält" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:129 +msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:135 +msgid "ldap_user_shell (string)" +msgstr "ldap_user_shell (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:138 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" +"das LDAP-Attribut, das den Pfad zur Standard-Shell des Benutzers enthält" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:142 +msgid "Default: loginShell" +msgstr "Voreinstellung: loginShell" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:148 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:151 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:155 sssd-ldap-attributes.5.xml:724 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:162 +msgid "ldap_user_objectsid (string)" +msgstr "ldap_user_objectsid (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:165 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"das LDAP-Attribut, das die objectSID eines LDAP-Benutzerobjekts enthält. " +"Dies wird normalerweise nur für Active-Directory-Server benötigt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:170 sssd-ldap-attributes.5.xml:739 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:177 +msgid "ldap_user_modify_timestamp (string)" +msgstr "ldap_user_modify_timestamp (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:180 sssd-ldap-attributes.5.xml:749 +#: sssd-ldap-attributes.5.xml:872 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" +"das LDAP-Attribut, das den Zeitstempel der letzten Änderung im " +"übergeordneten Objekt enthält" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:184 sssd-ldap-attributes.5.xml:753 +#: sssd-ldap-attributes.5.xml:879 +msgid "Default: modifyTimestamp" +msgstr "Voreinstellung: modifyTimestamp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:190 +msgid "ldap_user_shadow_last_change (string)" +msgstr "ldap_user_shadow_last_change (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:193 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" +"Wenn »ldap_pwd_policy=shadow« benutzt wird, enthält dieser Parameter den " +"Namen eines LDAP-Attributs, das zum entsprechenden Gegenstück von " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> (Datum der letzten Passwortänderung) gehört." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:203 +msgid "Default: shadowLastChange" +msgstr "Voreinstellung: shadowLastChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:209 +msgid "ldap_user_shadow_min (string)" +msgstr "ldap_user_shadow_min (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:212 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" +"Wenn »ldap_pwd_policy=shadow« benutzt wird, enthält dieser Parameter den " +"Namen eines LDAP-Attributs, das zum entsprechenden Gegenstück von " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> (Mindestpasswortalter) gehört." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:221 +msgid "Default: shadowMin" +msgstr "Voreinstellung: shadowMin" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:227 +msgid "ldap_user_shadow_max (string)" +msgstr "ldap_user_shadow_max (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:230 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" +"Wenn »ldap_pwd_policy=shadow« benutzt wird, enthält dieser Parameter den " +"Namen eines LDAP-Attributs, das zum entsprechenden Gegenstück von " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> (maximales Passwortalter) gehört." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:239 +msgid "Default: shadowMax" +msgstr "Voreinstellung: shadowMax" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:245 +msgid "ldap_user_shadow_warning (string)" +msgstr "ldap_user_shadow_warning (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:248 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" +"Wenn »ldap_pwd_policy=shadow« benutzt wird, enthält dieser Parameter den " +"Namen eines LDAP-Attributs, das zum entsprechenden Gegenstück von " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> (Passwortwarnperiode) gehört." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:258 +msgid "Default: shadowWarning" +msgstr "Voreinstellung: shadowWarning" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:264 +msgid "ldap_user_shadow_inactive (string)" +msgstr "ldap_user_shadow_inactive (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:267 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" +"Wenn »ldap_pwd_policy=shadow« benutzt wird, enthält dieser Parameter den " +"Namen eines LDAP-Attributs, das zum entsprechenden Gegenstück von " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> (Passwortinaktivitätsperiode) gehört." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:277 +msgid "Default: shadowInactive" +msgstr "Voreinstellung: shadowInactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:283 +msgid "ldap_user_shadow_expire (string)" +msgstr "ldap_user_shadow_expire (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:286 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" +"Wenn »ldap_pwd_policy=shadow« benutzt wird, enthält dieser Parameter den " +"Namen eines LDAP-Attributs, das zum entsprechenden Gegenstück von " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> (Ablaufdatum des Kontos) gehört." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:296 +msgid "Default: shadowExpire" +msgstr "Voreinstellung: shadowExpire" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:302 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "ldap_user_krb_last_pwd_change (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:305 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" +"Wenn »ldap_pwd_policy=mit_kerberos« benutzt wird, enthält dieser Parameter " +"den Namen eines LDAP-Attributs, in dem Datum und Zeit der letzten " +"Passwortänderung in Kerberos gespeichert sind." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:311 +msgid "Default: krbLastPwdChange" +msgstr "Voreinstellung: krbLastPwdChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:317 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "ldap_user_krb_password_expiration (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:320 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" +"Wenn »ldap_pwd_policy=mit_kerberos« benutzt wird, enthält dieser Parameter " +"den Namen eines LDAP-Attributs, welches das Datum und die Zeit enthält, wann " +"das aktuelle Passwort erlischt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:326 +msgid "Default: krbPasswordExpiration" +msgstr "Voreinstellung: krbPasswordExpiration" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:332 +msgid "ldap_user_ad_account_expires (string)" +msgstr "ldap_user_ad_account_expires (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:335 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" +"Wenn »ldap_account_expire_policy=ad« benutzt wird, enthält dieser Parameter " +"den Namen eines LDAP-Attributs, in dem die Zeit gespeichert ist, wann das " +"Konto erlischt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:340 +msgid "Default: accountExpires" +msgstr "Voreinstellung: accountExpires" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:346 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "ldap_user_ad_user_account_control (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:349 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" +"Wenn »ldap_account_expire_policy=ad« benutzt wird, enthält dieser Parameter " +"den Namen eines LDAP-Attributs, in dem das Steuer-Bit-Feld des " +"Benutzerkontos gespeichert ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:354 +msgid "Default: userAccountControl" +msgstr "Voreinstellung: userAccountControl" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:360 +msgid "ldap_ns_account_lock (string)" +msgstr "ldap_ns_account_lock (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:363 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" +"Wenn »ldap_account_expire_policy=rhds« oder Entsprechendes benutzt wird, " +"legt dieser Parameter fest, ob Zugriff gewährt wird oder nicht." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:368 +msgid "Default: nsAccountLock" +msgstr "Voreinstellung: nsAccountLock" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:374 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "ldap_user_nds_login_disabled (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:377 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" +"Wenn »ldap_account_expire_policy=nds« benutzt wird, legt dieses Attribut " +"fest, ob Zugriff gewährt wird oder nicht." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:381 sssd-ldap-attributes.5.xml:395 +msgid "Default: loginDisabled" +msgstr "Voreinstellung: loginDisabled" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:387 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "ldap_user_nds_login_expiration_time (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:390 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" +"Wenn »ldap_account_expire_policy=nds« benutzt wird, legt dieser Parameter " +"fest, bis zu welchem Datum Zugriff gewährt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:401 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "ldap_user_nds_login_allowed_time_map (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:404 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" +"Wenn »ldap_account_expire_policy=nds« benutzt wird, legt dieses Attribut die " +"Stunden eines Wochentages fest, in denen Zugriff gewährt wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:409 +msgid "Default: loginAllowedTimeMap" +msgstr "Voreinstellung: loginAllowedTimeMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:415 +msgid "ldap_user_principal (string)" +msgstr "ldap_user_principal (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:418 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" +"das LDAP-Attribut, das den Kerberos User Principal Name (UPN/" +"Hauptbenutzername) enthält." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:422 +msgid "Default: krbPrincipalName" +msgstr "Voreinstellung: krbPrincipalName" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:428 +msgid "ldap_user_extra_attrs (string)" +msgstr "ldap_user_extra_attrs (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:431 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" +"Durch Kommata getrennte Liste der LDAP-Attribute, die SSSD zusammen mit den " +"üblichen Benutzerattributen holen soll." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:436 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" +"Die Liste kann entweder nur Namen von LDAP-Attributen enthalten, oder durch " +"Doppelpunkte getrennte Tupel aus Attributnamen des SSSD-Zwischenspeichers " +"und Namen von LDAP-Attributen. Wenn nur die Namen von LDAP-Attributen " +"angegeben werden, wird das Attribut unverändert im Zwischenspeicher " +"gespeichert. Die Verwendung eines benutzerdefinierten SSSD-Attributnamens " +"kann in Umgebungen notwendig sein, in denen mehrere SSSD-Domains mit " +"unterschiedlichen LDAP-Schemata eingerichtet sind." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:446 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" +"Bitte beachten Sie, dass diverse Attributnamen durch SSSD reserviert sind, " +"beispielsweise das Attribut <quote>name</quote>. SSSD würde einen Fehler " +"melden, falls eines der reservierten Attribute als zusätzlicher Attributname " +"verwendet wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:456 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "ldap_user_extra_attrs = telephoneNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:459 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" +"Speichert das Attribut <quote>telephoneNumber</quote> von LDAP als " +"<quote>telephoneNumber</quote> im Zwischenspeicher." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:463 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "ldap_user_extra_attrs = phone:telephoneNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:466 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" +"Speichert das Attribut <quote>telephoneNumber</quote> von LDAP als " +"<quote>phone</quote> im Zwischenspeicher." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:476 +msgid "ldap_user_ssh_public_key (string)" +msgstr "ldap_user_ssh_public_key (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:479 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" +"das LDAP-Attribut, das die öffentlichen SSH-Schlüssel des Benutzers enthält" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:483 sssd-ldap-attributes.5.xml:963 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:489 +msgid "ldap_user_fullname (string)" +msgstr "ldap_user_fullname (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:492 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "das LDAP-Attribut, das dem vollständigen Benutzernamen entspricht" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:502 +msgid "ldap_user_member_of (string)" +msgstr "ldap_user_member_of (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:505 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" +"das LDAP-Attribut, das die Gruppenmitgliedschaften des Benutzers aufführt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:509 sssd-ldap-attributes.5.xml:950 +msgid "Default: memberOf" +msgstr "Voreinstellung: memberOf" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:515 +msgid "ldap_user_authorized_service (string)" +msgstr "ldap_user_authorized_service (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:518 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" +"Falls »access_provider=ldap« und »ldap_access_order=authorized_service« " +"benutzt werden, wird SSSD die Anwesenheit das Attributs »authorizedService« " +"im LDAP-Eintrag den Benutzers nutzen, um die Zugriffsrechte zu bestimmen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:525 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" +"Ein explizites Verweigern (»!svc«) wird zuerst aufgelöst. Als Zweites sucht " +"SSSD eine explizite Erlaubnis (»svc«) und zuletzt nach »allow_all« (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:530 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" +"Bitte beachten Sie, dass die Konfigurationsoption »ldap_access_order« " +"»authorized_service« enthalten <emphasis>muss</emphasis>, damit die Option " +"»ldap_user_authorized_service« funktioniert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:537 +msgid "" +"Some distributions (such as Fedora-29+ or RHEL-8) always include the " +"<quote>systemd-user</quote> PAM service as part of the login process. " +"Therefore when using service-based access control, the <quote>systemd-user</" +"quote> service might need to be added to the list of allowed services." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:545 +msgid "Default: authorizedService" +msgstr "Voreinstellung: authorizedService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:551 +msgid "ldap_user_authorized_host (string)" +msgstr "ldap_user_authorized_host (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:554 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" +"Falls »access_provider=ldap« und »ldap_access_order=host« benutzt werden, " +"wird SSSD die Anwesenheit das Attributs »host« im LDAP-Eintrag den Benutzers " +"verwenden, um die Zugriffsrechte zu bestimmen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:560 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" +"Ein explizites Verweigern (»!host«) wird zuerst aufgelöst. Als Zweites sucht " +"SSSD eine explizite Erlaubnis (»host«) und zuletzt nach »allow_all« (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:565 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" +"Bitte beachten Sie, dass die Konfigurationsoption »ldap_access_order« »host« " +"enthalten <emphasis>muss</emphasis>, damit die Option " +"»ldap_user_authorized_host« funktioniert." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:572 +msgid "Default: host" +msgstr "Voreinstellung: host" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:578 +msgid "ldap_user_authorized_rhost (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:581 +msgid "" +"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the " +"presence of the rhost attribute in the user's LDAP entry to determine access " +"privilege. Similarly to host verification process." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:588 +msgid "" +"An explicit deny (!rhost) is resolved first. Second, SSSD searches for " +"explicit allow (rhost) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:593 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>rhost</quote> in order for the " +"ldap_user_authorized_rhost option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:600 +msgid "Default: rhost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:606 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:609 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:613 +msgid "Default: userCertificate;binary" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:619 +msgid "ldap_user_email (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:622 +msgid "Name of the LDAP attribute containing the email address of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:626 +msgid "" +"Note: If an email address of a user conflicts with an email address or fully " +"qualified name of another user, then SSSD will not be able to serve those " +"users properly. If for some reason several users need to share the same " +"email address then set this option to a nonexistent attribute name in order " +"to disable user lookup/login by email." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:635 +msgid "Default: mail" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:640 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ldap_user_passkey (string)" +msgstr "ldap_user_name (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:643 +#, fuzzy +#| msgid "The LDAP attribute that contains the port managed by this service." +msgid "" +"Name of the LDAP attribute containing the passkey mapping data of the user." +msgstr "das LDAP-Attribut, das den von diesem Dienst verwalteten Port enthält" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:647 +msgid "Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:657 +msgid "GROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:661 +msgid "ldap_group_object_class (string)" +msgstr "ldap_group_object_class (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:664 +msgid "The object class of a group entry in LDAP." +msgstr "die Objektklasse eines Gruppeneintrags in LDAP" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:667 +msgid "Default: posixGroup" +msgstr "Voreinstellung: posixGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:673 +msgid "ldap_group_name (string)" +msgstr "ldap_group_name (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:676 +msgid "" +"The LDAP attribute that corresponds to the group name. In an environment " +"with nested groups, this value must be an LDAP attribute which has a unique " +"name for every group. This requirement includes non-POSIX groups in the tree " +"of nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:684 +msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:691 +msgid "ldap_group_gid_number (string)" +msgstr "ldap_group_gid_number (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:694 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "das LDAP-Attribut, das der Gruppen-ID entspricht" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:704 +msgid "ldap_group_member (string)" +msgstr "ldap_group_member (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:707 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "das LDAP-Attribut, das die Namen der Gruppenmitglieder enthält" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:711 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "Voreinstellung: memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:717 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:720 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:731 +msgid "ldap_group_objectsid (string)" +msgstr "ldap_group_objectsid (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:734 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"das LDAP-Attribut, das die ObjectSID eines LDAP-Gruppenobjekts enthält. Dies " +"wird normalerweise nur für Active-Directory-Server benötigt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:746 +msgid "ldap_group_modify_timestamp (string)" +msgstr "ldap_group_modify_timestamp (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:759 +msgid "ldap_group_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:762 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" +"Das LDAP-Attribut, das einen Ganzzahlwert enthält, der den Gruppentyp und " +"eventuell weitere Flags enthält." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:767 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" +"Dieses Attribut wird derzeit nur vom AD-Anbieter verwendet, um zu ermitteln, " +"ob eine Gruppe eine lokale Domain-Gruppe ist und aus den vertrauenswürdigen " +"Domains herausgefiltert werden sollte." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:773 +msgid "Default: groupType in the AD provider, otherwise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:780 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:783 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:789 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:799 +msgid "NETGROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:803 +msgid "ldap_netgroup_object_class (string)" +msgstr "ldap_netgroup_object_class (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:806 +msgid "The object class of a netgroup entry in LDAP." +msgstr "die Objektklasse eines Netzgruppeneintrags in LDAP" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:809 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" +"Beim IPA-Anbieter sollte stattdessen »ipa_netgroup_object_class« benutzt " +"werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:813 +msgid "Default: nisNetgroup" +msgstr "Voreinstellung: nisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:819 +msgid "ldap_netgroup_name (string)" +msgstr "ldap_netgroup_name (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:822 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "das LDAP-Attribut, das dem Netzgruppennamen entspricht" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:826 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" +"Beim IPA-Anbieter sollte stattdessen »ipa_netgroup_name« benutzt werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:836 +msgid "ldap_netgroup_member (string)" +msgstr "ldap_netgroup_member (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:839 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "das LDAP-Attribut, das die Namen der Netzgruppenmitglieder enthält" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:843 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" +"Beim IPA-Anbieter sollte stattdessen »ipa_netgroup_member« benutzt werden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:847 +msgid "Default: memberNisNetgroup" +msgstr "Voreinstellung: memberNisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:853 +msgid "ldap_netgroup_triple (string)" +msgstr "ldap_netgroup_triple (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:856 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" +"das LDAP-Attribut, das die Netzgruppen-Triples (Rechner, Benutzer, Domain) " +"enthält" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:860 sssd-ldap-attributes.5.xml:876 +msgid "This option is not available in IPA provider." +msgstr "Diese Option ist für IPA-Anbieter nicht verfügbar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:863 +msgid "Default: nisNetgroupTriple" +msgstr "Voreinstellung: nisNetgroupTriple" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:869 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "ldap_netgroup_modify_timestamp (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:888 +msgid "HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:892 +msgid "ldap_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:895 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:898 sssd-ldap-attributes.5.xml:995 +msgid "Default: ipService" +msgstr "Voreinstellung: ipService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:904 +msgid "ldap_host_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:907 sssd-ldap-attributes.5.xml:933 +msgid "The LDAP attribute that corresponds to the host's name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:917 +msgid "ldap_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:920 +msgid "" +"The LDAP attribute that corresponds to the host's fully-qualified domain " +"name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:924 +msgid "Default: fqdn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:930 +msgid "ldap_host_serverhostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:937 +msgid "Default: serverHostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:943 +msgid "ldap_host_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:946 +msgid "The LDAP attribute that lists the host's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:956 +msgid "ldap_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:959 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:969 +msgid "ldap_host_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:972 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:985 +msgid "SERVICE ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:989 +msgid "ldap_service_object_class (string)" +msgstr "ldap_service_object_class (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:992 +msgid "The object class of a service entry in LDAP." +msgstr "die Objektklasse eines Diensteintrags in LDAP" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1001 +msgid "ldap_service_name (string)" +msgstr "ldap_service_name (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1004 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" +"das LDAP-Attribut, das die Namen von Dienstattributen und ihre Alias enthält" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1014 +msgid "ldap_service_port (string)" +msgstr "ldap_service_port (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1017 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "das LDAP-Attribut, das den von diesem Dienst verwalteten Port enthält" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1021 +msgid "Default: ipServicePort" +msgstr "Voreinstellung: ipServicePort" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1027 +msgid "ldap_service_proto (string)" +msgstr "ldap_service_proto (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1030 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" +"das LDAP-Attribut, das die von diesem Dienst verstandenen Protokolle enthält" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1034 +msgid "Default: ipServiceProtocol" +msgstr "Voreinstellung: ipServiceProtocol" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1043 +msgid "SUDO ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1047 +msgid "ldap_sudorule_object_class (string)" +msgstr "ldap_sudorule_object_class (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1050 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "die Objektklasse eines Sudo-Regeleintrags in LDAP" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1053 +msgid "Default: sudoRole" +msgstr "Voreinstellung: sudoRole" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1059 +msgid "ldap_sudorule_name (string)" +msgstr "ldap_sudorule_name (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1062 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "das LDAP-Attribut, das dem Namen der Sudo-Regel entspricht" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1072 +msgid "ldap_sudorule_command (string)" +msgstr "ldap_sudorule_command (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1075 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "das LDAP-Attribut, das dem Namen des Befehls entspricht" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1079 +msgid "Default: sudoCommand" +msgstr "Voreinstellung: sudoCommand" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1085 +msgid "ldap_sudorule_host (string)" +msgstr "ldap_sudorule_host (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1088 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" +"das LDAP-Attribut, das dem Rechnernamen (oder der IP-Adresse, dem IP-" +"Netzwerk oder des Netzwerkgruppe des Rechners) entspricht" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1093 +msgid "Default: sudoHost" +msgstr "Voreinstellung: sudoHost" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1099 +msgid "ldap_sudorule_user (string)" +msgstr "ldap_sudorule_user (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1102 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" +"das LDAP-Attribut, das dem Benutzernamen (oder der UID, dem Gruppennamen " +"oder der Netzwerkgruppe des Benutzers) entspricht" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1106 +msgid "Default: sudoUser" +msgstr "Voreinstellung: sudoUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1112 +msgid "ldap_sudorule_option (string)" +msgstr "ldap_sudorule_option (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1115 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "das LDAP-Attribut, das den Sudo-Optionen entspricht" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1119 +msgid "Default: sudoOption" +msgstr "Voreinstellung: sudoOption" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1125 +msgid "ldap_sudorule_runasuser (string)" +msgstr "ldap_sudorule_runasuser (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1128 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" +"das LDAP-Attribut, das dem Benutzernamen entspricht, unter dem Befehle " +"ausgeführt werden können" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1132 +msgid "Default: sudoRunAsUser" +msgstr "Voreinstellung: sudoRunAsUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1138 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "ldap_sudorule_runasgroup (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1141 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" +"das LDAP-Attribut, das dem Gruppennamen oder der GID der Gruppe entspricht, " +"worunter Befehle ausgeführt werden können" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1145 +msgid "Default: sudoRunAsGroup" +msgstr "Voreinstellung: sudoRunAsGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1151 +msgid "ldap_sudorule_notbefore (string)" +msgstr "ldap_sudorule_notbefore (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1154 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" +"das LDAP-Attribut, das dem Startdatum und der Startzeit entpricht, wann die " +"Sudo-Regel gültig wird." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1158 +msgid "Default: sudoNotBefore" +msgstr "Voreinstellung: sudoNotBefore" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1164 +msgid "ldap_sudorule_notafter (string)" +msgstr "ldap_sudorule_notafter (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1167 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" +"das LDAP-Attribut, das dem Ablaufdatum und der Ablaufzeit entspricht, nach " +"der die Sudo-Regel nicht länger gültig ist." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1172 +msgid "Default: sudoNotAfter" +msgstr "Voreinstellung: sudoNotAfter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1178 +msgid "ldap_sudorule_order (string)" +msgstr "ldap_sudorule_order (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1181 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "das LDAP-Attribut, das dem Reihenfolgenindex der Regel entspricht" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1185 +msgid "Default: sudoOrder" +msgstr "Voreinstellung: sudoOrder" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1194 +msgid "AUTOFS ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1201 +msgid "IP HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1205 +msgid "ldap_iphost_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1208 +msgid "The object class of an iphost entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1211 +msgid "Default: ipHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1217 +msgid "ldap_iphost_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1220 +msgid "" +"The LDAP attribute that contains the name of the IP host attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1230 +msgid "ldap_iphost_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1233 +msgid "The LDAP attribute that contains the IP host address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1237 +msgid "Default: ipHostNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1246 +msgid "IP NETWORK ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1250 +msgid "ldap_ipnetwork_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1253 +msgid "The object class of an ipnetwork entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1256 +msgid "Default: ipNetwork" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1262 +msgid "ldap_ipnetwork_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1265 +msgid "" +"The LDAP attribute that contains the name of the IP network attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1275 +msgid "ldap_ipnetwork_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1278 +msgid "The LDAP attribute that contains the IP network address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1282 +msgid "Default: ipNetworkNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_localauth_plugin.8.xml:10 sssd_krb5_localauth_plugin.8.xml:15 +#, fuzzy +#| msgid "sssd_krb5_locator_plugin" +msgid "sssd_krb5_localauth_plugin" +msgstr "sssd_krb5_locator_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_localauth_plugin.8.xml:16 +#, fuzzy +#| msgid "Kerberos locator plugin" +msgid "Kerberos local authorization plugin" +msgstr "Kerberos Locator-Plugin" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:22 +msgid "" +"The Kerberos local authorization plugin <command>sssd_krb5_localauth_plugin</" +"command> is used by libkrb5 to either find the local name for a given " +"Kerberos principal or to check if a given local name and a given Kerberos " +"principal relate to each other." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:29 +msgid "" +"SSSD handles the local names for users from a remote source and can read the " +"Kerberos user principal name from the remote source as well. With this " +"information SSSD can easily handle the mappings mentioned above even if the " +"local name and the Kerberos principal differ considerably." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:36 +msgid "" +"Additionally with the information read from the remote source SSSD can help " +"to prevent unexpected or unwanted mappings in case the user part of the " +"Kerberos principal accidentally corresponds to a local name of a different " +"user. By default libkrb5 might just strip the realm part of the Kerberos " +"principal to get the local name which would lead to wrong mappings in this " +"case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd_krb5_localauth_plugin.8.xml:46 +#, fuzzy +#| msgid "CONFIGURATION OPTIONS" +msgid "CONFIGURATION" +msgstr "KONFIGURATIONSOPTIONEN" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd_krb5_localauth_plugin.8.xml:56 +#, no-wrap +msgid "" +"[plugins]\n" +" localauth = {\n" +" module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so\n" +" }\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:48 +msgid "" +"The Kerberos local authorization plugin must be enabled explicitly in the " +"Kerberos configuration, see <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. SSSD will create a " +"config snippet with the content like e.g. <placeholder " +"type=\"programlisting\" id=\"0\"/> automatically in the SSSD's public " +"Kerberos configuration snippet directory. If this directory is included in " +"the local Kerberos configuration the plugin will be enabled automatically." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:3 +msgid "ldap_autofs_map_object_class (string)" +msgstr "ldap_autofs_map_object_class (Zeichenkette)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:6 +msgid "The object class of an automount map entry in LDAP." +msgstr "die Objektklasse eines Automount-Abbildungseintrags in LDAP" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:9 +msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:16 +msgid "ldap_autofs_map_name (string)" +msgstr "ldap_autofs_map_name (Zeichenkette)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:19 +msgid "The name of an automount map entry in LDAP." +msgstr "der Name eines Automount-Abbildungseintrags in LDAP" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:22 +msgid "" +"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:29 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "ldap_autofs_entry_object_class (Zeichenkette)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:32 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:37 +msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:44 +msgid "ldap_autofs_entry_key (string)" +msgstr "ldap_autofs_entry_key (Zeichenkette)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:47 include/autofs_attributes.xml:61 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" +"der Schlüssel eines Automount-Eintrags in LDAP. Normalerweise entspricht der " +"Eintrag einem Einhängepunkt." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:51 +msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:58 +msgid "ldap_autofs_entry_value (string)" +msgstr "ldap_autofs_entry_value (Zeichenkette)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:65 +msgid "" +"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise " +"automountInformation" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "DIENSTSUCHE" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" +"Die Dienstsuchfunktionalität ermöglicht es Backends, automatisch mit Hilfe " +"einer speziellen DNS-Abfrage geeignete Server zu suchen, mit denen sie sich " +"verbinden können. Diese Funktionalität wird nicht für Datensicherungs-Server " +"unterstützt." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "Konfiguration" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" +"Falls keine Server angegeben wurden, benutzt das Backend die Dienstsuche, um " +"einen Server zu finden. Wahlweise kann der Benutzer sowohl feste Server-" +"Adressen als auch die Dienstsuche durch Eingabe des speziellen " +"Schlüsselworts »_srv_« in der Server-Liste auswählen. Die bevorzugte " +"Reihenfolge wird verwaltet. Diese Funktionalität ist zum Beispiel nützlich, " +"falls der Anwender es vorzieht, die Dienstsuche zu verwenden, wann immer " +"dies möglich ist, und auf einen bestimmten Server zurückzugreifen, wenn " +"mittels DNS keine Server gefunden werden." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "Der Domain-Name" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" +"Weitere Einzelheiten finden Sie in der Handbuchseite <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> beim Parameter »dns_discovery_domain«." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "Das Protokoll" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" +"Die Abfragen geben als Protokoll üblicherweise »_tcp« an. Ausnahmen sind in " +"der Beschreibung der entsprechenden Option dokumentiert." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "Siehe auch" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" +"Weitere Informationen über den Dienstsuchmechanismus finden Sie in RFC 2782." + +#. type: Content of: <refentryinfo> +#: include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - https://github." +"com/SSSD/sssd/</orgname>" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "AUSFALLSICHERUNG" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" +"Die Ausfallsicherungsfunktionalität ermöglicht es, dass Backends automatisch " +"auf einen anderen Server wechseln, falls der aktuelle versagt." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "AUSFALLSICHERUNGSSYNTAX" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" +"Die Server werden als durch Kommata getrennte Liste angegeben. Um das Komma " +"herum ist eine beliebige Anzahl von Leerzeichen erlaubt. Die Server werden " +"in Reihenfolge der Bevorzugung aufgeführt. Die Liste kann eine beliebige " +"Anzahl von Servern enthalten." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" +"Von jeder Konfigurationsoption mit aktivierter Ausfallsicherung existieren " +"zwei Varianten: <emphasis>primary</emphasis> und <emphasis>backup</" +"emphasis>. Die Idee dahinter ist, dass Server in der Liste »primary« " +"bevorzugt werden und nur nach »backup«-Servern gesucht wird, falls kein " +"»primary«-Server erreichbar ist. Falls ein »backup«-Server ausgewählt wird, " +"wird eine Dauer von 31 Sekunden bis zur Zeitüberschreitung festgelegt. Nach " +"dieser Zeit wird SSSD periodisch versuchen, sich mit einem der primären " +"Server zu verbinden. Ist dies erfolgreich, wird es den derzeit aktiven " +"(»backup«-)Server ersetzen." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "Der Ausfallsicherungsmechanismus" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" +"Der Ausfallsicherungsmechanismus unterscheidet zwischen einer Maschine und " +"einem Dienst. Das Backend versucht zuerst, den Rechnernamen der angegebenen " +"Maschine aufzulösen. Falls dieser Versuch scheitert, wird davon ausgegangen, " +"dass die Maschine offline ist und sie auch für keinen anderen Dienst zur " +"Verfügung steht. Kann der den Namen erfolgreich aufgelöst werden, versucht " +"das Backend, sich mit einem Dienst auf dieser Maschine zu verbinden. Ist das " +"nicht möglich, dann wird nur dieser bestimmte Dienst als offline angesehen " +"und das Backend wechselt automatisch weiter zum nächsten. Die Maschine wird " +"weiterhin als online betrachtet und kann immer noch für andere Dienste " +"herangezogen werden." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" +"Weitere Verbindungsversuche zu Maschinen oder Diensten, die als offline " +"gekennzeichnet sind, werden erst nach einer angegebenen Zeitspanne " +"unternommen. Diese ist derzeit hart auf 30 Sekunden codiert." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" +"Falls es weitere Maschinen durchzuprobieren gibt, wechselt das Backend als " +"Ganzes in den Offline-Modus und versucht dann alle 30 Sekunden, sich erneut " +"zu verbinden." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:53 +msgid "Failover time outs and tuning" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:55 +msgid "" +"Resolving a server to connect to can be as simple as running a single DNS " +"query or can involve several steps, such as finding the correct site or " +"trying out multiple host names in case some of the configured servers are " +"not reachable. The more complex scenarios can take some time and SSSD needs " +"to balance between providing enough time to finish the resolution process " +"but on the other hand, not trying for too long before falling back to " +"offline mode. If the SSSD debug logs show that the server resolution is " +"timing out before a live server is contacted, you can consider changing the " +"time outs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:76 +msgid "dns_resolver_server_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:80 +msgid "" +"Time in milliseconds that sets how long would SSSD talk to a single DNS " +"server before trying next one." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:90 +msgid "dns_resolver_op_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:94 +msgid "" +"Time in seconds to tell how long would SSSD try to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or discovery domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:106 +msgid "dns_resolver_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:110 +msgid "" +"How long would SSSD try to resolve a failover service. This service " +"resolution internally might include several steps, such as resolving DNS SRV " +"queries or locating the site." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:67 +msgid "" +"This section lists the available tunables. Please refer to their description " +"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:123 +msgid "" +"For LDAP-based providers, the resolve operation is performed as part of an " +"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout</" +"quote> timeout should be set to a larger value than " +"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger " +"value than <quote>dns_resolver_op_timeout</quote> which should be larger " +"than <quote>dns_resolver_server_timeout</quote>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "ID-ABBILDUNG" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" +"Die ID-Abbildungsfunktionalität ermöglicht es SSSD, als Client eines Active " +"Directorys zu agieren, ohne dass Administratoren Benutzerattribute erweitern " +"müssen, damit POSIX-Attribute für Benutzer- und Gruppenkennzeichner " +"unterstützt werden." + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" +"HINWEIS: Wenn ID-Abbildung aktiviert ist, werden die Attribute »uidNumber« " +"und »gidNumber« ignoriert. Dies geschieht, um mögliche Konflikte zwischen " +"automatisch und manuell zugewiesenen Werten zu vermeiden. Falls Sie manuell " +"zugewiesene Werte benutzen müssen, müssen Sie ALLE Werte manuell zuweisen." + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" +"Bitte beachten Sie, dass die Änderung der die ID-Abbildung betreffenden " +"Konfigurationsoptionen auch die Änderung der Benutzer- und Gruppen-IDs nach " +"sich zieht. Momentan unterstützt SSSD die Änderung der IDs nicht, daher muss " +"die Datenbank entfernt werden. Da auch zwischengespeicherte Passwörter in " +"der Datenbank enthalten sind, sollte diese nur entfernt werden, während die " +"Authentifizierungsserver erreichbar sind, anderenfalls könnten Benutzer " +"ausgesperrt werden. Um das Passwort zwischenzuspeichern, muss eine " +"Authentifizierung ausgeführt werden. Es reicht nicht aus, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> zum Löschen der Datenbank auszuführen, vielmehr sind folgende " +"Schritte erforderlich:" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "Stellen Sie sicher, dass entfernte Server erreichbar sind." + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "Stoppen Sie den SSSD-Dienst." + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "Entfernen Sie die Datenbank." + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "Starten Sie den SSSD-Dienst." + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" +"Außerdem ist es ratsam, vorauszuplanen und die ID-Abbildung gründlich zu " +"testen, da die Änderung der IDs Änderungen anderer Systemeigenschaften nach " +"sich ziehen könnte, wie die Besitzverhältnisse von Dateien und " +"Verzeichnissen." + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "Abbildungsalgorithmus" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" +"Active Directory stellt für jedes Benutzer- und Gruppenobjekt im Verzeichnis " +"eine »objectSID« bereit. Diese »objectSID« kann in Bestandteile zerlegt " +"werden, die die Active-Directory-Domain-Identität und den relativen " +"Bezeichner (RID) des Benutzer- oder Gruppenobjekts darstellen." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" +"Der ID-Abbildungsalgorithmus von SSSD nimmt einen Bereich verfügbarer UIDs " +"und teilt sie in gleich große Bestandteile, »Slices« genannt. Jeder Slice " +"steht für den verfügbaren Speicher einer Active-Directory-Domain." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" +"Wenn ein Benutzer- oder Gruppeneintrag für eine bestimmt Domain zum ersten " +"Mal vorgefunden wird, reserviert der SSSD einen der verfügbaren Slices für " +"diese Domain. Um eine Slice-Zuteilung auf verschiedenen Client-Maschinen " +"wiederholbar zu machen, wählen wir den Slice, der auf dem folgenden " +"Algorithmus basiert:" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" +"Die Zeichenkette durchläuft den Algorithmus Murmurhash3, um sie in einen 32-" +"Bit-Hash-Wert umzuwandeln. Dann wird der Betrag dieses Werts mit der " +"Gesamtzahl verfügbarer Slices genommen, um den Slice auszusuchen." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" +"HINWEIS: Es ist möglich, dass Kollisionen zwischen dem Hash und " +"nachfolgenden Beträgen auftreten. In diesen Situationen werden wir den " +"nächsten verfügbaren Slice auswählen, aber es ist wahrscheinlich nicht " +"möglich, den genau gleichen Satz von Slices auf anderen Maschinen zu " +"reproduzieren (da die Reihenfolge, in der sie vorgefunden werden, ihren " +"Slice bestimmt). In dieser Situtation wird empfohlen, entweder auf die " +"Verwendung expliziter POSIX-Attribute in Active Directory zu wechseln (ID-" +"Abbildung deaktivieren) oder eine Standard-Domain zu konfigurieren, um " +"sicherzustellen, dass wenigstens eine immer beständig ist. Einzelheiten " +"finden Sie unter »Konfiguration«." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "Minimalkonfiguration (im Abschnitt »[domain/DOMAINNAME]«):" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 200,000 and going up to " +"2,000,200,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "Fortgeschrittene Konfiguration" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "ldap_idmap_range_min (Ganzzahl)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +#, fuzzy +#| msgid "" +#| "Specifies the lower bound of the range of POSIX IDs to use for mapping " +#| "Active Directory user and group SIDs." +msgid "" +"Specifies the lower (inclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"can be used for the mapping." +msgstr "" +"gibt die Untergrenze des Bereichs von POSIX-IDs an, der zum Abbilden von " +"Active-Directory-Benutzern und Gruppen-SIDs benutzt wird." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:129 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" +"HINWEIS: Diese Option unterscheidet sich von »min_id«, wobei »min_id« als " +"Filter für die Ausgabe von Anfragen an diese Domain agiert, wohingegen diese " +"Option den Bereich der ID-Zuweisung steuert. Dies ist ein feiner " +"Unterschied, aber es wäre ein allgemein guter Ratschlag, dass »min_id« " +"kleiner oder gleich »ldap_idmap_range_min« sein sollte." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:139 include/ldap_id_mapping.xml:197 +msgid "Default: 200000" +msgstr "Voreinstellung: 200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:144 +msgid "ldap_idmap_range_max (integer)" +msgstr "ldap_idmap_range_max (Ganzzahl)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:147 +msgid "" +"Specifies the upper (exclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"cannot be used for the mapping anymore, i.e. one larger than the last one " +"which can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:155 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" +"HINWEIS: Diese Option unterscheidet sich von »max_id« wobei »max_id« als " +"Filter für die Ausgabe von Anfragen an diese Domain agiert, wohingegen diese " +"Option den Bereich der ID-Zuweisung steuert. Dies ist ein feiner " +"Unterschied, aber es wäre ein allgemein guter Ratschlag, dass »max_id« " +"größer oder gleich »ldap_idmap_range_max« sein sollte." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:165 +msgid "Default: 2000200000" +msgstr "Voreinstellung: 2000200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:170 +msgid "ldap_idmap_range_size (integer)" +msgstr "ldap_idmap_range_size (Ganzzahl)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" +"gibt die Anzahl der für jeden Slice verfügbaren IDs an. Falls sich die " +"Bereichsgröße nicht gleichmäßig in die minimalen und maximalen Werte teilen " +"lässt, werden so viele komplette Slices wie möglich erstellt." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" +"HINWEIS: Der Wert dieser Option muss mindestens so groß sein wie die größte " +"Benutzer-RID, die jemals auf dem Active-Directory-Server verwendet werden " +"soll. Das Nachschlagen und Anmelden von Benutzern wird scheitern, wenn deren " +"RIDs größer sind als dieser Wert." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:185 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:192 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" +"Es ist wichtig, für spätere Erweiterungen vorauszuplanen, da die Änderung " +"dieses Wertes zur Änderung aller ID-Abbildungen des Systems führt. Dadurch " +"können Benutzer andere lokale IDs als vorher haben." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:202 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "ldap_idmap_default_domain_sid (Zeichenkette)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:205 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" +"gibt die Domain-SID der Standard-Domain an. Dies wird sicherstellen, dass " +"diese Domain immer dem Slice null im ID-Abbild zugeordnet wird. Dabei wird " +"der oben beschriebene Murmurhash-Algorithmus umgangen." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:216 +msgid "ldap_idmap_default_domain (string)" +msgstr "ldap_idmap_default_domain (Zeichenkette)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:219 +msgid "Specify the name of the default domain." +msgstr "gibt den Namen der Standard-Domain an." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:227 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "ldap_idmap_autorid_compat (Boolesch)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:230 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" +"ändert das Verhalten des ID-Abbildungsalgorithmus so, dass es dem " +"Algorithmus »idmap_autorid« von Winbind ähnlicher ist." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:235 +#, fuzzy +#| msgid "" +#| "When this option is configured, domains will be allocated starting with " +#| "slice zero and increasing monatomically with each additional domain." +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monotonically with each additional domain." +msgstr "" +"Wenn diese Option konfiguriert wurde, werden Domains beginnend bei Slice " +"null reserviert und gleichmäßig mit jeder zusätzlichen Domain vergrößert." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:240 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" +"HINWEIS: Der Algorithmus ist nicht deterministisch (er hängt von der " +"Reihenfolge ab, in der Benutzer und Gruppen abgefragt werden). Falls dieser " +"Modus aus Kompatibilitätsgründen mit Maschinen, die Winbind ausführen, " +"erforderlich ist, wird empfohlen, auch die Option " +"»ldap_idmap_default_domain_sid« zu verwenden. Dies soll sicherstellen, dass " +"mindestens eine Domain beständig für den Slice null reserviert ist." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:255 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:258 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:262 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:279 +msgid "Well-Known SIDs" +msgstr "Bekannte Sicherheits-IDs" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" +"SSSD unterstützt das Nachschlagen der Namen sogenannter bekannter " +"Sicherheits-IDs, die eine spezielle unveränderliche Bedeutung haben. Da " +"generische Benutzer und Gruppen, die sich auf diese bekannten SIDs beziehen, " +"keine Entsprechung in einer Linux/UNIX-Umgebung haben, sind für diese " +"Objekte keine POSIX-IDs verfügbar." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:287 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" +"Der SID-Namensraum ist in Autoritäten organisiert, die als unterschiedliche " +"Domains betrachtet werden können. Die Autoritäten für die bekannten SIDs sind" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:290 +msgid "Null Authority" +msgstr "Null-Autorität (Null Authority)" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:291 +msgid "World Authority" +msgstr "Weltweit anerkannte Autorität (World Authority)" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:292 +msgid "Local Authority" +msgstr "Lokale Autorität (Local Authority)" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:293 +msgid "Creator Authority" +msgstr "Ersteller-Autorität (Creator Authority)" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:294 +#, fuzzy +#| msgid "Creator Authority" +msgid "Mandatory Label Authority" +msgstr "Ersteller-Autorität (Creator Authority)" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:295 +#, fuzzy +#| msgid "Creator Authority" +msgid "Authentication Authority" +msgstr "Ersteller-Autorität (Creator Authority)" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:296 +msgid "NT Authority" +msgstr "NT-Autorität (NT Authority)" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:297 +msgid "Built-in" +msgstr "Eingebaut" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:299 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" +"Die mit großem Anfangsbuchstaben geschriebenen Versionen dieser Namen werden " +"als Domainnamen verwendet, wenn der voll qualifizierte Name einer bekannten " +"Sicherheits-ID zurückgegeben wird." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:303 +#, fuzzy +#| msgid "" +#| "Since some utilities allow to modify SID based access control information " +#| "with the help of a name instead of using the SID directly SSSD supports " +#| "to look up the SID by the name as well. To avoid collisions only the " +#| "fully qualified names can be used to look up Well-Known SIDs. As a result " +#| "the domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</" +#| "quote>, <quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</" +#| "quote>, <quote>NT AUTHORITY</quote> and <quote>BUILTIN</quote> should not " +#| "be used as domain names in <filename>sssd.conf</filename>." +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote>LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, " +"<quote>MANDATORY LABEL AUTHORITY</quote>, <quote>AUTHENTICATION AUTHORITY</" +"quote>, <quote>NT AUTHORITY</quote> and <quote>BUILTIN</quote> should not be " +"used as domain names in <filename>sssd.conf</filename>." +msgstr "" +"Da einige Dienstprogramme die Änderung der Sicherheits-ID-basierten " +"Zugriffskontrollinformationen mit Hilfe des Namens ermöglichen, anstelle die " +"Sicherheits-ID direkt zu verwenden, unterstützt SSSD die Suche nach der SID " +"anhand des Namens ebenfalls. Um Überschneidungen zu vermeiden, können nur " +"voll qualifizierte Namen bei der Suche nach bekannten Sicherheit-IDs " +"verwendet werden. Daher sollten die Domainnamen <quote>NULL AUTHORITY</" +"quote>, <quote>WORLD AUTHORITY</quote>, <quote> LOCAL AUTHORITY</quote>, " +"<quote>CREATOR AUTHORITY</quote>, <quote>NT AUTHORITY</quote> und " +"<quote>BUILTIN</quote> nicht als Domainnamen in <filename>sssd.conf</" +"filename> verwendet werden." + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "<option>-?</option>,<option>--help</option>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "zeigt den Hilfetext und beendet sich." + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "<option>-h</option>,<option>--help</option>" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" +"SSSD unterstützt zwei Darstellungsmodi für die Angabe der Debug-Stufe. Die " +"einfachste ist die Angabe eines Dezimalwerts von 0 bis 9, welche die " +"Aktivierung der Meldungen der entsprechenden Stufe und aller niederer Stufen " +"bewirkt. Eine umfassendere Option ist die Angabe einer hexadezimalen " +"Bitmaske, um spezifische Stufen zu aktivieren oder zu deaktivieren (wenn Sie " +"beispielsweise eine Stufe unterdrücken wollen)." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10 +msgid "Currently supported debug levels:" +msgstr "derzeit unterstützte Debug-Stufen:" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Schwerwiegende Fehler. " +"Alles was SSSD am Start hindern oder es beenden könnte." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill SSSD, but one that indicates that at least one major " +"feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Ernsthafte Fehler. Dies " +"sind Fehler, bei denen eine bestimmte Anfrage oder Operation fehlgeschlagen " +"ist." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Kleinere Fehler. Dies " +"sind Fehler, die von geringerer Bedeutung als die fehlgeschlagenen " +"Operationen in der Stufe 2 sind." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: " +"Konfigurationseinstellungen." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Funktionsdaten." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Meldungen aus der " +"Verfolgung von Operationsfunktionen." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Meldungen aus der " +"Verfolgung interner Kontrollfunktionen." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Inhalte " +"funktionsinterner Variablen, die von Interesse sein könnten." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Verfolgungsmeldungen " +"extrem niederster Ebene." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x20000</emphasis>: Performance and " +"statistical data, please note that due to the way requests are processed " +"internally the logged execution time of a request might be longer than it " +"actually was." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:88 include/debug_levels_tools.xml:62 +msgid "" +"<emphasis>10</emphasis>, <emphasis>0x10000</emphasis>: Even more low-level " +"libldb tracing information. Almost never really required." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:93 include/debug_levels_tools.xml:67 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" +"Um die Debug-Stufen nach Bitmaske zu protokollieren, fügen Sie deren Nummern " +"hinzu, wie in den folgenden Beispielen gezeigt:" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:97 include/debug_levels_tools.xml:71 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" +"<emphasis>Beispiel</emphasis>: Um fatale, kritische, schwerwiegende Fehler " +"und Funktionsdaten zu protokollieren, benutzen Sie 0x0270." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:101 include/debug_levels_tools.xml:75 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" +"<emphasis>Beispiel</emphasis>: Um fatale Fehler, " +"Konfigurationseinstellungen, Funktionsdaten und Verfolgungsnachrichten für " +"interne Steuerfunktionen zu protokollieren, benutzen Sie 0x1310." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:106 include/debug_levels_tools.xml:80 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" +"<emphasis>Hinweis</emphasis>: Das Bitmasken-Format der Debug-Level wurde in " +"1.7.0 eingeführt." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:110 include/debug_levels_tools.xml:84 +msgid "" +"<emphasis>Default</emphasis>: 0x0070 (i.e. fatal, critical and serious " +"failures; corresponds to setting 2 in decimal notation)" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "DIE LOKALE DOMAIN" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" +"Für korrektes Funktionieren muss eine Domain mit »id_provider=local« " +"erstellt sein und SSSD muss laufen." + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" +"Möglicherweise möchte der Administrator in Fällen, in denen " +"Gruppenverschachtelung (siehe <citerefentry> <refentrytitle>sss_groupadd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>) benötigt wird, " +"lokale Benutzer anstelle traditioneller UNIX-Benutzer verwenden. Die lokalen " +"Benutzer sind auch für das Testen und Entwickeln von SSSD nützlich, ohne " +"dass ein vollständiger ferner Server bereitgestellt werden muss. Die " +"<command>sss_user*</command>- und <command>sss_group*</command>-Werkzeuge " +"benutzen einen lokalen LDB-Speicher, um Benutzer und Gruppen abzulegen." + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ldap-attributes</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ad</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +"condition=\"with_files_provider\"> <citerefentry> <refentrytitle>sssd-files</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, </phrase> <phrase " +"condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +"<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> " +"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> </phrase>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" +"ein optionaler Basis-DN, Gültigkeitsbereich für die Suche und LDAP-Filter, " +"um die LDAP-Suchen für diesen Attributtyp einzuschränken." + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "search_base[?Gültigkeitsbereich?[Filter][?Suchbasis?Gültigkeitsbereich?[Filter]]*]\n" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "Syntax: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" +"Der Bereich kann entweder »base«, »onlevel« oder »subtree« sein. Die " +"Bereiche funktionieren wie im Abschnitt 4.5.1.2 auf http://tools.ietf.org/" +"html/rfc4511 angegeben." + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" +"Beispiele für diese Syntax finden Sie im Beispielabschnitt von " +"»ldap_search_base«." + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" +"Bitte beachten Sie, dass die Angabe von Gültigkeitsbereich oder Filter nicht " +"beim Suchen auf einem Active-Directory-Server unterstützt wird, der " +"möglicherweise eine große Anzahl an Ergebnissen zurückliefern und in der " +"Antwort die Erweiterung »Range Retrieval« auslösen könnte." + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" +"Bitte beachten Sie, dass der Automounter beim Start nur die Master-Abbildung " +"liest. Daher müssen Sie normalerweise, falls irgendwelche zu Autofs " +"gehörigen Änderungen in der »sssd.conf« vorgenommen wurden, den Automounter-" +"Daemon nach dem SSSD-Neustart ebenfalls neu starten." + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "override_homedir (Zeichenkette)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "UID-Nummer" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "Domain-Name" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "%f" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "voll qualifizierter Benutzername (Benutzer@Domain)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:27 +msgid "%l" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "The first letter of the login name." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:32 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:35 +msgid "%o" +msgstr "%o" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:37 +msgid "The original home directory retrieved from the identity provider." +msgstr "das Original-Home-Verzeichnis, das vom Identitätsanbieter geholt wurde" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:44 +#, fuzzy +#| msgid "The original home directory retrieved from the identity provider." +msgid "" +"The original home directory retrieved from the identity provider, but in " +"lower case." +msgstr "das Original-Home-Verzeichnis, das vom Identitätsanbieter geholt wurde" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:49 +msgid "%H" +msgstr "%H" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:51 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" +"Der Wert der Konfigurationsoption <emphasis>homedir_substring</emphasis>." + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"setzt das Home-Verzeichnis des Benutzers außer Kraft. Sie können entweder " +"einen absoluten Wert oder eine Schablone bereitstellen. In der Schablone " +"werden die folgenden Sequenzen ersetzt: <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:63 +msgid "This option can also be set per-domain." +msgstr "Diese Option kann auch pro Domain gesetzt werden." + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:68 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" +"override_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:72 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" +"Voreinstellung: nicht gesetzt (SSSD wird den von LDAP geholten Wert benutzen)" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:76 +msgid "" +"Please note, the home directory from a specific override for the user, " +"either locally (see <citerefentry><refentrytitle>sss_override</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry>) or centrally managed " +"IPA id-overrides, has a higher precedence and will be used instead of the " +"value given by override_homedir." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "homedir_substring (Zeichenkette)" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" +"Der Wert dieser Option wird als Auflösung der Option " +"<emphasis>override_homedir</emphasis> verwendet, falls die Vorlage die " +"Formatzeichenkette <emphasis>%H</emphasis> enthält. Ein LDAP-" +"Verzeichniseintrag kann diese Schablone direkt enthalten, so dass diese " +"Option zum Auflösen des Pfades zum Home-Verzeichnis für jeden Client-Rechner " +"(oder Betriebssystem) verwendet werden kann. Sie kann pro-Domain oder global " +"im Abschnitt [nss] gesetzt werden. Ein im Domain-Abschnitt angegebener Wert " +"setzt jenen im [nss]-Abschnitt außer Kraft." + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "Voreinstellung: /home" + +#. type: Content of: <refsect1><title> +#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2 +msgid "MODIFIED DEFAULT OPTIONS" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ad_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and AD provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9 +msgid "KRB5 Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13 +msgid "krb5_validate = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:18 +msgid "krb5_use_enterprise_principal = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:24 +msgid "LDAP Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:28 +msgid "ldap_schema = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38 +msgid "ldap_force_upper_case_realm = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:38 +msgid "ldap_id_mapping = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSS-SPNEGO" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:48 +msgid "ldap_referrals = false" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58 +msgid "ldap_use_tokengroups = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:63 +msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:66 +msgid "" +"The AD provider looks for a different principal than the LDAP provider by " +"default, because in an Active Directory environment the principals are " +"divided into two groups - User Principals and Service Principals. Only User " +"Principal can be used to obtain a TGT and by default, computer object's " +"principal is constructed from its sAMAccountName and the AD realm. The well-" +"known host/hostname@REALM principal is a Service Principal and thus cannot " +"be used to get a TGT with." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:80 +msgid "NSS configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:84 +msgid "fallback_homedir = /home/%d/%u" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:87 +msgid "" +"The AD provider automatically sets \"fallback_homedir = /home/%d/%u\" to " +"provide personal home directories for users without the homeDirectory " +"attribute. If your AD Domain is properly populated with Posix attributes, " +"and you want to avoid this fallback behavior, you can explicitly set " +"\"fallback_homedir = %o\"." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:96 +msgid "" +"Note that the system typically expects a home directory in /home/%u folder. " +"If you decide to use a different directory structure, some other parts of " +"your system may need adjustments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:102 +msgid "" +"For example automated creation of home directories in combination with " +"selinux requires selinux adjustment, otherwise the home directory will be " +"created with wrong selinux context." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ipa_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and IPA provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:18 +msgid "krb5_use_fast = try" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:23 +msgid "krb5_canonicalize = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:29 +msgid "LDAP Provider - General" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:33 +msgid "ldap_schema = ipa_v1" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSSAPI" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:48 +msgid "ldap_sasl_minssf = 56" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ipa" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:64 +msgid "LDAP Provider - User options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:68 +msgid "ldap_user_member_of = memberOf" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:73 +msgid "ldap_user_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:78 +msgid "ldap_user_ssh_public_key = ipaSshPubKey" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:83 +msgid "ldap_user_auth_type = ipaUserAuthType" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:89 +msgid "LDAP Provider - Group options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:93 +msgid "ldap_group_object_class = ipaUserGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:98 +msgid "ldap_group_object_class_alt = posixGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:103 +msgid "ldap_group_member = member" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:108 +msgid "ldap_group_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:113 +msgid "ldap_group_objectsid = ipaNTSecurityIdentifier" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:118 +msgid "ldap_group_external_member = ipaExternalMember" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:3 +msgid "krb5_auth_timeout (integer)" +msgstr "krb5_auth_timeout (Ganzzahl)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:6 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" +"Zeitüberschreitung in Sekunden, nach der eine Online-Anfrage zur " +"Authentifizierung oder Passwortänderung gescheitert ist. Falls möglich, wird " +"die Authentifizierung offline fortgesetzt." + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:17 +msgid "krb5_validate (boolean)" +msgstr "krb5_validate (Boolesch)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:20 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" +"prüft mit Hilfe von »krb5_keytab«, ob das erhaltene TGT keine Täuschung ist. " +"Die Einträge der Keytab werden der Reihe nach kontrolliert und der erste " +"Eintrag mit einem passenden Realm wird für die Überprüfung benutzt. Falls " +"keine Einträge dem Realm entsprechen, wird der letzte Eintrag der Keytab " +"verwendet. Dieser Prozess kann zur Überprüfung von Umgebungen mittels Realm-" +"übergreifendem Vertrauen benutzt werden, indem der dazugehörige Keytab-" +"Eintrag als letzter oder einziger Eintrag in der Keytab-Datei abgelegt wird." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:29 +#, fuzzy +#| msgid "Default: false (AD provider: true)" +msgid "Default: false (IPA and AD provider: true)" +msgstr "Voreinstellung: falsch (AD-Anbieter: wahr)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:32 +#, fuzzy +#| msgid "" +#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> manual page for more details." +msgid "" +"Please note that the ticket validation is the first step when checking the " +"PAC (see 'pac_check' in the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page for " +"details). If ticket validation is disabled the PAC checks will be skipped as " +"well." +msgstr "" +"Weitere Einzelheiten finden Sie in der Handbuchseite <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> beim Parameter »dns_discovery_domain«." + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:44 +msgid "krb5_renewable_lifetime (string)" +msgstr "krb5_renewable_lifetime (Zeichenkette)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:47 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" +"fordert ein erneuerbares Ticket mit einer Gesamtlebensdauer an. Es wird als " +"Ganzzahl, der direkt eine Zeiteinheit folgt, angegeben:" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:52 include/krb5_options.xml:86 +#: include/krb5_options.xml:123 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "<emphasis>s</emphasis> für Sekunden" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:55 include/krb5_options.xml:89 +#: include/krb5_options.xml:126 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "<emphasis>m</emphasis> für Minuten" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:58 include/krb5_options.xml:92 +#: include/krb5_options.xml:129 +msgid "<emphasis>h</emphasis> for hours" +msgstr "<emphasis>h</emphasis> für Stunden" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:61 include/krb5_options.xml:95 +#: include/krb5_options.xml:132 +msgid "<emphasis>d</emphasis> for days." +msgstr "<emphasis>d</emphasis> für Tage" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:64 include/krb5_options.xml:135 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" +"Falls keine Einheit angegeben ist, wird <emphasis>s</emphasis> angenommen." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:68 include/krb5_options.xml:139 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" +"HINWEIS: Es ist nicht möglich, Einheiten zu mixen. Um die erneuerbare " +"Lebensdauer auf eineinhalb Stunden zu setzen, verwenden Sie »90m« statt " +"»1h30m«." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:73 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "Voreinstellung: nicht gesetzt, d.h. das TGT ist nicht erneuerbar." + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:79 +msgid "krb5_lifetime (string)" +msgstr "krb5_lifetime (Zeichenkette)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:82 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" +"Anforderungsticket mit einer Lebensdauer, angegeben als Ganzzahl, der direkt " +"eine Zeiteinheit folgt:" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:98 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" +"Falls keine Einheit angegeben ist, wird <emphasis>s</emphasis> angenommen." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:102 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" +"HINWEIS: Es ist nicht möglich, Einheiten zu mixen. Um die Lebensdauer auf " +"eineinhalb Stunden zu setzen, verwenden Sie »90m« statt »1h30m«." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:107 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" +"Voreinstellung: nicht gesetzt, d.h. die Standardlebenszeit des Tickets auf " +"der Schlüsselverwaltungszentrale (KDC)" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:114 +msgid "krb5_renew_interval (string)" +msgstr "krb5_renew_interval (Zeichenkette)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:117 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" +"die Zeit in Sekunden zwischen zwei Prüfungen, ob das TGT erneuert werden " +"soll. TGTs werden erneuert, wenn ungefähr die Hälfte ihrer Lebensdauer " +"überschritten ist. Sie wird als Ganzzahl, der unmittelbar eine Zeiteinheit " +"folgt, angegeben:" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:144 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" +"Falls diese Option nicht oder auf 0 gesetzt ist, wird die automatische " +"Erneuerung deaktiviert." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:157 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" +"gibt an, ob der Rechner und User-Principal in die kanonische Form gebracht " +"werden sollen. Diese Funktionalität ist mit MIT-Kerberos 1.7 und neueren " +"Versionen verfügbar." + +#, fuzzy +#~| msgid "This option is not available in IPA provider." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "Diese Option ist für IPA-Anbieter nicht verfügbar." + +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "" +#~ "bestimmt, ob auch Benutzerberechtigungen im lokalen LDB-Zwischenspeicher " +#~ "zwischengespeichert werden." + +#~ msgid "User credentials are stored in a SHA512 hash, not in plaintext" +#~ msgstr "" +#~ "Benutzerberechtigungen werden in einem SHA512-Hash, nicht im Klartext " +#~ "gespeichert." + +#~ msgid "" +#~ "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +#~ "which translates to \"the name is everything up to the <quote>@</quote> " +#~ "sign, the domain everything after that\"" +#~ msgstr "" +#~ "Voreinstellung: »(?P<Name>[^@]+)@?(?P<Domain>[^@]*$)«, was " +#~ "bedeutet »der Name ist alles bis zum »@«-Zeichen, die Domain alles danach«" + +#~ msgid "The LDAP attribute that corresponds to the group name." +#~ msgstr "das LDAP-Attribut, das dem Gruppennamen entspricht" + +#~ msgid "" +#~ "Specifies the upper bound of the range of POSIX IDs to use for mapping " +#~ "Active Directory user and group SIDs." +#~ msgstr "" +#~ "gibt die Obergrenze des Bereichs von POSIX-IDs an, der zum Abbilden von " +#~ "Active-Directory-Benutzern und Gruppen-SIDs benutzt wird." + +#~ msgid "sss_groupmod" +#~ msgstr "sss_groupmod" + +#~ msgid "modify a group" +#~ msgstr "Ändern einer Gruppe" + +#~ msgid "" +#~ "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>Optionen</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GRUPPE</" +#~ "replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_groupmod</command> modifies the group to reflect the changes " +#~ "that are specified on the command line." +#~ msgstr "" +#~ "<command>sss_groupmod</command> ändert die Gruppe, um die auf der " +#~ "Befehlszeile angegebenen Änderungen widerzuspiegeln." + +#~ msgid "" +#~ "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-a</option>,<option>--append-group</option> <replaceable>GRUPPEN</" +#~ "replaceable>" + +#~ msgid "" +#~ "Append this group to groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter " +#~ "is a comma separated list of group names." +#~ msgstr "" +#~ "hängt diese Gruppe an die Gruppen an, die durch den Parameter " +#~ "<replaceable>GRUPPEN</replaceable> angegeben wurden. Der Parameter " +#~ "<replaceable>GRUPPEN</replaceable> ist eine durch Kommata getrennte Liste " +#~ "von Gruppennamen." + +#~ msgid "" +#~ "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-r</option>,<option>--remove-group</option> <replaceable>GRUPPEN</" +#~ "replaceable>" + +#~ msgid "" +#~ "Remove this group from groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter." +#~ msgstr "" +#~ "entfernt diese Gruppe von den Gruppen, die durch den Parameter " +#~ "<replaceable>GRUPPEN</replaceable> angegeben wurden." + +#~ msgid "<quote>local</quote>: SSSD internal provider for local users" +#~ msgstr "»local«: SSSDs interner Anbieter für lokale Benutzer" + +#~ msgid "The local domain section" +#~ msgstr "Der Abschnitt lokale Domain" + +#~ msgid "" +#~ "This section contains settings for domain that stores users and groups in " +#~ "SSSD native database, that is, a domain that uses " +#~ "<replaceable>id_provider=local</replaceable>." +#~ msgstr "" +#~ "Dieser Abschnitt enthält Einstellungen für Domains, die Benutzer und " +#~ "Gruppen ein einer nativen SSSD-Datenbank speichern, das heißt eine " +#~ "Domain, die <replaceable>ID_Anbieter=lokal</replaceable> benutzt." + +#~ msgid "default_shell (string)" +#~ msgstr "default_shell (Zeichenkette)" + +#~ msgid "The default shell for users created with SSSD userspace tools." +#~ msgstr "" +#~ "die Standard-Shell für Anwender, die mit den SSSD-Werkzeugen für den " +#~ "Benutzerbereich erstellt wurde." + +#~ msgid "Default: <filename>/bin/bash</filename>" +#~ msgstr "Voreinstellung: <filename>/bin/bash</filename>" + +#~ msgid "base_directory (string)" +#~ msgstr "base_directory (Zeichenkette)" + +#~ msgid "" +#~ "The tools append the login name to <replaceable>base_directory</" +#~ "replaceable> and use that as the home directory." +#~ msgstr "" +#~ "Die Werkzeuge hängen den Anmeldenamen an das " +#~ "<replaceable>Basisverzeichnis</replaceable> und benutzen dies als Home-" +#~ "Verzeichnis." + +#~ msgid "Default: <filename>/home</filename>" +#~ msgstr "Voreinstellung: <filename>/home</filename>" + +#~ msgid "create_homedir (bool)" +#~ msgstr "create_homedir (Boolesch)" + +#~ msgid "" +#~ "Indicate if a home directory should be created by default for new users. " +#~ "Can be overridden on command line." +#~ msgstr "" +#~ "gibt an, ob standardmäßig ein Home-Verzeichnis für neue Benutzer erstellt " +#~ "werden soll; kann auf der Befehlszeile überschrieben werden" + +#~ msgid "remove_homedir (bool)" +#~ msgstr "remove_homedir (Boolesch)" + +#~ msgid "" +#~ "Indicate if a home directory should be removed by default for deleted " +#~ "users. Can be overridden on command line." +#~ msgstr "" +#~ "gibt an, ob das Home-Verzeichnis für gelöschte Benutzer standardmäßig " +#~ "entfernt werden soll; kann auf der Befehlszeile überschrieben werden" + +#~ msgid "homedir_umask (integer)" +#~ msgstr "homedir_umask (Ganzzahl)" + +#~ msgid "" +#~ "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +#~ "<manvolnum>8</manvolnum> </citerefentry> to specify the default " +#~ "permissions on a newly created home directory." +#~ msgstr "" +#~ "wird von <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +#~ "<manvolnum>8</manvolnum> </citerefentry> benutzt, um die " +#~ "Standardzugriffsrechte für ein neu erstelltes Home-Verzeichnis anzugeben." + +#~ msgid "Default: 077" +#~ msgstr "Voreinstellung: 077" + +#~ msgid "skel_dir (string)" +#~ msgstr "skel_dir (Zeichenkette)" + +#~ msgid "" +#~ "The skeleton directory, which contains files and directories to be copied " +#~ "in the user's home directory, when the home directory is created by " +#~ "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +#~ "manvolnum> </citerefentry>" +#~ msgstr "" +#~ "die Verzeichnisvorlage, die Dateien und Verzeichnisse enthält, die in das " +#~ "Home-Verzeichnis des Benutzers kopiert werden, wenn das Home-Verzeichnis " +#~ "durch <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +#~ "<manvolnum>8</manvolnum> </citerefentry> erstellt wird" + +#~ msgid "Default: <filename>/etc/skel</filename>" +#~ msgstr "Voreinstellung: <filename>/etc/skel</filename>" + +#~ msgid "mail_dir (string)" +#~ msgstr "mail_dir (Zeichenkette)" + +#~ msgid "" +#~ "The mail spool directory. This is needed to manipulate the mailbox when " +#~ "its corresponding user account is modified or deleted. If not specified, " +#~ "a default value is used." +#~ msgstr "" +#~ "das Spool-Verzeichnis für E-Mails. Dies wird benötigt, um die Mailbox zu " +#~ "manipulieren, wenn das zugehörige Benutzerkonto verändert oder gelöscht " +#~ "wurde. Ist dies nicht angegeben wird ein Standardwert verwendet." + +#~ msgid "Default: <filename>/var/mail</filename>" +#~ msgstr "Voreinstellung: <filename>/var/mail</filename>" + +#~ msgid "userdel_cmd (string)" +#~ msgstr "userdel_cmd (Zeichenkette)" + +#~ msgid "" +#~ "The command that is run after a user is removed. The command us passed " +#~ "the username of the user being removed as the first and only parameter. " +#~ "The return code of the command is not taken into account." +#~ msgstr "" +#~ "der Befehl, der nach dem Entfernen eines Benutzers ausgeführt wird. Dem " +#~ "Befehl wird als erster und einziger Parameter der Benutzername des " +#~ "Anwenders übergeben, der entfernt wird. Der Rückgabewert des Befehls wird " +#~ "nicht berücksichtigt." + +#~ msgid "Default: None, no command is run" +#~ msgstr "Voreinstellung: keine, es wird kein Befehl ausgeführt" + +#~ msgid "sss_useradd" +#~ msgstr "sss_useradd" + +#~ msgid "create a new user" +#~ msgstr "erstellt einen neuen Benutzer" + +#~ msgid "" +#~ "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_useradd</command> <arg choice='opt'> <replaceable>Optionen</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>ANMELDUNG</" +#~ "replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_useradd</command> creates a new user account using the " +#~ "values specified on the command line plus the default values from the " +#~ "system." +#~ msgstr "" +#~ "<command>sss_useradd</command> erstellt mittels der auf der Befehlszeile " +#~ "angegebenen Werte sowie der Standardwerte des Systems ein neues " +#~ "Benutzerkonto." + +#~ msgid "" +#~ "Set the UID of the user to the value of <replaceable>UID</replaceable>. " +#~ "If not given, it is chosen automatically." +#~ msgstr "" +#~ "setzt die UID des Benutzers auf den Wert von <replaceable>UID</" +#~ "replaceable>. Wurde der Wert nicht angegeben, wird er automatisch " +#~ "ausgewählt." + +#~ msgid "" +#~ "The home directory of the user account. The default is to append the " +#~ "<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and " +#~ "use that as the home directory. The base that is prepended before " +#~ "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" +#~ "baseDirectory</quote> setting in sssd.conf." +#~ msgstr "" +#~ "das Home-Verzeichnis des Benutzerkontos. Standardmäßig wird der Name für " +#~ "die <replaceable>ANMELDUNG</replaceable> an <filename>/home</filename> " +#~ "angehängt und dies dann als Home-Verzeichnis benutzt. Das " +#~ "Basisverzeichnis, das <replaceable>ANMELDUNG</replaceable> vorangestellt " +#~ "wird, ist über die Einstellung »user_defaults/baseDirectory« in der »sssd." +#~ "conf« einstellbar." + +#~ msgid "" +#~ "The user's login shell. The default is currently <filename>/bin/bash</" +#~ "filename>. The default can be changed with <quote>user_defaults/" +#~ "defaultShell</quote> setting in sssd.conf." +#~ msgstr "" +#~ "die Anmelde-Shell des Benutzers. Voreinstellung ist derzeit <filename>/" +#~ "bin/bash</filename>. Die Voreinstellung kann über die Einstellung " +#~ "»user_defaults/defaultShell« in der »sssd.conf« geändert werden." + +#~ msgid "" +#~ "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-G</option>,<option>--groups</option> <replaceable>GRUPPEN</" +#~ "replaceable>" + +#~ msgid "A list of existing groups this user is also a member of." +#~ msgstr "" +#~ "eine Liste existierender Gruppen, denen dieser Benutzer auch angehört" + +#~ msgid "<option>-m</option>,<option>--create-home</option>" +#~ msgstr "<option>-m</option>,<option>--create-home</option>" + +#~ msgid "" +#~ "Create the user's home directory if it does not exist. The files and " +#~ "directories contained in the skeleton directory (which can be defined " +#~ "with the -k option or in the config file) will be copied to the home " +#~ "directory." +#~ msgstr "" +#~ "erstellt das Home-Verzeichnis des Benutzers, falls es nicht existiert. " +#~ "Die Dateien und Verzeichnisse, die in der Verzeichnisvorlage (die mit der " +#~ "Option -k oder in der Konfigurationsdatei definiert werden kann) " +#~ "enthalten sind, werden in das Home-Verzeichnis kopiert." + +#~ msgid "<option>-M</option>,<option>--no-create-home</option>" +#~ msgstr "<option>-M</option>,<option>--no-create-home</option>" + +#~ msgid "" +#~ "Do not create the user's home directory. Overrides configuration settings." +#~ msgstr "" +#~ "erstellt nicht das Home-Verzeichnis des Benutzers und setzt " +#~ "Konfigurationseinstellungen außer Kraft." + +#~ msgid "" +#~ "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-k</option>,<option>--skel</option> <replaceable>SKEL-VERZ</" +#~ "replaceable>" + +#~ msgid "" +#~ "The skeleton directory, which contains files and directories to be copied " +#~ "in the user's home directory, when the home directory is created by " +#~ "<command>sss_useradd</command>." +#~ msgstr "" +#~ "die Verzeichnisvorlage mit Dateien und Verzeichnissen, die in das durch " +#~ "<command>sss_useradd</command> neu erstellte Home-Verzeichnis des " +#~ "Benutzers kopiert werden." + +#~ msgid "" +#~ "Special files (block devices, character devices, named pipes and unix " +#~ "sockets) will not be copied." +#~ msgstr "" +#~ "Spezialdateien (block- und zeichenorientierte Geräte, benannte Pipes und " +#~ "Unix-Sockets) werden nicht kopiert." + +#~ msgid "" +#~ "This option is only valid if the <option>-m</option> (or <option>--create-" +#~ "home</option>) option is specified, or creation of home directories is " +#~ "set to TRUE in the configuration." +#~ msgstr "" +#~ "Diese Option ist nur gültig, falls die Option <option>-m</option> (oder " +#~ "<option>--create-home</option>) angegeben wurde oder das Erstellen von " +#~ "Home-Verzeichnissen in der Konfiguration auf »TRUE« gesetzt ist." + +#~ msgid "" +#~ "<option>-Z</option>,<option>--selinux-user</option> " +#~ "<replaceable>SELINUX_USER</replaceable>" +#~ msgstr "" +#~ "<option>-Z</option>,<option>--selinux-user</option> " +#~ "<replaceable>SELINUX_BENUTZER</replaceable>" + +#~ msgid "" +#~ "The SELinux user for the user's login. If not specified, the system " +#~ "default will be used." +#~ msgstr "" +#~ "der SELinux-Benutzer für die Anmeldung des Benutzers. Ist er nicht " +#~ "angegeben, wird die Voreinstellung des Systems benutzt." + +#~ msgid "sss_groupadd" +#~ msgstr "sss_groupadd" + +#~ msgid "create a new group" +#~ msgstr "erstellt eine neue Gruppe" + +#~ msgid "" +#~ "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>Optionen</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GRUPPE</" +#~ "replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_groupadd</command> creates a new group. These groups are " +#~ "compatible with POSIX groups, with the additional feature that they can " +#~ "contain other groups as members." +#~ msgstr "" +#~ "<command>sss_groupadd</command> erstellt eine neue Gruppe. Diese Gruppen " +#~ "sind kompatibel mit POSIX-Gruppen mit der zusätzlichen Funktionalität, " +#~ "dass sie andere Gruppen als Mitglieder enthalten können." + +#~ msgid "" +#~ "Set the GID of the group to the value of <replaceable>GID</replaceable>. " +#~ "If not given, it is chosen automatically." +#~ msgstr "" +#~ "setzt die GID der Gruppe auf den Wert von <replaceable>GID</replaceable>. " +#~ "Wurde der Wert nicht angegeben, wird er automatisch ausgewählt." + +#~ msgid "sss_userdel" +#~ msgstr "sss_userdel" + +#~ msgid "delete a user account" +#~ msgstr "löscht ein Benutzerkonto" + +#~ msgid "" +#~ "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_userdel</command> <arg choice='opt'> <replaceable>Optionen</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>ANMELDUNG</" +#~ "replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_userdel</command> deletes a user identified by login name " +#~ "<replaceable>LOGIN</replaceable> from the system." +#~ msgstr "" +#~ "<command>sss_userdel</command> löscht einen Benutzer, der durch den " +#~ "Anmeldenamen <replaceable>ANMELDUNG</replaceable> vom System erkannt wird." + +#~ msgid "<option>-r</option>,<option>--remove</option>" +#~ msgstr "<option>-r</option>,<option>--remove</option>" + +#~ msgid "" +#~ "Files in the user's home directory will be removed along with the home " +#~ "directory itself and the user's mail spool. Overrides the configuration." +#~ msgstr "" +#~ "Dateien im Home-Verzeichnis des Benutzers werden zusammen mit dem Home-" +#~ "Verzeichnis selbst und der Mail-Warteschlange des Benutzers entfernt. " +#~ "Dies setzt die Konfiguration außer Kraft." + +#~ msgid "<option>-R</option>,<option>--no-remove</option>" +#~ msgstr "<option>-R</option>,<option>--no-remove</option>" + +#~ msgid "" +#~ "Files in the user's home directory will NOT be removed along with the " +#~ "home directory itself and the user's mail spool. Overrides the " +#~ "configuration." +#~ msgstr "" +#~ "Dateien im Home-Verzeichnis des Benutzers werden NICHT zusammen mit dem " +#~ "Home-Verzeichnis selbst und der Mail-Warteschlange des Benutzers " +#~ "entfernt. Dies setzt die Konfiguration außer Kraft." + +#~ msgid "<option>-f</option>,<option>--force</option>" +#~ msgstr "<option>-f</option>,<option>--force</option>" + +#~ msgid "" +#~ "This option forces <command>sss_userdel</command> to remove the user's " +#~ "home directory and mail spool, even if they are not owned by the " +#~ "specified user." +#~ msgstr "" +#~ "Diese Option erzwingt, dass <command>sss_userdel</command> das Home-" +#~ "Verzeichnis des Benutzers und die Mail-Warteschlange sogar dann entfernt, " +#~ "wenn sie dem angegebenen Nutzer nicht gehören." + +#~ msgid "<option>-k</option>,<option>--kick</option>" +#~ msgstr "<option>-k</option>,<option>--kick</option>" + +#~ msgid "Before actually deleting the user, terminate all his processes." +#~ msgstr "" +#~ "beendet, bevor der Benutzer tatsächlich gelöscht wird, alle seine " +#~ "Prozesse." + +#~ msgid "sss_groupdel" +#~ msgstr "sss_groupdel" + +#~ msgid "delete a group" +#~ msgstr "löscht eine Gruppe" + +#~ msgid "" +#~ "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>Optionen</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GRUPPE</" +#~ "replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_groupdel</command> deletes a group identified by its name " +#~ "<replaceable>GROUP</replaceable> from the system." +#~ msgstr "" +#~ "<command>sss_groupdel</command> löscht eine Gruppe namens " +#~ "<replaceable>GRUPPE</replaceable> vom System." + +#~ msgid "sss_groupshow" +#~ msgstr "sss_groupshow" + +#~ msgid "print properties of a group" +#~ msgstr "gibt die Eigenschaften einer Gruppe aus." + +#~ msgid "" +#~ "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupshow</command> <arg choice='opt'> " +#~ "<replaceable>Optionen</replaceable> </arg> <arg " +#~ "choice='plain'><replaceable>GRUPPE</replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_groupshow</command> displays information about a group " +#~ "identified by its name <replaceable>GROUP</replaceable>. The information " +#~ "includes the group ID number, members of the group and the parent group." +#~ msgstr "" +#~ "<command>sss_groupshow</command> zeigt Informationen über eine Gruppe " +#~ "namens <replaceable>GRUPPE</replaceable> an. Die Informationen umfassen " +#~ "die Gruppen-ID-Nummer, Mitglieder der Gruppe, sowie die übergeordnete " +#~ "Gruppe." + +#~ msgid "<option>-R</option>,<option>--recursive</option>" +#~ msgstr "<option>-R</option>,<option>--recursive</option>" + +#~ msgid "" +#~ "Also print indirect group members in a tree-like hierarchy. Note that " +#~ "this also affects printing parent groups - without <option>R</option>, " +#~ "only the direct parent will be printed." +#~ msgstr "" +#~ "gibtt auch indirekte Gruppenmitglieder in einer baumartigen Hierarchie " +#~ "aus. Beachten Sie, dass dies auch die Ausgabe der übergeordneten Gruppen " +#~ "beeinflusst – ohne <option>R</option> werden nur die unmittelbar " +#~ "übergeordneten Gruppen ausgegeben." + +#~ msgid "sss_usermod" +#~ msgstr "sss_usermod" + +#~ msgid "modify a user account" +#~ msgstr "ändert ein Benutzerkonto" + +#~ msgid "" +#~ "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_usermod</command> <arg choice='opt'> <replaceable>Optionen</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>ANMELDUNG</" +#~ "replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_usermod</command> modifies the account specified by " +#~ "<replaceable>LOGIN</replaceable> to reflect the changes that are " +#~ "specified on the command line." +#~ msgstr "" +#~ "<command>sss_usermod</command> ändert das durch <replaceable>ANMELDUNG</" +#~ "replaceable> angegebene Konto, damit es die auf der Befehlszeile " +#~ "angegebenen Änderungen widerzuspiegelt." + +#~ msgid "The home directory of the user account." +#~ msgstr "das Home-Verzeichnis des Benutzerkontos" + +#~ msgid "The user's login shell." +#~ msgstr "die Anmelde-Shell des Benutzers" + +#~ msgid "" +#~ "Append this user to groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter " +#~ "is a comma separated list of group names." +#~ msgstr "" +#~ "hängt diesen Benutzer an die Gruppen an, die durch den Parameter " +#~ "<replaceable>GRUPPEN</replaceable> angegeben werden. Der Parameter " +#~ "<replaceable>GRUPPEN</replaceable> ist eine durch Kommata getrennte Liste " +#~ "von Gruppennamen." + +#~ msgid "" +#~ "Remove this user from groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter." +#~ msgstr "" +#~ "entfernt diesen Benutzer aus Gruppen, die durch den Parameter " +#~ "<replaceable>GRUPPEN</replaceable> angegeben werden." + +#~ msgid "<option>-l</option>,<option>--lock</option>" +#~ msgstr "<option>-l</option>,<option>--lock</option>" + +#~ msgid "Lock the user account. The user won't be able to log in." +#~ msgstr "" +#~ "sperrt das Benutzerkonto. Der Benutzer wird sich nicht anmelden können." + +#~ msgid "<option>-u</option>,<option>--unlock</option>" +#~ msgstr "<option>-u</option>,<option>--unlock</option>" + +#~ msgid "Unlock the user account." +#~ msgstr "entsperrt das Benutzerkonto." + +#~ msgid "The SELinux user for the user's login." +#~ msgstr "der SELinux-Benutzer für die Anmeldung des Anwenders" + +#~ msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +#~ msgstr "" +#~ "<option>--addattr</option> <replaceable>ATTR_NAME_WERT</replaceable>" + +#~ msgid "Add an attribute/value pair. The format is attrname=value." +#~ msgstr "" +#~ "Ein Attribut/Wert-Paar hinzufügen. Das Format ist Attributname=Wert." + +#~ msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +#~ msgstr "" +#~ "<option>--setattr</option> <replaceable>ATTR_NAME_WERT</replaceable>" + +#~ msgid "" +#~ "Set an attribute to a name/value pair. The format is attrname=value. For " +#~ "multi-valued attributes, the command replaces the values already present" +#~ msgstr "" +#~ "Ein Attribut auf ein Name/Wert-Paar setzen. Das Format ist " +#~ "Attributname=Wert. Bei Attributen mit mehreren Werten ersetzt der Befehl " +#~ "die bereits vorhandenen Werte." + +#~ msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +#~ msgstr "" +#~ "<option>--delattr</option> <replaceable>ATTR_NAME_WERT</replaceable>" + +#~ msgid "Delete an attribute/value pair. The format is attrname=value." +#~ msgstr "Ein Attribut/Wert-Paar löschen. Das Format ist Attributname=Wert." + +#~ msgid "Default: /etc/krb5.keytab" +#~ msgstr "Voreinstellung: /etc/krb5.keytab" + +#~ msgid "memcache_timeout (int)" +#~ msgstr "memcache_timeout (Ganzzahl)" + +#~ msgid "<option>-f</option>,<option>--debug-to-files</option>" +#~ msgstr "<option>-f</option>,<option>--debug-to-files</option>" + +#~ msgid "" +#~ "Send the debug output to files instead of stderr. By default, the log " +#~ "files are stored in <filename>/var/log/sssd</filename> and there are " +#~ "separate log files for every SSSD service and domain." +#~ msgstr "" +#~ "sendet die Ausgabe der Fehlersuche in Dateien statt auf die " +#~ "Standardfehlerausgabe. Standardmäßig werden die Protokolldateien in " +#~ "<filename>/var/log/sssd</filename> gespeichert. Dort gibt es separate " +#~ "Protokolldateien für jeden SSSD-Dienst und jede Domain." + +#~ msgid "<emphasis>Default</emphasis>: 0" +#~ msgstr "<emphasis>Voreinstellung</emphasis>: 0" diff --git a/src/man/po/es.po b/src/man/po/es.po new file mode 100644 index 0000000..36bf95b --- /dev/null +++ b/src/man/po/es.po @@ -0,0 +1,22292 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# Adolfo Jayme Barrientos <fito@libreoffice.org>, 2012 +# Carlos Antolín Lucas <carlosantolin@hotmail.es>, 2012 +# beckerde <domingobecker@gmail.com>, 2013 +# Eduardo Villagrán M <gotencool@gmail.com>, 2011 +# Eduardo Villagrán M <gotencool@gmail.com>, 2011 +# vareli <ehespinosa@ya.com>, 2013 +# vareli <ehespinosa@ya.com>, 2013 +# Daniel Cabrera <logan@fedoraproject.org>, 2011 +# Emilio Herrera <ehespinosa57@gmail.com>, 2018. #zanata +# Emilio Herrera <ehespinosa57@gmail.com>, 2019. #zanata +# Emilio Herrera <ehespinosa57@gmail.com>, 2020. #zanata +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 2.3.0\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" +"PO-Revision-Date: 2021-10-27 15:05+0000\n" +"Last-Translator: Emilio Herrera <ehespinosa57@gmail.com>\n" +"Language-Team: Spanish <https://translate.fedoraproject.org/projects/sssd/" +"sssd-manpage-master/es/>\n" +"Language: es\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" +"X-Generator: Weblate 4.8\n" + +#. type: Content of: <reference><title> +#: sssd.conf.5.xml:8 sssd-ldap.5.xml:5 pam_sss.8.xml:5 pam_sss_gss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5 +#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 +#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sssd-krb5.5.xml:5 +#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5 +#: sssd-files.5.xml:5 sssd-session-recording.5.xml:5 sssd-kcm.8.xml:5 +#: sssd-systemtap.5.xml:5 sssd-ldap-attributes.5.xml:5 +#: sssd_krb5_localauth_plugin.8.xml:5 +msgid "SSSD Manual pages" +msgstr "Páginas de manual de SSSD" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:13 sssd.conf.5.xml:19 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:14 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 +#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +#: sssd-files.5.xml:11 sssd-session-recording.5.xml:11 sssd-systemtap.5.xml:11 +#: sssd-ldap-attributes.5.xml:11 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:15 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 +#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +#: sssd-files.5.xml:12 sssd-session-recording.5.xml:12 sssd-kcm.8.xml:12 +#: sssd-systemtap.5.xml:12 sssd-ldap-attributes.5.xml:12 +msgid "File Formats and Conventions" +msgstr "Formatos de archivo y convenciones" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:20 +msgid "the configuration file for SSSD" +msgstr "El archivo de configuración de SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:24 +msgid "FILE FORMAT" +msgstr "Formato de archivo" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:32 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:27 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"El archivo posee una sintaxis de tipo ini consistente de secciones y " +"parámetros. Una sección comienza con el nombre de dicha sección colocado " +"entre corchetes, y continua hasta que comienza la próxima sección. Este es " +"un ejemplo de una sección con parámetros de valores simples y múltiples: " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:39 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" +"Los tipos de datos utilizados son cadenas (no es necesario ingresarlos entre " +"comillas), enteros o booleanos (cuyos valores son <quote>TRUE/FALSE</quote>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:44 +msgid "" +"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" +"Una línea de comentario empieza con una almohadilla (<quote>#</quote>) o un " +"punto y coma (<quote>;</quote>). Los comentarios en línea no están " +"soportados." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:50 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" +"Todas las secciones pueden tener un parámetro opcional de " +"<replaceable>descripción</replaceable>. Su función es solo la de servir como " +"etiqueta a tal sección." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:56 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" +"<filename>sssd.conf</filename> debe ser un archivo regular, cuyo dueño sea " +"el usuario root, y sólo este usuario podrá tener permisos de lectura y " +"escritura sobre él." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:62 +msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY" +msgstr "FRAGMENTOS DE CONFIGURACIÓN DESDE EL DIRECTORIO INCLUDE" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:65 +msgid "" +"The configuration file <filename>sssd.conf</filename> will include " +"configuration snippets using the include directory <filename>conf.d</" +"filename>. This feature is available if SSSD was compiled with libini " +"version 1.3.0 or later." +msgstr "" +"El fichero de configuración <filename>sssd.conf</filename> incluirá " +"fragmenteo de configuración usando el directorio include <filename>conf.d</" +"filename>. Esta característica está disponible si SSSD fue compilado con " +"libini versión 1.3.0 o posterior." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:72 +msgid "" +"Any file placed in <filename>conf.d</filename> that ends in " +"<quote><filename>.conf</filename></quote> and does not begin with a dot " +"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> " +"to configure SSSD." +msgstr "" +"Cualquier fichero situado en <filename>conf.d</filename> que termine en " +"<quote><filename>.conf</filename></quote> y no empiece con un punto (<quote>." +"</quote>) será usado junto con <filename>sssd.conf</filename> para " +"configurar SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:80 +msgid "" +"The configuration snippets from <filename>conf.d</filename> have higher " +"priority than <filename>sssd.conf</filename> and will override " +"<filename>sssd.conf</filename> when conflicts occur. If several snippets are " +"present in <filename>conf.d</filename>, then they are included in " +"alphabetical order (based on locale). Files included later have higher " +"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, " +"<filename>02_snippet.conf</filename> etc.) can help visualize the priority " +"(higher number means higher priority)." +msgstr "" +"Los fragmentos de configuración de <filename>conf.d</filename> tienen mayor " +"prioridad que los de <filename>sssd.conf</filename> y anularán " +"<filename>sssd.conf</filename> cuando ocurran conflictos. Si varios " +"fragmentos están presentes en <filename>conf.d</filename> serán incluidos en " +"orden alfabético (en base a la localización). Los ficheros incluidos más " +"tarde tienen prioridad mas alta. Prefijos numéricos (<filename>01_snippet." +"conf</filename>, <filename>02_snippet.conf</filename> etc.) pueden ayudar a " +"visualizar la prioridad (números mas altos significan prioridad más alta)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:94 +msgid "" +"The snippet files require the same owner and permissions as <filename>sssd." +"conf</filename>. Which are by default root:root and 0600." +msgstr "" +"Los ficheros fragmentos requieren los mismos propietarios y permisos que " +"<filename>sssd.conf</filename>. Que son por defecto root:root y 0600." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:101 +msgid "GENERAL OPTIONS" +msgstr "OPCIONES GENERALES" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:103 +msgid "Following options are usable in more than one configuration sections." +msgstr "" +"Las siguientes opciones son útiles en más de una de las secciones de " +"configuración." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:107 +msgid "Options usable in all sections" +msgstr "Opciones utilizables en todas las secciones" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:111 +msgid "debug_level (integer)" +msgstr "debug_level (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:115 +msgid "debug (integer)" +msgstr "debug (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:118 +msgid "" +"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias " +"for <replaceable>debug_level</replaceable> as a convenience feature. If both " +"are specified, the value of <replaceable>debug_level</replaceable> will be " +"used." +msgstr "" +"SSSD 1.14 y posteriores también incluyen el alias <replaceable>debug</" +"replaceable> para <replaceable>debug_level</replaceable> como ua " +"característica de conveniencia. Si se usan ambas se usará el valor de " +"<replaceable>debug_level</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:128 +msgid "debug_timestamps (bool)" +msgstr "debug_timestamps (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:131 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" +"Añade una sello de tiempo a los mensajes de depuración. Si journald está " +"habilitado para el registro de la depuración SSSD esta opción se ignora." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 +msgid "Default: true" +msgstr "Predeterminado: true" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:141 +msgid "debug_microseconds (bool)" +msgstr "debug_microseconds (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:144 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" +"Añade microsegundos al sello de tiempo en los mensajes de depuración. Si " +"journald está habilitado para el registro de la depuración SSSD esta opción " +"se ignora." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 +#: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 +#: include/krb5_options.xml:163 +msgid "Default: false" +msgstr "Predeterminado: false" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:154 +msgid "debug_backtrace_enabled (bool)" +msgstr "debug_backtrace_enabled (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:157 +msgid "Enable debug backtrace." +msgstr "Habilita el seguimiento de depuración." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:160 +msgid "" +"In case SSSD is run with debug_level less than 9, everything is logged to a " +"ring buffer in memory and flushed to a log file on any error up to and " +"including `min(0x0040, debug_level)` (i.e. if debug_level is explicitly set " +"to 0 or 1 then only those error levels will trigger backtrace, otherwise up " +"to 2)." +msgstr "" +"En caso de que SSSD esté corriendo en debug_level menor de 9, todo se " +"registra en un bufer temporal en la memoria y se descarga en un archivo de " +"registro cualquier error incluyendo `min(0x0040, debug_level)` (i.e. si " +"debug_level se fija explícitamente a 0 o 1 estos niveles de error disparará " +"una traza, de lo contrario hasta 2)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:169 +msgid "" +"Feature is only supported for `logger == files` (i.e. setting doesn't have " +"effect for other logger types)." +msgstr "" +"La característica sólo se soporta para `logger == files` (i.e. la " +"configuración no tiene efecto para otro tipo de registros)." + +#. type: Content of: outside any tag (error?) +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 +#: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 +#: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 +#: sssd-ldap-attributes.5.xml:890 sssd-ldap-attributes.5.xml:987 +#: sssd-ldap-attributes.5.xml:1045 sssd-ldap-attributes.5.xml:1203 +#: sssd-ldap-attributes.5.xml:1248 include/autofs_attributes.xml:1 +#: include/krb5_options.xml:1 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:182 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "Opciones utilizables en las secciones SERVICIO y DOMINIO" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:186 +msgid "timeout (integer)" +msgstr "timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:189 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests. Note " +"that after three missed heartbeats the process will terminate itself." +msgstr "" +"Tiempo de salid en segundos entre pulsaciones para este servicio. Se usa " +"para asegurar que el proceso está vivo y capaz de contestar peticiones. " +"Advierta que después de tres pulsaciones perdidas el servicio se terminará." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +msgid "Default: 10" +msgstr "Predeterminado: 10" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:206 +msgid "SPECIAL SECTIONS" +msgstr "SECCIONES ESPECIALES" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:209 +msgid "The [sssd] section" +msgstr "La sección [sssd]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><title> +#: sssd.conf.5.xml:218 +msgid "Section parameters" +msgstr "Parámetros de sección" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:220 +msgid "config_file_version (integer)" +msgstr "config_file_version (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:223 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" +"Indica cuál es la sintaxis del archivo de configuración. SSSD 0.6.0 y " +"posteriores utilizan versión 2." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:229 +msgid "services" +msgstr "servicios" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:232 +msgid "" +"Comma separated list of services that are started when sssd itself starts. " +"<phrase condition=\"have_systemd\"> The services' list is optional on " +"platforms where systemd is supported, as they will either be socket or D-Bus " +"activated when needed. </phrase>" +msgstr "" +"Lista separada por comas de los servicios que se han iniciado cuando el " +"mismo sssd se inició. <phrase condition=\"have_systemd\"> La lista de " +"servicios es opcional sobre plataformas donde se soporta systemd, ya que " +"serán enchufados o activado D-Bus cuando sea necesario. </phrase>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:241 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" +msgstr "" +"Servicios soportados: nss, pam <phrase condition=\"with_sudo\">, sudo</" +"phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:249 +msgid "" +"<phrase condition=\"have_systemd\"> By default, all services are disabled " +"and the administrator must enable the ones allowed to be used by executing: " +"\"systemctl enable sssd-@service@.socket\". </phrase>" +msgstr "" +"<phrase condition=\"have_systemd\"> Por defecto, todos los servicios están " +"deshabilitados y el administrador debe habilitar aquellos que permita que se " +"usen para ejecución: \"systemctl enable sssd-@service@.socket\". </phrase>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 +msgid "reconnection_retries (integer)" +msgstr "reconnection_retries (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" +"Cantidad de intentos de reconexión de los servicios ante una eventual caída " +"de datos del proveedor, o de reiniciarse antes de abandonar" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 +#: include/failover.xml:100 +msgid "Default: 3" +msgstr "Predeterminado: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:271 +msgid "domains" +msgstr "dominios" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:274 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter describes the list of domains in the order you want " +"them to be queried. A domain name is recommended to contain only " +"alphanumeric ASCII characters, dashes, dots and underscores. '/' character " +"is forbidden." +msgstr "" +"Un dominio es una base de datos que contiene información del usuario. SSSD " +"puede usar más dominios a la vez, pero al menos se debe configurar uno o " +"SSSD no arrancará. Este parámetro describe la lista de dominios en el orden " +"que usted desea que sean consultados. Se recomienda de que contenga sólo " +"caracteres ASCII alfanuméricos, guiones, puntos y guiones bajos. El carácter " +"\"/\" está prohibido." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 +msgid "re_expression (string)" +msgstr "re_expression (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:290 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" +"Expresión regular por defecto que describe como analizar la cadena que " +"contiene el nombre de usuario y el dominio en estos componentes." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:295 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN SECTIONS " +"for more info on these regular expressions." +msgstr "" +"Cada dominio puede tener una expresión regular individual configurada. Para " +"algunos proveedores de ID hay también expresiones regulares por defecto. Vea " +"las SECCIONES DOMINIO para mas información sobre estas expresiones regulares." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 +msgid "full_name_format (string)" +msgstr "full_name_format (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" +"<citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-formato compatible que describe como componer un " +"nombre de dominio totalmente cualificado y los componentes del nombre de " +"dominio." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 +msgid "%1$s" +msgstr "%1$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 +msgid "user name" +msgstr "nombre de usuario" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 +msgid "%2$s" +msgstr "%2$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 +msgid "domain name as specified in the SSSD config file." +msgstr "" +"nombre de dominio como se especifica en el fichero de configuración SSSD" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 +msgid "%3$s" +msgstr "%3$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" +"nombre plano de dominio. Principalmente usado por los dominios Active " +"Directory tanto los configurados directamente como los descubiertos por " +"medio de IPA de confianza." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"Son soportadas las siguientes expresiones: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:344 +msgid "" +"Each domain can have an individual format string configured. See DOMAIN " +"SECTIONS for more info on this option." +msgstr "" +"Cada dominio puede tener una cadena de formato individual configurada. Vea " +"SECCIONES DOMINIO para más información sobre esta opción." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:350 +msgid "monitor_resolv_conf (boolean)" +msgstr "monitor_resolv_conf (booleano)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:353 +msgid "" +"Controls if SSSD should monitor the state of resolv.conf to identify when it " +"needs to update its internal DNS resolver." +msgstr "" +"Controla si SSSD monitorizaría el estado de resolv.conf para identificar " +"cuando necesita actualizar su interfaz de resolución DNS interno." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:363 +msgid "try_inotify (boolean)" +msgstr "try_inotify (boolean)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:366 +msgid "" +"By default, SSSD will attempt to use inotify to monitor configuration files " +"changes and will fall back to polling every five seconds if inotify cannot " +"be used." +msgstr "" +"Por defecto, SSSD intentará usar inotify para monitorizar cambios en los " +"ficheros de configuración y volverá a sondear cada cinco segundos si inotify " +"no puede ser usado." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" +"Existen algunas pocas situaciones en donde lo preferible es evitar el uso de " +"inotify. En estas raras excepciones, la opción debería ser definida en " +"'false' " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:378 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" +"Predeterminado: 'true' en plataformas donde inotify tenga soporte. 'False' " +"en el resto de las plataformas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:382 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" +"Nota: esta opción no tendrá efecto en plataformas donde inotify no se " +"encuenytre disponible. En estas plataformas, la consulta (polling) será " +"utilizada siempre." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:389 +msgid "krb5_rcache_dir (string)" +msgstr "krb5_rcache_dir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" +"Directorio en el sistema de archivos donde SSSD debería guardar fichero de " +"reproducción de cache de Kerberos." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:396 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" +"Esta opción acepta un valor especial __LIBKRB5_DEFAULTS__ que instruirá a " +"SSSD para dejar a libkrb5 decidir la localización apropiada del escondrijo " +"de respuesta." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:402 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" +"Por defecto: Distribución específica y especificado en la acumulación de " +"tiempo. (si no se configura __LIBKRB5_DEFAULTS__)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:409 +msgid "user (string)" +msgstr "usuario (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:412 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user. Currently the only supported value is '&sssd_user_name;'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:419 +#, fuzzy +#| msgid "" +#| "The user to drop the privileges to where appropriate to avoid running as " +#| "the root user. <phrase condition=\"have_systemd\"> This option does not " +#| "work when running socket-activated services, as the user set up to run " +#| "the processes is set up during compilation time. The way to override the " +#| "systemd unit files is by creating the appropriate files in /etc/systemd/" +#| "system/. Keep in mind that any change in the socket user, group or " +#| "permissions may result in a non-usable SSSD. The same may occur in case " +#| "of changes of the user running the NSS responder. </phrase>" +msgid "" +"This option does not work when running socket-activated services, as the " +"user set up to run the processes is set up during compilation time. The way " +"to override the systemd unit files is by creating the appropriate files in /" +"etc/systemd/system/. Keep in mind that any change in the socket user, group " +"or permissions may result in a non-usable SSSD. The same may occur in case " +"of changes of the user running the NSS responder." +msgstr "" +"El usuario debe dejar los privilegios donde corresponda para evitar que se " +"ejecute como usuario root. <phrase condition=\"have_systemd\"> Esta opción " +"no funciona cuando se están ejecutando servicios activados por socket, " +"puesto que el ajuste para que el usuario corra los procesos se fijan en el " +"momento de la compilación. El modo de anular la unidad de ficheros systemd " +"es creando los ficheros apropiados en /etc/systemd/system/. Tenga en cuenta " +"que cualquier cambio en el socket de usuario, grupo o permisos puede llevar " +"a un SSSD no utilizable. Lo mismo puede ocurrir en el caso de cambios del " +"usuario que ejecuta el contestador NSS. </phrase>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:433 +msgid "Default: not set, process will run as root" +msgstr "Por defecto: no ajustado, los procesos correrán como root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:438 +msgid "default_domain_suffix (string)" +msgstr "default_domain_suffix (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:441 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" +"Esta cadena será usada como nombre de dominio por defecto para todos los " +"nombre sin un componente de nombre de dominio. El principal caso de uso es " +"en entornos donde el dominio principal está dirigido a gestionar las " +"políticas de host y todos los usuarios están localizados en un dominio " +"confiable. La opción permite a esos usuarios acceder sólo con su nombre de " +"usuario sin dar también un nombre de dominio." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:451 +#, fuzzy +#| msgid "" +#| "Please note that if this option is set all users from the primary domain " +#| "have to use their fully qualified name, e.g. user@domain.name, to log in. " +#| "Setting this option changes default of use_fully_qualified_names to True. " +#| "It is not allowed to use this option together with " +#| "use_fully_qualified_names set to False. One exception from this rule are " +#| "domains with <quote>id_provider=files</quote> that always try to match " +#| "the behaviour of nss_files and therefore their output is not qualified " +#| "even when the default_domain_suffix option is used." +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False. <phrase condition=\"with_files_provider\"> One exception from " +"this rule are domains with <quote>id_provider=files</quote> that always try " +"to match the behaviour of nss_files and therefore their output is not " +"qualified even when the default_domain_suffix option is used. </phrase>" +msgstr "" +"Por favor advierta que si esta opción está establecida todos los usuarios " +"del dominio primario tienen que usar su nombre totalmente cualificado, e.g. " +"user@domain.name, para acceder. El establecimiento de esta opción cambia el " +"comportamiento predeterminado de use_fully_qualified_names a True. No está " +"permitido el uso de esta opción junto con use_fully_qualified_names " +"establecido a False. Una excepción de esta regla son los dominios con " +"<quote>id_provider=files</quote> que siempre intentan igualar el " +"comportamiento de nss_files y por lo tanto su salida es no cualificada aún " +"cuando se use la opción default_domain_suffix." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 +#: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 +#: include/krb5_options.xml:148 +msgid "Default: not set" +msgstr "Predeterminado: no definido" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:473 +msgid "override_space (string)" +msgstr "override_space (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:476 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" +"Este parámetro reemplazará los espacios (barra espaciadora) con los " +"caracteres dados para los nombres de usuario y grupos. e.g. (_). Nombre de " +"usuario "john doe" será "john_doe" Esta característica " +"se ha añadido para ayudar a la compatibilidad los scripts de shell que " +"tienen dificultades con el manejo de espacios, debido al campo separador " +"predeterminado en el shell." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:485 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" +"Por favor advierta que es un error de configuración usar un carácter de " +"reemplazo que pueda ser usado en los nombres de grupo o usuario. Si un " +"nombre contiene el carácter de reemplazo SSSD intentará devolver un nombre " +"no modificado pero en general el resultado de la búsqueda es indefinido." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "Default: not set (spaces will not be replaced)" +msgstr "Por defecto: no ajustado (los espacios no serán reemplazados)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:498 +msgid "certificate_verification (string)" +msgstr "certificate_verification (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:506 +msgid "no_ocsp" +msgstr "no_ocsp" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:508 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" +"Deshabilita la comprobación de Protocolo de Estado de Certificado en Línea " +"(OCSP). Esto puede ser necesario si los servidores OCSP definidos en el " +"certificado no son alcanzables por el cliente." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:516 +msgid "soft_ocsp" +msgstr "soft_ocsp" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:518 +msgid "" +"If a connection cannot be established to an OCSP responder the OCSP check is " +"skipped. This option should be used to allow authentication when the system " +"is offline and the OCSP responder cannot be reached." +msgstr "" +"Si no se puede establecer una conexión con un contestador OCSP la " +"comprobación OCSP es saltada. Esta opción debería ser usada para permitir la " +"autenticación cuando el sistema no está en línea y el contestador OCSP no " +"puede ser alcanzado." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:528 +msgid "ocsp_dgst" +msgstr "ocsp_dgst" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "" +"Digest (hash) function used to create the certificate ID for the OCSP " +"request. Allowed values are:" +msgstr "" +"Función resumen (picadillo) usada para crear la ID del certificado para la " +"petición OCSP. Los valores permitidos son:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:534 +msgid "sha1" +msgstr "sha1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:535 +msgid "sha256" +msgstr "sha256" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:536 +msgid "sha384" +msgstr "sha384" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:537 +msgid "sha512" +msgstr "sha512" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:540 +msgid "Default: sha1 (to allow compatibility with RFC5019-compliant responder)" +msgstr "" +"Predeterminado: sha1 (para permitir la compatibilidad con el contestador que " +"cumple el RFC50190)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:546 +msgid "no_verification" +msgstr "no_verification" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:548 +msgid "" +"Disables verification completely. This option should only be used for " +"testing." +msgstr "" +"Deshabilita la verificación completamente. Esto opción solo se debería usar " +"para pruebas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "partial_chain" +msgstr "partial_chain" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:556 +msgid "" +"Allow verification to succeed even if a <replaceable>complete</replaceable> " +"chain cannot be built to a self-signed trust-anchor, provided it is possible " +"to construct a chain to a trusted certificate that might not be self-signed." +msgstr "" +"Permite la verificación exitosa incluso si la cadena <replaceable>complete</" +"replaceable> no se puede construir a un ancla de autoconfianza firmado, " +"siempre que sea posible construir una cadena a un certificado de confianza " +"que puede no estar autofirmado." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:565 +msgid "ocsp_default_responder=URL" +msgstr "ocsp_default_responder=URL" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:567 +msgid "" +"Sets the OCSP default responder which should be used instead of the one " +"mentioned in the certificate. URL must be replaced with the URL of the OCSP " +"default responder e.g. http://example.com:80/ocsp." +msgstr "" +"Fija el contestador OCSP por defecto que será usando en lugar del mencionado " +"en el certificado. La URL debe ser reemplazada con la URL del contestador " +"OCSP por defecto e.g. http://example.com:80/ocsp." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:577 +msgid "ocsp_default_responder_signing_cert=NAME" +msgstr "ocsp_default_responder_signing_cert=NAME" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:579 +msgid "" +"This option is currently ignored. All needed certificates must be available " +"in the PEM file given by pam_cert_db_path." +msgstr "" +"Esta opción se ignora actualmente. Todos los certificados necesarios deben " +"estar disponibles en el fichero PEM indicado por pam_cert_db_path." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:587 +msgid "crl_file=/PATH/TO/CRL/FILE" +msgstr "crl_file=/PATH/TO/CRL/FILE" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:589 +msgid "" +"Use the Certificate Revocation List (CRL) from the given file during the " +"verification of the certificate. The CRL must be given in PEM format, see " +"<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</" +"manvolnum> </citerefentry> for details." +msgstr "" +"Usa la Lista de Revocación de Certificado (CRL) del fichero dado durante la " +"verificación del certificado. La CRL se debe dar en formato PEM, vea " +"detalles en <citerefentry> <refentrytitle>crl</refentrytitle> " +"<manvolnum>1ssl</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:602 +msgid "soft_crl" +msgstr "soft_crl" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:605 +msgid "" +"If a Certificate Revocation List (CRL) is expired ignore the CRL checks for " +"the related certificates. This option should be used to allow authentication " +"when the system is offline and the CRL cannot be renewed." +msgstr "" +"Si una Lista de Revocación de Certificado (CRL) expira ignora las " +"comprobaciones CRL para los certificados relacionados. Esta opción debería " +"ser usada para permitir la autenticación cuando el sistema está fuera de " +"linea y la CRL no puede ser renovada." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Con este parámetros la verificación del certificado se puede sintonizar con " +"una lista de opciones separadas por comas. Las opciones soportadas son: " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:616 +msgid "Unknown options are reported but ignored." +msgstr "Se informa de las opciones desconocidas pero son ignoradas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:619 +msgid "Default: not set, i.e. do not restrict certificate verification" +msgstr "" +"Por defecto: no fijado, i.e. no restringe la verificación de certificado" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:625 +msgid "disable_netlink (boolean)" +msgstr "disable_netlink (boolean)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "" +"SSSD hooks into the netlink interface to monitor changes to routes, " +"addresses, links and trigger certain actions." +msgstr "" +"SSSD se engancha en el interfaz netlink para monitorizar los cambios a " +"rutas, direcciones, enlaces y disparar ciertas acciones." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:633 +msgid "" +"The SSSD state changes caused by netlink events may be undesirable and can " +"be disabled by setting this option to 'true'" +msgstr "" +"Los cambios en el estado de SSSD causados por eventos en enlace de red " +"pueden ser no deseados y pueden ser deshabilitados ajustando esta opción a " +"'true'" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:638 +msgid "Default: false (netlink changes are detected)" +msgstr "Predeterminado: false (se detectan los cambio de enlace de red)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:643 +msgid "enable_files_domain (boolean)" +msgstr "enable_files_domain (boolean)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:646 +msgid "" +"When this option is enabled, SSSD prepends an implicit domain with " +"<quote>id_provider=files</quote> before any explicitly configured domains." +msgstr "" +"Cuando se habilita esta opción, SSSD antepone in dominio implícito con " +"<quote>id_provider=files</quote> antes de cualquier dominio explícito " +"configurado." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:657 +msgid "domain_resolution_order" +msgstr "domain_resolution_order" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:660 +msgid "" +"Comma separated list of domains and subdomains representing the lookup order " +"that will be followed. The list doesn't have to include all possible " +"domains as the missing domains will be looked up based on the order they're " +"presented in the <quote>domains</quote> configuration option. The " +"subdomains which are not listed as part of <quote>lookup_order</quote> will " +"be looked up in a random order for each parent domain." +msgstr "" +"Lista separada por comas de dominios y subdominios que representa el orden " +"de búsqueda que se seguirá. La lista no tiene que incluir todos los " +"dominios posibles ya que los dominios que falten se buscarán en el orden que " +"se presentan en la opción de configuración <quote>domains</quote>. Los " +"subdominios que no están listados como parte de <quote>lookup_order</quote> " +"serán buscados en un orden aleatorio por cada dominio padre." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:672 +#, fuzzy +#| msgid "" +#| "Please, note that when this option is set the output format of all " +#| "commands is always fully-qualified even when using short names for input, " +#| "for all users but the ones managed by the files provider. In case the " +#| "administrator wants the output not fully-qualified, the full_name_format " +#| "option can be used as shown below: <quote>full_name_format=%1$s</quote> " +#| "However, keep in mind that during login, login applications often " +#| "canonicalize the username by calling <citerefentry> " +#| "<refentrytitle>getpwnam</refentrytitle> <manvolnum>3</manvolnum> </" +#| "citerefentry> which, if a shortname is returned for a qualified input " +#| "(while trying to reach a user which exists in multiple domains) might re-" +#| "route the login attempt into the domain which uses shortnames, making " +#| "this workaround totally not recommended in cases where usernames may " +#| "overlap between domains." +msgid "" +"Please, note that when this option is set the output format of all commands " +"is always fully-qualified even when using short names for input <phrase " +"condition=\"with_files_provider\"> , for all users but the ones managed by " +"the files provider </phrase>. In case the administrator wants the output " +"not fully-qualified, the full_name_format option can be used as shown below: " +"<quote>full_name_format=%1$s</quote> However, keep in mind that during " +"login, login applications often canonicalize the username by calling " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> which, if a shortname is returned for a qualified " +"input (while trying to reach a user which exists in multiple domains) might " +"re-route the login attempt into the domain which uses shortnames, making " +"this workaround totally not recommended in cases where usernames may overlap " +"between domains." +msgstr "" +"Por favor, advierta que cuando se fija esta opción el formato de salida de " +"todos los comandos es siempre plenamente cualificado aunque se usen los " +"nombre cortos para la entrada, para todos los usuarios excepto los " +"gestionados por el proveedro de ficheros. En caso de que el administrador " +"desee la salida no plenamente cualificada se debe usar los opción " +"full_name_format como se muestra abajo: <quote>full_name_format=%1$s</quote> " +"Sin embargo, tenga en cuenta que durante el acceso, las aplicaciones de " +"acceso con frecuencia canonicalizan el nombre de usuario llamando a " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> que, si se devuelve un nombre corto para una " +"entrada cualificada (mientras que intenta alcanzar un usuario que existe en " +"múltiples dominios) debe re-enturar el intento de acceso hacia el dominio " +"que usa nombres cortos, haciendo este rodeo totalmente no recomendado en los " +"casos donde los nombres de usuarios se deben compartir entre dominios." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 +#: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 +msgid "Default: Not set" +msgstr "Por defecto: No definido" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:705 +#, fuzzy +#| msgid "ad_gpo_implicit_deny (boolean)" +msgid "implicit_pac_responder (boolean)" +msgstr "ad_gpo_implicit_deny (booleano)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:708 +msgid "" +"The PAC responder is enabled automatically for the IPA and AD provider to " +"evaluate and check the PAC. If it has to be disabled set this option to " +"'false'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:719 +#, fuzzy +#| msgid "ad_gpo_ignore_unreadable (boolean)" +msgid "core_dumpable (boolean)" +msgstr "ad_gpo_ignore_unreadable (booleano)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:722 +msgid "" +"This option can be used for general system hardening: setting it to 'false' " +"forbids core dumps for all SSSD processes to avoid leaking plain text " +"passwords. See man page prctl:PR_SET_DUMPABLE for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:734 +#, fuzzy +#| msgid "certificate_verification (string)" +msgid "passkey_verification (string)" +msgstr "certificate_verification (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +#, fuzzy +#| msgid "certificate_verification (string)" +msgid "user_verification (boolean)" +msgstr "certificate_verification (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:744 +msgid "" +"Enable or disable the user verification (i.e. PIN, fingerprint) during " +"authentication. If enabled, the PIN will always be requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:750 +msgid "" +"The default is that the key settings decide what to do. In the IPA or " +"kerberos pre-authentication case, this value will be overwritten by the " +"server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +#, fuzzy +#| msgid "" +#| "With this parameter the certificate verification can be tuned with a " +#| "comma separated list of options. Supported options are: <placeholder " +#| "type=\"variablelist\" id=\"0\"/>" +msgid "" +"With this parameter the passkey verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Con este parámetros la verificación del certificado se puede sintonizar con " +"una lista de opciones separadas por comas. Las opciones soportadas son: " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:211 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Trozos individuales de funcionalidad SSSD son suministrados por servicios " +"especiales SSSD que se inician y parar junto a SSSD. Los servicios son " +"gestionados por un servicio especial frecuentemente llamado <quote>monitor</" +"quote>. La sección <quote>[sssd]</quote> se usa para configurar el monitor " +"así como algunas otras opciones importantes como la identidad de dominios. " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:769 +msgid "SERVICES SECTIONS" +msgstr "SECCIONES DE SERVICIOS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:771 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" +"Los ajustes que pueden ser utilizados para configurar diferentes servicios " +"se describe en esta sección. Ellos deben residir en la sección " +"[<replaceable>$NAME</replaceable>], por ejemplo, para el servicio NSS, la " +"sección sería <quote>[nss]</quote>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:778 +msgid "General service configuration options" +msgstr "Opciones de configuración de servicios generales" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:780 +msgid "These options can be used to configure any service." +msgstr "Estas opciones pueden usarse para configurar cualquier servicio." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:797 +msgid "fd_limit" +msgstr "fd_limit" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:800 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" +"Esta opción especifica el número máximo de descriptores de ficheros que " +"pueden ser abiertos a la vez por este proceso SSSD. Sobre sistemas donde " +"SSSD ha alcanzado la capacidad CAP_SYS_RESOURCE, este será un ajuste " +"absoluto. Sobre sistemas sin esta capacidad, el valor resultante será el " +"valor más bajo de este o de limite “hard” en limits.conf." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "Por defecto: 8192 (o limite “hard” en limits.conf)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:814 +msgid "client_idle_timeout" +msgstr "client_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:817 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system. The timeout " +"can't be shorter than 10 seconds. If a lower value is configured, it will be " +"adjusted to 10 seconds." +msgstr "" +"Esta opción especifica el número de segundos que un cliente de un proceso " +"SSSD puede conservar un descriptor de archivo sin comunicarse con él. Este " +"valor está limitado con el objetivo de evitar el agotamiento de recursos del " +"sistema. El tiempo de salida no puede ser más corto de 10 segundos. Si se " +"configura un valor más bajo será ajustado a 10 segundos." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "Default: 60, KCM: 300" +msgstr "Predeterminado: 60, KCM: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:831 +msgid "offline_timeout (integer)" +msgstr "offline_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:834 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. By " +"default SSSD uses incremental behaviour to calculate delay in between " +"retries. So, the wait time for a given retry will be longer than the wait " +"time for the previous ones. After each unsuccessful attempt to go online, " +"the new interval is recalculated by the following:" +msgstr "" +"Cuando SSSD conmuta al modo fuera de línea la cantidad tiempo antes de que " +"intente volver a estar en línea se incrementará en base al tiempo que ha " +"estado desconectado. De modo predeterminado SSSD utiliza un comportamiento " +"incremental para calcular el retraso entre reintentos. De este modo, el " +"tiempo de espera para un reintento dado no será más largo que el tiempo de " +"los anteriores. Después de cada intento fracasado para estar en línea, el " +"nuevo intervalo se calcula mediante lo siguiente:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 +msgid "" +"new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." +"offline_timeout_random_offset]" +msgstr "" +"new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." +"offline_timeout_random_offset]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:848 +msgid "" +"The offline_timeout default value is 60. The offline_timeout_max default " +"value is 3600. The offline_timeout_random_offset default value is 30. The " +"end result is amount of seconds before next retry." +msgstr "" +"El valor predeterminado de offline_timeout es 60. El valor predeterminado de " +"offline_timeout_max es 3600. El valor predeterminado de " +"offline_timeout_random_offset es 30. El resultado final es la cantidad de " +"segundos antes del próximo reintento." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:854 +msgid "" +"Note that the maximum length of each interval is defined by " +"offline_timeout_max (apart of random part)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 +msgid "Default: 60" +msgstr "Predeterminado: 60" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:863 +#, fuzzy +#| msgid "offline_timeout (integer)" +msgid "offline_timeout_max (integer)" +msgstr "offline_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:866 +msgid "" +"Controls by how much the time between attempts to go online can be " +"incremented following unsuccessful attempts to go online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:871 +msgid "A value of 0 disables the incrementing behaviour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:874 +msgid "" +"The value of this parameter should be set in correlation to offline_timeout " +"parameter value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "" +"With offline_timeout set to 60 (default value) there is no point in setting " +"offlinet_timeout_max to less than 120 as it will saturate instantly. General " +"rule here should be to set offline_timeout_max to at least 4 times " +"offline_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "" +"Although a value between 0 and offline_timeout may be specified, it has the " +"effect of overriding the offline_timeout value so is of little use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:889 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 3600" +msgstr "Predeterminado: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:894 +#, fuzzy +#| msgid "offline_timeout + random_offset" +msgid "offline_timeout_random_offset (integer)" +msgstr "offline_timeout + random_offset" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:897 +msgid "" +"When SSSD is in offline mode it keeps probing backend servers in specified " +"time intervals:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:904 +msgid "" +"This parameter controls the value of the random offset used for the above " +"equation. Final random_offset value will be random number in range:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +#, fuzzy +#| msgid "offline_timeout + random_offset" +msgid "[0 - offline_timeout_random_offset]" +msgstr "offline_timeout + random_offset" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:912 +msgid "A value of 0 disables the random offset addition." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:915 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 30" +msgstr "Predeterminado: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:920 +msgid "responder_idle_timeout" +msgstr "responder_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:923 +msgid "" +"This option specifies the number of seconds that an SSSD responder process " +"can be up without being used. This value is limited in order to avoid " +"resource exhaustion on the system. The minimum acceptable value for this " +"option is 60 seconds. Setting this option to 0 (zero) means that no timeout " +"will be set up to the responder. This option only has effect when SSSD is " +"built with systemd support and when services are either socket or D-Bus " +"activated." +msgstr "" +"Esta opción especifica el número de segundos que un proceso contestador SSSD " +"puede estar levantado sin ser usado. Este valor está limitado con el " +"objetivo de evitar el agotamiento de recursos del sistema. El valor mínimo " +"aceptable para esta opción es 60 segundos. Fijar esta opción a 0 (cero) " +"significa que se le ajustarña tiempo de espera al contestador. Esta opción " +"solo tiene efecto cuando SSSD está construido con soporte systemd y cuando " +"los servicios activados son socket o D-Bus." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 +msgid "Default: 300" +msgstr "Predeterminado: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:942 +msgid "cache_first" +msgstr "cache_first" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 +msgid "" +"This option specifies whether the responder should query all caches before " +"querying the Data Providers." +msgstr "" +"Esta opción especifica si el contestador consultará todos los caches antes " +"de consultar a los Proveedores de Datos." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:960 +msgid "NSS configuration options" +msgstr "Opciones de configuración de NSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:962 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" +"Estas opciones pueden ser usadas para configurar el servicio Name Service " +"Switch (NSS)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:967 +msgid "enum_cache_timeout (integer)" +msgstr "enum_cache_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:970 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" +"Cuantos segundos ocultaría enumeraciones nss_sss (peticiones de información " +"sobre todos los usuarios)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:974 +msgid "Default: 120" +msgstr "Predeterminado: 120" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:979 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "entry_cache_nowait_percentage (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:982 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" +"La entrada a la cache puede ser fijada automáticamente para actualizar " +"entradas en segundo plano si hay peticiones más allá de un porcentanje del " +"valor de entry_cache_timeout para el dominio." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:988 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" +"Por ejemplo, si entry_cache_timeout del dominio está fijado a 30 y " +"entry_cache_nowait_percentage está fijado a 50 (por ciento), las entradas " +"que vengan después de 15 segundos pasado el último cache serán devueltas " +"inmediatamente, pero SSSD irá y actualizará el cache por el mismo, de modo " +"que las futuras peticiones no necesitarán bloquearse a la espera de una " +"actualización del cache." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:998 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" +"Los valores válidos para esta opción son 0-99 y representan un porcentaje de " +"entry_cache_timeout para cada dominio. Por razones de rendimiento, este " +"porcentaje nunca reducirá el tiempo de salida de no espera a menos de 10 " +"segundos. (0 deshabilita esta función)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 +msgid "Default: 50" +msgstr "Predeterminado: 50" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1011 +msgid "entry_negative_timeout (integer)" +msgstr "entry_negative_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"Especifica por cuantos segundos nss_sss escondería golpes negativos al cache " +"(esto es, consultas para entradas no válidas a la base de datos, como " +"entradas no existentes) antes de preguntar al punto final otra vez." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 +msgid "Default: 15" +msgstr "Predeterminado: 15" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1025 +msgid "local_negative_timeout (integer)" +msgstr "local_negative_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1028 +msgid "" +"Specifies for how many seconds nss_sss should keep local users and groups in " +"negative cache before trying to look it up in the back end again. Setting " +"the option to 0 disables this feature." +msgstr "" +"Especifica por cuantos segundos nss_sss mantendría a los usuarios y grupos " +"locales en cache negativo antes de intentar buscarlo en el extremo final " +"otra vez. Fijando la opción a 0 deshabilita esta característica." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "Default: 14400 (4 hours)" +msgstr "Por defecto: 14400 (4 horas)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1039 +msgid "filter_users, filter_groups (string)" +msgstr "filter_users, filter_groups (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1042 +msgid "" +"Exclude certain users or groups from being fetched from the sss NSS " +"database. This is particularly useful for system accounts. This option can " +"also be set per-domain or include fully-qualified names to filter only users " +"from the particular domain or by a user principal name (UPN)." +msgstr "" +"Excluye a ciertos usuarios o grupos de ser recuperados de la base de datos " +"sss NSS. Esto es particularmente útil para cuentas del sistema. Esta opción " +"puede ser también establecida por dominio o incluir nombres completos para " +"filtrar solo usuarios de un dominio concreto o por el nombre principal de " +"usuario (UPN)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1050 +msgid "" +"NOTE: The filter_groups option doesn't affect inheritance of nested group " +"members, since filtering happens after they are propagated for returning via " +"NSS. E.g. a group having a member group filtered out will still have the " +"member users of the latter listed." +msgstr "" +"AVISO: La opción filter_groups no afecta a la herencia de miembros de grupos " +"anidados, puesto que el filtrado sucede después de que hayan sido propagados " +"para volver por medio de NSS. E.g. un grupo que tenga un miembro del grupo " +"filtrado mantendrá los usuarios miembros del listado posterior." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1058 +msgid "Default: root" +msgstr "Predeterminado: root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1063 +msgid "filter_users_in_groups (bool)" +msgstr "filter_users_in_groups (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1066 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" +"Si usted desea filtrar usuarios aunque sean miembros del grupo, fije esta " +"opción a false." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1077 +msgid "fallback_homedir (string)" +msgstr "fallback_homedir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1080 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" +"Fija la plantilla por defecto para el direcorio home del usuario si no se ha " +"especificado una explícitamente por el proveedor de datos del dominio." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1085 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" +"Los valores disponibles para esta opción son los mismos que para " +"override_homedir." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1091 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" +"fallback_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "ejemplo: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1095 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" +"Por defecto: no fijado (sin sustitución para los directorios home no fijados)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1101 +msgid "override_shell (string)" +msgstr "override_shell (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1104 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" +"Anula el shell de acceso para todos los usuarios. Esta opción reemplaza " +"cualquier otra opción de shell si tinene efecto y puede ser fijada bien en " +"la sección [nss] o por dominio." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "Por defecto: no fijado (SSSD usará el valor recuperado desde LDAP)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1116 +msgid "allowed_shells (string)" +msgstr "allowed_shells (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1119 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" +"Restringe la shell de usuario a uno de los valores listados. El orden de " +"evaluación es:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1122 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "1. Si el shell está presente en <quote>/etc/shells</quote>, se usa." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1126 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" +"2. Si el shell está en la lista allowed_shells pero no en <quote>/etc/" +"shells</quote>, usa el valor del parámetro shell_fallback." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1131 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" +"3. Si el shell no está en la lista allowed_shells y tampoco en <quote>/etc/" +"shells</quote>, se usará un shell de no acceso." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1136 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "Se puede usar el comodín (*) para permitir cualquier shell." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1139 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" +"(*) es útil si usted desea usar shell_fallback en caso de que el shell del " +"usuario no esté en <quote>/etc/shells</quote> y las lista que mantiene todos " +"los shells permitidos en allowed_shells estuviera llena." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1146 +msgid "An empty string for shell is passed as-is to libc." +msgstr "Una cadena vacía para el shell se pasa como-es a libc." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1149 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" +"<quote>/etc/shells</quote> es de sólo lectura en el inicio SSSD, lo que " +"significa que se requiere el reinicio del SSSD en el caso de que se instale " +"una nueva shell." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1153 +msgid "Default: Not set. The user shell is automatically used." +msgstr "Por defecto: No fijado. La shell del usuario se usa automáticamente." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1158 +msgid "vetoed_shells (string)" +msgstr "vetoed_shells (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1161 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "Reemplaza cualquier instancia de estos shells con shell_fallback" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1166 +msgid "shell_fallback (string)" +msgstr "shell_fallback (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1169 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" +"La shell por defecto a usar si una shell permitida no está instalada en la " +"máquina." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1173 +msgid "Default: /bin/sh" +msgstr "Predeterminado: /bin/sh" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1178 +msgid "default_shell" +msgstr "default_shell" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1181 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" +"El shell por defecto a usar si el proveedor no devuelve uno durante la " +"búsqueda. Esta opción puede ser especificada globalmente en la sección [nss] " +"o por dominio." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1187 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" +"Por defecto: no fijado (Devuelve NULL si no se ha especificado una shell y " +"confía en libc para sustituir algo sensible cuando sea necesario, " +"normalmente /bin/sh)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 +msgid "get_domains_timeout (int)" +msgstr "get_domains_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" +"Especifica el tiempo en segundos por los cuales la lista de subdominios será " +"considerada válida." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1206 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_timeout (integer)" +msgstr "enum_cache_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1209 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid. Setting this option to zero will disable the in-memory cache." +msgstr "" +"Especifica el tiempo en segundos por el cual os registros en la memoria " +"cache serán validos. Fijando esta opción o cero deshabilita la memoria cache." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1217 +msgid "" +"WARNING: Disabling the in-memory cache will have significant negative impact " +"on SSSD's performance and should only be used for testing." +msgstr "" +"PRECAUCIÓN: Deshabilitar la memoria cache puede llevar a un impacto negativo " +"significativo sobre el rendimiento de SSSD y debería ser usado solo para " +"pruebas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" +"AVISO: Si la variable de entorno SSS_NSS_USE_MEMCACHE estça fijada a \"NO\", " +"las aplicaciones clientes no usaran la memoria cache rápida." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1231 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_passwd (integer)" +msgstr "enum_cache_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1234 +#, fuzzy +#| msgid "" +#| "Specifies time in seconds for which records in the in-memory cache will " +#| "be valid. Setting this option to zero will disable the in-memory cache." +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for passwd requests. Setting the size to 0 will disable the passwd in-" +"memory cache." +msgstr "" +"Especifica el tiempo en segundos por el cual os registros en la memoria " +"cache serán validos. Fijando esta opción o cero deshabilita la memoria cache." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 +msgid "Default: 8" +msgstr "Predeterminado: 8" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 +#, fuzzy +#| msgid "" +#| "WARNING: Disabling the in-memory cache will have significant negative " +#| "impact on SSSD's performance and should only be used for testing." +msgid "" +"WARNING: Disabled or too small in-memory cache can have significant negative " +"impact on SSSD's performance." +msgstr "" +"PRECAUCIÓN: Deshabilitar la memoria cache puede llevar a un impacto negativo " +"significativo sobre el rendimiento de SSSD y debería ser usado solo para " +"pruebas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1256 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_group (integer)" +msgstr "enum_cache_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1259 +#, fuzzy +#| msgid "" +#| "Specifies time in seconds for which records in the in-memory cache will " +#| "be valid. Setting this option to zero will disable the in-memory cache." +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for group requests. Setting the size to 0 will disable the group in-memory " +"cache." +msgstr "" +"Especifica el tiempo en segundos por el cual os registros en la memoria " +"cache serán validos. Fijando esta opción o cero deshabilita la memoria cache." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 +#: include/krb5_options.xml:11 +msgid "Default: 6" +msgstr "Predeterminado: 6" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1281 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_initgroups (integer)" +msgstr "enum_cache_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1284 +#, fuzzy +#| msgid "" +#| "Specifies time in seconds for which records in the in-memory cache will " +#| "be valid. Setting this option to zero will disable the in-memory cache." +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for initgroups requests. Setting the size to 0 will disable the initgroups " +"in-memory cache." +msgstr "" +"Especifica el tiempo en segundos por el cual os registros en la memoria " +"cache serán validos. Fijando esta opción o cero deshabilita la memoria cache." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1306 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_sid (integer)" +msgstr "enum_cache_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1309 +#, fuzzy +#| msgid "" +#| "Specifies time in seconds for which records in the in-memory cache will " +#| "be valid. Setting this option to zero will disable the in-memory cache." +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for SID related requests. Only SID-by-ID and ID-by-SID requests are " +"currently cached in fast in-memory cache. Setting the size to 0 will " +"disable the SID in-memory cache." +msgstr "" +"Especifica el tiempo en segundos por el cual os registros en la memoria " +"cache serán validos. Fijando esta opción o cero deshabilita la memoria cache." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 +msgid "user_attributes (string)" +msgstr "user_attributes (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1336 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" +"Algunas de las solicitudes de respuestas adicionales NSS pueden devolver mas " +"atributos que solos los de POXIS definido por el interfaz NSS. La lista de " +"atributos se controla con esta opción. Se maneja de la misma forma que la " +"opción <quote>user_attributes</quote> del contestador InfoPipe (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> para mas detalles) pero sin valores " +"predeterminados." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1349 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" +"Para hacer mas fácil la configuración el contestador NSS comprobará la " +"opción InfoPipe si no está fijada para el contestador NSS." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1354 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "Por defecto: no ajustada, retroceder a opción InfoPipe" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1359 +msgid "pwfield (string)" +msgstr "pwfield (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1362 +msgid "" +"The value that NSS operations that return users or groups will return for " +"the <quote>password</quote> field." +msgstr "" +"El valor que las operaciones NSS que devuelven usuarios o grupos devolverán " +"para el campo <quote>password</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1367 +#, fuzzy +#| msgid "Default: <quote>permit</quote>" +msgid "Default: <quote>*</quote>" +msgstr "Predeterminado: <quote>permit</quote>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1370 +#, fuzzy +#| msgid "This option can also be set per-domain." +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[nss] section." +msgstr "Esta opción puede ser también fijada por dominio." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1374 +#, fuzzy +#| msgid "" +#| "Default: <quote>*</quote> (remote domains) or <quote>x</quote> (the " +#| "files domain)" +msgid "" +"Default: <quote>not set</quote> (remote domains), <phrase " +"condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" +"phrase> <quote>x</quote> (proxy domain with nss_files and sssd-shadowutils " +"target)" +msgstr "" +"Por defecto: <quote>*</quote> (dominios remotos) o <quote>x</quote> (los " +"ficheros de dominio)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1386 +msgid "PAM configuration options" +msgstr "Opciones de configuración PAM" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1388 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" +"Estas opciones pueden ser usadas para configurar el servicio Pluggable " +"Authentication Module (PAM)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1393 +msgid "offline_credentials_expiration (integer)" +msgstr "offline_credentials_expiration (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1396 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" +"Si la autenticación del proveedor es fuera de línea, cuanto permitiríamos " +"los accesos escondidos (en días desde el último login en línea con éxito)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 +msgid "Default: 0 (No limit)" +msgstr "Predeterminado: 0 (Sin límite)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1407 +msgid "offline_failed_login_attempts (integer)" +msgstr "offline_failed_login_attempts (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1410 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" +"Si la autenticación del proveedor es fuera de línea, cuantos intentos de " +"login fallados están permitidos." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1420 +msgid "offline_failed_login_delay (integer)" +msgstr "offline_failed_login_delay (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1423 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" +"El tiempo en minutos que ha de pasar después de que " +"offline_failed_login_attempts ha sido alcanzado antes de que un nuevo " +"intento de login sea posible." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1428 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" +"Si se fija en 0 el usuario no puede autenticarse fuerta de línea si se ha " +"alcanzado offline_failed_login_attempts. Sólo una autenticación en línea con " +"éxito puede habilitar otra vez la autenticación fuera de línea." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 +msgid "Default: 5" +msgstr "Predeterminado: 5" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1440 +msgid "pam_verbosity (integer)" +msgstr "pam_verbosity (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1443 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" +"Controla qué tipo de mensajes se muestra al usuario durante la " +"autenticación. Cuanto mayor sea el número de mensajes más aparecen." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1448 +msgid "Currently sssd supports the following values:" +msgstr "Actualmente sssd soporta los siguientes valores:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1451 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "<emphasis>0</emphasis>: no mostrar ningún mensaje" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1454 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "<emphasis>1</emphasis>: mostrar sólo mensajes importantes" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1458 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "<emphasis>2</emphasis>: mostrar mensajes informativos" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" +"<emphasis>3</emphasis>: mostrar todos los mensajes e información de " +"depuración" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1465 sssd.8.xml:63 +msgid "Default: 1" +msgstr "Predeterminado: 1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1471 +#, fuzzy +#| msgid "pam_response_filter (integer)" +msgid "pam_response_filter (string)" +msgstr "pam_response_filter (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1474 +msgid "" +"A comma separated list of strings which allows to remove (filter) data sent " +"by the PAM responder to pam_sss PAM module. There are different kind of " +"responses sent to pam_sss e.g. messages displayed to the user or environment " +"variables which should be set by pam_sss." +msgstr "" +"Una lista separada por comas de cadenas que permiten borrar (filtrar) datos " +"enviados por el contestador PAM al modulo PAM pam_sss PAM. Hay diferentes " +"clases de respuestas enviadas a pam_sss e.g. mensajes mostrados al usuario o " +"variables de entorno que deberían ser fijadas por pam_sss." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1482 +msgid "" +"While messages already can be controlled with the help of the pam_verbosity " +"option this option allows to filter out other kind of responses as well." +msgstr "" +"Como los mensajes ya pueden ser controlados con la ayuda de la opción " +"pam_verbosity esta opción permite filtrar otra clase de respuestas también." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1489 +msgid "ENV" +msgstr "ENV" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1490 +msgid "Do not send any environment variables to any service." +msgstr "No envía ninguna variable de entorno a ningún servicio." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1493 +msgid "ENV:var_name" +msgstr "ENV:var_name" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1494 +msgid "Do not send environment variable var_name to any service." +msgstr "No envía la variable de entorno var_name a ningún servicio." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1498 +msgid "ENV:var_name:service" +msgstr "ENV:var_name:service" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1499 +msgid "Do not send environment variable var_name to service." +msgstr "No envía la variable de entorno var_name al servicio." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1487 +msgid "" +"Currently the following filters are supported: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Actualmente se soportan los siguientes filtros: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1506 +msgid "" +"The list of strings can either be the list of filters which would set this " +"list of filters and overwrite the defaults. Or each element of the list can " +"be prefixed by a '+' or '-' character which would add the filter to the " +"existing default or remove it from the defaults, respectively. Please note " +"that either all list elements must have a '+' or '-' prefix or none. It is " +"considered as an error to mix both styles." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1517 +#, fuzzy +#| msgid "Example: ENV:KRB5CCNAME:sudo-i" +msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" +msgstr "Ejemplo: ENV:KRB5CCNAME:sudo-i" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1520 +msgid "" +"Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1527 +msgid "pam_id_timeout (integer)" +msgstr "pam_id_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1530 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" +"Para cualquier petición PAM mientras SSSD está en línea, SSSD intentará " +"inmediatamente actualizar la información de identidad escondida por el " +"usuario con el objetivo de asegurar que la autenticación tiene lugar con la " +"información más actual." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1536 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" +"Una conversación PAM completa puede llevar a cabo múltiples peticiones PAM, " +"como gestión de cuenta y apertura de sesión. Esta opción controla (sobre una " +"base de por cliente-aplicación) cuanto (en segundos) podemos esconder la " +"información de identidad para evitar excesivos viajes de ida y vuelata al " +"proveedor de identidad." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1550 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "pam_pwd_expiration_warning (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 +msgid "Display a warning N days before the password expires." +msgstr "Mostrar una advertencia N días antes que la contraseña caduque." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1556 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" +"Por favor advierta que el servidor de punto final tiene que suministrar " +"información sobre el tiempo de expiración de la contraseña. Si esta " +"información desaparece, sssd no podrá mostrar un aviso." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" +"Si está fijado cero, no se aplicará el filtro, esto es si se recibe una " +"advertencia de expiración desde el servidor final, se mostrará " +"automáticamente." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1567 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" +"Este ajuste puede ser anulado por el ajuste " +"<emphasis>pwd_expiration_warning</emphasis> para un dominio concreto." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 +msgid "Default: 0" +msgstr "Predeterminado: 0" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1589 +msgid "pam_trusted_users (string)" +msgstr "pam_trusted_users (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1592 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to run PAM conversations against trusted domains. Users not " +"included in this list can only access domains marked as public with " +"<quote>pam_public_domains</quote>. User names are resolved to UIDs at " +"startup." +msgstr "" +"Especifica la lista separada por comas de valores de UID o nombres de " +"usuarios que tienen permitidas conversaciones PAM contra dominios de " +"confianza. Los usuarios no incluidos en esta lista pueden solo acceder a " +"dominios marcadoscomo públicos con <quote>pam_public_domains</quote>. Los " +"nombres de usuarios se resuelven a UIDs en el arranque." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 +msgid "Default: All users are considered trusted by default" +msgstr "Por defecto: Todos los usuarios se consideran de confianza por defecto" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1606 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" +"Por favor advierta que la UID 0 siempre permite el acceso al contestador PAM " +"aunque no está en la la lista pam_trusted_users." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "pam_public_domains (string)" +msgstr "pam_public_domains (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" +"Especifica la lista separada por comas de nombres de dominios que son " +"accesibles hasta para los usuarios en los que no se confíe." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1620 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" +"Hay definidos dos valores especiales para la opción pam_public_domains:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1624 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" +"all (Los usuarios de no confianza están permitidos para acceder a todos los " +"dominios en el contestador PAM.)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1628 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" +"none (Los usuarios de no confianza no tienen permitido acceder a los " +"dominios PAM en el contestador.)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 +msgid "Default: none" +msgstr "Predeterminado: none" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1637 +msgid "pam_account_expired_message (string)" +msgstr "pam_account_expired_message (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1640 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" +"Permite configurar un mensaje de expiración personalizado, reemplazando el " +"mensaje predeterminado 'Permiso denegado'." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbosity is set to 3 (show all messages and debug information)." +msgstr "" +"Nota: Por favor tenga cuidado que este mensaje solo se imprime por el " +"servicio SSH a no ser que pam_verbosity esté fijado a 3 (mostrar todos los " +"mensajes e información de depuración)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1653 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" +"pam_account_expired_message = Cuenta expirada, por favor contacte con la mesa de ayuda.\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1662 +msgid "pam_account_locked_message (string)" +msgstr "pam_account_locked_message (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1665 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" +"Permite fijar un mensaje de bloqueo personalizado, reemplazando el mensaje " +"por defecto 'Permiso denegado'." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1672 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" +"pam_account_locked_message = Cuenta bloqueada, por favor contacte con la mesa de ayuda.\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1681 +#, fuzzy +#| msgid "pam_cert_auth (bool)" +msgid "pam_passkey_auth (bool)" +msgstr "pam_cert_auth (booleano)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 +msgid "Enable passkey device based authentication." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 +msgid "Default: False" +msgstr "Por defecto: False" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1692 +msgid "passkey_debug_libfido2 (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1695 +msgid "Enable libfido2 library debug messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1703 +msgid "pam_cert_auth (bool)" +msgstr "pam_cert_auth (booleano)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1706 +msgid "" +"Enable certificate based Smartcard authentication. Since this requires " +"additional communication with the Smartcard which will delay the " +"authentication process this option is disabled by default." +msgstr "" +"Habilita un certificado en base a la autenticación Smartcard. Como esto " +"requiere comunicación adicional con la Smartcard lo que dilatará el proceso " +"de autenticación esta opción está deshabilitada por defecto." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1717 +msgid "pam_cert_db_path (string)" +msgstr "pam_cert_db_path (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1720 +msgid "The path to the certificate database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 +msgid "Default:" +msgstr "Predeterminado:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 +#, fuzzy +#| msgid "" +#| "/etc/sssd/pki/sssd_auth_ca_db.pem (OpenSSL version, path to a file with " +#| "trusted CA certificates in PEM format)" +msgid "" +"/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " +"certificates in PEM format)" +msgstr "" +"/etc/sssd/pki/sssd_auth_ca_db.pem (Versión de OpenSSL, ruta a un fichero con " +"certificados CA de confianza en formato PEM)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1735 +#, fuzzy +#| msgid "certificate_verification (string)" +msgid "pam_cert_verification (string)" +msgstr "certificate_verification (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1738 +#, fuzzy +#| msgid "" +#| "With this parameter the certificate verification can be tuned with a " +#| "comma separated list of options. Supported options are: <placeholder " +#| "type=\"variablelist\" id=\"0\"/>" +msgid "" +"With this parameter the PAM certificate verification can be tuned with a " +"comma separated list of options that override the " +"<quote>certificate_verification</quote> value in <quote>[sssd]</quote> " +"section. Supported options are the same of <quote>certificate_verification</" +"quote>." +msgstr "" +"Con este parámetros la verificación del certificado se puede sintonizar con " +"una lista de opciones separadas por comas. Las opciones soportadas son: " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1749 +#, fuzzy, no-wrap +#| msgid "" +#| "pam_p11_allowed_services = +my_pam_service, -login\n" +#| " " +msgid "" +"pam_cert_verification = partial_chain\n" +" " +msgstr "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1753 +msgid "" +"Default: not set, i.e. use default <quote>certificate_verification</quote> " +"option defined in <quote>[sssd]</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1760 +msgid "p11_child_timeout (integer)" +msgstr "p11_child_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1763 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "Cuantos segundos esperará pam_sss wait para que p11_child finalice." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1772 +#, fuzzy +#| msgid "p11_child_timeout (integer)" +msgid "passkey_child_timeout (integer)" +msgstr "p11_child_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1775 +#, fuzzy +#| msgid "How many seconds will pam_sss wait for p11_child to finish." +msgid "" +"How many seconds will the PAM responder wait for passkey_child to finish." +msgstr "Cuantos segundos esperará pam_sss wait para que p11_child finalice." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1784 +msgid "pam_app_services (string)" +msgstr "pam_app_services (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1787 +msgid "" +"Which PAM services are permitted to contact domains of type " +"<quote>application</quote>" +msgstr "" +"Cuales son los servicios PAM que tiene permitido contactar con dominios del " +"tipo <quote>application</quote>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1796 +msgid "pam_p11_allowed_services (integer)" +msgstr "pam_p11_allowed_services (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1799 +msgid "" +"A comma-separated list of PAM service names for which it will be allowed to " +"use Smartcards." +msgstr "" +"Una lista separada por comas de nombres de servicios PAM a los que les será " +"permitidos usar Smartcards." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1814 +#, no-wrap +msgid "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " +msgstr "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1803 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in order " +"to replace a default PAM service name for authentication with Smartcards (e." +"g. <quote>login</quote>) with a custom PAM service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Es posible añadir otro nombre de servicio PAM al conjunto predeterminado " +"usando <quote>+service_name</quote> o quitar explícitamente nombre de " +"servicio PAM de los predeterminados usando <quote>-service_name</quote>. Por " +"ejemplo, con el objetivo de reemplazar un nombre de servicio PAM por " +"autenticación con Smartcards (e.g. <quote>login</quote>) con un nombre de " +"servicio PAM personalizado (e.g. <quote>my_pam_service</quote>), debería " +"usar la siguiente configuración: <placeholder type=\"programlisting\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd-ad.5.xml:869 sssd-ad.5.xml:947 +msgid "Default: the default set of PAM service names includes:" +msgstr "" +"Predeterminado: el conjunto predeterminado de nombres de servicio PAM " +"incluye:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 +msgid "login" +msgstr "login" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 +msgid "su" +msgstr "su" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 +msgid "su-l" +msgstr "su-l" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 +msgid "gdm-smartcard" +msgstr "gdm-smartcard" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 +msgid "gdm-password" +msgstr "gdm-password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 +msgid "kdm" +msgstr "kdm" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 +msgid "sudo" +msgstr "sudo" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 +msgid "sudo-i" +msgstr "sudo-i" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1863 +msgid "gnome-screensaver" +msgstr "gnome-screensaver" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1871 +msgid "p11_wait_for_card_timeout (integer)" +msgstr "p11_wait_for_card_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1874 +msgid "" +"If Smartcard authentication is required how many extra seconds in addition " +"to p11_child_timeout should the PAM responder wait until a Smartcard is " +"inserted." +msgstr "" +"Si se requiere la autenticación con Smartcard cuantos segundos extras se " +"añaden a p11_child_timeout para que el contestador PAM espera hasta que se " +"inserte la Smartcard." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1885 +msgid "p11_uri (string)" +msgstr "p11_uri (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1888 +msgid "" +"PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " +"selection of devices used for Smartcard authentication. By default SSSD's " +"p11_child will search for a PKCS#11 slot (reader) where the 'removable' " +"flags is set and read the certificates from the inserted token from the " +"first slot found. If multiple readers are connected p11_uri can be used to " +"tell p11_child to use a specific reader." +msgstr "" +"PKCS#11 URI (ver detalles en RFC-7512) que puede ser usada para restringir " +"la selección de dspositivos usados por la autenticación Smartcard. Por " +"defecto p11_child de SSSD buscará una ranura (lector) PKCS#11 donde este " +"establecida la bandera 'removable' y lee los certificados de la ficha " +"insertada en la primera ranura encontrada. Si están conectados múltiples " +"lectores p11_uri puede ser usado para decir a p11_child que use un lector " +"específico." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1901 +#, fuzzy, no-wrap +#| msgid "" +#| "p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +#| " " +msgid "" +"p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" +" " +msgstr "" +"p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1905 +#, fuzzy, no-wrap +#| msgid "" +#| "p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +#| " " +msgid "" +"p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +" " +msgstr "" +"p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1899 +msgid "" +"Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " +"type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " +"debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' " +"with e.g. the '--list-all' will show PKCS#11 URIs as well." +msgstr "" +"Ejemplo: <placeholder type=\"programlisting\" id=\"0\"/> o <placeholder " +"type=\"programlisting\" id=\"1\"/> Para encontrar la URI adecuada compruebe " +"por favor la salida de depuración de p11_child. Como alternativa la utilidad " +"GnuTLS 'p11tool' con e.g. '--list-all' mostrará PKCS#11 URIs también." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1918 +msgid "pam_initgroups_scheme" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1926 +msgid "always" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1927 +msgid "" +"Always do an online lookup, please note that pam_id_timeout still applies" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1931 +msgid "no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1932 +msgid "" +"Only do an online lookup if there is no active session of the user, i.e. if " +"the user is currently not logged in" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1937 +msgid "never" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1938 +msgid "" +"Never force an online lookup, use the data from the cache as long as they " +"are not expired" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1921 +msgid "" +"The PAM responder can force an online lookup to get the current group " +"memberships of the user trying to log in. This option controls when this " +"should be done and the following values are allowed: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1945 +msgid "Default: no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 +#, fuzzy +#| msgid "pam_app_services (string)" +msgid "pam_gssapi_services" +msgstr "pam_app_services (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1953 +#, fuzzy +#| msgid "Comma separated list of users who are allowed to log in." +msgid "" +"Comma separated list of PAM services that are allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "Lista separada por comas de usuarios a los está permitido el acceso." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1958 +msgid "" +"To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[pam] section. It can also be set for trusted domain which overwrites the " +"value in the domain section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1970 +#, fuzzy, no-wrap +#| msgid "" +#| "pam_p11_allowed_services = +my_pam_service, -login\n" +#| " " +msgid "" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "Ejemplo: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1974 +msgid "Default: - (GSSAPI authentication is disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 +msgid "pam_gssapi_check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1982 +msgid "" +"If True, SSSD will require that the Kerberos user principal that " +"successfully authenticated through GSSAPI can be associated with the user " +"who is being authenticated. Authentication will fail if the check fails." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1989 +msgid "" +"If False, every user that is able to obtained required service ticket will " +"be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 +#: sssd-files.5.xml:145 +msgid "Default: True" +msgstr "Predeterminado: True" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2004 +msgid "pam_gssapi_indicators_map" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2007 +msgid "" +"Comma separated list of authentication indicators required to be present in " +"a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2013 +msgid "" +"Each element of the list can be either an authentication indicator name or a " +"pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " +"service name will be required to access any PAM service configured to be " +"used with <option>pam_gssapi_services</option>. A resulting list of " +"indicators per PAM service is then checked against indicators in the " +"Kerberos ticket during authentication by pam_sss_gss.so. Any indicator from " +"the ticket that matches the resulting list of indicators for the PAM service " +"would grant access. If none of the indicators in the list match, access will " +"be denied. If the resulting list of indicators for the PAM service is empty, " +"the check will not prevent the access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"To disable GSSAPI authentication indicator check, set this option to <quote>-" +"</quote> (dash). To disable the check for a specific PAM service, add " +"<quote>service:-</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "" +"Following authentication indicators are supported by IPA Kerberos " +"deployments:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"pkinit -- pre-authentication using X.509 certificates -- whether stored in " +"files or on smart cards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2043 +msgid "" +"hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " +"FAST channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2046 +msgid "radius -- pre-authentication with the help of a RADIUS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2049 +msgid "" +"otp -- pre-authentication using integrated two-factor authentication (2FA or " +"one-time password, OTP) in IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2052 +msgid "idp -- pre-authentication using external identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:2062 +#, fuzzy, no-wrap +#| msgid "" +#| "pam_p11_allowed_services = +my_pam_service, -login\n" +#| " " +msgid "" +"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" +" " +msgstr "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2057 +msgid "" +"Example: to require access to SUDO services only for users which obtained " +"their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " +"set <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2066 +#, fuzzy +#| msgid "Default: not set (no substitution for unset home directories)" +msgid "Default: not set (use of authentication indicators is not required)" +msgstr "" +"Por defecto: no fijado (sin sustitución para los directorios home no fijados)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2074 +msgid "SUDO configuration options" +msgstr "SUDO opciones de configuración" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2076 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Se pueden usar estas opciones para configurar el servicio sudo. Las " +"instrucciones detalladas para la configuración de <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"para trabajar con <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> están en la página de manual " +"<citerefentry> <refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2093 +msgid "sudo_timed (bool)" +msgstr "sudo_timed (booleano)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2096 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" +"Si se evalúan o no los atributos sudoNotBefore y sudoNotAfter que implementa " +"entradas de sudoers dependientes del tiempo." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2108 +msgid "sudo_threshold (integer)" +msgstr "sudo_threshold (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2111 +msgid "" +"Maximum number of expired rules that can be refreshed at once. If number of " +"expired rules is below threshold, those rules are refreshed with " +"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a " +"<quote>full refresh</quote> of sudo rules is triggered instead. This " +"threshold number also applies to IPA sudo command and command group searches." +msgstr "" +"Número máxio de reflas expiradas que pueden ser refrescadas a la vez. Si el " +"número de reglas expiradas está por debajo del umbral son refrescadas con el " +"mecanismo <quote>refrescar reglas</quote> mechanism. SI se supera el umbral " +"un <quote>refresco total</quote> de reglas sudo se dispara en su lugar. Este " +"umbral también se aplica al comando IPA sudo y a las búsquedas de grupo de " +"comando." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2130 +msgid "AUTOFS configuration options" +msgstr "Opciones de configuración AUTOFS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2132 +msgid "These options can be used to configure the autofs service." +msgstr "Estas opciones pueden ser usadas para configurar el servicio autofs." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2136 +msgid "autofs_negative_timeout (integer)" +msgstr "autofs_negative_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2139 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"Especifica cuantos segundos debería el respondedor negativo autofs esconder " +"golpes (esto es, consultas a entradas de mapa no válidad, como las no " +"existentes) antes de preguntar al punto final otra vez." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2155 +msgid "SSH configuration options" +msgstr "Opciones de configuración SSH" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2157 +msgid "These options can be used to configure the SSH service." +msgstr "Estas opciones se pueden usar para configurar el servicio SSH." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2161 +msgid "ssh_hash_known_hosts (bool)" +msgstr "ssh_hash_known_hosts (booleano)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2164 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" +"Si se pican o no los nombres y las direcciones de host en fichero gestionado " +"known_host. " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2173 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "ssh_known_hosts_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2176 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" +"Cuantos segundos se mantiene un host en el fichero known_hosts gestionados " +"después de que se hayan pedido sus claves de host." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2180 +msgid "Default: 180" +msgstr "Por defecto: 180" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2185 +msgid "ssh_use_certificate_keys (bool)" +msgstr "ssh_use_certificate_keys (booleano)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2188 +msgid "" +"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " +"keys derived from the public key of X.509 certificates stored in the user " +"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details." +msgstr "" +"Si se ajusta a true <command>sss_ssh_authorizedkeys</command> devolverá " +"claves ssh derivadas de la clave pública de los certificados X.509 " +"almacenados en la entrada de usuario también. Vea detalles en <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>1</" +"manvolnum> </citerefentry> for details." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2203 +msgid "ssh_use_certificate_matching_rules (string)" +msgstr "ssh_use_certificate_matching_rules (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2206 +msgid "" +"By default the ssh responder will use all available certificate matching " +"rules to filter the certificates so that ssh keys are only derived from the " +"matching ones. With this option the used rules can be restricted with a " +"comma separated list of mapping and matching rule names. All other rules " +"will be ignored." +msgstr "" +"Por defecto el contestador ssh usará todos los certificados disponibles que " +"coincidan con las reglas para filtrar los certificados de modo que las " +"claves ssh solo se derivarán a los que coincidan. Con esta opción las reglas " +"usadas pueden ser restringidas con una lista separada por comas de nombres " +"de reglas que coincidan y mapeen. Todas las demás reglas serán ignoradas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2215 +msgid "" +"There are two special key words 'all_rules' and 'no_rules' which will enable " +"all or no rules, respectively. The latter means that no certificates will be " +"filtered out and ssh keys will be generated from all valid certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2222 +msgid "" +"If no rules are configured using 'all_rules' will enable a default rule " +"which enables all certificates suitable for client authentication. This is " +"the same behavior as for the PAM responder if certificate authentication is " +"enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2229 +msgid "" +"A non-existing rule name is considered an error. If as a result no rule is " +"selected all certificates will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2234 +msgid "" +"Default: not set, equivalent to 'all_rules', all found rules or the default " +"rule are used" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2240 +msgid "ca_db (string)" +msgstr "ca_db (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2243 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" +"Ruta al almacenamiento de certificados CA de confianza. Esta opción se usa " +"para validar los certificados de usuario antes de derivar las claves " +"públicas ssh de ellos." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2263 +msgid "PAC responder configuration options" +msgstr "Opciones de configuración del respondedor PAC" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2265 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. If " +"the PAC is decoded and evaluated some of the following operations are done:" +msgstr "" +"El contestador PAC trabaja junto con el plugin de autorización de datos para " +"MIT Kerberos sssd_pac_plugin.so y un proveedor de sub dominios. El plugin " +"envía los datos PAC durante la autenticación GSSAPI al contestador PAC. El " +"proveedor de sub dominio recoge el SID de dominio y los rangos de ID del " +"dominio al que el cliente se ha unido y de los dominios remotos de confianza " +"desde el controlador local de dominio. Si el PAC es decodificado y evaluado " +"se hacen algunas de las siguientes operaciones:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2274 +msgid "" +"If the remote user does not exist in the cache, it is created. The UID is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"GID will have the same value as the UID. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" +"Si el usuario remoto no existe en la cache, se crea. Se determina la UID con " +"la ayuda del SID, los dominios de confianza tendrán UPGs y el GID tendrá el " +"mismo valor que la UID. El directorio home se ajusta en base al parámetro " +"subdomain_homedir. La shell estará vacía por defecto, i.e. se usa el sistema " +"predeterminado, pero se puede sustituir con el parámetro default_shell." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2282 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" +"Si se conocen los SIDs de los grupos de los dominios, se añadirá el usuario " +"a esos grupos." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2288 +msgid "These options can be used to configure the PAC responder." +msgstr "Estas opciones pueden ser usadas para configurar el respondedor PAC." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 +msgid "allowed_uids (string)" +msgstr "allowed_uids (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2295 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" +"Especifica la lista separada por comas de los valores UID o nombres de " +"usuario que tiene el acceso permitido al respondedor PAC." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2301 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" +"Por defecto: 0 (sólo el usuario root tiene permitido el acceso al " +"respondedor PAC)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2305 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" +"Por favor advierta que aunque la UID 0 se usa por defecto será anulada con " +"esta opción. Si usted deses todavía permitir al usuario root acceder al " +"respondedor PAC, que sería el caso típico, usted tiene que añadir 0 a la " +"lista de UIDs permitidas también." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2314 +msgid "pac_lifetime (integer)" +msgstr "pac_lifetime (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2317 +msgid "" +"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " +"data can be used to determine the group memberships of a user." +msgstr "" +"Tiempo de vida de la entrada PAC en segundos. Tanto como la PAC es válida " +"los datos PAC pueden ser usados para determinar la membresia de grupo de un " +"usuario." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2327 +#, fuzzy +#| msgid "ldap_schema (string)" +msgid "pac_check (string)" +msgstr "ldap_schema (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2330 +msgid "" +"Apply additional checks on the PAC of the Kerberos ticket which is available " +"in Active Directory and FreeIPA domains, if configured. Please note that " +"Kerberos ticket validation must be enabled to be able to check the PAC, i.e. " +"the krb5_validate option must be set to 'True' which is the default for the " +"IPA and AD provider. If krb5_validate is set to 'False' the PAC checks will " +"be skipped." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2344 +msgid "no_check" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2346 +msgid "" +"The PAC must not be present and even if it is present no additional checks " +"will be done." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2352 +msgid "pac_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2354 +msgid "" +"The PAC must be present in the service ticket which SSSD will request with " +"the help of the user's TGT. If the PAC is not available the authentication " +"will fail." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2362 +msgid "check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2364 +msgid "" +"If the PAC is present check if the user principal name (UPN) information is " +"consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2370 +msgid "check_upn_allow_missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2372 +msgid "" +"This option should be used together with 'check_upn' and handles the case " +"where a UPN is set on the server-side but is not read by SSSD. The typical " +"example is a FreeIPA domain where 'ldap_user_principal' is set to a not " +"existing attribute name. This was typically done to work-around issues in " +"the handling of enterprise principals. But this is fixed since quite some " +"time and FreeIPA can handle enterprise principals just fine and there is no " +"need anymore to set 'ldap_user_principal'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2384 +msgid "" +"Currently this option is set by default to avoid regressions in such " +"environments. A log message will be added to the system log and SSSD's debug " +"log in case a UPN is found in the PAC but not in SSSD's cache. To avoid this " +"log message it would be best to evaluate if the 'ldap_user_principal' option " +"can be removed. If this is not possible, removing 'check_upn' will skip the " +"test and avoid the log message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2398 +msgid "upn_dns_info_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2400 +msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2405 +msgid "check_upn_dns_info_ex" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2407 +msgid "" +"If the PAC is present and the extension to the UPN-DNS-INFO buffer is " +"available check if the information in the extension is consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2414 +msgid "upn_dns_info_ex_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2416 +msgid "" +"The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " +"'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2340 +#, fuzzy +#| msgid "" +#| "The following expansions are supported: <placeholder " +#| "type=\"variablelist\" id=\"0\"/>" +msgid "" +"The following options can be used alone or in a comma-separated list: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Son soportadas las siguientes expresiones: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2426 +msgid "" +"Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " +"check_upn_dns_info_ex')" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2435 +msgid "Session recording configuration options" +msgstr "Opciones de configuración de la grabación de sesión" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2437 +msgid "" +"Session recording works in conjunction with <citerefentry> " +"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>, a part of tlog package, to log what users see and type when " +"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-" +"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Trabajos de grabación de sesión en conjunto con <citerefentry> " +"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>, una parte del paquete tlog, para registrar lo que los " +"usuarios ven y el tipo cuando ellos lo registran en un terminal de texto. " +"Vea también <citerefentry> <refentrytitle>sssd-session-recording</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2450 +msgid "These options can be used to configure session recording." +msgstr "Se pueden usar estas opciones para configurar la grabación de sesión." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 +msgid "scope (string)" +msgstr "scope (cadena)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 +msgid "\"none\"" +msgstr "\"none\"" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 +msgid "No users are recorded." +msgstr "NO se grabaron usuarios." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 +msgid "\"some\"" +msgstr "\"some\"" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 +msgid "" +"Users/groups specified by <replaceable>users</replaceable> and " +"<replaceable>groups</replaceable> options are recorded." +msgstr "" +"Usuarios/grupos especificados por las opciones <replaceable>users</" +"replaceable> y<replaceable>groups</replaceable> son grabados." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 +msgid "\"all\"" +msgstr "\"all\"" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 +msgid "All users are recorded." +msgstr "Se graban todos los usuarios." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 +msgid "" +"One of the following strings specifying the scope of session recording: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Una de las siguientes cadena especifica el alcande de la sesión de " +"grabación: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 +msgid "Default: \"none\"" +msgstr "Predeterminado: \"none\"" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 +msgid "users (string)" +msgstr "users (cadena)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 +msgid "" +"A comma-separated list of users which should have session recording enabled. " +"Matches user names as returned by NSS. I.e. after the possible space " +"replacement, case changes, etc." +msgstr "" +"Una lista separada por comas de usuarios que deberían tener el registro de " +"sesión habilitado. Coincide con los nombres de usuario que son devueltos por " +"NSS. I.e. después de las posibles sustituciones de espacios, cambios de " +"mayúsculas/minúsculas, etc." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 +msgid "Default: Empty. Matches no users." +msgstr "Predeterminado: Vacío. No hay usuarios coincidentes." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 +msgid "groups (string)" +msgstr "groups (cadena)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 +msgid "" +"A comma-separated list of groups, members of which should have session " +"recording enabled. Matches group names as returned by NSS. I.e. after the " +"possible space replacement, case changes, etc." +msgstr "" +"Una lista separada por comas de grupos, cuyos miembros tendrían habilitado " +"la grabación de sesión. Coincide con los nombres de grupo devueltos por NSS. " +"I.e. después de los posibles cambios de espacio, cambios de mayúsculas/" +"minúsculas, etc." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 +#: sssd-session-recording.5.xml:161 +msgid "" +"NOTE: using this option (having it set to anything) has a considerable " +"performance cost, because each uncached request for a user requires " +"retrieving and matching the groups the user is member of." +msgstr "" +"AVISO: el uso de esta opción (teniéndolo ajustado a cualquiera) tiene un " +"costo considerable de rendimiento, puesto que cada petición sin caché para " +"un usuario requiere a recuperación y el emparejado de los grupos a los que " +"pertenece el usuario." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 +msgid "Default: Empty. Matches no groups." +msgstr "Predeterminado: Vacío. No empareja grupos." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 +#, fuzzy +#| msgid "users (string)" +msgid "exclude_users (string)" +msgstr "users (cadena)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 +msgid "" +"A comma-separated list of users to be excluded from recording, only " +"applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 +#, fuzzy +#| msgid "Default: Empty. Matches no users." +msgid "Default: Empty. No users excluded." +msgstr "Predeterminado: Vacío. No hay usuarios coincidentes." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 +#, fuzzy +#| msgid "groups (string)" +msgid "exclude_groups (string)" +msgstr "groups (cadena)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 +msgid "" +"A comma-separated list of groups, members of which should be excluded from " +"recording. Only applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 +#, fuzzy +#| msgid "Default: Empty. Matches no groups." +msgid "Default: Empty. No groups excluded." +msgstr "Predeterminado: Vacío. No empareja grupos." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2568 +msgid "DOMAIN SECTIONS" +msgstr "SECCIONES DE DOMINIO" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2575 +msgid "enabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2578 +msgid "" +"Explicitly enable or disable the domain. If <quote>true</quote>, the domain " +"is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " +"always <quote>disabled</quote>. If this option is not set, the domain is " +"enabled only if it is listed in the domains option in the <quote>[sssd]</" +"quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2590 +msgid "domain_type (string)" +msgstr "domain_type (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2593 +msgid "" +"Specifies whether the domain is meant to be used by POSIX-aware clients such " +"as the Name Service Switch or by applications that do not need POSIX data to " +"be present or generated. Only objects from POSIX domains are available to " +"the operating system interfaces and utilities." +msgstr "" +"Especifica si el dominio está destinado a ser usado por clientes atentos a " +"POSIX como Name Service Switch o por aplicaciones que no necesitan datos " +"POSIX presentes o generados. Solo los objetos de dominios POSIX están " +"disponibles para las interfaces y utilidades de sistema operativo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2601 +msgid "" +"Allowed values for this option are <quote>posix</quote> and " +"<quote>application</quote>." +msgstr "" +"Los valores permitidos para esta opción son <quote>posix</quote> y " +"<quote>application</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2605 +msgid "" +"POSIX domains are reachable by all services. Application domains are only " +"reachable from the InfoPipe responder (see <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>) and the PAM responder." +msgstr "" +"Los dominios POSIX son alcanzables por todos los servicios. Los dominios " +"aplicación son solo alcanzables desde el contestador InfoPipe (vea " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>) y el contestador PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2613 +msgid "" +"NOTE: The application domains are currently well tested with " +"<quote>id_provider=ldap</quote> only." +msgstr "" +"AVISO: LOs dominios aplicación actualmente están bien probados solamente con " +"<quote>id_provider=ldap</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2617 +msgid "" +"For an easy way to configure a non-POSIX domains, please see the " +"<quote>Application domains</quote> section." +msgstr "" +"Para una manera fácil de configurar dominios no POSIX, vea la sección " +"<quote>Dominios aplicación</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2621 +msgid "Default: posix" +msgstr "Predeterminado: posix" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2627 +msgid "min_id,max_id (integer)" +msgstr "min_id, max_id (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2630 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" +"Límites de UID y GID para el dominio. Si un dominio contiene una entrada que " +"está fuera de estos límites, ésta es ignorada." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2635 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" +"Para usuarios, esto afecta al límite primario GID. El usuario no será " +"devuelto a NSS si bien la UID o el GID primario está fuera de rango. Para " +"los miembros de grupos no primarios, aquellos que estén en rango serán " +"reportados como en espera." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2642 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" +"Estos límites de ID afectan aunque se guarden entrada en la caché, no solo " +"devolviéndolas por nombre o ID." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2646 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "Predeterminado: 1 para min_id, 0 (sin límite) para max_id" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2652 +msgid "enumerate (bool)" +msgstr "enumerar (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2655 +msgid "" +"Determines if a domain can be enumerated, that is, whether the domain can " +"list all the users and group it contains. Note that it is not required to " +"enable enumeration in order for secondary groups to be displayed. This " +"parameter can have one of the following values:" +msgstr "" +"Determina si un dominio puede ser enumerado, esto es, si el dominio puede " +"listar tods los usuarios y grupos que contiene. Advierta que no requiere " +"habilitar la enumeración con el objetivo de visualizar grupos secundarios. " +"Este parámetros puede tener uno de los siguientes valores:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2663 +msgid "TRUE = Users and groups are enumerated" +msgstr "TRUE = Usuarios y grupos son enumerados" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2666 +msgid "FALSE = No enumerations for this domain" +msgstr "FALSE = Sin enumeraciones para este dominio" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 +msgid "Default: FALSE" +msgstr "Predeterminado: FALSE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2672 +msgid "" +"Enumerating a domain requires SSSD to download and store ALL user and group " +"entries from the remote server." +msgstr "" +"Enumerar un dominio requiere que SSSD descargue y almacene TODAS las " +"entradas de usuario y grupo del servidor remoto." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2677 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed. This can lead to the <quote>sssd_be</" +"quote> process becoming unresponsive or even restarted by the internal " +"watchdog." +msgstr "" +"Aviso: Habilitar la enumeración tiene un impacto moderado en el rendimiento " +"sobre SSSD mientras está corriendo la enumeración. Puede llevar varios " +"minutos después de que SSSD inicie una enumeración completa total. Durante " +"este tiempo, las peticiones individuales de información irán directamente a " +"LDAP, piense que puede ser lento, debido al pesado procesamiento de la " +"enumeración. El guardar gran número de entradas en la caché después de una " +"enumeración completa puede ser también intensiva para la CPU puesto que la " +"membresía debe ser vuelta a computar. Esto puede llevar a que el proceso " +"<quote>sssd_be</quote> no responda o que sea reiniciado por el perro " +"guardián interno." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2692 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" +"Mientras está corriendo la primera enumeración, peticiones para el usuario " +"completo o listas de grupo pueden no devolver resultados hasta que se " +"completen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2697 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" +"Adicionalmente, la habilitación de la enumeración puede incrementar el " +"tiempo necesario para detectar la desconexión de red, tanto como los tiempos " +"de espera necesarios para asegurar que las búsquedas de enumeración se han " +"completado. Para más información vea las páginas de manual para el " +"específico id_provider en uso." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2705 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" +"Por las razones citadas arriba, no se recomienda habilitar la enumeración, " +"especialmente en entornos grandes." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2713 +msgid "subdomain_enumerate (string)" +msgstr "subdomain_enumerate (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2720 +msgid "all" +msgstr "all" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2721 +msgid "All discovered trusted domains will be enumerated" +msgstr "Se enumerarán todos los dominios de confianza descubiertos" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2724 +msgid "none" +msgstr "none" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2725 +msgid "No discovered trusted domains will be enumerated" +msgstr "No serán enumerados dominios de confianza descubiertos" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2716 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" +"Si se debe enumerar alguno de los dominios de confianza autodetectados. Los " +"valores soportados son: <placeholder type=\"variablelist\" id=\"0\"/> " +"Opcionalmente, una lista de uno o más nombres de dominio puede habilitar la " +"enumeración solo para estos dominios de confianza." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2739 +msgid "entry_cache_timeout (integer)" +msgstr "entry_cache_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2742 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" +"Cuántos segundos debe considerar nss_sss como válidas las entradas antes de " +"volver a consultar al backend" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2746 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" +"Los sellos de tiempo de expiración de caché son almacenados somo atributos " +"de los objetos individuales en caché. Por lo tanto, el cambio del tiempo de " +"expiración de la caché solo tendrá efecto para las entradas más nuevas o " +"expiradas. Debería ejecutar la herramienta <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> con el objetivo de forzar el refresco de las entradas que ya " +"están en la caché." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2759 +msgid "Default: 5400" +msgstr "Predeterminado: 5400" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2765 +msgid "entry_cache_user_timeout (integer)" +msgstr "entry_cache_user_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2768 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" +"Cuantos segundos debería nss_sss considerar las entradas de usuario válidas " +"antes de preguntar al punto final otra vez." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 +msgid "Default: entry_cache_timeout" +msgstr "Por defecto: entry_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2778 +msgid "entry_cache_group_timeout (integer)" +msgstr "entry_cache_group_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2781 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" +"Cuantos segundos debería nss_sss considerar las entradas de grupo válidas " +"antes de preguntar al punto final otra vez." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2791 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "entry_cache_netgroup_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2794 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" +"Cuantos segundos debería nss_sss considerar las entradas de grupo de red " +"válidas antes de preguntar al punto final otra vez." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2804 +msgid "entry_cache_service_timeout (integer)" +msgstr "entry_cache_service_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2807 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" +"Cuantos segundos debería nss_sss considerar las entradas de servicio válidas " +"antes de preguntar al punto final otra vez." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2817 +msgid "entry_cache_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2820 +msgid "" +"How many seconds should nss_sss consider hosts and networks entries valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2831 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "entry_cache_sudo_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2834 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" +"Cuantos segundos debería considerar las regulas sudo válidas antes de " +"preguntar al backend otra vez." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2844 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "entry_cache_autofs_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2847 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" +"Cuantos segundos deberá considerar el servicio autofs los mapas de " +"automontaje válidos antes de preguntar al punto final otra vez." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2858 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "entry_cache_ssh_host_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2861 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" +"Cuantos segundos mantener una clave ssh de host después de refrescar. IE " +"cuanto guardar en caché la clave de host." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2872 +msgid "entry_cache_computer_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2875 +msgid "" +"How many seconds to keep the local computer entry before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2885 +msgid "refresh_expired_interval (integer)" +msgstr "refresh_expired_interval (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2888 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" +"Especifica cuantos segundos tiene que esperar SSSD antes de disparar una " +"tarea de refresco en segundo plano que refrescará todos los registros " +"expirados o a punto de hacerlo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2893 +msgid "" +"The background refresh will process users, groups and netgroups in the " +"cache. For users who have performed the initgroups (get group membership for " +"user, typically ran at login) operation in the past, both the user entry " +"and the group membership are updated." +msgstr "" +"El refresco en segundo plano procesará usuarios, grupos y netgroups en el " +"cache. Para usuarios que han llevado a cabo el anteriormente initgroups " +"(obtener la membresía de grupo para el usuario, normalmente ejecutando " +"login), tanto la entrada usuario y la membresia de grupo son actualizados." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2901 +msgid "This option is automatically inherited for all trusted domains." +msgstr "" +"Esta opción se hereda automáticamente para todos los dominios de confianza." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2905 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "Usted puede considerar ajustar este valor a 3/4 * entry_cache_timeout." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2909 +msgid "" +"Cache entry will be refreshed by background task when 2/3 of cache timeout " +"has already passed. If there are existing cached entries, the background " +"task will refer to their original cache timeout values instead of current " +"configuration value. This may lead to a situation in which background " +"refresh task appears to not be working. This is done by design to improve " +"offline mode operation and reuse of existing valid cache entries. To make " +"this change instant the user may want to manually invalidate existing cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 +#: sssd-ipa.5.xml:270 +msgid "Default: 0 (disabled)" +msgstr "Predeterminado: 0 (deshabilitado)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2928 +msgid "cache_credentials (bool)" +msgstr "cache_credentials (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2942 +msgid "" +"Take a note that while credentials are stored as a salted SHA512 hash, this " +"still potentially poses some security risk in case an attacker manages to " +"get access to a cache file (normally requires privileged access) and to " +"break a password using brute force attack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2956 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "cache_credentials_minimal_first_factor_length (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2959 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" +"Si se usa 2-Factor-Authentication (2FA) y las credenciales deberían ser " +"guardadas este valor determina la longitud mínima del primer factor de " +"autenticación (contraseña de largo plazo) que debe ser guardado como hash " +"SHA512 en el caché." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2966 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" +"Esto evitaría que los PINs cortos de un esquema de PIN basado en 2FA se " +"guarden en caché lo que les haría objetivos fáciles de ataques de fuerza " +"bruta." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2977 +msgid "account_cache_expiration (integer)" +msgstr "account_cache_expiration (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2980 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" +"Entradas de números de días que son dejadas en el cache después del último " +"login con éxito antes de ser borrado durante la limpieza de la cache. 0 " +"significa mantener para siempre. El valor de este parámetro debe ser más " +"grande o igual que offline_credentials_expiration." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2987 +msgid "Default: 0 (unlimited)" +msgstr "Predeterminado: 0 (ilimitado)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2992 +msgid "pwd_expiration_warning (integer)" +msgstr "pwd_expiration_warning (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3003 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" +"Por favor advierta que el servidor de backend tiene que suministrar " +"información sobre la hora expiración de la contraseña. Si esta información " +"está desaparecida, sssd no puede mostrar un aviso. También se tiene que " +"configurar un proveedor de autorización para el backend." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3010 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "Por defecto: 7 (Kerberos), 0 (LDAP)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3016 +msgid "id_provider (string)" +msgstr "id_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3019 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" +"El proveedor de identificación usado por el dominio. Los proveedores de ID " +"soportados son:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3023 +msgid "<quote>proxy</quote>: Support a legacy NSS provider." +msgstr "<quote>proxy</quote>: Soporta un proveedor NSS heredado." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3026 +msgid "" +"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" +"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on how to mirror local users and groups into SSSD." +msgstr "" +"<quote>files</quote>: Proveedor de FICHEROS. Vea <citerefentry> " +"<refentrytitle>sssd-files</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> para más información sobre como hacer espejo de usuarios y " +"grupos locales en SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3034 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" +"<quote>ldap</quote>: Proveedor LDAP. Vea <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para más " +"información sobre la configuración de LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +#| "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> for more information on " +#| "configuring FreeIPA." +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." +msgstr "" +"<quote>ipa</quote>: Proveedor FreeIPA y Red Hat Enterprise Identity " +"Management. Vea <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> para más información sobre la " +"configuración de FreeIPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" +"<quote>ad</quote>: Proveedor Active Directory. Vea <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> para más información sobre la configuración de Active " +"Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3062 +msgid "use_fully_qualified_names (bool)" +msgstr "use_fully_qualified_names (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3065 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" +"Utiliza el nombre completo y el dominio (formateado en el formato " +"nombre_completo de dominio) como el nombre de acceso del usuario reportado a " +"NSS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3070 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" +"Si es TRUE, todas las peticiones a este dominio deben usar nombres " +"totalmente cualificados. Por ejemplo, si se usa en el dominio LOCAL que " +"contiene un usuario “test”, <command>getent passwd test</command> no " +"encontraría al usuario mientras que <command>getent passwd test@LOCAL</" +"command> lo haría." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3078 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" +"AVISO: Esta opción no tiene efecto sobre búsquedas de grupo de red debido a " +"su tendencia a incluir grupos de red anidados sin nombres cualificados. Para " +"grupos de red, se buscará en todos los dominios cuando se pida un no no " +"cualificado." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3085 +msgid "" +"Default: FALSE (TRUE for trusted domain/sub-domains or if " +"default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3092 +msgid "ignore_group_members (bool)" +msgstr "ignore_group_members (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3095 +msgid "Do not return group members for group lookups." +msgstr "No devuelve miembros de grupo para búsquedas de grupo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3098 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" +"Si se fija a TRUE, no se pide el atributo de membresía de grupo al servidor " +"ldap y los miembros no son devueltos cuando se procesan llamadas de " +"búsqueda, como <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> o <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. Como efecto, <quote>getent group $groupname</quote> debería " +"devolver el grupo pedido como si estuviera vacío." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3116 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" +"Habilitar esta opción puede también hacer acceso a las comprobaciones de " +"proveedor ara membresía de grupo significativamente más rápidas, " +"especialmente para grupos que contienen muchos miembros." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 +msgid "" +"This option can be also set per subdomain or inherited via " +"<emphasis>subdomain_inherit</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3132 +msgid "auth_provider (string)" +msgstr "auth_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3135 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" +"El proveedor de autenticación usado por el dominio. Los proveedores de " +"autenticación soportados son:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> para autenticación nativa LDAP. Vea <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> para más información sobre la configuración LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3146 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> para autenticación Kerberos. Vea <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> para más información sobre la configuración de Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3170 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" +"<quote>proxy</quote> para la reinstalación de la autenticación a algún otro " +"objetivo PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3173 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "<quote>none</quote> deshabilita la autenticación explícitamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3176 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" +"Por defecto: <quote>id_provider</quote> se usa si se ha fijado y puede " +"manejar las peticiones de autenticación." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3182 +msgid "access_provider (string)" +msgstr "access_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3185 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" +"El proveedor de control de acceso usado por el dominio. Hay dos provedores " +"de acceso integrados (además de cualquiera instalado en los finales). Los " +"proveedores especiales internos son:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3191 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" +"<quote>permit</quote> siempre permite el acceso. Es el proveedor de acceso " +"sólo permitido para un dominio local." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3194 +msgid "<quote>deny</quote> always deny access." +msgstr "<quote>deny</quote> siempre niega el acceso." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3221 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" +"<quote>simple</quote> control de acceso basado en listas de acceso o " +"denegación. Vea <citerefentry> <refentrytitle>sssd-simple</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> para más información sobre la " +"configuración del módulo de acceso sencillo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3228 +msgid "" +"<quote>krb5</quote>: .k5login based access control. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote>: .k5login basado en control de acceso. Vea " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> para más información sobre la configuración de " +"Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3235 +msgid "<quote>proxy</quote> for relaying access control to another PAM module." +msgstr "" +"<quote>proxy</quote> para transmitir control de acceso a otro módulo PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3238 +msgid "Default: <quote>permit</quote>" +msgstr "Predeterminado: <quote>permit</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3243 +msgid "chpass_provider (string)" +msgstr "chpass_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3246 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" +"El proveedor que debería manejar las operaciones de cambio de password para " +"el dominio. Los proveedores de cambio de passweord soportados son:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3251 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> para cambiar una contraseña almacenada en un servidor " +"LDAP. Vea <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> para más información sobre la " +"configuración de LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3259 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> para cambiar una contraseña Kerberos. Vea <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> para más información sobre configurar Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3284 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" +"<quote>proxy</quote> para la reinstalación de cambios de password en algunos " +"otros objetivos PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3288 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" +"<quote>none</quote> deniega explícitamente los cambios en la contraseña." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3291 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" +"Por defecto: <quote>auth_provider</quote> se utiliza si se ha fijado y se " +"puede manejar las peticiones de cambio de password." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3298 +msgid "sudo_provider (string)" +msgstr "sudo_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3301 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" +"El proveedor SUDO usado por el dominio. Los proveedores SUDO soportados son:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3305 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> para reglas almacenadas en LDAP. Vea <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> para más información sobre la configuración LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3313 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" +"<quote>ipa</quote> lo mismo que <quote>ldap</quote> pero con ajustes " +"predeterminados IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3317 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" +"<quote>ad</quote> lo mismo que <quote>ldap</quote> pero con ajustes " +"predeterminados AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3321 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "<quote>none</quote>deshabilita SUDO explícitamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" +"Por defecto: el valor de <quote>id_provider</quote> se usa si está fijado." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3328 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Las instrucciones detalladas para la configuración de sudo_provider están el " +"la página de manual <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. Hay muchas opciones de " +"configuración que se puden usar para ajustar el comportamiento. Vea por " +"favor \"ldap_sudo_*\" en <citerefentry> <refentrytitle>sssd-ldap</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3343 +msgid "" +"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " +"background unless the sudo provider is explicitly disabled. Set " +"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related " +"activity in SSSD if you do not want to use sudo with SSSD at all." +msgstr "" +"<emphasis>AVISO:</emphasis> Las reglas sudo son periódicamente descargadas " +"en segundo plano a no ser que proveedor sudo esté explícitamente " +"deshabilitado. Ajuste <emphasis>sudo_provider = None</emphasis> para " +"deshabilitatr toda la actividad relacionada con sudo en SSSD si usted no " +"desea usar sudo cn SSSD mas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3353 +msgid "selinux_provider (string)" +msgstr "selinux_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3356 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" +"El proveedor que manejaría la carga de los ajustes selinux. Advierta que " +"este proveedor será llamado justo después de que el proveedor de acceso " +"finalice. Los proveedores selinux soportados son:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3362 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> para cargar ajustes selinux desde un servidor IPA. Vea " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> para más información sobre la configuración de " +"IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3370 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" +"<quote>none</quote> deshabilita ir a buscar los ajustes selinux " +"explícitamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3373 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" +"Por defecto: <quote>id_provider</quote> se usa si está fijado y puede " +"manejar las peticiones de carga selinux." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3379 +msgid "subdomains_provider (string)" +msgstr "subdomains_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3382 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" +"El proveedor que debería manejar el atractivo de subdominios. Este valor " +"debería ser siempre el mismo que id_provider. Los proveedores de subdominio " +"soportados son:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3388 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> para cargar una lista de subdominios desde un servidor " +"IPA. Vea <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> para más información sobre la " +"configuración de IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3397 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" +"<quote>ad</quote> para descargar una lista de subdominios desde un servidor " +"Active Directory. Vea <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> para más información sobre la " +"configuración del proveedor AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3406 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" +"<quote>none</quote> deshabilita el buscador de subdominios explícitamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3416 +msgid "session_provider (string)" +msgstr "session_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3419 +msgid "" +"The provider which configures and manages user session related tasks. The " +"only user session task currently provided is the integration with Fleet " +"Commander, which works only with IPA. Supported session providers are:" +msgstr "" +"El proveedor que configura y gestiona las tareas relacionadas con la sesión " +"de usuario. La única tarea de usuario que actualmente se provee es la " +"integración con Fleet Commander, que trabaja solo con IPA. Los proveedores " +"de sesiones soportados son:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3426 +msgid "<quote>ipa</quote> to allow performing user session related tasks." +msgstr "" +"<quote>ipa</quote> para permitir llevar a cabo tareas relacionadas con la " +"sesión de usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3430 +msgid "" +"<quote>none</quote> does not perform any kind of user session related tasks." +msgstr "" +"<quote>none</quote> no lleva a cabo ninguna tarea relacionada con la sesión " +"de usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3434 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can perform " +"session related tasks." +msgstr "" +"Predeterminado: <quote>id_provider</quote> se usa si está ajustado y puede " +"llevar a cabo tareas relacionadas con la sesión de usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3438 +msgid "" +"<emphasis>NOTE:</emphasis> In order to have this feature working as expected " +"SSSD must be running as \"root\" and not as the unprivileged user." +msgstr "" +"<emphasis>AVISO:</emphasis> Con el objetivo de tener esta característica " +"trabajando como se espera SSSD se debe correr como \"root\" y o como usuario " +"sin privilegios." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3446 +msgid "autofs_provider (string)" +msgstr "autofs_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3449 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" +"El proveedor autofs usado por el dominio. Los proveedores autofs soportados " +"son:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3453 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> para cargar mapas almacenados en LDAP. Vea " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> para más información sobre la configuración de " +"LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3460 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> para cargar mapas almacenados en un servidor IPA. Vea " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> para más información sobre la configuración de " +"IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3468 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" +"<quote>ad</quote> para cargar mapas almacenados en un servidor AD. Vea " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> para más información sobre como configurar un " +"proveedor AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3477 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "<quote>none</quote> deshabilita autofs explícitamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3487 +msgid "hostid_provider (string)" +msgstr "hostid_provider (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3490 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" +"El proveedor usado para recuperar información de identidad de host. Los " +"proveedores de hostid soportados son:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3494 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> para cargar la identidad del equipo almacenada en un " +"servidor IPA. Vea <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> para más información sobre la " +"configuración de IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3502 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "<quote>none</quote> deshabilita hostid explícitamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3512 +msgid "resolver_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3515 +msgid "" +"The provider which should handle hosts and networks lookups. Supported " +"resolver providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3519 +msgid "" +"<quote>proxy</quote> to forward lookups to another NSS library. See " +"<quote>proxy_resolver_lib_name</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3523 +msgid "" +"<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3530 +msgid "" +"<quote>ad</quote> to fetch hosts and networks stored in AD. See " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring the AD " +"provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3538 +msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3551 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" +"Expresión regular para este dominio que describe como analizar " +"gramaticalmente la cadena que contiene el nombre de usuario y el dominio en " +"estos componentes. El \"dominio\" puede coincidir bien con el nombre de " +"dominio de configuración SSSD o en el caso de subdominios de confianza IPA y " +"dominios Active Directory, el nombre plano (NetBIOS) del dominio." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3560 +#, fuzzy +#| msgid "" +#| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +#| "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +#| "P<name>[^@\\\\]+)$))</quote> which allows three different styles " +#| "for user names:" +msgid "" +"Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" +"[^@]+))$</quote> which allows two different styles for user names:" +msgstr "" +"Por defecto para el proveedor AD e IPA: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> que permite tres estilos diferentes de " +"nombres de usuario:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 +msgid "username" +msgstr "nombre de usuario" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 +msgid "username@domain.name" +msgstr "username@domain.name" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3573 +#, fuzzy +#| msgid "" +#| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +#| "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +#| "P<name>[^@\\\\]+)$))</quote> which allows three different styles " +#| "for user names:" +msgid "" +"Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" +"name>[^@\\\\]+)))$</quote> which allows three different styles for user " +"names:" +msgstr "" +"Por defecto para el proveedor AD e IPA: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> que permite tres estilos diferentes de " +"nombres de usuario:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3585 +msgid "domain\\username" +msgstr "dominio/nombre_de_usuario" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3588 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" +"Mientras los primeros dos corresponden al valor por defecto general el " +"tercero se introduce para permitir una fácil integración de usuarios desde " +"dominios Windows." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3593 +msgid "" +"The default re_expression uses the <quote>@</quote> character as a separator " +"between the name and the domain. As a result of this setting the default " +"does not accept the <quote>@</quote> character in short names (as it is " +"allowed in Windows group names). If a user wishes to use short names with " +"<quote>@</quote> they must create their own re_expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3645 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "Predeterminado: <quote>%1$s@%2$s</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3651 +msgid "lookup_family_order (string)" +msgstr "lookup_family_order (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3654 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" +"Suministra la capacidad para seleccionar la familia de dirección preferente " +"a usar cuando se lleven a cabo búsquedas DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3658 +msgid "Supported values:" +msgstr "Valores soportados:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3661 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "ipv4_first: Intenta buscar dirección IPv4, si falla, intenta IPv6" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3664 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "ipv4_only: Sólo intenta resolver nombres de host a direccones IPv4." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3667 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "ipv6_first: Intenta buscar dirección IPv6, si falla, intenta IPv4" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3670 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "ipv6_only: Sólo intenta resolver nombres de host a direccones IPv6." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3673 +msgid "Default: ipv4_first" +msgstr "Predeterminado: ipv4_first" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3679 +#, fuzzy +#| msgid "dns_resolver_timeout (integer)" +msgid "dns_resolver_server_timeout (integer)" +msgstr "dns_resolver_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3682 +msgid "" +"Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " +"server before trying next DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3687 +msgid "" +"The AD provider will use this option for the CLDAP ping timeouts as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 +msgid "" +"Please see the section <quote>FAILOVER</quote> for more information about " +"the service resolution." +msgstr "" +"Por favor vea la sección <quote>RECUPERACIÓN DE FALLOS</quote> para más " +"información sobre la resolución del servicio." + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 +msgid "Default: 1000" +msgstr "Predeterminado: 1000" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3702 +#, fuzzy +#| msgid "dns_resolver_timeout (integer)" +msgid "dns_resolver_op_timeout (integer)" +msgstr "dns_resolver_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3705 +msgid "" +"Defines the amount of time (in seconds) to wait to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or DNS discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3722 +msgid "dns_resolver_timeout (integer)" +msgstr "dns_resolver_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3725 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the " +"internal fail over service before assuming that the service is unreachable. " +"If this timeout is reached, the domain will continue to operate in offline " +"mode." +msgstr "" +"Define la cantidad de tiempo (en segundos) a esperar una respuesta de un " +"fallo interno sobre un servicio ntes de asumir que ese servicio es " +"inalcanzable. ISi se alcanza este tiempo de salida, el dominio continuará " +"trabajando en modo offline." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3743 +#, fuzzy +#| msgid "dns_resolver_timeout (integer)" +msgid "dns_resolver_use_search_list (bool)" +msgstr "dns_resolver_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3746 +msgid "" +"Normally, the DNS resolver searches the domain list defined in the " +"\"search\" directive from the resolv.conf file. This can lead to delays in " +"environments with improperly configured DNS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3752 +msgid "" +"If fully qualified domain names (or _srv_) are used in the SSSD " +"configuration, setting this option to FALSE can prevent unnecessary DNS " +"lookups in such environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3758 +msgid "Default: TRUE" +msgstr "Predeterminado: TRUE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3764 +msgid "dns_discovery_domain (string)" +msgstr "dns_discovery_domain (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3767 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" +"Si el descubridor de servicio se usa en el punto final, especifica la parte " +"de dominio de la pregunta al descubridor de servicio DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3771 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" +"Predeterminado: Utilizar la parte del dominio del nombre de host del equipo" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3777 +msgid "override_gid (integer)" +msgstr "override_gid (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3780 +msgid "Override the primary GID value with the one specified." +msgstr "Anula el valor primario GID con el especificado." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3786 +msgid "case_sensitive (string)" +msgstr "case_sensitive (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3793 +msgid "True" +msgstr "True" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3796 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" +"Distingue mayúsculas y minúsculas. Este valor es invalido para el proveedor " +"AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3802 +msgid "False" +msgstr "False" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3804 +msgid "Case insensitive." +msgstr "No sensible a mayúsculas minúsculas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3808 +msgid "Preserving" +msgstr "Preserving" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3811 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" +"Igual que False (no sensible a mayúsculas minúsculas.), pero sin minúsculas " +"en los nombres en el resultado de las operaciones NSS. Advierta que los " +"nombres de alias (y en el caso de servicios también los nombres de " +"protocolo) están en minúsculas en la salida." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3819 +msgid "" +"If you want to set this value for trusted domain with IPA provider, you need " +"to set it on both the client and SSSD on the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3789 +#, fuzzy +#| msgid "" +#| "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" +msgid "" +"Treat user and group names as case sensitive. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Las opciones disponibles son: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3834 +msgid "Default: True (False for AD provider)" +msgstr "Predeterminado: True (False para proveedor AD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3840 +msgid "subdomain_inherit (string)" +msgstr "subdomain_inherit (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3843 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" +"Especifica una lista de parámetros de configuración que deberían ser " +"heredados por un subdominio. Por favor advierta que solo pueden ser " +"heredados parámetros seleccionados. Actualmente se pueden heredar las " +"siguientes opciones:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3849 +#, fuzzy +#| msgid "ldap_search_timeout (integer)" +msgid "ldap_search_timeout" +msgstr "ldap_search_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3852 +#, fuzzy +#| msgid "ldap_network_timeout (integer)" +msgid "ldap_network_timeout" +msgstr "ldap_network_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3855 +#, fuzzy +#| msgid "ldap_opt_timeout (integer)" +msgid "ldap_opt_timeout" +msgstr "ldap_opt_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3858 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_offline_timeout" +msgstr "ldap_connection_expire_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3861 +#, fuzzy +#| msgid "ldap_enumeration_refresh_timeout (integer)" +msgid "ldap_enumeration_refresh_timeout" +msgstr "ldap_enumeration_refresh_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3864 +#, fuzzy +#| msgid "ldap_enumeration_refresh_timeout (integer)" +msgid "ldap_enumeration_refresh_offset" +msgstr "ldap_enumeration_refresh_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3867 +msgid "ldap_purge_cache_timeout" +msgstr "ldap_purge_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3870 +#, fuzzy +#| msgid "ldap_purge_cache_timeout" +msgid "ldap_purge_cache_offset" +msgstr "ldap_purge_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3873 +msgid "" +"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " +"is not set explicitly)" +msgstr "" +"ldap_krb5_keytab (se deberá usar el valor de krb5_keytab si no se ha fijado " +"explícitamente ldap_krb5_keytab)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3877 +#, fuzzy +#| msgid "ldap_krb5_ticket_lifetime (integer)" +msgid "ldap_krb5_ticket_lifetime" +msgstr "ldap_krb5_ticket_lifetime (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3880 +#, fuzzy +#| msgid "ldap_enumeration_search_timeout (integer)" +msgid "ldap_enumeration_search_timeout" +msgstr "ldap_enumeration_search_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3883 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_connection_expire_timeout" +msgstr "ldap_connection_expire_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3886 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_connection_expire_offset" +msgstr "ldap_connection_expire_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3889 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_connection_idle_timeout" +msgstr "ldap_connection_expire_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 +msgid "ldap_use_tokengroups" +msgstr "ldap_use_tokengroups" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3895 +msgid "ldap_user_principal" +msgstr "ldap_user_principal" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3898 +msgid "ignore_group_members" +msgstr "ignore_group_members" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3901 +#, fuzzy +#| msgid "auto_private_groups (string)" +msgid "auto_private_groups" +msgstr "auto_private_groups (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3904 +#, fuzzy +#| msgid "Case insensitive." +msgid "case_sensitive" +msgstr "No sensible a mayúsculas minúsculas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:3909 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3916 +msgid "Note: This option only works with the IPA and AD provider." +msgstr "Aviso: Esta opción solo trabaja con el proveedor IPA y AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3923 +msgid "subdomain_homedir (string)" +msgstr "subdomain_homedir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3934 +msgid "%F" +msgstr "%F" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3935 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "flat (NetBIOS) nombre de un subdominio." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3926 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Use este directorio home como valor predeterminado para todos los " +"subdominios dentro de este dominio en IPA AD de confianza. Vea " +"<emphasis>override_homedir</emphasis> para información sobre los posibles " +"valores. Además de esto, la expansión de abajo sólo puede ser usada con " +"<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3940 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" +"Este valor puede ser anulado por la opción <emphasis>override_homedir</" +"emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3944 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "Por defecto: <filename>/home/%d/%u</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3949 +msgid "realmd_tags (string)" +msgstr "realmd_tags (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3952 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" +"Diversas banderas almacenadas por el servicio de configuración realmd para " +"este dominio." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3958 +msgid "cached_auth_timeout (int)" +msgstr "cached_auth_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3961 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode. If the credentials are incorrect, SSSD falls back to online " +"authentication." +msgstr "" +"Especifica el tiempo en segundos desde la última autenticación en línea con " +"éxito por las cuales el usuario serán autenticado usando las credenciales en " +"cache mientras SSSD está en modo en línea. Si las credenciales son " +"incorrectas, SSSD cae de nuevo a la autenticación en linea." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3969 +msgid "" +"This option's value is inherited by all trusted domains. At the moment it is " +"not possible to set a different value per trusted domain." +msgstr "" +"Este valor de opción es heredado por todos los dominios de confianza. En " +"este momento no es posible establecer un valor diferente por dominio de " +"confianza." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3974 +msgid "Special value 0 implies that this feature is disabled." +msgstr "El valor especial 0 implica que esta función está deshabilitada." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3978 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" +"Por favor advierta que si <quote>cached_auth_timeout</quote> es mayor que " +"<quote>pam_id_timeout</quote> el otro extremo podría ser llamado para " +"gestionar <quote>initgroups.</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: mail" +msgid "Default: match" +msgstr "Predeterminado: mail" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 +msgid "auto_private_groups (string)" +msgstr "auto_private_groups (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4050 +msgid "true" +msgstr "true" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4053 +msgid "" +"Create user's private group unconditionally from user's UID number. The GID " +"number is ignored in this case." +msgstr "" +"crear el grupo privado de usuario incondicionalmente desde el número UID del " +"usuario. El número GID se ignora en este caso." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4057 +msgid "" +"NOTE: Because the GID number and the user private group are inferred from " +"the UID number, it is not supported to have multiple entries with the same " +"UID or GID number with this option. In other words, enabling this option " +"enforces uniqueness across the ID space." +msgstr "" +"AVISO: Puesto que el número GID y el grupo privado de usuario se infieren de " +"número UID, no está soportado tener múltiples entrada con los mismos UID o " +"GID con esta opción. En otras palabras, habilitando esta opción se fuerza la " +"unicidad den el espacio de ID." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4066 +msgid "false" +msgstr "false" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4069 +msgid "" +"Always use the user's primary GID number. The GID number must refer to a " +"group object in the LDAP database." +msgstr "" +"Use siempre el número GID primario del usuario. El número GID debe referirse " +"a un objeto grupo en las base de datos LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4075 +msgid "hybrid" +msgstr "hybrid" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4078 +msgid "" +"A primary group is autogenerated for user entries whose UID and GID numbers " +"have the same value and at the same time the GID number does not correspond " +"to a real group object in LDAP. If the values are the same, but the primary " +"GID in the user entry is also used by a group object, the primary GID of the " +"user resolves to that group object." +msgstr "" +"Se autogenera un grupo primario para las entradas de usuario cuyos números " +"UID y GID tienen el mismo valor y al mismo tiempo el número GID no " +"corresponde un objeto grupo real en LDAP. Si los valores son los mismos " +"pero el GID primario en la entrada de usuario es también usado por un objeto " +"grupo, el GID primario del usuario se resuelve al de ese objeto grupo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4091 +msgid "" +"If the UID and GID of a user are different, then the GID must correspond to " +"a group entry, otherwise the GID is simply not resolvable." +msgstr "" +"Si el UID y el GID de un usuario son diferentes, el GID debe corresponder a " +"una entrada de grupo, de otro modo el GID simplemente no se puede resolver." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4098 +msgid "" +"This feature is useful for environments that wish to stop maintaining a " +"separate group objects for the user private groups, but also wish to retain " +"the existing user private groups." +msgstr "" +"Esta característica es útil para entornos que desean parar manteniendo un " +"grupo separado de objetos grupos para el usuario de grupos privados, pero " +"también desea retener los grupos privados existentes del usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4047 +msgid "" +"This option takes any of three available values: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Esta opción toma cualquiera de los tres valores disponibles: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4110 +msgid "" +"For subdomains, the default value is False for subdomains that use assigned " +"POSIX IDs and True for subdomains that use automatic ID-mapping." +msgstr "" +"Para subdominios el valor por defecto es False par subdominios que usan " +"POSIX IDs asignados y True para subdominios que usan mapeo de ID automático." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4118 +#, no-wrap +msgid "" +"[domain/forest.domain/sub.domain]\n" +"auto_private_groups = false\n" +msgstr "" +"[domain/forest.domain/sub.domain]\n" +"auto_private_groups = false\n" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4124 +#, no-wrap +msgid "" +"[domain/forest.domain]\n" +"subdomain_inherit = auto_private_groups\n" +"auto_private_groups = false\n" +msgstr "" +"[domain/forest.domain]\n" +"subdomain_inherit = auto_private_groups\n" +"auto_private_groups = false\n" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4115 +msgid "" +"The value of auto_private_groups can either be set per subdomains in a " +"subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " +"globally for all subdomains in the main domain section using the " +"subdomain_inherit option: <placeholder type=\"programlisting\" id=\"1\"/>" +msgstr "" +"El valor de auto_private_groups puede bien ser establecido por subdominios " +"en una subsección, por ejemplo: <placeholder type=\"programlisting\" " +"id=\"0\"/> o globalmente para todos los subdominios en la sección principal " +"dominio usando la opción subdomain_inherit: <placeholder " +"type=\"programlisting\" id=\"1\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2570 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Estas opciones de configuración pueden estar presentes en la sección " +"configuración de dominio, esto es, en una sección llamada <quote>[domain/" +"<replaceable>NAME</replaceable>]</quote> <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4139 +msgid "proxy_pam_target (string)" +msgstr "proxy_pam_target (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4142 +msgid "The proxy target PAM proxies to." +msgstr "El proxy de destino PAM próximo a." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4145 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." +msgstr "" +"Por defecto: no se fija por defecto, usted tiene que coger una configuración " +"pam existente o crear una nueva y añadir el nombre de servicio aquí." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4155 +msgid "proxy_lib_name (string)" +msgstr "proxy_lib_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4158 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" +"El nombre de la librería NSS para usar en los dominios proxy. Las funciones " +"NSS buscadas dentro de la librería están el formato de " +"_nss_$(libName)_$(function), por ejemplo _nss_files_getpwent." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4168 +msgid "proxy_resolver_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4171 +msgid "" +"The name of the NSS library to use for hosts and networks lookups in proxy " +"domains. The NSS functions searched for in the library are in the form of " +"_nss_$(libName)_$(function), for example _nss_dns_gethostbyname2_r." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4182 +msgid "proxy_fast_alias (boolean)" +msgstr "proxy_fast_alias (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4185 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" +"Cuando un usuario o grupo es buscado por nombre en el proveedor proxy, una " +"segunda búsqueda por ID es llevada a cabo para “estandarizar” el nombre en " +"el caso de que el nombre pedido fuera un alias. Fijando esta opción a true " +"se causaría que SSSD lleve a cabo una búsqueda de ID desde el escondrijo por " +"razones de rendimiento." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4199 +msgid "proxy_max_children (integer)" +msgstr "proxy_max_children (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4202 +msgid "" +"This option specifies the number of pre-forked proxy children. It is useful " +"for high-load SSSD environments where sssd may run out of available child " +"slots, which would cause some issues due to the requests being queued." +msgstr "" +"Esta opción especifica el número de hijos proxy pre-bifurcados. Es útil para " +"entornor SSSD de alta carga donde sssd puede quedarse sin espacios para " +"hijos disponibles, lo que podría causar errores debido a las peticiones que " +"son encoladas." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4135 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"Opciones válidas para dominios proxy. <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:4218 +msgid "Application domains" +msgstr "Dominios de aplicaciones" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4220 +msgid "" +"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " +"applications as a gateway to an LDAP directory where users and groups are " +"stored. However, contrary to the traditional SSSD deployment where all users " +"and groups either have POSIX attributes or those attributes can be inferred " +"from the Windows SIDs, in many cases the users and groups in the application " +"support scenario have no POSIX attributes. Instead of setting a " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the " +"administrator can set up an <quote>[application/<replaceable>NAME</" +"replaceable>]</quote> section that internally represents a domain with type " +"<quote>application</quote> optionally inherits settings from a tradition " +"SSSD domain." +msgstr "" +"SSSD, con su interfaz D-Bus (see <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) es atractivo para " +"las aplicaciones como puerta de entrada a un directorio LDAP donde se " +"almacenan usuarios y grupos. Sin embargo, de modo distinto al tradicional " +"despliegue SSSD donde todos los usuarios y grupos bien tienen atributos " +"POSIX o esos atributos se pueden inferir desde los Windows SIDs, en muchos " +"casos los usuarios y grupos en el escenario de soporte de la aplicación no " +"tienen atributos POSIX. En lugar de establecer una sección <quote>[domain/" +"<replaceable>NAME</replaceable>]</quote>, el administrador puede configurar " +"una sección <quote>[application/<replaceable>NAME</replaceable>]</quote> que " +"internamente represente un dominio con un tipo <quote>application</quote> " +"que opcionalmente herede ajustes de un dominio SSSD tradicional." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4240 +msgid "" +"Please note that the application domain must still be explicitly enabled in " +"the <quote>domains</quote> parameter so that the lookup order between the " +"application domain and its POSIX sibling domain is set correctly." +msgstr "" +"Por favor advierta que el dominio de aplicación debe aún ser habilitado " +"explícitamente en el parámetros <quote>domains</quote> de modo que la orden " +"de búsqueda entre el dominio de aplicación y su dominio POSIX hermano está " +"establecido correctamente." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:4246 +msgid "Application domain parameters" +msgstr "Parámetros de dominio de aplicación" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4248 +msgid "inherit_from (string)" +msgstr "inherit_from (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4251 +msgid "" +"The SSSD POSIX-type domain the application domain inherits all settings " +"from. The application domain can moreover add its own settings to the " +"application settings that augment or override the <quote>sibling</quote> " +"domain settings." +msgstr "" +"En el dominio tipo SSSD POSIX el dominio de aplicación hereda todos los " +"ajustes. El dominio de aplicación puede además añadir sus propios ajustes a " +"los ajustes de aplicación que aumentan o anulan los ajustes del dominio " +"<quote>hermano</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4265 +msgid "" +"The following example illustrates the use of an application domain. In this " +"setup, the POSIX domain is connected to an LDAP server and is used by the OS " +"through the NSS responder. In addition, the application domain also requests " +"the telephoneNumber attribute, stores it as the phone attribute in the cache " +"and makes the phone attribute reachable through the D-Bus interface." +msgstr "" +"El siguiente ejemplo ilustra el uso de un dominio de aplicación. En este " +"ajuste, el dominio POSIX está conectado a un servidor LDAP y se usa por el " +"SO a través de un contestador NSS. Además, el dominio de aplicación también " +"pide el atributo telephoneNumber, lo almacena como el atributo phone en la " +"cache y hace al atributo phone alcanzable a través del interfaz D-Bus." + +#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> +#: sssd.conf.5.xml:4273 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = appdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +phone\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/appdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = phone:telephoneNumber\n" +msgstr "" +"[sssd]\n" +"domains = appdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +phone\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/appdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = phone:telephoneNumber\n" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4293 +msgid "TRUSTED DOMAIN SECTION" +msgstr "SECCIÓN DE DOMINIO DE CONFIANZA" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4295 +msgid "" +"Some options used in the domain section can also be used in the trusted " +"domain section, that is, in a section called <quote>[domain/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</" +"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base " +"domain. Please refer to examples below for explanation. Currently supported " +"options in the trusted domain section are:" +msgstr "" +"Algunas opciones usadas en la sección dominio puede ser usadas también en la " +"sección dominio de confianza, esto es, en una sección llamada<quote>[domain/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</" +"replaceable>]</quote>. Donde DOMAIN_NAME es el dominio base real. Por favor " +"vea los ejemplos de abajo para una explicación. Actualmente las opciones " +"soportadas en la sección de dominio de confianza son:" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4302 +msgid "ldap_search_base," +msgstr "ldap_search_base," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4303 +msgid "ldap_user_search_base," +msgstr "ldap_user_search_base," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4304 +msgid "ldap_group_search_base," +msgstr "ldap_group_search_base," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4305 +msgid "ldap_netgroup_search_base," +msgstr "ldap_netgroup_search_base," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4306 +msgid "ldap_service_search_base," +msgstr "ldap_service_search_base," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4307 +msgid "ldap_sasl_mech," +msgstr "ldap_sasl_mech," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4308 +msgid "ad_server," +msgstr "ad_server," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4309 +msgid "ad_backup_server," +msgstr "ad_backup_server," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4310 +msgid "ad_site," +msgstr "ad_site," + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 +msgid "use_fully_qualified_names" +msgstr "use_fully_qualified_names" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4315 +msgid "" +"For more details about these options see their individual description in the " +"manual page." +msgstr "" +"Para más detalles sobre estas opciones vea su descripción individual en la " +"página de manual." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4321 +msgid "CERTIFICATE MAPPING SECTION" +msgstr "SECCIÓN DE MAPEO DEL CERTIFICADO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4323 +msgid "" +"To allow authentication with Smartcards and certificates SSSD must be able " +"to map certificates to users. This can be done by adding the full " +"certificate to the LDAP object of the user or to a local override. While " +"using the full certificate is required to use the Smartcard authentication " +"feature of SSH (see <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> for details) it " +"might be cumbersome or not even possible to do this for the general case " +"where local services use PAM for authentication." +msgstr "" +"Para permitir la autenticación con Smartcards y certificados SSSD debe ser " +"capaz de mapear los certificados con los usuarios. Esto puede ser hecho " +"añadiendo el certificado completo al objeto LDAP del usuario o a una " +"anulación local. Mientras requierir el uso del certificado completo para " +"usar la característica autenticación Smartcard de SSH (ver <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> para más detalles) puede ser engorroso o no " +"siempre posible de hacer esto en el caso general donde los servicios locales " +"usan autenticación PAM." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4337 +msgid "" +"To make the mapping more flexible mapping and matching rules were added to " +"SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for details)." +msgstr "" +"Para hacer que la asignación sea más flexible, se agregaron reglas de " +"asignación y coincidencia a SSSD (ver más detalles en <citerefentry> " +"<refentrytitle>sss-certmap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4346 +msgid "" +"A mapping and matching rule can be added to the SSSD configuration in a " +"section on its own with a name like <quote>[certmap/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</" +"replaceable>]</quote>. In this section the following options are allowed:" +msgstr "" +"Un regla de mapeo y coincidencia puede ser añadida a la configuración SSSD " +"en una sección en si misma con un nombre como <quote>[certmap/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</" +"replaceable>]</quote>. En esta sección están permitidas las siguientes " +"opciones:" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4353 +msgid "matchrule (string)" +msgstr "matchrule (cadena)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4356 +msgid "" +"Only certificates from the Smartcard which matches this rule will be " +"processed, all others are ignored." +msgstr "" +"Solo los certificados de la Smartcard que coincidan con esta regla serán " +"procesados, los demás son ignorados." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4360 +msgid "" +"Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " +"Extended Key Usage <quote>clientAuth</quote>" +msgstr "" +"Predeterminado: KRB5:<EKU>clientAuth, i.e. solo los certificados que " +"tengan Extended Key Usage <quote>clientAuth</quote>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4367 +msgid "maprule (string)" +msgstr "maprule (cadena)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4370 +msgid "Defines how the user is found for a given certificate." +msgstr "Define como se encuentra un usuario desde un certificado dado." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4376 +msgid "" +"LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " +"<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." +msgstr "" +"LDAP:(userCertificate;binary={cert!bin}) para proveedores basados en LDAP " +"como <quote>ldap</quote>, <quote>AD</quote> o <quote>ipa</quote>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4382 +msgid "" +"The RULE_NAME for the <quote>files</quote> provider which tries to find a " +"user with the same name." +msgstr "" +"El RULE_NAME para el proveedor de <quote>ficheros</quote> que intenta " +"encontrar un usuario con el mismo nombre." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4391 +msgid "domains (string)" +msgstr "domains (cadena)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4394 +msgid "" +"Comma separated list of domain names the rule should be applied. By default " +"a rule is only valid in the domain configured in sssd.conf. If the provider " +"supports subdomains this option can be used to add the rule to subdomains as " +"well." +msgstr "" +"Lista separada por comas de nombrs de dominios a los que la regla debería " +"ser aplicada. Por defecto una regla solo es válida en el dominio configurado " +"en sssd.conf. Si el proveedor soporta subdominios esta opción puede ser " +"usada para añadir la regla a los subdominios también." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4401 +msgid "Default: the configured domain in sssd.conf" +msgstr "Predetermiado: el dominio configurado en sssd.conf" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4406 +msgid "priority (integer)" +msgstr "priority (entero)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4409 +msgid "" +"Unsigned integer value defining the priority of the rule. The higher the " +"number the lower the priority. <quote>0</quote> stands for the highest " +"priority while <quote>4294967295</quote> is the lowest." +msgstr "" +"Valor entero sin signo que define la prioridad de la regla. El número más " +"alto la prioridad más baja. <quote>0</quote> se mantiene para la prioridad " +"más alte mientras que <quote>4294967295</quote> es la más baja." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4415 +msgid "Default: the lowest priority" +msgstr "Predeterminado: la prioridad más baja" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4421 +msgid "" +"To make the configuration simple and reduce the amount of configuration " +"options the <quote>files</quote> provider has some special properties:" +msgstr "" +"Para hacer la configuración sencilla y reducir la cantidad de opciones de " +"configuración el proveedor de <quote>ficheros</quote> tiene algunas " +"propiedades especiales:" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4427 +msgid "" +"if maprule is not set the RULE_NAME name is assumed to be the name of the " +"matching user" +msgstr "" +"si maprule no está establecido el nombre RULE_NAME se asume como en del " +"usuario coincidente" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4433 +msgid "" +"if a maprule is used both a single user name or a template like " +"<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " +"<quote>(username)</quote> or <quote>({subject_rfc822_name.short_name})</" +"quote>" +msgstr "" +"si se usa una maprule tanto un único nombre de usuario como una plantilla " +"como <quote>{subject_rfc822_name.short_name}</quote> debe ir entre llaves " +"como e.g. <quote>(username)</quote> or <quote>({subject_rfc822_name." +"short_name})</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4442 +msgid "the <quote>domains</quote> option is ignored" +msgstr "la opción <quote>domains</quote> es ignorada" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4450 +msgid "PROMPTING CONFIGURATION SECTION" +msgstr "SECCIÓN DE CONFIGURACIÓN INICIAL" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4452 +msgid "" +"If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" +"filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " +"which authentication methods are available for the user trying to log in. " +"Based on the results pam_sss will prompt the user for appropriate " +"credentials." +msgstr "" +"Si existe un fichero especial(<filename>/var/lib/sss/pubconf/" +"pam_preauth_available</filename>) el módulo PAM de SSSD pam_sss le pedirá a " +"SSSD que descubra que métodos de autenticación están disponibles para el " +"usuario que intenta iniciar sesión. En base a los resultados pam_sss pedirá " +"al usuario las credenciales apropiadas." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4460 +msgid "" +"With the growing number of authentication methods and the possibility that " +"there are multiple ones for a single user the heuristic used by pam_sss to " +"select the prompting might not be suitable for all use cases. The following " +"options should provide a better flexibility here." +msgstr "" +"Con el creciente número de métodos de autenticación y la la posibilidad de " +"que haya múltiples para un único usuario la heurística usada por pam_sss " +"para seleccionar la solicitud podría no ser adecuada para todos los casos. " +"Las siguientes opciones deberían suministrar una mejor flexibilidad aquí." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4472 +msgid "[prompting/password]" +msgstr "[prompting/password]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4475 +msgid "password_prompt" +msgstr "password_prompt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4476 +msgid "to change the string of the password prompt" +msgstr "cambiar la cadena de solicitud de contraseña" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4474 +msgid "" +"to configure password prompting, allowed options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"para configurar la solicitud de contraseña, las opciones permitidas son: " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4484 +msgid "[prompting/2fa]" +msgstr "[prompting/2fa]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4488 +msgid "first_prompt" +msgstr "first_prompt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4489 +msgid "to change the string of the prompt for the first factor" +msgstr "para cambiar la cadena de la solicitud del primer factor" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4492 +msgid "second_prompt" +msgstr "second_prompt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4493 +msgid "to change the string of the prompt for the second factor" +msgstr "para cambiar la cadena de la solicitud para el segundo factor" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4496 +msgid "single_prompt" +msgstr "single_prompt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4497 +#, fuzzy +#| msgid "" +#| "boolean value, if True there will be only a single prompt using the value " +#| "of first_prompt where it is expected that both factors are entered as a " +#| "single string" +msgid "" +"boolean value, if True there will be only a single prompt using the value of " +"first_prompt where it is expected that both factors are entered as a single " +"string. Please note that both factors have to be entered here, even if the " +"second factor is optional." +msgstr "" +"valor booleano, si True habrá una única pregunta usando el valor de " +"first_prompt donde se espera que ambos factores se introduzcan como una " +"única cadena" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4486 +msgid "" +"to configure two-factor authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " +"optional and it should be possible to log in either only with the password " +"or with both factors two-step prompting has to be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4514 +#, fuzzy +#| msgid "[prompting/password]" +msgid "[prompting/passkey]" +msgstr "[prompting/password]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4522 +msgid "" +"boolean value, if True prompt a message and wait before testing the presence " +"of a passkey device. Recommended if your device doesn’t have a tactile " +"trigger." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4530 +#, fuzzy +#| msgid "first_prompt" +msgid "interactive_prompt" +msgstr "first_prompt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4532 +#, fuzzy +#| msgid "to change the string of the password prompt" +msgid "to change the message of the interactive prompt." +msgstr "cambiar la cadena de solicitud de contraseña" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4537 +msgid "touch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4539 +msgid "" +"boolean value, if True prompt a message to remind the user to touch the " +"device." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4545 +#, fuzzy +#| msgid "first_prompt" +msgid "touch_prompt" +msgstr "first_prompt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4547 +#, fuzzy +#| msgid "to change the string of the password prompt" +msgid "to change the message of the touch prompt." +msgstr "cambiar la cadena de solicitud de contraseña" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4516 +#, fuzzy +#| msgid "" +#| "to configure two-factor authentication prompting, allowed options are: " +#| "<placeholder type=\"variablelist\" id=\"0\"/>" +msgid "" +"to configure passkey authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"para configurar la consulta de autenticación de dos factores, las opciones " +"permitidas son: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4467 +#, fuzzy +#| msgid "" +#| "Each supported authentication method has its own configuration subsection " +#| "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " +#| "type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" " +#| "id=\"1\"/>" +msgid "" +"Each supported authentication method has its own configuration subsection " +"under <quote>[prompting/...]</quote>. Currently there are: <placeholder " +"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/" +"> <placeholder type=\"variablelist\" id=\"2\"/>" +msgstr "" +"Cada método de autenticación soportado tiene su propia subsección de " +"configuración bajo <quote>[prompting/...]</quote>. Actualmente hay: " +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder " +"type=\"variablelist\" id=\"1\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4558 +msgid "" +"It is possible to add a subsection for specific PAM services, e.g. " +"<quote>[prompting/password/sshd]</quote> to individual change the prompting " +"for this service." +msgstr "" +"Es posible añadir una subsección para servicios PAM específicos, e.g. " +"<quote>[prompting/password/sshd]</quote> para el cambio individual de la " +"pregunta para este servicio." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +msgid "EXAMPLES" +msgstr "EJEMPLOS" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4571 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4567 +msgid "" +"1. The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" +"1. El siguiente ejemplo muestra una configuración SSSD típica.No describe la " +"configuración de los dominios en si mismos - vea la documentación sobre " +"configuración de dominios para mas detalles. <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4604 +#, no-wrap +msgid "" +"[domain/ipa.com/child.ad.com]\n" +"use_fully_qualified_names = false\n" +msgstr "" +"[domain/ipa.com/child.ad.com]\n" +"use_fully_qualified_names = false\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4598 +msgid "" +"2. The following example shows configuration of IPA AD trust where the AD " +"forest consists of two domains in a parent-child structure. Suppose IPA " +"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain " +"(child.ad.com). To enable shortnames in the child domain the following " +"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/" +">" +msgstr "" +"2. El siguiente ejemplo muestra la configuración de confianza IPA AD el " +"bosque AD consta de dos dominios en una estructura padre-hijo. Supone que " +"el dominio IPA (ipa.com) tiene confianza con el dominio AD (ad.com). ad.com " +"tiene dominio hijo (child.ad.com). Para habilitar nombres cortos en el " +"dominio hijo se debería usar la siguiente configuración. <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4615 +#, fuzzy, no-wrap +#| msgid "" +#| "[certmap/my.domain/rule_name]\n" +#| "matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +#| "maprule = (userCertificate;binary={cert!bin})\n" +#| "domains = my.domain, your.domain\n" +#| "priority = 10\n" +#| "\n" +#| "[certmap/files/myname]\n" +#| "matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$<SUBJECT>^CN=User.Name,DC=MY,DC=DOMAIN$\n" +msgid "" +"[certmap/my.domain/rule_name]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +"maprule = (userCertificate;binary={cert!bin})\n" +"domains = my.domain, your.domain\n" +"priority = 10\n" +msgstr "" +"[certmap/my.domain/rule_name]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +"maprule = (userCertificate;binary={cert!bin})\n" +"domains = my.domain, your.domain\n" +"priority = 10\n" +"\n" +"[certmap/files/myname]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$<SUBJECT>^CN=User.Name,DC=MY,DC=DOMAIN$\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4609 +#, fuzzy +#| msgid "" +#| "3. The following example shows the configuration for two certificate " +#| "mapping rules. The first is valid for the configured domain <quote>my." +#| "domain</quote> and additionally for the subdomains <quote>your.domain</" +#| "quote> and uses the full certificate in the search filter. The second " +#| "example is valid for the domain <quote>files</quote> where it is assumed " +#| "the files provider is used for this domain and contains a matching rule " +#| "for the local user <quote>myname</quote>. <placeholder " +#| "type=\"programlisting\" id=\"0\"/>" +msgid "" +"3. The following example shows the configuration of a certificate mapping " +"rule. It is valid for the configured domain <quote>my.domain</quote> and " +"additionally for the subdomains <quote>your.domain</quote> and uses the full " +"certificate in the search filter. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" +"3. El siguiente ejemplo muestra la configuración para dos reglas de mapeo de " +"certificado. La primera es válida para el dominio configurado <quote>my." +"domain</quote> y adicionalmente para los subdominios <quote>your.domain</" +"quote> y usa el certificado completo en el filtro de búsqueda. El segundo " +"ejemplo es válido para el dominio <quote>files</quote> donde se asume que el " +"proveedor de ficheros se usa por este dominio y contiene la regla de " +"coincidencia para el usuario local <quote>myname</quote>. <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "sssd-ldap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "Proveedor SSSD LDAP" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:21 pam_sss.8.xml:63 pam_sss_gss.8.xml:30 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21 +#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 +#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sssd-krb5.5.xml:21 +#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 +#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 +#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30 +#: sssd-files.5.xml:21 sssd-session-recording.5.xml:21 sssd-kcm.8.xml:21 +#: sssd-systemtap.5.xml:21 sssd-ldap-attributes.5.xml:21 +#: sssd_krb5_localauth_plugin.8.xml:20 +msgid "DESCRIPTION" +msgstr "DESCRIPCION" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" +"Esta página de manual describe la configuración de dominios LDAP para " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Vea la sección <quote>FILE FORMAT</quote> de la página de " +"manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> para información detallada de la sintáxis." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "Puede configurar SSSD para usar más de un dominio LDAP." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." +msgstr "" +"El punto final de LDAP soporta proveedores de id, auth, acceso y chpass. Si " +"usted desea autenticarse contra un servidor LDAP se requiere bien TLS/SSL o " +"LDAPS. <command>sssd</command> <emphasis>no</emphasis> soporta autenticación " +"sobre un canal no esncriptado. Si el servidor LDAP se usa sólo como un " +"proveedor de identidad, no se necesita un canal encriptado. Por favor vea la " +"opción de configuración <quote>ldap_access_filter</quote> para más " +"información sobre la utilización de LDAP como proveedor de acceso." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 +#: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 +msgid "CONFIGURATION OPTIONS" +msgstr "OPCIONES DE CONFIGURACIÓN" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:67 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "ldap_uri, ldap_backup_uri (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"Especifica una lista separada por comas de URIs del servidor LDAP al que " +"SSSD se conectaría en orden de preferencia. Vea la sección " +"<quote>CONMUTACIÓN EN ERROR</quote> para más información sobre la " +"conmutación en error y la redundancia de servidor. Si no hay opción " +"especificada, se habilita el descubridor de servicio. Para más información, " +"vea la sección <quote>DESCUBRIDOR DE SERVICIOS</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:77 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" +"El formato de la URI debe coincidir con el formato definido en RFC 2732:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:80 +msgid "ldap[s]://<host>[:port]" +msgstr "ldap[s]://<host>[:port]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:83 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" +"Para direcciones IPv6 explícitas, <host> debe estar entre corchetes []" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:86 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "ejemplo: ldap://[fc00::126:25]:389" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:92 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" +"Especifica la lista separada por comas de URIs de los servidores LDAP a los " +"que SSSD se conectaría con el objetivo preferente de cambiar la contraseña " +"de un usuario. Vea la sección <quote>FAILOVER</quote> para más información " +"sobre failover y redundancia de servidor." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:102 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" +"Para habilitar el servicio descubrimiento ldap_chpass_dns_service_name debe " +"ser establecido." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:106 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "Por defecto: vacio, esto es ldap_uri se está usando." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:112 +msgid "ldap_search_base (string)" +msgstr "ldap_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:115 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" +"El DN base por defecto que se usará para realizar operaciones LDAP de " +"usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" +"Desde SSSD 1.7.0, SSSD soporta múltiples bases de búsqueda usando la " +"sintaxis:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:123 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "El alcance puede ser uno de “base”, “onlevel” o “subtree”." + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" +"El filtro debe ser un filtro de búsqueda LDAP válido como se especifica en " +"http://www.ietf.org/rfc/rfc2254.txt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 +msgid "Examples:" +msgstr "Ejemplos:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:136 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" +"ldap_search_base = dc=example,dc=com (que es equivalente a) ldap_search_base " +"= dc=example,dc=com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:141 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" +"Nota: No está soportado tener múltiples bases de búsqueda que se referencien " +"a objetos nombrados idénticamente (por ejemplo, grupos con el mismo nombre " +"en dos bases de búsqueda diferentes). Esto llevara a comportamientos " +"impredecibles sobre máquinas cliente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:151 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" +"Por defecto: no se fija, se usa el valor de los atributos " +"defaultNamingContext o namingContexts de RootDSE del servidor LDAP usado. " +"Si defaultNamingContext no existe o tiene un valor vacío se usa " +"namingContexts. El atributo namingContexts debe tener un único valor con el " +"DN de la base de búsqueda del servidor LDAP para hacer este trabajo. No se " +"soportan múltiples valores." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:165 +msgid "ldap_schema (string)" +msgstr "ldap_schema (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" +"Especifica el Tipo de Esquema en uso en el servidor LDAP objetivo. " +"Dependiendo del esquema seleccionado, los nombres de atributos por defecto " +"que se recuperan de los servidores pueden variar. La manera en que algunos " +"atributos son manejados puede también diferir." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:175 +msgid "Four schema types are currently supported:" +msgstr "Cuatro tipos de esquema son actualmente soportados:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:179 +msgid "rfc2307" +msgstr "rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:184 +msgid "rfc2307bis" +msgstr "rfc2307bis" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:189 +msgid "IPA" +msgstr "IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:194 +msgid "AD" +msgstr "AD" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:200 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" +"La principal diferencia entre estos tipos de esquemas es como las " +"afiliaciones de grupo son grabadas en el servidor. Con rfc2307, los miembros " +"de grupos son listados por nombre en el atributo <emphasis>memberUid</" +"emphasis>. Con rfc2307bis e IPA, los miembros de grupo son listados por DN y " +"almacenados en el atributo <emphasis>member</emphasis>. El tipo de esquema " +"AD fija los atributos para corresponderse con los valores Active Directory " +"2008r2." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:210 +msgid "Default: rfc2307" +msgstr "Predeterminado: rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:216 +msgid "ldap_pwmodify_mode (string)" +msgstr "ldap_pwmodify_mode (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:219 +msgid "Specify the operation that is used to modify user password." +msgstr "" +"Especifica la operación que se usa para modificar la contraseña de usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:223 +msgid "Two modes are currently supported:" +msgstr "Actualmente se soportan dos modos:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:227 +msgid "exop - Password Modify Extended Operation (RFC 3062)" +msgstr "exop - Operación Extendida de Modificación de Contraseña (RFC 3062)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:233 +msgid "ldap_modify - Direct modification of userPassword (not recommended)." +msgstr "ldap_modify - Modificación directa de userPassword (no recomendado)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:240 +msgid "" +"Note: First, a new connection is established to verify current password by " +"binding as the user that requested password change. If successful, this " +"connection is used to change the password therefore the user must have write " +"access to userPassword attribute." +msgstr "" +"Aviso: Primero, se establece una nueva conexión para verificar la contraseña " +"acutal uniendo con el usuario que ha pedido el cambio de contraseña. Si " +"tiene éxito, esta conexión se usa para el cambio de contraseña por lo tanto " +"el usuario debe haber escrito el atributo de acceos a userPassword." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:248 +msgid "Default: exop" +msgstr "Predeterminado: exop" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:254 +msgid "ldap_default_bind_dn (string)" +msgstr "ldap_default_bind_dn (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" +"El enlazador DN por defecto a usar para llevar a cabo operaciones LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:264 +msgid "ldap_default_authtok_type (string)" +msgstr "ldap_default_authtok_type (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:267 +msgid "The type of the authentication token of the default bind DN." +msgstr "El tipo de ficha de autenticación del enlazador DN por defecto." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:271 +msgid "The two mechanisms currently supported are:" +msgstr "Los dos mecanismos actualmente soportados son:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:274 +msgid "password" +msgstr "contraseña" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:277 +msgid "obfuscated_password" +msgstr "obfuscated_password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:280 +msgid "Default: password" +msgstr "Por defecto: contraseña" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "" +"See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:294 +msgid "ldap_default_authtok (string)" +msgstr "ldap_default_authtok (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:297 +msgid "The authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:303 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "ldap_force_upper_case_realm (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:306 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" +"Algunos servidores de directorio, por ejemplo Active Directory, pueden " +"entregar la parte real del UPN en minúsculas, lo que puede causar fallos de " +"autenticación. Fije esta opción en un valor distinto de cero si usted desea " +"usar mayúsculas reales." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:319 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "ldap_enumeration_refresh_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" +"Especifica cuantos segundos SSSD tiene que esperar antes de refrescar su " +"escondrijo de los registros enumerados." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:338 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "ldap_purge_cache_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:341 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" +"Determina la frecuencia de comprobación del cache para entradas inactivas " +"(como grupos sin miembros y usuarios que nunca han accedido) y borrarlos " +"para guardar espacio." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:347 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" +"Estableciendo esta opción a cero deshabilitará la operación de limpieza del " +"caché. Por favor advierta que si la enumeración está habilitada, se requiere " +"la tarea de limpieza con el objetivo de detectar entradas borradas desde el " +"servidor y no pueden ser deshabilitadas. Por defecto, la tarea de limpieza " +"correrá cada tres horas con la enumeración habilitada." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:367 +msgid "ldap_group_nesting_level (integer)" +msgstr "ldap_group_nesting_level (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:370 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" +"Si ldap_schema está fijado en un formato de esquema que soporte los grupos " +"anidados (por ejemplo, RFC2307bis), entonces esta opción controla cuantos " +"niveles de anidamiento seguirá SSSD. Este opción no tiene efecto en el " +"esquema RFC2307." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" +"Aviso: Esta opción especifica el nivel garantizado d grupos anidados a ser " +"procesados para cualquier búsqueda. Sin embargo, los grupos anidados detrás " +"de este límite <emphasis>pueden ser</emphasis> devueltos si las búsquedas " +"anteriores ya resueltas en os niveles más profundos de anidamiento. " +"También, las búsquedas subsiguientes para otros grupos pueden agrandar el " +"conjunto de resultados de la búsqueda origina si se requiere." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" +"Si ldap_group_nesting_level está establecido a 0 no se procesan de ninguna " +"manera grupos anidados. Sin embargo, cuando está conectado a Active-" +"Directory Server 2008 y posteriores usando <quote>id_provider=ad</quote> se " +"recomienda además deshabilitar la utilización de Token-Groups estableciendo " +"ldap_use_tokengroups a false con el objetivo de restringir el anidamiento de " +"grupos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:395 +msgid "Default: 2" +msgstr "Predeterminado: 2" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:404 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" +"Esta opción habilita o deshabilita el uso del atributo Token-Groups cuando " +"lleva a cabo un initgroup para usuarios de Active Directory Server 2008 y " +"posteriores." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: True for AD and IPA otherwise False." +msgstr "Predeterminado: True para AD e IPA en otro caso False." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_host_search_base (string)" +msgstr "ldap_host_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "Optional. Use the given string as search base for host objects." +msgstr "Opcional. Usa la cadena dada como base de búsqueda para objetos host." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" +"Vea <quote>ldap_search_base</quote> para información sobre la configuración " +"de múltiples bases de búsqueda." + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "Predeterminado: el valor de <emphasis>ldap_search_base</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:439 +msgid "ldap_service_search_base (string)" +msgstr "ldap_service_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:444 +msgid "ldap_iphost_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:449 +msgid "ldap_ipnetwork_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:454 +msgid "ldap_search_timeout (integer)" +msgstr "ldap_search_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:457 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" +"Especifica el tiempo de salida (en segundos) que la búsqueda ldap está " +"permitida para correr antes que de quea cancelada y los resultados " +"escondidos devueltos (y se entra en modo fuera de línea)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:463 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" +"Nota: esta opción será sujeto de cambios en las futuras versiones del SSSD. " +"Probablemente será sustituido en algunos puntos por una serie de tiempos de " +"espera para tipos específicos de búsqueda." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:480 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "ldap_enumeration_search_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:483 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" +"Especifica el tiempo de espera (en segundos) en los que las búsquedas ldap " +"de enumeraciones de usuario y grupo están permitidas de correr antes de que " +"sean canceladas y devueltos los resultados escondidos (y se entra en modo " +"fuera de línea)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:501 +msgid "ldap_network_timeout (integer)" +msgstr "ldap_network_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" +"Especifica el tiempo de salida (en segudos) después del cual <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> siguiendo un <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> vuelve en caso de no actividad." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:532 +msgid "ldap_opt_timeout (integer)" +msgstr "ldap_opt_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:535 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" +"Especifica un tiempo de espera (en segundos) después del cual las llamadas a " +"LDAP APIs asíncronos se abortarán si no se recibe respuesta. También " +"controla el tiempo de espera cuando se comunica con el KDC en caso de enlace " +"SASL, el tiempo de espera de una operación de enlace LDAP, la operación de " +"cambio extendido de contraseña y las operación StartTLS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:555 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "ldap_connection_expire_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:558 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" +"Especifica un tiempo de espera (en segundos) en el que se mantendrá una " +"conexión a un servidor LDAP. Después de este tiempo, la conexión será " +"restablecida. Si su usa en paralelo con SASL/GSSAPI, se usará el valor más " +"temprano (este valor contra el tiempo de vida TGT)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:566 +msgid "" +"If the connection is idle (not actively running an operation) within " +"<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " +"closed early to ensure that a new query cannot require the connection to " +"remain open past its expiration. This implies that connections will always " +"be closed immediately and will never be reused if " +"<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:578 +msgid "" +"This timeout can be extended of a random value specified by " +"<emphasis>ldap_connection_expire_offset</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 +msgid "Default: 900 (15 minutes)" +msgstr "Predeterminado: 900 (15 minutos)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_connection_expire_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"Random offset between 0 and configured value is added to " +"<emphasis>ldap_connection_expire_timeout</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:613 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_connection_idle_timeout (integer)" +msgstr "ldap_connection_expire_timeout (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:616 +#, fuzzy +#| msgid "" +#| "Specifies a timeout (in seconds) that a connection to an LDAP server will " +#| "be maintained. After this time, the connection will be re-established. If " +#| "used in parallel with SASL/GSSAPI, the sooner of the two values (this " +#| "value vs. the TGT lifetime) will be used." +msgid "" +"Specifies a timeout (in seconds) that an idle connection to an LDAP server " +"will be maintained. If the connection is idle for more than this time then " +"the connection will be closed." +msgstr "" +"Especifica un tiempo de espera (en segundos) en el que se mantendrá una " +"conexión a un servidor LDAP. Después de este tiempo, la conexión será " +"restablecida. Si su usa en paralelo con SASL/GSSAPI, se usará el valor más " +"temprano (este valor contra el tiempo de vida TGT)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:622 +msgid "You can disable this timeout by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:637 +msgid "ldap_page_size (integer)" +msgstr "ldap_page_size (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:640 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" +"Especifica el número de registros a recuperar desde una única petición LDAP. " +"Algunos servidores LDAP hacen cumplir un límite máximo por petición." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:651 +msgid "ldap_disable_paging (boolean)" +msgstr "ldap_disable_paging (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:654 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" +"Deshabilita el control de paginación LDAP. Esta opción se debería usar si el " +"servidor LDAP reporta que soporta el control de paginación LDAP en sus " +"RootDSE pero no está habilitado o no se comporta apropiadamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:660 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" +"Ejemplo: los servidores OpenLDAP con el módulo de control de paginación " +"instalado sobre el servidor pero no habilitado lo reportarán en el RootDSE " +"pero es incapaz de usarlo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:666 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" +"Ejemplo: 389 DS tiene un bug donde puede sólo soportar un control de " +"paginación a la vez en una única conexión. Sobre clientes ocupados, esto " +"puede ocasionar que algunas peticiones sean denegadas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:678 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "ldap_disable_range_retrieval (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:681 +msgid "Disable Active Directory range retrieval." +msgstr "Deshabilitar la recuperación del rango de Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:684 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" +"Active Directory limita el número de miembros a recuperar en una única " +"búsqueda usando la política MaxValRange (que está predeterminada a 1500 " +"miembros). Si un grupo contiene mas miembros, la replica incluiría una " +"extensión de rango específica AD. Esta opción deshabilita el análisis de la " +"extensión del rango, por eso grupos grandes aparecerán como si no tuvieran " +"miembros." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:699 +msgid "ldap_sasl_minssf (integer)" +msgstr "ldap_sasl_minssf (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:702 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" +"Cuando se está comunicando con un servidor LDAP usando SASL, especifica el " +"nivel de seguridad mínimo necesario para establecer la conexión. Los valores " +"de esta opción son definidos por OpenLDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" +"Por defecto: Usa el sistema por defecto (normalmente especificado por ldap." +"conf)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:715 +msgid "ldap_sasl_maxssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:718 +msgid "" +"When communicating with an LDAP server using SASL, specify the maximal " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:731 +msgid "ldap_deref_threshold (integer)" +msgstr "ldap_deref_threshold (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:734 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" +"Especifica el número de miembros del grupo que deben estar desaparecidos " +"desde el escondrijo interno con el objetivo de disparar una búsqueda " +"deference. Si hay menos miembros desaparecidos, se buscarán individualmente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:740 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0. " +"Please note that there are some codepaths in SSSD, like the IPA HBAC " +"provider, that are only implemented using the dereference call, so even with " +"dereference explicitly disabled, those parts will still use dereference if " +"the server supports it and advertises the dereference control in the rootDSE " +"object." +msgstr "" +"Puede desactivar las búsquedas de desreferencia completamente estableciendo " +"el valor a 0. Tenga en cuenta que hay algunas rutas de código en SSSD, como " +"el proveedor IPA HBAC, que solo son implementadas usando la llamada de " +"desreferencia, de modo que solo con la desreferencia explícitamente " +"deshabilitada aquellas partes usarán todavía la desreferencia si el servidor " +"lo soporta y auncia el control de la desreferencia en el objeto rootDSE." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:751 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" +"Una búsqueda dereference es un medio de descargar todos los miembros del " +"grupo en una única llamada LDAP. Servidores diferentes LDAP pueden " +"implementar diferentes métodos dereference. Los servidores actualmente " +"soportados son 389/RHDS, OpenLDAP y Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:759 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" +"<emphasis>Nota:</emphasis> Si alguna de las bases de búsqueda especifica un " +"filtro de búsqueda, la mejora del rendimiento de la búsqueda dereference " +"será deshabilitado sin tener en cuenta este ajuste." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:772 +#, fuzzy +#| msgid "ad_gpo_ignore_unreadable (boolean)" +msgid "ldap_ignore_unreadable_references (bool)" +msgstr "ad_gpo_ignore_unreadable (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:775 +msgid "" +"Ignore unreadable LDAP entries referenced in group's member attribute. If " +"this parameter is set to false an error will be returned and the operation " +"will fail instead of just ignoring the unreadable entry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:782 +msgid "" +"This parameter may be useful when using the AD provider and the computer " +"account that sssd uses to connect to AD does not have access to a particular " +"entry or LDAP sub-tree for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:795 +msgid "ldap_tls_reqcert (string)" +msgstr "ldap_tls_reqcert (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:798 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" +"Especifica que comprobaciones llevar a cabo sobre los certificados del " +"servidor en una sesión TLS, si las hay. Puede ser especificado como uno de " +"los siguientes valores:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" +"<emphasis>never</emphasis> = El cliente no pedirá o comprobará ningún " +"certificado de servidor." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:808 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" +"<emphasis>allow</emphasis> = Se pide el certificado del servidor. Si no se " +"suministra certificado, la sesión sigue normalmente. Si se suministra un " +"certificado malo, será ignorado y la sesión continua normalmente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:815 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" +"<emphasis>try</emphasis> = Se pide el certificado del servidor. Si no se " +"suministra certificado, la sesión continua normalmente. Si se suministra un " +"certificado malo, la sesión se termina inmediatamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:821 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" +"<emphasis>demand</emphasis> = Se pide el certificado del servidor. Si no se " +"suministra certificado, o se suministra un certificado malo, la sesión se " +"termina inmediatamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:827 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:831 +msgid "Default: hard" +msgstr "Predeterminado: hard" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:837 +msgid "ldap_tls_cacert (string)" +msgstr "ldap_tls_cacert (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:840 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" +"Especifica el fichero que contiene los certificados de todas las Autoridades " +"de Certificación que <command>sssd</command> reconocerá." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" +"Por defecto: use los valores por defecto OpenLDAP, normalmente en <filename>/" +"etc/openldap/ldap.conf</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:852 +msgid "ldap_tls_cacertdir (string)" +msgstr "ldap_tls_cacertdir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:855 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" +"Especifica la ruta de un directorio que contiene los certificados de las " +"Autoridades de Certificación en ficheros individuales separados. Normalmente " +"los nombres de fichero necesita ser el hash del certificado seguido por " +"‘.0’. si esta disponible <command>cacertdir_rehash</command> puede ser usado " +"para crear los nombres correctos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:870 +msgid "ldap_tls_cert (string)" +msgstr "ldap_tls_cert (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:873 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" +"Especifica el fichero que contiene el certificado para la clave del cliente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:883 +msgid "ldap_tls_key (string)" +msgstr "ldap_tls_key (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:886 +msgid "Specifies the file that contains the client's key." +msgstr "Especifica el archivo que contiene la clave del cliente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:895 +msgid "ldap_tls_cipher_suite (string)" +msgstr "ldap_tls_cipher_suite (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:898 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" +"Especifica conjuntos de cifrado aceptable. Por lo general, es una lista " +"searada por dos puntos. Vea el formato en <citerefentry><refentrytitle>ldap." +"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "ldap_id_use_start_tls (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." +msgid "" +"Specifies that the id_provider connection must also use <systemitem " +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." +msgstr "" +"Especifica que la id_de proveedor de la conexión debe también utilizar " +"<systemitem class=\"protocol\">tls</systemitem> para proteger el canal." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_id_mapping (boolean)" +msgstr "ldap_id_mapping (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" +"Especifica que SSSD intentaría mapear las IDs de usuario y grupo desde los " +"atributos ldap_user_objectsid y ldap_group_objectsid en lugar de apoyarse en " +"ldap_user_uid_number y ldap_group_gid_number." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:934 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" +"Actualmente está función soporta sólo mapeos de objectSID de ActiveDirectory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:944 +msgid "ldap_min_id, ldap_max_id (integer)" +msgstr "ldap_min_id, ldap_max_id (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:947 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" +"En contraste con el SID basado en mapeo de ID que se usa si ldap_id_mapping " +"está establecido a true el rango de ID permitido para ldap_user_uid_number y " +"ldap_group_gid_number está sin consolidar. En una configuración con " +"subdominios de confianza, esto podría producir colisiones de ID. Para evitar " +"las colisiones ldap_min_id y ldap_max_id pueden er establecidos para " +"restringir el rango permitido para las IDs que son leídas directamente desde " +"el servidor. Los subdominios pueden elegir otros rangos para asignar IDs." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:959 +msgid "Default: not set (both options are set to 0)" +msgstr "Predeterminado: no establecido (ambas opciones se establecen a 0)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:965 +msgid "ldap_sasl_mech (string)" +msgstr "ldap_sasl_mech (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:968 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " +"tested and supported." +msgstr "" +"Especifica el mecanismo SASL a usar. Actualmente solo están probados y " +"soportados GSSAPI y GSS-SPNEGO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:972 +msgid "" +"If the backend supports sub-domains the value of ldap_sasl_mech is " +"automatically inherited to the sub-domains. If a different value is needed " +"for a sub-domain it can be overwritten by setting ldap_sasl_mech for this " +"sub-domain explicitly. Please see TRUSTED DOMAIN SECTION in " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" +"Si el backend admite subdominios el valor de ldap_sasl_mech es heredado " +"automáticamente por los subdominios. Si se necesita un valor diferente para " +"un subdominio puede ser sobrescrito estabeciendo ldap_sasl_mech para este " +"subdominio explícitamente. Por favor vea la SECCIÓN DOMINIO DE CONFIANZA es " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> para más detalles." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:988 +msgid "ldap_sasl_authid (string)" +msgstr "ldap_sasl_authid (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ldap.5.xml:1000 +#, no-wrap +msgid "" +"hostname@REALM\n" +"netbiosname$@REALM\n" +"host/hostname@REALM\n" +"*$@REALM\n" +"host/*@REALM\n" +"host/*\n" +" " +msgstr "" +"hostname@REALM\n" +"netbiosname$@REALM\n" +"host/hostname@REALM\n" +"*$@REALM\n" +"host/*@REALM\n" +"host/*\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:991 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " +"this represents the Kerberos principal used for authentication to the " +"directory. This option can either contain the full principal (for example " +"host/myhost@EXAMPLE.COM) or just the principal name (for example host/" +"myhost). By default, the value is not set and the following principals are " +"used: <placeholder type=\"programlisting\" id=\"0\"/> If none of them are " +"found, the first principal in keytab is returned." +msgstr "" +"Especifica la identificación de autorización SASL a usar. Cuando son usados " +"GSSAPI/GSS-SPNEGO, esto representa el principal Kerberos usado para " +"autenticación al directorio. Esta opción puede contener el principal " +"completo (por ejemplo host/myhost@EXAMPLE.COM) o solo el nombre principal " +"(por ejemplo host/myhost). Por defecto, el valor no está establecido y se " +"usan los siguientes principales: <placeholder type=\"programlisting\" " +"id=\"0\"/> Si no se encuentra ninguno de ellos, se devuelve en primer " +"principal en la pestaña." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1011 +msgid "Default: host/hostname@REALM" +msgstr "Por defecto: host/nombre_de_host@REALM" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1017 +msgid "ldap_sasl_realm (string)" +msgstr "ldap_sasl_realm (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" +"Especifica el reino SASL a usar. Cuando no se especifica, esta opción se " +"pone por defecto al valor de krb5_realm. Si ldap_sasl_authid contiene el " +"reino también, esta opción se ignora." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1026 +msgid "Default: the value of krb5_realm." +msgstr "Por defecto: el valor de krb5_realm." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1032 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "ldap_sasl_canonicalize (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1035 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" +"Si se fija en true, la librería LDAP llevaría a cabo una búsqueda inversa " +"para para canocalizar el nombre de host durante una unión SASL." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1040 +msgid "Default: false;" +msgstr "Predeterminado: false;" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1046 +msgid "ldap_krb5_keytab (string)" +msgstr "ldap_krb5_keytab (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1049 +msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." +msgstr "Especifica la pestaña a usar cuando se utiliza SASL/GSSAPI/GSS-SPNEGO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" +"Por defecto: Keytab del sistema, normalmente <filename>/etc/krb5.keytab</" +"filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1064 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "ldap_krb5_init_creds (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1067 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI or GSS-SPNEGO." +msgstr "" +"Especifica que id_provider debería iniciar las credenciales Kerberos (TGT). " +"Esta acción solo se lleva a cabo si se usa SASL y el mecanismo seleccionado " +"es GSSAPI o GSS-SPNEGO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1079 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "ldap_krb5_ticket_lifetime (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." +msgstr "" +"Especifica el tiempo de vida en segundos del TGT si se usa GSSAPI o GSS-" +"SPNEGO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 +msgid "Default: 86400 (24 hours)" +msgstr "Predeterminado: 86400 (24 horas)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "krb5_server, krb5_backup_server (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1100 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" +"Especifica una lista separada por comas de direcciones IP o nombres de host " +"de los servidores Kerberos a los cuales se conectaría SSSD en orden de " +"preferencia. Para más información sobre failover y redundancia de servidor, " +"vea la sección <quote>FAILOVER</quote>. Un número de puerto opcional " +"(precedido de dos puntos) puede ser añadido a las direcciones o nombres de " +"host. Si está vacío, el servicio descubridor está habilitado – para más " +"información, vea la sección <quote>SERVICE DISCOVERY</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" +"Cuando se utiliza el servicio descubiertos para servidores KDC o kpasswd, " +"SSSD primero busca entradas DNS que especifiquen _udop como protocolo y " +"regresa a _tcp si no se encuentra nada." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" +"Este opción se llamaba <quote>krb5_kdcip</quote> en las revisiones más " +"tempranas de SSSD. Mientras el legado de nombre se reconoce por el tiempo " +"que sea, los usuarios son advertidos para migrar sus ficheros de " +"configuración para usar <quote>krb5_server</quote> en su lugar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "krb5_realm (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1129 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." +msgstr "" +"Especifica el REALM Kerberos (para autorización SASL/GSSAPI/GSS-SPNEGO)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1133 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" +"Predeterminado: Predeterminados del sistema, vea <filename>/etc/krb5.conf</" +"filename>" + +#. type: Content of: <variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 +msgid "krb5_canonicalize (boolean)" +msgstr "krb5_canonicalize (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1142 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" +"Especifica si el host principal sería estandarizado cuando se conecte a un " +"servidor LDAP. Esta función está disponible con MIT Kerberos >= 1.7" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "krb5_use_kdcinfo (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" +"Especifica si el SSSD debe instruir a las librerías Kerberos que ámbito y " +"que KDCs usar. Esta opción está por defecto, si la deshabilita, necesita " +"configurar las librerías Kerberos usando el fichero de configuración " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" +"Vea la página de manual <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> para más información sobre el complemento " +"localizador." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1182 +msgid "ldap_pwd_policy (string)" +msgstr "ldap_pwd_policy (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1185 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" +"Seleccione la política para evaluar la caducidad de la contraseña en el lado " +"del cliente. Los siguientes valores son permitidos:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1190 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" +"<emphasis>none</emphasis> - Sin evaluación en el lado cliente. Esta opción " +"no puede deshabilitar las políticas de password en el lado servidor." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +#, fuzzy +#| msgid "" +#| "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +#| "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes " +#| "to evaluate if the password has expired." +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired. Please see option " +"\"ldap_chpass_update_last_change\" as well." +msgstr "" +"<emphasis>shadow</emphasis> - Usa los atributos de estilo " +"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> para evaluar si la contraseña ha expirado." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1203 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" +"<emphasis>mit_kerberos</emphasis> - Usa los atributos utilizados por MIT " +"Kerberos para determinar si el password ha expirado. Use " +"chpass_provider=krb5 para actualizar estos atributos cuando se cambia el " +"password." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1212 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" +"<emphasis>Aviso</emphasis>: si está configurada una política de contraseña " +"en el lado del servidor siempre tiene prioridad sobre la política " +"establecida por esta opción." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1220 +msgid "ldap_referrals (boolean)" +msgstr "ldap_referrals (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1223 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" +"Especifica si el seguimiento de referencias automático debería ser " +"habilitado." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1227 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" +"Por favor advierta que sssd sólo soporta seguimiento de referencias cuando " +"está compilado con OpenLDAP versión 2.4.13 o más alta." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1232 +#, fuzzy +#| msgid "" +#| "Chasing referrals may incur a performance penalty in environments that " +#| "use them heavily, a notable example is Microsoft Active Directory. If " +#| "your setup does not in fact require the use of referrals, setting this " +#| "option to false might bring a noticeable performance improvement." +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement. Setting this option to " +"false is therefore recommended in case the SSSD LDAP provider is used " +"together with Microsoft Active Directory as a backend. Even if SSSD would be " +"able to follow the referral to a different AD DC no additional data would be " +"available." +msgstr "" +"Al perseguir referencia se puede incurrir en una penalización de rendimiento " +"en entornos que lo usen pesadamente, un ejemplo notable es Microsoft Active " +"Directory. Si su ajuste no requieren de hecho el uso de referencias, fijar " +"esta opción a false le llevará a una notable mejora de rendimiento." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1251 +msgid "ldap_dns_service_name (string)" +msgstr "ldap_dns_service_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1254 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" +"Especifica el nombre del servicio para utilizar cuando está habilitado el " +"servicio de descubrimiento." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1258 +msgid "Default: ldap" +msgstr "Predeterminado: ldap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1264 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "ldap_chpass_dns_service_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1267 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" +"Especifica el nombre del servicio para utilizar al buscar un servidor LDAP " +"que permita cambios de contraseña cuando está habilitado el servicio de " +"descubrimiento." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "Por defecto: no fijado, esto es servicio descubridor deshabilitado." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1278 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "ldap_chpass_update_last_change (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1281 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" +"Especifica si actualizar el atributo ldap_user_shadow_last_change con días " +"desde el Epoch después de una operación de cambio de contraseña." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1287 +msgid "" +"It is recommend to set this option explicitly if \"ldap_pwd_policy = " +"shadow\" is used to let SSSD know if the LDAP server will update " +"shadowLastChange LDAP attribute automatically after a password change or if " +"SSSD has to update it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1301 +msgid "ldap_access_filter (string)" +msgstr "ldap_access_filter (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1304 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" +"Si está usando access_provider = ldap y ldap_access_order = filter " +"(predeterminado), esta opción es obligatoria. Especifica un criterio de " +"filtro de búsqueda LDAP que debe cumplirse para que el usuario obtenga " +"acceso a este host. Si access_provider = ldap, ldap_access_order = filter y " +"esta opción no estñan establecidos resultará que todos los usuarios tendrán " +"el acceso denegado. Use access_provider = permit para cambiar este " +"comportamiento predeterminado. Por favor advierta que este filtro se aplica " +"sobre la entrada LDAP del usuario y, por lo tanto, el filtrado basado en " +"grupos anidados puede no funcionar (e.g. el atributo memberOf sobre entradas " +"AD apunta solo a los parientes directos). Si se requiere el filtrado basado " +"en grupos anidados, vea por favor <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1324 +msgid "Example:" +msgstr "Ejemplo:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1327 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1331 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" +"Este ejemplo significa que el acceso a este host está restringido a los " +"usuarios cuyo atributo employeeType esté establecido a \"admin\"." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1336 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice versa." +msgstr "" +"El almacenamiento en caché sin conexión para esta función está limitado a " +"determinar si el último inicio de sesión del usuario recibió permiso de " +"acceso. Si obtuvieron permiso de acceso durante su último inicio de sesión, " +"se les seguirán otorgando acceso sin conexión y viceversa." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 +msgid "Default: Empty" +msgstr "Predeterminado: vacío" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1350 +msgid "ldap_account_expire_policy (string)" +msgstr "ldap_account_expire_policy (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1353 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" +"Con esta opción pueden ser habilitados los atributos de evaluación de " +"control de acceso del lado cliente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1357 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" +"Por favor advierta que siempre se recomienda utilizar el control de acceso " +"del lado servidor, esto es el servidor LDAP denegaría petición de enlace con " +"una código de error definible aunque el password sea correcto." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1364 +msgid "The following values are allowed:" +msgstr "Los siguientes valores están permitidos:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1367 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" +"<emphasis>shadow</emphasis>: usa el valor de ldap_user_shadow_expire para " +"determinar si la cuenta ha expirado." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1372 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" +"<emphasis>ad</emphasis>: usa el valor del campo de 32 bit " +"ldap_user_ad_user_account_control y permite el acceso si el segundo bit no " +"está fijado. Si el atributo está desaparecido se concede el acceso. También " +"se comprueba el tiempo de expiración de la cuenta." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1379 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: usa el valor de ldap_ns_account_lock para comprobar si se permite " +"el acceso o no." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" +"<emphasis>nds</emphasis>: los valores de " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled y " +"ldap_user_nds_login_expiration_time se usan para comprobar si el acceso está " +"permitido. Si ambos atributos están desaparecidos se concede el acceso." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1393 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" +"Por favor advierta que la opción de configuración ldap_access_order " +"<emphasis>debe</emphasis> incluir <quote>expire</quote> con el objetivo de " +"la opción ldap_account_expire_policy funcione." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1406 +msgid "ldap_access_order (string)" +msgstr "ldap_access_order (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" +"Lista separada por coma de opciones de control de acceso. Los valores " +"permitidos son:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1413 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "<emphasis>filtro</emphasis>: utilizar ldap_access_filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1416 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" +"<emphasis>lockout</emphasis>: usar bloqueo de cuenta. Si se establece, esta " +"opción deniega el acceso en el caso de que el atributo ldap " +"'pwdAccountLockedTime' esté presente y tenga un valor de '000001010000Z'. " +"Por favor vea la opción ldap_pwdlockout_dn. Por favor advieta que " +"'access_provider = ldap' debe ser establecido para que está característica " +"funciones." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1426 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" +"<emphasis> Por favor tenga en cuenta que esta opción es reemplazada por la " +"opción <quote>ppolicy</quote> y puede ser quitada en un futuro lanzamiento. " +"</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1433 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" +"<emphasis>ppolicy</emphasis>: usar bloqueo de cuenta. Si se establece, esta " +"opción deniega el acceso en el caso de que el atributo ldap " +"'pwdAccountLockedTime' esté presente y tenga un valor de '000001010000Z' o " +"represente cualquier momento en el pasado. El valor del atributo " +"'pwdAccountLockedTime' debe terminar con 'Z', que denota la zona horaria " +"UTC. Otras zonas horarias no se soportan actualmente y llevarán a \"access-" +"denied\" cuando los usuarios intenten acceder. Por favor vea la opción " +"ldap_pwdlockout_dn. Por favor advierta que 'access_provider = ldap' debe " +"estar establecido para que esta característica funcione." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1450 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "<emphasis>caducar</emphasis>: utilizar ldap_account_expire_policy" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> Estas opciones son útiles si los " +"usuarios están interesados en que se les avise de que la contraseña está " +"próxima a expirar y la autenticación está basada en la utilización de un " +"método distinto a las contraseñas - por ejemplo claves SSH." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 +msgid "" +"The difference between these options is the action taken if user password is " +"expired:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 +msgid "pwd_expire_policy_reject - user is denied to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 +msgid "pwd_expire_policy_warn - user is still able to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 +msgid "" +"pwd_expire_policy_renew - user is prompted to change their password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1489 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" +"Por favor advierta que 'access_provider = ldap' debe estar establecido para " +"que esta función trabaje. También 'ldap_pwd_policy' debe estar establecido " +"para una política de contraseña apropiada." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" +"<emphasis>authorized_service</emphasis>: utilizar el atributo " +"autorizedService para determinar el acceso" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1499 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" +"<emphasis>host</emphasis>: usa el atributo host para determinar el acceso" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1503 +msgid "" +"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " +"remote host can access" +msgstr "" +"<emphasis>rhost</emphasis>: usar el atributo rhost para determinar si el " +"host remoto puede acceder" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "" +"Please note, rhost field in pam is set by application, it is better to check " +"what the application sends to pam, before enabling this access control option" +msgstr "" +"Por favor advierta el campo rhost en pam es establecido por la aplicación, " +"es mejor comprobar que la aplicación lo envía a pam, antes de habilitar esta " +"opción de control de acceso" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1512 +msgid "Default: filter" +msgstr "Predeterminado: filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1515 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" +"Tenga en cuenta que es un error de configuración si un valor es usado más de " +"una vez." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1522 +msgid "ldap_pwdlockout_dn (string)" +msgstr "ldap_pwdlockout_dn (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1525 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" +"Esta opción especifica la DN de la contraseña de entrada a la política sobre " +"un servidor LDAP. Tenga en cuenta que la ausencia de esta opción en sssd." +"conf en caso de verificación de bloqueo de cuenta habilitada dará como " +"resultado el acceso denegado ya que los atributos ppolicy en el servidor " +"LDAP no pueden verificarse correctamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1533 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "Ejemplo: cn=ppolicy,ou=policies,dc=example,dc=com" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1536 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "Predeterminado: cn=ppolicy,ou=policies,$ldap_search_base" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1542 +msgid "ldap_deref (string)" +msgstr "ldap_deref (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1545 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" +"Especifica cómo se hace la eliminación de referencias al alias cuando se " +"lleva a cabo una búsqueda. Están permitidas las siguientes opciones:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1550 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" +"<emphasis>never</emphasis>: Nunca serán eliminadas las referencias al alias." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" +"<emphasis>searching</emphasis>: Las referencias al alias son eliminadas en " +"subordinadas del objeto base, pero no en localización del objeto base de la " +"búsqueda." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1559 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" +"<emphasis>finding</emphasis>: Sólo se eliminarán las referencias a alias " +"cuando se localice el objeto base de la búsqueda." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1564 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" +"<emphasis>always</emphasis>: Las referencias al alias se eliminarán tanto " +"para la búsqueda como en la localización del objeto base de la búsqueda." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1569 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" +"Por defecto: Vacío (esto es manejado como <emphasis>nunca</emphasis> por las " +"librerías cliente LDAP)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1577 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "ldap_rfc2307_fallback_to_local_users (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1580 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" +"Permite retener los usuarios locales como miembros de un grupo LDAP para " +"servidores que usan el esquema RFC2307." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1584 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" +"En algunos entornos donde se usa el esquema RFC2307, los usuarios locales " +"son hechos miembros de los grupos LDAP añadiendo sus nombres al atributo " +"memberUid. La autoconsistencia del dominio se ve comprometida cuando se hace " +"esto, de modo que SSSD debería normalmente quitar los usuarios " +"“desparecidos” de las afiliaciones a grupos escondidas tan pronto como " +"nsswitch intenta ir a buscar información del usuario por medio de las " +"llamadas getpw*() o initgroups()." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1595 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" +"Esta opción cae de nuevo en comprobar si los usuarios locales están " +"referenciados, y los almacena en caché de manera que más tarde las llamadas " +"initgroups() aumentará los usuarios locales con los grupos LDAP adicionales." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 +msgid "wildcard_limit (integer)" +msgstr "wildcard_limit (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1610 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" +"Especifica un límite superior sobre el número de entradas que son " +"descargadas durante una búsqueda de comodín." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1614 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" +"En este momento solo el respondedor InfoPipe soporta búsqueda de comodín" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "Default: 1000 (often the size of one page)" +msgstr "Predeterminado: 1000 (frecuentemente el tamaño de una página)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1624 +#, fuzzy +#| msgid "debug_level (integer)" +msgid "ldap_library_debug_level (integer)" +msgstr "debug_level (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1627 +msgid "" +"Switches on libldap debugging with the given level. The libldap debug " +"messages will be written independent of the general debug_level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1632 +msgid "" +"OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " +"enable full debug output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1637 +#, fuzzy +#| msgid "Default: 0 (disabled)" +msgid "Default: 0 (libldap debugging disabled)" +msgstr "Predeterminado: 0 (deshabilitado)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:52 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. Note that SSSD " +"LDAP mapping attributes are described in the <citerefentry> " +"<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Todas las opciones comunes de configuración que se aplican a los dominios " +"SSSD tambien se aplican a los dominios LDAP. Vea la sección <quote>DOMAIN " +"SECTIONS</quote> de la página de manual <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para todos los " +"detalles. Advierta que los atributos de mapeo SSSD LDAP están descritos en " +"la página de manual <citerefentry> <refentrytitle>sssd-ldap-attributes</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1647 +msgid "SUDO OPTIONS" +msgstr "OPCIONES SUDO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1649 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Las instrucciones detalladas para la configuración de sudo_provider están en " +"la página de manual <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1660 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "ldap_sudo_full_refresh_interval (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1663 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" +"Cuantos segundos esperará SSSD entre ejecutar un refresco total de las " +"reglas sudo (que descarga todas las reglas que están almacenadas en el " +"servidor)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1668 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" +"El valor debe ser mayor que <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1673 +msgid "" +"You can disable full refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 +msgid "Default: 21600 (6 hours)" +msgstr "Por defecto: 21600 (6 horas)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "ldap_sudo_smart_refresh_interval (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest " +"server USN value that is currently known by SSSD)." +msgstr "" +"Cuantos segundos tiene SSSD que esperar antes de ejecutar una actualización " +"inteligente de las reglas sudo (lo que descarga todas las reglas que tienen " +"un USN más alto que el valor más alto del servidor USN que conoce " +"actualmente SSSD)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1693 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" +"Si los atributos USN no se soportan por el servidor, se usa en su lugar el " +"atributo modifyTimestamp." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1697 +msgid "" +"<emphasis>Note:</emphasis> the highest USN value can be updated by three " +"tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +"enumeration of users and groups (if enabled and updated users or groups are " +"found) and 3) by reconnecting to the server (by default every 15 minutes, " +"see <emphasis>ldap_connection_expire_timeout</emphasis>)." +msgstr "" +"<emphasis>Aviso:</emphasis> el valor más alto de USN puede ser actualizado " +"por tres tareas: 1) Por una actualización total o inteligente de sudo (si se " +"encuentran reglas actualizadas), 2) por la enumeración de usuarios y grupos " +"(si se encuentran usuarios y grupos habilitados y actualizados) y 3) " +"reconectando con el servidor (por defecto cada 15 minutos, vea " +"<emphasis>ldap_connection_expire_timeout</emphasis>)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1708 +msgid "" +"You can disable smart refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1719 +#, fuzzy +#| msgid "ldap_idmap_range_size (integer)" +msgid "ldap_sudo_random_offset (integer)" +msgstr "ldap_idmap_range_size (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1722 +msgid "" +"Random offset between 0 and configured value is added to smart and full " +"refresh periods each time the periodic task is scheduled. The value is in " +"seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Note that this random offset is also applied on the first SSSD start which " +"delays the first sudo rules refresh. This prolongs the time when the sudo " +"rules are not available for use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1734 +msgid "You can disable this offset by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1744 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "ldap_sudo_use_host_filter (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1747 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" +"Si es true, SSSD descargará sólo las reglas que son aplicables a esta " +"máquina (usando las direcciones de host/red y nombres de host IPv4 o IPv6)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1758 +msgid "ldap_sudo_hostnames (string)" +msgstr "ldap_sudo_hostnames (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1761 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" +"Lista separada por espacios de nombres de host o nombres de dominio " +"totalmente cualificados que sería usada para filtrar las reglas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1766 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" +"Si esta opción está vacía, SSSD intentará descubrir el nombre de host y el " +"nombre de dominio totalmente cualificado automáticamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" +"Si <emphasis>ldap_sudo_use_host_filter</emphasis> es <emphasis>false</" +"emphasis> esta opción no tiene efecto." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 +msgid "Default: not specified" +msgstr "Por defecto: no especificado" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1782 +msgid "ldap_sudo_ip (string)" +msgstr "ldap_sudo_ip (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1785 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" +"Lista separada por espacios de direcciones de host/red IPv4 o IPv6 que sería " +"usada para filtrar las reglas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1790 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" +"esta opción está vacía, SSSD intentará descrubrir las direcciones " +"automáticamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1805 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "sudo_include_netgroups (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1808 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" +"Si está a true SSSD descargará cada regla que contenga un grupo de red en el " +"atributo sudoHost." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1823 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "ldap_sudo_include_regexp (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1826 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" +"Si es verdad SSSD descargará cada regla que contenga un comodín en el " +"atributo sudoHost." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +#: sssd-ldap.5.xml:1836 +msgid "" +"Using wildcard is an operation that is very costly to evaluate on the LDAP " +"server side!" +msgstr "" +"¡Usar comodines es una operación que es muy costosa de evaluar en el lado " +"del servidor LDAP!" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1848 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" +"Esta página de manual sólo describe el atributo de nombre mapping. Para una " +"explicación detallada de la semántica del atributo relacionada con sudo, vea " +"<citerefentry> <refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1858 +msgid "AUTOFS OPTIONS" +msgstr "OPCIONES AUTOFS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" +"Algunos de los valores por defecto para los parámetros de abajo dependen del " +"esquema LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1866 +msgid "ldap_autofs_map_master_name (string)" +msgstr "ldap_autofs_map_master_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1869 +msgid "The name of the automount master map in LDAP." +msgstr "El nombre del mapa maestro de montaje automático en LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1872 +msgid "Default: auto.master" +msgstr "Pfredeterminado: auto.master" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1883 +msgid "ADVANCED OPTIONS" +msgstr "OPCIONES AVANZADAS" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1890 +msgid "ldap_netgroup_search_base (string)" +msgstr "ldap_netgroup_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1895 +msgid "ldap_user_search_base (string)" +msgstr "ldap_user_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1900 +msgid "ldap_group_search_base (string)" +msgstr "ldap_group_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:1905 +msgid "<note>" +msgstr "<note>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no GID mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" +"Si la opción <quote>ldap_use_tokengroups</quote> está habilitada, las " +"búsquedas contra Active Directory no serán restringidas y devolverán todos " +"los grupos miembros, incluso sin mapeo GID. Se recomienda deshabilitar esta " +"función, si los nombres de grupo no están siendo visualizados correctamente." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:1914 +msgid "</note>" +msgstr "</note>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1916 +msgid "ldap_sudo_search_base (string)" +msgstr "ldap_sudo_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_autofs_search_base (string)" +msgstr "ldap_autofs_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1885 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder " +"type=\"variablelist\" id=\"1\"/>" +msgstr "" +"Estas opciones están soportadas por dominios LDAP, pero deberían ser usadas " +"con precaución. Por favor incluyalas en su configuración si usted sabe lo " +"que está haciendo. <placeholder type=\"variablelist\" id=\"0\"/> " +"<placeholder type=\"variablelist\" id=\"1\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 +msgid "EXAMPLE" +msgstr "EJEMPLO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" +"El siguiente ejemplo asume que SSSS está configurado correctamente y LDAP " +"está fijado a uno de los dominios de la sección <replaceable>[domains]</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1944 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 +#: include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1955 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "EJEMPLO DE FILTRO DE ACCESO LDAP" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1957 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" +"El siguiente ejemplo asume que SSSD está correctamente configurado y usa " +"ldap_access_order=lockout." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1962 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "NOTAS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1979 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" +"Las descripciones de algunas de las opciones de configuración en esta página " +"de manual están basadas en la página de manual <citerefentry> " +"<refentrytitle>ldap.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> de la distribución OpenLDAP 2.4." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:11 pam_sss.8.xml:16 +msgid "pam_sss" +msgstr "pam_sss" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: pam_sss.8.xml:12 pam_sss_gss.8.xml:12 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11 +#: sssd_krb5_localauth_plugin.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:17 +msgid "PAM module for SSSD" +msgstr "Módulo PAM para SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:22 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg " +"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg " +"choice='opt'> <replaceable>prompt_always</replaceable> </arg> <arg " +"choice='opt'> <replaceable>try_cert_auth</replaceable> </arg> <arg " +"choice='opt'> <replaceable>require_cert_auth</replaceable> </arg>" +msgstr "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg " +"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg " +"choice='opt'> <replaceable>prompt_always</replaceable> </arg> <arg " +"choice='opt'> <replaceable>try_cert_auth</replaceable> </arg> <arg " +"choice='opt'> <replaceable>require_cert_auth</replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:64 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" +"<command>pam_sss.so</command> es la interfaz PAM para el demonio Servicios " +"de Seguridad de Sistema (SSSD). Los errores y resultados son registrados a " +"través de <command>syslog(3)</command> con la facilidad LOG_AUTHPRIV." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123 +#: sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "OPCIONES" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:74 +msgid "<option>quiet</option>" +msgstr "<option>quiet</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:77 +msgid "Suppress log messages for unknown users." +msgstr "Suprime el registro de mensajes de usuarios desconocidos." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>forward_pass</option>" +msgstr "<option>forward_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" +"Si <option>forward_pass</option> está fijada el password introducido se pone " +"en la pila para que lo usen otros módulos PAM." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:92 +msgid "<option>use_first_pass</option>" +msgstr "<option>use_first_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:95 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" +"El argumento use_first_pass fuerza al módulo a usar un módulo de password " +"apilado previamente y nunca preguntará al usuario - si no hay password " +"disponible o el password no es apropiado, se denegará el acceso al usuario." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>use_authtok</option>" +msgstr "<option>use_authtok</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" +"Cuando cambia el password fuerza al módulo a fijar el nuevo password a uno " +"suministrado por un módulo de password previamente apilado." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:113 +msgid "<option>retry=N</option>" +msgstr "<option>retry=N</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:116 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" +"Si el usuario especificado es preguntado N veces por un password si la " +"autenticación falla. Por defecto es 0." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:118 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" +"Por favor advierta que esta opción puede no trabajar como se espera llamando " +"PAM a manejar el diálogo de usuario por el mismo. Un ejecplo típico es " +"<command>sshd</command> con <option>PasswordAuthentication</option>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_unknown_user</option>" +msgstr "<option>ignore_unknown_user</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:130 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" +"Si se especifica esta opción y el usuario no existe, el módulo PAM devolverá " +"PAM_IGNORE. Esto origina que el marco de referencia PAM ignore este módulo." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:137 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "<option>ignore_authinfo_unavail</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:141 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" +"Especifica que el módulo PAM debería devolver PAM_IGNORE si no puede " +"contactar con el demonio SSSD. Esto causa que el marco de referencia PAM " +"ignore este módulo." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:148 +msgid "<option>domains</option>" +msgstr "<option>domains</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:152 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" +"Permite al administrador restringir los dominios contra los que un servicio " +"PAM particular puede autenticarse. El formato es una lista separada por " +"comas de nombres de dominio SSSD, como se especifica en el fichero sssd.conf." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:158 +#, fuzzy +#| msgid "" +#| "NOTE: Must be used in conjunction with the <quote>pam_trusted_users</" +#| "quote> and <quote>pam_public_domains</quote> options. Please see the " +#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> manual page for more information on these two " +#| "PAM responder options." +msgid "" +"NOTE: If this is used for a service not running as root user, e.g. a web-" +"server, it must be used in conjunction with the <quote>pam_trusted_users</" +"quote> and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" +"AVISO: Se debe usar junto con las opciones <quote>pam_trusted_users</quote> " +"y <quote>pam_public_domains</quote>. Por favor vea la página de manual " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> para mas información sobre estas dos opciones del " +"respondedor PAM." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:173 +msgid "<option>allow_missing_name</option>" +msgstr "<option>allow_missing_name</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:177 +msgid "" +"The main purpose of this option is to let SSSD determine the user name based " +"on additional information, e.g. the certificate from a Smartcard." +msgstr "" +"El propósito principal de esta opción es dejar que SSSD determine el nombre " +"de usuario en base a información adicional, e.g. el certificado de una " +"Smartcard." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: pam_sss.8.xml:187 +#, no-wrap +msgid "" +"auth sufficient pam_sss.so allow_missing_name\n" +" " +msgstr "" +"auth sufficient pam_sss.so allow_missing_name\n" +" " + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:182 +msgid "" +"The current use case are login managers which can monitor a Smartcard reader " +"for card events. In case a Smartcard is inserted the login manager will call " +"a PAM stack which includes a line like <placeholder type=\"programlisting\" " +"id=\"0\"/> In this case SSSD will try to determine the user name based on " +"the content of the Smartcard, returns it to pam_sss which will finally put " +"it on the PAM stack." +msgstr "" +"El caso de uso actual son los administradores de inicio de sesión que pueden " +"monitorear un lector de tarjetas inteligentes para eventos de tarjetas. En " +"el caso de que una Smartcard se inserte el administrador de inicio de sesión " +"llamara a la pila PAM que incluye una línea como <placeholder " +"type=\"programlisting\" id=\"0\"/> En este caso SSSD intentará determinar el " +"nobre de usuairo en base al contenido de la tarjeta inteligente, se lo " +"devolverá a pam_sss quien finalmente lo pondrá en la pila PAM." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:197 +msgid "<option>prompt_always</option>" +msgstr "<option>prompt_always</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:201 +msgid "" +"Always prompt the user for credentials. With this option credentials " +"requested by other PAM modules, typically a password, will be ignored and " +"pam_sss will prompt for credentials again. Based on the pre-auth reply by " +"SSSD pam_sss might prompt for a password, a Smartcard PIN or other " +"credentials." +msgstr "" +"Solicita siempre al usuario las credenciales. Con esta opción las " +"credenciales pedidas por otros módulos PAM, normalmente una contraseña, " +"serán ignoradas y pam_sss solicitará las credenciales otra vez. En base a la " +"respuesta pre autorización de SSSD pam_sss debe solicitar una contraseña, un " +"Smartcard PIN u otras credenciales." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:212 +msgid "<option>try_cert_auth</option>" +msgstr "<option>try_cert_auth</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:216 +msgid "" +"Try to use certificate based authentication, i.e. authentication with a " +"Smartcard or similar devices. If a Smartcard is available and the service is " +"allowed for Smartcard authentication the user will be prompted for a PIN and " +"the certificate based authentication will continue" +msgstr "" +"Intenta usar autenticación basada en certificado, i.e. autenticación con una " +"tarjeta inteligente o dispositivos similares. Si hay disponible una " +"Smartcard y el servicio tiene permitido la autenticación Smartcard se le " +"pedirá al usuario un PIN y continuará la autenticación basada en certificado" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:224 +msgid "" +"If no Smartcard is available or certificate based authentication is not " +"allowed for the current service PAM_AUTHINFO_UNAVAIL is returned." +msgstr "" +"Si no hay Smartcard disponible o la autenticación basada en certificado no " +"está permitida para el servicio actual se devuelve PAM_AUTHINFO_UNAVAIL." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:232 +msgid "<option>require_cert_auth</option>" +msgstr "<option>require_cert_auth</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:236 +msgid "" +"Do certificate based authentication, i.e. authentication with a Smartcard " +"or similar devices. If a Smartcard is not available the user will be " +"prompted to insert one. SSSD will wait for a Smartcard until the timeout " +"defined by p11_wait_for_card_timeout passed, please see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" +"Hace la autenticación en base a certificado, i.e. autenticación con " +"Smartcard o dispositivos similares. Si no hay una Smartcard disponible se " +"pedirá al usuario que inserte una. SSSD esperará una Smartcard hasta el " +"tiempo límite definido por p11_wait_for_card_timeout passed, más detalles en " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:246 +msgid "" +"If no Smartcard is available after the timeout or certificate based " +"authentication is not allowed for the current service PAM_AUTHINFO_UNAVAIL " +"is returned." +msgstr "" +"Si no hay Smartcard disponible después del tiempo límite o no está pemitida " +"la autenticación basada en certificado para el servicio actual se devolverá " +"PAM_AUTHINFO_UNAVAIL." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:256 pam_sss_gss.8.xml:103 +msgid "MODULE TYPES PROVIDED" +msgstr "TIPOS DE MÓDULOS SUMINISTRADOS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:257 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" +"Todos los tipos de módulos (<option>account</option>, <option>auth</option>, " +"<option>password</option> y <option>session</option>) son suministrados." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:260 +msgid "" +"If SSSD's PAM responder is not running, e.g. if the PAM responder socket is " +"not available, pam_sss will return PAM_USER_UNKNOWN when called as " +"<option>account</option> module to avoid issues with users from other " +"sources during access control." +msgstr "" +"Si el respondedor PAM de SSSD no está corriendo, e.g. si el socket " +"respondedor PAM no esta disponible, pam_sss devolverá PAM_USER_UNKNOWN " +"cuando se llame como módulo <option>account</option> para evitar problemas " +"con usuarios de otras fuentes durante el control de acceso." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:267 pam_sss_gss.8.xml:108 +msgid "RETURN VALUES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:270 pam_sss_gss.8.xml:111 +msgid "PAM_SUCCESS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:273 pam_sss_gss.8.xml:114 +msgid "The PAM operation finished successfully." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:278 pam_sss_gss.8.xml:119 +msgid "PAM_USER_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:281 +msgid "" +"The user is not known to the authentication service or the SSSD's PAM " +"responder is not running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:287 pam_sss_gss.8.xml:128 +msgid "PAM_AUTH_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:290 +msgid "" +"Authentication failure. Also, could be returned when there is a problem with " +"getting the certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:296 +msgid "PAM_PERM_DENIED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:299 +msgid "" +"Permission denied. The SSSD log files may contain additional information " +"about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:305 +msgid "PAM_IGNORE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:308 +msgid "" +"See options <option>ignore_unknown_user</option> and " +"<option>ignore_authinfo_unavail</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:314 +msgid "PAM_AUTHTOK_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:317 +msgid "" +"Unable to obtain the new authentication token. Also, could be returned when " +"the user authenticates with certificates and multiple certificates are " +"available, but the installed version of GDM does not support selection from " +"multiple certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:325 pam_sss_gss.8.xml:136 +msgid "PAM_AUTHINFO_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:328 pam_sss_gss.8.xml:139 +msgid "" +"Unable to access the authentication information. This might be due to a " +"network or hardware failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:334 +msgid "PAM_BUF_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:337 +msgid "" +"A memory error occurred. Also, could be returned when options use_first_pass " +"or use_authtok were set, but no password was found from the previously " +"stacked PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:344 pam_sss_gss.8.xml:145 +msgid "PAM_SYSTEM_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:347 pam_sss_gss.8.xml:148 +msgid "" +"A system error occurred. The SSSD log files may contain additional " +"information about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:353 +msgid "PAM_CRED_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:356 +msgid "Unable to set the credentials of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:361 +msgid "PAM_CRED_INSUFFICIENT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:364 +msgid "" +"The application does not have sufficient credentials to authenticate the " +"user. For example, missing PIN during smartcard authentication or missing " +"factor during two-factor authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:372 +msgid "PAM_SERVICE_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:375 +msgid "Error in service module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:380 +msgid "PAM_NEW_AUTHTOK_REQD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:383 +msgid "The user's authentication token has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:388 +msgid "PAM_ACCT_EXPIRED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:391 +msgid "The user account has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:396 +msgid "PAM_SESSION_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:399 +msgid "Unable to fetch IPA Desktop Profile rules or user info." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:404 +msgid "PAM_CRED_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:407 +msgid "Unable to retrieve Kerberos user credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:412 +msgid "PAM_NO_MODULE_DATA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:415 +msgid "" +"No authentication method was found by Kerberos. This might happen if the " +"user has a Smartcard assigned but the pkint plugin is not available on the " +"client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:422 +msgid "PAM_CONV_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:425 +msgid "Conversation failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:430 +msgid "PAM_AUTHTOK_LOCK_BUSY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:433 +msgid "No KDC suitable for password change is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:438 +msgid "PAM_ABORT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:441 +msgid "Unknown PAM call." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:446 +msgid "PAM_MODULE_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:449 +msgid "Unsupported PAM task or command." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:454 +msgid "PAM_BAD_ITEM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:457 +msgid "The authentication module cannot handle Smartcard credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:465 +msgid "FILES" +msgstr "ARCHIVOS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:466 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" +"Si un password se resetea por un fallo de root, como el correspondiente " +"proveedor SSSD no soporta el reseteo de password, se puede mostrar un " +"mensaje individual. Este mensaje puede, por ejemplo, contener instrucciones " +"sobre como resetear un password." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:471 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" +"El mensaje se lee desde el fichero <filename>pam_sss_pw_reset_message.LOC</" +"filename> donde LOC destaca una cadena de lugar devuelta por <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. Si no hay fichero coincidente se muestra el contenido de " +"<filename>pam_sss_pw_reset_message.txt</filename>. Root debe ser el " +"propietario de los ficheros y sólo root puede tener permisos de lectura y " +"escritura mientras que todos los demás usuarios sólo tienen permisos de " +"lectura." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:481 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" +"Estos ficheros son buscados en el directorio <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. Si no hay archivos coincidentes se muestra un " +"mensaje genérico." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss_gss.8.xml:11 pam_sss_gss.8.xml:16 +#, fuzzy +#| msgid "pam_sss" +msgid "pam_sss_gss" +msgstr "pam_sss" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss_gss.8.xml:17 +#, fuzzy +#| msgid "PAM module for SSSD" +msgid "PAM module for SSSD GSSAPI authentication" +msgstr "Módulo PAM para SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss_gss.8.xml:22 +#, fuzzy +#| msgid "" +#| "<command>sssd</command> <arg choice='opt'> <replaceable>options</" +#| "replaceable> </arg>" +msgid "" +"<command>pam_sss_gss.so</command> <arg choice='opt'> <replaceable>debug</" +"replaceable> </arg>" +msgstr "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:32 +msgid "" +"<command>pam_sss_gss.so</command> authenticates user over GSSAPI in " +"cooperation with SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:36 +msgid "" +"This module will try to authenticate the user using the GSSAPI hostbased " +"service name host@hostname which translates to host/hostname@REALM Kerberos " +"principal. The <emphasis>REALM</emphasis> part of the Kerberos principal " +"name is derived by Kerberos internal mechanisms and it can be set explicitly " +"in configuration of [domain_realm] section in /etc/krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:44 +msgid "" +"SSSD is used to provide desired service name and to validate the user's " +"credentials using GSSAPI calls. If the service ticket is already present in " +"the Kerberos credentials cache or if user's ticket granting ticket can be " +"used to get the correct service ticket then the user will be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:51 +msgid "" +"If <option>pam_gssapi_check_upn</option> is True (default) then SSSD " +"requires that the credentials used to obtain the service tickets can be " +"associated with the user. This means that the principal that owns the " +"Kerberos credentials must match with the user principal name as defined in " +"LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:58 +msgid "" +"To enable GSSAPI authentication in SSSD, set <option>pam_gssapi_services</" +"option> option in [pam] or domain section of sssd.conf. The service " +"credentials need to be stored in SSSD's keytab (it is already present if you " +"use ipa or ad provider). The keytab location can be set with " +"<option>krb5_keytab</option> option. See <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> and " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more details on these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:74 +msgid "" +"Some Kerberos deployments allow to associate authentication indicators with " +"a particular pre-authentication method used to obtain the ticket granting " +"ticket by the user. <command>pam_sss_gss.so</command> allows to enforce " +"presence of authentication indicators in the service tickets before a " +"particular PAM service can be accessed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:82 +msgid "" +"If <option>pam_gssapi_indicators_map</option> is set in the [pam] or domain " +"section of sssd.conf, then SSSD will perform a check of the presence of any " +"configured indicators in the service ticket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss_gss.8.xml:93 +#, fuzzy +#| msgid "<option>quiet</option>" +msgid "<option>debug</option>" +msgstr "<option>quiet</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:96 +msgid "Print debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:104 +msgid "Only the <option>auth</option> module type is provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:122 +msgid "" +"The user is not known to the authentication service or the GSSAPI " +"authentication is not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:131 +msgid "Authentication failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:159 +msgid "" +"The main use case is to provide password-less authentication in sudo but " +"without the need to disable authentication completely. To achieve this, " +"first enable GSSAPI authentication for sudo in sssd.conf:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:165 +#, no-wrap +msgid "" +"[domain/MYDOMAIN]\n" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:169 +msgid "" +"And then enable the module in desired PAM stack (e.g. /etc/pam.d/sudo and /" +"etc/pam.d/sudo-i)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:173 +#, no-wrap +msgid "" +"...\n" +"auth sufficient pam_sss_gss.so\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss_gss.8.xml:180 +msgid "TROUBLESHOOTING" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:182 +msgid "" +"SSSD logs, pam_sss_gss debug output and syslog may contain helpful " +"information about the error. Here are some common issues:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:186 +msgid "" +"1. I have KRB5CCNAME environment variable set and the authentication does " +"not work: Depending on your sudo version, it is possible that sudo does not " +"pass this variable to the PAM environment. Try adding KRB5CCNAME to " +"<option>env_keep</option> in /etc/sudoers or in your LDAP sudo rules default " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:193 +msgid "" +"2. Authentication does not work and syslog contains \"Server not found in " +"Kerberos database\": Kerberos is probably not able to resolve correct realm " +"for the service ticket based on the hostname. Try adding the hostname " +"directly to <option>[domain_realm]</option> in /etc/krb5.conf like so:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:200 +msgid "" +"3. Authentication does not work and syslog contains \"No Kerberos " +"credentials available\": You don't have any credentials that can be used to " +"obtain the required service ticket. Use kinit or authenticate over SSSD to " +"acquire those credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:206 +msgid "" +"4. Authentication does not work and SSSD sssd-pam log contains \"User with " +"UPN [$UPN] was not found.\" or \"UPN [$UPN] does not match target user " +"[$username].\": You are using credentials that can not be mapped to the user " +"that is being authenticated. Try to use kswitch to select different " +"principal, make sure you authenticated with SSSD or consider disabling " +"<option>pam_gssapi_check_upn</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:214 +#, no-wrap +msgid "" +"[domain_realm]\n" +".myhostname = MYREALM\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "sssd_krb5_locator_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "Complemento localizador Kerberos" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by libkrb5 to find KDCs for a given Kerberos realm. SSSD provides such " +"a plugin to guide all Kerberos clients on a system to a single KDC. In " +"general it should not matter to which KDC a client process is talking to. " +"But there are cases, e.g. after a password change, where not all KDCs are in " +"the same state because the new data has to be replicated first. To avoid " +"unexpected authentication failures and maybe even account lockings it would " +"be good to talk to a single KDC as long as possible." +msgstr "" +"El complemento localizador Kerberos <command>sssd_krb5_locator_plugin</" +"command> es usado por libkrb5 para encontrar KDCs en un reino Kerberos dado. " +"SSSD proporciona dicho complemento para guiar a todos los clientes Kerberos " +"es un sistema a un único KDC. En general, no debería importar con qué KDC " +"está hablando un proceso de cliente. Pero hay casos, e.g. después de un " +"cambio de contraseña, donde no todos los KDCs etán en el mismo estado porque " +"los nuevos datos tienen que ser replicados primero. Para evitar fallos de " +"autenticación inesperados y quizás bloqueos de cuentas sería bueno hablar " +"con un único KDC todo lo que sea posible." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:34 +msgid "" +"libkrb5 will search the locator plugin in the libkrb5 sub-directory of the " +"Kerberos plugin directory, see plugin_base_dir in <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for details. The plugin can only be disabled by removing the " +"plugin file. There is no option in the Kerberos configuration to disable it. " +"But the SSSD_KRB5_LOCATOR_DISABLE environment variable can be used to " +"disable the plugin for individual commands. Alternatively the SSSD option " +"krb5_use_kdcinfo=False can be used to not generate the data needed by the " +"plugin. With this the plugin is still called but will provide no data to the " +"caller so that libkrb5 can fall back to other methods defined in krb5.conf." +msgstr "" +"libkrb5 buscará el complemento localizador en el subdirectorio libkrb5 del " +"directorio de complementos Kerberos, vea más detalles en plugin_base_dir en " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. El complemento solo se puede deshabilitar " +"borrando el fichero del complemento. No hay opción en a configuración de " +"Kerberos para deshabilitarlo. Pero la variable de entorno " +"SSSD_KRB5_LOCATOR_DISABLE puede ser usada para deshabilitar el complemento " +"en comandos individuales. Alternativamente la opción SSSD " +"krb5_use_kdcinfo=False puede ser usada para no generar los datos necesarios " +"para el complemento. Con esto, todavía se llama al complemento, pero no " +"proporcionará datos a la persona que llama para que libkrb5 pueda recurrir a " +"otros métodos definidos en krb5.conf." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:50 +msgid "" +"The plugin reads the information about the KDCs of a given realm from a file " +"called <filename>kdcinfo.REALM</filename>. The file should contain one or " +"more DNS names or IP addresses either in dotted-decimal IPv4 notation or the " +"hexadecimal IPv6 notation. An optional port number can be added to the end " +"separated with a colon, the IPv6 address has to be enclosed in squared " +"brackets in this case as usual. Valid entries are:" +msgstr "" +"El complemento lee la información sobre los KDCs de un reino dado desde un " +"fichero llamado <filename>kdcinfo.REALM</filename>. El fichero debería " +"contener uno o más nombres de DNS o direcciones IP ya sea en anotación " +"decimal con puntos IPv4 o en anotación hexadecimal IPv6. Su puede añadir un " +"número de puerto adicional al final separado con dos puntos, la dirección " +"IPv6 tiene que estar encerrada entre corchetes en este caso como es usual. " +"Las entradas válidas son:" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:58 +msgid "kdc.example.com" +msgstr "kdc.example.com" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:59 +msgid "kdc.example.com:321" +msgstr "kdc.example.com:321" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:60 +msgid "1.2.3.4" +msgstr "1.2.3.4" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:61 +msgid "5.6.7.8:99" +msgstr "5.6.7.8:99" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:62 +msgid "2001:db8:85a3::8a2e:370:7334" +msgstr "2001:db8:85a3::8a2e:370:7334" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "[2001:db8:85a3::8a2e:370:7334]:321" +msgstr "[2001:db8:85a3::8a2e:370:7334]:321" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:65 +msgid "" +"SSSD's krb5 auth-provider which is used by the IPA and AD providers as well " +"adds the address of the current KDC or domain controller SSSD is using to " +"this file." +msgstr "" +"Krb5 auth-provider de SSSD que es utilizado por IPA y los proveedores AD que " +"también agrega la dirección del actual KDC o controlador de dominio SSSD se " +"utiliza para este fichero." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:70 +msgid "" +"In environments with read-only and read-write KDCs where clients are " +"expected to use the read-only instances for the general operations and only " +"the read-write KDC for config changes like password changes a " +"<filename>kpasswdinfo.REALM</filename> is used as well to identify read-" +"write KDCs. If this file exists for the given realm the content will be used " +"by the plugin to reply to requests for a kpasswd or kadmin server or for the " +"MIT Kerberos specific master KDC. If the address contains a port number the " +"default KDC port 88 will be used for the latter." +msgstr "" +"En entornos con KDCs de solo lectura y lectura-escritura donde los clientes " +"esperan usar las instancias solo lectura para las operaciones generales y " +"solo KDC de lectura-escritura para cambio de configuración como cambios de " +"contraseña se utiliza <filename>kpasswdinfo.REALM</filename> también para " +"identificar KDCs de lectura-escritura. Si existe este fichero para el reino " +"dado el contenido será usado por el complemento para contestar las " +"peticiones de un servidor kpasswd o kadmin opara el maestro específico KDC " +"MIT Kerberos. Si la dirección contiene un número de puerto el puerto " +"predeterminado KDC 88 será usado para los posteriores." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:85 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" +"No todas las implementaciones Kerberos soportan el uso de plugins. Si " +"<command>sssd_krb5_locator_plugin</command> no está disponible en su sistema " +"usted tiene que editar /etc/krb5.conf para reflejar sus ajustes Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:91 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" +"Si la variable de entorno SSSD_KRB5_LOCATOR_DEBUR está fijada a cualquier " +"valor los mensajes de depuración se enviarán a stderr." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:95 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value " +"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the " +"caller." +msgstr "" +"Si la variable de entorno SSSD_KRB5_LOCATOR_DISABLE está establecida a " +"cualquier valor el complemento es deshabilitado y y devolverá " +"KRB5_PLUGIN_NO_HANDLE al llamante." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:100 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES is set to " +"any value plugin will try to resolve all DNS names in kdcinfo file. By " +"default plugin returns KRB5_PLUGIN_NO_HANDLE to the caller immediately on " +"first DNS resolving failure." +msgstr "" +"Si la variable de entorno SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES etá " +"establecida a cualquier valor el complemento intentará resolver todos los " +"nombres DNS en el fichero kdcinfo. Por defecto el complemento devuelve " +"KRB5_PLUGIN_NO_HANDLE al llamante inmediatamente en el primer fallo " +"resolviendo DNS." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "sssd-simple" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" +"el fichero de configuración para en proveedor de control de acceso 'simple' " +"de SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" +"Esta página de manual describe la configuración del proveedor de control de " +"acceso simple para <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. Para una referencia detallada de " +"sintaxis, vea la sección <quote>FILE FORMAT</quote> de la página de manual " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" +"El proveedor de acceso simple otorga o deniega el acceso en base a una lista " +"de acceso o denegación de usuarios o grupo de nombres. Se aplican las " +"siguientes reglas:" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "Si todas las listas están vacías, se concede acceso" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" +"Si se ha suministrado alguna lista, el orden de evaluación es permitir," +"denegar. Esto significa que cualquier regla de denegación será saltada por " +"cualquier regla de permiso coincidente." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" +"Si una o ambas listas de \"permiso\" se suministran, todos los usuarios " +"serán denegados a no ser que aparezcan en la lista." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" +"Si sólo se suministran listas de \"denegación\", todos los usuarios " +"obtendran acceso a no ser que aparezcan en la lista." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "simple_allow_users (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "Lista separada por comas de usuarios a los está permitido el acceso." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "simple_deny_users (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" +"Lista separada por comas de usuarios a los que explicítamente se les deniega " +"el acceso." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "simple_allow_groups (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" +"Lista separada por comas de grupos que tienen permitido el acceso. Esto se " +"aplica sólo a los grupos dentro del dominio SSSD. Los grupos locales no " +"serán evaluados." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "simple_deny_groups (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" +"Lista separada por comas de grupos a los que explicítamente se les deniega " +"el acceso. Esto se aplica sólo a los grupos dentro del dominio SSSD. Los " +"grupos locales no serán evaluados." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:83 sssd-ad.5.xml:131 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Vea la sección <quote>DOMAIN SECTIONS</quote> de la página de manual " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> para detalles sobre la configuración de un " +"dominio SSSD. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" +"No especificando valores para ninguna de las listas es equivalente a " +"saltarle totalmente. Tenga cuidado de esto mientras genera parámetros para " +"el simple proveedor usando secuencias de comandos automatizadas." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" +"Por favor advierta que es un error de configuración si tanto, " +"simple_allow_users como simple_deny_user, están definidos." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" +"El siguiente ejemplo asume que SSSD está correctamente configurado y example." +"com es uno de los dominios en la sección <replaceable>[sssd]</replaceable>. " +"Este ejemplo muestra sólo las opciones específicas del proveedor de acceso " +"simple." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" +"La jerarquía completa de membresía del grupo se resuelve antes de la " +"comprobación de acceso, así incluso los grupos anidados se pueden incluir en " +"las listas de acceso. Por favor tenga cuidado en que la opción " +"<quote>ldap_group_nesting_level</quote> puede impactar en los resultados y " +"deberia ser establecidad a un valor suficiente. Opción (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>)." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss-certmap.5.xml:10 sss-certmap.5.xml:16 +msgid "sss-certmap" +msgstr "sss-certmap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss-certmap.5.xml:17 +msgid "SSSD Certificate Matching and Mapping Rules" +msgstr "Reglas de Correspondencia y Asignación de Certificados SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:23 +msgid "" +"The manual page describes the rules which can be used by SSSD and other " +"components to match X.509 certificates and map them to accounts." +msgstr "" +"La página de manual describe las reglas que pueden ser usadas por SSSD y " +"otros componentes para corresponder con los certificados X.509 y asignarlos " +"a cuentas." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:28 +msgid "" +"Each rule has four components, a <quote>priority</quote>, a <quote>matching " +"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</" +"quote>. All components are optional. A missing <quote>priority</quote> will " +"add the rule with the lowest priority. The default <quote>matching rule</" +"quote> will match certificates with the digitalSignature key usage and " +"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty " +"the certificates will be searched in the userCertificate attribute as DER " +"encoded binary. If no domains are given only the local domain will be " +"searched." +msgstr "" +"Cada regla tiene cuatro componentes, una <quote>priority</quote>, una " +"<quote>matching rule</quote>, una <quote>mapping rule</quote> y una " +"<quote>domain list</quote>. Todos los componentes son opcionales. Si no hay " +"<quote>priority</quote> se añadirá la regla con el nivel de prioridad más " +"bajo. La <quote>matching rule</quote> predeterminada hará coincidir los " +"certificados con la clave de utilización digitalSignature y la clave de " +"utilización extendida clientAuth. Si <quote>mapping rule</quote> está vacía " +"los certificados serán buscados en el atributo userCertificate como DER " +"codificado en binario. Si no se dan dominios solo se buscará en el dominio " +"local." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:39 +msgid "" +"To allow extensions or completely different style of rule the " +"<quote>mapping</quote> and <quote>matching rules</quote> can contain a " +"prefix separated with a ':' from the main part of the rule. The prefix may " +"only contain upper-case ASCII letters and numbers. If the prefix is omitted " +"the default type will be used which is 'KRB5' for the matching rules and " +"'LDAP' for the mapping rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:48 +msgid "" +"The 'sssctl' utility provides the 'cert-eval-rule' command to check if a " +"given certificate matches a matching rules and how the output of a mapping " +"rule would look like." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss-certmap.5.xml:55 +msgid "RULE COMPONENTS" +msgstr "COMPONENTES DE LA REGLA" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:57 +msgid "PRIORITY" +msgstr "PRIORIDAD" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:59 +msgid "" +"The rules are processed by priority while the number '0' (zero) indicates " +"the highest priority. The higher the number the lower is the priority. A " +"missing value indicates the lowest priority. The rules processing is stopped " +"when a matched rule is found and no further rules are checked." +msgstr "" +"Las reglas son procesados por prioridad sabiendo que el número '0' (cero) " +"indica la prioridad más alta. Más alto en número más baja la prioridad. Un " +"valor desaparecido indica la prioridad más baja. Las reglas de procesamiento " +"se para cuando una regla coincidente y no se comprueban más reglas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:66 +msgid "" +"Internally the priority is treated as unsigned 32bit integer, using a " +"priority value larger than 4294967295 will cause an error." +msgstr "" +"Internamente la prioridad se trata como un entero no firmado de 32 bitr, la " +"utilización de in valor de prioridad superior a 4294967295 causará un error." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:70 +msgid "" +"If multiple rules have the same priority and only one of the related " +"matching rules applies, this rule will be chosen. If there are multiple " +"rules with the same priority which matches, one is chosen but which one is " +"undefined. To avoid this undefined behavior either use different priorities " +"or make the matching rules more specific e.g. by using distinct <" +"ISSUER> patterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:79 +msgid "MATCHING RULE" +msgstr "REGLA DE COINCIDENCIA" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:81 +msgid "" +"The matching rule is used to select a certificate to which the mapping rule " +"should be applied. It uses a system similar to the one used by " +"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a " +"keyword enclosed by '<' and '>' which identified a certain part of the " +"certificate and a pattern which should be found for the rule to match. " +"Multiple keyword pattern pairs can be either joined with '&&' (and) " +"or '||' (or)." +msgstr "" +"La regla de coincidencia se usa para seleccionar un certificado al que sería " +"aplicado la regla de asignación. Usa un sistema similar al usado por la " +"opción <quote>pkinit_cert_match</quote> de MIT Kerberos. Consiste en una " +"clave encerrada entre '<' y '>' ue identifica una cierta parte del " +"certificado y un patrón para que la regla coincida. Se pueden unir varios " +"pares de palabras claves con '&&' (y) o '||' (o)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:90 +msgid "" +"Given the similarity to MIT Kerberos the type prefix for this rule is " +"'KRB5'. But 'KRB5' will also be the default for <quote>matching rules</" +"quote> so that \"<SUBJECT>.*,DC=MY,DC=DOMAIN\" and \"KRB5:<" +"SUBJECT>.*,DC=MY,DC=DOMAIN\" are equivalent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:99 +msgid "<SUBJECT>regular-expression" +msgstr "<SUBJECT>regular-expression" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:102 +msgid "" +"With this a part or the whole subject name of the certificate can be " +"matched. For the matching POSIX Extended Regular Expression syntax is used, " +"see regex(7) for details." +msgstr "" +"Con esto una parte o todo el nombre de sujeto del certificado pueden " +"coincidir. Para la coincidencia se usa la sintaxis Expresión Regular " +"Extendida POSIX, vea detalles en regex(7)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:108 +msgid "" +"For the matching the subject name stored in the certificate in DER encoded " +"ASN.1 is converted into a string according to RFC 4514. This means the most " +"specific name component comes first. Please note that not all possible " +"attribute names are covered by RFC 4514. The names included are 'CN', 'L', " +"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might " +"be shown differently on different platform and by different tools. To avoid " +"confusion those attribute names are best not used or covered by a suitable " +"regular-expression." +msgstr "" +"Para coincidir el nombre sujeto almacenado en el certificado en codificación " +"DER ASN.1 se convierte en una cadena de acuerdo a RFC 4514. Esto significa " +"que el componente de nombre más específico es el primero. Por favor advierta " +"que no todos los posibles nombres de atributo están cubiertos por RFC 4514. " +"Los nombres incluidos son 'CN', 'L', 'ST', 'O', 'OU', 'C', 'STREET', 'DC' y " +"'UID'. Otros nombres de atributo pueden ser mostrados de forma diferente " +"sobre plataformas distintas y por herramientas diferentes. Para evitar la " +"confusión es mejor que no se usen estos nombres de atributos o se cubran por " +"una expresión regular a medida." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:121 +msgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN" +msgstr "Ejemplo: <SUBJECT>.*,DC=MY,DC=DOMAIN" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:124 +msgid "" +"Please note that the characters \"^.[$()|*+?{\\\" have a special meaning in " +"regular expressions and must be escaped with the help of the '\\' character " +"so that they are matched as ordinary characters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:130 +msgid "Example: <SUBJECT>^CN=.* \\(Admin\\),DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:135 +msgid "<ISSUER>regular-expression" +msgstr "<ISSUER>regular-expression" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:138 +msgid "" +"With this a part or the whole issuer name of the certificate can be matched. " +"All comments for <SUBJECT> apply her as well." +msgstr "" +"Con esto, se puede hacer coincidir una parte o el nombre completo del emisor " +"del certificado. Todos los comentarios para <SUBJECT> se le aplican " +"también." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:143 +msgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$" +msgstr "Ejemplo: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:148 +msgid "<KU>key-usage" +msgstr "<KU>key-usage" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:151 +msgid "" +"This option can be used to specify which key usage values the certificate " +"should have. The following values can be used in a comma separated list:" +msgstr "" +"Esta opción se puede usar para especificar que valores de uso clave debe " +"tener el certificado. Se pueden usar los siguientes valores en una lista " +"separados por comas:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:155 +msgid "digitalSignature" +msgstr "digitalSignature" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:156 +msgid "nonRepudiation" +msgstr "nonRepudiation" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:157 +msgid "keyEncipherment" +msgstr "keyEncipherment" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:158 +msgid "dataEncipherment" +msgstr "dataEncipherment" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:159 +msgid "keyAgreement" +msgstr "keyAgreement" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:160 +msgid "keyCertSign" +msgstr "keyCertSign" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:161 +msgid "cRLSign" +msgstr "cRLSign" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:162 +msgid "encipherOnly" +msgstr "encipherOnly" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:163 +msgid "decipherOnly" +msgstr "decipherOnly" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:167 +msgid "" +"A numerical value in the range of a 32bit unsigned integer can be used as " +"well to cover special use cases." +msgstr "" +"Un valor numérico en el rango de un entero sin signo de 32 bit se puede usar " +"también para cubrir casos de uso especiales." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:171 +msgid "Example: <KU>digitalSignature,keyEncipherment" +msgstr "Ejemplo: <KU>digitalSignature,keyEncipherment" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:176 +msgid "<EKU>extended-key-usage" +msgstr "<EKU>extended-key-usage" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:179 +msgid "" +"This option can be used to specify which extended key usage the certificate " +"should have. The following value can be used in a comma separated list:" +msgstr "" +"Esta opción se puede usar para especificar que uso de clave extendida puede " +"tener el certificado. El siguiente valor se puede usar en una lista separada " +"por comas:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:183 +msgid "serverAuth" +msgstr "serverAuth" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:184 +msgid "clientAuth" +msgstr "clientAuth" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:185 +msgid "codeSigning" +msgstr "codeSigning" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:186 +msgid "emailProtection" +msgstr "emailProtection" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:187 +msgid "timeStamping" +msgstr "timeStamping" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:188 +msgid "OCSPSigning" +msgstr "OCSPSigning" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:189 +msgid "KPClientAuth" +msgstr "KPClientAuth" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:190 +msgid "pkinit" +msgstr "pkinit" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:191 +msgid "msScLogin" +msgstr "msScLogin" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:195 +msgid "" +"Extended key usages which are not listed above can be specified with their " +"OID in dotted-decimal notation." +msgstr "" +"La utilización de claves extendidas que no están listadas arriba pueden ser " +"especificadas con sus OID en anotación decimal con puntos." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:199 +msgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4" +msgstr "Ejemplo: <EKU>clientAuth,1.3.6.1.5.2.3.4" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:204 +msgid "<SAN>regular-expression" +msgstr "<SAN>regular-expression" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:207 +msgid "" +"To be compatible with the usage of MIT Kerberos this option will match the " +"Kerberos principals in the PKINIT or AD NT Principal SAN as <SAN:" +"Principal> does." +msgstr "" +"Para ser compatible con la utilización de MIT Kerberos esta opción " +"coincidirá con los principios de Kerberos en PKINIT o AD NT Principal SAN " +"como hace <SAN:Principal>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:212 +msgid "Example: <SAN>.*@MY\\.REALM" +msgstr "Ejemplo: <SAN>.*@MY\\.REALM" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:217 +msgid "<SAN:Principal>regular-expression" +msgstr "<SAN:Principal>regular-expression" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:220 +msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN." +msgstr "" +"Haga coincidir los principios principales de Kerberos en la SAN principal de " +"PKINIT o AD NT." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:224 +msgid "Example: <SAN:Principal>.*@MY\\.REALM" +msgstr "Example: <SAN:Principal>.*@MY\\.REALM" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:229 +msgid "<SAN:ntPrincipalName>regular-expression" +msgstr "<SAN:ntPrincipalName>regular-expression" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:232 +msgid "Match the Kerberos principals from the AD NT Principal SAN." +msgstr "" +"Haga coincidir los principales de Kerberos de la SAN principal de AD NT." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:236 +msgid "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM" +msgstr "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:241 +msgid "<SAN:pkinit>regular-expression" +msgstr "<SAN:pkinit>regular-expression" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:244 +msgid "Match the Kerberos principals from the PKINIT SAN." +msgstr "Haga coincidir los principales de Kerberos con los PKINIT SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:247 +msgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM" +msgstr "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:252 +msgid "<SAN:dotted-decimal-oid>regular-expression" +msgstr "<SAN:dotted-decimal-oid>regular-expression" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:255 +msgid "" +"Take the value of the otherName SAN component given by the OID in dotted-" +"decimal notation, interpret it as string and try to match it against the " +"regular expression." +msgstr "" +"Toma el valor del componente SAN otherName dado por el de OID en anotación " +"decimal con puntos, lo interpreta como una cadena e intenta hacerlo " +"coincidir con la expresión regular." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:261 +msgid "Example: <SAN:1.2.3.4>test" +msgstr "Example: <SAN:1.2.3.4>test" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:266 +msgid "<SAN:otherName>base64-string" +msgstr "<SAN:otherName>base64-string" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:269 +msgid "" +"Do a binary match with the base64 encoded blob against all otherName SAN " +"components. With this option it is possible to match against custom " +"otherName components with special encodings which could not be treated as " +"strings." +msgstr "" +"Haga una coincidencia binaria con el blob codificado en base64 con todos los " +"demás componentes SAN otheName. Con esta opción es posible la coincidencia " +"con los componentes otherName personales con codificación especial que " +"podrían no ser tratados como cadenas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:276 +msgid "Example: <SAN:otherName>MTIz" +msgstr "Example: <SAN:otherName>MTIz" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:281 +msgid "<SAN:rfc822Name>regular-expression" +msgstr "<SAN:rfc822Name>regular-expression" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:284 +msgid "Match the value of the rfc822Name SAN." +msgstr "Haga coincidir el valor del rfc822Name SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:287 +msgid "Example: <SAN:rfc822Name>.*@email\\.domain" +msgstr "Example: <SAN:rfc822Name>.*@email\\.domain" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:292 +msgid "<SAN:dNSName>regular-expression" +msgstr "<SAN:dNSName>regular-expression" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:295 +msgid "Match the value of the dNSName SAN." +msgstr "Haga coincidir el valor del dNSName SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:298 +msgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain" +msgstr "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:303 +msgid "<SAN:x400Address>base64-string" +msgstr "<SAN:x400Address>base64-string" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:306 +msgid "Binary match the value of the x400Address SAN." +msgstr "Binario coincide con el valor del x400Address SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:309 +msgid "Example: <SAN:x400Address>MTIz" +msgstr "Example: <SAN:x400Address>MTIz" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:314 +msgid "<SAN:directoryName>regular-expression" +msgstr "<SAN:directoryName>regular-expression" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:317 +msgid "" +"Match the value of the directoryName SAN. The same comments as given for <" +"ISSUER> and <SUBJECT> apply here as well." +msgstr "" +"Haga coincidir el valor del directoryName SAN. Los mismos comentarios dados " +"para <ISSUER> and <SUBJECT> se aplican aquí también." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:322 +msgid "Example: <SAN:directoryName>.*,DC=com" +msgstr "Example: <SAN:directoryName>.*,DC=com" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:327 +msgid "<SAN:ediPartyName>base64-string" +msgstr "<SAN:ediPartyName>base64-string" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:330 +msgid "Binary match the value of the ediPartyName SAN." +msgstr "Hacer coincidir binario el valor del ediPartyName SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:333 +msgid "Example: <SAN:ediPartyName>MTIz" +msgstr "Ejemplo: <SAN:ediPartyName>MTIz" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:338 +msgid "<SAN:uniformResourceIdentifier>regular-expression" +msgstr "<SAN:uniformResourceIdentifier>regular-expression" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:341 +msgid "Match the value of the uniformResourceIdentifier SAN." +msgstr "Hacer coincidir el valor del uniformResourceIdentifier SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:344 +msgid "Example: <SAN:uniformResourceIdentifier>URN:.*" +msgstr "Ejemplo: <SAN:uniformResourceIdentifier>URN:.*" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:349 +msgid "<SAN:iPAddress>regular-expression" +msgstr "<SAN:iPAddress>regular-expression" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:352 +msgid "Match the value of the iPAddress SAN." +msgstr "Haga coincidir el valor del iPAddress SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:355 +msgid "Example: <SAN:iPAddress>192\\.168\\..*" +msgstr "Ejemplo: <SAN:iPAddress>192\\.168\\..*" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:360 +msgid "<SAN:registeredID>regular-expression" +msgstr "<SAN:registeredID>regular-expression" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:363 +msgid "Match the value of the registeredID SAN as dotted-decimal string." +msgstr "" +"Haga coincidir el valor de registeredID SAN como cadena decimal con puntos." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:367 +msgid "Example: <SAN:registeredID>1\\.2\\.3\\..*" +msgstr "Ejemplo: <SAN:registeredID>1\\.2\\.3\\..*" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:96 +msgid "" +"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Las opciones disponibles son: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:375 +msgid "MAPPING RULE" +msgstr "REGLA DE MAPEO" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:377 +msgid "" +"The mapping rule is used to associate a certificate with one or more " +"accounts. A Smartcard with the certificate and the matching private key can " +"then be used to authenticate as one of those accounts." +msgstr "" +"La regla de mapeo se usa para asociar un certificado con una o mas cuentas. " +"Una Smartcard con el certificado y la clave privada correspondiente puede " +"ser usada entonces para autenticar una de estas cuentas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:382 +msgid "" +"Currently SSSD basically only supports LDAP to lookup user information (the " +"exception is the proxy provider which is not of relevance here). Because of " +"this the mapping rule is based on LDAP search filter syntax with templates " +"to add certificate content to the filter. It is expected that the filter " +"will only contain the specific data needed for the mapping and that the " +"caller will embed it in another filter to do the actual search. Because of " +"this the filter string should start and stop with '(' and ')' respectively." +msgstr "" +"Actualmente SSSD básicamente solo soporta LDAP para buscar información de " +"usuario (la excepción es el proveedor proxy que no tiene relevancia aqui). " +"Por esto la regla de mapeo se basa en una búsqueda por filtro de sintaxis " +"LDAP con plantillas para añadir el contenido del certificado al filtro. Se " +"espra que ese filtro solo contendrá los datos específicos para el mapeo y " +"que la persona que llama lo incrustará en otro filtro para hacer la búsqueda " +"real. Debido a esto la cadena de filtro de empezar y terminar con '('and')' " +"respectivamente. " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:392 +msgid "" +"In general it is recommended to use attributes from the certificate and add " +"them to special attributes to the LDAP user object. E.g. the " +"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute " +"for IPA can be used." +msgstr "" +"En general se recomienda usar atributos del certificado y añadirlos a " +"atributos especiales al objeto usuario LDAP. E.g. el atributo " +"'altSecurityIdentities' en AD o el atributo 'ipaCertMapData' para IPA se " +"pueden usar." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:398 +msgid "" +"This should be preferred to read user specific data from the certificate " +"like e.g. an email address and search for it in the LDAP server. The reason " +"is that the user specific data in LDAP might change for various reasons " +"would break the mapping. On the other hand it would be hard to break the " +"mapping on purpose for a specific user." +msgstr "" +"Debería preferible leer datos específicos del usuario del certificado, e.g. " +"una dirección de correo electrónico y buscarla en el servidor LDAP. La razón " +"es que los datos específicos del usuario en el LDAP podrían cambiar por " +"diversas razones y romper el mapeo. Por otro lado, sería difícil romper el " +"mapeo a propósito para un usuario específico." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:406 +msgid "" +"The default <quote>mapping rule</quote> type is 'LDAP' which can be added as " +"a prefix to a rule like e.g. 'LDAP:(userCertificate;binary={cert!bin})'. " +"There is an extension called 'LDAPU1' which offer more templates for more " +"flexibility. To allow older versions of this library to ignore the extension " +"the prefix 'LDAPU1' must be used when using the new templates in a " +"<quote>mapping rule</quote> otherwise the old version of this library will " +"fail with a parsing error. The new templates are described in section <xref " +"linkend=\"map_ldapu1\"/>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:424 +msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:427 +msgid "" +"This template will add the full issuer DN converted to a string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" +"Esta plantilla agregará el DN del emisor completo convertido en una " +"plantilla de acuerdo con el RFC 4514. Si se ordena X.500 (más especifico RDN " +"viene el último) se debería usar un opción con el prefijo '_x500'." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:433 sss-certmap.5.xml:459 +msgid "" +"The conversion options starting with 'ad_' will use attribute names as used " +"by AD, e.g. 'S' instead of 'ST'." +msgstr "" +"Las opciones de conversión que empiezan con 'ad_' usarán nombres de " +"atributos como los usados por AD, p. ej. 'S' en lugar de 'ST'." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:437 sss-certmap.5.xml:463 +msgid "" +"The conversion options starting with 'nss_' will use attribute names as used " +"by NSS." +msgstr "" +"Las opciones de conversión que empiezan por 'nss_' usarán nombres de " +"atributos como los usados por NSS." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:441 sss-certmap.5.xml:467 +msgid "" +"The default conversion option is 'nss', i.e. attribute names according to " +"NSS and LDAP/RFC 4514 ordering." +msgstr "" +"La opción de conversión predeterminada es 'nss', i.e. los nombres de " +"atributo de acuerdo con la ordenación NSS y LDAP/RFC 4514." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:445 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!" +"ad})" +msgstr "" +"Ejemplo: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!" +"ad})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:450 +msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:453 +msgid "" +"This template will add the full subject DN converted to string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" +"Esta plantilla añadirá el sujeto completo DN convertido en una cadena de " +"acuerdo a RFC 4514. Si la ordenación X.500 (más específico RDN viene el " +"último) se usaría una opción con el prefijo '_x500'." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:471 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>" +"{subject_dn!nss_x500})" +msgstr "" +"Ejemplo: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>" +"{subject_dn!nss_x500})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:476 +msgid "{cert[!(bin|base64)]}" +msgstr "{cert[!(bin|base64)]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:479 +msgid "" +"This template will add the whole DER encoded certificate as a string to the " +"search filter. Depending on the conversion option the binary certificate is " +"either converted to an escaped hex sequence '\\xx' or base64. The escaped " +"hex sequence is the default and can e.g. be used with the LDAP attribute " +"'userCertificate;binary'." +msgstr "" +"Esta plantilla añadirá el certificado completo codificado DER como una " +"cadena al filtro de búsqueda. Dependiendo de la opción de conversión el " +"certificado binario se convierte en una secuencia hexadecimal escapada " +"'\\xx' o base64. La secuencia hexadecimal escapada es la predeterminada y " +"puede, por ejemplo, ser usada con el atributo LDAP 'userCertificate;binary'." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:487 +msgid "Example: (userCertificate;binary={cert!bin})" +msgstr "Ejemplo: (userCertificate;binary={cert!bin})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:492 +msgid "{subject_principal[.short_name]}" +msgstr "{subject_principal[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:495 +msgid "" +"This template will add the Kerberos principal which is taken either from the " +"SAN used by pkinit or the one used by AD. The 'short_name' component " +"represents the first part of the principal before the '@' sign." +msgstr "" +"Esta plantilla añadirá el principal Kerberos bien desde el SAN usado por " +"pkinit o del usado por AD. El componente 'short_name' representa la primera " +"parte del principal antes del signo '@'." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:501 +msgid "" +"Example: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" +msgstr "" +"Ejemplo: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:506 +msgid "{subject_pkinit_principal[.short_name]}" +msgstr "{subject_pkinit_principal[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:509 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by pkinit. The 'short_name' component represents the first part of the " +"principal before the '@' sign." +msgstr "" +"Esta plantilla añadirá el principal Kerberos que es dado por el SAN usado " +"por pkinit. El componente 'short_name' representa la primera parte del " +"principal antes del signo '@'." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:515 +msgid "" +"Example: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" +msgstr "" +"Ejemplo: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:520 +msgid "{subject_nt_principal[.short_name]}" +msgstr "{subject_nt_principal[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:523 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by AD. The 'short_name' component represent the first part of the principal " +"before the '@' sign." +msgstr "" +"Esta plantilla añadirá el principal Kerberos que es dado por el SAN usado " +"por AD. El componente 'short_name' represebta la primera parte del principal " +"antes del signo '@'." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:529 +#, fuzzy +#| msgid "" +#| "Example: (|(userPrincipal={subject_principal})" +#| "(samAccountName={subject_principal.short_name}))" +msgid "" +"Example: (|(userPrincipalName={subject_nt_principal})" +"(samAccountName={subject_nt_principal.short_name}))" +msgstr "" +"Ejemplo: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:534 +msgid "{subject_rfc822_name[.short_name]}" +msgstr "{subject_rfc822_name[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:537 +msgid "" +"This template will add the string which is stored in the rfc822Name " +"component of the SAN, typically an email address. The 'short_name' component " +"represents the first part of the address before the '@' sign." +msgstr "" +"Esta plantilla añadirá la cadena que está almacenada en el componente " +"rfc822Name del SAN, normalmente una dirección de correo electrónico. El " +"componente 'short_name' representa la primera parte de la dirección antes " +"del signo '@'." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:543 +msgid "" +"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name." +"short_name}))" +msgstr "" +"Ejemplo: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name." +"short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:548 +msgid "{subject_dns_name[.short_name]}" +msgstr "{subject_dns_name[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:551 +msgid "" +"This template will add the string which is stored in the dNSName component " +"of the SAN, typically a fully-qualified host name. The 'short_name' " +"component represents the first part of the name before the first '.' sign." +msgstr "" +"Esta plantilla añadirá la cadena que está almacenada en el componente " +"dNSName del SAN, normalmente un nombre de host totalmente cualificado. El " +"componente 'short_name' representa la primera parte del nombre antes del " +"primer signo '.'." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:557 +msgid "" +"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" +msgstr "" +"Ejemplo: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:562 +msgid "{subject_uri}" +msgstr "{subject_uri}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:565 +msgid "" +"This template will add the string which is stored in the " +"uniformResourceIdentifier component of the SAN." +msgstr "" +"Esta plantilla añadirá la cadena que está almacenada en el componente " +"uniformResourceIdentifier del SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:569 +msgid "Example: (uri={subject_uri})" +msgstr "Ejemplo: (uri={subject_uri})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:574 +msgid "{subject_ip_address}" +msgstr "{subject_ip_address}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:577 +msgid "" +"This template will add the string which is stored in the iPAddress component " +"of the SAN." +msgstr "" +"Esta plantilla añadirá la cadena que está almacenada en el componente " +"iPAddress del SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:581 +msgid "Example: (ip={subject_ip_address})" +msgstr "Ejemplo: (ip={subject_ip_address})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:586 +msgid "{subject_x400_address}" +msgstr "{subject_x400_address}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:589 +msgid "" +"This template will add the value which is stored in the x400Address " +"component of the SAN as escaped hex sequence." +msgstr "" +"Esta plantilla añadirá el valor que está almacenado en el componente " +"x400Address del SAN como secuencia hexadecimal escapada." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:594 +msgid "Example: (attr:binary={subject_x400_address})" +msgstr "Ejemplo: (attr:binary={subject_x400_address})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:599 +msgid "" +"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" +"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:602 +msgid "" +"This template will add the DN string of the value which is stored in the " +"directoryName component of the SAN." +msgstr "" +"Esta plantilla añadirá la cadena DN del valor que está almacenado en el " +"componente directoryName del SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:606 +msgid "Example: (orig_dn={subject_directory_name})" +msgstr "Ejemplo: (orig_dn={subject_directory_name})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:611 +msgid "{subject_ediparty_name}" +msgstr "{subject_ediparty_name}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:614 +msgid "" +"This template will add the value which is stored in the ediPartyName " +"component of the SAN as escaped hex sequence." +msgstr "" +"Esta plantilla añadirá el valor que está almacenado en el componente " +"ediPartyName del SAN como secuencia hexadecimal escapada." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:619 +msgid "Example: (attr:binary={subject_ediparty_name})" +msgstr "Ejemplo: (attr:binary={subject_ediparty_name})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:624 +msgid "{subject_registered_id}" +msgstr "{subject_registered_id}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:627 +msgid "" +"This template will add the OID which is stored in the registeredID component " +"of the SAN as a dotted-decimal string." +msgstr "" +"Esta plantilla añadirá la OID que está almacenada en el componente " +"registeredID del SAN como una cadena decimal con puntos.." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:632 +msgid "Example: (oid={subject_registered_id})" +msgstr "Ejemplo: (oid={subject_registered_id})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:417 +msgid "" +"The templates to add certificate data to the search filter are based on " +"Python-style formatting strings. They consist of a keyword in curly braces " +"with an optional sub-component specifier separated by a '.' or an optional " +"conversion/formatting option separated by a '!'. Allowed values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"La plantilla para añadir datos de certificado al filtro de búsqueda están " +"basados sobre cadenas formateadas en estilo Python. Consiste en una palabra " +"clave entre llaves con un subcomponente especificador opcional separado por " +"un '.' o una opción opcional de conversión/formateo separada por un '!'. Los " +"valores permitidos son: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><title> +#: sss-certmap.5.xml:639 +msgid "LDAPU1 extension" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para> +#: sss-certmap.5.xml:641 +msgid "The following template are available when using the 'LDAPU1' extension:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:647 +msgid "{serial_number[!(dec|hex[_ucr])]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:650 +msgid "" +"This template will add the serial number of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:655 +msgid "" +"With the formatting option '!dec' the number will be printed as decimal " +"string. The hexadecimal output can be printed with upper-case letters ('!" +"hex_u'), with a colon separating the hexadecimal bytes ('!hex_c') or with " +"the hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can " +"be combined so that e.g. '!hex_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:665 +#, fuzzy +#| msgid "Example: (uri={subject_uri})" +msgid "Example: LDAPU1:(serial={serial_number})" +msgstr "Ejemplo: (uri={subject_uri})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:671 +msgid "{subject_key_id[!hex[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:674 +msgid "" +"This template will add the subject key id of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:679 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!hex_u'), " +"with a colon separating the hexadecimal bytes ('!hex_c') or with the " +"hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can be " +"combined so that e.g. '!hex_uc' will produce a colon-separated hexadecimal " +"string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:688 +#, fuzzy +#| msgid "Example: (uri={subject_uri})" +msgid "Example: LDAPU1:(ski={subject_key_id})" +msgstr "Ejemplo: (uri={subject_uri})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:694 +msgid "{cert[!DIGEST[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:697 +msgid "" +"This template will add the hexadecimal digest/hash of the certificate where " +"DIGEST must be replaced with the name of a digest/hash function supported by " +"OpenSSL, e.g. 'sha512'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:703 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!sha512_u'), " +"with a colon separating the hexadecimal bytes ('!sha512_c') or with the " +"hexadecimal bytes in reverse order ('!sha512_r'). The postfix letters can be " +"combined so that e.g. '!sha512_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:712 +msgid "Example: LDAPU1:(dgst={cert!sha256})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:718 +#, fuzzy +#| msgid "{subject_dns_name[.short_name]}" +msgid "{subject_dn_component[(.attr_name|[number]]}" +msgstr "{subject_dns_name[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:721 +msgid "" +"This template will add an attribute value of a component of the subject DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:726 +msgid "" +"A different component can it either selected by attribute name, e.g. " +"{subject_dn_component.uid} or by position, e.g. {subject_dn_component.[2]} " +"where positive numbers start counting from the most specific component and " +"negative numbers start counting from the least specific component. Attribute " +"name and the position can be combined as e.g. {subject_dn_component.uid[2]} " +"which means that the name of the second component must be 'uid'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:737 +#, fuzzy +#| msgid "Example: (uri={subject_uri})" +msgid "Example: LDAPU1:(uid={subject_dn_component.uid})" +msgstr "Ejemplo: (uri={subject_uri})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:743 +msgid "{issuer_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:746 +msgid "" +"This template will add an attribute value of a component of the issuer DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:751 +msgid "" +"See 'subject_dn_component' for details about the attribute name and position " +"specifiers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:755 +msgid "" +"Example: LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component." +"dc[-1]})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:760 +msgid "{sid[.rid]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:763 +msgid "" +"This template will add the SID if the corresponding extension introduced by " +"Microsoft with the OID 1.3.6.1.4.1.311.25.2 is available. With the '.rid' " +"selector only the last component, i.e. the RID, will be added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:770 +#, fuzzy +#| msgid "Example: (oid={subject_registered_id})" +msgid "Example: LDAPU1:(objectsid={sid})" +msgstr "Ejemplo: (oid={subject_registered_id})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:779 +msgid "DOMAIN LIST" +msgstr "LISTA DE DOMINIO" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:781 +msgid "" +"If the domain list is not empty users mapped to a given certificate are not " +"only searched in the local domain but in the listed domains as well as long " +"as they are know by SSSD. Domains not know to SSSD will be ignored." +msgstr "" +"Si la lista de dominio no está vacía los usuarios mapeados a un certificado " +"dado no serán buscados solo en el dominio local sino también en los dominios " +"listados siempre que sean conocidos por SSSD. Los dominios no conocidos por " +"SSSD serán ignorados." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "sssd-ipa" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "Proveedor SSSD IPA" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Este página de manual describe la configuración del proveedor IPA para " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Para una referencia de sintaxis detalladas, vea la sección " +"<quote>FILE FORMAT</quote> de la página de manual <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" +"El proveedor IPA es un back end usado para conectar a un servidor IPA. (Vea " +"el sitio web freeipa.org para información sobre los servidores IPA). Este " +"proveedor requiere que la máquina este unido al dominio IPA; la " +"configuración es casi enteramente auto descubierta y obtenida directamente " +"del servidor." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for IPA environments. The IPA provider accepts the same " +"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. " +"However, it is neither necessary nor recommended to set these options." +msgstr "" +"El proveedor IPA habilita a SSSD para usar el proveedor de identidad " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> y el proveedor de autenticación <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> con optimizaciones para entornos IPA. El proveedor IPA acepta " +"las mismas opciones que las usadas por los proveedores sssd-ldap y sssd-krb5 " +"con algunas excepciones. Sin embargo, no es necesario ni recomendable " +"establecer estas opciones." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:57 +msgid "" +"The IPA provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" +"El proveedor IPA copia primariamente las opciones por defecto tradicionales " +"de los proveedores ldap y krb5 con algunas excepciones, las diferencias " +"están listadas en la sección <quote>OPCIONES PREDETERMINADAS MODIFICADAS</" +"quote>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +#, fuzzy +#| msgid "" +#| "As an access provider, the IPA provider uses HBAC (host-based access " +#| "control) rules. Please refer to freeipa.org for more information about " +#| "HBAC. No configuration of access provider is required on the client side." +msgid "" +"As an access provider, the IPA provider has a minimal configuration (see " +"<quote>ipa_access_order</quote>) as it mainly uses HBAC (host-based access " +"control) rules. Please refer to freeipa.org for more information about HBAC." +msgstr "" +"Como proveedor de acceso, el proveedor IPA usa reglas HBAC (control de " +"acceso basado en el host). Por favor vaya a freeipa.org para mas información " +"sobre HBAC. No se requiere configuración del proveedor de acceso en el lado " +"cliente." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:68 +msgid "" +"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ipa</" +"quote>." +msgstr "" +"Si <quote>auth_provider=ipa</quote> o <quote>access_provider=ipa</quote> " +"está configurado en sssd.conf id_provider se debe establecer también a " +"<quote>ipa</quote>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:74 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" +"El porveedor IPA usara el respondedor PAC si las entradas Kerberos de los " +"usuario de reinos confiables contienen un PAC. Para hacer la configuración " +"más fácil el respondedor PAC es iniciado automáticamente si la ID del " +"proveedor IPA está configurada." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:90 +msgid "ipa_domain (string)" +msgstr "ipa_domain (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:93 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" +"Especifica el nombre del dominio IPA. Esto es opcional. Si no se suministra, " +"se usa el nombre de configuración del dominio." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:101 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "ipa_server, ipa_backup_server (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:104 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"La lista separada por comas de direcciones IP o nombres de host de los " +"servidores IPA a los que SSSD se conectaría en orden de preferencia. Para " +"más información sobre conmutación en error y redundancia de servidores, vea " +"la sección <quote>FAILOVER</quote>. Esto es opcional si autodiscovery está " +"habilitado. Para más información sobre el servicio descubridor, vea la " +"sección <quote>SERVICE DISCOVERY</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:117 +msgid "ipa_hostname (string)" +msgstr "ipa_hostname (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:120 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host. The " +"hostname must be fully qualified." +msgstr "" +"Opcional. Se puede establecer sobre máquinas donde el hostname(5) no refleje " +"el nombre totalmente cualificado usado en el dominio IPA para identificar " +"este host. El nombre de host debe ser totalmente cualificado." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:129 sssd-ad.5.xml:1181 +msgid "dyndns_update (boolean)" +msgstr "dyndns_update (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:132 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA with the IP address of this client. The update is secured " +"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the " +"updates, if it is not otherwise specified by using the <quote>dyndns_iface</" +"quote> option." +msgstr "" +"Opcional. Esta opción le dice a SSSD que actualice automáticamente el " +"servidor DNS incorporado a FreeIPA con la dirección IP de este cliente. La " +"actualización está asegurada utilizando GSS-TSIG. La dirección IP de la " +"conexión IPA LDAP se usa para las actualizaciones, si no se especifica de " +"otra manera utilizando la opción <quote>dyndns_iface</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:141 sssd-ad.5.xml:1195 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" +"NOTA: Sobre sistemas más antiguos (como RHEL 5), para que este " +"comportamiento trabaje fiablemente, el reino por defecto Kerberos debe ser " +"fijado apropiadamente en /etc/krb5.conf" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:146 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" +"AVISO: Aunque todas es posible usar la vieja opción " +"<emphasis>ipa_dyndns_update</emphasis>, los usuarios deberían migrar para " +"usar <emphasis>dyndns_update</emphasis> en su fichero de configuración." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:158 sssd-ad.5.xml:1206 +msgid "dyndns_ttl (integer)" +msgstr "dyndns_ttl (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:161 sssd-ad.5.xml:1209 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" +"El TTL a aplicar al registro del cliente DNS cuando lo actualiza. Si " +"dyndns_update está a false esto no tiene efecto. Esto anula el TTL del lado " +"servidor si se establece por un administrador." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:166 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" +"AVISO: Aunque todavía es posible usar la antigua opción " +"<emphasis>ipa_dyndns_ttl</emphasis>, los usuarios deberían migrar usando " +"<emphasis>dyndns_ttl</emphasis> en su fichero de configuración." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:172 +msgid "Default: 1200 (seconds)" +msgstr "Por defecto: 1200 (segundos)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:178 sssd-ad.5.xml:1220 +msgid "dyndns_iface (string)" +msgstr "dyndns_iface (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 sssd-ad.5.xml:1223 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" +"Opcional. Aplicable solo cuando dyndns_update está a true. Elija la interfaz " +"o la lista de interfaces cuyas direcciones IP serían usadas para las " +"actualizaciones DNS dinámicas. El valor especial <quote>*</quote> implica " +"que las IPs de todas las interfaces serían las usadas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:188 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" +"AVISO: Aunque todavía es posible usar la vieja opción " +"<emphasis>ipa_dyndns_iface</emphasis>, los usuarios deberían migrar usando " +"<emphasis>dyndns_iface</emphasis> en su fichero de configuración." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" +"Predeterminado: Usa las direcciones IP de la interfaz que es usada para la " +"conexión IPA LDAP" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 sssd-ad.5.xml:1234 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "Ejemplo: dyndns_iface = em1, vnet1, vnet2" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 +msgid "dyndns_auth (string)" +msgstr "dyndns_auth (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"updates with the DNS server, insecure updates can be sent by setting this " +"option to 'none'." +msgstr "" +"Si la utilidad nsupdate debe usar la autenticación GSS-TSIG para " +"actualizaciones seguras con el servidor DNS, las actualizaciones inseguras " +"se pueden enviar fijando esta opción a 'none'." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 +msgid "Default: GSS-TSIG" +msgstr "Predeterminado: GSS-TSIG" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 +#, fuzzy +#| msgid "dyndns_auth (string)" +msgid "dyndns_auth_ptr (string)" +msgstr "dyndns_auth (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 +#, fuzzy +#| msgid "" +#| "Whether the nsupdate utility should use GSS-TSIG authentication for " +#| "secure updates with the DNS server, insecure updates can be sent by " +#| "setting this option to 'none'." +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"PTR updates with the DNS server, insecure updates can be sent by setting " +"this option to 'none'." +msgstr "" +"Si la utilidad nsupdate debe usar la autenticación GSS-TSIG para " +"actualizaciones seguras con el servidor DNS, las actualizaciones inseguras " +"se pueden enviar fijando esta opción a 'none'." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 +msgid "Default: Same as dyndns_auth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:234 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "ipa_enable_dns_sites (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:237 sssd-ad.5.xml:238 +msgid "Enables DNS sites - location based service discovery." +msgstr "" +"Habilita sitios DNS - descubrimiento de servicio basado en la ubicación." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example." +"com\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" +"Si es ciertp y descubrimiento de servicio (vea el párrafo Descubrimiento del " +"Servicio en la parte inferior de la página de manual) está habilitado, SSSD " +"primero intentará la localización basada en el descubrimiento usando una " +"consulta que contenga \"_location.hostname.example.com\" y después irá al " +"descubrimiento tradicional SRV. Si la localización basada en el " +"descubrimiento tiene éxito, los servidores IPA localizados con la " +"localización basada en el descubrimiento son tratados como servidores " +"primarios y los servidores IPA localizados usando el descubrimiento " +"tradicional SRV son usados como servidores de respaldo" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1240 +msgid "dyndns_refresh_interval (integer)" +msgstr "dyndns_refresh_interval (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:263 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" +"Con qué frecuencia el back-end debe realizar una actualización periódica de " +"DNS además de la actualización automática que se realiza cuando el back-end " +"se conecta. Esto es una posibilidad opcional y aplicable solo cuando " +"dyndns_update está a true." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:276 sssd-ad.5.xml:1258 +msgid "dyndns_update_ptr (bool)" +msgstr "dyndns_update_ptr (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:1261 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" +"Si el registro PTR debería ser explícitamente actualizado cuando se " +"actualizan los registros DNS del cliente. Aplicable solo cuando " +"dyndns_update está a true." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" +"Esta opción debería estar a False en la mayoría de los despliegues IPA " +"puesto que el servidor IPA genera los registros PTR automáticamente cuando " +"se cambian los registros que envía." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 +msgid "Default: False (disabled)" +msgstr "Predeterminado: False (deshabilitado)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 +msgid "dyndns_force_tcp (bool)" +msgstr "dyndns_force_tcp (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" +"Si la utilidad nsupdate debería usar de manera predeterminada TCP cuando se " +"comunica con el servidor DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "Predeterminado: False (permitir a nsupdate elegir el protocolol)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 +msgid "dyndns_server (string)" +msgstr "dyndns_server (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" +"El servidor DNA a usar cuando se lleva a cabo una actualización DNS update. " +"En la mayoría de las configuraciones se recomienda dejar esta opción sin " +"establecer." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" +"El establecimiento de esta opción tiene sentido en entornos donde el " +"servidor DNS es distinto del servidor de identidad." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" +"Tenga en cuenta que esta opción solo se usará en un intento de recuperación " +"cuando el intento anterior de usar la configuración autodetectada falló." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 +msgid "Default: None (let nsupdate choose the server)" +msgstr "Predeterminado: None (permitir a nsupdate elegir el servidor)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 +msgid "dyndns_update_per_family (boolean)" +msgstr "dyndns_update_per_family (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 +msgid "" +"DNS update is by default performed in two steps - IPv4 update and then IPv6 " +"update. In some cases it might be desirable to perform IPv4 and IPv6 update " +"in single step." +msgstr "" +"La actualización DNS es llevada a cabo de manera predeterminada en dos pasos " +"- actualización IPv4 y después actualización IPv6. En algunos casos puede " +"ser deseable llevar a cabo la actualización IPv4 e IPv6 en un único paso." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:353 +#, fuzzy +#| msgid "ldap_access_order (string)" +msgid "ipa_access_order (string)" +msgstr "ldap_access_order (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:360 +#, fuzzy +#| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." +msgstr "<emphasis>caducar</emphasis>: utilizar ldap_account_expire_policy" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:399 +#, fuzzy +#| msgid "" +#| "Please note that 'access_provider = ldap' must be set for this feature to " +#| "work. Also 'ldap_pwd_policy' must be set to an appropriate password " +#| "policy." +msgid "" +"Please note that 'access_provider = ipa' must be set for this feature to " +"work." +msgstr "" +"Por favor advierta que 'access_provider = ldap' debe estar establecido para " +"que esta función trabaje. También 'ldap_pwd_policy' debe estar establecido " +"para una política de contraseña apropiada." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:406 +msgid "ipa_deskprofile_search_base (string)" +msgstr "ipa_deskprofile_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:409 +msgid "" +"Optional. Use the given string as search base for Desktop Profile related " +"objects." +msgstr "" +"Opcional. Usa la cadena dada como base de búsqueda de los objetos " +"relacionados con Desktop Profile." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 +msgid "Default: Use base DN" +msgstr "Predeterminado: Utilizar DN base" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:419 +#, fuzzy +#| msgid "ipa_subdomains_search_base (string)" +msgid "ipa_subid_ranges_search_base (string)" +msgstr "ipa_subdomains_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +#, fuzzy +#| msgid "" +#| "Optional. Use the given string as search base for Desktop Profile related " +#| "objects." +msgid "" +"Optional. Use the given string as search base for subordinate ranges related " +"objects." +msgstr "" +"Opcional. Usa la cadena dada como base de búsqueda de los objetos " +"relacionados con Desktop Profile." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:426 +#, fuzzy +#| msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" +msgstr "Por defecto: el valor de <emphasis>cn=trusts,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:433 +msgid "ipa_hbac_search_base (string)" +msgstr "ipa_hbac_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:436 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" +"Opcional. Usa la cadena dada como base de búsqueda para los objetos HBAC " +"relacionados." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 +msgid "ipa_host_search_base (string)" +msgstr "ipa_host_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 +msgid "Deprecated. Use ldap_host_search_base instead." +msgstr "Obsoleto. Usa en su lugar ldap_host_search_base." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:455 +msgid "ipa_selinux_search_base (string)" +msgstr "ipa_selinux_search_base (cadena)Opcional. " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:458 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" +"Opcional. Usa la cadena dada como base de búsqueda para los mapas de usuario " +"SELinux." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:474 +msgid "ipa_subdomains_search_base (string)" +msgstr "ipa_subdomains_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:477 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" +"Opcional: Usa la cadena dada como base de búsqueda de dominios de confianza." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:486 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "Por defecto: el valor de <emphasis>cn=trusts,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:493 +msgid "ipa_master_domain_search_base (string)" +msgstr "ipa_master_domain_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:496 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" +"Opcional: Usa la cadena dada como base de búsqueda para el objeto maestro de " +"dominio." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:505 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "Por defecto: el valor de <emphasis>cn=ad,cn=etc,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_views_search_base (string)" +msgstr "ipa_views_search_base (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" +"Opcional. Usa la cadena dada como base de búsqueda de contenedores de vista." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:524 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" +"Predeterminado: el valor de <emphasis>cn=views,cn=accounts,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:534 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" +"El nombre del reino Kerberos. Esto es opcional y por defecto está al valor " +"de <quote>ipa_domain</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:538 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" +"El nombre del reino Kerberos tiene un significado especial en IPA – es " +"convertido hacia la base DN para usarlo para llevar a cabo operaciones LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 +msgid "krb5_confd_path (string)" +msgstr "krb5_confd_path (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" +"Ruta absoluta de un directorio donde SSSD debe colocar fragmentos de " +"configuración de Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" +"Para deshabilitar la creación de fragmentos de configuración establezca el " +"parámetro a 'none'." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" +"Predeterminado: no establecido (krb5.include.d subdirectorio del directorio " +"pubconf de SSSD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:564 +msgid "ipa_deskprofile_refresh (integer)" +msgstr "ipa_deskprofile_refresh (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:567 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server. This will reduce the latency and load on the IPA server if there " +"are many desktop profiles requests made in a short period." +msgstr "" +"La cantidad de tiempo entre búsquedas de reglas Desktop Profile contra el " +"servidor IPA. Esto reducirá la latencia y la carga sobre el servidor IPA si " +"hay muchas solicitudes de perfiles de escritorio en un período corto." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 +msgid "Default: 5 (seconds)" +msgstr "Predeterminado: 5 (segundos)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:580 +msgid "ipa_deskprofile_request_interval (integer)" +msgstr "ipa_deskprofile_request_interval (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:583 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server in case the last request did not return any rule." +msgstr "" +"La cantidad de tiempo entre búsquedas de las reglas Desktop Profile contra " +"el servidor IPA en el caso de que la última petición no devolvió ninguna " +"regla." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:588 +msgid "Default: 60 (minutes)" +msgstr "Predeterminado: 60 (minutos)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:594 +msgid "ipa_hbac_refresh (integer)" +msgstr "ipa_hbac_refresh (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:597 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" +"La cantidad de tiempo entre vbúsquedas de las reglas HBAC contra el servidor " +"IPA. Esto reducirá la latencia y la carga sobre el servidor IPA si hay " +"muchas peticiones de control de acceso hechas en un corto período." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:610 +msgid "ipa_hbac_selinux (integer)" +msgstr "ipa_hbac_selinux (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:613 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" +"La cantidad de tiempo entre búsquedas de los mapas SELinux contra el " +"servidor IPA. Esto reducirá la latencia y la carga sobre el servidor IPA si " +"hay muchas peticiones de acceso de usuario hechas en un corto período." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:626 +msgid "ipa_server_mode (boolean)" +msgstr "ipa_server_mode (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "" +"This option will be set by the IPA installer (ipa-server-install) " +"automatically and denotes if SSSD is running on an IPA server or not." +msgstr "" +"Esta opción será establecida por el instalador IPA (ipa-server-install) " +"automáticamente y denota si SSSD está corriendo sobre un servidor IPA o no." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:634 +msgid "" +"On an IPA server SSSD will lookup users and groups from trusted domains " +"directly while on a client it will ask an IPA server." +msgstr "" +"Sobre un servidor IPA SSSD buscara usuarios y grupos de los dominios de " +"confianza directamente mientras que sobre un cliente preguntará a un " +"servidor IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:639 +msgid "" +"NOTE: There are currently some assumptions that must be met when SSSD is " +"running on an IPA server." +msgstr "" +"NOTA: Actualmente hay algunas suposiciones que deben cumplirse cuando SSSD " +"se ejecuta en un servidor IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "" +"The <quote>ipa_server</quote> option must be configured to point to the IPA " +"server itself. This is already the default set by the IPA installer, so no " +"manual change is required." +msgstr "" +"La opcion <quote>ipa_server</quote> debe configurarse para que apunte al " +"servidor IPA mismo. Esto está establecido de manera predeterminada por el " +"instalador IPA de modo que no se necesitan cambios manuales." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:653 +msgid "" +"The <quote>full_name_format</quote> option must not be tweaked to only print " +"short names for users from trusted domains." +msgstr "" +"La opción <quote>full_name_format</quote> no debe modificarse para imprimir " +"solo nombres cortos de los usuarios de los dominios de confianza." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:668 +msgid "ipa_automount_location (string)" +msgstr "ipa_automount_location (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:671 +msgid "The automounter location this IPA client will be using" +msgstr "La localización del automontador de este cliente IPA que será usada" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:674 +msgid "Default: The location named \"default\"" +msgstr "Por defecto: La localización llamada “default”" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:682 +msgid "VIEWS AND OVERRIDES" +msgstr "VISTAS Y ANULACIONES" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:691 +msgid "ipa_view_class (string)" +msgstr "ipa_view_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:694 +msgid "Objectclass of the view container." +msgstr "Objectclass del contenedorde vistas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:697 +msgid "Default: nsContainer" +msgstr "Predeterminado: nsContainer" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:703 +msgid "ipa_view_name (string)" +msgstr "ipa_view_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:706 +msgid "Name of the attribute holding the name of the view." +msgstr "Nombre del atributo que contiene el nombre de la vista." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 +#: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 +#: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 +#: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 +msgid "Default: cn" +msgstr "Predeterminado: cn" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:716 +msgid "ipa_override_object_class (string)" +msgstr "ipa_override_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:719 +msgid "Objectclass of the override objects." +msgstr "Objectclass de los objetos anulados." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:722 +msgid "Default: ipaOverrideAnchor" +msgstr "Predeterminado: ipaOverrideAnchor" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:728 +msgid "ipa_anchor_uuid (string)" +msgstr "ipa_anchor_uuid (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:731 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" +"Nombre del atributo que contiene la referencia al objeto original en un " +"dominio remoto." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:735 +msgid "Default: ipaAnchorUUID" +msgstr "Predeterminado: ipaAnchorUUID" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:741 +msgid "ipa_user_override_object_class (string)" +msgstr "ipa_user_override_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:744 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" +"Nombre de los objectclass para los usuarios anulados. Se usa para determinar " +"si el objeto anulado encontrado está relacionado con un usuario o un grupo." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:749 +msgid "User overrides can contain attributes given by" +msgstr "Las anulaciones de usuario pueden contener atributos dados por" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:752 +msgid "ldap_user_name" +msgstr "ldap_user_name" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:755 +msgid "ldap_user_uid_number" +msgstr "ldap_user_uid_number" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:758 +msgid "ldap_user_gid_number" +msgstr "ldap_user_gid_number" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:761 +msgid "ldap_user_gecos" +msgstr "ldap_user_gecos" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:764 +msgid "ldap_user_home_directory" +msgstr "ldap_user_home_directory" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:767 +msgid "ldap_user_shell" +msgstr "ldap_user_shell" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:770 +msgid "ldap_user_ssh_public_key" +msgstr "ldap_user_ssh_public_key" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:775 +msgid "Default: ipaUserOverride" +msgstr "Predeterminado: ipaUserOverride" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:781 +msgid "ipa_group_override_object_class (string)" +msgstr "ipa_group_override_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:784 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" +"Nombre del objectclass para grupos anulados. Se usa para determinar si el " +"objeto anulado encontrado está relacionado con un usuario o un grupo." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:789 +msgid "Group overrides can contain attributes given by" +msgstr "Las anulaciones de grupo pueden contener atributos dados por" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:792 +msgid "ldap_group_name" +msgstr "ldap_group_name" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:795 +msgid "ldap_group_gid_number" +msgstr "ldap_group_gid_number" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:800 +msgid "Default: ipaGroupOverride" +msgstr "Predeterminado: ipaGroupOverride" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:684 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"SSSD puede manejar vistas y anulaciones que son ofrecidas por FreeIPA 4.1 y " +"versiones posteriores. Como todas las rutas y objectclasses son fijadas en " +"el lado servidor no se necesita configurar nada. Para completar, las " +"opciones relacionadas son listadas aquí con sus valores predeterminados. " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:812 +msgid "SUBDOMAINS PROVIDER" +msgstr "PROVEEDOR DE SUBDOMINIOS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:814 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" +"El proveedor de subdominios IPA se comporta de forma ligeramente diferente " +"si está configurado explícitamente o implícitamente." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:818 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" +"Si la opción ' subdomains_provider = ipa' se encuentra en la sección de " +"dominio de sssd.conf, el proveedor de subdominios de IPA se configura " +"explícitamente, y todas las peticiones de subdominio se envían al servidor " +"de IPA si es necesario." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:824 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" +"Si la opción 'subdomains_provider' no está establecida en la sección dominio " +"de sssd.conf pero hay la opción 'id_provider = ipa', el proveedor de " +"subdominios IPA está configurado implícitamente. En este caso, si una " +"petición de subdominio falla e indica que el servidor no soporta " +"subdominios, i.e. no está configurado para confianza, el proveedor de " +"subdominios IPA está deshabilitado. Después de una hora o después de que el " +"proveedor IPA esté en línea, el proveedor de subdominios está habilitado " +"otra vez." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:835 +msgid "TRUSTED DOMAINS CONFIGURATION" +msgstr "CONFIGURACIÓN DE DOMINIOS DE CONFIANZA" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:843 +#, no-wrap +msgid "" +"[domain/ipa.domain.com/ad.domain.com]\n" +"ad_server = dc.ad.domain.com\n" +msgstr "" +"[domain/ipa.domain.com/ad.domain.com]\n" +"ad_server = dc.ad.domain.com\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:837 +msgid "" +"Some configuration options can also be set for a trusted domain. A trusted " +"domain configuration can be set using the trusted domain subsection as shown " +"in the example below. Alternatively, the <quote>subdomain_inherit</quote> " +"option can be used in the parent domain. <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:848 +msgid "" +"For more details, see the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:855 +msgid "" +"Different configuration options are tunable for a trusted domain depending " +"on whether you are configuring SSSD on an IPA server or an IPA client." +msgstr "" +"Se pueden ajustar diferentes opciones de configuración para un dominio de " +"confianza dependiendo de si usted está configurando SSSD sobre un servidor " +"IPA o un cliente IPA." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:860 +msgid "OPTIONS TUNABLE ON IPA MASTERS" +msgstr "OPCIONES AJUSTABLES EN IPA MAESTROS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:862 +msgid "" +"The following options can be set in a subdomain section on an IPA master:" +msgstr "" +"Se pueden establecer las siguientes opciones en una sección subdominio sobre " +"un IPA maestro:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 +msgid "ad_server" +msgstr "ad_server" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:869 +msgid "ad_backup_server" +msgstr "ad_backup_server" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 +msgid "ad_site" +msgstr "ad_site" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:875 +msgid "ldap_search_base" +msgstr "ldap_search_base" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:878 +msgid "ldap_user_search_base" +msgstr "ldap_user_search_base" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:881 +msgid "ldap_group_search_base" +msgstr "ldap_group_search_base" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:890 +msgid "OPTIONS TUNABLE ON IPA CLIENTS" +msgstr "OPCIONES AJUSTABLES SOBRE CLIENTES IPA" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:892 +msgid "" +"The following options can be set in a subdomain section on an IPA client:" +msgstr "" +"Las siguientes opciones pueden ser establecidas en una sección subdominio " +"sobre un cliente IPA:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:904 +msgid "" +"Note that if both options are set, only <quote>ad_server</quote> is " +"evaluated." +msgstr "" +"Advierta que si ambas opciones están establecidas solo se evalúa " +"<quote>ad_server</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:908 +msgid "" +"Since any request for a user or a group identity from a trusted domain " +"triggered from an IPA client is resolved by the IPA server, the " +"<quote>ad_server</quote> and <quote>ad_site</quote> options only affect " +"which AD DC will the authentication be performed against. In particular, the " +"addresses resolved from these lists will be written to <quote>kdcinfo</" +"quote> files read by the Kerberos locator plugin. Please refer to the " +"<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more details on the " +"Kerberos locator plugin." +msgstr "" +"Puesto que cualquier petición para una identidad de usuario o de grupo de un " +"dominio de confianza disparada desde un cliente IPA se resuelve por el " +"servidor IPA, las opciones <quote>ad_server</quote> y <quote>ad_site</quote> " +"solo afectan a que AD DC llevará a cabo la autenticación. En concreto, las " +"direcciones resueltas desde estas listas serán escritas a ficheros " +"<quote>kdcinfo</quote> leídos por el complemento localizador Kerberos. Por " +"favor vea la página de manual <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> para mas detalles sobre el complemento " +"localizador Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:932 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" +"El siguiente ejemplo asume que SSSD está correctamente configurado y example." +"com es uno de los dominios en la sección <replaceable>[sssd]</replaceable>. " +"Este ejemplo muestra sólo las opciones específicas del proveedor ipa." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:939 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "sssd-ad" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "Proveedor SSSD Active Directory" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Esta página de manual describe la configuración del proveedor AD para " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Para una referencia detallada de sintaxis, vea la sección " +"<quote>FILE FORMAT</quote> de la página de manual <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available. Back end communication occurs over a GSSAPI-encrypted " +"channel, SSL/TLS options should not be used with the AD provider and will be " +"superseded by Kerberos usage." +msgstr "" +"El proveedor AD es el punto final usado para conectar a un servidor Active " +"Directory. Este proveedor requiere que la máquina esté unida al dominio AD y " +"que una tabla de claves esté disponible. La comunicación con el punto final " +"se efectúa sobre un canal encriptado GSSAPI, las opciones SSL/TLS no " +"deberían ser usadas con el proveedor y serán reemplazadas por la utilización " +"Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:44 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" +"El proveedor AD soporta la conexión a Active Directory 2008 R2 o " +"posteriores. Las versiones anteriores pueden trabajar, pero no está " +"soportadas." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:48 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" +"El proveedor AD puede ser usado para obtener información de usuario y " +"autenticar usuarios desde dominios de confianza. Actualmente solo se " +"reconocen los dominios de confianza del mismo bosque. Además, los servidores " +"de dominios de confianza siempre se descubren automáticamente." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:54 +msgid "" +"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for Active Directory environments. The AD provider accepts the " +"same options used by the sssd-ldap and sssd-krb5 providers with some " +"exceptions. However, it is neither necessary nor recommended to set these " +"options." +msgstr "" +"El proveedor AD habilita a SSSD para usar el proveedor de identidad " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> y el proveedor de autenticación <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> con optimizaciones para entornos Active Directory. El " +"proveedor AD provider aceptas las mismas opciones usadas por los proveedores " +"sssd-ldap y sssd-krb5 cn algunas excepciones. Sin embargo, no es necesario " +"ni recomendable establecer estas opciones." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"The AD provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" +"El proveedor AD copia principalmente las opciones predeterminadas " +"tradicionales de los proveedores ldap y krb5 con algunas excepciones, las " +"diferencias están listadas en la sección <quote>OPCIONES PREDETERMINADAS " +"MODIFICADAS</quote>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:74 +msgid "" +"The AD provider can also be used as an access, chpass, sudo and autofs " +"provider. No configuration of the access provider is required on the client " +"side." +msgstr "" +"El proveedor AD puede ser también usado como un proveedor de acceso chpass, " +"sudo y autofs. No se requiere configuración del proveedor de acceso en el " +"lado cliente." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:79 +msgid "" +"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ad</" +"quote>." +msgstr "" +"Si está configurado <quote>auth_provider=ad</quote> o " +"<quote>access_provider=ad</quote> en sssd.conf id_provider debe ser también " +"establecido a <quote>ad</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:91 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" +"ldap_id_mapping = False\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:85 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should " +"be used, it is recommended for performance reasons that the attributes are " +"also replicated to the Global Catalog. If POSIX attributes are replicated, " +"SSSD will attempt to locate the domain of a requested numerical ID with the " +"help of the Global Catalog and only search that domain. In contrast, if " +"POSIX attributes are not replicated to the Global Catalog, SSSD must search " +"all the domains in the forest sequentially. Please note that the " +"<quote>cache_first</quote> option might be also helpful in speeding up " +"domainless searches. Note that if only a subset of POSIX attributes is " +"present in the Global Catalog, the non-replicated attributes are currently " +"not read from the LDAP port." +msgstr "" +"De manera predeterminada, el proveedor AD mapeará los valores UID y GID " +"desde el parámetro objectSID en Active Directory. Para detalles sobre esto, " +"vea la sección <quote>MAPEO DE ID</quote> abajo. Si usted desea deshabilitar " +"el mapeo de ID y en su lugar confiar en los atributos POSIX definidos en " +"Active Directory, usted debería establecer <placeholder " +"type=\"programlisting\" id=\"0\"/> Si se usarán los atributos POSIX, se " +"recomienda que por razones de rendimientos estos atributos sean también " +"replicados en el Catálogo Global. Si los atributos POSIX están replicados, " +"SSSD intentará localizar el dominio de una ID numérica pedida con la ayuda " +"del Catálogo Global y solo busca en ese dominio. Por el contrario, si los " +"atributos POSIX no están replicados en el Catálogo Global, SSSD debe buscar " +"en todos los dominios del bosque secuencialmente. Por favor advierta que la " +"opción <quote>cache_first</quote> option también podría ser útil para " +"acelerar las búsquedas sin dominio. Advierta que si en el Catálogo Global " +"solo esta presente un subconjunto de atributos POSIX, los atributos no " +"replicados no se leen actualmente desde el puerto LDAP." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:108 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" +"Los usuarios, grupos y otras entidades servidas por SSSD son tratadas " +"siempre como sensibles a mayúsculas y minúsculas en el proveedor AD por " +"compatibilidad con la implementación LDAP de Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:113 +msgid "" +"SSSD only resolves Active Directory Security Groups. For more information " +"about AD group types see: <ulink url=\"https://docs.microsoft.com/en-us/" +"windows-server/identity/ad-ds/manage/understand-security-groups\"> Active " +"Directory security groups</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:120 +msgid "" +"SSSD filters out Domain Local groups from remote domains in the AD forest. " +"By default they are filtered out e.g. when following a nested group " +"hierarchy in remote domains because they are not valid in the local domain. " +"This is done to be in agreement with Active Directory's group-membership " +"assignment which can be seen in the PAC of the Kerberos ticket of a user " +"issued by Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:138 +msgid "ad_domain (string)" +msgstr "ad_domain (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:141 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" +"Especifica el nombre del dominio Active Directory. Esto es opcional. Si no " +"se suministra, se usa la configuración del nombre de dominio." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:146 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" +"Para una operativa apropiada, esta opción sería especificada en la versión " +"minúscula de la versión larga del dominio Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:151 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" +"El nombre corto de dominio (también conocido como el NetBIOS o el nombre " +"pano) es autodetectado por SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:158 +msgid "ad_enabled_domains (string)" +msgstr "ad_enabled_domains (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:161 +#, fuzzy +#| msgid "" +#| "A comma-separated list of enabled Active Directory domains. If provided, " +#| "SSSD will ignore any domains not listed in this option. If left unset, " +#| "all domains from the AD forest will be available." +msgid "" +"A comma-separated list of enabled Active Directory domains. If provided, " +"SSSD will ignore any domains not listed in this option. If left unset, all " +"discovered domains from the AD forest will be available." +msgstr "" +"Una lista separada por comas de dominios Active Directory habilitados. Si se " +"suministra, SSSD ignorará cualquier dominio no listado en esta opción. Si se " +"deja sin establecer, estarán disponibles todos los dominios del bosque AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:168 +msgid "" +"During the discovery of the domains SSSD will filter out some domains where " +"flags or attributes indicate that they do not belong to the local forest or " +"are not trusted. If ad_enabled_domains is set, SSSD will try to enable all " +"listed domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:179 +#, no-wrap +msgid "" +"ad_enabled_domains = sales.example.com, eng.example.com\n" +" " +msgstr "" +"ad_enabled_domains = sales.example.com, eng.example.com\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:175 +msgid "" +"For proper operation, this option must be specified in all lower-case and as " +"the fully qualified domain name of the Active Directory domain. For example: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Para una operativa apropiada, esta opción debe ser especificada en " +"minúsculas y con el nombre totalmente cualificado del dominio Active " +"Directory. Por ejemplo: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) will be " +"autodetected by SSSD." +msgstr "" +"El nombre corto de dominio (también conocido como NetBIOS o el nombre plano) " +"será autodetectado por SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:193 +msgid "ad_server, ad_backup_server (string)" +msgstr "ad_server, ad_backup_server (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:196 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" +"La lista separada por comas de nombres de host de los servidores AD a los " +"que SSSD debería conectarse en orden de preferencia. Para mas información " +"sobre conmutación por error y redundancia del servidor, vea la sección " +"<quote>CONMUTACIÓN POR ERROR</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:203 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"Esto es opcional si el autodescubrimiento está habilitado. Para mas " +"información sobre el servicio de descubrimiento, vea la sección " +"<quote>SERVICIO DE DESCUBRIMIENTO</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:208 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" +"Nota: Los dominios de confianza siempre detectarán automáticamente los " +"servidores aunque el servidor primario esté definido explícitamente en la " +"opción ad_server." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:216 +msgid "ad_hostname (string)" +msgstr "ad_hostname (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:219 +msgid "" +"Optional. On machines where the hostname(5) does not reflect the fully " +"qualified name, sssd will try to expand the short name. If it is not " +"possible or the short name should be really used instead, set this parameter " +"explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:226 +msgid "" +"This field is used to determine the host principal in use in the keytab and " +"to perform dynamic DNS updates. It must match the hostname for which the " +"keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:235 +msgid "ad_enable_dns_sites (boolean)" +msgstr "ad_enable_dns_sites (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" +"Si esta a true y el servicio de descubrimiento (vea el párrafo Servicio de " +"Descubrimiento al final de la página de manual) está habiitado, SSSD " +"intentará primero descubrir el servidor Active Directory usando Active " +"Directory Site Discovery y recurre a loas registros DNS SRV si no encuentra " +"sitio AD. La configuración DNS SRV, incluyendo el descubrimiento de dominio, " +"se usa durante el descubrimiento de sitio también." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:258 +msgid "ad_access_filter (string)" +msgstr "ad_access_filter (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:261 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" +"Esta opción especifica el filtro de control de acceso LDAP con el que el " +"usuario debe coincidir con el objetivo de tener permitido el acceso. Por " +"favor advierta que la opción <quote>access_provider</quote> debe estar " +"establecida explícitamente a <quote>ad</quote> con el objetivo de que esta " +"opción tenga efecto." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:269 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" +"Esta opción también soporta que se especifiquen diferentes filtros por " +"dominio o bosque. Este filtro extendido consiste en: <quote>KEYWORD:NAME:" +"FILTER</quote>. La palabra clave puede ser <quote>DOM</quote>, " +"<quote>FOREST</quote> o ninguna." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:277 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" +"Si la palabra clave es igual a <quote>DOM</quote> o es ninguna, <quote>NAME</" +"quote> especifica el dominio o subdominio al que se aplica el filtro. Si la " +"palabra clave es igual a <quote>FOREST</quote>, el filtro iguala a todos los " +"dominios del bosque especificado por <quote>NAME</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:285 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" +"Se pueden separar múltiples filtros con el carácter <quote>?</quote>, de " +"modo similar a como funcionan las bases de búsqueda." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"Nested group membership must be searched for using a special OID " +"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain." +"example.org: syntax to ensure the parser does not attempt to interpret the " +"colon characters associated with the OID. If you do not use this OID then " +"nested group membership will not be resolved. See usage example below and " +"refer here for further information about the OID: <ulink url=\"https://msdn." +"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP " +"extensions</ulink>" +msgstr "" +"La membresía de grupo anidada debe ser buscada usando una OID especial " +"<quote>:1.2.840.113556.1.4.1941:</quote> además de la sintaxis completa DOM:" +"domain.example.org: para asegurar que el analizador no intente interpretar " +"el carácter dos puntos asociado con el OID. Si usted no usa este OID la " +"membresía de grupo anidada no será resuelta. Vea el ejemplo de utlización " +"abajo y vaya aquí para ampliar información sobre OID: <ulink url=\"https://" +"msdn.microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] sección " +"extensiones LDAP</ulink>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:303 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" +"Siempre se usa la coincidencia mas especifica. Por ejemplo, si la opción " +"especifica un filtro pra un dominio del que el usuario es miembro y un " +"filtro global, se aplicará el filtro por dominio. Si hay mas coincidencias " +"con la misma especificación se usa la primera." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:314 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +"\n" +"# apply filter for a member of a nested group in dom1:\n" +"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" +"# aplicar filtro sobre el dominio llamado dom1 solo:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# aplicar filtro sobre el dominio llamado dom2 solo:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# aplicar filtro sobre un bosque llamado EXAMPLE.COM solo:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +"\n" +"# aplicar filtro para un miembro de un grupo anidado en dom1:\n" +"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:333 +msgid "ad_site (string)" +msgstr "ad_site (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" +"Especifica el sitio AD al que el cliente intentará cnectar. Si no se " +"suministra esta opción se autodescubrirá el sitio AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:347 +msgid "ad_enable_gc (boolean)" +msgstr "ad_enable_gc (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:350 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" +"De modo predeterminado, SSSD conecta primero al Catálogo Global para " +"recuperar usuarios de los dominios de confianza y usa el ouerto LDAP para " +"recuperar membresías de grupo o plan de reserva. Deshabilitando esta opción " +"hace que SSSD solo conecte al puerto LDAP del servidor AD actual." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:358 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" +"Por favor advierta que deshabilitando el soporte de Catálogo Global no " +"deshabilita la recogida de usuarios de los dominios de confianza. SSSD " +"conectaría al puerto LDAP de los dominios de confianza en su lugar. Sin " +"embargo, Catálogo Global debe ser usado con el objetivo de resolver las " +"membresías de grupo de dominio cruzado." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:372 +msgid "ad_gpo_access_control (string)" +msgstr "ad_gpo_access_control (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" +"Esta opción especifica el modo de operación para la funcionalidad de control " +"de acceso basado en GPO: si opera en modo deshabilitado, modo reforzado o " +"modo permisivo. Por favor advierta que la opción <quote>access_provider</" +"quote> debe ser explícitamente establecida a <quote>ad</quote> con el " +"objetivo de que esta opción tenga efecto." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:384 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to the host. For more " +"information on the supported policy settings please refer to the " +"<quote>ad_gpo_map</quote> options." +msgstr "" +"La funcionalidad de control de acceso basado en GPO usa ajustes de política " +"GPO para determinar si un usuario concreto tiene autorizado acceder al host. " +"Para mas información sobre los ajustes de política soportados vea las " +"opciones <quote>ad_gpo_map</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:392 +msgid "" +"Please note that current version of SSSD does not support Active Directory's " +"built-in groups. Built-in groups (such as Administrators with SID " +"S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See " +"upstream issue tracker https://github.com/SSSD/sssd/issues/5063 ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:401 +msgid "" +"Before performing access control SSSD applies group policy security " +"filtering on the GPOs. For every single user login, the applicability of the " +"GPOs that are linked to the host is checked. In order for a GPO to apply to " +"a user, the user or at least one of the groups to which it belongs must have " +"following permissions on the GPO:" +msgstr "" +"Antes de realizar el control de acceso, SSSD aplica el filtrado de seguridad " +"de la política de grupo en los GPO. Por cada inicio de sesión de usuario, la " +"aplicabilidad de los GPOs que están enlazados al host es chequeado. Para que " +"un GPO se aplique a un usuario, el usuario o al menos uno de los grupos a " +"los que pertenece debe tener los siguientes permisos en el GPO:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:411 +msgid "" +"Read: The user or one of its groups must have read access to the properties " +"of the GPO (RIGHT_DS_READ_PROPERTY)" +msgstr "" +"Lectura: El usuario o uno de sus grupos debe tener acceso de lectura a las " +"propiedad de la GPO (RIGHT_DS_READ_PROPERTY)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:418 +msgid "" +"Apply Group Policy: The user or at least one of its groups must be allowed " +"to apply the GPO (RIGHT_DS_CONTROL_ACCESS)." +msgstr "" +"Aplicar Política de Grupo: El usuario o al menos uno de sus grupos debe " +"tener permiso para aplicar la GPO (RIGHT_DS_CONTROL_ACCESS)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:426 +msgid "" +"By default, the Authenticated Users group is present on a GPO and this group " +"has both Read and Apply Group Policy access rights. Since authentication of " +"a user must have been completed successfully before GPO security filtering " +"and access control are started, the Authenticated Users group permissions on " +"the GPO always apply also to the user." +msgstr "" +"Por defecto, el grupo Usuarios Autenticados está presente sobre un GPO y " +"este grupo tiene derechos de acceso tanto de Lectura como de Aplicar " +"Política de Grupo. Puesto que la autenticación de un usuario debe haberse " +"completado con éxito antes del filtrado de seguridad GPO y el control de " +"acceso está arrancado, los permisos del grupo Usuarios Autenticados sobre el " +"GPO se aplicarán siempre también al usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:435 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing. For logging GPO-based access control debug level 'trace " +"functions' is required (see <citerefentry> <refentrytitle>sssctl</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)." +msgstr "" +"AVISO: Si el modo operativo está establecido en enforcing (hacer cumplir), " +"es posible que a usuarios que antes se les permitía el acceso se les " +"deniegue ahora (como dictan los ajustes de política GPO). Con el objetivo de " +"facilitar una transición suave a los administradores, hay un modo permisivo " +"disponible que no aplicará las reglas de control de acceso, pero as evaluará " +"y sacará un mensaje de registro de sistema si el acceso debería haber sido " +"denegado. Examinando los registros los administradores pueden hacer los " +"cambios necesario antes de establecer el modo enforcing. Para registrar el " +"control de acceso basado en GPO, se requiere un nivel de depuración " +"'funciones de rastreo' (vea las páginas de manual <citerefentry> " +"<refentrytitle>sssctl</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "There are three supported values for this option:" +msgstr "Hay tres valores soportados para esta opción:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:458 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" +"disabled (deshabilitado): Las reglas de control de acceso basadas en GPO no " +"son evaluadas ni aplicadas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:464 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" +"enforcing (hacer cumplir): Las reglas de control de acceso basadas en GPO " +"son evaluadas y aplicadas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:470 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" +"permissive (permisivo): Las reglas de control de acceso GPO son evaluadas " +"pero no se hacen cumplir. En su lugar, se emitirá un mensaje de registro de " +"sistema indicando que se hubiera denegado el acceso al sistema del usuario " +"si el valor de la opción estuviera establecido en enforcing." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:481 +msgid "Default: permissive" +msgstr "Predeterminado: permissive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:484 +msgid "Default: enforcing" +msgstr "Predeterminado: enforcing" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:490 +msgid "ad_gpo_implicit_deny (boolean)" +msgstr "ad_gpo_implicit_deny (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:493 +msgid "" +"Normally when no applicable GPOs are found the users are allowed access. " +"When this option is set to True users will be allowed access only when " +"explicitly allowed by a GPO rule. Otherwise users will be denied access. " +"This can be used to harden security but be careful when using this option " +"because it can deny access even to users in the built-in Administrators " +"group if no GPO rules apply to them." +msgstr "" +"Normalmente cuando no se encuentras GPOs aplicables los usuarios tienen " +"permitido el acceso. Cuando se establece esta opción a True los usuarios " +"tendrán permitido el acceso solo cuando este explícitamente permitido por " +"una regla GPO. En otro caso el acceso de usuarios será denegado. Esto se " +"puede usar para fortalecer la seguridad, pero tenga cuidado al usar esta " +"opción, ya que puede denegar el acceso incluso a los usuarios en el grupo de " +"administradores integrados si no se aplican reglas de GPO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:509 +msgid "" +"The following 2 tables should illustrate when a user is allowed or rejected " +"based on the allow and deny login rights defined on the server-side and the " +"setting of ad_gpo_implicit_deny." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:521 +#, fuzzy +#| msgid "ad_gpo_implicit_deny (boolean)" +msgid "ad_gpo_implicit_deny = False (default)" +msgstr "ad_gpo_implicit_deny (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "allow-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "deny-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:523 sssd-ad.5.xml:549 +msgid "results" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:526 sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:552 +#: sssd-ad.5.xml:555 sssd-ad.5.xml:558 +msgid "missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:527 +#, fuzzy +#| msgid "All users are recorded." +msgid "all users are allowed" +msgstr "Se graban todos los usuarios." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:535 sssd-ad.5.xml:555 +#: sssd-ad.5.xml:558 sssd-ad.5.xml:561 +msgid "present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:530 +msgid "only users not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:533 sssd-ad.5.xml:559 +#, fuzzy +#| msgid "The following values are allowed:" +msgid "only users in allow-rules are allowed" +msgstr "Los siguientes valores están permitidos:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:536 sssd-ad.5.xml:562 +msgid "only users in allow-rules and not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:547 +#, fuzzy +#| msgid "ad_gpo_implicit_deny (boolean)" +msgid "ad_gpo_implicit_deny = True" +msgstr "ad_gpo_implicit_deny (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:553 sssd-ad.5.xml:556 +#, fuzzy +#| msgid "No users are recorded." +msgid "no users are allowed" +msgstr "NO se grabaron usuarios." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:569 +msgid "ad_gpo_ignore_unreadable (boolean)" +msgstr "ad_gpo_ignore_unreadable (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:572 +msgid "" +"Normally when some group policy containers (AD object) of applicable group " +"policy objects are not readable by SSSD then users are denied access. This " +"option allows to ignore group policy containers and with them associated " +"policies if their attributes in group policy containers are not readable for " +"SSSD." +msgstr "" +"Normalmente cuando algunos contenedores de políticas de grupo (objeto AD) de " +"pbjetos aplicables de políticas de grupo no son legibles por SSSD se les " +"niega el acceso a los usuarios. Esta opción permite ignorar los contenedores " +"de política de grupo y con ello las políticas asociadas si sus atributos en " +"los contenedores de política de grupo no son legibles por SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:589 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:605 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:608 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings. Only those GPOs are evaluated " +"for which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny interactive logon setting for the user or one of its groups, the user " +"is denied local access. If none of the evaluated GPOs has an interactive " +"logon right defined, the user is granted local access. If at least one " +"evaluated GPO contains interactive logon right settings, the user is granted " +"local access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:626 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:640 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:631 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:663 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:683 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:688 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:693 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:698 +msgid "unity" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:703 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:712 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:715 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings. Only those GPOs are " +"evaluated for which the user has Read and Apply Group Policy permission (see " +"option <quote>ad_gpo_access_control</quote>). If an evaluated GPO contains " +"the deny remote logon setting for the user or one of its groups, the user is " +"denied remote interactive access. If none of the evaluated GPOs has a " +"remote interactive logon right defined, the user is granted remote access. " +"If at least one evaluated GPO contains remote interactive logon right " +"settings, the user is granted remote access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:734 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:749 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:740 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:757 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:762 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:771 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny network logon setting for the user or one of its groups, the user is " +"denied network logon access. If none of the evaluated GPOs has a network " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains network logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:792 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:807 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:798 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:815 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:820 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:829 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:832 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings. Only those GPOs are evaluated for which the user has Read " +"and Apply Group Policy permission (see option <quote>ad_gpo_access_control</" +"quote>). If an evaluated GPO contains the deny batch logon setting for the " +"user or one of its groups, the user is denied batch logon access. If none " +"of the evaluated GPOs has a batch logon right defined, the user is granted " +"logon access. If at least one evaluated GPO contains batch logon right " +"settings, the user is granted logon access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:850 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:864 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:855 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:867 +msgid "" +"Note: Cron service name may differ depending on Linux distribution used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:873 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:882 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:885 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny service logon setting for the user or one of its groups, the user is " +"denied service logon access. If none of the evaluated GPOs has a service " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains service logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:903 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:916 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:908 sssd-ad.5.xml:983 +msgid "" +"It is possible to add a PAM service name to the default set by using " +"<quote>+service_name</quote>. Since the default set is empty, it is not " +"possible to remove a PAM service name from the default set. For example, in " +"order to add a custom pam service name (e.g. <quote>my_pam_service</quote>), " +"you would use the following configuration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:926 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:929 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:943 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:934 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:951 +msgid "polkit-1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:966 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:975 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:978 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:991 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1001 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1004 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1017 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1026 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1031 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1036 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1041 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1046 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1051 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1057 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1063 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1066 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1072 +msgid "Default: 30 days" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1078 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1081 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expects 2 integers separated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the initial timeout in seconds before the task is run for the " +"first time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1090 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1096 +msgid "ad_update_samba_machine_account_password (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1099 +msgid "" +"If enabled, when SSSD renews the machine account password, it will also be " +"updated in Samba's database. This prevents Samba's copy of the machine " +"account password from getting out of date when it is set up to use AD for " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1112 +msgid "ad_use_ldaps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1115 +msgid "" +"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " +"3628. If this option is set to True SSSD will use the LDAPS port 636 and " +"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " +"have multiple encryption layers on a single connection and we still want to " +"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " +"property maxssf is set to 0 (zero) for those connections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1132 +#, fuzzy +#| msgid "ldap_sudo_include_netgroups (boolean)" +msgid "ad_allow_remote_domain_local_groups (boolean)" +msgstr "sudo_include_netgroups (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1135 +msgid "" +"If this option is set to <quote>true</quote> SSSD will not filter out Domain " +"Local groups from remote domains in the AD forest. By default they are " +"filtered out e.g. when following a nested group hierarchy in remote domains " +"because they are not valid in the local domain. To be compatible with other " +"solutions which make AD users and groups available on Linux client this " +"option was added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1145 +msgid "" +"Please note that setting this option to <quote>true</quote> will be against " +"the intention of Domain Local group in Active Directory and <emphasis>SHOULD " +"ONLY BE USED TO FACILITATE MIGRATION FROM OTHER SOLUTIONS</emphasis>. " +"Although the group exists and user can be member of the group the intention " +"is that the group should be only used in the domain it is defined and in no " +"others. Since there is only one type of POSIX groups the only way to achieve " +"this on the Linux side is to ignore those groups. This is also done by " +"Active Directory as can be seen in the PAC of the Kerberos ticket for a " +"local service or in tokenGroups requests where remote Domain Local groups " +"are missing as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1161 +msgid "" +"Given the comments above, if this option is set to <quote>true</quote> the " +"tokenGroups request must be disabled by setting <quote>ldap_use_tokengroups</" +"quote> to <quote>false</quote> to get consistent group-memberships of a " +"users. Additionally the Global Catalog lookup should be skipped as well by " +"setting <quote>ad_enable_gc</quote> to <quote>false</quote>. Finally it " +"might be necessary to modify <quote>ldap_group_nesting_level</quote> if the " +"remote Domain Local groups can only be found with a deeper nesting level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1184 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1214 +msgid "Default: 3600 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1230 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1243 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true. Note that the " +"lowest possible value is 60 seconds in-case if value is provided less than " +"60, parameter will assume lowest value only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1393 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" +"El siguiente ejemplo asume que SSSD está correctamente configurado y example." +"com es uno de los dominios en la sección <replaceable>[sssd]</replaceable>. " +"Este ejemplo muestra sólo las opciones específicas del proveedor AD." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1400 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1420 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1416 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"El proveedor de control de acceso AD comprueba si la cuenta está expirada. " +"Tiene el mismo efecto que la siguiente configuración del proveedor LDAP: " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1426 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1434 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included in the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "sssd-sudo" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "Configuración de sudo con el motor de SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" +"Esta página de manual describe como configurar <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"para trabajar con <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> y como SSSD esconde reglas sudo." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "Configurando sudo para cooperar con SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" +"Para habilitar SSSD como una fuente de reglas sudo, añada <emphasis>sss</" +"emphasis> a la entrada <emphasis>sudoers</emphasis> en <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" +"Por ejemplo, para configurar sudo para primero buscar reglas en el fichero " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> estándar (que contendría reglas para aplicar al " +"usuario local) y después en SSSD, el fichero nsswitch.conf contiene la " +"siguiente línea:" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "sudoers: files sss\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" +"Más información sobre la configuración del orden de búsqueda de sudoers " +"desde el fichero nsswuitch.conf así información sobre el esquema LDAP que se " +"usa para almacenar reglas sudo en el directorio se puede encontrar en " +"<citerefentry> <refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "Configurando SSSD para ir a buscar reglas sudo" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" +"El siguiente ejemplo muestra como configurar SSSD para descargar reglas sudo " +"desde un servidor LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:98 +msgid "" +"<placeholder type=\"programlisting\" id=\"0\"/> <phrase " +"condition=\"have_systemd\"> It's important to note that on platforms where " +"systemd is supported there's no need to add the \"sudo\" provider to the " +"list of services, as it became optional. However, sssd-sudo.socket must be " +"enabled instead. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:118 +msgid "" +"When SSSD is configured to use IPA as the ID provider, the sudo provider is " +"automatically enabled. The sudo search base is configured to use the IPA " +"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in " +"sssd.conf, this value will be used instead. The compat tree (ou=sudoers," +"$SUFFIX) is no longer required for IPA sudo functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:128 +msgid "The SUDO rule caching mechanism" +msgstr "El mecanismo de almacenamiento en cache de regla SUDO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:130 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" +"El mayor desafío, cuando se desarrolla soporte sudo en SSSD, fue asegurar " +"que ejecutando sudo con SSSD como la fuente de datos suministre la misma " +"experiencia de usuario y sea tan rápido como sudo pero se mantenga " +"proporcionando el conjunto más actual de reglas como sea posible. Para " +"satisfacer estos requisitos, SSSD usa tres clases de actualizaciones. A " +"ellas nos referimos como refresco total, refresco inteligente y refresco de " +"reglas." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:138 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" +"El <emphasis>refresco inteligente</emphasis> periódicamente descarga reglas " +"que son nuevas o fueron modificadas desde la última actualización. Su " +"objetivo principal es mantener la base de datos creciendo mediante la " +"atracción de pequeños incrementos que no generen grandes cantidades de " +"tráfico de red." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:144 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" +"<emphasis>full refresh</emphasis> simplemente refresca todas las reglas sudo " +"almacenadas en el cache y las reemplaza con las reglas que están almacenadas " +"en el servidor. Esto se usa para mantener el cache consistente borrando cada " +"regla que fue borrada del servidor. Sin embargo, un refresco total puede " +"producir gran cantidad de tráfico y por lo tanto debería ser ejecutado sólo " +"ocasionalmente dependiendo del tamaño y de la estabilidad de las reglas sudo." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" +"El <emphasis>refresco de reglas</emphasis> asegura que no concedamos más " +"permisos al usuario que los definidos. Se dispara cada vez que el usuario " +"ejecuta sudo. El refresco de reglas encontrará todas las reglas que se " +"apliquen a ese usuario, comprobará su tiempo de expiración y las recargará " +"si han expirado. En el caso de que alguna de esas reglas estén desaparecidas " +"del servidor, SSSD hará un refresco total fuera de banda puesto que más " +"reglas (que apliquen a otros usuarios) pueden haber sido borradas." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:161 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" +"Si está habilitado, SSSD almacenará sólo las reglas que pueden ser aplicadas " +"a esa máquina. Esto indica reglas que contienen uno de los siguientes " +"valores en el atributo <emphasis>sudoHost</emphasis>:" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:168 +msgid "keyword ALL" +msgstr "keyword ALL" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:173 +msgid "wildcard" +msgstr "comodines" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:178 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "netgroup (en la forma \"+netgroup\")" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:183 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" +"nombre de host o nombre de dominio totalmente cualificado de esta máquina" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:188 +msgid "one of the IP addresses of this machine" +msgstr "una de las direcciones IP de esta máquina" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:193 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" +"una de las direcciones IP de la red (en la forma \"dirección/máscara\")" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:199 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Hay muchas opciones de configuración que pueden ser usadas para ajustar el " +"comportamiento. Por favor vea \"ldap_sudo_*\" en <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> y \"sudo_*\" en <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:213 +msgid "Tuning the performance" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:215 +msgid "" +"SSSD uses different kinds of mechanisms with more or less complex LDAP " +"filters to keep the cached sudo rules up to date. The default configuration " +"is set to values that should satisfy most of our users, but the following " +"paragraphs contain few tips on how to fine- tune the configuration to your " +"requirements." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:222 +msgid "" +"1. <emphasis>Index LDAP attributes</emphasis>. Make sure that following LDAP " +"attributes are indexed: objectClass, cn, entryUSN or modifyTimestamp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:227 +msgid "" +"2. <emphasis>Set ldap_sudo_search_base</emphasis>. Set the search base to " +"the container that holds the sudo rules to limit the scope of the lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:232 +msgid "" +"3. <emphasis>Set full and smart refresh interval</emphasis>. If your sudo " +"rules do not change often and you do not require quick update of cached " +"rules on your clients, you may consider increasing the " +"<emphasis>ldap_sudo_full_refresh_interval</emphasis> and " +"<emphasis>ldap_sudo_smart_refresh_interval</emphasis>. You may also consider " +"disabling the smart refresh by setting " +"<emphasis>ldap_sudo_smart_refresh_interval = 0</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:241 +msgid "" +"4. If you have large number of clients, you may consider increasing the " +"value of <emphasis>ldap_sudo_random_offset</emphasis> to distribute the load " +"on the server better." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "sssd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "System Security Services Daemon" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" +"<command>SSSD</command> suministra un conjunto de demonios para gestionar el " +"acceso a directorios remotos y mecanismos de autenticación. Suministra una " +"interfaz NSS y PAM hacia el sistema y un sistema de parte trasera conectable " +"para conectar múltiples fuentes de cuentas diferentes así como interfaz D-" +"Bus. Es también la base para suministrar servicios de auditoría y política a " +"los clientes para proyectos como FreeIPA. Suministra una base de datos más " +"robusta para almacenar los usuarios locales así como datos de usuario " +"extendidos." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>NIVEL</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" +"<emphasis>1</emphasis>: Agregar marca de tiempo a mensajes de depuración " + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" +"<emphasis>0</emphasis>: Desactiva marca de tiempo en mensajes de depuración" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" +"<emphasis>1</emphasis>: Agregar microsegundos a la marca de tiempo en " +"mensajes de depuración" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "<emphasis>0</emphasis>: Desactiva microsegundos en marcas de tiempo" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>--logger=</option><replaceable>value</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "Location where SSSD will send log messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:92 +msgid "" +"<emphasis>stderr</emphasis>: Redirect debug messages to standard error " +"output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:96 +msgid "" +"<emphasis>files</emphasis>: Redirect debug messages to the log files. By " +"default, the log files are stored in <filename>/var/log/sssd</filename> and " +"there are separate log files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:102 +msgid "" +"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:106 +#, fuzzy +#| msgid "Default: not set, fallback to InfoPipe option" +msgid "" +"Default: not set (fall back to journald if available, otherwise to stderr)" +msgstr "Por defecto: no ajustada, retroceder a opción InfoPipe" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:113 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "<option>-D</option>,<option>--daemon</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:117 +msgid "Become a daemon after starting up." +msgstr "Convertido en un demonio después de la puesta en marcha." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:123 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "<option>-i</option>,<option>--interactive</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:127 +msgid "Run in the foreground, don't become a daemon." +msgstr "Ejecutar en primer plano, no convertirse en un demonio." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:133 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "<option>-c</option>,<option>--config</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:137 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Especifica un fichero de configuración distinto al de por defecto. El por " +"defecto es <filename>/etc/sssd/sssd.conf</filename>. Para referencia sobre " +"las opciones y sintaxis del fichero de configuración, consulta la página de " +"manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "<option>-g</option>,<option>--genconf</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:154 +msgid "" +"Do not start the SSSD, but refresh the configuration database from the " +"contents of <filename>/etc/sssd/sssd.conf</filename> and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:162 +msgid "<option>-s</option>,<option>--genconf-section</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:166 +msgid "" +"Similar to <quote>--genconf</quote>, but only refresh a single section from " +"the configuration file. This option is useful mainly to be called from " +"systemd unit files to allow socket-activated responders to refresh their " +"configuration without requiring the administrator to restart the whole SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:178 +msgid "<option>--version</option>" +msgstr "<option>--version</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:182 +msgid "Print version number and exit." +msgstr "Imprimir número de versión y salir." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:190 +msgid "Signals" +msgstr "Señales" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:193 +msgid "SIGTERM/SIGINT" +msgstr "SIGTERM/SIGINT" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:196 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" +"Informa a SSSD para terminar graciosamente todos sus procesos hijos y " +"después para el monitor." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:202 +msgid "SIGHUP" +msgstr "SIGHUP" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:205 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" +"Le dice a SSSD que pare de escribir en su fichero descriptor de depuración " +"actual y cerrar y reabrirlo. Esto significa facilitar la circulación de " +"registro con programas como logrotate." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:213 +msgid "SIGUSR1" +msgstr "SIGUSR1" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:216 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:225 +msgid "SIGUSR2" +msgstr "SIGUSR2" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:228 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:240 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:244 +#, fuzzy +#| msgid "" +#| "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +#| "client applications will not use the fast in-memory cache." +msgid "" +"If the environment variable SSS_LOCKFREE is set to \"NO\", requests from " +"multiple threads of a single application will be serialized." +msgstr "" +"AVISO: Si la variable de entorno SSS_NSS_USE_MEMCACHE estça fijada a \"NO\", " +"las aplicaciones clientes no usaran la memoria cache rápida." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "sss_obfuscate" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "oscurecer un password en texto claro" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[CONTRASEÑA]</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" +"<command>sss_obfuscate</command> convierte una contraseña dada en un formato " +"no legible y la sitúa en la sección apropiada del dominio del fichero de " +"configuración SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" +"La contraseña en texto claro es leída desde la entrada estándar e " +"introducida interactivamente. La contraseña ofuscada se pone en el parámetro " +"<quote>ldap_default_authtok</quote> de un dominio SSSD dado y el parámetro " +"<quote>ldap_default_authtok_type</quote> se fija a " +"<quote>obfuscated_password</quote>. Vea <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para más " +"detalles sobre estos parámetros." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" +"Por favor advierta que oscurecer la contraseña <emphasis>no suministra un " +"beneficio real de seguridad</emphasis> y es posible para un atacante " +"mediante ingeniería inversa volver atrás la contraseña. Se recomienda " +"<emphasis>firmemente</emphasis> el uso de mejores mecanismos de " +"autenticación como certificados en el lado cliente o GSSAPI." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "<option>-s</option>,<option>--stdin</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "La contraseña a oscurecer será leída desde la entrada estándar." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMINIO</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" +"El dominio SSSD en el que usar la contraseña. El nombre por defecto es " +"<quote>default</quote>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" +"<option>-f</option>,<option>--file</option> <replaceable>ARCHIVO</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" +"Lee el fichero de configuración especificado por el parámetro posicional." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "Predeterminado: <filename>/etc/sssd/sssd.conf</filename>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:48 +msgid "" +"<emphasis>NOTE:</emphasis> The options provided in this man page only work " +"with <quote>ldap</quote> and <quote>AD</quote> <quote> id_provider</quote>. " +"IPA overrides can be managed centrally on the IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:56 sssctl.8.xml:41 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:58 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:65 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED " +"CERTIFICATE</optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:78 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:86 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:91 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:100 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:105 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:113 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:118 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:124 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:134 +msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:137 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:146 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:149 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:155 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:160 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:168 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:175 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:183 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:188 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:197 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:202 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:210 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:215 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:221 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:231 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:234 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:243 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:246 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:252 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:257 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:267 sssctl.8.xml:50 +msgid "COMMON OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:269 sssctl.8.xml:52 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:274 sssctl.8.xml:57 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "sssd-krb5" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" +"Esta página de manual describe la configuración del motor de autenticación " +"de Kerberos 5 para <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. Para una referencia detallada de " +"la sintaxis, por favor vea la sección <quote>FORMATO DE ARCHIVO</quote> de " +"la página de manual de <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" +"El motor de autenticaciónd e Kerberos 5 contiene proveedores auth y chpass. " +"Debe ir junto con un proveedor de identidad para que funcione adecuadamente " +"(por ejemplo, id_provider = ldap). Algo de información requerida por el " +"motor de autenticación de Kerberos 5 debe ser provista por el proveedor de " +"identidad, tal como el Nombre Principal del usuario de Kerberos (NPU). La " +"configuración del proveedor de identidad debe tener una entrada específica " +"para el NPU. Por favor, vea la página del manual para el proveedor de " +"identidad aplicable, para más detalles sobre cómo configurar esto." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" +"En el caso de que el NPU no esté disponible en el motor de identidad, " +"<command>sssd</command> construirá un NPU usando el formato " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" +"Especifica una lista separada por comas de direcciones IP o nombres de host " +"de los servidores Kerberos a los cuales se conectaría SSSD en orden de " +"preferencia. Para más información sobre failover y redundancia de servidor, " +"vea la sección <quote>FAILOVER</quote>. Un número de puerto opcional " +"(precedido de dos puntos) puede ser añadido a las direcciones o nombres de " +"host. Si está vacío, el servicio descubridor está habilitado; para más " +"información, vea la sección <quote>SERVICE DISCOVERY</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" +"El nombre del reino Kerberos. Esta opción se requiere y debe ser " +"especificada." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "krb5_kpasswd, krb5_backup_kpasswd (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" +"Si el servicio de cambio de contraseña no está corriendo en el KDC, se " +"pueden definir aquí servidores alternativos. Un número de puerto opcional " +"(precedido de dos puntos) debe ser añadido a las direcciones o nombres de " +"host." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" +"Para más información sobre recuperación de fallos y redundancia de servidor, " +"consulte la sección de <quote>conmutación por error</quote>. Nota: incluso " +"si no hay más servidores kpasswd para intentar, y el punto final no está " +"conmutado para trabajar fuera de línea la autenticación contra el KDC es " +"todavía posible." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "Predeterminado: Use the KDC" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "krb5_ccachedir (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "Predeterminado: /tmp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "krb5_ccname_template (string)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "%u" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "nombre de acceso" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "%U" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "UID de acceso" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "%p" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "nombre principal" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "%r" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "nombre de reino" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 include/override_homedir.xml:42 +msgid "%h" +msgstr "%h" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:124 +msgid "home directory" +msgstr "directorio home" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "%d" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:31 +msgid "%P" +msgstr "%P" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:56 +msgid "%%" +msgstr "%%" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:57 +msgid "a literal '%'" +msgstr "un literal ‘%’" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_keytab (string)" +msgstr "krb5_keytab (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" +"La localización de la keytab a usar cuando son obtenidas credenciales " +"validadas desde KDCs." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:253 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "krb5_store_password_if_offline (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:256 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:261 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:274 +msgid "krb5_use_fast (string)" +msgstr "krb5_use_fast (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:277 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" +"Habilita la autenticación segura flexible de los túneles (FSAT) para la pre-" +"autenticación Kerberos. Se soportan las siguientes opciones:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:282 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:286 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:291 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:296 +msgid "Default: not set, i.e. FAST is not used." +msgstr "Por defecto: no fijado, esto es no se usa FAST." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:299 +msgid "NOTE: a keytab or support for anonymous PKINIT is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:303 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:312 +msgid "krb5_fast_principal (string)" +msgstr "krb5_fast_principal (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:315 +msgid "Specifies the server principal to use for FAST." +msgstr "Especifica el servidor principal para usar por FAST." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:321 +#, fuzzy +#| msgid "krb5_use_kdcinfo (boolean)" +msgid "krb5_fast_use_anonymous_pkinit (boolean)" +msgstr "krb5_use_kdcinfo (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:324 +msgid "" +"If set to true try to use anonymous PKINIT instead of a keytab to get the " +"required credential for FAST. The krb5_fast_principal options is ignored in " +"this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:364 +msgid "krb5_kdcinfo_lookahead (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:367 +msgid "" +"When krb5_use_kdcinfo is set to true, you can limit the amount of servers " +"handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. This might be " +"helpful when there are too many servers discovered using SRV record." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:377 +msgid "" +"The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. " +"The first number represents number of primary servers used and the second " +"number specifies the number of backup servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:383 +msgid "" +"For example <emphasis>10:0</emphasis> means that up to 10 primary servers " +"will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " +"servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:392 +msgid "Default: 3:1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:398 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:401 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:407 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:410 +msgid "" +"The IPA provider will set to option to 'true' if it detects that the server " +"is capable of handling enterprise principals and the option is not set " +"explicitly in the config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:419 +#, fuzzy +#| msgid "krb5_use_kdcinfo (boolean)" +msgid "krb5_use_subdomain_realm (boolean)" +msgstr "krb5_use_kdcinfo (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:422 +msgid "" +"Specifies to use subdomains realms for the authentication of users from " +"trusted domains. This option can be set to 'true' if enterprise principals " +"are used with upnSuffixes which are not known on the parent domain KDCs. If " +"the option is set to 'true' SSSD will try to send the request directly to a " +"KDC of the trusted domain the user is coming from." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:438 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:453 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:458 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:485 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:493 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "sss_cache" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "lleva a cabo la limpieza del escondrijo" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online. Options that invalidate a single object only accept a " +"single provided argument." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:43 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:47 +msgid "Invalidate all cached entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:53 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:58 +msgid "Invalidate specific user." +msgstr "Invalida el usuario específico." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:64 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "<option>-U</option>,<option>--users</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:68 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" +"Invalida todos los registros de usuario. Esta opción anula la invalidación " +"de usuario específico si también está fijada." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:75 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:80 +msgid "Invalidate specific group." +msgstr "Invalida grupo específico." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:86 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "<option>-G</option>,<option>--groups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:90 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" +"Invalida todos los registros de grupo. Esta opción anula la invalidación de " +"grupo específico si también está fijada." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:97 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:102 +msgid "Invalidate specific netgroup." +msgstr "Invalida grupo de red específico." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:108 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "<option>-N</option>,<option>--netgroups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:112 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" +"Invalida todos los registros de grupo de red. Esta opción anula la " +"invalidación de grupo de red específico si también está fijada." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:119 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:124 +msgid "Invalidate specific service." +msgstr "Invalida servicio específico" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:130 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "<option>-S</option>,<option>--services</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:134 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" +"Invalida todos los archivos de servicio. Esta opción anula la invalidación " +"de servicio específico si también fue fijada." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:141 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:146 +msgid "Invalidate specific autofs maps." +msgstr "Invalida mapas específicos autofs." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:152 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "<option>-A</option>,<option>--autofs-maps</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:156 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" +"Invalida todos los mapas autofs. Esta opción anula la invalidación de mapa " +"específico si fue fijada." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:163 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:168 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:174 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:178 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:186 +msgid "" +"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:191 +msgid "Invalidate particular sudo rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:197 +msgid "<option>-R</option>,<option>--sudo-rules</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:201 +msgid "" +"Invalidate all cached sudo rules. This option overrides invalidation of " +"specific sudo rule if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:209 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:214 +msgid "Restrict invalidation process only to a particular domain." +msgstr "Restringe el proceso de invalidación sólo a un dominio concreto." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_cache.8.xml:224 +msgid "EFFECTS ON THE FAST MEMORY CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:226 +msgid "" +"<command>sss_cache</command> also invalidates the memory cache. Since the " +"memory cache is a file which is mapped into the memory of each process which " +"called SSSD to resolve users or groups the file cannot be truncated. A " +"special flag is set in the header of the file to indicate that the content " +"is invalid and then the file is unlinked by SSSD's NSS responder and a new " +"cache file is created. Whenever a process is now doing a new lookup for a " +"user or a group it will see the flag, close the old memory cache file and " +"map the new one into its memory. When all processes which had opened the old " +"memory cache file have closed it while looking up a user or a group the " +"kernel can release the occupied disk space and the old memory cache file is " +"finally removed completely." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:240 +msgid "" +"A special case is long running processes which are doing user or group " +"lookups only at startup, e.g. to determine the name of the user the process " +"is running as. For those lookups the memory cache file is mapped into the " +"memory of the process. But since there will be no further lookups this " +"process would never detect if the memory cache file was invalidated and " +"hence it will be kept in memory and will occupy disk space until the process " +"stops. As a result calling <command>sss_cache</command> might increase the " +"disk usage because old memory cache files cannot be removed from the disk " +"because they are still mapped by long running processes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:252 +msgid "" +"A possible work-around for long running processes which are looking up users " +"and groups only at startup or very rarely is to run them with the " +"environment variable SSS_NSS_USE_MEMCACHE set to \"NO\" so that they won't " +"use the memory cache at all and not map the memory cache file into the " +"memory. In general a better solution is to tune the cache timeout parameters " +"so that they meet the local expectations and calling <command>sss_cache</" +"command> is not needed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "sss_debuglevel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "[DEPRECATED] change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl " +"debug-level command. Please refer to the <command>sssctl</command> man page " +"for more information on sssctl usage." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "sss_seed" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "alimenta el cache SSSD con un usuario" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" +"<command>sss_seed</command> alimenta el cache SSSD con una entrada de " +"usuario y una contresañe temporal. Si una entrada de usuario está ya " +"presente en el cache SSSD la entrada se actualiza con la contraseña temporal" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" +"Suministra el nombre del dominio del que el usuario es miembro. El dominio " +"también se usa para recuperar información del usuario. El dominio debe estar " +"configurado en sssd.conf. La opción <replaceable>DOMAIN</replaceable> debe " +"ser suministrada. La información recuperada del dominio anula la que se ha " +"suministrado en las opciones." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" +"El nombre de usuario de la entrada a ser creado o modificado en el cache. Se " +"debe suministrar la opción <replaceable>USER</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "Fija la UID del usuario a <replaceable>UID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "Fija la GID del usuario a <replaceable>GID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMENTARIO</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" +"Cualquier cadena de texto describiendo al usuario. Frecuentemente se usa " +"como el campo para el nombre completo del usuario." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" +"Fija el directorio home del usuario a <replaceable>HOME_DIR</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" +"Fija la shell de acceso del usuario a <replaceable>SHELL</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" +"Modo interactivo de introducir información del usuario. Esta opción sólo " +"preguntará por la información no suministrada en las opciones o recuperada " +"del dominio." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" +"Especifica el fichero desde donde leer la contraseña del usuario (si no se " +"especifica se pregunta por la contraseña)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" +"La longitud de la contraseña (o el tamaño especificado con la opción -p or --" +"password-file) debe ser menos o igual a PASS_MAX bytes ( 64 bytes en " +"sistemas sin valor PASS_MAX globalmente definido)." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ifp.5.xml:43 +msgid "FIND BY VALID CERTIFICATE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:45 +msgid "" +"The following options can be used to control how the certificates are " +"validated when using the FindByValidCertificate() API:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:48 sss_ssh_authorizedkeys.1.xml:92 +msgid "ca_db" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:49 sss_ssh_authorizedkeys.1.xml:93 +msgid "p11_child_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:50 sss_ssh_authorizedkeys.1.xml:94 +msgid "certificate_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:52 +#, fuzzy +#| msgid "" +#| "The detailed instructions for configuration of sudo_provider are in the " +#| "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry>." +msgid "" +"For more details about the options see <citerefentry><refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." +msgstr "" +"Las instrucciones detalladas para la configuración de sudo_provider están en " +"la página de manual <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:62 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:69 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:75 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:79 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:93 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:108 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:115 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:116 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:119 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:120 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:123 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:127 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:128 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:97 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:141 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:133 +msgid "" +"It is possible to add another attribute to this set by using " +"<quote>+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:145 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:155 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:160 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:316 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "VEA TAMBIEN" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "sss_ssh_authorizedkeys" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "1" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "obtiene las claves OpenSSH autorizadas" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" +"<command>sss_ssh_authorizedkeys</command> adquiere la clave pública SSH para " +"el usuario <replaceable>USER</replaceable> y las saca en formato de claves " +"autorizadas OpenSSH (vea la sección <quote>AUTHORIZED_KEYS FILE FORMAT</" +"quote> de <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> para más información)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the " +"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> man page for more details about this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:59 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:52 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_ssh_authorizedkeys.1.xml:65 +msgid "KEYS FROM CERTIFICATES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:67 +msgid "" +"In addition to the public SSH keys for user <replaceable>USER</replaceable> " +"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived " +"from the public key of a X.509 certificate as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:73 +msgid "" +"To enable this the <quote>ssh_use_certificate_keys</quote> option must be " +"set to true (default) in the [ssh] section of <filename>sssd.conf</" +"filename>. If the user entry contains certificates (see " +"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or " +"there is a certificate in an override entry for the user (see " +"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the " +"certificate is valid SSSD will extract the public key from the certificate " +"and convert it into the format expected by sshd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:90 +msgid "Besides <quote>ssh_use_certificate_keys</quote> the options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:96 +msgid "" +"can be used to control how the certificates are validated (see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:101 +msgid "" +"The validation is the benefit of using X.509 certificates instead of SSH " +"keys directly because e.g. it gives a better control of the lifetime of the " +"keys. When the ssh client is configured to use the private keys from a " +"Smartcard with the help of a PKCS#11 shared library (see " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> for details) it might be irritating that authentication is " +"still working even if the related X.509 certificate on the Smartcard is " +"already expired because neither <command>ssh</command> nor <command>sshd</" +"command> will look at the certificate at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:114 +msgid "" +"It has to be noted that the derived public SSH key can still be added to the " +"<filename>authorized_keys</filename> file of the user to bypass the " +"certificate validation if the <command>sshd</command> configuration permits " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:132 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"Busca las claves públicas del usuario en el dominio SSSD " +"<replaceable>DOMAIN</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:102 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:104 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "sss_ssh_knownhostsproxy" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "obtiene las claves OpenSSH del host" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and establishes the connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" +"Si se especifica <replaceable>PROXY_COMMAND</replaceable>, se usa para crear " +"la conexión al host en lugar de abrir un socket." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> puede ser configurado para usar " +"<command>sss_ssh_knownhostsproxy</command> para autenticación de la clave " +"del host usando las siguientes directivas <citerefentry><refentrytitle>ssh</" +"refentrytitle> <manvolnum>1</manvolnum></citerefentry> configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/> " + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" +"Usa el puerto <replaceable>PORT</replaceable> para conectar al host. Por " +"defecto, el puerto usado es el 22." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"Busca las claves públicas del host en el dominio SSSD <replaceable>DOMAIN</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:89 +msgid "<option>-k</option>,<option>--pubkey</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:93 +msgid "" +"Print the host ssh public keys for host <replaceable>HOST</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: idmap_sss.8.xml:10 idmap_sss.8.xml:15 +msgid "idmap_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: idmap_sss.8.xml:16 +msgid "SSSD's idmap_sss Backend for Winbind" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:22 +msgid "" +"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. " +"No database is required in this case as the mapping is done by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: idmap_sss.8.xml:29 +msgid "IDMAP OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: idmap_sss.8.xml:33 +msgid "range = low - high" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: idmap_sss.8.xml:35 +msgid "" +"Defines the available matching UID and GID range for which the backend is " +"authoritative." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:45 +msgid "" +"This example shows how to configure idmap_sss as the default mapping module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: idmap_sss.8.xml:50 +#, no-wrap +msgid "" +"[global]\n" +"security = ads\n" +"workgroup = <AD-DOMAIN-SHORTNAME>\n" +"\n" +"idmap config <AD-DOMAIN-SHORTNAME> : backend = sss\n" +"idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647\n" +"\n" +"idmap config * : backend = tdb\n" +"idmap config * : range = 100000-199999\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:62 +msgid "" +"Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of " +"the AD domain. If multiple AD domains should be used each domain needs an " +"<literal>idmap config</literal> line with <literal>backend = sss</literal> " +"and a line with a suitable <literal>range</literal>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:69 +msgid "" +"Since Winbind requires a writeable default backend and idmap_sss is read-" +"only the example includes <literal>backend = tdb</literal> as default." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssctl.8.xml:10 sssctl.8.xml:15 +msgid "sssctl" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssctl.8.xml:16 +msgid "SSSD control and status utility" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssctl.8.xml:21 +msgid "" +"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:32 +msgid "" +"<command>sssctl</command> provides a simple and unified way to obtain " +"information about SSSD status, such as active server, auto-discovered " +"servers, domains and cached objects. In addition, it can manage SSSD data " +"files for troubleshooting in such a way that is safe to manipulate while " +"SSSD is running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:43 +msgid "" +"To list all available commands run <command>sssctl</command> without any " +"parameters. To print help for selected command run <command>sssctl COMMAND --" +"help</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-files.5.xml:10 sssd-files.5.xml:16 +msgid "sssd-files" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-files.5.xml:17 +msgid "SSSD files provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:23 +msgid "" +"This manual page describes the files provider for <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:36 +msgid "" +"The files provider mirrors the content of the <citerefentry> " +"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files " +"provider is to make the users and groups traditionally only accessible with " +"NSS interfaces also available through the SSSD interfaces such as " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:55 +msgid "" +"Another reason is to provide efficient caching of local users and groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:58 +#, fuzzy +#| msgid "" +#| "To make the mapping more flexible mapping and matching rules were added " +#| "to SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> for details)." +msgid "" +"Please note that besides explicit domain definition the files provider can " +"be configured also implicitly using 'enable_files_domain' option. See " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details." +msgstr "" +"Para hacer que la asignación sea más flexible, se agregaron reglas de " +"asignación y coincidencia a SSSD (ver más detalles en <citerefentry> " +"<refentrytitle>sss-certmap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:66 +msgid "" +"SSSD never handles resolution of user/group \"root\". Also resolution of UID/" +"GID 0 is not handled by SSSD. Such requests are passed to next NSS module " +"(usually files)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:71 +msgid "" +"When SSSD is not running or responding, nss_sss returns the UNAVAIL code " +"which causes the request to be passed to the next module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:95 +msgid "passwd_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:98 +msgid "" +"Comma-separated list of one or multiple password filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:104 +msgid "Default: /etc/passwd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:110 +msgid "group_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:113 +msgid "" +"Comma-separated list of one or multiple group filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:119 +msgid "Default: /etc/group" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:125 +#, fuzzy +#| msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgid "fallback_to_nss (boolean)" +msgstr "ldap_rfc2307_fallback_to_local_users (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:128 +msgid "" +"While updating the internal data SSSD will return an error and let the " +"client continue with the next NSS module. This helps to avoid delays when " +"using the default system files <filename>/etc/passwd</filename> and " +"<filename>/etc/group</filename> and the NSS configuration has 'sss' before " +"'files' for the 'passwd' and 'group' maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:138 +msgid "" +"If the files provider is configured to monitor other files it makes sense to " +"set this option to 'False' to avoid inconsistent behavior because in general " +"there would be no other NSS module which can be used as a fallback." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:79 +msgid "" +"In addition to the options listed below, generic SSSD domain options can be " +"set where applicable. Refer to the section <quote>DOMAIN SECTIONS</quote> " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for details on the configuration of " +"an SSSD domain. But the purpose of the files provider is to expose the same " +"data as the UNIX files, just through the SSSD interfaces. Therefore not all " +"generic domain options are supported. Likewise, some global options, such as " +"overriding the shell in the <quote>nss</quote> section for all domains has " +"no effect on the files domain unless explicitly specified per-domain. " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:157 +msgid "" +"The following example assumes that SSSD is correctly configured and files is " +"one of the domains in the <replaceable>[sssd]</replaceable> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:163 +#, no-wrap +msgid "" +"[domain/files]\n" +"id_provider = files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:168 +msgid "" +"To leverage caching of local users and groups by SSSD nss_sss module must be " +"listed before nss_files module in /etc/nsswitch.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:174 +#, no-wrap +msgid "" +"passwd: sss files\n" +"group: sss files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16 +msgid "sssd-session-recording" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-session-recording.5.xml:17 +msgid "Configuring session recording with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to " +"implement user session recording on text terminals. For a detailed " +"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> " +"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:41 +msgid "" +"SSSD can be set up to enable recording of everything specific users see or " +"type during their sessions on text terminals. E.g. when users log in on the " +"console, or via SSH. SSSD itself doesn't record anything, but makes sure " +"tlog-rec-session is started upon user login, so it can record according to " +"its configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:48 +msgid "" +"For users with session recording enabled, SSSD replaces the user shell with " +"tlog-rec-session in NSS responses, and adds a variable specifying the " +"original shell to the user environment, upon PAM session setup. This way " +"tlog-rec-session can be started in place of the user shell, and know which " +"actual shell to start, once it set up the recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:60 +msgid "These options can be used to configure the session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:178 +msgid "" +"The following snippet of sssd.conf enables session recording for users " +"\"contractor1\" and \"contractor2\", and group \"students\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-session-recording.5.xml:183 +#, no-wrap +msgid "" +"[session_recording]\n" +"scope = some\n" +"users = contractor1, contractor2\n" +"groups = students\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16 +msgid "sssd-kcm" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-kcm.8.xml:17 +msgid "SSSD Kerberos Cache Manager" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:23 +msgid "" +"This manual page describes the configuration of the SSSD Kerberos Cache " +"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos " +"credential caches. It originates in the Heimdal Kerberos project, although " +"the MIT Kerberos library also provides client side (more details on that " +"below) support for the KCM credential cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:31 +msgid "" +"In a setup where Kerberos caches are managed by KCM, the Kerberos library " +"(typically used through an application, like e.g., <citerefentry> " +"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </" +"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is " +"being referred to as a <quote>\"KCM server\"</quote>. The client and server " +"communicate over a UNIX socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:42 +msgid "" +"The KCM server keeps track of each credential caches's owner and performs " +"access check control based on the UID and GID of the KCM client. The root " +"user has access to all credential caches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:47 +msgid "The KCM credential cache has several interesting properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:51 +msgid "" +"since the process runs in userspace, it is subject to UID namespacing, " +"unlike the kernel keyring" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:56 +msgid "" +"unlike the kernel keyring-based cache, which is shared between all " +"containers, the KCM server is a separate process whose entry point is a UNIX " +"socket" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:61 +msgid "" +"the SSSD implementation stores the ccaches in a database, typically located " +"at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to " +"survive KCM server restarts or machine reboots." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:67 +msgid "" +"This allows the system to use a collection-aware credential cache, yet share " +"the credential cache between some or no containers by bind-mounting the " +"socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:72 +msgid "" +"The KCM default client idle timeout is 5 minutes, this allows more time for " +"user interaction with command line tools such as kinit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:78 +msgid "USING THE KCM CREDENTIAL CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:88 +#, no-wrap +msgid "" +"[libdefaults]\n" +" default_ccache_name = KCM:\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:80 +msgid "" +"In order to use KCM credential cache, it must be selected as the default " +"credential type in <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials " +"cache name must be only <quote>KCM:</quote> without any template " +"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:93 +msgid "" +"Next, make sure the Kerberos client libraries and the KCM server must agree " +"on the UNIX socket path. By default, both use the same path <replaceable>/" +"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos " +"library, change its <quote>kcm_socket</quote> option which is described in " +"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:115 +#, no-wrap +msgid "" +"systemctl start sssd-kcm.socket\n" +"systemctl enable sssd-kcm.socket\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:104 +msgid "" +"Finally, make sure the SSSD KCM server can be contacted. The KCM service is " +"typically socket-activated by <citerefentry> <refentrytitle>systemd</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD " +"services, it cannot be started by adding the <quote>kcm</quote> string to " +"the <quote>service</quote> directive. <placeholder type=\"programlisting\" " +"id=\"0\"/> Please note your distribution may already configure the units for " +"you." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:124 +msgid "THE CREDENTIAL CACHE STORAGE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:126 +msgid "" +"The credential caches are stored in a database, much like SSSD caches user " +"or group entries. The database is typically located at <quote>/var/lib/sss/" +"secrets</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:133 +msgid "OBTAINING DEBUG LOGS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:144 +#, no-wrap +msgid "" +"[kcm]\n" +"debug_level = 10\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:149 sssd-kcm.8.xml:211 +#, no-wrap +msgid "" +"systemctl restart sssd-kcm.service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:135 +msgid "" +"The sssd-kcm service is typically socket-activated <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry>. To generate debug logs, add the following either to the " +"<filename>/etc/sssd/sssd.conf</filename> file directly or as a configuration " +"snippet to <filename>/etc/sssd/conf.d/</filename> directory: <placeholder " +"type=\"programlisting\" id=\"0\"/> Then, restart the sssd-kcm service: " +"<placeholder type=\"programlisting\" id=\"1\"/> Finally, run whatever use-" +"case doesn't work for you. The KCM logs will be generated at <filename>/var/" +"log/sssd/sssd_kcm.log</filename>. It is recommended to disable the debug " +"logs when you no longer need the debugging to be enabled as the sssd-kcm " +"service can generate quite a large amount of debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:159 +msgid "" +"Please note that configuration snippets are, at the moment, only processed " +"if the main configuration file at <filename>/etc/sssd/sssd.conf</filename> " +"exists at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:166 +msgid "RENEWALS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:174 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"krb5_renew_interval = 60m\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:168 +msgid "" +"The sssd-kcm service can be configured to attempt TGT renewal for renewable " +"TGTs stored in the KCM ccache. Renewals are only attempted when half of the " +"ticket lifetime has been reached. KCM Renewals are configured when the " +"following options are set in the [kcm] section: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:179 +msgid "" +"SSSD can also inherit krb5 options for renewals from an existing domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: sssd-kcm.8.xml:183 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"tgt_renewal_inherit = domain-name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:191 +#, no-wrap +msgid "" +"krb5_renew_interval\n" +"krb5_renewable_lifetime\n" +"krb5_lifetime\n" +"krb5_validate\n" +"krb5_canonicalize\n" +"krb5_auth_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:187 +msgid "" +"The following krb5 options can be configured in the [kcm] section to control " +"renewal behavior, these options are described in detail below <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:204 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> section of the sssd." +"conf file. Please note that because the KCM service is typically socket-" +"activated, it is enough to just restart the <quote>sssd-kcm</quote> service " +"after changing options in the <quote>kcm</quote> section of sssd.conf: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:215 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> For a detailed " +"syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:223 +msgid "" +"The generic SSSD service options such as <quote>debug_level</quote> or " +"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for a complete list. In addition, " +"there are some KCM-specific options as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:234 +msgid "socket_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:237 +msgid "The socket the KCM service will listen on." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:240 +msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:243 +msgid "" +"<phrase condition=\"have_systemd\"> Note: on platforms where systemd is " +"supported, the socket path is overwritten by the one defined in the sssd-kcm." +"socket unit file. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:252 +msgid "max_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:255 +msgid "How many credential caches does the KCM database allow for all users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:259 +msgid "Default: 0 (unlimited, only the per-UID quota is enforced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:264 +msgid "max_uid_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:267 +msgid "" +"How many credential caches does the KCM database allow per UID. This is " +"equivalent to <quote>with how many principals you can kinit</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:272 +msgid "Default: 64" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:277 +msgid "max_ccache_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:280 +msgid "" +"How big can a credential cache be per ccache. Each service ticket accounts " +"into this quota." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:284 +msgid "Default: 65536" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:289 +#, fuzzy +#| msgid "enumerate (bool)" +msgid "tgt_renewal (bool)" +msgstr "enumerar (bool)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:292 +msgid "Enables TGT renewals functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:295 +#, fuzzy +#| msgid "Default: False (disabled)" +msgid "Default: False (Automatic renewals disabled)" +msgstr "Predeterminado: False (deshabilitado)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:300 +#, fuzzy +#| msgid "krb5_renewable_lifetime (string)" +msgid "tgt_renewal_inherit (string)" +msgstr "krb5_renewable_lifetime (cadena)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:303 +msgid "Domain to inherit krb5_* options from, for use with TGT renewals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:307 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: NULL" +msgstr "Predeterminado: 3" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:318 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>," +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16 +msgid "sssd-systemtap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-systemtap.5.xml:17 +msgid "SSSD systemtap information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:23 +msgid "" +"This manual page provides information about the systemtap functionality in " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:32 +msgid "" +"SystemTap Probe points have been added into various locations in SSSD code " +"to assist in troubleshooting and analyzing performance related issues." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:40 +msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:46 +msgid "" +"Probes and miscellaneous functions are defined in /usr/share/systemtap/" +"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp " +"respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:57 +msgid "PROBE POINTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:367 +msgid "" +"The information below lists the probe points and arguments available in the " +"following format:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:64 +msgid "probe $name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:67 +msgid "Description of probe point" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:70 +#, no-wrap +msgid "" +"variable1:datatype\n" +"variable2:datatype\n" +"variable3:datatype\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:80 +msgid "Database Transaction Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:84 +msgid "probe sssd_transaction_start" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:87 +msgid "" +"Start of a sysdb transaction, probes the sysdb_transaction_start() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118 +#: sssd-systemtap.5.xml:131 +#, no-wrap +msgid "" +"nesting:integer\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:97 +msgid "probe sssd_transaction_cancel" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:100 +msgid "" +"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() " +"function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:111 +msgid "probe sssd_transaction_commit_before" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:114 +msgid "Probes the sysdb_transaction_commit_before() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:124 +msgid "probe sssd_transaction_commit_after" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:127 +msgid "Probes the sysdb_transaction_commit_after() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:141 +msgid "LDAP Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:145 +msgid "probe sdap_search_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:148 +msgid "Probes the sdap_get_generic_ext_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:152 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"attrs:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:161 +msgid "probe sdap_search_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:164 +msgid "Probes the sdap_get_generic_ext_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:168 sssd-systemtap.5.xml:222 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:176 +msgid "probe sdap_parse_entry" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:179 +msgid "" +"Probes the sdap_parse_entry() function. It is called repeatedly with every " +"received attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:184 +#, no-wrap +msgid "" +"attr:string\n" +"value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:190 +msgid "probe sdap_parse_entry_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:193 +msgid "" +"Probes the sdap_parse_entry() function. It is called when parsing of " +"received object is finished." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:201 +msgid "probe sdap_deref_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:204 +msgid "Probes the sdap_deref_search_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:208 +#, no-wrap +msgid "" +"base_dn:string\n" +"deref_attr:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:215 +msgid "probe sdap_deref_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:218 +msgid "Probes the sdap_deref_search_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:234 +msgid "LDAP Account Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:238 +msgid "probe sdap_acct_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:241 +msgid "Probes the sdap_acct_req_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:245 sssd-systemtap.5.xml:260 +#, no-wrap +msgid "" +"entry_type:int\n" +"filter_type:int\n" +"filter_value:string\n" +"extra_value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:253 +msgid "probe sdap_acct_req_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:256 +msgid "Probes the sdap_acct_req_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:272 +msgid "LDAP User Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:276 +msgid "probe sdap_search_user_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:279 +msgid "Probes the sdap_search_user_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:283 sssd-systemtap.5.xml:295 sssd-systemtap.5.xml:307 +#: sssd-systemtap.5.xml:319 +#, no-wrap +msgid "" +"filter:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:288 +msgid "probe sdap_search_user_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:291 +msgid "Probes the sdap_search_user_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:300 +msgid "probe sdap_search_user_save_begin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:303 +msgid "Probes the sdap_search_user_save_begin() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:312 +msgid "probe sdap_search_user_save_end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:315 +msgid "Probes the sdap_search_user_save_end() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:328 +msgid "Data Provider Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:332 +msgid "probe dp_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:335 +msgid "A Data Provider request is submitted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:338 +#, no-wrap +msgid "" +"dp_req_domain:string\n" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:346 +msgid "probe dp_req_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:349 +msgid "A Data Provider request is completed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:352 +#, no-wrap +msgid "" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +"dp_ret:int\n" +"dp_errorstr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:365 +msgid "MISCELLANEOUS FUNCTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:372 +msgid "function acct_req_desc(entry_type)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:375 +msgid "Convert entry_type to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:380 +msgid "" +"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, " +"filter_value, extra_value)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:384 +msgid "Create probe string based on filter type" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:389 +msgid "function dp_target_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:392 +msgid "Convert target to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:397 +msgid "function dp_method_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:400 +msgid "Convert method to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:410 +msgid "SAMPLE SYSTEMTAP SCRIPTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:412 +msgid "" +"Start the SystemTap script (<command>stap /usr/share/sssd/systemtap/<" +"script_name>.stp</command>), then perform an identity operation and the " +"script will collect information from probes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:418 +msgid "Provided SystemTap scripts are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:422 +msgid "dp_request.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:425 +msgid "Monitoring of data provider request performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:430 +msgid "id_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:433 +msgid "Monitoring of <command>id</command> command performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:439 +msgid "ldap_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:442 +msgid "Monitoring of LDAP queries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:447 +msgid "nested_group_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:450 +msgid "Performance of nested groups resolving." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +msgid "sssd-ldap-attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap-attributes.5.xml:17 +msgid "SSSD LDAP Provider: Mapping Attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap-attributes.5.xml:23 +msgid "" +"This manual page describes the mapping attributes of SSSD LDAP provider " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. Refer to the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " +"for full details about SSSD LDAP provider configuration options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:38 +msgid "USER ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:42 +msgid "ldap_user_object_class (string)" +msgstr "ldap_user_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:45 +msgid "The object class of a user entry in LDAP." +msgstr "La clase de objeto de una entrada de usuario en LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:48 +msgid "Default: posixAccount" +msgstr "Predeterminado: posixAccount" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:54 +msgid "ldap_user_name (string)" +msgstr "ldap_user_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:57 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" +"El atributo LDAP que corresponde al nombre de inicio de sesión del usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:61 +msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "Predeterminado: uid (rfc2307, rfc2307bis e IPA), sAMAccountName (AD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:68 +msgid "ldap_user_uid_number (string)" +msgstr "ldap_user_uid_number (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:71 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "El atributo LDAP que corresponde al id de usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:75 +msgid "Default: uidNumber" +msgstr "Predeterminado: uidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:81 +msgid "ldap_user_gid_number (string)" +msgstr "ldap_user_gid_number (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:84 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "El atributo LDAP que corresponde al id del grupo primario del usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:88 sssd-ldap-attributes.5.xml:698 +msgid "Default: gidNumber" +msgstr "Predeterminado: gidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:94 +msgid "ldap_user_primary_group (string)" +msgstr "ldap_user_primary_group (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:97 +msgid "" +"Active Directory primary group attribute for ID-mapping. Note that this " +"attribute should only be set manually if you are running the <quote>ldap</" +"quote> provider with ID mapping." +msgstr "" +"Atributo de grupo primario Active Directory para el mapeo de ID. Advierta " +"que este atributo debería solo ser establecido manualmente si usted está " +"ejecutando el proveedor <quote>ldap</quote> con mapeo ID." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:103 +msgid "Default: unset (LDAP), primaryGroupID (AD)" +msgstr "Predeterminado: no establecido (LDAP), primaryGroupID (AD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:109 +msgid "ldap_user_gecos (string)" +msgstr "ldap_user_gecos (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:112 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "El atributo LDAP que corresponde al campo de gecos del usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:116 +msgid "Default: gecos" +msgstr "Predeterminado: gecos" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:122 +msgid "ldap_user_home_directory (string)" +msgstr "ldap_user_home_directory (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:125 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" +"El atributo LDAP que contiene el nombre del directorio principal del usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:129 +msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:135 +msgid "ldap_user_shell (string)" +msgstr "ldap_user_shell (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:138 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" +"El atributo LDAP que contiene la ruta de acceso a la shell predeterminada " +"del usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:142 +msgid "Default: loginShell" +msgstr "Predeterminado: loginShell" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:148 +msgid "ldap_user_uuid (string)" +msgstr "ldap_user_uuid (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:151 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" +"El atributo LDAP que contiene el UUID/GUID de un objeto de usuario LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:155 sssd-ldap-attributes.5.xml:724 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" +"Predeterminado: no establecido en caso general, objectGUID para AD e " +"ipaUniqueID para IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:162 +msgid "ldap_user_objectsid (string)" +msgstr "ldap_user_objectsid (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:165 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"El atributo LDAP que contiene el objectSID de un objeto usuario LDAP. Esto " +"es normalmente sólo necesario para servidores ActiveDirectory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:170 sssd-ldap-attributes.5.xml:739 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" +"Predeterminado: objectSid para ActiveDirectory, no establecido para otros " +"servidores." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:177 +msgid "ldap_user_modify_timestamp (string)" +msgstr "ldap_user_modify_timestamp (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:180 sssd-ldap-attributes.5.xml:749 +#: sssd-ldap-attributes.5.xml:872 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" +"El atributo LDAP que contiene la fecha y hora de la última modificación del " +"objeto primario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:184 sssd-ldap-attributes.5.xml:753 +#: sssd-ldap-attributes.5.xml:879 +msgid "Default: modifyTimestamp" +msgstr "Predeterminado: modifyTimestamp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:190 +msgid "ldap_user_shadow_last_change (string)" +msgstr "ldap_user_shadow_last_change (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:193 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" +"Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre " +"de un atributo LDAP correspondiente a su <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> homologo (fecha del último cambio de password)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:203 +msgid "Default: shadowLastChange" +msgstr "Predeterminado: shadowLastChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:209 +msgid "ldap_user_shadow_min (string)" +msgstr "ldap_user_shadow_min (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:212 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" +"Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre " +"de un atributo LDAP correspondiente a su <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> homologo (edad mínima del password)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:221 +msgid "Default: shadowMin" +msgstr "Predeterminado: shadowMin" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:227 +msgid "ldap_user_shadow_max (string)" +msgstr "ldap_user_shadow_max (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:230 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" +"Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre " +"de un atributo LDAP correspondiente a su <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> homologo (edad máxima del password)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:239 +msgid "Default: shadowMax" +msgstr "Predeterminado: shadowMax" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:245 +msgid "ldap_user_shadow_warning (string)" +msgstr "ldap_user_shadow_warning (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:248 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" +"Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre " +"de un atributo LDAP correspondiente a su <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> homologo (período de aviso de password)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:258 +msgid "Default: shadowWarning" +msgstr "Predeterminado: shadowWarning" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:264 +msgid "ldap_user_shadow_inactive (string)" +msgstr "ldap_user_shadow_inactive (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:267 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" +"Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre " +"de un atributo LDAP correspondiente a su <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> homologo (período de inactividad de password)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:277 +msgid "Default: shadowInactive" +msgstr "Predeterminado: shadowInactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:283 +msgid "ldap_user_shadow_expire (string)" +msgstr "ldap_user_shadow_expire (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:286 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" +"Cuando se utiliza ldap_pwd_policy=shadow o " +"ldap_account_expire_policy=shadow, este parámetro contiene el nombre de un " +"atributo correspondiente con su <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> homólogo (fecha de " +"expiración de la cuenta)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:296 +msgid "Default: shadowExpire" +msgstr "Predeterminado: shadowExpire" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:302 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "ldap_user_krb_last_pwd_change (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:305 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" +"Cuando se utiliza ldap_pwd_policy=mit_kerberos, este parámetro contiene el " +"nombre de un atributo LDAP que almacena la fecha y la hora del último cambio " +"de password en kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:311 +msgid "Default: krbLastPwdChange" +msgstr "Predeterminado: krbLastPwdChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:317 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "ldap_user_krb_password_expiration (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:320 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" +"Cuando se utiliza ldap_pwd_policy=mit_kerberos, este parámetro contiene el " +"nombre de un atributo LDAP que almacena la fecha y la hora en la que expira " +"el password actual." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:326 +msgid "Default: krbPasswordExpiration" +msgstr "Predeterminado: krbPasswordExpiration" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:332 +msgid "ldap_user_ad_account_expires (string)" +msgstr "ldap_user_ad_account_expires (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:335 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" +"Cuando se utiliza ldap_account_expire_policy=ad, este parámetro contiene el " +"nombre de un atributo LDAP que almacena el tiempo de expiración de la cuenta." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:340 +msgid "Default: accountExpires" +msgstr "Predeterminado: accountExpires" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:346 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "ldap_user_ad_user_account_control (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:349 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" +"Cuando se usa ldap_account_expire_policy=ad, este parámetro contiene el " +"nombre de un atributo LDAP que almacena el campo bit de control de la cuenta " +"de usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:354 +msgid "Default: userAccountControl" +msgstr "Predeterminado: userAccountControl" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:360 +msgid "ldap_ns_account_lock (string)" +msgstr "ldap_ns_account_lock (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:363 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" +"Cuando se usa ldap_account_expire_policy=rhds o esquivalente, este parámetro " +"determina si el acceso está permitido o no." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:368 +msgid "Default: nsAccountLock" +msgstr "Predeterminado: nsAccountLock" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:374 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "ldap_user_nds_login_disabled (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:377 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" +"Cuando se usa ldap_account_expire_policy=nds, este atributo determina si el " +"acceso está permitido o no." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:381 sssd-ldap-attributes.5.xml:395 +msgid "Default: loginDisabled" +msgstr "Predeterminado: loginDisabled" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:387 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "ldap_user_nds_login_expiration_time (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:390 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" +"Cuando se usa ldap_account_expire_policy=nds, este atributo determina hasta " +"que fecha se concede el acceso." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:401 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "ldap_user_nds_login_allowed_time_map (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:404 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" +"Cuando se utiliza ldap_account_expire_policy=nds, este atributo determina la " +"hora de un día en la semana cuando se concede el acceso." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:409 +msgid "Default: loginAllowedTimeMap" +msgstr "Predeterminado: loginAllowedTimeMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:415 +msgid "ldap_user_principal (string)" +msgstr "ldap_user_principal (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:418 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" +"El atributo LDAP que contiene le Nombre Principal de Usuario Kerberos (UPN) " +"del usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:422 +msgid "Default: krbPrincipalName" +msgstr "Predeterminado: krbPrincipalName" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:428 +msgid "ldap_user_extra_attrs (string)" +msgstr "ldap_user_extra_attrs (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:431 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" +"Lista separada por comas de atributos LDAP que SSSD debería ir a buscar con " +"el conjunto usual de atributos de usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:436 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" +"La lista puede contener bien nombres de atributo LDAP solamente o tuplas " +"separadas por comas de de nombre de atributo SSSD en caché y nombre de " +"atributo LDAP. En el caso de que solo sed especifique el nombre de atributo " +"LDAP, el atributo se salva al caché literal. El uso de un nombre de " +"atributo SSSD personal puede ser requerido por entornos que configuran " +"varios dominios SSSD con diferentes esquemas LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:446 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" +"Por favor advierta que varios nombres de atributos están reservados por " +"SSSD, notablemente el atributo <quote>name</quote>. SSSD informaría de un " +"error si cualquiera de los nombres de atributo reservados es usado como un " +"nombre de atributo extra." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:456 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "ldap_user_extra_attrs = telephoneNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:459 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" +"Guarda el atributo <quote>telephoneNumber</quote> desde LDAP como " +"<quote>telephoneNumber</quote> al caché." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:463 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "ldap_user_extra_attrs = phone:telephoneNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:466 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" +"Guarda el atributo <quote>telephoneNumber</quote> desde LDAP como " +"<quote>phone</quote> al caché." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:476 +msgid "ldap_user_ssh_public_key (string)" +msgstr "ldap_user_ssh_public_key (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:479 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "El atributo LDAP que contiene las claves públicas SSH del usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:483 sssd-ldap-attributes.5.xml:963 +msgid "Default: sshPublicKey" +msgstr "Predeterminado: sshPublicKey" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:489 +msgid "ldap_user_fullname (string)" +msgstr "ldap_user_fullname (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:492 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "El atributo LDAP que corresponde al nombre completo del usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:502 +msgid "ldap_user_member_of (string)" +msgstr "ldap_user_member_of (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:505 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "El atributo LDAP que lista los afiliación a grupo de usario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:509 sssd-ldap-attributes.5.xml:950 +msgid "Default: memberOf" +msgstr "Predeterminado: memberOf" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:515 +msgid "ldap_user_authorized_service (string)" +msgstr "ldap_user_authorized_service (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:518 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" +"Si access_provider=ldap y ldap_access_order=authorized_service, SSSD " +"utilizará la presencia del atributo authorizedService en la entrada LDAP del " +"usuario para determinar el privilegio de acceso." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:525 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" +"Una denegación explícita (¡svc) se resuelve primero. Segundo, SSSD busca " +"permiso explícito (svc) y finalmente permitir todo (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:530 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" +"Por favor advierta que la opcion de configuración ldap_access_order " +"<emphasis>debe</emphasis> incluir <quote>authorized_service</quote> con el " +"objetivo de que la opción ldap_user_authorized_service trabaje." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:537 +msgid "" +"Some distributions (such as Fedora-29+ or RHEL-8) always include the " +"<quote>systemd-user</quote> PAM service as part of the login process. " +"Therefore when using service-based access control, the <quote>systemd-user</" +"quote> service might need to be added to the list of allowed services." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:545 +msgid "Default: authorizedService" +msgstr "Predeterminado: iluminada" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:551 +msgid "ldap_user_authorized_host (string)" +msgstr "ldap_user_authorized_host (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:554 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" +"Si access_provider=ldap y ldap_access_order=host, SSSD utilizará la " +"presencia del atributo host en la entrada LDAP del usuario para determinar " +"el privilegio de acceso." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:560 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" +"Una denegación explícita (¡host) se resuelve primero. Segundo, la búsqueda " +"SSSD para permiso explícito (host) y finalmente permitir todo (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:565 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" +"Por favor advierta que la opción de configuración ldap_access_order " +"<emphasis>debe</emphasis> incluir <quote>host</quote> con el objetivo de que " +"la opción ldap_user_authorized_host." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:572 +msgid "Default: host" +msgstr "Default: host" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:578 +msgid "ldap_user_authorized_rhost (string)" +msgstr "ldap_user_authorized_rhost (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:581 +msgid "" +"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the " +"presence of the rhost attribute in the user's LDAP entry to determine access " +"privilege. Similarly to host verification process." +msgstr "" +"Si access_provider=ldap y ldap_access_order=rhost, SSSD usará la presencia " +"del atributo rhost en la entrada LDAP de usuario para determinar el " +"privilegio de acceso. Similarmente al proceso de verificación de host." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:588 +msgid "" +"An explicit deny (!rhost) is resolved first. Second, SSSD searches for " +"explicit allow (rhost) and finally for allow_all (*)." +msgstr "" +"Una denegación explícita (!rhost) se resuelve primero. Segundo, SSSD busca " +"permisos explícitos (rhost) y finalmente allow_all (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:593 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>rhost</quote> in order for the " +"ldap_user_authorized_rhost option to work." +msgstr "" +"Por favor advierta que la opción de configuración ldap_access_order " +"<emphasis>debe</emphasis> incluir <quote>rhost</quote> con el objetivo de " +"que la opción ldap_user_authorized_rhost trabaje." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:600 +msgid "Default: rhost" +msgstr "Predeterminado: rhost" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:606 +msgid "ldap_user_certificate (string)" +msgstr "ldap_user_certificate (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:609 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "Nombre del atributo LDAP que contiene el certificado X509 del usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:613 +msgid "Default: userCertificate;binary" +msgstr "Predeterminado: userCertificate;binary" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:619 +msgid "ldap_user_email (string)" +msgstr "ldap_user_email (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:622 +msgid "Name of the LDAP attribute containing the email address of the user." +msgstr "" +"Nombre del atributo LDAP que contiene el correo electrónico del usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:626 +msgid "" +"Note: If an email address of a user conflicts with an email address or fully " +"qualified name of another user, then SSSD will not be able to serve those " +"users properly. If for some reason several users need to share the same " +"email address then set this option to a nonexistent attribute name in order " +"to disable user lookup/login by email." +msgstr "" +"Aviso: Si una dirección de correo electrónico de un usuario entra en " +"conflicto con una dirección de correo electrónico o el nombre totalmente " +"cualificado de otro usuario, SSSD no será capaz de servir adecuadamente a " +"esos usuarios. Si por alguna de varias razones los usuarios necesitan " +"compartir la misma dirección de correo electrónico establezca esta opción a " +"un nombre de atributo no existente con elobjetivo de deshabilitar la " +"búsqueda/acceso por correo electrónico." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:635 +msgid "Default: mail" +msgstr "Predeterminado: mail" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:640 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ldap_user_passkey (string)" +msgstr "ldap_user_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:643 +#, fuzzy +#| msgid "Name of the LDAP attribute containing the email address of the user." +msgid "" +"Name of the LDAP attribute containing the passkey mapping data of the user." +msgstr "" +"Nombre del atributo LDAP que contiene el correo electrónico del usuario." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:647 +msgid "Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:657 +msgid "GROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:661 +msgid "ldap_group_object_class (string)" +msgstr "ldap_group_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:664 +msgid "The object class of a group entry in LDAP." +msgstr "La clase de objeto de una entrada de grupo LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:667 +msgid "Default: posixGroup" +msgstr "Por defecto: posixGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:673 +msgid "ldap_group_name (string)" +msgstr "ldap_group_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:676 +msgid "" +"The LDAP attribute that corresponds to the group name. In an environment " +"with nested groups, this value must be an LDAP attribute which has a unique " +"name for every group. This requirement includes non-POSIX groups in the tree " +"of nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:684 +msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "Predeterminado: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:691 +msgid "ldap_group_gid_number (string)" +msgstr "ldap_group_gid_number (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:694 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "El atributo LDAP que corresponde al id del grupo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:704 +msgid "ldap_group_member (string)" +msgstr "ldap_group_member (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:707 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "El atributo LDAP que contiene los nombres de los miembros del grupo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:711 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "Valor predeterminado: memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:717 +msgid "ldap_group_uuid (string)" +msgstr "ldap_group_uuid (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:720 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "El atributo LDAP que contiene el UUID/GUID de un objeto grupo LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:731 +msgid "ldap_group_objectsid (string)" +msgstr "ldap_group_objectsid (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:734 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"El atributo LDAP que contiene el objectSID de un objeto grupo LDAP. Esto es " +"normalmente sólo necesario para servidores ActiveDirectory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:746 +msgid "ldap_group_modify_timestamp (string)" +msgstr "ldap_group_modify_timestamp (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:759 +msgid "ldap_group_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:762 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" +"El atributo LDAP que contiene un valor entero indicando el tipo del grupo y " +"puede ser otras banderas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:767 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" +"Este atributo es actualmente usado por el proveedor AD para determinar si un " +"grupo está en grupos de dominio local y ha de ser sacado de los dominios de " +"confianza." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:773 +msgid "Default: groupType in the AD provider, otherwise not set" +msgstr "" +"Predeterminado: groupType en el proveedor AD, de otro modo no establecido" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:780 +msgid "ldap_group_external_member (string)" +msgstr "ldap_group_external_member (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:783 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" +"El atributo LDAP que referencia a los miembros de grupo que están definidos " +"en un dominio externo. En este momento, solo se soportan los miembros " +"externos de IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:789 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" +"Predeterminado: ipaExternalMember en el proveedor IPA, de otro modo no " +"estabecido." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:799 +msgid "NETGROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:803 +msgid "ldap_netgroup_object_class (string)" +msgstr "ldap_netgroup_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:806 +msgid "The object class of a netgroup entry in LDAP." +msgstr "La clase objeto de una entrada de grupo de red en LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:809 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "En proveedor IPA, ipa_netgroup_object_class, se usaría en su lugar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:813 +msgid "Default: nisNetgroup" +msgstr "Predeterminado: nisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:819 +msgid "ldap_netgroup_name (string)" +msgstr "ldap_netgroup_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:822 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "El atributo LDAP que corresponde al nombre de grupo de red." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:826 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "Un proveedor IPA, ipa_netgroup_name sería usado en su lugar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:836 +msgid "ldap_netgroup_member (string)" +msgstr "ldap_netgroup_member (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:839 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" +"El atributo LDAP que contiene los nombres de los miembros de grupo de red." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:843 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "Un proveedor IPA, ipa_netgroup_member sería usado en su lugar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:847 +msgid "Default: memberNisNetgroup" +msgstr "Predeterminado: memberNisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:853 +msgid "ldap_netgroup_triple (string)" +msgstr "ldap_netgroup_triple (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:856 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" +"El atributo LDAP que contiene los (host, usuario, dominio) triples de grupo " +"de red." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:860 sssd-ldap-attributes.5.xml:876 +msgid "This option is not available in IPA provider." +msgstr "Esta opción no está disponible en el proveedor IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:863 +msgid "Default: nisNetgroupTriple" +msgstr "Predeterminado: nisNetgroupTriple" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:869 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "ldap_netgroup_modify_timestamp (cadena)" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:888 +msgid "HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:892 +msgid "ldap_host_object_class (string)" +msgstr "ldap_host_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:895 +msgid "The object class of a host entry in LDAP." +msgstr "La clase de objeto de una entrada de host en LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:898 sssd-ldap-attributes.5.xml:995 +msgid "Default: ipService" +msgstr "Por defecto: ipService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:904 +msgid "ldap_host_name (string)" +msgstr "ldap_host_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:907 sssd-ldap-attributes.5.xml:933 +msgid "The LDAP attribute that corresponds to the host's name." +msgstr "El atributo LDAP que corresponde al nombre de host." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:917 +msgid "ldap_host_fqdn (string)" +msgstr "ldap_host_fqdn (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:920 +msgid "" +"The LDAP attribute that corresponds to the host's fully-qualified domain " +"name." +msgstr "" +"El atributo LDAP que corresponde al nombre de dominio totalmente cualificado " +"del host." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:924 +msgid "Default: fqdn" +msgstr "Predeterminado: fqdn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:930 +msgid "ldap_host_serverhostname (string)" +msgstr "ldap_host_serverhostname (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:937 +msgid "Default: serverHostname" +msgstr "Predeterminado: serverHostname" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:943 +msgid "ldap_host_member_of (string)" +msgstr "ldap_host_member_of (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:946 +msgid "The LDAP attribute that lists the host's group memberships." +msgstr "Atributo LDAP que lista los miembros del grupo del host." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:956 +msgid "ldap_host_ssh_public_key (string)" +msgstr "ldap_host_ssh_public_key (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:959 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "El atributo LDAP que contiene las claves públicas SSH del host." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:969 +msgid "ldap_host_uuid (string)" +msgstr "ldap_host_uuid (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:972 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object." +msgstr "Atributo LDAP que contiene las UUID/GUID de un objeto host LDAP." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:985 +msgid "SERVICE ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:989 +msgid "ldap_service_object_class (string)" +msgstr "ldap_service_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:992 +msgid "The object class of a service entry in LDAP." +msgstr "La clase objeto de una entrada de servicio en LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1001 +msgid "ldap_service_name (string)" +msgstr "ldap_service_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1004 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" +"El atributo LDAP que contiene el nombre de servicio de atributos y sus alias." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1014 +msgid "ldap_service_port (string)" +msgstr "ldap_service_port (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1017 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "El atributo LDAP que contiene el puerto manejado por este servicio." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1021 +msgid "Default: ipServicePort" +msgstr "Por defecto: ipServicePort" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1027 +msgid "ldap_service_proto (string)" +msgstr "ldap_service_proto (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1030 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" +"El atributo LDAP que contiene los protocolos entendidos por este servicio." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1034 +msgid "Default: ipServiceProtocol" +msgstr "Por defecto: ipServiceProtocol" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1043 +msgid "SUDO ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1047 +msgid "ldap_sudorule_object_class (string)" +msgstr "ldap_sudorule_object_class (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1050 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "El objeto clase de una regla de entrada sudo en LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1053 +msgid "Default: sudoRole" +msgstr "Por defecto: sudoRole" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1059 +msgid "ldap_sudorule_name (string)" +msgstr "ldap_sudorule_name (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1062 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "El atributo LDAP que corresponde a la regla nombre de sudo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1072 +msgid "ldap_sudorule_command (string)" +msgstr "ldap_sudorule_command (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1075 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "El atributo LDAP que corresponde al nombre de comando." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1079 +msgid "Default: sudoCommand" +msgstr "Por defecto: sudoCommand" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1085 +msgid "ldap_sudorule_host (string)" +msgstr "ldap_sudorule_host (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1088 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" +"El atributo LDAP que corresponde al nombre de host (o dirección IP del host, " +"red IP del host o grupo de red del host)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1093 +msgid "Default: sudoHost" +msgstr "Por defecto: sudoHost" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1099 +msgid "ldap_sudorule_user (string)" +msgstr "ldap_sudorule_user (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1102 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" +"El atributo LDAP que corresponde al nombre de usuario (o UID. nombre de " +"grupo o grupo de red del usuario)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1106 +msgid "Default: sudoUser" +msgstr "Por defecto: sudoUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1112 +msgid "ldap_sudorule_option (string)" +msgstr "ldap_sudorule_option (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1115 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "El atributo LDAP que corresponde a las opciones sudo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1119 +msgid "Default: sudoOption" +msgstr "Por defecto: sudoOption" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1125 +msgid "ldap_sudorule_runasuser (string)" +msgstr "ldap_sudorule_runasuser (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1128 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" +"El atributo LDAP que corresponde al nombre de usuario que los comandos " +"pueden ejecutar como." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1132 +msgid "Default: sudoRunAsUser" +msgstr "Por defectot: sudoRunAsUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1138 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "ldap_sudorule_runasgroup (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1141 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" +"El atributo LDAP que corresponde al nombre de grupo o GID de grupo que puede " +"ejecutar comandos como." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1145 +msgid "Default: sudoRunAsGroup" +msgstr "Por defecto: sudoRunAsGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1151 +msgid "ldap_sudorule_notbefore (string)" +msgstr "ldap_sudorule_notbefore (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1154 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" +"El atributo LDAP que corresponde al inicio de fecha/hora para cuando la " +"regla sudo es válida." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1158 +msgid "Default: sudoNotBefore" +msgstr "Por defecto: sudoNotBefore" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1164 +msgid "ldap_sudorule_notafter (string)" +msgstr "ldap_sudorule_notafter (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1167 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" +"El atributo LDAP que corresponde a la fecha/hora final, después de la cual " +"la regla sudo dejará de ser válida." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1172 +msgid "Default: sudoNotAfter" +msgstr "Por defecto: sudoNotAfter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1178 +msgid "ldap_sudorule_order (string)" +msgstr "ldap_sudorule_order (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1181 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "El atributo LDAP que corresponde al índice de ordenación de la regla." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1185 +msgid "Default: sudoOrder" +msgstr "Por defecto: sudoOrder" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1194 +msgid "AUTOFS ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1201 +msgid "IP HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1205 +msgid "ldap_iphost_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1208 +msgid "The object class of an iphost entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1211 +msgid "Default: ipHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1217 +msgid "ldap_iphost_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1220 +msgid "" +"The LDAP attribute that contains the name of the IP host attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1230 +msgid "ldap_iphost_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1233 +msgid "The LDAP attribute that contains the IP host address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1237 +msgid "Default: ipHostNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1246 +msgid "IP NETWORK ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1250 +msgid "ldap_ipnetwork_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1253 +msgid "The object class of an ipnetwork entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1256 +msgid "Default: ipNetwork" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1262 +msgid "ldap_ipnetwork_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1265 +msgid "" +"The LDAP attribute that contains the name of the IP network attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1275 +msgid "ldap_ipnetwork_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1278 +msgid "The LDAP attribute that contains the IP network address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1282 +msgid "Default: ipNetworkNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_localauth_plugin.8.xml:10 sssd_krb5_localauth_plugin.8.xml:15 +#, fuzzy +#| msgid "sssd_krb5_locator_plugin" +msgid "sssd_krb5_localauth_plugin" +msgstr "sssd_krb5_locator_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_localauth_plugin.8.xml:16 +#, fuzzy +#| msgid "Kerberos locator plugin" +msgid "Kerberos local authorization plugin" +msgstr "Complemento localizador Kerberos" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:22 +msgid "" +"The Kerberos local authorization plugin <command>sssd_krb5_localauth_plugin</" +"command> is used by libkrb5 to either find the local name for a given " +"Kerberos principal or to check if a given local name and a given Kerberos " +"principal relate to each other." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:29 +msgid "" +"SSSD handles the local names for users from a remote source and can read the " +"Kerberos user principal name from the remote source as well. With this " +"information SSSD can easily handle the mappings mentioned above even if the " +"local name and the Kerberos principal differ considerably." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:36 +msgid "" +"Additionally with the information read from the remote source SSSD can help " +"to prevent unexpected or unwanted mappings in case the user part of the " +"Kerberos principal accidentally corresponds to a local name of a different " +"user. By default libkrb5 might just strip the realm part of the Kerberos " +"principal to get the local name which would lead to wrong mappings in this " +"case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd_krb5_localauth_plugin.8.xml:46 +#, fuzzy +#| msgid "CONFIGURATION OPTIONS" +msgid "CONFIGURATION" +msgstr "OPCIONES DE CONFIGURACIÓN" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd_krb5_localauth_plugin.8.xml:56 +#, no-wrap +msgid "" +"[plugins]\n" +" localauth = {\n" +" module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so\n" +" }\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:48 +msgid "" +"The Kerberos local authorization plugin must be enabled explicitly in the " +"Kerberos configuration, see <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. SSSD will create a " +"config snippet with the content like e.g. <placeholder " +"type=\"programlisting\" id=\"0\"/> automatically in the SSSD's public " +"Kerberos configuration snippet directory. If this directory is included in " +"the local Kerberos configuration the plugin will be enabled automatically." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:3 +msgid "ldap_autofs_map_object_class (string)" +msgstr "ldap_autofs_map_object_class (cadena)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:6 +msgid "The object class of an automount map entry in LDAP." +msgstr "El objeto clase de una entrada de mapa de automontaje en LDAP." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:9 +msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap" +msgstr "" +"Predeterminado: nisMap (rfc2307, autofs_provider=ad), de otra manera " +"automountMap" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:16 +msgid "ldap_autofs_map_name (string)" +msgstr "ldap_autofs_map_name (cadena)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:19 +msgid "The name of an automount map entry in LDAP." +msgstr "El nombre de una entrada de mapa de automontaje en LDAP." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:22 +msgid "" +"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName" +msgstr "" +"Predeterminado: nisMapName (rfc2307, autofs_provider=ad), de otra manera " +"automountMapName" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:29 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "ldap_autofs_entry_object_class (cadena)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:32 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" +"El objeto clase de una entrada de montaje automático en LDAP. La entrada " +"normalmente corresponde a un punto de montaje." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:37 +msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount" +msgstr "" +"Predeterminado: nisObject (rfc2307, autofs_provider=ad), de otra manera " +"automount" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:44 +msgid "ldap_autofs_entry_key (string)" +msgstr "ldap_autofs_entry_key (cadena)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:47 include/autofs_attributes.xml:61 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" +"La clave de una entrada de automontaje en LDAP. La entrada corresponde " +"normalmente a un punto de montaje." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:51 +msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey" +msgstr "" +"Predeterminado: cn (rfc2307, autofs_provider=ad), de otra manera automountKey" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:58 +msgid "ldap_autofs_entry_value (string)" +msgstr "ldap_autofs_entry_value (cadena)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:65 +msgid "" +"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise " +"automountInformation" +msgstr "" +"Predeterminado: nisMapEntry (rfc2307, autofs_provider=ad), de otra manera " +"automountInformation" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "SERVICIO DE DESCUBRIMIENTO" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" +"La función servicio descubridor permite a los puntos finales encontrar " +"automáticamente los servidores apropiados a conectar para usar una pregunta " +"especial al DNS. Esta función no está soportada por los servidores de " +"respaldo." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "Configuración" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" +"Si no se especifican servidores, el punto final usar automáticamente el " +"servicio descubridor para intentar encontrar un servidor. Opcionalmente, el " +"usuario puede elegir utilizar tanto las direcciones de servidor fijadas como " +"el servicio descubridor para insertar una palabra clave especial, " +"<quote>_srv_</quote>, en la lista de servidores. El orden de preferencia se " +"mantiene. Esta función es útil sí, por ejemplo, el usuario prefiere usar el " +"servicio descubridor siempre que sea posible, el volver a un servidor " +"específico cuando no se pueden descubrir servidores usando DNS." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "El nombre de dominio" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" +"Por favor vea el parámetro <quote>dns_discovery_domain</quote> en la página " +"de manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> para más detalles." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "El protocolo" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" +"Las consultas normalmente especifican _tcp como protocolo. Las excepciones " +"se documentan en la descripción de la opción respectiva." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "Vea también" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" +"Para más información sobre el mecanismo del servicio descubridor, vea el RFC " +"2782." + +#. type: Content of: <refentryinfo> +#: include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - https://github." +"com/SSSD/sssd/</orgname>" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "CONMUTACIÓN POR ERROR" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" +"La función conmutación en error permite a los finales conmutar " +"automáticamente a un servidor diferente si el servidor actual falla." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "Sintaxis de conmutación por error" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" +"La lista de servidores se da como una lista separada por comas; se permite " +"cualquier número de espacios a los lados de la coma. Los servidores son " +"listados en orden de preferencia. La lista puede contener cualquier número " +"de servidores." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" +"El mecanismo de conmutación por errorEl mecanismo de failover distingue " +"entre una máquina y un servicio. El punto final intenta primero resolver el " +"nombre de host de una máquina dada; si el intento de resolución falla, la " +"máquina es considerada fuera de línea. No se harán más intentos de conexión " +"con esta máquina para ningún otro servicio. Si el intento de resolución " +"tiene éxito, el punto final intenta conectar a un servicio en esa máquina. " +"Si el intento de conexión al servicio falla, entonces sólo se considera " +"fuera de línea este servicio concreto y el punto final conmutará " +"automáticamente sobre el siguientes servicio. La máquina se considera que " +"sigue en línea y se puede intentar el acceso a otros servicios." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" +"El mecanismo de conmutación por error distingue entre una máquina y un " +"servicio. El punto final intenta primero resolver el nombre de host de una " +"máquina dada; si el intento de resolución falla, la máquina es considerada " +"fuera de línea. No se harán más intentos de conexión con esta máquina para " +"ningún otro servicio. Si el intento de resolución tiene éxito, el punto " +"final intenta conectar a un servicio en esa máquina. Si el intento de " +"conexión al servicio falla, entonces sólo se considera fuera de línea este " +"servicio concreto y el punto final conmutará automáticamente sobre el " +"siguientes servicio. La máquina se considera que sigue en línea y se puede " +"intentar el acceso a otros servicios." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" +"Los intentos de conexión adicionales son hechos a máquinas o servicios " +"marcaros como fuera de línea después de un período de tiempo especificado; " +"esto está codificado a fuego actualmente en 30 segundos." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" +"Si no hay más máquinas para intentarlo, el punto final al completo conmutará " +"al modo fuera de línea y después intentará reconectar cada 30 segundo." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:53 +msgid "Failover time outs and tuning" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:55 +msgid "" +"Resolving a server to connect to can be as simple as running a single DNS " +"query or can involve several steps, such as finding the correct site or " +"trying out multiple host names in case some of the configured servers are " +"not reachable. The more complex scenarios can take some time and SSSD needs " +"to balance between providing enough time to finish the resolution process " +"but on the other hand, not trying for too long before falling back to " +"offline mode. If the SSSD debug logs show that the server resolution is " +"timing out before a live server is contacted, you can consider changing the " +"time outs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:76 +msgid "dns_resolver_server_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:80 +msgid "" +"Time in milliseconds that sets how long would SSSD talk to a single DNS " +"server before trying next one." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:90 +msgid "dns_resolver_op_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:94 +msgid "" +"Time in seconds to tell how long would SSSD try to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or discovery domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:106 +msgid "dns_resolver_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:110 +msgid "" +"How long would SSSD try to resolve a failover service. This service " +"resolution internally might include several steps, such as resolving DNS SRV " +"queries or locating the site." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:67 +msgid "" +"This section lists the available tunables. Please refer to their description " +"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:123 +msgid "" +"For LDAP-based providers, the resolve operation is performed as part of an " +"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout</" +"quote> timeout should be set to a larger value than " +"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger " +"value than <quote>dns_resolver_op_timeout</quote> which should be larger " +"than <quote>dns_resolver_server_timeout</quote>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "ASIGNACIÓN DE ID" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" +"La función asignación de ID permite a SSSD actuar como un cliente de Active " +"Directory sin requerir de administradores para extender los atributos de " +"usuario para soportar atributos POSIX para los identificadores de usuario y " +"grupo." + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" +"NOTA: Cuando asignación de ID está habilitado, los atributos uidNumber y " +"gidNumber son ignorados. Esto es para evitar la posibilidad de conflictos " +"entre los valores automáticamente asignados y los asignados manualmente. Si " +"usted necesita usar los valore asignados manualmente, TODOS los valores " +"deben ser asignados manualmente." + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "Algoritmo de asignación" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" +"Active Directory suministra un objectSID para cada objeto usuario y grupo en " +"el directorio. El objectSID puede ser dividido en componente que representan " +"la identidad del dominio Active Directory y le identificador relativo (RID) " +"del objeto usuario y grupo." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" +"El algoritmo de asignación de ID de SSSD tiene un rango de UIDs disponibles " +"y lo divide en secciones componente de igual tamaño – llamadas “rebanadas” " +"-. Cada rebanada representa el espacio disponible para un dominio Active " +"Directory." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" +"Cuando se encuentra por primera vez una entrada de usuario o grupo para un " +"dominio concreto, SSSD asigna una de las rebanadas disponibles para ese " +"dominio. Con el objetivo de hacer esta asignación de rebanadas repetible " +"sobre diferentes máquinas clientes, seleccionamos la rebanada en base al " +"siguiente algoritmo:" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" +"La cadena SID pasada a través del algoritmo murmurhash3 para convertirlo en " +"un valor picado de 32 bit. Después tomamos los módulos de este valor con el " +"número total de rebanadas disponibles para recoger la rebanada." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" +"NOTA: Es posible encontrar colisiones en el picadillo y los módulos " +"subsiguientes. En estas situaciones, seleccionaremos la siguiente rebanada " +"disponible, pero puede no ser posible reproducir los mismos conjuntos " +"exactos de rebanadas sobre otras máquinas (puesto que el orden en que se " +"encuentren desterminará sus rebanadas). En esta situación, se recomienda o " +"bien conmutar para usar los atributos explícitos POSIX en Active Directory " +"(deshabilitando la asignación de ID) o configurar un dominio por defecto " +"para garantizar que al menos uno sea siempre consistente. Vea " +"<quote>Configuración</quote> para detalles." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" +"Configuración mínima (en la sección <quote>[domain/DOMAINNAME]</quote>):" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "ldap_id_mapping = True ldap_schema = ad \n" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 200,000 and going up to " +"2,000,200,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "Configuración Avanzada" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "ldap_idmap_range_min (entero)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +#, fuzzy +#| msgid "" +#| "Specifies the lower bound of the range of POSIX IDs to use for mapping " +#| "Active Directory user and group SIDs." +msgid "" +"Specifies the lower (inclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"can be used for the mapping." +msgstr "" +"Especifica el límite inferior del rango de IDs POXIS a usar para la " +"asignación de SIDs de usuario y grupo de Active Directory." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:129 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" +"NOTA: Esta opción es diferente de <quote>min_id</quote> en esta " +"<quote>min_id</quote> actúa para filtrar la salida de las peticiones a este " +"dominio, mientras esta opción controla el rango de la asignación de ID. Esto " +"es una sutil diferencia, pero el buen consejo general sería que " +"<quote>min_id</quote> fuera menor o igual que <quote>ldap_idmap_range_min</" +"quote>" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:139 include/ldap_id_mapping.xml:197 +msgid "Default: 200000" +msgstr "Por defecto: 200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:144 +msgid "ldap_idmap_range_max (integer)" +msgstr "ldap_idmap_range_max (entero)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:147 +msgid "" +"Specifies the upper (exclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"cannot be used for the mapping anymore, i.e. one larger than the last one " +"which can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:155 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" +"NOTA: Esta opción es diferente de <quote>max_id</quote> en esta " +"<quote>max_id</quote> actúa para filtrar la salida de las peticiones a este " +"dominio, mientras esta opción controla el rango de la asignación de ID. Esto " +"es una sutil diferencia, pero el buen consejo general sería que " +"<quote>max_id</quote> fuera menor o igual que <quote>ldap_idmap_range_max</" +"quote>" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:165 +msgid "Default: 2000200000" +msgstr "Por defecto: 2000200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:170 +msgid "ldap_idmap_range_size (integer)" +msgstr "ldap_idmap_range_size (entero)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" +"Especifica el número de IDs disponibles para cada rebanada. Si el rango no " +"se divide de forma igual entre los valores mínimo y máximo, creará tantas " +"rebanadas completas como sea posible." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:185 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:192 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:202 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "ldap_idmap_default_domain_sid (cadena)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:205 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" +"Especifica el SID de dominio del dominio por defecto. Esto garantizará que " +"este dominio será asignado siempre a la rebanada cero en el mapa de ID, " +"sobrepasando el algoritmo murmurhash descrito arriba." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:216 +msgid "ldap_idmap_default_domain (string)" +msgstr "ldap_idmap_default_domain (cadena)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:219 +msgid "Specify the name of the default domain." +msgstr "Especifica el nombre del dominio por defecto." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:227 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "ldap_idmap_autorid_compat (booleano)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:230 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" +"Cambia el comportamiento del algoritmo de asignación de id para que se " +"comporte de un modo más similar al algoritmo <quote>idmap_autorid</quote> de " +"winbind." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:235 +#, fuzzy +#| msgid "" +#| "When this option is configured, domains will be allocated starting with " +#| "slice zero and increasing monatomically with each additional domain." +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monotonically with each additional domain." +msgstr "" +"Cuando esta opción está configurada, los dominios serán asignados empezando " +"con la rebanada cero e incrementándose de uno en uno con cada dominio " +"adicional." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:240 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" +"NOTA: Este algoritmo no es determinista (depende del orden en que usuario y " +"grupos son pedidos). Si se requiere este modo para compatibilidad con " +"máquinas que ejecutan winbind, se recomienda que también use la opción " +"<quote>ldap_idmap_default_domain_sid</quote> para garantizar que al menos un " +"dominio está asignado consistentemente a la rebanada cero." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:255 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:258 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:262 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:279 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:287 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:290 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:291 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:292 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:293 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:294 +msgid "Mandatory Label Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:295 +msgid "Authentication Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:296 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:297 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:299 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:303 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote>LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, " +"<quote>MANDATORY LABEL AUTHORITY</quote>, <quote>AUTHENTICATION AUTHORITY</" +"quote>, <quote>NT AUTHORITY</quote> and <quote>BUILTIN</quote> should not be " +"used as domain names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "<option>-?</option>,<option>--help</option>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "Muestra mensaje de ayuda y sale." + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "<option>-h</option>,<option>--help</option>" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10 +msgid "Currently supported debug levels:" +msgstr "Niveles de depuración actualmente soportados:" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill SSSD, but one that indicates that at least one major " +"feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x20000</emphasis>: Performance and " +"statistical data, please note that due to the way requests are processed " +"internally the logged execution time of a request might be longer than it " +"actually was." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:88 include/debug_levels_tools.xml:62 +msgid "" +"<emphasis>10</emphasis>, <emphasis>0x10000</emphasis>: Even more low-level " +"libldb tracing information. Almost never really required." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:93 include/debug_levels_tools.xml:67 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:97 include/debug_levels_tools.xml:71 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" +"<emphasis>Ejemplo</emphasis>: Para registrar fallos fatales, críticos y " +"serios y datos de función use 0x0270." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:101 include/debug_levels_tools.xml:75 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" +"<emphasis>Example</emphasis>: Para registrar fallos fatales, ajustes de " +"configuración, datos de función, mensajes de traza para funciones de control " +"interno use 0x1310." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:106 include/debug_levels_tools.xml:80 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:110 include/debug_levels_tools.xml:84 +msgid "" +"<emphasis>Default</emphasis>: 0x0070 (i.e. fatal, critical and serious " +"failures; corresponds to setting 2 in decimal notation)" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "EL DOMINIO LOCAL" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" +"Con el objetivo de que funcione correctamente, se debe crear un dominio con " +"<quote>id_provider=local</quote> y el SSSD debe estar corriendo." + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" +"El administrador puede desear usar los usuarios locales SSSD en lugar de los " +"usuarios tradicionales UNIX en los casos donde los grupos anidados (vea " +"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>) sean necesarios. Los usuarios locales son " +"también útiles para la prueba y el desarrollo del SSSD sin tener que " +"desplegar un servidor remoto completo. Las herramientas <command>sss_user*</" +"command> y <command>sss_group*</command> usan un almacenamiento LDB local " +"para almacenar usuarios y grupos." + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ldap-attributes</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ad</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +"condition=\"with_files_provider\"> <citerefentry> <refentrytitle>sssd-files</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, </phrase> <phrase " +"condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +"<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> " +"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> </phrase>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" +"Una base DN opcional, alcance de la búsqueda y filtro LDAP para búsquedas " +"LDAP de este tipo de atributo." + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" +"search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +"\n" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "sintaxis: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" +"Para ejemplos de esta sintaxis, por favor vea la sección de ejemplos de " +"<quote>ldap_search_base</quote>" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" +"Por favor advierta que especificar el alcance o el filtro no está soportado " +"para búsquedas contra un Active Directory Server que puede ceder un gran " +"número de resultados y disparar la extensión Range Retrieval en la respuesta." + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" +"Por favor advierta que el automontador sólo lee el mapa maestro en el " +"arranque, se modo que si se hace cualquier cambio relacionado con autofs al " +"sssd.conf, usted normalmente también necesitará reiniciar el demonio " +"automontador después de reiniciar el SSSD." + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "override_homedir (cadena)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "número UID" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "nombre de dominio" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "%f" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "nombre totalmente cualificado del usuario (user@domain)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:27 +msgid "%l" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "The first letter of the login name." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:32 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:35 +msgid "%o" +msgstr "%o" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:37 +msgid "The original home directory retrieved from the identity provider." +msgstr "El directorio home original recuperado del proveedor de identidad." + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:44 +#, fuzzy +#| msgid "The original home directory retrieved from the identity provider." +msgid "" +"The original home directory retrieved from the identity provider, but in " +"lower case." +msgstr "El directorio home original recuperado del proveedor de identidad." + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:49 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:51 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Anula el directorio home del usuario. Usted puede suministras bien un valor " +"absoluto o una plantilla. En la plantilla, serán sustituidas las siguientes " +"secuencias: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:63 +msgid "This option can also be set per-domain." +msgstr "Esta opción puede ser también fijada por dominio." + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:68 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:72 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "Por defecto: No fijado (SSSD usará el valor recuperado desde LDAP)" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:76 +msgid "" +"Please note, the home directory from a specific override for the user, " +"either locally (see <citerefentry><refentrytitle>sss_override</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry>) or centrally managed " +"IPA id-overrides, has a higher precedence and will be used instead of the " +"value given by override_homedir." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2 +msgid "MODIFIED DEFAULT OPTIONS" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ad_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and AD provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9 +msgid "KRB5 Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13 +msgid "krb5_validate = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:18 +msgid "krb5_use_enterprise_principal = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:24 +msgid "LDAP Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:28 +msgid "ldap_schema = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38 +msgid "ldap_force_upper_case_realm = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:38 +msgid "ldap_id_mapping = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSS-SPNEGO" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:48 +msgid "ldap_referrals = false" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58 +msgid "ldap_use_tokengroups = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:63 +msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:66 +msgid "" +"The AD provider looks for a different principal than the LDAP provider by " +"default, because in an Active Directory environment the principals are " +"divided into two groups - User Principals and Service Principals. Only User " +"Principal can be used to obtain a TGT and by default, computer object's " +"principal is constructed from its sAMAccountName and the AD realm. The well-" +"known host/hostname@REALM principal is a Service Principal and thus cannot " +"be used to get a TGT with." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:80 +msgid "NSS configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:84 +msgid "fallback_homedir = /home/%d/%u" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:87 +msgid "" +"The AD provider automatically sets \"fallback_homedir = /home/%d/%u\" to " +"provide personal home directories for users without the homeDirectory " +"attribute. If your AD Domain is properly populated with Posix attributes, " +"and you want to avoid this fallback behavior, you can explicitly set " +"\"fallback_homedir = %o\"." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:96 +msgid "" +"Note that the system typically expects a home directory in /home/%u folder. " +"If you decide to use a different directory structure, some other parts of " +"your system may need adjustments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:102 +msgid "" +"For example automated creation of home directories in combination with " +"selinux requires selinux adjustment, otherwise the home directory will be " +"created with wrong selinux context." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ipa_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and IPA provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:18 +msgid "krb5_use_fast = try" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:23 +msgid "krb5_canonicalize = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:29 +msgid "LDAP Provider - General" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:33 +msgid "ldap_schema = ipa_v1" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSSAPI" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:48 +msgid "ldap_sasl_minssf = 56" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ipa" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:64 +msgid "LDAP Provider - User options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:68 +msgid "ldap_user_member_of = memberOf" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:73 +msgid "ldap_user_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:78 +msgid "ldap_user_ssh_public_key = ipaSshPubKey" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:83 +msgid "ldap_user_auth_type = ipaUserAuthType" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:89 +msgid "LDAP Provider - Group options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:93 +msgid "ldap_group_object_class = ipaUserGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:98 +msgid "ldap_group_object_class_alt = posixGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:103 +msgid "ldap_group_member = member" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:108 +msgid "ldap_group_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:113 +msgid "ldap_group_objectsid = ipaNTSecurityIdentifier" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:118 +msgid "ldap_group_external_member = ipaExternalMember" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:3 +msgid "krb5_auth_timeout (integer)" +msgstr "krb5_auth_timeout (entero)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:6 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:17 +msgid "krb5_validate (boolean)" +msgstr "krb5_validate (boolean)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:20 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:29 +#, fuzzy +#| msgid "Default: True (False for AD provider)" +msgid "Default: false (IPA and AD provider: true)" +msgstr "Predeterminado: True (False para proveedor AD)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:32 +#, fuzzy +#| msgid "" +#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> manual page for more details." +msgid "" +"Please note that the ticket validation is the first step when checking the " +"PAC (see 'pac_check' in the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page for " +"details). If ticket validation is disabled the PAC checks will be skipped as " +"well." +msgstr "" +"Por favor vea el parámetro <quote>dns_discovery_domain</quote> en la página " +"de manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> para más detalles." + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:44 +msgid "krb5_renewable_lifetime (string)" +msgstr "krb5_renewable_lifetime (cadena)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:47 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:52 include/krb5_options.xml:86 +#: include/krb5_options.xml:123 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:55 include/krb5_options.xml:89 +#: include/krb5_options.xml:126 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:58 include/krb5_options.xml:92 +#: include/krb5_options.xml:129 +msgid "<emphasis>h</emphasis> for hours" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:61 include/krb5_options.xml:95 +#: include/krb5_options.xml:132 +msgid "<emphasis>d</emphasis> for days." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:64 include/krb5_options.xml:135 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:68 include/krb5_options.xml:139 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:73 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "Por defecto: no fijado, esto es el TGT no es renovable" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:79 +msgid "krb5_lifetime (string)" +msgstr "krb5_lifetime (cadena)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:82 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:98 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:102 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:107 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" +"Por defecto: no fijado, esto es el tiempo de vida de la entrada por defecto " +"configurado en el KDC." + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:114 +msgid "krb5_renew_interval (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:117 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:144 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:157 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" + +#, fuzzy +#~| msgid "This option is not available in IPA provider." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "Esta opción no está disponible en el proveedor IPA." + +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "" +#~ "Determina si las credenciales del usuario están también escondidas en el " +#~ "cache LDB local" + +#~ msgid "User credentials are stored in a SHA512 hash, not in plaintext" +#~ msgstr "" +#~ "Las credenciales de usuario son almacenadas en un hash SHA512, no en " +#~ "texto plano" + +#~ msgid "" +#~ "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +#~ "which translates to \"the name is everything up to the <quote>@</quote> " +#~ "sign, the domain everything after that\"" +#~ msgstr "" +#~ "Predeterminado: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</" +#~ "quote> que traduce al \"todo lo que hay hasta el signo <quote>@</quote> " +#~ "es el nombre, el dominio es el resto detrás de este signo\"" + +#~ msgid "" +#~ "The difference between these options is the action taken if user password " +#~ "is expired: pwd_expire_policy_reject - user is denied to log in, " +#~ "pwd_expire_policy_warn - user is still able to log in, " +#~ "pwd_expire_policy_renew - user is prompted to change his password " +#~ "immediately." +#~ msgstr "" +#~ "La diferencia entre estas opciones es la acción que se toma si la " +#~ "contraseña de usuario ha expirado: pwd_expire_policy_reject - se deniega " +#~ "el acceso al usuario, pwd_expire_policy_warn - el usuario es todavía " +#~ "capaz de acceder, pwd_expire_policy_renew - al usuario se le pide que " +#~ "cambie la contraseña inmediatamente." + +#~ msgid "" +#~ "Note If user password is expired no explicit message is prompted by SSSD." +#~ msgstr "" +#~ "Nota: si la contraseña de usuario expiró, SSSD no solicita ningún mensaje " +#~ "explícito." + +#~ msgid "The LDAP attribute that corresponds to the group name." +#~ msgstr "El atributo LDAP que corresponde al nombre de grupo." + +#~ msgid "" +#~ "NOTE: Some Active Directory groups, typically those used for MS Exchange " +#~ "contain an <quote>@</quote> sign in the name, which clashes with the " +#~ "default re_expression value for the AD and IPA providers. To support " +#~ "these groups, consider changing the re_expression value to: <quote>((?" +#~ "P<name>.+)@(?P<domain>[^@]+$))</quote>." +#~ msgstr "" +#~ "AVISO: Algunos grupos Active Directory, normalmente aquellos que se usan " +#~ "por MS Exchange contienen un signo <quote>@</quote> en el nombre, lo que " +#~ "choca con el valor predeterminado de re_expressionpara los proveedores AD " +#~ "e IPA. Para soportar estos grupos, considere cambiar el valor de " +#~ "re_expression a: <quote>((?P<name>.+)@(?P<domain>[^@]+$))</" +#~ "quote>." + +#~ msgid "" +#~ "Specifies the upper bound of the range of POSIX IDs to use for mapping " +#~ "Active Directory user and group SIDs." +#~ msgstr "" +#~ "Especifica el límite superior del rango de IDs POXIS a usar para la " +#~ "asignación de SIDs de usuario y grupo por Active Directory." + +#~ msgid "sss_groupmod" +#~ msgstr "sss_groupmod" + +#~ msgid "modify a group" +#~ msgstr "modifica un grupo" + +#~ msgid "" +#~ "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_groupmod</command> modifies the group to reflect the changes " +#~ "that are specified on the command line." +#~ msgstr "" +#~ "<command>sss_groupmod</command> modifica el grupo para reflejar los " +#~ "cambios indicados en la línea de comandos." + +#~ msgid "" +#~ "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +#~ "replaceable>" + +#~ msgid "" +#~ "Append this group to groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter " +#~ "is a comma separated list of group names." +#~ msgstr "" +#~ "Agrega este grupo a otros grupos que hayan sido indicados con el " +#~ "parámetro <replaceable>GROUPS</replaceable>. El parámetros " +#~ "<replaceable>GROUPS</replaceable> es una lista de nombres de grupos " +#~ "separados por comas." + +#~ msgid "" +#~ "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +#~ "replaceable>" + +#~ msgid "" +#~ "Remove this group from groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter." +#~ msgstr "" +#~ "Elimina este grupo de los grupos especificados con el parámetro " +#~ "<replaceable>GROUPS</replaceable>" + +#~ msgid "" +#~ "<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)." +#~ msgstr "" +#~ "<quote>local</quote>: Proveedor SSSD interno para usuarios locales " +#~ "(OBSOLETO)." + +#~ msgid "<quote>local</quote>: SSSD internal provider for local users" +#~ msgstr "<quote>local</quote>: Proveedor interno SSSD para usuarios locales" + +#~ msgid "" +#~ "Treat user and group names as case sensitive. <phrase " +#~ "condition=\"enable_local_provider\"> At the moment, this option is not " +#~ "supported in the local provider. </phrase> Possible option values are: " +#~ "<placeholder type=\"variablelist\" id=\"0\"/>" +#~ msgstr "" +#~ "Trata nombres de usuario y de grupo como sensibles a mayúsculas/" +#~ "minúsculas. <phrase condition=\"enable_local_provider\"> En este momento " +#~ "esta opción no está soportada en el proveedor local. </phrase> Los " +#~ "valores de opción posibles son: <placeholder type=\"variablelist\" " +#~ "id=\"0\"/>" + +#~ msgid "The local domain section" +#~ msgstr "La sección de dominio local" + +#~ msgid "" +#~ "This section contains settings for domain that stores users and groups in " +#~ "SSSD native database, that is, a domain that uses " +#~ "<replaceable>id_provider=local</replaceable>." +#~ msgstr "" +#~ "Esta sección contiene la configuración para dominio que almacena los " +#~ "usuarios y grupos en la base de datos SSSD nativa, es decir, un dominio " +#~ "que utiliza <replaceable>id_provider=local</replaceable>." + +#~ msgid "default_shell (string)" +#~ msgstr "default_shell (cadena)" + +#~ msgid "The default shell for users created with SSSD userspace tools." +#~ msgstr "" +#~ "El shell predeterminado para los usuarios creados con herramientas de " +#~ "espacio de usuario SSSD." + +#~ msgid "Default: <filename>/bin/bash</filename>" +#~ msgstr "Predeterminado: <filename>/bin/bash</filename>" + +#~ msgid "base_directory (string)" +#~ msgstr "base_directory (cadena)" + +#~ msgid "" +#~ "The tools append the login name to <replaceable>base_directory</" +#~ "replaceable> and use that as the home directory." +#~ msgstr "" +#~ "Las herramientas anexan el nombre de inicio de sesión para " +#~ "<replaceable>base_directory</replaceable> y utilizan éste como el " +#~ "directorio de inicio." + +#~ msgid "Default: <filename>/home</filename>" +#~ msgstr "Predeterminado: <filename>/home</filename>" + +#~ msgid "create_homedir (bool)" +#~ msgstr "create_homedir (bool)" + +#~ msgid "" +#~ "Indicate if a home directory should be created by default for new users. " +#~ "Can be overridden on command line." +#~ msgstr "" +#~ "Indica si se creará un directorio home por defecto para los nuevos " +#~ "usuarios. Puede ser anulado desde la línea de comando." + +#~ msgid "remove_homedir (bool)" +#~ msgstr "remove_homedir (bool)" + +#~ msgid "" +#~ "Indicate if a home directory should be removed by default for deleted " +#~ "users. Can be overridden on command line." +#~ msgstr "" +#~ "Indica si el directorio home será borrado por defecto para los usuarios " +#~ "borrados. Puede ser anulado desde la línea de comando." + +#~ msgid "homedir_umask (integer)" +#~ msgstr "homedir_umask (entero)" + +#~ msgid "" +#~ "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +#~ "<manvolnum>8</manvolnum> </citerefentry> to specify the default " +#~ "permissions on a newly created home directory." +#~ msgstr "" +#~ "Utilizado por <citerefentry><refentrytitle>sss_useradd</refentrytitle> " +#~ "<manvolnum>8</manvolnum></citerefentry> para especificar los permisos " +#~ "predeterminados en un directorio de inicio recién creado." + +#~ msgid "Default: 077" +#~ msgstr "Predeterminado: 077" + +#~ msgid "skel_dir (string)" +#~ msgstr "skel_dir (cadena)" + +#~ msgid "" +#~ "The skeleton directory, which contains files and directories to be copied " +#~ "in the user's home directory, when the home directory is created by " +#~ "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +#~ "manvolnum> </citerefentry>" +#~ msgstr "" +#~ "El directorio esqueleto, el cual contiene archivos y directorios a " +#~ "copiarse en el directorio principal del usuario, cuando se crea el " +#~ "directorio principal de <citerefentry><refentrytitle>sss_useradd</" +#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry>" + +#~ msgid "Default: <filename>/etc/skel</filename>" +#~ msgstr "Predeterminado: <filename>/etc/skel</filename>" + +#~ msgid "mail_dir (string)" +#~ msgstr "mail_dir (cadena)" + +#~ msgid "" +#~ "The mail spool directory. This is needed to manipulate the mailbox when " +#~ "its corresponding user account is modified or deleted. If not specified, " +#~ "a default value is used." +#~ msgstr "" +#~ "El directorio carreta de correo. Es necesario para manipular el buzón de " +#~ "correo cuando la cuenta de usuario correspondiente es modificada o " +#~ "borrada. Si no se especifica, se utiliza un valor por defecto." + +#~ msgid "Default: <filename>/var/mail</filename>" +#~ msgstr "Predeterminado: <filename>/var/mail</filename>" + +#~ msgid "userdel_cmd (string)" +#~ msgstr "userdel_cmd (cadena)" + +#~ msgid "" +#~ "The command that is run after a user is removed. The command us passed " +#~ "the username of the user being removed as the first and only parameter. " +#~ "The return code of the command is not taken into account." +#~ msgstr "" +#~ "El comando que está corriendo después de que un usuario es borrado. El " +#~ "comando us para el nombre de usuario que está siendo borrado como primer " +#~ "y único parámetro. El código de retorno del comando no es tenido en " +#~ "cuenta." + +#~ msgid "Default: None, no command is run" +#~ msgstr "Predeterminado: None, no se ejecuta comando" + +#~ msgid "sss_useradd" +#~ msgstr "sss_useradd" + +#~ msgid "create a new user" +#~ msgstr "Crea un nuevo usuario" + +#~ msgid "" +#~ "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_useradd</command> creates a new user account using the " +#~ "values specified on the command line plus the default values from the " +#~ "system." +#~ msgstr "" +#~ "<command>sss_useradd</command> crea una nueva cuenta de usuario usando " +#~ "los valores especificados en la línea de comandos más los valores por " +#~ "defecto del sistema." + +#~ msgid "" +#~ "Set the UID of the user to the value of <replaceable>UID</replaceable>. " +#~ "If not given, it is chosen automatically." +#~ msgstr "" +#~ "Fija la UID del usuario al valor de <replaceable>UID</replaceable>. Si no " +#~ "se da, se elige automáticamente." + +#~ msgid "" +#~ "The home directory of the user account. The default is to append the " +#~ "<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and " +#~ "use that as the home directory. The base that is prepended before " +#~ "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" +#~ "baseDirectory</quote> setting in sssd.conf." +#~ msgstr "" +#~ "El directorio home de la cuenta de usuario. Por defecto se añade el " +#~ "nombre <replaceable>LOGIN</replaceable> a <filename>/home</filename> y " +#~ "utiliza esto como directorio home. La base de que se antepondrá antes " +#~ "<replaceable>LOGIN</replaceable> es sintonizable con el ajuste " +#~ "<quote>user_defaults/baseDirectory</quote> en sssd.conf." + +#~ msgid "" +#~ "The user's login shell. The default is currently <filename>/bin/bash</" +#~ "filename>. The default can be changed with <quote>user_defaults/" +#~ "defaultShell</quote> setting in sssd.conf." +#~ msgstr "" +#~ "La shell de acceso del usuario. Por defecto es actualmente <filename>/bin/" +#~ "bash</filename>. El valor por defecto puede ser cambiado con el ajuste " +#~ "<quote>user_defaults/defaultShell</quote> en sssd.conf." + +#~ msgid "" +#~ "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-G</option>,<option>--groups</option> <replaceable>GRUPOS</" +#~ "replaceable>" + +#~ msgid "A list of existing groups this user is also a member of." +#~ msgstr "" +#~ "Una lista de grupos existentes de los que el usuario también es miembro." + +#~ msgid "<option>-m</option>,<option>--create-home</option>" +#~ msgstr "<option>-m</option>,<option>--create-home</option>" + +#~ msgid "" +#~ "Create the user's home directory if it does not exist. The files and " +#~ "directories contained in the skeleton directory (which can be defined " +#~ "with the -k option or in the config file) will be copied to the home " +#~ "directory." +#~ msgstr "" +#~ "Crea el directorio home del usuario si no existe. Los ficheros y " +#~ "directorios contenidos en el directorio esqueleto (que pueden ser " +#~ "definidos con la opción –k o en el fichero de configuración) serán " +#~ "copiados en el directorio home." + +#~ msgid "<option>-M</option>,<option>--no-create-home</option>" +#~ msgstr "<option>-M</option>,<option>--no-create-home</option>" + +#~ msgid "" +#~ "Do not create the user's home directory. Overrides configuration settings." +#~ msgstr "" +#~ "No se crear el directorio principal del usuario. Reemplaza los valores de " +#~ "configuración." + +#~ msgid "" +#~ "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +#~ "replaceable>" + +#~ msgid "" +#~ "The skeleton directory, which contains files and directories to be copied " +#~ "in the user's home directory, when the home directory is created by " +#~ "<command>sss_useradd</command>." +#~ msgstr "" +#~ "El directorio esqueleto, que contiene ficheros y directorios a copiar en " +#~ "el directorio home del usuario, cuando el directorio home es creado por " +#~ "<command>sss_useradd</command>." + +#~ msgid "" +#~ "This option is only valid if the <option>-m</option> (or <option>--create-" +#~ "home</option>) option is specified, or creation of home directories is " +#~ "set to TRUE in the configuration." +#~ msgstr "" +#~ "Esta opción sólo es válida si se ha especificado la opción <option>-m</" +#~ "option> (o <option>--create-home</option>), o la creación de directorios " +#~ "home está fijada a TRUE en la configuración." + +#~ msgid "" +#~ "<option>-Z</option>,<option>--selinux-user</option> " +#~ "<replaceable>SELINUX_USER</replaceable>" +#~ msgstr "" +#~ "<option>-Z</option>,<option>--selinux-user</option> " +#~ "<replaceable>SELINUX_USER</replaceable>" + +#~ msgid "" +#~ "The SELinux user for the user's login. If not specified, the system " +#~ "default will be used." +#~ msgstr "" +#~ "El usuario SELinux para el acceso de usuario. Si no se especifica, se " +#~ "usará el valor por defecto del sistema." + +#~ msgid "sss_groupadd" +#~ msgstr "sss_groupadd" + +#~ msgid "create a new group" +#~ msgstr "Crea un nuevo grupo" + +#~ msgid "" +#~ "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GRUPO</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_groupadd</command> creates a new group. These groups are " +#~ "compatible with POSIX groups, with the additional feature that they can " +#~ "contain other groups as members." +#~ msgstr "" +#~ "<command>sss_groupadd</command> cre un nuevo grupo. Estos grupos son " +#~ "compatibles con grupos POXIS, con la característica adicional que pueden " +#~ "contener otros grupos como miembros." + +#~ msgid "" +#~ "Set the GID of the group to the value of <replaceable>GID</replaceable>. " +#~ "If not given, it is chosen automatically." +#~ msgstr "" +#~ "Fija el GID del grupo al valor de <replaceable>GID</replaceable>. Si no " +#~ "se da, se elige automáticamente." + +#~ msgid "sss_userdel" +#~ msgstr "sss_userdel" + +#~ msgid "delete a user account" +#~ msgstr "eliminar una cuenta de usuario" + +#~ msgid "" +#~ "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_userdel</command> deletes a user identified by login name " +#~ "<replaceable>LOGIN</replaceable> from the system." +#~ msgstr "" +#~ "<command>sss_userdel</command> borra del sistema un usuario identificado " +#~ "por su nombre de acceso <replaceable>LOGIN</replaceable>." + +#~ msgid "<option>-r</option>,<option>--remove</option>" +#~ msgstr "<option>-r</option>,<option>--remove</option>" + +#~ msgid "" +#~ "Files in the user's home directory will be removed along with the home " +#~ "directory itself and the user's mail spool. Overrides the configuration." +#~ msgstr "" +#~ "Los ficheros en el directorio home del usuario serán borrados así como el " +#~ "directorio home mismo y el buzón de correo del usuario. Reescribe la " +#~ "configuración." + +#~ msgid "<option>-R</option>,<option>--no-remove</option>" +#~ msgstr "<option>-R</option>,<option>--no-remove</option>" + +#~ msgid "" +#~ "Files in the user's home directory will NOT be removed along with the " +#~ "home directory itself and the user's mail spool. Overrides the " +#~ "configuration." +#~ msgstr "" +#~ "Los ficheros en el directorio home del usuario NO serán borrados así como " +#~ "el directorio home mismo y el buzón de correo del usuario. Reescribe la " +#~ "configuración." + +#~ msgid "<option>-f</option>,<option>--force</option>" +#~ msgstr "<option>-f</option>,<option>--force</option>" + +#~ msgid "" +#~ "This option forces <command>sss_userdel</command> to remove the user's " +#~ "home directory and mail spool, even if they are not owned by the " +#~ "specified user." +#~ msgstr "" +#~ "Esta opción fuerza a <command>sss_userdel</command> a borrar el " +#~ "directorio home del usuario y el buzón de correo, aunque no sea propiedad " +#~ "del usuario especificado." + +#~ msgid "<option>-k</option>,<option>--kick</option>" +#~ msgstr "<option>-k</option>,<option>--kick</option>" + +#~ msgid "Before actually deleting the user, terminate all his processes." +#~ msgstr "" +#~ "Antes de realmente eliminar al usuario, terminar todos sus procesos." + +#~ msgid "sss_groupdel" +#~ msgstr "sss_groupdel" + +#~ msgid "delete a group" +#~ msgstr "eliminar un grupo" + +#~ msgid "" +#~ "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GRUPO</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_groupdel</command> deletes a group identified by its name " +#~ "<replaceable>GROUP</replaceable> from the system." +#~ msgstr "" +#~ "<command>sss_groupdel</command> borra del sistema un grupo identificado " +#~ "por su nombre <replaceable>GROUP</replaceable>." + +#~ msgid "sss_groupshow" +#~ msgstr "sss_groupshow" + +#~ msgid "print properties of a group" +#~ msgstr "imprime las propiedades de un grupo" + +#~ msgid "" +#~ "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GRUPO</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_groupshow</command> displays information about a group " +#~ "identified by its name <replaceable>GROUP</replaceable>. The information " +#~ "includes the group ID number, members of the group and the parent group." +#~ msgstr "" +#~ "<command>sss_groupshow</command> muestra información sobre un grupo " +#~ "identificado por su nombre <replaceable>GROUP</replaceable>. La " +#~ "información incluye el número de ID del grupo, miembros del grupo y " +#~ "padres del grupo." + +#~ msgid "<option>-R</option>,<option>--recursive</option>" +#~ msgstr "<option>-R</option>,<option>--recursive</option>" + +#~ msgid "" +#~ "Also print indirect group members in a tree-like hierarchy. Note that " +#~ "this also affects printing parent groups - without <option>R</option>, " +#~ "only the direct parent will be printed." +#~ msgstr "" +#~ "También imprime miembros indirectos del grupo en una jerarquía de árbol. " +#~ "Advierta que esto también afecta a la impresión de los grupos padres – " +#~ "sin <option>R</option>,, sólo se imprimirá los padres directos." + +#~ msgid "sss_usermod" +#~ msgstr "sss_usermod" + +#~ msgid "modify a user account" +#~ msgstr "Modifica una cuenta de usuario" + +#~ msgid "" +#~ "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_usermod</command> modifies the account specified by " +#~ "<replaceable>LOGIN</replaceable> to reflect the changes that are " +#~ "specified on the command line." +#~ msgstr "" +#~ "<command>sss_usermod</command> modifica la cuenta especificada por " +#~ "<replaceable>LOGIN</replaceable> para reflejar los cambios que se han " +#~ "especificado en la línea de comando." + +#~ msgid "The home directory of the user account." +#~ msgstr "El directorio principal de la cuenta de usuario." + +#~ msgid "The user's login shell." +#~ msgstr "Shell de inicio de sesión del usuario." + +#~ msgid "" +#~ "Append this user to groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter " +#~ "is a comma separated list of group names." +#~ msgstr "" +#~ "Añade este usuario a los grupos especificados por el parámetro " +#~ "<replaceable>GROUPS</replaceable>. El parámetro <replaceable>GROUPS</" +#~ "replaceable> es una lista separada por comas de nombres de grupo." + +#~ msgid "" +#~ "Remove this user from groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter." +#~ msgstr "" +#~ "Borrar este usuario de los grupos especificados por el parámetro " +#~ "<replaceable>GROUPS</replaceable>." + +#~ msgid "<option>-l</option>,<option>--lock</option>" +#~ msgstr "<option>-l</option>,<option>--lock</option>" + +#~ msgid "Lock the user account. The user won't be able to log in." +#~ msgstr "Bloquea la cuenta de usuario. El usuario no será capaz de acceder." + +#~ msgid "<option>-u</option>,<option>--unlock</option>" +#~ msgstr "<option>-u</option>,<option>--unlock</option>" + +#~ msgid "Unlock the user account." +#~ msgstr "Desbloquea la cuenta de usuario." + +#~ msgid "The SELinux user for the user's login." +#~ msgstr "El usuario SELinux para el acceso del usuario." + +#~ msgid "Default: /etc/krb5.keytab" +#~ msgstr "Predeterminado: /etc/krb5.keytab" + +#~ msgid "(NSS Version) This option is ignored." +#~ msgstr "(Versión NSS) Esta opción es ignorada." + +#~ msgid "Default: sha256" +#~ msgstr "Predeterminado: sha256" + +#~ msgid "" +#~ "(NSS Version) This option is ignored, because NSS uses sha1 " +#~ "unconditionally." +#~ msgstr "" +#~ "(Versión NSS) Esta opción es ignorada, porque NSS usa sha1 " +#~ "incondicionalmente." + +#~ msgid "" +#~ "(NSS Version) This option must be used together with " +#~ "ocsp_default_responder_signing_cert." +#~ msgstr "" +#~ "(Versión NSS) Esta opción debe ser usada junto con " +#~ "ocsp_default_responder_signing_cert." + +#~ msgid "" +#~ "(NSS Version) The nickname of the cert to trust (expected) to sign the " +#~ "OCSP responses. The certificate with the given nickname must be " +#~ "available in the systems NSS database." +#~ msgstr "" +#~ "(NSS Version) El apodo del certificado en el que confiar (esperado) para " +#~ "firmar las respuestas OCSP. El certificado con el apodo dado debe estar " +#~ "disponible en la base de datos NSS del sistema." + +#~ msgid "This option must be used together with ocsp_default_responder." +#~ msgstr "Esta opción debe ser usada junto con ocsp_default_responder." + +#~ msgid "" +#~ "(NSS Version) This option is ignored, please see <citerefentry> " +#~ "<refentrytitle>crlutil</refentrytitle> <manvolnum>1</manvolnum> </" +#~ "citerefentry> how to import a Certificate Revocation List (CRL) into a " +#~ "NSS database." +#~ msgstr "" +#~ "(Versión NSS) Esta opción se ignora, por favor vea en <citerefentry> " +#~ "<refentrytitle>crlutil</refentrytitle> <manvolnum>1</manvolnum> </" +#~ "citerefentry> como importar una Lista de Revocación de Certificado (CRL) " +#~ "en una base de datos NSS." + +#~ msgid "This man page was generated for the NSS version." +#~ msgstr "Esta página de manual fue generada para la versión NSS." + +#~ msgid "This man page was generated for the OpenSSL version." +#~ msgstr "Esta página de manual fue generada para la versión OPENSSL." + +#~ msgid "" +#~ "The random offset can increment up to 30 seconds. After each " +#~ "unsuccessful attempt to go online, the new interval is recalculated by " +#~ "the following:" +#~ msgstr "" +#~ "El desplazamiento aleatorio puede ser incrementado a 30 segundos. " +#~ "Después de cada intento fracasado de ir a línea, el nuevo intervalo se re-" +#~ "calcula de la siguiente forma:" + +#~ msgid "new_interval = old_interval*2 + random_offset" +#~ msgstr "new_interval = old_interval*2 + random_offset" + +#~ msgid "" +#~ "Note that the maximum length of each interval is currently limited to one " +#~ "hour. If the calculated length of new_interval is greater than an hour, " +#~ "it will be forced to one hour." +#~ msgstr "" +#~ "Advierta que la longitud máxima de cada intervalo está limitada " +#~ "actualmente a una hora. Si la longitud calculada de new_interval es mayor " +#~ "de una hora se forzará a una hora." + +#~ msgid "memcache_timeout (int)" +#~ msgstr "memcache_timeout (entero)" + +#~ msgid "/etc/pki/nssdb (NSS version, path to a NSS database)" +#~ msgstr "/etc/pki/nssdb (versión NSS, ruta a la base de datos NSS)" + +#~ msgid "<option>-f</option>,<option>--debug-to-files</option>" +#~ msgstr "<option>-f</option>,<option>--debug-to-files</option>" + +#~ msgid "" +#~ "Send the debug output to files instead of stderr. By default, the log " +#~ "files are stored in <filename>/var/log/sssd</filename> and there are " +#~ "separate log files for every SSSD service and domain." +#~ msgstr "" +#~ "Envía la salida de depuración a ficheros en lugar de a stderr. Por " +#~ "defecto, los ficheros de registro se almacenan en <filename>/var/log/" +#~ "sssd</filename> y hay ficheros de registro separados para cada servicio y " +#~ "dominio SSSD." diff --git a/src/man/po/eu.po b/src/man/po/eu.po new file mode 100644 index 0000000..0d3a52d --- /dev/null +++ b/src/man/po/eu.po @@ -0,0 +1,18225 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 2.3.0\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" +"PO-Revision-Date: 2014-12-14 11:55-0500\n" +"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" +"Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/" +"eu/)\n" +"Language: eu\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Zanata 4.6.2\n" + +#. type: Content of: <reference><title> +#: sssd.conf.5.xml:8 sssd-ldap.5.xml:5 pam_sss.8.xml:5 pam_sss_gss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5 +#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 +#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sssd-krb5.5.xml:5 +#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5 +#: sssd-files.5.xml:5 sssd-session-recording.5.xml:5 sssd-kcm.8.xml:5 +#: sssd-systemtap.5.xml:5 sssd-ldap-attributes.5.xml:5 +#: sssd_krb5_localauth_plugin.8.xml:5 +msgid "SSSD Manual pages" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:13 sssd.conf.5.xml:19 +msgid "sssd.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:14 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 +#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +#: sssd-files.5.xml:11 sssd-session-recording.5.xml:11 sssd-systemtap.5.xml:11 +#: sssd-ldap-attributes.5.xml:11 +msgid "5" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:15 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 +#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +#: sssd-files.5.xml:12 sssd-session-recording.5.xml:12 sssd-kcm.8.xml:12 +#: sssd-systemtap.5.xml:12 sssd-ldap-attributes.5.xml:12 +msgid "File Formats and Conventions" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:20 +msgid "the configuration file for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:24 +msgid "FILE FORMAT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:32 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:27 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:39 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:44 +msgid "" +"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:50 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:56 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:62 +msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:65 +msgid "" +"The configuration file <filename>sssd.conf</filename> will include " +"configuration snippets using the include directory <filename>conf.d</" +"filename>. This feature is available if SSSD was compiled with libini " +"version 1.3.0 or later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:72 +msgid "" +"Any file placed in <filename>conf.d</filename> that ends in " +"<quote><filename>.conf</filename></quote> and does not begin with a dot " +"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> " +"to configure SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:80 +msgid "" +"The configuration snippets from <filename>conf.d</filename> have higher " +"priority than <filename>sssd.conf</filename> and will override " +"<filename>sssd.conf</filename> when conflicts occur. If several snippets are " +"present in <filename>conf.d</filename>, then they are included in " +"alphabetical order (based on locale). Files included later have higher " +"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, " +"<filename>02_snippet.conf</filename> etc.) can help visualize the priority " +"(higher number means higher priority)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:94 +msgid "" +"The snippet files require the same owner and permissions as <filename>sssd." +"conf</filename>. Which are by default root:root and 0600." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:101 +msgid "GENERAL OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:103 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:107 +msgid "Options usable in all sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:111 +msgid "debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:115 +msgid "debug (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:118 +msgid "" +"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias " +"for <replaceable>debug_level</replaceable> as a convenience feature. If both " +"are specified, the value of <replaceable>debug_level</replaceable> will be " +"used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:128 +msgid "debug_timestamps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:131 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 +msgid "Default: true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:141 +msgid "debug_microseconds (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:144 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 +#: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 +#: include/krb5_options.xml:163 +msgid "Default: false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:154 +msgid "debug_backtrace_enabled (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:157 +msgid "Enable debug backtrace." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:160 +msgid "" +"In case SSSD is run with debug_level less than 9, everything is logged to a " +"ring buffer in memory and flushed to a log file on any error up to and " +"including `min(0x0040, debug_level)` (i.e. if debug_level is explicitly set " +"to 0 or 1 then only those error levels will trigger backtrace, otherwise up " +"to 2)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:169 +msgid "" +"Feature is only supported for `logger == files` (i.e. setting doesn't have " +"effect for other logger types)." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 +#: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 +#: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 +#: sssd-ldap-attributes.5.xml:890 sssd-ldap-attributes.5.xml:987 +#: sssd-ldap-attributes.5.xml:1045 sssd-ldap-attributes.5.xml:1203 +#: sssd-ldap-attributes.5.xml:1248 include/autofs_attributes.xml:1 +#: include/krb5_options.xml:1 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:182 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:186 +msgid "timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:189 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests. Note " +"that after three missed heartbeats the process will terminate itself." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +msgid "Default: 10" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:206 +msgid "SPECIAL SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:209 +msgid "The [sssd] section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><title> +#: sssd.conf.5.xml:218 +msgid "Section parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:220 +msgid "config_file_version (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:223 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:229 +msgid "services" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:232 +msgid "" +"Comma separated list of services that are started when sssd itself starts. " +"<phrase condition=\"have_systemd\"> The services' list is optional on " +"platforms where systemd is supported, as they will either be socket or D-Bus " +"activated when needed. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:241 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:249 +msgid "" +"<phrase condition=\"have_systemd\"> By default, all services are disabled " +"and the administrator must enable the ones allowed to be used by executing: " +"\"systemctl enable sssd-@service@.socket\". </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 +msgid "reconnection_retries (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 +#: include/failover.xml:100 +msgid "Default: 3" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:271 +msgid "domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:274 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter describes the list of domains in the order you want " +"them to be queried. A domain name is recommended to contain only " +"alphanumeric ASCII characters, dashes, dots and underscores. '/' character " +"is forbidden." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 +msgid "re_expression (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:290 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:295 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN SECTIONS " +"for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 +msgid "full_name_format (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 +msgid "%1$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 +msgid "user name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 +msgid "%2$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 +msgid "domain name as specified in the SSSD config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 +msgid "%3$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:344 +msgid "" +"Each domain can have an individual format string configured. See DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:350 +msgid "monitor_resolv_conf (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:353 +msgid "" +"Controls if SSSD should monitor the state of resolv.conf to identify when it " +"needs to update its internal DNS resolver." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:363 +msgid "try_inotify (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:366 +msgid "" +"By default, SSSD will attempt to use inotify to monitor configuration files " +"changes and will fall back to polling every five seconds if inotify cannot " +"be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:378 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:382 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:389 +msgid "krb5_rcache_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:396 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:402 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:409 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:412 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user. Currently the only supported value is '&sssd_user_name;'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:419 +msgid "" +"This option does not work when running socket-activated services, as the " +"user set up to run the processes is set up during compilation time. The way " +"to override the systemd unit files is by creating the appropriate files in /" +"etc/systemd/system/. Keep in mind that any change in the socket user, group " +"or permissions may result in a non-usable SSSD. The same may occur in case " +"of changes of the user running the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:433 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:438 +msgid "default_domain_suffix (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:441 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:451 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False. <phrase condition=\"with_files_provider\"> One exception from " +"this rule are domains with <quote>id_provider=files</quote> that always try " +"to match the behaviour of nss_files and therefore their output is not " +"qualified even when the default_domain_suffix option is used. </phrase>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 +#: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 +#: include/krb5_options.xml:148 +msgid "Default: not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:473 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:476 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:485 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:498 +msgid "certificate_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:506 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:508 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:516 +msgid "soft_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:518 +msgid "" +"If a connection cannot be established to an OCSP responder the OCSP check is " +"skipped. This option should be used to allow authentication when the system " +"is offline and the OCSP responder cannot be reached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:528 +msgid "ocsp_dgst" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "" +"Digest (hash) function used to create the certificate ID for the OCSP " +"request. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:534 +msgid "sha1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:535 +msgid "sha256" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:536 +msgid "sha384" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:537 +msgid "sha512" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:540 +msgid "Default: sha1 (to allow compatibility with RFC5019-compliant responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:546 +msgid "no_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:548 +msgid "" +"Disables verification completely. This option should only be used for " +"testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "partial_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:556 +msgid "" +"Allow verification to succeed even if a <replaceable>complete</replaceable> " +"chain cannot be built to a self-signed trust-anchor, provided it is possible " +"to construct a chain to a trusted certificate that might not be self-signed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:565 +msgid "ocsp_default_responder=URL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:567 +msgid "" +"Sets the OCSP default responder which should be used instead of the one " +"mentioned in the certificate. URL must be replaced with the URL of the OCSP " +"default responder e.g. http://example.com:80/ocsp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:577 +msgid "ocsp_default_responder_signing_cert=NAME" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:579 +msgid "" +"This option is currently ignored. All needed certificates must be available " +"in the PEM file given by pam_cert_db_path." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:587 +msgid "crl_file=/PATH/TO/CRL/FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:589 +msgid "" +"Use the Certificate Revocation List (CRL) from the given file during the " +"verification of the certificate. The CRL must be given in PEM format, see " +"<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</" +"manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:602 +msgid "soft_crl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:605 +msgid "" +"If a Certificate Revocation List (CRL) is expired ignore the CRL checks for " +"the related certificates. This option should be used to allow authentication " +"when the system is offline and the CRL cannot be renewed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:616 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:619 +msgid "Default: not set, i.e. do not restrict certificate verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:625 +msgid "disable_netlink (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "" +"SSSD hooks into the netlink interface to monitor changes to routes, " +"addresses, links and trigger certain actions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:633 +msgid "" +"The SSSD state changes caused by netlink events may be undesirable and can " +"be disabled by setting this option to 'true'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:638 +msgid "Default: false (netlink changes are detected)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:643 +msgid "enable_files_domain (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:646 +msgid "" +"When this option is enabled, SSSD prepends an implicit domain with " +"<quote>id_provider=files</quote> before any explicitly configured domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:657 +msgid "domain_resolution_order" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:660 +msgid "" +"Comma separated list of domains and subdomains representing the lookup order " +"that will be followed. The list doesn't have to include all possible " +"domains as the missing domains will be looked up based on the order they're " +"presented in the <quote>domains</quote> configuration option. The " +"subdomains which are not listed as part of <quote>lookup_order</quote> will " +"be looked up in a random order for each parent domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:672 +msgid "" +"Please, note that when this option is set the output format of all commands " +"is always fully-qualified even when using short names for input <phrase " +"condition=\"with_files_provider\"> , for all users but the ones managed by " +"the files provider </phrase>. In case the administrator wants the output " +"not fully-qualified, the full_name_format option can be used as shown below: " +"<quote>full_name_format=%1$s</quote> However, keep in mind that during " +"login, login applications often canonicalize the username by calling " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> which, if a shortname is returned for a qualified " +"input (while trying to reach a user which exists in multiple domains) might " +"re-route the login attempt into the domain which uses shortnames, making " +"this workaround totally not recommended in cases where usernames may overlap " +"between domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 +#: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 +msgid "Default: Not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:705 +msgid "implicit_pac_responder (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:708 +msgid "" +"The PAC responder is enabled automatically for the IPA and AD provider to " +"evaluate and check the PAC. If it has to be disabled set this option to " +"'false'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:719 +msgid "core_dumpable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:722 +msgid "" +"This option can be used for general system hardening: setting it to 'false' " +"forbids core dumps for all SSSD processes to avoid leaking plain text " +"passwords. See man page prctl:PR_SET_DUMPABLE for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:734 +msgid "passkey_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "user_verification (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:744 +msgid "" +"Enable or disable the user verification (i.e. PIN, fingerprint) during " +"authentication. If enabled, the PIN will always be requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:750 +msgid "" +"The default is that the key settings decide what to do. In the IPA or " +"kerberos pre-authentication case, this value will be overwritten by the " +"server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "" +"With this parameter the passkey verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:211 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:769 +msgid "SERVICES SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:771 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:778 +msgid "General service configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:780 +msgid "These options can be used to configure any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:797 +msgid "fd_limit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:800 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:814 +msgid "client_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:817 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system. The timeout " +"can't be shorter than 10 seconds. If a lower value is configured, it will be " +"adjusted to 10 seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "Default: 60, KCM: 300" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:831 +msgid "offline_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:834 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. By " +"default SSSD uses incremental behaviour to calculate delay in between " +"retries. So, the wait time for a given retry will be longer than the wait " +"time for the previous ones. After each unsuccessful attempt to go online, " +"the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 +msgid "" +"new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." +"offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:848 +msgid "" +"The offline_timeout default value is 60. The offline_timeout_max default " +"value is 3600. The offline_timeout_random_offset default value is 30. The " +"end result is amount of seconds before next retry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:854 +msgid "" +"Note that the maximum length of each interval is defined by " +"offline_timeout_max (apart of random part)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 +msgid "Default: 60" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:863 +msgid "offline_timeout_max (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:866 +msgid "" +"Controls by how much the time between attempts to go online can be " +"incremented following unsuccessful attempts to go online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:871 +msgid "A value of 0 disables the incrementing behaviour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:874 +msgid "" +"The value of this parameter should be set in correlation to offline_timeout " +"parameter value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "" +"With offline_timeout set to 60 (default value) there is no point in setting " +"offlinet_timeout_max to less than 120 as it will saturate instantly. General " +"rule here should be to set offline_timeout_max to at least 4 times " +"offline_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "" +"Although a value between 0 and offline_timeout may be specified, it has the " +"effect of overriding the offline_timeout value so is of little use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:889 +msgid "Default: 3600" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:894 +msgid "offline_timeout_random_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:897 +msgid "" +"When SSSD is in offline mode it keeps probing backend servers in specified " +"time intervals:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:904 +msgid "" +"This parameter controls the value of the random offset used for the above " +"equation. Final random_offset value will be random number in range:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "[0 - offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:912 +msgid "A value of 0 disables the random offset addition." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:915 +msgid "Default: 30" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:920 +msgid "responder_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:923 +msgid "" +"This option specifies the number of seconds that an SSSD responder process " +"can be up without being used. This value is limited in order to avoid " +"resource exhaustion on the system. The minimum acceptable value for this " +"option is 60 seconds. Setting this option to 0 (zero) means that no timeout " +"will be set up to the responder. This option only has effect when SSSD is " +"built with systemd support and when services are either socket or D-Bus " +"activated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 +msgid "Default: 300" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:942 +msgid "cache_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 +msgid "" +"This option specifies whether the responder should query all caches before " +"querying the Data Providers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:960 +msgid "NSS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:962 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:967 +msgid "enum_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:970 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:974 +msgid "Default: 120" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:979 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:982 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:988 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:998 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 +msgid "Default: 50" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1011 +msgid "entry_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 +msgid "Default: 15" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1025 +msgid "local_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1028 +msgid "" +"Specifies for how many seconds nss_sss should keep local users and groups in " +"negative cache before trying to look it up in the back end again. Setting " +"the option to 0 disables this feature." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "Default: 14400 (4 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1039 +msgid "filter_users, filter_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1042 +msgid "" +"Exclude certain users or groups from being fetched from the sss NSS " +"database. This is particularly useful for system accounts. This option can " +"also be set per-domain or include fully-qualified names to filter only users " +"from the particular domain or by a user principal name (UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1050 +msgid "" +"NOTE: The filter_groups option doesn't affect inheritance of nested group " +"members, since filtering happens after they are propagated for returning via " +"NSS. E.g. a group having a member group filtered out will still have the " +"member users of the latter listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1058 +msgid "Default: root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1063 +msgid "filter_users_in_groups (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1066 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1077 +msgid "fallback_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1080 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1085 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1091 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1095 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1101 +msgid "override_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1104 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1116 +msgid "allowed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1119 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1122 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1126 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1131 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1136 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1139 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1146 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1149 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1153 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1158 +msgid "vetoed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1161 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1166 +msgid "shell_fallback (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1169 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1173 +msgid "Default: /bin/sh" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1178 +msgid "default_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1181 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1187 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 +msgid "get_domains_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1206 +msgid "memcache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1209 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid. Setting this option to zero will disable the in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1217 +msgid "" +"WARNING: Disabling the in-memory cache will have significant negative impact " +"on SSSD's performance and should only be used for testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1231 +msgid "memcache_size_passwd (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1234 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for passwd requests. Setting the size to 0 will disable the passwd in-" +"memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 +msgid "" +"WARNING: Disabled or too small in-memory cache can have significant negative " +"impact on SSSD's performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1256 +msgid "memcache_size_group (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1259 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for group requests. Setting the size to 0 will disable the group in-memory " +"cache." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 +#: include/krb5_options.xml:11 +msgid "Default: 6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1281 +msgid "memcache_size_initgroups (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1284 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for initgroups requests. Setting the size to 0 will disable the initgroups " +"in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1306 +msgid "memcache_size_sid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1309 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for SID related requests. Only SID-by-ID and ID-by-SID requests are " +"currently cached in fast in-memory cache. Setting the size to 0 will " +"disable the SID in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1336 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1349 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1354 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1359 +msgid "pwfield (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1362 +msgid "" +"The value that NSS operations that return users or groups will return for " +"the <quote>password</quote> field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1367 +msgid "Default: <quote>*</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1370 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[nss] section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1374 +msgid "" +"Default: <quote>not set</quote> (remote domains), <phrase " +"condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" +"phrase> <quote>x</quote> (proxy domain with nss_files and sssd-shadowutils " +"target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1386 +msgid "PAM configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1388 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1393 +msgid "offline_credentials_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1396 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 +msgid "Default: 0 (No limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1407 +msgid "offline_failed_login_attempts (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1410 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1420 +msgid "offline_failed_login_delay (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1423 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1428 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 +msgid "Default: 5" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1440 +msgid "pam_verbosity (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1443 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1448 +msgid "Currently sssd supports the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1451 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1454 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1458 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1465 sssd.8.xml:63 +msgid "Default: 1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1471 +msgid "pam_response_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1474 +msgid "" +"A comma separated list of strings which allows to remove (filter) data sent " +"by the PAM responder to pam_sss PAM module. There are different kind of " +"responses sent to pam_sss e.g. messages displayed to the user or environment " +"variables which should be set by pam_sss." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1482 +msgid "" +"While messages already can be controlled with the help of the pam_verbosity " +"option this option allows to filter out other kind of responses as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1489 +msgid "ENV" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1490 +msgid "Do not send any environment variables to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1493 +msgid "ENV:var_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1494 +msgid "Do not send environment variable var_name to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1498 +msgid "ENV:var_name:service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1499 +msgid "Do not send environment variable var_name to service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1487 +msgid "" +"Currently the following filters are supported: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1506 +msgid "" +"The list of strings can either be the list of filters which would set this " +"list of filters and overwrite the defaults. Or each element of the list can " +"be prefixed by a '+' or '-' character which would add the filter to the " +"existing default or remove it from the defaults, respectively. Please note " +"that either all list elements must have a '+' or '-' prefix or none. It is " +"considered as an error to mix both styles." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1517 +msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1520 +msgid "" +"Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1527 +msgid "pam_id_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1530 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1536 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1550 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1556 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1567 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 +msgid "Default: 0" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1589 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1592 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to run PAM conversations against trusted domains. Users not " +"included in this list can only access domains marked as public with " +"<quote>pam_public_domains</quote>. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 +msgid "Default: All users are considered trusted by default" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1606 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1620 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1624 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1628 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 +msgid "Default: none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1637 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1640 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbosity is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1653 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1662 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1665 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1672 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1681 +msgid "pam_passkey_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 +msgid "Enable passkey device based authentication." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 +msgid "Default: False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1692 +msgid "passkey_debug_libfido2 (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1695 +msgid "Enable libfido2 library debug messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1703 +msgid "pam_cert_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1706 +msgid "" +"Enable certificate based Smartcard authentication. Since this requires " +"additional communication with the Smartcard which will delay the " +"authentication process this option is disabled by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1717 +msgid "pam_cert_db_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1720 +msgid "The path to the certificate database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 +msgid "Default:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 +msgid "" +"/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " +"certificates in PEM format)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1735 +msgid "pam_cert_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1738 +msgid "" +"With this parameter the PAM certificate verification can be tuned with a " +"comma separated list of options that override the " +"<quote>certificate_verification</quote> value in <quote>[sssd]</quote> " +"section. Supported options are the same of <quote>certificate_verification</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1749 +#, no-wrap +msgid "" +"pam_cert_verification = partial_chain\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1753 +msgid "" +"Default: not set, i.e. use default <quote>certificate_verification</quote> " +"option defined in <quote>[sssd]</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1760 +msgid "p11_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1763 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1772 +msgid "passkey_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1775 +msgid "" +"How many seconds will the PAM responder wait for passkey_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1784 +msgid "pam_app_services (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1787 +msgid "" +"Which PAM services are permitted to contact domains of type " +"<quote>application</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1796 +msgid "pam_p11_allowed_services (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1799 +msgid "" +"A comma-separated list of PAM service names for which it will be allowed to " +"use Smartcards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1814 +#, no-wrap +msgid "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1803 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in order " +"to replace a default PAM service name for authentication with Smartcards (e." +"g. <quote>login</quote>) with a custom PAM service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd-ad.5.xml:869 sssd-ad.5.xml:947 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1863 +msgid "gnome-screensaver" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1871 +msgid "p11_wait_for_card_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1874 +msgid "" +"If Smartcard authentication is required how many extra seconds in addition " +"to p11_child_timeout should the PAM responder wait until a Smartcard is " +"inserted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1885 +msgid "p11_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1888 +msgid "" +"PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " +"selection of devices used for Smartcard authentication. By default SSSD's " +"p11_child will search for a PKCS#11 slot (reader) where the 'removable' " +"flags is set and read the certificates from the inserted token from the " +"first slot found. If multiple readers are connected p11_uri can be used to " +"tell p11_child to use a specific reader." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1901 +#, no-wrap +msgid "" +"p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1905 +#, no-wrap +msgid "" +"p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1899 +msgid "" +"Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " +"type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " +"debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' " +"with e.g. the '--list-all' will show PKCS#11 URIs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1918 +msgid "pam_initgroups_scheme" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1926 +msgid "always" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1927 +msgid "" +"Always do an online lookup, please note that pam_id_timeout still applies" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1931 +msgid "no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1932 +msgid "" +"Only do an online lookup if there is no active session of the user, i.e. if " +"the user is currently not logged in" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1937 +msgid "never" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1938 +msgid "" +"Never force an online lookup, use the data from the cache as long as they " +"are not expired" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1921 +msgid "" +"The PAM responder can force an online lookup to get the current group " +"memberships of the user trying to log in. This option controls when this " +"should be done and the following values are allowed: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1945 +msgid "Default: no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 +msgid "pam_gssapi_services" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1953 +msgid "" +"Comma separated list of PAM services that are allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1958 +msgid "" +"To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[pam] section. It can also be set for trusted domain which overwrites the " +"value in the domain section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1970 +#, no-wrap +msgid "" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1974 +msgid "Default: - (GSSAPI authentication is disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 +msgid "pam_gssapi_check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1982 +msgid "" +"If True, SSSD will require that the Kerberos user principal that " +"successfully authenticated through GSSAPI can be associated with the user " +"who is being authenticated. Authentication will fail if the check fails." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1989 +msgid "" +"If False, every user that is able to obtained required service ticket will " +"be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 +#: sssd-files.5.xml:145 +msgid "Default: True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2004 +msgid "pam_gssapi_indicators_map" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2007 +msgid "" +"Comma separated list of authentication indicators required to be present in " +"a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2013 +msgid "" +"Each element of the list can be either an authentication indicator name or a " +"pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " +"service name will be required to access any PAM service configured to be " +"used with <option>pam_gssapi_services</option>. A resulting list of " +"indicators per PAM service is then checked against indicators in the " +"Kerberos ticket during authentication by pam_sss_gss.so. Any indicator from " +"the ticket that matches the resulting list of indicators for the PAM service " +"would grant access. If none of the indicators in the list match, access will " +"be denied. If the resulting list of indicators for the PAM service is empty, " +"the check will not prevent the access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"To disable GSSAPI authentication indicator check, set this option to <quote>-" +"</quote> (dash). To disable the check for a specific PAM service, add " +"<quote>service:-</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "" +"Following authentication indicators are supported by IPA Kerberos " +"deployments:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"pkinit -- pre-authentication using X.509 certificates -- whether stored in " +"files or on smart cards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2043 +msgid "" +"hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " +"FAST channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2046 +msgid "radius -- pre-authentication with the help of a RADIUS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2049 +msgid "" +"otp -- pre-authentication using integrated two-factor authentication (2FA or " +"one-time password, OTP) in IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2052 +msgid "idp -- pre-authentication using external identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:2062 +#, no-wrap +msgid "" +"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2057 +msgid "" +"Example: to require access to SUDO services only for users which obtained " +"their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " +"set <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2066 +msgid "Default: not set (use of authentication indicators is not required)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2074 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2076 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2093 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2096 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2108 +msgid "sudo_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2111 +msgid "" +"Maximum number of expired rules that can be refreshed at once. If number of " +"expired rules is below threshold, those rules are refreshed with " +"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a " +"<quote>full refresh</quote> of sudo rules is triggered instead. This " +"threshold number also applies to IPA sudo command and command group searches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2130 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2132 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2136 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2139 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2155 +msgid "SSH configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2157 +msgid "These options can be used to configure the SSH service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2161 +msgid "ssh_hash_known_hosts (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2164 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2173 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2176 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2180 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2185 +msgid "ssh_use_certificate_keys (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2188 +msgid "" +"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " +"keys derived from the public key of X.509 certificates stored in the user " +"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2203 +msgid "ssh_use_certificate_matching_rules (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2206 +msgid "" +"By default the ssh responder will use all available certificate matching " +"rules to filter the certificates so that ssh keys are only derived from the " +"matching ones. With this option the used rules can be restricted with a " +"comma separated list of mapping and matching rule names. All other rules " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2215 +msgid "" +"There are two special key words 'all_rules' and 'no_rules' which will enable " +"all or no rules, respectively. The latter means that no certificates will be " +"filtered out and ssh keys will be generated from all valid certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2222 +msgid "" +"If no rules are configured using 'all_rules' will enable a default rule " +"which enables all certificates suitable for client authentication. This is " +"the same behavior as for the PAM responder if certificate authentication is " +"enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2229 +msgid "" +"A non-existing rule name is considered an error. If as a result no rule is " +"selected all certificates will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2234 +msgid "" +"Default: not set, equivalent to 'all_rules', all found rules or the default " +"rule are used" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2240 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2243 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2263 +msgid "PAC responder configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2265 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. If " +"the PAC is decoded and evaluated some of the following operations are done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2274 +msgid "" +"If the remote user does not exist in the cache, it is created. The UID is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"GID will have the same value as the UID. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2282 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2288 +msgid "These options can be used to configure the PAC responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 +msgid "allowed_uids (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2295 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2301 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2305 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2314 +msgid "pac_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2317 +msgid "" +"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " +"data can be used to determine the group memberships of a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2327 +msgid "pac_check (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2330 +msgid "" +"Apply additional checks on the PAC of the Kerberos ticket which is available " +"in Active Directory and FreeIPA domains, if configured. Please note that " +"Kerberos ticket validation must be enabled to be able to check the PAC, i.e. " +"the krb5_validate option must be set to 'True' which is the default for the " +"IPA and AD provider. If krb5_validate is set to 'False' the PAC checks will " +"be skipped." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2344 +msgid "no_check" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2346 +msgid "" +"The PAC must not be present and even if it is present no additional checks " +"will be done." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2352 +msgid "pac_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2354 +msgid "" +"The PAC must be present in the service ticket which SSSD will request with " +"the help of the user's TGT. If the PAC is not available the authentication " +"will fail." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2362 +msgid "check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2364 +msgid "" +"If the PAC is present check if the user principal name (UPN) information is " +"consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2370 +msgid "check_upn_allow_missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2372 +msgid "" +"This option should be used together with 'check_upn' and handles the case " +"where a UPN is set on the server-side but is not read by SSSD. The typical " +"example is a FreeIPA domain where 'ldap_user_principal' is set to a not " +"existing attribute name. This was typically done to work-around issues in " +"the handling of enterprise principals. But this is fixed since quite some " +"time and FreeIPA can handle enterprise principals just fine and there is no " +"need anymore to set 'ldap_user_principal'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2384 +msgid "" +"Currently this option is set by default to avoid regressions in such " +"environments. A log message will be added to the system log and SSSD's debug " +"log in case a UPN is found in the PAC but not in SSSD's cache. To avoid this " +"log message it would be best to evaluate if the 'ldap_user_principal' option " +"can be removed. If this is not possible, removing 'check_upn' will skip the " +"test and avoid the log message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2398 +msgid "upn_dns_info_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2400 +msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2405 +msgid "check_upn_dns_info_ex" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2407 +msgid "" +"If the PAC is present and the extension to the UPN-DNS-INFO buffer is " +"available check if the information in the extension is consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2414 +msgid "upn_dns_info_ex_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2416 +msgid "" +"The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " +"'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2340 +msgid "" +"The following options can be used alone or in a comma-separated list: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2426 +msgid "" +"Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " +"check_upn_dns_info_ex')" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2435 +msgid "Session recording configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2437 +msgid "" +"Session recording works in conjunction with <citerefentry> " +"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>, a part of tlog package, to log what users see and type when " +"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-" +"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2450 +msgid "These options can be used to configure session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 +msgid "scope (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 +msgid "\"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 +msgid "No users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 +msgid "\"some\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 +msgid "" +"Users/groups specified by <replaceable>users</replaceable> and " +"<replaceable>groups</replaceable> options are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 +msgid "\"all\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 +msgid "All users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 +msgid "" +"One of the following strings specifying the scope of session recording: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 +msgid "Default: \"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 +msgid "users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 +msgid "" +"A comma-separated list of users which should have session recording enabled. " +"Matches user names as returned by NSS. I.e. after the possible space " +"replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 +msgid "Default: Empty. Matches no users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 +msgid "groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 +msgid "" +"A comma-separated list of groups, members of which should have session " +"recording enabled. Matches group names as returned by NSS. I.e. after the " +"possible space replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 +#: sssd-session-recording.5.xml:161 +msgid "" +"NOTE: using this option (having it set to anything) has a considerable " +"performance cost, because each uncached request for a user requires " +"retrieving and matching the groups the user is member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 +msgid "Default: Empty. Matches no groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 +msgid "exclude_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 +msgid "" +"A comma-separated list of users to be excluded from recording, only " +"applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 +msgid "Default: Empty. No users excluded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 +msgid "exclude_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 +msgid "" +"A comma-separated list of groups, members of which should be excluded from " +"recording. Only applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 +msgid "Default: Empty. No groups excluded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2568 +msgid "DOMAIN SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2575 +msgid "enabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2578 +msgid "" +"Explicitly enable or disable the domain. If <quote>true</quote>, the domain " +"is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " +"always <quote>disabled</quote>. If this option is not set, the domain is " +"enabled only if it is listed in the domains option in the <quote>[sssd]</" +"quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2590 +msgid "domain_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2593 +msgid "" +"Specifies whether the domain is meant to be used by POSIX-aware clients such " +"as the Name Service Switch or by applications that do not need POSIX data to " +"be present or generated. Only objects from POSIX domains are available to " +"the operating system interfaces and utilities." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2601 +msgid "" +"Allowed values for this option are <quote>posix</quote> and " +"<quote>application</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2605 +msgid "" +"POSIX domains are reachable by all services. Application domains are only " +"reachable from the InfoPipe responder (see <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>) and the PAM responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2613 +msgid "" +"NOTE: The application domains are currently well tested with " +"<quote>id_provider=ldap</quote> only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2617 +msgid "" +"For an easy way to configure a non-POSIX domains, please see the " +"<quote>Application domains</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2621 +msgid "Default: posix" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2627 +msgid "min_id,max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2630 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2635 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2642 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2646 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2652 +msgid "enumerate (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2655 +msgid "" +"Determines if a domain can be enumerated, that is, whether the domain can " +"list all the users and group it contains. Note that it is not required to " +"enable enumeration in order for secondary groups to be displayed. This " +"parameter can have one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2663 +msgid "TRUE = Users and groups are enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2666 +msgid "FALSE = No enumerations for this domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 +msgid "Default: FALSE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2672 +msgid "" +"Enumerating a domain requires SSSD to download and store ALL user and group " +"entries from the remote server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2677 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed. This can lead to the <quote>sssd_be</" +"quote> process becoming unresponsive or even restarted by the internal " +"watchdog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2692 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2697 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2705 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2713 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2720 +msgid "all" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2721 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2724 +msgid "none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2725 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2716 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2739 +msgid "entry_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2742 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2746 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2759 +msgid "Default: 5400" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2765 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2768 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2778 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2781 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2791 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2794 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2804 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2807 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2817 +msgid "entry_cache_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2820 +msgid "" +"How many seconds should nss_sss consider hosts and networks entries valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2831 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2834 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2844 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2847 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2858 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2861 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2872 +msgid "entry_cache_computer_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2875 +msgid "" +"How many seconds to keep the local computer entry before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2885 +msgid "refresh_expired_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2888 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2893 +msgid "" +"The background refresh will process users, groups and netgroups in the " +"cache. For users who have performed the initgroups (get group membership for " +"user, typically ran at login) operation in the past, both the user entry " +"and the group membership are updated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2901 +msgid "This option is automatically inherited for all trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2905 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2909 +msgid "" +"Cache entry will be refreshed by background task when 2/3 of cache timeout " +"has already passed. If there are existing cached entries, the background " +"task will refer to their original cache timeout values instead of current " +"configuration value. This may lead to a situation in which background " +"refresh task appears to not be working. This is done by design to improve " +"offline mode operation and reuse of existing valid cache entries. To make " +"this change instant the user may want to manually invalidate existing cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 +#: sssd-ipa.5.xml:270 +msgid "Default: 0 (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2928 +msgid "cache_credentials (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2942 +msgid "" +"Take a note that while credentials are stored as a salted SHA512 hash, this " +"still potentially poses some security risk in case an attacker manages to " +"get access to a cache file (normally requires privileged access) and to " +"break a password using brute force attack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2956 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2959 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2966 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2977 +msgid "account_cache_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2980 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2987 +msgid "Default: 0 (unlimited)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2992 +msgid "pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3003 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3010 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3016 +msgid "id_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3019 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3023 +msgid "<quote>proxy</quote>: Support a legacy NSS provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3026 +msgid "" +"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" +"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on how to mirror local users and groups into SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3034 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3062 +msgid "use_fully_qualified_names (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3065 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3070 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3078 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3085 +msgid "" +"Default: FALSE (TRUE for trusted domain/sub-domains or if " +"default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3092 +msgid "ignore_group_members (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3095 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3098 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3116 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 +msgid "" +"This option can be also set per subdomain or inherited via " +"<emphasis>subdomain_inherit</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3132 +msgid "auth_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3135 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3146 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3170 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3173 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3176 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3182 +msgid "access_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3185 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3191 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3194 +msgid "<quote>deny</quote> always deny access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3221 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3228 +msgid "" +"<quote>krb5</quote>: .k5login based access control. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3235 +msgid "<quote>proxy</quote> for relaying access control to another PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3238 +msgid "Default: <quote>permit</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3243 +msgid "chpass_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3246 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3251 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3259 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3284 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3288 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3291 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3298 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3301 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3305 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3313 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3317 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3321 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3328 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3343 +msgid "" +"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " +"background unless the sudo provider is explicitly disabled. Set " +"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related " +"activity in SSSD if you do not want to use sudo with SSSD at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3353 +msgid "selinux_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3356 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3362 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3370 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3373 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3379 +msgid "subdomains_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3382 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3388 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3397 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3406 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3416 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3419 +msgid "" +"The provider which configures and manages user session related tasks. The " +"only user session task currently provided is the integration with Fleet " +"Commander, which works only with IPA. Supported session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3426 +msgid "<quote>ipa</quote> to allow performing user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3430 +msgid "" +"<quote>none</quote> does not perform any kind of user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3434 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can perform " +"session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3438 +msgid "" +"<emphasis>NOTE:</emphasis> In order to have this feature working as expected " +"SSSD must be running as \"root\" and not as the unprivileged user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3446 +msgid "autofs_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3449 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3453 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3460 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3468 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3477 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3487 +msgid "hostid_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3490 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3494 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3502 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3512 +msgid "resolver_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3515 +msgid "" +"The provider which should handle hosts and networks lookups. Supported " +"resolver providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3519 +msgid "" +"<quote>proxy</quote> to forward lookups to another NSS library. See " +"<quote>proxy_resolver_lib_name</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3523 +msgid "" +"<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3530 +msgid "" +"<quote>ad</quote> to fetch hosts and networks stored in AD. See " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring the AD " +"provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3538 +msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3551 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3560 +msgid "" +"Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" +"[^@]+))$</quote> which allows two different styles for user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 +msgid "username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 +msgid "username@domain.name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3573 +msgid "" +"Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" +"name>[^@\\\\]+)))$</quote> which allows three different styles for user " +"names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3585 +msgid "domain\\username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3588 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3593 +msgid "" +"The default re_expression uses the <quote>@</quote> character as a separator " +"between the name and the domain. As a result of this setting the default " +"does not accept the <quote>@</quote> character in short names (as it is " +"allowed in Windows group names). If a user wishes to use short names with " +"<quote>@</quote> they must create their own re_expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3645 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3651 +msgid "lookup_family_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3654 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3658 +msgid "Supported values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3661 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3664 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3667 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3670 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3673 +msgid "Default: ipv4_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3679 +msgid "dns_resolver_server_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3682 +msgid "" +"Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " +"server before trying next DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3687 +msgid "" +"The AD provider will use this option for the CLDAP ping timeouts as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 +msgid "" +"Please see the section <quote>FAILOVER</quote> for more information about " +"the service resolution." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 +msgid "Default: 1000" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3702 +msgid "dns_resolver_op_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3705 +msgid "" +"Defines the amount of time (in seconds) to wait to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or DNS discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3722 +msgid "dns_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3725 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the " +"internal fail over service before assuming that the service is unreachable. " +"If this timeout is reached, the domain will continue to operate in offline " +"mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3743 +msgid "dns_resolver_use_search_list (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3746 +msgid "" +"Normally, the DNS resolver searches the domain list defined in the " +"\"search\" directive from the resolv.conf file. This can lead to delays in " +"environments with improperly configured DNS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3752 +msgid "" +"If fully qualified domain names (or _srv_) are used in the SSSD " +"configuration, setting this option to FALSE can prevent unnecessary DNS " +"lookups in such environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3758 +msgid "Default: TRUE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3764 +msgid "dns_discovery_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3767 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3771 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3777 +msgid "override_gid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3780 +msgid "Override the primary GID value with the one specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3786 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3793 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3796 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3802 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3804 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3808 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3811 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3819 +msgid "" +"If you want to set this value for trusted domain with IPA provider, you need " +"to set it on both the client and SSSD on the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3789 +msgid "" +"Treat user and group names as case sensitive. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3834 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3840 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3843 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3849 +msgid "ldap_search_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3852 +msgid "ldap_network_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3855 +msgid "ldap_opt_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3858 +msgid "ldap_offline_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3861 +msgid "ldap_enumeration_refresh_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3864 +msgid "ldap_enumeration_refresh_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3867 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3870 +msgid "ldap_purge_cache_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3873 +msgid "" +"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " +"is not set explicitly)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3877 +msgid "ldap_krb5_ticket_lifetime" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3880 +msgid "ldap_enumeration_search_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3883 +msgid "ldap_connection_expire_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3886 +msgid "ldap_connection_expire_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3889 +msgid "ldap_connection_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 +msgid "ldap_use_tokengroups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3895 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3898 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3901 +msgid "auto_private_groups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3904 +msgid "case_sensitive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:3909 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3916 +msgid "Note: This option only works with the IPA and AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3923 +msgid "subdomain_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3934 +msgid "%F" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3935 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3926 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3940 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3944 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3949 +msgid "realmd_tags (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3952 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3958 +msgid "cached_auth_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3961 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode. If the credentials are incorrect, SSSD falls back to online " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3969 +msgid "" +"This option's value is inherited by all trusted domains. At the moment it is " +"not possible to set a different value per trusted domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3974 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3978 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3989 +msgid "local_auth_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +msgid "Default: match" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 +msgid "auto_private_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4050 +msgid "true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4053 +msgid "" +"Create user's private group unconditionally from user's UID number. The GID " +"number is ignored in this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4057 +msgid "" +"NOTE: Because the GID number and the user private group are inferred from " +"the UID number, it is not supported to have multiple entries with the same " +"UID or GID number with this option. In other words, enabling this option " +"enforces uniqueness across the ID space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4066 +msgid "false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4069 +msgid "" +"Always use the user's primary GID number. The GID number must refer to a " +"group object in the LDAP database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4075 +msgid "hybrid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4078 +msgid "" +"A primary group is autogenerated for user entries whose UID and GID numbers " +"have the same value and at the same time the GID number does not correspond " +"to a real group object in LDAP. If the values are the same, but the primary " +"GID in the user entry is also used by a group object, the primary GID of the " +"user resolves to that group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4091 +msgid "" +"If the UID and GID of a user are different, then the GID must correspond to " +"a group entry, otherwise the GID is simply not resolvable." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4098 +msgid "" +"This feature is useful for environments that wish to stop maintaining a " +"separate group objects for the user private groups, but also wish to retain " +"the existing user private groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4047 +msgid "" +"This option takes any of three available values: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4110 +msgid "" +"For subdomains, the default value is False for subdomains that use assigned " +"POSIX IDs and True for subdomains that use automatic ID-mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4118 +#, no-wrap +msgid "" +"[domain/forest.domain/sub.domain]\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4124 +#, no-wrap +msgid "" +"[domain/forest.domain]\n" +"subdomain_inherit = auto_private_groups\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4115 +msgid "" +"The value of auto_private_groups can either be set per subdomains in a " +"subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " +"globally for all subdomains in the main domain section using the " +"subdomain_inherit option: <placeholder type=\"programlisting\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2570 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4139 +msgid "proxy_pam_target (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4142 +msgid "The proxy target PAM proxies to." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4145 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4155 +msgid "proxy_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4158 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4168 +msgid "proxy_resolver_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4171 +msgid "" +"The name of the NSS library to use for hosts and networks lookups in proxy " +"domains. The NSS functions searched for in the library are in the form of " +"_nss_$(libName)_$(function), for example _nss_dns_gethostbyname2_r." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4182 +msgid "proxy_fast_alias (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4185 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4199 +msgid "proxy_max_children (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4202 +msgid "" +"This option specifies the number of pre-forked proxy children. It is useful " +"for high-load SSSD environments where sssd may run out of available child " +"slots, which would cause some issues due to the requests being queued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4135 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:4218 +msgid "Application domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4220 +msgid "" +"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " +"applications as a gateway to an LDAP directory where users and groups are " +"stored. However, contrary to the traditional SSSD deployment where all users " +"and groups either have POSIX attributes or those attributes can be inferred " +"from the Windows SIDs, in many cases the users and groups in the application " +"support scenario have no POSIX attributes. Instead of setting a " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the " +"administrator can set up an <quote>[application/<replaceable>NAME</" +"replaceable>]</quote> section that internally represents a domain with type " +"<quote>application</quote> optionally inherits settings from a tradition " +"SSSD domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4240 +msgid "" +"Please note that the application domain must still be explicitly enabled in " +"the <quote>domains</quote> parameter so that the lookup order between the " +"application domain and its POSIX sibling domain is set correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:4246 +msgid "Application domain parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4248 +msgid "inherit_from (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4251 +msgid "" +"The SSSD POSIX-type domain the application domain inherits all settings " +"from. The application domain can moreover add its own settings to the " +"application settings that augment or override the <quote>sibling</quote> " +"domain settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4265 +msgid "" +"The following example illustrates the use of an application domain. In this " +"setup, the POSIX domain is connected to an LDAP server and is used by the OS " +"through the NSS responder. In addition, the application domain also requests " +"the telephoneNumber attribute, stores it as the phone attribute in the cache " +"and makes the phone attribute reachable through the D-Bus interface." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> +#: sssd.conf.5.xml:4273 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = appdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +phone\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/appdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = phone:telephoneNumber\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4293 +msgid "TRUSTED DOMAIN SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4295 +msgid "" +"Some options used in the domain section can also be used in the trusted " +"domain section, that is, in a section called <quote>[domain/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</" +"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base " +"domain. Please refer to examples below for explanation. Currently supported " +"options in the trusted domain section are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4302 +msgid "ldap_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4303 +msgid "ldap_user_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4304 +msgid "ldap_group_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4305 +msgid "ldap_netgroup_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4306 +msgid "ldap_service_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4307 +msgid "ldap_sasl_mech," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4308 +msgid "ad_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4309 +msgid "ad_backup_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4310 +msgid "ad_site," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 +msgid "use_fully_qualified_names" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4315 +msgid "" +"For more details about these options see their individual description in the " +"manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4321 +msgid "CERTIFICATE MAPPING SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4323 +msgid "" +"To allow authentication with Smartcards and certificates SSSD must be able " +"to map certificates to users. This can be done by adding the full " +"certificate to the LDAP object of the user or to a local override. While " +"using the full certificate is required to use the Smartcard authentication " +"feature of SSH (see <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> for details) it " +"might be cumbersome or not even possible to do this for the general case " +"where local services use PAM for authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4337 +msgid "" +"To make the mapping more flexible mapping and matching rules were added to " +"SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4346 +msgid "" +"A mapping and matching rule can be added to the SSSD configuration in a " +"section on its own with a name like <quote>[certmap/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</" +"replaceable>]</quote>. In this section the following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4353 +msgid "matchrule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4356 +msgid "" +"Only certificates from the Smartcard which matches this rule will be " +"processed, all others are ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4360 +msgid "" +"Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " +"Extended Key Usage <quote>clientAuth</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4367 +msgid "maprule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4370 +msgid "Defines how the user is found for a given certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4376 +msgid "" +"LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " +"<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4382 +msgid "" +"The RULE_NAME for the <quote>files</quote> provider which tries to find a " +"user with the same name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4391 +msgid "domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4394 +msgid "" +"Comma separated list of domain names the rule should be applied. By default " +"a rule is only valid in the domain configured in sssd.conf. If the provider " +"supports subdomains this option can be used to add the rule to subdomains as " +"well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4401 +msgid "Default: the configured domain in sssd.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4406 +msgid "priority (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4409 +msgid "" +"Unsigned integer value defining the priority of the rule. The higher the " +"number the lower the priority. <quote>0</quote> stands for the highest " +"priority while <quote>4294967295</quote> is the lowest." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4415 +msgid "Default: the lowest priority" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4421 +msgid "" +"To make the configuration simple and reduce the amount of configuration " +"options the <quote>files</quote> provider has some special properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4427 +msgid "" +"if maprule is not set the RULE_NAME name is assumed to be the name of the " +"matching user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4433 +msgid "" +"if a maprule is used both a single user name or a template like " +"<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " +"<quote>(username)</quote> or <quote>({subject_rfc822_name.short_name})</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4442 +msgid "the <quote>domains</quote> option is ignored" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4450 +msgid "PROMPTING CONFIGURATION SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4452 +msgid "" +"If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" +"filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " +"which authentication methods are available for the user trying to log in. " +"Based on the results pam_sss will prompt the user for appropriate " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4460 +msgid "" +"With the growing number of authentication methods and the possibility that " +"there are multiple ones for a single user the heuristic used by pam_sss to " +"select the prompting might not be suitable for all use cases. The following " +"options should provide a better flexibility here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4472 +msgid "[prompting/password]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4475 +msgid "password_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4476 +msgid "to change the string of the password prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4474 +msgid "" +"to configure password prompting, allowed options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4484 +msgid "[prompting/2fa]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4488 +msgid "first_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4489 +msgid "to change the string of the prompt for the first factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4492 +msgid "second_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4493 +msgid "to change the string of the prompt for the second factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4496 +msgid "single_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4497 +msgid "" +"boolean value, if True there will be only a single prompt using the value of " +"first_prompt where it is expected that both factors are entered as a single " +"string. Please note that both factors have to be entered here, even if the " +"second factor is optional." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4486 +msgid "" +"to configure two-factor authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " +"optional and it should be possible to log in either only with the password " +"or with both factors two-step prompting has to be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4514 +msgid "[prompting/passkey]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4522 +msgid "" +"boolean value, if True prompt a message and wait before testing the presence " +"of a passkey device. Recommended if your device doesn’t have a tactile " +"trigger." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4530 +msgid "interactive_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4532 +msgid "to change the message of the interactive prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4537 +msgid "touch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4539 +msgid "" +"boolean value, if True prompt a message to remind the user to touch the " +"device." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4545 +msgid "touch_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4547 +msgid "to change the message of the touch prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4516 +msgid "" +"to configure passkey authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4467 +msgid "" +"Each supported authentication method has its own configuration subsection " +"under <quote>[prompting/...]</quote>. Currently there are: <placeholder " +"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/" +"> <placeholder type=\"variablelist\" id=\"2\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4558 +msgid "" +"It is possible to add a subsection for specific PAM services, e.g. " +"<quote>[prompting/password/sshd]</quote> to individual change the prompting " +"for this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +msgid "EXAMPLES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4571 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4567 +msgid "" +"1. The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4604 +#, no-wrap +msgid "" +"[domain/ipa.com/child.ad.com]\n" +"use_fully_qualified_names = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4598 +msgid "" +"2. The following example shows configuration of IPA AD trust where the AD " +"forest consists of two domains in a parent-child structure. Suppose IPA " +"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain " +"(child.ad.com). To enable shortnames in the child domain the following " +"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/" +">" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4615 +#, no-wrap +msgid "" +"[certmap/my.domain/rule_name]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +"maprule = (userCertificate;binary={cert!bin})\n" +"domains = my.domain, your.domain\n" +"priority = 10\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4609 +msgid "" +"3. The following example shows the configuration of a certificate mapping " +"rule. It is valid for the configured domain <quote>my.domain</quote> and " +"additionally for the subdomains <quote>your.domain</quote> and uses the full " +"certificate in the search filter. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:21 pam_sss.8.xml:63 pam_sss_gss.8.xml:30 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21 +#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 +#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sssd-krb5.5.xml:21 +#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 +#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 +#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30 +#: sssd-files.5.xml:21 sssd-session-recording.5.xml:21 sssd-kcm.8.xml:21 +#: sssd-systemtap.5.xml:21 sssd-ldap-attributes.5.xml:21 +#: sssd_krb5_localauth_plugin.8.xml:20 +msgid "DESCRIPTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 +#: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 +msgid "CONFIGURATION OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:67 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:77 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:80 +msgid "ldap[s]://<host>[:port]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:83 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:86 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:92 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:102 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:106 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:112 +msgid "ldap_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:115 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:123 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 +msgid "Examples:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:136 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:141 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:151 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:165 +msgid "ldap_schema (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:175 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:179 +msgid "rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:184 +msgid "rfc2307bis" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:189 +msgid "IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:194 +msgid "AD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:200 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:210 +msgid "Default: rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:216 +msgid "ldap_pwmodify_mode (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:219 +msgid "Specify the operation that is used to modify user password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:223 +msgid "Two modes are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:227 +msgid "exop - Password Modify Extended Operation (RFC 3062)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:233 +msgid "ldap_modify - Direct modification of userPassword (not recommended)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:240 +msgid "" +"Note: First, a new connection is established to verify current password by " +"binding as the user that requested password change. If successful, this " +"connection is used to change the password therefore the user must have write " +"access to userPassword attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:248 +msgid "Default: exop" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:254 +msgid "ldap_default_bind_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:264 +msgid "ldap_default_authtok_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:267 +msgid "The type of the authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:271 +msgid "The two mechanisms currently supported are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:274 +msgid "password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:277 +msgid "obfuscated_password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:280 +msgid "Default: password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "" +"See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:294 +msgid "ldap_default_authtok (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:297 +msgid "The authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:303 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:306 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:319 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:338 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:341 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:347 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:367 +msgid "ldap_group_nesting_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:370 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:395 +msgid "Default: 2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:404 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:439 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:444 +msgid "ldap_iphost_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:449 +msgid "ldap_ipnetwork_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:454 +msgid "ldap_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:457 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:463 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:480 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:483 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:501 +msgid "ldap_network_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:532 +msgid "ldap_opt_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:535 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:555 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:558 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:566 +msgid "" +"If the connection is idle (not actively running an operation) within " +"<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " +"closed early to ensure that a new query cannot require the connection to " +"remain open past its expiration. This implies that connections will always " +"be closed immediately and will never be reused if " +"<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:578 +msgid "" +"This timeout can be extended of a random value specified by " +"<emphasis>ldap_connection_expire_offset</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_connection_expire_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"Random offset between 0 and configured value is added to " +"<emphasis>ldap_connection_expire_timeout</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:613 +msgid "ldap_connection_idle_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:616 +msgid "" +"Specifies a timeout (in seconds) that an idle connection to an LDAP server " +"will be maintained. If the connection is idle for more than this time then " +"the connection will be closed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:622 +msgid "You can disable this timeout by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:637 +msgid "ldap_page_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:640 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:651 +msgid "ldap_disable_paging (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:654 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:660 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:666 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:678 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:681 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:684 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:699 +msgid "ldap_sasl_minssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:702 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:715 +msgid "ldap_sasl_maxssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:718 +msgid "" +"When communicating with an LDAP server using SASL, specify the maximal " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:731 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:734 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:740 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0. " +"Please note that there are some codepaths in SSSD, like the IPA HBAC " +"provider, that are only implemented using the dereference call, so even with " +"dereference explicitly disabled, those parts will still use dereference if " +"the server supports it and advertises the dereference control in the rootDSE " +"object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:751 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:759 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:772 +msgid "ldap_ignore_unreadable_references (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:775 +msgid "" +"Ignore unreadable LDAP entries referenced in group's member attribute. If " +"this parameter is set to false an error will be returned and the operation " +"will fail instead of just ignoring the unreadable entry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:782 +msgid "" +"This parameter may be useful when using the AD provider and the computer " +"account that sssd uses to connect to AD does not have access to a particular " +"entry or LDAP sub-tree for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:795 +msgid "ldap_tls_reqcert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:798 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:808 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:815 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:821 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:827 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:831 +msgid "Default: hard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:837 +msgid "ldap_tls_cacert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:840 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:852 +msgid "ldap_tls_cacertdir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:855 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:870 +msgid "ldap_tls_cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:873 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:883 +msgid "ldap_tls_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:886 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:895 +msgid "ldap_tls_cipher_suite (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:898 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:914 +msgid "" +"Specifies that the id_provider connection must also use <systemitem " +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_id_mapping (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:934 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:944 +msgid "ldap_min_id, ldap_max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:947 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:959 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:965 +msgid "ldap_sasl_mech (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:968 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " +"tested and supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:972 +msgid "" +"If the backend supports sub-domains the value of ldap_sasl_mech is " +"automatically inherited to the sub-domains. If a different value is needed " +"for a sub-domain it can be overwritten by setting ldap_sasl_mech for this " +"sub-domain explicitly. Please see TRUSTED DOMAIN SECTION in " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:988 +msgid "ldap_sasl_authid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ldap.5.xml:1000 +#, no-wrap +msgid "" +"hostname@REALM\n" +"netbiosname$@REALM\n" +"host/hostname@REALM\n" +"*$@REALM\n" +"host/*@REALM\n" +"host/*\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:991 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " +"this represents the Kerberos principal used for authentication to the " +"directory. This option can either contain the full principal (for example " +"host/myhost@EXAMPLE.COM) or just the principal name (for example host/" +"myhost). By default, the value is not set and the following principals are " +"used: <placeholder type=\"programlisting\" id=\"0\"/> If none of them are " +"found, the first principal in keytab is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1011 +msgid "Default: host/hostname@REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1017 +msgid "ldap_sasl_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1026 +msgid "Default: the value of krb5_realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1032 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1035 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1040 +msgid "Default: false;" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1046 +msgid "ldap_krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1049 +msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1064 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1067 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI or GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1079 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 +msgid "Default: 86400 (24 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1100 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1129 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1133 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 +msgid "krb5_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1142 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1182 +msgid "ldap_pwd_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1185 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1190 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired. Please see option " +"\"ldap_chpass_update_last_change\" as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1203 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1212 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1220 +msgid "ldap_referrals (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1223 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1227 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1232 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement. Setting this option to " +"false is therefore recommended in case the SSSD LDAP provider is used " +"together with Microsoft Active Directory as a backend. Even if SSSD would be " +"able to follow the referral to a different AD DC no additional data would be " +"available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1251 +msgid "ldap_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1254 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1258 +msgid "Default: ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1264 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1267 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1278 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1281 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1287 +msgid "" +"It is recommend to set this option explicitly if \"ldap_pwd_policy = " +"shadow\" is used to let SSSD know if the LDAP server will update " +"shadowLastChange LDAP attribute automatically after a password change or if " +"SSSD has to update it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1301 +msgid "ldap_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1304 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1324 +msgid "Example:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1327 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1331 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1336 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 +msgid "Default: Empty" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1350 +msgid "ldap_account_expire_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1353 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1357 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1364 +msgid "The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1367 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1372 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1379 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1393 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1406 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1413 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1416 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1426 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1433 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1450 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 +msgid "" +"The difference between these options is the action taken if user password is " +"expired:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 +msgid "pwd_expire_policy_reject - user is denied to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 +msgid "pwd_expire_policy_warn - user is still able to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 +msgid "" +"pwd_expire_policy_renew - user is prompted to change their password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1489 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1499 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1503 +msgid "" +"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " +"remote host can access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "" +"Please note, rhost field in pam is set by application, it is better to check " +"what the application sends to pam, before enabling this access control option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1512 +msgid "Default: filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1515 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1522 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1525 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1533 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1536 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1542 +msgid "ldap_deref (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1545 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1550 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1559 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1564 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1569 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1577 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1580 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1584 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1595 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 +msgid "wildcard_limit (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1610 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1614 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1624 +msgid "ldap_library_debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1627 +msgid "" +"Switches on libldap debugging with the given level. The libldap debug " +"messages will be written independent of the general debug_level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1632 +msgid "" +"OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " +"enable full debug output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1637 +msgid "Default: 0 (libldap debugging disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:52 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. Note that SSSD " +"LDAP mapping attributes are described in the <citerefentry> " +"<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1647 +msgid "SUDO OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1649 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1660 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1663 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1668 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1673 +msgid "" +"You can disable full refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 +msgid "Default: 21600 (6 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest " +"server USN value that is currently known by SSSD)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1693 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1697 +msgid "" +"<emphasis>Note:</emphasis> the highest USN value can be updated by three " +"tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +"enumeration of users and groups (if enabled and updated users or groups are " +"found) and 3) by reconnecting to the server (by default every 15 minutes, " +"see <emphasis>ldap_connection_expire_timeout</emphasis>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1708 +msgid "" +"You can disable smart refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1719 +msgid "ldap_sudo_random_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1722 +msgid "" +"Random offset between 0 and configured value is added to smart and full " +"refresh periods each time the periodic task is scheduled. The value is in " +"seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Note that this random offset is also applied on the first SSSD start which " +"delays the first sudo rules refresh. This prolongs the time when the sudo " +"rules are not available for use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1734 +msgid "You can disable this offset by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1744 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1747 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1758 +msgid "ldap_sudo_hostnames (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1761 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1766 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 +msgid "Default: not specified" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1782 +msgid "ldap_sudo_ip (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1785 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1790 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1805 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1808 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1823 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1826 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +#: sssd-ldap.5.xml:1836 +msgid "" +"Using wildcard is an operation that is very costly to evaluate on the LDAP " +"server side!" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1848 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1858 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1866 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1869 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1872 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1883 +msgid "ADVANCED OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1890 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1895 +msgid "ldap_user_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1900 +msgid "ldap_group_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:1905 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no GID mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:1914 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1916 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1885 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder " +"type=\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 +msgid "EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1944 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 +#: include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1955 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1957 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1962 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1979 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:11 pam_sss.8.xml:16 +msgid "pam_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: pam_sss.8.xml:12 pam_sss_gss.8.xml:12 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11 +#: sssd_krb5_localauth_plugin.8.xml:11 +msgid "8" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:17 +msgid "PAM module for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:22 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg " +"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg " +"choice='opt'> <replaceable>prompt_always</replaceable> </arg> <arg " +"choice='opt'> <replaceable>try_cert_auth</replaceable> </arg> <arg " +"choice='opt'> <replaceable>require_cert_auth</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:64 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123 +#: sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:74 +msgid "<option>quiet</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:77 +msgid "Suppress log messages for unknown users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>forward_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:92 +msgid "<option>use_first_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:95 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>use_authtok</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:113 +msgid "<option>retry=N</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:116 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:118 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:130 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:137 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:141 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:148 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:152 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:158 +msgid "" +"NOTE: If this is used for a service not running as root user, e.g. a web-" +"server, it must be used in conjunction with the <quote>pam_trusted_users</" +"quote> and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:173 +msgid "<option>allow_missing_name</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:177 +msgid "" +"The main purpose of this option is to let SSSD determine the user name based " +"on additional information, e.g. the certificate from a Smartcard." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: pam_sss.8.xml:187 +#, no-wrap +msgid "" +"auth sufficient pam_sss.so allow_missing_name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:182 +msgid "" +"The current use case are login managers which can monitor a Smartcard reader " +"for card events. In case a Smartcard is inserted the login manager will call " +"a PAM stack which includes a line like <placeholder type=\"programlisting\" " +"id=\"0\"/> In this case SSSD will try to determine the user name based on " +"the content of the Smartcard, returns it to pam_sss which will finally put " +"it on the PAM stack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:197 +msgid "<option>prompt_always</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:201 +msgid "" +"Always prompt the user for credentials. With this option credentials " +"requested by other PAM modules, typically a password, will be ignored and " +"pam_sss will prompt for credentials again. Based on the pre-auth reply by " +"SSSD pam_sss might prompt for a password, a Smartcard PIN or other " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:212 +msgid "<option>try_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:216 +msgid "" +"Try to use certificate based authentication, i.e. authentication with a " +"Smartcard or similar devices. If a Smartcard is available and the service is " +"allowed for Smartcard authentication the user will be prompted for a PIN and " +"the certificate based authentication will continue" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:224 +msgid "" +"If no Smartcard is available or certificate based authentication is not " +"allowed for the current service PAM_AUTHINFO_UNAVAIL is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:232 +msgid "<option>require_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:236 +msgid "" +"Do certificate based authentication, i.e. authentication with a Smartcard " +"or similar devices. If a Smartcard is not available the user will be " +"prompted to insert one. SSSD will wait for a Smartcard until the timeout " +"defined by p11_wait_for_card_timeout passed, please see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:246 +msgid "" +"If no Smartcard is available after the timeout or certificate based " +"authentication is not allowed for the current service PAM_AUTHINFO_UNAVAIL " +"is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:256 pam_sss_gss.8.xml:103 +msgid "MODULE TYPES PROVIDED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:257 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:260 +msgid "" +"If SSSD's PAM responder is not running, e.g. if the PAM responder socket is " +"not available, pam_sss will return PAM_USER_UNKNOWN when called as " +"<option>account</option> module to avoid issues with users from other " +"sources during access control." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:267 pam_sss_gss.8.xml:108 +msgid "RETURN VALUES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:270 pam_sss_gss.8.xml:111 +msgid "PAM_SUCCESS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:273 pam_sss_gss.8.xml:114 +msgid "The PAM operation finished successfully." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:278 pam_sss_gss.8.xml:119 +msgid "PAM_USER_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:281 +msgid "" +"The user is not known to the authentication service or the SSSD's PAM " +"responder is not running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:287 pam_sss_gss.8.xml:128 +msgid "PAM_AUTH_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:290 +msgid "" +"Authentication failure. Also, could be returned when there is a problem with " +"getting the certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:296 +msgid "PAM_PERM_DENIED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:299 +msgid "" +"Permission denied. The SSSD log files may contain additional information " +"about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:305 +msgid "PAM_IGNORE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:308 +msgid "" +"See options <option>ignore_unknown_user</option> and " +"<option>ignore_authinfo_unavail</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:314 +msgid "PAM_AUTHTOK_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:317 +msgid "" +"Unable to obtain the new authentication token. Also, could be returned when " +"the user authenticates with certificates and multiple certificates are " +"available, but the installed version of GDM does not support selection from " +"multiple certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:325 pam_sss_gss.8.xml:136 +msgid "PAM_AUTHINFO_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:328 pam_sss_gss.8.xml:139 +msgid "" +"Unable to access the authentication information. This might be due to a " +"network or hardware failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:334 +msgid "PAM_BUF_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:337 +msgid "" +"A memory error occurred. Also, could be returned when options use_first_pass " +"or use_authtok were set, but no password was found from the previously " +"stacked PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:344 pam_sss_gss.8.xml:145 +msgid "PAM_SYSTEM_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:347 pam_sss_gss.8.xml:148 +msgid "" +"A system error occurred. The SSSD log files may contain additional " +"information about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:353 +msgid "PAM_CRED_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:356 +msgid "Unable to set the credentials of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:361 +msgid "PAM_CRED_INSUFFICIENT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:364 +msgid "" +"The application does not have sufficient credentials to authenticate the " +"user. For example, missing PIN during smartcard authentication or missing " +"factor during two-factor authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:372 +msgid "PAM_SERVICE_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:375 +msgid "Error in service module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:380 +msgid "PAM_NEW_AUTHTOK_REQD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:383 +msgid "The user's authentication token has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:388 +msgid "PAM_ACCT_EXPIRED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:391 +msgid "The user account has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:396 +msgid "PAM_SESSION_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:399 +msgid "Unable to fetch IPA Desktop Profile rules or user info." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:404 +msgid "PAM_CRED_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:407 +msgid "Unable to retrieve Kerberos user credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:412 +msgid "PAM_NO_MODULE_DATA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:415 +msgid "" +"No authentication method was found by Kerberos. This might happen if the " +"user has a Smartcard assigned but the pkint plugin is not available on the " +"client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:422 +msgid "PAM_CONV_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:425 +msgid "Conversation failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:430 +msgid "PAM_AUTHTOK_LOCK_BUSY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:433 +msgid "No KDC suitable for password change is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:438 +msgid "PAM_ABORT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:441 +msgid "Unknown PAM call." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:446 +msgid "PAM_MODULE_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:449 +msgid "Unsupported PAM task or command." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:454 +msgid "PAM_BAD_ITEM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:457 +msgid "The authentication module cannot handle Smartcard credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:465 +msgid "FILES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:466 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:471 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:481 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss_gss.8.xml:11 pam_sss_gss.8.xml:16 +msgid "pam_sss_gss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss_gss.8.xml:17 +msgid "PAM module for SSSD GSSAPI authentication" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss_gss.8.xml:22 +msgid "" +"<command>pam_sss_gss.so</command> <arg choice='opt'> <replaceable>debug</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:32 +msgid "" +"<command>pam_sss_gss.so</command> authenticates user over GSSAPI in " +"cooperation with SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:36 +msgid "" +"This module will try to authenticate the user using the GSSAPI hostbased " +"service name host@hostname which translates to host/hostname@REALM Kerberos " +"principal. The <emphasis>REALM</emphasis> part of the Kerberos principal " +"name is derived by Kerberos internal mechanisms and it can be set explicitly " +"in configuration of [domain_realm] section in /etc/krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:44 +msgid "" +"SSSD is used to provide desired service name and to validate the user's " +"credentials using GSSAPI calls. If the service ticket is already present in " +"the Kerberos credentials cache or if user's ticket granting ticket can be " +"used to get the correct service ticket then the user will be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:51 +msgid "" +"If <option>pam_gssapi_check_upn</option> is True (default) then SSSD " +"requires that the credentials used to obtain the service tickets can be " +"associated with the user. This means that the principal that owns the " +"Kerberos credentials must match with the user principal name as defined in " +"LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:58 +msgid "" +"To enable GSSAPI authentication in SSSD, set <option>pam_gssapi_services</" +"option> option in [pam] or domain section of sssd.conf. The service " +"credentials need to be stored in SSSD's keytab (it is already present if you " +"use ipa or ad provider). The keytab location can be set with " +"<option>krb5_keytab</option> option. See <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> and " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more details on these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:74 +msgid "" +"Some Kerberos deployments allow to associate authentication indicators with " +"a particular pre-authentication method used to obtain the ticket granting " +"ticket by the user. <command>pam_sss_gss.so</command> allows to enforce " +"presence of authentication indicators in the service tickets before a " +"particular PAM service can be accessed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:82 +msgid "" +"If <option>pam_gssapi_indicators_map</option> is set in the [pam] or domain " +"section of sssd.conf, then SSSD will perform a check of the presence of any " +"configured indicators in the service ticket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss_gss.8.xml:93 +msgid "<option>debug</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:96 +msgid "Print debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:104 +msgid "Only the <option>auth</option> module type is provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:122 +msgid "" +"The user is not known to the authentication service or the GSSAPI " +"authentication is not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:131 +msgid "Authentication failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:159 +msgid "" +"The main use case is to provide password-less authentication in sudo but " +"without the need to disable authentication completely. To achieve this, " +"first enable GSSAPI authentication for sudo in sssd.conf:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:165 +#, no-wrap +msgid "" +"[domain/MYDOMAIN]\n" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:169 +msgid "" +"And then enable the module in desired PAM stack (e.g. /etc/pam.d/sudo and /" +"etc/pam.d/sudo-i)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:173 +#, no-wrap +msgid "" +"...\n" +"auth sufficient pam_sss_gss.so\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss_gss.8.xml:180 +msgid "TROUBLESHOOTING" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:182 +msgid "" +"SSSD logs, pam_sss_gss debug output and syslog may contain helpful " +"information about the error. Here are some common issues:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:186 +msgid "" +"1. I have KRB5CCNAME environment variable set and the authentication does " +"not work: Depending on your sudo version, it is possible that sudo does not " +"pass this variable to the PAM environment. Try adding KRB5CCNAME to " +"<option>env_keep</option> in /etc/sudoers or in your LDAP sudo rules default " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:193 +msgid "" +"2. Authentication does not work and syslog contains \"Server not found in " +"Kerberos database\": Kerberos is probably not able to resolve correct realm " +"for the service ticket based on the hostname. Try adding the hostname " +"directly to <option>[domain_realm]</option> in /etc/krb5.conf like so:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:200 +msgid "" +"3. Authentication does not work and syslog contains \"No Kerberos " +"credentials available\": You don't have any credentials that can be used to " +"obtain the required service ticket. Use kinit or authenticate over SSSD to " +"acquire those credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:206 +msgid "" +"4. Authentication does not work and SSSD sssd-pam log contains \"User with " +"UPN [$UPN] was not found.\" or \"UPN [$UPN] does not match target user " +"[$username].\": You are using credentials that can not be mapped to the user " +"that is being authenticated. Try to use kswitch to select different " +"principal, make sure you authenticated with SSSD or consider disabling " +"<option>pam_gssapi_check_upn</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:214 +#, no-wrap +msgid "" +"[domain_realm]\n" +".myhostname = MYREALM\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by libkrb5 to find KDCs for a given Kerberos realm. SSSD provides such " +"a plugin to guide all Kerberos clients on a system to a single KDC. In " +"general it should not matter to which KDC a client process is talking to. " +"But there are cases, e.g. after a password change, where not all KDCs are in " +"the same state because the new data has to be replicated first. To avoid " +"unexpected authentication failures and maybe even account lockings it would " +"be good to talk to a single KDC as long as possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:34 +msgid "" +"libkrb5 will search the locator plugin in the libkrb5 sub-directory of the " +"Kerberos plugin directory, see plugin_base_dir in <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for details. The plugin can only be disabled by removing the " +"plugin file. There is no option in the Kerberos configuration to disable it. " +"But the SSSD_KRB5_LOCATOR_DISABLE environment variable can be used to " +"disable the plugin for individual commands. Alternatively the SSSD option " +"krb5_use_kdcinfo=False can be used to not generate the data needed by the " +"plugin. With this the plugin is still called but will provide no data to the " +"caller so that libkrb5 can fall back to other methods defined in krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:50 +msgid "" +"The plugin reads the information about the KDCs of a given realm from a file " +"called <filename>kdcinfo.REALM</filename>. The file should contain one or " +"more DNS names or IP addresses either in dotted-decimal IPv4 notation or the " +"hexadecimal IPv6 notation. An optional port number can be added to the end " +"separated with a colon, the IPv6 address has to be enclosed in squared " +"brackets in this case as usual. Valid entries are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:58 +msgid "kdc.example.com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:59 +msgid "kdc.example.com:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:60 +msgid "1.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:61 +msgid "5.6.7.8:99" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:62 +msgid "2001:db8:85a3::8a2e:370:7334" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "[2001:db8:85a3::8a2e:370:7334]:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:65 +msgid "" +"SSSD's krb5 auth-provider which is used by the IPA and AD providers as well " +"adds the address of the current KDC or domain controller SSSD is using to " +"this file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:70 +msgid "" +"In environments with read-only and read-write KDCs where clients are " +"expected to use the read-only instances for the general operations and only " +"the read-write KDC for config changes like password changes a " +"<filename>kpasswdinfo.REALM</filename> is used as well to identify read-" +"write KDCs. If this file exists for the given realm the content will be used " +"by the plugin to reply to requests for a kpasswd or kadmin server or for the " +"MIT Kerberos specific master KDC. If the address contains a port number the " +"default KDC port 88 will be used for the latter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:85 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:91 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:95 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value " +"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the " +"caller." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:100 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES is set to " +"any value plugin will try to resolve all DNS names in kdcinfo file. By " +"default plugin returns KRB5_PLUGIN_NO_HANDLE to the caller immediately on " +"first DNS resolving failure." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:83 sssd-ad.5.xml:131 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss-certmap.5.xml:10 sss-certmap.5.xml:16 +msgid "sss-certmap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss-certmap.5.xml:17 +msgid "SSSD Certificate Matching and Mapping Rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:23 +msgid "" +"The manual page describes the rules which can be used by SSSD and other " +"components to match X.509 certificates and map them to accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:28 +msgid "" +"Each rule has four components, a <quote>priority</quote>, a <quote>matching " +"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</" +"quote>. All components are optional. A missing <quote>priority</quote> will " +"add the rule with the lowest priority. The default <quote>matching rule</" +"quote> will match certificates with the digitalSignature key usage and " +"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty " +"the certificates will be searched in the userCertificate attribute as DER " +"encoded binary. If no domains are given only the local domain will be " +"searched." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:39 +msgid "" +"To allow extensions or completely different style of rule the " +"<quote>mapping</quote> and <quote>matching rules</quote> can contain a " +"prefix separated with a ':' from the main part of the rule. The prefix may " +"only contain upper-case ASCII letters and numbers. If the prefix is omitted " +"the default type will be used which is 'KRB5' for the matching rules and " +"'LDAP' for the mapping rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:48 +msgid "" +"The 'sssctl' utility provides the 'cert-eval-rule' command to check if a " +"given certificate matches a matching rules and how the output of a mapping " +"rule would look like." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss-certmap.5.xml:55 +msgid "RULE COMPONENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:57 +msgid "PRIORITY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:59 +msgid "" +"The rules are processed by priority while the number '0' (zero) indicates " +"the highest priority. The higher the number the lower is the priority. A " +"missing value indicates the lowest priority. The rules processing is stopped " +"when a matched rule is found and no further rules are checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:66 +msgid "" +"Internally the priority is treated as unsigned 32bit integer, using a " +"priority value larger than 4294967295 will cause an error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:70 +msgid "" +"If multiple rules have the same priority and only one of the related " +"matching rules applies, this rule will be chosen. If there are multiple " +"rules with the same priority which matches, one is chosen but which one is " +"undefined. To avoid this undefined behavior either use different priorities " +"or make the matching rules more specific e.g. by using distinct <" +"ISSUER> patterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:79 +msgid "MATCHING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:81 +msgid "" +"The matching rule is used to select a certificate to which the mapping rule " +"should be applied. It uses a system similar to the one used by " +"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a " +"keyword enclosed by '<' and '>' which identified a certain part of the " +"certificate and a pattern which should be found for the rule to match. " +"Multiple keyword pattern pairs can be either joined with '&&' (and) " +"or '||' (or)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:90 +msgid "" +"Given the similarity to MIT Kerberos the type prefix for this rule is " +"'KRB5'. But 'KRB5' will also be the default for <quote>matching rules</" +"quote> so that \"<SUBJECT>.*,DC=MY,DC=DOMAIN\" and \"KRB5:<" +"SUBJECT>.*,DC=MY,DC=DOMAIN\" are equivalent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:99 +msgid "<SUBJECT>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:102 +msgid "" +"With this a part or the whole subject name of the certificate can be " +"matched. For the matching POSIX Extended Regular Expression syntax is used, " +"see regex(7) for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:108 +msgid "" +"For the matching the subject name stored in the certificate in DER encoded " +"ASN.1 is converted into a string according to RFC 4514. This means the most " +"specific name component comes first. Please note that not all possible " +"attribute names are covered by RFC 4514. The names included are 'CN', 'L', " +"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might " +"be shown differently on different platform and by different tools. To avoid " +"confusion those attribute names are best not used or covered by a suitable " +"regular-expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:121 +msgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:124 +msgid "" +"Please note that the characters \"^.[$()|*+?{\\\" have a special meaning in " +"regular expressions and must be escaped with the help of the '\\' character " +"so that they are matched as ordinary characters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:130 +msgid "Example: <SUBJECT>^CN=.* \\(Admin\\),DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:135 +msgid "<ISSUER>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:138 +msgid "" +"With this a part or the whole issuer name of the certificate can be matched. " +"All comments for <SUBJECT> apply her as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:143 +msgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:148 +msgid "<KU>key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:151 +msgid "" +"This option can be used to specify which key usage values the certificate " +"should have. The following values can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:155 +msgid "digitalSignature" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:156 +msgid "nonRepudiation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:157 +msgid "keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:158 +msgid "dataEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:159 +msgid "keyAgreement" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:160 +msgid "keyCertSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:161 +msgid "cRLSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:162 +msgid "encipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:163 +msgid "decipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:167 +msgid "" +"A numerical value in the range of a 32bit unsigned integer can be used as " +"well to cover special use cases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:171 +msgid "Example: <KU>digitalSignature,keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:176 +msgid "<EKU>extended-key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:179 +msgid "" +"This option can be used to specify which extended key usage the certificate " +"should have. The following value can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:183 +msgid "serverAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:184 +msgid "clientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:185 +msgid "codeSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:186 +msgid "emailProtection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:187 +msgid "timeStamping" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:188 +msgid "OCSPSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:189 +msgid "KPClientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:190 +msgid "pkinit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:191 +msgid "msScLogin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:195 +msgid "" +"Extended key usages which are not listed above can be specified with their " +"OID in dotted-decimal notation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:199 +msgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:204 +msgid "<SAN>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:207 +msgid "" +"To be compatible with the usage of MIT Kerberos this option will match the " +"Kerberos principals in the PKINIT or AD NT Principal SAN as <SAN:" +"Principal> does." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:212 +msgid "Example: <SAN>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:217 +msgid "<SAN:Principal>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:220 +msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:224 +msgid "Example: <SAN:Principal>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:229 +msgid "<SAN:ntPrincipalName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:232 +msgid "Match the Kerberos principals from the AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:236 +msgid "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:241 +msgid "<SAN:pkinit>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:244 +msgid "Match the Kerberos principals from the PKINIT SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:247 +msgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:252 +msgid "<SAN:dotted-decimal-oid>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:255 +msgid "" +"Take the value of the otherName SAN component given by the OID in dotted-" +"decimal notation, interpret it as string and try to match it against the " +"regular expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:261 +msgid "Example: <SAN:1.2.3.4>test" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:266 +msgid "<SAN:otherName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:269 +msgid "" +"Do a binary match with the base64 encoded blob against all otherName SAN " +"components. With this option it is possible to match against custom " +"otherName components with special encodings which could not be treated as " +"strings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:276 +msgid "Example: <SAN:otherName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:281 +msgid "<SAN:rfc822Name>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:284 +msgid "Match the value of the rfc822Name SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:287 +msgid "Example: <SAN:rfc822Name>.*@email\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:292 +msgid "<SAN:dNSName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:295 +msgid "Match the value of the dNSName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:298 +msgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:303 +msgid "<SAN:x400Address>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:306 +msgid "Binary match the value of the x400Address SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:309 +msgid "Example: <SAN:x400Address>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:314 +msgid "<SAN:directoryName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:317 +msgid "" +"Match the value of the directoryName SAN. The same comments as given for <" +"ISSUER> and <SUBJECT> apply here as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:322 +msgid "Example: <SAN:directoryName>.*,DC=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:327 +msgid "<SAN:ediPartyName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:330 +msgid "Binary match the value of the ediPartyName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:333 +msgid "Example: <SAN:ediPartyName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:338 +msgid "<SAN:uniformResourceIdentifier>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:341 +msgid "Match the value of the uniformResourceIdentifier SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:344 +msgid "Example: <SAN:uniformResourceIdentifier>URN:.*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:349 +msgid "<SAN:iPAddress>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:352 +msgid "Match the value of the iPAddress SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:355 +msgid "Example: <SAN:iPAddress>192\\.168\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:360 +msgid "<SAN:registeredID>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:363 +msgid "Match the value of the registeredID SAN as dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:367 +msgid "Example: <SAN:registeredID>1\\.2\\.3\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:96 +msgid "" +"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:375 +msgid "MAPPING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:377 +msgid "" +"The mapping rule is used to associate a certificate with one or more " +"accounts. A Smartcard with the certificate and the matching private key can " +"then be used to authenticate as one of those accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:382 +msgid "" +"Currently SSSD basically only supports LDAP to lookup user information (the " +"exception is the proxy provider which is not of relevance here). Because of " +"this the mapping rule is based on LDAP search filter syntax with templates " +"to add certificate content to the filter. It is expected that the filter " +"will only contain the specific data needed for the mapping and that the " +"caller will embed it in another filter to do the actual search. Because of " +"this the filter string should start and stop with '(' and ')' respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:392 +msgid "" +"In general it is recommended to use attributes from the certificate and add " +"them to special attributes to the LDAP user object. E.g. the " +"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute " +"for IPA can be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:398 +msgid "" +"This should be preferred to read user specific data from the certificate " +"like e.g. an email address and search for it in the LDAP server. The reason " +"is that the user specific data in LDAP might change for various reasons " +"would break the mapping. On the other hand it would be hard to break the " +"mapping on purpose for a specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:406 +msgid "" +"The default <quote>mapping rule</quote> type is 'LDAP' which can be added as " +"a prefix to a rule like e.g. 'LDAP:(userCertificate;binary={cert!bin})'. " +"There is an extension called 'LDAPU1' which offer more templates for more " +"flexibility. To allow older versions of this library to ignore the extension " +"the prefix 'LDAPU1' must be used when using the new templates in a " +"<quote>mapping rule</quote> otherwise the old version of this library will " +"fail with a parsing error. The new templates are described in section <xref " +"linkend=\"map_ldapu1\"/>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:424 +msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:427 +msgid "" +"This template will add the full issuer DN converted to a string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:433 sss-certmap.5.xml:459 +msgid "" +"The conversion options starting with 'ad_' will use attribute names as used " +"by AD, e.g. 'S' instead of 'ST'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:437 sss-certmap.5.xml:463 +msgid "" +"The conversion options starting with 'nss_' will use attribute names as used " +"by NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:441 sss-certmap.5.xml:467 +msgid "" +"The default conversion option is 'nss', i.e. attribute names according to " +"NSS and LDAP/RFC 4514 ordering." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:445 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!" +"ad})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:450 +msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:453 +msgid "" +"This template will add the full subject DN converted to string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:471 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>" +"{subject_dn!nss_x500})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:476 +msgid "{cert[!(bin|base64)]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:479 +msgid "" +"This template will add the whole DER encoded certificate as a string to the " +"search filter. Depending on the conversion option the binary certificate is " +"either converted to an escaped hex sequence '\\xx' or base64. The escaped " +"hex sequence is the default and can e.g. be used with the LDAP attribute " +"'userCertificate;binary'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:487 +msgid "Example: (userCertificate;binary={cert!bin})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:492 +msgid "{subject_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:495 +msgid "" +"This template will add the Kerberos principal which is taken either from the " +"SAN used by pkinit or the one used by AD. The 'short_name' component " +"represents the first part of the principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:501 +msgid "" +"Example: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:506 +msgid "{subject_pkinit_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:509 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by pkinit. The 'short_name' component represents the first part of the " +"principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:515 +msgid "" +"Example: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:520 +msgid "{subject_nt_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:523 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by AD. The 'short_name' component represent the first part of the principal " +"before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:529 +msgid "" +"Example: (|(userPrincipalName={subject_nt_principal})" +"(samAccountName={subject_nt_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:534 +msgid "{subject_rfc822_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:537 +msgid "" +"This template will add the string which is stored in the rfc822Name " +"component of the SAN, typically an email address. The 'short_name' component " +"represents the first part of the address before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:543 +msgid "" +"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name." +"short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:548 +msgid "{subject_dns_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:551 +msgid "" +"This template will add the string which is stored in the dNSName component " +"of the SAN, typically a fully-qualified host name. The 'short_name' " +"component represents the first part of the name before the first '.' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:557 +msgid "" +"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:562 +msgid "{subject_uri}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:565 +msgid "" +"This template will add the string which is stored in the " +"uniformResourceIdentifier component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:569 +msgid "Example: (uri={subject_uri})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:574 +msgid "{subject_ip_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:577 +msgid "" +"This template will add the string which is stored in the iPAddress component " +"of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:581 +msgid "Example: (ip={subject_ip_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:586 +msgid "{subject_x400_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:589 +msgid "" +"This template will add the value which is stored in the x400Address " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:594 +msgid "Example: (attr:binary={subject_x400_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:599 +msgid "" +"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:602 +msgid "" +"This template will add the DN string of the value which is stored in the " +"directoryName component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:606 +msgid "Example: (orig_dn={subject_directory_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:611 +msgid "{subject_ediparty_name}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:614 +msgid "" +"This template will add the value which is stored in the ediPartyName " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:619 +msgid "Example: (attr:binary={subject_ediparty_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:624 +msgid "{subject_registered_id}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:627 +msgid "" +"This template will add the OID which is stored in the registeredID component " +"of the SAN as a dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:632 +msgid "Example: (oid={subject_registered_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:417 +msgid "" +"The templates to add certificate data to the search filter are based on " +"Python-style formatting strings. They consist of a keyword in curly braces " +"with an optional sub-component specifier separated by a '.' or an optional " +"conversion/formatting option separated by a '!'. Allowed values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><title> +#: sss-certmap.5.xml:639 +msgid "LDAPU1 extension" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para> +#: sss-certmap.5.xml:641 +msgid "The following template are available when using the 'LDAPU1' extension:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:647 +msgid "{serial_number[!(dec|hex[_ucr])]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:650 +msgid "" +"This template will add the serial number of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:655 +msgid "" +"With the formatting option '!dec' the number will be printed as decimal " +"string. The hexadecimal output can be printed with upper-case letters ('!" +"hex_u'), with a colon separating the hexadecimal bytes ('!hex_c') or with " +"the hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can " +"be combined so that e.g. '!hex_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:665 +msgid "Example: LDAPU1:(serial={serial_number})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:671 +msgid "{subject_key_id[!hex[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:674 +msgid "" +"This template will add the subject key id of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:679 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!hex_u'), " +"with a colon separating the hexadecimal bytes ('!hex_c') or with the " +"hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can be " +"combined so that e.g. '!hex_uc' will produce a colon-separated hexadecimal " +"string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:688 +msgid "Example: LDAPU1:(ski={subject_key_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:694 +msgid "{cert[!DIGEST[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:697 +msgid "" +"This template will add the hexadecimal digest/hash of the certificate where " +"DIGEST must be replaced with the name of a digest/hash function supported by " +"OpenSSL, e.g. 'sha512'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:703 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!sha512_u'), " +"with a colon separating the hexadecimal bytes ('!sha512_c') or with the " +"hexadecimal bytes in reverse order ('!sha512_r'). The postfix letters can be " +"combined so that e.g. '!sha512_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:712 +msgid "Example: LDAPU1:(dgst={cert!sha256})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:718 +msgid "{subject_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:721 +msgid "" +"This template will add an attribute value of a component of the subject DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:726 +msgid "" +"A different component can it either selected by attribute name, e.g. " +"{subject_dn_component.uid} or by position, e.g. {subject_dn_component.[2]} " +"where positive numbers start counting from the most specific component and " +"negative numbers start counting from the least specific component. Attribute " +"name and the position can be combined as e.g. {subject_dn_component.uid[2]} " +"which means that the name of the second component must be 'uid'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:737 +msgid "Example: LDAPU1:(uid={subject_dn_component.uid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:743 +msgid "{issuer_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:746 +msgid "" +"This template will add an attribute value of a component of the issuer DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:751 +msgid "" +"See 'subject_dn_component' for details about the attribute name and position " +"specifiers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:755 +msgid "" +"Example: LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component." +"dc[-1]})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:760 +msgid "{sid[.rid]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:763 +msgid "" +"This template will add the SID if the corresponding extension introduced by " +"Microsoft with the OID 1.3.6.1.4.1.311.25.2 is available. With the '.rid' " +"selector only the last component, i.e. the RID, will be added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:770 +msgid "Example: LDAPU1:(objectsid={sid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:779 +msgid "DOMAIN LIST" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:781 +msgid "" +"If the domain list is not empty users mapped to a given certificate are not " +"only searched in the local domain but in the listed domains as well as long " +"as they are know by SSSD. Domains not know to SSSD will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for IPA environments. The IPA provider accepts the same " +"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. " +"However, it is neither necessary nor recommended to set these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:57 +msgid "" +"The IPA provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"As an access provider, the IPA provider has a minimal configuration (see " +"<quote>ipa_access_order</quote>) as it mainly uses HBAC (host-based access " +"control) rules. Please refer to freeipa.org for more information about HBAC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:68 +msgid "" +"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ipa</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:74 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:90 +msgid "ipa_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:93 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:101 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:104 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:117 +msgid "ipa_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:120 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host. The " +"hostname must be fully qualified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:129 sssd-ad.5.xml:1181 +msgid "dyndns_update (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:132 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA with the IP address of this client. The update is secured " +"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the " +"updates, if it is not otherwise specified by using the <quote>dyndns_iface</" +"quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:141 sssd-ad.5.xml:1195 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:146 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:158 sssd-ad.5.xml:1206 +msgid "dyndns_ttl (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:161 sssd-ad.5.xml:1209 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:166 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:172 +msgid "Default: 1200 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:178 sssd-ad.5.xml:1220 +msgid "dyndns_iface (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 sssd-ad.5.xml:1223 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:188 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 sssd-ad.5.xml:1234 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 +msgid "dyndns_auth (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"updates with the DNS server, insecure updates can be sent by setting this " +"option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 +msgid "Default: GSS-TSIG" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 +msgid "dyndns_auth_ptr (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"PTR updates with the DNS server, insecure updates can be sent by setting " +"this option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 +msgid "Default: Same as dyndns_auth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:234 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:237 sssd-ad.5.xml:238 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example." +"com\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1240 +msgid "dyndns_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:263 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:276 sssd-ad.5.xml:1258 +msgid "dyndns_update_ptr (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:1261 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 +msgid "Default: False (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 +msgid "dyndns_force_tcp (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 +msgid "dyndns_update_per_family (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 +msgid "" +"DNS update is by default performed in two steps - IPv4 update and then IPv6 " +"update. In some cases it might be desirable to perform IPv4 and IPv6 update " +"in single step." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:353 +msgid "ipa_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:360 +msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:399 +msgid "" +"Please note that 'access_provider = ipa' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:406 +msgid "ipa_deskprofile_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:409 +msgid "" +"Optional. Use the given string as search base for Desktop Profile related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 +msgid "Default: Use base DN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:419 +msgid "ipa_subid_ranges_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"Optional. Use the given string as search base for subordinate ranges related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:426 +msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:433 +msgid "ipa_hbac_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:436 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 +msgid "Deprecated. Use ldap_host_search_base instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:455 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:458 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:474 +msgid "ipa_subdomains_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:477 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:486 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:493 +msgid "ipa_master_domain_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:496 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:505 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:524 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:534 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:538 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:564 +msgid "ipa_deskprofile_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:567 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server. This will reduce the latency and load on the IPA server if there " +"are many desktop profiles requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 +msgid "Default: 5 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:580 +msgid "ipa_deskprofile_request_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:583 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server in case the last request did not return any rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:588 +msgid "Default: 60 (minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:594 +msgid "ipa_hbac_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:597 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:610 +msgid "ipa_hbac_selinux (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:613 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:626 +msgid "ipa_server_mode (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "" +"This option will be set by the IPA installer (ipa-server-install) " +"automatically and denotes if SSSD is running on an IPA server or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:634 +msgid "" +"On an IPA server SSSD will lookup users and groups from trusted domains " +"directly while on a client it will ask an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:639 +msgid "" +"NOTE: There are currently some assumptions that must be met when SSSD is " +"running on an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "" +"The <quote>ipa_server</quote> option must be configured to point to the IPA " +"server itself. This is already the default set by the IPA installer, so no " +"manual change is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:653 +msgid "" +"The <quote>full_name_format</quote> option must not be tweaked to only print " +"short names for users from trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:668 +msgid "ipa_automount_location (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:671 +msgid "The automounter location this IPA client will be using" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:674 +msgid "Default: The location named \"default\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:682 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:691 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:694 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:697 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:703 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:706 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 +#: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 +#: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 +#: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 +msgid "Default: cn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:716 +msgid "ipa_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:719 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:722 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:728 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:731 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:735 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:741 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:744 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:749 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:752 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:755 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:758 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:761 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:764 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:767 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:770 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:775 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:781 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:784 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:789 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:792 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:795 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:800 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:684 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:812 +msgid "SUBDOMAINS PROVIDER" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:814 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:818 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:824 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:835 +msgid "TRUSTED DOMAINS CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:843 +#, no-wrap +msgid "" +"[domain/ipa.domain.com/ad.domain.com]\n" +"ad_server = dc.ad.domain.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:837 +msgid "" +"Some configuration options can also be set for a trusted domain. A trusted " +"domain configuration can be set using the trusted domain subsection as shown " +"in the example below. Alternatively, the <quote>subdomain_inherit</quote> " +"option can be used in the parent domain. <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:848 +msgid "" +"For more details, see the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:855 +msgid "" +"Different configuration options are tunable for a trusted domain depending " +"on whether you are configuring SSSD on an IPA server or an IPA client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:860 +msgid "OPTIONS TUNABLE ON IPA MASTERS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:862 +msgid "" +"The following options can be set in a subdomain section on an IPA master:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 +msgid "ad_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:869 +msgid "ad_backup_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 +msgid "ad_site" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:875 +msgid "ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:878 +msgid "ldap_user_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:881 +msgid "ldap_group_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:890 +msgid "OPTIONS TUNABLE ON IPA CLIENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:892 +msgid "" +"The following options can be set in a subdomain section on an IPA client:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:904 +msgid "" +"Note that if both options are set, only <quote>ad_server</quote> is " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:908 +msgid "" +"Since any request for a user or a group identity from a trusted domain " +"triggered from an IPA client is resolved by the IPA server, the " +"<quote>ad_server</quote> and <quote>ad_site</quote> options only affect " +"which AD DC will the authentication be performed against. In particular, the " +"addresses resolved from these lists will be written to <quote>kdcinfo</" +"quote> files read by the Kerberos locator plugin. Please refer to the " +"<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more details on the " +"Kerberos locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:932 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:939 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available. Back end communication occurs over a GSSAPI-encrypted " +"channel, SSL/TLS options should not be used with the AD provider and will be " +"superseded by Kerberos usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:44 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:48 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:54 +msgid "" +"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for Active Directory environments. The AD provider accepts the " +"same options used by the sssd-ldap and sssd-krb5 providers with some " +"exceptions. However, it is neither necessary nor recommended to set these " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"The AD provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:74 +msgid "" +"The AD provider can also be used as an access, chpass, sudo and autofs " +"provider. No configuration of the access provider is required on the client " +"side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:79 +msgid "" +"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ad</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:91 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:85 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should " +"be used, it is recommended for performance reasons that the attributes are " +"also replicated to the Global Catalog. If POSIX attributes are replicated, " +"SSSD will attempt to locate the domain of a requested numerical ID with the " +"help of the Global Catalog and only search that domain. In contrast, if " +"POSIX attributes are not replicated to the Global Catalog, SSSD must search " +"all the domains in the forest sequentially. Please note that the " +"<quote>cache_first</quote> option might be also helpful in speeding up " +"domainless searches. Note that if only a subset of POSIX attributes is " +"present in the Global Catalog, the non-replicated attributes are currently " +"not read from the LDAP port." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:108 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:113 +msgid "" +"SSSD only resolves Active Directory Security Groups. For more information " +"about AD group types see: <ulink url=\"https://docs.microsoft.com/en-us/" +"windows-server/identity/ad-ds/manage/understand-security-groups\"> Active " +"Directory security groups</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:120 +msgid "" +"SSSD filters out Domain Local groups from remote domains in the AD forest. " +"By default they are filtered out e.g. when following a nested group " +"hierarchy in remote domains because they are not valid in the local domain. " +"This is done to be in agreement with Active Directory's group-membership " +"assignment which can be seen in the PAC of the Kerberos ticket of a user " +"issued by Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:138 +msgid "ad_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:141 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:146 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:151 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:158 +msgid "ad_enabled_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:161 +msgid "" +"A comma-separated list of enabled Active Directory domains. If provided, " +"SSSD will ignore any domains not listed in this option. If left unset, all " +"discovered domains from the AD forest will be available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:168 +msgid "" +"During the discovery of the domains SSSD will filter out some domains where " +"flags or attributes indicate that they do not belong to the local forest or " +"are not trusted. If ad_enabled_domains is set, SSSD will try to enable all " +"listed domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:179 +#, no-wrap +msgid "" +"ad_enabled_domains = sales.example.com, eng.example.com\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:175 +msgid "" +"For proper operation, this option must be specified in all lower-case and as " +"the fully qualified domain name of the Active Directory domain. For example: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) will be " +"autodetected by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:193 +msgid "ad_server, ad_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:196 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:203 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:208 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:216 +msgid "ad_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:219 +msgid "" +"Optional. On machines where the hostname(5) does not reflect the fully " +"qualified name, sssd will try to expand the short name. If it is not " +"possible or the short name should be really used instead, set this parameter " +"explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:226 +msgid "" +"This field is used to determine the host principal in use in the keytab and " +"to perform dynamic DNS updates. It must match the hostname for which the " +"keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:235 +msgid "ad_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:258 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:261 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:269 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:277 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:285 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"Nested group membership must be searched for using a special OID " +"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain." +"example.org: syntax to ensure the parser does not attempt to interpret the " +"colon characters associated with the OID. If you do not use this OID then " +"nested group membership will not be resolved. See usage example below and " +"refer here for further information about the OID: <ulink url=\"https://msdn." +"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP " +"extensions</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:303 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:314 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +"\n" +"# apply filter for a member of a nested group in dom1:\n" +"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:333 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:347 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:350 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:358 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:372 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:384 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to the host. For more " +"information on the supported policy settings please refer to the " +"<quote>ad_gpo_map</quote> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:392 +msgid "" +"Please note that current version of SSSD does not support Active Directory's " +"built-in groups. Built-in groups (such as Administrators with SID " +"S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See " +"upstream issue tracker https://github.com/SSSD/sssd/issues/5063 ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:401 +msgid "" +"Before performing access control SSSD applies group policy security " +"filtering on the GPOs. For every single user login, the applicability of the " +"GPOs that are linked to the host is checked. In order for a GPO to apply to " +"a user, the user or at least one of the groups to which it belongs must have " +"following permissions on the GPO:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:411 +msgid "" +"Read: The user or one of its groups must have read access to the properties " +"of the GPO (RIGHT_DS_READ_PROPERTY)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:418 +msgid "" +"Apply Group Policy: The user or at least one of its groups must be allowed " +"to apply the GPO (RIGHT_DS_CONTROL_ACCESS)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:426 +msgid "" +"By default, the Authenticated Users group is present on a GPO and this group " +"has both Read and Apply Group Policy access rights. Since authentication of " +"a user must have been completed successfully before GPO security filtering " +"and access control are started, the Authenticated Users group permissions on " +"the GPO always apply also to the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:435 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing. For logging GPO-based access control debug level 'trace " +"functions' is required (see <citerefentry> <refentrytitle>sssctl</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:458 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:464 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:470 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:481 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:484 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:490 +msgid "ad_gpo_implicit_deny (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:493 +msgid "" +"Normally when no applicable GPOs are found the users are allowed access. " +"When this option is set to True users will be allowed access only when " +"explicitly allowed by a GPO rule. Otherwise users will be denied access. " +"This can be used to harden security but be careful when using this option " +"because it can deny access even to users in the built-in Administrators " +"group if no GPO rules apply to them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:509 +msgid "" +"The following 2 tables should illustrate when a user is allowed or rejected " +"based on the allow and deny login rights defined on the server-side and the " +"setting of ad_gpo_implicit_deny." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:521 +msgid "ad_gpo_implicit_deny = False (default)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "allow-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "deny-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:523 sssd-ad.5.xml:549 +msgid "results" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:526 sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:552 +#: sssd-ad.5.xml:555 sssd-ad.5.xml:558 +msgid "missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:527 +msgid "all users are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:535 sssd-ad.5.xml:555 +#: sssd-ad.5.xml:558 sssd-ad.5.xml:561 +msgid "present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:530 +msgid "only users not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:533 sssd-ad.5.xml:559 +msgid "only users in allow-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:536 sssd-ad.5.xml:562 +msgid "only users in allow-rules and not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:547 +msgid "ad_gpo_implicit_deny = True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:553 sssd-ad.5.xml:556 +msgid "no users are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:569 +msgid "ad_gpo_ignore_unreadable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:572 +msgid "" +"Normally when some group policy containers (AD object) of applicable group " +"policy objects are not readable by SSSD then users are denied access. This " +"option allows to ignore group policy containers and with them associated " +"policies if their attributes in group policy containers are not readable for " +"SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:589 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:605 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:608 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings. Only those GPOs are evaluated " +"for which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny interactive logon setting for the user or one of its groups, the user " +"is denied local access. If none of the evaluated GPOs has an interactive " +"logon right defined, the user is granted local access. If at least one " +"evaluated GPO contains interactive logon right settings, the user is granted " +"local access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:626 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:640 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:631 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:663 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:683 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:688 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:693 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:698 +msgid "unity" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:703 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:712 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:715 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings. Only those GPOs are " +"evaluated for which the user has Read and Apply Group Policy permission (see " +"option <quote>ad_gpo_access_control</quote>). If an evaluated GPO contains " +"the deny remote logon setting for the user or one of its groups, the user is " +"denied remote interactive access. If none of the evaluated GPOs has a " +"remote interactive logon right defined, the user is granted remote access. " +"If at least one evaluated GPO contains remote interactive logon right " +"settings, the user is granted remote access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:734 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:749 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:740 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:757 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:762 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:771 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny network logon setting for the user or one of its groups, the user is " +"denied network logon access. If none of the evaluated GPOs has a network " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains network logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:792 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:807 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:798 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:815 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:820 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:829 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:832 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings. Only those GPOs are evaluated for which the user has Read " +"and Apply Group Policy permission (see option <quote>ad_gpo_access_control</" +"quote>). If an evaluated GPO contains the deny batch logon setting for the " +"user or one of its groups, the user is denied batch logon access. If none " +"of the evaluated GPOs has a batch logon right defined, the user is granted " +"logon access. If at least one evaluated GPO contains batch logon right " +"settings, the user is granted logon access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:850 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:864 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:855 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:867 +msgid "" +"Note: Cron service name may differ depending on Linux distribution used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:873 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:882 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:885 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny service logon setting for the user or one of its groups, the user is " +"denied service logon access. If none of the evaluated GPOs has a service " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains service logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:903 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:916 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:908 sssd-ad.5.xml:983 +msgid "" +"It is possible to add a PAM service name to the default set by using " +"<quote>+service_name</quote>. Since the default set is empty, it is not " +"possible to remove a PAM service name from the default set. For example, in " +"order to add a custom pam service name (e.g. <quote>my_pam_service</quote>), " +"you would use the following configuration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:926 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:929 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:943 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:934 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:951 +msgid "polkit-1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:966 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:975 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:978 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:991 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1001 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1004 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1017 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1026 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1031 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1036 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1041 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1046 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1051 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1057 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1063 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1066 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1072 +msgid "Default: 30 days" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1078 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1081 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expects 2 integers separated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the initial timeout in seconds before the task is run for the " +"first time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1090 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1096 +msgid "ad_update_samba_machine_account_password (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1099 +msgid "" +"If enabled, when SSSD renews the machine account password, it will also be " +"updated in Samba's database. This prevents Samba's copy of the machine " +"account password from getting out of date when it is set up to use AD for " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1112 +msgid "ad_use_ldaps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1115 +msgid "" +"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " +"3628. If this option is set to True SSSD will use the LDAPS port 636 and " +"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " +"have multiple encryption layers on a single connection and we still want to " +"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " +"property maxssf is set to 0 (zero) for those connections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1132 +msgid "ad_allow_remote_domain_local_groups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1135 +msgid "" +"If this option is set to <quote>true</quote> SSSD will not filter out Domain " +"Local groups from remote domains in the AD forest. By default they are " +"filtered out e.g. when following a nested group hierarchy in remote domains " +"because they are not valid in the local domain. To be compatible with other " +"solutions which make AD users and groups available on Linux client this " +"option was added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1145 +msgid "" +"Please note that setting this option to <quote>true</quote> will be against " +"the intention of Domain Local group in Active Directory and <emphasis>SHOULD " +"ONLY BE USED TO FACILITATE MIGRATION FROM OTHER SOLUTIONS</emphasis>. " +"Although the group exists and user can be member of the group the intention " +"is that the group should be only used in the domain it is defined and in no " +"others. Since there is only one type of POSIX groups the only way to achieve " +"this on the Linux side is to ignore those groups. This is also done by " +"Active Directory as can be seen in the PAC of the Kerberos ticket for a " +"local service or in tokenGroups requests where remote Domain Local groups " +"are missing as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1161 +msgid "" +"Given the comments above, if this option is set to <quote>true</quote> the " +"tokenGroups request must be disabled by setting <quote>ldap_use_tokengroups</" +"quote> to <quote>false</quote> to get consistent group-memberships of a " +"users. Additionally the Global Catalog lookup should be skipped as well by " +"setting <quote>ad_enable_gc</quote> to <quote>false</quote>. Finally it " +"might be necessary to modify <quote>ldap_group_nesting_level</quote> if the " +"remote Domain Local groups can only be found with a deeper nesting level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1184 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1214 +msgid "Default: 3600 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1230 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1243 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true. Note that the " +"lowest possible value is 60 seconds in-case if value is provided less than " +"60, parameter will assume lowest value only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1393 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1400 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1420 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1416 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1426 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1434 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included in the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:98 +msgid "" +"<placeholder type=\"programlisting\" id=\"0\"/> <phrase " +"condition=\"have_systemd\"> It's important to note that on platforms where " +"systemd is supported there's no need to add the \"sudo\" provider to the " +"list of services, as it became optional. However, sssd-sudo.socket must be " +"enabled instead. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:118 +msgid "" +"When SSSD is configured to use IPA as the ID provider, the sudo provider is " +"automatically enabled. The sudo search base is configured to use the IPA " +"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in " +"sssd.conf, this value will be used instead. The compat tree (ou=sudoers," +"$SUFFIX) is no longer required for IPA sudo functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:128 +msgid "The SUDO rule caching mechanism" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:130 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:138 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:144 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:161 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:168 +msgid "keyword ALL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:173 +msgid "wildcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:178 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:183 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:188 +msgid "one of the IP addresses of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:193 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:199 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:213 +msgid "Tuning the performance" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:215 +msgid "" +"SSSD uses different kinds of mechanisms with more or less complex LDAP " +"filters to keep the cached sudo rules up to date. The default configuration " +"is set to values that should satisfy most of our users, but the following " +"paragraphs contain few tips on how to fine- tune the configuration to your " +"requirements." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:222 +msgid "" +"1. <emphasis>Index LDAP attributes</emphasis>. Make sure that following LDAP " +"attributes are indexed: objectClass, cn, entryUSN or modifyTimestamp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:227 +msgid "" +"2. <emphasis>Set ldap_sudo_search_base</emphasis>. Set the search base to " +"the container that holds the sudo rules to limit the scope of the lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:232 +msgid "" +"3. <emphasis>Set full and smart refresh interval</emphasis>. If your sudo " +"rules do not change often and you do not require quick update of cached " +"rules on your clients, you may consider increasing the " +"<emphasis>ldap_sudo_full_refresh_interval</emphasis> and " +"<emphasis>ldap_sudo_smart_refresh_interval</emphasis>. You may also consider " +"disabling the smart refresh by setting " +"<emphasis>ldap_sudo_smart_refresh_interval = 0</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:241 +msgid "" +"4. If you have large number of clients, you may consider increasing the " +"value of <emphasis>ldap_sudo_random_offset</emphasis> to distribute the load " +"on the server better." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>--logger=</option><replaceable>value</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "Location where SSSD will send log messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:92 +msgid "" +"<emphasis>stderr</emphasis>: Redirect debug messages to standard error " +"output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:96 +msgid "" +"<emphasis>files</emphasis>: Redirect debug messages to the log files. By " +"default, the log files are stored in <filename>/var/log/sssd</filename> and " +"there are separate log files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:102 +msgid "" +"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:106 +msgid "" +"Default: not set (fall back to journald if available, otherwise to stderr)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:113 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:117 +msgid "Become a daemon after starting up." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:123 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:127 +msgid "Run in the foreground, don't become a daemon." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:133 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:137 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "<option>-g</option>,<option>--genconf</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:154 +msgid "" +"Do not start the SSSD, but refresh the configuration database from the " +"contents of <filename>/etc/sssd/sssd.conf</filename> and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:162 +msgid "<option>-s</option>,<option>--genconf-section</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:166 +msgid "" +"Similar to <quote>--genconf</quote>, but only refresh a single section from " +"the configuration file. This option is useful mainly to be called from " +"systemd unit files to allow socket-activated responders to refresh their " +"configuration without requiring the administrator to restart the whole SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:178 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:182 +msgid "Print version number and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:190 +msgid "Signals" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:193 +msgid "SIGTERM/SIGINT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:196 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:202 +msgid "SIGHUP" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:205 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:213 +msgid "SIGUSR1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:216 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:225 +msgid "SIGUSR2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:228 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:240 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:244 +msgid "" +"If the environment variable SSS_LOCKFREE is set to \"NO\", requests from " +"multiple threads of a single application will be serialized." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:48 +msgid "" +"<emphasis>NOTE:</emphasis> The options provided in this man page only work " +"with <quote>ldap</quote> and <quote>AD</quote> <quote> id_provider</quote>. " +"IPA overrides can be managed centrally on the IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:56 sssctl.8.xml:41 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:58 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:65 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED " +"CERTIFICATE</optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:78 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:86 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:91 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:100 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:105 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:113 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:118 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:124 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:134 +msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:137 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:146 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:149 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:155 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:160 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:168 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:175 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:183 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:188 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:197 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:202 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:210 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:215 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:221 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:231 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:234 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:243 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:246 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:252 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:257 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:267 sssctl.8.xml:50 +msgid "COMMON OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:269 sssctl.8.xml:52 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:274 sssctl.8.xml:57 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 include/override_homedir.xml:42 +msgid "%h" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:124 +msgid "home directory" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:31 +msgid "%P" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:56 +msgid "%%" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:57 +msgid "a literal '%'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:253 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:256 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:261 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:274 +msgid "krb5_use_fast (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:277 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:282 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:286 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:291 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:296 +msgid "Default: not set, i.e. FAST is not used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:299 +msgid "NOTE: a keytab or support for anonymous PKINIT is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:303 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:312 +msgid "krb5_fast_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:315 +msgid "Specifies the server principal to use for FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:321 +msgid "krb5_fast_use_anonymous_pkinit (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:324 +msgid "" +"If set to true try to use anonymous PKINIT instead of a keytab to get the " +"required credential for FAST. The krb5_fast_principal options is ignored in " +"this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:364 +msgid "krb5_kdcinfo_lookahead (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:367 +msgid "" +"When krb5_use_kdcinfo is set to true, you can limit the amount of servers " +"handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. This might be " +"helpful when there are too many servers discovered using SRV record." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:377 +msgid "" +"The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. " +"The first number represents number of primary servers used and the second " +"number specifies the number of backup servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:383 +msgid "" +"For example <emphasis>10:0</emphasis> means that up to 10 primary servers " +"will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " +"servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:392 +msgid "Default: 3:1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:398 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:401 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:407 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:410 +msgid "" +"The IPA provider will set to option to 'true' if it detects that the server " +"is capable of handling enterprise principals and the option is not set " +"explicitly in the config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:419 +msgid "krb5_use_subdomain_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:422 +msgid "" +"Specifies to use subdomains realms for the authentication of users from " +"trusted domains. This option can be set to 'true' if enterprise principals " +"are used with upnSuffixes which are not known on the parent domain KDCs. If " +"the option is set to 'true' SSSD will try to send the request directly to a " +"KDC of the trusted domain the user is coming from." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:438 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:453 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:458 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:485 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:493 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online. Options that invalidate a single object only accept a " +"single provided argument." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:43 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:47 +msgid "Invalidate all cached entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:53 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:58 +msgid "Invalidate specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:64 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:68 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:75 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:80 +msgid "Invalidate specific group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:86 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:90 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:97 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:102 +msgid "Invalidate specific netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:108 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:112 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:119 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:124 +msgid "Invalidate specific service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:130 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:134 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:141 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:146 +msgid "Invalidate specific autofs maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:152 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:156 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:163 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:168 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:174 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:178 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:186 +msgid "" +"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:191 +msgid "Invalidate particular sudo rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:197 +msgid "<option>-R</option>,<option>--sudo-rules</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:201 +msgid "" +"Invalidate all cached sudo rules. This option overrides invalidation of " +"specific sudo rule if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:209 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:214 +msgid "Restrict invalidation process only to a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_cache.8.xml:224 +msgid "EFFECTS ON THE FAST MEMORY CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:226 +msgid "" +"<command>sss_cache</command> also invalidates the memory cache. Since the " +"memory cache is a file which is mapped into the memory of each process which " +"called SSSD to resolve users or groups the file cannot be truncated. A " +"special flag is set in the header of the file to indicate that the content " +"is invalid and then the file is unlinked by SSSD's NSS responder and a new " +"cache file is created. Whenever a process is now doing a new lookup for a " +"user or a group it will see the flag, close the old memory cache file and " +"map the new one into its memory. When all processes which had opened the old " +"memory cache file have closed it while looking up a user or a group the " +"kernel can release the occupied disk space and the old memory cache file is " +"finally removed completely." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:240 +msgid "" +"A special case is long running processes which are doing user or group " +"lookups only at startup, e.g. to determine the name of the user the process " +"is running as. For those lookups the memory cache file is mapped into the " +"memory of the process. But since there will be no further lookups this " +"process would never detect if the memory cache file was invalidated and " +"hence it will be kept in memory and will occupy disk space until the process " +"stops. As a result calling <command>sss_cache</command> might increase the " +"disk usage because old memory cache files cannot be removed from the disk " +"because they are still mapped by long running processes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:252 +msgid "" +"A possible work-around for long running processes which are looking up users " +"and groups only at startup or very rarely is to run them with the " +"environment variable SSS_NSS_USE_MEMCACHE set to \"NO\" so that they won't " +"use the memory cache at all and not map the memory cache file into the " +"memory. In general a better solution is to tune the cache timeout parameters " +"so that they meet the local expectations and calling <command>sss_cache</" +"command> is not needed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "[DEPRECATED] change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl " +"debug-level command. Please refer to the <command>sssctl</command> man page " +"for more information on sssctl usage." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ifp.5.xml:43 +msgid "FIND BY VALID CERTIFICATE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:45 +msgid "" +"The following options can be used to control how the certificates are " +"validated when using the FindByValidCertificate() API:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:48 sss_ssh_authorizedkeys.1.xml:92 +msgid "ca_db" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:49 sss_ssh_authorizedkeys.1.xml:93 +msgid "p11_child_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:50 sss_ssh_authorizedkeys.1.xml:94 +msgid "certificate_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:52 +msgid "" +"For more details about the options see <citerefentry><refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:62 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:69 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:75 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:79 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:93 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:108 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:115 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:116 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:119 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:120 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:123 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:127 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:128 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:97 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:141 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:133 +msgid "" +"It is possible to add another attribute to this set by using " +"<quote>+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:145 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:155 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:160 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:316 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the " +"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> man page for more details about this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:59 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:52 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_ssh_authorizedkeys.1.xml:65 +msgid "KEYS FROM CERTIFICATES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:67 +msgid "" +"In addition to the public SSH keys for user <replaceable>USER</replaceable> " +"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived " +"from the public key of a X.509 certificate as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:73 +msgid "" +"To enable this the <quote>ssh_use_certificate_keys</quote> option must be " +"set to true (default) in the [ssh] section of <filename>sssd.conf</" +"filename>. If the user entry contains certificates (see " +"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or " +"there is a certificate in an override entry for the user (see " +"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the " +"certificate is valid SSSD will extract the public key from the certificate " +"and convert it into the format expected by sshd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:90 +msgid "Besides <quote>ssh_use_certificate_keys</quote> the options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:96 +msgid "" +"can be used to control how the certificates are validated (see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:101 +msgid "" +"The validation is the benefit of using X.509 certificates instead of SSH " +"keys directly because e.g. it gives a better control of the lifetime of the " +"keys. When the ssh client is configured to use the private keys from a " +"Smartcard with the help of a PKCS#11 shared library (see " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> for details) it might be irritating that authentication is " +"still working even if the related X.509 certificate on the Smartcard is " +"already expired because neither <command>ssh</command> nor <command>sshd</" +"command> will look at the certificate at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:114 +msgid "" +"It has to be noted that the derived public SSH key can still be added to the " +"<filename>authorized_keys</filename> file of the user to bypass the " +"certificate validation if the <command>sshd</command> configuration permits " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:132 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:102 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:104 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and establishes the connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:89 +msgid "<option>-k</option>,<option>--pubkey</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:93 +msgid "" +"Print the host ssh public keys for host <replaceable>HOST</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: idmap_sss.8.xml:10 idmap_sss.8.xml:15 +msgid "idmap_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: idmap_sss.8.xml:16 +msgid "SSSD's idmap_sss Backend for Winbind" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:22 +msgid "" +"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. " +"No database is required in this case as the mapping is done by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: idmap_sss.8.xml:29 +msgid "IDMAP OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: idmap_sss.8.xml:33 +msgid "range = low - high" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: idmap_sss.8.xml:35 +msgid "" +"Defines the available matching UID and GID range for which the backend is " +"authoritative." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:45 +msgid "" +"This example shows how to configure idmap_sss as the default mapping module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: idmap_sss.8.xml:50 +#, no-wrap +msgid "" +"[global]\n" +"security = ads\n" +"workgroup = <AD-DOMAIN-SHORTNAME>\n" +"\n" +"idmap config <AD-DOMAIN-SHORTNAME> : backend = sss\n" +"idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647\n" +"\n" +"idmap config * : backend = tdb\n" +"idmap config * : range = 100000-199999\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:62 +msgid "" +"Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of " +"the AD domain. If multiple AD domains should be used each domain needs an " +"<literal>idmap config</literal> line with <literal>backend = sss</literal> " +"and a line with a suitable <literal>range</literal>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:69 +msgid "" +"Since Winbind requires a writeable default backend and idmap_sss is read-" +"only the example includes <literal>backend = tdb</literal> as default." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssctl.8.xml:10 sssctl.8.xml:15 +msgid "sssctl" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssctl.8.xml:16 +msgid "SSSD control and status utility" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssctl.8.xml:21 +msgid "" +"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:32 +msgid "" +"<command>sssctl</command> provides a simple and unified way to obtain " +"information about SSSD status, such as active server, auto-discovered " +"servers, domains and cached objects. In addition, it can manage SSSD data " +"files for troubleshooting in such a way that is safe to manipulate while " +"SSSD is running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:43 +msgid "" +"To list all available commands run <command>sssctl</command> without any " +"parameters. To print help for selected command run <command>sssctl COMMAND --" +"help</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-files.5.xml:10 sssd-files.5.xml:16 +msgid "sssd-files" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-files.5.xml:17 +msgid "SSSD files provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:23 +msgid "" +"This manual page describes the files provider for <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:36 +msgid "" +"The files provider mirrors the content of the <citerefentry> " +"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files " +"provider is to make the users and groups traditionally only accessible with " +"NSS interfaces also available through the SSSD interfaces such as " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:55 +msgid "" +"Another reason is to provide efficient caching of local users and groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:58 +msgid "" +"Please note that besides explicit domain definition the files provider can " +"be configured also implicitly using 'enable_files_domain' option. See " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:66 +msgid "" +"SSSD never handles resolution of user/group \"root\". Also resolution of UID/" +"GID 0 is not handled by SSSD. Such requests are passed to next NSS module " +"(usually files)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:71 +msgid "" +"When SSSD is not running or responding, nss_sss returns the UNAVAIL code " +"which causes the request to be passed to the next module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:95 +msgid "passwd_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:98 +msgid "" +"Comma-separated list of one or multiple password filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:104 +msgid "Default: /etc/passwd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:110 +msgid "group_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:113 +msgid "" +"Comma-separated list of one or multiple group filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:119 +msgid "Default: /etc/group" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:125 +msgid "fallback_to_nss (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:128 +msgid "" +"While updating the internal data SSSD will return an error and let the " +"client continue with the next NSS module. This helps to avoid delays when " +"using the default system files <filename>/etc/passwd</filename> and " +"<filename>/etc/group</filename> and the NSS configuration has 'sss' before " +"'files' for the 'passwd' and 'group' maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:138 +msgid "" +"If the files provider is configured to monitor other files it makes sense to " +"set this option to 'False' to avoid inconsistent behavior because in general " +"there would be no other NSS module which can be used as a fallback." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:79 +msgid "" +"In addition to the options listed below, generic SSSD domain options can be " +"set where applicable. Refer to the section <quote>DOMAIN SECTIONS</quote> " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for details on the configuration of " +"an SSSD domain. But the purpose of the files provider is to expose the same " +"data as the UNIX files, just through the SSSD interfaces. Therefore not all " +"generic domain options are supported. Likewise, some global options, such as " +"overriding the shell in the <quote>nss</quote> section for all domains has " +"no effect on the files domain unless explicitly specified per-domain. " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:157 +msgid "" +"The following example assumes that SSSD is correctly configured and files is " +"one of the domains in the <replaceable>[sssd]</replaceable> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:163 +#, no-wrap +msgid "" +"[domain/files]\n" +"id_provider = files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:168 +msgid "" +"To leverage caching of local users and groups by SSSD nss_sss module must be " +"listed before nss_files module in /etc/nsswitch.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:174 +#, no-wrap +msgid "" +"passwd: sss files\n" +"group: sss files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16 +msgid "sssd-session-recording" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-session-recording.5.xml:17 +msgid "Configuring session recording with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to " +"implement user session recording on text terminals. For a detailed " +"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> " +"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:41 +msgid "" +"SSSD can be set up to enable recording of everything specific users see or " +"type during their sessions on text terminals. E.g. when users log in on the " +"console, or via SSH. SSSD itself doesn't record anything, but makes sure " +"tlog-rec-session is started upon user login, so it can record according to " +"its configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:48 +msgid "" +"For users with session recording enabled, SSSD replaces the user shell with " +"tlog-rec-session in NSS responses, and adds a variable specifying the " +"original shell to the user environment, upon PAM session setup. This way " +"tlog-rec-session can be started in place of the user shell, and know which " +"actual shell to start, once it set up the recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:60 +msgid "These options can be used to configure the session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:178 +msgid "" +"The following snippet of sssd.conf enables session recording for users " +"\"contractor1\" and \"contractor2\", and group \"students\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-session-recording.5.xml:183 +#, no-wrap +msgid "" +"[session_recording]\n" +"scope = some\n" +"users = contractor1, contractor2\n" +"groups = students\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16 +msgid "sssd-kcm" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-kcm.8.xml:17 +msgid "SSSD Kerberos Cache Manager" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:23 +msgid "" +"This manual page describes the configuration of the SSSD Kerberos Cache " +"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos " +"credential caches. It originates in the Heimdal Kerberos project, although " +"the MIT Kerberos library also provides client side (more details on that " +"below) support for the KCM credential cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:31 +msgid "" +"In a setup where Kerberos caches are managed by KCM, the Kerberos library " +"(typically used through an application, like e.g., <citerefentry> " +"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </" +"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is " +"being referred to as a <quote>\"KCM server\"</quote>. The client and server " +"communicate over a UNIX socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:42 +msgid "" +"The KCM server keeps track of each credential caches's owner and performs " +"access check control based on the UID and GID of the KCM client. The root " +"user has access to all credential caches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:47 +msgid "The KCM credential cache has several interesting properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:51 +msgid "" +"since the process runs in userspace, it is subject to UID namespacing, " +"unlike the kernel keyring" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:56 +msgid "" +"unlike the kernel keyring-based cache, which is shared between all " +"containers, the KCM server is a separate process whose entry point is a UNIX " +"socket" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:61 +msgid "" +"the SSSD implementation stores the ccaches in a database, typically located " +"at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to " +"survive KCM server restarts or machine reboots." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:67 +msgid "" +"This allows the system to use a collection-aware credential cache, yet share " +"the credential cache between some or no containers by bind-mounting the " +"socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:72 +msgid "" +"The KCM default client idle timeout is 5 minutes, this allows more time for " +"user interaction with command line tools such as kinit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:78 +msgid "USING THE KCM CREDENTIAL CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:88 +#, no-wrap +msgid "" +"[libdefaults]\n" +" default_ccache_name = KCM:\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:80 +msgid "" +"In order to use KCM credential cache, it must be selected as the default " +"credential type in <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials " +"cache name must be only <quote>KCM:</quote> without any template " +"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:93 +msgid "" +"Next, make sure the Kerberos client libraries and the KCM server must agree " +"on the UNIX socket path. By default, both use the same path <replaceable>/" +"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos " +"library, change its <quote>kcm_socket</quote> option which is described in " +"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:115 +#, no-wrap +msgid "" +"systemctl start sssd-kcm.socket\n" +"systemctl enable sssd-kcm.socket\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:104 +msgid "" +"Finally, make sure the SSSD KCM server can be contacted. The KCM service is " +"typically socket-activated by <citerefentry> <refentrytitle>systemd</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD " +"services, it cannot be started by adding the <quote>kcm</quote> string to " +"the <quote>service</quote> directive. <placeholder type=\"programlisting\" " +"id=\"0\"/> Please note your distribution may already configure the units for " +"you." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:124 +msgid "THE CREDENTIAL CACHE STORAGE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:126 +msgid "" +"The credential caches are stored in a database, much like SSSD caches user " +"or group entries. The database is typically located at <quote>/var/lib/sss/" +"secrets</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:133 +msgid "OBTAINING DEBUG LOGS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:144 +#, no-wrap +msgid "" +"[kcm]\n" +"debug_level = 10\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:149 sssd-kcm.8.xml:211 +#, no-wrap +msgid "" +"systemctl restart sssd-kcm.service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:135 +msgid "" +"The sssd-kcm service is typically socket-activated <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry>. To generate debug logs, add the following either to the " +"<filename>/etc/sssd/sssd.conf</filename> file directly or as a configuration " +"snippet to <filename>/etc/sssd/conf.d/</filename> directory: <placeholder " +"type=\"programlisting\" id=\"0\"/> Then, restart the sssd-kcm service: " +"<placeholder type=\"programlisting\" id=\"1\"/> Finally, run whatever use-" +"case doesn't work for you. The KCM logs will be generated at <filename>/var/" +"log/sssd/sssd_kcm.log</filename>. It is recommended to disable the debug " +"logs when you no longer need the debugging to be enabled as the sssd-kcm " +"service can generate quite a large amount of debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:159 +msgid "" +"Please note that configuration snippets are, at the moment, only processed " +"if the main configuration file at <filename>/etc/sssd/sssd.conf</filename> " +"exists at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:166 +msgid "RENEWALS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:174 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"krb5_renew_interval = 60m\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:168 +msgid "" +"The sssd-kcm service can be configured to attempt TGT renewal for renewable " +"TGTs stored in the KCM ccache. Renewals are only attempted when half of the " +"ticket lifetime has been reached. KCM Renewals are configured when the " +"following options are set in the [kcm] section: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:179 +msgid "" +"SSSD can also inherit krb5 options for renewals from an existing domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: sssd-kcm.8.xml:183 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"tgt_renewal_inherit = domain-name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:191 +#, no-wrap +msgid "" +"krb5_renew_interval\n" +"krb5_renewable_lifetime\n" +"krb5_lifetime\n" +"krb5_validate\n" +"krb5_canonicalize\n" +"krb5_auth_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:187 +msgid "" +"The following krb5 options can be configured in the [kcm] section to control " +"renewal behavior, these options are described in detail below <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:204 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> section of the sssd." +"conf file. Please note that because the KCM service is typically socket-" +"activated, it is enough to just restart the <quote>sssd-kcm</quote> service " +"after changing options in the <quote>kcm</quote> section of sssd.conf: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:215 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> For a detailed " +"syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:223 +msgid "" +"The generic SSSD service options such as <quote>debug_level</quote> or " +"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for a complete list. In addition, " +"there are some KCM-specific options as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:234 +msgid "socket_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:237 +msgid "The socket the KCM service will listen on." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:240 +msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:243 +msgid "" +"<phrase condition=\"have_systemd\"> Note: on platforms where systemd is " +"supported, the socket path is overwritten by the one defined in the sssd-kcm." +"socket unit file. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:252 +msgid "max_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:255 +msgid "How many credential caches does the KCM database allow for all users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:259 +msgid "Default: 0 (unlimited, only the per-UID quota is enforced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:264 +msgid "max_uid_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:267 +msgid "" +"How many credential caches does the KCM database allow per UID. This is " +"equivalent to <quote>with how many principals you can kinit</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:272 +msgid "Default: 64" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:277 +msgid "max_ccache_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:280 +msgid "" +"How big can a credential cache be per ccache. Each service ticket accounts " +"into this quota." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:284 +msgid "Default: 65536" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:289 +msgid "tgt_renewal (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:292 +msgid "Enables TGT renewals functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:295 +msgid "Default: False (Automatic renewals disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:300 +msgid "tgt_renewal_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:303 +msgid "Domain to inherit krb5_* options from, for use with TGT renewals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:307 +msgid "Default: NULL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:318 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>," +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16 +msgid "sssd-systemtap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-systemtap.5.xml:17 +msgid "SSSD systemtap information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:23 +msgid "" +"This manual page provides information about the systemtap functionality in " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:32 +msgid "" +"SystemTap Probe points have been added into various locations in SSSD code " +"to assist in troubleshooting and analyzing performance related issues." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:40 +msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:46 +msgid "" +"Probes and miscellaneous functions are defined in /usr/share/systemtap/" +"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp " +"respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:57 +msgid "PROBE POINTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:367 +msgid "" +"The information below lists the probe points and arguments available in the " +"following format:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:64 +msgid "probe $name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:67 +msgid "Description of probe point" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:70 +#, no-wrap +msgid "" +"variable1:datatype\n" +"variable2:datatype\n" +"variable3:datatype\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:80 +msgid "Database Transaction Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:84 +msgid "probe sssd_transaction_start" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:87 +msgid "" +"Start of a sysdb transaction, probes the sysdb_transaction_start() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118 +#: sssd-systemtap.5.xml:131 +#, no-wrap +msgid "" +"nesting:integer\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:97 +msgid "probe sssd_transaction_cancel" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:100 +msgid "" +"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() " +"function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:111 +msgid "probe sssd_transaction_commit_before" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:114 +msgid "Probes the sysdb_transaction_commit_before() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:124 +msgid "probe sssd_transaction_commit_after" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:127 +msgid "Probes the sysdb_transaction_commit_after() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:141 +msgid "LDAP Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:145 +msgid "probe sdap_search_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:148 +msgid "Probes the sdap_get_generic_ext_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:152 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"attrs:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:161 +msgid "probe sdap_search_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:164 +msgid "Probes the sdap_get_generic_ext_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:168 sssd-systemtap.5.xml:222 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:176 +msgid "probe sdap_parse_entry" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:179 +msgid "" +"Probes the sdap_parse_entry() function. It is called repeatedly with every " +"received attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:184 +#, no-wrap +msgid "" +"attr:string\n" +"value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:190 +msgid "probe sdap_parse_entry_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:193 +msgid "" +"Probes the sdap_parse_entry() function. It is called when parsing of " +"received object is finished." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:201 +msgid "probe sdap_deref_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:204 +msgid "Probes the sdap_deref_search_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:208 +#, no-wrap +msgid "" +"base_dn:string\n" +"deref_attr:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:215 +msgid "probe sdap_deref_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:218 +msgid "Probes the sdap_deref_search_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:234 +msgid "LDAP Account Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:238 +msgid "probe sdap_acct_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:241 +msgid "Probes the sdap_acct_req_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:245 sssd-systemtap.5.xml:260 +#, no-wrap +msgid "" +"entry_type:int\n" +"filter_type:int\n" +"filter_value:string\n" +"extra_value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:253 +msgid "probe sdap_acct_req_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:256 +msgid "Probes the sdap_acct_req_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:272 +msgid "LDAP User Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:276 +msgid "probe sdap_search_user_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:279 +msgid "Probes the sdap_search_user_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:283 sssd-systemtap.5.xml:295 sssd-systemtap.5.xml:307 +#: sssd-systemtap.5.xml:319 +#, no-wrap +msgid "" +"filter:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:288 +msgid "probe sdap_search_user_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:291 +msgid "Probes the sdap_search_user_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:300 +msgid "probe sdap_search_user_save_begin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:303 +msgid "Probes the sdap_search_user_save_begin() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:312 +msgid "probe sdap_search_user_save_end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:315 +msgid "Probes the sdap_search_user_save_end() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:328 +msgid "Data Provider Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:332 +msgid "probe dp_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:335 +msgid "A Data Provider request is submitted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:338 +#, no-wrap +msgid "" +"dp_req_domain:string\n" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:346 +msgid "probe dp_req_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:349 +msgid "A Data Provider request is completed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:352 +#, no-wrap +msgid "" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +"dp_ret:int\n" +"dp_errorstr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:365 +msgid "MISCELLANEOUS FUNCTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:372 +msgid "function acct_req_desc(entry_type)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:375 +msgid "Convert entry_type to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:380 +msgid "" +"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, " +"filter_value, extra_value)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:384 +msgid "Create probe string based on filter type" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:389 +msgid "function dp_target_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:392 +msgid "Convert target to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:397 +msgid "function dp_method_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:400 +msgid "Convert method to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:410 +msgid "SAMPLE SYSTEMTAP SCRIPTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:412 +msgid "" +"Start the SystemTap script (<command>stap /usr/share/sssd/systemtap/<" +"script_name>.stp</command>), then perform an identity operation and the " +"script will collect information from probes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:418 +msgid "Provided SystemTap scripts are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:422 +msgid "dp_request.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:425 +msgid "Monitoring of data provider request performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:430 +msgid "id_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:433 +msgid "Monitoring of <command>id</command> command performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:439 +msgid "ldap_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:442 +msgid "Monitoring of LDAP queries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:447 +msgid "nested_group_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:450 +msgid "Performance of nested groups resolving." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +msgid "sssd-ldap-attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap-attributes.5.xml:17 +msgid "SSSD LDAP Provider: Mapping Attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap-attributes.5.xml:23 +msgid "" +"This manual page describes the mapping attributes of SSSD LDAP provider " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. Refer to the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " +"for full details about SSSD LDAP provider configuration options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:38 +msgid "USER ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:42 +msgid "ldap_user_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:45 +msgid "The object class of a user entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:48 +msgid "Default: posixAccount" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:54 +msgid "ldap_user_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:57 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:61 +msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:68 +msgid "ldap_user_uid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:71 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:75 +msgid "Default: uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:81 +msgid "ldap_user_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:84 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:88 sssd-ldap-attributes.5.xml:698 +msgid "Default: gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:94 +msgid "ldap_user_primary_group (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:97 +msgid "" +"Active Directory primary group attribute for ID-mapping. Note that this " +"attribute should only be set manually if you are running the <quote>ldap</" +"quote> provider with ID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:103 +msgid "Default: unset (LDAP), primaryGroupID (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:109 +msgid "ldap_user_gecos (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:112 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:116 +msgid "Default: gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:122 +msgid "ldap_user_home_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:125 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:129 +msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:135 +msgid "ldap_user_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:138 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:142 +msgid "Default: loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:148 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:151 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:155 sssd-ldap-attributes.5.xml:724 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:162 +msgid "ldap_user_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:165 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:170 sssd-ldap-attributes.5.xml:739 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:177 +msgid "ldap_user_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:180 sssd-ldap-attributes.5.xml:749 +#: sssd-ldap-attributes.5.xml:872 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:184 sssd-ldap-attributes.5.xml:753 +#: sssd-ldap-attributes.5.xml:879 +msgid "Default: modifyTimestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:190 +msgid "ldap_user_shadow_last_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:193 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:203 +msgid "Default: shadowLastChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:209 +msgid "ldap_user_shadow_min (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:212 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:221 +msgid "Default: shadowMin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:227 +msgid "ldap_user_shadow_max (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:230 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:239 +msgid "Default: shadowMax" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:245 +msgid "ldap_user_shadow_warning (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:248 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:258 +msgid "Default: shadowWarning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:264 +msgid "ldap_user_shadow_inactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:267 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:277 +msgid "Default: shadowInactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:283 +msgid "ldap_user_shadow_expire (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:286 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:296 +msgid "Default: shadowExpire" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:302 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:305 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:311 +msgid "Default: krbLastPwdChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:317 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:320 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:326 +msgid "Default: krbPasswordExpiration" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:332 +msgid "ldap_user_ad_account_expires (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:335 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:340 +msgid "Default: accountExpires" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:346 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:349 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:354 +msgid "Default: userAccountControl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:360 +msgid "ldap_ns_account_lock (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:363 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:368 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:374 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:377 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:381 sssd-ldap-attributes.5.xml:395 +msgid "Default: loginDisabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:387 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:390 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:401 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:404 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:409 +msgid "Default: loginAllowedTimeMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:415 +msgid "ldap_user_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:418 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:422 +msgid "Default: krbPrincipalName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:428 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:431 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:436 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:446 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:456 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:459 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:463 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:466 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:476 +msgid "ldap_user_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:479 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:483 sssd-ldap-attributes.5.xml:963 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:489 +msgid "ldap_user_fullname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:492 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:502 +msgid "ldap_user_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:505 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:509 sssd-ldap-attributes.5.xml:950 +msgid "Default: memberOf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:515 +msgid "ldap_user_authorized_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:518 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:525 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:530 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:537 +msgid "" +"Some distributions (such as Fedora-29+ or RHEL-8) always include the " +"<quote>systemd-user</quote> PAM service as part of the login process. " +"Therefore when using service-based access control, the <quote>systemd-user</" +"quote> service might need to be added to the list of allowed services." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:545 +msgid "Default: authorizedService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:551 +msgid "ldap_user_authorized_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:554 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:560 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:565 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:572 +msgid "Default: host" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:578 +msgid "ldap_user_authorized_rhost (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:581 +msgid "" +"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the " +"presence of the rhost attribute in the user's LDAP entry to determine access " +"privilege. Similarly to host verification process." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:588 +msgid "" +"An explicit deny (!rhost) is resolved first. Second, SSSD searches for " +"explicit allow (rhost) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:593 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>rhost</quote> in order for the " +"ldap_user_authorized_rhost option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:600 +msgid "Default: rhost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:606 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:609 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:613 +msgid "Default: userCertificate;binary" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:619 +msgid "ldap_user_email (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:622 +msgid "Name of the LDAP attribute containing the email address of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:626 +msgid "" +"Note: If an email address of a user conflicts with an email address or fully " +"qualified name of another user, then SSSD will not be able to serve those " +"users properly. If for some reason several users need to share the same " +"email address then set this option to a nonexistent attribute name in order " +"to disable user lookup/login by email." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:635 +msgid "Default: mail" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:640 +msgid "ldap_user_passkey (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:643 +msgid "" +"Name of the LDAP attribute containing the passkey mapping data of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:647 +msgid "Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:657 +msgid "GROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:661 +msgid "ldap_group_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:664 +msgid "The object class of a group entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:667 +msgid "Default: posixGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:673 +msgid "ldap_group_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:676 +msgid "" +"The LDAP attribute that corresponds to the group name. In an environment " +"with nested groups, this value must be an LDAP attribute which has a unique " +"name for every group. This requirement includes non-POSIX groups in the tree " +"of nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:684 +msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:691 +msgid "ldap_group_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:694 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:704 +msgid "ldap_group_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:707 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:711 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:717 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:720 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:731 +msgid "ldap_group_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:734 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:746 +msgid "ldap_group_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:759 +msgid "ldap_group_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:762 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:767 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:773 +msgid "Default: groupType in the AD provider, otherwise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:780 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:783 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:789 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:799 +msgid "NETGROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:803 +msgid "ldap_netgroup_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:806 +msgid "The object class of a netgroup entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:809 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:813 +msgid "Default: nisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:819 +msgid "ldap_netgroup_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:822 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:826 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:836 +msgid "ldap_netgroup_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:839 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:843 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:847 +msgid "Default: memberNisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:853 +msgid "ldap_netgroup_triple (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:856 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:860 sssd-ldap-attributes.5.xml:876 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:863 +msgid "Default: nisNetgroupTriple" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:869 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:888 +msgid "HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:892 +msgid "ldap_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:895 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:898 sssd-ldap-attributes.5.xml:995 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:904 +msgid "ldap_host_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:907 sssd-ldap-attributes.5.xml:933 +msgid "The LDAP attribute that corresponds to the host's name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:917 +msgid "ldap_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:920 +msgid "" +"The LDAP attribute that corresponds to the host's fully-qualified domain " +"name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:924 +msgid "Default: fqdn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:930 +msgid "ldap_host_serverhostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:937 +msgid "Default: serverHostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:943 +msgid "ldap_host_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:946 +msgid "The LDAP attribute that lists the host's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:956 +msgid "ldap_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:959 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:969 +msgid "ldap_host_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:972 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:985 +msgid "SERVICE ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:989 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:992 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1001 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1004 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1014 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1017 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1021 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1027 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1030 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1034 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1043 +msgid "SUDO ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1047 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1050 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1053 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1059 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1062 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1072 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1075 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1079 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1085 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1088 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1093 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1099 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1102 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1106 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1112 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1115 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1119 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1125 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1128 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1132 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1138 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1141 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1145 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1151 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1154 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1158 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1164 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1167 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1172 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1178 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1181 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1185 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1194 +msgid "AUTOFS ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1201 +msgid "IP HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1205 +msgid "ldap_iphost_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1208 +msgid "The object class of an iphost entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1211 +msgid "Default: ipHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1217 +msgid "ldap_iphost_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1220 +msgid "" +"The LDAP attribute that contains the name of the IP host attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1230 +msgid "ldap_iphost_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1233 +msgid "The LDAP attribute that contains the IP host address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1237 +msgid "Default: ipHostNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1246 +msgid "IP NETWORK ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1250 +msgid "ldap_ipnetwork_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1253 +msgid "The object class of an ipnetwork entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1256 +msgid "Default: ipNetwork" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1262 +msgid "ldap_ipnetwork_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1265 +msgid "" +"The LDAP attribute that contains the name of the IP network attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1275 +msgid "ldap_ipnetwork_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1278 +msgid "The LDAP attribute that contains the IP network address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1282 +msgid "Default: ipNetworkNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_localauth_plugin.8.xml:10 sssd_krb5_localauth_plugin.8.xml:15 +msgid "sssd_krb5_localauth_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_localauth_plugin.8.xml:16 +msgid "Kerberos local authorization plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:22 +msgid "" +"The Kerberos local authorization plugin <command>sssd_krb5_localauth_plugin</" +"command> is used by libkrb5 to either find the local name for a given " +"Kerberos principal or to check if a given local name and a given Kerberos " +"principal relate to each other." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:29 +msgid "" +"SSSD handles the local names for users from a remote source and can read the " +"Kerberos user principal name from the remote source as well. With this " +"information SSSD can easily handle the mappings mentioned above even if the " +"local name and the Kerberos principal differ considerably." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:36 +msgid "" +"Additionally with the information read from the remote source SSSD can help " +"to prevent unexpected or unwanted mappings in case the user part of the " +"Kerberos principal accidentally corresponds to a local name of a different " +"user. By default libkrb5 might just strip the realm part of the Kerberos " +"principal to get the local name which would lead to wrong mappings in this " +"case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd_krb5_localauth_plugin.8.xml:46 +msgid "CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd_krb5_localauth_plugin.8.xml:56 +#, no-wrap +msgid "" +"[plugins]\n" +" localauth = {\n" +" module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so\n" +" }\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:48 +msgid "" +"The Kerberos local authorization plugin must be enabled explicitly in the " +"Kerberos configuration, see <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. SSSD will create a " +"config snippet with the content like e.g. <placeholder " +"type=\"programlisting\" id=\"0\"/> automatically in the SSSD's public " +"Kerberos configuration snippet directory. If this directory is included in " +"the local Kerberos configuration the plugin will be enabled automatically." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:3 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:6 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:9 +msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:16 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:19 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:22 +msgid "" +"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:29 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:32 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:37 +msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:44 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:47 include/autofs_attributes.xml:61 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:51 +msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:58 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:65 +msgid "" +"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise " +"automountInformation" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" + +#. type: Content of: <refentryinfo> +#: include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - https://github." +"com/SSSD/sssd/</orgname>" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:53 +msgid "Failover time outs and tuning" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:55 +msgid "" +"Resolving a server to connect to can be as simple as running a single DNS " +"query or can involve several steps, such as finding the correct site or " +"trying out multiple host names in case some of the configured servers are " +"not reachable. The more complex scenarios can take some time and SSSD needs " +"to balance between providing enough time to finish the resolution process " +"but on the other hand, not trying for too long before falling back to " +"offline mode. If the SSSD debug logs show that the server resolution is " +"timing out before a live server is contacted, you can consider changing the " +"time outs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:76 +msgid "dns_resolver_server_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:80 +msgid "" +"Time in milliseconds that sets how long would SSSD talk to a single DNS " +"server before trying next one." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:90 +msgid "dns_resolver_op_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:94 +msgid "" +"Time in seconds to tell how long would SSSD try to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or discovery domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:106 +msgid "dns_resolver_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:110 +msgid "" +"How long would SSSD try to resolve a failover service. This service " +"resolution internally might include several steps, such as resolving DNS SRV " +"queries or locating the site." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:67 +msgid "" +"This section lists the available tunables. Please refer to their description " +"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:123 +msgid "" +"For LDAP-based providers, the resolve operation is performed as part of an " +"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout</" +"quote> timeout should be set to a larger value than " +"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger " +"value than <quote>dns_resolver_op_timeout</quote> which should be larger " +"than <quote>dns_resolver_server_timeout</quote>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 200,000 and going up to " +"2,000,200,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower (inclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:129 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:139 include/ldap_id_mapping.xml:197 +msgid "Default: 200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:144 +msgid "ldap_idmap_range_max (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:147 +msgid "" +"Specifies the upper (exclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"cannot be used for the mapping anymore, i.e. one larger than the last one " +"which can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:155 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:165 +msgid "Default: 2000200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:170 +msgid "ldap_idmap_range_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:185 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:192 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:202 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:205 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:216 +msgid "ldap_idmap_default_domain (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:219 +msgid "Specify the name of the default domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:227 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:230 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:235 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monotonically with each additional domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:240 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:255 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:258 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:262 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:279 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:287 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:290 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:291 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:292 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:293 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:294 +msgid "Mandatory Label Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:295 +msgid "Authentication Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:296 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:297 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:299 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:303 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote>LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, " +"<quote>MANDATORY LABEL AUTHORITY</quote>, <quote>AUTHENTICATION AUTHORITY</" +"quote>, <quote>NT AUTHORITY</quote> and <quote>BUILTIN</quote> should not be " +"used as domain names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10 +msgid "Currently supported debug levels:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill SSSD, but one that indicates that at least one major " +"feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x20000</emphasis>: Performance and " +"statistical data, please note that due to the way requests are processed " +"internally the logged execution time of a request might be longer than it " +"actually was." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:88 include/debug_levels_tools.xml:62 +msgid "" +"<emphasis>10</emphasis>, <emphasis>0x10000</emphasis>: Even more low-level " +"libldb tracing information. Almost never really required." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:93 include/debug_levels_tools.xml:67 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:97 include/debug_levels_tools.xml:71 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:101 include/debug_levels_tools.xml:75 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:106 include/debug_levels_tools.xml:80 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:110 include/debug_levels_tools.xml:84 +msgid "" +"<emphasis>Default</emphasis>: 0x0070 (i.e. fatal, critical and serious " +"failures; corresponds to setting 2 in decimal notation)" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ldap-attributes</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ad</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +"condition=\"with_files_provider\"> <citerefentry> <refentrytitle>sssd-files</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, </phrase> <phrase " +"condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +"<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> " +"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> </phrase>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:27 +msgid "%l" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "The first letter of the login name." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:32 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:35 +msgid "%o" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:37 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:44 +msgid "" +"The original home directory retrieved from the identity provider, but in " +"lower case." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:49 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:51 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:63 +msgid "This option can also be set per-domain." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:68 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:72 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:76 +msgid "" +"Please note, the home directory from a specific override for the user, " +"either locally (see <citerefentry><refentrytitle>sss_override</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry>) or centrally managed " +"IPA id-overrides, has a higher precedence and will be used instead of the " +"value given by override_homedir." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2 +msgid "MODIFIED DEFAULT OPTIONS" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ad_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and AD provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9 +msgid "KRB5 Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13 +msgid "krb5_validate = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:18 +msgid "krb5_use_enterprise_principal = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:24 +msgid "LDAP Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:28 +msgid "ldap_schema = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38 +msgid "ldap_force_upper_case_realm = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:38 +msgid "ldap_id_mapping = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSS-SPNEGO" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:48 +msgid "ldap_referrals = false" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58 +msgid "ldap_use_tokengroups = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:63 +msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:66 +msgid "" +"The AD provider looks for a different principal than the LDAP provider by " +"default, because in an Active Directory environment the principals are " +"divided into two groups - User Principals and Service Principals. Only User " +"Principal can be used to obtain a TGT and by default, computer object's " +"principal is constructed from its sAMAccountName and the AD realm. The well-" +"known host/hostname@REALM principal is a Service Principal and thus cannot " +"be used to get a TGT with." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:80 +msgid "NSS configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:84 +msgid "fallback_homedir = /home/%d/%u" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:87 +msgid "" +"The AD provider automatically sets \"fallback_homedir = /home/%d/%u\" to " +"provide personal home directories for users without the homeDirectory " +"attribute. If your AD Domain is properly populated with Posix attributes, " +"and you want to avoid this fallback behavior, you can explicitly set " +"\"fallback_homedir = %o\"." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:96 +msgid "" +"Note that the system typically expects a home directory in /home/%u folder. " +"If you decide to use a different directory structure, some other parts of " +"your system may need adjustments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:102 +msgid "" +"For example automated creation of home directories in combination with " +"selinux requires selinux adjustment, otherwise the home directory will be " +"created with wrong selinux context." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ipa_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and IPA provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:18 +msgid "krb5_use_fast = try" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:23 +msgid "krb5_canonicalize = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:29 +msgid "LDAP Provider - General" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:33 +msgid "ldap_schema = ipa_v1" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSSAPI" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:48 +msgid "ldap_sasl_minssf = 56" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ipa" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:64 +msgid "LDAP Provider - User options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:68 +msgid "ldap_user_member_of = memberOf" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:73 +msgid "ldap_user_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:78 +msgid "ldap_user_ssh_public_key = ipaSshPubKey" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:83 +msgid "ldap_user_auth_type = ipaUserAuthType" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:89 +msgid "LDAP Provider - Group options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:93 +msgid "ldap_group_object_class = ipaUserGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:98 +msgid "ldap_group_object_class_alt = posixGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:103 +msgid "ldap_group_member = member" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:108 +msgid "ldap_group_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:113 +msgid "ldap_group_objectsid = ipaNTSecurityIdentifier" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:118 +msgid "ldap_group_external_member = ipaExternalMember" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:3 +msgid "krb5_auth_timeout (integer)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:6 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:17 +msgid "krb5_validate (boolean)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:20 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:29 +msgid "Default: false (IPA and AD provider: true)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:32 +msgid "" +"Please note that the ticket validation is the first step when checking the " +"PAC (see 'pac_check' in the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page for " +"details). If ticket validation is disabled the PAC checks will be skipped as " +"well." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:44 +msgid "krb5_renewable_lifetime (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:47 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:52 include/krb5_options.xml:86 +#: include/krb5_options.xml:123 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:55 include/krb5_options.xml:89 +#: include/krb5_options.xml:126 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:58 include/krb5_options.xml:92 +#: include/krb5_options.xml:129 +msgid "<emphasis>h</emphasis> for hours" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:61 include/krb5_options.xml:95 +#: include/krb5_options.xml:132 +msgid "<emphasis>d</emphasis> for days." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:64 include/krb5_options.xml:135 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:68 include/krb5_options.xml:139 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:73 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:79 +msgid "krb5_lifetime (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:82 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:98 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:102 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:107 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:114 +msgid "krb5_renew_interval (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:117 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:144 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:157 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" diff --git a/src/man/po/fi.po b/src/man/po/fi.po new file mode 100644 index 0000000..c4d7f56 --- /dev/null +++ b/src/man/po/fi.po @@ -0,0 +1,18285 @@ +# Toni Rantala <trantalafilo@gmail.com>, 2017. #zanata +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 2.3.0\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" +"PO-Revision-Date: 2022-03-20 19:16+0000\n" +"Last-Translator: Jan Kuparinen <copper_fin@hotmail.com>\n" +"Language-Team: Finnish <https://translate.fedoraproject.org/projects/sssd/" +"sssd-manpage-master/fi/>\n" +"Language: fi\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" +"X-Generator: Weblate 4.11.2\n" + +#. type: Content of: <reference><title> +#: sssd.conf.5.xml:8 sssd-ldap.5.xml:5 pam_sss.8.xml:5 pam_sss_gss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5 +#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 +#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sssd-krb5.5.xml:5 +#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5 +#: sssd-files.5.xml:5 sssd-session-recording.5.xml:5 sssd-kcm.8.xml:5 +#: sssd-systemtap.5.xml:5 sssd-ldap-attributes.5.xml:5 +#: sssd_krb5_localauth_plugin.8.xml:5 +msgid "SSSD Manual pages" +msgstr "SSSD ohjesivut" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:13 sssd.conf.5.xml:19 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:14 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 +#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +#: sssd-files.5.xml:11 sssd-session-recording.5.xml:11 sssd-systemtap.5.xml:11 +#: sssd-ldap-attributes.5.xml:11 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:15 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 +#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +#: sssd-files.5.xml:12 sssd-session-recording.5.xml:12 sssd-kcm.8.xml:12 +#: sssd-systemtap.5.xml:12 sssd-ldap-attributes.5.xml:12 +msgid "File Formats and Conventions" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:20 +msgid "the configuration file for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:24 +msgid "FILE FORMAT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:32 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:27 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:39 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:44 +msgid "" +"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:50 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:56 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:62 +msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:65 +msgid "" +"The configuration file <filename>sssd.conf</filename> will include " +"configuration snippets using the include directory <filename>conf.d</" +"filename>. This feature is available if SSSD was compiled with libini " +"version 1.3.0 or later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:72 +msgid "" +"Any file placed in <filename>conf.d</filename> that ends in " +"<quote><filename>.conf</filename></quote> and does not begin with a dot " +"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> " +"to configure SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:80 +msgid "" +"The configuration snippets from <filename>conf.d</filename> have higher " +"priority than <filename>sssd.conf</filename> and will override " +"<filename>sssd.conf</filename> when conflicts occur. If several snippets are " +"present in <filename>conf.d</filename>, then they are included in " +"alphabetical order (based on locale). Files included later have higher " +"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, " +"<filename>02_snippet.conf</filename> etc.) can help visualize the priority " +"(higher number means higher priority)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:94 +msgid "" +"The snippet files require the same owner and permissions as <filename>sssd." +"conf</filename>. Which are by default root:root and 0600." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:101 +msgid "GENERAL OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:103 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:107 +msgid "Options usable in all sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:111 +msgid "debug_level (integer)" +msgstr "debug_level (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:115 +msgid "debug (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:118 +msgid "" +"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias " +"for <replaceable>debug_level</replaceable> as a convenience feature. If both " +"are specified, the value of <replaceable>debug_level</replaceable> will be " +"used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:128 +msgid "debug_timestamps (bool)" +msgstr "debug_timestamps (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:131 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 +msgid "Default: true" +msgstr "Oletus:tosi" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:141 +msgid "debug_microseconds (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:144 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 +#: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 +#: include/krb5_options.xml:163 +msgid "Default: false" +msgstr "Oletus:epätosi" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:154 +msgid "debug_backtrace_enabled (bool)" +msgstr "debug_backtrace_enabled (boolean)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:157 +msgid "Enable debug backtrace." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:160 +msgid "" +"In case SSSD is run with debug_level less than 9, everything is logged to a " +"ring buffer in memory and flushed to a log file on any error up to and " +"including `min(0x0040, debug_level)` (i.e. if debug_level is explicitly set " +"to 0 or 1 then only those error levels will trigger backtrace, otherwise up " +"to 2)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:169 +msgid "" +"Feature is only supported for `logger == files` (i.e. setting doesn't have " +"effect for other logger types)." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 +#: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 +#: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 +#: sssd-ldap-attributes.5.xml:890 sssd-ldap-attributes.5.xml:987 +#: sssd-ldap-attributes.5.xml:1045 sssd-ldap-attributes.5.xml:1203 +#: sssd-ldap-attributes.5.xml:1248 include/autofs_attributes.xml:1 +#: include/krb5_options.xml:1 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:182 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:186 +msgid "timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:189 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests. Note " +"that after three missed heartbeats the process will terminate itself." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +msgid "Default: 10" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:206 +msgid "SPECIAL SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:209 +msgid "The [sssd] section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><title> +#: sssd.conf.5.xml:218 +msgid "Section parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:220 +msgid "config_file_version (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:223 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" +"Ilmaisee konfigurointitiedoston syntaksin. SSSD 0.6.0 ja uudemmat käyttävät " +"versiota 2." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:229 +msgid "services" +msgstr "palvelut" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:232 +msgid "" +"Comma separated list of services that are started when sssd itself starts. " +"<phrase condition=\"have_systemd\"> The services' list is optional on " +"platforms where systemd is supported, as they will either be socket or D-Bus " +"activated when needed. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:241 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:249 +msgid "" +"<phrase condition=\"have_systemd\"> By default, all services are disabled " +"and the administrator must enable the ones allowed to be used by executing: " +"\"systemctl enable sssd-@service@.socket\". </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 +msgid "reconnection_retries (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 +#: include/failover.xml:100 +msgid "Default: 3" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:271 +msgid "domains" +msgstr "toimialueet" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:274 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter describes the list of domains in the order you want " +"them to be queried. A domain name is recommended to contain only " +"alphanumeric ASCII characters, dashes, dots and underscores. '/' character " +"is forbidden." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 +msgid "re_expression (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:290 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:295 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN SECTIONS " +"for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 +msgid "full_name_format (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 +msgid "%1$s" +msgstr "%1$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 +msgid "user name" +msgstr "käyttäjänimi" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 +msgid "%2$s" +msgstr "%2$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 +msgid "domain name as specified in the SSSD config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 +msgid "%3$s" +msgstr "%3$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:344 +msgid "" +"Each domain can have an individual format string configured. See DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:350 +msgid "monitor_resolv_conf (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:353 +msgid "" +"Controls if SSSD should monitor the state of resolv.conf to identify when it " +"needs to update its internal DNS resolver." +msgstr "" +"Määrittää, pitäisikö SSSD:n valvoa resolv.conf-tiedoston tilaa " +"tunnistaakseen, milloin sen on päivitettävä sisäinen DNS-selvittäjä." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:363 +msgid "try_inotify (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:366 +msgid "" +"By default, SSSD will attempt to use inotify to monitor configuration files " +"changes and will fall back to polling every five seconds if inotify cannot " +"be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:378 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:382 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:389 +msgid "krb5_rcache_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" +"Tiedostojärjestelmän hakemisto, johon SSSD: n tulisi tallentaa Kerberos-" +"toiston välimuistitiedostot." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:396 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:402 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:409 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:412 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user. Currently the only supported value is '&sssd_user_name;'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:419 +msgid "" +"This option does not work when running socket-activated services, as the " +"user set up to run the processes is set up during compilation time. The way " +"to override the systemd unit files is by creating the appropriate files in /" +"etc/systemd/system/. Keep in mind that any change in the socket user, group " +"or permissions may result in a non-usable SSSD. The same may occur in case " +"of changes of the user running the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:433 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:438 +msgid "default_domain_suffix (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:441 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:451 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False. <phrase condition=\"with_files_provider\"> One exception from " +"this rule are domains with <quote>id_provider=files</quote> that always try " +"to match the behaviour of nss_files and therefore their output is not " +"qualified even when the default_domain_suffix option is used. </phrase>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 +#: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 +#: include/krb5_options.xml:148 +msgid "Default: not set" +msgstr "Oletus: ei asetettu" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:473 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:476 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:485 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "Default: not set (spaces will not be replaced)" +msgstr "Oletus: ei asetettu(välilyöntejä ei korvata)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:498 +msgid "certificate_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:506 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:508 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:516 +msgid "soft_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:518 +msgid "" +"If a connection cannot be established to an OCSP responder the OCSP check is " +"skipped. This option should be used to allow authentication when the system " +"is offline and the OCSP responder cannot be reached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:528 +msgid "ocsp_dgst" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "" +"Digest (hash) function used to create the certificate ID for the OCSP " +"request. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:534 +msgid "sha1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:535 +msgid "sha256" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:536 +msgid "sha384" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:537 +msgid "sha512" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:540 +msgid "Default: sha1 (to allow compatibility with RFC5019-compliant responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:546 +msgid "no_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:548 +msgid "" +"Disables verification completely. This option should only be used for " +"testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "partial_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:556 +msgid "" +"Allow verification to succeed even if a <replaceable>complete</replaceable> " +"chain cannot be built to a self-signed trust-anchor, provided it is possible " +"to construct a chain to a trusted certificate that might not be self-signed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:565 +msgid "ocsp_default_responder=URL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:567 +msgid "" +"Sets the OCSP default responder which should be used instead of the one " +"mentioned in the certificate. URL must be replaced with the URL of the OCSP " +"default responder e.g. http://example.com:80/ocsp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:577 +msgid "ocsp_default_responder_signing_cert=NAME" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:579 +msgid "" +"This option is currently ignored. All needed certificates must be available " +"in the PEM file given by pam_cert_db_path." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:587 +msgid "crl_file=/PATH/TO/CRL/FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:589 +msgid "" +"Use the Certificate Revocation List (CRL) from the given file during the " +"verification of the certificate. The CRL must be given in PEM format, see " +"<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</" +"manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:602 +msgid "soft_crl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:605 +msgid "" +"If a Certificate Revocation List (CRL) is expired ignore the CRL checks for " +"the related certificates. This option should be used to allow authentication " +"when the system is offline and the CRL cannot be renewed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:616 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:619 +msgid "Default: not set, i.e. do not restrict certificate verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:625 +msgid "disable_netlink (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "" +"SSSD hooks into the netlink interface to monitor changes to routes, " +"addresses, links and trigger certain actions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:633 +msgid "" +"The SSSD state changes caused by netlink events may be undesirable and can " +"be disabled by setting this option to 'true'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:638 +msgid "Default: false (netlink changes are detected)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:643 +msgid "enable_files_domain (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:646 +msgid "" +"When this option is enabled, SSSD prepends an implicit domain with " +"<quote>id_provider=files</quote> before any explicitly configured domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:657 +msgid "domain_resolution_order" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:660 +msgid "" +"Comma separated list of domains and subdomains representing the lookup order " +"that will be followed. The list doesn't have to include all possible " +"domains as the missing domains will be looked up based on the order they're " +"presented in the <quote>domains</quote> configuration option. The " +"subdomains which are not listed as part of <quote>lookup_order</quote> will " +"be looked up in a random order for each parent domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:672 +msgid "" +"Please, note that when this option is set the output format of all commands " +"is always fully-qualified even when using short names for input <phrase " +"condition=\"with_files_provider\"> , for all users but the ones managed by " +"the files provider </phrase>. In case the administrator wants the output " +"not fully-qualified, the full_name_format option can be used as shown below: " +"<quote>full_name_format=%1$s</quote> However, keep in mind that during " +"login, login applications often canonicalize the username by calling " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> which, if a shortname is returned for a qualified " +"input (while trying to reach a user which exists in multiple domains) might " +"re-route the login attempt into the domain which uses shortnames, making " +"this workaround totally not recommended in cases where usernames may overlap " +"between domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 +#: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 +msgid "Default: Not set" +msgstr "Oletus: ei asetettu" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:705 +msgid "implicit_pac_responder (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:708 +msgid "" +"The PAC responder is enabled automatically for the IPA and AD provider to " +"evaluate and check the PAC. If it has to be disabled set this option to " +"'false'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:719 +msgid "core_dumpable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:722 +msgid "" +"This option can be used for general system hardening: setting it to 'false' " +"forbids core dumps for all SSSD processes to avoid leaking plain text " +"passwords. See man page prctl:PR_SET_DUMPABLE for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:734 +msgid "passkey_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "user_verification (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:744 +msgid "" +"Enable or disable the user verification (i.e. PIN, fingerprint) during " +"authentication. If enabled, the PIN will always be requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:750 +msgid "" +"The default is that the key settings decide what to do. In the IPA or " +"kerberos pre-authentication case, this value will be overwritten by the " +"server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "" +"With this parameter the passkey verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:211 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:769 +msgid "SERVICES SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:771 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:778 +msgid "General service configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:780 +msgid "These options can be used to configure any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:797 +msgid "fd_limit" +msgstr "fd_limit" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:800 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:814 +msgid "client_idle_timeout" +msgstr "client_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:817 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system. The timeout " +"can't be shorter than 10 seconds. If a lower value is configured, it will be " +"adjusted to 10 seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "Default: 60, KCM: 300" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:831 +msgid "offline_timeout (integer)" +msgstr "offline_timeout (integeri)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:834 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. By " +"default SSSD uses incremental behaviour to calculate delay in between " +"retries. So, the wait time for a given retry will be longer than the wait " +"time for the previous ones. After each unsuccessful attempt to go online, " +"the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 +msgid "" +"new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." +"offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:848 +msgid "" +"The offline_timeout default value is 60. The offline_timeout_max default " +"value is 3600. The offline_timeout_random_offset default value is 30. The " +"end result is amount of seconds before next retry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:854 +msgid "" +"Note that the maximum length of each interval is defined by " +"offline_timeout_max (apart of random part)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 +msgid "Default: 60" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:863 +msgid "offline_timeout_max (integer)" +msgstr "offline_timeout_max (integeri)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:866 +msgid "" +"Controls by how much the time between attempts to go online can be " +"incremented following unsuccessful attempts to go online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:871 +msgid "A value of 0 disables the incrementing behaviour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:874 +msgid "" +"The value of this parameter should be set in correlation to offline_timeout " +"parameter value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "" +"With offline_timeout set to 60 (default value) there is no point in setting " +"offlinet_timeout_max to less than 120 as it will saturate instantly. General " +"rule here should be to set offline_timeout_max to at least 4 times " +"offline_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "" +"Although a value between 0 and offline_timeout may be specified, it has the " +"effect of overriding the offline_timeout value so is of little use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:889 +msgid "Default: 3600" +msgstr "Oletus: 3600" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:894 +msgid "offline_timeout_random_offset (integer)" +msgstr "offline_timeout_random_offset (integeri)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:897 +msgid "" +"When SSSD is in offline mode it keeps probing backend servers in specified " +"time intervals:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:904 +msgid "" +"This parameter controls the value of the random offset used for the above " +"equation. Final random_offset value will be random number in range:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "[0 - offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:912 +msgid "A value of 0 disables the random offset addition." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:915 +msgid "Default: 30" +msgstr "Oletus: 30" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:920 +msgid "responder_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:923 +msgid "" +"This option specifies the number of seconds that an SSSD responder process " +"can be up without being used. This value is limited in order to avoid " +"resource exhaustion on the system. The minimum acceptable value for this " +"option is 60 seconds. Setting this option to 0 (zero) means that no timeout " +"will be set up to the responder. This option only has effect when SSSD is " +"built with systemd support and when services are either socket or D-Bus " +"activated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 +msgid "Default: 300" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:942 +msgid "cache_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 +msgid "" +"This option specifies whether the responder should query all caches before " +"querying the Data Providers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:960 +msgid "NSS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:962 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:967 +msgid "enum_cache_timeout (integer)" +msgstr "enum_cache_timeout (integeri)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:970 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:974 +msgid "Default: 120" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:979 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:982 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:988 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:998 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 +msgid "Default: 50" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1011 +msgid "entry_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 +msgid "Default: 15" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1025 +msgid "local_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1028 +msgid "" +"Specifies for how many seconds nss_sss should keep local users and groups in " +"negative cache before trying to look it up in the back end again. Setting " +"the option to 0 disables this feature." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "Default: 14400 (4 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1039 +msgid "filter_users, filter_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1042 +msgid "" +"Exclude certain users or groups from being fetched from the sss NSS " +"database. This is particularly useful for system accounts. This option can " +"also be set per-domain or include fully-qualified names to filter only users " +"from the particular domain or by a user principal name (UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1050 +msgid "" +"NOTE: The filter_groups option doesn't affect inheritance of nested group " +"members, since filtering happens after they are propagated for returning via " +"NSS. E.g. a group having a member group filtered out will still have the " +"member users of the latter listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1058 +msgid "Default: root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1063 +msgid "filter_users_in_groups (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1066 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1077 +msgid "fallback_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1080 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1085 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1091 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "Esimerkki: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1095 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1101 +msgid "override_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1104 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1116 +msgid "allowed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1119 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1122 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1126 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1131 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1136 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1139 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1146 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1149 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1153 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1158 +msgid "vetoed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1161 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1166 +msgid "shell_fallback (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1169 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1173 +msgid "Default: /bin/sh" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1178 +msgid "default_shell" +msgstr "Oletuskomentorivitulkki" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1181 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1187 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 +msgid "get_domains_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1206 +msgid "memcache_timeout (integer)" +msgstr "memcache_timeout (integeri)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1209 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid. Setting this option to zero will disable the in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1217 +msgid "" +"WARNING: Disabling the in-memory cache will have significant negative impact " +"on SSSD's performance and should only be used for testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1231 +msgid "memcache_size_passwd (integer)" +msgstr "memcache_size_passwd (integeri)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1234 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for passwd requests. Setting the size to 0 will disable the passwd in-" +"memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 +msgid "" +"WARNING: Disabled or too small in-memory cache can have significant negative " +"impact on SSSD's performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1256 +msgid "memcache_size_group (integer)" +msgstr "memcache_size_group (integeri)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1259 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for group requests. Setting the size to 0 will disable the group in-memory " +"cache." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 +#: include/krb5_options.xml:11 +msgid "Default: 6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1281 +msgid "memcache_size_initgroups (integer)" +msgstr "memcache_size_initgroups (integeri)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1284 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for initgroups requests. Setting the size to 0 will disable the initgroups " +"in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1306 +#, fuzzy +#| msgid "memcache_size_passwd (integer)" +msgid "memcache_size_sid (integer)" +msgstr "memcache_size_passwd (integeri)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1309 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for SID related requests. Only SID-by-ID and ID-by-SID requests are " +"currently cached in fast in-memory cache. Setting the size to 0 will " +"disable the SID in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1336 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1349 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1354 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1359 +msgid "pwfield (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1362 +msgid "" +"The value that NSS operations that return users or groups will return for " +"the <quote>password</quote> field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1367 +msgid "Default: <quote>*</quote>" +msgstr "Oletus: <quote>*</quote>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1370 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[nss] section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1374 +msgid "" +"Default: <quote>not set</quote> (remote domains), <phrase " +"condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" +"phrase> <quote>x</quote> (proxy domain with nss_files and sssd-shadowutils " +"target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1386 +msgid "PAM configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1388 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1393 +msgid "offline_credentials_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1396 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 +msgid "Default: 0 (No limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1407 +msgid "offline_failed_login_attempts (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1410 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1420 +msgid "offline_failed_login_delay (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1423 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1428 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 +msgid "Default: 5" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1440 +msgid "pam_verbosity (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1443 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1448 +msgid "Currently sssd supports the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1451 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1454 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1458 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1465 sssd.8.xml:63 +msgid "Default: 1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1471 +msgid "pam_response_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1474 +msgid "" +"A comma separated list of strings which allows to remove (filter) data sent " +"by the PAM responder to pam_sss PAM module. There are different kind of " +"responses sent to pam_sss e.g. messages displayed to the user or environment " +"variables which should be set by pam_sss." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1482 +msgid "" +"While messages already can be controlled with the help of the pam_verbosity " +"option this option allows to filter out other kind of responses as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1489 +msgid "ENV" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1490 +msgid "Do not send any environment variables to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1493 +msgid "ENV:var_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1494 +msgid "Do not send environment variable var_name to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1498 +msgid "ENV:var_name:service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1499 +msgid "Do not send environment variable var_name to service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1487 +msgid "" +"Currently the following filters are supported: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1506 +msgid "" +"The list of strings can either be the list of filters which would set this " +"list of filters and overwrite the defaults. Or each element of the list can " +"be prefixed by a '+' or '-' character which would add the filter to the " +"existing default or remove it from the defaults, respectively. Please note " +"that either all list elements must have a '+' or '-' prefix or none. It is " +"considered as an error to mix both styles." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1517 +msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1520 +msgid "" +"Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1527 +msgid "pam_id_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1530 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1536 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1550 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1556 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1567 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 +msgid "Default: 0" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1589 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1592 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to run PAM conversations against trusted domains. Users not " +"included in this list can only access domains marked as public with " +"<quote>pam_public_domains</quote>. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 +msgid "Default: All users are considered trusted by default" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1606 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1620 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1624 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1628 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 +msgid "Default: none" +msgstr "Oletus: ei mitään" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1637 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1640 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbosity is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1653 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1662 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1665 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1672 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1681 +msgid "pam_passkey_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 +msgid "Enable passkey device based authentication." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 +msgid "Default: False" +msgstr "Oletus:epätosi" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1692 +msgid "passkey_debug_libfido2 (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1695 +msgid "Enable libfido2 library debug messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1703 +msgid "pam_cert_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1706 +msgid "" +"Enable certificate based Smartcard authentication. Since this requires " +"additional communication with the Smartcard which will delay the " +"authentication process this option is disabled by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1717 +msgid "pam_cert_db_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1720 +msgid "The path to the certificate database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 +msgid "Default:" +msgstr "Oletus:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 +msgid "" +"/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " +"certificates in PEM format)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1735 +msgid "pam_cert_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1738 +msgid "" +"With this parameter the PAM certificate verification can be tuned with a " +"comma separated list of options that override the " +"<quote>certificate_verification</quote> value in <quote>[sssd]</quote> " +"section. Supported options are the same of <quote>certificate_verification</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1749 +#, no-wrap +msgid "" +"pam_cert_verification = partial_chain\n" +" " +msgstr "" +"pam_cert_verification = partial_chain\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1753 +msgid "" +"Default: not set, i.e. use default <quote>certificate_verification</quote> " +"option defined in <quote>[sssd]</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1760 +msgid "p11_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1763 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1772 +#, fuzzy +#| msgid "entry_cache_timeout (integer)" +msgid "passkey_child_timeout (integer)" +msgstr "entry_cache_timeout (integeri)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1775 +msgid "" +"How many seconds will the PAM responder wait for passkey_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1784 +msgid "pam_app_services (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1787 +msgid "" +"Which PAM services are permitted to contact domains of type " +"<quote>application</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1796 +msgid "pam_p11_allowed_services (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1799 +msgid "" +"A comma-separated list of PAM service names for which it will be allowed to " +"use Smartcards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1814 +#, no-wrap +msgid "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1803 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in order " +"to replace a default PAM service name for authentication with Smartcards (e." +"g. <quote>login</quote>) with a custom PAM service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd-ad.5.xml:869 sssd-ad.5.xml:947 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 +msgid "login" +msgstr "kirjautuminen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1863 +msgid "gnome-screensaver" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1871 +msgid "p11_wait_for_card_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1874 +msgid "" +"If Smartcard authentication is required how many extra seconds in addition " +"to p11_child_timeout should the PAM responder wait until a Smartcard is " +"inserted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1885 +msgid "p11_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1888 +msgid "" +"PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " +"selection of devices used for Smartcard authentication. By default SSSD's " +"p11_child will search for a PKCS#11 slot (reader) where the 'removable' " +"flags is set and read the certificates from the inserted token from the " +"first slot found. If multiple readers are connected p11_uri can be used to " +"tell p11_child to use a specific reader." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1901 +#, no-wrap +msgid "" +"p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1905 +#, no-wrap +msgid "" +"p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1899 +msgid "" +"Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " +"type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " +"debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' " +"with e.g. the '--list-all' will show PKCS#11 URIs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1918 +msgid "pam_initgroups_scheme" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1926 +msgid "always" +msgstr "aina" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1927 +msgid "" +"Always do an online lookup, please note that pam_id_timeout still applies" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1931 +msgid "no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1932 +msgid "" +"Only do an online lookup if there is no active session of the user, i.e. if " +"the user is currently not logged in" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1937 +msgid "never" +msgstr "Ei koskaan" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1938 +msgid "" +"Never force an online lookup, use the data from the cache as long as they " +"are not expired" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1921 +msgid "" +"The PAM responder can force an online lookup to get the current group " +"memberships of the user trying to log in. This option controls when this " +"should be done and the following values are allowed: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1945 +msgid "Default: no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 +msgid "pam_gssapi_services" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1953 +msgid "" +"Comma separated list of PAM services that are allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1958 +msgid "" +"To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[pam] section. It can also be set for trusted domain which overwrites the " +"value in the domain section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1970 +#, no-wrap +msgid "" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" +"pam_gssapi_services = sudo, sudo-i\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "Esimerkki: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1974 +msgid "Default: - (GSSAPI authentication is disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 +msgid "pam_gssapi_check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1982 +msgid "" +"If True, SSSD will require that the Kerberos user principal that " +"successfully authenticated through GSSAPI can be associated with the user " +"who is being authenticated. Authentication will fail if the check fails." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1989 +msgid "" +"If False, every user that is able to obtained required service ticket will " +"be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 +#: sssd-files.5.xml:145 +msgid "Default: True" +msgstr "Oletus:tosi" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2004 +msgid "pam_gssapi_indicators_map" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2007 +msgid "" +"Comma separated list of authentication indicators required to be present in " +"a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2013 +msgid "" +"Each element of the list can be either an authentication indicator name or a " +"pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " +"service name will be required to access any PAM service configured to be " +"used with <option>pam_gssapi_services</option>. A resulting list of " +"indicators per PAM service is then checked against indicators in the " +"Kerberos ticket during authentication by pam_sss_gss.so. Any indicator from " +"the ticket that matches the resulting list of indicators for the PAM service " +"would grant access. If none of the indicators in the list match, access will " +"be denied. If the resulting list of indicators for the PAM service is empty, " +"the check will not prevent the access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"To disable GSSAPI authentication indicator check, set this option to <quote>-" +"</quote> (dash). To disable the check for a specific PAM service, add " +"<quote>service:-</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "" +"Following authentication indicators are supported by IPA Kerberos " +"deployments:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"pkinit -- pre-authentication using X.509 certificates -- whether stored in " +"files or on smart cards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2043 +msgid "" +"hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " +"FAST channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2046 +msgid "radius -- pre-authentication with the help of a RADIUS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2049 +msgid "" +"otp -- pre-authentication using integrated two-factor authentication (2FA or " +"one-time password, OTP) in IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2052 +msgid "idp -- pre-authentication using external identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:2062 +#, no-wrap +msgid "" +"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2057 +msgid "" +"Example: to require access to SUDO services only for users which obtained " +"their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " +"set <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2066 +msgid "Default: not set (use of authentication indicators is not required)" +msgstr "Oletus: ei asetettu(todennusindikaattoreiden käyttöä ei vaadita)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2074 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2076 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2093 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2096 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2108 +msgid "sudo_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2111 +msgid "" +"Maximum number of expired rules that can be refreshed at once. If number of " +"expired rules is below threshold, those rules are refreshed with " +"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a " +"<quote>full refresh</quote> of sudo rules is triggered instead. This " +"threshold number also applies to IPA sudo command and command group searches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2130 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2132 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2136 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2139 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2155 +msgid "SSH configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2157 +msgid "These options can be used to configure the SSH service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2161 +msgid "ssh_hash_known_hosts (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2164 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2173 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2176 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2180 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2185 +msgid "ssh_use_certificate_keys (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2188 +msgid "" +"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " +"keys derived from the public key of X.509 certificates stored in the user " +"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2203 +msgid "ssh_use_certificate_matching_rules (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2206 +msgid "" +"By default the ssh responder will use all available certificate matching " +"rules to filter the certificates so that ssh keys are only derived from the " +"matching ones. With this option the used rules can be restricted with a " +"comma separated list of mapping and matching rule names. All other rules " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2215 +msgid "" +"There are two special key words 'all_rules' and 'no_rules' which will enable " +"all or no rules, respectively. The latter means that no certificates will be " +"filtered out and ssh keys will be generated from all valid certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2222 +msgid "" +"If no rules are configured using 'all_rules' will enable a default rule " +"which enables all certificates suitable for client authentication. This is " +"the same behavior as for the PAM responder if certificate authentication is " +"enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2229 +msgid "" +"A non-existing rule name is considered an error. If as a result no rule is " +"selected all certificates will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2234 +msgid "" +"Default: not set, equivalent to 'all_rules', all found rules or the default " +"rule are used" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2240 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2243 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2263 +msgid "PAC responder configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2265 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. If " +"the PAC is decoded and evaluated some of the following operations are done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2274 +msgid "" +"If the remote user does not exist in the cache, it is created. The UID is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"GID will have the same value as the UID. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2282 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2288 +msgid "These options can be used to configure the PAC responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 +msgid "allowed_uids (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2295 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2301 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2305 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2314 +msgid "pac_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2317 +msgid "" +"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " +"data can be used to determine the group memberships of a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2327 +msgid "pac_check (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2330 +msgid "" +"Apply additional checks on the PAC of the Kerberos ticket which is available " +"in Active Directory and FreeIPA domains, if configured. Please note that " +"Kerberos ticket validation must be enabled to be able to check the PAC, i.e. " +"the krb5_validate option must be set to 'True' which is the default for the " +"IPA and AD provider. If krb5_validate is set to 'False' the PAC checks will " +"be skipped." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2344 +msgid "no_check" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2346 +msgid "" +"The PAC must not be present and even if it is present no additional checks " +"will be done." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2352 +#, fuzzy +#| msgid "present" +msgid "pac_present" +msgstr "nykyinen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2354 +msgid "" +"The PAC must be present in the service ticket which SSSD will request with " +"the help of the user's TGT. If the PAC is not available the authentication " +"will fail." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2362 +msgid "check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2364 +msgid "" +"If the PAC is present check if the user principal name (UPN) information is " +"consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2370 +msgid "check_upn_allow_missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2372 +msgid "" +"This option should be used together with 'check_upn' and handles the case " +"where a UPN is set on the server-side but is not read by SSSD. The typical " +"example is a FreeIPA domain where 'ldap_user_principal' is set to a not " +"existing attribute name. This was typically done to work-around issues in " +"the handling of enterprise principals. But this is fixed since quite some " +"time and FreeIPA can handle enterprise principals just fine and there is no " +"need anymore to set 'ldap_user_principal'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2384 +msgid "" +"Currently this option is set by default to avoid regressions in such " +"environments. A log message will be added to the system log and SSSD's debug " +"log in case a UPN is found in the PAC but not in SSSD's cache. To avoid this " +"log message it would be best to evaluate if the 'ldap_user_principal' option " +"can be removed. If this is not possible, removing 'check_upn' will skip the " +"test and avoid the log message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2398 +msgid "upn_dns_info_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2400 +msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2405 +msgid "check_upn_dns_info_ex" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2407 +msgid "" +"If the PAC is present and the extension to the UPN-DNS-INFO buffer is " +"available check if the information in the extension is consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2414 +msgid "upn_dns_info_ex_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2416 +msgid "" +"The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " +"'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2340 +msgid "" +"The following options can be used alone or in a comma-separated list: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2426 +msgid "" +"Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " +"check_upn_dns_info_ex')" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2435 +msgid "Session recording configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2437 +msgid "" +"Session recording works in conjunction with <citerefentry> " +"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>, a part of tlog package, to log what users see and type when " +"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-" +"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2450 +msgid "These options can be used to configure session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 +msgid "scope (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 +msgid "\"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 +msgid "No users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 +msgid "\"some\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 +msgid "" +"Users/groups specified by <replaceable>users</replaceable> and " +"<replaceable>groups</replaceable> options are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 +msgid "\"all\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 +msgid "All users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 +msgid "" +"One of the following strings specifying the scope of session recording: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 +msgid "Default: \"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 +msgid "users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 +msgid "" +"A comma-separated list of users which should have session recording enabled. " +"Matches user names as returned by NSS. I.e. after the possible space " +"replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 +msgid "Default: Empty. Matches no users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 +msgid "groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 +msgid "" +"A comma-separated list of groups, members of which should have session " +"recording enabled. Matches group names as returned by NSS. I.e. after the " +"possible space replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 +#: sssd-session-recording.5.xml:161 +msgid "" +"NOTE: using this option (having it set to anything) has a considerable " +"performance cost, because each uncached request for a user requires " +"retrieving and matching the groups the user is member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 +msgid "Default: Empty. Matches no groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 +msgid "exclude_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 +msgid "" +"A comma-separated list of users to be excluded from recording, only " +"applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 +msgid "Default: Empty. No users excluded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 +msgid "exclude_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 +msgid "" +"A comma-separated list of groups, members of which should be excluded from " +"recording. Only applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 +msgid "Default: Empty. No groups excluded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2568 +msgid "DOMAIN SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2575 +msgid "enabled" +msgstr "käytössä" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2578 +msgid "" +"Explicitly enable or disable the domain. If <quote>true</quote>, the domain " +"is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " +"always <quote>disabled</quote>. If this option is not set, the domain is " +"enabled only if it is listed in the domains option in the <quote>[sssd]</" +"quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2590 +msgid "domain_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2593 +msgid "" +"Specifies whether the domain is meant to be used by POSIX-aware clients such " +"as the Name Service Switch or by applications that do not need POSIX data to " +"be present or generated. Only objects from POSIX domains are available to " +"the operating system interfaces and utilities." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2601 +msgid "" +"Allowed values for this option are <quote>posix</quote> and " +"<quote>application</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2605 +msgid "" +"POSIX domains are reachable by all services. Application domains are only " +"reachable from the InfoPipe responder (see <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>) and the PAM responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2613 +msgid "" +"NOTE: The application domains are currently well tested with " +"<quote>id_provider=ldap</quote> only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2617 +msgid "" +"For an easy way to configure a non-POSIX domains, please see the " +"<quote>Application domains</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2621 +msgid "Default: posix" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2627 +msgid "min_id,max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2630 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2635 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2642 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2646 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2652 +msgid "enumerate (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2655 +msgid "" +"Determines if a domain can be enumerated, that is, whether the domain can " +"list all the users and group it contains. Note that it is not required to " +"enable enumeration in order for secondary groups to be displayed. This " +"parameter can have one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2663 +msgid "TRUE = Users and groups are enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2666 +msgid "FALSE = No enumerations for this domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 +msgid "Default: FALSE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2672 +msgid "" +"Enumerating a domain requires SSSD to download and store ALL user and group " +"entries from the remote server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2677 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed. This can lead to the <quote>sssd_be</" +"quote> process becoming unresponsive or even restarted by the internal " +"watchdog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2692 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2697 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2705 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2713 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2720 +msgid "all" +msgstr "kaikki" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2721 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2724 +msgid "none" +msgstr "Ei mitään" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2725 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2716 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2739 +msgid "entry_cache_timeout (integer)" +msgstr "entry_cache_timeout (integeri)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2742 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2746 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2759 +msgid "Default: 5400" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2765 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2768 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2778 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2781 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2791 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2794 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2804 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2807 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2817 +msgid "entry_cache_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2820 +msgid "" +"How many seconds should nss_sss consider hosts and networks entries valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2831 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2834 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2844 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2847 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2858 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2861 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2872 +msgid "entry_cache_computer_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2875 +msgid "" +"How many seconds to keep the local computer entry before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2885 +msgid "refresh_expired_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2888 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2893 +msgid "" +"The background refresh will process users, groups and netgroups in the " +"cache. For users who have performed the initgroups (get group membership for " +"user, typically ran at login) operation in the past, both the user entry " +"and the group membership are updated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2901 +msgid "This option is automatically inherited for all trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2905 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2909 +msgid "" +"Cache entry will be refreshed by background task when 2/3 of cache timeout " +"has already passed. If there are existing cached entries, the background " +"task will refer to their original cache timeout values instead of current " +"configuration value. This may lead to a situation in which background " +"refresh task appears to not be working. This is done by design to improve " +"offline mode operation and reuse of existing valid cache entries. To make " +"this change instant the user may want to manually invalidate existing cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 +#: sssd-ipa.5.xml:270 +msgid "Default: 0 (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2928 +msgid "cache_credentials (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2942 +msgid "" +"Take a note that while credentials are stored as a salted SHA512 hash, this " +"still potentially poses some security risk in case an attacker manages to " +"get access to a cache file (normally requires privileged access) and to " +"break a password using brute force attack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2956 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2959 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2966 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2977 +msgid "account_cache_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2980 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2987 +msgid "Default: 0 (unlimited)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2992 +msgid "pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3003 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3010 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3016 +msgid "id_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3019 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3023 +msgid "<quote>proxy</quote>: Support a legacy NSS provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3026 +msgid "" +"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" +"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on how to mirror local users and groups into SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3034 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3062 +msgid "use_fully_qualified_names (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3065 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3070 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3078 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3085 +msgid "" +"Default: FALSE (TRUE for trusted domain/sub-domains or if " +"default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3092 +msgid "ignore_group_members (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3095 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3098 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3116 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 +msgid "" +"This option can be also set per subdomain or inherited via " +"<emphasis>subdomain_inherit</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3132 +msgid "auth_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3135 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3146 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3170 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3173 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3176 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3182 +msgid "access_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3185 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3191 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3194 +msgid "<quote>deny</quote> always deny access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3221 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3228 +msgid "" +"<quote>krb5</quote>: .k5login based access control. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3235 +msgid "<quote>proxy</quote> for relaying access control to another PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3238 +msgid "Default: <quote>permit</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3243 +msgid "chpass_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3246 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3251 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3259 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3284 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3288 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3291 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3298 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3301 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3305 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3313 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3317 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3321 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3328 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3343 +msgid "" +"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " +"background unless the sudo provider is explicitly disabled. Set " +"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related " +"activity in SSSD if you do not want to use sudo with SSSD at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3353 +msgid "selinux_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3356 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3362 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3370 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3373 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3379 +msgid "subdomains_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3382 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3388 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3397 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3406 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3416 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3419 +msgid "" +"The provider which configures and manages user session related tasks. The " +"only user session task currently provided is the integration with Fleet " +"Commander, which works only with IPA. Supported session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3426 +msgid "<quote>ipa</quote> to allow performing user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3430 +msgid "" +"<quote>none</quote> does not perform any kind of user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3434 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can perform " +"session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3438 +msgid "" +"<emphasis>NOTE:</emphasis> In order to have this feature working as expected " +"SSSD must be running as \"root\" and not as the unprivileged user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3446 +msgid "autofs_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3449 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3453 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3460 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3468 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3477 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3487 +msgid "hostid_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3490 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3494 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3502 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3512 +msgid "resolver_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3515 +msgid "" +"The provider which should handle hosts and networks lookups. Supported " +"resolver providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3519 +msgid "" +"<quote>proxy</quote> to forward lookups to another NSS library. See " +"<quote>proxy_resolver_lib_name</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3523 +msgid "" +"<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3530 +msgid "" +"<quote>ad</quote> to fetch hosts and networks stored in AD. See " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring the AD " +"provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3538 +msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3551 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3560 +msgid "" +"Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" +"[^@]+))$</quote> which allows two different styles for user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 +msgid "username" +msgstr "käyttäjänimi" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 +msgid "username@domain.name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3573 +msgid "" +"Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" +"name>[^@\\\\]+)))$</quote> which allows three different styles for user " +"names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3585 +msgid "domain\\username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3588 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3593 +msgid "" +"The default re_expression uses the <quote>@</quote> character as a separator " +"between the name and the domain. As a result of this setting the default " +"does not accept the <quote>@</quote> character in short names (as it is " +"allowed in Windows group names). If a user wishes to use short names with " +"<quote>@</quote> they must create their own re_expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3645 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3651 +msgid "lookup_family_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3654 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3658 +msgid "Supported values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3661 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3664 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3667 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3670 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3673 +msgid "Default: ipv4_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3679 +msgid "dns_resolver_server_timeout (integer)" +msgstr "dns_resolver_server_timeout (integeri)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3682 +msgid "" +"Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " +"server before trying next DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3687 +msgid "" +"The AD provider will use this option for the CLDAP ping timeouts as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 +msgid "" +"Please see the section <quote>FAILOVER</quote> for more information about " +"the service resolution." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 +msgid "Default: 1000" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3702 +msgid "dns_resolver_op_timeout (integer)" +msgstr "dns_resolver_op_timeout (integeri)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3705 +msgid "" +"Defines the amount of time (in seconds) to wait to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or DNS discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3722 +msgid "dns_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3725 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the " +"internal fail over service before assuming that the service is unreachable. " +"If this timeout is reached, the domain will continue to operate in offline " +"mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3743 +#, fuzzy +#| msgid "dns_resolver_server_timeout (integer)" +msgid "dns_resolver_use_search_list (bool)" +msgstr "dns_resolver_server_timeout (integeri)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3746 +msgid "" +"Normally, the DNS resolver searches the domain list defined in the " +"\"search\" directive from the resolv.conf file. This can lead to delays in " +"environments with improperly configured DNS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3752 +msgid "" +"If fully qualified domain names (or _srv_) are used in the SSSD " +"configuration, setting this option to FALSE can prevent unnecessary DNS " +"lookups in such environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3758 +#, fuzzy +#| msgid "Default: True" +msgid "Default: TRUE" +msgstr "Oletus:tosi" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3764 +msgid "dns_discovery_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3767 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3771 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3777 +msgid "override_gid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3780 +msgid "Override the primary GID value with the one specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3786 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3793 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3796 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3802 +msgid "False" +msgstr "epätosi" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3804 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3808 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3811 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3819 +msgid "" +"If you want to set this value for trusted domain with IPA provider, you need " +"to set it on both the client and SSSD on the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3789 +msgid "" +"Treat user and group names as case sensitive. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3834 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3840 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3843 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3849 +#, fuzzy +#| msgid "ldap_purge_cache_timeout" +msgid "ldap_search_timeout" +msgstr "ldap_purge_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3852 +#, fuzzy +#| msgid "client_idle_timeout" +msgid "ldap_network_timeout" +msgstr "client_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3855 +#, fuzzy +#| msgid "ldap_purge_cache_timeout" +msgid "ldap_opt_timeout" +msgstr "ldap_purge_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3858 +#, fuzzy +#| msgid "client_idle_timeout" +msgid "ldap_offline_timeout" +msgstr "client_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3861 +#, fuzzy +#| msgid "client_idle_timeout" +msgid "ldap_enumeration_refresh_timeout" +msgstr "client_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3864 +msgid "ldap_enumeration_refresh_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3867 +msgid "ldap_purge_cache_timeout" +msgstr "ldap_purge_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3870 +#, fuzzy +#| msgid "ldap_purge_cache_timeout" +msgid "ldap_purge_cache_offset" +msgstr "ldap_purge_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3873 +msgid "" +"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " +"is not set explicitly)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3877 +msgid "ldap_krb5_ticket_lifetime" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3880 +#, fuzzy +#| msgid "client_idle_timeout" +msgid "ldap_enumeration_search_timeout" +msgstr "client_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3883 +#, fuzzy +#| msgid "client_idle_timeout" +msgid "ldap_connection_expire_timeout" +msgstr "client_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3886 +#, fuzzy +#| msgid "client_idle_timeout" +msgid "ldap_connection_expire_offset" +msgstr "client_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3889 +#, fuzzy +#| msgid "client_idle_timeout" +msgid "ldap_connection_idle_timeout" +msgstr "client_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 +msgid "ldap_use_tokengroups" +msgstr "ldap_use_tokengroups" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3895 +msgid "ldap_user_principal" +msgstr "ldap_user_principal" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3898 +msgid "ignore_group_members" +msgstr "ignore_group_members" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3901 +msgid "auto_private_groups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3904 +msgid "case_sensitive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:3909 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3916 +msgid "Note: This option only works with the IPA and AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3923 +msgid "subdomain_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3934 +msgid "%F" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3935 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3926 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3940 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3944 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3949 +msgid "realmd_tags (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3952 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3958 +msgid "cached_auth_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3961 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode. If the credentials are incorrect, SSSD falls back to online " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3969 +msgid "" +"This option's value is inherited by all trusted domains. At the moment it is " +"not possible to set a different value per trusted domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3974 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3978 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "ldap_user_principal" +msgid "local_auth_policy (string)" +msgstr "ldap_user_principal" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: true" +msgid "Default: match" +msgstr "Oletus:tosi" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 +msgid "auto_private_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4050 +msgid "true" +msgstr "tosi" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4053 +msgid "" +"Create user's private group unconditionally from user's UID number. The GID " +"number is ignored in this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4057 +msgid "" +"NOTE: Because the GID number and the user private group are inferred from " +"the UID number, it is not supported to have multiple entries with the same " +"UID or GID number with this option. In other words, enabling this option " +"enforces uniqueness across the ID space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4066 +msgid "false" +msgstr "epätosi" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4069 +msgid "" +"Always use the user's primary GID number. The GID number must refer to a " +"group object in the LDAP database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4075 +msgid "hybrid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4078 +msgid "" +"A primary group is autogenerated for user entries whose UID and GID numbers " +"have the same value and at the same time the GID number does not correspond " +"to a real group object in LDAP. If the values are the same, but the primary " +"GID in the user entry is also used by a group object, the primary GID of the " +"user resolves to that group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4091 +msgid "" +"If the UID and GID of a user are different, then the GID must correspond to " +"a group entry, otherwise the GID is simply not resolvable." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4098 +msgid "" +"This feature is useful for environments that wish to stop maintaining a " +"separate group objects for the user private groups, but also wish to retain " +"the existing user private groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4047 +msgid "" +"This option takes any of three available values: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4110 +msgid "" +"For subdomains, the default value is False for subdomains that use assigned " +"POSIX IDs and True for subdomains that use automatic ID-mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4118 +#, no-wrap +msgid "" +"[domain/forest.domain/sub.domain]\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4124 +#, no-wrap +msgid "" +"[domain/forest.domain]\n" +"subdomain_inherit = auto_private_groups\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4115 +msgid "" +"The value of auto_private_groups can either be set per subdomains in a " +"subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " +"globally for all subdomains in the main domain section using the " +"subdomain_inherit option: <placeholder type=\"programlisting\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2570 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4139 +msgid "proxy_pam_target (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4142 +msgid "The proxy target PAM proxies to." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4145 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4155 +msgid "proxy_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4158 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4168 +msgid "proxy_resolver_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4171 +msgid "" +"The name of the NSS library to use for hosts and networks lookups in proxy " +"domains. The NSS functions searched for in the library are in the form of " +"_nss_$(libName)_$(function), for example _nss_dns_gethostbyname2_r." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4182 +msgid "proxy_fast_alias (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4185 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4199 +msgid "proxy_max_children (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4202 +msgid "" +"This option specifies the number of pre-forked proxy children. It is useful " +"for high-load SSSD environments where sssd may run out of available child " +"slots, which would cause some issues due to the requests being queued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4135 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:4218 +msgid "Application domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4220 +msgid "" +"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " +"applications as a gateway to an LDAP directory where users and groups are " +"stored. However, contrary to the traditional SSSD deployment where all users " +"and groups either have POSIX attributes or those attributes can be inferred " +"from the Windows SIDs, in many cases the users and groups in the application " +"support scenario have no POSIX attributes. Instead of setting a " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the " +"administrator can set up an <quote>[application/<replaceable>NAME</" +"replaceable>]</quote> section that internally represents a domain with type " +"<quote>application</quote> optionally inherits settings from a tradition " +"SSSD domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4240 +msgid "" +"Please note that the application domain must still be explicitly enabled in " +"the <quote>domains</quote> parameter so that the lookup order between the " +"application domain and its POSIX sibling domain is set correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:4246 +msgid "Application domain parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4248 +msgid "inherit_from (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4251 +msgid "" +"The SSSD POSIX-type domain the application domain inherits all settings " +"from. The application domain can moreover add its own settings to the " +"application settings that augment or override the <quote>sibling</quote> " +"domain settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4265 +msgid "" +"The following example illustrates the use of an application domain. In this " +"setup, the POSIX domain is connected to an LDAP server and is used by the OS " +"through the NSS responder. In addition, the application domain also requests " +"the telephoneNumber attribute, stores it as the phone attribute in the cache " +"and makes the phone attribute reachable through the D-Bus interface." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> +#: sssd.conf.5.xml:4273 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = appdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +phone\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/appdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = phone:telephoneNumber\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4293 +msgid "TRUSTED DOMAIN SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4295 +msgid "" +"Some options used in the domain section can also be used in the trusted " +"domain section, that is, in a section called <quote>[domain/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</" +"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base " +"domain. Please refer to examples below for explanation. Currently supported " +"options in the trusted domain section are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4302 +msgid "ldap_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4303 +msgid "ldap_user_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4304 +msgid "ldap_group_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4305 +msgid "ldap_netgroup_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4306 +msgid "ldap_service_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4307 +msgid "ldap_sasl_mech," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4308 +msgid "ad_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4309 +msgid "ad_backup_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4310 +msgid "ad_site," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 +msgid "use_fully_qualified_names" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4315 +msgid "" +"For more details about these options see their individual description in the " +"manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4321 +msgid "CERTIFICATE MAPPING SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4323 +msgid "" +"To allow authentication with Smartcards and certificates SSSD must be able " +"to map certificates to users. This can be done by adding the full " +"certificate to the LDAP object of the user or to a local override. While " +"using the full certificate is required to use the Smartcard authentication " +"feature of SSH (see <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> for details) it " +"might be cumbersome or not even possible to do this for the general case " +"where local services use PAM for authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4337 +msgid "" +"To make the mapping more flexible mapping and matching rules were added to " +"SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4346 +msgid "" +"A mapping and matching rule can be added to the SSSD configuration in a " +"section on its own with a name like <quote>[certmap/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</" +"replaceable>]</quote>. In this section the following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4353 +msgid "matchrule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4356 +msgid "" +"Only certificates from the Smartcard which matches this rule will be " +"processed, all others are ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4360 +msgid "" +"Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " +"Extended Key Usage <quote>clientAuth</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4367 +msgid "maprule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4370 +msgid "Defines how the user is found for a given certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4376 +msgid "" +"LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " +"<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4382 +msgid "" +"The RULE_NAME for the <quote>files</quote> provider which tries to find a " +"user with the same name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4391 +msgid "domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4394 +msgid "" +"Comma separated list of domain names the rule should be applied. By default " +"a rule is only valid in the domain configured in sssd.conf. If the provider " +"supports subdomains this option can be used to add the rule to subdomains as " +"well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4401 +msgid "Default: the configured domain in sssd.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4406 +msgid "priority (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4409 +msgid "" +"Unsigned integer value defining the priority of the rule. The higher the " +"number the lower the priority. <quote>0</quote> stands for the highest " +"priority while <quote>4294967295</quote> is the lowest." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4415 +msgid "Default: the lowest priority" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4421 +msgid "" +"To make the configuration simple and reduce the amount of configuration " +"options the <quote>files</quote> provider has some special properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4427 +msgid "" +"if maprule is not set the RULE_NAME name is assumed to be the name of the " +"matching user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4433 +msgid "" +"if a maprule is used both a single user name or a template like " +"<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " +"<quote>(username)</quote> or <quote>({subject_rfc822_name.short_name})</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4442 +msgid "the <quote>domains</quote> option is ignored" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4450 +msgid "PROMPTING CONFIGURATION SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4452 +msgid "" +"If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" +"filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " +"which authentication methods are available for the user trying to log in. " +"Based on the results pam_sss will prompt the user for appropriate " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4460 +msgid "" +"With the growing number of authentication methods and the possibility that " +"there are multiple ones for a single user the heuristic used by pam_sss to " +"select the prompting might not be suitable for all use cases. The following " +"options should provide a better flexibility here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4472 +msgid "[prompting/password]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4475 +msgid "password_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4476 +msgid "to change the string of the password prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4474 +msgid "" +"to configure password prompting, allowed options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4484 +msgid "[prompting/2fa]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4488 +msgid "first_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4489 +msgid "to change the string of the prompt for the first factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4492 +msgid "second_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4493 +msgid "to change the string of the prompt for the second factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4496 +msgid "single_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4497 +msgid "" +"boolean value, if True there will be only a single prompt using the value of " +"first_prompt where it is expected that both factors are entered as a single " +"string. Please note that both factors have to be entered here, even if the " +"second factor is optional." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4486 +msgid "" +"to configure two-factor authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " +"optional and it should be possible to log in either only with the password " +"or with both factors two-step prompting has to be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4514 +msgid "[prompting/passkey]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4522 +msgid "" +"boolean value, if True prompt a message and wait before testing the presence " +"of a passkey device. Recommended if your device doesn’t have a tactile " +"trigger." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4530 +msgid "interactive_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4532 +msgid "to change the message of the interactive prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4537 +msgid "touch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4539 +msgid "" +"boolean value, if True prompt a message to remind the user to touch the " +"device." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4545 +msgid "touch_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4547 +msgid "to change the message of the touch prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4516 +msgid "" +"to configure passkey authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4467 +msgid "" +"Each supported authentication method has its own configuration subsection " +"under <quote>[prompting/...]</quote>. Currently there are: <placeholder " +"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/" +"> <placeholder type=\"variablelist\" id=\"2\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4558 +msgid "" +"It is possible to add a subsection for specific PAM services, e.g. " +"<quote>[prompting/password/sshd]</quote> to individual change the prompting " +"for this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +msgid "EXAMPLES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4571 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4567 +msgid "" +"1. The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4604 +#, no-wrap +msgid "" +"[domain/ipa.com/child.ad.com]\n" +"use_fully_qualified_names = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4598 +msgid "" +"2. The following example shows configuration of IPA AD trust where the AD " +"forest consists of two domains in a parent-child structure. Suppose IPA " +"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain " +"(child.ad.com). To enable shortnames in the child domain the following " +"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/" +">" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4615 +#, no-wrap +msgid "" +"[certmap/my.domain/rule_name]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +"maprule = (userCertificate;binary={cert!bin})\n" +"domains = my.domain, your.domain\n" +"priority = 10\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4609 +msgid "" +"3. The following example shows the configuration of a certificate mapping " +"rule. It is valid for the configured domain <quote>my.domain</quote> and " +"additionally for the subdomains <quote>your.domain</quote> and uses the full " +"certificate in the search filter. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:21 pam_sss.8.xml:63 pam_sss_gss.8.xml:30 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21 +#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 +#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sssd-krb5.5.xml:21 +#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 +#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 +#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30 +#: sssd-files.5.xml:21 sssd-session-recording.5.xml:21 sssd-kcm.8.xml:21 +#: sssd-systemtap.5.xml:21 sssd-ldap-attributes.5.xml:21 +#: sssd_krb5_localauth_plugin.8.xml:20 +msgid "DESCRIPTION" +msgstr "KUVAUS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 +#: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 +msgid "CONFIGURATION OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:67 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:77 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:80 +msgid "ldap[s]://<host>[:port]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:83 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:86 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:92 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:102 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:106 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:112 +msgid "ldap_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:115 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:123 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 +msgid "Examples:" +msgstr "Esimerkki:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:136 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:141 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:151 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:165 +msgid "ldap_schema (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:175 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:179 +msgid "rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:184 +msgid "rfc2307bis" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:189 +msgid "IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:194 +msgid "AD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:200 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:210 +msgid "Default: rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:216 +msgid "ldap_pwmodify_mode (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:219 +msgid "Specify the operation that is used to modify user password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:223 +msgid "Two modes are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:227 +msgid "exop - Password Modify Extended Operation (RFC 3062)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:233 +msgid "ldap_modify - Direct modification of userPassword (not recommended)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:240 +msgid "" +"Note: First, a new connection is established to verify current password by " +"binding as the user that requested password change. If successful, this " +"connection is used to change the password therefore the user must have write " +"access to userPassword attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:248 +msgid "Default: exop" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:254 +msgid "ldap_default_bind_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:264 +msgid "ldap_default_authtok_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:267 +msgid "The type of the authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:271 +msgid "The two mechanisms currently supported are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:274 +msgid "password" +msgstr "salasana" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:277 +msgid "obfuscated_password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:280 +msgid "Default: password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "" +"See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:294 +msgid "ldap_default_authtok (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:297 +msgid "The authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:303 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:306 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:319 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:338 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:341 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:347 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:367 +msgid "ldap_group_nesting_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:370 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:395 +msgid "Default: 2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:404 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:439 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:444 +msgid "ldap_iphost_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:449 +msgid "ldap_ipnetwork_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:454 +msgid "ldap_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:457 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:463 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:480 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:483 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:501 +msgid "ldap_network_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:532 +msgid "ldap_opt_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:535 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:555 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:558 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:566 +msgid "" +"If the connection is idle (not actively running an operation) within " +"<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " +"closed early to ensure that a new query cannot require the connection to " +"remain open past its expiration. This implies that connections will always " +"be closed immediately and will never be reused if " +"<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:578 +msgid "" +"This timeout can be extended of a random value specified by " +"<emphasis>ldap_connection_expire_offset</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_connection_expire_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"Random offset between 0 and configured value is added to " +"<emphasis>ldap_connection_expire_timeout</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:613 +#, fuzzy +#| msgid "ad_gpo_cache_timeout (integer)" +msgid "ldap_connection_idle_timeout (integer)" +msgstr "ad_gpo_cache_timeout (integeri)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:616 +msgid "" +"Specifies a timeout (in seconds) that an idle connection to an LDAP server " +"will be maintained. If the connection is idle for more than this time then " +"the connection will be closed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:622 +msgid "You can disable this timeout by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:637 +msgid "ldap_page_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:640 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:651 +msgid "ldap_disable_paging (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:654 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:660 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:666 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:678 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:681 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:684 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:699 +msgid "ldap_sasl_minssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:702 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:715 +msgid "ldap_sasl_maxssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:718 +msgid "" +"When communicating with an LDAP server using SASL, specify the maximal " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:731 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:734 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:740 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0. " +"Please note that there are some codepaths in SSSD, like the IPA HBAC " +"provider, that are only implemented using the dereference call, so even with " +"dereference explicitly disabled, those parts will still use dereference if " +"the server supports it and advertises the dereference control in the rootDSE " +"object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:751 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:759 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:772 +msgid "ldap_ignore_unreadable_references (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:775 +msgid "" +"Ignore unreadable LDAP entries referenced in group's member attribute. If " +"this parameter is set to false an error will be returned and the operation " +"will fail instead of just ignoring the unreadable entry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:782 +msgid "" +"This parameter may be useful when using the AD provider and the computer " +"account that sssd uses to connect to AD does not have access to a particular " +"entry or LDAP sub-tree for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:795 +msgid "ldap_tls_reqcert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:798 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:808 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:815 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:821 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:827 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:831 +msgid "Default: hard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:837 +msgid "ldap_tls_cacert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:840 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:852 +msgid "ldap_tls_cacertdir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:855 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:870 +msgid "ldap_tls_cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:873 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:883 +msgid "ldap_tls_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:886 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:895 +msgid "ldap_tls_cipher_suite (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:898 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:914 +msgid "" +"Specifies that the id_provider connection must also use <systemitem " +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_id_mapping (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:934 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:944 +msgid "ldap_min_id, ldap_max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:947 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:959 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:965 +msgid "ldap_sasl_mech (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:968 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " +"tested and supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:972 +msgid "" +"If the backend supports sub-domains the value of ldap_sasl_mech is " +"automatically inherited to the sub-domains. If a different value is needed " +"for a sub-domain it can be overwritten by setting ldap_sasl_mech for this " +"sub-domain explicitly. Please see TRUSTED DOMAIN SECTION in " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:988 +msgid "ldap_sasl_authid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ldap.5.xml:1000 +#, no-wrap +msgid "" +"hostname@REALM\n" +"netbiosname$@REALM\n" +"host/hostname@REALM\n" +"*$@REALM\n" +"host/*@REALM\n" +"host/*\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:991 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " +"this represents the Kerberos principal used for authentication to the " +"directory. This option can either contain the full principal (for example " +"host/myhost@EXAMPLE.COM) or just the principal name (for example host/" +"myhost). By default, the value is not set and the following principals are " +"used: <placeholder type=\"programlisting\" id=\"0\"/> If none of them are " +"found, the first principal in keytab is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1011 +msgid "Default: host/hostname@REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1017 +msgid "ldap_sasl_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1026 +msgid "Default: the value of krb5_realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1032 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1035 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1040 +msgid "Default: false;" +msgstr "Oletus: epätosi;" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1046 +msgid "ldap_krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1049 +msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1064 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1067 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI or GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1079 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 +msgid "Default: 86400 (24 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1100 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1129 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1133 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 +msgid "krb5_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1142 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1182 +msgid "ldap_pwd_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1185 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1190 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired. Please see option " +"\"ldap_chpass_update_last_change\" as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1203 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1212 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1220 +msgid "ldap_referrals (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1223 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1227 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1232 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement. Setting this option to " +"false is therefore recommended in case the SSSD LDAP provider is used " +"together with Microsoft Active Directory as a backend. Even if SSSD would be " +"able to follow the referral to a different AD DC no additional data would be " +"available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1251 +msgid "ldap_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1254 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1258 +msgid "Default: ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1264 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1267 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1278 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1281 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1287 +msgid "" +"It is recommend to set this option explicitly if \"ldap_pwd_policy = " +"shadow\" is used to let SSSD know if the LDAP server will update " +"shadowLastChange LDAP attribute automatically after a password change or if " +"SSSD has to update it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1301 +msgid "ldap_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1304 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1324 +msgid "Example:" +msgstr "Esimerkki:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1327 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1331 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1336 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 +msgid "Default: Empty" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1350 +msgid "ldap_account_expire_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1353 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1357 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1364 +msgid "The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1367 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1372 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1379 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1393 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1406 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1413 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1416 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1426 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1433 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1450 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 +msgid "" +"The difference between these options is the action taken if user password is " +"expired:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 +msgid "pwd_expire_policy_reject - user is denied to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 +msgid "pwd_expire_policy_warn - user is still able to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 +msgid "" +"pwd_expire_policy_renew - user is prompted to change their password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1489 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1499 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1503 +msgid "" +"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " +"remote host can access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "" +"Please note, rhost field in pam is set by application, it is better to check " +"what the application sends to pam, before enabling this access control option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1512 +msgid "Default: filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1515 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1522 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1525 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1533 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1536 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1542 +msgid "ldap_deref (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1545 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1550 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1559 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1564 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1569 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1577 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1580 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1584 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1595 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 +msgid "wildcard_limit (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1610 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1614 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1624 +msgid "ldap_library_debug_level (integer)" +msgstr "ldap_library_debug_level (integeri)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1627 +msgid "" +"Switches on libldap debugging with the given level. The libldap debug " +"messages will be written independent of the general debug_level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1632 +msgid "" +"OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " +"enable full debug output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1637 +msgid "Default: 0 (libldap debugging disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:52 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. Note that SSSD " +"LDAP mapping attributes are described in the <citerefentry> " +"<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1647 +msgid "SUDO OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1649 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1660 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1663 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1668 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1673 +msgid "" +"You can disable full refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 +msgid "Default: 21600 (6 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest " +"server USN value that is currently known by SSSD)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1693 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1697 +msgid "" +"<emphasis>Note:</emphasis> the highest USN value can be updated by three " +"tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +"enumeration of users and groups (if enabled and updated users or groups are " +"found) and 3) by reconnecting to the server (by default every 15 minutes, " +"see <emphasis>ldap_connection_expire_timeout</emphasis>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1708 +msgid "" +"You can disable smart refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1719 +msgid "ldap_sudo_random_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1722 +msgid "" +"Random offset between 0 and configured value is added to smart and full " +"refresh periods each time the periodic task is scheduled. The value is in " +"seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Note that this random offset is also applied on the first SSSD start which " +"delays the first sudo rules refresh. This prolongs the time when the sudo " +"rules are not available for use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1734 +msgid "You can disable this offset by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1744 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1747 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1758 +msgid "ldap_sudo_hostnames (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1761 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1766 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 +msgid "Default: not specified" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1782 +msgid "ldap_sudo_ip (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1785 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1790 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1805 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1808 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1823 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1826 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +#: sssd-ldap.5.xml:1836 +msgid "" +"Using wildcard is an operation that is very costly to evaluate on the LDAP " +"server side!" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1848 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1858 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1866 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1869 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1872 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1883 +msgid "ADVANCED OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1890 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1895 +msgid "ldap_user_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1900 +msgid "ldap_group_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:1905 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no GID mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:1914 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1916 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1885 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder " +"type=\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 +msgid "EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1944 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 +#: include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1955 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1957 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1962 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1979 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:11 pam_sss.8.xml:16 +msgid "pam_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: pam_sss.8.xml:12 pam_sss_gss.8.xml:12 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11 +#: sssd_krb5_localauth_plugin.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:17 +msgid "PAM module for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:22 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg " +"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg " +"choice='opt'> <replaceable>prompt_always</replaceable> </arg> <arg " +"choice='opt'> <replaceable>try_cert_auth</replaceable> </arg> <arg " +"choice='opt'> <replaceable>require_cert_auth</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:64 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123 +#: sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "VALINNAT" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:74 +msgid "<option>quiet</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:77 +msgid "Suppress log messages for unknown users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>forward_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:92 +msgid "<option>use_first_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:95 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>use_authtok</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:113 +msgid "<option>retry=N</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:116 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:118 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:130 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:137 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:141 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:148 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:152 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:158 +msgid "" +"NOTE: If this is used for a service not running as root user, e.g. a web-" +"server, it must be used in conjunction with the <quote>pam_trusted_users</" +"quote> and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:173 +msgid "<option>allow_missing_name</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:177 +msgid "" +"The main purpose of this option is to let SSSD determine the user name based " +"on additional information, e.g. the certificate from a Smartcard." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: pam_sss.8.xml:187 +#, no-wrap +msgid "" +"auth sufficient pam_sss.so allow_missing_name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:182 +msgid "" +"The current use case are login managers which can monitor a Smartcard reader " +"for card events. In case a Smartcard is inserted the login manager will call " +"a PAM stack which includes a line like <placeholder type=\"programlisting\" " +"id=\"0\"/> In this case SSSD will try to determine the user name based on " +"the content of the Smartcard, returns it to pam_sss which will finally put " +"it on the PAM stack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:197 +msgid "<option>prompt_always</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:201 +msgid "" +"Always prompt the user for credentials. With this option credentials " +"requested by other PAM modules, typically a password, will be ignored and " +"pam_sss will prompt for credentials again. Based on the pre-auth reply by " +"SSSD pam_sss might prompt for a password, a Smartcard PIN or other " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:212 +msgid "<option>try_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:216 +msgid "" +"Try to use certificate based authentication, i.e. authentication with a " +"Smartcard or similar devices. If a Smartcard is available and the service is " +"allowed for Smartcard authentication the user will be prompted for a PIN and " +"the certificate based authentication will continue" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:224 +msgid "" +"If no Smartcard is available or certificate based authentication is not " +"allowed for the current service PAM_AUTHINFO_UNAVAIL is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:232 +msgid "<option>require_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:236 +msgid "" +"Do certificate based authentication, i.e. authentication with a Smartcard " +"or similar devices. If a Smartcard is not available the user will be " +"prompted to insert one. SSSD will wait for a Smartcard until the timeout " +"defined by p11_wait_for_card_timeout passed, please see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:246 +msgid "" +"If no Smartcard is available after the timeout or certificate based " +"authentication is not allowed for the current service PAM_AUTHINFO_UNAVAIL " +"is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:256 pam_sss_gss.8.xml:103 +msgid "MODULE TYPES PROVIDED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:257 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:260 +msgid "" +"If SSSD's PAM responder is not running, e.g. if the PAM responder socket is " +"not available, pam_sss will return PAM_USER_UNKNOWN when called as " +"<option>account</option> module to avoid issues with users from other " +"sources during access control." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:267 pam_sss_gss.8.xml:108 +msgid "RETURN VALUES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:270 pam_sss_gss.8.xml:111 +msgid "PAM_SUCCESS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:273 pam_sss_gss.8.xml:114 +msgid "The PAM operation finished successfully." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:278 pam_sss_gss.8.xml:119 +msgid "PAM_USER_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:281 +msgid "" +"The user is not known to the authentication service or the SSSD's PAM " +"responder is not running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:287 pam_sss_gss.8.xml:128 +msgid "PAM_AUTH_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:290 +msgid "" +"Authentication failure. Also, could be returned when there is a problem with " +"getting the certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:296 +msgid "PAM_PERM_DENIED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:299 +msgid "" +"Permission denied. The SSSD log files may contain additional information " +"about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:305 +msgid "PAM_IGNORE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:308 +msgid "" +"See options <option>ignore_unknown_user</option> and " +"<option>ignore_authinfo_unavail</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:314 +msgid "PAM_AUTHTOK_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:317 +msgid "" +"Unable to obtain the new authentication token. Also, could be returned when " +"the user authenticates with certificates and multiple certificates are " +"available, but the installed version of GDM does not support selection from " +"multiple certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:325 pam_sss_gss.8.xml:136 +msgid "PAM_AUTHINFO_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:328 pam_sss_gss.8.xml:139 +msgid "" +"Unable to access the authentication information. This might be due to a " +"network or hardware failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:334 +msgid "PAM_BUF_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:337 +msgid "" +"A memory error occurred. Also, could be returned when options use_first_pass " +"or use_authtok were set, but no password was found from the previously " +"stacked PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:344 pam_sss_gss.8.xml:145 +msgid "PAM_SYSTEM_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:347 pam_sss_gss.8.xml:148 +msgid "" +"A system error occurred. The SSSD log files may contain additional " +"information about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:353 +msgid "PAM_CRED_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:356 +msgid "Unable to set the credentials of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:361 +msgid "PAM_CRED_INSUFFICIENT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:364 +msgid "" +"The application does not have sufficient credentials to authenticate the " +"user. For example, missing PIN during smartcard authentication or missing " +"factor during two-factor authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:372 +msgid "PAM_SERVICE_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:375 +msgid "Error in service module." +msgstr "Virhe palvelumoduulissa." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:380 +msgid "PAM_NEW_AUTHTOK_REQD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:383 +msgid "The user's authentication token has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:388 +msgid "PAM_ACCT_EXPIRED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:391 +msgid "The user account has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:396 +msgid "PAM_SESSION_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:399 +msgid "Unable to fetch IPA Desktop Profile rules or user info." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:404 +msgid "PAM_CRED_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:407 +msgid "Unable to retrieve Kerberos user credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:412 +msgid "PAM_NO_MODULE_DATA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:415 +msgid "" +"No authentication method was found by Kerberos. This might happen if the " +"user has a Smartcard assigned but the pkint plugin is not available on the " +"client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:422 +msgid "PAM_CONV_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:425 +msgid "Conversation failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:430 +msgid "PAM_AUTHTOK_LOCK_BUSY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:433 +msgid "No KDC suitable for password change is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:438 +msgid "PAM_ABORT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:441 +msgid "Unknown PAM call." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:446 +msgid "PAM_MODULE_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:449 +msgid "Unsupported PAM task or command." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:454 +msgid "PAM_BAD_ITEM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:457 +msgid "The authentication module cannot handle Smartcard credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:465 +msgid "FILES" +msgstr "TIEDOSTOT" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:466 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:471 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:481 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss_gss.8.xml:11 pam_sss_gss.8.xml:16 +msgid "pam_sss_gss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss_gss.8.xml:17 +msgid "PAM module for SSSD GSSAPI authentication" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss_gss.8.xml:22 +msgid "" +"<command>pam_sss_gss.so</command> <arg choice='opt'> <replaceable>debug</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:32 +msgid "" +"<command>pam_sss_gss.so</command> authenticates user over GSSAPI in " +"cooperation with SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:36 +msgid "" +"This module will try to authenticate the user using the GSSAPI hostbased " +"service name host@hostname which translates to host/hostname@REALM Kerberos " +"principal. The <emphasis>REALM</emphasis> part of the Kerberos principal " +"name is derived by Kerberos internal mechanisms and it can be set explicitly " +"in configuration of [domain_realm] section in /etc/krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:44 +msgid "" +"SSSD is used to provide desired service name and to validate the user's " +"credentials using GSSAPI calls. If the service ticket is already present in " +"the Kerberos credentials cache or if user's ticket granting ticket can be " +"used to get the correct service ticket then the user will be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:51 +msgid "" +"If <option>pam_gssapi_check_upn</option> is True (default) then SSSD " +"requires that the credentials used to obtain the service tickets can be " +"associated with the user. This means that the principal that owns the " +"Kerberos credentials must match with the user principal name as defined in " +"LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:58 +msgid "" +"To enable GSSAPI authentication in SSSD, set <option>pam_gssapi_services</" +"option> option in [pam] or domain section of sssd.conf. The service " +"credentials need to be stored in SSSD's keytab (it is already present if you " +"use ipa or ad provider). The keytab location can be set with " +"<option>krb5_keytab</option> option. See <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> and " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more details on these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:74 +msgid "" +"Some Kerberos deployments allow to associate authentication indicators with " +"a particular pre-authentication method used to obtain the ticket granting " +"ticket by the user. <command>pam_sss_gss.so</command> allows to enforce " +"presence of authentication indicators in the service tickets before a " +"particular PAM service can be accessed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:82 +msgid "" +"If <option>pam_gssapi_indicators_map</option> is set in the [pam] or domain " +"section of sssd.conf, then SSSD will perform a check of the presence of any " +"configured indicators in the service ticket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss_gss.8.xml:93 +msgid "<option>debug</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:96 +msgid "Print debugging information." +msgstr "Tulosta virheenkorjaustiedot." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:104 +msgid "Only the <option>auth</option> module type is provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:122 +msgid "" +"The user is not known to the authentication service or the GSSAPI " +"authentication is not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:131 +msgid "Authentication failure." +msgstr "Tunnistautumisvirhe." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:159 +msgid "" +"The main use case is to provide password-less authentication in sudo but " +"without the need to disable authentication completely. To achieve this, " +"first enable GSSAPI authentication for sudo in sssd.conf:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:165 +#, no-wrap +msgid "" +"[domain/MYDOMAIN]\n" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:169 +msgid "" +"And then enable the module in desired PAM stack (e.g. /etc/pam.d/sudo and /" +"etc/pam.d/sudo-i)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:173 +#, no-wrap +msgid "" +"...\n" +"auth sufficient pam_sss_gss.so\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss_gss.8.xml:180 +msgid "TROUBLESHOOTING" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:182 +msgid "" +"SSSD logs, pam_sss_gss debug output and syslog may contain helpful " +"information about the error. Here are some common issues:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:186 +msgid "" +"1. I have KRB5CCNAME environment variable set and the authentication does " +"not work: Depending on your sudo version, it is possible that sudo does not " +"pass this variable to the PAM environment. Try adding KRB5CCNAME to " +"<option>env_keep</option> in /etc/sudoers or in your LDAP sudo rules default " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:193 +msgid "" +"2. Authentication does not work and syslog contains \"Server not found in " +"Kerberos database\": Kerberos is probably not able to resolve correct realm " +"for the service ticket based on the hostname. Try adding the hostname " +"directly to <option>[domain_realm]</option> in /etc/krb5.conf like so:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:200 +msgid "" +"3. Authentication does not work and syslog contains \"No Kerberos " +"credentials available\": You don't have any credentials that can be used to " +"obtain the required service ticket. Use kinit or authenticate over SSSD to " +"acquire those credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:206 +msgid "" +"4. Authentication does not work and SSSD sssd-pam log contains \"User with " +"UPN [$UPN] was not found.\" or \"UPN [$UPN] does not match target user " +"[$username].\": You are using credentials that can not be mapped to the user " +"that is being authenticated. Try to use kswitch to select different " +"principal, make sure you authenticated with SSSD or consider disabling " +"<option>pam_gssapi_check_upn</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:214 +#, no-wrap +msgid "" +"[domain_realm]\n" +".myhostname = MYREALM\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by libkrb5 to find KDCs for a given Kerberos realm. SSSD provides such " +"a plugin to guide all Kerberos clients on a system to a single KDC. In " +"general it should not matter to which KDC a client process is talking to. " +"But there are cases, e.g. after a password change, where not all KDCs are in " +"the same state because the new data has to be replicated first. To avoid " +"unexpected authentication failures and maybe even account lockings it would " +"be good to talk to a single KDC as long as possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:34 +msgid "" +"libkrb5 will search the locator plugin in the libkrb5 sub-directory of the " +"Kerberos plugin directory, see plugin_base_dir in <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for details. The plugin can only be disabled by removing the " +"plugin file. There is no option in the Kerberos configuration to disable it. " +"But the SSSD_KRB5_LOCATOR_DISABLE environment variable can be used to " +"disable the plugin for individual commands. Alternatively the SSSD option " +"krb5_use_kdcinfo=False can be used to not generate the data needed by the " +"plugin. With this the plugin is still called but will provide no data to the " +"caller so that libkrb5 can fall back to other methods defined in krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:50 +msgid "" +"The plugin reads the information about the KDCs of a given realm from a file " +"called <filename>kdcinfo.REALM</filename>. The file should contain one or " +"more DNS names or IP addresses either in dotted-decimal IPv4 notation or the " +"hexadecimal IPv6 notation. An optional port number can be added to the end " +"separated with a colon, the IPv6 address has to be enclosed in squared " +"brackets in this case as usual. Valid entries are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:58 +msgid "kdc.example.com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:59 +msgid "kdc.example.com:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:60 +msgid "1.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:61 +msgid "5.6.7.8:99" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:62 +msgid "2001:db8:85a3::8a2e:370:7334" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "[2001:db8:85a3::8a2e:370:7334]:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:65 +msgid "" +"SSSD's krb5 auth-provider which is used by the IPA and AD providers as well " +"adds the address of the current KDC or domain controller SSSD is using to " +"this file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:70 +msgid "" +"In environments with read-only and read-write KDCs where clients are " +"expected to use the read-only instances for the general operations and only " +"the read-write KDC for config changes like password changes a " +"<filename>kpasswdinfo.REALM</filename> is used as well to identify read-" +"write KDCs. If this file exists for the given realm the content will be used " +"by the plugin to reply to requests for a kpasswd or kadmin server or for the " +"MIT Kerberos specific master KDC. If the address contains a port number the " +"default KDC port 88 will be used for the latter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:85 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:91 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:95 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value " +"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the " +"caller." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:100 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES is set to " +"any value plugin will try to resolve all DNS names in kdcinfo file. By " +"default plugin returns KRB5_PLUGIN_NO_HANDLE to the caller immediately on " +"first DNS resolving failure." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:83 sssd-ad.5.xml:131 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss-certmap.5.xml:10 sss-certmap.5.xml:16 +msgid "sss-certmap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss-certmap.5.xml:17 +msgid "SSSD Certificate Matching and Mapping Rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:23 +msgid "" +"The manual page describes the rules which can be used by SSSD and other " +"components to match X.509 certificates and map them to accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:28 +msgid "" +"Each rule has four components, a <quote>priority</quote>, a <quote>matching " +"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</" +"quote>. All components are optional. A missing <quote>priority</quote> will " +"add the rule with the lowest priority. The default <quote>matching rule</" +"quote> will match certificates with the digitalSignature key usage and " +"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty " +"the certificates will be searched in the userCertificate attribute as DER " +"encoded binary. If no domains are given only the local domain will be " +"searched." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:39 +msgid "" +"To allow extensions or completely different style of rule the " +"<quote>mapping</quote> and <quote>matching rules</quote> can contain a " +"prefix separated with a ':' from the main part of the rule. The prefix may " +"only contain upper-case ASCII letters and numbers. If the prefix is omitted " +"the default type will be used which is 'KRB5' for the matching rules and " +"'LDAP' for the mapping rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:48 +msgid "" +"The 'sssctl' utility provides the 'cert-eval-rule' command to check if a " +"given certificate matches a matching rules and how the output of a mapping " +"rule would look like." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss-certmap.5.xml:55 +msgid "RULE COMPONENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:57 +msgid "PRIORITY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:59 +msgid "" +"The rules are processed by priority while the number '0' (zero) indicates " +"the highest priority. The higher the number the lower is the priority. A " +"missing value indicates the lowest priority. The rules processing is stopped " +"when a matched rule is found and no further rules are checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:66 +msgid "" +"Internally the priority is treated as unsigned 32bit integer, using a " +"priority value larger than 4294967295 will cause an error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:70 +msgid "" +"If multiple rules have the same priority and only one of the related " +"matching rules applies, this rule will be chosen. If there are multiple " +"rules with the same priority which matches, one is chosen but which one is " +"undefined. To avoid this undefined behavior either use different priorities " +"or make the matching rules more specific e.g. by using distinct <" +"ISSUER> patterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:79 +msgid "MATCHING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:81 +msgid "" +"The matching rule is used to select a certificate to which the mapping rule " +"should be applied. It uses a system similar to the one used by " +"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a " +"keyword enclosed by '<' and '>' which identified a certain part of the " +"certificate and a pattern which should be found for the rule to match. " +"Multiple keyword pattern pairs can be either joined with '&&' (and) " +"or '||' (or)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:90 +msgid "" +"Given the similarity to MIT Kerberos the type prefix for this rule is " +"'KRB5'. But 'KRB5' will also be the default for <quote>matching rules</" +"quote> so that \"<SUBJECT>.*,DC=MY,DC=DOMAIN\" and \"KRB5:<" +"SUBJECT>.*,DC=MY,DC=DOMAIN\" are equivalent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:99 +msgid "<SUBJECT>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:102 +msgid "" +"With this a part or the whole subject name of the certificate can be " +"matched. For the matching POSIX Extended Regular Expression syntax is used, " +"see regex(7) for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:108 +msgid "" +"For the matching the subject name stored in the certificate in DER encoded " +"ASN.1 is converted into a string according to RFC 4514. This means the most " +"specific name component comes first. Please note that not all possible " +"attribute names are covered by RFC 4514. The names included are 'CN', 'L', " +"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might " +"be shown differently on different platform and by different tools. To avoid " +"confusion those attribute names are best not used or covered by a suitable " +"regular-expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:121 +msgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:124 +msgid "" +"Please note that the characters \"^.[$()|*+?{\\\" have a special meaning in " +"regular expressions and must be escaped with the help of the '\\' character " +"so that they are matched as ordinary characters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:130 +msgid "Example: <SUBJECT>^CN=.* \\(Admin\\),DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:135 +msgid "<ISSUER>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:138 +msgid "" +"With this a part or the whole issuer name of the certificate can be matched. " +"All comments for <SUBJECT> apply her as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:143 +msgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:148 +msgid "<KU>key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:151 +msgid "" +"This option can be used to specify which key usage values the certificate " +"should have. The following values can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:155 +msgid "digitalSignature" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:156 +msgid "nonRepudiation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:157 +msgid "keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:158 +msgid "dataEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:159 +msgid "keyAgreement" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:160 +msgid "keyCertSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:161 +msgid "cRLSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:162 +msgid "encipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:163 +msgid "decipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:167 +msgid "" +"A numerical value in the range of a 32bit unsigned integer can be used as " +"well to cover special use cases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:171 +msgid "Example: <KU>digitalSignature,keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:176 +msgid "<EKU>extended-key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:179 +msgid "" +"This option can be used to specify which extended key usage the certificate " +"should have. The following value can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:183 +msgid "serverAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:184 +msgid "clientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:185 +msgid "codeSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:186 +msgid "emailProtection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:187 +msgid "timeStamping" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:188 +msgid "OCSPSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:189 +msgid "KPClientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:190 +msgid "pkinit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:191 +msgid "msScLogin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:195 +msgid "" +"Extended key usages which are not listed above can be specified with their " +"OID in dotted-decimal notation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:199 +msgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:204 +msgid "<SAN>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:207 +msgid "" +"To be compatible with the usage of MIT Kerberos this option will match the " +"Kerberos principals in the PKINIT or AD NT Principal SAN as <SAN:" +"Principal> does." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:212 +msgid "Example: <SAN>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:217 +msgid "<SAN:Principal>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:220 +msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:224 +msgid "Example: <SAN:Principal>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:229 +msgid "<SAN:ntPrincipalName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:232 +msgid "Match the Kerberos principals from the AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:236 +msgid "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:241 +msgid "<SAN:pkinit>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:244 +msgid "Match the Kerberos principals from the PKINIT SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:247 +msgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:252 +msgid "<SAN:dotted-decimal-oid>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:255 +msgid "" +"Take the value of the otherName SAN component given by the OID in dotted-" +"decimal notation, interpret it as string and try to match it against the " +"regular expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:261 +msgid "Example: <SAN:1.2.3.4>test" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:266 +msgid "<SAN:otherName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:269 +msgid "" +"Do a binary match with the base64 encoded blob against all otherName SAN " +"components. With this option it is possible to match against custom " +"otherName components with special encodings which could not be treated as " +"strings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:276 +msgid "Example: <SAN:otherName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:281 +msgid "<SAN:rfc822Name>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:284 +msgid "Match the value of the rfc822Name SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:287 +msgid "Example: <SAN:rfc822Name>.*@email\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:292 +msgid "<SAN:dNSName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:295 +msgid "Match the value of the dNSName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:298 +msgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:303 +msgid "<SAN:x400Address>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:306 +msgid "Binary match the value of the x400Address SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:309 +msgid "Example: <SAN:x400Address>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:314 +msgid "<SAN:directoryName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:317 +msgid "" +"Match the value of the directoryName SAN. The same comments as given for <" +"ISSUER> and <SUBJECT> apply here as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:322 +msgid "Example: <SAN:directoryName>.*,DC=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:327 +msgid "<SAN:ediPartyName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:330 +msgid "Binary match the value of the ediPartyName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:333 +msgid "Example: <SAN:ediPartyName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:338 +msgid "<SAN:uniformResourceIdentifier>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:341 +msgid "Match the value of the uniformResourceIdentifier SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:344 +msgid "Example: <SAN:uniformResourceIdentifier>URN:.*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:349 +msgid "<SAN:iPAddress>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:352 +msgid "Match the value of the iPAddress SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:355 +msgid "Example: <SAN:iPAddress>192\\.168\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:360 +msgid "<SAN:registeredID>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:363 +msgid "Match the value of the registeredID SAN as dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:367 +msgid "Example: <SAN:registeredID>1\\.2\\.3\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:96 +msgid "" +"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:375 +msgid "MAPPING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:377 +msgid "" +"The mapping rule is used to associate a certificate with one or more " +"accounts. A Smartcard with the certificate and the matching private key can " +"then be used to authenticate as one of those accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:382 +msgid "" +"Currently SSSD basically only supports LDAP to lookup user information (the " +"exception is the proxy provider which is not of relevance here). Because of " +"this the mapping rule is based on LDAP search filter syntax with templates " +"to add certificate content to the filter. It is expected that the filter " +"will only contain the specific data needed for the mapping and that the " +"caller will embed it in another filter to do the actual search. Because of " +"this the filter string should start and stop with '(' and ')' respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:392 +msgid "" +"In general it is recommended to use attributes from the certificate and add " +"them to special attributes to the LDAP user object. E.g. the " +"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute " +"for IPA can be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:398 +msgid "" +"This should be preferred to read user specific data from the certificate " +"like e.g. an email address and search for it in the LDAP server. The reason " +"is that the user specific data in LDAP might change for various reasons " +"would break the mapping. On the other hand it would be hard to break the " +"mapping on purpose for a specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:406 +msgid "" +"The default <quote>mapping rule</quote> type is 'LDAP' which can be added as " +"a prefix to a rule like e.g. 'LDAP:(userCertificate;binary={cert!bin})'. " +"There is an extension called 'LDAPU1' which offer more templates for more " +"flexibility. To allow older versions of this library to ignore the extension " +"the prefix 'LDAPU1' must be used when using the new templates in a " +"<quote>mapping rule</quote> otherwise the old version of this library will " +"fail with a parsing error. The new templates are described in section <xref " +"linkend=\"map_ldapu1\"/>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:424 +msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:427 +msgid "" +"This template will add the full issuer DN converted to a string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:433 sss-certmap.5.xml:459 +msgid "" +"The conversion options starting with 'ad_' will use attribute names as used " +"by AD, e.g. 'S' instead of 'ST'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:437 sss-certmap.5.xml:463 +msgid "" +"The conversion options starting with 'nss_' will use attribute names as used " +"by NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:441 sss-certmap.5.xml:467 +msgid "" +"The default conversion option is 'nss', i.e. attribute names according to " +"NSS and LDAP/RFC 4514 ordering." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:445 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!" +"ad})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:450 +msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:453 +msgid "" +"This template will add the full subject DN converted to string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:471 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>" +"{subject_dn!nss_x500})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:476 +msgid "{cert[!(bin|base64)]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:479 +msgid "" +"This template will add the whole DER encoded certificate as a string to the " +"search filter. Depending on the conversion option the binary certificate is " +"either converted to an escaped hex sequence '\\xx' or base64. The escaped " +"hex sequence is the default and can e.g. be used with the LDAP attribute " +"'userCertificate;binary'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:487 +msgid "Example: (userCertificate;binary={cert!bin})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:492 +msgid "{subject_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:495 +msgid "" +"This template will add the Kerberos principal which is taken either from the " +"SAN used by pkinit or the one used by AD. The 'short_name' component " +"represents the first part of the principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:501 +msgid "" +"Example: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:506 +msgid "{subject_pkinit_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:509 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by pkinit. The 'short_name' component represents the first part of the " +"principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:515 +msgid "" +"Example: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:520 +msgid "{subject_nt_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:523 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by AD. The 'short_name' component represent the first part of the principal " +"before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:529 +msgid "" +"Example: (|(userPrincipalName={subject_nt_principal})" +"(samAccountName={subject_nt_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:534 +msgid "{subject_rfc822_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:537 +msgid "" +"This template will add the string which is stored in the rfc822Name " +"component of the SAN, typically an email address. The 'short_name' component " +"represents the first part of the address before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:543 +msgid "" +"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name." +"short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:548 +msgid "{subject_dns_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:551 +msgid "" +"This template will add the string which is stored in the dNSName component " +"of the SAN, typically a fully-qualified host name. The 'short_name' " +"component represents the first part of the name before the first '.' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:557 +msgid "" +"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:562 +msgid "{subject_uri}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:565 +msgid "" +"This template will add the string which is stored in the " +"uniformResourceIdentifier component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:569 +msgid "Example: (uri={subject_uri})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:574 +msgid "{subject_ip_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:577 +msgid "" +"This template will add the string which is stored in the iPAddress component " +"of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:581 +msgid "Example: (ip={subject_ip_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:586 +msgid "{subject_x400_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:589 +msgid "" +"This template will add the value which is stored in the x400Address " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:594 +msgid "Example: (attr:binary={subject_x400_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:599 +msgid "" +"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:602 +msgid "" +"This template will add the DN string of the value which is stored in the " +"directoryName component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:606 +msgid "Example: (orig_dn={subject_directory_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:611 +msgid "{subject_ediparty_name}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:614 +msgid "" +"This template will add the value which is stored in the ediPartyName " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:619 +msgid "Example: (attr:binary={subject_ediparty_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:624 +msgid "{subject_registered_id}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:627 +msgid "" +"This template will add the OID which is stored in the registeredID component " +"of the SAN as a dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:632 +msgid "Example: (oid={subject_registered_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:417 +msgid "" +"The templates to add certificate data to the search filter are based on " +"Python-style formatting strings. They consist of a keyword in curly braces " +"with an optional sub-component specifier separated by a '.' or an optional " +"conversion/formatting option separated by a '!'. Allowed values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><title> +#: sss-certmap.5.xml:639 +msgid "LDAPU1 extension" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para> +#: sss-certmap.5.xml:641 +msgid "The following template are available when using the 'LDAPU1' extension:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:647 +msgid "{serial_number[!(dec|hex[_ucr])]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:650 +msgid "" +"This template will add the serial number of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:655 +msgid "" +"With the formatting option '!dec' the number will be printed as decimal " +"string. The hexadecimal output can be printed with upper-case letters ('!" +"hex_u'), with a colon separating the hexadecimal bytes ('!hex_c') or with " +"the hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can " +"be combined so that e.g. '!hex_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:665 +msgid "Example: LDAPU1:(serial={serial_number})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:671 +msgid "{subject_key_id[!hex[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:674 +msgid "" +"This template will add the subject key id of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:679 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!hex_u'), " +"with a colon separating the hexadecimal bytes ('!hex_c') or with the " +"hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can be " +"combined so that e.g. '!hex_uc' will produce a colon-separated hexadecimal " +"string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:688 +msgid "Example: LDAPU1:(ski={subject_key_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:694 +msgid "{cert[!DIGEST[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:697 +msgid "" +"This template will add the hexadecimal digest/hash of the certificate where " +"DIGEST must be replaced with the name of a digest/hash function supported by " +"OpenSSL, e.g. 'sha512'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:703 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!sha512_u'), " +"with a colon separating the hexadecimal bytes ('!sha512_c') or with the " +"hexadecimal bytes in reverse order ('!sha512_r'). The postfix letters can be " +"combined so that e.g. '!sha512_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:712 +msgid "Example: LDAPU1:(dgst={cert!sha256})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:718 +msgid "{subject_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:721 +msgid "" +"This template will add an attribute value of a component of the subject DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:726 +msgid "" +"A different component can it either selected by attribute name, e.g. " +"{subject_dn_component.uid} or by position, e.g. {subject_dn_component.[2]} " +"where positive numbers start counting from the most specific component and " +"negative numbers start counting from the least specific component. Attribute " +"name and the position can be combined as e.g. {subject_dn_component.uid[2]} " +"which means that the name of the second component must be 'uid'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:737 +msgid "Example: LDAPU1:(uid={subject_dn_component.uid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:743 +msgid "{issuer_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:746 +msgid "" +"This template will add an attribute value of a component of the issuer DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:751 +msgid "" +"See 'subject_dn_component' for details about the attribute name and position " +"specifiers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:755 +msgid "" +"Example: LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component." +"dc[-1]})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:760 +msgid "{sid[.rid]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:763 +msgid "" +"This template will add the SID if the corresponding extension introduced by " +"Microsoft with the OID 1.3.6.1.4.1.311.25.2 is available. With the '.rid' " +"selector only the last component, i.e. the RID, will be added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:770 +msgid "Example: LDAPU1:(objectsid={sid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:779 +msgid "DOMAIN LIST" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:781 +msgid "" +"If the domain list is not empty users mapped to a given certificate are not " +"only searched in the local domain but in the listed domains as well as long " +"as they are know by SSSD. Domains not know to SSSD will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for IPA environments. The IPA provider accepts the same " +"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. " +"However, it is neither necessary nor recommended to set these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:57 +msgid "" +"The IPA provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"As an access provider, the IPA provider has a minimal configuration (see " +"<quote>ipa_access_order</quote>) as it mainly uses HBAC (host-based access " +"control) rules. Please refer to freeipa.org for more information about HBAC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:68 +msgid "" +"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ipa</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:74 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:90 +msgid "ipa_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:93 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:101 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:104 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:117 +msgid "ipa_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:120 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host. The " +"hostname must be fully qualified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:129 sssd-ad.5.xml:1181 +msgid "dyndns_update (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:132 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA with the IP address of this client. The update is secured " +"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the " +"updates, if it is not otherwise specified by using the <quote>dyndns_iface</" +"quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:141 sssd-ad.5.xml:1195 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:146 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:158 sssd-ad.5.xml:1206 +msgid "dyndns_ttl (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:161 sssd-ad.5.xml:1209 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:166 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:172 +msgid "Default: 1200 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:178 sssd-ad.5.xml:1220 +msgid "dyndns_iface (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 sssd-ad.5.xml:1223 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:188 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 sssd-ad.5.xml:1234 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 +msgid "dyndns_auth (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"updates with the DNS server, insecure updates can be sent by setting this " +"option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 +msgid "Default: GSS-TSIG" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 +msgid "dyndns_auth_ptr (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"PTR updates with the DNS server, insecure updates can be sent by setting " +"this option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 +msgid "Default: Same as dyndns_auth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:234 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:237 sssd-ad.5.xml:238 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example." +"com\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1240 +msgid "dyndns_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:263 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:276 sssd-ad.5.xml:1258 +msgid "dyndns_update_ptr (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:1261 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 +msgid "Default: False (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 +msgid "dyndns_force_tcp (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 +msgid "dyndns_update_per_family (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 +msgid "" +"DNS update is by default performed in two steps - IPv4 update and then IPv6 " +"update. In some cases it might be desirable to perform IPv4 and IPv6 update " +"in single step." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:353 +msgid "ipa_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:360 +msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:399 +msgid "" +"Please note that 'access_provider = ipa' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:406 +msgid "ipa_deskprofile_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:409 +msgid "" +"Optional. Use the given string as search base for Desktop Profile related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 +msgid "Default: Use base DN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:419 +msgid "ipa_subid_ranges_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"Optional. Use the given string as search base for subordinate ranges related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:426 +msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:433 +msgid "ipa_hbac_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:436 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 +msgid "Deprecated. Use ldap_host_search_base instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:455 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:458 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:474 +msgid "ipa_subdomains_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:477 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:486 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:493 +msgid "ipa_master_domain_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:496 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:505 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:524 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:534 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:538 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:564 +msgid "ipa_deskprofile_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:567 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server. This will reduce the latency and load on the IPA server if there " +"are many desktop profiles requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 +msgid "Default: 5 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:580 +msgid "ipa_deskprofile_request_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:583 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server in case the last request did not return any rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:588 +msgid "Default: 60 (minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:594 +msgid "ipa_hbac_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:597 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:610 +msgid "ipa_hbac_selinux (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:613 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:626 +msgid "ipa_server_mode (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "" +"This option will be set by the IPA installer (ipa-server-install) " +"automatically and denotes if SSSD is running on an IPA server or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:634 +msgid "" +"On an IPA server SSSD will lookup users and groups from trusted domains " +"directly while on a client it will ask an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:639 +msgid "" +"NOTE: There are currently some assumptions that must be met when SSSD is " +"running on an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "" +"The <quote>ipa_server</quote> option must be configured to point to the IPA " +"server itself. This is already the default set by the IPA installer, so no " +"manual change is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:653 +msgid "" +"The <quote>full_name_format</quote> option must not be tweaked to only print " +"short names for users from trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:668 +msgid "ipa_automount_location (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:671 +msgid "The automounter location this IPA client will be using" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:674 +msgid "Default: The location named \"default\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:682 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:691 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:694 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:697 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:703 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:706 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 +#: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 +#: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 +#: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 +msgid "Default: cn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:716 +msgid "ipa_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:719 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:722 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:728 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:731 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:735 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:741 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:744 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:749 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:752 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:755 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:758 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:761 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:764 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:767 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:770 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:775 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:781 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:784 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:789 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:792 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:795 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:800 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:684 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:812 +msgid "SUBDOMAINS PROVIDER" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:814 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:818 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:824 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:835 +msgid "TRUSTED DOMAINS CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:843 +#, no-wrap +msgid "" +"[domain/ipa.domain.com/ad.domain.com]\n" +"ad_server = dc.ad.domain.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:837 +msgid "" +"Some configuration options can also be set for a trusted domain. A trusted " +"domain configuration can be set using the trusted domain subsection as shown " +"in the example below. Alternatively, the <quote>subdomain_inherit</quote> " +"option can be used in the parent domain. <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:848 +msgid "" +"For more details, see the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:855 +msgid "" +"Different configuration options are tunable for a trusted domain depending " +"on whether you are configuring SSSD on an IPA server or an IPA client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:860 +msgid "OPTIONS TUNABLE ON IPA MASTERS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:862 +msgid "" +"The following options can be set in a subdomain section on an IPA master:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 +msgid "ad_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:869 +msgid "ad_backup_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 +msgid "ad_site" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:875 +msgid "ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:878 +msgid "ldap_user_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:881 +msgid "ldap_group_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:890 +msgid "OPTIONS TUNABLE ON IPA CLIENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:892 +msgid "" +"The following options can be set in a subdomain section on an IPA client:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:904 +msgid "" +"Note that if both options are set, only <quote>ad_server</quote> is " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:908 +msgid "" +"Since any request for a user or a group identity from a trusted domain " +"triggered from an IPA client is resolved by the IPA server, the " +"<quote>ad_server</quote> and <quote>ad_site</quote> options only affect " +"which AD DC will the authentication be performed against. In particular, the " +"addresses resolved from these lists will be written to <quote>kdcinfo</" +"quote> files read by the Kerberos locator plugin. Please refer to the " +"<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more details on the " +"Kerberos locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:932 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:939 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available. Back end communication occurs over a GSSAPI-encrypted " +"channel, SSL/TLS options should not be used with the AD provider and will be " +"superseded by Kerberos usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:44 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:48 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:54 +msgid "" +"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for Active Directory environments. The AD provider accepts the " +"same options used by the sssd-ldap and sssd-krb5 providers with some " +"exceptions. However, it is neither necessary nor recommended to set these " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"The AD provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:74 +msgid "" +"The AD provider can also be used as an access, chpass, sudo and autofs " +"provider. No configuration of the access provider is required on the client " +"side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:79 +msgid "" +"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ad</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:91 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:85 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should " +"be used, it is recommended for performance reasons that the attributes are " +"also replicated to the Global Catalog. If POSIX attributes are replicated, " +"SSSD will attempt to locate the domain of a requested numerical ID with the " +"help of the Global Catalog and only search that domain. In contrast, if " +"POSIX attributes are not replicated to the Global Catalog, SSSD must search " +"all the domains in the forest sequentially. Please note that the " +"<quote>cache_first</quote> option might be also helpful in speeding up " +"domainless searches. Note that if only a subset of POSIX attributes is " +"present in the Global Catalog, the non-replicated attributes are currently " +"not read from the LDAP port." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:108 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:113 +msgid "" +"SSSD only resolves Active Directory Security Groups. For more information " +"about AD group types see: <ulink url=\"https://docs.microsoft.com/en-us/" +"windows-server/identity/ad-ds/manage/understand-security-groups\"> Active " +"Directory security groups</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:120 +msgid "" +"SSSD filters out Domain Local groups from remote domains in the AD forest. " +"By default they are filtered out e.g. when following a nested group " +"hierarchy in remote domains because they are not valid in the local domain. " +"This is done to be in agreement with Active Directory's group-membership " +"assignment which can be seen in the PAC of the Kerberos ticket of a user " +"issued by Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:138 +msgid "ad_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:141 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:146 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:151 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:158 +msgid "ad_enabled_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:161 +msgid "" +"A comma-separated list of enabled Active Directory domains. If provided, " +"SSSD will ignore any domains not listed in this option. If left unset, all " +"discovered domains from the AD forest will be available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:168 +msgid "" +"During the discovery of the domains SSSD will filter out some domains where " +"flags or attributes indicate that they do not belong to the local forest or " +"are not trusted. If ad_enabled_domains is set, SSSD will try to enable all " +"listed domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:179 +#, no-wrap +msgid "" +"ad_enabled_domains = sales.example.com, eng.example.com\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:175 +msgid "" +"For proper operation, this option must be specified in all lower-case and as " +"the fully qualified domain name of the Active Directory domain. For example: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) will be " +"autodetected by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:193 +msgid "ad_server, ad_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:196 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:203 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:208 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:216 +msgid "ad_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:219 +msgid "" +"Optional. On machines where the hostname(5) does not reflect the fully " +"qualified name, sssd will try to expand the short name. If it is not " +"possible or the short name should be really used instead, set this parameter " +"explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:226 +msgid "" +"This field is used to determine the host principal in use in the keytab and " +"to perform dynamic DNS updates. It must match the hostname for which the " +"keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:235 +msgid "ad_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:258 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:261 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:269 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:277 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:285 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"Nested group membership must be searched for using a special OID " +"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain." +"example.org: syntax to ensure the parser does not attempt to interpret the " +"colon characters associated with the OID. If you do not use this OID then " +"nested group membership will not be resolved. See usage example below and " +"refer here for further information about the OID: <ulink url=\"https://msdn." +"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP " +"extensions</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:303 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:314 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +"\n" +"# apply filter for a member of a nested group in dom1:\n" +"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:333 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:347 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:350 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:358 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:372 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:384 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to the host. For more " +"information on the supported policy settings please refer to the " +"<quote>ad_gpo_map</quote> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:392 +msgid "" +"Please note that current version of SSSD does not support Active Directory's " +"built-in groups. Built-in groups (such as Administrators with SID " +"S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See " +"upstream issue tracker https://github.com/SSSD/sssd/issues/5063 ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:401 +msgid "" +"Before performing access control SSSD applies group policy security " +"filtering on the GPOs. For every single user login, the applicability of the " +"GPOs that are linked to the host is checked. In order for a GPO to apply to " +"a user, the user or at least one of the groups to which it belongs must have " +"following permissions on the GPO:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:411 +msgid "" +"Read: The user or one of its groups must have read access to the properties " +"of the GPO (RIGHT_DS_READ_PROPERTY)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:418 +msgid "" +"Apply Group Policy: The user or at least one of its groups must be allowed " +"to apply the GPO (RIGHT_DS_CONTROL_ACCESS)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:426 +msgid "" +"By default, the Authenticated Users group is present on a GPO and this group " +"has both Read and Apply Group Policy access rights. Since authentication of " +"a user must have been completed successfully before GPO security filtering " +"and access control are started, the Authenticated Users group permissions on " +"the GPO always apply also to the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:435 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing. For logging GPO-based access control debug level 'trace " +"functions' is required (see <citerefentry> <refentrytitle>sssctl</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:458 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:464 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:470 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:481 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:484 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:490 +msgid "ad_gpo_implicit_deny (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:493 +msgid "" +"Normally when no applicable GPOs are found the users are allowed access. " +"When this option is set to True users will be allowed access only when " +"explicitly allowed by a GPO rule. Otherwise users will be denied access. " +"This can be used to harden security but be careful when using this option " +"because it can deny access even to users in the built-in Administrators " +"group if no GPO rules apply to them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:509 +msgid "" +"The following 2 tables should illustrate when a user is allowed or rejected " +"based on the allow and deny login rights defined on the server-side and the " +"setting of ad_gpo_implicit_deny." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:521 +msgid "ad_gpo_implicit_deny = False (default)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "allow-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "deny-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:523 sssd-ad.5.xml:549 +msgid "results" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:526 sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:552 +#: sssd-ad.5.xml:555 sssd-ad.5.xml:558 +msgid "missing" +msgstr "puuttuu" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:527 +msgid "all users are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:535 sssd-ad.5.xml:555 +#: sssd-ad.5.xml:558 sssd-ad.5.xml:561 +msgid "present" +msgstr "nykyinen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:530 +msgid "only users not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:533 sssd-ad.5.xml:559 +msgid "only users in allow-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:536 sssd-ad.5.xml:562 +msgid "only users in allow-rules and not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:547 +msgid "ad_gpo_implicit_deny = True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:553 sssd-ad.5.xml:556 +msgid "no users are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:569 +msgid "ad_gpo_ignore_unreadable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:572 +msgid "" +"Normally when some group policy containers (AD object) of applicable group " +"policy objects are not readable by SSSD then users are denied access. This " +"option allows to ignore group policy containers and with them associated " +"policies if their attributes in group policy containers are not readable for " +"SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:589 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "ad_gpo_cache_timeout (integeri)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:605 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:608 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings. Only those GPOs are evaluated " +"for which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny interactive logon setting for the user or one of its groups, the user " +"is denied local access. If none of the evaluated GPOs has an interactive " +"logon right defined, the user is granted local access. If at least one " +"evaluated GPO contains interactive logon right settings, the user is granted " +"local access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:626 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:640 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:631 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:663 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:683 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:688 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:693 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:698 +msgid "unity" +msgstr "yhtenäisyys" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:703 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:712 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:715 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings. Only those GPOs are " +"evaluated for which the user has Read and Apply Group Policy permission (see " +"option <quote>ad_gpo_access_control</quote>). If an evaluated GPO contains " +"the deny remote logon setting for the user or one of its groups, the user is " +"denied remote interactive access. If none of the evaluated GPOs has a " +"remote interactive logon right defined, the user is granted remote access. " +"If at least one evaluated GPO contains remote interactive logon right " +"settings, the user is granted remote access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:734 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:749 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:740 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:757 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:762 +msgid "cockpit" +msgstr "cockpit" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:771 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny network logon setting for the user or one of its groups, the user is " +"denied network logon access. If none of the evaluated GPOs has a network " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains network logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:792 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:807 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:798 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:815 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:820 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:829 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:832 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings. Only those GPOs are evaluated for which the user has Read " +"and Apply Group Policy permission (see option <quote>ad_gpo_access_control</" +"quote>). If an evaluated GPO contains the deny batch logon setting for the " +"user or one of its groups, the user is denied batch logon access. If none " +"of the evaluated GPOs has a batch logon right defined, the user is granted " +"logon access. If at least one evaluated GPO contains batch logon right " +"settings, the user is granted logon access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:850 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:864 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:855 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:867 +msgid "" +"Note: Cron service name may differ depending on Linux distribution used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:873 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:882 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:885 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny service logon setting for the user or one of its groups, the user is " +"denied service logon access. If none of the evaluated GPOs has a service " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains service logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:903 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:916 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:908 sssd-ad.5.xml:983 +msgid "" +"It is possible to add a PAM service name to the default set by using " +"<quote>+service_name</quote>. Since the default set is empty, it is not " +"possible to remove a PAM service name from the default set. For example, in " +"order to add a custom pam service name (e.g. <quote>my_pam_service</quote>), " +"you would use the following configuration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:926 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:929 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:943 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:934 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:951 +msgid "polkit-1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:966 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:975 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:978 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:991 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1001 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1004 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1017 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1026 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1031 +msgid "network" +msgstr "verkko" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1036 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1041 +msgid "service" +msgstr "palvelu" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1046 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1051 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1057 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1063 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1066 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1072 +msgid "Default: 30 days" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1078 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1081 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expects 2 integers separated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the initial timeout in seconds before the task is run for the " +"first time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1090 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1096 +msgid "ad_update_samba_machine_account_password (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1099 +msgid "" +"If enabled, when SSSD renews the machine account password, it will also be " +"updated in Samba's database. This prevents Samba's copy of the machine " +"account password from getting out of date when it is set up to use AD for " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1112 +msgid "ad_use_ldaps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1115 +msgid "" +"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " +"3628. If this option is set to True SSSD will use the LDAPS port 636 and " +"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " +"have multiple encryption layers on a single connection and we still want to " +"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " +"property maxssf is set to 0 (zero) for those connections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1132 +msgid "ad_allow_remote_domain_local_groups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1135 +msgid "" +"If this option is set to <quote>true</quote> SSSD will not filter out Domain " +"Local groups from remote domains in the AD forest. By default they are " +"filtered out e.g. when following a nested group hierarchy in remote domains " +"because they are not valid in the local domain. To be compatible with other " +"solutions which make AD users and groups available on Linux client this " +"option was added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1145 +msgid "" +"Please note that setting this option to <quote>true</quote> will be against " +"the intention of Domain Local group in Active Directory and <emphasis>SHOULD " +"ONLY BE USED TO FACILITATE MIGRATION FROM OTHER SOLUTIONS</emphasis>. " +"Although the group exists and user can be member of the group the intention " +"is that the group should be only used in the domain it is defined and in no " +"others. Since there is only one type of POSIX groups the only way to achieve " +"this on the Linux side is to ignore those groups. This is also done by " +"Active Directory as can be seen in the PAC of the Kerberos ticket for a " +"local service or in tokenGroups requests where remote Domain Local groups " +"are missing as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1161 +msgid "" +"Given the comments above, if this option is set to <quote>true</quote> the " +"tokenGroups request must be disabled by setting <quote>ldap_use_tokengroups</" +"quote> to <quote>false</quote> to get consistent group-memberships of a " +"users. Additionally the Global Catalog lookup should be skipped as well by " +"setting <quote>ad_enable_gc</quote> to <quote>false</quote>. Finally it " +"might be necessary to modify <quote>ldap_group_nesting_level</quote> if the " +"remote Domain Local groups can only be found with a deeper nesting level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1184 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1214 +msgid "Default: 3600 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1230 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1243 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true. Note that the " +"lowest possible value is 60 seconds in-case if value is provided less than " +"60, parameter will assume lowest value only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1393 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1400 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1420 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1416 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1426 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1434 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included in the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:98 +msgid "" +"<placeholder type=\"programlisting\" id=\"0\"/> <phrase " +"condition=\"have_systemd\"> It's important to note that on platforms where " +"systemd is supported there's no need to add the \"sudo\" provider to the " +"list of services, as it became optional. However, sssd-sudo.socket must be " +"enabled instead. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:118 +msgid "" +"When SSSD is configured to use IPA as the ID provider, the sudo provider is " +"automatically enabled. The sudo search base is configured to use the IPA " +"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in " +"sssd.conf, this value will be used instead. The compat tree (ou=sudoers," +"$SUFFIX) is no longer required for IPA sudo functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:128 +msgid "The SUDO rule caching mechanism" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:130 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:138 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:144 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:161 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:168 +msgid "keyword ALL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:173 +msgid "wildcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:178 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:183 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:188 +msgid "one of the IP addresses of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:193 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:199 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:213 +msgid "Tuning the performance" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:215 +msgid "" +"SSSD uses different kinds of mechanisms with more or less complex LDAP " +"filters to keep the cached sudo rules up to date. The default configuration " +"is set to values that should satisfy most of our users, but the following " +"paragraphs contain few tips on how to fine- tune the configuration to your " +"requirements." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:222 +msgid "" +"1. <emphasis>Index LDAP attributes</emphasis>. Make sure that following LDAP " +"attributes are indexed: objectClass, cn, entryUSN or modifyTimestamp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:227 +msgid "" +"2. <emphasis>Set ldap_sudo_search_base</emphasis>. Set the search base to " +"the container that holds the sudo rules to limit the scope of the lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:232 +msgid "" +"3. <emphasis>Set full and smart refresh interval</emphasis>. If your sudo " +"rules do not change often and you do not require quick update of cached " +"rules on your clients, you may consider increasing the " +"<emphasis>ldap_sudo_full_refresh_interval</emphasis> and " +"<emphasis>ldap_sudo_smart_refresh_interval</emphasis>. You may also consider " +"disabling the smart refresh by setting " +"<emphasis>ldap_sudo_smart_refresh_interval = 0</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:241 +msgid "" +"4. If you have large number of clients, you may consider increasing the " +"value of <emphasis>ldap_sudo_random_offset</emphasis> to distribute the load " +"on the server better." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>--logger=</option><replaceable>value</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "Location where SSSD will send log messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:92 +msgid "" +"<emphasis>stderr</emphasis>: Redirect debug messages to standard error " +"output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:96 +msgid "" +"<emphasis>files</emphasis>: Redirect debug messages to the log files. By " +"default, the log files are stored in <filename>/var/log/sssd</filename> and " +"there are separate log files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:102 +msgid "" +"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:106 +msgid "" +"Default: not set (fall back to journald if available, otherwise to stderr)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:113 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:117 +msgid "Become a daemon after starting up." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:123 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:127 +msgid "Run in the foreground, don't become a daemon." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:133 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:137 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "<option>-g</option>,<option>--genconf</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:154 +msgid "" +"Do not start the SSSD, but refresh the configuration database from the " +"contents of <filename>/etc/sssd/sssd.conf</filename> and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:162 +msgid "<option>-s</option>,<option>--genconf-section</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:166 +msgid "" +"Similar to <quote>--genconf</quote>, but only refresh a single section from " +"the configuration file. This option is useful mainly to be called from " +"systemd unit files to allow socket-activated responders to refresh their " +"configuration without requiring the administrator to restart the whole SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:178 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:182 +msgid "Print version number and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:190 +msgid "Signals" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:193 +msgid "SIGTERM/SIGINT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:196 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:202 +msgid "SIGHUP" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:205 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:213 +msgid "SIGUSR1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:216 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:225 +msgid "SIGUSR2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:228 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:240 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:244 +msgid "" +"If the environment variable SSS_LOCKFREE is set to \"NO\", requests from " +"multiple threads of a single application will be serialized." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:48 +msgid "" +"<emphasis>NOTE:</emphasis> The options provided in this man page only work " +"with <quote>ldap</quote> and <quote>AD</quote> <quote> id_provider</quote>. " +"IPA overrides can be managed centrally on the IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:56 sssctl.8.xml:41 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:58 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:65 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED " +"CERTIFICATE</optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:78 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:86 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:91 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:100 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:105 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:113 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:118 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:124 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:134 +msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:137 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:146 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:149 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:155 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:160 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:168 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:175 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:183 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:188 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:197 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:202 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:210 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:215 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:221 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:231 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:234 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:243 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:246 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:252 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:257 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:267 sssctl.8.xml:50 +msgid "COMMON OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:269 sssctl.8.xml:52 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:274 sssctl.8.xml:57 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "Kirjautumisnimi" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "ensisijaisen nimi" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "alueen nimi" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 include/override_homedir.xml:42 +msgid "%h" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:124 +msgid "home directory" +msgstr "kotihakemisto" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:31 +msgid "%P" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:56 +msgid "%%" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:57 +msgid "a literal '%'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:253 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:256 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:261 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:274 +msgid "krb5_use_fast (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:277 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:282 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:286 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:291 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:296 +msgid "Default: not set, i.e. FAST is not used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:299 +msgid "NOTE: a keytab or support for anonymous PKINIT is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:303 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:312 +msgid "krb5_fast_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:315 +msgid "Specifies the server principal to use for FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:321 +msgid "krb5_fast_use_anonymous_pkinit (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:324 +msgid "" +"If set to true try to use anonymous PKINIT instead of a keytab to get the " +"required credential for FAST. The krb5_fast_principal options is ignored in " +"this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:364 +msgid "krb5_kdcinfo_lookahead (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:367 +msgid "" +"When krb5_use_kdcinfo is set to true, you can limit the amount of servers " +"handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. This might be " +"helpful when there are too many servers discovered using SRV record." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:377 +msgid "" +"The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. " +"The first number represents number of primary servers used and the second " +"number specifies the number of backup servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:383 +msgid "" +"For example <emphasis>10:0</emphasis> means that up to 10 primary servers " +"will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " +"servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:392 +msgid "Default: 3:1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:398 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:401 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:407 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:410 +msgid "" +"The IPA provider will set to option to 'true' if it detects that the server " +"is capable of handling enterprise principals and the option is not set " +"explicitly in the config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:419 +msgid "krb5_use_subdomain_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:422 +msgid "" +"Specifies to use subdomains realms for the authentication of users from " +"trusted domains. This option can be set to 'true' if enterprise principals " +"are used with upnSuffixes which are not known on the parent domain KDCs. If " +"the option is set to 'true' SSSD will try to send the request directly to a " +"KDC of the trusted domain the user is coming from." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:438 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:453 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:458 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:485 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:493 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online. Options that invalidate a single object only accept a " +"single provided argument." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:43 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:47 +msgid "Invalidate all cached entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:53 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:58 +msgid "Invalidate specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:64 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:68 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:75 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:80 +msgid "Invalidate specific group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:86 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:90 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:97 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:102 +msgid "Invalidate specific netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:108 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:112 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:119 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:124 +msgid "Invalidate specific service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:130 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:134 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:141 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:146 +msgid "Invalidate specific autofs maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:152 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:156 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:163 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:168 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:174 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:178 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:186 +msgid "" +"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:191 +msgid "Invalidate particular sudo rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:197 +msgid "<option>-R</option>,<option>--sudo-rules</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:201 +msgid "" +"Invalidate all cached sudo rules. This option overrides invalidation of " +"specific sudo rule if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:209 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:214 +msgid "Restrict invalidation process only to a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_cache.8.xml:224 +msgid "EFFECTS ON THE FAST MEMORY CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:226 +msgid "" +"<command>sss_cache</command> also invalidates the memory cache. Since the " +"memory cache is a file which is mapped into the memory of each process which " +"called SSSD to resolve users or groups the file cannot be truncated. A " +"special flag is set in the header of the file to indicate that the content " +"is invalid and then the file is unlinked by SSSD's NSS responder and a new " +"cache file is created. Whenever a process is now doing a new lookup for a " +"user or a group it will see the flag, close the old memory cache file and " +"map the new one into its memory. When all processes which had opened the old " +"memory cache file have closed it while looking up a user or a group the " +"kernel can release the occupied disk space and the old memory cache file is " +"finally removed completely." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:240 +msgid "" +"A special case is long running processes which are doing user or group " +"lookups only at startup, e.g. to determine the name of the user the process " +"is running as. For those lookups the memory cache file is mapped into the " +"memory of the process. But since there will be no further lookups this " +"process would never detect if the memory cache file was invalidated and " +"hence it will be kept in memory and will occupy disk space until the process " +"stops. As a result calling <command>sss_cache</command> might increase the " +"disk usage because old memory cache files cannot be removed from the disk " +"because they are still mapped by long running processes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:252 +msgid "" +"A possible work-around for long running processes which are looking up users " +"and groups only at startup or very rarely is to run them with the " +"environment variable SSS_NSS_USE_MEMCACHE set to \"NO\" so that they won't " +"use the memory cache at all and not map the memory cache file into the " +"memory. In general a better solution is to tune the cache timeout parameters " +"so that they meet the local expectations and calling <command>sss_cache</" +"command> is not needed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "[DEPRECATED] change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl " +"debug-level command. Please refer to the <command>sssctl</command> man page " +"for more information on sssctl usage." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ifp.5.xml:43 +msgid "FIND BY VALID CERTIFICATE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:45 +msgid "" +"The following options can be used to control how the certificates are " +"validated when using the FindByValidCertificate() API:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:48 sss_ssh_authorizedkeys.1.xml:92 +msgid "ca_db" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:49 sss_ssh_authorizedkeys.1.xml:93 +msgid "p11_child_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:50 sss_ssh_authorizedkeys.1.xml:94 +msgid "certificate_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:52 +msgid "" +"For more details about the options see <citerefentry><refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:62 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:69 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:75 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:79 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:93 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "name" +msgstr "nimi" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:108 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user ID" +msgstr "käyttäjä-ID" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:115 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:116 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:119 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:120 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:123 +msgid "homeDirectory" +msgstr "kotihakemisto" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:127 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:128 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:97 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:141 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:133 +msgid "" +"It is possible to add another attribute to this set by using " +"<quote>+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:145 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:155 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:160 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:316 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "1" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the " +"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> man page for more details about this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:59 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:52 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_ssh_authorizedkeys.1.xml:65 +msgid "KEYS FROM CERTIFICATES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:67 +msgid "" +"In addition to the public SSH keys for user <replaceable>USER</replaceable> " +"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived " +"from the public key of a X.509 certificate as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:73 +msgid "" +"To enable this the <quote>ssh_use_certificate_keys</quote> option must be " +"set to true (default) in the [ssh] section of <filename>sssd.conf</" +"filename>. If the user entry contains certificates (see " +"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or " +"there is a certificate in an override entry for the user (see " +"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the " +"certificate is valid SSSD will extract the public key from the certificate " +"and convert it into the format expected by sshd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:90 +msgid "Besides <quote>ssh_use_certificate_keys</quote> the options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:96 +msgid "" +"can be used to control how the certificates are validated (see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:101 +msgid "" +"The validation is the benefit of using X.509 certificates instead of SSH " +"keys directly because e.g. it gives a better control of the lifetime of the " +"keys. When the ssh client is configured to use the private keys from a " +"Smartcard with the help of a PKCS#11 shared library (see " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> for details) it might be irritating that authentication is " +"still working even if the related X.509 certificate on the Smartcard is " +"already expired because neither <command>ssh</command> nor <command>sshd</" +"command> will look at the certificate at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:114 +msgid "" +"It has to be noted that the derived public SSH key can still be added to the " +"<filename>authorized_keys</filename> file of the user to bypass the " +"certificate validation if the <command>sshd</command> configuration permits " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:132 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:102 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:104 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and establishes the connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:89 +msgid "<option>-k</option>,<option>--pubkey</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:93 +msgid "" +"Print the host ssh public keys for host <replaceable>HOST</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: idmap_sss.8.xml:10 idmap_sss.8.xml:15 +msgid "idmap_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: idmap_sss.8.xml:16 +msgid "SSSD's idmap_sss Backend for Winbind" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:22 +msgid "" +"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. " +"No database is required in this case as the mapping is done by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: idmap_sss.8.xml:29 +msgid "IDMAP OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: idmap_sss.8.xml:33 +msgid "range = low - high" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: idmap_sss.8.xml:35 +msgid "" +"Defines the available matching UID and GID range for which the backend is " +"authoritative." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:45 +msgid "" +"This example shows how to configure idmap_sss as the default mapping module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: idmap_sss.8.xml:50 +#, no-wrap +msgid "" +"[global]\n" +"security = ads\n" +"workgroup = <AD-DOMAIN-SHORTNAME>\n" +"\n" +"idmap config <AD-DOMAIN-SHORTNAME> : backend = sss\n" +"idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647\n" +"\n" +"idmap config * : backend = tdb\n" +"idmap config * : range = 100000-199999\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:62 +msgid "" +"Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of " +"the AD domain. If multiple AD domains should be used each domain needs an " +"<literal>idmap config</literal> line with <literal>backend = sss</literal> " +"and a line with a suitable <literal>range</literal>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:69 +msgid "" +"Since Winbind requires a writeable default backend and idmap_sss is read-" +"only the example includes <literal>backend = tdb</literal> as default." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssctl.8.xml:10 sssctl.8.xml:15 +msgid "sssctl" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssctl.8.xml:16 +msgid "SSSD control and status utility" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssctl.8.xml:21 +msgid "" +"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:32 +msgid "" +"<command>sssctl</command> provides a simple and unified way to obtain " +"information about SSSD status, such as active server, auto-discovered " +"servers, domains and cached objects. In addition, it can manage SSSD data " +"files for troubleshooting in such a way that is safe to manipulate while " +"SSSD is running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:43 +msgid "" +"To list all available commands run <command>sssctl</command> without any " +"parameters. To print help for selected command run <command>sssctl COMMAND --" +"help</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-files.5.xml:10 sssd-files.5.xml:16 +msgid "sssd-files" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-files.5.xml:17 +msgid "SSSD files provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:23 +msgid "" +"This manual page describes the files provider for <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:36 +msgid "" +"The files provider mirrors the content of the <citerefentry> " +"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files " +"provider is to make the users and groups traditionally only accessible with " +"NSS interfaces also available through the SSSD interfaces such as " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:55 +msgid "" +"Another reason is to provide efficient caching of local users and groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:58 +msgid "" +"Please note that besides explicit domain definition the files provider can " +"be configured also implicitly using 'enable_files_domain' option. See " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:66 +msgid "" +"SSSD never handles resolution of user/group \"root\". Also resolution of UID/" +"GID 0 is not handled by SSSD. Such requests are passed to next NSS module " +"(usually files)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:71 +msgid "" +"When SSSD is not running or responding, nss_sss returns the UNAVAIL code " +"which causes the request to be passed to the next module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:95 +msgid "passwd_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:98 +msgid "" +"Comma-separated list of one or multiple password filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:104 +msgid "Default: /etc/passwd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:110 +msgid "group_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:113 +msgid "" +"Comma-separated list of one or multiple group filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:119 +msgid "Default: /etc/group" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:125 +msgid "fallback_to_nss (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:128 +msgid "" +"While updating the internal data SSSD will return an error and let the " +"client continue with the next NSS module. This helps to avoid delays when " +"using the default system files <filename>/etc/passwd</filename> and " +"<filename>/etc/group</filename> and the NSS configuration has 'sss' before " +"'files' for the 'passwd' and 'group' maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:138 +msgid "" +"If the files provider is configured to monitor other files it makes sense to " +"set this option to 'False' to avoid inconsistent behavior because in general " +"there would be no other NSS module which can be used as a fallback." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:79 +msgid "" +"In addition to the options listed below, generic SSSD domain options can be " +"set where applicable. Refer to the section <quote>DOMAIN SECTIONS</quote> " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for details on the configuration of " +"an SSSD domain. But the purpose of the files provider is to expose the same " +"data as the UNIX files, just through the SSSD interfaces. Therefore not all " +"generic domain options are supported. Likewise, some global options, such as " +"overriding the shell in the <quote>nss</quote> section for all domains has " +"no effect on the files domain unless explicitly specified per-domain. " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:157 +msgid "" +"The following example assumes that SSSD is correctly configured and files is " +"one of the domains in the <replaceable>[sssd]</replaceable> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:163 +#, no-wrap +msgid "" +"[domain/files]\n" +"id_provider = files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:168 +msgid "" +"To leverage caching of local users and groups by SSSD nss_sss module must be " +"listed before nss_files module in /etc/nsswitch.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:174 +#, no-wrap +msgid "" +"passwd: sss files\n" +"group: sss files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16 +msgid "sssd-session-recording" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-session-recording.5.xml:17 +msgid "Configuring session recording with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to " +"implement user session recording on text terminals. For a detailed " +"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> " +"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:41 +msgid "" +"SSSD can be set up to enable recording of everything specific users see or " +"type during their sessions on text terminals. E.g. when users log in on the " +"console, or via SSH. SSSD itself doesn't record anything, but makes sure " +"tlog-rec-session is started upon user login, so it can record according to " +"its configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:48 +msgid "" +"For users with session recording enabled, SSSD replaces the user shell with " +"tlog-rec-session in NSS responses, and adds a variable specifying the " +"original shell to the user environment, upon PAM session setup. This way " +"tlog-rec-session can be started in place of the user shell, and know which " +"actual shell to start, once it set up the recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:60 +msgid "These options can be used to configure the session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:178 +msgid "" +"The following snippet of sssd.conf enables session recording for users " +"\"contractor1\" and \"contractor2\", and group \"students\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-session-recording.5.xml:183 +#, no-wrap +msgid "" +"[session_recording]\n" +"scope = some\n" +"users = contractor1, contractor2\n" +"groups = students\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16 +msgid "sssd-kcm" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-kcm.8.xml:17 +msgid "SSSD Kerberos Cache Manager" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:23 +msgid "" +"This manual page describes the configuration of the SSSD Kerberos Cache " +"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos " +"credential caches. It originates in the Heimdal Kerberos project, although " +"the MIT Kerberos library also provides client side (more details on that " +"below) support for the KCM credential cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:31 +msgid "" +"In a setup where Kerberos caches are managed by KCM, the Kerberos library " +"(typically used through an application, like e.g., <citerefentry> " +"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </" +"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is " +"being referred to as a <quote>\"KCM server\"</quote>. The client and server " +"communicate over a UNIX socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:42 +msgid "" +"The KCM server keeps track of each credential caches's owner and performs " +"access check control based on the UID and GID of the KCM client. The root " +"user has access to all credential caches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:47 +msgid "The KCM credential cache has several interesting properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:51 +msgid "" +"since the process runs in userspace, it is subject to UID namespacing, " +"unlike the kernel keyring" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:56 +msgid "" +"unlike the kernel keyring-based cache, which is shared between all " +"containers, the KCM server is a separate process whose entry point is a UNIX " +"socket" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:61 +msgid "" +"the SSSD implementation stores the ccaches in a database, typically located " +"at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to " +"survive KCM server restarts or machine reboots." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:67 +msgid "" +"This allows the system to use a collection-aware credential cache, yet share " +"the credential cache between some or no containers by bind-mounting the " +"socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:72 +msgid "" +"The KCM default client idle timeout is 5 minutes, this allows more time for " +"user interaction with command line tools such as kinit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:78 +msgid "USING THE KCM CREDENTIAL CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:88 +#, no-wrap +msgid "" +"[libdefaults]\n" +" default_ccache_name = KCM:\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:80 +msgid "" +"In order to use KCM credential cache, it must be selected as the default " +"credential type in <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials " +"cache name must be only <quote>KCM:</quote> without any template " +"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:93 +msgid "" +"Next, make sure the Kerberos client libraries and the KCM server must agree " +"on the UNIX socket path. By default, both use the same path <replaceable>/" +"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos " +"library, change its <quote>kcm_socket</quote> option which is described in " +"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:115 +#, no-wrap +msgid "" +"systemctl start sssd-kcm.socket\n" +"systemctl enable sssd-kcm.socket\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:104 +msgid "" +"Finally, make sure the SSSD KCM server can be contacted. The KCM service is " +"typically socket-activated by <citerefentry> <refentrytitle>systemd</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD " +"services, it cannot be started by adding the <quote>kcm</quote> string to " +"the <quote>service</quote> directive. <placeholder type=\"programlisting\" " +"id=\"0\"/> Please note your distribution may already configure the units for " +"you." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:124 +msgid "THE CREDENTIAL CACHE STORAGE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:126 +msgid "" +"The credential caches are stored in a database, much like SSSD caches user " +"or group entries. The database is typically located at <quote>/var/lib/sss/" +"secrets</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:133 +msgid "OBTAINING DEBUG LOGS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:144 +#, no-wrap +msgid "" +"[kcm]\n" +"debug_level = 10\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:149 sssd-kcm.8.xml:211 +#, no-wrap +msgid "" +"systemctl restart sssd-kcm.service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:135 +msgid "" +"The sssd-kcm service is typically socket-activated <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry>. To generate debug logs, add the following either to the " +"<filename>/etc/sssd/sssd.conf</filename> file directly or as a configuration " +"snippet to <filename>/etc/sssd/conf.d/</filename> directory: <placeholder " +"type=\"programlisting\" id=\"0\"/> Then, restart the sssd-kcm service: " +"<placeholder type=\"programlisting\" id=\"1\"/> Finally, run whatever use-" +"case doesn't work for you. The KCM logs will be generated at <filename>/var/" +"log/sssd/sssd_kcm.log</filename>. It is recommended to disable the debug " +"logs when you no longer need the debugging to be enabled as the sssd-kcm " +"service can generate quite a large amount of debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:159 +msgid "" +"Please note that configuration snippets are, at the moment, only processed " +"if the main configuration file at <filename>/etc/sssd/sssd.conf</filename> " +"exists at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:166 +msgid "RENEWALS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:174 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"krb5_renew_interval = 60m\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:168 +msgid "" +"The sssd-kcm service can be configured to attempt TGT renewal for renewable " +"TGTs stored in the KCM ccache. Renewals are only attempted when half of the " +"ticket lifetime has been reached. KCM Renewals are configured when the " +"following options are set in the [kcm] section: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:179 +msgid "" +"SSSD can also inherit krb5 options for renewals from an existing domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: sssd-kcm.8.xml:183 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"tgt_renewal_inherit = domain-name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:191 +#, no-wrap +msgid "" +"krb5_renew_interval\n" +"krb5_renewable_lifetime\n" +"krb5_lifetime\n" +"krb5_validate\n" +"krb5_canonicalize\n" +"krb5_auth_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:187 +msgid "" +"The following krb5 options can be configured in the [kcm] section to control " +"renewal behavior, these options are described in detail below <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:204 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> section of the sssd." +"conf file. Please note that because the KCM service is typically socket-" +"activated, it is enough to just restart the <quote>sssd-kcm</quote> service " +"after changing options in the <quote>kcm</quote> section of sssd.conf: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:215 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> For a detailed " +"syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:223 +msgid "" +"The generic SSSD service options such as <quote>debug_level</quote> or " +"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for a complete list. In addition, " +"there are some KCM-specific options as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:234 +msgid "socket_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:237 +msgid "The socket the KCM service will listen on." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:240 +msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:243 +msgid "" +"<phrase condition=\"have_systemd\"> Note: on platforms where systemd is " +"supported, the socket path is overwritten by the one defined in the sssd-kcm." +"socket unit file. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:252 +msgid "max_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:255 +msgid "How many credential caches does the KCM database allow for all users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:259 +msgid "Default: 0 (unlimited, only the per-UID quota is enforced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:264 +msgid "max_uid_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:267 +msgid "" +"How many credential caches does the KCM database allow per UID. This is " +"equivalent to <quote>with how many principals you can kinit</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:272 +msgid "Default: 64" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:277 +msgid "max_ccache_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:280 +msgid "" +"How big can a credential cache be per ccache. Each service ticket accounts " +"into this quota." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:284 +msgid "Default: 65536" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:289 +msgid "tgt_renewal (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:292 +msgid "Enables TGT renewals functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:295 +msgid "Default: False (Automatic renewals disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:300 +msgid "tgt_renewal_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:303 +msgid "Domain to inherit krb5_* options from, for use with TGT renewals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:307 +msgid "Default: NULL" +msgstr "Oletus: NULL" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:318 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>," +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16 +msgid "sssd-systemtap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-systemtap.5.xml:17 +msgid "SSSD systemtap information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:23 +msgid "" +"This manual page provides information about the systemtap functionality in " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:32 +msgid "" +"SystemTap Probe points have been added into various locations in SSSD code " +"to assist in troubleshooting and analyzing performance related issues." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:40 +msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:46 +msgid "" +"Probes and miscellaneous functions are defined in /usr/share/systemtap/" +"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp " +"respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:57 +msgid "PROBE POINTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:367 +msgid "" +"The information below lists the probe points and arguments available in the " +"following format:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:64 +msgid "probe $name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:67 +msgid "Description of probe point" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:70 +#, no-wrap +msgid "" +"variable1:datatype\n" +"variable2:datatype\n" +"variable3:datatype\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:80 +msgid "Database Transaction Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:84 +msgid "probe sssd_transaction_start" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:87 +msgid "" +"Start of a sysdb transaction, probes the sysdb_transaction_start() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118 +#: sssd-systemtap.5.xml:131 +#, no-wrap +msgid "" +"nesting:integer\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:97 +msgid "probe sssd_transaction_cancel" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:100 +msgid "" +"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() " +"function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:111 +msgid "probe sssd_transaction_commit_before" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:114 +msgid "Probes the sysdb_transaction_commit_before() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:124 +msgid "probe sssd_transaction_commit_after" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:127 +msgid "Probes the sysdb_transaction_commit_after() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:141 +msgid "LDAP Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:145 +msgid "probe sdap_search_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:148 +msgid "Probes the sdap_get_generic_ext_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:152 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"attrs:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:161 +msgid "probe sdap_search_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:164 +msgid "Probes the sdap_get_generic_ext_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:168 sssd-systemtap.5.xml:222 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:176 +msgid "probe sdap_parse_entry" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:179 +msgid "" +"Probes the sdap_parse_entry() function. It is called repeatedly with every " +"received attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:184 +#, no-wrap +msgid "" +"attr:string\n" +"value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:190 +msgid "probe sdap_parse_entry_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:193 +msgid "" +"Probes the sdap_parse_entry() function. It is called when parsing of " +"received object is finished." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:201 +msgid "probe sdap_deref_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:204 +msgid "Probes the sdap_deref_search_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:208 +#, no-wrap +msgid "" +"base_dn:string\n" +"deref_attr:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:215 +msgid "probe sdap_deref_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:218 +msgid "Probes the sdap_deref_search_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:234 +msgid "LDAP Account Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:238 +msgid "probe sdap_acct_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:241 +msgid "Probes the sdap_acct_req_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:245 sssd-systemtap.5.xml:260 +#, no-wrap +msgid "" +"entry_type:int\n" +"filter_type:int\n" +"filter_value:string\n" +"extra_value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:253 +msgid "probe sdap_acct_req_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:256 +msgid "Probes the sdap_acct_req_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:272 +msgid "LDAP User Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:276 +msgid "probe sdap_search_user_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:279 +msgid "Probes the sdap_search_user_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:283 sssd-systemtap.5.xml:295 sssd-systemtap.5.xml:307 +#: sssd-systemtap.5.xml:319 +#, no-wrap +msgid "" +"filter:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:288 +msgid "probe sdap_search_user_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:291 +msgid "Probes the sdap_search_user_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:300 +msgid "probe sdap_search_user_save_begin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:303 +msgid "Probes the sdap_search_user_save_begin() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:312 +msgid "probe sdap_search_user_save_end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:315 +msgid "Probes the sdap_search_user_save_end() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:328 +msgid "Data Provider Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:332 +msgid "probe dp_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:335 +msgid "A Data Provider request is submitted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:338 +#, no-wrap +msgid "" +"dp_req_domain:string\n" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:346 +msgid "probe dp_req_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:349 +msgid "A Data Provider request is completed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:352 +#, no-wrap +msgid "" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +"dp_ret:int\n" +"dp_errorstr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:365 +msgid "MISCELLANEOUS FUNCTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:372 +msgid "function acct_req_desc(entry_type)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:375 +msgid "Convert entry_type to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:380 +msgid "" +"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, " +"filter_value, extra_value)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:384 +msgid "Create probe string based on filter type" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:389 +msgid "function dp_target_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:392 +msgid "Convert target to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:397 +msgid "function dp_method_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:400 +msgid "Convert method to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:410 +msgid "SAMPLE SYSTEMTAP SCRIPTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:412 +msgid "" +"Start the SystemTap script (<command>stap /usr/share/sssd/systemtap/<" +"script_name>.stp</command>), then perform an identity operation and the " +"script will collect information from probes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:418 +msgid "Provided SystemTap scripts are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:422 +msgid "dp_request.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:425 +msgid "Monitoring of data provider request performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:430 +msgid "id_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:433 +msgid "Monitoring of <command>id</command> command performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:439 +msgid "ldap_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:442 +msgid "Monitoring of LDAP queries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:447 +msgid "nested_group_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:450 +msgid "Performance of nested groups resolving." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +msgid "sssd-ldap-attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap-attributes.5.xml:17 +msgid "SSSD LDAP Provider: Mapping Attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap-attributes.5.xml:23 +msgid "" +"This manual page describes the mapping attributes of SSSD LDAP provider " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. Refer to the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " +"for full details about SSSD LDAP provider configuration options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:38 +msgid "USER ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:42 +msgid "ldap_user_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:45 +msgid "The object class of a user entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:48 +msgid "Default: posixAccount" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:54 +msgid "ldap_user_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:57 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:61 +msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:68 +msgid "ldap_user_uid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:71 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:75 +msgid "Default: uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:81 +msgid "ldap_user_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:84 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:88 sssd-ldap-attributes.5.xml:698 +msgid "Default: gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:94 +msgid "ldap_user_primary_group (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:97 +msgid "" +"Active Directory primary group attribute for ID-mapping. Note that this " +"attribute should only be set manually if you are running the <quote>ldap</" +"quote> provider with ID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:103 +msgid "Default: unset (LDAP), primaryGroupID (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:109 +msgid "ldap_user_gecos (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:112 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:116 +msgid "Default: gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:122 +msgid "ldap_user_home_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:125 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:129 +msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:135 +msgid "ldap_user_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:138 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:142 +msgid "Default: loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:148 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:151 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:155 sssd-ldap-attributes.5.xml:724 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:162 +msgid "ldap_user_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:165 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:170 sssd-ldap-attributes.5.xml:739 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:177 +msgid "ldap_user_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:180 sssd-ldap-attributes.5.xml:749 +#: sssd-ldap-attributes.5.xml:872 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:184 sssd-ldap-attributes.5.xml:753 +#: sssd-ldap-attributes.5.xml:879 +msgid "Default: modifyTimestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:190 +msgid "ldap_user_shadow_last_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:193 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:203 +msgid "Default: shadowLastChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:209 +msgid "ldap_user_shadow_min (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:212 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:221 +msgid "Default: shadowMin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:227 +msgid "ldap_user_shadow_max (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:230 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:239 +msgid "Default: shadowMax" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:245 +msgid "ldap_user_shadow_warning (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:248 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:258 +msgid "Default: shadowWarning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:264 +msgid "ldap_user_shadow_inactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:267 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:277 +msgid "Default: shadowInactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:283 +msgid "ldap_user_shadow_expire (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:286 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:296 +msgid "Default: shadowExpire" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:302 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:305 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:311 +msgid "Default: krbLastPwdChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:317 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:320 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:326 +msgid "Default: krbPasswordExpiration" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:332 +msgid "ldap_user_ad_account_expires (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:335 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:340 +msgid "Default: accountExpires" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:346 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:349 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:354 +msgid "Default: userAccountControl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:360 +msgid "ldap_ns_account_lock (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:363 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:368 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:374 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:377 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:381 sssd-ldap-attributes.5.xml:395 +msgid "Default: loginDisabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:387 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:390 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:401 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:404 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:409 +msgid "Default: loginAllowedTimeMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:415 +msgid "ldap_user_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:418 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:422 +msgid "Default: krbPrincipalName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:428 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:431 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:436 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:446 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:456 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:459 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:463 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:466 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:476 +msgid "ldap_user_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:479 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:483 sssd-ldap-attributes.5.xml:963 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:489 +msgid "ldap_user_fullname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:492 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:502 +msgid "ldap_user_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:505 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:509 sssd-ldap-attributes.5.xml:950 +msgid "Default: memberOf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:515 +msgid "ldap_user_authorized_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:518 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:525 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:530 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:537 +msgid "" +"Some distributions (such as Fedora-29+ or RHEL-8) always include the " +"<quote>systemd-user</quote> PAM service as part of the login process. " +"Therefore when using service-based access control, the <quote>systemd-user</" +"quote> service might need to be added to the list of allowed services." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:545 +msgid "Default: authorizedService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:551 +msgid "ldap_user_authorized_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:554 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:560 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:565 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:572 +msgid "Default: host" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:578 +msgid "ldap_user_authorized_rhost (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:581 +msgid "" +"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the " +"presence of the rhost attribute in the user's LDAP entry to determine access " +"privilege. Similarly to host verification process." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:588 +msgid "" +"An explicit deny (!rhost) is resolved first. Second, SSSD searches for " +"explicit allow (rhost) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:593 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>rhost</quote> in order for the " +"ldap_user_authorized_rhost option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:600 +msgid "Default: rhost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:606 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:609 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:613 +msgid "Default: userCertificate;binary" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:619 +msgid "ldap_user_email (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:622 +msgid "Name of the LDAP attribute containing the email address of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:626 +msgid "" +"Note: If an email address of a user conflicts with an email address or fully " +"qualified name of another user, then SSSD will not be able to serve those " +"users properly. If for some reason several users need to share the same " +"email address then set this option to a nonexistent attribute name in order " +"to disable user lookup/login by email." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:635 +msgid "Default: mail" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:640 +#, fuzzy +#| msgid "ldap_user_principal" +msgid "ldap_user_passkey (string)" +msgstr "ldap_user_principal" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:643 +msgid "" +"Name of the LDAP attribute containing the passkey mapping data of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:647 +msgid "Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:657 +msgid "GROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:661 +msgid "ldap_group_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:664 +msgid "The object class of a group entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:667 +msgid "Default: posixGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:673 +msgid "ldap_group_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:676 +msgid "" +"The LDAP attribute that corresponds to the group name. In an environment " +"with nested groups, this value must be an LDAP attribute which has a unique " +"name for every group. This requirement includes non-POSIX groups in the tree " +"of nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:684 +msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:691 +msgid "ldap_group_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:694 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:704 +msgid "ldap_group_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:707 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:711 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:717 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:720 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:731 +msgid "ldap_group_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:734 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:746 +msgid "ldap_group_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:759 +msgid "ldap_group_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:762 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:767 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:773 +msgid "Default: groupType in the AD provider, otherwise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:780 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:783 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:789 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:799 +msgid "NETGROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:803 +msgid "ldap_netgroup_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:806 +msgid "The object class of a netgroup entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:809 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:813 +msgid "Default: nisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:819 +msgid "ldap_netgroup_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:822 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:826 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:836 +msgid "ldap_netgroup_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:839 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:843 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:847 +msgid "Default: memberNisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:853 +msgid "ldap_netgroup_triple (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:856 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:860 sssd-ldap-attributes.5.xml:876 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:863 +msgid "Default: nisNetgroupTriple" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:869 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:888 +msgid "HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:892 +msgid "ldap_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:895 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:898 sssd-ldap-attributes.5.xml:995 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:904 +msgid "ldap_host_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:907 sssd-ldap-attributes.5.xml:933 +msgid "The LDAP attribute that corresponds to the host's name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:917 +msgid "ldap_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:920 +msgid "" +"The LDAP attribute that corresponds to the host's fully-qualified domain " +"name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:924 +msgid "Default: fqdn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:930 +msgid "ldap_host_serverhostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:937 +msgid "Default: serverHostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:943 +msgid "ldap_host_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:946 +msgid "The LDAP attribute that lists the host's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:956 +msgid "ldap_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:959 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:969 +msgid "ldap_host_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:972 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:985 +msgid "SERVICE ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:989 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:992 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1001 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1004 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1014 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1017 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1021 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1027 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1030 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1034 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1043 +msgid "SUDO ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1047 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1050 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1053 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1059 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1062 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1072 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1075 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1079 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1085 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1088 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1093 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1099 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1102 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1106 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1112 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1115 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1119 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1125 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1128 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1132 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1138 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1141 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1145 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1151 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1154 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1158 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1164 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1167 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1172 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1178 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1181 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1185 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1194 +msgid "AUTOFS ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1201 +msgid "IP HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1205 +msgid "ldap_iphost_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1208 +msgid "The object class of an iphost entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1211 +msgid "Default: ipHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1217 +msgid "ldap_iphost_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1220 +msgid "" +"The LDAP attribute that contains the name of the IP host attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1230 +msgid "ldap_iphost_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1233 +msgid "The LDAP attribute that contains the IP host address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1237 +msgid "Default: ipHostNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1246 +msgid "IP NETWORK ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1250 +msgid "ldap_ipnetwork_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1253 +msgid "The object class of an ipnetwork entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1256 +msgid "Default: ipNetwork" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1262 +msgid "ldap_ipnetwork_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1265 +msgid "" +"The LDAP attribute that contains the name of the IP network attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1275 +msgid "ldap_ipnetwork_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1278 +msgid "The LDAP attribute that contains the IP network address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1282 +msgid "Default: ipNetworkNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_localauth_plugin.8.xml:10 sssd_krb5_localauth_plugin.8.xml:15 +msgid "sssd_krb5_localauth_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_localauth_plugin.8.xml:16 +msgid "Kerberos local authorization plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:22 +msgid "" +"The Kerberos local authorization plugin <command>sssd_krb5_localauth_plugin</" +"command> is used by libkrb5 to either find the local name for a given " +"Kerberos principal or to check if a given local name and a given Kerberos " +"principal relate to each other." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:29 +msgid "" +"SSSD handles the local names for users from a remote source and can read the " +"Kerberos user principal name from the remote source as well. With this " +"information SSSD can easily handle the mappings mentioned above even if the " +"local name and the Kerberos principal differ considerably." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:36 +msgid "" +"Additionally with the information read from the remote source SSSD can help " +"to prevent unexpected or unwanted mappings in case the user part of the " +"Kerberos principal accidentally corresponds to a local name of a different " +"user. By default libkrb5 might just strip the realm part of the Kerberos " +"principal to get the local name which would lead to wrong mappings in this " +"case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd_krb5_localauth_plugin.8.xml:46 +msgid "CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd_krb5_localauth_plugin.8.xml:56 +#, no-wrap +msgid "" +"[plugins]\n" +" localauth = {\n" +" module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so\n" +" }\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:48 +msgid "" +"The Kerberos local authorization plugin must be enabled explicitly in the " +"Kerberos configuration, see <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. SSSD will create a " +"config snippet with the content like e.g. <placeholder " +"type=\"programlisting\" id=\"0\"/> automatically in the SSSD's public " +"Kerberos configuration snippet directory. If this directory is included in " +"the local Kerberos configuration the plugin will be enabled automatically." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:3 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:6 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:9 +msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:16 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:19 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:22 +msgid "" +"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:29 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:32 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:37 +msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:44 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:47 include/autofs_attributes.xml:61 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:51 +msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:58 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:65 +msgid "" +"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise " +"automountInformation" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "Asetukset" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "Toimialueen nimi" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" + +#. type: Content of: <refentryinfo> +#: include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - https://github." +"com/SSSD/sssd/</orgname>" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:53 +msgid "Failover time outs and tuning" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:55 +msgid "" +"Resolving a server to connect to can be as simple as running a single DNS " +"query or can involve several steps, such as finding the correct site or " +"trying out multiple host names in case some of the configured servers are " +"not reachable. The more complex scenarios can take some time and SSSD needs " +"to balance between providing enough time to finish the resolution process " +"but on the other hand, not trying for too long before falling back to " +"offline mode. If the SSSD debug logs show that the server resolution is " +"timing out before a live server is contacted, you can consider changing the " +"time outs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:76 +msgid "dns_resolver_server_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:80 +msgid "" +"Time in milliseconds that sets how long would SSSD talk to a single DNS " +"server before trying next one." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:90 +msgid "dns_resolver_op_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:94 +msgid "" +"Time in seconds to tell how long would SSSD try to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or discovery domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:106 +msgid "dns_resolver_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:110 +msgid "" +"How long would SSSD try to resolve a failover service. This service " +"resolution internally might include several steps, such as resolving DNS SRV " +"queries or locating the site." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:67 +msgid "" +"This section lists the available tunables. Please refer to their description " +"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:123 +msgid "" +"For LDAP-based providers, the resolve operation is performed as part of an " +"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout</" +"quote> timeout should be set to a larger value than " +"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger " +"value than <quote>dns_resolver_op_timeout</quote> which should be larger " +"than <quote>dns_resolver_server_timeout</quote>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 200,000 and going up to " +"2,000,200,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower (inclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:129 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:139 include/ldap_id_mapping.xml:197 +msgid "Default: 200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:144 +msgid "ldap_idmap_range_max (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:147 +msgid "" +"Specifies the upper (exclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"cannot be used for the mapping anymore, i.e. one larger than the last one " +"which can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:155 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:165 +msgid "Default: 2000200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:170 +msgid "ldap_idmap_range_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:185 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:192 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:202 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:205 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:216 +msgid "ldap_idmap_default_domain (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:219 +msgid "Specify the name of the default domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:227 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:230 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:235 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monotonically with each additional domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:240 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:255 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:258 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:262 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:279 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:287 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:290 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:291 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:292 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:293 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:294 +msgid "Mandatory Label Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:295 +#, fuzzy +#| msgid "Authentication failure." +msgid "Authentication Authority" +msgstr "Tunnistautumisvirhe." + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:296 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:297 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:299 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:303 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote>LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, " +"<quote>MANDATORY LABEL AUTHORITY</quote>, <quote>AUTHENTICATION AUTHORITY</" +"quote>, <quote>NT AUTHORITY</quote> and <quote>BUILTIN</quote> should not be " +"used as domain names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10 +msgid "Currently supported debug levels:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill SSSD, but one that indicates that at least one major " +"feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x20000</emphasis>: Performance and " +"statistical data, please note that due to the way requests are processed " +"internally the logged execution time of a request might be longer than it " +"actually was." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:88 include/debug_levels_tools.xml:62 +msgid "" +"<emphasis>10</emphasis>, <emphasis>0x10000</emphasis>: Even more low-level " +"libldb tracing information. Almost never really required." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:93 include/debug_levels_tools.xml:67 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:97 include/debug_levels_tools.xml:71 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:101 include/debug_levels_tools.xml:75 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:106 include/debug_levels_tools.xml:80 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:110 include/debug_levels_tools.xml:84 +msgid "" +"<emphasis>Default</emphasis>: 0x0070 (i.e. fatal, critical and serious " +"failures; corresponds to setting 2 in decimal notation)" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ldap-attributes</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ad</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +"condition=\"with_files_provider\"> <citerefentry> <refentrytitle>sssd-files</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, </phrase> <phrase " +"condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +"<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> " +"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> </phrase>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "Esimerkki: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "Toimialueen nimi" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:27 +msgid "%l" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "The first letter of the login name." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:32 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:35 +msgid "%o" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:37 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:44 +msgid "" +"The original home directory retrieved from the identity provider, but in " +"lower case." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:49 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:51 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:63 +msgid "This option can also be set per-domain." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:68 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:72 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:76 +msgid "" +"Please note, the home directory from a specific override for the user, " +"either locally (see <citerefentry><refentrytitle>sss_override</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry>) or centrally managed " +"IPA id-overrides, has a higher precedence and will be used instead of the " +"value given by override_homedir." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2 +msgid "MODIFIED DEFAULT OPTIONS" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ad_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and AD provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9 +msgid "KRB5 Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13 +msgid "krb5_validate = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:18 +msgid "krb5_use_enterprise_principal = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:24 +msgid "LDAP Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:28 +msgid "ldap_schema = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38 +msgid "ldap_force_upper_case_realm = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:38 +msgid "ldap_id_mapping = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSS-SPNEGO" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:48 +msgid "ldap_referrals = false" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58 +msgid "ldap_use_tokengroups = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:63 +msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:66 +msgid "" +"The AD provider looks for a different principal than the LDAP provider by " +"default, because in an Active Directory environment the principals are " +"divided into two groups - User Principals and Service Principals. Only User " +"Principal can be used to obtain a TGT and by default, computer object's " +"principal is constructed from its sAMAccountName and the AD realm. The well-" +"known host/hostname@REALM principal is a Service Principal and thus cannot " +"be used to get a TGT with." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:80 +msgid "NSS configuration" +msgstr "NSS-määritykset" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:84 +msgid "fallback_homedir = /home/%d/%u" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:87 +msgid "" +"The AD provider automatically sets \"fallback_homedir = /home/%d/%u\" to " +"provide personal home directories for users without the homeDirectory " +"attribute. If your AD Domain is properly populated with Posix attributes, " +"and you want to avoid this fallback behavior, you can explicitly set " +"\"fallback_homedir = %o\"." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:96 +msgid "" +"Note that the system typically expects a home directory in /home/%u folder. " +"If you decide to use a different directory structure, some other parts of " +"your system may need adjustments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:102 +msgid "" +"For example automated creation of home directories in combination with " +"selinux requires selinux adjustment, otherwise the home directory will be " +"created with wrong selinux context." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ipa_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and IPA provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:18 +msgid "krb5_use_fast = try" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:23 +msgid "krb5_canonicalize = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:29 +msgid "LDAP Provider - General" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:33 +msgid "ldap_schema = ipa_v1" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSSAPI" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:48 +msgid "ldap_sasl_minssf = 56" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ipa" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:64 +msgid "LDAP Provider - User options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:68 +msgid "ldap_user_member_of = memberOf" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:73 +msgid "ldap_user_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:78 +msgid "ldap_user_ssh_public_key = ipaSshPubKey" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:83 +msgid "ldap_user_auth_type = ipaUserAuthType" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:89 +msgid "LDAP Provider - Group options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:93 +msgid "ldap_group_object_class = ipaUserGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:98 +msgid "ldap_group_object_class_alt = posixGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:103 +msgid "ldap_group_member = member" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:108 +msgid "ldap_group_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:113 +msgid "ldap_group_objectsid = ipaNTSecurityIdentifier" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:118 +msgid "ldap_group_external_member = ipaExternalMember" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:3 +msgid "krb5_auth_timeout (integer)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:6 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:17 +msgid "krb5_validate (boolean)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:20 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:29 +msgid "Default: false (IPA and AD provider: true)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:32 +msgid "" +"Please note that the ticket validation is the first step when checking the " +"PAC (see 'pac_check' in the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page for " +"details). If ticket validation is disabled the PAC checks will be skipped as " +"well." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:44 +msgid "krb5_renewable_lifetime (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:47 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:52 include/krb5_options.xml:86 +#: include/krb5_options.xml:123 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:55 include/krb5_options.xml:89 +#: include/krb5_options.xml:126 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:58 include/krb5_options.xml:92 +#: include/krb5_options.xml:129 +msgid "<emphasis>h</emphasis> for hours" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:61 include/krb5_options.xml:95 +#: include/krb5_options.xml:132 +msgid "<emphasis>d</emphasis> for days." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:64 include/krb5_options.xml:135 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:68 include/krb5_options.xml:139 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:73 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:79 +msgid "krb5_lifetime (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:82 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:98 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:102 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:107 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:114 +msgid "krb5_renew_interval (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:117 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:144 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:157 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" + +#~ msgid "header" +#~ msgstr "otsikko" + +#~ msgid "sss_groupmod" +#~ msgstr "sss_groupmod" + +#~ msgid "modify a group" +#~ msgstr "muokkaa ryhmää" + +#~ msgid "sss_groupadd" +#~ msgstr "sss_groupadd" diff --git a/src/man/po/fr.po b/src/man/po/fr.po new file mode 100644 index 0000000..a19c03f --- /dev/null +++ b/src/man/po/fr.po @@ -0,0 +1,20859 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# Fabien Archambault <marbolangos@gmail.com>, 2012 +# Jérôme Fenal <jfenal@gmail.com>, 2012-2014 +# jhrozek <jhrozek@redhat.com>, 2014 +# Fabien Archambault <marbolangos@gmail.com>, 2012 +# sgallagh <sgallagh@redhat.com>, 2012 +# sgallagh <sgallagh@redhat.com>, 2012 +# Jérôme Fenal <jfenal@gmail.com>, 2015. #zanata +# Jean-Baptiste Holcroft <jean-baptiste@holcroft.fr>, 2016. #zanata +# Jérôme Fenal <jfenal@gmail.com>, 2016. #zanata +# Ludek Janda <ljanda@redhat.com>, 2020. #zanata +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 2.3.0\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" +"PO-Revision-Date: 2020-07-22 07:49-0400\n" +"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" +"Language-Team: French (http://www.transifex.com/projects/p/sssd/language/" +"fr/)\n" +"Language: fr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" +"X-Generator: Zanata 4.6.2\n" + +#. type: Content of: <reference><title> +#: sssd.conf.5.xml:8 sssd-ldap.5.xml:5 pam_sss.8.xml:5 pam_sss_gss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5 +#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 +#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sssd-krb5.5.xml:5 +#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5 +#: sssd-files.5.xml:5 sssd-session-recording.5.xml:5 sssd-kcm.8.xml:5 +#: sssd-systemtap.5.xml:5 sssd-ldap-attributes.5.xml:5 +#: sssd_krb5_localauth_plugin.8.xml:5 +msgid "SSSD Manual pages" +msgstr "Pages de manuel de SSSD" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:13 sssd.conf.5.xml:19 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:14 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 +#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +#: sssd-files.5.xml:11 sssd-session-recording.5.xml:11 sssd-systemtap.5.xml:11 +#: sssd-ldap-attributes.5.xml:11 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:15 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 +#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +#: sssd-files.5.xml:12 sssd-session-recording.5.xml:12 sssd-kcm.8.xml:12 +#: sssd-systemtap.5.xml:12 sssd-ldap-attributes.5.xml:12 +msgid "File Formats and Conventions" +msgstr "Formats de fichier et conventions" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:20 +msgid "the configuration file for SSSD" +msgstr "Le fichier de configuration pour SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:24 +msgid "FILE FORMAT" +msgstr "FORMAT DE FICHIER" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:32 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:27 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Ce fichier utilise la syntaxe de style « .ini » et est constituée de " +"sections et de paramètres. Une section commence par le nom de la section " +"entre crochets et continue jusqu'à la section suivante. Un exemple de " +"section avec des paramètres mono et multi-valués : <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:39 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" +"Les types de données utilisées sont des chaînes (pas de guillemets " +"nécessaires), des entiers et des booléens (ayant pour valeur <quote>TRUE/" +"FALSE</quote>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:44 +msgid "" +"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:50 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" +"Toutes les sections peuvent avoir un paramètre facultatif de " +"<replaceable>description</replaceable>. Sa fonction ne sert qu'à nommer la " +"section." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:56 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" +"<filename>sssd.conf</filename> doit être un fichier normal, appartenant à " +"root, et seul root doit pouvoir écrire et lire ce fichier." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:62 +msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:65 +msgid "" +"The configuration file <filename>sssd.conf</filename> will include " +"configuration snippets using the include directory <filename>conf.d</" +"filename>. This feature is available if SSSD was compiled with libini " +"version 1.3.0 or later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:72 +msgid "" +"Any file placed in <filename>conf.d</filename> that ends in " +"<quote><filename>.conf</filename></quote> and does not begin with a dot " +"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> " +"to configure SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:80 +msgid "" +"The configuration snippets from <filename>conf.d</filename> have higher " +"priority than <filename>sssd.conf</filename> and will override " +"<filename>sssd.conf</filename> when conflicts occur. If several snippets are " +"present in <filename>conf.d</filename>, then they are included in " +"alphabetical order (based on locale). Files included later have higher " +"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, " +"<filename>02_snippet.conf</filename> etc.) can help visualize the priority " +"(higher number means higher priority)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:94 +msgid "" +"The snippet files require the same owner and permissions as <filename>sssd." +"conf</filename>. Which are by default root:root and 0600." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:101 +msgid "GENERAL OPTIONS" +msgstr "OPTIONS GÉNÉRALES" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:103 +msgid "Following options are usable in more than one configuration sections." +msgstr "" +"Les options qui suivent peuvent être utilisées dans plus d'une section de " +"configuration." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:107 +msgid "Options usable in all sections" +msgstr "Options utilisables dans toutes les sections" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:111 +msgid "debug_level (integer)" +msgstr "debug_level (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:115 +msgid "debug (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:118 +msgid "" +"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias " +"for <replaceable>debug_level</replaceable> as a convenience feature. If both " +"are specified, the value of <replaceable>debug_level</replaceable> will be " +"used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:128 +msgid "debug_timestamps (bool)" +msgstr "debug_timestamps (booléen)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:131 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" +"Ajoute un horodatage aux messages de débogage. Si journald est activé pour " +"la journalisation de débogage de SSSD, cette option sera ignorée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 +msgid "Default: true" +msgstr "Par défaut : true" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:141 +msgid "debug_microseconds (bool)" +msgstr "debug_microseconds (booléen)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:144 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" +"Ajouter les microsecondes à l'horodatage dans les messages de débogage. Si " +"journald est activé pour la journalisation de débogage de SSSD, cette option " +"sera ignorée." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 +#: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 +#: include/krb5_options.xml:163 +msgid "Default: false" +msgstr "Par défaut : false" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:154 +#, fuzzy +#| msgid "debug_microseconds (bool)" +msgid "debug_backtrace_enabled (bool)" +msgstr "debug_microseconds (booléen)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:157 +msgid "Enable debug backtrace." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:160 +msgid "" +"In case SSSD is run with debug_level less than 9, everything is logged to a " +"ring buffer in memory and flushed to a log file on any error up to and " +"including `min(0x0040, debug_level)` (i.e. if debug_level is explicitly set " +"to 0 or 1 then only those error levels will trigger backtrace, otherwise up " +"to 2)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:169 +msgid "" +"Feature is only supported for `logger == files` (i.e. setting doesn't have " +"effect for other logger types)." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 +#: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 +#: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 +#: sssd-ldap-attributes.5.xml:890 sssd-ldap-attributes.5.xml:987 +#: sssd-ldap-attributes.5.xml:1045 sssd-ldap-attributes.5.xml:1203 +#: sssd-ldap-attributes.5.xml:1248 include/autofs_attributes.xml:1 +#: include/krb5_options.xml:1 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:182 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "Options utilisables dans les sections SERVICE et DOMAIN" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:186 +msgid "timeout (integer)" +msgstr "timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:189 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests. Note " +"that after three missed heartbeats the process will terminate itself." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +msgid "Default: 10" +msgstr "Par défaut : 10" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:206 +msgid "SPECIAL SECTIONS" +msgstr "SECTIONS SPÉCIALES" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:209 +msgid "The [sssd] section" +msgstr "La section [sssd]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><title> +#: sssd.conf.5.xml:218 +msgid "Section parameters" +msgstr "Paramètres de sections" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:220 +msgid "config_file_version (integer)" +msgstr "config_file_version (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:223 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" +"Indique la syntaxe du fichier de configuration. Pour SSSD 0.6.0 ou " +"supérieure utiliser la version 2." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:229 +msgid "services" +msgstr "services" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:232 +msgid "" +"Comma separated list of services that are started when sssd itself starts. " +"<phrase condition=\"have_systemd\"> The services' list is optional on " +"platforms where systemd is supported, as they will either be socket or D-Bus " +"activated when needed. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:241 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" +msgstr "" +"Les services pris en charge : nss, pam <phrase condition=\"with_sudo\">, " +"sudo</phrase> <phrase condition=\"with_autofs\"> ,autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:249 +msgid "" +"<phrase condition=\"have_systemd\"> By default, all services are disabled " +"and the administrator must enable the ones allowed to be used by executing: " +"\"systemctl enable sssd-@service@.socket\". </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 +msgid "reconnection_retries (integer)" +msgstr "reconnection_retries (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" +"Nombre d'essais de reconnection ou de redémarrage que les services doivent " +"effectuer dans le cas d'un plantage du fournisseur de données avant " +"d'abandonner" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 +#: include/failover.xml:100 +msgid "Default: 3" +msgstr "Par défaut : 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:271 +msgid "domains" +msgstr "domaines" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:274 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter describes the list of domains in the order you want " +"them to be queried. A domain name is recommended to contain only " +"alphanumeric ASCII characters, dashes, dots and underscores. '/' character " +"is forbidden." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 +msgid "re_expression (string)" +msgstr "re_expression (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:290 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" +"L'expression régulière par défaut qui décrit la manière d'analyser la chaîne " +"contenant le nom d'utilisateur et de domaine dans ces composants." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:295 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN SECTIONS " +"for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 +msgid "full_name_format (string)" +msgstr "full_name_format (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" +"Un format compatible avec<citerefentry> <refentrytitle>printf</" +"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> décrivant comment " +"composer un domaine pleinement qualifé à partir des noms d'utilisateur et de " +"domaine." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 +msgid "%1$s" +msgstr "%1$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 +msgid "user name" +msgstr "nom d'utilisateur" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 +msgid "%2$s" +msgstr "%2$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 +msgid "domain name as specified in the SSSD config file." +msgstr "" +"nom de domaine tel qu'indiqué dans le fichier de configuration de SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 +msgid "%3$s" +msgstr "%3$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" +"nom de domaine à plat. Utilisable principalement pour les domaines Active " +"Directory, configurés directement ou découverts via les relations " +"d'approbation IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"Les expansions suivantes sont prises en charge : <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:344 +msgid "" +"Each domain can have an individual format string configured. See DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:350 +msgid "monitor_resolv_conf (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:353 +msgid "" +"Controls if SSSD should monitor the state of resolv.conf to identify when it " +"needs to update its internal DNS resolver." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:363 +msgid "try_inotify (boolean)" +msgstr "try_inotify (booléen)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:366 +msgid "" +"By default, SSSD will attempt to use inotify to monitor configuration files " +"changes and will fall back to polling every five seconds if inotify cannot " +"be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" +"Il existe quelques cas spécifiques où l'utilisation de inotify n'est pas " +"conseillée. Dans ces rares cas, cette option devrait être définie à « false »" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:378 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" +"Par défaut : true sur les plates-formes où inotify est pris en charge. False " +"sur les autres plates-formes." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:382 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" +"Note : cette option n'aura aucun effet sur les plateformes où inotify n'est " +"pas disponible. Sur celles-ci, l'interrogation régulière sera toujours " +"utilisée." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:389 +msgid "krb5_rcache_dir (string)" +msgstr "krb5_rcache_dir (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" +"Répertoire du système de fichiers où SSSD doit stocker les fichiers de cache " +"de rejeu Kerberos." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:396 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" +"Cette option accepte une valeur spéciale __LIBKRB5_DEFAULTS__ qui indiquera " +"à SSSD de laisser libkrb5 décider l'emplacement approprié pour le cache de " +"relecture." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:402 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" +"Par défaut : paramètre spécifique à la distribution et spécifié au moment de " +"la construction du logiciel. (__LIBKRB5_DEFAULTS__ si non configuré)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:409 +msgid "user (string)" +msgstr "user (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:412 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user. Currently the only supported value is '&sssd_user_name;'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:419 +msgid "" +"This option does not work when running socket-activated services, as the " +"user set up to run the processes is set up during compilation time. The way " +"to override the systemd unit files is by creating the appropriate files in /" +"etc/systemd/system/. Keep in mind that any change in the socket user, group " +"or permissions may result in a non-usable SSSD. The same may occur in case " +"of changes of the user running the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:433 +msgid "Default: not set, process will run as root" +msgstr "Par défaut : non défini, le processus tourne en tant que root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:438 +msgid "default_domain_suffix (string)" +msgstr "default_domain_suffix (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:441 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" +"Cette chaîne servira comme nom de domaine par défaut pour tous les noms sans " +"composant de nom de domaine. Les principaux cas d'utilisation sont les " +"environnements où le domaine principal va permettre de gérer les politiques " +"de systèmes ainsi que tous les utilisateur provenant d'un domaine approuvé. " +"L'option permet à ces utilisateurs de se connecter sans fournir un nom de " +"domaine." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:451 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False. <phrase condition=\"with_files_provider\"> One exception from " +"this rule are domains with <quote>id_provider=files</quote> that always try " +"to match the behaviour of nss_files and therefore their output is not " +"qualified even when the default_domain_suffix option is used. </phrase>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 +#: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 +#: include/krb5_options.xml:148 +msgid "Default: not set" +msgstr "Par défaut : non défini" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:473 +msgid "override_space (string)" +msgstr "override_space (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:476 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" +"Ce paramètre remplace les espaces avec le caractère indiqués pour les noms " +"d'utilisateurs et de groupes, par ex. (_). Ainsi, le nom "john " +"doe" deviendra "john_doe". Cette fonctionnalité a été ajoutée " +"pour aider à la compatibilité avec les scripts shells qui ont des " +"difficultés à gérer les espaces, du fait que l'espace est le séparateur par " +"défaut de l'interpréteur de commande." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:485 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "Default: not set (spaces will not be replaced)" +msgstr "Par défaut : non défini (les espaces ne seront pas remplacées)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:498 +msgid "certificate_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:506 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:508 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:516 +msgid "soft_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:518 +msgid "" +"If a connection cannot be established to an OCSP responder the OCSP check is " +"skipped. This option should be used to allow authentication when the system " +"is offline and the OCSP responder cannot be reached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:528 +msgid "ocsp_dgst" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "" +"Digest (hash) function used to create the certificate ID for the OCSP " +"request. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:534 +msgid "sha1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:535 +msgid "sha256" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:536 +msgid "sha384" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:537 +msgid "sha512" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:540 +msgid "Default: sha1 (to allow compatibility with RFC5019-compliant responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:546 +msgid "no_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:548 +msgid "" +"Disables verification completely. This option should only be used for " +"testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "partial_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:556 +msgid "" +"Allow verification to succeed even if a <replaceable>complete</replaceable> " +"chain cannot be built to a self-signed trust-anchor, provided it is possible " +"to construct a chain to a trusted certificate that might not be self-signed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:565 +msgid "ocsp_default_responder=URL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:567 +msgid "" +"Sets the OCSP default responder which should be used instead of the one " +"mentioned in the certificate. URL must be replaced with the URL of the OCSP " +"default responder e.g. http://example.com:80/ocsp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:577 +msgid "ocsp_default_responder_signing_cert=NAME" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:579 +msgid "" +"This option is currently ignored. All needed certificates must be available " +"in the PEM file given by pam_cert_db_path." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:587 +msgid "crl_file=/PATH/TO/CRL/FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:589 +#, fuzzy +#| msgid "" +#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> manual page for more details." +msgid "" +"Use the Certificate Revocation List (CRL) from the given file during the " +"verification of the certificate. The CRL must be given in PEM format, see " +"<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</" +"manvolnum> </citerefentry> for details." +msgstr "" +"Se reporter au paramètre <quote>dns_discovery_domain</quote> dans la page de " +"manuel <citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> pour plus de détails." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:602 +msgid "soft_crl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:605 +msgid "" +"If a Certificate Revocation List (CRL) is expired ignore the CRL checks for " +"the related certificates. This option should be used to allow authentication " +"when the system is offline and the CRL cannot be renewed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:616 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:619 +msgid "Default: not set, i.e. do not restrict certificate verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:625 +msgid "disable_netlink (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "" +"SSSD hooks into the netlink interface to monitor changes to routes, " +"addresses, links and trigger certain actions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:633 +msgid "" +"The SSSD state changes caused by netlink events may be undesirable and can " +"be disabled by setting this option to 'true'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:638 +msgid "Default: false (netlink changes are detected)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:643 +msgid "enable_files_domain (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:646 +msgid "" +"When this option is enabled, SSSD prepends an implicit domain with " +"<quote>id_provider=files</quote> before any explicitly configured domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:657 +msgid "domain_resolution_order" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:660 +msgid "" +"Comma separated list of domains and subdomains representing the lookup order " +"that will be followed. The list doesn't have to include all possible " +"domains as the missing domains will be looked up based on the order they're " +"presented in the <quote>domains</quote> configuration option. The " +"subdomains which are not listed as part of <quote>lookup_order</quote> will " +"be looked up in a random order for each parent domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:672 +msgid "" +"Please, note that when this option is set the output format of all commands " +"is always fully-qualified even when using short names for input <phrase " +"condition=\"with_files_provider\"> , for all users but the ones managed by " +"the files provider </phrase>. In case the administrator wants the output " +"not fully-qualified, the full_name_format option can be used as shown below: " +"<quote>full_name_format=%1$s</quote> However, keep in mind that during " +"login, login applications often canonicalize the username by calling " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> which, if a shortname is returned for a qualified " +"input (while trying to reach a user which exists in multiple domains) might " +"re-route the login attempt into the domain which uses shortnames, making " +"this workaround totally not recommended in cases where usernames may overlap " +"between domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 +#: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 +msgid "Default: Not set" +msgstr "Par défaut : non défini" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:705 +#, fuzzy +#| msgid "ipa_server_mode (boolean)" +msgid "implicit_pac_responder (boolean)" +msgstr "ipa_server_mode (booléen)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:708 +msgid "" +"The PAC responder is enabled automatically for the IPA and AD provider to " +"evaluate and check the PAC. If it has to be disabled set this option to " +"'false'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:719 +#, fuzzy +#| msgid "ad_enable_gc (boolean)" +msgid "core_dumpable (boolean)" +msgstr "ad_enable_gc (booléen)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:722 +msgid "" +"This option can be used for general system hardening: setting it to 'false' " +"forbids core dumps for all SSSD processes to avoid leaking plain text " +"passwords. See man page prctl:PR_SET_DUMPABLE for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:734 +#, fuzzy +#| msgid "ldap_user_certificate (string)" +msgid "passkey_verification (string)" +msgstr "ldap_user_certificate (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +#, fuzzy +#| msgid "ldap_user_certificate (string)" +msgid "user_verification (boolean)" +msgstr "ldap_user_certificate (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:744 +msgid "" +"Enable or disable the user verification (i.e. PIN, fingerprint) during " +"authentication. If enabled, the PIN will always be requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:750 +msgid "" +"The default is that the key settings decide what to do. In the IPA or " +"kerberos pre-authentication case, this value will be overwritten by the " +"server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +#, fuzzy +#| msgid "" +#| "The following expansions are supported: <placeholder " +#| "type=\"variablelist\" id=\"0\"/>" +msgid "" +"With this parameter the passkey verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Les expansions suivantes sont prises en charge : <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:211 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Les fonctionnalités propres à SSSD sont fournies par des services " +"spécifiques SSSD, qui sont démarrés et arrêtés en même temps que SSSD. Les " +"services sont gérés par un service spécifique souvent appelé le " +"<quote>moniteur</quote>. La section <quote>[sssd]</quote> est utilisée pour " +"configurer le moniteur ainsi que certaines options importantes comme " +"l'identité des domaines. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:769 +msgid "SERVICES SECTIONS" +msgstr "SECTIONS DE SERVICES" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:771 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" +"Les options utilisables pour configurer les différents services sont " +"décrites dans cette section. Ils doivent être situés dans la section " +"[<replaceable>$NAME</replaceable>], par exemple pour le service NSS, la " +"section doit être <quote>[nss]</quote>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:778 +msgid "General service configuration options" +msgstr "Options générales de configuration de service" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:780 +msgid "These options can be used to configure any service." +msgstr "Ces options peuvent être utilisées pour configurer les services." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:797 +msgid "fd_limit" +msgstr "fd_limit" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:800 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" +"Cette option spécifie le nombre maximal de descripteurs de fichiers qui " +"peuvent être ouverts en même temps par ce processus SSSD. Sur les systèmes " +"où SSSD se voit accorder la capacité CAP_SYS_RESOURCE, ce sera une limite " +"absolue. Sur les systèmes sans cette capacité, la valeur résultante sera la " +"valeur inférieure ou la limite « hard » de limits.conf." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "Par défault : 8192 (ou la limite « hard » de limits.conf)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:814 +msgid "client_idle_timeout" +msgstr "client_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:817 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system. The timeout " +"can't be shorter than 10 seconds. If a lower value is configured, it will be " +"adjusted to 10 seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 60, KCM: 300" +msgstr "Par défaut : 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:831 +msgid "offline_timeout (integer)" +msgstr "offline_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:834 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. By " +"default SSSD uses incremental behaviour to calculate delay in between " +"retries. So, the wait time for a given retry will be longer than the wait " +"time for the previous ones. After each unsuccessful attempt to go online, " +"the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 +msgid "" +"new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." +"offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:848 +msgid "" +"The offline_timeout default value is 60. The offline_timeout_max default " +"value is 3600. The offline_timeout_random_offset default value is 30. The " +"end result is amount of seconds before next retry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:854 +msgid "" +"Note that the maximum length of each interval is defined by " +"offline_timeout_max (apart of random part)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 +msgid "Default: 60" +msgstr "Par défaut : 60" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:863 +#, fuzzy +#| msgid "offline_timeout (integer)" +msgid "offline_timeout_max (integer)" +msgstr "offline_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:866 +msgid "" +"Controls by how much the time between attempts to go online can be " +"incremented following unsuccessful attempts to go online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:871 +msgid "A value of 0 disables the incrementing behaviour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:874 +msgid "" +"The value of this parameter should be set in correlation to offline_timeout " +"parameter value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "" +"With offline_timeout set to 60 (default value) there is no point in setting " +"offlinet_timeout_max to less than 120 as it will saturate instantly. General " +"rule here should be to set offline_timeout_max to at least 4 times " +"offline_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "" +"Although a value between 0 and offline_timeout may be specified, it has the " +"effect of overriding the offline_timeout value so is of little use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:889 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 3600" +msgstr "Par défaut : 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:894 +#, fuzzy +#| msgid "offline_timeout + random_offset" +msgid "offline_timeout_random_offset (integer)" +msgstr "offline_timeout + random_offset" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:897 +msgid "" +"When SSSD is in offline mode it keeps probing backend servers in specified " +"time intervals:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:904 +msgid "" +"This parameter controls the value of the random offset used for the above " +"equation. Final random_offset value will be random number in range:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +#, fuzzy +#| msgid "offline_timeout + random_offset" +msgid "[0 - offline_timeout_random_offset]" +msgstr "offline_timeout + random_offset" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:912 +msgid "A value of 0 disables the random offset addition." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:915 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 30" +msgstr "Par défaut : 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:920 +msgid "responder_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:923 +msgid "" +"This option specifies the number of seconds that an SSSD responder process " +"can be up without being used. This value is limited in order to avoid " +"resource exhaustion on the system. The minimum acceptable value for this " +"option is 60 seconds. Setting this option to 0 (zero) means that no timeout " +"will be set up to the responder. This option only has effect when SSSD is " +"built with systemd support and when services are either socket or D-Bus " +"activated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 +msgid "Default: 300" +msgstr "Par défaut : 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:942 +msgid "cache_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 +msgid "" +"This option specifies whether the responder should query all caches before " +"querying the Data Providers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:960 +msgid "NSS configuration options" +msgstr "Options de configuration NSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:962 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" +"Ces options peuvent être utilisées pour configurer le service Name Service " +"Switch (NSS)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:967 +msgid "enum_cache_timeout (integer)" +msgstr "enum_cache_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:970 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" +"La durée en secondes pendant laquelle nss_sss doit mettre en cache les " +"énumérations (requêtes sur les informations de tous les utilisateurs)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:974 +msgid "Default: 120" +msgstr "Par défaut : 120" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:979 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "entry_cache_nowait_percentage (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:982 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" +"La valeur du cache peut être définie pour mettre à jour automatiquement les " +"entrées en arrière plan si la requête ne dépasse pas un pourcentage de la " +"valeur de entry_cache_timeout pour le domaine." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:988 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" +"Par exemple, si la valeur entry_cache_timeout du domaine est à 30 secondes " +"et que entry_cache_nowait_percentage est à 50 (%), les entrées qui veulent " +"mettre à jour le cache après 15 secondes seront renvoyées immédiatement, " +"mais SSSD continuera et mettra à jour le cache de lui-même. Ainsi, les " +"prochaines requêtes ne seront pas bloquées en attendant une mise à jour du " +"cache." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:998 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" +"Les valeurs autorisées pour cette option vont de 0 à 99 et représentent un " +"pourcentage de la valeur entry_cache_timeout pour chaque domaine. Pour des " +"raisons de performance, ce pourcentage ne réduira jamais le délai d'attente " +"de non réponse à moins de 10 secondes (0 pour désactiver l'option)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 +msgid "Default: 50" +msgstr "Par défaut : 50" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1011 +msgid "entry_negative_timeout (integer)" +msgstr "entry_negative_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"Spécifie le temps, en secondes, pendant lequel nss_sss doit mettre en cache " +"les résultats négatifs du cache (c'est-à-dire les requêtes pour les bases de " +"données invalides, comme celles qui n'existent pas) avant de faire à nouveau " +"appel au moteur." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 +msgid "Default: 15" +msgstr "Par défaut : 15" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1025 +msgid "local_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1028 +msgid "" +"Specifies for how many seconds nss_sss should keep local users and groups in " +"negative cache before trying to look it up in the back end again. Setting " +"the option to 0 disables this feature." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "Default: 14400 (4 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1039 +msgid "filter_users, filter_groups (string)" +msgstr "filter_users, filter_groups (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1042 +msgid "" +"Exclude certain users or groups from being fetched from the sss NSS " +"database. This is particularly useful for system accounts. This option can " +"also be set per-domain or include fully-qualified names to filter only users " +"from the particular domain or by a user principal name (UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1050 +msgid "" +"NOTE: The filter_groups option doesn't affect inheritance of nested group " +"members, since filtering happens after they are propagated for returning via " +"NSS. E.g. a group having a member group filtered out will still have the " +"member users of the latter listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1058 +msgid "Default: root" +msgstr "Par défaut : root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1063 +msgid "filter_users_in_groups (bool)" +msgstr "filter_users_in_groups (booléen)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1066 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" +"Mettre cette option à « false » si les utilisateurs filtrés doivent rester " +"membres de groupes." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1077 +msgid "fallback_homedir (string)" +msgstr "fallback_homedir (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1080 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" +"Définir un modèle par défaut pour un répertoire utilisateur si aucun n'est " +"explicitement spécifié par le fournisseur de données du domaine." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1085 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" +"Les valeurs disponibles pour cette option sont les mêmes que pour " +"override_homedir." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1091 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" +"fallback_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "exemple : <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1095 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" +"Par défaut : non défini (aucune substitution pour les répertoires d'accueil " +"non définis)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1101 +msgid "override_shell (string)" +msgstr "override_shell (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1104 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" +"Écrase l'interpréteur de commande à utiliser pour tous les utilisateurs. " +"Cette option prend le pas sur toutes les autres options d'interpréteur de " +"commande si elle est en action, et peut être indiquée au choix soit dans la " +"section [nss], soit par domaine." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "Par défaut : indéfini (SSSD utilisera la valeur récupérée de LDAP)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1116 +msgid "allowed_shells (string)" +msgstr "allowed_shells (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1119 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" +"Restreindre l'interpréteur de commandes de l'utilisateur à l'une des valeurs " +"indiquées. L'ordre d'évaluation est :" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1122 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" +"1. Si l'interpréteur de commandes est présent dans <quote>/etc/shells</" +"quote>, il est utilisé." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1126 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" +"2. Si l'interpréteur de commandes est dans la liste « allowed_shells » mais " +"n'est pas dans <quote>/etc/shells</quote>, la valeur de repli de « " +"shell_fallback » sera utilisée." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1131 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" +"3. Si l'interpréteur de commandes n'est ni dans la liste « allowed_shells » " +"ni dans <quote>/etc/shells</quote>, une connexion sans shell est utilisée." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1136 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1139 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1146 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" +"Une chaîne vide pour l'interpréteur de commandes est passée telle quelle est " +"à la libc." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1149 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" +"Le fichier <quote>/etc/shells</quote> n'est lu qu'au démarrage de SSSD. Un " +"redémarrage de SSSD est nécessaire si un nouvel interpréteur de commandes " +"est installé." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1153 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" +"Par défaut : non défini. L'interpréteur de commandes de l'utilisateur est " +"utilisé automatiquement." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1158 +msgid "vetoed_shells (string)" +msgstr "vetoed_shells (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1161 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" +"Remplace toutes les occurences de ces interpréteurs de commandes par " +"l'interpréteur de commandes par défaut" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1166 +msgid "shell_fallback (string)" +msgstr "shell_fallback (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1169 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" +"L'interpréteur de commandes par défaut à utiliser si un interpréteur de " +"commandes autorisé n'est pas installé sur la machine." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1173 +msgid "Default: /bin/sh" +msgstr "Par défaut : /bin/sh" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1178 +msgid "default_shell" +msgstr "default_shell" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1181 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" +"L'interpréteur de commande par défaut à utiliser si le fournisseur n'en " +"renvoie pas un lors de la recherche. Cette option peut être indiquée au " +"choix soit dans la section [nss], soit par domaine." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1187 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" +"Par défaut : non défini (retourne NULL si aucun shell n'est spécifié et " +"s'appuyer sur la libc pour remplacer par quelque chose de sensé lorsque " +"nécessaire, habituellement /bin/sh)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 +msgid "get_domains_timeout (int)" +msgstr "get_domains_timeout (int)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" +"Spécifie la durée en secondes pendant laquelle la liste de sous-domaines est " +"jugée valide." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1206 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_timeout (integer)" +msgstr "enum_cache_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1209 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid. Setting this option to zero will disable the in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1217 +msgid "" +"WARNING: Disabling the in-memory cache will have significant negative impact " +"on SSSD's performance and should only be used for testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1231 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_passwd (integer)" +msgstr "enum_cache_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1234 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for passwd requests. Setting the size to 0 will disable the passwd in-" +"memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 +msgid "Default: 8" +msgstr "Par défaut : 8" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 +msgid "" +"WARNING: Disabled or too small in-memory cache can have significant negative " +"impact on SSSD's performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1256 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_group (integer)" +msgstr "enum_cache_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1259 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for group requests. Setting the size to 0 will disable the group in-memory " +"cache." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 +#: include/krb5_options.xml:11 +msgid "Default: 6" +msgstr "Par défaut : 6" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1281 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_initgroups (integer)" +msgstr "enum_cache_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1284 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for initgroups requests. Setting the size to 0 will disable the initgroups " +"in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1306 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_sid (integer)" +msgstr "enum_cache_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1309 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for SID related requests. Only SID-by-ID and ID-by-SID requests are " +"currently cached in fast in-memory cache. Setting the size to 0 will " +"disable the SID in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 +msgid "user_attributes (string)" +msgstr "user_attributes (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1336 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1349 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1354 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "Par défaut : non défini, repli sur l'option InfoPipe" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1359 +msgid "pwfield (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1362 +msgid "" +"The value that NSS operations that return users or groups will return for " +"the <quote>password</quote> field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1367 +#, fuzzy +#| msgid "Default: <quote>permit</quote>" +msgid "Default: <quote>*</quote>" +msgstr "Par défaut : <quote>permit</quote>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1370 +#, fuzzy +#| msgid "This option can also be set per-domain." +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[nss] section." +msgstr "Cette option peut aussi être définie pour chaque domaine." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1374 +msgid "" +"Default: <quote>not set</quote> (remote domains), <phrase " +"condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" +"phrase> <quote>x</quote> (proxy domain with nss_files and sssd-shadowutils " +"target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1386 +msgid "PAM configuration options" +msgstr "Options de configuration de PAM" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1388 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" +"Ces options permettent de configurer le service Pluggable Authentication " +"Module (PAM)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1393 +msgid "offline_credentials_expiration (integer)" +msgstr "offline_credentials_expiration (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1396 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" +"Si le fournisseur d'authentification est déconnecté, combien de temps " +"autoriser les connexions à partir du cache (en jours depuis la dernière " +"connexion réussie)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 +msgid "Default: 0 (No limit)" +msgstr "Par défaut : 0 (pas de limite)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1407 +msgid "offline_failed_login_attempts (integer)" +msgstr "offline_failed_login_attempts (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1410 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" +"Si le fournisseur d'authentification est déconnecté, combien de connexions " +"échouées sont autorisées." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1420 +msgid "offline_failed_login_delay (integer)" +msgstr "offline_failed_login_delay (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1423 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" +"Le temps en minutes à attendre après avoir atteint " +"offline_failed_login_attempts avant qu'une nouvelle tentative de connexion " +"soit possible." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1428 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" +"Si la valeur est à 0, l'utilisateur ne peut s'authentifier en mode " +"déconnecté si offline_failed_login_attempts est atteint. Seulement une " +"connexion réussie en ligne peut réactiver l'authentification." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 +msgid "Default: 5" +msgstr "Par défaut : 5" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1440 +msgid "pam_verbosity (integer)" +msgstr "pam_verbosity (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1443 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" +"Contrôle le type de messages affichés à l'utilisateur pendant le processus " +"d'authentification. Plus le nombre est grand, plus le nombre de messages " +"affichés sera important." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1448 +msgid "Currently sssd supports the following values:" +msgstr "Actuellement sssd supporte les valeurs suivantes :" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1451 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "<emphasis>0</emphasis> : ne pas afficher de message" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1454 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "<emphasis>1</emphasis> : afficher seulement les messages importants" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1458 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "<emphasis>2</emphasis> : afficher les messages d'information" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" +"<emphasis>3</emphasis> : afficher tous les messages et informations de " +"débogage" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1465 sssd.8.xml:63 +msgid "Default: 1" +msgstr "Par défaut : 1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1471 +#, fuzzy +#| msgid "ad_access_filter (string)" +msgid "pam_response_filter (string)" +msgstr "ad_access_filter (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1474 +msgid "" +"A comma separated list of strings which allows to remove (filter) data sent " +"by the PAM responder to pam_sss PAM module. There are different kind of " +"responses sent to pam_sss e.g. messages displayed to the user or environment " +"variables which should be set by pam_sss." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1482 +msgid "" +"While messages already can be controlled with the help of the pam_verbosity " +"option this option allows to filter out other kind of responses as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1489 +msgid "ENV" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1490 +msgid "Do not send any environment variables to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1493 +msgid "ENV:var_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1494 +msgid "Do not send environment variable var_name to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1498 +msgid "ENV:var_name:service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1499 +msgid "Do not send environment variable var_name to service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1487 +msgid "" +"Currently the following filters are supported: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1506 +msgid "" +"The list of strings can either be the list of filters which would set this " +"list of filters and overwrite the defaults. Or each element of the list can " +"be prefixed by a '+' or '-' character which would add the filter to the " +"existing default or remove it from the defaults, respectively. Please note " +"that either all list elements must have a '+' or '-' prefix or none. It is " +"considered as an error to mix both styles." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1517 +msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1520 +msgid "" +"Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1527 +msgid "pam_id_timeout (integer)" +msgstr "pam_id_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1530 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" +"Lors de chaque requête PAM quand SSSD est en mode connecté, SSSD tentera de " +"mettre à jour immédiatement les informations d'identité mises en cache pour " +"l'utilisateur de manière à s'assurer que l'authentification se fasse avec " +"les dernières informations." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1536 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" +"Une conversation PAM complète peut effectuer plusieurs requêtes PAM, comme " +"la gestion de compte et l'ouverture de session. Cette option contrôle (par " +"client et par application) la durée (en secondes) de mise en cache des " +"informations d'identité afin d'éviter de nombreux aller-retour avec le " +"fournisseur d'identité." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1550 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "pam_pwd_expiration_warning (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 +msgid "Display a warning N days before the password expires." +msgstr "Afficher une alerte N jours avant l'expiration du mot de passe." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1556 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" +"Noter que le moteur du service doit fournir des informations à propos du " +"délai d'expiration du mot de passe. Si cette information est manquante, sssd " +"ne peut afficher de message d'alerte." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" +"Si la valeur est zéro, ce filtre n'est pas appliqué, c'est-à-dire que si " +"l'avertissement d'expiration est reçu de la part du moteur du serveur, il " +"sera automatiquement affiché." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1567 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" +"Ce paramètre peut être surchargé par le paramètre " +"<emphasis>pwd_expiration_warning</emphasis> pour un domaine particulier." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 +msgid "Default: 0" +msgstr "Par défaut : 0" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1589 +msgid "pam_trusted_users (string)" +msgstr "pam_trusted_users (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1592 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to run PAM conversations against trusted domains. Users not " +"included in this list can only access domains marked as public with " +"<quote>pam_public_domains</quote>. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 +msgid "Default: All users are considered trusted by default" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1606 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "pam_public_domains (string)" +msgstr "pam_public_domains (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1620 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" +"Deux valeurs spéciales pour l'option pam_public_domains sont définies :" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1624 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" +"all (tous les utilisateurs non dignes de confiance sont autorisés à accéder " +"à tous les domaines PAM dans le répondeur.)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1628 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" +"none (les utilisateurs non dignes de confiance, Untrusted, ne sont pas " +"autorisés à accéder à un des domaines PAM dans le répondeur.)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 +msgid "Default: none" +msgstr "Par défaut : aucun" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1637 +msgid "pam_account_expired_message (string)" +msgstr "pam_account_expired_message (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1640 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbosity is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1653 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1662 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1665 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1672 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1681 +#, fuzzy +#| msgid "ldap_chpass_update_last_change (bool)" +msgid "pam_passkey_auth (bool)" +msgstr "ldap_chpass_update_last_change (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 +msgid "Enable passkey device based authentication." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 +msgid "Default: False" +msgstr "Par défaut : False" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1692 +msgid "passkey_debug_libfido2 (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1695 +msgid "Enable libfido2 library debug messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1703 +msgid "pam_cert_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1706 +msgid "" +"Enable certificate based Smartcard authentication. Since this requires " +"additional communication with the Smartcard which will delay the " +"authentication process this option is disabled by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1717 +msgid "pam_cert_db_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1720 +msgid "The path to the certificate database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 +msgid "Default:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 +msgid "" +"/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " +"certificates in PEM format)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1735 +#, fuzzy +#| msgid "ldap_user_certificate (string)" +msgid "pam_cert_verification (string)" +msgstr "ldap_user_certificate (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1738 +msgid "" +"With this parameter the PAM certificate verification can be tuned with a " +"comma separated list of options that override the " +"<quote>certificate_verification</quote> value in <quote>[sssd]</quote> " +"section. Supported options are the same of <quote>certificate_verification</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1749 +#, fuzzy, no-wrap +#| msgid "" +#| "subdomain_inherit = ldap_purge_cache_timeout\n" +#| " " +msgid "" +"pam_cert_verification = partial_chain\n" +" " +msgstr "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1753 +msgid "" +"Default: not set, i.e. use default <quote>certificate_verification</quote> " +"option defined in <quote>[sssd]</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1760 +msgid "p11_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1763 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1772 +#, fuzzy +#| msgid "pam_id_timeout (integer)" +msgid "passkey_child_timeout (integer)" +msgstr "pam_id_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1775 +msgid "" +"How many seconds will the PAM responder wait for passkey_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1784 +msgid "pam_app_services (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1787 +msgid "" +"Which PAM services are permitted to contact domains of type " +"<quote>application</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1796 +msgid "pam_p11_allowed_services (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1799 +msgid "" +"A comma-separated list of PAM service names for which it will be allowed to " +"use Smartcards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1814 +#, no-wrap +msgid "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1803 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in order " +"to replace a default PAM service name for authentication with Smartcards (e." +"g. <quote>login</quote>) with a custom PAM service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd-ad.5.xml:869 sssd-ad.5.xml:947 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1863 +msgid "gnome-screensaver" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1871 +msgid "p11_wait_for_card_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1874 +msgid "" +"If Smartcard authentication is required how many extra seconds in addition " +"to p11_child_timeout should the PAM responder wait until a Smartcard is " +"inserted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1885 +msgid "p11_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1888 +msgid "" +"PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " +"selection of devices used for Smartcard authentication. By default SSSD's " +"p11_child will search for a PKCS#11 slot (reader) where the 'removable' " +"flags is set and read the certificates from the inserted token from the " +"first slot found. If multiple readers are connected p11_uri can be used to " +"tell p11_child to use a specific reader." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1901 +#, no-wrap +msgid "" +"p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1905 +#, no-wrap +msgid "" +"p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1899 +msgid "" +"Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " +"type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " +"debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' " +"with e.g. the '--list-all' will show PKCS#11 URIs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1918 +msgid "pam_initgroups_scheme" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1926 +msgid "always" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1927 +msgid "" +"Always do an online lookup, please note that pam_id_timeout still applies" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1931 +msgid "no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1932 +msgid "" +"Only do an online lookup if there is no active session of the user, i.e. if " +"the user is currently not logged in" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1937 +msgid "never" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1938 +msgid "" +"Never force an online lookup, use the data from the cache as long as they " +"are not expired" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1921 +msgid "" +"The PAM responder can force an online lookup to get the current group " +"memberships of the user trying to log in. This option controls when this " +"should be done and the following values are allowed: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1945 +msgid "Default: no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 +#, fuzzy +#| msgid "ad_gpo_map_service (string)" +msgid "pam_gssapi_services" +msgstr "ad_gpo_map_service (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1953 +#, fuzzy +#| msgid "Comma separated list of users who are allowed to log in." +msgid "" +"Comma separated list of PAM services that are allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" +"Liste séparée par des virgules d'utilisateurs autorisés à se connecter." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1958 +msgid "" +"To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[pam] section. It can also be set for trusted domain which overwrites the " +"value in the domain section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1970 +#, fuzzy, no-wrap +#| msgid "" +#| "fallback_homedir = /home/%u\n" +#| " " +msgid "" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" +"fallback_homedir = /home/%u\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "Exemple : <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1974 +msgid "Default: - (GSSAPI authentication is disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 +msgid "pam_gssapi_check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1982 +msgid "" +"If True, SSSD will require that the Kerberos user principal that " +"successfully authenticated through GSSAPI can be associated with the user " +"who is being authenticated. Authentication will fail if the check fails." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1989 +msgid "" +"If False, every user that is able to obtained required service ticket will " +"be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 +#: sssd-files.5.xml:145 +msgid "Default: True" +msgstr "Par défaut : True" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2004 +msgid "pam_gssapi_indicators_map" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2007 +msgid "" +"Comma separated list of authentication indicators required to be present in " +"a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2013 +msgid "" +"Each element of the list can be either an authentication indicator name or a " +"pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " +"service name will be required to access any PAM service configured to be " +"used with <option>pam_gssapi_services</option>. A resulting list of " +"indicators per PAM service is then checked against indicators in the " +"Kerberos ticket during authentication by pam_sss_gss.so. Any indicator from " +"the ticket that matches the resulting list of indicators for the PAM service " +"would grant access. If none of the indicators in the list match, access will " +"be denied. If the resulting list of indicators for the PAM service is empty, " +"the check will not prevent the access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"To disable GSSAPI authentication indicator check, set this option to <quote>-" +"</quote> (dash). To disable the check for a specific PAM service, add " +"<quote>service:-</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "" +"Following authentication indicators are supported by IPA Kerberos " +"deployments:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"pkinit -- pre-authentication using X.509 certificates -- whether stored in " +"files or on smart cards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2043 +msgid "" +"hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " +"FAST channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2046 +msgid "radius -- pre-authentication with the help of a RADIUS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2049 +msgid "" +"otp -- pre-authentication using integrated two-factor authentication (2FA or " +"one-time password, OTP) in IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2052 +msgid "idp -- pre-authentication using external identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:2062 +#, no-wrap +msgid "" +"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2057 +msgid "" +"Example: to require access to SUDO services only for users which obtained " +"their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " +"set <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2066 +#, fuzzy +#| msgid "Default: not set (no substitution for unset home directories)" +msgid "Default: not set (use of authentication indicators is not required)" +msgstr "" +"Par défaut : non défini (aucune substitution pour les répertoires d'accueil " +"non définis)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2074 +msgid "SUDO configuration options" +msgstr "Options de configuration de SUDO" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2076 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Ces options peuvent être utilisées pour configurer le service sudo. Les " +"directives de configuration de <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> dans <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"sont détaillées dans la page de manuel <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2093 +msgid "sudo_timed (bool)" +msgstr "sudo_timed (booléen)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2096 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" +"Évaluation ou non des attributs sudoNotBefore et sudoNotAfter qui utilisent " +"les entrées sudoers sensibles au temps." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2108 +msgid "sudo_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2111 +msgid "" +"Maximum number of expired rules that can be refreshed at once. If number of " +"expired rules is below threshold, those rules are refreshed with " +"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a " +"<quote>full refresh</quote> of sudo rules is triggered instead. This " +"threshold number also applies to IPA sudo command and command group searches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2130 +msgid "AUTOFS configuration options" +msgstr "Options de configuration AUTOFS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2132 +msgid "These options can be used to configure the autofs service." +msgstr "Ces options peuvent être utilisées pour configurer le service autofs." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2136 +msgid "autofs_negative_timeout (integer)" +msgstr "autofs_negative_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2139 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"Spécifie le délai en secondes pendant lequel le répondeur autofs stocke les " +"réponses négatives (autrement dit, les requêtes pour les entrées de mappage " +"non valide, comme celles qui n'existent pas) avant de demander à nouveau au " +"moteur." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2155 +msgid "SSH configuration options" +msgstr "Options de configuration SSH" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2157 +msgid "These options can be used to configure the SSH service." +msgstr "" +"Les options suivantes peuvent être utilisées pour configurer le service SSH." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2161 +msgid "ssh_hash_known_hosts (bool)" +msgstr "ssh_hash_known_hosts (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2164 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" +"Condenser ou non les noms de systèmes et adresses du fichier known_hosts" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2173 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "ssh_known_hosts_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2176 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" +"La durée en secondes pendant laquelle conserver un système dans le fichier " +"known_hosts géré après que ses clés de système ont été demandés." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2180 +msgid "Default: 180" +msgstr "Par défaut : 180" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2185 +msgid "ssh_use_certificate_keys (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2188 +msgid "" +"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " +"keys derived from the public key of X.509 certificates stored in the user " +"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2203 +msgid "ssh_use_certificate_matching_rules (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2206 +msgid "" +"By default the ssh responder will use all available certificate matching " +"rules to filter the certificates so that ssh keys are only derived from the " +"matching ones. With this option the used rules can be restricted with a " +"comma separated list of mapping and matching rule names. All other rules " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2215 +msgid "" +"There are two special key words 'all_rules' and 'no_rules' which will enable " +"all or no rules, respectively. The latter means that no certificates will be " +"filtered out and ssh keys will be generated from all valid certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2222 +msgid "" +"If no rules are configured using 'all_rules' will enable a default rule " +"which enables all certificates suitable for client authentication. This is " +"the same behavior as for the PAM responder if certificate authentication is " +"enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2229 +msgid "" +"A non-existing rule name is considered an error. If as a result no rule is " +"selected all certificates will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2234 +msgid "" +"Default: not set, equivalent to 'all_rules', all found rules or the default " +"rule are used" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2240 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2243 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2263 +msgid "PAC responder configuration options" +msgstr "Options de configuration du répondeur PAC" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2265 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. If " +"the PAC is decoded and evaluated some of the following operations are done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2274 +msgid "" +"If the remote user does not exist in the cache, it is created. The UID is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"GID will have the same value as the UID. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2282 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" +"S'il y a des SID de groupes des domaines connus de sssd, l'utilisateur sera " +"ajouté à ces groupes." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2288 +msgid "These options can be used to configure the PAC responder." +msgstr "" +"Les options suivantes peuvent être utilisées pour configurer le répondeur " +"PAC." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 +msgid "allowed_uids (string)" +msgstr "allowed_uids (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2295 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" +"Spécifie la liste séparée par des virgules des UID ou noms d'utilisateurs " +"qui sont autorisés à accéder au répondeur PAC. Les noms d'utilisateurs " +"seront résolus en UID au démarrage." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2301 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" +"Par défaut : 0 (seul l'utilisateur root est autorisé à accéder au répondeur " +"PAC)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2305 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" +"Noter que bien que l'UID 0 est utilisé par défaut, il sera remplacé par " +"cette option. Si vous voulez continuer à permettre à l'utilisateur root à " +"accéder au répondeur PAC, ce qui serait un cas habituel, vous devez ajouter " +"0 à la liste des UID d'utilisateurs autorisés." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2314 +msgid "pac_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2317 +msgid "" +"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " +"data can be used to determine the group memberships of a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2327 +#, fuzzy +#| msgid "ldap_schema (string)" +msgid "pac_check (string)" +msgstr "ldap_schema (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2330 +msgid "" +"Apply additional checks on the PAC of the Kerberos ticket which is available " +"in Active Directory and FreeIPA domains, if configured. Please note that " +"Kerberos ticket validation must be enabled to be able to check the PAC, i.e. " +"the krb5_validate option must be set to 'True' which is the default for the " +"IPA and AD provider. If krb5_validate is set to 'False' the PAC checks will " +"be skipped." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2344 +msgid "no_check" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2346 +msgid "" +"The PAC must not be present and even if it is present no additional checks " +"will be done." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2352 +msgid "pac_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2354 +msgid "" +"The PAC must be present in the service ticket which SSSD will request with " +"the help of the user's TGT. If the PAC is not available the authentication " +"will fail." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2362 +msgid "check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2364 +msgid "" +"If the PAC is present check if the user principal name (UPN) information is " +"consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2370 +msgid "check_upn_allow_missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2372 +msgid "" +"This option should be used together with 'check_upn' and handles the case " +"where a UPN is set on the server-side but is not read by SSSD. The typical " +"example is a FreeIPA domain where 'ldap_user_principal' is set to a not " +"existing attribute name. This was typically done to work-around issues in " +"the handling of enterprise principals. But this is fixed since quite some " +"time and FreeIPA can handle enterprise principals just fine and there is no " +"need anymore to set 'ldap_user_principal'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2384 +msgid "" +"Currently this option is set by default to avoid regressions in such " +"environments. A log message will be added to the system log and SSSD's debug " +"log in case a UPN is found in the PAC but not in SSSD's cache. To avoid this " +"log message it would be best to evaluate if the 'ldap_user_principal' option " +"can be removed. If this is not possible, removing 'check_upn' will skip the " +"test and avoid the log message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2398 +msgid "upn_dns_info_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2400 +msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2405 +msgid "check_upn_dns_info_ex" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2407 +msgid "" +"If the PAC is present and the extension to the UPN-DNS-INFO buffer is " +"available check if the information in the extension is consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2414 +msgid "upn_dns_info_ex_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2416 +msgid "" +"The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " +"'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2340 +#, fuzzy +#| msgid "" +#| "The following expansions are supported: <placeholder " +#| "type=\"variablelist\" id=\"0\"/>" +msgid "" +"The following options can be used alone or in a comma-separated list: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Les expansions suivantes sont prises en charge : <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2426 +msgid "" +"Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " +"check_upn_dns_info_ex')" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2435 +msgid "Session recording configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2437 +msgid "" +"Session recording works in conjunction with <citerefentry> " +"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>, a part of tlog package, to log what users see and type when " +"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-" +"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2450 +msgid "These options can be used to configure session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 +msgid "scope (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 +msgid "\"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 +msgid "No users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 +msgid "\"some\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 +msgid "" +"Users/groups specified by <replaceable>users</replaceable> and " +"<replaceable>groups</replaceable> options are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 +msgid "\"all\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 +msgid "All users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 +msgid "" +"One of the following strings specifying the scope of session recording: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 +msgid "Default: \"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 +msgid "users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 +msgid "" +"A comma-separated list of users which should have session recording enabled. " +"Matches user names as returned by NSS. I.e. after the possible space " +"replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 +msgid "Default: Empty. Matches no users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 +msgid "groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 +msgid "" +"A comma-separated list of groups, members of which should have session " +"recording enabled. Matches group names as returned by NSS. I.e. after the " +"possible space replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 +#: sssd-session-recording.5.xml:161 +msgid "" +"NOTE: using this option (having it set to anything) has a considerable " +"performance cost, because each uncached request for a user requires " +"retrieving and matching the groups the user is member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 +msgid "Default: Empty. Matches no groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 +#, fuzzy +#| msgid "simple_deny_users (string)" +msgid "exclude_users (string)" +msgstr "simple_deny_users (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 +msgid "" +"A comma-separated list of users to be excluded from recording, only " +"applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 +#, fuzzy +#| msgid "Default: empty, i.e. ldap_uri is used." +msgid "Default: Empty. No users excluded." +msgstr "Par défaut : vide, ldap_uri est donc utilisé." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 +#, fuzzy +#| msgid "simple_deny_groups (string)" +msgid "exclude_groups (string)" +msgstr "simple_deny_groups (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 +msgid "" +"A comma-separated list of groups, members of which should be excluded from " +"recording. Only applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 +#, fuzzy +#| msgid "Default: empty, i.e. ldap_uri is used." +msgid "Default: Empty. No groups excluded." +msgstr "Par défaut : vide, ldap_uri est donc utilisé." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2568 +msgid "DOMAIN SECTIONS" +msgstr "SECTIONS DOMAINES" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2575 +msgid "enabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2578 +msgid "" +"Explicitly enable or disable the domain. If <quote>true</quote>, the domain " +"is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " +"always <quote>disabled</quote>. If this option is not set, the domain is " +"enabled only if it is listed in the domains option in the <quote>[sssd]</" +"quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2590 +msgid "domain_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2593 +msgid "" +"Specifies whether the domain is meant to be used by POSIX-aware clients such " +"as the Name Service Switch or by applications that do not need POSIX data to " +"be present or generated. Only objects from POSIX domains are available to " +"the operating system interfaces and utilities." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2601 +msgid "" +"Allowed values for this option are <quote>posix</quote> and " +"<quote>application</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2605 +msgid "" +"POSIX domains are reachable by all services. Application domains are only " +"reachable from the InfoPipe responder (see <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>) and the PAM responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2613 +msgid "" +"NOTE: The application domains are currently well tested with " +"<quote>id_provider=ldap</quote> only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2617 +msgid "" +"For an easy way to configure a non-POSIX domains, please see the " +"<quote>Application domains</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2621 +msgid "Default: posix" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2627 +msgid "min_id,max_id (integer)" +msgstr "min_id,max_id (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2630 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" +"Limites UID et GID pour le domaine. Si un domaine contient une entrée en " +"dehors de ces limites, elle est ignorée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2635 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" +"Pour les utilisateurs, cela affecte la limite des GID primaires. " +"L'utilisateur ne sera pas renvoyé vers NSS si l'UID ou le GID primaire sont " +"en dehors de la plage. Pour l'appartenance à un groupe non primaire, ceux " +"qui sont dans la plage seront rapportés comme prévu." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2642 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" +"Ces limites d'identifiants affecte aussi les mises en cache des entrées, et " +"pas seulement leur recherche par nom ou identifiant." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2646 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "Default: 1 for min_id, 0 (no limit) for max_id" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2652 +msgid "enumerate (bool)" +msgstr "enumerate (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2655 +msgid "" +"Determines if a domain can be enumerated, that is, whether the domain can " +"list all the users and group it contains. Note that it is not required to " +"enable enumeration in order for secondary groups to be displayed. This " +"parameter can have one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2663 +msgid "TRUE = Users and groups are enumerated" +msgstr "TRUE = utilisateurs et groupes sont énumérés" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2666 +msgid "FALSE = No enumerations for this domain" +msgstr "FALSE = aucune énumération pour ce domaine" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 +msgid "Default: FALSE" +msgstr "Par défaut : FALSE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2672 +msgid "" +"Enumerating a domain requires SSSD to download and store ALL user and group " +"entries from the remote server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2677 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed. This can lead to the <quote>sssd_be</" +"quote> process becoming unresponsive or even restarted by the internal " +"watchdog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2692 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" +"Lorsque la première énumération est en cours, les requêtes pour des listes " +"utilisateurs ou de groupes peuvent retourner des résultats vides avant que " +"l'énumération ne se termine." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2697 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" +"De plus, activer l'énumération peut augmenter le temps nécessaire pour " +"détecter la déconnexion d'un réseau, puisque des délais d'attente supérieurs " +"sont nécessaires pour s'assurer que les requêtes d'énumération se terminent " +"avec succès. Pour plus d'informations, se référer au manuel pour le " +"fournisseur d'identité spécifique utilisé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2705 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" +"Pour les raisons citées plus haut, l'activation de l'énumération est " +"déconseillée, surtout dans les environnements de grande taille." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2713 +msgid "subdomain_enumerate (string)" +msgstr "subdomain_enumerate (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2720 +msgid "all" +msgstr "all" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2721 +msgid "All discovered trusted domains will be enumerated" +msgstr "Tous les domaines approuvés découverts seront énumérés" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2724 +msgid "none" +msgstr "none" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2725 +msgid "No discovered trusted domains will be enumerated" +msgstr "Aucun domaine approuvé découvert ne sera énuméré" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2716 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" +"Les domaines approuvés auto-détectés doivent-ils être énumérés ?\n" +"Les valeurs prises en charge sont : <placeholder type=\"variablelist\" " +"id=\"0\"/> \n" +"De manière facultative, une liste d'un ou plusieurs noms de domaines peut " +"activer l'énumération pour ces seuls domaines." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2739 +msgid "entry_cache_timeout (integer)" +msgstr "entry_cache_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2742 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" +"La durée en secondes pendant laquelle nss_sss doit considérer les entrées " +"comme valides avant de les redemander au moteur" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2746 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" +"Les horodatages d'expiration de cache sont stockés en tant qu'attributs des " +"objets individuels dans le cache. Il en découle que la modification du délai " +"d'expiration du cache ne sera pris en compte que pour les entrées qui y sont " +"nouvellement ajoutées, ou pour celles qui ont expiré. Vous devriez utiliser " +"l'outil <citerefentry> <refentrytitle>sss_cache</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> de manière à forcer un " +"rafraîchissement des entrées qui sont déjà en cache." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2759 +msgid "Default: 5400" +msgstr "Par défaut : 5400" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2765 +msgid "entry_cache_user_timeout (integer)" +msgstr "entry_cache_user_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2768 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" +"La durée en secondes pendant laquelle nss_sss doit considérer les entrées " +"d'utilisateurs comme valides avant de les redemander au moteur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 +msgid "Default: entry_cache_timeout" +msgstr "Par défaut : entry_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2778 +msgid "entry_cache_group_timeout (integer)" +msgstr "entry_cache_group_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2781 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" +"La durée en secondes pendant laquelle nss_sss doit considérer les entrées de " +"groupes comme valides avant de les redemander au moteur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2791 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "entry_cache_netgroup_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2794 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" +"La durée en secondes pendant laquelle nss_sss doit considérer les entrées de " +"netgroup comme valides avant de les redemander au moteur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2804 +msgid "entry_cache_service_timeout (integer)" +msgstr "entry_cache_service_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2807 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" +"La durée en secondes pendant laquelle nss_sss doit considérer les entrées de " +"service valides avant de les redemander au moteur" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2817 +msgid "entry_cache_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2820 +msgid "" +"How many seconds should nss_sss consider hosts and networks entries valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2831 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "entry_cache_sudo_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2834 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" +"La durée en secondes pendant laquelle sudo doit considérer les règles comme " +"valides avant de les redemander au moteur" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2844 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "entry_cache_autofs_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2847 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" +"La durée en secondes pendant laquelle le service autofs doit considérer les " +"cartes d'automontage comme valides avant de les redemander au moteur" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2858 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "entry_cache_ssh_host_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2861 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" +"La durée en secondes pendant laquelle conserver une clé ssh d'hôte après " +"rafraichissement. I.e. combien de temps mettre la clé en cache." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2872 +msgid "entry_cache_computer_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2875 +msgid "" +"How many seconds to keep the local computer entry before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2885 +msgid "refresh_expired_interval (integer)" +msgstr "refresh_expired_interval (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2888 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" +"Indique la durée en secondes pendant laquelle SSSD doit attendre avant de " +"déclencher une tâche en arrière-plan qui rafraichira tous les " +"enregistrements expirés ou sur le point de l'être." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2893 +msgid "" +"The background refresh will process users, groups and netgroups in the " +"cache. For users who have performed the initgroups (get group membership for " +"user, typically ran at login) operation in the past, both the user entry " +"and the group membership are updated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2901 +msgid "This option is automatically inherited for all trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2905 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" +"Il est envisageable de configurer cette valeur à 3/4 * entry_cache_timeout." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2909 +msgid "" +"Cache entry will be refreshed by background task when 2/3 of cache timeout " +"has already passed. If there are existing cached entries, the background " +"task will refer to their original cache timeout values instead of current " +"configuration value. This may lead to a situation in which background " +"refresh task appears to not be working. This is done by design to improve " +"offline mode operation and reuse of existing valid cache entries. To make " +"this change instant the user may want to manually invalidate existing cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 +#: sssd-ipa.5.xml:270 +msgid "Default: 0 (disabled)" +msgstr "Par défaut : 0 (désactivé)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2928 +msgid "cache_credentials (bool)" +msgstr "cache_credentials (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2942 +msgid "" +"Take a note that while credentials are stored as a salted SHA512 hash, this " +"still potentially poses some security risk in case an attacker manages to " +"get access to a cache file (normally requires privileged access) and to " +"break a password using brute force attack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2956 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2959 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2966 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2977 +msgid "account_cache_expiration (integer)" +msgstr "account_cache_expiration (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2980 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" +"Durée en jours pendant laquelle les entrées sont stockées dans le cache " +"après la dernière connexion réussie, avant d'être enlevées lors du nettoyage " +"du cache. 0 signifie qu'elles sont conservées indéfiniment. La valeur de ce " +"paramètre doit être supérieur ou égal à offline_credentials_expiration." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2987 +msgid "Default: 0 (unlimited)" +msgstr "Par défaut : 0 (illimité)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2992 +msgid "pwd_expiration_warning (integer)" +msgstr "pwd_expiration_warning (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3003 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" +"Veuillez noter que le moteur du service doit fournir des informations à " +"propos du délai d'expiration du mot de passe. Si cette information est " +"manquante, sssd ne peut afficher de message d'alerte. De plus, un " +"fournisseur oauth doit être configuré pour le moteur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3010 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "Par défaut : 7 (Kerberos), 0 (LDAP)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3016 +msgid "id_provider (string)" +msgstr "id_provider (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3019 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" +"Le fournisseur d'identification utilisé pour le domaine. Les fournisseurs " +"d'identification pris en charge sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3023 +msgid "<quote>proxy</quote>: Support a legacy NSS provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3026 +msgid "" +"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" +"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on how to mirror local users and groups into SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3034 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> : fournisseur LDAP. Cf. " +"<citerefentry><refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> pour plus d'informations sur la configuration de " +"LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +#| "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> for more information on " +#| "configuring FreeIPA." +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." +msgstr "" +"<quote>ipa</quote> : fournisseur FreeIPA et Red Hat Enterprise Identity " +"Management. Cf. <citerefentry><refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> pour plus d'informations sur la " +"configuration de FreeIPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" +"<quote>ad</quote> : fournisseur Active Directory. Cf. " +"<citerefentry><refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> pour plus d'informations sur la configuration " +"d'Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3062 +msgid "use_fully_qualified_names (bool)" +msgstr "use_fully_qualified_names (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3065 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" +"Utiliser le nom complet et le domaine (comme formaté par le paramètre " +"full_name_format du domaine) comme nom de connexion de l'utilisateur " +"communiqué à NSS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3070 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" +"Si défini à TRUE, toutes les requêtes pour ce domaine doivent utiliser des " +"noms pleinement qualifiés. Par exemple, pour un utilisateur « test » dans un " +"domaine LOCAL, <command>getent passwd test</command> ne trouvera pas " +"l'utilisateur avant que <command>getent passwd test@LOCAL</command> ne le " +"trouve." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3078 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" +"NOTE : Cette option n'a pas d'effet sur les recherches de netgroups, du fait " +"de leur tendance à inclure des groupes imbriqués sans noms qualifiés. Pour " +"les netgroups, la recherche se fera dans tous les domaines lorsqu'un nom non " +"qualifié sera demandé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3085 +msgid "" +"Default: FALSE (TRUE for trusted domain/sub-domains or if " +"default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3092 +msgid "ignore_group_members (bool)" +msgstr "ignore_group_members (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3095 +msgid "Do not return group members for group lookups." +msgstr "Ne pas envoyer les membres des groupes sur les recherches de groupes." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3098 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3116 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 +msgid "" +"This option can be also set per subdomain or inherited via " +"<emphasis>subdomain_inherit</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3132 +msgid "auth_provider (string)" +msgstr "auth_provider (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3135 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" +"Le fournisseur d'authentification utilisé pour le domaine. Les fournisseurs " +"pris en charge sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> pour une authentification LDAP native. Cf. " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> pour plus d'informations sur la configuration de " +"LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3146 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> pour une authentification Kerberos. Cf. <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> pour plus d'informations sur la configuration de Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3170 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" +"<quote>proxy</quote> pour relayer l'authentification vers d'autres cibles " +"PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3173 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "<quote>none</quote> désactive l'authentification explicitement." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3176 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" +"Par défaut : <quote>id_provider</quote> est utilisé s'il est défini et peut " +"gérer les requêtes d'authentification." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3182 +msgid "access_provider (string)" +msgstr "access_provider (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3185 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" +"Le fournisseur de contrôle d'accès utilisé pour le domaine. Il y a deux " +"fournisseurs d'accès natifs (en plus de ceux disponibles dans les moteurs " +"installés). Les fournisseurs internes spécifiques sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3191 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" +"<quote>permit</quote> toujours autoriser l'accès. C'est le seul fournisseur " +"d'accès autorisé pour un domaine local." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3194 +msgid "<quote>deny</quote> always deny access." +msgstr "<quote>deny</quote> toujours refuser les accès." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3221 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" +"Contrôle d'accès <quote>simple</quote> basé sur des listes d'autorisations " +"ou de refus d'accès. Cf. <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> pour plus " +"d'informations sur la configuration du module d'accès simple." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3228 +msgid "" +"<quote>krb5</quote>: .k5login based access control. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3235 +msgid "<quote>proxy</quote> for relaying access control to another PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3238 +msgid "Default: <quote>permit</quote>" +msgstr "Par défaut : <quote>permit</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3243 +msgid "chpass_provider (string)" +msgstr "chpass_provider (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3246 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" +"Le fournisseur qui doit gérer le changement des mots de passe pour le " +"domaine. Les fournisseurs pris en charge sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3251 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3259 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> pour changer le mot de passe Kerberos. Cf. " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> pour plus d'informations sur la configuration de " +"Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3284 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" +"<quote>proxy</quote> pour relayer le changement de mot de passe vers une " +"autre cible PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3288 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" +"<quote>none</quote> pour désactiver explicitement le changement de mot de " +"passe." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3291 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" +"Par défaut : <quote>auth_provider</quote> est utilisé si il est défini et " +"peut gérer les changements de mot de passe." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3298 +msgid "sudo_provider (string)" +msgstr "sudo_provider (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3301 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" +"Le fournisseur SUDO, utilisé pour le domaine. Les fournisseurs SUDO pris en " +"charge sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3305 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> pour les règles stockés dans LDAP. Voir " +"<citerefentry><refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> pour plus d'informations sur la configuration de " +"LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3313 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" +"<quote>ipa</quote> identiqué à <quote>ldap</quote> mais avec les paramètres " +"par défaut pour IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3317 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" +"<quote>ipa</quote> identiqué à <quote>ldap</quote> mais avec les paramètres " +"par défaut pour AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3321 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "<quote>none</quote> désactive explicitement SUDO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" +"Par défaut : La valeur de <quote>id_provider</quote> est utilisée si elle " +"est définie." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3328 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3343 +msgid "" +"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " +"background unless the sudo provider is explicitly disabled. Set " +"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related " +"activity in SSSD if you do not want to use sudo with SSSD at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3353 +msgid "selinux_provider (string)" +msgstr "selinux_provider (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3356 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" +"Le fournisseur qui doit gérer le chargement des paramètres de selinux. " +"Remarque : ce fournisseur sera appelé juste après la fin de l'appel au " +"fournisseur d'accès. Les fournisseurs selinux pris en charge sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3362 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> pour charger les paramètres selinux depuis un serveur " +"IPA. Cf. <citerefentry><refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> pour plus d'informations sur la configuration de " +"IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3370 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" +"<quote>none</quote> n'autorise pas la récupération explicite des paramètres " +"selinux." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3373 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" +"Par défaut : <quote>id_provider</quote> est utilisé s'il est défini et peut " +"gérer le chargement selinux" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3379 +msgid "subdomains_provider (string)" +msgstr "subdomains_provider (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3382 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" +"Le fournisseur doit être capable de gérer la récupération des sous-" +"domaines. Cette valeur doit être toujours identique à id_provider. Les " +"fournisseurs de sous-domaine pris en charge sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3388 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> pour charger une liste de sous-domaines depuis un serveur " +"IPA. Cf. <citerefentry><refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> pour plus d'informations sur la configuration de " +"IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3397 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3406 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" +"<quote>none</quote> désactive la récupération explicite des sous-domaines." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3416 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3419 +msgid "" +"The provider which configures and manages user session related tasks. The " +"only user session task currently provided is the integration with Fleet " +"Commander, which works only with IPA. Supported session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3426 +msgid "<quote>ipa</quote> to allow performing user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3430 +msgid "" +"<quote>none</quote> does not perform any kind of user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3434 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can perform " +"session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3438 +msgid "" +"<emphasis>NOTE:</emphasis> In order to have this feature working as expected " +"SSSD must be running as \"root\" and not as the unprivileged user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3446 +msgid "autofs_provider (string)" +msgstr "autofs_provider (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3449 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" +"Le fournisseur autofs utilisé pour le domaine. Les fournisseurs autofs pris " +"en charge sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3453 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> pour charger les cartes stockées dans LDAP. Cf. " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> pour plus d'informations sur la configuration de " +"LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3460 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> pour charger les cartes stockées sur un serveur IPA. Cf. " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> pour plus d'information sur la configuration de " +"IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3468 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3477 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "<quote>none</quote> désactive explicitement autofs." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3487 +msgid "hostid_provider (string)" +msgstr "hostid_provider (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3490 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" +"Le fournisseur utilisé pour récupérer les informations d'identité des " +"systèmes. Les fournisseurs de hostid pris en charge sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3494 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> pour charge l'identité du système stockée sur un serveur " +"IPA. Cf. <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> pour plus d'informations sur la " +"configuration de IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3502 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "<quote>none</quote> désactive explicitement hostid." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3512 +msgid "resolver_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3515 +msgid "" +"The provider which should handle hosts and networks lookups. Supported " +"resolver providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3519 +msgid "" +"<quote>proxy</quote> to forward lookups to another NSS library. See " +"<quote>proxy_resolver_lib_name</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3523 +msgid "" +"<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3530 +msgid "" +"<quote>ad</quote> to fetch hosts and networks stored in AD. See " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring the AD " +"provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3538 +msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3551 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" +"L'expression rationnelle pour ce domaine qui décrit comment analyser la " +"chaîne contenant le nom d'utilisateur et domaine et en extraire ces " +"composants. Le « domaine » peut correspondre à soit au nom de domaine de la " +"configuration SSSD, ou, dans le cas de relations d'approbations avec des " +"sous-domaines IPA ou des domaines Active Directory, le nom plat (NetBIOS) du " +"domaine." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3560 +#, fuzzy +#| msgid "" +#| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +#| "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +#| "P<name>[^@\\\\]+)$))</quote> which allows three different styles " +#| "for user names:" +msgid "" +"Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" +"[^@]+))$</quote> which allows two different styles for user names:" +msgstr "" +"Valeur par défaut pour les fournisseurs AD et IPA : <quote>(((?P<" +"domain>[^\\\\]+)\\\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<" +"domain>.+$))|(^(?P<name>[^@\\\\]+)$))</quote> qui utilisent trois " +"styles différents pour les noms d'utilisateurs :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 +msgid "username" +msgstr "username" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 +msgid "username@domain.name" +msgstr "username@domain.name" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3573 +#, fuzzy +#| msgid "" +#| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +#| "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" +#| "P<name>[^@\\\\]+)$))</quote> which allows three different styles " +#| "for user names:" +msgid "" +"Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" +"name>[^@\\\\]+)))$</quote> which allows three different styles for user " +"names:" +msgstr "" +"Valeur par défaut pour les fournisseurs AD et IPA : <quote>(((?P<" +"domain>[^\\\\]+)\\\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<" +"domain>.+$))|(^(?P<name>[^@\\\\]+)$))</quote> qui utilisent trois " +"styles différents pour les noms d'utilisateurs :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3585 +msgid "domain\\username" +msgstr "domain\\username" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3588 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" +"Bien que les deux premiers correspondent à la valeur par défaut en général " +"le troisième est introduit pour permettre une intégration facile des " +"utilisateurs de domaines Windows." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3593 +msgid "" +"The default re_expression uses the <quote>@</quote> character as a separator " +"between the name and the domain. As a result of this setting the default " +"does not accept the <quote>@</quote> character in short names (as it is " +"allowed in Windows group names). If a user wishes to use short names with " +"<quote>@</quote> they must create their own re_expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3645 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "Par défaut : <quote>%1$s@%2$s</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3651 +msgid "lookup_family_order (string)" +msgstr "lookup_family_order (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3654 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" +"Fournit la possibilité de sélectionner la famille d'adresse préférée à " +"utiliser pour effectuer les requêtes DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3658 +msgid "Supported values:" +msgstr "Valeurs prises en charge :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3661 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" +"ipv4_first : essayer de chercher une adresse IPv4, et en cas d'échec, " +"essayer IPv6." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3664 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" +"ipv4_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv4." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3667 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" +"ipv6_first : essayer de chercher une adresse IPv6, et en cas d'échec, tenter " +"IPv4." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3670 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" +"ipv6_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv6." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3673 +msgid "Default: ipv4_first" +msgstr "Par défaut : ipv4_first" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3679 +#, fuzzy +#| msgid "dns_resolver_timeout (integer)" +msgid "dns_resolver_server_timeout (integer)" +msgstr "dns_resolver_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3682 +msgid "" +"Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " +"server before trying next DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3687 +msgid "" +"The AD provider will use this option for the CLDAP ping timeouts as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 +msgid "" +"Please see the section <quote>FAILOVER</quote> for more information about " +"the service resolution." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 +msgid "Default: 1000" +msgstr "Par défaut : 1000" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3702 +#, fuzzy +#| msgid "dns_resolver_timeout (integer)" +msgid "dns_resolver_op_timeout (integer)" +msgstr "dns_resolver_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3705 +msgid "" +"Defines the amount of time (in seconds) to wait to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or DNS discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3722 +msgid "dns_resolver_timeout (integer)" +msgstr "dns_resolver_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3725 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the " +"internal fail over service before assuming that the service is unreachable. " +"If this timeout is reached, the domain will continue to operate in offline " +"mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3743 +#, fuzzy +#| msgid "dns_resolver_timeout (integer)" +msgid "dns_resolver_use_search_list (bool)" +msgstr "dns_resolver_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3746 +msgid "" +"Normally, the DNS resolver searches the domain list defined in the " +"\"search\" directive from the resolv.conf file. This can lead to delays in " +"environments with improperly configured DNS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3752 +msgid "" +"If fully qualified domain names (or _srv_) are used in the SSSD " +"configuration, setting this option to FALSE can prevent unnecessary DNS " +"lookups in such environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3758 +msgid "Default: TRUE" +msgstr "Par défaut : TRUE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3764 +msgid "dns_discovery_domain (string)" +msgstr "dns_discovery_domain (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3767 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" +"Si la découverte de services est utilisé par le moteur, spécifie la partie " +"du domaine faisant partie de la requête DNS de découverte de services." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3771 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" +"Par défaut : utiliser la partie du domaine qui est dans le nom de système de " +"la machine." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3777 +msgid "override_gid (integer)" +msgstr "override_gid (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3780 +msgid "Override the primary GID value with the one specified." +msgstr "Redéfinit le GID primaire avec la valeur spécifiée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3786 +msgid "case_sensitive (string)" +msgstr "case_sensitive (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3793 +msgid "True" +msgstr "True" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3796 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3802 +msgid "False" +msgstr "False" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3804 +msgid "Case insensitive." +msgstr "Insensible à la casse." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3808 +msgid "Preserving" +msgstr "Preserving" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3811 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" +"Comme False (insensible à la casse), mais ne convertit pas les noms en " +"minuscules lors des opérations NSS. Notez que les alias de noms (et dans le " +"cas des services les noms de protocoles) sont toujours en minuscule dans la " +"sortie." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3819 +msgid "" +"If you want to set this value for trusted domain with IPA provider, you need " +"to set it on both the client and SSSD on the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3789 +#, fuzzy +#| msgid "" +#| "The following expansions are supported: <placeholder " +#| "type=\"variablelist\" id=\"0\"/>" +msgid "" +"Treat user and group names as case sensitive. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Les expansions suivantes sont prises en charge : <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3834 +msgid "Default: True (False for AD provider)" +msgstr "Par défaut : true (false pour le fournisseur AD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3840 +msgid "subdomain_inherit (string)" +msgstr "subdomain_inherit (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3843 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3849 +#, fuzzy +#| msgid "ldap_search_timeout (integer)" +msgid "ldap_search_timeout" +msgstr "ldap_search_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3852 +#, fuzzy +#| msgid "ldap_network_timeout (integer)" +msgid "ldap_network_timeout" +msgstr "ldap_network_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3855 +#, fuzzy +#| msgid "ldap_opt_timeout (integer)" +msgid "ldap_opt_timeout" +msgstr "ldap_opt_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3858 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_offline_timeout" +msgstr "ldap_connection_expire_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3861 +#, fuzzy +#| msgid "ldap_enumeration_refresh_timeout (integer)" +msgid "ldap_enumeration_refresh_timeout" +msgstr "ldap_enumeration_refresh_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3864 +#, fuzzy +#| msgid "ldap_enumeration_refresh_timeout (integer)" +msgid "ldap_enumeration_refresh_offset" +msgstr "ldap_enumeration_refresh_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3867 +msgid "ldap_purge_cache_timeout" +msgstr "ldap_purge_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3870 +#, fuzzy +#| msgid "ldap_purge_cache_timeout" +msgid "ldap_purge_cache_offset" +msgstr "ldap_purge_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3873 +msgid "" +"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " +"is not set explicitly)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3877 +#, fuzzy +#| msgid "ldap_krb5_ticket_lifetime (integer)" +msgid "ldap_krb5_ticket_lifetime" +msgstr "ldap_krb5_ticket_lifetime (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3880 +#, fuzzy +#| msgid "ldap_enumeration_search_timeout (integer)" +msgid "ldap_enumeration_search_timeout" +msgstr "ldap_enumeration_search_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3883 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_connection_expire_timeout" +msgstr "ldap_connection_expire_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3886 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_connection_expire_offset" +msgstr "ldap_connection_expire_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3889 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_connection_idle_timeout" +msgstr "ldap_connection_expire_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 +msgid "ldap_use_tokengroups" +msgstr "ldap_use_tokengroups" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3895 +msgid "ldap_user_principal" +msgstr "ldap_user_principal" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3898 +msgid "ignore_group_members" +msgstr "ignore_group_members" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3901 +msgid "auto_private_groups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3904 +#, fuzzy +#| msgid "Case insensitive." +msgid "case_sensitive" +msgstr "Insensible à la casse." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:3909 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3916 +msgid "Note: This option only works with the IPA and AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3923 +msgid "subdomain_homedir (string)" +msgstr "subdomain_homedir (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3934 +msgid "%F" +msgstr "%F" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3935 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "nom plat (NetBIOS) d'un sous-domaine." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3926 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Utiliser ce répertoire utilisateur comme valeur par défaut pour tous les " +"sous-domaines dans cette relation d'approbation Active Directory. Voir " +"<emphasis>override_homedir</emphasis> pour des informations sur les valeurs " +"possibles. En plus de celles-ci, le remplacement ci-dessous ne peut être " +"utilisé qu'avec <emphasis>subdomain_homedir</emphasis>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3940 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" +"La valeur peut être surchargée par l'option <emphasis>override_homedir</" +"emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3944 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "Par défaut : <filename>/home/%d/%u</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3949 +msgid "realmd_tags (string)" +msgstr "realmd_tags (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3952 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" +"Étiquettes diverses stockées par le service de configuration de realmd pour " +"ce domaine." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3958 +msgid "cached_auth_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3961 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode. If the credentials are incorrect, SSSD falls back to online " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3969 +msgid "" +"This option's value is inherited by all trusted domains. At the moment it is " +"not possible to set a different value per trusted domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3974 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3978 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: cn" +msgid "Default: match" +msgstr "Par défaut : cn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 +msgid "auto_private_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4050 +msgid "true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4053 +msgid "" +"Create user's private group unconditionally from user's UID number. The GID " +"number is ignored in this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4057 +msgid "" +"NOTE: Because the GID number and the user private group are inferred from " +"the UID number, it is not supported to have multiple entries with the same " +"UID or GID number with this option. In other words, enabling this option " +"enforces uniqueness across the ID space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4066 +msgid "false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4069 +msgid "" +"Always use the user's primary GID number. The GID number must refer to a " +"group object in the LDAP database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4075 +msgid "hybrid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4078 +msgid "" +"A primary group is autogenerated for user entries whose UID and GID numbers " +"have the same value and at the same time the GID number does not correspond " +"to a real group object in LDAP. If the values are the same, but the primary " +"GID in the user entry is also used by a group object, the primary GID of the " +"user resolves to that group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4091 +msgid "" +"If the UID and GID of a user are different, then the GID must correspond to " +"a group entry, otherwise the GID is simply not resolvable." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4098 +msgid "" +"This feature is useful for environments that wish to stop maintaining a " +"separate group objects for the user private groups, but also wish to retain " +"the existing user private groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4047 +msgid "" +"This option takes any of three available values: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4110 +msgid "" +"For subdomains, the default value is False for subdomains that use assigned " +"POSIX IDs and True for subdomains that use automatic ID-mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4118 +#, no-wrap +msgid "" +"[domain/forest.domain/sub.domain]\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4124 +#, no-wrap +msgid "" +"[domain/forest.domain]\n" +"subdomain_inherit = auto_private_groups\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4115 +msgid "" +"The value of auto_private_groups can either be set per subdomains in a " +"subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " +"globally for all subdomains in the main domain section using the " +"subdomain_inherit option: <placeholder type=\"programlisting\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2570 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Ces options de configuration peuvent être présentes dans la section de " +"configuration du domaine, c'est-à-dire dans la section nommée <quote>[domain/" +"<replaceable>NAME</replaceable>]</quote> <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4139 +msgid "proxy_pam_target (string)" +msgstr "proxy_pam_target (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4142 +msgid "The proxy target PAM proxies to." +msgstr "Le proxy cible duquel PAM devient mandataire." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4145 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." +msgstr "" +"Par défaut : non défini, il faut utiliser une configuration de pam existante " +"ou en créer une nouvelle et ajouter le nom de service ici." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4155 +msgid "proxy_lib_name (string)" +msgstr "proxy_lib_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4158 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" +"Le nom de la bibliothèque NSS à utiliser dans les domaines proxy. Les " +"recherches de fonctions NSS dans la bibliothèque sont sous la forme " +"_nss_$(libName)_$(function), par exemple _nss_files_getpwent." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4168 +msgid "proxy_resolver_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4171 +msgid "" +"The name of the NSS library to use for hosts and networks lookups in proxy " +"domains. The NSS functions searched for in the library are in the form of " +"_nss_$(libName)_$(function), for example _nss_dns_gethostbyname2_r." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4182 +msgid "proxy_fast_alias (boolean)" +msgstr "proxy_fast_alias (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4185 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" +"Quand un utilisateur ou un groupe est recherché par son nom dans le " +"fournisseur proxy, une deuxième recherche par ID est effectuée pour " +"récupérer le nom canonique, dans le cas où le nom demandé serait un alias. " +"Cette option positionnée à true active la recherche par l'ID dans le cache " +"afin d'améliorer les performances." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4199 +msgid "proxy_max_children (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4202 +msgid "" +"This option specifies the number of pre-forked proxy children. It is useful " +"for high-load SSSD environments where sssd may run out of available child " +"slots, which would cause some issues due to the requests being queued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4135 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"Options valides pour les domaines proxy. <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:4218 +msgid "Application domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4220 +msgid "" +"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " +"applications as a gateway to an LDAP directory where users and groups are " +"stored. However, contrary to the traditional SSSD deployment where all users " +"and groups either have POSIX attributes or those attributes can be inferred " +"from the Windows SIDs, in many cases the users and groups in the application " +"support scenario have no POSIX attributes. Instead of setting a " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the " +"administrator can set up an <quote>[application/<replaceable>NAME</" +"replaceable>]</quote> section that internally represents a domain with type " +"<quote>application</quote> optionally inherits settings from a tradition " +"SSSD domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4240 +msgid "" +"Please note that the application domain must still be explicitly enabled in " +"the <quote>domains</quote> parameter so that the lookup order between the " +"application domain and its POSIX sibling domain is set correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:4246 +msgid "Application domain parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4248 +msgid "inherit_from (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4251 +msgid "" +"The SSSD POSIX-type domain the application domain inherits all settings " +"from. The application domain can moreover add its own settings to the " +"application settings that augment or override the <quote>sibling</quote> " +"domain settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4265 +msgid "" +"The following example illustrates the use of an application domain. In this " +"setup, the POSIX domain is connected to an LDAP server and is used by the OS " +"through the NSS responder. In addition, the application domain also requests " +"the telephoneNumber attribute, stores it as the phone attribute in the cache " +"and makes the phone attribute reachable through the D-Bus interface." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> +#: sssd.conf.5.xml:4273 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = appdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +phone\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/appdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = phone:telephoneNumber\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4293 +msgid "TRUSTED DOMAIN SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4295 +msgid "" +"Some options used in the domain section can also be used in the trusted " +"domain section, that is, in a section called <quote>[domain/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</" +"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base " +"domain. Please refer to examples below for explanation. Currently supported " +"options in the trusted domain section are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4302 +msgid "ldap_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4303 +msgid "ldap_user_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4304 +msgid "ldap_group_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4305 +msgid "ldap_netgroup_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4306 +msgid "ldap_service_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4307 +msgid "ldap_sasl_mech," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4308 +msgid "ad_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4309 +msgid "ad_backup_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4310 +msgid "ad_site," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 +msgid "use_fully_qualified_names" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4315 +msgid "" +"For more details about these options see their individual description in the " +"manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4321 +msgid "CERTIFICATE MAPPING SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4323 +msgid "" +"To allow authentication with Smartcards and certificates SSSD must be able " +"to map certificates to users. This can be done by adding the full " +"certificate to the LDAP object of the user or to a local override. While " +"using the full certificate is required to use the Smartcard authentication " +"feature of SSH (see <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> for details) it " +"might be cumbersome or not even possible to do this for the general case " +"where local services use PAM for authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4337 +msgid "" +"To make the mapping more flexible mapping and matching rules were added to " +"SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4346 +msgid "" +"A mapping and matching rule can be added to the SSSD configuration in a " +"section on its own with a name like <quote>[certmap/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</" +"replaceable>]</quote>. In this section the following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4353 +msgid "matchrule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4356 +msgid "" +"Only certificates from the Smartcard which matches this rule will be " +"processed, all others are ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4360 +msgid "" +"Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " +"Extended Key Usage <quote>clientAuth</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4367 +msgid "maprule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4370 +msgid "Defines how the user is found for a given certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4376 +msgid "" +"LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " +"<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4382 +msgid "" +"The RULE_NAME for the <quote>files</quote> provider which tries to find a " +"user with the same name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4391 +msgid "domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4394 +msgid "" +"Comma separated list of domain names the rule should be applied. By default " +"a rule is only valid in the domain configured in sssd.conf. If the provider " +"supports subdomains this option can be used to add the rule to subdomains as " +"well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4401 +msgid "Default: the configured domain in sssd.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4406 +msgid "priority (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4409 +msgid "" +"Unsigned integer value defining the priority of the rule. The higher the " +"number the lower the priority. <quote>0</quote> stands for the highest " +"priority while <quote>4294967295</quote> is the lowest." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4415 +msgid "Default: the lowest priority" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4421 +msgid "" +"To make the configuration simple and reduce the amount of configuration " +"options the <quote>files</quote> provider has some special properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4427 +msgid "" +"if maprule is not set the RULE_NAME name is assumed to be the name of the " +"matching user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4433 +msgid "" +"if a maprule is used both a single user name or a template like " +"<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " +"<quote>(username)</quote> or <quote>({subject_rfc822_name.short_name})</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4442 +msgid "the <quote>domains</quote> option is ignored" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4450 +msgid "PROMPTING CONFIGURATION SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4452 +msgid "" +"If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" +"filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " +"which authentication methods are available for the user trying to log in. " +"Based on the results pam_sss will prompt the user for appropriate " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4460 +msgid "" +"With the growing number of authentication methods and the possibility that " +"there are multiple ones for a single user the heuristic used by pam_sss to " +"select the prompting might not be suitable for all use cases. The following " +"options should provide a better flexibility here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4472 +msgid "[prompting/password]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4475 +msgid "password_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4476 +msgid "to change the string of the password prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4474 +msgid "" +"to configure password prompting, allowed options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4484 +msgid "[prompting/2fa]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4488 +msgid "first_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4489 +msgid "to change the string of the prompt for the first factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4492 +msgid "second_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4493 +msgid "to change the string of the prompt for the second factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4496 +msgid "single_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4497 +msgid "" +"boolean value, if True there will be only a single prompt using the value of " +"first_prompt where it is expected that both factors are entered as a single " +"string. Please note that both factors have to be entered here, even if the " +"second factor is optional." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4486 +msgid "" +"to configure two-factor authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " +"optional and it should be possible to log in either only with the password " +"or with both factors two-step prompting has to be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4514 +msgid "[prompting/passkey]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4522 +msgid "" +"boolean value, if True prompt a message and wait before testing the presence " +"of a passkey device. Recommended if your device doesn’t have a tactile " +"trigger." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4530 +msgid "interactive_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4532 +msgid "to change the message of the interactive prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4537 +msgid "touch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4539 +msgid "" +"boolean value, if True prompt a message to remind the user to touch the " +"device." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4545 +msgid "touch_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4547 +msgid "to change the message of the touch prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4516 +#, fuzzy +#| msgid "" +#| "The following expansions are supported: <placeholder " +#| "type=\"variablelist\" id=\"0\"/>" +msgid "" +"to configure passkey authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Les expansions suivantes sont prises en charge : <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4467 +msgid "" +"Each supported authentication method has its own configuration subsection " +"under <quote>[prompting/...]</quote>. Currently there are: <placeholder " +"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/" +"> <placeholder type=\"variablelist\" id=\"2\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4558 +msgid "" +"It is possible to add a subsection for specific PAM services, e.g. " +"<quote>[prompting/password/sshd]</quote> to individual change the prompting " +"for this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +msgid "EXAMPLES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4571 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4567 +msgid "" +"1. The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4604 +#, no-wrap +msgid "" +"[domain/ipa.com/child.ad.com]\n" +"use_fully_qualified_names = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4598 +msgid "" +"2. The following example shows configuration of IPA AD trust where the AD " +"forest consists of two domains in a parent-child structure. Suppose IPA " +"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain " +"(child.ad.com). To enable shortnames in the child domain the following " +"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/" +">" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4615 +#, no-wrap +msgid "" +"[certmap/my.domain/rule_name]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +"maprule = (userCertificate;binary={cert!bin})\n" +"domains = my.domain, your.domain\n" +"priority = 10\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4609 +msgid "" +"3. The following example shows the configuration of a certificate mapping " +"rule. It is valid for the configured domain <quote>my.domain</quote> and " +"additionally for the subdomains <quote>your.domain</quote> and uses the full " +"certificate in the search filter. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "sssd-ldap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "Fournisseur LDAP SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:21 pam_sss.8.xml:63 pam_sss_gss.8.xml:30 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21 +#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 +#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sssd-krb5.5.xml:21 +#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 +#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 +#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30 +#: sssd-files.5.xml:21 sssd-session-recording.5.xml:21 sssd-kcm.8.xml:21 +#: sssd-systemtap.5.xml:21 sssd-ldap-attributes.5.xml:21 +#: sssd_krb5_localauth_plugin.8.xml:20 +msgid "DESCRIPTION" +msgstr "DESCRIPTION" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" +"Ce manuel décrit la configuration des domaines LDAP pour <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>. Se référer à la section <quote>FILE FORMAT</quote> du manuel " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> pour des informations sur la syntaxe détaillée." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" +"Il est possible de configurer SSSD pour utiliser plus d'un domaine LDAP." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." +msgstr "" +"Le moteur de traitement LDAP prend en charge les fournisseurs id, auth, " +"access et chpass. Si vous voulez vous authentifier sur un serveur LDAP, il " +"vous faut utiliser TLS/SSL ou LDAPS. <command>sssd</command> <emphasis>ne " +"prend pas en charge</emphasis> l'authentification sur un canal non chiffré. " +"Si le serveur LDAP est utilisé seulement comme fournisseur d'identité, un " +"canal crypté n'est pas nécessaire. Se référer aux options de configurations " +"<quote>ldap_access_filter</quote> pour plus d'information sur l'utilisation " +"en tant que fournisseur d'accès." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 +#: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 +msgid "CONFIGURATION OPTIONS" +msgstr "OPTIONS DE CONFIGURATION" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:67 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "ldap_uri, ldap_backup_uri (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"Spécifie par ordre de préférence la liste séparée par des virgules d'URI des " +"serveurs LDAP auquel doit se connecter SSSD. Se reporter à la section de " +"<quote>BASCULE</quote> pour plus d'informations sur le repli et la " +"redondance de serveurs. Si aucune de ces options n'est spécifiée, la " +"découverte d'un service est activé. Pour plus d'informations, se reporter à " +"la section de <quote>DÉCOUVERTE DE SERVICE</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:77 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" +"Le format de l'URI doit correspondre au format définit dans la RFC 2732 :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:80 +msgid "ldap[s]://<host>[:port]" +msgstr "ldap[s]://<host>[:port]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:83 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" +"Pour les adresses explicitement en IPv6, le composant <host> doit être " +"entre crochets []" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:86 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "exemple : ldap://[fc00::126:25]:389" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:92 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" +"Spécifie la liste d'URI séparée par des virgules des serveurs LDAP auquel " +"doit se connecter DSSD par ordre de préférence pour changer le mot de passe " +"d'un utilisateur. Reportez-vous à la section de <quote>bascule</quote> pour " +"plus d'informations sur le repli et la redondance de serveurs." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:102 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" +"Pour activer la découverte de services, ldap_chpass_dns_service_name doit " +"être défini." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:106 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "Par défaut : vide, ldap_uri est donc utilisé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:112 +msgid "ldap_search_base (string)" +msgstr "ldap_search_base (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:115 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" +"Le DN de base par défaut à utiliser pour effectuer les opérations LDAP sur " +"les utilisateurs." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" +"À partir de SSSD 1.7.0, SSSD prend en charge plusieurs bases de recherche à " +"l'aide de la syntaxe :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:123 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "La portée peut être l'une des « base », « onelevel » ou « subtree »." + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" +"Le filtre doit être un filtre de recherche LDAP valide tel que spécifié par " +"http://www.ietf.org/rfc/rfc2254.txt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 +msgid "Examples:" +msgstr "Exemples :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:136 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" +"ldap_search_base = dc=example,dc=com (ce qui équivaut à) ldap_search_base = " +"dc=example,dc=com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:141 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" +"Remarque : Il est n'est pas possible d'avoir plusieurs bases de recherche " +"qui référencent des objets portant le même nom (par exemple, les groupes " +"portant le même nom dans deux bases de recherche différents). Cela conduira " +"à un comportement imprévisible sur les ordinateurs clients." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:151 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" +"Par défaut : si non définie, les valeurs des attributs defaultNamingContext " +"ou namingContexts du RootDSE du serveur LDAP sont utilisées. Si " +"defaultNamingContext n'existe pas ou a une valeur vide, namingContexts est " +"utilisé. Les attributs namingContexts doivent avoir une seule valeur avec un " +"DN de base de recherche pour le serveur LDAP pour que cela fonctionne. Des " +"valeurs multiples ne sont pas permises." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:165 +msgid "ldap_schema (string)" +msgstr "ldap_schema (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" +"Spécifie le type de schéma utilisé sur le serveur LDAP cible. Selon le " +"schéma sélectionné, les noms d'attributs par défaut provenant des serveurs " +"peuvent varier. La manière dont certains attributs sont traités peut-être " +"également différer." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:175 +msgid "Four schema types are currently supported:" +msgstr "Quatre types de schéma sont actuellement pris en charge :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:179 +msgid "rfc2307" +msgstr "rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:184 +msgid "rfc2307bis" +msgstr "rfc2307bis" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:189 +msgid "IPA" +msgstr "IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:194 +msgid "AD" +msgstr "AD" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:200 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" +"La principale différence entre ces types de schéma est la façon dont les " +"appartenances aux groupes sont enregistrés dans le serveur. Avec rfc2307, " +"les membres du groupe sont répertoriées par nom dans l'attribut " +"<emphasis>memberUid</emphasis>. Avec rfc2307bis et IPA, les membres du " +"groupe sont répertoriés par DN et stockées dans l'attribut de " +"<emphasis>member</emphasis>. Le type de schéma AD définit les attributs " +"correspondant aux valeurs d'Active Directory 2008r2." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:210 +msgid "Default: rfc2307" +msgstr "Par défaut : rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:216 +msgid "ldap_pwmodify_mode (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:219 +msgid "Specify the operation that is used to modify user password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:223 +msgid "Two modes are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:227 +msgid "exop - Password Modify Extended Operation (RFC 3062)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:233 +msgid "ldap_modify - Direct modification of userPassword (not recommended)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:240 +msgid "" +"Note: First, a new connection is established to verify current password by " +"binding as the user that requested password change. If successful, this " +"connection is used to change the password therefore the user must have write " +"access to userPassword attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:248 +msgid "Default: exop" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:254 +msgid "ldap_default_bind_dn (string)" +msgstr "ldap_default_bind_dn (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" +"Le DN de connexion par défaut à utiliser pour effectuer les opérations LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:264 +msgid "ldap_default_authtok_type (string)" +msgstr "ldap_default_authtok_type (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:267 +msgid "The type of the authentication token of the default bind DN." +msgstr "" +"Le type de jeton d'authentification pour le DN de connexion par défaut." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:271 +msgid "The two mechanisms currently supported are:" +msgstr "Les deux mécanismes actuellement pris en charge sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:274 +msgid "password" +msgstr "password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:277 +msgid "obfuscated_password" +msgstr "obfuscated_password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:280 +msgid "Default: password" +msgstr "Par défaut : password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "" +"See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:294 +msgid "ldap_default_authtok (string)" +msgstr "ldap_default_authtok (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:297 +msgid "The authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:303 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "ldap_force_upper_case_realm (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:306 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" +"Certains serveurs d'annuaire, comme par exemple Active Directory, peuvent " +"délivrer la partie domaine de l'UPN en minuscules, ce qui peut faire échouer " +"l'authentification. Définir cette option à une valeur non nulle pour " +"utiliser un nom de domaine en majuscules." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:319 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "ldap_enumeration_refresh_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" +"Spécifie la durée en secondes pendant laquelle SSSD doit attendre avant " +"d'actualiser son cache d\"énumération d'enregistrements." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:338 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "ldap_purge_cache_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:341 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" +"Détermine la fréquence de vérification de la présence d'entrées inactives " +"dans le cache (telles que groupes sans membres et utilisateurs ne s'étant " +"jamais connectés) et de suppression pour économiser de l'espace." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:347 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:367 +msgid "ldap_group_nesting_level (integer)" +msgstr "ldap_group_nesting_level (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:370 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" +"Si ldap_schema est défini comme un format prenant en charge les groupes " +"imbriqués (par exemple RFC2307bis), alors cette option contrôle le nombre de " +"niveaux d'imbrication que SSSD suivra. Cette option n'a pas d'effet sur le " +"schéma RFC2307." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:395 +msgid "Default: 2" +msgstr "Par défaut : 2" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:404 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" +"Cette option active ou désactive l'utilisation de l'attribut Token-Groups " +"lors de l'initialisation des groupes pour les utilisateurs Active Directory " +"2008 et versions ultérieures." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" +"Facultatif. Utiliser la chaîne donnée comme base de recherche pour héberger " +"des objets." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" +"Cf. <quote>ldap_search_base</quote> pour plus d'informations sur la " +"configuration des bases de recherche multiples." + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "Par défaut : la valeur de <emphasis>ldap_search_base</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:439 +msgid "ldap_service_search_base (string)" +msgstr "ldap_service_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:444 +msgid "ldap_iphost_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:449 +msgid "ldap_ipnetwork_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:454 +msgid "ldap_search_timeout (integer)" +msgstr "ldap_search_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:457 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" +"Définit le délai d'attente (en secondes) autorisé pour les recherches LDAP " +"avant annulation et utilisation des résultats contenus dans le cache (et " +"activation du mode hors ligne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:463 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" +"Note : cette option est susceptible de changer dans les prochaines version " +"de SSSD. Elle sera sûrement remplacée par une série de délais d'attente pour " +"différents types de recherches." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:480 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "ldap_enumeration_search_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:483 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" +"Définit le délai d'attente (en secondes) autorisé pour les recherches LDAP " +"sur les utilisateurs et groupes avant annulation et utilisation des " +"résultats mis en cache (et activation du mode hors ligne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:501 +msgid "ldap_network_timeout (integer)" +msgstr "ldap_network_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" +"Définit le délai d'attente (en secondes) après lequel les fonctions " +"<citerefentry> <refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> " +"</citerefentry>/<citerefentry> <refentrytitle>select</refentrytitle> " +"<manvolnum>2</manvolnum> </citerefentry> suivant un <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> rendent la main en cas d'inactivité." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:532 +msgid "ldap_opt_timeout (integer)" +msgstr "ldap_opt_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:535 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:555 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "ldap_connection_expire_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:558 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" +"Spécifie un délai d'attente (en secondes) pendant laquelle une connexion à " +"un serveur LDAP est maintenue. Passé ce délai, la connexion devra être " +"rétablie. Si ce paramètre est utilisé en parallèle avec SASL/GSSAPI, la plus " +"courte des deux valeurs entre celle-ci et la durée de vie TGT sera utilisée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:566 +msgid "" +"If the connection is idle (not actively running an operation) within " +"<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " +"closed early to ensure that a new query cannot require the connection to " +"remain open past its expiration. This implies that connections will always " +"be closed immediately and will never be reused if " +"<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:578 +msgid "" +"This timeout can be extended of a random value specified by " +"<emphasis>ldap_connection_expire_offset</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 +msgid "Default: 900 (15 minutes)" +msgstr "Par défaut : 900 (15 minutes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_connection_expire_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"Random offset between 0 and configured value is added to " +"<emphasis>ldap_connection_expire_timeout</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:613 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_connection_idle_timeout (integer)" +msgstr "ldap_connection_expire_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:616 +#, fuzzy +#| msgid "" +#| "Specifies a timeout (in seconds) that a connection to an LDAP server will " +#| "be maintained. After this time, the connection will be re-established. If " +#| "used in parallel with SASL/GSSAPI, the sooner of the two values (this " +#| "value vs. the TGT lifetime) will be used." +msgid "" +"Specifies a timeout (in seconds) that an idle connection to an LDAP server " +"will be maintained. If the connection is idle for more than this time then " +"the connection will be closed." +msgstr "" +"Spécifie un délai d'attente (en secondes) pendant laquelle une connexion à " +"un serveur LDAP est maintenue. Passé ce délai, la connexion devra être " +"rétablie. Si ce paramètre est utilisé en parallèle avec SASL/GSSAPI, la plus " +"courte des deux valeurs entre celle-ci et la durée de vie TGT sera utilisée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:622 +msgid "You can disable this timeout by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:637 +msgid "ldap_page_size (integer)" +msgstr "ldap_page_size (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:640 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" +"Définit le nombre d'enregistrements à récupérer lors d'une requête LDAP. " +"Certains serveurs LDAP imposent une limite maximale par requête." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:651 +msgid "ldap_disable_paging (boolean)" +msgstr "ldap_disable_paging (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:654 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" +"Désactiver le contrôle de pagination LDAP. Cette option doit être utilisée " +"si le serveur LDAP signale qu'il prend en charge le contrôle de pagination " +"LDAP de l'objet RootDSE, mais qu'il n'est pas activé ou ne se comporte pas " +"correctement." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:660 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" +"Exemple : le serveurs OpenLDAP avec le module de contrôle de pagination " +"installé sur le serveur mais non activé le signaleront dans RootDSE mais il " +"sera impossible de l'utiliser." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:666 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" +"Exemple : 389 DS a un bogue où il ne peut que soutenir qu'un seul contrôle " +"de pagination à la fois sur une connexion donnée. Sur les clients chargés, " +"cela peut entraîner l'échec de certaines demandes." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:678 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "ldap_disable_range_retrieval (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:681 +msgid "Disable Active Directory range retrieval." +msgstr "Désactiver la récupération de plage Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:684 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" +"Active Directory limite le nombre de membres à récupérer par recherche à " +"l'aide de la stratégie MaxValRange (qui prend la valeur par défaut de 1500 " +"membres). Si un groupe contient plus de membres, la réponse inclura une " +"extension de plage spécifique à Active Directory. Cette option désactive " +"l'analyse de cette extension de plage, les groupes de grande taille " +"apparaissant ainsi sans aucun membre." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:699 +msgid "ldap_sasl_minssf (integer)" +msgstr "ldap_sasl_minssf (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:702 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" +"Lors de la communication avec un serveur LDAP en utilisant SASL, spécifie le " +"niveau de sécurité minimal nécessaire pour établir la connexion. Les valeurs " +"de cette option sont définies par OpenLDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" +"Par défaut : Utiliser la valeur par défaut du système (généralement spécifié " +"par ldap.conf)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:715 +msgid "ldap_sasl_maxssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:718 +msgid "" +"When communicating with an LDAP server using SASL, specify the maximal " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:731 +msgid "ldap_deref_threshold (integer)" +msgstr "ldap_deref_threshold (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:734 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" +"Définit le nombre de membres du groupe qui doivent manquer au sein du cache " +"interne afin de déclencher une recherche de déréférencement. Si le nombre de " +"membres manquants est inférieur, ils sont recherchés individuellement." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:740 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0. " +"Please note that there are some codepaths in SSSD, like the IPA HBAC " +"provider, that are only implemented using the dereference call, so even with " +"dereference explicitly disabled, those parts will still use dereference if " +"the server supports it and advertises the dereference control in the rootDSE " +"object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:751 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" +"Une recherche de déréférencement est un moyen pour récupérer tous les " +"membres d'un groupe avec un seul appel LDAP. Plusieurs serveurs LDAP peuvent " +"avoir différentes méthodes de déréférencement. Les serveurs actuellement " +"acceptés sont 389/RHDS, OpenLDAP et Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:759 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" +"<emphasis>Remarque :</emphasis> Si l'une des bases de recherche spécifie un " +"filtre de recherche, alors l'amélioration de la performance de recherche de " +"déréférencement est désactivée indépendamment de ce paramètre." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:772 +msgid "ldap_ignore_unreadable_references (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:775 +msgid "" +"Ignore unreadable LDAP entries referenced in group's member attribute. If " +"this parameter is set to false an error will be returned and the operation " +"will fail instead of just ignoring the unreadable entry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:782 +msgid "" +"This parameter may be useful when using the AD provider and the computer " +"account that sssd uses to connect to AD does not have access to a particular " +"entry or LDAP sub-tree for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:795 +msgid "ldap_tls_reqcert (string)" +msgstr "ldap_tls_reqcert (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:798 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" +"Définit les vérifications à effectuer sur les certificats serveur sur une " +"session TLS, si elle existe. Une des valeurs suivantes est utilisable :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" +"<emphasis>never</emphasis> : le client ne demandera ni ne vérifiera un " +"quelconque certificat du serveur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:808 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" +"<emphasis>allow</emphasis> : le certificat serveur est demandé. Si aucun " +"certificat n'est fournit, la session continue normalement. Si un mauvais " +"certificat est fourni, il est ignoré et la session continue normalement." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:815 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" +"<emphasis>try</emphasis> : le certificat serveur est demandé. Si aucun " +"certificat n'est fourni, la session continue normalement. Si un mauvais " +"certificat est fourni, la session se termine immédiatement." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:821 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" +"<emphasis>demand</emphasis> : le certificat serveur est demandé. Si aucun " +"certificat ou un mauvais certificat est fourni, la session se termine " +"immédiatement." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:827 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "<emphasis>hard</emphasis> : identique à <quote>demand</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:831 +msgid "Default: hard" +msgstr "Par défaut : hard" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:837 +msgid "ldap_tls_cacert (string)" +msgstr "ldap_tls_cacert (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:840 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" +"Définit le fichier qui contient les certificats pour toutes les autorités de " +"certification que <command>sssd</command> reconnaîtra." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" +"Par défaut : utilise les paramètres par défaut de OpenLDAP, en général dans " +"<filename>/etc/openldap/ldap.conf</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:852 +msgid "ldap_tls_cacertdir (string)" +msgstr "ldap_tls_cacertdir (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:855 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" +"Spécifie le chemin d'un dossier qui contient les certificats de l'autorité " +"de certificats dans des fichiers séparés. Usuellement, les noms de fichiers " +"sont la somme de contrôle du certificat suivi de « .0 ». Si disponible, " +"<command>cacertdir_rehash</command> peut être utilisé pour créer les noms " +"corrects." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:870 +msgid "ldap_tls_cert (string)" +msgstr "ldap_tls_cert (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:873 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "Définit le fichier qui contient le certificat pour la clef du client." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:883 +msgid "ldap_tls_key (string)" +msgstr "ldap_tls_key (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:886 +msgid "Specifies the file that contains the client's key." +msgstr "Définit le fichier qui contient la clef du client." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:895 +msgid "ldap_tls_cipher_suite (string)" +msgstr "ldap_tls_cipher_suite (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:898 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "ldap_id_use_start_tls (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." +msgid "" +"Specifies that the id_provider connection must also use <systemitem " +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." +msgstr "" +"Définit le fait que le fournisseur d'identité de connexion doit aussi " +"utiliser <systemitem class=\"protocol\">tls</systemitem> pour protéger le " +"canal." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_id_mapping (boolean)" +msgstr "ldap_id_mapping (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" +"Indique que SSSD doit tenter de trouver les correspondances des ID " +"d'utilisateur et de groupe dans les attributs ldap_user_objectsid et " +"ldap_group_objectsid au lieu d'utiliser ldap_user_uid_number et " +"ldap_group_gid_number." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:934 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" +"Cette fonctionnalité ne prend actuellement en charge que la correspondance " +"par objectSID avec Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:944 +msgid "ldap_min_id, ldap_max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:947 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" +"Au contraire de la mise en correspondance d'identifiants s'appuyant sur les " +"SID utilisée si ldap_id_mapping est positionné à true, les plages " +"d'identifiants autorisés pour ldap_user_uid_number et ldap_group_gid_number " +"n'ont pas de limite. Dans une configuration avec des sous-domaines ou des " +"domaines approuvés, cela peut engendrer des collisions. Pour les éviter, " +"ldap_min_id et ldap_max_id peuvent être configurés afin de restreindre les " +"plages d'identifiants autorisées lues directement depuis le serveur. Les " +"sous-domaines peuvent ensuite choisir d'autres plages pour leurs propres " +"identifiants." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:959 +msgid "Default: not set (both options are set to 0)" +msgstr "Par défaut : non indiqué (les deux options sont à 0)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:965 +msgid "ldap_sasl_mech (string)" +msgstr "ldap_sasl_mech (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:968 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " +"tested and supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:972 +msgid "" +"If the backend supports sub-domains the value of ldap_sasl_mech is " +"automatically inherited to the sub-domains. If a different value is needed " +"for a sub-domain it can be overwritten by setting ldap_sasl_mech for this " +"sub-domain explicitly. Please see TRUSTED DOMAIN SECTION in " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:988 +msgid "ldap_sasl_authid (string)" +msgstr "ldap_sasl_authid (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ldap.5.xml:1000 +#, no-wrap +msgid "" +"hostname@REALM\n" +"netbiosname$@REALM\n" +"host/hostname@REALM\n" +"*$@REALM\n" +"host/*@REALM\n" +"host/*\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:991 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " +"this represents the Kerberos principal used for authentication to the " +"directory. This option can either contain the full principal (for example " +"host/myhost@EXAMPLE.COM) or just the principal name (for example host/" +"myhost). By default, the value is not set and the following principals are " +"used: <placeholder type=\"programlisting\" id=\"0\"/> If none of them are " +"found, the first principal in keytab is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1011 +msgid "Default: host/hostname@REALM" +msgstr "Par défaut : host/hostname@REALM" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1017 +msgid "ldap_sasl_realm (string)" +msgstr "ldap_sasl_realm (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" +"Spécifie le domaine SASL à utiliser. Si non spécifié, cette option prend par " +"défaut la valeur de krb5_realm. Si le ldap_sasl_authid contient aussi le " +"domaine, cette option est ignorée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1026 +msgid "Default: the value of krb5_realm." +msgstr "Par défaut : la valeur de krb5_realm." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1032 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "ldap_sasl_canonicalize (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1035 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" +"Si true, la bibliothèque LDAP effectue une recherche inversée pour canoniser " +"le nom de l'hôte au cours d'une liaison SASL." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1040 +msgid "Default: false;" +msgstr "Défaut : false;" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1046 +msgid "ldap_krb5_keytab (string)" +msgstr "ldap_krb5_keytab (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1049 +msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" +"Par défaut : le fichier keytab du système, normalement <filename>/etc/krb5." +"keytab</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1064 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "ldap_krb5_init_creds (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1067 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI or GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1079 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "ldap_krb5_ticket_lifetime (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 +msgid "Default: 86400 (24 hours)" +msgstr "Par défaut : 86400 (24 heures)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "krb5_server, krb5_backup_server (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1100 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" +"Spécifie par ordre de préférence la liste séparée par des virgules des " +"adresses IP ou des noms de systèmes des serveurs Kerberos auquel SSSD doit " +"se connecter. Pour plus d'informations sur la redondance de bascule et la " +"redondance de serveur, consulter la section <quote>BASCULE</quote>. Un " +"numéro de port facultatif (précédé de deux-points) peut être ajouté aux " +"adresses ou aux noms de systèmes. Si vide, la découverte de services est " +"activée - pour plus d'informations, se reporter à la section de " +"<quote>DÉCOUVERTE DE SERVICES</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" +"Lors de l'utilisation de découverte de services pour le KDC ou les serveurs " +"kpasswd, SSSD recherche en premier les entrées DNS qui définissent _udp " +"comme protocole, et passe sur _tcp si aucune entrée n'est trouvée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" +"Cette option s'appelait <quote>krb5_kdcip</quote> dans les versions " +"précédentes de SSSD. Bien que ce nom soit toujours reconnu à l'heure " +"actuelle, il est conseillé de migrer les fichiers de configuration vers " +"l'utilisation de <quote>krb5_server</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "krb5_realm (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1129 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1133 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" +"Par défaut : valeur par défaut du système, voir <filename>/etc/krb5.conf</" +"filename>" + +#. type: Content of: <variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 +msgid "krb5_canonicalize (boolean)" +msgstr "krb5_canonicalize (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1142 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" +"Spécifie si le principal de l'hôte doit être rendu canonique lors de la " +"connexion au serveur LDAP. Cette fonctionnalité est disponible avec MIT " +"Kerberos > = 1.7" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "krb5_use_kdcinfo (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" +"Indique si SSSD doit préciser aux bibliothèques Kerberos quels domaine et " +"KDC utiliser. Cette option est activée par défaut, si elle est désactivée, " +"la bibliothèque Kerberos doit être configurée à l'aide du fichier de " +"configuration <citerefentry> <refentrytitle>krb5.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" +"Consulter la page de manuel de <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> pour plus d'informations sur le greffon de " +"localisation." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1182 +msgid "ldap_pwd_policy (string)" +msgstr "ldap_pwd_policy (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1185 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" +"Détermine la politique d'expiration des mots de passe côté client. Les " +"valeurs suivantes sont acceptées :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1190 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" +"<emphasis>none</emphasis> : aucun évaluation du côté client. Cette option ne " +"peut pas désactiver la politique sur les mots de passe du côté serveur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +#, fuzzy +#| msgid "" +#| "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +#| "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes " +#| "to evaluate if the password has expired." +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired. Please see option " +"\"ldap_chpass_update_last_change\" as well." +msgstr "" +"<emphasis>shadow</emphasis> - Utiliser les attributs de style " +"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> pour évaluer si le mot de passe a expiré." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1203 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" +"<emphasis>mit_kerberos</emphasis> : utilise les attributs utilisés par MIT " +"Kerberos pour déterminer si le mot de passe a expiré. Utiliser " +"chpass_provider=krb5 afin de modifier ces attributs lorsque le mot de passe " +"est changé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1212 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" +"<emphasis>Note</emphasis> : si une politique de mots de passe est configurée " +"côté serveur, elle prend le pas sur la politique indiquée avec cette option." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1220 +msgid "ldap_referrals (boolean)" +msgstr "ldap_referrals (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1223 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "Définit si le déréférencement automatique doit être activé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1227 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" +"Veuillez noter que sssd ne supporte que le déréférencement que lorsqu'il est " +"compilé avec OpenLDAP version 2.4.13 ou supérieur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1232 +#, fuzzy +#| msgid "" +#| "Chasing referrals may incur a performance penalty in environments that " +#| "use them heavily, a notable example is Microsoft Active Directory. If " +#| "your setup does not in fact require the use of referrals, setting this " +#| "option to false might bring a noticeable performance improvement." +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement. Setting this option to " +"false is therefore recommended in case the SSSD LDAP provider is used " +"together with Microsoft Active Directory as a backend. Even if SSSD would be " +"able to follow the referral to a different AD DC no additional data would be " +"available." +msgstr "" +"La déréférenciation de références peut subir une altération notable des " +"performances dans les environnements qui les utilisent fortement, un exemple " +"notable étant Microsoft Active Directory. Si votre installation ne nécessite " +"pas l'utilisation des références, affecter false à cette option devrait " +"permettre d'améliorer de façon notable les performances." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1251 +msgid "ldap_dns_service_name (string)" +msgstr "ldap_dns_service_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1254 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" +"Définit le nom de service à utiliser quand la découverte de services est " +"activée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1258 +msgid "Default: ldap" +msgstr "Par défaut : ldap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1264 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "ldap_chpass_dns_service_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1267 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" +"Définit le nom de service à utiliser pour trouver un serveur LDAP autorisant " +"un changement de mot de passe quand la découverte de services est activée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" +"Par défaut : non défini, c'est-à-dire que le service de découverte est " +"désactivé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1278 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "ldap_chpass_update_last_change (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1281 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" +"Spécifie s'il faut mettre à jour l'attribut ldap_user_shadow_last_change " +"avec le nombre de jours depuis Epoch après l'opération de changement de mot " +"de passe." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1287 +msgid "" +"It is recommend to set this option explicitly if \"ldap_pwd_policy = " +"shadow\" is used to let SSSD know if the LDAP server will update " +"shadowLastChange LDAP attribute automatically after a password change or if " +"SSSD has to update it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1301 +msgid "ldap_access_filter (string)" +msgstr "ldap_access_filter (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1304 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1324 +msgid "Example:" +msgstr "Exemple :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1327 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1331 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" +"Cet exemple signifie que l'accès à cet hôte est restreint aux utilisateurs " +"dont l'attribut employeeType est « admin »." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1336 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 +msgid "Default: Empty" +msgstr "Par défaut : vide" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1350 +msgid "ldap_account_expire_policy (string)" +msgstr "ldap_account_expire_policy (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1353 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" +"Avec cette option une évaluation du côté client des contrôles d'accès peut " +"être activée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1357 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" +"Veuillez noter qu'il est toujours recommandé d'utiliser un contrôle d'accès " +"du côté serveur, c'est-à-dire que le serveur LDAP doit refuser une requête " +"de connexion avec un code erreur approprié même si le mot de passe est " +"correct." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1364 +msgid "The following values are allowed:" +msgstr "Les valeurs suivantes sont autorisées :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1367 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" +"<emphasis>shadow</emphasis> : utiliser la valeur de ldap_user_shadow_expire " +"pour déterminer si le compte a expiré." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1372 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" +"<emphasis>ad</emphasis> : utilise la valeur du champ 32 bits " +"ldap_user_ad_user_account_control et autorise l'accès si le deuxième bit " +"n'est pas défini. Si l'attribut est manquant, l'accès est autorisé. La date " +"d'expiration du compte est aussi vérifiée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1379 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis> : utilise la valeur de ldap_ns_account_lock afin de vérifier si " +"l'accès est autorisé ou non." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" +"<emphasis>nds</emphasis> : les valeurs de " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled et " +"ldap_user_nds_login_expiration_time sont utilisées pour vérifier si l'accès " +"est autorisé. Si les deux attributs sont manquants, l'accès est autorisé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1393 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" +"Noter que l'option de configuration ldap_access_order <emphasis>doit</" +"emphasis> inclure <quote>expire</quote> de façon à permettre à l'option " +"ldap_account_expire_policy de fonctionner." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1406 +msgid "ldap_access_order (string)" +msgstr "ldap_access_order (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" +"Liste séparées par des virgules des options de contrôles d'accès. Les " +"valeurs autorisées sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1413 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "<emphasis>filter</emphasis> : utiliser ldap_access_filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1416 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1426 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1433 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1450 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "<emphasis>expire</emphasis>: utiliser ldap_account_expire_policy" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 +msgid "" +"The difference between these options is the action taken if user password is " +"expired:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 +msgid "pwd_expire_policy_reject - user is denied to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 +msgid "pwd_expire_policy_warn - user is still able to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 +msgid "" +"pwd_expire_policy_renew - user is prompted to change their password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1489 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" +"<emphasis>authorized_service</emphasis> : utiliser l'attribut " +"authorizedService pour déterminer l'accès" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1499 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" +"<emphasis>host</emphasis> : utilise l'attribut host pour déterminer l'accès" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1503 +msgid "" +"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " +"remote host can access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "" +"Please note, rhost field in pam is set by application, it is better to check " +"what the application sends to pam, before enabling this access control option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1512 +msgid "Default: filter" +msgstr "Par défaut : filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1515 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" +"Veuillez noter qu'une valeur utilisée plusieurs fois résulte en une erreur " +"de configuration." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1522 +msgid "ldap_pwdlockout_dn (string)" +msgstr "ldap_pwdlockout_dn (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1525 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1533 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "Exemple : cn=ppolicy,ou=policies,dc=example,dc=com" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1536 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1542 +msgid "ldap_deref (string)" +msgstr "ldap_deref (chaînes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1545 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" +"Définit comment le déréférencement de l'alias est effectué lors d'une " +"recherche. Les options suivantes sont autorisées :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1550 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "<emphasis>never</emphasis> : les alias ne sont jamais déréférencés." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" +"<emphasis>searching</emphasis> : Les alias sont déréférencés comme des " +"subordonnés de l'objet de base, mais pas en localisant l'objet de base de la " +"recherche." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1559 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" +"<emphasis>finding</emphasis> : les alias sont seulement déréférencés lors de " +"la localisation de l'objet de base de la recherche." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1564 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" +"<emphasis>always</emphasis> : les alias sont déréférencés à la fois pour la " +"recherche et et la localisation de l'objet de base de la recherche." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1569 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" +"Par défaut : vide (ceci est traité comme <emphasis>never</emphasis> par les " +"bibliothèques clientes LDAP)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1577 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "ldap_rfc2307_fallback_to_local_users (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1580 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" +"Permet de conserver les utilisateurs locaux en tant que membres d'un groupe " +"LDAP pour les serveurs qui utilisent le schéma RFC2307." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1584 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" +"Dans certains environnements où le schéma RFC2307 est utilisé, les " +"utilisateurs locaux deviennent membres du groupes LDAP en ajoutant leurs " +"noms à l'attribut memberUid. La cohérence du domaine est compromise quand " +"cela est fait, SSSD supprimerait normalement les utilisateurs « disparus » " +"des appartenances aux groupes mises en cache dès que nsswitch essaie de " +"récupérer des informations sur l'utilisateur via des appels à getpw*() ou " +"initgoups()." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1595 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" +"Cette option vérifie en dernier recours si les utilisateurs locaux sont " +"référencés et les met en cache afin que des appels ultérieurs à initgoups() " +"ajoutent les utilisateurs locaux aux groupes LDAP." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 +msgid "wildcard_limit (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1610 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1614 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1624 +#, fuzzy +#| msgid "debug_level (integer)" +msgid "ldap_library_debug_level (integer)" +msgstr "debug_level (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1627 +msgid "" +"Switches on libldap debugging with the given level. The libldap debug " +"messages will be written independent of the general debug_level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1632 +msgid "" +"OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " +"enable full debug output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1637 +#, fuzzy +#| msgid "Default: 0 (disabled)" +msgid "Default: 0 (libldap debugging disabled)" +msgstr "Par défaut : 0 (désactivé)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:52 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. Note that SSSD " +"LDAP mapping attributes are described in the <citerefentry> " +"<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1647 +msgid "SUDO OPTIONS" +msgstr "OPTIONS DE SUDO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1649 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1660 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "ldap_sudo_full_refresh_interval (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1663 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" +"La durée en secondes pendant laquelle SSSD va attendre entre deux " +"actualisations complètes des règles de sudo (qui téléchargent toutes les " +"règles qui sont stockées sur le serveur)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1668 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" +"La valeur doit être supérieure à <emphasis>ldap_sudo_smart_refresh_interval</" +"emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1673 +msgid "" +"You can disable full refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 +msgid "Default: 21600 (6 hours)" +msgstr "Par défaut : 21600 (6 heures)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "ldap_sudo_smart_refresh_interval (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest " +"server USN value that is currently known by SSSD)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1693 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" +"Si les attributs USN ne sont pas pris en charge par le serveur, l'attribut " +"modifyTimestamp est utilisé à la place." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1697 +msgid "" +"<emphasis>Note:</emphasis> the highest USN value can be updated by three " +"tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +"enumeration of users and groups (if enabled and updated users or groups are " +"found) and 3) by reconnecting to the server (by default every 15 minutes, " +"see <emphasis>ldap_connection_expire_timeout</emphasis>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1708 +msgid "" +"You can disable smart refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1719 +#, fuzzy +#| msgid "ldap_idmap_range_size (integer)" +msgid "ldap_sudo_random_offset (integer)" +msgstr "ldap_idmap_range_size (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1722 +msgid "" +"Random offset between 0 and configured value is added to smart and full " +"refresh periods each time the periodic task is scheduled. The value is in " +"seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Note that this random offset is also applied on the first SSSD start which " +"delays the first sudo rules refresh. This prolongs the time when the sudo " +"rules are not available for use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1734 +msgid "You can disable this offset by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1744 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "ldap_sudo_use_host_filter (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1747 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" +"Si true, SSSD téléchargera les seules règles qui s'appliquent à cette " +"machine (à l'aide de l'adresse de système ou de réseau IPv4 ou IPv6 et des " +"noms de systèmes)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1758 +msgid "ldap_sudo_hostnames (string)" +msgstr "ldap_sudo_hostnames (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1761 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" +"Liste séparés par des espaces des noms de systèmes ou de domaines qui " +"doivent être utilisés pour filtrer les règles." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1766 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" +"Si cette option est vide, SSSD va essayer de découvrir automatiquement le " +"nom de système et le nom de domaine pleinement qualifié." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" +"Si <emphasis>ldap_sudo_use_host_filter</emphasis> est <emphasis>false</" +"emphasis>, alors cette option n'a aucun effet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 +msgid "Default: not specified" +msgstr "Par défaut : non spécifié" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1782 +msgid "ldap_sudo_ip (string)" +msgstr "ldap_sudo_ip (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1785 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" +"Liste séparés par des espaces d'adresses de système ou de réseaux IPv4 ou " +"IPv6 qui doivent être utilisés pour filtrer les règles." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1790 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" +"Si cette option est vide, SSSD va essayer de découvrir les adresses " +"automatiquement." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1805 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "ldap_sudo_include_netgroups (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1808 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" +"Si elle est vraie alors SSSD téléchargera toutes les règles qui contient un " +"netgroup dans l'attribut sudoHost." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1823 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "ldap_sudo_include_regexp (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1826 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" +"Si positionnée à true, SSSD téléchargera toutes les règles qui contiennent " +"un joker dans l'attribut sudoHost." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +#: sssd-ldap.5.xml:1836 +msgid "" +"Using wildcard is an operation that is very costly to evaluate on the LDAP " +"server side!" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1848 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" +"Cette page de manuel décrit uniquement le mappage de noms d'attribut. Pour " +"une explication détaillée des sémantiques d'attributs relatives à sudo, cf. " +"<citerefentry><refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1858 +msgid "AUTOFS OPTIONS" +msgstr "OPTIONS AUTOFS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1866 +msgid "ldap_autofs_map_master_name (string)" +msgstr "ldap_autofs_map_master_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1869 +msgid "The name of the automount master map in LDAP." +msgstr "Le nom de la table de montage automatique maîtresse dans LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1872 +msgid "Default: auto.master" +msgstr "Par défaut : auto.master" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1883 +msgid "ADVANCED OPTIONS" +msgstr "OPTIONS AVANCÉES" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1890 +msgid "ldap_netgroup_search_base (string)" +msgstr "ldap_netgroup_search_base (chaînes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1895 +msgid "ldap_user_search_base (string)" +msgstr "ldap_user_search_base (chaînes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1900 +msgid "ldap_group_search_base (string)" +msgstr "ldap_group_search_base (chaînes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:1905 +msgid "<note>" +msgstr "<note>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no GID mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:1914 +msgid "</note>" +msgstr "</note>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1916 +msgid "ldap_sudo_search_base (string)" +msgstr "ldap_sudo_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_autofs_search_base (string)" +msgstr "ldap_autofs_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1885 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder " +"type=\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 +msgid "EXAMPLE" +msgstr "EXEMPLE" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" +"L'exemple suivant suppose que SSSD est correctement configuré et que LDAP " +"pointe sur un des domaines de la section <replaceable>[domains]</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1944 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 +#: include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1955 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1957 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1962 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "NOTES" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1979 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" +"Les descriptions de quelques unes des options de configuration des pages de " +"manuel sont basées sur le manuel de <citerefentry> <refentrytitle>ldap.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> de la distribution " +"de OpenLDAP 2.4." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:11 pam_sss.8.xml:16 +msgid "pam_sss" +msgstr "pam_sss" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: pam_sss.8.xml:12 pam_sss_gss.8.xml:12 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11 +#: sssd_krb5_localauth_plugin.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:17 +msgid "PAM module for SSSD" +msgstr "Module PAM pour SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:22 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg " +"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg " +"choice='opt'> <replaceable>prompt_always</replaceable> </arg> <arg " +"choice='opt'> <replaceable>try_cert_auth</replaceable> </arg> <arg " +"choice='opt'> <replaceable>require_cert_auth</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:64 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" +"<command>pam_sss.so</command> est l'interface PAM pour le démon des services " +"de sécurité système (SSSD). Les erreurs et résultats sont journalisés par " +"<command>syslog(3)</command> avec l'argument LOG_AUTHPRIV." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123 +#: sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "OPTIONS" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:74 +msgid "<option>quiet</option>" +msgstr "<option>quiet</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:77 +msgid "Suppress log messages for unknown users." +msgstr "Supprimer les messages de journal pour les utilisateurs inconnus." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>forward_pass</option>" +msgstr "<option>forward_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" +"Si <option>forward_pass</option> est défini, le mot de passe saisi est " +"inséré en mémoire pour les autres modules PAM utilisés." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:92 +msgid "<option>use_first_pass</option>" +msgstr "<option>use_first_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:95 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" +"L'argument use_first_pass force le module à utliser un module de mot de " +"passe déjà en mémoire et n'en fera jamais la demande à l'utilisateur. Si " +"aucun mot de passe n'est disponible ou que celui-ci n'est pas approprié, " +"l'utilisateur verra son accès refusé." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>use_authtok</option>" +msgstr "<option>use_authtok</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" +"Lorsque le changement de mot de passe force le module à modifier le mot de " +"passe par celui fourni par un module de mot de passe déjà chargé en mémoire." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:113 +msgid "<option>retry=N</option>" +msgstr "<option>retry=N</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:116 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" +"Si définit, on demande le mot de passe à l'utilisateur encore N fois si " +"l'authentification échoue. Par défaut : 0." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:118 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" +"Veuillez noter que cette option peut ne pas fonctionner comme attendu si " +"l'application qui appelle PAM gère lui-même les dialogues avec " +"l'utilisateur. Un exemple typique est <command>sshd</command> avec " +"<option>PasswordAuthentication</option>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_unknown_user</option>" +msgstr "<option>ignore_unknown_user</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:130 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:137 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "<option>ignore_authinfo_unavail</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:141 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:148 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:152 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:158 +#, fuzzy +#| msgid "" +#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> manual page for more details." +msgid "" +"NOTE: If this is used for a service not running as root user, e.g. a web-" +"server, it must be used in conjunction with the <quote>pam_trusted_users</" +"quote> and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" +"Se reporter au paramètre <quote>dns_discovery_domain</quote> dans la page de " +"manuel <citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> pour plus de détails." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:173 +msgid "<option>allow_missing_name</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:177 +msgid "" +"The main purpose of this option is to let SSSD determine the user name based " +"on additional information, e.g. the certificate from a Smartcard." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: pam_sss.8.xml:187 +#, no-wrap +msgid "" +"auth sufficient pam_sss.so allow_missing_name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:182 +msgid "" +"The current use case are login managers which can monitor a Smartcard reader " +"for card events. In case a Smartcard is inserted the login manager will call " +"a PAM stack which includes a line like <placeholder type=\"programlisting\" " +"id=\"0\"/> In this case SSSD will try to determine the user name based on " +"the content of the Smartcard, returns it to pam_sss which will finally put " +"it on the PAM stack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:197 +msgid "<option>prompt_always</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:201 +msgid "" +"Always prompt the user for credentials. With this option credentials " +"requested by other PAM modules, typically a password, will be ignored and " +"pam_sss will prompt for credentials again. Based on the pre-auth reply by " +"SSSD pam_sss might prompt for a password, a Smartcard PIN or other " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:212 +msgid "<option>try_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:216 +msgid "" +"Try to use certificate based authentication, i.e. authentication with a " +"Smartcard or similar devices. If a Smartcard is available and the service is " +"allowed for Smartcard authentication the user will be prompted for a PIN and " +"the certificate based authentication will continue" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:224 +msgid "" +"If no Smartcard is available or certificate based authentication is not " +"allowed for the current service PAM_AUTHINFO_UNAVAIL is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:232 +msgid "<option>require_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:236 +msgid "" +"Do certificate based authentication, i.e. authentication with a Smartcard " +"or similar devices. If a Smartcard is not available the user will be " +"prompted to insert one. SSSD will wait for a Smartcard until the timeout " +"defined by p11_wait_for_card_timeout passed, please see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:246 +msgid "" +"If no Smartcard is available after the timeout or certificate based " +"authentication is not allowed for the current service PAM_AUTHINFO_UNAVAIL " +"is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:256 pam_sss_gss.8.xml:103 +msgid "MODULE TYPES PROVIDED" +msgstr "TYPES DE MODULES FOURNIS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:257 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" +"Tous les types de module (<option>account</option>, <option>auth</option>, " +"<option>password</option> et <option>session</option>) sont fournis." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:260 +msgid "" +"If SSSD's PAM responder is not running, e.g. if the PAM responder socket is " +"not available, pam_sss will return PAM_USER_UNKNOWN when called as " +"<option>account</option> module to avoid issues with users from other " +"sources during access control." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:267 pam_sss_gss.8.xml:108 +msgid "RETURN VALUES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:270 pam_sss_gss.8.xml:111 +msgid "PAM_SUCCESS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:273 pam_sss_gss.8.xml:114 +msgid "The PAM operation finished successfully." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:278 pam_sss_gss.8.xml:119 +msgid "PAM_USER_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:281 +msgid "" +"The user is not known to the authentication service or the SSSD's PAM " +"responder is not running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:287 pam_sss_gss.8.xml:128 +msgid "PAM_AUTH_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:290 +msgid "" +"Authentication failure. Also, could be returned when there is a problem with " +"getting the certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:296 +msgid "PAM_PERM_DENIED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:299 +msgid "" +"Permission denied. The SSSD log files may contain additional information " +"about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:305 +msgid "PAM_IGNORE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:308 +msgid "" +"See options <option>ignore_unknown_user</option> and " +"<option>ignore_authinfo_unavail</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:314 +msgid "PAM_AUTHTOK_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:317 +msgid "" +"Unable to obtain the new authentication token. Also, could be returned when " +"the user authenticates with certificates and multiple certificates are " +"available, but the installed version of GDM does not support selection from " +"multiple certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:325 pam_sss_gss.8.xml:136 +msgid "PAM_AUTHINFO_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:328 pam_sss_gss.8.xml:139 +msgid "" +"Unable to access the authentication information. This might be due to a " +"network or hardware failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:334 +msgid "PAM_BUF_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:337 +msgid "" +"A memory error occurred. Also, could be returned when options use_first_pass " +"or use_authtok were set, but no password was found from the previously " +"stacked PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:344 pam_sss_gss.8.xml:145 +msgid "PAM_SYSTEM_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:347 pam_sss_gss.8.xml:148 +msgid "" +"A system error occurred. The SSSD log files may contain additional " +"information about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:353 +msgid "PAM_CRED_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:356 +msgid "Unable to set the credentials of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:361 +msgid "PAM_CRED_INSUFFICIENT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:364 +msgid "" +"The application does not have sufficient credentials to authenticate the " +"user. For example, missing PIN during smartcard authentication or missing " +"factor during two-factor authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:372 +msgid "PAM_SERVICE_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:375 +msgid "Error in service module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:380 +msgid "PAM_NEW_AUTHTOK_REQD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:383 +msgid "The user's authentication token has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:388 +msgid "PAM_ACCT_EXPIRED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:391 +msgid "The user account has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:396 +msgid "PAM_SESSION_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:399 +msgid "Unable to fetch IPA Desktop Profile rules or user info." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:404 +msgid "PAM_CRED_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:407 +msgid "Unable to retrieve Kerberos user credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:412 +msgid "PAM_NO_MODULE_DATA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:415 +msgid "" +"No authentication method was found by Kerberos. This might happen if the " +"user has a Smartcard assigned but the pkint plugin is not available on the " +"client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:422 +msgid "PAM_CONV_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:425 +msgid "Conversation failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:430 +msgid "PAM_AUTHTOK_LOCK_BUSY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:433 +msgid "No KDC suitable for password change is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:438 +msgid "PAM_ABORT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:441 +msgid "Unknown PAM call." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:446 +msgid "PAM_MODULE_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:449 +msgid "Unsupported PAM task or command." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:454 +msgid "PAM_BAD_ITEM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:457 +msgid "The authentication module cannot handle Smartcard credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:465 +msgid "FILES" +msgstr "FICHIERS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:466 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" +"Si une réinitialisation par root d'un mot de passe échoue parce que le " +"fournisseur SSSD correspondant ne prend pas en charge la réinitialisation de " +"mot de passe, un message spécifique peut être affiché. Ce message peut, par " +"exemple, contenir les instructions permettant la réinitialisation." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:471 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" +"Le message est lu depuis le fichier <filename>pam_sss_pw_reset_message.LOC</" +"filename> où LOC représente une chaîne de paramètres régionaux retournée par " +"<citerefentry><refentrytitle>setlocale</refentrytitle> <manvolnum>3</" +"manvolnum></citerefentry>. Si il n'y a aucun fichier correspondant, le " +"contenu de <filename>pam_sss_pw_reset_message.txt</filename> est affiché. " +"L'utilisateur root doit être le propriétaire des fichiers et seul root peut " +"avoir les autorisations en lecture et en écriture alors que tous les autres " +"utilisateurs doivent avoir les autorisations en lecture seule." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:481 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" +"Ces fichiers sont recherchés dans le dossier <filename>/etc/sssd/customize/" +"NOM_DE_DOMAINE/</filename>. Si aucun fichier correspondant n'est présent, un " +"message spécifique est affiché." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss_gss.8.xml:11 pam_sss_gss.8.xml:16 +#, fuzzy +#| msgid "pam_sss" +msgid "pam_sss_gss" +msgstr "pam_sss" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss_gss.8.xml:17 +#, fuzzy +#| msgid "PAM module for SSSD" +msgid "PAM module for SSSD GSSAPI authentication" +msgstr "Module PAM pour SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss_gss.8.xml:22 +#, fuzzy +#| msgid "" +#| "<command>sssd</command> <arg choice='opt'> <replaceable>options</" +#| "replaceable> </arg>" +msgid "" +"<command>pam_sss_gss.so</command> <arg choice='opt'> <replaceable>debug</" +"replaceable> </arg>" +msgstr "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:32 +msgid "" +"<command>pam_sss_gss.so</command> authenticates user over GSSAPI in " +"cooperation with SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:36 +msgid "" +"This module will try to authenticate the user using the GSSAPI hostbased " +"service name host@hostname which translates to host/hostname@REALM Kerberos " +"principal. The <emphasis>REALM</emphasis> part of the Kerberos principal " +"name is derived by Kerberos internal mechanisms and it can be set explicitly " +"in configuration of [domain_realm] section in /etc/krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:44 +msgid "" +"SSSD is used to provide desired service name and to validate the user's " +"credentials using GSSAPI calls. If the service ticket is already present in " +"the Kerberos credentials cache or if user's ticket granting ticket can be " +"used to get the correct service ticket then the user will be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:51 +msgid "" +"If <option>pam_gssapi_check_upn</option> is True (default) then SSSD " +"requires that the credentials used to obtain the service tickets can be " +"associated with the user. This means that the principal that owns the " +"Kerberos credentials must match with the user principal name as defined in " +"LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:58 +msgid "" +"To enable GSSAPI authentication in SSSD, set <option>pam_gssapi_services</" +"option> option in [pam] or domain section of sssd.conf. The service " +"credentials need to be stored in SSSD's keytab (it is already present if you " +"use ipa or ad provider). The keytab location can be set with " +"<option>krb5_keytab</option> option. See <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> and " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more details on these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:74 +msgid "" +"Some Kerberos deployments allow to associate authentication indicators with " +"a particular pre-authentication method used to obtain the ticket granting " +"ticket by the user. <command>pam_sss_gss.so</command> allows to enforce " +"presence of authentication indicators in the service tickets before a " +"particular PAM service can be accessed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:82 +msgid "" +"If <option>pam_gssapi_indicators_map</option> is set in the [pam] or domain " +"section of sssd.conf, then SSSD will perform a check of the presence of any " +"configured indicators in the service ticket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss_gss.8.xml:93 +#, fuzzy +#| msgid "<option>quiet</option>" +msgid "<option>debug</option>" +msgstr "<option>quiet</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:96 +msgid "Print debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:104 +msgid "Only the <option>auth</option> module type is provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:122 +msgid "" +"The user is not known to the authentication service or the GSSAPI " +"authentication is not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:131 +msgid "Authentication failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:159 +msgid "" +"The main use case is to provide password-less authentication in sudo but " +"without the need to disable authentication completely. To achieve this, " +"first enable GSSAPI authentication for sudo in sssd.conf:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:165 +#, no-wrap +msgid "" +"[domain/MYDOMAIN]\n" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:169 +msgid "" +"And then enable the module in desired PAM stack (e.g. /etc/pam.d/sudo and /" +"etc/pam.d/sudo-i)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:173 +#, no-wrap +msgid "" +"...\n" +"auth sufficient pam_sss_gss.so\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss_gss.8.xml:180 +msgid "TROUBLESHOOTING" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:182 +msgid "" +"SSSD logs, pam_sss_gss debug output and syslog may contain helpful " +"information about the error. Here are some common issues:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:186 +msgid "" +"1. I have KRB5CCNAME environment variable set and the authentication does " +"not work: Depending on your sudo version, it is possible that sudo does not " +"pass this variable to the PAM environment. Try adding KRB5CCNAME to " +"<option>env_keep</option> in /etc/sudoers or in your LDAP sudo rules default " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:193 +msgid "" +"2. Authentication does not work and syslog contains \"Server not found in " +"Kerberos database\": Kerberos is probably not able to resolve correct realm " +"for the service ticket based on the hostname. Try adding the hostname " +"directly to <option>[domain_realm]</option> in /etc/krb5.conf like so:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:200 +msgid "" +"3. Authentication does not work and syslog contains \"No Kerberos " +"credentials available\": You don't have any credentials that can be used to " +"obtain the required service ticket. Use kinit or authenticate over SSSD to " +"acquire those credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:206 +msgid "" +"4. Authentication does not work and SSSD sssd-pam log contains \"User with " +"UPN [$UPN] was not found.\" or \"UPN [$UPN] does not match target user " +"[$username].\": You are using credentials that can not be mapped to the user " +"that is being authenticated. Try to use kswitch to select different " +"principal, make sure you authenticated with SSSD or consider disabling " +"<option>pam_gssapi_check_upn</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:214 +#, no-wrap +msgid "" +"[domain_realm]\n" +".myhostname = MYREALM\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "sssd_krb5_locator_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "Greffon de localisation Kerberos" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by libkrb5 to find KDCs for a given Kerberos realm. SSSD provides such " +"a plugin to guide all Kerberos clients on a system to a single KDC. In " +"general it should not matter to which KDC a client process is talking to. " +"But there are cases, e.g. after a password change, where not all KDCs are in " +"the same state because the new data has to be replicated first. To avoid " +"unexpected authentication failures and maybe even account lockings it would " +"be good to talk to a single KDC as long as possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:34 +msgid "" +"libkrb5 will search the locator plugin in the libkrb5 sub-directory of the " +"Kerberos plugin directory, see plugin_base_dir in <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for details. The plugin can only be disabled by removing the " +"plugin file. There is no option in the Kerberos configuration to disable it. " +"But the SSSD_KRB5_LOCATOR_DISABLE environment variable can be used to " +"disable the plugin for individual commands. Alternatively the SSSD option " +"krb5_use_kdcinfo=False can be used to not generate the data needed by the " +"plugin. With this the plugin is still called but will provide no data to the " +"caller so that libkrb5 can fall back to other methods defined in krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:50 +msgid "" +"The plugin reads the information about the KDCs of a given realm from a file " +"called <filename>kdcinfo.REALM</filename>. The file should contain one or " +"more DNS names or IP addresses either in dotted-decimal IPv4 notation or the " +"hexadecimal IPv6 notation. An optional port number can be added to the end " +"separated with a colon, the IPv6 address has to be enclosed in squared " +"brackets in this case as usual. Valid entries are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:58 +msgid "kdc.example.com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:59 +msgid "kdc.example.com:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:60 +msgid "1.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:61 +msgid "5.6.7.8:99" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:62 +msgid "2001:db8:85a3::8a2e:370:7334" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "[2001:db8:85a3::8a2e:370:7334]:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:65 +msgid "" +"SSSD's krb5 auth-provider which is used by the IPA and AD providers as well " +"adds the address of the current KDC or domain controller SSSD is using to " +"this file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:70 +msgid "" +"In environments with read-only and read-write KDCs where clients are " +"expected to use the read-only instances for the general operations and only " +"the read-write KDC for config changes like password changes a " +"<filename>kpasswdinfo.REALM</filename> is used as well to identify read-" +"write KDCs. If this file exists for the given realm the content will be used " +"by the plugin to reply to requests for a kpasswd or kadmin server or for the " +"MIT Kerberos specific master KDC. If the address contains a port number the " +"default KDC port 88 will be used for the latter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:85 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" +"Toutes les versions de Kerberos ne prennent en charge l'utilisation de " +"greffons. Si <command>sssd_krb5_locator_plugin</command> n'est pas présent " +"sur votre système, il faut modifier /etc/krb5.conf pour s'adapter à la " +"configuration de Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:91 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" +"Si la variable d'environnement SSSD_KRB5_LOCATOR_DEBUG a une valeur " +"quelconque, des messages de débogage seront envoyés sur la sortie standard " +"d'erreur." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:95 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value " +"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the " +"caller." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:100 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES is set to " +"any value plugin will try to resolve all DNS names in kdcinfo file. By " +"default plugin returns KRB5_PLUGIN_NO_HANDLE to the caller immediately on " +"first DNS resolving failure." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "sssd-simple" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" +"le fichier de configuration pour le fournisseur de contrôle d'accès « " +"simple » de SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" +"Cette page de manuel décrit la configuration du fournisseur de contrôle " +"d'accès simple de <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. Pour plus de détails sur la " +"syntaxe, cf. la section <quote>FORMAT DE FICHIER</quote> de la page de " +"manuel <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" +"Le fournisseur d'accès simple autorise les accès à partir de listes " +"d'autorisation ou de refus de noms d'utilisateurs ou de groupes. Les règles " +"suivantes s'appliquent :" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "Si toutes les listes sont vides, l'accès est autorisé" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" +"Si une liste est fournie, quelle qu'elle soit, l'ordre d'évaluation est " +"allow,deny. Autrement dit une règle de refus écrasera une règle " +"d'autorisation." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" +"Si la ou les listes fournies sont seulement de type « allow », tous les " +"utilisateurs sont refusés à moins qu'ils ne soient dans la liste." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" +"Si seulement les listes « deny » sont utilisées, tous les utlisateurs sont " +"autorisés à moins qu'ils ne soient dans la liste." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "simple_allow_users (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" +"Liste séparée par des virgules d'utilisateurs autorisés à se connecter." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "simple_deny_users (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" +"Liste séparée par des virgules d'utilisateurs dont l'accès sera refusé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "simple_allow_groups (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" +"Liste séparée par des virgules de groupes autorisés à se connecter. Ceci ne " +"s'applique qu'à des groupes dans un domaine SSSD. Les groupes locaux ne sont " +"pas pris en compte." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "simple_deny_groups (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" +"Liste séparée par des virgules de groupes dont l'accès sera refusé. Ceci ne " +"s'applique qu'à des groupes dans un domaine SSSD. Les groupes locaux ne sont " +"pas pris en compte." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:83 sssd-ad.5.xml:131 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Se référer à la section <quote>SECTIONS DE DOMAINE</quote> de la page de " +"manuel <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> pour les détails sur la configuration d'un " +"domaine SSSD. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" +"Ne spécifier aucune valeur pour aucune des listes revient à l'ignorer " +"complètement. Se méfier de ceci lors de la création des paramètres pour le " +"fournisseur simple à l'aide automatique de scripts." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" +"Veuillez noter que la configuration simultanée de simple_allow_users et " +"simple_deny_users est une erreur." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" +"L'exemple suivant suppose que SSSD est correctement configuré et que example." +"com est un des domaines dans la section <replaceable>[sssd]</replaceable>. " +"Ces exemples montrent seulement les options spécifiques du fournisseur " +"d'accès simple." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss-certmap.5.xml:10 sss-certmap.5.xml:16 +msgid "sss-certmap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss-certmap.5.xml:17 +msgid "SSSD Certificate Matching and Mapping Rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:23 +msgid "" +"The manual page describes the rules which can be used by SSSD and other " +"components to match X.509 certificates and map them to accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:28 +msgid "" +"Each rule has four components, a <quote>priority</quote>, a <quote>matching " +"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</" +"quote>. All components are optional. A missing <quote>priority</quote> will " +"add the rule with the lowest priority. The default <quote>matching rule</" +"quote> will match certificates with the digitalSignature key usage and " +"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty " +"the certificates will be searched in the userCertificate attribute as DER " +"encoded binary. If no domains are given only the local domain will be " +"searched." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:39 +msgid "" +"To allow extensions or completely different style of rule the " +"<quote>mapping</quote> and <quote>matching rules</quote> can contain a " +"prefix separated with a ':' from the main part of the rule. The prefix may " +"only contain upper-case ASCII letters and numbers. If the prefix is omitted " +"the default type will be used which is 'KRB5' for the matching rules and " +"'LDAP' for the mapping rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:48 +msgid "" +"The 'sssctl' utility provides the 'cert-eval-rule' command to check if a " +"given certificate matches a matching rules and how the output of a mapping " +"rule would look like." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss-certmap.5.xml:55 +msgid "RULE COMPONENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:57 +msgid "PRIORITY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:59 +msgid "" +"The rules are processed by priority while the number '0' (zero) indicates " +"the highest priority. The higher the number the lower is the priority. A " +"missing value indicates the lowest priority. The rules processing is stopped " +"when a matched rule is found and no further rules are checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:66 +msgid "" +"Internally the priority is treated as unsigned 32bit integer, using a " +"priority value larger than 4294967295 will cause an error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:70 +msgid "" +"If multiple rules have the same priority and only one of the related " +"matching rules applies, this rule will be chosen. If there are multiple " +"rules with the same priority which matches, one is chosen but which one is " +"undefined. To avoid this undefined behavior either use different priorities " +"or make the matching rules more specific e.g. by using distinct <" +"ISSUER> patterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:79 +msgid "MATCHING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:81 +msgid "" +"The matching rule is used to select a certificate to which the mapping rule " +"should be applied. It uses a system similar to the one used by " +"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a " +"keyword enclosed by '<' and '>' which identified a certain part of the " +"certificate and a pattern which should be found for the rule to match. " +"Multiple keyword pattern pairs can be either joined with '&&' (and) " +"or '||' (or)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:90 +msgid "" +"Given the similarity to MIT Kerberos the type prefix for this rule is " +"'KRB5'. But 'KRB5' will also be the default for <quote>matching rules</" +"quote> so that \"<SUBJECT>.*,DC=MY,DC=DOMAIN\" and \"KRB5:<" +"SUBJECT>.*,DC=MY,DC=DOMAIN\" are equivalent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:99 +msgid "<SUBJECT>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:102 +msgid "" +"With this a part or the whole subject name of the certificate can be " +"matched. For the matching POSIX Extended Regular Expression syntax is used, " +"see regex(7) for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:108 +msgid "" +"For the matching the subject name stored in the certificate in DER encoded " +"ASN.1 is converted into a string according to RFC 4514. This means the most " +"specific name component comes first. Please note that not all possible " +"attribute names are covered by RFC 4514. The names included are 'CN', 'L', " +"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might " +"be shown differently on different platform and by different tools. To avoid " +"confusion those attribute names are best not used or covered by a suitable " +"regular-expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:121 +msgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:124 +msgid "" +"Please note that the characters \"^.[$()|*+?{\\\" have a special meaning in " +"regular expressions and must be escaped with the help of the '\\' character " +"so that they are matched as ordinary characters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:130 +msgid "Example: <SUBJECT>^CN=.* \\(Admin\\),DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:135 +msgid "<ISSUER>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:138 +msgid "" +"With this a part or the whole issuer name of the certificate can be matched. " +"All comments for <SUBJECT> apply her as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:143 +msgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:148 +msgid "<KU>key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:151 +msgid "" +"This option can be used to specify which key usage values the certificate " +"should have. The following values can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:155 +msgid "digitalSignature" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:156 +msgid "nonRepudiation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:157 +msgid "keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:158 +msgid "dataEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:159 +msgid "keyAgreement" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:160 +msgid "keyCertSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:161 +msgid "cRLSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:162 +msgid "encipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:163 +msgid "decipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:167 +msgid "" +"A numerical value in the range of a 32bit unsigned integer can be used as " +"well to cover special use cases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:171 +msgid "Example: <KU>digitalSignature,keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:176 +msgid "<EKU>extended-key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:179 +msgid "" +"This option can be used to specify which extended key usage the certificate " +"should have. The following value can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:183 +msgid "serverAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:184 +msgid "clientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:185 +msgid "codeSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:186 +msgid "emailProtection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:187 +msgid "timeStamping" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:188 +msgid "OCSPSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:189 +msgid "KPClientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:190 +msgid "pkinit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:191 +msgid "msScLogin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:195 +msgid "" +"Extended key usages which are not listed above can be specified with their " +"OID in dotted-decimal notation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:199 +msgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:204 +msgid "<SAN>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:207 +msgid "" +"To be compatible with the usage of MIT Kerberos this option will match the " +"Kerberos principals in the PKINIT or AD NT Principal SAN as <SAN:" +"Principal> does." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:212 +msgid "Example: <SAN>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:217 +msgid "<SAN:Principal>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:220 +msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:224 +msgid "Example: <SAN:Principal>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:229 +msgid "<SAN:ntPrincipalName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:232 +msgid "Match the Kerberos principals from the AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:236 +msgid "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:241 +msgid "<SAN:pkinit>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:244 +msgid "Match the Kerberos principals from the PKINIT SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:247 +msgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:252 +msgid "<SAN:dotted-decimal-oid>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:255 +msgid "" +"Take the value of the otherName SAN component given by the OID in dotted-" +"decimal notation, interpret it as string and try to match it against the " +"regular expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:261 +msgid "Example: <SAN:1.2.3.4>test" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:266 +msgid "<SAN:otherName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:269 +msgid "" +"Do a binary match with the base64 encoded blob against all otherName SAN " +"components. With this option it is possible to match against custom " +"otherName components with special encodings which could not be treated as " +"strings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:276 +msgid "Example: <SAN:otherName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:281 +msgid "<SAN:rfc822Name>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:284 +msgid "Match the value of the rfc822Name SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:287 +msgid "Example: <SAN:rfc822Name>.*@email\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:292 +msgid "<SAN:dNSName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:295 +msgid "Match the value of the dNSName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:298 +msgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:303 +msgid "<SAN:x400Address>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:306 +msgid "Binary match the value of the x400Address SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:309 +msgid "Example: <SAN:x400Address>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:314 +msgid "<SAN:directoryName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:317 +msgid "" +"Match the value of the directoryName SAN. The same comments as given for <" +"ISSUER> and <SUBJECT> apply here as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:322 +msgid "Example: <SAN:directoryName>.*,DC=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:327 +msgid "<SAN:ediPartyName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:330 +msgid "Binary match the value of the ediPartyName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:333 +msgid "Example: <SAN:ediPartyName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:338 +msgid "<SAN:uniformResourceIdentifier>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:341 +msgid "Match the value of the uniformResourceIdentifier SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:344 +msgid "Example: <SAN:uniformResourceIdentifier>URN:.*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:349 +msgid "<SAN:iPAddress>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:352 +msgid "Match the value of the iPAddress SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:355 +msgid "Example: <SAN:iPAddress>192\\.168\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:360 +msgid "<SAN:registeredID>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:363 +msgid "Match the value of the registeredID SAN as dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:367 +msgid "Example: <SAN:registeredID>1\\.2\\.3\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:96 +msgid "" +"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:375 +msgid "MAPPING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:377 +msgid "" +"The mapping rule is used to associate a certificate with one or more " +"accounts. A Smartcard with the certificate and the matching private key can " +"then be used to authenticate as one of those accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:382 +msgid "" +"Currently SSSD basically only supports LDAP to lookup user information (the " +"exception is the proxy provider which is not of relevance here). Because of " +"this the mapping rule is based on LDAP search filter syntax with templates " +"to add certificate content to the filter. It is expected that the filter " +"will only contain the specific data needed for the mapping and that the " +"caller will embed it in another filter to do the actual search. Because of " +"this the filter string should start and stop with '(' and ')' respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:392 +msgid "" +"In general it is recommended to use attributes from the certificate and add " +"them to special attributes to the LDAP user object. E.g. the " +"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute " +"for IPA can be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:398 +msgid "" +"This should be preferred to read user specific data from the certificate " +"like e.g. an email address and search for it in the LDAP server. The reason " +"is that the user specific data in LDAP might change for various reasons " +"would break the mapping. On the other hand it would be hard to break the " +"mapping on purpose for a specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:406 +msgid "" +"The default <quote>mapping rule</quote> type is 'LDAP' which can be added as " +"a prefix to a rule like e.g. 'LDAP:(userCertificate;binary={cert!bin})'. " +"There is an extension called 'LDAPU1' which offer more templates for more " +"flexibility. To allow older versions of this library to ignore the extension " +"the prefix 'LDAPU1' must be used when using the new templates in a " +"<quote>mapping rule</quote> otherwise the old version of this library will " +"fail with a parsing error. The new templates are described in section <xref " +"linkend=\"map_ldapu1\"/>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:424 +msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:427 +msgid "" +"This template will add the full issuer DN converted to a string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:433 sss-certmap.5.xml:459 +msgid "" +"The conversion options starting with 'ad_' will use attribute names as used " +"by AD, e.g. 'S' instead of 'ST'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:437 sss-certmap.5.xml:463 +msgid "" +"The conversion options starting with 'nss_' will use attribute names as used " +"by NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:441 sss-certmap.5.xml:467 +msgid "" +"The default conversion option is 'nss', i.e. attribute names according to " +"NSS and LDAP/RFC 4514 ordering." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:445 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!" +"ad})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:450 +msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:453 +msgid "" +"This template will add the full subject DN converted to string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:471 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>" +"{subject_dn!nss_x500})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:476 +msgid "{cert[!(bin|base64)]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:479 +msgid "" +"This template will add the whole DER encoded certificate as a string to the " +"search filter. Depending on the conversion option the binary certificate is " +"either converted to an escaped hex sequence '\\xx' or base64. The escaped " +"hex sequence is the default and can e.g. be used with the LDAP attribute " +"'userCertificate;binary'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:487 +msgid "Example: (userCertificate;binary={cert!bin})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:492 +msgid "{subject_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:495 +msgid "" +"This template will add the Kerberos principal which is taken either from the " +"SAN used by pkinit or the one used by AD. The 'short_name' component " +"represents the first part of the principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:501 +msgid "" +"Example: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:506 +msgid "{subject_pkinit_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:509 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by pkinit. The 'short_name' component represents the first part of the " +"principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:515 +msgid "" +"Example: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:520 +msgid "{subject_nt_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:523 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by AD. The 'short_name' component represent the first part of the principal " +"before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:529 +msgid "" +"Example: (|(userPrincipalName={subject_nt_principal})" +"(samAccountName={subject_nt_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:534 +msgid "{subject_rfc822_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:537 +msgid "" +"This template will add the string which is stored in the rfc822Name " +"component of the SAN, typically an email address. The 'short_name' component " +"represents the first part of the address before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:543 +msgid "" +"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name." +"short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:548 +msgid "{subject_dns_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:551 +msgid "" +"This template will add the string which is stored in the dNSName component " +"of the SAN, typically a fully-qualified host name. The 'short_name' " +"component represents the first part of the name before the first '.' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:557 +msgid "" +"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:562 +msgid "{subject_uri}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:565 +msgid "" +"This template will add the string which is stored in the " +"uniformResourceIdentifier component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:569 +msgid "Example: (uri={subject_uri})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:574 +msgid "{subject_ip_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:577 +msgid "" +"This template will add the string which is stored in the iPAddress component " +"of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:581 +msgid "Example: (ip={subject_ip_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:586 +msgid "{subject_x400_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:589 +msgid "" +"This template will add the value which is stored in the x400Address " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:594 +msgid "Example: (attr:binary={subject_x400_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:599 +msgid "" +"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:602 +msgid "" +"This template will add the DN string of the value which is stored in the " +"directoryName component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:606 +msgid "Example: (orig_dn={subject_directory_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:611 +msgid "{subject_ediparty_name}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:614 +msgid "" +"This template will add the value which is stored in the ediPartyName " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:619 +msgid "Example: (attr:binary={subject_ediparty_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:624 +msgid "{subject_registered_id}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:627 +msgid "" +"This template will add the OID which is stored in the registeredID component " +"of the SAN as a dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:632 +msgid "Example: (oid={subject_registered_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:417 +msgid "" +"The templates to add certificate data to the search filter are based on " +"Python-style formatting strings. They consist of a keyword in curly braces " +"with an optional sub-component specifier separated by a '.' or an optional " +"conversion/formatting option separated by a '!'. Allowed values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><title> +#: sss-certmap.5.xml:639 +msgid "LDAPU1 extension" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para> +#: sss-certmap.5.xml:641 +msgid "The following template are available when using the 'LDAPU1' extension:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:647 +msgid "{serial_number[!(dec|hex[_ucr])]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:650 +msgid "" +"This template will add the serial number of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:655 +msgid "" +"With the formatting option '!dec' the number will be printed as decimal " +"string. The hexadecimal output can be printed with upper-case letters ('!" +"hex_u'), with a colon separating the hexadecimal bytes ('!hex_c') or with " +"the hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can " +"be combined so that e.g. '!hex_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:665 +msgid "Example: LDAPU1:(serial={serial_number})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:671 +msgid "{subject_key_id[!hex[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:674 +msgid "" +"This template will add the subject key id of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:679 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!hex_u'), " +"with a colon separating the hexadecimal bytes ('!hex_c') or with the " +"hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can be " +"combined so that e.g. '!hex_uc' will produce a colon-separated hexadecimal " +"string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:688 +msgid "Example: LDAPU1:(ski={subject_key_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:694 +msgid "{cert[!DIGEST[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:697 +msgid "" +"This template will add the hexadecimal digest/hash of the certificate where " +"DIGEST must be replaced with the name of a digest/hash function supported by " +"OpenSSL, e.g. 'sha512'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:703 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!sha512_u'), " +"with a colon separating the hexadecimal bytes ('!sha512_c') or with the " +"hexadecimal bytes in reverse order ('!sha512_r'). The postfix letters can be " +"combined so that e.g. '!sha512_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:712 +msgid "Example: LDAPU1:(dgst={cert!sha256})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:718 +msgid "{subject_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:721 +msgid "" +"This template will add an attribute value of a component of the subject DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:726 +msgid "" +"A different component can it either selected by attribute name, e.g. " +"{subject_dn_component.uid} or by position, e.g. {subject_dn_component.[2]} " +"where positive numbers start counting from the most specific component and " +"negative numbers start counting from the least specific component. Attribute " +"name and the position can be combined as e.g. {subject_dn_component.uid[2]} " +"which means that the name of the second component must be 'uid'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:737 +msgid "Example: LDAPU1:(uid={subject_dn_component.uid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:743 +msgid "{issuer_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:746 +msgid "" +"This template will add an attribute value of a component of the issuer DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:751 +msgid "" +"See 'subject_dn_component' for details about the attribute name and position " +"specifiers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:755 +msgid "" +"Example: LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component." +"dc[-1]})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:760 +msgid "{sid[.rid]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:763 +msgid "" +"This template will add the SID if the corresponding extension introduced by " +"Microsoft with the OID 1.3.6.1.4.1.311.25.2 is available. With the '.rid' " +"selector only the last component, i.e. the RID, will be added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:770 +msgid "Example: LDAPU1:(objectsid={sid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:779 +msgid "DOMAIN LIST" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:781 +msgid "" +"If the domain list is not empty users mapped to a given certificate are not " +"only searched in the local domain but in the listed domains as well as long " +"as they are know by SSSD. Domains not know to SSSD will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "sssd-ipa" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "Fournisseur IPA SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Cette page de manuel décrit la configuration du fournisseur IPA pour " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Pour une référence détaillée sur la syntaxe, veuillez " +"regarder la section <quote>FORMAT DE FICHIER</quote> de la page de manuel " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" +"Le fournisseur IPA est le moteur pour se connecter à un serveur IPA. (Cf. le " +"site freeipa.org pour plus d'informations sur les serveurs IPA). Ce " +"fournisseur nécessite que la machine soit joignable pour le domaine IPA ; la " +"configuration est presque entièrement obtenue et auto-découverte à partir du " +"serveur." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for IPA environments. The IPA provider accepts the same " +"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. " +"However, it is neither necessary nor recommended to set these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:57 +msgid "" +"The IPA provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"As an access provider, the IPA provider has a minimal configuration (see " +"<quote>ipa_access_order</quote>) as it mainly uses HBAC (host-based access " +"control) rules. Please refer to freeipa.org for more information about HBAC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:68 +msgid "" +"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ipa</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:74 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" +"Le fournisseur IPA utilisera le répondeur PAC si les tickets Kerberos " +"d'utilisateurs de domaines Kerberos approuvés contiennent un PAC. Pour " +"rendre la configuration plus facile, le répondeur PAC est démarré " +"automatiquement si le fournisseur d'ID de IPA est configuré." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:90 +msgid "ipa_domain (string)" +msgstr "ipa_domain (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:93 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" +"Définit le nom du domaine IPA. Facultatif, s'il n'est pas fourni, le nom de " +"domaine de la configuration est utilisé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:101 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "ipa_server, ipa_backup_server (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:104 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"La liste par ordre de préférence séparée par des virgules des adresses IP ou " +"des noms de systèmes des serveurs IPA auxquels SSSD doit se connecter . Pour " +"plus d'informations sur la redondance de serveurs et la bascule, consulter " +"la section <quote>BASCULE</quote>. Ceci est facultatif si la découverte " +"automatique est activée. Pour plus d'informations sur la découverte de " +"services, se reporter à la section de <quote>DÉCOUVERTE DE SERVICE</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:117 +msgid "ipa_hostname (string)" +msgstr "ipa_hostname (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:120 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host. The " +"hostname must be fully qualified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:129 sssd-ad.5.xml:1181 +msgid "dyndns_update (boolean)" +msgstr "dyndns_update (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:132 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA with the IP address of this client. The update is secured " +"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the " +"updates, if it is not otherwise specified by using the <quote>dyndns_iface</" +"quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:141 sssd-ad.5.xml:1195 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" +"NOTE : Sur les systèmes plus anciens (tels que RHEL 5), afin que ce " +"comportement fonctionne de façon fiable, le domaine Kerberos par défaut doit " +"être défini correctement dans /etc/krb5.conf" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:146 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" +"REMARQUE : Bien qu'il soit toujours possible d'utiliser l'ancienne option " +"<emphasis>ipa_dyndns_update</emphasis>, les utilisateurs doivent maintenant " +"utiliser <emphasis>dyndns_update</emphasis> dans leur fichier de " +"configuration." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:158 sssd-ad.5.xml:1206 +msgid "dyndns_ttl (integer)" +msgstr "dyndns_ttl (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:161 sssd-ad.5.xml:1209 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" +"Le TTL à appliquer à l'enregistrement du client DNS lors de sa mise à jour. " +"Si dyndns_update a la valeur false, cela n'a aucun effet. Cela remplacera le " +"TTL côté serveur s'il est défini par un administrateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:166 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" +"REMARQUE : Bien qu'il soit toujours possible d'utiliser l'ancienne option " +"<emphasis>ipa_dyndns_ttl</emphasis>, les utilisateurs doivent maintenant " +"utiliser <emphasis>dyndns_ttl</emphasis> dans leur fichier de configuration." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:172 +msgid "Default: 1200 (seconds)" +msgstr "Par défaut : 1200 (secondes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:178 sssd-ad.5.xml:1220 +msgid "dyndns_iface (string)" +msgstr "dyndns_iface (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 sssd-ad.5.xml:1223 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:188 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" +"REMARQUE : Bien qu'il soit toujours possible d'utiliser l'ancienne option " +"<emphasis>ipa_dyndns_iface</emphasis>, les utilisateurs doivent maintenant " +"utiliser <emphasis>dyndns_iface</emphasis> dans leur fichier de " +"configuration." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 sssd-ad.5.xml:1234 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 +msgid "dyndns_auth (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"updates with the DNS server, insecure updates can be sent by setting this " +"option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 +msgid "Default: GSS-TSIG" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 +#, fuzzy +#| msgid "dyndns_iface (string)" +msgid "dyndns_auth_ptr (string)" +msgstr "dyndns_iface (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"PTR updates with the DNS server, insecure updates can be sent by setting " +"this option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 +msgid "Default: Same as dyndns_auth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:234 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "ipa_enable_dns_sites (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:237 sssd-ad.5.xml:238 +msgid "Enables DNS sites - location based service discovery." +msgstr "Active les sites DNS - découverte de service basée sur l'emplacement" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example." +"com\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" +"Si true et que la découverte de service (cf. le paragraphe Découverte de " +"service au bas de la page de manuel) est activée, alors SSSD tentera d'abord " +"une découverte basée sur l'emplacement en utilisant une requête contenant " +"« _location.hostname.example.com », puis reviendra à une découverte SRV " +"traditionnelle. Si la découverte basée sur l'emplacement réussit, les " +"serveurs IPA ainsi découverts sont traités comme serveurs primaires, et les " +"serveurs identifiés via la découverte basée sur les enregistrements SRV " +"seront utilisés comme serveurs de repli" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1240 +msgid "dyndns_refresh_interval (integer)" +msgstr "dyndns_refresh_interval (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:263 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" +"Fréquence de mise à jour des DNS par le moteur en plus des mises à jour " +"automatiques effectuées lorsque le moteur arrive en ligne. Cette option est " +"facultative, et n'est applicable que lorsque l'option dyndns_update est " +"configurée à true." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:276 sssd-ad.5.xml:1258 +msgid "dyndns_update_ptr (bool)" +msgstr "dyndns_update_ptr (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:1261 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" +"Selon que l'enregistrement PTR doit être explicitement mis à jour lors de la " +"mise à jour des enregistrements DNS du client. Applicable uniquement lorsque " +"l'option dyndns_update est configurée à true." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" +"Cette option doit être positionnée à False pour la plupart des déploiements " +"IPA, puisque le serveur IPA crée les enregistrements PTR automatiquement " +"quand les enregistrements directs sont modifiés." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 +msgid "Default: False (disabled)" +msgstr "Par défaut : False (désactivé)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 +msgid "dyndns_force_tcp (bool)" +msgstr "dyndns_force_tcp (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" +"Selon que l'utilitaire nsupdate doit utiliser TCP par défaut pour la " +"communication avec le serveur DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "Par défaut : False (laisser nsupdate choisir le protocole)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 +msgid "dyndns_update_per_family (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 +msgid "" +"DNS update is by default performed in two steps - IPv4 update and then IPv6 " +"update. In some cases it might be desirable to perform IPv4 and IPv6 update " +"in single step." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:353 +#, fuzzy +#| msgid "ldap_access_order (string)" +msgid "ipa_access_order (string)" +msgstr "ldap_access_order (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:360 +#, fuzzy +#| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." +msgstr "<emphasis>expire</emphasis>: utiliser ldap_account_expire_policy" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:399 +msgid "" +"Please note that 'access_provider = ipa' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:406 +msgid "ipa_deskprofile_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:409 +msgid "" +"Optional. Use the given string as search base for Desktop Profile related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 +msgid "Default: Use base DN" +msgstr "Par défaut : utilise le DN de base" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:419 +#, fuzzy +#| msgid "ipa_subdomains_search_base (string)" +msgid "ipa_subid_ranges_search_base (string)" +msgstr "ipa_subdomains_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +#, fuzzy +#| msgid "" +#| "Optional. Use the given string as search base for HBAC related objects." +msgid "" +"Optional. Use the given string as search base for subordinate ranges related " +"objects." +msgstr "" +"Facultatif. Utilise la chaîne donnée comme base de recherche pour les objets " +"HBAC associés." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:426 +#, fuzzy +#| msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" +msgstr "Par défaut : la valeur de <emphasis>cn=trusts,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:433 +msgid "ipa_hbac_search_base (string)" +msgstr "ipa_hbac_search_base (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:436 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" +"Facultatif. Utilise la chaîne donnée comme base de recherche pour les objets " +"HBAC associés." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 +msgid "ipa_host_search_base (string)" +msgstr "ipa_host_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 +msgid "Deprecated. Use ldap_host_search_base instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:455 +msgid "ipa_selinux_search_base (string)" +msgstr "ipa_selinux_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:458 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" +"Facultatif. Utiliser la chaîne donnée comme base de recherche pour les " +"mappages utilisateur SELinux." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:474 +msgid "ipa_subdomains_search_base (string)" +msgstr "ipa_subdomains_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:477 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" +"Facultatif. Utiliser la chaîne donnée comme base de recherche pour les " +"domaines approuvés." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:486 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "Par défaut : la valeur de <emphasis>cn=trusts,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:493 +msgid "ipa_master_domain_search_base (string)" +msgstr "ipa_master_domain_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:496 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" +"Facultatif. Utiliser la chaîne donnée comme base de recherche objet de " +"domaine maître." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:505 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "Par défaut : la valeur de <emphasis>cn=ad,cn=etc,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_views_search_base (string)" +msgstr "ipa_views_search_base (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:524 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:534 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" +"Le nom du domaine Kerberos. Facultatif, prend comme valeur par défaut la " +"valeur de <quote>ipa_domain</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:538 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" +"Le nom du domaine Kerberos a une signification spéciale dans IPA. Il est " +"convertit en DN de base pour effectuer les opérations LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 +msgid "krb5_confd_path (string)" +msgstr "krb5_confd_path (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:564 +msgid "ipa_deskprofile_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:567 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server. This will reduce the latency and load on the IPA server if there " +"are many desktop profiles requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 +msgid "Default: 5 (seconds)" +msgstr "Par défaut : 5 (secondes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:580 +msgid "ipa_deskprofile_request_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:583 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server in case the last request did not return any rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:588 +msgid "Default: 60 (minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:594 +msgid "ipa_hbac_refresh (integer)" +msgstr "ipa_hbac_refresh (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:597 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" +"Le temps entre deux recherches de règles HBAC sur un serveur IPA. Cela " +"permet de réduire le temps de latence et la charge du serveur IPA si il y a " +"beaucoup de requêtes de contrôle d'accès sur une courte période." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:610 +msgid "ipa_hbac_selinux (integer)" +msgstr "ipa_hbac_selinux (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:613 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" +"Le temps entre les recherches de cartes SELinux sur un serveur IPA. Cela " +"réduit le temps de latence et la charge du serveur IPA s'il y a beaucoup de " +"requêtes de connexions utilisateurs sur une courte période." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:626 +msgid "ipa_server_mode (boolean)" +msgstr "ipa_server_mode (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "" +"This option will be set by the IPA installer (ipa-server-install) " +"automatically and denotes if SSSD is running on an IPA server or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:634 +msgid "" +"On an IPA server SSSD will lookup users and groups from trusted domains " +"directly while on a client it will ask an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:639 +msgid "" +"NOTE: There are currently some assumptions that must be met when SSSD is " +"running on an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "" +"The <quote>ipa_server</quote> option must be configured to point to the IPA " +"server itself. This is already the default set by the IPA installer, so no " +"manual change is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:653 +msgid "" +"The <quote>full_name_format</quote> option must not be tweaked to only print " +"short names for users from trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:668 +msgid "ipa_automount_location (string)" +msgstr "ipa_automount_location (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:671 +msgid "The automounter location this IPA client will be using" +msgstr "L'emplacement à automonter qu'utilisera ce client IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:674 +msgid "Default: The location named \"default\"" +msgstr "Par défaut : Le lieu nommé « default »" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:682 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:691 +msgid "ipa_view_class (string)" +msgstr "ipa_view_class (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:694 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:697 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:703 +msgid "ipa_view_name (string)" +msgstr "ipa_view_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:706 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 +#: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 +#: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 +#: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 +msgid "Default: cn" +msgstr "Par défaut : cn" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:716 +msgid "ipa_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:719 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:722 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:728 +msgid "ipa_anchor_uuid (string)" +msgstr "ipa_anchor_uuid (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:731 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:735 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:741 +msgid "ipa_user_override_object_class (string)" +msgstr "ipa_user_override_object_class (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:744 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:749 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:752 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:755 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:758 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:761 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:764 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:767 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:770 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:775 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:781 +msgid "ipa_group_override_object_class (string)" +msgstr "ipa_group_override_object_class (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:784 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:789 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:792 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:795 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:800 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:684 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:812 +msgid "SUBDOMAINS PROVIDER" +msgstr "FOURNISSEURS DE SOUS-DOMAINES" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:814 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" +"Le fournisseur de sous-domaines IPA se comporte un peu différemment s'il est " +"configuré explicitement ou implicitement." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:818 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" +"Si l'option « subdomains_provider = ipa » se trouve dans la section domaine " +"de sssd.conf, le fournisseur de sous-domaines d'IPA est configuré " +"explicitement, et toutes les demandes de sous-domaines sont envoyées au " +"serveur IPA si nécessaire." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:824 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" +"Si l'option « subdomains_provider » n'est pas définie dans la section " +"domaine de sssd.conf, mais qu'il y a l'option « id_provider = ipa », le " +"fournisseur de sous-domaines IPA est configuré implicitement. Dans ce cas, " +"si une demande de sous-domaine échoue et indique que le serveur ne prend pas " +"en charge les sous-domaines, c'est-à-dire qu'il n'est pas configuré pour les " +"relations d'approbations, le fournisseur de sous-domaines IPA est désactivé. " +"Après une heure ou après que le fournisseur IPA arrive en ligne, le " +"fournisseur de sous-domaines est à nouveau activé." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:835 +msgid "TRUSTED DOMAINS CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:843 +#, no-wrap +msgid "" +"[domain/ipa.domain.com/ad.domain.com]\n" +"ad_server = dc.ad.domain.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:837 +msgid "" +"Some configuration options can also be set for a trusted domain. A trusted " +"domain configuration can be set using the trusted domain subsection as shown " +"in the example below. Alternatively, the <quote>subdomain_inherit</quote> " +"option can be used in the parent domain. <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:848 +msgid "" +"For more details, see the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:855 +msgid "" +"Different configuration options are tunable for a trusted domain depending " +"on whether you are configuring SSSD on an IPA server or an IPA client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:860 +msgid "OPTIONS TUNABLE ON IPA MASTERS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:862 +msgid "" +"The following options can be set in a subdomain section on an IPA master:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 +msgid "ad_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:869 +msgid "ad_backup_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 +msgid "ad_site" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:875 +msgid "ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:878 +msgid "ldap_user_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:881 +msgid "ldap_group_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:890 +msgid "OPTIONS TUNABLE ON IPA CLIENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:892 +msgid "" +"The following options can be set in a subdomain section on an IPA client:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:904 +msgid "" +"Note that if both options are set, only <quote>ad_server</quote> is " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:908 +msgid "" +"Since any request for a user or a group identity from a trusted domain " +"triggered from an IPA client is resolved by the IPA server, the " +"<quote>ad_server</quote> and <quote>ad_site</quote> options only affect " +"which AD DC will the authentication be performed against. In particular, the " +"addresses resolved from these lists will be written to <quote>kdcinfo</" +"quote> files read by the Kerberos locator plugin. Please refer to the " +"<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more details on the " +"Kerberos locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:932 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" +"L'exemple suivant suppose que SSSD est correctement configuré et example.com " +"est un des domaines de la section <replaceable>[sssd]</replaceable>. Ces " +"exemples montrent seulement les options spécifiques au fournisseur IPA." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:939 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "sssd-ad" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "Fournisseur Active Directory SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Cette page de manuel décrit la configuration du fournisseur AD pour " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Pour une référence détaillée sur la syntaxe, cf. la section " +"<quote>FORMAT DE FICHIER</quote> de la page de manuel <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available. Back end communication occurs over a GSSAPI-encrypted " +"channel, SSL/TLS options should not be used with the AD provider and will be " +"superseded by Kerberos usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:44 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" +"Le fournisseur AD prend en charge la connexion à Active Directory 2008 R2 ou " +"ultérieures. Les versions antérieures peuvent fonctionner, mais ne sont pas " +"supportées." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:48 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:54 +msgid "" +"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for Active Directory environments. The AD provider accepts the " +"same options used by the sssd-ldap and sssd-krb5 providers with some " +"exceptions. However, it is neither necessary nor recommended to set these " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"The AD provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:74 +msgid "" +"The AD provider can also be used as an access, chpass, sudo and autofs " +"provider. No configuration of the access provider is required on the client " +"side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:79 +msgid "" +"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ad</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:91 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" +"ldap_id_mapping = False\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:85 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should " +"be used, it is recommended for performance reasons that the attributes are " +"also replicated to the Global Catalog. If POSIX attributes are replicated, " +"SSSD will attempt to locate the domain of a requested numerical ID with the " +"help of the Global Catalog and only search that domain. In contrast, if " +"POSIX attributes are not replicated to the Global Catalog, SSSD must search " +"all the domains in the forest sequentially. Please note that the " +"<quote>cache_first</quote> option might be also helpful in speeding up " +"domainless searches. Note that if only a subset of POSIX attributes is " +"present in the Global Catalog, the non-replicated attributes are currently " +"not read from the LDAP port." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:108 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:113 +msgid "" +"SSSD only resolves Active Directory Security Groups. For more information " +"about AD group types see: <ulink url=\"https://docs.microsoft.com/en-us/" +"windows-server/identity/ad-ds/manage/understand-security-groups\"> Active " +"Directory security groups</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:120 +msgid "" +"SSSD filters out Domain Local groups from remote domains in the AD forest. " +"By default they are filtered out e.g. when following a nested group " +"hierarchy in remote domains because they are not valid in the local domain. " +"This is done to be in agreement with Active Directory's group-membership " +"assignment which can be seen in the PAC of the Kerberos ticket of a user " +"issued by Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:138 +msgid "ad_domain (string)" +msgstr "ad_domain (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:141 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" +"Spécifie le nom du domaine Active Directory. Ceci est facultatif. S'il " +"n'est pas fourni, le nom de domaine de la configuration est utilisé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:146 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" +"Pour un fonctionnement correct, cette option doit être le nom long du " +"domaine Active Directory, spécifié en minuscules." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:151 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" +"Le nom de domaine court (aussi connu comme le nom NetBIOS ou nom plat) est " +"autodétecté par SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:158 +msgid "ad_enabled_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:161 +msgid "" +"A comma-separated list of enabled Active Directory domains. If provided, " +"SSSD will ignore any domains not listed in this option. If left unset, all " +"discovered domains from the AD forest will be available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:168 +msgid "" +"During the discovery of the domains SSSD will filter out some domains where " +"flags or attributes indicate that they do not belong to the local forest or " +"are not trusted. If ad_enabled_domains is set, SSSD will try to enable all " +"listed domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:179 +#, no-wrap +msgid "" +"ad_enabled_domains = sales.example.com, eng.example.com\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:175 +msgid "" +"For proper operation, this option must be specified in all lower-case and as " +"the fully qualified domain name of the Active Directory domain. For example: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) will be " +"autodetected by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:193 +msgid "ad_server, ad_backup_server (string)" +msgstr "ad_server, ad_backup_server (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:196 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:203 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:208 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:216 +msgid "ad_hostname (string)" +msgstr "ad_hostname (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:219 +msgid "" +"Optional. On machines where the hostname(5) does not reflect the fully " +"qualified name, sssd will try to expand the short name. If it is not " +"possible or the short name should be really used instead, set this parameter " +"explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:226 +msgid "" +"This field is used to determine the host principal in use in the keytab and " +"to perform dynamic DNS updates. It must match the hostname for which the " +"keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:235 +msgid "ad_enable_dns_sites (boolean)" +msgstr "ad_enable_dns_sites (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" +"Si configuré à true et que la découverte de service (cf. le paragraphe " +"Découverte de service au bas de la page de manuel) est activée, SSSD tentera " +"d'abord de découvrir le serveur Active Directory auquel se connecter en " +"utilisant Active Directory Site Discovery, puis se repliera sur " +"l'utilisation des enregistrements DNS SRV si aucun site AD n'est trouvé. La " +"configuration SRV du DNS, incluant la découverte de domaine, est aussi " +"utilisée pendant la découverte de site." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:258 +msgid "ad_access_filter (string)" +msgstr "ad_access_filter (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:261 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:269 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:277 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:285 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"Nested group membership must be searched for using a special OID " +"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain." +"example.org: syntax to ensure the parser does not attempt to interpret the " +"colon characters associated with the OID. If you do not use this OID then " +"nested group membership will not be resolved. See usage example below and " +"refer here for further information about the OID: <ulink url=\"https://msdn." +"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP " +"extensions</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:303 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:314 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +"\n" +"# apply filter for a member of a nested group in dom1:\n" +"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:333 +msgid "ad_site (string)" +msgstr "ad_site (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:347 +msgid "ad_enable_gc (boolean)" +msgstr "ad_enable_gc (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:350 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:358 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:372 +msgid "ad_gpo_access_control (string)" +msgstr "ad_gpo_access_control (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:384 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to the host. For more " +"information on the supported policy settings please refer to the " +"<quote>ad_gpo_map</quote> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:392 +msgid "" +"Please note that current version of SSSD does not support Active Directory's " +"built-in groups. Built-in groups (such as Administrators with SID " +"S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See " +"upstream issue tracker https://github.com/SSSD/sssd/issues/5063 ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:401 +msgid "" +"Before performing access control SSSD applies group policy security " +"filtering on the GPOs. For every single user login, the applicability of the " +"GPOs that are linked to the host is checked. In order for a GPO to apply to " +"a user, the user or at least one of the groups to which it belongs must have " +"following permissions on the GPO:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:411 +msgid "" +"Read: The user or one of its groups must have read access to the properties " +"of the GPO (RIGHT_DS_READ_PROPERTY)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:418 +msgid "" +"Apply Group Policy: The user or at least one of its groups must be allowed " +"to apply the GPO (RIGHT_DS_CONTROL_ACCESS)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:426 +msgid "" +"By default, the Authenticated Users group is present on a GPO and this group " +"has both Read and Apply Group Policy access rights. Since authentication of " +"a user must have been completed successfully before GPO security filtering " +"and access control are started, the Authenticated Users group permissions on " +"the GPO always apply also to the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:435 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing. For logging GPO-based access control debug level 'trace " +"functions' is required (see <citerefentry> <refentrytitle>sssctl</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "There are three supported values for this option:" +msgstr "Il existe trois valeurs prises en charge pour cette option :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:458 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:464 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:470 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:481 +msgid "Default: permissive" +msgstr "Par défaut : permissive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:484 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:490 +msgid "ad_gpo_implicit_deny (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:493 +msgid "" +"Normally when no applicable GPOs are found the users are allowed access. " +"When this option is set to True users will be allowed access only when " +"explicitly allowed by a GPO rule. Otherwise users will be denied access. " +"This can be used to harden security but be careful when using this option " +"because it can deny access even to users in the built-in Administrators " +"group if no GPO rules apply to them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:509 +msgid "" +"The following 2 tables should illustrate when a user is allowed or rejected " +"based on the allow and deny login rights defined on the server-side and the " +"setting of ad_gpo_implicit_deny." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:521 +msgid "ad_gpo_implicit_deny = False (default)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "allow-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "deny-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:523 sssd-ad.5.xml:549 +msgid "results" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:526 sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:552 +#: sssd-ad.5.xml:555 sssd-ad.5.xml:558 +msgid "missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:527 +#, fuzzy +#| msgid "The following values are allowed:" +msgid "all users are allowed" +msgstr "Les valeurs suivantes sont autorisées :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:535 sssd-ad.5.xml:555 +#: sssd-ad.5.xml:558 sssd-ad.5.xml:561 +msgid "present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:530 +msgid "only users not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:533 sssd-ad.5.xml:559 +#, fuzzy +#| msgid "The following values are allowed:" +msgid "only users in allow-rules are allowed" +msgstr "Les valeurs suivantes sont autorisées :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:536 sssd-ad.5.xml:562 +msgid "only users in allow-rules and not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:547 +#, fuzzy +#| msgid "ad_gpo_map_deny (string)" +msgid "ad_gpo_implicit_deny = True" +msgstr "ad_gpo_map_deny (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:553 sssd-ad.5.xml:556 +#, fuzzy +#| msgid "The following values are allowed:" +msgid "no users are allowed" +msgstr "Les valeurs suivantes sont autorisées :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:569 +msgid "ad_gpo_ignore_unreadable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:572 +msgid "" +"Normally when some group policy containers (AD object) of applicable group " +"policy objects are not readable by SSSD then users are denied access. This " +"option allows to ignore group policy containers and with them associated " +"policies if their attributes in group policy containers are not readable for " +"SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:589 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "ad_gpo_cache_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:605 +msgid "ad_gpo_map_interactive (string)" +msgstr "ad_gpo_map_interactive (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:608 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings. Only those GPOs are evaluated " +"for which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny interactive logon setting for the user or one of its groups, the user " +"is denied local access. If none of the evaluated GPOs has an interactive " +"logon right defined, the user is granted local access. If at least one " +"evaluated GPO contains interactive logon right settings, the user is granted " +"local access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:626 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:640 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:631 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:663 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:683 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:688 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:693 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:698 +msgid "unity" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:703 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:712 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "ad_gpo_map_remote_interactive (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:715 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings. Only those GPOs are " +"evaluated for which the user has Read and Apply Group Policy permission (see " +"option <quote>ad_gpo_access_control</quote>). If an evaluated GPO contains " +"the deny remote logon setting for the user or one of its groups, the user is " +"denied remote interactive access. If none of the evaluated GPOs has a " +"remote interactive logon right defined, the user is granted remote access. " +"If at least one evaluated GPO contains remote interactive logon right " +"settings, the user is granted remote access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:734 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:749 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:740 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:757 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:762 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:771 +msgid "ad_gpo_map_network (string)" +msgstr "ad_gpo_map_network (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny network logon setting for the user or one of its groups, the user is " +"denied network logon access. If none of the evaluated GPOs has a network " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains network logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:792 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:807 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:798 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:815 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:820 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:829 +msgid "ad_gpo_map_batch (string)" +msgstr "ad_gpo_map_batch (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:832 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings. Only those GPOs are evaluated for which the user has Read " +"and Apply Group Policy permission (see option <quote>ad_gpo_access_control</" +"quote>). If an evaluated GPO contains the deny batch logon setting for the " +"user or one of its groups, the user is denied batch logon access. If none " +"of the evaluated GPOs has a batch logon right defined, the user is granted " +"logon access. If at least one evaluated GPO contains batch logon right " +"settings, the user is granted logon access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:850 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:864 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:855 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:867 +msgid "" +"Note: Cron service name may differ depending on Linux distribution used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:873 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:882 +msgid "ad_gpo_map_service (string)" +msgstr "ad_gpo_map_service (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:885 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny service logon setting for the user or one of its groups, the user is " +"denied service logon access. If none of the evaluated GPOs has a service " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains service logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:903 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:916 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:908 sssd-ad.5.xml:983 +msgid "" +"It is possible to add a PAM service name to the default set by using " +"<quote>+service_name</quote>. Since the default set is empty, it is not " +"possible to remove a PAM service name from the default set. For example, in " +"order to add a custom pam service name (e.g. <quote>my_pam_service</quote>), " +"you would use the following configuration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:926 +msgid "ad_gpo_map_permit (string)" +msgstr "ad_gpo_map_permit (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:929 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:943 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:934 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:951 +msgid "polkit-1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:966 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:975 +msgid "ad_gpo_map_deny (string)" +msgstr "ad_gpo_map_deny (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:978 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:991 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1001 +msgid "ad_gpo_default_right (string)" +msgstr "ad_gpo_default_right (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1004 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1017 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1026 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1031 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1036 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1041 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1046 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1051 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1057 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1063 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1066 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1072 +msgid "Default: 30 days" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1078 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1081 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expects 2 integers separated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the initial timeout in seconds before the task is run for the " +"first time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1090 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1096 +msgid "ad_update_samba_machine_account_password (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1099 +msgid "" +"If enabled, when SSSD renews the machine account password, it will also be " +"updated in Samba's database. This prevents Samba's copy of the machine " +"account password from getting out of date when it is set up to use AD for " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1112 +msgid "ad_use_ldaps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1115 +msgid "" +"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " +"3628. If this option is set to True SSSD will use the LDAPS port 636 and " +"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " +"have multiple encryption layers on a single connection and we still want to " +"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " +"property maxssf is set to 0 (zero) for those connections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1132 +#, fuzzy +#| msgid "ldap_sudo_include_netgroups (boolean)" +msgid "ad_allow_remote_domain_local_groups (boolean)" +msgstr "ldap_sudo_include_netgroups (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1135 +msgid "" +"If this option is set to <quote>true</quote> SSSD will not filter out Domain " +"Local groups from remote domains in the AD forest. By default they are " +"filtered out e.g. when following a nested group hierarchy in remote domains " +"because they are not valid in the local domain. To be compatible with other " +"solutions which make AD users and groups available on Linux client this " +"option was added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1145 +msgid "" +"Please note that setting this option to <quote>true</quote> will be against " +"the intention of Domain Local group in Active Directory and <emphasis>SHOULD " +"ONLY BE USED TO FACILITATE MIGRATION FROM OTHER SOLUTIONS</emphasis>. " +"Although the group exists and user can be member of the group the intention " +"is that the group should be only used in the domain it is defined and in no " +"others. Since there is only one type of POSIX groups the only way to achieve " +"this on the Linux side is to ignore those groups. This is also done by " +"Active Directory as can be seen in the PAC of the Kerberos ticket for a " +"local service or in tokenGroups requests where remote Domain Local groups " +"are missing as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1161 +msgid "" +"Given the comments above, if this option is set to <quote>true</quote> the " +"tokenGroups request must be disabled by setting <quote>ldap_use_tokengroups</" +"quote> to <quote>false</quote> to get consistent group-memberships of a " +"users. Additionally the Global Catalog lookup should be skipped as well by " +"setting <quote>ad_enable_gc</quote> to <quote>false</quote>. Finally it " +"might be necessary to modify <quote>ldap_group_nesting_level</quote> if the " +"remote Domain Local groups can only be found with a deeper nesting level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1184 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" +"Facultatif. Cette option indique à SSSD de mettre à jour automatiquement le " +"serveur DNS intégré à IPA v2 avec l'adresse IP de ce client. La mise à jour " +"est sécurisée avec GSS-TSIG. Ainsi, l'administrateur Active Directory a " +"uniquement besoin d'activer les mises à jour sécurisées pour la zone DNS. " +"L'adresse IP de la connexion LDAP AD est utilisée pour les mises à jour, à " +"moins qu'elle ne soit spécifiée par l'utilisation de l'option " +"<quote>dyndns_iface</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1214 +msgid "Default: 3600 (seconds)" +msgstr "Par défaut : 3600 (secondes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1230 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1243 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true. Note that the " +"lowest possible value is 60 seconds in-case if value is provided less than " +"60, parameter will assume lowest value only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1393 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" +"L'exemple suivant suppose que SSSD est correctement configuré et example.com " +"est un des domaines de la section <replaceable>[sssd]</replaceable>. Ces " +"exemples montrent seulement les options spécifiques au fournisseur AD." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1400 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1420 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1416 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Le fournisseur de contrôle d'accès AD vérifie si le compte a expiré. Cela a " +"le même effet que la configuration suivante du fournisseur LDAP : " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1426 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1434 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included in the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "sssd-sudo" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "Configuration de sudo avec le moteur SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" +"Cette page de manuel décrit comment configurer " +"<citerefentry><refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> pour travailler avec <citerefentry><refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry> et comment SSSD met " +"en cache les règles sudo." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "Configuration de sudo pour coopérer avec SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" +"Pour activer SSSD comme source pour les règles de sudo, ajouter " +"<emphasis>sss</emphasis> à l'entrée <emphasis>sudoers</emphasis> dans " +"<citerefentry><refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" +"Par exemple, pour configurer sudo pour rechercher d'abord les règles dans le " +"fichier standard <citerefentry><refentrytitle>sudoers</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> (qui doit contenir les règles qui " +"s'appliquent aux utilisateurs locaux) et ensuite dans SSSD, le fichier " +"nsswitch.conf doit contenir la ligne suivante :" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "sudoers: files sss\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" +"Plus d'informations sur la configuration de l'ordre de recherche de sudoers " +"depuis le fichier nsswitch.conf, mais aussi les informations sur le schéma " +"LDAP qui est utilisé pour stocker les règles sudo dans l'annuaire sont " +"disponibles dans <citerefentry><refentrytitle>sudoers.ldap</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "Configuration de SSSD pour aller chercher les règles de sudo" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" +"L'exemple suivant montre comment configurer SSSD pour télécharger les règles " +"sudo à partir d'un serveur LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:98 +msgid "" +"<placeholder type=\"programlisting\" id=\"0\"/> <phrase " +"condition=\"have_systemd\"> It's important to note that on platforms where " +"systemd is supported there's no need to add the \"sudo\" provider to the " +"list of services, as it became optional. However, sssd-sudo.socket must be " +"enabled instead. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:118 +msgid "" +"When SSSD is configured to use IPA as the ID provider, the sudo provider is " +"automatically enabled. The sudo search base is configured to use the IPA " +"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in " +"sssd.conf, this value will be used instead. The compat tree (ou=sudoers," +"$SUFFIX) is no longer required for IPA sudo functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:128 +msgid "The SUDO rule caching mechanism" +msgstr "Le mécanisme de mise en cache de règles SUDO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:130 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" +"Le plus grand défi lors du développement de la prise en charge de sudo dans " +"SSSD était de de s'assurer que l'utilisation d'un sudo exploitant SSSD comme " +"source de données fournissait la même expérience utilisateur et était aussi " +"rapide que sudo, tout en conservant le jeu de règles le plus à jour " +"possible. Pour satisfaire ces exigences, SSSD utilise trois types de mises à " +"jour. Elles sont appelées actualisation complète, rafraîchissement " +"intelligent et rafraîchissement des règles." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:138 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" +"Le <emphasis>rafraîchissement intelligent</emphasis> télécharge " +"périodiquement les règles qui sont nouvelles ou qui ont été modifiées après " +"la dernière mise à jour. Son but premier est d'éviter à la base de données " +"de grossir en allant chercher de petits incréments qui ne génèrent pas de " +"gros de trafic réseau." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:144 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" +"Le <emphasis>rafracîchissement complèt</emphasis> supprime simplement toutes " +"les règles sudo stockées dans le cache et les remplace par toutes les règles " +"qui sont stockées sur le serveur. Ceci est utilisé pour assurer la cohérence " +"de cache en supprimant toutes les règles qui ont été supprimées du serveur. " +"Cependant, un rafraîchissement complet peut produire beaucoup de trafic et " +"doit n'être exécuté qu'occasionnellement selon la taille et de la stabilité " +"des règles sudo." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" +"Le <emphasis>rafraîchissement des règles</emphasis> fait en sorte de ne pas " +"accorder à l'utilisateur plus d'autorisations que défini. Il est déclenché " +"chaque fois que l'utilisateur exécute sudo. L'actualisation des règles " +"trouvera toutes les règles qui s'appliquent à cet utilisateur, vérifie leur " +"date d'expiration et les retéléchargera si elles ont expiré. Dans le cas où " +"l'une de ces règles est manquante sur le serveur, SSSD programmera en " +"parallèle un rafraîchissement complet hors ligne car d'autres règles " +"(s'appliquant à d'autres utilisateurs) peuvent avoir été supprimées." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:161 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" +"Si activé, SSSD stocke uniquement les règles qui peuvent être appliquées à " +"cette machine. En d'autres termes, ce sont les règles qui contiennent une " +"des valeurs suivantes dans l'attribut de <emphasis>sudoHost</emphasis> :" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:168 +msgid "keyword ALL" +msgstr "mot-clé ALL" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:173 +msgid "wildcard" +msgstr "joker" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:178 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "netgroup (sous la forme « +netgroup »)" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:183 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" +"nom de système ou le nom de domaine pleinement qualifié de cette machine" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:188 +msgid "one of the IP addresses of this machine" +msgstr "une des adresses IP de cette machine" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:193 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "une des adresses IP du réseau (sous la forme « adresse/masque »)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:199 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Il existe de nombreuses options de configuration qui peuvent être utilisées " +"pour ajuster le comportement. Consulter « ldap_sudo_ * » dans " +"<citerefentry><refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> et « sudo_ * » dans " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:213 +msgid "Tuning the performance" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:215 +msgid "" +"SSSD uses different kinds of mechanisms with more or less complex LDAP " +"filters to keep the cached sudo rules up to date. The default configuration " +"is set to values that should satisfy most of our users, but the following " +"paragraphs contain few tips on how to fine- tune the configuration to your " +"requirements." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:222 +msgid "" +"1. <emphasis>Index LDAP attributes</emphasis>. Make sure that following LDAP " +"attributes are indexed: objectClass, cn, entryUSN or modifyTimestamp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:227 +msgid "" +"2. <emphasis>Set ldap_sudo_search_base</emphasis>. Set the search base to " +"the container that holds the sudo rules to limit the scope of the lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:232 +msgid "" +"3. <emphasis>Set full and smart refresh interval</emphasis>. If your sudo " +"rules do not change often and you do not require quick update of cached " +"rules on your clients, you may consider increasing the " +"<emphasis>ldap_sudo_full_refresh_interval</emphasis> and " +"<emphasis>ldap_sudo_smart_refresh_interval</emphasis>. You may also consider " +"disabling the smart refresh by setting " +"<emphasis>ldap_sudo_smart_refresh_interval = 0</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:241 +msgid "" +"4. If you have large number of clients, you may consider increasing the " +"value of <emphasis>ldap_sudo_random_offset</emphasis> to distribute the load " +"on the server better." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "sssd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "System Security Services Daemon" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" +"<command>SSSD</command> fournit un jeu de démons pour gérer l'accès à des " +"dossiers distants et les mécanismes d'authentification. Il fournit une " +"interface NSS et PAM au travers du système et un moteur système extensible " +"par greffons pour se connecter à de multiples comptes de sources différentes " +"en plus d'une interface D-Bus. C'est aussi un moyen de fournir un moyen " +"d'audit client et une politique de services pour les projets tels que " +"FreeIPA. Il fournit une base de donnée plus robuste pour stocker les " +"utilisateurs locaux ainsi que les données étendues des utilisateurs." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" +"<emphasis>1</emphasis> : Ajouter un horodatage aux messages de débogage" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" +"<emphasis>0</emphasis> : Désactiver l'horodatage dans les messages de " +"débogage" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" +"<emphasis>1</emphasis> : Ajouter les microsecondes à l'horodatage dans les " +"messages de débogage" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" +"<emphasis>0</emphasis> : Désactiver les microsecondes dans l'horodatage" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>--logger=</option><replaceable>value</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "Location where SSSD will send log messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:92 +msgid "" +"<emphasis>stderr</emphasis>: Redirect debug messages to standard error " +"output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:96 +msgid "" +"<emphasis>files</emphasis>: Redirect debug messages to the log files. By " +"default, the log files are stored in <filename>/var/log/sssd</filename> and " +"there are separate log files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:102 +msgid "" +"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:106 +#, fuzzy +#| msgid "Default: not set, fallback to InfoPipe option" +msgid "" +"Default: not set (fall back to journald if available, otherwise to stderr)" +msgstr "Par défaut : non défini, repli sur l'option InfoPipe" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:113 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "<option>-D</option>,<option>--daemon</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:117 +msgid "Become a daemon after starting up." +msgstr "Devenir un démon après le démarrage." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:123 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "<option>-i</option>,<option>--interactive</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:127 +msgid "Run in the foreground, don't become a daemon." +msgstr "Tourner en avant-plan et ne pas devenir un démon." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:133 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "<option>-c</option>,<option>--config</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:137 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Définit un fichier de configuration autre que celui par défaut (<filename>/" +"etc/sssd/sssd.conf</filename>). Pour obtenir des informations sur la syntaxe " +"et les options du fichier de configuration, consulter les pages de manuel de " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "<option>-g</option>,<option>--genconf</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:154 +msgid "" +"Do not start the SSSD, but refresh the configuration database from the " +"contents of <filename>/etc/sssd/sssd.conf</filename> and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:162 +msgid "<option>-s</option>,<option>--genconf-section</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:166 +msgid "" +"Similar to <quote>--genconf</quote>, but only refresh a single section from " +"the configuration file. This option is useful mainly to be called from " +"systemd unit files to allow socket-activated responders to refresh their " +"configuration without requiring the administrator to restart the whole SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:178 +msgid "<option>--version</option>" +msgstr "<option>--version</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:182 +msgid "Print version number and exit." +msgstr "Afficher le numéro de version et quitter." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:190 +msgid "Signals" +msgstr "Signaux" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:193 +msgid "SIGTERM/SIGINT" +msgstr "SIGTERM/SIGINT" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:196 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" +"Indique à SSSD de fermer normalement tous ses processus fils puis d'arrêter " +"le moniteur." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:202 +msgid "SIGHUP" +msgstr "SIGHUP" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:205 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" +"Précise à SSSD de ne plus écrire vers son fichier de débogage actuel, de le " +"fermer et de le rouvrir. Cela permet de faciliter les rotations de fichiers " +"de sortie avec des programmes tels que logrotate." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:213 +msgid "SIGUSR1" +msgstr "SIGUSR1" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:216 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:225 +msgid "SIGUSR2" +msgstr "SIGUSR2" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:228 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:240 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:244 +msgid "" +"If the environment variable SSS_LOCKFREE is set to \"NO\", requests from " +"multiple threads of a single application will be serialized." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "sss_obfuscate" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "obscurcir un mot de passe en clair" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" +"<command>sss_obfuscate</command> convertit un mot de passe donné en un " +"format illisible par un humain et le place dans la section de domaine " +"appropriée du fichier de configuration SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" +"Le mot de passe en clair est lu dans l'entrée standard ou entré " +"interactivement. Les mots de passes chiffrés sont mis dans " +"<quote>ldap_default_authtok</quote> pour un domaine SSSD donné et le " +"paramètre <quote>ldap_default_authtok_type</quote> est défini à " +"<quote>obfuscated_password</quote>. Cf. <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> pour plus de " +"détails sur ces paramètres." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" +"Veuillez noter que les mots de passe chiffrés ne fournissent <emphasis>aucun " +"réel bénéfice de sécurité</emphasis> étant donné qu'il est possible de " +"retrouver le mot de passe par ingénierie-inverse. Utiliser un meilleur " +"mécanisme d'authentification tel que les certificats côté client ou GSSAPI " +"est <emphasis>très</emphasis> conseillé." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "<option>-s</option>,<option>--stdin</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "Le mot de passe chiffré sera lu sur l'entrée standard." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAINE</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" +"Le domaine SSSD auquel est lié le mot de passe. Le nom par défaut est " +"<quote>default</quote>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" +"<option>-f</option>,<option>--file</option> <replaceable>FICHIER</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "Lit le fichier de configuration spécifié par le paramètre." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "Par défaut : <filename>/etc/sssd/sssd.conf</filename>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:48 +msgid "" +"<emphasis>NOTE:</emphasis> The options provided in this man page only work " +"with <quote>ldap</quote> and <quote>AD</quote> <quote> id_provider</quote>. " +"IPA overrides can be managed centrally on the IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:56 sssctl.8.xml:41 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:58 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:65 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED " +"CERTIFICATE</optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:78 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:86 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:91 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:100 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:105 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:113 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:118 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:124 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:134 +msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:137 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:146 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:149 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:155 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:160 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:168 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:175 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:183 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:188 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:197 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:202 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:210 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:215 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:221 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:231 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:234 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:243 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:246 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:252 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:257 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:267 sssctl.8.xml:50 +msgid "COMMON OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:269 sssctl.8.xml:52 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:274 sssctl.8.xml:57 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "sssd-krb5" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "Fournisseur Kerberos SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" +"Cette page de manuel décrit la configuration du moteur d'authentification de " +"Kerberos 5 pour <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. Pour une référence détaillée sur " +"la syntaex, veuillez vous référer à la section <quote>FORMAT DE FICHIER</" +"quote> du manuel de <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" +"Le moteur d'authentification Kerberos 5 contient les fournisseurs " +"d'authentification et de changement de mot de passe. Il doit être couplé " +"avec un fournisseur d'identité de manière à fonctionner proprement (par " +"exemple, id_provider = ldap). Plusieurs informations requises par le moteur " +"d'authentification Kerberos 5 doivent être fournies par le fournisseur " +"d'identité, telles que le nom du principal de l'utilisateur Kerberos (UPN). " +"La configuration du fournisseur d'identité doit avoir une entrée pour " +"spécifier l'UPN. Veuillez vous référer aux pages du manuel du fournisseur " +"d'identité ad-hoc pour pouvoir le configurer." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" +"Dans le cas où l'UPN n'est pas valide dans le moteur d'identité, " +"<command>sssd</command> construira un UPN en utilisant le format " +"<replaceable>utilisateur</replaceable>@<replaceable>krb5_realm</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" +"Spécifie la liste séparée par des virgules des adresses IP ou des noms de " +"systèmes des serveurs Kerberos auquel SSSD doit se connecter, par ordre de " +"préférence. Pour plus d'informations sur la redondance par bascule et le " +"serveur, consultez la section de <quote>BASCULE</quote>. Un numéro de port " +"facultatif (précédé de deux-points) peut être ajouté aux adresses ou aux " +"noms de systèmes. Si vide, le service de découverte est activé - pour plus " +"d'informations, se reporter à la section <quote>DÉCOUVERTE DE SERVICE</" +"quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" +"Le nom du domaine Kerberos. Cette option est nécessaire et doit être " +"renseignée." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "krb5_kpasswd, krb5_backup_kpasswd (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" +"Si le service de changement de mot de passe ne fonctionne pas sur le KDC, " +"des serveurs de secours peuvent être définis ici. Un numéro de port " +"facultatif (précédé par un signe deux-points) peut-être être suffixé aux " +"adresses ou aux noms de systèmes." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" +"Pour plus d'information sur la bascule et la redondance de serveurs, voir la " +"section <quote>BASCULE</quote>. Noter que même si il n'y a plus de serveurs " +"kpasswd à essayer, le moteur ne passe pas en mode hors-ligne si " +"l'authentification KDC est toujours possible." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "Par défaut : utiliser le KDC" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "krb5_ccachedir (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "Par défaut : /tmp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "krb5_ccname_template (chaîne)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "%u" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "identifiant de connexion" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "%U" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "UID de l'utilisateur" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "%p" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "nom du principal" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "%r" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "nom de domaine" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 include/override_homedir.xml:42 +msgid "%h" +msgstr "%h" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:124 +msgid "home directory" +msgstr "répertoire personnel" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "%d" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "valeur de krb5_ccachedir" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:31 +msgid "%P" +msgstr "%P" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "l'ID de processus du client SSSD" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:56 +msgid "%%" +msgstr "%%" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:57 +msgid "a literal '%'" +msgstr "un « % » littéral" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "Par défaut : (valeur provenant de libkrb5)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_keytab (string)" +msgstr "krb5_keytab (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" +"L'emplacement du fichier keytab à utiliser pour valider les données " +"d'identification obtenues à partir de KDC." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:253 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "krb5_store_password_if_offline (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:256 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" +"Stocke le mot de passe de l'utilisateur si le fournisseur est hors-ligne, " +"puis l'utilise pour obtenir un TGT lorsque le fournisseur redevient " +"disponible en ligne." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:261 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" +"NOTE : cette fonctionnalité n'est actuellement disponible que sur les plates-" +"formes Linux. Les mots de passe stockés de cette manière sont conservés en " +"texte brut dans le trousseau de clés du noyau et sont potentiellement " +"accessibles à l'utilisateur root (avec difficulté)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:274 +msgid "krb5_use_fast (string)" +msgstr "krb5_use_fast (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:277 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" +"Active le flexible authentication secure tunneling (FAST) pour la pré-" +"authentification Kerberos. Les options suivantes sont supportées :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:282 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" +"<emphasis>never</emphasis> : ne jamais utiliser FAST. Ceci équivaut à ne pas " +"définir cette option." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:286 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" +"<emphasis>try</emphasis> : eassyer d'utiliser FAST. Si le serveur ne prend " +"pas en charge FAST, continuer l'authentification sans." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:291 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" +"<emphasis>demander</emphasis>  : imposer d'utiliser FAST. L'authentification " +"échoue si le serveur ne requiert pas FAST." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:296 +msgid "Default: not set, i.e. FAST is not used." +msgstr "Par défaut : non défini, i.e. FAST n'est pas utilisé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:299 +#, fuzzy +#| msgid "NOTE: a keytab is required to use FAST." +msgid "NOTE: a keytab or support for anonymous PKINIT is required to use FAST." +msgstr "NOTE : un fichier keytab est requis pour utiliser FAST." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:303 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" +"NOTE : SSSD prend en charge le paramètre FAST uniquement avec MIT Kerberos " +"version 1.8 et au-delà. L'utilisation de SSSD avec une version antérieure de " +"MIT Kerberos avec cette option est une erreur de configuration." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:312 +msgid "krb5_fast_principal (string)" +msgstr "krb5_fast_principal (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:315 +msgid "Specifies the server principal to use for FAST." +msgstr "Spécifie le principal de serveur afin d'utiliser FAST." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:321 +#, fuzzy +#| msgid "krb5_use_kdcinfo (boolean)" +msgid "krb5_fast_use_anonymous_pkinit (boolean)" +msgstr "krb5_use_kdcinfo (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:324 +msgid "" +"If set to true try to use anonymous PKINIT instead of a keytab to get the " +"required credential for FAST. The krb5_fast_principal options is ignored in " +"this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:364 +msgid "krb5_kdcinfo_lookahead (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:367 +msgid "" +"When krb5_use_kdcinfo is set to true, you can limit the amount of servers " +"handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. This might be " +"helpful when there are too many servers discovered using SRV record." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:377 +msgid "" +"The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. " +"The first number represents number of primary servers used and the second " +"number specifies the number of backup servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:383 +msgid "" +"For example <emphasis>10:0</emphasis> means that up to 10 primary servers " +"will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " +"servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:392 +msgid "Default: 3:1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:398 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "krb5_use_enterprise_principal (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:401 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" +"Indique si le principal de l'utilisateur doit être traité comme un principal " +"d'entreprise. Cf. la section 5 de la RFC 6806 pour plus de détails sur les " +"principals d'entreprise." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:407 +msgid "Default: false (AD provider: true)" +msgstr "Par défaut : false (AD provider : true)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:410 +msgid "" +"The IPA provider will set to option to 'true' if it detects that the server " +"is capable of handling enterprise principals and the option is not set " +"explicitly in the config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:419 +#, fuzzy +#| msgid "krb5_use_kdcinfo (boolean)" +msgid "krb5_use_subdomain_realm (boolean)" +msgstr "krb5_use_kdcinfo (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:422 +msgid "" +"Specifies to use subdomains realms for the authentication of users from " +"trusted domains. This option can be set to 'true' if enterprise principals " +"are used with upnSuffixes which are not known on the parent domain KDCs. If " +"the option is set to 'true' SSSD will try to send the request directly to a " +"KDC of the trusted domain the user is coming from." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:438 +msgid "krb5_map_user (string)" +msgstr "krb5_map_user (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:453 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:458 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Si le module auth krb5 est utilisé dans un domaine SSSD, les options " +"suivantes doivent être utilisées. Cf. la page de manuel " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>, section <quote>SECTIONS DOMAINE</quote> pour plus " +"de détails sur la configuration d'un domaine SSSD. <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:485 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" +"L'exemple suivant suppose que SSSD est correctement configuré et que FOO est " +"l'un des domaines de la section <replaceable>[sssd]</replaceable>. Cet " +"exemple montre uniquement la configuration de l'authentification Kerberos, " +"et n'inclut aucun fournisseur d'identité." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:493 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "sss_cache" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "effectue le nettoyage du cache" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online. Options that invalidate a single object only accept a " +"single provided argument." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:43 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "<option>-E</option>,<option>--everything</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:47 +msgid "Invalidate all cached entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:53 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:58 +msgid "Invalidate specific user." +msgstr "Invalider un utilisateur spécifique." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:64 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "<option>-U</option>,<option>--users</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:68 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" +"L'annulation de tous les enregistrements d'utilisateur. Cette option prend " +"le pas sur l'invalidation d'un utilisateur spécifique, si elle a été " +"également configuré." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:75 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:80 +msgid "Invalidate specific group." +msgstr "L'annulation de groupe spécifique." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:86 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "<option>-G</option>,<option>--groups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:90 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" +"L'annulation de tous les enregistrements de groupe. Cette option prend le " +"pas sur l'invalidation d'un groupe spécifique si elle a été également " +"définie." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:97 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:102 +msgid "Invalidate specific netgroup." +msgstr "Invalide un netgroup spécifique." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:108 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "<option>-N</option>,<option>--netgroups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:112 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" +"Invalider tous les enregistrements de netgroup. Cette option prend le pas " +"sur l'invalidation de netgroup spécifiques s'il a été également définie." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:119 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:124 +msgid "Invalidate specific service." +msgstr "Invalider le service spécifique." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:130 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "<option>-S</option>,<option>--services</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:134 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" +"Invalider tous les enregistrements de service. Cette option se substitue à " +"l'invalidation de service spécifique s'elle a également été définie." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:141 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:146 +msgid "Invalidate specific autofs maps." +msgstr "Invalider des cartes autofs spécifiques." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:152 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "<option>-A</option>,<option>--autofs-maps</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:156 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" +"Invalider toutes les cartes autofs. Cette option remplace l'invalidation de " +"carte spécifique s'elle a également été définie." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:163 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:168 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:174 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:178 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:186 +msgid "" +"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:191 +msgid "Invalidate particular sudo rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:197 +msgid "<option>-R</option>,<option>--sudo-rules</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:201 +msgid "" +"Invalidate all cached sudo rules. This option overrides invalidation of " +"specific sudo rule if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:209 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:214 +msgid "Restrict invalidation process only to a particular domain." +msgstr "Restreindre le processus d'invalidation à un domaine particulier." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_cache.8.xml:224 +msgid "EFFECTS ON THE FAST MEMORY CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:226 +msgid "" +"<command>sss_cache</command> also invalidates the memory cache. Since the " +"memory cache is a file which is mapped into the memory of each process which " +"called SSSD to resolve users or groups the file cannot be truncated. A " +"special flag is set in the header of the file to indicate that the content " +"is invalid and then the file is unlinked by SSSD's NSS responder and a new " +"cache file is created. Whenever a process is now doing a new lookup for a " +"user or a group it will see the flag, close the old memory cache file and " +"map the new one into its memory. When all processes which had opened the old " +"memory cache file have closed it while looking up a user or a group the " +"kernel can release the occupied disk space and the old memory cache file is " +"finally removed completely." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:240 +msgid "" +"A special case is long running processes which are doing user or group " +"lookups only at startup, e.g. to determine the name of the user the process " +"is running as. For those lookups the memory cache file is mapped into the " +"memory of the process. But since there will be no further lookups this " +"process would never detect if the memory cache file was invalidated and " +"hence it will be kept in memory and will occupy disk space until the process " +"stops. As a result calling <command>sss_cache</command> might increase the " +"disk usage because old memory cache files cannot be removed from the disk " +"because they are still mapped by long running processes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:252 +msgid "" +"A possible work-around for long running processes which are looking up users " +"and groups only at startup or very rarely is to run them with the " +"environment variable SSS_NSS_USE_MEMCACHE set to \"NO\" so that they won't " +"use the memory cache at all and not map the memory cache file into the " +"memory. In general a better solution is to tune the cache timeout parameters " +"so that they meet the local expectations and calling <command>sss_cache</" +"command> is not needed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "sss_debuglevel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "[DEPRECATED] change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl " +"debug-level command. Please refer to the <command>sssctl</command> man page " +"for more information on sssctl usage." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "sss_seed" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "initialise le cache SSSD avec un utilisateur" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" +"<command>sss_seed</command> initialise le cache SSSD avec une entrée " +"d'utilisateur et le mot de passe temporaire. Si une entrée d'utilisateur est " +"déjà présente dans le cache de SSSD, l'entrée est mise à jour avec le mot de " +"passe temporaire." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" +"Indique le nom de domaine duquel l'utilisateur est membre. Le domaine est " +"également utilisé pour récupérer les informations sur l'utilisateur. Le " +"domaine doit être configuré dans sssd.conf. L'option <replaceable>DOMAIN</" +"replaceable> doit être fournie. Les informations récupérées depuis le " +"domaine prennent le pas sur ce qui est fourni dans les options." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" +"Le nom d'utilisateur de l'entrée devant être créée ou modifiée dans le " +"cache. L'option <replaceable>USER</replaceable> doit être fournie." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "Définit l'UID de l'utilisateur à <replaceable>UID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "Définit le GID de l'utilisateur à <replaceable>GID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENTAIRE</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" +"Toute chaîne de caractère décrivant l'utilisateur. Souvent utilisé comme " +"champ pour le nom entier de l'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" +"Définit le répertoire de l'utilisateur à <replaceable>HOME_DIR</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" +"Définit l'interpréteur de commande de l'utilisateur à <replaceable>SHELL</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" +"Mode interactif pour la saisie des informations de l'utilisateur. Cette " +"option invite uniquement à la saisir des renseignements non fournis dans les " +"options ou non récupérés à partir du domaine." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" +"Spécifie le fichier dans lequel lire le mot de passe de l'utilisateur. (si " +"aucun mot de passe n'est spécifié, il sera demandé)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" +"La taille du mot de passe (ou la taille du fichier spécifié avec l'option -p " +"ou --password-file) doit être inférieure ou égale à PASS_MAX octets (64 " +"octets sur les systèmes sans valeur globale définie de PASS_MAX)." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "sssd-ifp" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ifp.5.xml:43 +msgid "FIND BY VALID CERTIFICATE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:45 +msgid "" +"The following options can be used to control how the certificates are " +"validated when using the FindByValidCertificate() API:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:48 sss_ssh_authorizedkeys.1.xml:92 +msgid "ca_db" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:49 sss_ssh_authorizedkeys.1.xml:93 +msgid "p11_child_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:50 sss_ssh_authorizedkeys.1.xml:94 +msgid "certificate_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:52 +#, fuzzy +#| msgid "" +#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> manual page for more details." +msgid "" +"For more details about the options see <citerefentry><refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." +msgstr "" +"Se reporter au paramètre <quote>dns_discovery_domain</quote> dans la page de " +"manuel <citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> pour plus de détails." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:62 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:69 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:75 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:79 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:93 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "name" +msgstr "name" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:108 +msgid "user's login name" +msgstr "identifiant de connexion de l'utilisateur" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "uidNumber" +msgstr "uidNumber" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user ID" +msgstr "identifiant de l'utilisateur" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:115 +msgid "gidNumber" +msgstr "gidNumber" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:116 +msgid "primary group ID" +msgstr "identifiant de groupe primaire" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:119 +msgid "gecos" +msgstr "gecos" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:120 +msgid "user information, typically full name" +msgstr "informations utilisateur, généralement le nom complet" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:123 +msgid "homeDirectory" +msgstr "homeDirectory" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:127 +msgid "loginShell" +msgstr "loginShell" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:128 +msgid "user shell" +msgstr "interpréteur de commande" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:97 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:141 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:133 +msgid "" +"It is possible to add another attribute to this set by using " +"<quote>+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:145 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" +"Par défaut : non défini. Seul le jeu d'attributs POSIX par défaut est " +"autorisé." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:155 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:160 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "FICHIER DE CONFIGURATION" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "EXTENSION DE CONFIGURATION SSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "Section de configuration [sss]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "INTÉGRATION SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:316 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "VOIR AUSSI" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "sss_ssh_authorizedkeys" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "1" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "obtient les clés OpenSSH autorisées" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" +"<command>sss_ssh_authorizedkeys</command> acquiert les clés publiques SSH " +"pour <replaceable>USER</replaceable> et les renvoie dans le format " +"authorized_keys de OpenSSH (cf. la section <quote>FORMAT DE FICHIER " +"AUTHORIZED_KEYS</quote> de <citerefentry><refentrytitle>sshd</refentrytitle> " +"<manvolnum>8</manvolnum></citerefentry> pour plus d'informations)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the " +"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> man page for more details about this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:59 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:52 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_ssh_authorizedkeys.1.xml:65 +msgid "KEYS FROM CERTIFICATES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:67 +msgid "" +"In addition to the public SSH keys for user <replaceable>USER</replaceable> " +"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived " +"from the public key of a X.509 certificate as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:73 +msgid "" +"To enable this the <quote>ssh_use_certificate_keys</quote> option must be " +"set to true (default) in the [ssh] section of <filename>sssd.conf</" +"filename>. If the user entry contains certificates (see " +"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or " +"there is a certificate in an override entry for the user (see " +"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the " +"certificate is valid SSSD will extract the public key from the certificate " +"and convert it into the format expected by sshd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:90 +msgid "Besides <quote>ssh_use_certificate_keys</quote> the options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:96 +msgid "" +"can be used to control how the certificates are validated (see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:101 +msgid "" +"The validation is the benefit of using X.509 certificates instead of SSH " +"keys directly because e.g. it gives a better control of the lifetime of the " +"keys. When the ssh client is configured to use the private keys from a " +"Smartcard with the help of a PKCS#11 shared library (see " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> for details) it might be irritating that authentication is " +"still working even if the related X.509 certificate on the Smartcard is " +"already expired because neither <command>ssh</command> nor <command>sshd</" +"command> will look at the certificate at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:114 +msgid "" +"It has to be noted that the derived public SSH key can still be added to the " +"<filename>authorized_keys</filename> file of the user to bypass the " +"certificate validation if the <command>sshd</command> configuration permits " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:132 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"Rechercher des clés publiques dans le domaine SSSD <replaceable>DOMAIN</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:102 +msgid "EXIT STATUS" +msgstr "CODE RETOUR" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:104 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" +"Dans le cas d'un opération achevée avec succès, une valeur de retour de 0 " +"est renvoyée. Dans le cas contraire, 1 est renvoyé." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "sss_ssh_knownhostsproxy" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "obtenir les clés d'hôtes OpenSSH" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and establishes the connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" +"Si <replaceable>PROXY_COMMAND</replaceable> est indiqué, elle est alors " +"utilisée pour établier la connexion vers le système au lieu d'ouvrir une " +"socket." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> peut être configuré pour utiliser " +"<command>sss_ssh_knownhostsproxy</command> pour l'authentication par clés en " +"utilisant les directives suivantes pour la configuration de " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> : <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" +"Utiliser le port <replaceable>PORT</replaceable> pour se connecter au " +"système. Par défaut, le port 22 est utilisé." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"Rechercher les clés publiques dans le domaine SSSD <replaceable>DOMAINE</" +"replaceable> hôte." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:89 +msgid "<option>-k</option>,<option>--pubkey</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:93 +msgid "" +"Print the host ssh public keys for host <replaceable>HOST</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: idmap_sss.8.xml:10 idmap_sss.8.xml:15 +msgid "idmap_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: idmap_sss.8.xml:16 +msgid "SSSD's idmap_sss Backend for Winbind" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:22 +msgid "" +"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. " +"No database is required in this case as the mapping is done by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: idmap_sss.8.xml:29 +msgid "IDMAP OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: idmap_sss.8.xml:33 +msgid "range = low - high" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: idmap_sss.8.xml:35 +msgid "" +"Defines the available matching UID and GID range for which the backend is " +"authoritative." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:45 +msgid "" +"This example shows how to configure idmap_sss as the default mapping module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: idmap_sss.8.xml:50 +#, no-wrap +msgid "" +"[global]\n" +"security = ads\n" +"workgroup = <AD-DOMAIN-SHORTNAME>\n" +"\n" +"idmap config <AD-DOMAIN-SHORTNAME> : backend = sss\n" +"idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647\n" +"\n" +"idmap config * : backend = tdb\n" +"idmap config * : range = 100000-199999\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:62 +msgid "" +"Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of " +"the AD domain. If multiple AD domains should be used each domain needs an " +"<literal>idmap config</literal> line with <literal>backend = sss</literal> " +"and a line with a suitable <literal>range</literal>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:69 +msgid "" +"Since Winbind requires a writeable default backend and idmap_sss is read-" +"only the example includes <literal>backend = tdb</literal> as default." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssctl.8.xml:10 sssctl.8.xml:15 +msgid "sssctl" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssctl.8.xml:16 +msgid "SSSD control and status utility" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssctl.8.xml:21 +msgid "" +"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:32 +msgid "" +"<command>sssctl</command> provides a simple and unified way to obtain " +"information about SSSD status, such as active server, auto-discovered " +"servers, domains and cached objects. In addition, it can manage SSSD data " +"files for troubleshooting in such a way that is safe to manipulate while " +"SSSD is running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:43 +msgid "" +"To list all available commands run <command>sssctl</command> without any " +"parameters. To print help for selected command run <command>sssctl COMMAND --" +"help</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-files.5.xml:10 sssd-files.5.xml:16 +msgid "sssd-files" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-files.5.xml:17 +msgid "SSSD files provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:23 +msgid "" +"This manual page describes the files provider for <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:36 +msgid "" +"The files provider mirrors the content of the <citerefentry> " +"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files " +"provider is to make the users and groups traditionally only accessible with " +"NSS interfaces also available through the SSSD interfaces such as " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:55 +msgid "" +"Another reason is to provide efficient caching of local users and groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:58 +#, fuzzy +#| msgid "" +#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> manual page for more details." +msgid "" +"Please note that besides explicit domain definition the files provider can " +"be configured also implicitly using 'enable_files_domain' option. See " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details." +msgstr "" +"Se reporter au paramètre <quote>dns_discovery_domain</quote> dans la page de " +"manuel <citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> pour plus de détails." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:66 +msgid "" +"SSSD never handles resolution of user/group \"root\". Also resolution of UID/" +"GID 0 is not handled by SSSD. Such requests are passed to next NSS module " +"(usually files)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:71 +msgid "" +"When SSSD is not running or responding, nss_sss returns the UNAVAIL code " +"which causes the request to be passed to the next module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:95 +msgid "passwd_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:98 +msgid "" +"Comma-separated list of one or multiple password filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:104 +msgid "Default: /etc/passwd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:110 +msgid "group_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:113 +msgid "" +"Comma-separated list of one or multiple group filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:119 +msgid "Default: /etc/group" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:125 +#, fuzzy +#| msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgid "fallback_to_nss (boolean)" +msgstr "ldap_rfc2307_fallback_to_local_users (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:128 +msgid "" +"While updating the internal data SSSD will return an error and let the " +"client continue with the next NSS module. This helps to avoid delays when " +"using the default system files <filename>/etc/passwd</filename> and " +"<filename>/etc/group</filename> and the NSS configuration has 'sss' before " +"'files' for the 'passwd' and 'group' maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:138 +msgid "" +"If the files provider is configured to monitor other files it makes sense to " +"set this option to 'False' to avoid inconsistent behavior because in general " +"there would be no other NSS module which can be used as a fallback." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:79 +msgid "" +"In addition to the options listed below, generic SSSD domain options can be " +"set where applicable. Refer to the section <quote>DOMAIN SECTIONS</quote> " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for details on the configuration of " +"an SSSD domain. But the purpose of the files provider is to expose the same " +"data as the UNIX files, just through the SSSD interfaces. Therefore not all " +"generic domain options are supported. Likewise, some global options, such as " +"overriding the shell in the <quote>nss</quote> section for all domains has " +"no effect on the files domain unless explicitly specified per-domain. " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:157 +msgid "" +"The following example assumes that SSSD is correctly configured and files is " +"one of the domains in the <replaceable>[sssd]</replaceable> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:163 +#, no-wrap +msgid "" +"[domain/files]\n" +"id_provider = files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:168 +msgid "" +"To leverage caching of local users and groups by SSSD nss_sss module must be " +"listed before nss_files module in /etc/nsswitch.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:174 +#, no-wrap +msgid "" +"passwd: sss files\n" +"group: sss files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16 +msgid "sssd-session-recording" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-session-recording.5.xml:17 +msgid "Configuring session recording with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to " +"implement user session recording on text terminals. For a detailed " +"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> " +"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:41 +msgid "" +"SSSD can be set up to enable recording of everything specific users see or " +"type during their sessions on text terminals. E.g. when users log in on the " +"console, or via SSH. SSSD itself doesn't record anything, but makes sure " +"tlog-rec-session is started upon user login, so it can record according to " +"its configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:48 +msgid "" +"For users with session recording enabled, SSSD replaces the user shell with " +"tlog-rec-session in NSS responses, and adds a variable specifying the " +"original shell to the user environment, upon PAM session setup. This way " +"tlog-rec-session can be started in place of the user shell, and know which " +"actual shell to start, once it set up the recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:60 +msgid "These options can be used to configure the session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:178 +msgid "" +"The following snippet of sssd.conf enables session recording for users " +"\"contractor1\" and \"contractor2\", and group \"students\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-session-recording.5.xml:183 +#, no-wrap +msgid "" +"[session_recording]\n" +"scope = some\n" +"users = contractor1, contractor2\n" +"groups = students\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16 +msgid "sssd-kcm" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-kcm.8.xml:17 +msgid "SSSD Kerberos Cache Manager" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:23 +msgid "" +"This manual page describes the configuration of the SSSD Kerberos Cache " +"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos " +"credential caches. It originates in the Heimdal Kerberos project, although " +"the MIT Kerberos library also provides client side (more details on that " +"below) support for the KCM credential cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:31 +msgid "" +"In a setup where Kerberos caches are managed by KCM, the Kerberos library " +"(typically used through an application, like e.g., <citerefentry> " +"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </" +"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is " +"being referred to as a <quote>\"KCM server\"</quote>. The client and server " +"communicate over a UNIX socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:42 +msgid "" +"The KCM server keeps track of each credential caches's owner and performs " +"access check control based on the UID and GID of the KCM client. The root " +"user has access to all credential caches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:47 +msgid "The KCM credential cache has several interesting properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:51 +msgid "" +"since the process runs in userspace, it is subject to UID namespacing, " +"unlike the kernel keyring" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:56 +msgid "" +"unlike the kernel keyring-based cache, which is shared between all " +"containers, the KCM server is a separate process whose entry point is a UNIX " +"socket" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:61 +msgid "" +"the SSSD implementation stores the ccaches in a database, typically located " +"at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to " +"survive KCM server restarts or machine reboots." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:67 +msgid "" +"This allows the system to use a collection-aware credential cache, yet share " +"the credential cache between some or no containers by bind-mounting the " +"socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:72 +msgid "" +"The KCM default client idle timeout is 5 minutes, this allows more time for " +"user interaction with command line tools such as kinit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:78 +msgid "USING THE KCM CREDENTIAL CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:88 +#, no-wrap +msgid "" +"[libdefaults]\n" +" default_ccache_name = KCM:\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:80 +msgid "" +"In order to use KCM credential cache, it must be selected as the default " +"credential type in <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials " +"cache name must be only <quote>KCM:</quote> without any template " +"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:93 +msgid "" +"Next, make sure the Kerberos client libraries and the KCM server must agree " +"on the UNIX socket path. By default, both use the same path <replaceable>/" +"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos " +"library, change its <quote>kcm_socket</quote> option which is described in " +"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:115 +#, no-wrap +msgid "" +"systemctl start sssd-kcm.socket\n" +"systemctl enable sssd-kcm.socket\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:104 +msgid "" +"Finally, make sure the SSSD KCM server can be contacted. The KCM service is " +"typically socket-activated by <citerefentry> <refentrytitle>systemd</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD " +"services, it cannot be started by adding the <quote>kcm</quote> string to " +"the <quote>service</quote> directive. <placeholder type=\"programlisting\" " +"id=\"0\"/> Please note your distribution may already configure the units for " +"you." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:124 +msgid "THE CREDENTIAL CACHE STORAGE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:126 +msgid "" +"The credential caches are stored in a database, much like SSSD caches user " +"or group entries. The database is typically located at <quote>/var/lib/sss/" +"secrets</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:133 +msgid "OBTAINING DEBUG LOGS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:144 +#, no-wrap +msgid "" +"[kcm]\n" +"debug_level = 10\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:149 sssd-kcm.8.xml:211 +#, no-wrap +msgid "" +"systemctl restart sssd-kcm.service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:135 +msgid "" +"The sssd-kcm service is typically socket-activated <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry>. To generate debug logs, add the following either to the " +"<filename>/etc/sssd/sssd.conf</filename> file directly or as a configuration " +"snippet to <filename>/etc/sssd/conf.d/</filename> directory: <placeholder " +"type=\"programlisting\" id=\"0\"/> Then, restart the sssd-kcm service: " +"<placeholder type=\"programlisting\" id=\"1\"/> Finally, run whatever use-" +"case doesn't work for you. The KCM logs will be generated at <filename>/var/" +"log/sssd/sssd_kcm.log</filename>. It is recommended to disable the debug " +"logs when you no longer need the debugging to be enabled as the sssd-kcm " +"service can generate quite a large amount of debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:159 +msgid "" +"Please note that configuration snippets are, at the moment, only processed " +"if the main configuration file at <filename>/etc/sssd/sssd.conf</filename> " +"exists at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:166 +msgid "RENEWALS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:174 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"krb5_renew_interval = 60m\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:168 +msgid "" +"The sssd-kcm service can be configured to attempt TGT renewal for renewable " +"TGTs stored in the KCM ccache. Renewals are only attempted when half of the " +"ticket lifetime has been reached. KCM Renewals are configured when the " +"following options are set in the [kcm] section: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:179 +msgid "" +"SSSD can also inherit krb5 options for renewals from an existing domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: sssd-kcm.8.xml:183 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"tgt_renewal_inherit = domain-name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:191 +#, no-wrap +msgid "" +"krb5_renew_interval\n" +"krb5_renewable_lifetime\n" +"krb5_lifetime\n" +"krb5_validate\n" +"krb5_canonicalize\n" +"krb5_auth_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:187 +msgid "" +"The following krb5 options can be configured in the [kcm] section to control " +"renewal behavior, these options are described in detail below <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:204 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> section of the sssd." +"conf file. Please note that because the KCM service is typically socket-" +"activated, it is enough to just restart the <quote>sssd-kcm</quote> service " +"after changing options in the <quote>kcm</quote> section of sssd.conf: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:215 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> For a detailed " +"syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:223 +msgid "" +"The generic SSSD service options such as <quote>debug_level</quote> or " +"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for a complete list. In addition, " +"there are some KCM-specific options as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:234 +msgid "socket_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:237 +msgid "The socket the KCM service will listen on." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:240 +msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:243 +msgid "" +"<phrase condition=\"have_systemd\"> Note: on platforms where systemd is " +"supported, the socket path is overwritten by the one defined in the sssd-kcm." +"socket unit file. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:252 +msgid "max_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:255 +msgid "How many credential caches does the KCM database allow for all users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:259 +msgid "Default: 0 (unlimited, only the per-UID quota is enforced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:264 +msgid "max_uid_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:267 +msgid "" +"How many credential caches does the KCM database allow per UID. This is " +"equivalent to <quote>with how many principals you can kinit</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:272 +msgid "Default: 64" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:277 +msgid "max_ccache_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:280 +msgid "" +"How big can a credential cache be per ccache. Each service ticket accounts " +"into this quota." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:284 +msgid "Default: 65536" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:289 +#, fuzzy +#| msgid "enumerate (bool)" +msgid "tgt_renewal (bool)" +msgstr "enumerate (booléen)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:292 +msgid "Enables TGT renewals functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:295 +#, fuzzy +#| msgid "Default: False (disabled)" +msgid "Default: False (Automatic renewals disabled)" +msgstr "Par défaut : False (désactivé)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:300 +#, fuzzy +#| msgid "krb5_renew_interval (string)" +msgid "tgt_renewal_inherit (string)" +msgstr "krb5_renew_interval (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:303 +msgid "Domain to inherit krb5_* options from, for use with TGT renewals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:307 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: NULL" +msgstr "Par défaut : 3" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:318 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>," +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16 +msgid "sssd-systemtap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-systemtap.5.xml:17 +msgid "SSSD systemtap information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:23 +msgid "" +"This manual page provides information about the systemtap functionality in " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:32 +msgid "" +"SystemTap Probe points have been added into various locations in SSSD code " +"to assist in troubleshooting and analyzing performance related issues." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:40 +msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:46 +msgid "" +"Probes and miscellaneous functions are defined in /usr/share/systemtap/" +"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp " +"respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:57 +msgid "PROBE POINTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:367 +msgid "" +"The information below lists the probe points and arguments available in the " +"following format:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:64 +msgid "probe $name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:67 +msgid "Description of probe point" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:70 +#, no-wrap +msgid "" +"variable1:datatype\n" +"variable2:datatype\n" +"variable3:datatype\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:80 +msgid "Database Transaction Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:84 +msgid "probe sssd_transaction_start" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:87 +msgid "" +"Start of a sysdb transaction, probes the sysdb_transaction_start() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118 +#: sssd-systemtap.5.xml:131 +#, no-wrap +msgid "" +"nesting:integer\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:97 +msgid "probe sssd_transaction_cancel" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:100 +msgid "" +"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() " +"function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:111 +msgid "probe sssd_transaction_commit_before" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:114 +msgid "Probes the sysdb_transaction_commit_before() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:124 +msgid "probe sssd_transaction_commit_after" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:127 +msgid "Probes the sysdb_transaction_commit_after() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:141 +msgid "LDAP Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:145 +msgid "probe sdap_search_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:148 +msgid "Probes the sdap_get_generic_ext_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:152 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"attrs:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:161 +msgid "probe sdap_search_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:164 +msgid "Probes the sdap_get_generic_ext_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:168 sssd-systemtap.5.xml:222 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:176 +msgid "probe sdap_parse_entry" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:179 +msgid "" +"Probes the sdap_parse_entry() function. It is called repeatedly with every " +"received attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:184 +#, no-wrap +msgid "" +"attr:string\n" +"value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:190 +msgid "probe sdap_parse_entry_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:193 +msgid "" +"Probes the sdap_parse_entry() function. It is called when parsing of " +"received object is finished." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:201 +msgid "probe sdap_deref_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:204 +msgid "Probes the sdap_deref_search_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:208 +#, no-wrap +msgid "" +"base_dn:string\n" +"deref_attr:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:215 +msgid "probe sdap_deref_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:218 +msgid "Probes the sdap_deref_search_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:234 +msgid "LDAP Account Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:238 +msgid "probe sdap_acct_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:241 +msgid "Probes the sdap_acct_req_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:245 sssd-systemtap.5.xml:260 +#, no-wrap +msgid "" +"entry_type:int\n" +"filter_type:int\n" +"filter_value:string\n" +"extra_value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:253 +msgid "probe sdap_acct_req_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:256 +msgid "Probes the sdap_acct_req_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:272 +msgid "LDAP User Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:276 +msgid "probe sdap_search_user_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:279 +msgid "Probes the sdap_search_user_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:283 sssd-systemtap.5.xml:295 sssd-systemtap.5.xml:307 +#: sssd-systemtap.5.xml:319 +#, no-wrap +msgid "" +"filter:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:288 +msgid "probe sdap_search_user_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:291 +msgid "Probes the sdap_search_user_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:300 +msgid "probe sdap_search_user_save_begin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:303 +msgid "Probes the sdap_search_user_save_begin() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:312 +msgid "probe sdap_search_user_save_end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:315 +msgid "Probes the sdap_search_user_save_end() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:328 +msgid "Data Provider Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:332 +msgid "probe dp_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:335 +msgid "A Data Provider request is submitted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:338 +#, no-wrap +msgid "" +"dp_req_domain:string\n" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:346 +msgid "probe dp_req_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:349 +msgid "A Data Provider request is completed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:352 +#, no-wrap +msgid "" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +"dp_ret:int\n" +"dp_errorstr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:365 +msgid "MISCELLANEOUS FUNCTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:372 +msgid "function acct_req_desc(entry_type)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:375 +msgid "Convert entry_type to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:380 +msgid "" +"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, " +"filter_value, extra_value)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:384 +msgid "Create probe string based on filter type" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:389 +msgid "function dp_target_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:392 +msgid "Convert target to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:397 +msgid "function dp_method_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:400 +msgid "Convert method to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:410 +msgid "SAMPLE SYSTEMTAP SCRIPTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:412 +msgid "" +"Start the SystemTap script (<command>stap /usr/share/sssd/systemtap/<" +"script_name>.stp</command>), then perform an identity operation and the " +"script will collect information from probes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:418 +msgid "Provided SystemTap scripts are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:422 +msgid "dp_request.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:425 +msgid "Monitoring of data provider request performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:430 +msgid "id_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:433 +msgid "Monitoring of <command>id</command> command performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:439 +msgid "ldap_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:442 +msgid "Monitoring of LDAP queries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:447 +msgid "nested_group_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:450 +msgid "Performance of nested groups resolving." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +msgid "sssd-ldap-attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap-attributes.5.xml:17 +msgid "SSSD LDAP Provider: Mapping Attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap-attributes.5.xml:23 +msgid "" +"This manual page describes the mapping attributes of SSSD LDAP provider " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. Refer to the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " +"for full details about SSSD LDAP provider configuration options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:38 +msgid "USER ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:42 +msgid "ldap_user_object_class (string)" +msgstr "ldap_user_object_class (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:45 +msgid "The object class of a user entry in LDAP." +msgstr "La classe d'objet d'une entrée utilisateur dans LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:48 +msgid "Default: posixAccount" +msgstr "Par défaut : posixAccount" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:54 +msgid "ldap_user_name (string)" +msgstr "ldap_user_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:57 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" +"L'attribut LDAP correspondant à l'identifiant de connexion de l'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:61 +msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:68 +msgid "ldap_user_uid_number (string)" +msgstr "ldap_user_uid_number (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:71 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "L'attribut LDAP correspondant à l'id de l'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:75 +msgid "Default: uidNumber" +msgstr "par défaut : uidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:81 +msgid "ldap_user_gid_number (string)" +msgstr "ldap_user_gid_number (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:84 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" +"L'attribut LDAP correspondant à l'id du groupe primaire de l'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:88 sssd-ldap-attributes.5.xml:698 +msgid "Default: gidNumber" +msgstr "Par défaut : gidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:94 +msgid "ldap_user_primary_group (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:97 +msgid "" +"Active Directory primary group attribute for ID-mapping. Note that this " +"attribute should only be set manually if you are running the <quote>ldap</" +"quote> provider with ID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:103 +msgid "Default: unset (LDAP), primaryGroupID (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:109 +msgid "ldap_user_gecos (string)" +msgstr "ldap_user_gecos (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:112 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "L'attribut LDAP correspondant au champ gecos de l'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:116 +msgid "Default: gecos" +msgstr "Par défaut : gecos" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:122 +msgid "ldap_user_home_directory (string)" +msgstr "ldap_user_home_directory (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:125 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" +"L'attribut LDAP qui contient le nom du répertoire personnel de l'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:129 +msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:135 +msgid "ldap_user_shell (string)" +msgstr "ldap_user_shell (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:138 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" +"L'attribut LDAP qui contient le chemin vers l'interpréteur de commandes de " +"l'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:142 +msgid "Default: loginShell" +msgstr "Par défaut : loginShell" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:148 +msgid "ldap_user_uuid (string)" +msgstr "ldap_user_uuid (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:151 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:155 sssd-ldap-attributes.5.xml:724 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" +"Par défaut : non défini dans le cas général, objectGUID pour AD et " +"ipaUniqueID pour IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:162 +msgid "ldap_user_objectsid (string)" +msgstr "ldap_user_objectsid (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:165 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"L'attribut LDAP qui contient l'objectSID d'un objet d'utilisateur LDAP. Ceci " +"n'est habituellement nécessaire que pour les serveurs Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:170 sssd-ldap-attributes.5.xml:739 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:177 +msgid "ldap_user_modify_timestamp (string)" +msgstr "ldap_user_modify_timestamp (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:180 sssd-ldap-attributes.5.xml:749 +#: sssd-ldap-attributes.5.xml:872 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" +"L'attribut LDAP qui contient l'horodatage de la dernière modification de " +"l'objet parent." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:184 sssd-ldap-attributes.5.xml:753 +#: sssd-ldap-attributes.5.xml:879 +msgid "Default: modifyTimestamp" +msgstr "Par défaut : modifyTimestamp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:190 +msgid "ldap_user_shadow_last_change (string)" +msgstr "ldap_user_shadow_last_change (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:193 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" +"Lors de l'utilisation de ldap_pwd_policy=shadow, ce paramètre contient le " +"nom de l'attribut LDAP correspondant à sa contrepartie <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (date de changement du dernier mot de passe)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:203 +msgid "Default: shadowLastChange" +msgstr "Par défaut : shadowLastChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:209 +msgid "ldap_user_shadow_min (string)" +msgstr "ldap_user_shadow_min (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:212 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" +"Lors de l'utilisation de ldap_pwd_policy=shadow, ce paramètre contient le " +"nom de l'attribut LDAP correspondant à sa contrepartie<citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (durée de validité minimum du mot de passe)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:221 +msgid "Default: shadowMin" +msgstr "Par défaut : shadowMin" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:227 +msgid "ldap_user_shadow_max (string)" +msgstr "ldap_user_shadow_max (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:230 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" +"Lors de l'utilisation de ldap_pwd_policy=shadow, ce paramètre contient le " +"nom de l'attribut LDAP correspondant à sa contrepartie <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (âge maximum du mot de passe)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:239 +msgid "Default: shadowMax" +msgstr "Par défaut : shadowMax" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:245 +msgid "ldap_user_shadow_warning (string)" +msgstr "ldap_user_shadow_warning (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:248 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" +"Lors de l'utilisation de ldap_pwd_policy=shadow, ce paramètre contient le " +"nom de l'attribut LDAP correspondant à sa contrepartie <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (période d'avertissement du mot de passe)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:258 +msgid "Default: shadowWarning" +msgstr "Par défaut : shadowWarning" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:264 +msgid "ldap_user_shadow_inactive (string)" +msgstr "ldap_user_shadow_inactive (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:267 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" +"Lors de l'utilisation de ldap_pwd_policy=shadow, ce paramètre contient le " +"nom de l'attribut LDAP correspondant à sa contrepartie <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (période d'inactivité du mot de passe)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:277 +msgid "Default: shadowInactive" +msgstr "Par défaut : shadowInactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:283 +msgid "ldap_user_shadow_expire (string)" +msgstr "ldap_user_shadow_expire (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:286 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" +"Lors de l'utilisation de ldap_pwd_policy=shadow ou " +"ldap_account_expire_policy=shadow, ce paramètre contient le nom de " +"l'attribut LDAP correspondant à sa contrepartie <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (date d'expiration du compte)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:296 +msgid "Default: shadowExpire" +msgstr "Par défaut : shadowExpire" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:302 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "ldap_user_krb_last_pwd_change (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:305 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" +"Lors de l'utilisation de ldap_pwd_policy=mit_kerberos, ce paramètre contient " +"le nom de l'attribut LDAP stockant la date et l'heure du dernier changement " +"de mot de passe dans kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:311 +msgid "Default: krbLastPwdChange" +msgstr "Par défaut : krbLastPwdChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:317 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "ldap_user_krb_password_expiration (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:320 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" +"Lors de l'utilisation de ldap_pwd_policy=mit_kerberos, ce paramètre contient " +"le nom de l'attribut LDAP stockant la date et l'heure d'expiration du mot de " +"passe actuel." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:326 +msgid "Default: krbPasswordExpiration" +msgstr "Par défaut : krbPasswordExpiration" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:332 +msgid "ldap_user_ad_account_expires (string)" +msgstr "ldap_user_ad_account_expires (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:335 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" +"Lors de l'utilisation de ldap_account_expire_policy=ad, ce paramètre " +"contient le nom d'un attribut LDAP stockant la date d'expiration du compte." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:340 +msgid "Default: accountExpires" +msgstr "Par défaut : accountExpires" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:346 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "ldap_user_ad_user_account_control (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:349 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" +"Lors de l'utilisation de ldap_account_expire_policy=ad, ce paramètre " +"contient le nom d'un attribut LDAP stockant le champ de bits de contrôle du " +"compte utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:354 +msgid "Default: userAccountControl" +msgstr "Par défaut : userAccountControl" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:360 +msgid "ldap_ns_account_lock (string)" +msgstr "ldap_ns_account_lock (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:363 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" +"Lors de l'utilisation de ldap_account_expire_policy=rhds ou équivalent, ce " +"paramètre détermine si l'accès est autorisé ou non." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:368 +msgid "Default: nsAccountLock" +msgstr "Par défaut : nsAccountLock" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:374 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "ldap_user_nds_login_disabled (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:377 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" +"Lors de l'utilisation de ldap_account_expire_policy=nds, cet attribut " +"détermine si l'accès est autorisé ou non." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:381 sssd-ldap-attributes.5.xml:395 +msgid "Default: loginDisabled" +msgstr "Par défaut : loginDisabled" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:387 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "ldap_user_nds_login_expiration_time (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:390 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" +"Lors de l'utilisation de ldap_account_expire_policy=nds, cet attribut " +"détermine jusqu'à quand l'accès est autorisé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:401 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "ldap_user_nds_login_allowed_time_map (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:404 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" +"Lors de l'utilisation de ldap_account_expire_policy=nds, cet attribut " +"détermine les heures des jours dans la semaine pendant lesquelles l'accès " +"est autorisé." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:409 +msgid "Default: loginAllowedTimeMap" +msgstr "Par défaut : loginAllowedTimeMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:415 +msgid "ldap_user_principal (string)" +msgstr "ldap_user_principal (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:418 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" +"L'attribut LDAP contenant le nom du principal d'utilisateur (UPN) Kerberos " +"de l'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:422 +msgid "Default: krbPrincipalName" +msgstr "Par défaut : krbPrincipalName" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:428 +msgid "ldap_user_extra_attrs (string)" +msgstr "ldap_user_extra_attrs (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:431 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" +"Liste séparée par des virgules des attributs LDAP que SSSD va demander en " +"plus des attributs utilisateur habituels." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:436 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" +"La liste ne peut contenir que des noms d'attributs LDAP, ou des tuples " +"séparés par des virgules de nom d'attribut de cache et nom d'attribut LDAP. " +"Dans le cas où seul le nom d'un attribut LDAP est indiqué, l'attribut est " +"enregistré tel quel dans le cache. L'utilisation d'un nom d'attribut SSSD " +"peut être nécessaire pour les environnements configurant plusieurs domaines " +"SSSD utilisant des schémas LDAP différents." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:446 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" +"Veuillez noter que plusieurs noms d'attributs sont réservés par SSSD, dont " +"l'attribut <quote>name</quote>. SSSD émettrait une erreur si l'un des noms " +"d'attributs réservés est utilisé par un nom d'attribut supplémentaire." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:456 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "ldap_user_extra_attrs = telephoneNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:459 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" +"Enregistrer l'attribut LDAP <quote>telephoneNumber</quote> en tant que " +"<quote>telephoneNumber</quote> dans le cache." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:463 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "ldap_user_extra_attrs = phone:telephoneNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:466 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" +"Enregistrer l'attribut LDAP <quote>telephoneNumber</quote> en tant que " +"<quote>phone</quote> dans le cache." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:476 +msgid "ldap_user_ssh_public_key (string)" +msgstr "ldap_user_ssh_public_key (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:479 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "L'attribut LDAP qui contient les clés publiques SSH de l'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:483 sssd-ldap-attributes.5.xml:963 +msgid "Default: sshPublicKey" +msgstr "Par défaut : sshPublicKey" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:489 +msgid "ldap_user_fullname (string)" +msgstr "ldap_user_fullname (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:492 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "L'attribut LDAP correspondant au nom complet de l'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:502 +msgid "ldap_user_member_of (string)" +msgstr "ldap_user_member_of (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:505 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" +"L'attribut LDAP énumérant les groupes auquel appartient un utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:509 sssd-ldap-attributes.5.xml:950 +msgid "Default: memberOf" +msgstr "Par défaut : memberOf" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:515 +msgid "ldap_user_authorized_service (string)" +msgstr "ldap_user_authorized_service (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:518 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" +"Lorsque access_provider=ldap et ldap_access_order=authorized_service, SSSD " +"utilise la présence de l'attribut authorizedService dans l'entrée LDAP de " +"l'utilisateur pour déterminer les autorisations d'accès." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:525 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" +"Le refus explicite (!svc) est résolu en premier. Ensuite, SSSD cherche une " +"autorisation explicite (svc) et enfin allow_all (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:530 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" +"Noter que l'option de configuration ldap_access_order <emphasis>doit</" +"emphasis> inclure <quote>authorized_service</quote> de façon à permettre à " +"l'option ldap_user_authorized_service de fonctionner." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:537 +msgid "" +"Some distributions (such as Fedora-29+ or RHEL-8) always include the " +"<quote>systemd-user</quote> PAM service as part of the login process. " +"Therefore when using service-based access control, the <quote>systemd-user</" +"quote> service might need to be added to the list of allowed services." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:545 +msgid "Default: authorizedService" +msgstr "Par défaut : authorizedService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:551 +msgid "ldap_user_authorized_host (string)" +msgstr "ldap_user_authorized_host (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:554 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" +"Si access_provider=ldap et ldap_access_order=host, SSSD va utiliser la " +"présence de l'attribut host dans l'entrée LDAP de l'utilisateur pour " +"déterminer les autorisations d'accès." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:560 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" +"Le refus explicite (!host) est résolu en premier. SSSD recherche ensuite les " +"autorisations explicites (host) et enfin toutes les autorisations (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:565 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" +"Noter que l'option de configuration ldap_access_order <emphasis>doit</" +"emphasis> inclure <quote>host</quote> de façon à permettre à l'option " +"ldap_user_authorized_host de fonctionner." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:572 +msgid "Default: host" +msgstr "Par défaut : host" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:578 +msgid "ldap_user_authorized_rhost (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:581 +msgid "" +"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the " +"presence of the rhost attribute in the user's LDAP entry to determine access " +"privilege. Similarly to host verification process." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:588 +msgid "" +"An explicit deny (!rhost) is resolved first. Second, SSSD searches for " +"explicit allow (rhost) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:593 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>rhost</quote> in order for the " +"ldap_user_authorized_rhost option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:600 +msgid "Default: rhost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:606 +msgid "ldap_user_certificate (string)" +msgstr "ldap_user_certificate (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:609 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:613 +msgid "Default: userCertificate;binary" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:619 +msgid "ldap_user_email (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:622 +msgid "Name of the LDAP attribute containing the email address of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:626 +msgid "" +"Note: If an email address of a user conflicts with an email address or fully " +"qualified name of another user, then SSSD will not be able to serve those " +"users properly. If for some reason several users need to share the same " +"email address then set this option to a nonexistent attribute name in order " +"to disable user lookup/login by email." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:635 +msgid "Default: mail" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:640 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ldap_user_passkey (string)" +msgstr "ldap_user_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:643 +#, fuzzy +#| msgid "The LDAP attribute that contains the port managed by this service." +msgid "" +"Name of the LDAP attribute containing the passkey mapping data of the user." +msgstr "L'attribut LDAP qui contient le port géré par ce service." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:647 +msgid "Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:657 +msgid "GROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:661 +msgid "ldap_group_object_class (string)" +msgstr "ldap_group_object_class (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:664 +msgid "The object class of a group entry in LDAP." +msgstr "La classe d'objet d'une entrée de groupe dans LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:667 +msgid "Default: posixGroup" +msgstr "Par défaut : posixGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:673 +msgid "ldap_group_name (string)" +msgstr "ldap_group_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:676 +msgid "" +"The LDAP attribute that corresponds to the group name. In an environment " +"with nested groups, this value must be an LDAP attribute which has a unique " +"name for every group. This requirement includes non-POSIX groups in the tree " +"of nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:684 +msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:691 +msgid "ldap_group_gid_number (string)" +msgstr "ldap_group_gid_number (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:694 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "L'attribut LDAP correspondant à l'identifiant de groupe." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:704 +msgid "ldap_group_member (string)" +msgstr "ldap_group_member (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:707 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "L'attribut LDAP contenant les noms des membres du groupe." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:711 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "Par défaut : memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:717 +msgid "ldap_group_uuid (string)" +msgstr "ldap_group_uuid (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:720 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:731 +msgid "ldap_group_objectsid (string)" +msgstr "ldap_group_objectsid (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:734 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"L'attribut LDAP qui contient l'objectSID d'un objet de groupe LDAP. Ceci " +"n'est habituellement nécessaire que pour les serveurs Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:746 +msgid "ldap_group_modify_timestamp (string)" +msgstr "ldap_group_modify_timestamp (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:759 +msgid "ldap_group_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:762 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" +"L'attribut LDAP qui contient une valeur entière indiquant le type de groupe " +"voire d'autres indicateurs." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:767 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" +"Cet attribut est actuellement utilisé uniquement par le fournisseur AD pour " +"déterminer si un groupe est un groupe de domaine local et doit être filtré " +"hors des domaines approuvés." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:773 +msgid "Default: groupType in the AD provider, otherwise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:780 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:783 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:789 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:799 +msgid "NETGROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:803 +msgid "ldap_netgroup_object_class (string)" +msgstr "ldap_netgroup_object_class (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:806 +msgid "The object class of a netgroup entry in LDAP." +msgstr "La classe d'objet d'une entrée de netgroup dans LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:809 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" +"Pour un fournisseur IPA, ipa_netgroup_object_class doit être utilisé à la " +"place." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:813 +msgid "Default: nisNetgroup" +msgstr "Par défaut : nisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:819 +msgid "ldap_netgroup_name (string)" +msgstr "ldap_netgroup_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:822 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "L'attribut LDAP correspondant au nom du netgroup." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:826 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" +"Dans le fournisseur IPA, ipa_netgroup_name doit être utilisé à la place." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:836 +msgid "ldap_netgroup_member (string)" +msgstr "ldap_netgroup_member (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:839 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "L'attribut LDAP contenant les noms des membres du netgroup." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:843 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" +"Dans le fournisseur IPA, ipa_netgroup_member doit être utilisé à la place." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:847 +msgid "Default: memberNisNetgroup" +msgstr "Par défaut : memberNisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:853 +msgid "ldap_netgroup_triple (string)" +msgstr "ldap_netgroup_triple (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:856 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" +"L'attribut LDAP contenant les triplets (hôte, utilisateur, domaine) d'un " +"netgroup." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:860 sssd-ldap-attributes.5.xml:876 +msgid "This option is not available in IPA provider." +msgstr "Cette option n'est pas disponible dans le fournisseur IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:863 +msgid "Default: nisNetgroupTriple" +msgstr "Par défaut : nisNetgroupTriple" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:869 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "ldap_netgroup_modify_timestamp (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:888 +msgid "HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:892 +msgid "ldap_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:895 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:898 sssd-ldap-attributes.5.xml:995 +msgid "Default: ipService" +msgstr "Par défaut : ipService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:904 +msgid "ldap_host_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:907 sssd-ldap-attributes.5.xml:933 +msgid "The LDAP attribute that corresponds to the host's name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:917 +msgid "ldap_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:920 +msgid "" +"The LDAP attribute that corresponds to the host's fully-qualified domain " +"name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:924 +msgid "Default: fqdn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:930 +msgid "ldap_host_serverhostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:937 +msgid "Default: serverHostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:943 +msgid "ldap_host_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:946 +msgid "The LDAP attribute that lists the host's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:956 +msgid "ldap_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:959 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:969 +msgid "ldap_host_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:972 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:985 +msgid "SERVICE ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:989 +msgid "ldap_service_object_class (string)" +msgstr "ldap_service_object_class (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:992 +msgid "The object class of a service entry in LDAP." +msgstr "La classe d'objet d'une entrée de service LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1001 +msgid "ldap_service_name (string)" +msgstr "ldap_service_name (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1004 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" +"L'attribut LDAP qui contient le nom des attributs de service et de leurs " +"alias." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1014 +msgid "ldap_service_port (string)" +msgstr "ldap_service_port (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1017 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "L'attribut LDAP qui contient le port géré par ce service." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1021 +msgid "Default: ipServicePort" +msgstr "Par défaut : ipServicePort" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1027 +msgid "ldap_service_proto (string)" +msgstr "ldap_service_proto (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1030 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "L'attribut LDAP qui contient les protocoles compris par ce service." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1034 +msgid "Default: ipServiceProtocol" +msgstr "Par défaut : ipServiceProtocol" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1043 +msgid "SUDO ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1047 +msgid "ldap_sudorule_object_class (string)" +msgstr "ldap_sudorule_object_class (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1050 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "La classe d'objet d'une entrée de règle de sudo dans LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1053 +msgid "Default: sudoRole" +msgstr "Par défaut : sudoRole" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1059 +msgid "ldap_sudorule_name (string)" +msgstr "ldap_sudorule_name (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1062 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "L'attribut LDAP qui correspond au nom de la règle de sudo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1072 +msgid "ldap_sudorule_command (string)" +msgstr "ldap_sudorule_command (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1075 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "L'attribut LDAP qui correspond au nom de la commande." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1079 +msgid "Default: sudoCommand" +msgstr "Par défaut : sudoCommand" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1085 +msgid "ldap_sudorule_host (string)" +msgstr "ldap_sudorule_host (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1088 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" +"L'attribut LDAP qui correspond au nom d'hôte (ou adresse IP de l'hôte, " +"réseau IP de l'hôte ou netgroup de l'hôte)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1093 +msgid "Default: sudoHost" +msgstr "Par défaut : sudoHost" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1099 +msgid "ldap_sudorule_user (string)" +msgstr "ldap_sudorule_user (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1102 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" +"L'attribut LDAP qui correspond au nom d'utilisateur (ou UID, le nom du " +"groupe ou netgroup de l'utilisateur)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1106 +msgid "Default: sudoUser" +msgstr "Par défaut : sudoUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1112 +msgid "ldap_sudorule_option (string)" +msgstr "ldap_sudorule_option (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1115 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "L'attribut LDAP qui correspond aux options sudo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1119 +msgid "Default: sudoOption" +msgstr "Par défaut : sudoOption" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1125 +msgid "ldap_sudorule_runasuser (string)" +msgstr "ldap_sudorule_runasuser (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1128 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" +"L'attribut LDAP qui correspond aux commandes peuvent être exécutées sous le " +"nom d'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1132 +msgid "Default: sudoRunAsUser" +msgstr "Par défaut : sudoRunAsUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1138 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "ldap_sudorule_runasgroup (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1141 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" +"L'attribut LDAP qui correspond au nom du groupe ou GID du groupe sous lequel " +"les commandes seront être exécutées." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1145 +msgid "Default: sudoRunAsGroup" +msgstr "Par défaut : sudoRunAsGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1151 +msgid "ldap_sudorule_notbefore (string)" +msgstr "ldap_sudorule_notbefore (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1154 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" +"L'attribut LDAP qui correspond à la date/heure de début pour laquelle la " +"règle sudo est valide." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1158 +msgid "Default: sudoNotBefore" +msgstr "Par défaut : sudoNotBefore" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1164 +msgid "ldap_sudorule_notafter (string)" +msgstr "ldap_sudorule_notafter (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1167 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" +"L'attribut LDAP qui correspond à la date/heure d'expiration, après quoi la " +"règle sudo ne sera plus valide." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1172 +msgid "Default: sudoNotAfter" +msgstr "Par défaut : sudoNotAfter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1178 +msgid "ldap_sudorule_order (string)" +msgstr "ldap_sudorule_order (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1181 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "L'attribut LDAP qui correspond à l'index de tri de la règle." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1185 +msgid "Default: sudoOrder" +msgstr "Par défaut : sudoOrder" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1194 +msgid "AUTOFS ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1201 +msgid "IP HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1205 +msgid "ldap_iphost_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1208 +msgid "The object class of an iphost entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1211 +msgid "Default: ipHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1217 +msgid "ldap_iphost_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1220 +msgid "" +"The LDAP attribute that contains the name of the IP host attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1230 +msgid "ldap_iphost_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1233 +msgid "The LDAP attribute that contains the IP host address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1237 +msgid "Default: ipHostNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1246 +msgid "IP NETWORK ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1250 +msgid "ldap_ipnetwork_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1253 +msgid "The object class of an ipnetwork entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1256 +msgid "Default: ipNetwork" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1262 +msgid "ldap_ipnetwork_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1265 +msgid "" +"The LDAP attribute that contains the name of the IP network attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1275 +msgid "ldap_ipnetwork_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1278 +msgid "The LDAP attribute that contains the IP network address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1282 +msgid "Default: ipNetworkNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_localauth_plugin.8.xml:10 sssd_krb5_localauth_plugin.8.xml:15 +#, fuzzy +#| msgid "sssd_krb5_locator_plugin" +msgid "sssd_krb5_localauth_plugin" +msgstr "sssd_krb5_locator_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_localauth_plugin.8.xml:16 +#, fuzzy +#| msgid "Kerberos locator plugin" +msgid "Kerberos local authorization plugin" +msgstr "Greffon de localisation Kerberos" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:22 +msgid "" +"The Kerberos local authorization plugin <command>sssd_krb5_localauth_plugin</" +"command> is used by libkrb5 to either find the local name for a given " +"Kerberos principal or to check if a given local name and a given Kerberos " +"principal relate to each other." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:29 +msgid "" +"SSSD handles the local names for users from a remote source and can read the " +"Kerberos user principal name from the remote source as well. With this " +"information SSSD can easily handle the mappings mentioned above even if the " +"local name and the Kerberos principal differ considerably." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:36 +msgid "" +"Additionally with the information read from the remote source SSSD can help " +"to prevent unexpected or unwanted mappings in case the user part of the " +"Kerberos principal accidentally corresponds to a local name of a different " +"user. By default libkrb5 might just strip the realm part of the Kerberos " +"principal to get the local name which would lead to wrong mappings in this " +"case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd_krb5_localauth_plugin.8.xml:46 +#, fuzzy +#| msgid "CONFIGURATION FILE" +msgid "CONFIGURATION" +msgstr "FICHIER DE CONFIGURATION" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd_krb5_localauth_plugin.8.xml:56 +#, no-wrap +msgid "" +"[plugins]\n" +" localauth = {\n" +" module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so\n" +" }\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:48 +msgid "" +"The Kerberos local authorization plugin must be enabled explicitly in the " +"Kerberos configuration, see <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. SSSD will create a " +"config snippet with the content like e.g. <placeholder " +"type=\"programlisting\" id=\"0\"/> automatically in the SSSD's public " +"Kerberos configuration snippet directory. If this directory is included in " +"the local Kerberos configuration the plugin will be enabled automatically." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:3 +msgid "ldap_autofs_map_object_class (string)" +msgstr "ldap_autofs_map_object_class (string)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:6 +msgid "The object class of an automount map entry in LDAP." +msgstr "" +"La classe d'objet d'une entrée de table de montage automatique dans LDAP." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:9 +msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:16 +msgid "ldap_autofs_map_name (string)" +msgstr "ldap_autofs_map_name (string)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:19 +msgid "The name of an automount map entry in LDAP." +msgstr "Le nom d'une entrée de table de montage automatique dans LDAP." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:22 +msgid "" +"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:29 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "ldap_autofs_entry_object_class (string)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:32 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:37 +msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:44 +msgid "ldap_autofs_entry_key (string)" +msgstr "ldap_autofs_entry_key (string)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:47 include/autofs_attributes.xml:61 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" +"La clé d'une entrée de montage automatique dans LDAP. L'entrée correspond " +"généralement à un point de montage." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:51 +msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:58 +msgid "ldap_autofs_entry_value (string)" +msgstr "ldap_autofs_entry_value (string)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:65 +msgid "" +"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise " +"automountInformation" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "DÉCOUVERTE DE SERVICE" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" +"La fonctionnalité de découverte de services permet aux moteurs de trouver " +"automatiquement les serveurs appropriés auxquels se connecter à l'aide d'une " +"requête DNS spéciale. Cette fonctionnalité n'est pas pris en charge pour sur " +"les serveurs secondaires." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "Configuration" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" +"Si aucun serveur n'est spécifié, le moteur utilise automatiquement la " +"découverte de services pour tenter de trouver un serveur. L'utilisateur peut " +"aussi choisir d'utiliser des adresses de serveur et de découverte de " +"services fixes en insérant un mot-clé spécial, <quote>_srv_</quote>, dans la " +"liste des serveurs. L'ordre de préférence est maintenu. Cette fonctionnalité " +"est utile si, par exemple, l'utilisateur préfère utiliser la découverte de " +"services chaque fois que possible et se replier vers un serveur spécifique " +"lorsqu'aucun serveur ne peut être découvert à l'aide du DNS." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "Le nom de domaine" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" +"Se reporter au paramètre <quote>dns_discovery_domain</quote> dans la page de " +"manuel <citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> pour plus de détails." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "Le protocole" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" +"Les requêtes spécifient généralement _tcp comme protocole. Les exceptions " +"sont documentées dans les descriptions respectives des options." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "Voir aussi" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" +"Pour plus d'informations sur le mécanisme de découverte de services, se " +"reporter à la RFC 2782." + +#. type: Content of: <refentryinfo> +#: include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - https://github." +"com/SSSD/sssd/</orgname>" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "BASCULE" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" +"La fonctionnalité de bascule autorise le moteur à basculer automatiquement " +"sur un serveur différent si le serveur actuel est défaillant." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "Syntaxe de bascule" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" +"La liste des serveurs est donnée sous forme de liste séparée par des " +"virgules ; un nombre quelconque d'espaces est autorisé autour de la virgule. " +"Les serveurs sont répertoriés par ordre de préférence. La liste peut " +"contenir un nombre quelconque de serveurs." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" +"Pour chaque option de configuration alors que la bascule est activée, il " +"existe deux variantes : <emphasis>primary</emphasis> et <emphasis>backup</" +"emphasis>. L'idée est que les serveurs dans la liste principale sont " +"préférés et les serveurs de secours sont interrogés uniquement si aucun " +"serveur primaire ne peut être atteint. Si un serveur de secours est " +"sélectionné, un délai d'attente de 31 secondes est défini. Après ce délai " +"d'attente, SSSD tentera périodiquement de se reconnecter à un des serveurs " +"primaires. S'il réussit, il remplacera l'actuel serveur (de secours) actif." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "Mécanisme de bascule" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" +"Le mécanisme de bascule fait la distinction entre une machine et d'un " +"service. Le moteur tente d'abord de résoudre le nom d'hôte d'un ordinateur " +"donné ; en cas d'échec de cette tentative de résolution, la machine est " +"considérée comme hors ligne. Aucune autre tentative n'est faite pour se " +"connecter à cette machine pour tout autre service. Si la tentative de " +"résolution réussit, le serveur principal tente de se connecter à un service " +"sur cette machine. Si la tentative de connexion de service échoue, alors ce " +"seul service est considéré comme hors ligne et le moteur passe " +"automatiquement au service suivant. La machine est toujours considérée en " +"ligne et peut toujours être considérée pour une tentative d'accès à un autre " +"service." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" +"Les tentatives de connexion ultérieures sont faites vers des machines ou des " +"services marqués comme hors connexion après un délai spécifié ; ce délai est " +"actuellement spécifié en dur à 30 secondes." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" +"S'il n'y a plus aucune machine à essayer, le moteur dans son ensemble " +"bascule dans le mode hors connexion et tente ensuite de se reconnecter " +"toutes les 30 secondes." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:53 +msgid "Failover time outs and tuning" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:55 +msgid "" +"Resolving a server to connect to can be as simple as running a single DNS " +"query or can involve several steps, such as finding the correct site or " +"trying out multiple host names in case some of the configured servers are " +"not reachable. The more complex scenarios can take some time and SSSD needs " +"to balance between providing enough time to finish the resolution process " +"but on the other hand, not trying for too long before falling back to " +"offline mode. If the SSSD debug logs show that the server resolution is " +"timing out before a live server is contacted, you can consider changing the " +"time outs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:76 +msgid "dns_resolver_server_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:80 +msgid "" +"Time in milliseconds that sets how long would SSSD talk to a single DNS " +"server before trying next one." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:90 +msgid "dns_resolver_op_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:94 +msgid "" +"Time in seconds to tell how long would SSSD try to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or discovery domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:106 +msgid "dns_resolver_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:110 +msgid "" +"How long would SSSD try to resolve a failover service. This service " +"resolution internally might include several steps, such as resolving DNS SRV " +"queries or locating the site." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:67 +msgid "" +"This section lists the available tunables. Please refer to their description " +"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:123 +msgid "" +"For LDAP-based providers, the resolve operation is performed as part of an " +"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout</" +"quote> timeout should be set to a larger value than " +"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger " +"value than <quote>dns_resolver_op_timeout</quote> which should be larger " +"than <quote>dns_resolver_server_timeout</quote>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "CORRESPONDANCE D'IDENTIFIANTS" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" +"La fonctionnalité de correspondance d'ID permet à SSSD d'agir comme un " +"client de Active Directory sans demander aux administrateurs d'étendre les " +"attributs utilisateur pour prendre en charge les attributs POSIX pour les " +"identifiants d'utilisateur et de groupe." + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" +"Remarque : Lorsque la mise en correspondance des ID est activée, les " +"attributs uidNumber et gidNumber sont ignorés. Ceci afin d'éviter les " +"risques de conflit entre les valeurs attribuées automatiquement et assignées " +"manuellement. Si vous avez besoin d'utiliser des valeurs attribuées " +"manuellement, TOUTES les valeurs doivent être assignées manuellement." + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "Arrêter le service SSSD" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "Supprimer la base de donnée" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "Démarrer le service SSSD" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "Algorithme de correspondance" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" +"Active Directory fournit un objectSID pour chaque objet d'utilisateur et de " +"groupe dans l'annuaire. Cet objectSID peut être divisé en composants qui " +"représentent l'identité de domaine Active Directory et l'identificateur " +"relatif (RID) de l'objet utilisateur ou groupe." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" +"L'algorithme de mise en correspondance des ID de SSSD tient un éventail " +"d'uid disponibles et le divise en sections de même taille, appelées « " +"tranches ». Chaque tranche représente l'espace disponible dans un domaine " +"Active Directory." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" +"Lorsqu'une entrée d'utilisateur ou de groupe pour un domaine particulier est " +"rencontrée pour la première fois, SSSD alloue une des plages disponibles " +"pour ce domaine. Afin de rendre cette affectation de plage reproductible sur " +"les ordinateurs clients différents, l'algorithme de sélection de plage " +"suivant est utilisé :" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" +"La chaîne du SID est passée par l'intermédiaire de l'algorithme murmurhash3 " +"pour le convertir en une valeur de hachage de 32 bits. Nous prenons ensuite " +"le modulo de cette valeur avec le nombre total des tranches disponibles pour " +"prendre la tranche." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" +"Remarque : Il est possible de rencontrer les collisions dans le hachage et " +"le modulo en découlant. Dans ces situations, la tranche suivante disponible " +"sera sélectionnée, mais il n'est pas possible de reproduire le même jeu " +"exact des tranches sur d'autres machines (puisque l'ordre dans lequel elles " +"sont rencontrées déterminera leur tranche). Dans ce cas, il est recommandé " +"de passer à l'utilisation des attributs POSIX explicites dans Active " +"Directory (en désactivant la correspondance d'ID) ou configurer un domaine " +"par défaut afin de garantir qu'au moins un est toujours cohérent. Pour plus " +"d'informations, voir <quote>Configuration</quote>." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" +"Configuration minimale (dans la section <quote>[domain/DOMAINNAME]</" +"quote>) :" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 200,000 and going up to " +"2,000,200,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "Configuration avancée" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "ldap_idmap_range_min (integer)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +#, fuzzy +#| msgid "" +#| "Specifies the lower bound of the range of POSIX IDs to use for mapping " +#| "Active Directory user and group SIDs." +msgid "" +"Specifies the lower (inclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"can be used for the mapping." +msgstr "" +"Spécifie la limite inférieure de la plage d'ID POSIX à utiliser pour la mise " +"en correspondance d'identifiants utilisateurs et groupes Active Directory." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:129 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" +"NOTE : Cette option est différente de <quote>min_id</quote> en ce sens que " +"<quote>min_id</quote> agit comme filtre sur le résultat des requêtes vers ce " +"domaine, alors que cette option contrôle les plages de correspondance d'ID. " +"Il s'agit d'une distinction subtile, mais les bonnes pratiques conseillent " +"d'avoir <quote>min_id</quote> inférieur ou égal à " +"<quote>ldap_idmap_range_min</quote>" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:139 include/ldap_id_mapping.xml:197 +msgid "Default: 200000" +msgstr "Par défaut : 200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:144 +msgid "ldap_idmap_range_max (integer)" +msgstr "ldap_idmap_range_max (integer)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:147 +msgid "" +"Specifies the upper (exclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"cannot be used for the mapping anymore, i.e. one larger than the last one " +"which can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:155 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" +"NOTE : Cette option est différente de <quote>max_id</quote> en ce sens que " +"<quote>max_id</quote> agit comme filtre sur le résultat des requêtes vers ce " +"domaine, alors que cette option contrôle les plages de correspondance d'ID. " +"Il s'agit d'une distinction subtile, mais les bonnes pratiques conseillent " +"d'avoir <quote>max_id</quote> supérieur ou égal à " +"<quote>ldap_idmap_range_max</quote>" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:165 +msgid "Default: 2000200000" +msgstr "Par défaut : 2000200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:170 +msgid "ldap_idmap_range_size (integer)" +msgstr "ldap_idmap_range_size (integer)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" +"Spécifie le nombre d'identifiants pour chaque tranche. Si la taille de la " +"plage ne divise pas uniformément dans les valeurs minimale et maximale, des " +"tranches complètes seront créées autant que possible." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:185 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:192 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:202 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "ldap_idmap_default_domain_sid (chaîne)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:205 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" +"Spécifier le SID de domaine du domaine par défaut. Cela garantira que ce " +"domaine est toujours affecté à la tranche zéro dans la carte d'ID, sans " +"passer par l'algorithme murmurhash décrit ci-dessus." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:216 +msgid "ldap_idmap_default_domain (string)" +msgstr "ldap_idmap_default_domain (chaîne)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:219 +msgid "Specify the name of the default domain." +msgstr "Spécifier le nom de domaine par défaut." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:227 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "ldap_idmap_autorid_compat (boolean)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:230 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" +"Modifie le comportement de l'algorithme de mise en correspondance des ID " +"afin qu'il se comporte de manière identique à celui <quote>idmap_autorid</" +"quote> de winbind." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:235 +#, fuzzy +#| msgid "" +#| "When this option is configured, domains will be allocated starting with " +#| "slice zero and increasing monatomically with each additional domain." +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monotonically with each additional domain." +msgstr "" +"Lorsque cette option est configurée, les domaines seront alloués en " +"commençant par la tranche zéro et augmentant de manière monotone pour chaque " +"domaine supplémentaire." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:240 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" +"Remarque : Cet algorithme n'est pas déterministe (il dépend de l'ordre dans " +"lequel utilisateurs et groupes sont invités). Si ce mode est nécessaire pour " +"assurer la compatibilité avec les ordinateurs qui utilisent winbind, il est " +"recommandé d'utiliser également l'option " +"<quote>ldap_idmap_default_domain_sid</quote> pour garantir qu'au moins un " +"domaine est systématiquement alloué à la tranche zéro." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:255 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:258 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:262 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:279 +msgid "Well-Known SIDs" +msgstr "SID bien connus" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:287 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:290 +msgid "Null Authority" +msgstr "Null Authority" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:291 +msgid "World Authority" +msgstr "World Authority" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:292 +msgid "Local Authority" +msgstr "Local Authority" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:293 +msgid "Creator Authority" +msgstr "Creator Authority" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:294 +#, fuzzy +#| msgid "Creator Authority" +msgid "Mandatory Label Authority" +msgstr "Creator Authority" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:295 +#, fuzzy +#| msgid "Creator Authority" +msgid "Authentication Authority" +msgstr "Creator Authority" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:296 +msgid "NT Authority" +msgstr "NT Authority" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:297 +msgid "Built-in" +msgstr "Built-in" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:299 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:303 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote>LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, " +"<quote>MANDATORY LABEL AUTHORITY</quote>, <quote>AUTHENTICATION AUTHORITY</" +"quote>, <quote>NT AUTHORITY</quote> and <quote>BUILTIN</quote> should not be " +"used as domain names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "<option>-?</option>,<option>--help</option>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "Affiche l'aide et quitte." + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "<option>-h</option>,<option>--help</option>" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10 +msgid "Currently supported debug levels:" +msgstr "Niveaux de débogage actuellement pris en charge :" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis> : défaillances fatales. " +"Tout ce qui empêcherait SSSD de démarrer ou provoquerait son arrêt." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill SSSD, but one that indicates that at least one major " +"feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis> : défaillances graves. " +"Une erreur qui annonce qu'une requête particulière ou une opération a échoué." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis> : erreurs mineures. Ce " +"sont les erreurs qui seraient susceptibles d'empirer pour provoquer l'erreur " +"en 2." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis> : paramètres de " +"configuration." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" +"<emphasis>5</emphasis>, <emphasis>0x0200</emphasis> : données de " +"fonctionnement." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis> : traçage des fonctions " +"opérationnelles." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis> : traçage des fonctions " +"de contrôles internes." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis> : contenu des variables " +"internes de fonctions pouvent être intéressantes." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis> : informations de " +"traçage de bas niveau." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x20000</emphasis>: Performance and " +"statistical data, please note that due to the way requests are processed " +"internally the logged execution time of a request might be longer than it " +"actually was." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:88 include/debug_levels_tools.xml:62 +msgid "" +"<emphasis>10</emphasis>, <emphasis>0x10000</emphasis>: Even more low-level " +"libldb tracing information. Almost never really required." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:93 include/debug_levels_tools.xml:67 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:97 include/debug_levels_tools.xml:71 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" +"<emphasis>Exemple</emphasis> : pour suivre erreurs fatales, critiques, " +"graves et les données de fonction, utiliser 0x0270." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:101 include/debug_levels_tools.xml:75 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" +"<emphasis>Exemple</emphasis> : pour consigner les erreurs fatales, les " +"paramètres de configuration, les données de fonction, les messages de trace " +"pour les fonctions de contrôle interne, utiliser 0x1310." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:106 include/debug_levels_tools.xml:80 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" +"<emphasis>Note</emphasis> : le format des niveaux de débogage a été " +"introduit dans la version 1.7.0." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:110 include/debug_levels_tools.xml:84 +msgid "" +"<emphasis>Default</emphasis>: 0x0070 (i.e. fatal, critical and serious " +"failures; corresponds to setting 2 in decimal notation)" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "LE DOMAINE LOCAL" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" +"Pour fonctionner correctement, un domaine avec <quote>id_provider = local</" +"quote> doit être créé et SSSD doit s'exécuter." + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" +"L'administrateur peut vouloir utiliser les utilisateurs locaux SSSD au lieu " +"des utilisateurs UNIX traditionnels dans les cas où l'imbrication de groupes " +"(cf. <citerefentry><refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry>) est nécessaire. Les utilisateurs locaux sont " +"également utiles pour les tests et le développement de SSSD sans avoir à " +"déployer un serveur distant complet. Les outils <command>sss_user *</" +"command> et <command>sss_group *</command> utilisent alors un stockage local " +"de type LDB pour les utilisateurs et les groupes." + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ldap-attributes</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ad</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +"condition=\"with_files_provider\"> <citerefentry> <refentrytitle>sssd-files</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, </phrase> <phrase " +"condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +"<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> " +"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> </phrase>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" +"Un DN de base facultatif, une étendue de recherche et un filtre LDAP afin de " +"restreindre les recherches LDAP pour ce type d'attribut." + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "syntaxe : <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" +"La portée peut être l'une des « base », « onelevel » ou « subtree ». Les " +"fonctions de portée sont spécifiées dans la section 4.5.1.2 de http://tools." +"ietf.org/html/rfc4511" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" +"Pour obtenir des exemples de cette syntaxe, reportez-vous à la section " +"d'exemples <quote>ldap_search_base</quote>." + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" +"Noter que la spécification de portée ou de filtre n'est pas prise en charge " +"pour les recherches sur un serveur Active Directory qui serait susceptible " +"de produire un grand nombre de résultats et de déclencher l'extension Range " +"Retrieval dans sa réponse." + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" +"Veuillez noter que l'automounter ne lit que la carte maîtresse au démarrage. " +"Ainsi, si des modifications liées à autofs sont apportées à sssd.conf, vous " +"devrez généralement redémarrer le démon automounter après le redémarrage de " +"SSSD" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "override_homedir (chaîne)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "numéro d'UID" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "nom de domaine" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "%f" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "nom d'utilisateur pleinement qualifié (utilisateur@domaine)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:27 +msgid "%l" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "The first letter of the login name." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:32 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" +"UPN - Nom de principal d'utilisateur (User principal name, nom@ROYAUME)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:35 +msgid "%o" +msgstr "%o" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:37 +msgid "The original home directory retrieved from the identity provider." +msgstr "" +"Le répertoire utilisateur original provenant du fournisseur d'identité." + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:44 +#, fuzzy +#| msgid "The original home directory retrieved from the identity provider." +msgid "" +"The original home directory retrieved from the identity provider, but in " +"lower case." +msgstr "" +"Le répertoire utilisateur original provenant du fournisseur d'identité." + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:49 +msgid "%H" +msgstr "%H" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:51 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" +"La valeur de l'option de configuration <emphasis>homedir_substring</" +"emphasis>." + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Réécrit le répertoire personnel de l'utilisateur. Il est possible de fournir " +"une valeur absolue ou un patron. Dans le cas d'un patron, les séquences " +"suivantes sont substituées :<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:63 +msgid "This option can also be set per-domain." +msgstr "Cette option peut aussi être définie pour chaque domaine." + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:68 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" +"override_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:72 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "Par défaut : Indéfini (SSSD utilisera la valeur récupérée de LDAP)" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:76 +msgid "" +"Please note, the home directory from a specific override for the user, " +"either locally (see <citerefentry><refentrytitle>sss_override</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry>) or centrally managed " +"IPA id-overrides, has a higher precedence and will be used instead of the " +"value given by override_homedir." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "homedir_substring (chaîne)" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "Par défaut : /home" + +#. type: Content of: <refsect1><title> +#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2 +msgid "MODIFIED DEFAULT OPTIONS" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ad_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and AD provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9 +msgid "KRB5 Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13 +msgid "krb5_validate = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:18 +msgid "krb5_use_enterprise_principal = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:24 +msgid "LDAP Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:28 +msgid "ldap_schema = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38 +msgid "ldap_force_upper_case_realm = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:38 +msgid "ldap_id_mapping = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSS-SPNEGO" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:48 +msgid "ldap_referrals = false" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58 +msgid "ldap_use_tokengroups = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:63 +msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:66 +msgid "" +"The AD provider looks for a different principal than the LDAP provider by " +"default, because in an Active Directory environment the principals are " +"divided into two groups - User Principals and Service Principals. Only User " +"Principal can be used to obtain a TGT and by default, computer object's " +"principal is constructed from its sAMAccountName and the AD realm. The well-" +"known host/hostname@REALM principal is a Service Principal and thus cannot " +"be used to get a TGT with." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:80 +msgid "NSS configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:84 +msgid "fallback_homedir = /home/%d/%u" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:87 +msgid "" +"The AD provider automatically sets \"fallback_homedir = /home/%d/%u\" to " +"provide personal home directories for users without the homeDirectory " +"attribute. If your AD Domain is properly populated with Posix attributes, " +"and you want to avoid this fallback behavior, you can explicitly set " +"\"fallback_homedir = %o\"." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:96 +msgid "" +"Note that the system typically expects a home directory in /home/%u folder. " +"If you decide to use a different directory structure, some other parts of " +"your system may need adjustments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:102 +msgid "" +"For example automated creation of home directories in combination with " +"selinux requires selinux adjustment, otherwise the home directory will be " +"created with wrong selinux context." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ipa_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and IPA provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:18 +msgid "krb5_use_fast = try" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:23 +msgid "krb5_canonicalize = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:29 +msgid "LDAP Provider - General" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:33 +msgid "ldap_schema = ipa_v1" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSSAPI" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:48 +msgid "ldap_sasl_minssf = 56" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ipa" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:64 +msgid "LDAP Provider - User options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:68 +msgid "ldap_user_member_of = memberOf" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:73 +msgid "ldap_user_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:78 +msgid "ldap_user_ssh_public_key = ipaSshPubKey" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:83 +msgid "ldap_user_auth_type = ipaUserAuthType" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:89 +msgid "LDAP Provider - Group options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:93 +msgid "ldap_group_object_class = ipaUserGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:98 +msgid "ldap_group_object_class_alt = posixGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:103 +msgid "ldap_group_member = member" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:108 +msgid "ldap_group_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:113 +msgid "ldap_group_objectsid = ipaNTSecurityIdentifier" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:118 +msgid "ldap_group_external_member = ipaExternalMember" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:3 +msgid "krb5_auth_timeout (integer)" +msgstr "krb5_auth_timeout (entier)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:6 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" +"Délai d'attente, en secondes, après l'annulation d'une requête " +"d'authentification en ligne ou de changement de mot de passe. La requête " +"d'authentification sera effectuée hors-ligne si cela est possible." + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:17 +msgid "krb5_validate (boolean)" +msgstr "krb5_validate (booléen)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:20 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" +"Vérifie à l'aide de krb5_keytab que le TGT obtenu n'a pas été usurpé. Les " +"entrées d'un fichier keytab sont vérifiées dans l'ordre, et la première " +"entrée avec un domaine correspondant est utilisée pour la validation. Si " +"aucune entrée ne correspond au domaine, la dernière entrée dans le fichier " +"keytab est utilisée. Ce processus peut être utilisé pour valider des " +"environnements utilisant l'approbation entre domaines en plaçant l'entrée " +"keytab appropriée comme dernière ou comme seule entrée dans le fichier " +"keytab." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:29 +#, fuzzy +#| msgid "Default: false (AD provider: true)" +msgid "Default: false (IPA and AD provider: true)" +msgstr "Par défaut : false (AD provider : true)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:32 +#, fuzzy +#| msgid "" +#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> manual page for more details." +msgid "" +"Please note that the ticket validation is the first step when checking the " +"PAC (see 'pac_check' in the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page for " +"details). If ticket validation is disabled the PAC checks will be skipped as " +"well." +msgstr "" +"Se reporter au paramètre <quote>dns_discovery_domain</quote> dans la page de " +"manuel <citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> pour plus de détails." + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:44 +msgid "krb5_renewable_lifetime (string)" +msgstr "krb5_renewable_lifetime (chaîne)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:47 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" +"Demande un ticket renouvelable avec une durée de vie totale, donnée par un " +"entier immédiatement suivi par une unité de temps :" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:52 include/krb5_options.xml:86 +#: include/krb5_options.xml:123 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "<emphasis>s</emphasis> pour secondes" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:55 include/krb5_options.xml:89 +#: include/krb5_options.xml:126 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "<emphasis>m</emphasis> pour minutes" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:58 include/krb5_options.xml:92 +#: include/krb5_options.xml:129 +msgid "<emphasis>h</emphasis> for hours" +msgstr "<emphasis>h</emphasis> pour heures" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:61 include/krb5_options.xml:95 +#: include/krb5_options.xml:132 +msgid "<emphasis>d</emphasis> for days." +msgstr "<emphasis>d</emphasis> pour jours." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:64 include/krb5_options.xml:135 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "Si aucune unité n'est spécifiée, <emphasis>s</emphasis> est utilisé." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:68 include/krb5_options.xml:139 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" +"NOTE : il n'est pas possible de mélanger les unités. Pour indiquer une durée " +"de vie renouvelable de une heure et trente minutes, utiliser « 90m » au lieu " +"de « 1h30m »." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:73 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "" +"Par défaut : non défini, c'est-à-dire que le TGT n'est pas renouvelable" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:79 +msgid "krb5_lifetime (string)" +msgstr "krb5_lifetime (chaîne)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:82 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" +"Demande un ticket avec une durée de vie, donnée par un entier immédiatement " +"suivi par une unité de temps :" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:98 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "Si aucune unité n'est spécifiée, <emphasis>s</emphasis> est utilisé." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:102 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" +"NOTE : il n'est pas possible de mélanger les unités. Pour indiquer une durée " +"de vie de une heure et trente minutes, utiliser « 90m » au lieu de « 1h30m »." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:107 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" +"Par défaut : non défini, c'est-à-dire la durée de vie par défaut configurée " +"dans le KDC." + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:114 +msgid "krb5_renew_interval (string)" +msgstr "krb5_renew_interval (chaîne)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:117 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" +"La durée, en secondes, entre deux vérifications pour savoir si le TGT doit " +"être renouvelé. Les TGT sont renouvelés si environ la moitié de leur durée " +"de vie est dépassée. Indiquée par un entier immédiatement suivi d'une unité " +"de temps :" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:144 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" +"Si cette option n'est pas définie ou définie à 0, le renouvellement " +"automatique est désactivé." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:157 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" +"Spécifie si les principaux du système et de l'utilisateur doivent être " +"rendus canoniques. Cette fonctionnalité est disponible avec MIT Kerberos 1.7 " +"et versions suivantes." + +#, fuzzy +#~| msgid "This option is not available in IPA provider." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "Cette option n'est pas disponible dans le fournisseur IPA." + +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "" +#~ "Détermine si les données d'identification de l'utilisateur sont aussi mis " +#~ "en cache dans le cache LDB local" + +#~ msgid "User credentials are stored in a SHA512 hash, not in plaintext" +#~ msgstr "" +#~ "Les informations d'identification utilisateur sont stockées dans une " +#~ "table de hachage SHA512, et non en texte brut" + +#~ msgid "" +#~ "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +#~ "which translates to \"the name is everything up to the <quote>@</quote> " +#~ "sign, the domain everything after that\"" +#~ msgstr "" +#~ "Par défaut : <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</" +#~ "quote> qui se traduit par « peu importe le nom jusqu'au <quote>@</quote>, " +#~ "peu importe le domaine après »" + +#~ msgid "The LDAP attribute that corresponds to the group name." +#~ msgstr "L'attribut LDAP correspondant au nom du groupe." + +#~ msgid "" +#~ "Specifies the upper bound of the range of POSIX IDs to use for mapping " +#~ "Active Directory user and group SIDs." +#~ msgstr "" +#~ "Spécifie la limite supérieure de la plage d'ID POSIX à utiliser pour la " +#~ "mise en correspondance d'identifiants utilisateurs et groupes Active " +#~ "Directory." + +#~ msgid "sss_groupmod" +#~ msgstr "sss_groupmod" + +#~ msgid "modify a group" +#~ msgstr "modifier un groupe" + +#~ msgid "" +#~ "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_groupmod</command> modifies the group to reflect the changes " +#~ "that are specified on the command line." +#~ msgstr "" +#~ "<command>sss_groupmod</command> modifie le groupe pour refléter les " +#~ "changements spécifiés sur la ligne de commande." + +#~ msgid "" +#~ "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +#~ "replaceable>" + +#~ msgid "" +#~ "Append this group to groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter " +#~ "is a comma separated list of group names." +#~ msgstr "" +#~ "Ajouter ce groupe aux groupes spécifiés par le paramètre " +#~ "<replaceable>GROUPS</replaceable>. Le paramètre <replaceable>GROUPS</" +#~ "replaceable> est une liste séparée par des virgules de noms de groupe." + +#~ msgid "" +#~ "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +#~ "replaceable>" + +#~ msgid "" +#~ "Remove this group from groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter." +#~ msgstr "" +#~ "Supprime ce groupe des groupes spécifiés par le paramètre " +#~ "<replaceable>GROUPS</replaceable>." + +#~ msgid "<quote>local</quote>: SSSD internal provider for local users" +#~ msgstr "" +#~ "<quote>local</quote> : Fournisseur interne SSSD pour les utilisateurs " +#~ "locaux" + +#~ msgid "The local domain section" +#~ msgstr "La section du domaine local" + +#~ msgid "" +#~ "This section contains settings for domain that stores users and groups in " +#~ "SSSD native database, that is, a domain that uses " +#~ "<replaceable>id_provider=local</replaceable>." +#~ msgstr "" +#~ "Cette section contient les paramètres pour le domaine qui stocke les " +#~ "utilisateurs et les groupes dans la base de données native SSSD, c'est-à-" +#~ "dire un domaine qui utilise <replaceable>id_provider=local</replaceable>." + +#~ msgid "default_shell (string)" +#~ msgstr "default_shell (chaîne)" + +#~ msgid "The default shell for users created with SSSD userspace tools." +#~ msgstr "" +#~ "L'interpréteur de commandes par défaut pour les utilisateurs créés avec " +#~ "les outils en espace utilisateur SSSD." + +#~ msgid "Default: <filename>/bin/bash</filename>" +#~ msgstr "Par défaut : <filename>/bin/bash</filename>" + +#~ msgid "base_directory (string)" +#~ msgstr "base_directory (chaîne)" + +#~ msgid "" +#~ "The tools append the login name to <replaceable>base_directory</" +#~ "replaceable> and use that as the home directory." +#~ msgstr "" +#~ "Les outils ajoutent le nom d'utilisateur à <replaceable>base_directory</" +#~ "replaceable> et l'utilisent comme dossier personnel." + +#~ msgid "Default: <filename>/home</filename>" +#~ msgstr "Par défaut : <filename>/home</filename>" + +#~ msgid "create_homedir (bool)" +#~ msgstr "create_homedir (booléen)" + +#~ msgid "" +#~ "Indicate if a home directory should be created by default for new users. " +#~ "Can be overridden on command line." +#~ msgstr "" +#~ "Indique si un dossier personnel doit être créé par défaut pour les " +#~ "nouveaux utilisateurs. Peut être outrepassé par la ligne de commande." + +#~ msgid "remove_homedir (bool)" +#~ msgstr "remove_homedir (booléen)" + +#~ msgid "" +#~ "Indicate if a home directory should be removed by default for deleted " +#~ "users. Can be overridden on command line." +#~ msgstr "" +#~ "Indiquer si un dossier personnel doit par défaut être supprimé à la " +#~ "suppression des utilisateurs. Peut être outrepassé par la ligne de " +#~ "commande." + +#~ msgid "homedir_umask (integer)" +#~ msgstr "homedir_umask (entier)" + +#~ msgid "" +#~ "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +#~ "<manvolnum>8</manvolnum> </citerefentry> to specify the default " +#~ "permissions on a newly created home directory." +#~ msgstr "" +#~ "Utilisé par <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +#~ "<manvolnum>8</manvolnum> </citerefentry> pour spécifier les permissions " +#~ "par défaut sur un répertoire personnel nouvellement créé." + +#~ msgid "Default: 077" +#~ msgstr "Par défaut : 077" + +#~ msgid "skel_dir (string)" +#~ msgstr "skel_dir (chaîne)" + +#~ msgid "" +#~ "The skeleton directory, which contains files and directories to be copied " +#~ "in the user's home directory, when the home directory is created by " +#~ "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +#~ "manvolnum> </citerefentry>" +#~ msgstr "" +#~ "Le répertoire squelette contenant les fichiers et répertoires à copier " +#~ "dans le répertoire personnel de l'utilisateur une fois ce répertoire créé " +#~ "par <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +#~ "<manvolnum>8</manvolnum> </citerefentry>" + +#~ msgid "Default: <filename>/etc/skel</filename>" +#~ msgstr "Par défaut : <filename>/etc/skel</filename>" + +#~ msgid "mail_dir (string)" +#~ msgstr "mail_dir (chaîne)" + +#~ msgid "" +#~ "The mail spool directory. This is needed to manipulate the mailbox when " +#~ "its corresponding user account is modified or deleted. If not specified, " +#~ "a default value is used." +#~ msgstr "" +#~ "Le répertoire de gestion des e-mails. Nécessaire pour manipuler les " +#~ "boîtes e-mail quand les comptes utilisateurs sont modifiés ou supprimés. " +#~ "Si non précisé, la valeur par défaut est utilisée." + +#~ msgid "Default: <filename>/var/mail</filename>" +#~ msgstr "Par défaut : <filename>/var/mail</filename>" + +#~ msgid "userdel_cmd (string)" +#~ msgstr "userdel_cmd (chaîne)" + +#~ msgid "" +#~ "The command that is run after a user is removed. The command us passed " +#~ "the username of the user being removed as the first and only parameter. " +#~ "The return code of the command is not taken into account." +#~ msgstr "" +#~ "La commande qui est exécutée quand un utilisateur est supprimé. La " +#~ "commande a comme seul argument le nom de l'utilisateur qui doit être " +#~ "supprimé. Le code en retour de la commande n'est pas pris en compte." + +#~ msgid "Default: None, no command is run" +#~ msgstr "Par défaut : None, aucune commande lancée" + +#~ msgid "sss_useradd" +#~ msgstr "sss_useradd" + +#~ msgid "create a new user" +#~ msgstr "créer un utilisateur" + +#~ msgid "" +#~ "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>UTILISATEUR</" +#~ "replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_useradd</command> creates a new user account using the " +#~ "values specified on the command line plus the default values from the " +#~ "system." +#~ msgstr "" +#~ "<command>sss_useradd</command> crée un nouveau compte utilisateur en " +#~ "utilisant les valeurs spécifiées en ligne de commande auquelles sont " +#~ "ajoutées les valeurs par défaut du système." + +#~ msgid "" +#~ "Set the UID of the user to the value of <replaceable>UID</replaceable>. " +#~ "If not given, it is chosen automatically." +#~ msgstr "" +#~ "Définit l'UID de l'utilisateur à la valeur <replaceable>UID</" +#~ "replaceable>. Si non précisé, il est choisit automatiquement." + +#~ msgid "" +#~ "The home directory of the user account. The default is to append the " +#~ "<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and " +#~ "use that as the home directory. The base that is prepended before " +#~ "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" +#~ "baseDirectory</quote> setting in sssd.conf." +#~ msgstr "" +#~ "Le répertoire personnel du compte utilisateur. Par défaut, on ajoute " +#~ "<replaceable>LOGIN</replaceable> à <filename>/home</filename> et on " +#~ "utilise cela comme dossier personnel. La base précédent " +#~ "<replaceable>LOGIN</replaceable> est modifiable avec le paramètre " +#~ "<quote>user_defaults/baseDirectory</quote> de sssd.conf." + +#~ msgid "" +#~ "The user's login shell. The default is currently <filename>/bin/bash</" +#~ "filename>. The default can be changed with <quote>user_defaults/" +#~ "defaultShell</quote> setting in sssd.conf." +#~ msgstr "" +#~ "L'interpréteur de commande de l'utilisateur. La valeur par défaut " +#~ "actuelle, <filename>/bin/bash</filename>, peut être modifiée avec le " +#~ "paramètre <quote>user_defaults/defaultShell</quote> dans sssd.conf." + +#~ msgid "" +#~ "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-G</option>,<option>--groups</option> <replaceable>GROUPES</" +#~ "replaceable>" + +#~ msgid "A list of existing groups this user is also a member of." +#~ msgstr "Une liste de groupes existants dont l'utilisateur est aussi membre." + +#~ msgid "<option>-m</option>,<option>--create-home</option>" +#~ msgstr "<option>-m</option>,<option>--create-home</option>" + +#~ msgid "" +#~ "Create the user's home directory if it does not exist. The files and " +#~ "directories contained in the skeleton directory (which can be defined " +#~ "with the -k option or in the config file) will be copied to the home " +#~ "directory." +#~ msgstr "" +#~ "Crée le répertoire personnel de l'utilisateur s'il n'existe pas. Les " +#~ "fichiers et répertoires inclus dans le répertoire squelette (pouvant être " +#~ "définis avec l'option -k ou dans le fichier de configuration) sont copiés " +#~ "dans le dossier personnel." + +#~ msgid "<option>-M</option>,<option>--no-create-home</option>" +#~ msgstr "<option>-M</option>,<option>--no-create-home</option>" + +#~ msgid "" +#~ "Do not create the user's home directory. Overrides configuration settings." +#~ msgstr "" +#~ "Ne pas créer de dossier personnel pour l'utilisateur. Écrase les " +#~ "paramètres de configuration." + +#~ msgid "" +#~ "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +#~ "replaceable>" + +#~ msgid "" +#~ "The skeleton directory, which contains files and directories to be copied " +#~ "in the user's home directory, when the home directory is created by " +#~ "<command>sss_useradd</command>." +#~ msgstr "" +#~ "Le répertoire squelette, contenant les fichiers et répertoires à copier " +#~ "dans le répertoire personnel de l'utilisateur, quand le répertoire " +#~ "personnel est créé par <command>sss_useradd</command>." + +#~ msgid "" +#~ "Special files (block devices, character devices, named pipes and unix " +#~ "sockets) will not be copied." +#~ msgstr "" +#~ "Les fichiers spéciaux (périphériques blocs, caractères, tubes nommés et " +#~ "sockets unix) ne seront pas copiés." + +#~ msgid "" +#~ "This option is only valid if the <option>-m</option> (or <option>--create-" +#~ "home</option>) option is specified, or creation of home directories is " +#~ "set to TRUE in the configuration." +#~ msgstr "" +#~ "L'option n'est valide que si l'option <option>-m</option> (ou <option>--" +#~ "create-home</option>) est utilisée ou si la création de répertoires " +#~ "personnels est à TRUE dans la configuration." + +#~ msgid "" +#~ "<option>-Z</option>,<option>--selinux-user</option> " +#~ "<replaceable>SELINUX_USER</replaceable>" +#~ msgstr "" +#~ "<option>-Z</option>,<option>--selinux-user</option> " +#~ "<replaceable>UTILISATEUR_SELINUX</replaceable>" + +#~ msgid "" +#~ "The SELinux user for the user's login. If not specified, the system " +#~ "default will be used." +#~ msgstr "" +#~ "L'utilisateur SELinux pour la connexion utilisateur. Si non spécifié, la " +#~ "valeur par défaut du système est utilisée." + +#~ msgid "sss_groupadd" +#~ msgstr "sss_groupadd" + +#~ msgid "create a new group" +#~ msgstr "Créer un nouveau groupe" + +#~ msgid "" +#~ "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUPE</" +#~ "replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_groupadd</command> creates a new group. These groups are " +#~ "compatible with POSIX groups, with the additional feature that they can " +#~ "contain other groups as members." +#~ msgstr "" +#~ "<command>sss_groupadd</command> crée un nouveau groupe. Ces groupes sont " +#~ "compatibles avec les groupes POSIX, avec la caractéristique " +#~ "supplémentaire qu'ils peuvent contenir d'autres groupes comme membres." + +#~ msgid "" +#~ "Set the GID of the group to the value of <replaceable>GID</replaceable>. " +#~ "If not given, it is chosen automatically." +#~ msgstr "" +#~ "Positionne le GID du groupe à la valeur <replaceable>GID</replaceable>. " +#~ "Si non spécifié, il est choisi automatiquement." + +#~ msgid "sss_userdel" +#~ msgstr "sss_userdel" + +#~ msgid "delete a user account" +#~ msgstr "Supprimer un compte utilisateur" + +#~ msgid "" +#~ "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_userdel</command> deletes a user identified by login name " +#~ "<replaceable>LOGIN</replaceable> from the system." +#~ msgstr "" +#~ "<command>sss_userdel</command> supprime du système un utilisateur " +#~ "identifié par son identifiant de connexion <replaceable>LOGIN</" +#~ "replaceable>." + +#~ msgid "<option>-r</option>,<option>--remove</option>" +#~ msgstr "<option>-r</option>,<option>--remove</option>" + +#~ msgid "" +#~ "Files in the user's home directory will be removed along with the home " +#~ "directory itself and the user's mail spool. Overrides the configuration." +#~ msgstr "" +#~ "Les fichiers dans le répertoire ainsi que le répertoire lui-même de " +#~ "l'utilisateur et sa messagerie seront supprimés. Outrepasse la " +#~ "configuration." + +#~ msgid "<option>-R</option>,<option>--no-remove</option>" +#~ msgstr "<option>-R</option>,<option>--no-remove</option>" + +#~ msgid "" +#~ "Files in the user's home directory will NOT be removed along with the " +#~ "home directory itself and the user's mail spool. Overrides the " +#~ "configuration." +#~ msgstr "" +#~ "Les fichiers dans le répertoire ainsi que le répertoire lui-même de " +#~ "l'utilisateur et sa messagerie ne seront PAS supprimés. Outrepasse la " +#~ "configuration." + +#~ msgid "<option>-f</option>,<option>--force</option>" +#~ msgstr "<option>-f</option>,<option>--force</option>" + +#~ msgid "" +#~ "This option forces <command>sss_userdel</command> to remove the user's " +#~ "home directory and mail spool, even if they are not owned by the " +#~ "specified user." +#~ msgstr "" +#~ "Cette option oblige <command>sss_userdel</command> à supprimer le " +#~ "répertoire home de l'utilisateur et sa messagerie, même si ils ne sont " +#~ "pas détenus par l'utilisateur spécifié." + +#~ msgid "<option>-k</option>,<option>--kick</option>" +#~ msgstr "<option>-k</option>,<option>--kick</option>" + +#~ msgid "Before actually deleting the user, terminate all his processes." +#~ msgstr "" +#~ "Avant de réellement supprimer l'utilisateur, mettre fin à tous ses " +#~ "processus." + +#~ msgid "sss_groupdel" +#~ msgstr "sss_groupdel" + +#~ msgid "delete a group" +#~ msgstr "supprimer un groupe" + +#~ msgid "" +#~ "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUPE</" +#~ "replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_groupdel</command> deletes a group identified by its name " +#~ "<replaceable>GROUP</replaceable> from the system." +#~ msgstr "" +#~ "<command>sss_groupdel</command> supprime du système un groupe identifié " +#~ "par son nom de groupe <replaceable>GROUPE</replaceable>." + +#~ msgid "sss_groupshow" +#~ msgstr "sss_groupshow" + +#~ msgid "print properties of a group" +#~ msgstr "affiche les propriétés d'un groupe" + +#~ msgid "" +#~ "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUPE</" +#~ "replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_groupshow</command> displays information about a group " +#~ "identified by its name <replaceable>GROUP</replaceable>. The information " +#~ "includes the group ID number, members of the group and the parent group." +#~ msgstr "" +#~ "<command>sss_groupshow</command> affiche des informations sur un groupe " +#~ "identifié par son nom <replaceable>GROUPE</replaceable>. Les informations " +#~ "incluent l'ID de groupe, les membres du groupe ainsi que le groupe parent." + +#~ msgid "<option>-R</option>,<option>--recursive</option>" +#~ msgstr "<option>-R</option>,<option>--recursive</option>" + +#~ msgid "" +#~ "Also print indirect group members in a tree-like hierarchy. Note that " +#~ "this also affects printing parent groups - without <option>R</option>, " +#~ "only the direct parent will be printed." +#~ msgstr "" +#~ "Affiche aussi les membres indirects de groupe dans une hiérarchie " +#~ "arborescente. Noter que cela affecte également les affichages de groupes " +#~ "parents - sans l'option <option>R</option>, seul le parent direct sera " +#~ "affiché." + +#~ msgid "sss_usermod" +#~ msgstr "sss_usermod" + +#~ msgid "modify a user account" +#~ msgstr "modifier un compte utilisateur" + +#~ msgid "" +#~ "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_usermod</command> modifies the account specified by " +#~ "<replaceable>LOGIN</replaceable> to reflect the changes that are " +#~ "specified on the command line." +#~ msgstr "" +#~ "<command>sss_usermod</command> modifie le compte défini par " +#~ "<replaceable>LOGIN</replaceable> pour refléter les modifications fournies " +#~ "en ligne de commande." + +#~ msgid "The home directory of the user account." +#~ msgstr "Le répertoire personnel du compte utilisateur." + +#~ msgid "The user's login shell." +#~ msgstr "L'interpréteur de commandes de l'utilisateur." + +#~ msgid "" +#~ "Append this user to groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter " +#~ "is a comma separated list of group names." +#~ msgstr "" +#~ "Ajouter cet utilisateur aux groupes spécifiés par le paramètre " +#~ "<replaceable>GROUPS</replaceable>. Le paramètre <replaceable>GROUPS</" +#~ "replaceable> est une liste séparée par des virgules de noms de groupes." + +#~ msgid "" +#~ "Remove this user from groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter." +#~ msgstr "" +#~ "Retirer cet utilisateur de groupes spécifiés par le paramètre " +#~ "<replaceable>GROUPS</replaceable>." + +#~ msgid "<option>-l</option>,<option>--lock</option>" +#~ msgstr "<option>-l</option>,<option>--lock</option>" + +#~ msgid "Lock the user account. The user won't be able to log in." +#~ msgstr "Verrouiller le compte utilisateur. Il ne pourra plus se connecter." + +#~ msgid "<option>-u</option>,<option>--unlock</option>" +#~ msgstr "<option>-u</option>,<option>--unlock</option>" + +#~ msgid "Unlock the user account." +#~ msgstr "Déverrouiller le compte utilisateur." + +#~ msgid "The SELinux user for the user's login." +#~ msgstr "" +#~ "L'utilisateur SELinux pour l'identifiant de connexion de l'utilisateur." + +#~ msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +#~ msgstr "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" + +#~ msgid "Add an attribute/value pair. The format is attrname=value." +#~ msgstr "" +#~ "Ajouter une paire attribut/valeur. Le format est nom_attribut=valeur." + +#~ msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +#~ msgstr "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" + +#~ msgid "" +#~ "Set an attribute to a name/value pair. The format is attrname=value. For " +#~ "multi-valued attributes, the command replaces the values already present" +#~ msgstr "" +#~ "Définir une paire attribut/valeur. Le format est nom_attribut=valeur. " +#~ "Pour les attributs multi-valués, la commande remplace les valeurs déjà " +#~ "présentes." + +#~ msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +#~ msgstr "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" + +#~ msgid "Delete an attribute/value pair. The format is attrname=value." +#~ msgstr "" +#~ "Supprimer une paire attribut/valeur. Le format est nom_attribut=valeur." + +#~ msgid "Default: /etc/krb5.keytab" +#~ msgstr "Par défaut : /etc/krb5.keytab" + +#~ msgid "new_interval = old_interval*2 + random_offset" +#~ msgstr "new_interval = old_interval*2 + random_offset" + +#~ msgid "memcache_timeout (int)" +#~ msgstr "memcache_timeout (int)" + +#~ msgid "<option>-f</option>,<option>--debug-to-files</option>" +#~ msgstr "<option>-f</option>,<option>--debug-to-files</option>" + +#~ msgid "" +#~ "Send the debug output to files instead of stderr. By default, the log " +#~ "files are stored in <filename>/var/log/sssd</filename> and there are " +#~ "separate log files for every SSSD service and domain." +#~ msgstr "" +#~ "Envoie la sortie de débogage vers des fichiers plutôt que vers la sortie " +#~ "d'erreur standard. Par défaut, les fichiers de sortie sont stockés dans " +#~ "<filename>/var/log/sssd</filename> et des fichiers différents sont créés " +#~ "pour chaque service et domaine SSSD." + +#~ msgid "<emphasis>Default</emphasis>: 0" +#~ msgstr "<emphasis>Par défaut</emphasis> : 0" diff --git a/src/man/po/ja.po b/src/man/po/ja.po new file mode 100644 index 0000000..5ae596c --- /dev/null +++ b/src/man/po/ja.po @@ -0,0 +1,19900 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# Tadashi Jokagi <elf@poyo.jp>, 2012 +# Tomoyuki KATO <tomo@dream.daynight.jp>, 2012-2013 +# carrotsoft <www.carrotsoft@gmail.com>, 2012 +# Keiko Moriguchi <kemorigu@redhat.com>, 2019. #zanata +# Ludek Janda <ljanda@redhat.com>, 2020. #zanata +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 2.3.0\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" +"PO-Revision-Date: 2021-07-20 07:04+0000\n" +"Last-Translator: Ludek Janda <ljanda@redhat.com>\n" +"Language-Team: Japanese <https://translate.fedoraproject.org/projects/sssd/" +"sssd-manpage-master/ja/>\n" +"Language: ja\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: Weblate 4.7.1\n" + +#. type: Content of: <reference><title> +#: sssd.conf.5.xml:8 sssd-ldap.5.xml:5 pam_sss.8.xml:5 pam_sss_gss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5 +#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 +#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sssd-krb5.5.xml:5 +#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5 +#: sssd-files.5.xml:5 sssd-session-recording.5.xml:5 sssd-kcm.8.xml:5 +#: sssd-systemtap.5.xml:5 sssd-ldap-attributes.5.xml:5 +#: sssd_krb5_localauth_plugin.8.xml:5 +msgid "SSSD Manual pages" +msgstr "SSSD マニュアル ページ" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:13 sssd.conf.5.xml:19 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:14 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 +#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +#: sssd-files.5.xml:11 sssd-session-recording.5.xml:11 sssd-systemtap.5.xml:11 +#: sssd-ldap-attributes.5.xml:11 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:15 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 +#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +#: sssd-files.5.xml:12 sssd-session-recording.5.xml:12 sssd-kcm.8.xml:12 +#: sssd-systemtap.5.xml:12 sssd-ldap-attributes.5.xml:12 +msgid "File Formats and Conventions" +msgstr "ファイル形式および変換" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:20 +msgid "the configuration file for SSSD" +msgstr "SSSD の設定ファイル" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:24 +msgid "FILE FORMAT" +msgstr "ファイルフォーマット" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:32 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:27 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"ファイルは ini 形式の構文を持ち、セクションとパラメーターから構成されます。セ" +"クションは角括弧にあるセクション名から始まり、次のセクションが始まるまで続き" +"ます。 1 つセクションと複数の値を持つパラメーターの例: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:39 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" +"使用されるデータ形式は、文字列(引用符は不要)、整数および論理値" +"(<quote>TRUE/FALSE</quote> の値)です。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:44 +msgid "" +"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:50 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" +"すべてのセクションはオプションの <replaceable>description</replaceable> パラ" +"メーターを持てます。その機能はセクションのラベルとしてのみです。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:56 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" +"<filename>sssd.conf</filename> は、root により所有され、root のみが読み書きで" +"きる、通常のファイルである必要があります。" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:62 +msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:65 +msgid "" +"The configuration file <filename>sssd.conf</filename> will include " +"configuration snippets using the include directory <filename>conf.d</" +"filename>. This feature is available if SSSD was compiled with libini " +"version 1.3.0 or later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:72 +msgid "" +"Any file placed in <filename>conf.d</filename> that ends in " +"<quote><filename>.conf</filename></quote> and does not begin with a dot " +"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> " +"to configure SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:80 +msgid "" +"The configuration snippets from <filename>conf.d</filename> have higher " +"priority than <filename>sssd.conf</filename> and will override " +"<filename>sssd.conf</filename> when conflicts occur. If several snippets are " +"present in <filename>conf.d</filename>, then they are included in " +"alphabetical order (based on locale). Files included later have higher " +"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, " +"<filename>02_snippet.conf</filename> etc.) can help visualize the priority " +"(higher number means higher priority)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:94 +msgid "" +"The snippet files require the same owner and permissions as <filename>sssd." +"conf</filename>. Which are by default root:root and 0600." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:101 +msgid "GENERAL OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:103 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:107 +msgid "Options usable in all sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:111 +msgid "debug_level (integer)" +msgstr "debug_level (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:115 +msgid "debug (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:118 +msgid "" +"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias " +"for <replaceable>debug_level</replaceable> as a convenience feature. If both " +"are specified, the value of <replaceable>debug_level</replaceable> will be " +"used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:128 +msgid "debug_timestamps (bool)" +msgstr "debug_timestamps (論理値)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:131 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 +msgid "Default: true" +msgstr "初期値: true" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:141 +msgid "debug_microseconds (bool)" +msgstr "debug_microseconds (論理値)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:144 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 +#: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 +#: include/krb5_options.xml:163 +msgid "Default: false" +msgstr "初期値: false" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:154 +#, fuzzy +#| msgid "debug_microseconds (bool)" +msgid "debug_backtrace_enabled (bool)" +msgstr "debug_microseconds (論理値)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:157 +msgid "Enable debug backtrace." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:160 +msgid "" +"In case SSSD is run with debug_level less than 9, everything is logged to a " +"ring buffer in memory and flushed to a log file on any error up to and " +"including `min(0x0040, debug_level)` (i.e. if debug_level is explicitly set " +"to 0 or 1 then only those error levels will trigger backtrace, otherwise up " +"to 2)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:169 +msgid "" +"Feature is only supported for `logger == files` (i.e. setting doesn't have " +"effect for other logger types)." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 +#: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 +#: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 +#: sssd-ldap-attributes.5.xml:890 sssd-ldap-attributes.5.xml:987 +#: sssd-ldap-attributes.5.xml:1045 sssd-ldap-attributes.5.xml:1203 +#: sssd-ldap-attributes.5.xml:1248 include/autofs_attributes.xml:1 +#: include/krb5_options.xml:1 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:182 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:186 +msgid "timeout (integer)" +msgstr "timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:189 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests. Note " +"that after three missed heartbeats the process will terminate itself." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +msgid "Default: 10" +msgstr "初期値: 10" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:206 +msgid "SPECIAL SECTIONS" +msgstr "特別セクション" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:209 +msgid "The [sssd] section" +msgstr "[sssd] セクション" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><title> +#: sssd.conf.5.xml:218 +msgid "Section parameters" +msgstr "セクションのパラメーター" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:220 +msgid "config_file_version (integer)" +msgstr "config_file_version (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:223 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" +"設定ファイルの構文が何であるカを指示します。SSSD 0.6.0 およびそれ以降はバー" +"ジョン 2 を使用します。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:229 +msgid "services" +msgstr "services" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:232 +msgid "" +"Comma separated list of services that are started when sssd itself starts. " +"<phrase condition=\"have_systemd\"> The services' list is optional on " +"platforms where systemd is supported, as they will either be socket or D-Bus " +"activated when needed. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:241 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:249 +msgid "" +"<phrase condition=\"have_systemd\"> By default, all services are disabled " +"and the administrator must enable the ones allowed to be used by executing: " +"\"systemctl enable sssd-@service@.socket\". </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 +msgid "reconnection_retries (integer)" +msgstr "reconnection_retries (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" +"データプロバイダーがクラッシュまたは再起動した場合、サービスが再接続をあきら" +"める前に試行する回数です。" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 +#: include/failover.xml:100 +msgid "Default: 3" +msgstr "初期値: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:271 +msgid "domains" +msgstr "domains" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:274 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter describes the list of domains in the order you want " +"them to be queried. A domain name is recommended to contain only " +"alphanumeric ASCII characters, dashes, dots and underscores. '/' character " +"is forbidden." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 +msgid "re_expression (string)" +msgstr "re_expression (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:290 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:295 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN SECTIONS " +"for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 +msgid "full_name_format (string)" +msgstr "full_name_format (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" +"ユーザー名とドメイン名のコンポーネントから完全修飾名を表現する方法を表す " +"<citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> 互換形式。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 +msgid "%1$s" +msgstr "%1$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 +msgid "user name" +msgstr "ユーザー名" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 +msgid "%2$s" +msgstr "%2$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 +msgid "domain name as specified in the SSSD config file." +msgstr "SSSD 設定ファイルにおいて指定されるドメイン名。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 +msgid "%3$s" +msgstr "%3$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"以下の拡張モジュールがサポートされます: <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:344 +msgid "" +"Each domain can have an individual format string configured. See DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:350 +msgid "monitor_resolv_conf (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:353 +msgid "" +"Controls if SSSD should monitor the state of resolv.conf to identify when it " +"needs to update its internal DNS resolver." +msgstr "" +"内部 DNS リゾルバーを更新する必要があるときを判断するために SSSD が resolv." +"conf の状態を監視するかどうかを制御します。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:363 +msgid "try_inotify (boolean)" +msgstr "try_inotify (論理値)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:366 +msgid "" +"By default, SSSD will attempt to use inotify to monitor configuration files " +"changes and will fall back to polling every five seconds if inotify cannot " +"be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" +"inotify を使用することをスキップすることが望ましい、いくつかの制限された状況" +"があります。これらの珍しい場合では、このオプションが 'false' に設定されるべき" +"です" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:378 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" +"初期値: inotify がサポートされるプラットフォームにおいては真です。他のプラッ" +"トフォームにおいては偽です。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:382 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" +"注: このオプションは inotify が利用不可能なプラットフォームにおいて効果があり" +"ません。これらのプラットフォームにおいては、ポーリングが常に使用されます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:389 +msgid "krb5_rcache_dir (string)" +msgstr "krb5_rcache_dir (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" +"SSSD が Kerberos リプレイキャッシュファイルを保存するファイルシステムのディレ" +"クトリーです。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:396 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" +"このオプションは、libkrb5 がリプレイキャッシュに対する適切な場所を決められる" +"よう SSSD に指示する、特別な値 __LIBKRB5_DEFAULTS__ を受け付けます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:402 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" +"初期値: ディストリビューション固有かつ構築時に指定されます。 (設定されていな" +"ければ __LIBKRB5_DEFAULTS__ です)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:409 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:412 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user. Currently the only supported value is '&sssd_user_name;'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:419 +msgid "" +"This option does not work when running socket-activated services, as the " +"user set up to run the processes is set up during compilation time. The way " +"to override the systemd unit files is by creating the appropriate files in /" +"etc/systemd/system/. Keep in mind that any change in the socket user, group " +"or permissions may result in a non-usable SSSD. The same may occur in case " +"of changes of the user running the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:433 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:438 +msgid "default_domain_suffix (string)" +msgstr "default_domain_suffix (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:441 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:451 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False. <phrase condition=\"with_files_provider\"> One exception from " +"this rule are domains with <quote>id_provider=files</quote> that always try " +"to match the behaviour of nss_files and therefore their output is not " +"qualified even when the default_domain_suffix option is used. </phrase>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 +#: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 +#: include/krb5_options.xml:148 +msgid "Default: not set" +msgstr "初期値: 設定されません" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:473 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:476 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:485 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:498 +msgid "certificate_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:506 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:508 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:516 +msgid "soft_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:518 +msgid "" +"If a connection cannot be established to an OCSP responder the OCSP check is " +"skipped. This option should be used to allow authentication when the system " +"is offline and the OCSP responder cannot be reached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:528 +msgid "ocsp_dgst" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "" +"Digest (hash) function used to create the certificate ID for the OCSP " +"request. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:534 +msgid "sha1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:535 +msgid "sha256" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:536 +msgid "sha384" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:537 +msgid "sha512" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:540 +msgid "Default: sha1 (to allow compatibility with RFC5019-compliant responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:546 +msgid "no_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:548 +msgid "" +"Disables verification completely. This option should only be used for " +"testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "partial_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:556 +msgid "" +"Allow verification to succeed even if a <replaceable>complete</replaceable> " +"chain cannot be built to a self-signed trust-anchor, provided it is possible " +"to construct a chain to a trusted certificate that might not be self-signed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:565 +msgid "ocsp_default_responder=URL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:567 +msgid "" +"Sets the OCSP default responder which should be used instead of the one " +"mentioned in the certificate. URL must be replaced with the URL of the OCSP " +"default responder e.g. http://example.com:80/ocsp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:577 +msgid "ocsp_default_responder_signing_cert=NAME" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:579 +msgid "" +"This option is currently ignored. All needed certificates must be available " +"in the PEM file given by pam_cert_db_path." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:587 +msgid "crl_file=/PATH/TO/CRL/FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:589 +#, fuzzy +#| msgid "" +#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> manual page for more details." +msgid "" +"Use the Certificate Revocation List (CRL) from the given file during the " +"verification of the certificate. The CRL must be given in PEM format, see " +"<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</" +"manvolnum> </citerefentry> for details." +msgstr "" +"詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> マニュアルページにある " +"<quote>dns_discovery_domain</quote> パラメーターを参照してください。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:602 +msgid "soft_crl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:605 +msgid "" +"If a Certificate Revocation List (CRL) is expired ignore the CRL checks for " +"the related certificates. This option should be used to allow authentication " +"when the system is offline and the CRL cannot be renewed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:616 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:619 +msgid "Default: not set, i.e. do not restrict certificate verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:625 +msgid "disable_netlink (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "" +"SSSD hooks into the netlink interface to monitor changes to routes, " +"addresses, links and trigger certain actions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:633 +msgid "" +"The SSSD state changes caused by netlink events may be undesirable and can " +"be disabled by setting this option to 'true'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:638 +msgid "Default: false (netlink changes are detected)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:643 +msgid "enable_files_domain (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:646 +msgid "" +"When this option is enabled, SSSD prepends an implicit domain with " +"<quote>id_provider=files</quote> before any explicitly configured domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:657 +msgid "domain_resolution_order" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:660 +msgid "" +"Comma separated list of domains and subdomains representing the lookup order " +"that will be followed. The list doesn't have to include all possible " +"domains as the missing domains will be looked up based on the order they're " +"presented in the <quote>domains</quote> configuration option. The " +"subdomains which are not listed as part of <quote>lookup_order</quote> will " +"be looked up in a random order for each parent domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:672 +msgid "" +"Please, note that when this option is set the output format of all commands " +"is always fully-qualified even when using short names for input <phrase " +"condition=\"with_files_provider\"> , for all users but the ones managed by " +"the files provider </phrase>. In case the administrator wants the output " +"not fully-qualified, the full_name_format option can be used as shown below: " +"<quote>full_name_format=%1$s</quote> However, keep in mind that during " +"login, login applications often canonicalize the username by calling " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> which, if a shortname is returned for a qualified " +"input (while trying to reach a user which exists in multiple domains) might " +"re-route the login attempt into the domain which uses shortnames, making " +"this workaround totally not recommended in cases where usernames may overlap " +"between domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 +#: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 +msgid "Default: Not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:705 +#, fuzzy +#| msgid "ipa_server_mode (boolean)" +msgid "implicit_pac_responder (boolean)" +msgstr "ipa_server_mode (論理値)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:708 +msgid "" +"The PAC responder is enabled automatically for the IPA and AD provider to " +"evaluate and check the PAC. If it has to be disabled set this option to " +"'false'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:719 +#, fuzzy +#| msgid "dyndns_update (boolean)" +msgid "core_dumpable (boolean)" +msgstr "dyndns_update (論理値)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:722 +msgid "" +"This option can be used for general system hardening: setting it to 'false' " +"forbids core dumps for all SSSD processes to avoid leaking plain text " +"passwords. See man page prctl:PR_SET_DUMPABLE for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:734 +#, fuzzy +#| msgid "ipa_automount_location (string)" +msgid "passkey_verification (string)" +msgstr "ipa_automount_location (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +#, fuzzy +#| msgid "ipa_automount_location (string)" +msgid "user_verification (boolean)" +msgstr "ipa_automount_location (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:744 +msgid "" +"Enable or disable the user verification (i.e. PIN, fingerprint) during " +"authentication. If enabled, the PIN will always be requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:750 +msgid "" +"The default is that the key settings decide what to do. In the IPA or " +"kerberos pre-authentication case, this value will be overwritten by the " +"server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +#, fuzzy +#| msgid "" +#| "The following expansions are supported: <placeholder " +#| "type=\"variablelist\" id=\"0\"/>" +msgid "" +"With this parameter the passkey verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"以下の拡張モジュールがサポートされます: <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:211 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"SSSD の機能の各部分は SSSD と一緒に開始および停止される特別な SSSD サービスに" +"より提供されます。特別なサービスにより管理されるサービスはよく<quote>モニター" +"</quote>と呼ばれます。<quote>[sssd]</quote> セクションは、モニターだけでな" +"く、識別ドメインのような他の重要なオプションを設定するために使用されます。 " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:769 +msgid "SERVICES SECTIONS" +msgstr "サービスセクション" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:771 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" +"異なるサービスを設定するために使用される設定がこのセクションに記述されます。" +"それらは [<replaceable>$NAME</replaceable>] セクションに置かれます。たとえ" +"ば、NSS サービスは <quote>[nss]</quote> セクションです" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:778 +msgid "General service configuration options" +msgstr "サービス設定の全体オプション" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:780 +msgid "These options can be used to configure any service." +msgstr "これらのオプションはすべてのサービスを設定するために使用できます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:797 +msgid "fd_limit" +msgstr "fd_limit" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:800 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:814 +msgid "client_idle_timeout" +msgstr "client_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:817 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system. The timeout " +"can't be shorter than 10 seconds. If a lower value is configured, it will be " +"adjusted to 10 seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 60, KCM: 300" +msgstr "初期値: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:831 +msgid "offline_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:834 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. By " +"default SSSD uses incremental behaviour to calculate delay in between " +"retries. So, the wait time for a given retry will be longer than the wait " +"time for the previous ones. After each unsuccessful attempt to go online, " +"the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 +msgid "" +"new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." +"offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:848 +msgid "" +"The offline_timeout default value is 60. The offline_timeout_max default " +"value is 3600. The offline_timeout_random_offset default value is 30. The " +"end result is amount of seconds before next retry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:854 +msgid "" +"Note that the maximum length of each interval is defined by " +"offline_timeout_max (apart of random part)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 +msgid "Default: 60" +msgstr "初期値: 60" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:863 +#, fuzzy +#| msgid "timeout (integer)" +msgid "offline_timeout_max (integer)" +msgstr "timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:866 +msgid "" +"Controls by how much the time between attempts to go online can be " +"incremented following unsuccessful attempts to go online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:871 +msgid "A value of 0 disables the incrementing behaviour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:874 +msgid "" +"The value of this parameter should be set in correlation to offline_timeout " +"parameter value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "" +"With offline_timeout set to 60 (default value) there is no point in setting " +"offlinet_timeout_max to less than 120 as it will saturate instantly. General " +"rule here should be to set offline_timeout_max to at least 4 times " +"offline_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "" +"Although a value between 0 and offline_timeout may be specified, it has the " +"effect of overriding the offline_timeout value so is of little use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:889 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 3600" +msgstr "初期値: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:894 +#, fuzzy +#| msgid "offline_failed_login_attempts (integer)" +msgid "offline_timeout_random_offset (integer)" +msgstr "offline_failed_login_attempts (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:897 +msgid "" +"When SSSD is in offline mode it keeps probing backend servers in specified " +"time intervals:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:904 +msgid "" +"This parameter controls the value of the random offset used for the above " +"equation. Final random_offset value will be random number in range:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "[0 - offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:912 +msgid "A value of 0 disables the random offset addition." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:915 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 30" +msgstr "初期値: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:920 +msgid "responder_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:923 +msgid "" +"This option specifies the number of seconds that an SSSD responder process " +"can be up without being used. This value is limited in order to avoid " +"resource exhaustion on the system. The minimum acceptable value for this " +"option is 60 seconds. Setting this option to 0 (zero) means that no timeout " +"will be set up to the responder. This option only has effect when SSSD is " +"built with systemd support and when services are either socket or D-Bus " +"activated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 +msgid "Default: 300" +msgstr "初期値: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:942 +msgid "cache_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 +msgid "" +"This option specifies whether the responder should query all caches before " +"querying the Data Providers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:960 +msgid "NSS configuration options" +msgstr "NSS 設定オプション" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:962 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" +"これらのオプションは Name Service Switch (NSS) サービスを設定するために使用で" +"きます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:967 +msgid "enum_cache_timeout (integer)" +msgstr "enum_cache_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:970 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" +"nss_sss が列挙をキャッシュする秒数です(すべてのユーザーに関する情報に対する" +"要求)。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:974 +msgid "Default: 120" +msgstr "初期値: 120" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:979 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "entry_cache_nowait_percentage (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:982 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" +"エントリーキャッシュは、ドメインに対して entry_cache_timeout の値を超えて要求" +"された場合に、バックグラウンドでエントリーを自動的に更新するよう設定できま" +"す。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:988 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" +"たとえば、ドメインの entry_cache_timeout が 30s に設定され、" +"entry_cache_nowait_percentage が 50 (%) に設定されていると、エントリーが 15 " +"秒経過後にきて、最新の更新キャッシュが直ちに返されます。しかし、SSSD が自身に" +"キャッシュされ、更新されます。そのため、その先の要求はキャッシュ更新を待つこ" +"とをブロックする必要がありません。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:998 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" +"このオプションに対して有効な値は 0-99 です。各ドメインに対する " +"entry_cache_timeout のパーセンテージを表します。性能上の理由から、このパーセ" +"ンテージは 10 秒よりも小さく nowait タイムアウトを減らすべきではありません。" +"(0 はこの機能を無効にします)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 +msgid "Default: 50" +msgstr "初期値: 50" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1011 +msgid "entry_negative_timeout (integer)" +msgstr "entry_negative_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"nss_sss が再びバックエンドに問い合わせる前にネガティブキャッシュヒット(つま" +"り、存在しないドメインのように、無効なデータベースエントリーに対する問い合わ" +"せ)をキャッシュする秒数を指定します。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 +msgid "Default: 15" +msgstr "初期値: 15" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1025 +msgid "local_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1028 +msgid "" +"Specifies for how many seconds nss_sss should keep local users and groups in " +"negative cache before trying to look it up in the back end again. Setting " +"the option to 0 disables this feature." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "Default: 14400 (4 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1039 +msgid "filter_users, filter_groups (string)" +msgstr "filter_users, filter_groups (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1042 +msgid "" +"Exclude certain users or groups from being fetched from the sss NSS " +"database. This is particularly useful for system accounts. This option can " +"also be set per-domain or include fully-qualified names to filter only users " +"from the particular domain or by a user principal name (UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1050 +msgid "" +"NOTE: The filter_groups option doesn't affect inheritance of nested group " +"members, since filtering happens after they are propagated for returning via " +"NSS. E.g. a group having a member group filtered out will still have the " +"member users of the latter listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1058 +msgid "Default: root" +msgstr "初期値: root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1063 +msgid "filter_users_in_groups (bool)" +msgstr "filter_users_in_groups (論理値)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1066 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" +"フィルターされたユーザーがまだグループメンバーのままにしたいならば、このオプ" +"ションを偽に設定します。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1077 +msgid "fallback_homedir (string)" +msgstr "fallback_homedir (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1080 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" +"ドメインのデータプロバイダーにより明示的に指定されていない場合に、ユーザーの" +"ホームディレクトリーの標準テンプレートを設定します。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1085 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" +"このオプションに対して利用可能なオプションは override_homedir に対するものと" +"同じです。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1091 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" +"fallback_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "例: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1095 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "初期値: 設定なし (ホームディレクトリーの設定がない場合は代替なし)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1101 +msgid "override_shell (string)" +msgstr "override_shell (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1104 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "初期値: 設定なし (SSSD は LDAP から取得された値を使用します)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1116 +msgid "allowed_shells (string)" +msgstr "allowed_shells (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1119 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" +"ユーザーのシェルを一覧にある値のどれかに制限します。評価の順番は次のとおりで" +"す:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1122 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" +"1. シェルが <quote>/etc/shells</quote> に存在すると、それが使用されます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1126 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" +"2. シェルが allowed_shells 一覧にあるが、<quote>/etc/shells</quote> になけれ" +"ば、shell_fallback パラメーターの値を使用します。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1131 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" +"3. シェルが allowed_shells 一覧になく、<quote>/etc/shells</quote> にもなけれ" +"ば、nologin シェルが使用されます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1136 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1139 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1146 +msgid "An empty string for shell is passed as-is to libc." +msgstr "シェルの空文字列は libc にそのまま渡されます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1149 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" +"<quote>/etc/shells</quote> は SSSD が開始されるときにのみ読み込まれます。これ" +"は新しいシェルがインストールされた場合 SSSD の再起動が必要になることを意味し" +"ます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1153 +msgid "Default: Not set. The user shell is automatically used." +msgstr "初期値: 設定されません。ユーザーシェルが自動的に使用されます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1158 +msgid "vetoed_shells (string)" +msgstr "vetoed_shells (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1161 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "これらのシェルのインスタンスをすべて shell_fallback に置き換えます" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1166 +msgid "shell_fallback (string)" +msgstr "shell_fallback (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1169 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" +"許可されたシェルがマシンにインストールされていない場合に使用する標準シェルで" +"す。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1173 +msgid "Default: /bin/sh" +msgstr "初期値: /bin/sh" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1178 +msgid "default_shell" +msgstr "default_shell" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1181 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1187 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 +msgid "get_domains_timeout (int)" +msgstr "get_domains_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "サブドメインのリストが有効とみなされる時間を秒単位で指定します。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1206 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_timeout (integer)" +msgstr "enum_cache_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1209 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid. Setting this option to zero will disable the in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1217 +msgid "" +"WARNING: Disabling the in-memory cache will have significant negative impact " +"on SSSD's performance and should only be used for testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1231 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_passwd (integer)" +msgstr "enum_cache_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1234 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for passwd requests. Setting the size to 0 will disable the passwd in-" +"memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 +msgid "" +"WARNING: Disabled or too small in-memory cache can have significant negative " +"impact on SSSD's performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1256 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_group (integer)" +msgstr "enum_cache_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1259 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for group requests. Setting the size to 0 will disable the group in-memory " +"cache." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 +#: include/krb5_options.xml:11 +msgid "Default: 6" +msgstr "初期値: 6" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1281 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_initgroups (integer)" +msgstr "enum_cache_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1284 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for initgroups requests. Setting the size to 0 will disable the initgroups " +"in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1306 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_sid (integer)" +msgstr "enum_cache_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1309 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for SID related requests. Only SID-by-ID and ID-by-SID requests are " +"currently cached in fast in-memory cache. Setting the size to 0 will " +"disable the SID in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1336 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1349 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1354 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1359 +msgid "pwfield (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1362 +msgid "" +"The value that NSS operations that return users or groups will return for " +"the <quote>password</quote> field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1367 +#, fuzzy +#| msgid "Default: <quote>permit</quote>" +msgid "Default: <quote>*</quote>" +msgstr "初期値: <quote>permit</quote>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1370 +#, fuzzy +#| msgid "This option can also be set per-domain." +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[nss] section." +msgstr "このオプションはドメインごとに設定できます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1374 +msgid "" +"Default: <quote>not set</quote> (remote domains), <phrase " +"condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" +"phrase> <quote>x</quote> (proxy domain with nss_files and sssd-shadowutils " +"target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1386 +msgid "PAM configuration options" +msgstr "PAM 設定オプション" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1388 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" +"これらのオプションは Pluggable Authentication Module (PAM) サービスを設定する" +"ために使用できます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1393 +msgid "offline_credentials_expiration (integer)" +msgstr "offline_credentials_expiration (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1396 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" +"認証プロバイダーがオフラインの場合に、キャッシュログインを許可する時間(オン" +"ラインログインの最終成功からの日数)です。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 +msgid "Default: 0 (No limit)" +msgstr "初期値: 0 (無制限)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1407 +msgid "offline_failed_login_attempts (integer)" +msgstr "offline_failed_login_attempts (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1410 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" +"認証プロバイダーがオフラインの場合、ログイン試行の失敗が許容される回数です。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1420 +msgid "offline_failed_login_delay (integer)" +msgstr "offline_failed_login_delay (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1423 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" +"新しいログイン試行が可能になる前に offline_failed_login_attempts に達した後に" +"渡される分単位の時間です。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1428 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" +"0 に設定されていると、offline_failed_login_attempts に達した場合、ユーザーが" +"オフライン認証できません。オンライン認証に成功すると、再びオフライン認証を有" +"効にできます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 +msgid "Default: 5" +msgstr "初期値: 5" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1440 +msgid "pam_verbosity (integer)" +msgstr "pam_verbosity (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1443 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" +"認証中にユーザーに表示されるメッセージの種類を制御します。数字が大きければ大" +"きいほどメッセージが表示されます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1448 +msgid "Currently sssd supports the following values:" +msgstr "現在 sssd は以下の値をサポートします:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1451 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "<emphasis>0</emphasis>: 何もメッセージを表示しない" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1454 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "<emphasis>1</emphasis>: 重要なメッセージのみを表示する" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1458 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "<emphasis>2</emphasis>: 情報レベルのメッセージを表示する" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "<emphasis>3</emphasis>: すべてのメッセージとデバッグ情報を表示する" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1465 sssd.8.xml:63 +msgid "Default: 1" +msgstr "初期値: 1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1471 +#, fuzzy +#| msgid "ldap_access_filter (string)" +msgid "pam_response_filter (string)" +msgstr "ldap_access_filter (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1474 +msgid "" +"A comma separated list of strings which allows to remove (filter) data sent " +"by the PAM responder to pam_sss PAM module. There are different kind of " +"responses sent to pam_sss e.g. messages displayed to the user or environment " +"variables which should be set by pam_sss." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1482 +msgid "" +"While messages already can be controlled with the help of the pam_verbosity " +"option this option allows to filter out other kind of responses as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1489 +msgid "ENV" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1490 +msgid "Do not send any environment variables to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1493 +msgid "ENV:var_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1494 +msgid "Do not send environment variable var_name to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1498 +msgid "ENV:var_name:service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1499 +msgid "Do not send environment variable var_name to service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1487 +msgid "" +"Currently the following filters are supported: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1506 +msgid "" +"The list of strings can either be the list of filters which would set this " +"list of filters and overwrite the defaults. Or each element of the list can " +"be prefixed by a '+' or '-' character which would add the filter to the " +"existing default or remove it from the defaults, respectively. Please note " +"that either all list elements must have a '+' or '-' prefix or none. It is " +"considered as an error to mix both styles." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1517 +msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1520 +msgid "" +"Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1527 +msgid "pam_id_timeout (integer)" +msgstr "pam_id_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1530 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" +"SSSD がオンラインの間はすべての PAM 要求に対して、ユーザーが最新の情報で認証" +"されるよう、SSSD は直ちにキャッシュされた識別情報を更新しようとします。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1536 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" +"完全な PAM のやりとりは、アカウント管理やセッション開始のように、複数の PAM " +"要求を実行できます。このオプションは、識別プロバイダーに対する過剰なラウンド" +"トリップを避けるために識別情報をキャッシュできる時間(秒数)を(クライアント" +"アプリケーションごとに)制御します。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1550 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "pam_pwd_expiration_warning (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 +msgid "Display a warning N days before the password expires." +msgstr "パスワードの期限が切れる前に N 日間警告を表示します。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1556 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" +"バックエンドのサーバーがパスワードの有効期間に関する情報を提供する必要がある" +"ことに注意してください。この情報がなければ、sssd は警告を表示します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1567 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 +msgid "Default: 0" +msgstr "初期値: 0" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1589 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1592 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to run PAM conversations against trusted domains. Users not " +"included in this list can only access domains marked as public with " +"<quote>pam_public_domains</quote>. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 +msgid "Default: All users are considered trusted by default" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1606 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1620 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1624 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1628 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 +msgid "Default: none" +msgstr "初期値: none" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1637 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1640 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbosity is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1653 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1662 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1665 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1672 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1681 +#, fuzzy +#| msgid "ldap_chpass_update_last_change (bool)" +msgid "pam_passkey_auth (bool)" +msgstr "ldap_chpass_update_last_change (論理値)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 +msgid "Enable passkey device based authentication." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 +msgid "Default: False" +msgstr "初期値: 偽" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1692 +msgid "passkey_debug_libfido2 (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1695 +msgid "Enable libfido2 library debug messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1703 +msgid "pam_cert_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1706 +msgid "" +"Enable certificate based Smartcard authentication. Since this requires " +"additional communication with the Smartcard which will delay the " +"authentication process this option is disabled by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1717 +msgid "pam_cert_db_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1720 +msgid "The path to the certificate database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 +msgid "Default:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 +msgid "" +"/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " +"certificates in PEM format)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1735 +#, fuzzy +#| msgid "ipa_automount_location (string)" +msgid "pam_cert_verification (string)" +msgstr "ipa_automount_location (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1738 +msgid "" +"With this parameter the PAM certificate verification can be tuned with a " +"comma separated list of options that override the " +"<quote>certificate_verification</quote> value in <quote>[sssd]</quote> " +"section. Supported options are the same of <quote>certificate_verification</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1749 +#, fuzzy, no-wrap +#| msgid "" +#| "fallback_homedir = /home/%u\n" +#| " " +msgid "" +"pam_cert_verification = partial_chain\n" +" " +msgstr "" +"fallback_homedir = /home/%u\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1753 +msgid "" +"Default: not set, i.e. use default <quote>certificate_verification</quote> " +"option defined in <quote>[sssd]</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1760 +msgid "p11_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1763 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1772 +#, fuzzy +#| msgid "pam_id_timeout (integer)" +msgid "passkey_child_timeout (integer)" +msgstr "pam_id_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1775 +msgid "" +"How many seconds will the PAM responder wait for passkey_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1784 +msgid "pam_app_services (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1787 +msgid "" +"Which PAM services are permitted to contact domains of type " +"<quote>application</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1796 +msgid "pam_p11_allowed_services (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1799 +msgid "" +"A comma-separated list of PAM service names for which it will be allowed to " +"use Smartcards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1814 +#, no-wrap +msgid "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1803 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in order " +"to replace a default PAM service name for authentication with Smartcards (e." +"g. <quote>login</quote>) with a custom PAM service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd-ad.5.xml:869 sssd-ad.5.xml:947 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1863 +msgid "gnome-screensaver" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1871 +msgid "p11_wait_for_card_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1874 +msgid "" +"If Smartcard authentication is required how many extra seconds in addition " +"to p11_child_timeout should the PAM responder wait until a Smartcard is " +"inserted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1885 +msgid "p11_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1888 +msgid "" +"PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " +"selection of devices used for Smartcard authentication. By default SSSD's " +"p11_child will search for a PKCS#11 slot (reader) where the 'removable' " +"flags is set and read the certificates from the inserted token from the " +"first slot found. If multiple readers are connected p11_uri can be used to " +"tell p11_child to use a specific reader." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1901 +#, no-wrap +msgid "" +"p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1905 +#, no-wrap +msgid "" +"p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1899 +msgid "" +"Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " +"type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " +"debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' " +"with e.g. the '--list-all' will show PKCS#11 URIs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1918 +msgid "pam_initgroups_scheme" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1926 +msgid "always" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1927 +msgid "" +"Always do an online lookup, please note that pam_id_timeout still applies" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1931 +msgid "no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1932 +msgid "" +"Only do an online lookup if there is no active session of the user, i.e. if " +"the user is currently not logged in" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1937 +msgid "never" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1938 +msgid "" +"Never force an online lookup, use the data from the cache as long as they " +"are not expired" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1921 +msgid "" +"The PAM responder can force an online lookup to get the current group " +"memberships of the user trying to log in. This option controls when this " +"should be done and the following values are allowed: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1945 +msgid "Default: no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 +msgid "pam_gssapi_services" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1953 +#, fuzzy +#| msgid "Comma separated list of users who are allowed to log in." +msgid "" +"Comma separated list of PAM services that are allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "ログインが許可されたユーザーのカンマ区切り一覧です。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1958 +msgid "" +"To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[pam] section. It can also be set for trusted domain which overwrites the " +"value in the domain section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1970 +#, fuzzy, no-wrap +#| msgid "" +#| "fallback_homedir = /home/%u\n" +#| " " +msgid "" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" +"fallback_homedir = /home/%u\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1974 +msgid "Default: - (GSSAPI authentication is disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 +msgid "pam_gssapi_check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1982 +msgid "" +"If True, SSSD will require that the Kerberos user principal that " +"successfully authenticated through GSSAPI can be associated with the user " +"who is being authenticated. Authentication will fail if the check fails." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1989 +msgid "" +"If False, every user that is able to obtained required service ticket will " +"be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 +#: sssd-files.5.xml:145 +msgid "Default: True" +msgstr "初期値: True" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2004 +msgid "pam_gssapi_indicators_map" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2007 +msgid "" +"Comma separated list of authentication indicators required to be present in " +"a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2013 +msgid "" +"Each element of the list can be either an authentication indicator name or a " +"pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " +"service name will be required to access any PAM service configured to be " +"used with <option>pam_gssapi_services</option>. A resulting list of " +"indicators per PAM service is then checked against indicators in the " +"Kerberos ticket during authentication by pam_sss_gss.so. Any indicator from " +"the ticket that matches the resulting list of indicators for the PAM service " +"would grant access. If none of the indicators in the list match, access will " +"be denied. If the resulting list of indicators for the PAM service is empty, " +"the check will not prevent the access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"To disable GSSAPI authentication indicator check, set this option to <quote>-" +"</quote> (dash). To disable the check for a specific PAM service, add " +"<quote>service:-</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "" +"Following authentication indicators are supported by IPA Kerberos " +"deployments:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"pkinit -- pre-authentication using X.509 certificates -- whether stored in " +"files or on smart cards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2043 +msgid "" +"hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " +"FAST channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2046 +msgid "radius -- pre-authentication with the help of a RADIUS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2049 +msgid "" +"otp -- pre-authentication using integrated two-factor authentication (2FA or " +"one-time password, OTP) in IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2052 +msgid "idp -- pre-authentication using external identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:2062 +#, no-wrap +msgid "" +"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2057 +msgid "" +"Example: to require access to SUDO services only for users which obtained " +"their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " +"set <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2066 +#, fuzzy +#| msgid "Default: not set (no substitution for unset home directories)" +msgid "Default: not set (use of authentication indicators is not required)" +msgstr "初期値: 設定なし (ホームディレクトリーの設定がない場合は代替なし)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2074 +msgid "SUDO configuration options" +msgstr "SUDO 設定オプション" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2076 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2093 +msgid "sudo_timed (bool)" +msgstr "sudo_timed (論理値)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2096 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" +"時間依存の sudoers エントリーを実装する sudoNotBefore と sudoNotAfter の属性" +"を評価するかしないかです。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2108 +msgid "sudo_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2111 +msgid "" +"Maximum number of expired rules that can be refreshed at once. If number of " +"expired rules is below threshold, those rules are refreshed with " +"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a " +"<quote>full refresh</quote> of sudo rules is triggered instead. This " +"threshold number also applies to IPA sudo command and command group searches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2130 +msgid "AUTOFS configuration options" +msgstr "Autofs 設定オプション" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2132 +msgid "These options can be used to configure the autofs service." +msgstr "これらのオプションが autofs サービスを設定するために使用されます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2136 +msgid "autofs_negative_timeout (integer)" +msgstr "autofs_negative_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2139 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"autofs レスポンダーのネガティブキャッシュ(つまり、存在しないもののように、無" +"効なマップエントリーに対する問い合わせ)が再びバックエンドに問い合わせる前に" +"ヒットする秒数を指定します。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2155 +msgid "SSH configuration options" +msgstr "SSH 設定オプション" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2157 +msgid "These options can be used to configure the SSH service." +msgstr "これらのオプションは SSH サービスを設定するために使用されます。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2161 +msgid "ssh_hash_known_hosts (bool)" +msgstr "ssh_hash_known_hosts (論理値)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2164 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2173 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "ssh_known_hosts_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2176 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2180 +msgid "Default: 180" +msgstr "初期値: 180" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2185 +msgid "ssh_use_certificate_keys (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2188 +msgid "" +"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " +"keys derived from the public key of X.509 certificates stored in the user " +"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2203 +msgid "ssh_use_certificate_matching_rules (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2206 +msgid "" +"By default the ssh responder will use all available certificate matching " +"rules to filter the certificates so that ssh keys are only derived from the " +"matching ones. With this option the used rules can be restricted with a " +"comma separated list of mapping and matching rule names. All other rules " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2215 +msgid "" +"There are two special key words 'all_rules' and 'no_rules' which will enable " +"all or no rules, respectively. The latter means that no certificates will be " +"filtered out and ssh keys will be generated from all valid certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2222 +msgid "" +"If no rules are configured using 'all_rules' will enable a default rule " +"which enables all certificates suitable for client authentication. This is " +"the same behavior as for the PAM responder if certificate authentication is " +"enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2229 +msgid "" +"A non-existing rule name is considered an error. If as a result no rule is " +"selected all certificates will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2234 +msgid "" +"Default: not set, equivalent to 'all_rules', all found rules or the default " +"rule are used" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2240 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2243 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2263 +msgid "PAC responder configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2265 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. If " +"the PAC is decoded and evaluated some of the following operations are done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2274 +msgid "" +"If the remote user does not exist in the cache, it is created. The UID is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"GID will have the same value as the UID. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2282 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2288 +msgid "These options can be used to configure the PAC responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 +msgid "allowed_uids (string)" +msgstr "allowed_uids (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2295 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2301 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2305 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2314 +msgid "pac_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2317 +msgid "" +"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " +"data can be used to determine the group memberships of a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2327 +#, fuzzy +#| msgid "ldap_schema (string)" +msgid "pac_check (string)" +msgstr "ldap_schema (文字列)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2330 +msgid "" +"Apply additional checks on the PAC of the Kerberos ticket which is available " +"in Active Directory and FreeIPA domains, if configured. Please note that " +"Kerberos ticket validation must be enabled to be able to check the PAC, i.e. " +"the krb5_validate option must be set to 'True' which is the default for the " +"IPA and AD provider. If krb5_validate is set to 'False' the PAC checks will " +"be skipped." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2344 +msgid "no_check" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2346 +msgid "" +"The PAC must not be present and even if it is present no additional checks " +"will be done." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2352 +msgid "pac_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2354 +msgid "" +"The PAC must be present in the service ticket which SSSD will request with " +"the help of the user's TGT. If the PAC is not available the authentication " +"will fail." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2362 +msgid "check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2364 +msgid "" +"If the PAC is present check if the user principal name (UPN) information is " +"consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2370 +msgid "check_upn_allow_missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2372 +msgid "" +"This option should be used together with 'check_upn' and handles the case " +"where a UPN is set on the server-side but is not read by SSSD. The typical " +"example is a FreeIPA domain where 'ldap_user_principal' is set to a not " +"existing attribute name. This was typically done to work-around issues in " +"the handling of enterprise principals. But this is fixed since quite some " +"time and FreeIPA can handle enterprise principals just fine and there is no " +"need anymore to set 'ldap_user_principal'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2384 +msgid "" +"Currently this option is set by default to avoid regressions in such " +"environments. A log message will be added to the system log and SSSD's debug " +"log in case a UPN is found in the PAC but not in SSSD's cache. To avoid this " +"log message it would be best to evaluate if the 'ldap_user_principal' option " +"can be removed. If this is not possible, removing 'check_upn' will skip the " +"test and avoid the log message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2398 +msgid "upn_dns_info_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2400 +msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2405 +msgid "check_upn_dns_info_ex" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2407 +msgid "" +"If the PAC is present and the extension to the UPN-DNS-INFO buffer is " +"available check if the information in the extension is consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2414 +msgid "upn_dns_info_ex_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2416 +msgid "" +"The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " +"'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2340 +#, fuzzy +#| msgid "" +#| "The following expansions are supported: <placeholder " +#| "type=\"variablelist\" id=\"0\"/>" +msgid "" +"The following options can be used alone or in a comma-separated list: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"以下の拡張モジュールがサポートされます: <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2426 +msgid "" +"Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " +"check_upn_dns_info_ex')" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2435 +msgid "Session recording configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2437 +msgid "" +"Session recording works in conjunction with <citerefentry> " +"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>, a part of tlog package, to log what users see and type when " +"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-" +"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2450 +msgid "These options can be used to configure session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 +msgid "scope (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 +msgid "\"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 +msgid "No users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 +msgid "\"some\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 +msgid "" +"Users/groups specified by <replaceable>users</replaceable> and " +"<replaceable>groups</replaceable> options are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 +msgid "\"all\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 +msgid "All users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 +msgid "" +"One of the following strings specifying the scope of session recording: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 +msgid "Default: \"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 +msgid "users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 +msgid "" +"A comma-separated list of users which should have session recording enabled. " +"Matches user names as returned by NSS. I.e. after the possible space " +"replacement, case changes, etc." +msgstr "" +"セッション記録を有効にしておくべきユーザーのカンマ区切りのリストです。NSS が" +"返すユーザー名にマッチします。つまり、スペースの置換、大文字小文字の変更など" +"の可能性がある場合には、その後になります。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 +msgid "Default: Empty. Matches no users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 +msgid "groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 +msgid "" +"A comma-separated list of groups, members of which should have session " +"recording enabled. Matches group names as returned by NSS. I.e. after the " +"possible space replacement, case changes, etc." +msgstr "" +"セッション記録を有効にしておくべきユーザーのグループごとのカンマ区切りのリス" +"トです。NSS が返すグループ名にマッチします。つまり、スペースの置換、大文字小" +"文字の変更などの可能性がある場合には、その後になります。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 +#: sssd-session-recording.5.xml:161 +msgid "" +"NOTE: using this option (having it set to anything) has a considerable " +"performance cost, because each uncached request for a user requires " +"retrieving and matching the groups the user is member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 +msgid "Default: Empty. Matches no groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 +#, fuzzy +#| msgid "simple_deny_users (string)" +msgid "exclude_users (string)" +msgstr "simple_deny_users (文字列)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 +msgid "" +"A comma-separated list of users to be excluded from recording, only " +"applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 +#, fuzzy +#| msgid "Default: empty, i.e. ldap_uri is used." +msgid "Default: Empty. No users excluded." +msgstr "初期値: 空、つまり ldap_uri が使用されます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 +#, fuzzy +#| msgid "simple_deny_groups (string)" +msgid "exclude_groups (string)" +msgstr "simple_deny_groups (文字列)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 +msgid "" +"A comma-separated list of groups, members of which should be excluded from " +"recording. Only applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 +#, fuzzy +#| msgid "Default: empty, i.e. ldap_uri is used." +msgid "Default: Empty. No groups excluded." +msgstr "初期値: 空、つまり ldap_uri が使用されます。" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2568 +msgid "DOMAIN SECTIONS" +msgstr "ドメインセクション" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2575 +msgid "enabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2578 +msgid "" +"Explicitly enable or disable the domain. If <quote>true</quote>, the domain " +"is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " +"always <quote>disabled</quote>. If this option is not set, the domain is " +"enabled only if it is listed in the domains option in the <quote>[sssd]</" +"quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2590 +msgid "domain_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2593 +msgid "" +"Specifies whether the domain is meant to be used by POSIX-aware clients such " +"as the Name Service Switch or by applications that do not need POSIX data to " +"be present or generated. Only objects from POSIX domains are available to " +"the operating system interfaces and utilities." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2601 +msgid "" +"Allowed values for this option are <quote>posix</quote> and " +"<quote>application</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2605 +msgid "" +"POSIX domains are reachable by all services. Application domains are only " +"reachable from the InfoPipe responder (see <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>) and the PAM responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2613 +msgid "" +"NOTE: The application domains are currently well tested with " +"<quote>id_provider=ldap</quote> only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2617 +msgid "" +"For an easy way to configure a non-POSIX domains, please see the " +"<quote>Application domains</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2621 +msgid "Default: posix" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2627 +msgid "min_id,max_id (integer)" +msgstr "min_id,max_id (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2630 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" +"ドメインに対する UID と GID の制限です。ドメインがこれらの制限の外にあるエン" +"トリーを含む場合、それは無視されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2635 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" +"ユーザーに対して、これはプライマリー GID 制限に影響します。 UID またはプライ" +"マリー GID が範囲外ならば、ユーザーは NSS に返されません。非プライマリーメン" +"バーに対して、範囲内にあるものは予期されたものとして報告されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2642 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2646 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "初期値: min_id は 1, max_id は 0 (無制限)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2652 +msgid "enumerate (bool)" +msgstr "enumerate (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2655 +msgid "" +"Determines if a domain can be enumerated, that is, whether the domain can " +"list all the users and group it contains. Note that it is not required to " +"enable enumeration in order for secondary groups to be displayed. This " +"parameter can have one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2663 +msgid "TRUE = Users and groups are enumerated" +msgstr "TRUE = ユーザーとグループが列挙されます" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2666 +msgid "FALSE = No enumerations for this domain" +msgstr "FALSE = このドメインに対して列挙しません" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 +msgid "Default: FALSE" +msgstr "初期値: FALSE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2672 +msgid "" +"Enumerating a domain requires SSSD to download and store ALL user and group " +"entries from the remote server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2677 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed. This can lead to the <quote>sssd_be</" +"quote> process becoming unresponsive or even restarted by the internal " +"watchdog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2692 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" +"最初の列挙が実行中の間、完全なユーザーまたはグループの一覧に対する要求は、そ" +"れが完了するまで結果を返しません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2697 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" +"さらに、列挙を有効にすることにより、挙の検索が確実に正しく完了するよりも長く" +"する必要があるので、ネットワーク切断を検知するために必要な時間が増える可能性" +"があります。詳細は使用している具体的な id_provider のマニュアルページを参照し" +"てください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2705 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2713 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2720 +msgid "all" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2721 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2724 +msgid "none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2725 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2716 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2739 +msgid "entry_cache_timeout (integer)" +msgstr "entry_cache_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2742 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" +"nss_sss が再びバックエンドに問い合わせる前にエントリーを有効であると考える秒" +"数です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2746 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2759 +msgid "Default: 5400" +msgstr "初期値: 5400" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2765 +msgid "entry_cache_user_timeout (integer)" +msgstr "entry_cache_user_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2768 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" +"nss_sss が再びバックエンドに問い合わせる前にユーザーエントリーを有効であると" +"考える秒数です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 +msgid "Default: entry_cache_timeout" +msgstr "初期値: entry_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2778 +msgid "entry_cache_group_timeout (integer)" +msgstr "entry_cache_group_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2781 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" +"nss_sss が再びバックエンドに問い合わせる前にグループエントリーを有効であると" +"考える秒数です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2791 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "entry_cache_netgroup_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2794 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" +"nss_sss が再びバックエンドに問い合わせる前にネットワークグループエントリーを" +"有効であると考える秒数です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2804 +msgid "entry_cache_service_timeout (integer)" +msgstr "entry_cache_service_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2807 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" +"nss_sss が再びバックエンドに問い合わせる前にサービスエントリーを有効であると" +"考える秒数です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2817 +msgid "entry_cache_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2820 +msgid "" +"How many seconds should nss_sss consider hosts and networks entries valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2831 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "entry_cache_sudo_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2834 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2844 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "entry_cache_autofs_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2847 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2858 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2861 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" +"リフレッシュ後にホストの ssh 鍵を保持するには何秒かかるか。IE ホストキーを何" +"秒キャッシュするか。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2872 +msgid "entry_cache_computer_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2875 +msgid "" +"How many seconds to keep the local computer entry before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2885 +msgid "refresh_expired_interval (integer)" +msgstr "refresh_expired_interval (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2888 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2893 +msgid "" +"The background refresh will process users, groups and netgroups in the " +"cache. For users who have performed the initgroups (get group membership for " +"user, typically ran at login) operation in the past, both the user entry " +"and the group membership are updated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2901 +msgid "This option is automatically inherited for all trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2905 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2909 +msgid "" +"Cache entry will be refreshed by background task when 2/3 of cache timeout " +"has already passed. If there are existing cached entries, the background " +"task will refer to their original cache timeout values instead of current " +"configuration value. This may lead to a situation in which background " +"refresh task appears to not be working. This is done by design to improve " +"offline mode operation and reuse of existing valid cache entries. To make " +"this change instant the user may want to manually invalidate existing cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 +#: sssd-ipa.5.xml:270 +msgid "Default: 0 (disabled)" +msgstr "初期値: 0 (無効)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2928 +msgid "cache_credentials (bool)" +msgstr "cache_credentials (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2942 +msgid "" +"Take a note that while credentials are stored as a salted SHA512 hash, this " +"still potentially poses some security risk in case an attacker manages to " +"get access to a cache file (normally requires privileged access) and to " +"break a password using brute force attack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2956 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2959 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" +"2-Factor-Authentication (2FA) が使用され、認証情報を保存する必要がある場合、" +"この値は、最初の認証要素 (長期パスワード) を SHA512 ハッシュとしてキャッシュ" +"に保存する必要がある最小の長さを決定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2966 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2977 +msgid "account_cache_expiration (integer)" +msgstr "account_cache_expiration (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2980 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" +"正常にログイン後、キャッシュのクリーンアップ中にエントリーが削除される前の日" +"数です。 0 は永久に保持することを意味します。このパラメーターの値は " +"offline_credentials_expiration と同等以上でなければいけません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2987 +msgid "Default: 0 (unlimited)" +msgstr "初期値: 0 (無制限)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2992 +msgid "pwd_expiration_warning (integer)" +msgstr "pwd_expiration_warning (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3003 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3010 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "初期値: 7 (Kerberos), 0 (LDAP)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3016 +msgid "id_provider (string)" +msgstr "id_provider (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3019 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" +"ドメインに対して使用される識別子プロバイダーです。サポートされる ID プロバイ" +"ダーは次のとおりです:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3023 +msgid "<quote>proxy</quote>: Support a legacy NSS provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3026 +msgid "" +"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" +"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on how to mirror local users and groups into SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3034 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" +"<quote>ldap</quote>: LDAP プロバイダー。LDAP の設定に関する詳細は " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +#| "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> for more information on " +#| "configuring FreeIPA." +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." +msgstr "" +"<quote>ipa</quote>: FreeIPA および Red Hat Enterprise Identity Management プ" +"ロバイダー。FreeIPA の設定に関する詳細は <citerefentry> <refentrytitle>sssd-" +"ipa</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してくださ" +"い。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" +"<quote>ad</quote>: Active Directory プロバイダー。Active Directory の設定に関" +"する詳細は <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3062 +msgid "use_fully_qualified_names (bool)" +msgstr "use_fully_qualified_names (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3065 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" +"NSS に報告するユーザーのログイン名としてフルネームとドメイン (ドメインの完全" +"名形式により整形されたように) を使用します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3070 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" +"TRUE に設定されていると、このドメインへのすべての要求は完全修飾名を使用する必" +"要があります。たとえば、 \"test\" ユーザーを含む LOCAL ドメインにおいて使用さ" +"れていると、<command>getent passwd test</command> はユーザーを見つけられませ" +"んが、<command>getent passwd test@LOCAL</command> は見つけられます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3078 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3085 +msgid "" +"Default: FALSE (TRUE for trusted domain/sub-domains or if " +"default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3092 +msgid "ignore_group_members (bool)" +msgstr "ignore_group_members (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3095 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3098 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3116 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 +msgid "" +"This option can be also set per subdomain or inherited via " +"<emphasis>subdomain_inherit</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3132 +msgid "auth_provider (string)" +msgstr "auth_provider (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3135 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" +"ドメインに対して使用される認証プロバイダーです。サポートされる認証プロバイ" +"ダーは次のとおりです:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> は本来の LDAP 認証向けです。LDAP の設定に関する詳細は " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3146 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> は Kerberos 認証向けです。Kerberos の設定に関する詳細は " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3170 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" +"<quote>proxy</quote> はいくつかの他の PAM ターゲットに認証を中継します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3173 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "<quote>none</quote> は明示的に認証を無効化します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3176 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" +"初期値: <quote>id_provider</quote> が設定され、認証要求を取り扱うことができる" +"ならば、それが使用されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3182 +msgid "access_provider (string)" +msgstr "access_provider (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3185 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" +"ドメインに対して使用されるアクセス制御プロバイダーです。 2 つの組み込みアクセ" +"スプロバイダーがあります(インストールされたバックエンドに含まれるすべてを加" +"えます)。内部の特別プロバイダーは次のとおりです:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3191 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" +"<quote>permit</quote> は常にアクセスを許可します。ローカルドメインに対するプ" +"ロバイダーのみアクセスが許可されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3194 +msgid "<quote>deny</quote> always deny access." +msgstr "<quote>deny</quote> は常にアクセスを拒否します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3221 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" +"<quote>simple</quote> アクセス制御はアクセスまたは拒否の一覧に基づきます。" +"simple アクセスモジュールの設定に関する詳細は <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3228 +msgid "" +"<quote>krb5</quote>: .k5login based access control. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3235 +msgid "<quote>proxy</quote> for relaying access control to another PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3238 +msgid "Default: <quote>permit</quote>" +msgstr "初期値: <quote>permit</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3243 +msgid "chpass_provider (string)" +msgstr "chpass_provider (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3246 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" +"ドメインに対するパスワード変更操作を取り扱うプロバイダーです。サポートされる" +"パスワード変更プロバイダーは次のとおりです:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3251 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3259 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> は Kerberos のパスワードを変更します。 Kerberos の設定に" +"関する詳細は <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3284 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" +"<quote>proxy</quote> はいくつかの他の PAM ターゲットにパスワードの変更を中継" +"します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3288 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "<quote>none</quote> は明示的にパスワードの変更を無効化します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3291 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" +"初期値: <quote>auth_provider</quote> が設定され、パスワードの変更要求を取り扱" +"うことができるならば、それが使用されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3298 +msgid "sudo_provider (string)" +msgstr "sudo_provider (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3301 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" +"ドメインに使用される SUDO プロバイダーです。サポートされる SUDO プロバイダー" +"は次のとおりです:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3305 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> は LDAP に保存されているルールのためです。LDAP の設定に関" +"する詳細は <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> を参照します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3313 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3317 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3321 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "<quote>none</quote> は SUDO を明示的に無効化します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" +"初期値: <quote>id_provider</quote> の値が設定されていると使用されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3328 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3343 +msgid "" +"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " +"background unless the sudo provider is explicitly disabled. Set " +"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related " +"activity in SSSD if you do not want to use sudo with SSSD at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3353 +msgid "selinux_provider (string)" +msgstr "selinux_provider (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3356 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3362 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3370 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3373 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3379 +msgid "subdomains_provider (string)" +msgstr "subdomains_provider (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3382 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3388 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3397 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3406 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "<quote>none</quote> はサブドメインの取り出しを明示的に無効化します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3416 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3419 +msgid "" +"The provider which configures and manages user session related tasks. The " +"only user session task currently provided is the integration with Fleet " +"Commander, which works only with IPA. Supported session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3426 +msgid "<quote>ipa</quote> to allow performing user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3430 +msgid "" +"<quote>none</quote> does not perform any kind of user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3434 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can perform " +"session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3438 +msgid "" +"<emphasis>NOTE:</emphasis> In order to have this feature working as expected " +"SSSD must be running as \"root\" and not as the unprivileged user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3446 +msgid "autofs_provider (string)" +msgstr "autofs_provider (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3449 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" +"ドメインに対して使用される autofs プロバイダーです。 サポートされる autofs " +"プロバイダーは次のとおりです:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3453 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> は LDAP に保存されているマップを読み込みます。LDAP の設定" +"に関する詳細は <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3460 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> は IPA サーバーに保存されているマップを読み込みます。IPA " +"の設定に関する詳細は <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3468 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3477 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "<quote>none</quote> は明示的に autofs を無効にします。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3487 +msgid "hostid_provider (string)" +msgstr "hostid_provider (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3490 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" +"ホスト識別情報を取得するために使用されるプロバイダーです。 サポートされる " +"hostid プロバイダーは次のとおりです:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3494 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> は IPA サーバーに保存されているホスト識別子を読み込みま" +"す。IPA の設定に関する詳細は <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3502 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "<quote>none</quote> は明示的に hostid を無効にします。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3512 +msgid "resolver_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3515 +msgid "" +"The provider which should handle hosts and networks lookups. Supported " +"resolver providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3519 +msgid "" +"<quote>proxy</quote> to forward lookups to another NSS library. See " +"<quote>proxy_resolver_lib_name</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3523 +msgid "" +"<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3530 +msgid "" +"<quote>ad</quote> to fetch hosts and networks stored in AD. See " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring the AD " +"provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3538 +msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3551 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3560 +msgid "" +"Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" +"[^@]+))$</quote> which allows two different styles for user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 +msgid "username" +msgstr "username" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 +msgid "username@domain.name" +msgstr "username@domain.name" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3573 +msgid "" +"Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" +"name>[^@\\\\]+)))$</quote> which allows three different styles for user " +"names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3585 +msgid "domain\\username" +msgstr "domain\\username" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3588 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3593 +msgid "" +"The default re_expression uses the <quote>@</quote> character as a separator " +"between the name and the domain. As a result of this setting the default " +"does not accept the <quote>@</quote> character in short names (as it is " +"allowed in Windows group names). If a user wishes to use short names with " +"<quote>@</quote> they must create their own re_expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3645 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "初期値: <quote>%1$s@%2$s</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3651 +msgid "lookup_family_order (string)" +msgstr "lookup_family_order (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3654 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" +"DNS 検索を実行するときに使用する、優先アドレスファミリーを選択する機能を提供" +"します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3658 +msgid "Supported values:" +msgstr "サポートする値:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3661 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" +"ipv4_first: IPv4 アドレスの検索を試行します。失敗すると IPv6 を試行します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3664 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" +"ipv4_only: ホスト名を IPv4 アドレスに名前解決することのみを試行します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3667 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" +"ipv6_first: IPv6 アドレスの検索を試行します。失敗すると IPv4 を試行します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3670 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" +"ipv6_only: ホスト名を IPv6 アドレスに名前解決することのみを試行します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3673 +msgid "Default: ipv4_first" +msgstr "初期値: ipv4_first" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3679 +#, fuzzy +#| msgid "dns_resolver_timeout (integer)" +msgid "dns_resolver_server_timeout (integer)" +msgstr "dns_resolver_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3682 +msgid "" +"Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " +"server before trying next DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3687 +msgid "" +"The AD provider will use this option for the CLDAP ping timeouts as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 +msgid "" +"Please see the section <quote>FAILOVER</quote> for more information about " +"the service resolution." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 +msgid "Default: 1000" +msgstr "初期値: 1000" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3702 +#, fuzzy +#| msgid "dns_resolver_timeout (integer)" +msgid "dns_resolver_op_timeout (integer)" +msgstr "dns_resolver_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3705 +msgid "" +"Defines the amount of time (in seconds) to wait to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or DNS discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3722 +msgid "dns_resolver_timeout (integer)" +msgstr "dns_resolver_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3725 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the " +"internal fail over service before assuming that the service is unreachable. " +"If this timeout is reached, the domain will continue to operate in offline " +"mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3743 +#, fuzzy +#| msgid "dns_resolver_timeout (integer)" +msgid "dns_resolver_use_search_list (bool)" +msgstr "dns_resolver_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3746 +msgid "" +"Normally, the DNS resolver searches the domain list defined in the " +"\"search\" directive from the resolv.conf file. This can lead to delays in " +"environments with improperly configured DNS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3752 +msgid "" +"If fully qualified domain names (or _srv_) are used in the SSSD " +"configuration, setting this option to FALSE can prevent unnecessary DNS " +"lookups in such environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3758 +msgid "Default: TRUE" +msgstr "初期値: TRUE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3764 +msgid "dns_discovery_domain (string)" +msgstr "dns_discovery_domain (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3767 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" +"サービス検索がバックエンドで使用されていると、サービス検索 DNS クエリーのドメ" +"イン部分を指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3771 +msgid "Default: Use the domain part of machine's hostname" +msgstr "初期値: マシンのホスト名のドメイン部分を使用します" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3777 +msgid "override_gid (integer)" +msgstr "override_gid (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3780 +msgid "Override the primary GID value with the one specified." +msgstr "プライマリー GID の値を指定されたもので上書きします。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3786 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3793 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3796 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3802 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3804 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3808 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3811 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3819 +msgid "" +"If you want to set this value for trusted domain with IPA provider, you need " +"to set it on both the client and SSSD on the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3789 +#, fuzzy +#| msgid "" +#| "The following expansions are supported: <placeholder " +#| "type=\"variablelist\" id=\"0\"/>" +msgid "" +"Treat user and group names as case sensitive. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"以下の拡張モジュールがサポートされます: <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3834 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3840 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3843 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3849 +#, fuzzy +#| msgid "ldap_search_timeout (integer)" +msgid "ldap_search_timeout" +msgstr "ldap_search_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3852 +#, fuzzy +#| msgid "ldap_network_timeout (integer)" +msgid "ldap_network_timeout" +msgstr "ldap_network_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3855 +#, fuzzy +#| msgid "ldap_opt_timeout (integer)" +msgid "ldap_opt_timeout" +msgstr "ldap_opt_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3858 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_offline_timeout" +msgstr "ldap_connection_expire_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3861 +#, fuzzy +#| msgid "ldap_enumeration_refresh_timeout (integer)" +msgid "ldap_enumeration_refresh_timeout" +msgstr "ldap_enumeration_refresh_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3864 +#, fuzzy +#| msgid "ldap_enumeration_refresh_timeout (integer)" +msgid "ldap_enumeration_refresh_offset" +msgstr "ldap_enumeration_refresh_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3867 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3870 +#, fuzzy +#| msgid "ldap_purge_cache_timeout (integer)" +msgid "ldap_purge_cache_offset" +msgstr "ldap_purge_cache_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3873 +msgid "" +"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " +"is not set explicitly)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3877 +#, fuzzy +#| msgid "ldap_krb5_ticket_lifetime (integer)" +msgid "ldap_krb5_ticket_lifetime" +msgstr "ldap_krb5_ticket_lifetime (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3880 +#, fuzzy +#| msgid "ldap_enumeration_search_timeout (integer)" +msgid "ldap_enumeration_search_timeout" +msgstr "ldap_enumeration_search_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3883 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_connection_expire_timeout" +msgstr "ldap_connection_expire_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3886 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_connection_expire_offset" +msgstr "ldap_connection_expire_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3889 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_connection_idle_timeout" +msgstr "ldap_connection_expire_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 +msgid "ldap_use_tokengroups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3895 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3898 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3901 +msgid "auto_private_groups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3904 +msgid "case_sensitive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:3909 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3916 +msgid "Note: This option only works with the IPA and AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3923 +msgid "subdomain_homedir (string)" +msgstr "subdomain_homedir (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3934 +msgid "%F" +msgstr "%F" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3935 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "サブドメインのフラット (NetBIOS) 名。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3926 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3940 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" +"値は <emphasis>override_homedir</emphasis> オプションにより上書きできます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3944 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "初期値: <filename>/home/%d/%u</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3949 +msgid "realmd_tags (string)" +msgstr "realmd_tags (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3952 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "このドメインのための realmd 設定サービスによって格納された様々なタグ。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3958 +msgid "cached_auth_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3961 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode. If the credentials are incorrect, SSSD falls back to online " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3969 +msgid "" +"This option's value is inherited by all trusted domains. At the moment it is " +"not possible to set a different value per trusted domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3974 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3978 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: cn" +msgid "Default: match" +msgstr "初期値: cn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 +msgid "auto_private_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4050 +msgid "true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4053 +msgid "" +"Create user's private group unconditionally from user's UID number. The GID " +"number is ignored in this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4057 +msgid "" +"NOTE: Because the GID number and the user private group are inferred from " +"the UID number, it is not supported to have multiple entries with the same " +"UID or GID number with this option. In other words, enabling this option " +"enforces uniqueness across the ID space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4066 +msgid "false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4069 +msgid "" +"Always use the user's primary GID number. The GID number must refer to a " +"group object in the LDAP database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4075 +msgid "hybrid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4078 +msgid "" +"A primary group is autogenerated for user entries whose UID and GID numbers " +"have the same value and at the same time the GID number does not correspond " +"to a real group object in LDAP. If the values are the same, but the primary " +"GID in the user entry is also used by a group object, the primary GID of the " +"user resolves to that group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4091 +msgid "" +"If the UID and GID of a user are different, then the GID must correspond to " +"a group entry, otherwise the GID is simply not resolvable." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4098 +msgid "" +"This feature is useful for environments that wish to stop maintaining a " +"separate group objects for the user private groups, but also wish to retain " +"the existing user private groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4047 +msgid "" +"This option takes any of three available values: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4110 +msgid "" +"For subdomains, the default value is False for subdomains that use assigned " +"POSIX IDs and True for subdomains that use automatic ID-mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4118 +#, no-wrap +msgid "" +"[domain/forest.domain/sub.domain]\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4124 +#, no-wrap +msgid "" +"[domain/forest.domain]\n" +"subdomain_inherit = auto_private_groups\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4115 +msgid "" +"The value of auto_private_groups can either be set per subdomains in a " +"subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " +"globally for all subdomains in the main domain section using the " +"subdomain_inherit option: <placeholder type=\"programlisting\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2570 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"これらの設定オプションはドメイン設定のセクション、つまり <quote>[domain/" +"<replaceable>NAME</replaceable>]</quote> に存在します <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4139 +msgid "proxy_pam_target (string)" +msgstr "proxy_pam_target (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4142 +msgid "The proxy target PAM proxies to." +msgstr "中継するプロキシターゲット PAM です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4145 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." +msgstr "" +"初期値: 設定されません。既存の PAM 設定を使用するか、新しく作成してサービス名" +"をここに追加する必要があります。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4155 +msgid "proxy_lib_name (string)" +msgstr "proxy_lib_name (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4158 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" +"プロキシドメインにおいて使用する NSS ライブラリーの名前です。ライブラリーにお" +"いて検索する NSS 関数は _nss_$(libName)_$(function) の形式です。たとえば " +"_nss_files_getpwent です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4168 +msgid "proxy_resolver_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4171 +msgid "" +"The name of the NSS library to use for hosts and networks lookups in proxy " +"domains. The NSS functions searched for in the library are in the form of " +"_nss_$(libName)_$(function), for example _nss_dns_gethostbyname2_r." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4182 +msgid "proxy_fast_alias (boolean)" +msgstr "proxy_fast_alias (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4185 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4199 +msgid "proxy_max_children (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4202 +msgid "" +"This option specifies the number of pre-forked proxy children. It is useful " +"for high-load SSSD environments where sssd may run out of available child " +"slots, which would cause some issues due to the requests being queued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4135 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"プロキシドメインに対して有効なオプションです。 <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:4218 +msgid "Application domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4220 +msgid "" +"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " +"applications as a gateway to an LDAP directory where users and groups are " +"stored. However, contrary to the traditional SSSD deployment where all users " +"and groups either have POSIX attributes or those attributes can be inferred " +"from the Windows SIDs, in many cases the users and groups in the application " +"support scenario have no POSIX attributes. Instead of setting a " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the " +"administrator can set up an <quote>[application/<replaceable>NAME</" +"replaceable>]</quote> section that internally represents a domain with type " +"<quote>application</quote> optionally inherits settings from a tradition " +"SSSD domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4240 +msgid "" +"Please note that the application domain must still be explicitly enabled in " +"the <quote>domains</quote> parameter so that the lookup order between the " +"application domain and its POSIX sibling domain is set correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:4246 +msgid "Application domain parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4248 +msgid "inherit_from (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4251 +msgid "" +"The SSSD POSIX-type domain the application domain inherits all settings " +"from. The application domain can moreover add its own settings to the " +"application settings that augment or override the <quote>sibling</quote> " +"domain settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4265 +msgid "" +"The following example illustrates the use of an application domain. In this " +"setup, the POSIX domain is connected to an LDAP server and is used by the OS " +"through the NSS responder. In addition, the application domain also requests " +"the telephoneNumber attribute, stores it as the phone attribute in the cache " +"and makes the phone attribute reachable through the D-Bus interface." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> +#: sssd.conf.5.xml:4273 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = appdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +phone\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/appdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = phone:telephoneNumber\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4293 +msgid "TRUSTED DOMAIN SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4295 +msgid "" +"Some options used in the domain section can also be used in the trusted " +"domain section, that is, in a section called <quote>[domain/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</" +"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base " +"domain. Please refer to examples below for explanation. Currently supported " +"options in the trusted domain section are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4302 +msgid "ldap_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4303 +msgid "ldap_user_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4304 +msgid "ldap_group_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4305 +msgid "ldap_netgroup_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4306 +msgid "ldap_service_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4307 +msgid "ldap_sasl_mech," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4308 +msgid "ad_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4309 +msgid "ad_backup_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4310 +msgid "ad_site," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 +msgid "use_fully_qualified_names" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4315 +msgid "" +"For more details about these options see their individual description in the " +"manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4321 +msgid "CERTIFICATE MAPPING SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4323 +msgid "" +"To allow authentication with Smartcards and certificates SSSD must be able " +"to map certificates to users. This can be done by adding the full " +"certificate to the LDAP object of the user or to a local override. While " +"using the full certificate is required to use the Smartcard authentication " +"feature of SSH (see <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> for details) it " +"might be cumbersome or not even possible to do this for the general case " +"where local services use PAM for authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4337 +msgid "" +"To make the mapping more flexible mapping and matching rules were added to " +"SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4346 +msgid "" +"A mapping and matching rule can be added to the SSSD configuration in a " +"section on its own with a name like <quote>[certmap/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</" +"replaceable>]</quote>. In this section the following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4353 +msgid "matchrule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4356 +msgid "" +"Only certificates from the Smartcard which matches this rule will be " +"processed, all others are ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4360 +msgid "" +"Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " +"Extended Key Usage <quote>clientAuth</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4367 +msgid "maprule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4370 +msgid "Defines how the user is found for a given certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4376 +msgid "" +"LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " +"<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4382 +msgid "" +"The RULE_NAME for the <quote>files</quote> provider which tries to find a " +"user with the same name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4391 +msgid "domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4394 +msgid "" +"Comma separated list of domain names the rule should be applied. By default " +"a rule is only valid in the domain configured in sssd.conf. If the provider " +"supports subdomains this option can be used to add the rule to subdomains as " +"well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4401 +msgid "Default: the configured domain in sssd.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4406 +msgid "priority (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4409 +msgid "" +"Unsigned integer value defining the priority of the rule. The higher the " +"number the lower the priority. <quote>0</quote> stands for the highest " +"priority while <quote>4294967295</quote> is the lowest." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4415 +msgid "Default: the lowest priority" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4421 +msgid "" +"To make the configuration simple and reduce the amount of configuration " +"options the <quote>files</quote> provider has some special properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4427 +msgid "" +"if maprule is not set the RULE_NAME name is assumed to be the name of the " +"matching user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4433 +msgid "" +"if a maprule is used both a single user name or a template like " +"<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " +"<quote>(username)</quote> or <quote>({subject_rfc822_name.short_name})</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4442 +msgid "the <quote>domains</quote> option is ignored" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4450 +msgid "PROMPTING CONFIGURATION SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4452 +msgid "" +"If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" +"filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " +"which authentication methods are available for the user trying to log in. " +"Based on the results pam_sss will prompt the user for appropriate " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4460 +msgid "" +"With the growing number of authentication methods and the possibility that " +"there are multiple ones for a single user the heuristic used by pam_sss to " +"select the prompting might not be suitable for all use cases. The following " +"options should provide a better flexibility here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4472 +msgid "[prompting/password]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4475 +msgid "password_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4476 +msgid "to change the string of the password prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4474 +msgid "" +"to configure password prompting, allowed options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4484 +msgid "[prompting/2fa]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4488 +msgid "first_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4489 +msgid "to change the string of the prompt for the first factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4492 +msgid "second_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4493 +msgid "to change the string of the prompt for the second factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4496 +msgid "single_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4497 +msgid "" +"boolean value, if True there will be only a single prompt using the value of " +"first_prompt where it is expected that both factors are entered as a single " +"string. Please note that both factors have to be entered here, even if the " +"second factor is optional." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4486 +msgid "" +"to configure two-factor authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " +"optional and it should be possible to log in either only with the password " +"or with both factors two-step prompting has to be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4514 +msgid "[prompting/passkey]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4522 +msgid "" +"boolean value, if True prompt a message and wait before testing the presence " +"of a passkey device. Recommended if your device doesn’t have a tactile " +"trigger." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4530 +msgid "interactive_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4532 +msgid "to change the message of the interactive prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4537 +msgid "touch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4539 +msgid "" +"boolean value, if True prompt a message to remind the user to touch the " +"device." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4545 +msgid "touch_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4547 +msgid "to change the message of the touch prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4516 +#, fuzzy +#| msgid "" +#| "The following expansions are supported: <placeholder " +#| "type=\"variablelist\" id=\"0\"/>" +msgid "" +"to configure passkey authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"以下の拡張モジュールがサポートされます: <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4467 +msgid "" +"Each supported authentication method has its own configuration subsection " +"under <quote>[prompting/...]</quote>. Currently there are: <placeholder " +"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/" +"> <placeholder type=\"variablelist\" id=\"2\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4558 +msgid "" +"It is possible to add a subsection for specific PAM services, e.g. " +"<quote>[prompting/password/sshd]</quote> to individual change the prompting " +"for this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +msgid "EXAMPLES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4571 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4567 +msgid "" +"1. The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4604 +#, no-wrap +msgid "" +"[domain/ipa.com/child.ad.com]\n" +"use_fully_qualified_names = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4598 +msgid "" +"2. The following example shows configuration of IPA AD trust where the AD " +"forest consists of two domains in a parent-child structure. Suppose IPA " +"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain " +"(child.ad.com). To enable shortnames in the child domain the following " +"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/" +">" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4615 +#, no-wrap +msgid "" +"[certmap/my.domain/rule_name]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +"maprule = (userCertificate;binary={cert!bin})\n" +"domains = my.domain, your.domain\n" +"priority = 10\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4609 +msgid "" +"3. The following example shows the configuration of a certificate mapping " +"rule. It is valid for the configured domain <quote>my.domain</quote> and " +"additionally for the subdomains <quote>your.domain</quote> and uses the full " +"certificate in the search filter. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "sssd-ldap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:21 pam_sss.8.xml:63 pam_sss_gss.8.xml:30 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21 +#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 +#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sssd-krb5.5.xml:21 +#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 +#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 +#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30 +#: sssd-files.5.xml:21 sssd-session-recording.5.xml:21 sssd-kcm.8.xml:21 +#: sssd-systemtap.5.xml:21 sssd-ldap-attributes.5.xml:21 +#: sssd_krb5_localauth_plugin.8.xml:20 +msgid "DESCRIPTION" +msgstr "概要" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" +"このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> 向けの LDAP ドメインの設定を説明して" +"います。詳細な構文については <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページの " +"<quote>ファイル形式</quote> セクションを参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "SSSD が複数の LDAP ドメインを使用するよう設定できます。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." +msgstr "" +"LDAP バックエンドは id, auth, access および chpass プロバイダーをサポートしま" +"す。 LDAP サーバーに対して認証したければ、 TLS/SSL または LDAPS のどちらかが" +"必要になります。 <command>sssd</command> は暗号化されないチャネルにおける認証" +"はサポート<emphasis>されません</emphasis>。 LDAP サーバーが識別プロバイダーと" +"してのみ使用されるならば、暗号化チャネルは必要ありません。アクセスプロバイ" +"ダーとして LDAP を使用することの詳細は <quote>ldap_access_filter</quote> 設定" +"オプションを参照してください。" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 +#: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 +msgid "CONFIGURATION OPTIONS" +msgstr "設定オプション" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:67 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "ldap_uri, ldap_backup_uri (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:77 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "URI の形式は RFC 2732 に決められている形式と一致しなければいけません:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:80 +msgid "ldap[s]://<host>[:port]" +msgstr "ldap[s]://<host>[:port]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:83 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" +"IPv6 アドレスを明示するために、<host> を角括弧 [] でくくる必要がありま" +"す。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:86 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "例: ldap://[fc00::126:25]:389" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:92 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:102 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" +"サービス discovery ldap_chpass_dns_service_name を有効にするには、設定する必" +"要があります。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:106 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "初期値: 空、つまり ldap_uri が使用されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:112 +msgid "ldap_search_base (string)" +msgstr "ldap_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:115 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "LDAP ユーザー操作を実行するために使用される初期ベース DN です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" +"SSSD 1.7.0 以降、SSSD は次の構文を使用して複数の検索ベースをサポートします:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:123 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "範囲は \"base\", \"onelevel\" または \"subtree\" のどれかです。" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" +"フィルターは http://www.ietf.org/rfc/rfc2254.txt により指定されたような有効" +"な LDAP 検索フィルターである必要があります。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 +msgid "Examples:" +msgstr "例:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:136 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:141 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:151 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:165 +msgid "ldap_schema (string)" +msgstr "ldap_schema (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:175 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:179 +msgid "rfc2307" +msgstr "rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:184 +msgid "rfc2307bis" +msgstr "rfc2307bis" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:189 +msgid "IPA" +msgstr "IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:194 +msgid "AD" +msgstr "AD" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:200 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:210 +msgid "Default: rfc2307" +msgstr "初期値: rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:216 +msgid "ldap_pwmodify_mode (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:219 +msgid "Specify the operation that is used to modify user password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:223 +msgid "Two modes are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:227 +msgid "exop - Password Modify Extended Operation (RFC 3062)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:233 +msgid "ldap_modify - Direct modification of userPassword (not recommended)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:240 +msgid "" +"Note: First, a new connection is established to verify current password by " +"binding as the user that requested password change. If successful, this " +"connection is used to change the password therefore the user must have write " +"access to userPassword attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:248 +msgid "Default: exop" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:254 +msgid "ldap_default_bind_dn (string)" +msgstr "ldap_default_bind_dn (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "LDAP ユーザー操作を実行するために使用される初期バインド DN です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:264 +msgid "ldap_default_authtok_type (string)" +msgstr "ldap_default_authtok_type (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:267 +msgid "The type of the authentication token of the default bind DN." +msgstr "初期バインド DN の認証トークンの形式です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:271 +msgid "The two mechanisms currently supported are:" +msgstr "現在 2 つのメカニズムがサポートされます:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:274 +msgid "password" +msgstr "password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:277 +msgid "obfuscated_password" +msgstr "obfuscated_password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:280 +msgid "Default: password" +msgstr "初期値: password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "" +"See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:294 +msgid "ldap_default_authtok (string)" +msgstr "ldap_default_authtok (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:297 +msgid "The authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:303 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "ldap_force_upper_case_realm (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:306 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" +"いくつかのディレクトリーサーバー、たとえば Active Directory、は小文字のレルム" +"を転送しません。それにより、認証が失敗します。もし大文字のレルムを使用したい" +"場合、このオプションを 0 以外に設定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:319 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "ldap_enumeration_refresh_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" +"SSSD が列挙レコードのキャッシュを更新する前に待つ必要がある秒数を指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:338 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "ldap_purge_cache_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:341 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" +"使用していないエントリー(メンバーのいないグループやログインしたことがない" +"ユーザーなど)に対してキャッシュを確認して、保存領域を節約するためにそれらを" +"削除する間隔を決めます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:347 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:367 +msgid "ldap_group_nesting_level (integer)" +msgstr "ldap_group_nesting_level (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:370 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" +"ldap_schema が入れ子グループ (例: RFC2307bis) をサポートするスキーマ形式に設" +"定されていると、このオプションが入れ子 SSSD がしたがうレベルを制御します。こ" +"のオプションは RFC2307 スキーマにおいて効果がありません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:395 +msgid "Default: 2" +msgstr "初期値: 2" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:404 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" +"オプションです。ホストオブジェクトの検索ベースとして与えられた文字列を使用し" +"ます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" +"複数の検索ベースを設定することの詳細は <quote>ldap_search_base</quote> を参照" +"してください。" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "初期値: <emphasis>ldap_search_base</emphasis> の値" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:439 +msgid "ldap_service_search_base (string)" +msgstr "ldap_service_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:444 +msgid "ldap_iphost_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:449 +msgid "ldap_ipnetwork_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:454 +msgid "ldap_search_timeout (integer)" +msgstr "ldap_search_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:457 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:463 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" +"注: このオプションは SSSD の将来のバージョンにおいて変更される可能性がありま" +"す。特定の種類の検索のために一連のタイムアウトによりある時点に置き換えられる" +"かもしれません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:480 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "ldap_enumeration_search_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:483 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:501 +msgid "ldap_network_timeout (integer)" +msgstr "ldap_network_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" +"<citerefentry> <refentrytitle>connect</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> に続けて <citerefentry> <refentrytitle>poll</" +"refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/<citerefentry> " +"<refentrytitle>select</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> が未使用を返した後のタイムアウト(秒単位)を指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:532 +msgid "ldap_opt_timeout (integer)" +msgstr "ldap_opt_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:535 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:555 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "ldap_connection_expire_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:558 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:566 +msgid "" +"If the connection is idle (not actively running an operation) within " +"<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " +"closed early to ensure that a new query cannot require the connection to " +"remain open past its expiration. This implies that connections will always " +"be closed immediately and will never be reused if " +"<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:578 +msgid "" +"This timeout can be extended of a random value specified by " +"<emphasis>ldap_connection_expire_offset</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 +msgid "Default: 900 (15 minutes)" +msgstr "初期値: 900 (15 分)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_connection_expire_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"Random offset between 0 and configured value is added to " +"<emphasis>ldap_connection_expire_timeout</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:613 +#, fuzzy +#| msgid "ldap_connection_expire_timeout (integer)" +msgid "ldap_connection_idle_timeout (integer)" +msgstr "ldap_connection_expire_timeout (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:616 +msgid "" +"Specifies a timeout (in seconds) that an idle connection to an LDAP server " +"will be maintained. If the connection is idle for more than this time then " +"the connection will be closed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:622 +msgid "You can disable this timeout by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:637 +msgid "ldap_page_size (integer)" +msgstr "ldap_page_size (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:640 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" +"1 回の要求で LDAP から取得するレコード数を指定します。いくつかの LDAP サー" +"バーは 1 要求あたりの最大数の制限を強制します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:651 +msgid "ldap_disable_paging (boolean)" +msgstr "ldap_disable_paging (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:654 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" +"LDAP ページング制御を無効にします。LDAP サーバーがその RootDSE において LDAP " +"ページング制御をサポートするが、有効化されていない、もしくは正しく動作しない" +"ことを報告する場合に、このオプションが使用されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:660 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" +"例: サーバーにページング制御モジュールがインストールされているが、RootDSE に" +"おいて有効化されていないと報告され、それを使用できない OpenLDAP サーバーで" +"す。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:666 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" +"例: 389 DS は単一の接続において同時に 1 つのページ制御のみをサポートします。" +"負荷の高いクライアントにおいては、いくつかの要求が拒否される結果になる可能性" +"があります。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:678 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "ldap_disable_range_retrieval (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:681 +msgid "Disable Active Directory range retrieval." +msgstr "Active Directory の範囲の取得を無効化します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:684 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:699 +msgid "ldap_sasl_minssf (integer)" +msgstr "ldap_sasl_minssf (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:702 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:715 +msgid "ldap_sasl_maxssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:718 +msgid "" +"When communicating with an LDAP server using SASL, specify the maximal " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:731 +msgid "ldap_deref_threshold (integer)" +msgstr "ldap_deref_threshold (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:734 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:740 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0. " +"Please note that there are some codepaths in SSSD, like the IPA HBAC " +"provider, that are only implemented using the dereference call, so even with " +"dereference explicitly disabled, those parts will still use dereference if " +"the server supports it and advertises the dereference control in the rootDSE " +"object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:751 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:759 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:772 +msgid "ldap_ignore_unreadable_references (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:775 +msgid "" +"Ignore unreadable LDAP entries referenced in group's member attribute. If " +"this parameter is set to false an error will be returned and the operation " +"will fail instead of just ignoring the unreadable entry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:782 +msgid "" +"This parameter may be useful when using the AD provider and the computer " +"account that sssd uses to connect to AD does not have access to a particular " +"entry or LDAP sub-tree for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:795 +msgid "ldap_tls_reqcert (string)" +msgstr "ldap_tls_reqcert (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:798 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" +"もしあれば、 TLS セッションにおいてサーバー証明書において実行するためにチェッ" +"クするものを指定します。以下の値のうち 1 つを指定できます:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" +"<emphasis>never</emphasis> = クライアントがすべてのサーバー証明書を要求または" +"確認しません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:808 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" +"<emphasis>allow</emphasis> = サーバー証明書が要求されます。証明書が提供されな" +"ければ、セッションが通常通り進められます。不正な証明書が提供されると、それは" +"無視され、セッションが通常通り進められます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:815 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" +"<emphasis>try</emphasis> = サーバー証明書が要求されます。証明書が提供されなけ" +"れば、セッションが通常通り進められます。不正な証明書が提供されると、セッショ" +"ンが直ちに終了します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:821 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" +"<emphasis>demand</emphasis> = サーバー証明書が要求されます。証明書が提供され" +"なければ、もしくは不正な証明書が提供されれば、セッションが直ちに終了します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:827 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "<emphasis>hard</emphasis> = <quote>demand</quote> と同じです" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:831 +msgid "Default: hard" +msgstr "初期値: hard" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:837 +msgid "ldap_tls_cacert (string)" +msgstr "ldap_tls_cacert (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:840 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> が認識するすべての認証局に対する証明" +"書を含むファイルを指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" +"初期値: OpenLDAP の初期値の使用、一般的に <filename>/etc/openldap/ldap.conf</" +"filename> にあります" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:852 +msgid "ldap_tls_cacertdir (string)" +msgstr "ldap_tls_cacertdir (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:855 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" +"個別のファイルに CA 証明書を含むディレクトリーのパスを指定します。一般的に" +"ファイル名は '.0' で終わる証明書のハッシュである必要があります。利用可能なら" +"ば、<command>cacertdir_rehash</command> は正しい名前を作成するために使用でき" +"ます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:870 +msgid "ldap_tls_cert (string)" +msgstr "ldap_tls_cert (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:873 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "クライアントのキーに対する証明書を含むファイルを指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:883 +msgid "ldap_tls_key (string)" +msgstr "ldap_tls_key (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:886 +msgid "Specifies the file that contains the client's key." +msgstr "クライアントのキーを含むファイルを指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:895 +msgid "ldap_tls_cipher_suite (string)" +msgstr "ldap_tls_cipher_suite (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:898 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "ldap_id_use_start_tls (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." +msgid "" +"Specifies that the id_provider connection must also use <systemitem " +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." +msgstr "" +"チャネルを保護するために <systemitem class=\"protocol\">tls</systemitem> も使" +"用する必要がある id_provider 接続を指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_id_mapping (boolean)" +msgstr "ldap_id_mapping (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:934 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" +"この機能は現在 ActiveDirectory objectSID マッピングのみサポートします。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:944 +msgid "ldap_min_id, ldap_max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:947 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:959 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:965 +msgid "ldap_sasl_mech (string)" +msgstr "ldap_sasl_mech (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:968 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " +"tested and supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:972 +msgid "" +"If the backend supports sub-domains the value of ldap_sasl_mech is " +"automatically inherited to the sub-domains. If a different value is needed " +"for a sub-domain it can be overwritten by setting ldap_sasl_mech for this " +"sub-domain explicitly. Please see TRUSTED DOMAIN SECTION in " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:988 +msgid "ldap_sasl_authid (string)" +msgstr "ldap_sasl_authid (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ldap.5.xml:1000 +#, no-wrap +msgid "" +"hostname@REALM\n" +"netbiosname$@REALM\n" +"host/hostname@REALM\n" +"*$@REALM\n" +"host/*@REALM\n" +"host/*\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:991 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " +"this represents the Kerberos principal used for authentication to the " +"directory. This option can either contain the full principal (for example " +"host/myhost@EXAMPLE.COM) or just the principal name (for example host/" +"myhost). By default, the value is not set and the following principals are " +"used: <placeholder type=\"programlisting\" id=\"0\"/> If none of them are " +"found, the first principal in keytab is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1011 +msgid "Default: host/hostname@REALM" +msgstr "初期値: host/hostname@REALM" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1017 +msgid "ldap_sasl_realm (string)" +msgstr "ldap_sasl_realm (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1026 +msgid "Default: the value of krb5_realm." +msgstr "初期値: krb5_realm の値" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1032 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "ldap_sasl_canonicalize (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1035 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" +"真に設定されていると、 LDAP ライブラリーは SASL バインド中にホスト名を正規化" +"するために逆引きを実行します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1040 +msgid "Default: false;" +msgstr "初期値: false;" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1046 +msgid "ldap_krb5_keytab (string)" +msgstr "ldap_krb5_keytab (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1049 +msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" +"初期値: システムのキーテーブル、通常 <filename>/etc/krb5.keytab</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1064 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "ldap_krb5_init_creds (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1067 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI or GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1079 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "ldap_krb5_ticket_lifetime (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 +msgid "Default: 86400 (24 hours)" +msgstr "初期値: 86400 (24 時間)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "krb5_server, krb5_backup_server (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1100 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" +"KDC または kpasswd サーバーに対してサービス検索を使用するとき、SSSD はまずプ" +"ロトコルとして _udp を指定する DNS エントリーを検索して、何も見つからなけれ" +"ば _tcp にフォールバックします。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" +"このオプションは以前の SSSD において <quote>krb5_kdcip</quote> という名前でし" +"た。古い名前がしばらく認められる間、ユーザーは代わりに <quote>krb5_server</" +"quote> を使用するよう設定ファイルを移行することが推奨されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "krb5_realm (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1129 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1133 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "初期値: システムの初期値、<filename>/etc/krb5.conf</filename> 参照。" + +#. type: Content of: <variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 +msgid "krb5_canonicalize (boolean)" +msgstr "krb5_canonicalize (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1142 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" +"LDAP サーバーに接続するとき、ホストのプリンシパルが正規化されるかどうかを指定" +"します。この機能は MIT Kerberos >= 1.7 で利用可能です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "krb5_use_kdcinfo (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" +"位置情報プラグインの詳細は <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> マニュアルページを参照ください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1182 +msgid "ldap_pwd_policy (string)" +msgstr "ldap_pwd_policy (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1185 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" +"クライアント側においてパスワード期限切れを評価するためのポリシーを選択しま" +"す。以下の値が許容されます:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1190 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" +"<emphasis>none</emphasis> - クライアント側において評価しません。このオプショ" +"ンはサーバー側のパスワードポリシーを無効にできません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +#, fuzzy +#| msgid "" +#| "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +#| "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes " +#| "to evaluate if the password has expired." +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired. Please see option " +"\"ldap_chpass_update_last_change\" as well." +msgstr "" +"<emphasis>shadow</emphasis> - パスワードが失効したかを評価するために " +"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> 形式の属性を使用します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1203 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" +"<emphasis>mit_kerberos</emphasis> - パスワードが期限切れしているかを決定する" +"ために MIT Kerberos により使用される属性を使用します。パスワードが変更される" +"とき、これらの属性を更新するために chpass_provider=krb5 を使用します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1212 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1220 +msgid "ldap_referrals (boolean)" +msgstr "ldap_referrals (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1223 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "自動参照追跡が有効化されるかを指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1227 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" +"OpenLDAP バージョン 2.4.13 およびそれ以降とともにコンパイルされているとき、 " +"sssd のみが参照追跡をサポートすることに注意してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1232 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement. Setting this option to " +"false is therefore recommended in case the SSSD LDAP provider is used " +"together with Microsoft Active Directory as a backend. Even if SSSD would be " +"able to follow the referral to a different AD DC no additional data would be " +"available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1251 +msgid "ldap_dns_service_name (string)" +msgstr "ldap_dns_service_name (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1254 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" +"サービス検索が有効にされているときに使用するサービスの名前を指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1258 +msgid "Default: ldap" +msgstr "初期値: ldap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1264 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "ldap_chpass_dns_service_name (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1267 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" +"サービス検索が有効にされているときに、パスワード変更を許可する LDAP サーバー" +"を検索するために使用するサービスの名前を指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "初期値: 設定されていません、つまりサービス検索が無効にされています" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1278 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "ldap_chpass_update_last_change (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1281 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1287 +msgid "" +"It is recommend to set this option explicitly if \"ldap_pwd_policy = " +"shadow\" is used to let SSSD know if the LDAP server will update " +"shadowLastChange LDAP attribute automatically after a password change or if " +"SSSD has to update it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1301 +msgid "ldap_access_filter (string)" +msgstr "ldap_access_filter (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1304 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1324 +msgid "Example:" +msgstr "例:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1327 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1331 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1336 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 +msgid "Default: Empty" +msgstr "初期値: 空白" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1350 +msgid "ldap_account_expire_policy (string)" +msgstr "ldap_account_expire_policy (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1353 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" +"このオプションを使用すると、アクセス制御属性のクライアント側評価が有効になり" +"ます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1357 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" +"必ずサーバー側のアクセス制御を使用することが推奨されることに注意してくださ" +"い。つまり、パスワードが正しいときさえ、適切なエラーコードでバインド要求を拒" +"否します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1364 +msgid "The following values are allowed:" +msgstr "以下の値が許可されます:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1367 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" +"<emphasis>shadow</emphasis>: アカウントが失効しているかを決めるために " +"ldap_user_shadow_expire の値を使用します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1372 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1379 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: アクセスが許可されるかされないかを確認するために " +"ldap_ns_account_lock の値を使用します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" +"<emphasis>nds</emphasis>: アクセスが許可されるかを確認するために the values " +"of ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled および " +"ldap_user_nds_login_expiration_time の値が使用されます。どの値もなければ、ア" +"クセスが許可されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1393 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1406 +msgid "ldap_access_order (string)" +msgstr "ldap_access_order (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" +"アクセス制御オプションのカンマ区切り一覧です。許可される値は次のとおりです:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1413 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "<emphasis>filter</emphasis>: ldap_access_filter を使用します" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1416 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1426 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1433 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1450 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "<emphasis>expire</emphasis>: ldap_account_expire_policy を使用します" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 +msgid "" +"The difference between these options is the action taken if user password is " +"expired:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 +msgid "pwd_expire_policy_reject - user is denied to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 +msgid "pwd_expire_policy_warn - user is still able to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 +msgid "" +"pwd_expire_policy_renew - user is prompted to change their password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1489 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" +"<emphasis>authorized_service</emphasis>: アクセス権を決定するために " +"authorizedService 属性を使用します" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1499 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" +"<emphasis>host</emphasis>: アクセス権を決めるために host 属性を使用します" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1503 +msgid "" +"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " +"remote host can access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "" +"Please note, rhost field in pam is set by application, it is better to check " +"what the application sends to pam, before enabling this access control option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1512 +msgid "Default: filter" +msgstr "初期値: filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1515 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "値が複数使用されていると設定エラーになることに注意してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1522 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1525 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1533 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1536 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1542 +msgid "ldap_deref (string)" +msgstr "ldap_deref (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1545 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" +"検索を実行するときにどのように参照解決を実行するかを指定します。以下のオプ" +"ションが許容されます:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1550 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "<emphasis>never</emphasis>: エイリアスが参照解決されません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" +"<emphasis>searching</emphasis>: エイリアスはベースオブジェクトの下位に参照解" +"決されますが、検索のベースオブジェクトの位置を探すときはされません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1559 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" +"<emphasis>finding</emphasis>: エイリアスは検索のベースオブジェクトの位置を探" +"すときのみ参照解決されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1564 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" +"<emphasis>always</emphasis>: エイリアスは検索のベースオブジェクトを検索すると" +"きも位置を検索するときも参照解決されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1569 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" +"初期値: 空白(LDAP クライアントライブラリにより <emphasis>never</emphasis> と" +"して取り扱われます)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1577 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "ldap_rfc2307_fallback_to_local_users (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1580 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" +"RFC2307 スキーマを使用するサーバーの LDAP グループのメンバーとしてローカル" +"ユーザーを保持することができます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1584 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1595 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 +msgid "wildcard_limit (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1610 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1614 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1624 +#, fuzzy +#| msgid "debug_level (integer)" +msgid "ldap_library_debug_level (integer)" +msgstr "debug_level (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1627 +msgid "" +"Switches on libldap debugging with the given level. The libldap debug " +"messages will be written independent of the general debug_level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1632 +msgid "" +"OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " +"enable full debug output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1637 +#, fuzzy +#| msgid "Default: 0 (disabled)" +msgid "Default: 0 (libldap debugging disabled)" +msgstr "初期値: 0 (無効)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:52 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. Note that SSSD " +"LDAP mapping attributes are described in the <citerefentry> " +"<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1647 +msgid "SUDO OPTIONS" +msgstr "SUDO オプション" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1649 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1660 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "ldap_sudo_full_refresh_interval (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1663 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1668 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" +"値は <emphasis>ldap_sudo_smart_refresh_interval</emphasis> より大きい必要があ" +"ります" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1673 +msgid "" +"You can disable full refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 +msgid "Default: 21600 (6 hours)" +msgstr "初期値: 21600 (6 時間)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "ldap_sudo_smart_refresh_interval (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest " +"server USN value that is currently known by SSSD)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1693 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1697 +msgid "" +"<emphasis>Note:</emphasis> the highest USN value can be updated by three " +"tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +"enumeration of users and groups (if enabled and updated users or groups are " +"found) and 3) by reconnecting to the server (by default every 15 minutes, " +"see <emphasis>ldap_connection_expire_timeout</emphasis>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1708 +msgid "" +"You can disable smart refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1719 +#, fuzzy +#| msgid "ldap_idmap_range_size (integer)" +msgid "ldap_sudo_random_offset (integer)" +msgstr "ldap_idmap_range_size (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1722 +msgid "" +"Random offset between 0 and configured value is added to smart and full " +"refresh periods each time the periodic task is scheduled. The value is in " +"seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Note that this random offset is also applied on the first SSSD start which " +"delays the first sudo rules refresh. This prolongs the time when the sudo " +"rules are not available for use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1734 +msgid "You can disable this offset by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1744 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "ldap_sudo_use_host_filter (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1747 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1758 +msgid "ldap_sudo_hostnames (string)" +msgstr "ldap_sudo_hostnames (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1761 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" +"ルールをフィルターするために使用されるホスト名または完全修飾ドメイン名の空白" +"区切り一覧です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1766 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" +"<emphasis>ldap_sudo_use_host_filter</emphasis> が <emphasis>false</emphasis> " +"ならば、このオプションは効果を持ちません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 +msgid "Default: not specified" +msgstr "初期値: 指定なし" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1782 +msgid "ldap_sudo_ip (string)" +msgstr "ldap_sudo_ip (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1785 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" +"ルールをフィルターするために使用される、IPv4 または IPv6 ホスト/ネットワーク" +"アドレスの空白区切り一覧です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1790 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" +"このオプションが空白ならば、SSSD は自動的にアドレスを検索しようとします。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1805 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "ldap_sudo_include_netgroups (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1808 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1823 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "ldap_sudo_include_regexp (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1826 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +#: sssd-ldap.5.xml:1836 +msgid "" +"Using wildcard is an operation that is very costly to evaluate on the LDAP " +"server side!" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1848 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" +"このマニュアルページは属性名マッピングのみを説明します。 sudo に関連する属性" +"セマンティックの詳細な説明は <citerefentry> <refentrytitle>sudoers.ldap</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してください" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1858 +msgid "AUTOFS OPTIONS" +msgstr "AUTOFS オプション" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1866 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1869 +msgid "The name of the automount master map in LDAP." +msgstr "LDAP のオートマウントマスターマップの名前。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1872 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1883 +msgid "ADVANCED OPTIONS" +msgstr "高度なオプション" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1890 +msgid "ldap_netgroup_search_base (string)" +msgstr "ldap_netgroup_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1895 +msgid "ldap_user_search_base (string)" +msgstr "ldap_user_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1900 +msgid "ldap_group_search_base (string)" +msgstr "ldap_group_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:1905 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no GID mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:1914 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1916 +msgid "ldap_sudo_search_base (string)" +msgstr "ldap_sudo_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_autofs_search_base (string)" +msgstr "ldap_autofs_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1885 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder " +"type=\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 +msgid "EXAMPLE" +msgstr "例" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" +"以下の例は、SSSD が正しく設定され、LDAP が <replaceable>[domains]</" +"replaceable> セクションにあるドメインのどれかに設定されていると仮定していま" +"す。" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1944 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 +#: include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1955 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1957 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1962 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "注記" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1979 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" +"このマニュアルページにある設定オプションのいくつかの説明は、OpenLDAP 2.4 ディ" +"ストリビューションから <citerefentry> <refentrytitle>ldap.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページに基" +"づいています。" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:11 pam_sss.8.xml:16 +msgid "pam_sss" +msgstr "pam_sss" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: pam_sss.8.xml:12 pam_sss_gss.8.xml:12 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11 +#: sssd_krb5_localauth_plugin.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:17 +msgid "PAM module for SSSD" +msgstr "SSSD の PAM モジュール" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:22 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg " +"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg " +"choice='opt'> <replaceable>prompt_always</replaceable> </arg> <arg " +"choice='opt'> <replaceable>try_cert_auth</replaceable> </arg> <arg " +"choice='opt'> <replaceable>require_cert_auth</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:64 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" +"<command>pam_sss.so</command> は System Security Services daemon (SSSD) への " +"PAM インターフェースです。エラーと結果は <command>syslog(3)</command> を通し" +"て LOG_AUTHPRIV ファシリティでログ記録されます。" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123 +#: sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "オプション" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:74 +msgid "<option>quiet</option>" +msgstr "<option>quiet</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:77 +msgid "Suppress log messages for unknown users." +msgstr "不明なユーザーのログメッセージを抑制します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>forward_pass</option>" +msgstr "<option>forward_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" +"<option>forward_pass</option> が設定されていると、他の PAM モジュールが使用す" +"るために、入力されたパスワードがスタックに置かれます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:92 +msgid "<option>use_first_pass</option>" +msgstr "<option>use_first_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:95 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" +"引数 use_first_pass は強制的にモジュールが前にスタックされたモジュールのパス" +"ワードを使用して、ユーザーに入力させません。パスワードが何も利用可能ではな" +"い、またはパスワードが適切でなければ、ユーザーがアクセスを拒否されます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>use_authtok</option>" +msgstr "<option>use_authtok</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" +"パスワードを変更するとき、モジュールが強制的に新しいパスワードを、前にスタッ" +"クされたパスワードモジュールに設定します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:113 +msgid "<option>retry=N</option>" +msgstr "<option>retry=N</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:116 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" +"指定されていると、認証に失敗した場合にパスワードをあと N 回ユーザーに問い合わ" +"せます。初期値は 0 です。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:118 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" +"このオプションは、アプリケーションが呼び出す PAM が自身においてユーザーダイア" +"ログを処理すると仮定して動作しません。典型的な例は " +"<option>PasswordAuthentication</option> を用いた <command>sshd</command> で" +"す。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:130 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:137 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:141 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:148 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:152 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:158 +#, fuzzy +#| msgid "" +#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> manual page for more details." +msgid "" +"NOTE: If this is used for a service not running as root user, e.g. a web-" +"server, it must be used in conjunction with the <quote>pam_trusted_users</" +"quote> and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" +"詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> マニュアルページにある " +"<quote>dns_discovery_domain</quote> パラメーターを参照してください。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:173 +msgid "<option>allow_missing_name</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:177 +msgid "" +"The main purpose of this option is to let SSSD determine the user name based " +"on additional information, e.g. the certificate from a Smartcard." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: pam_sss.8.xml:187 +#, no-wrap +msgid "" +"auth sufficient pam_sss.so allow_missing_name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:182 +msgid "" +"The current use case are login managers which can monitor a Smartcard reader " +"for card events. In case a Smartcard is inserted the login manager will call " +"a PAM stack which includes a line like <placeholder type=\"programlisting\" " +"id=\"0\"/> In this case SSSD will try to determine the user name based on " +"the content of the Smartcard, returns it to pam_sss which will finally put " +"it on the PAM stack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:197 +msgid "<option>prompt_always</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:201 +msgid "" +"Always prompt the user for credentials. With this option credentials " +"requested by other PAM modules, typically a password, will be ignored and " +"pam_sss will prompt for credentials again. Based on the pre-auth reply by " +"SSSD pam_sss might prompt for a password, a Smartcard PIN or other " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:212 +msgid "<option>try_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:216 +msgid "" +"Try to use certificate based authentication, i.e. authentication with a " +"Smartcard or similar devices. If a Smartcard is available and the service is " +"allowed for Smartcard authentication the user will be prompted for a PIN and " +"the certificate based authentication will continue" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:224 +msgid "" +"If no Smartcard is available or certificate based authentication is not " +"allowed for the current service PAM_AUTHINFO_UNAVAIL is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:232 +msgid "<option>require_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:236 +msgid "" +"Do certificate based authentication, i.e. authentication with a Smartcard " +"or similar devices. If a Smartcard is not available the user will be " +"prompted to insert one. SSSD will wait for a Smartcard until the timeout " +"defined by p11_wait_for_card_timeout passed, please see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:246 +msgid "" +"If no Smartcard is available after the timeout or certificate based " +"authentication is not allowed for the current service PAM_AUTHINFO_UNAVAIL " +"is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:256 pam_sss_gss.8.xml:103 +msgid "MODULE TYPES PROVIDED" +msgstr "提供されるモジュール形式" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:257 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" +"すべてのモジュール形式 (<option>account</option>, <option>auth</option>, " +"<option>password</option> および <option>session</option>) が提供されます。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:260 +msgid "" +"If SSSD's PAM responder is not running, e.g. if the PAM responder socket is " +"not available, pam_sss will return PAM_USER_UNKNOWN when called as " +"<option>account</option> module to avoid issues with users from other " +"sources during access control." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:267 pam_sss_gss.8.xml:108 +msgid "RETURN VALUES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:270 pam_sss_gss.8.xml:111 +msgid "PAM_SUCCESS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:273 pam_sss_gss.8.xml:114 +msgid "The PAM operation finished successfully." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:278 pam_sss_gss.8.xml:119 +msgid "PAM_USER_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:281 +msgid "" +"The user is not known to the authentication service or the SSSD's PAM " +"responder is not running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:287 pam_sss_gss.8.xml:128 +msgid "PAM_AUTH_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:290 +msgid "" +"Authentication failure. Also, could be returned when there is a problem with " +"getting the certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:296 +msgid "PAM_PERM_DENIED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:299 +msgid "" +"Permission denied. The SSSD log files may contain additional information " +"about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:305 +msgid "PAM_IGNORE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:308 +msgid "" +"See options <option>ignore_unknown_user</option> and " +"<option>ignore_authinfo_unavail</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:314 +msgid "PAM_AUTHTOK_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:317 +msgid "" +"Unable to obtain the new authentication token. Also, could be returned when " +"the user authenticates with certificates and multiple certificates are " +"available, but the installed version of GDM does not support selection from " +"multiple certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:325 pam_sss_gss.8.xml:136 +msgid "PAM_AUTHINFO_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:328 pam_sss_gss.8.xml:139 +msgid "" +"Unable to access the authentication information. This might be due to a " +"network or hardware failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:334 +msgid "PAM_BUF_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:337 +msgid "" +"A memory error occurred. Also, could be returned when options use_first_pass " +"or use_authtok were set, but no password was found from the previously " +"stacked PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:344 pam_sss_gss.8.xml:145 +msgid "PAM_SYSTEM_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:347 pam_sss_gss.8.xml:148 +msgid "" +"A system error occurred. The SSSD log files may contain additional " +"information about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:353 +msgid "PAM_CRED_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:356 +msgid "Unable to set the credentials of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:361 +msgid "PAM_CRED_INSUFFICIENT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:364 +msgid "" +"The application does not have sufficient credentials to authenticate the " +"user. For example, missing PIN during smartcard authentication or missing " +"factor during two-factor authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:372 +msgid "PAM_SERVICE_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:375 +msgid "Error in service module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:380 +msgid "PAM_NEW_AUTHTOK_REQD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:383 +msgid "The user's authentication token has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:388 +msgid "PAM_ACCT_EXPIRED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:391 +msgid "The user account has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:396 +msgid "PAM_SESSION_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:399 +msgid "Unable to fetch IPA Desktop Profile rules or user info." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:404 +msgid "PAM_CRED_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:407 +msgid "Unable to retrieve Kerberos user credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:412 +msgid "PAM_NO_MODULE_DATA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:415 +msgid "" +"No authentication method was found by Kerberos. This might happen if the " +"user has a Smartcard assigned but the pkint plugin is not available on the " +"client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:422 +msgid "PAM_CONV_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:425 +msgid "Conversation failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:430 +msgid "PAM_AUTHTOK_LOCK_BUSY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:433 +msgid "No KDC suitable for password change is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:438 +msgid "PAM_ABORT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:441 +msgid "Unknown PAM call." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:446 +msgid "PAM_MODULE_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:449 +msgid "Unsupported PAM task or command." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:454 +msgid "PAM_BAD_ITEM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:457 +msgid "The authentication module cannot handle Smartcard credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:465 +msgid "FILES" +msgstr "ファイル" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:466 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" +"対応する SSSD プロバイダーがパスワードリセットをサポートしないため、root によ" +"るパスワードリセットが失敗すると、それぞれのメッセージが表示されます。たとえ" +"ば、このメッセージはパスワードをリセットする方法に関する説明があります。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:471 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:481 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" +"これらのファイルがディレクトリー <filename>/etc/sssd/customize/DOMAIN_NAME/</" +"filename> において検索されます。一致するファイルがなければ、一般的なメッセー" +"ジが表示されます。" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss_gss.8.xml:11 pam_sss_gss.8.xml:16 +#, fuzzy +#| msgid "pam_sss" +msgid "pam_sss_gss" +msgstr "pam_sss" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss_gss.8.xml:17 +#, fuzzy +#| msgid "PAM module for SSSD" +msgid "PAM module for SSSD GSSAPI authentication" +msgstr "SSSD の PAM モジュール" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss_gss.8.xml:22 +#, fuzzy +#| msgid "" +#| "<command>sssd</command> <arg choice='opt'> <replaceable>options</" +#| "replaceable> </arg>" +msgid "" +"<command>pam_sss_gss.so</command> <arg choice='opt'> <replaceable>debug</" +"replaceable> </arg>" +msgstr "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:32 +msgid "" +"<command>pam_sss_gss.so</command> authenticates user over GSSAPI in " +"cooperation with SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:36 +msgid "" +"This module will try to authenticate the user using the GSSAPI hostbased " +"service name host@hostname which translates to host/hostname@REALM Kerberos " +"principal. The <emphasis>REALM</emphasis> part of the Kerberos principal " +"name is derived by Kerberos internal mechanisms and it can be set explicitly " +"in configuration of [domain_realm] section in /etc/krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:44 +msgid "" +"SSSD is used to provide desired service name and to validate the user's " +"credentials using GSSAPI calls. If the service ticket is already present in " +"the Kerberos credentials cache or if user's ticket granting ticket can be " +"used to get the correct service ticket then the user will be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:51 +msgid "" +"If <option>pam_gssapi_check_upn</option> is True (default) then SSSD " +"requires that the credentials used to obtain the service tickets can be " +"associated with the user. This means that the principal that owns the " +"Kerberos credentials must match with the user principal name as defined in " +"LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:58 +msgid "" +"To enable GSSAPI authentication in SSSD, set <option>pam_gssapi_services</" +"option> option in [pam] or domain section of sssd.conf. The service " +"credentials need to be stored in SSSD's keytab (it is already present if you " +"use ipa or ad provider). The keytab location can be set with " +"<option>krb5_keytab</option> option. See <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> and " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more details on these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:74 +msgid "" +"Some Kerberos deployments allow to associate authentication indicators with " +"a particular pre-authentication method used to obtain the ticket granting " +"ticket by the user. <command>pam_sss_gss.so</command> allows to enforce " +"presence of authentication indicators in the service tickets before a " +"particular PAM service can be accessed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:82 +msgid "" +"If <option>pam_gssapi_indicators_map</option> is set in the [pam] or domain " +"section of sssd.conf, then SSSD will perform a check of the presence of any " +"configured indicators in the service ticket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss_gss.8.xml:93 +#, fuzzy +#| msgid "<option>quiet</option>" +msgid "<option>debug</option>" +msgstr "<option>quiet</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:96 +msgid "Print debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:104 +msgid "Only the <option>auth</option> module type is provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:122 +msgid "" +"The user is not known to the authentication service or the GSSAPI " +"authentication is not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:131 +msgid "Authentication failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:159 +msgid "" +"The main use case is to provide password-less authentication in sudo but " +"without the need to disable authentication completely. To achieve this, " +"first enable GSSAPI authentication for sudo in sssd.conf:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:165 +#, no-wrap +msgid "" +"[domain/MYDOMAIN]\n" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:169 +msgid "" +"And then enable the module in desired PAM stack (e.g. /etc/pam.d/sudo and /" +"etc/pam.d/sudo-i)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:173 +#, no-wrap +msgid "" +"...\n" +"auth sufficient pam_sss_gss.so\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss_gss.8.xml:180 +msgid "TROUBLESHOOTING" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:182 +msgid "" +"SSSD logs, pam_sss_gss debug output and syslog may contain helpful " +"information about the error. Here are some common issues:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:186 +msgid "" +"1. I have KRB5CCNAME environment variable set and the authentication does " +"not work: Depending on your sudo version, it is possible that sudo does not " +"pass this variable to the PAM environment. Try adding KRB5CCNAME to " +"<option>env_keep</option> in /etc/sudoers or in your LDAP sudo rules default " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:193 +msgid "" +"2. Authentication does not work and syslog contains \"Server not found in " +"Kerberos database\": Kerberos is probably not able to resolve correct realm " +"for the service ticket based on the hostname. Try adding the hostname " +"directly to <option>[domain_realm]</option> in /etc/krb5.conf like so:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:200 +msgid "" +"3. Authentication does not work and syslog contains \"No Kerberos " +"credentials available\": You don't have any credentials that can be used to " +"obtain the required service ticket. Use kinit or authenticate over SSSD to " +"acquire those credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:206 +msgid "" +"4. Authentication does not work and SSSD sssd-pam log contains \"User with " +"UPN [$UPN] was not found.\" or \"UPN [$UPN] does not match target user " +"[$username].\": You are using credentials that can not be mapped to the user " +"that is being authenticated. Try to use kswitch to select different " +"principal, make sure you authenticated with SSSD or consider disabling " +"<option>pam_gssapi_check_upn</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:214 +#, no-wrap +msgid "" +"[domain_realm]\n" +".myhostname = MYREALM\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "sssd_krb5_locator_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by libkrb5 to find KDCs for a given Kerberos realm. SSSD provides such " +"a plugin to guide all Kerberos clients on a system to a single KDC. In " +"general it should not matter to which KDC a client process is talking to. " +"But there are cases, e.g. after a password change, where not all KDCs are in " +"the same state because the new data has to be replicated first. To avoid " +"unexpected authentication failures and maybe even account lockings it would " +"be good to talk to a single KDC as long as possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:34 +msgid "" +"libkrb5 will search the locator plugin in the libkrb5 sub-directory of the " +"Kerberos plugin directory, see plugin_base_dir in <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for details. The plugin can only be disabled by removing the " +"plugin file. There is no option in the Kerberos configuration to disable it. " +"But the SSSD_KRB5_LOCATOR_DISABLE environment variable can be used to " +"disable the plugin for individual commands. Alternatively the SSSD option " +"krb5_use_kdcinfo=False can be used to not generate the data needed by the " +"plugin. With this the plugin is still called but will provide no data to the " +"caller so that libkrb5 can fall back to other methods defined in krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:50 +msgid "" +"The plugin reads the information about the KDCs of a given realm from a file " +"called <filename>kdcinfo.REALM</filename>. The file should contain one or " +"more DNS names or IP addresses either in dotted-decimal IPv4 notation or the " +"hexadecimal IPv6 notation. An optional port number can be added to the end " +"separated with a colon, the IPv6 address has to be enclosed in squared " +"brackets in this case as usual. Valid entries are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:58 +msgid "kdc.example.com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:59 +msgid "kdc.example.com:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:60 +msgid "1.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:61 +msgid "5.6.7.8:99" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:62 +msgid "2001:db8:85a3::8a2e:370:7334" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "[2001:db8:85a3::8a2e:370:7334]:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:65 +msgid "" +"SSSD's krb5 auth-provider which is used by the IPA and AD providers as well " +"adds the address of the current KDC or domain controller SSSD is using to " +"this file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:70 +msgid "" +"In environments with read-only and read-write KDCs where clients are " +"expected to use the read-only instances for the general operations and only " +"the read-write KDC for config changes like password changes a " +"<filename>kpasswdinfo.REALM</filename> is used as well to identify read-" +"write KDCs. If this file exists for the given realm the content will be used " +"by the plugin to reply to requests for a kpasswd or kadmin server or for the " +"MIT Kerberos specific master KDC. If the address contains a port number the " +"default KDC port 88 will be used for the latter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:85 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" +"すべての Kerberos 実装がプラグインの使用をサポートしているとは限りません。 " +"<command>sssd_krb5_locator_plugin</command> がシステムにおいて利用可能でなけ" +"れば、Kerberos の構築を反映するように /etc/krb5.conf を編集する必要がありま" +"す。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:91 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" +"環境変数 SSSD_KRB5_LOCATOR_DEBUG に何らかの値が設定されていると、デバッグメッ" +"セージが標準エラーに送られます。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:95 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value " +"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the " +"caller." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:100 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES is set to " +"any value plugin will try to resolve all DNS names in kdcinfo file. By " +"default plugin returns KRB5_PLUGIN_NO_HANDLE to the caller immediately on " +"first DNS resolving failure." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "sssd-simple" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "SSSD の 'simple' アクセス制御プロバイダーの設定ファイルです。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" +"このマニュアルは <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> に対して簡単なアクセス制御の設定を説" +"明しています。詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> マニュアルページの <quote>ファイル形" +"式</quote> セクションを参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" +"シンプルアクセスプロバイダーは、ユーザー名またはグループ名のアクセスまたは拒" +"否の一覧に基づいてアクセスを許可または拒否します。以下の例を適用します:" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "すべての一覧が空白ならば、アクセスが認められます" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" +"何らかの一覧が提供されていると、許可(allow)、拒否(deny)の順に評価されま" +"す。拒否ルールに一致するすべてのものは、許可ルールに一致するすべてのものを更" +"新することを意味します。" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" +"\"allow\" 一覧が提供されていると、すべてのユーザーはこの一覧に表れなければ拒" +"否されます。" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" +"\"deny\" 一覧のみが提供されていると、ユーザーがこの一覧に表れない限り、すべて" +"のユーザーがアクセスを許可されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "simple_allow_users (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "ログインが許可されたユーザーのカンマ区切り一覧です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "simple_deny_users (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "アクセスが明示的に拒否されたユーザーのカンマ区切り一覧です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "simple_allow_groups (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" +"ログインが許可されたグループのカンマ区切り一覧です。この SSSD ドメインの中の" +"グループのみに適用されます。ローカルグループは評価されません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "simple_deny_groups (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" +"アクセスが明示的に拒否されたグループのカンマ区切り一覧です。この SSSD ドメイ" +"ンの中のグループのみに適用されます。ローカルグループは評価されません。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:83 sssd-ad.5.xml:131 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"SSSD ドメインの設定に関する詳細は <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページの " +"<quote>ドメインセクション</quote> のセクションを参照してください。 " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" +"simple_allow_users と simple_deny_users がどちらも定義されると、設定エラーに" +"なることに注意してください。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" +"以下の例は、SSSD が正しく設定され、example.com が <replaceable>[sssd]</" +"replaceable> セクションにあるドメインの 1 つであると仮定します。この例はアク" +"セスプロバイダー固有の簡単なオプションのみを示します。" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss-certmap.5.xml:10 sss-certmap.5.xml:16 +msgid "sss-certmap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss-certmap.5.xml:17 +msgid "SSSD Certificate Matching and Mapping Rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:23 +msgid "" +"The manual page describes the rules which can be used by SSSD and other " +"components to match X.509 certificates and map them to accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:28 +msgid "" +"Each rule has four components, a <quote>priority</quote>, a <quote>matching " +"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</" +"quote>. All components are optional. A missing <quote>priority</quote> will " +"add the rule with the lowest priority. The default <quote>matching rule</" +"quote> will match certificates with the digitalSignature key usage and " +"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty " +"the certificates will be searched in the userCertificate attribute as DER " +"encoded binary. If no domains are given only the local domain will be " +"searched." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:39 +msgid "" +"To allow extensions or completely different style of rule the " +"<quote>mapping</quote> and <quote>matching rules</quote> can contain a " +"prefix separated with a ':' from the main part of the rule. The prefix may " +"only contain upper-case ASCII letters and numbers. If the prefix is omitted " +"the default type will be used which is 'KRB5' for the matching rules and " +"'LDAP' for the mapping rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:48 +msgid "" +"The 'sssctl' utility provides the 'cert-eval-rule' command to check if a " +"given certificate matches a matching rules and how the output of a mapping " +"rule would look like." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss-certmap.5.xml:55 +msgid "RULE COMPONENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:57 +msgid "PRIORITY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:59 +msgid "" +"The rules are processed by priority while the number '0' (zero) indicates " +"the highest priority. The higher the number the lower is the priority. A " +"missing value indicates the lowest priority. The rules processing is stopped " +"when a matched rule is found and no further rules are checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:66 +msgid "" +"Internally the priority is treated as unsigned 32bit integer, using a " +"priority value larger than 4294967295 will cause an error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:70 +msgid "" +"If multiple rules have the same priority and only one of the related " +"matching rules applies, this rule will be chosen. If there are multiple " +"rules with the same priority which matches, one is chosen but which one is " +"undefined. To avoid this undefined behavior either use different priorities " +"or make the matching rules more specific e.g. by using distinct <" +"ISSUER> patterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:79 +msgid "MATCHING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:81 +msgid "" +"The matching rule is used to select a certificate to which the mapping rule " +"should be applied. It uses a system similar to the one used by " +"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a " +"keyword enclosed by '<' and '>' which identified a certain part of the " +"certificate and a pattern which should be found for the rule to match. " +"Multiple keyword pattern pairs can be either joined with '&&' (and) " +"or '||' (or)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:90 +msgid "" +"Given the similarity to MIT Kerberos the type prefix for this rule is " +"'KRB5'. But 'KRB5' will also be the default for <quote>matching rules</" +"quote> so that \"<SUBJECT>.*,DC=MY,DC=DOMAIN\" and \"KRB5:<" +"SUBJECT>.*,DC=MY,DC=DOMAIN\" are equivalent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:99 +msgid "<SUBJECT>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:102 +msgid "" +"With this a part or the whole subject name of the certificate can be " +"matched. For the matching POSIX Extended Regular Expression syntax is used, " +"see regex(7) for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:108 +msgid "" +"For the matching the subject name stored in the certificate in DER encoded " +"ASN.1 is converted into a string according to RFC 4514. This means the most " +"specific name component comes first. Please note that not all possible " +"attribute names are covered by RFC 4514. The names included are 'CN', 'L', " +"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might " +"be shown differently on different platform and by different tools. To avoid " +"confusion those attribute names are best not used or covered by a suitable " +"regular-expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:121 +msgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:124 +msgid "" +"Please note that the characters \"^.[$()|*+?{\\\" have a special meaning in " +"regular expressions and must be escaped with the help of the '\\' character " +"so that they are matched as ordinary characters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:130 +msgid "Example: <SUBJECT>^CN=.* \\(Admin\\),DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:135 +msgid "<ISSUER>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:138 +msgid "" +"With this a part or the whole issuer name of the certificate can be matched. " +"All comments for <SUBJECT> apply her as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:143 +msgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:148 +msgid "<KU>key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:151 +msgid "" +"This option can be used to specify which key usage values the certificate " +"should have. The following values can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:155 +msgid "digitalSignature" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:156 +msgid "nonRepudiation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:157 +msgid "keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:158 +msgid "dataEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:159 +msgid "keyAgreement" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:160 +msgid "keyCertSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:161 +msgid "cRLSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:162 +msgid "encipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:163 +msgid "decipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:167 +msgid "" +"A numerical value in the range of a 32bit unsigned integer can be used as " +"well to cover special use cases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:171 +msgid "Example: <KU>digitalSignature,keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:176 +msgid "<EKU>extended-key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:179 +msgid "" +"This option can be used to specify which extended key usage the certificate " +"should have. The following value can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:183 +msgid "serverAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:184 +msgid "clientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:185 +msgid "codeSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:186 +msgid "emailProtection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:187 +msgid "timeStamping" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:188 +msgid "OCSPSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:189 +msgid "KPClientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:190 +msgid "pkinit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:191 +msgid "msScLogin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:195 +msgid "" +"Extended key usages which are not listed above can be specified with their " +"OID in dotted-decimal notation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:199 +msgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:204 +msgid "<SAN>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:207 +msgid "" +"To be compatible with the usage of MIT Kerberos this option will match the " +"Kerberos principals in the PKINIT or AD NT Principal SAN as <SAN:" +"Principal> does." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:212 +msgid "Example: <SAN>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:217 +msgid "<SAN:Principal>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:220 +msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:224 +msgid "Example: <SAN:Principal>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:229 +msgid "<SAN:ntPrincipalName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:232 +msgid "Match the Kerberos principals from the AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:236 +msgid "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:241 +msgid "<SAN:pkinit>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:244 +msgid "Match the Kerberos principals from the PKINIT SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:247 +msgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:252 +msgid "<SAN:dotted-decimal-oid>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:255 +msgid "" +"Take the value of the otherName SAN component given by the OID in dotted-" +"decimal notation, interpret it as string and try to match it against the " +"regular expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:261 +msgid "Example: <SAN:1.2.3.4>test" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:266 +msgid "<SAN:otherName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:269 +msgid "" +"Do a binary match with the base64 encoded blob against all otherName SAN " +"components. With this option it is possible to match against custom " +"otherName components with special encodings which could not be treated as " +"strings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:276 +msgid "Example: <SAN:otherName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:281 +msgid "<SAN:rfc822Name>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:284 +msgid "Match the value of the rfc822Name SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:287 +msgid "Example: <SAN:rfc822Name>.*@email\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:292 +msgid "<SAN:dNSName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:295 +msgid "Match the value of the dNSName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:298 +msgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:303 +msgid "<SAN:x400Address>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:306 +msgid "Binary match the value of the x400Address SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:309 +msgid "Example: <SAN:x400Address>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:314 +msgid "<SAN:directoryName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:317 +msgid "" +"Match the value of the directoryName SAN. The same comments as given for <" +"ISSUER> and <SUBJECT> apply here as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:322 +msgid "Example: <SAN:directoryName>.*,DC=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:327 +msgid "<SAN:ediPartyName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:330 +msgid "Binary match the value of the ediPartyName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:333 +msgid "Example: <SAN:ediPartyName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:338 +msgid "<SAN:uniformResourceIdentifier>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:341 +msgid "Match the value of the uniformResourceIdentifier SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:344 +msgid "Example: <SAN:uniformResourceIdentifier>URN:.*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:349 +msgid "<SAN:iPAddress>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:352 +msgid "Match the value of the iPAddress SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:355 +msgid "Example: <SAN:iPAddress>192\\.168\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:360 +msgid "<SAN:registeredID>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:363 +msgid "Match the value of the registeredID SAN as dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:367 +msgid "Example: <SAN:registeredID>1\\.2\\.3\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:96 +msgid "" +"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:375 +msgid "MAPPING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:377 +msgid "" +"The mapping rule is used to associate a certificate with one or more " +"accounts. A Smartcard with the certificate and the matching private key can " +"then be used to authenticate as one of those accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:382 +msgid "" +"Currently SSSD basically only supports LDAP to lookup user information (the " +"exception is the proxy provider which is not of relevance here). Because of " +"this the mapping rule is based on LDAP search filter syntax with templates " +"to add certificate content to the filter. It is expected that the filter " +"will only contain the specific data needed for the mapping and that the " +"caller will embed it in another filter to do the actual search. Because of " +"this the filter string should start and stop with '(' and ')' respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:392 +msgid "" +"In general it is recommended to use attributes from the certificate and add " +"them to special attributes to the LDAP user object. E.g. the " +"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute " +"for IPA can be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:398 +msgid "" +"This should be preferred to read user specific data from the certificate " +"like e.g. an email address and search for it in the LDAP server. The reason " +"is that the user specific data in LDAP might change for various reasons " +"would break the mapping. On the other hand it would be hard to break the " +"mapping on purpose for a specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:406 +msgid "" +"The default <quote>mapping rule</quote> type is 'LDAP' which can be added as " +"a prefix to a rule like e.g. 'LDAP:(userCertificate;binary={cert!bin})'. " +"There is an extension called 'LDAPU1' which offer more templates for more " +"flexibility. To allow older versions of this library to ignore the extension " +"the prefix 'LDAPU1' must be used when using the new templates in a " +"<quote>mapping rule</quote> otherwise the old version of this library will " +"fail with a parsing error. The new templates are described in section <xref " +"linkend=\"map_ldapu1\"/>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:424 +msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:427 +msgid "" +"This template will add the full issuer DN converted to a string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:433 sss-certmap.5.xml:459 +msgid "" +"The conversion options starting with 'ad_' will use attribute names as used " +"by AD, e.g. 'S' instead of 'ST'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:437 sss-certmap.5.xml:463 +msgid "" +"The conversion options starting with 'nss_' will use attribute names as used " +"by NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:441 sss-certmap.5.xml:467 +msgid "" +"The default conversion option is 'nss', i.e. attribute names according to " +"NSS and LDAP/RFC 4514 ordering." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:445 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!" +"ad})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:450 +msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:453 +msgid "" +"This template will add the full subject DN converted to string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:471 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>" +"{subject_dn!nss_x500})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:476 +msgid "{cert[!(bin|base64)]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:479 +msgid "" +"This template will add the whole DER encoded certificate as a string to the " +"search filter. Depending on the conversion option the binary certificate is " +"either converted to an escaped hex sequence '\\xx' or base64. The escaped " +"hex sequence is the default and can e.g. be used with the LDAP attribute " +"'userCertificate;binary'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:487 +msgid "Example: (userCertificate;binary={cert!bin})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:492 +msgid "{subject_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:495 +msgid "" +"This template will add the Kerberos principal which is taken either from the " +"SAN used by pkinit or the one used by AD. The 'short_name' component " +"represents the first part of the principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:501 +msgid "" +"Example: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:506 +msgid "{subject_pkinit_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:509 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by pkinit. The 'short_name' component represents the first part of the " +"principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:515 +msgid "" +"Example: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:520 +msgid "{subject_nt_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:523 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by AD. The 'short_name' component represent the first part of the principal " +"before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:529 +msgid "" +"Example: (|(userPrincipalName={subject_nt_principal})" +"(samAccountName={subject_nt_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:534 +msgid "{subject_rfc822_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:537 +msgid "" +"This template will add the string which is stored in the rfc822Name " +"component of the SAN, typically an email address. The 'short_name' component " +"represents the first part of the address before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:543 +msgid "" +"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name." +"short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:548 +msgid "{subject_dns_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:551 +msgid "" +"This template will add the string which is stored in the dNSName component " +"of the SAN, typically a fully-qualified host name. The 'short_name' " +"component represents the first part of the name before the first '.' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:557 +msgid "" +"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:562 +msgid "{subject_uri}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:565 +msgid "" +"This template will add the string which is stored in the " +"uniformResourceIdentifier component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:569 +msgid "Example: (uri={subject_uri})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:574 +msgid "{subject_ip_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:577 +msgid "" +"This template will add the string which is stored in the iPAddress component " +"of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:581 +msgid "Example: (ip={subject_ip_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:586 +msgid "{subject_x400_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:589 +msgid "" +"This template will add the value which is stored in the x400Address " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:594 +msgid "Example: (attr:binary={subject_x400_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:599 +msgid "" +"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:602 +msgid "" +"This template will add the DN string of the value which is stored in the " +"directoryName component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:606 +msgid "Example: (orig_dn={subject_directory_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:611 +msgid "{subject_ediparty_name}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:614 +msgid "" +"This template will add the value which is stored in the ediPartyName " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:619 +msgid "Example: (attr:binary={subject_ediparty_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:624 +msgid "{subject_registered_id}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:627 +msgid "" +"This template will add the OID which is stored in the registeredID component " +"of the SAN as a dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:632 +msgid "Example: (oid={subject_registered_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:417 +msgid "" +"The templates to add certificate data to the search filter are based on " +"Python-style formatting strings. They consist of a keyword in curly braces " +"with an optional sub-component specifier separated by a '.' or an optional " +"conversion/formatting option separated by a '!'. Allowed values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><title> +#: sss-certmap.5.xml:639 +msgid "LDAPU1 extension" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para> +#: sss-certmap.5.xml:641 +msgid "The following template are available when using the 'LDAPU1' extension:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:647 +msgid "{serial_number[!(dec|hex[_ucr])]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:650 +msgid "" +"This template will add the serial number of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:655 +msgid "" +"With the formatting option '!dec' the number will be printed as decimal " +"string. The hexadecimal output can be printed with upper-case letters ('!" +"hex_u'), with a colon separating the hexadecimal bytes ('!hex_c') or with " +"the hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can " +"be combined so that e.g. '!hex_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:665 +msgid "Example: LDAPU1:(serial={serial_number})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:671 +msgid "{subject_key_id[!hex[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:674 +msgid "" +"This template will add the subject key id of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:679 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!hex_u'), " +"with a colon separating the hexadecimal bytes ('!hex_c') or with the " +"hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can be " +"combined so that e.g. '!hex_uc' will produce a colon-separated hexadecimal " +"string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:688 +msgid "Example: LDAPU1:(ski={subject_key_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:694 +msgid "{cert[!DIGEST[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:697 +msgid "" +"This template will add the hexadecimal digest/hash of the certificate where " +"DIGEST must be replaced with the name of a digest/hash function supported by " +"OpenSSL, e.g. 'sha512'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:703 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!sha512_u'), " +"with a colon separating the hexadecimal bytes ('!sha512_c') or with the " +"hexadecimal bytes in reverse order ('!sha512_r'). The postfix letters can be " +"combined so that e.g. '!sha512_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:712 +msgid "Example: LDAPU1:(dgst={cert!sha256})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:718 +msgid "{subject_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:721 +msgid "" +"This template will add an attribute value of a component of the subject DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:726 +msgid "" +"A different component can it either selected by attribute name, e.g. " +"{subject_dn_component.uid} or by position, e.g. {subject_dn_component.[2]} " +"where positive numbers start counting from the most specific component and " +"negative numbers start counting from the least specific component. Attribute " +"name and the position can be combined as e.g. {subject_dn_component.uid[2]} " +"which means that the name of the second component must be 'uid'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:737 +msgid "Example: LDAPU1:(uid={subject_dn_component.uid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:743 +msgid "{issuer_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:746 +msgid "" +"This template will add an attribute value of a component of the issuer DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:751 +msgid "" +"See 'subject_dn_component' for details about the attribute name and position " +"specifiers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:755 +msgid "" +"Example: LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component." +"dc[-1]})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:760 +msgid "{sid[.rid]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:763 +msgid "" +"This template will add the SID if the corresponding extension introduced by " +"Microsoft with the OID 1.3.6.1.4.1.311.25.2 is available. With the '.rid' " +"selector only the last component, i.e. the RID, will be added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:770 +msgid "Example: LDAPU1:(objectsid={sid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:779 +msgid "DOMAIN LIST" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:781 +msgid "" +"If the domain list is not empty users mapped to a given certificate are not " +"only searched in the local domain but in the listed domains as well as long " +"as they are know by SSSD. Domains not know to SSSD will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "sssd-ipa" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> に対する IPA プロバイダーの設定を説" +"明しています。詳細な構文の参考資料は <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルペー" +"ジの <quote>ファイル形式</quote> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" +"IPA プロバイダーは IPA サーバーに接続するために使用されるバックエンドです。" +"(IPA サーバーに関する詳細は freeipa.org のウェブサイトを参照してください。)" +"このプロバイダーは、マシンが IPA ドメインに参加していて、設定がすでに全体的に" +"自己検索され、サーバーから直接取得されている必要があります。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for IPA environments. The IPA provider accepts the same " +"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. " +"However, it is neither necessary nor recommended to set these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:57 +msgid "" +"The IPA provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"As an access provider, the IPA provider has a minimal configuration (see " +"<quote>ipa_access_order</quote>) as it mainly uses HBAC (host-based access " +"control) rules. Please refer to freeipa.org for more information about HBAC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:68 +msgid "" +"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ipa</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:74 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:90 +msgid "ipa_domain (string)" +msgstr "ipa_domain (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:93 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" +"IPA ドメインの名前を指定します。これはオプションです。提供されなければ、設定" +"ドメイン名が使用されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:101 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "ipa_server, ipa_backup_server (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:104 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:117 +msgid "ipa_hostname (string)" +msgstr "ipa_hostname (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:120 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host. The " +"hostname must be fully qualified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:129 sssd-ad.5.xml:1181 +msgid "dyndns_update (boolean)" +msgstr "dyndns_update (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:132 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA with the IP address of this client. The update is secured " +"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the " +"updates, if it is not otherwise specified by using the <quote>dyndns_iface</" +"quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:141 sssd-ad.5.xml:1195 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" +"注: (RHEL5 のような) 古いシステムにおいて、この動作が正しく機能するためには、" +"デフォルトの Kerberos レルムが /etc/krb5.conf において正しく設定されている必" +"要があります" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:146 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:158 sssd-ad.5.xml:1206 +msgid "dyndns_ttl (integer)" +msgstr "dyndns_ttl (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:161 sssd-ad.5.xml:1209 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:166 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:172 +msgid "Default: 1200 (seconds)" +msgstr "初期値: 1200 (秒)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:178 sssd-ad.5.xml:1220 +msgid "dyndns_iface (string)" +msgstr "dyndns_iface (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 sssd-ad.5.xml:1223 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:188 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 sssd-ad.5.xml:1234 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 +msgid "dyndns_auth (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"updates with the DNS server, insecure updates can be sent by setting this " +"option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 +msgid "Default: GSS-TSIG" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 +#, fuzzy +#| msgid "dyndns_iface (string)" +msgid "dyndns_auth_ptr (string)" +msgstr "dyndns_iface (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"PTR updates with the DNS server, insecure updates can be sent by setting " +"this option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 +msgid "Default: Same as dyndns_auth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:234 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "ipa_enable_dns_sites (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:237 sssd-ad.5.xml:238 +msgid "Enables DNS sites - location based service discovery." +msgstr "DNS サイトの有効化 - 位置情報に基づいたサービス探索。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example." +"com\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1240 +msgid "dyndns_refresh_interval (integer)" +msgstr "dyndns_refresh_interval (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:263 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:276 sssd-ad.5.xml:1258 +msgid "dyndns_update_ptr (bool)" +msgstr "dyndns_update_ptr (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:1261 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 +msgid "Default: False (disabled)" +msgstr "初期値: False (無効)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 +msgid "dyndns_force_tcp (bool)" +msgstr "dyndns_force_tcp (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" +"nsupdate ユーティリティが DNS サーバーと通信するために TCP を標準で使用するか" +"どうか。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 +msgid "dyndns_update_per_family (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 +msgid "" +"DNS update is by default performed in two steps - IPv4 update and then IPv6 " +"update. In some cases it might be desirable to perform IPv4 and IPv6 update " +"in single step." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:353 +#, fuzzy +#| msgid "ldap_access_order (string)" +msgid "ipa_access_order (string)" +msgstr "ldap_access_order (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:360 +#, fuzzy +#| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." +msgstr "<emphasis>expire</emphasis>: ldap_account_expire_policy を使用します" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:399 +msgid "" +"Please note that 'access_provider = ipa' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:406 +msgid "ipa_deskprofile_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:409 +msgid "" +"Optional. Use the given string as search base for Desktop Profile related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 +msgid "Default: Use base DN" +msgstr "初期値: ベース DN を使用します" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:419 +#, fuzzy +#| msgid "ipa_subdomains_search_base (string)" +msgid "ipa_subid_ranges_search_base (string)" +msgstr "ipa_subdomains_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +#, fuzzy +#| msgid "" +#| "Optional. Use the given string as search base for HBAC related objects." +msgid "" +"Optional. Use the given string as search base for subordinate ranges related " +"objects." +msgstr "" +"オプションです。与えられた文字列を HBAC 関連オブジェクトに対する検索ベースと" +"して使用します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:426 +#, fuzzy +#| msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" +msgstr "初期値: <emphasis>cn=trusts,%basedn</emphasis> の値" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:433 +msgid "ipa_hbac_search_base (string)" +msgstr "ipa_hbac_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:436 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" +"オプションです。与えられた文字列を HBAC 関連オブジェクトに対する検索ベースと" +"して使用します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 +msgid "ipa_host_search_base (string)" +msgstr "ipa_host_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 +msgid "Deprecated. Use ldap_host_search_base instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:455 +msgid "ipa_selinux_search_base (string)" +msgstr "ipa_selinux_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:458 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" +"オプションです。与えられた文字列を SELinux ユーザーマップに対する検索ベースと" +"して使用します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:474 +msgid "ipa_subdomains_search_base (string)" +msgstr "ipa_subdomains_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:477 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" +"オプションです。信頼されたドメインに対する検索ベースとして、与えられた文字列" +"を使用します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:486 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "初期値: <emphasis>cn=trusts,%basedn</emphasis> の値" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:493 +msgid "ipa_master_domain_search_base (string)" +msgstr "ipa_master_domain_search_base (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:496 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:505 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "初期値: <emphasis>cn=ad,cn=etc,%basedn</emphasis> の値" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:524 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:534 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" +"Kerberos レルムの名前です。これはオプションで、初期値は <quote>ipa_domain</" +"quote> の値です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:538 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" +"IPA において特別な意味を持つ Kerberos レルムの名前です。LDAP 操作を実行するた" +"めに使用するベース DN に変換されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:564 +msgid "ipa_deskprofile_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:567 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server. This will reduce the latency and load on the IPA server if there " +"are many desktop profiles requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 +msgid "Default: 5 (seconds)" +msgstr "初期値: 5 (秒)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:580 +msgid "ipa_deskprofile_request_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:583 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server in case the last request did not return any rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:588 +msgid "Default: 60 (minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:594 +msgid "ipa_hbac_refresh (integer)" +msgstr "ipa_hbac_refresh (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:597 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:610 +msgid "ipa_hbac_selinux (integer)" +msgstr "ipa_hbac_selinux (整数)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:613 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:626 +msgid "ipa_server_mode (boolean)" +msgstr "ipa_server_mode (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "" +"This option will be set by the IPA installer (ipa-server-install) " +"automatically and denotes if SSSD is running on an IPA server or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:634 +msgid "" +"On an IPA server SSSD will lookup users and groups from trusted domains " +"directly while on a client it will ask an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:639 +msgid "" +"NOTE: There are currently some assumptions that must be met when SSSD is " +"running on an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "" +"The <quote>ipa_server</quote> option must be configured to point to the IPA " +"server itself. This is already the default set by the IPA installer, so no " +"manual change is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:653 +msgid "" +"The <quote>full_name_format</quote> option must not be tweaked to only print " +"short names for users from trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:668 +msgid "ipa_automount_location (string)" +msgstr "ipa_automount_location (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:671 +msgid "The automounter location this IPA client will be using" +msgstr "この IPA クライアントが使用する automounter の場所です" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:674 +msgid "Default: The location named \"default\"" +msgstr "初期値: \"default\" という名前の場所" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:682 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:691 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:694 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:697 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:703 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:706 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 +#: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 +#: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 +#: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 +msgid "Default: cn" +msgstr "初期値: cn" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:716 +msgid "ipa_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:719 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:722 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:728 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:731 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:735 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:741 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:744 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:749 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:752 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:755 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:758 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:761 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:764 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:767 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:770 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:775 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:781 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:784 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:789 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:792 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:795 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:800 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:684 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:812 +msgid "SUBDOMAINS PROVIDER" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:814 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:818 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" +"'subdomains_provider = ipa' オプションが sssd.conf のドメインのセクションに見" +"つかれば、IPA サブドメインプロバイダーが明示的に設定されます。すべてのサブド" +"メインのリクエストが必要に応じて IPA サーバーに送られます。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:824 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:835 +msgid "TRUSTED DOMAINS CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:843 +#, no-wrap +msgid "" +"[domain/ipa.domain.com/ad.domain.com]\n" +"ad_server = dc.ad.domain.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:837 +msgid "" +"Some configuration options can also be set for a trusted domain. A trusted " +"domain configuration can be set using the trusted domain subsection as shown " +"in the example below. Alternatively, the <quote>subdomain_inherit</quote> " +"option can be used in the parent domain. <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:848 +msgid "" +"For more details, see the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:855 +msgid "" +"Different configuration options are tunable for a trusted domain depending " +"on whether you are configuring SSSD on an IPA server or an IPA client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:860 +msgid "OPTIONS TUNABLE ON IPA MASTERS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:862 +msgid "" +"The following options can be set in a subdomain section on an IPA master:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 +msgid "ad_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:869 +msgid "ad_backup_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 +msgid "ad_site" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:875 +msgid "ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:878 +msgid "ldap_user_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:881 +msgid "ldap_group_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:890 +msgid "OPTIONS TUNABLE ON IPA CLIENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:892 +msgid "" +"The following options can be set in a subdomain section on an IPA client:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:904 +msgid "" +"Note that if both options are set, only <quote>ad_server</quote> is " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:908 +msgid "" +"Since any request for a user or a group identity from a trusted domain " +"triggered from an IPA client is resolved by the IPA server, the " +"<quote>ad_server</quote> and <quote>ad_site</quote> options only affect " +"which AD DC will the authentication be performed against. In particular, the " +"addresses resolved from these lists will be written to <quote>kdcinfo</" +"quote> files read by the Kerberos locator plugin. Please refer to the " +"<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more details on the " +"Kerberos locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:932 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" +"以下の例は、SSSD が正しく設定され、example.com が <replaceable>[sssd]</" +"replaceable> セクションにあるドメインの 1 つであることを仮定しています。この" +"例は IPA プロバイダー固有のオプションのみを示しています。" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:939 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "sssd-ad" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available. Back end communication occurs over a GSSAPI-encrypted " +"channel, SSL/TLS options should not be used with the AD provider and will be " +"superseded by Kerberos usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:44 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:48 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:54 +msgid "" +"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for Active Directory environments. The AD provider accepts the " +"same options used by the sssd-ldap and sssd-krb5 providers with some " +"exceptions. However, it is neither necessary nor recommended to set these " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"The AD provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:74 +msgid "" +"The AD provider can also be used as an access, chpass, sudo and autofs " +"provider. No configuration of the access provider is required on the client " +"side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:79 +msgid "" +"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ad</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:91 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" +"ldap_id_mapping = False\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:85 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should " +"be used, it is recommended for performance reasons that the attributes are " +"also replicated to the Global Catalog. If POSIX attributes are replicated, " +"SSSD will attempt to locate the domain of a requested numerical ID with the " +"help of the Global Catalog and only search that domain. In contrast, if " +"POSIX attributes are not replicated to the Global Catalog, SSSD must search " +"all the domains in the forest sequentially. Please note that the " +"<quote>cache_first</quote> option might be also helpful in speeding up " +"domainless searches. Note that if only a subset of POSIX attributes is " +"present in the Global Catalog, the non-replicated attributes are currently " +"not read from the LDAP port." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:108 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:113 +msgid "" +"SSSD only resolves Active Directory Security Groups. For more information " +"about AD group types see: <ulink url=\"https://docs.microsoft.com/en-us/" +"windows-server/identity/ad-ds/manage/understand-security-groups\"> Active " +"Directory security groups</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:120 +msgid "" +"SSSD filters out Domain Local groups from remote domains in the AD forest. " +"By default they are filtered out e.g. when following a nested group " +"hierarchy in remote domains because they are not valid in the local domain. " +"This is done to be in agreement with Active Directory's group-membership " +"assignment which can be seen in the PAC of the Kerberos ticket of a user " +"issued by Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:138 +msgid "ad_domain (string)" +msgstr "ad_domain (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:141 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" +"Active Directory ドメインの名前を指定します。これはオプションです。指定されな" +"ければ、設定のドメイン名が使用されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:146 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" +"正しい動作のために、このオプションは Active Directory ドメインの長いバージョ" +"ンの小文字バージョンとして指定されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:151 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:158 +msgid "ad_enabled_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:161 +msgid "" +"A comma-separated list of enabled Active Directory domains. If provided, " +"SSSD will ignore any domains not listed in this option. If left unset, all " +"discovered domains from the AD forest will be available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:168 +msgid "" +"During the discovery of the domains SSSD will filter out some domains where " +"flags or attributes indicate that they do not belong to the local forest or " +"are not trusted. If ad_enabled_domains is set, SSSD will try to enable all " +"listed domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:179 +#, no-wrap +msgid "" +"ad_enabled_domains = sales.example.com, eng.example.com\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:175 +msgid "" +"For proper operation, this option must be specified in all lower-case and as " +"the fully qualified domain name of the Active Directory domain. For example: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) will be " +"autodetected by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:193 +msgid "ad_server, ad_backup_server (string)" +msgstr "ad_server, ad_backup_server (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:196 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:203 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:208 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:216 +msgid "ad_hostname (string)" +msgstr "ad_hostname (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:219 +msgid "" +"Optional. On machines where the hostname(5) does not reflect the fully " +"qualified name, sssd will try to expand the short name. If it is not " +"possible or the short name should be really used instead, set this parameter " +"explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:226 +msgid "" +"This field is used to determine the host principal in use in the keytab and " +"to perform dynamic DNS updates. It must match the hostname for which the " +"keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:235 +msgid "ad_enable_dns_sites (boolean)" +msgstr "ad_enable_dns_sites (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:258 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:261 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:269 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:277 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:285 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"Nested group membership must be searched for using a special OID " +"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain." +"example.org: syntax to ensure the parser does not attempt to interpret the " +"colon characters associated with the OID. If you do not use this OID then " +"nested group membership will not be resolved. See usage example below and " +"refer here for further information about the OID: <ulink url=\"https://msdn." +"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP " +"extensions</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:303 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:314 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +"\n" +"# apply filter for a member of a nested group in dom1:\n" +"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:333 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:347 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:350 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:358 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:372 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:384 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to the host. For more " +"information on the supported policy settings please refer to the " +"<quote>ad_gpo_map</quote> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:392 +msgid "" +"Please note that current version of SSSD does not support Active Directory's " +"built-in groups. Built-in groups (such as Administrators with SID " +"S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See " +"upstream issue tracker https://github.com/SSSD/sssd/issues/5063 ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:401 +msgid "" +"Before performing access control SSSD applies group policy security " +"filtering on the GPOs. For every single user login, the applicability of the " +"GPOs that are linked to the host is checked. In order for a GPO to apply to " +"a user, the user or at least one of the groups to which it belongs must have " +"following permissions on the GPO:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:411 +msgid "" +"Read: The user or one of its groups must have read access to the properties " +"of the GPO (RIGHT_DS_READ_PROPERTY)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:418 +msgid "" +"Apply Group Policy: The user or at least one of its groups must be allowed " +"to apply the GPO (RIGHT_DS_CONTROL_ACCESS)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:426 +msgid "" +"By default, the Authenticated Users group is present on a GPO and this group " +"has both Read and Apply Group Policy access rights. Since authentication of " +"a user must have been completed successfully before GPO security filtering " +"and access control are started, the Authenticated Users group permissions on " +"the GPO always apply also to the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:435 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing. For logging GPO-based access control debug level 'trace " +"functions' is required (see <citerefentry> <refentrytitle>sssctl</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:458 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:464 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:470 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:481 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:484 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:490 +msgid "ad_gpo_implicit_deny (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:493 +msgid "" +"Normally when no applicable GPOs are found the users are allowed access. " +"When this option is set to True users will be allowed access only when " +"explicitly allowed by a GPO rule. Otherwise users will be denied access. " +"This can be used to harden security but be careful when using this option " +"because it can deny access even to users in the built-in Administrators " +"group if no GPO rules apply to them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:509 +msgid "" +"The following 2 tables should illustrate when a user is allowed or rejected " +"based on the allow and deny login rights defined on the server-side and the " +"setting of ad_gpo_implicit_deny." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:521 +msgid "ad_gpo_implicit_deny = False (default)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "allow-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "deny-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:523 sssd-ad.5.xml:549 +msgid "results" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:526 sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:552 +#: sssd-ad.5.xml:555 sssd-ad.5.xml:558 +msgid "missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:527 +#, fuzzy +#| msgid "The following values are allowed:" +msgid "all users are allowed" +msgstr "以下の値が許可されます:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:535 sssd-ad.5.xml:555 +#: sssd-ad.5.xml:558 sssd-ad.5.xml:561 +msgid "present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:530 +msgid "only users not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:533 sssd-ad.5.xml:559 +#, fuzzy +#| msgid "The following values are allowed:" +msgid "only users in allow-rules are allowed" +msgstr "以下の値が許可されます:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:536 sssd-ad.5.xml:562 +msgid "only users in allow-rules and not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:547 +msgid "ad_gpo_implicit_deny = True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:553 sssd-ad.5.xml:556 +#, fuzzy +#| msgid "The following values are allowed:" +msgid "no users are allowed" +msgstr "以下の値が許可されます:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:569 +msgid "ad_gpo_ignore_unreadable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:572 +msgid "" +"Normally when some group policy containers (AD object) of applicable group " +"policy objects are not readable by SSSD then users are denied access. This " +"option allows to ignore group policy containers and with them associated " +"policies if their attributes in group policy containers are not readable for " +"SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:589 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:605 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:608 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings. Only those GPOs are evaluated " +"for which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny interactive logon setting for the user or one of its groups, the user " +"is denied local access. If none of the evaluated GPOs has an interactive " +"logon right defined, the user is granted local access. If at least one " +"evaluated GPO contains interactive logon right settings, the user is granted " +"local access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:626 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:640 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:631 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:663 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:683 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:688 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:693 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:698 +msgid "unity" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:703 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:712 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:715 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings. Only those GPOs are " +"evaluated for which the user has Read and Apply Group Policy permission (see " +"option <quote>ad_gpo_access_control</quote>). If an evaluated GPO contains " +"the deny remote logon setting for the user or one of its groups, the user is " +"denied remote interactive access. If none of the evaluated GPOs has a " +"remote interactive logon right defined, the user is granted remote access. " +"If at least one evaluated GPO contains remote interactive logon right " +"settings, the user is granted remote access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:734 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:749 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:740 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:757 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:762 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:771 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny network logon setting for the user or one of its groups, the user is " +"denied network logon access. If none of the evaluated GPOs has a network " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains network logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:792 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:807 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:798 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:815 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:820 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:829 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:832 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings. Only those GPOs are evaluated for which the user has Read " +"and Apply Group Policy permission (see option <quote>ad_gpo_access_control</" +"quote>). If an evaluated GPO contains the deny batch logon setting for the " +"user or one of its groups, the user is denied batch logon access. If none " +"of the evaluated GPOs has a batch logon right defined, the user is granted " +"logon access. If at least one evaluated GPO contains batch logon right " +"settings, the user is granted logon access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:850 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:864 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:855 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:867 +msgid "" +"Note: Cron service name may differ depending on Linux distribution used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:873 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:882 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:885 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny service logon setting for the user or one of its groups, the user is " +"denied service logon access. If none of the evaluated GPOs has a service " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains service logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:903 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:916 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:908 sssd-ad.5.xml:983 +msgid "" +"It is possible to add a PAM service name to the default set by using " +"<quote>+service_name</quote>. Since the default set is empty, it is not " +"possible to remove a PAM service name from the default set. For example, in " +"order to add a custom pam service name (e.g. <quote>my_pam_service</quote>), " +"you would use the following configuration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:926 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:929 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:943 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:934 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:951 +msgid "polkit-1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:966 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:975 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:978 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:991 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1001 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1004 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1017 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1026 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1031 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1036 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1041 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1046 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1051 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1057 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1063 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1066 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1072 +msgid "Default: 30 days" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1078 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1081 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expects 2 integers separated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the initial timeout in seconds before the task is run for the " +"first time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1090 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1096 +msgid "ad_update_samba_machine_account_password (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1099 +msgid "" +"If enabled, when SSSD renews the machine account password, it will also be " +"updated in Samba's database. This prevents Samba's copy of the machine " +"account password from getting out of date when it is set up to use AD for " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1112 +msgid "ad_use_ldaps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1115 +msgid "" +"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " +"3628. If this option is set to True SSSD will use the LDAPS port 636 and " +"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " +"have multiple encryption layers on a single connection and we still want to " +"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " +"property maxssf is set to 0 (zero) for those connections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1132 +#, fuzzy +#| msgid "ldap_sudo_include_netgroups (boolean)" +msgid "ad_allow_remote_domain_local_groups (boolean)" +msgstr "ldap_sudo_include_netgroups (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1135 +msgid "" +"If this option is set to <quote>true</quote> SSSD will not filter out Domain " +"Local groups from remote domains in the AD forest. By default they are " +"filtered out e.g. when following a nested group hierarchy in remote domains " +"because they are not valid in the local domain. To be compatible with other " +"solutions which make AD users and groups available on Linux client this " +"option was added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1145 +msgid "" +"Please note that setting this option to <quote>true</quote> will be against " +"the intention of Domain Local group in Active Directory and <emphasis>SHOULD " +"ONLY BE USED TO FACILITATE MIGRATION FROM OTHER SOLUTIONS</emphasis>. " +"Although the group exists and user can be member of the group the intention " +"is that the group should be only used in the domain it is defined and in no " +"others. Since there is only one type of POSIX groups the only way to achieve " +"this on the Linux side is to ignore those groups. This is also done by " +"Active Directory as can be seen in the PAC of the Kerberos ticket for a " +"local service or in tokenGroups requests where remote Domain Local groups " +"are missing as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1161 +msgid "" +"Given the comments above, if this option is set to <quote>true</quote> the " +"tokenGroups request must be disabled by setting <quote>ldap_use_tokengroups</" +"quote> to <quote>false</quote> to get consistent group-memberships of a " +"users. Additionally the Global Catalog lookup should be skipped as well by " +"setting <quote>ad_enable_gc</quote> to <quote>false</quote>. Finally it " +"might be necessary to modify <quote>ldap_group_nesting_level</quote> if the " +"remote Domain Local groups can only be found with a deeper nesting level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1184 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1214 +msgid "Default: 3600 (seconds)" +msgstr "初期値: 3600 (秒)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1230 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1243 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true. Note that the " +"lowest possible value is 60 seconds in-case if value is provided less than " +"60, parameter will assume lowest value only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1393 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" +"以下の例は SSSD が正しく設定され、example.com が <replaceable>[sssd]</" +"replaceable> セクションにあるドメインの一つであると仮定しています。この例は " +"AD プロバイダー固有のオプションのみ示してします。" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1400 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1420 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1416 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1426 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1434 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included in the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "sssd-sudo" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "SSSD バックエンドを用いた sudo の設定法" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "sudoers: files sss\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "sudo ルールを取得するよう SSSD を設定する方法" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:98 +msgid "" +"<placeholder type=\"programlisting\" id=\"0\"/> <phrase " +"condition=\"have_systemd\"> It's important to note that on platforms where " +"systemd is supported there's no need to add the \"sudo\" provider to the " +"list of services, as it became optional. However, sssd-sudo.socket must be " +"enabled instead. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:118 +msgid "" +"When SSSD is configured to use IPA as the ID provider, the sudo provider is " +"automatically enabled. The sudo search base is configured to use the IPA " +"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in " +"sssd.conf, this value will be used instead. The compat tree (ou=sudoers," +"$SUFFIX) is no longer required for IPA sudo functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:128 +msgid "The SUDO rule caching mechanism" +msgstr "SUDO ルールキャッシュメカニズム" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:130 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:138 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:144 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:161 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:168 +msgid "keyword ALL" +msgstr "keyword ALL" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:173 +msgid "wildcard" +msgstr "ワイルドカード" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:178 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "netgroup (\"+netgroup\" の形式)" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:183 +msgid "hostname or fully qualified domain name of this machine" +msgstr "このマシンのホスト名または完全修飾ドメイン名" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:188 +msgid "one of the IP addresses of this machine" +msgstr "このマシンの IP アドレスのどれか" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:193 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "ネットワークの IP アドレスのどれか (\"address/mask\" 形式)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:199 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:213 +msgid "Tuning the performance" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:215 +msgid "" +"SSSD uses different kinds of mechanisms with more or less complex LDAP " +"filters to keep the cached sudo rules up to date. The default configuration " +"is set to values that should satisfy most of our users, but the following " +"paragraphs contain few tips on how to fine- tune the configuration to your " +"requirements." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:222 +msgid "" +"1. <emphasis>Index LDAP attributes</emphasis>. Make sure that following LDAP " +"attributes are indexed: objectClass, cn, entryUSN or modifyTimestamp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:227 +msgid "" +"2. <emphasis>Set ldap_sudo_search_base</emphasis>. Set the search base to " +"the container that holds the sudo rules to limit the scope of the lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:232 +msgid "" +"3. <emphasis>Set full and smart refresh interval</emphasis>. If your sudo " +"rules do not change often and you do not require quick update of cached " +"rules on your clients, you may consider increasing the " +"<emphasis>ldap_sudo_full_refresh_interval</emphasis> and " +"<emphasis>ldap_sudo_smart_refresh_interval</emphasis>. You may also consider " +"disabling the smart refresh by setting " +"<emphasis>ldap_sudo_smart_refresh_interval = 0</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:241 +msgid "" +"4. If you have large number of clients, you may consider increasing the " +"value of <emphasis>ldap_sudo_random_offset</emphasis> to distribute the load " +"on the server better." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "sssd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "System Security Services Daemon" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" +"<command>SSSD</command> はリモートディレクトリーへのアクセスと認証メカニズム" +"を管理するための一組のデーモンを提供します。システムへの NSS と PAM インター" +"フェースを提供します。また、D-Bus インターフェースのように複数の異なるアカウ" +"ントソースに接続するための取り外し可能なバックエンドシステムを提供します。ク" +"ライアント監査、およびFreeIPA のようなプロジェクトに対するポリシーサービスを" +"提供する基礎となります。ローカルユーザーだけでなく拡張ユーザーデータを保存す" +"るためのより強靭なデータベースを提供します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "<emphasis>1</emphasis>: デバッグメッセージに日時を追加します" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "<emphasis>0</emphasis>: デバッグメッセージで日時を無効にします" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" +"<emphasis>1</emphasis>: デバッグメッセージにミリ秒をタイムスタンプに追加しま" +"す" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "<emphasis>0</emphasis>: 日時でマイクロ秒を無効にします" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>--logger=</option><replaceable>value</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "Location where SSSD will send log messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:92 +msgid "" +"<emphasis>stderr</emphasis>: Redirect debug messages to standard error " +"output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:96 +msgid "" +"<emphasis>files</emphasis>: Redirect debug messages to the log files. By " +"default, the log files are stored in <filename>/var/log/sssd</filename> and " +"there are separate log files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:102 +msgid "" +"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:106 +msgid "" +"Default: not set (fall back to journald if available, otherwise to stderr)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:113 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "<option>-D</option>,<option>--daemon</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:117 +msgid "Become a daemon after starting up." +msgstr "起動後にデーモンになります。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:123 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "<option>-i</option>,<option>--interactive</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:127 +msgid "Run in the foreground, don't become a daemon." +msgstr "フォアグラウンドで実行して、デーモンになりません。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:133 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "<option>-c</option>,<option>--config</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:137 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"非標準の設定ファイルを指定します。初期値は <filename>/etc/sssd/sssd.conf</" +"filename> です。設定ファイルの構文とオプションは <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> マニュアルページを参照してください。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "<option>-g</option>,<option>--genconf</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:154 +msgid "" +"Do not start the SSSD, but refresh the configuration database from the " +"contents of <filename>/etc/sssd/sssd.conf</filename> and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:162 +msgid "<option>-s</option>,<option>--genconf-section</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:166 +msgid "" +"Similar to <quote>--genconf</quote>, but only refresh a single section from " +"the configuration file. This option is useful mainly to be called from " +"systemd unit files to allow socket-activated responders to refresh their " +"configuration without requiring the administrator to restart the whole SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:178 +msgid "<option>--version</option>" +msgstr "<option>--version</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:182 +msgid "Print version number and exit." +msgstr "バージョン番号を表示して終了します。" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:190 +msgid "Signals" +msgstr "シグナル" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:193 +msgid "SIGTERM/SIGINT" +msgstr "SIGTERM/SIGINT" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:196 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" +"SSSD にすべての子プロセスを穏やかに停止するよう通知して、モニターをシャットダ" +"ウンします。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:202 +msgid "SIGHUP" +msgstr "SIGHUP" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:205 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" +"SSSD が現在のデバッグファイルディスクリプターに書き込むことを止めて、それらを" +"閉じてから開きなおすよう指示します。これは logrotate のようなプログラムを用い" +"てログローテーションを促進することを意味します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:213 +msgid "SIGUSR1" +msgstr "SIGUSR1" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:216 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:225 +msgid "SIGUSR2" +msgstr "SIGUSR2" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:228 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:240 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:244 +msgid "" +"If the environment variable SSS_LOCKFREE is set to \"NO\", requests from " +"multiple threads of a single application will be serialized." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "sss_obfuscate" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "平文パスワードをわかりにくくする" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" +"<command>sss_obfuscate</command> は、与えられたパスワードを人間が読みにくい形" +"式に変換して、SSSD 設定ファイルの適切なドメインセクションに置きます。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" +"平文のパスワードは、標準入力から読み込まれます、または対話的に入力されます。" +"解読しにくくされたパスワードが指定された SSSD ドメインの " +"<quote>ldap_default_authtok</quote> パラメータに置かれます。また " +"<quote>ldap_default_authtok_type</quote> パラメーターが " +"<quote>obfuscated_password</quote> に設定されます。これらのパラメーターの詳細" +"は <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> を参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" +"パスワードをわかりにくくすることは、攻撃者がパスワードをリバースエンジニアリ" +"ングできるので <emphasis>実際にセキュリティの便益</emphasis> は提供されませ" +"ん。クライアントサイド証明書や GSSAPI のようなより良い認証機構を使用すること" +"を <emphasis>強く</emphasis> 推奨します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "<option>-s</option>,<option>--stdin</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "解読しにくくするパスワードが標準入力から読み込まれます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" +"パスワードに使用する SSSD ドメインです。名前の初期値は <quote>default</" +"quote> です。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "位置パラメーターにより指定された設定ファイルを読み込みます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "初期値: <filename>/etc/sssd/sssd.conf</filename>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:48 +msgid "" +"<emphasis>NOTE:</emphasis> The options provided in this man page only work " +"with <quote>ldap</quote> and <quote>AD</quote> <quote> id_provider</quote>. " +"IPA overrides can be managed centrally on the IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:56 sssctl.8.xml:41 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:58 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:65 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED " +"CERTIFICATE</optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:78 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:86 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:91 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:100 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:105 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:113 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:118 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:124 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:134 +msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:137 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:146 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:149 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:155 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:160 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:168 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:175 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:183 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:188 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:197 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:202 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:210 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:215 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:221 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:231 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:234 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:243 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:246 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:252 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:257 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:267 sssctl.8.xml:50 +msgid "COMMON OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:269 sssctl.8.xml:52 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:274 sssctl.8.xml:57 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "sssd-krb5" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" +"このマニュアルは <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> に対する Kerberos 5 認証バックエンド" +"の設定を説明しています。詳細な構文の参考資料は、<citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> マニュアルページの <quote>ファイル形式</quote> セクションを参照" +"してください。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" +"Kerberos 5 認証バックエンドは認証プロバイダーおよびパスワード変更プロバイダー" +"を含みます。正しく機能するためには識別プロダイバーと組み合わせて使用する必要" +"があります (たとえば、id_provider = ldap)。Kerberos 5 認証バックエンドにより" +"必要とされるいくつかの情報は、ユーザーの Kerberos プリンシパル名 (UPN) のよう" +"な、識別プロバイダーにより提供される必要があります。識別プロバイダーの設定は " +"UPN を指定するためのエントリーがある必要があります。これを設定する方法に関す" +"る詳細は適用可能な識別プロバイダーのマニュアルページを参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" +"UPN が識別バックエンド <command>sssd</command> において利用できない場合は、形" +"式 <replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable> " +"を使用して UPN を構築します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" +"SSSD が接続したい AD サーバー(優先順)の IP アドレスまたはホスト名のカンマ区" +"切り一覧を指定します。フェールオーバーおよびサーバー冗長化に関する詳細は " +"<quote>FAILOVER</quote> セクションを参照してください。ポート番号(コロンの後" +"ろ)をオプションとして、アドレスやホスト名の後ろに付けることもできます。これ" +"が無ければ、サービス探索が有効になっています。詳細は <quote>サービス探索</" +"quote> のセクションを参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "Kerberos レルムの名前です。このオプションは指定する必要があります。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "krb5_kpasswd, krb5_backup_kpasswd (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" +"パスワード変更サービスが KDC において実行されていなければ、代替サーバーがここ" +"で指定できます。オプションのポート番号が(コロンに続けて)アドレスまたはホス" +"ト名に追加できます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" +"フェイルオーバーとサーバー冗長性に関する詳細は、<quote>フェイルオーバー</" +"quote>のセクションを参照してください。注:KDC に対する認証がまだ可能であるな" +"らば、たとえすべての kpasswd サーバーがなかったとしても、バックエンドをオフラ" +"インに切り替えないことに注意してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "初期値: KDC を使用します" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "krb5_ccachedir (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "初期値: /tmp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "krb5_ccname_template (文字列)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "%u" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "ログイン名" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "%U" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "ログイン UID" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "%p" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "プリンシパル名" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "%r" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "レルム名" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 include/override_homedir.xml:42 +msgid "%h" +msgstr "%h" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:124 +msgid "home directory" +msgstr "ホームディレクトリー" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "%d" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:31 +msgid "%P" +msgstr "%P" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "SSSD クライアントのプロセス ID" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:56 +msgid "%%" +msgstr "%%" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:57 +msgid "a literal '%'" +msgstr "文字 '%'" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_keytab (string)" +msgstr "krb5_keytab (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" +"KDC から取得したクレディンシャルを検証するときに使用されるキーテーブルの場所" +"です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:253 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "krb5_store_password_if_offline (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:256 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:261 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:274 +msgid "krb5_use_fast (string)" +msgstr "krb5_use_fast (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:277 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" +"Kerberos の事前認証のために flexible authentication secure tunneling (FAST) " +"を有効化します。以下のオプションがサポートされます:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:282 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" +"<emphasis>never</emphasis> は FAST を使用します。このオプションを何も設定しな" +"いことと同等です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:286 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" +"<emphasis>try</emphasis> は FAST を使用します。サーバーが FAST をサポートして" +"いなければ、FAST を使用せずに認証を続行します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:291 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" +"<emphasis>demand</emphasis> は FAST を使用します。サーバーが FAST を要求しな" +"ければ、認証が失敗します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:296 +msgid "Default: not set, i.e. FAST is not used." +msgstr "初期値: 設定されません、つまり FAST が使用されません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:299 +#, fuzzy +#| msgid "NOTE: a keytab is required to use FAST." +msgid "NOTE: a keytab or support for anonymous PKINIT is required to use FAST." +msgstr "注: キーテーブルは FAST を使用する必要があります。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:303 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" +"注: SSSD は MIT Kerberos バージョン 1.8 およびそれ以降のみで FAST をサポート" +"します。SSSD が古いバージョンの MIT Kerberos を使用している場合、このオプショ" +"ンを使用すると設定エラーになります。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:312 +msgid "krb5_fast_principal (string)" +msgstr "krb5_fast_principal (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:315 +msgid "Specifies the server principal to use for FAST." +msgstr "FAST に対して使用するサーバープリンシパルを指定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:321 +#, fuzzy +#| msgid "krb5_use_kdcinfo (boolean)" +msgid "krb5_fast_use_anonymous_pkinit (boolean)" +msgstr "krb5_use_kdcinfo (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:324 +msgid "" +"If set to true try to use anonymous PKINIT instead of a keytab to get the " +"required credential for FAST. The krb5_fast_principal options is ignored in " +"this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:364 +msgid "krb5_kdcinfo_lookahead (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:367 +msgid "" +"When krb5_use_kdcinfo is set to true, you can limit the amount of servers " +"handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. This might be " +"helpful when there are too many servers discovered using SRV record." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:377 +msgid "" +"The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. " +"The first number represents number of primary servers used and the second " +"number specifies the number of backup servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:383 +msgid "" +"For example <emphasis>10:0</emphasis> means that up to 10 primary servers " +"will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " +"servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:392 +msgid "Default: 3:1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:398 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "krb5_use_enterprise_principal (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:401 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" +"ユーザープリンシパルをエンタープライズプリンシパルとして取り扱うかどうかを指" +"定します。エンタープライズプリンシパルの詳細は RFC 6806 のセクション 5 を参照" +"してください。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:407 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:410 +msgid "" +"The IPA provider will set to option to 'true' if it detects that the server " +"is capable of handling enterprise principals and the option is not set " +"explicitly in the config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:419 +#, fuzzy +#| msgid "krb5_use_kdcinfo (boolean)" +msgid "krb5_use_subdomain_realm (boolean)" +msgstr "krb5_use_kdcinfo (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:422 +msgid "" +"Specifies to use subdomains realms for the authentication of users from " +"trusted domains. This option can be set to 'true' if enterprise principals " +"are used with upnSuffixes which are not known on the parent domain KDCs. If " +"the option is set to 'true' SSSD will try to send the request directly to a " +"KDC of the trusted domain the user is coming from." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:438 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:453 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:458 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"認証モジュール krb5 が SSSD ドメインにおいて使用されていると、以下のオプショ" +"ンを使用する必要があります。 SSSD ドメインの設定における詳細は " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> マニュアルページの <quote>ドメインセクション</" +"quote> を参照してください。 <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:485 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" +"以下の例は、SSSD が正しく設定され、FOO が <replaceable>[sssd]</replaceable> " +"セクションにあるドメインの 1 つであると仮定しています。この例は Kerberos 認証" +"の設定のみを示し、識別プロバイダーを何も含みません。" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:493 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "sss_cache" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "キャッシュクリーンアップを実行する" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online. Options that invalidate a single object only accept a " +"single provided argument." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:43 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "<option>-E</option>,<option>--everything</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:47 +msgid "Invalidate all cached entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:53 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:58 +msgid "Invalidate specific user." +msgstr "特定のユーザーを無効にします。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:64 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "<option>-U</option>,<option>--users</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:68 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" +"すべてのユーザーレコードを無効にします。このオプションも設定されていると、こ" +"れが特定のユーザーの無効化を上書きします。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:75 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:80 +msgid "Invalidate specific group." +msgstr "特定のグループを無効にします。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:86 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "<option>-G</option>,<option>--groups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:90 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" +"すべてのグループレコードを無効にします。このオプションも設定されていると、こ" +"れが特定のグループの無効化を上書きします。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:97 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:102 +msgid "Invalidate specific netgroup." +msgstr "特定のネットワークグループを無効にします。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:108 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "<option>-N</option>,<option>--netgroups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:112 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" +"すべてのネットワークグループレコードを無効にします。このオプションが設定され" +"ていると、これが特定のネットワークグループの無効化を上書きします。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:119 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:124 +msgid "Invalidate specific service." +msgstr "特定のサービスを無効化します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:130 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "<option>-S</option>,<option>--services</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:134 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" +"すべてのサービスレコードを無効にします。このオプションも設定されていると、こ" +"れが特定のサービスの無効化を上書きします。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:141 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:146 +msgid "Invalidate specific autofs maps." +msgstr "特定の autofs マップを無効化します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:152 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "<option>-A</option>,<option>--autofs-maps</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:156 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" +"すべての autofs マップを無効化します。このオプションは特定のマップが設定され" +"ていても、その無効化を上書きします。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:163 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:168 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:174 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:178 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:186 +msgid "" +"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:191 +msgid "Invalidate particular sudo rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:197 +msgid "<option>-R</option>,<option>--sudo-rules</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:201 +msgid "" +"Invalidate all cached sudo rules. This option overrides invalidation of " +"specific sudo rule if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:209 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:214 +msgid "Restrict invalidation process only to a particular domain." +msgstr "無効化プロセスを特定のドメインのみに制限します。" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_cache.8.xml:224 +msgid "EFFECTS ON THE FAST MEMORY CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:226 +msgid "" +"<command>sss_cache</command> also invalidates the memory cache. Since the " +"memory cache is a file which is mapped into the memory of each process which " +"called SSSD to resolve users or groups the file cannot be truncated. A " +"special flag is set in the header of the file to indicate that the content " +"is invalid and then the file is unlinked by SSSD's NSS responder and a new " +"cache file is created. Whenever a process is now doing a new lookup for a " +"user or a group it will see the flag, close the old memory cache file and " +"map the new one into its memory. When all processes which had opened the old " +"memory cache file have closed it while looking up a user or a group the " +"kernel can release the occupied disk space and the old memory cache file is " +"finally removed completely." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:240 +msgid "" +"A special case is long running processes which are doing user or group " +"lookups only at startup, e.g. to determine the name of the user the process " +"is running as. For those lookups the memory cache file is mapped into the " +"memory of the process. But since there will be no further lookups this " +"process would never detect if the memory cache file was invalidated and " +"hence it will be kept in memory and will occupy disk space until the process " +"stops. As a result calling <command>sss_cache</command> might increase the " +"disk usage because old memory cache files cannot be removed from the disk " +"because they are still mapped by long running processes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:252 +msgid "" +"A possible work-around for long running processes which are looking up users " +"and groups only at startup or very rarely is to run them with the " +"environment variable SSS_NSS_USE_MEMCACHE set to \"NO\" so that they won't " +"use the memory cache at all and not map the memory cache file into the " +"memory. In general a better solution is to tune the cache timeout parameters " +"so that they meet the local expectations and calling <command>sss_cache</" +"command> is not needed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "sss_debuglevel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "[DEPRECATED] change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl " +"debug-level command. Please refer to the <command>sssctl</command> man page " +"for more information on sssctl usage." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "sss_seed" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "ユーザーの UID を <replaceable>UID</replaceable> に設定します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "ユーザーの GID を <replaceable>GID</replaceable> に設定します。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" +"ユーザーを説明している任意のテキスト文字列です。しばしばユーザーの完全名の項" +"目として使用されます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" +"ユーザーのホームディレクトリーを <replaceable>HOME_DIR</replaceable> に設定し" +"ます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ifp.5.xml:43 +msgid "FIND BY VALID CERTIFICATE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:45 +msgid "" +"The following options can be used to control how the certificates are " +"validated when using the FindByValidCertificate() API:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:48 sss_ssh_authorizedkeys.1.xml:92 +msgid "ca_db" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:49 sss_ssh_authorizedkeys.1.xml:93 +msgid "p11_child_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:50 sss_ssh_authorizedkeys.1.xml:94 +msgid "certificate_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:52 +#, fuzzy +#| msgid "" +#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> manual page for more details." +msgid "" +"For more details about the options see <citerefentry><refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." +msgstr "" +"詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> マニュアルページにある " +"<quote>dns_discovery_domain</quote> パラメーターを参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:62 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:69 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:75 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:79 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:93 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:108 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:115 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:116 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:119 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:120 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:123 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:127 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:128 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:97 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:141 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:133 +msgid "" +"It is possible to add another attribute to this set by using " +"<quote>+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:145 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:155 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:160 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:316 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "関連項目" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "sss_ssh_authorizedkeys" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "1" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "OpenSSH 認可キーを取得する" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" +"<command>sss_ssh_authorizedkeys</command> はユーザー <replaceable>USER</" +"replaceable> の SSH 公開鍵を取得して、 OpenSSH authorized_keys 形式に出力しま" +"す (詳細は <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> の <quote>AUTHORIZED_KEYS FILE FORMAT</quote> セク" +"ションを参照してください)。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the " +"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> man page for more details about this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:59 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:52 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_ssh_authorizedkeys.1.xml:65 +msgid "KEYS FROM CERTIFICATES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:67 +msgid "" +"In addition to the public SSH keys for user <replaceable>USER</replaceable> " +"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived " +"from the public key of a X.509 certificate as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:73 +msgid "" +"To enable this the <quote>ssh_use_certificate_keys</quote> option must be " +"set to true (default) in the [ssh] section of <filename>sssd.conf</" +"filename>. If the user entry contains certificates (see " +"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or " +"there is a certificate in an override entry for the user (see " +"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the " +"certificate is valid SSSD will extract the public key from the certificate " +"and convert it into the format expected by sshd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:90 +msgid "Besides <quote>ssh_use_certificate_keys</quote> the options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:96 +msgid "" +"can be used to control how the certificates are validated (see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:101 +msgid "" +"The validation is the benefit of using X.509 certificates instead of SSH " +"keys directly because e.g. it gives a better control of the lifetime of the " +"keys. When the ssh client is configured to use the private keys from a " +"Smartcard with the help of a PKCS#11 shared library (see " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> for details) it might be irritating that authentication is " +"still working even if the related X.509 certificate on the Smartcard is " +"already expired because neither <command>ssh</command> nor <command>sshd</" +"command> will look at the certificate at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:114 +msgid "" +"It has to be noted that the derived public SSH key can still be added to the " +"<filename>authorized_keys</filename> file of the user to bypass the " +"certificate validation if the <command>sshd</command> configuration permits " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:132 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"SSSD ドメイン <replaceable>DOMAIN</replaceable> にあるユーザーの公開鍵を検索" +"します。" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:102 +msgid "EXIT STATUS" +msgstr "終了コード" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:104 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "sss_ssh_knownhostsproxy" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "OpenSSH ホストキーを取得します" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and establishes the connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" +"<replaceable>PROXY_COMMAND</replaceable> が指定されていると、ソケットを開く代" +"わりにホストへの接続を作成するために使用されます。" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> は <citerefentry><refentrytitle>ssh</refentrytitle> " +"<manvolnum>1</manvolnum></citerefentry> 設定に対して以下のディレクティブを使" +"用することにより、ホストキー認証に <command>sss_ssh_knownhostsproxy</" +"command> を使用するために設定できます: <placeholder type=\"programlisting\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" +"ホストに接続するためにポート <replaceable>PORT</replaceable> を使用します。初" +"期値ではポート 22 が使用されます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"SSSD ドメイン <replaceable>DOMAIN</replaceable> においてホスト公開鍵を検索し" +"ます。" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:89 +msgid "<option>-k</option>,<option>--pubkey</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:93 +msgid "" +"Print the host ssh public keys for host <replaceable>HOST</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: idmap_sss.8.xml:10 idmap_sss.8.xml:15 +msgid "idmap_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: idmap_sss.8.xml:16 +msgid "SSSD's idmap_sss Backend for Winbind" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:22 +msgid "" +"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. " +"No database is required in this case as the mapping is done by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: idmap_sss.8.xml:29 +msgid "IDMAP OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: idmap_sss.8.xml:33 +msgid "range = low - high" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: idmap_sss.8.xml:35 +msgid "" +"Defines the available matching UID and GID range for which the backend is " +"authoritative." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:45 +msgid "" +"This example shows how to configure idmap_sss as the default mapping module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: idmap_sss.8.xml:50 +#, no-wrap +msgid "" +"[global]\n" +"security = ads\n" +"workgroup = <AD-DOMAIN-SHORTNAME>\n" +"\n" +"idmap config <AD-DOMAIN-SHORTNAME> : backend = sss\n" +"idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647\n" +"\n" +"idmap config * : backend = tdb\n" +"idmap config * : range = 100000-199999\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:62 +msgid "" +"Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of " +"the AD domain. If multiple AD domains should be used each domain needs an " +"<literal>idmap config</literal> line with <literal>backend = sss</literal> " +"and a line with a suitable <literal>range</literal>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:69 +msgid "" +"Since Winbind requires a writeable default backend and idmap_sss is read-" +"only the example includes <literal>backend = tdb</literal> as default." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssctl.8.xml:10 sssctl.8.xml:15 +msgid "sssctl" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssctl.8.xml:16 +msgid "SSSD control and status utility" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssctl.8.xml:21 +msgid "" +"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:32 +msgid "" +"<command>sssctl</command> provides a simple and unified way to obtain " +"information about SSSD status, such as active server, auto-discovered " +"servers, domains and cached objects. In addition, it can manage SSSD data " +"files for troubleshooting in such a way that is safe to manipulate while " +"SSSD is running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:43 +msgid "" +"To list all available commands run <command>sssctl</command> without any " +"parameters. To print help for selected command run <command>sssctl COMMAND --" +"help</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-files.5.xml:10 sssd-files.5.xml:16 +msgid "sssd-files" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-files.5.xml:17 +msgid "SSSD files provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:23 +msgid "" +"This manual page describes the files provider for <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:36 +msgid "" +"The files provider mirrors the content of the <citerefentry> " +"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files " +"provider is to make the users and groups traditionally only accessible with " +"NSS interfaces also available through the SSSD interfaces such as " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:55 +msgid "" +"Another reason is to provide efficient caching of local users and groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:58 +#, fuzzy +#| msgid "" +#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> manual page for more details." +msgid "" +"Please note that besides explicit domain definition the files provider can " +"be configured also implicitly using 'enable_files_domain' option. See " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details." +msgstr "" +"詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> マニュアルページにある " +"<quote>dns_discovery_domain</quote> パラメーターを参照してください。" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:66 +msgid "" +"SSSD never handles resolution of user/group \"root\". Also resolution of UID/" +"GID 0 is not handled by SSSD. Such requests are passed to next NSS module " +"(usually files)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:71 +msgid "" +"When SSSD is not running or responding, nss_sss returns the UNAVAIL code " +"which causes the request to be passed to the next module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:95 +msgid "passwd_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:98 +msgid "" +"Comma-separated list of one or multiple password filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:104 +msgid "Default: /etc/passwd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:110 +msgid "group_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:113 +msgid "" +"Comma-separated list of one or multiple group filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:119 +msgid "Default: /etc/group" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:125 +#, fuzzy +#| msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgid "fallback_to_nss (boolean)" +msgstr "ldap_rfc2307_fallback_to_local_users (論理値)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:128 +msgid "" +"While updating the internal data SSSD will return an error and let the " +"client continue with the next NSS module. This helps to avoid delays when " +"using the default system files <filename>/etc/passwd</filename> and " +"<filename>/etc/group</filename> and the NSS configuration has 'sss' before " +"'files' for the 'passwd' and 'group' maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:138 +msgid "" +"If the files provider is configured to monitor other files it makes sense to " +"set this option to 'False' to avoid inconsistent behavior because in general " +"there would be no other NSS module which can be used as a fallback." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:79 +msgid "" +"In addition to the options listed below, generic SSSD domain options can be " +"set where applicable. Refer to the section <quote>DOMAIN SECTIONS</quote> " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for details on the configuration of " +"an SSSD domain. But the purpose of the files provider is to expose the same " +"data as the UNIX files, just through the SSSD interfaces. Therefore not all " +"generic domain options are supported. Likewise, some global options, such as " +"overriding the shell in the <quote>nss</quote> section for all domains has " +"no effect on the files domain unless explicitly specified per-domain. " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:157 +msgid "" +"The following example assumes that SSSD is correctly configured and files is " +"one of the domains in the <replaceable>[sssd]</replaceable> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:163 +#, no-wrap +msgid "" +"[domain/files]\n" +"id_provider = files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:168 +msgid "" +"To leverage caching of local users and groups by SSSD nss_sss module must be " +"listed before nss_files module in /etc/nsswitch.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:174 +#, no-wrap +msgid "" +"passwd: sss files\n" +"group: sss files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16 +msgid "sssd-session-recording" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-session-recording.5.xml:17 +msgid "Configuring session recording with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to " +"implement user session recording on text terminals. For a detailed " +"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> " +"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:41 +msgid "" +"SSSD can be set up to enable recording of everything specific users see or " +"type during their sessions on text terminals. E.g. when users log in on the " +"console, or via SSH. SSSD itself doesn't record anything, but makes sure " +"tlog-rec-session is started upon user login, so it can record according to " +"its configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:48 +msgid "" +"For users with session recording enabled, SSSD replaces the user shell with " +"tlog-rec-session in NSS responses, and adds a variable specifying the " +"original shell to the user environment, upon PAM session setup. This way " +"tlog-rec-session can be started in place of the user shell, and know which " +"actual shell to start, once it set up the recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:60 +msgid "These options can be used to configure the session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:178 +msgid "" +"The following snippet of sssd.conf enables session recording for users " +"\"contractor1\" and \"contractor2\", and group \"students\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-session-recording.5.xml:183 +#, no-wrap +msgid "" +"[session_recording]\n" +"scope = some\n" +"users = contractor1, contractor2\n" +"groups = students\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16 +msgid "sssd-kcm" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-kcm.8.xml:17 +msgid "SSSD Kerberos Cache Manager" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:23 +msgid "" +"This manual page describes the configuration of the SSSD Kerberos Cache " +"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos " +"credential caches. It originates in the Heimdal Kerberos project, although " +"the MIT Kerberos library also provides client side (more details on that " +"below) support for the KCM credential cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:31 +msgid "" +"In a setup where Kerberos caches are managed by KCM, the Kerberos library " +"(typically used through an application, like e.g., <citerefentry> " +"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </" +"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is " +"being referred to as a <quote>\"KCM server\"</quote>. The client and server " +"communicate over a UNIX socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:42 +msgid "" +"The KCM server keeps track of each credential caches's owner and performs " +"access check control based on the UID and GID of the KCM client. The root " +"user has access to all credential caches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:47 +msgid "The KCM credential cache has several interesting properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:51 +msgid "" +"since the process runs in userspace, it is subject to UID namespacing, " +"unlike the kernel keyring" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:56 +msgid "" +"unlike the kernel keyring-based cache, which is shared between all " +"containers, the KCM server is a separate process whose entry point is a UNIX " +"socket" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:61 +msgid "" +"the SSSD implementation stores the ccaches in a database, typically located " +"at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to " +"survive KCM server restarts or machine reboots." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:67 +msgid "" +"This allows the system to use a collection-aware credential cache, yet share " +"the credential cache between some or no containers by bind-mounting the " +"socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:72 +msgid "" +"The KCM default client idle timeout is 5 minutes, this allows more time for " +"user interaction with command line tools such as kinit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:78 +msgid "USING THE KCM CREDENTIAL CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:88 +#, no-wrap +msgid "" +"[libdefaults]\n" +" default_ccache_name = KCM:\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:80 +msgid "" +"In order to use KCM credential cache, it must be selected as the default " +"credential type in <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials " +"cache name must be only <quote>KCM:</quote> without any template " +"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:93 +msgid "" +"Next, make sure the Kerberos client libraries and the KCM server must agree " +"on the UNIX socket path. By default, both use the same path <replaceable>/" +"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos " +"library, change its <quote>kcm_socket</quote> option which is described in " +"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:115 +#, no-wrap +msgid "" +"systemctl start sssd-kcm.socket\n" +"systemctl enable sssd-kcm.socket\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:104 +msgid "" +"Finally, make sure the SSSD KCM server can be contacted. The KCM service is " +"typically socket-activated by <citerefentry> <refentrytitle>systemd</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD " +"services, it cannot be started by adding the <quote>kcm</quote> string to " +"the <quote>service</quote> directive. <placeholder type=\"programlisting\" " +"id=\"0\"/> Please note your distribution may already configure the units for " +"you." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:124 +msgid "THE CREDENTIAL CACHE STORAGE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:126 +msgid "" +"The credential caches are stored in a database, much like SSSD caches user " +"or group entries. The database is typically located at <quote>/var/lib/sss/" +"secrets</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:133 +msgid "OBTAINING DEBUG LOGS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:144 +#, no-wrap +msgid "" +"[kcm]\n" +"debug_level = 10\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:149 sssd-kcm.8.xml:211 +#, no-wrap +msgid "" +"systemctl restart sssd-kcm.service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:135 +msgid "" +"The sssd-kcm service is typically socket-activated <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry>. To generate debug logs, add the following either to the " +"<filename>/etc/sssd/sssd.conf</filename> file directly or as a configuration " +"snippet to <filename>/etc/sssd/conf.d/</filename> directory: <placeholder " +"type=\"programlisting\" id=\"0\"/> Then, restart the sssd-kcm service: " +"<placeholder type=\"programlisting\" id=\"1\"/> Finally, run whatever use-" +"case doesn't work for you. The KCM logs will be generated at <filename>/var/" +"log/sssd/sssd_kcm.log</filename>. It is recommended to disable the debug " +"logs when you no longer need the debugging to be enabled as the sssd-kcm " +"service can generate quite a large amount of debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:159 +msgid "" +"Please note that configuration snippets are, at the moment, only processed " +"if the main configuration file at <filename>/etc/sssd/sssd.conf</filename> " +"exists at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:166 +msgid "RENEWALS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:174 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"krb5_renew_interval = 60m\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:168 +msgid "" +"The sssd-kcm service can be configured to attempt TGT renewal for renewable " +"TGTs stored in the KCM ccache. Renewals are only attempted when half of the " +"ticket lifetime has been reached. KCM Renewals are configured when the " +"following options are set in the [kcm] section: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:179 +msgid "" +"SSSD can also inherit krb5 options for renewals from an existing domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: sssd-kcm.8.xml:183 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"tgt_renewal_inherit = domain-name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:191 +#, no-wrap +msgid "" +"krb5_renew_interval\n" +"krb5_renewable_lifetime\n" +"krb5_lifetime\n" +"krb5_validate\n" +"krb5_canonicalize\n" +"krb5_auth_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:187 +msgid "" +"The following krb5 options can be configured in the [kcm] section to control " +"renewal behavior, these options are described in detail below <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:204 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> section of the sssd." +"conf file. Please note that because the KCM service is typically socket-" +"activated, it is enough to just restart the <quote>sssd-kcm</quote> service " +"after changing options in the <quote>kcm</quote> section of sssd.conf: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:215 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> For a detailed " +"syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:223 +msgid "" +"The generic SSSD service options such as <quote>debug_level</quote> or " +"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for a complete list. In addition, " +"there are some KCM-specific options as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:234 +msgid "socket_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:237 +msgid "The socket the KCM service will listen on." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:240 +msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:243 +msgid "" +"<phrase condition=\"have_systemd\"> Note: on platforms where systemd is " +"supported, the socket path is overwritten by the one defined in the sssd-kcm." +"socket unit file. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:252 +msgid "max_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:255 +msgid "How many credential caches does the KCM database allow for all users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:259 +msgid "Default: 0 (unlimited, only the per-UID quota is enforced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:264 +msgid "max_uid_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:267 +msgid "" +"How many credential caches does the KCM database allow per UID. This is " +"equivalent to <quote>with how many principals you can kinit</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:272 +msgid "Default: 64" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:277 +msgid "max_ccache_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:280 +msgid "" +"How big can a credential cache be per ccache. Each service ticket accounts " +"into this quota." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:284 +msgid "Default: 65536" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:289 +#, fuzzy +#| msgid "enumerate (bool)" +msgid "tgt_renewal (bool)" +msgstr "enumerate (論理値)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:292 +msgid "Enables TGT renewals functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:295 +#, fuzzy +#| msgid "Default: False (disabled)" +msgid "Default: False (Automatic renewals disabled)" +msgstr "初期値: False (無効)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:300 +#, fuzzy +#| msgid "krb5_renew_interval (string)" +msgid "tgt_renewal_inherit (string)" +msgstr "krb5_renew_interval (文字列)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:303 +msgid "Domain to inherit krb5_* options from, for use with TGT renewals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:307 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: NULL" +msgstr "初期値: 3" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:318 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>," +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16 +msgid "sssd-systemtap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-systemtap.5.xml:17 +msgid "SSSD systemtap information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:23 +msgid "" +"This manual page provides information about the systemtap functionality in " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:32 +msgid "" +"SystemTap Probe points have been added into various locations in SSSD code " +"to assist in troubleshooting and analyzing performance related issues." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:40 +msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:46 +msgid "" +"Probes and miscellaneous functions are defined in /usr/share/systemtap/" +"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp " +"respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:57 +msgid "PROBE POINTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:367 +msgid "" +"The information below lists the probe points and arguments available in the " +"following format:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:64 +msgid "probe $name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:67 +msgid "Description of probe point" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:70 +#, no-wrap +msgid "" +"variable1:datatype\n" +"variable2:datatype\n" +"variable3:datatype\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:80 +msgid "Database Transaction Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:84 +msgid "probe sssd_transaction_start" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:87 +msgid "" +"Start of a sysdb transaction, probes the sysdb_transaction_start() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118 +#: sssd-systemtap.5.xml:131 +#, no-wrap +msgid "" +"nesting:integer\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:97 +msgid "probe sssd_transaction_cancel" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:100 +msgid "" +"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() " +"function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:111 +msgid "probe sssd_transaction_commit_before" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:114 +msgid "Probes the sysdb_transaction_commit_before() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:124 +msgid "probe sssd_transaction_commit_after" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:127 +msgid "Probes the sysdb_transaction_commit_after() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:141 +msgid "LDAP Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:145 +msgid "probe sdap_search_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:148 +msgid "Probes the sdap_get_generic_ext_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:152 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"attrs:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:161 +msgid "probe sdap_search_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:164 +msgid "Probes the sdap_get_generic_ext_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:168 sssd-systemtap.5.xml:222 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:176 +msgid "probe sdap_parse_entry" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:179 +msgid "" +"Probes the sdap_parse_entry() function. It is called repeatedly with every " +"received attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:184 +#, no-wrap +msgid "" +"attr:string\n" +"value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:190 +msgid "probe sdap_parse_entry_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:193 +msgid "" +"Probes the sdap_parse_entry() function. It is called when parsing of " +"received object is finished." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:201 +msgid "probe sdap_deref_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:204 +msgid "Probes the sdap_deref_search_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:208 +#, no-wrap +msgid "" +"base_dn:string\n" +"deref_attr:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:215 +msgid "probe sdap_deref_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:218 +msgid "Probes the sdap_deref_search_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:234 +msgid "LDAP Account Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:238 +msgid "probe sdap_acct_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:241 +msgid "Probes the sdap_acct_req_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:245 sssd-systemtap.5.xml:260 +#, no-wrap +msgid "" +"entry_type:int\n" +"filter_type:int\n" +"filter_value:string\n" +"extra_value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:253 +msgid "probe sdap_acct_req_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:256 +msgid "Probes the sdap_acct_req_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:272 +msgid "LDAP User Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:276 +msgid "probe sdap_search_user_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:279 +msgid "Probes the sdap_search_user_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:283 sssd-systemtap.5.xml:295 sssd-systemtap.5.xml:307 +#: sssd-systemtap.5.xml:319 +#, no-wrap +msgid "" +"filter:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:288 +msgid "probe sdap_search_user_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:291 +msgid "Probes the sdap_search_user_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:300 +msgid "probe sdap_search_user_save_begin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:303 +msgid "Probes the sdap_search_user_save_begin() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:312 +msgid "probe sdap_search_user_save_end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:315 +msgid "Probes the sdap_search_user_save_end() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:328 +msgid "Data Provider Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:332 +msgid "probe dp_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:335 +msgid "A Data Provider request is submitted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:338 +#, no-wrap +msgid "" +"dp_req_domain:string\n" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:346 +msgid "probe dp_req_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:349 +msgid "A Data Provider request is completed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:352 +#, no-wrap +msgid "" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +"dp_ret:int\n" +"dp_errorstr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:365 +msgid "MISCELLANEOUS FUNCTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:372 +msgid "function acct_req_desc(entry_type)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:375 +msgid "Convert entry_type to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:380 +msgid "" +"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, " +"filter_value, extra_value)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:384 +msgid "Create probe string based on filter type" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:389 +msgid "function dp_target_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:392 +msgid "Convert target to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:397 +msgid "function dp_method_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:400 +msgid "Convert method to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:410 +msgid "SAMPLE SYSTEMTAP SCRIPTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:412 +msgid "" +"Start the SystemTap script (<command>stap /usr/share/sssd/systemtap/<" +"script_name>.stp</command>), then perform an identity operation and the " +"script will collect information from probes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:418 +msgid "Provided SystemTap scripts are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:422 +msgid "dp_request.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:425 +msgid "Monitoring of data provider request performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:430 +msgid "id_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:433 +msgid "Monitoring of <command>id</command> command performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:439 +msgid "ldap_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:442 +msgid "Monitoring of LDAP queries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:447 +msgid "nested_group_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:450 +msgid "Performance of nested groups resolving." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +msgid "sssd-ldap-attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap-attributes.5.xml:17 +msgid "SSSD LDAP Provider: Mapping Attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap-attributes.5.xml:23 +msgid "" +"This manual page describes the mapping attributes of SSSD LDAP provider " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. Refer to the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " +"for full details about SSSD LDAP provider configuration options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:38 +msgid "USER ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:42 +msgid "ldap_user_object_class (string)" +msgstr "ldap_user_object_class (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:45 +msgid "The object class of a user entry in LDAP." +msgstr "LDAP にあるユーザーエントリーのオブジェクトクラスです。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:48 +msgid "Default: posixAccount" +msgstr "初期値: posixAccount" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:54 +msgid "ldap_user_name (string)" +msgstr "ldap_user_name (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:57 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "ユーザーのログイン名に対応する LDAP の属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:61 +msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:68 +msgid "ldap_user_uid_number (string)" +msgstr "ldap_user_uid_number (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:71 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "ユーザーの ID に対応する LDAP の属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:75 +msgid "Default: uidNumber" +msgstr "初期値: uidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:81 +msgid "ldap_user_gid_number (string)" +msgstr "ldap_user_gid_number (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:84 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "ユーザーのプライマリーグループ ID に対応する LDAP の属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:88 sssd-ldap-attributes.5.xml:698 +msgid "Default: gidNumber" +msgstr "初期値: gidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:94 +msgid "ldap_user_primary_group (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:97 +msgid "" +"Active Directory primary group attribute for ID-mapping. Note that this " +"attribute should only be set manually if you are running the <quote>ldap</" +"quote> provider with ID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:103 +msgid "Default: unset (LDAP), primaryGroupID (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:109 +msgid "ldap_user_gecos (string)" +msgstr "ldap_user_gecos (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:112 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "ユーザーの gecos 項目に対応する LDAP の属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:116 +msgid "Default: gecos" +msgstr "初期値: gecos" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:122 +msgid "ldap_user_home_directory (string)" +msgstr "ldap_user_home_directory (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:125 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "ユーザーのホームディレクトリーの名前を含む LDAP の属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:129 +msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:135 +msgid "ldap_user_shell (string)" +msgstr "ldap_user_shell (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:138 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "ユーザーの初期シェルのパスを含む LDAP の属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:142 +msgid "Default: loginShell" +msgstr "初期値: loginShell" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:148 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:151 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:155 sssd-ldap-attributes.5.xml:724 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:162 +msgid "ldap_user_objectsid (string)" +msgstr "ldap_user_objectsid (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:165 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"LDAP ユーザーオブジェクトの objectSID を含む LDAP 属性です。これは通常 " +"ActiveDirectory サーバーに対してのみ必要です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:170 sssd-ldap-attributes.5.xml:739 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:177 +msgid "ldap_user_modify_timestamp (string)" +msgstr "ldap_user_modify_timestamp (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:180 sssd-ldap-attributes.5.xml:749 +#: sssd-ldap-attributes.5.xml:872 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "親オブジェクトの最終変更のタイムスタンプを含む LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:184 sssd-ldap-attributes.5.xml:753 +#: sssd-ldap-attributes.5.xml:879 +msgid "Default: modifyTimestamp" +msgstr "初期値: modifyTimestamp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:190 +msgid "ldap_user_shadow_last_change (string)" +msgstr "ldap_user_shadow_last_change (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:193 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" +"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> の対応部分(最終パスワード変更日)に対応する LDAP 属性の名前を" +"含みます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:203 +msgid "Default: shadowLastChange" +msgstr "初期値: shadowLastChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:209 +msgid "ldap_user_shadow_min (string)" +msgstr "ldap_user_shadow_min (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:212 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" +"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> の対応部分(最小パスワード期限)に対応する LDAP 属性の名前を含" +"みます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:221 +msgid "Default: shadowMin" +msgstr "初期値: shadowMin" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:227 +msgid "ldap_user_shadow_max (string)" +msgstr "ldap_user_shadow_max (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:230 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" +"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> の対応部分(最大パスワード期限)に対応する LDAP 属性の名前を含" +"みます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:239 +msgid "Default: shadowMax" +msgstr "初期値: shadowMax" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:245 +msgid "ldap_user_shadow_warning (string)" +msgstr "ldap_user_shadow_warning (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:248 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" +"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> の対応部分(パスワード警告期間)に対応する LDAP 属性の名前を含" +"みます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:258 +msgid "Default: shadowWarning" +msgstr "初期値: shadowWarning" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:264 +msgid "ldap_user_shadow_inactive (string)" +msgstr "ldap_user_shadow_inactive (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:267 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" +"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> の対応部分(パスワード無効期間)に対応する LDAP 属性の名前を含" +"みます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:277 +msgid "Default: shadowInactive" +msgstr "初期値: shadowInactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:283 +msgid "ldap_user_shadow_expire (string)" +msgstr "ldap_user_shadow_expire (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:286 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" +"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> の対応部分(アカウント失効日)に対応する LDAP 属性の名前を含み" +"ます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:296 +msgid "Default: shadowExpire" +msgstr "初期値: shadowExpire" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:302 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "ldap_user_krb_last_pwd_change (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:305 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" +"ldap_pwd_policy=mit_kerberos を使用しているとき、このパラメーターは Kerberos " +"の最終パスワード変更日時を保存する LDAP 属性の名前を含みます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:311 +msgid "Default: krbLastPwdChange" +msgstr "初期値: krbLastPwdChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:317 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "ldap_user_krb_password_expiration (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:320 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" +"ldap_pwd_policy=mit_kerberos を使用しているとき、このパラメーターは現在のパス" +"ワード失効日時を保存する LDAP 属性の名前を含みます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:326 +msgid "Default: krbPasswordExpiration" +msgstr "初期値: krbPasswordExpiration" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:332 +msgid "ldap_user_ad_account_expires (string)" +msgstr "ldap_user_ad_account_expires (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:335 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" +"ldap_account_expire_policy=ad を使用するとき、このパラメーターはアカウントの" +"失効日時を保存する LDAP 属性の名前を含みます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:340 +msgid "Default: accountExpires" +msgstr "初期値: accountExpires" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:346 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "ldap_user_ad_user_account_control (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:349 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" +"ldap_account_expire_policy=ad を使用するとき、このパラメーターはユーザーアカ" +"ウントの制御ビット項目を保存する LDAP 属性の名前を含みます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:354 +msgid "Default: userAccountControl" +msgstr "初期値: userAccountControl" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:360 +msgid "ldap_ns_account_lock (string)" +msgstr "ldap_ns_account_lock (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:363 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" +"ldap_account_expire_policy=rhds または同等のものを使用するとき、このパラメー" +"ターがアクセスが許可されるかされないかを決定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:368 +msgid "Default: nsAccountLock" +msgstr "初期値: nsAccountLock" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:374 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "ldap_user_nds_login_disabled (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:377 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" +"ldap_account_expire_policy=nds を使用するとき、アクセスが許可されるかされない" +"かをこの属性が決定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:381 sssd-ldap-attributes.5.xml:395 +msgid "Default: loginDisabled" +msgstr "初期値: loginDisabled" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:387 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "ldap_user_nds_login_expiration_time (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:390 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" +"ldap_account_expire_policy=nds を使用しているとき、この属性はデータアクセスが" +"いつまで許可されるのかを決定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:401 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "ldap_user_nds_login_allowed_time_map (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:404 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" +"ldap_account_expire_policy=nds を使用しているとき、この属性はアクセスが許可さ" +"れるときの一週間の日の時間を決定します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:409 +msgid "Default: loginAllowedTimeMap" +msgstr "初期値: loginAllowedTimeMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:415 +msgid "ldap_user_principal (string)" +msgstr "ldap_user_principal (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:418 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "ユーザーの Kerberos User Principal Name (UPN) を含む LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:422 +msgid "Default: krbPrincipalName" +msgstr "初期値: krbPrincipalName" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:428 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:431 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:436 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:446 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:456 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:459 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:463 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:466 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:476 +msgid "ldap_user_ssh_public_key (string)" +msgstr "ldap_user_ssh_public_key (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:479 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "ユーザーの SSH 公開鍵を含む LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:483 sssd-ldap-attributes.5.xml:963 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:489 +msgid "ldap_user_fullname (string)" +msgstr "ldap_user_fullname (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:492 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "ユーザーの完全名に対応する LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:502 +msgid "ldap_user_member_of (string)" +msgstr "ldap_user_member_of (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:505 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "ユーザーのグループメンバーを一覧にする LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:509 sssd-ldap-attributes.5.xml:950 +msgid "Default: memberOf" +msgstr "初期値: memberOf" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:515 +msgid "ldap_user_authorized_service (string)" +msgstr "ldap_user_authorized_service (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:518 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" +"もし access_provider=ldap かつ ldap_access_order=authorized_service ならば、" +"SSSD はアクセス権限を決定するために、ユーザーの LDAP エントリーにある " +"authorizedService 属性を使用します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:525 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" +"明示的な拒否 (!svc) が始めに解決されます。次に SSSD は明示的な許可 (svc) を検" +"索します。最後にすべて許可 (*) を検索します。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:530 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:537 +msgid "" +"Some distributions (such as Fedora-29+ or RHEL-8) always include the " +"<quote>systemd-user</quote> PAM service as part of the login process. " +"Therefore when using service-based access control, the <quote>systemd-user</" +"quote> service might need to be added to the list of allowed services." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:545 +msgid "Default: authorizedService" +msgstr "初期値: authorizedService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:551 +msgid "ldap_user_authorized_host (string)" +msgstr "ldap_user_authorized_host (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:554 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" +"access_provider=ldap かつ ldap_access_order=host ならば、 SSSD はアクセス権限" +"を決めるために、ユーザーの LDAP エントリーにあるホスト属性の存在を使用しま" +"す。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:560 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" +"明示的な拒否 (!host) がまず解決されます。次に SSSD が明示的な許可 (host) を検" +"索します。最後にすべて許可 (*) が検索されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:565 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:572 +msgid "Default: host" +msgstr "初期値: host" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:578 +msgid "ldap_user_authorized_rhost (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:581 +msgid "" +"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the " +"presence of the rhost attribute in the user's LDAP entry to determine access " +"privilege. Similarly to host verification process." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:588 +msgid "" +"An explicit deny (!rhost) is resolved first. Second, SSSD searches for " +"explicit allow (rhost) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:593 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>rhost</quote> in order for the " +"ldap_user_authorized_rhost option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:600 +msgid "Default: rhost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:606 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:609 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:613 +msgid "Default: userCertificate;binary" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:619 +msgid "ldap_user_email (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:622 +msgid "Name of the LDAP attribute containing the email address of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:626 +msgid "" +"Note: If an email address of a user conflicts with an email address or fully " +"qualified name of another user, then SSSD will not be able to serve those " +"users properly. If for some reason several users need to share the same " +"email address then set this option to a nonexistent attribute name in order " +"to disable user lookup/login by email." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:635 +msgid "Default: mail" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:640 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ldap_user_passkey (string)" +msgstr "ldap_user_name (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:643 +#, fuzzy +#| msgid "The LDAP attribute that contains the port managed by this service." +msgid "" +"Name of the LDAP attribute containing the passkey mapping data of the user." +msgstr "このサービスにより管理されるポートを含む LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:647 +msgid "Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:657 +msgid "GROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:661 +msgid "ldap_group_object_class (string)" +msgstr "ldap_group_object_class (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:664 +msgid "The object class of a group entry in LDAP." +msgstr "LDAP にあるグループエントリーのオブジェクトクラスです。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:667 +msgid "Default: posixGroup" +msgstr "初期値: posixGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:673 +msgid "ldap_group_name (string)" +msgstr "ldap_group_name (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:676 +msgid "" +"The LDAP attribute that corresponds to the group name. In an environment " +"with nested groups, this value must be an LDAP attribute which has a unique " +"name for every group. This requirement includes non-POSIX groups in the tree " +"of nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:684 +msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:691 +msgid "ldap_group_gid_number (string)" +msgstr "ldap_group_gid_number (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:694 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "グループの ID に対応する LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:704 +msgid "ldap_group_member (string)" +msgstr "ldap_group_member (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:707 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "グループのメンバーの名前を含む LDAP の属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:711 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "初期値: memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:717 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:720 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:731 +msgid "ldap_group_objectsid (string)" +msgstr "ldap_group_objectsid (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:734 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"LDAP グループオブジェクトの objectSID を含む LDAP 属性です。これは通常 " +"ActiveDirectory サーバーに対してのみ必要です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:746 +msgid "ldap_group_modify_timestamp (string)" +msgstr "ldap_group_modify_timestamp (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:759 +msgid "ldap_group_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:762 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:767 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:773 +msgid "Default: groupType in the AD provider, otherwise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:780 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:783 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:789 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:799 +msgid "NETGROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:803 +msgid "ldap_netgroup_object_class (string)" +msgstr "ldap_netgroup_object_class (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:806 +msgid "The object class of a netgroup entry in LDAP." +msgstr "LDAP にあるネットワークグループエントリーのオブジェクトクラスです。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:809 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" +"IPA プロバイダーにおいては ipa_netgroup_object_class が代わりに使用されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:813 +msgid "Default: nisNetgroup" +msgstr "初期値: nisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:819 +msgid "ldap_netgroup_name (string)" +msgstr "ldap_netgroup_name (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:822 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "ネットワークグループ名に対応する LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:826 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "IPA プロバイダーにおいては ipa_netgroup_name が代わりに使用されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:836 +msgid "ldap_netgroup_member (string)" +msgstr "ldap_netgroup_member (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:839 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "ネットワークグループのメンバーの名前を含む LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:843 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" +"IPA プロバイダーにおいては ipa_netgroup_member が代わりに使用されます。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:847 +msgid "Default: memberNisNetgroup" +msgstr "初期値: memberNisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:853 +msgid "ldap_netgroup_triple (string)" +msgstr "ldap_netgroup_triple (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:856 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" +"ネットワークグループの三つ組(ホスト、ユーザー、ドメイン)を含む LDAP 属性で" +"す。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:860 sssd-ldap-attributes.5.xml:876 +msgid "This option is not available in IPA provider." +msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:863 +msgid "Default: nisNetgroupTriple" +msgstr "初期値: nisNetgroupTriple" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:869 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "ldap_netgroup_modify_timestamp (文字列)" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:888 +msgid "HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:892 +msgid "ldap_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:895 +msgid "The object class of a host entry in LDAP." +msgstr "LDAP にあるホストエントリーのオブジェクトクラスです。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:898 sssd-ldap-attributes.5.xml:995 +msgid "Default: ipService" +msgstr "初期値: ipService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:904 +msgid "ldap_host_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:907 sssd-ldap-attributes.5.xml:933 +msgid "The LDAP attribute that corresponds to the host's name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:917 +msgid "ldap_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:920 +msgid "" +"The LDAP attribute that corresponds to the host's fully-qualified domain " +"name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:924 +msgid "Default: fqdn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:930 +msgid "ldap_host_serverhostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:937 +msgid "Default: serverHostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:943 +msgid "ldap_host_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:946 +msgid "The LDAP attribute that lists the host's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:956 +msgid "ldap_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:959 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "ホストの SSH 公開鍵を含む LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:969 +msgid "ldap_host_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:972 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:985 +msgid "SERVICE ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:989 +msgid "ldap_service_object_class (string)" +msgstr "ldap_service_object_class (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:992 +msgid "The object class of a service entry in LDAP." +msgstr "LDAP にあるサービスエントリーのオブジェクトクラスです。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1001 +msgid "ldap_service_name (string)" +msgstr "ldap_service_name (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1004 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "サービス属性の名前とそのエイリアスを含む LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1014 +msgid "ldap_service_port (string)" +msgstr "ldap_service_port (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1017 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "このサービスにより管理されるポートを含む LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1021 +msgid "Default: ipServicePort" +msgstr "初期値: ipServicePort" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1027 +msgid "ldap_service_proto (string)" +msgstr "ldap_service_proto (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1030 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "このサービスにより認識されるプロトコルを含む LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1034 +msgid "Default: ipServiceProtocol" +msgstr "初期値: ipServiceProtocol" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1043 +msgid "SUDO ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1047 +msgid "ldap_sudorule_object_class (string)" +msgstr "ldap_sudorule_object_class (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1050 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "LDAP にある sudo ルールエントリーのオブジェクトクラスです。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1053 +msgid "Default: sudoRole" +msgstr "初期値: sudoRole" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1059 +msgid "ldap_sudorule_name (string)" +msgstr "ldap_sudorule_name (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1062 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "sudo ルール名に対応する LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1072 +msgid "ldap_sudorule_command (string)" +msgstr "ldap_sudorule_command (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1075 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "コマンド名に対応する LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1079 +msgid "Default: sudoCommand" +msgstr "初期値: sudoCommand" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1085 +msgid "ldap_sudorule_host (string)" +msgstr "ldap_sudorule_host (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1088 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" +"ホスト名(またはホスト IP アドレス、ホスト IP ネットワーク、ホストネットワー" +"クグループ)に対応する LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1093 +msgid "Default: sudoHost" +msgstr "初期値: sudoHost" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1099 +msgid "ldap_sudorule_user (string)" +msgstr "ldap_sudorule_user (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1102 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" +"ユーザー名(または UID、グループ名、ユーザーのネットワークグループ)に対応す" +"る LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1106 +msgid "Default: sudoUser" +msgstr "初期値: sudoUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1112 +msgid "ldap_sudorule_option (string)" +msgstr "ldap_sudorule_option (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1115 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "sudo オプションに対応する LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1119 +msgid "Default: sudoOption" +msgstr "初期値: sudoOption" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1125 +msgid "ldap_sudorule_runasuser (string)" +msgstr "ldap_sudorule_runasuser (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1128 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "コマンドを実行するユーザー名に対応する LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1132 +msgid "Default: sudoRunAsUser" +msgstr "初期値: sudoRunAsUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1138 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "ldap_sudorule_runasgroup (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1141 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" +"コマンドを実行するグループ名またはグループの GID に対応する LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1145 +msgid "Default: sudoRunAsGroup" +msgstr "初期値: sudoRunAsGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1151 +msgid "ldap_sudorule_notbefore (string)" +msgstr "ldap_sudorule_notbefore (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1154 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "sudo ルールが有効になる開始日時に対応する LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1158 +msgid "Default: sudoNotBefore" +msgstr "初期値: sudoNotBefore" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1164 +msgid "ldap_sudorule_notafter (string)" +msgstr "ldap_sudorule_notafter (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1167 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" +"sudo ルールが有効ではなくなった後に、期限切れとなる日時に対応する LDAP 属性で" +"す。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1172 +msgid "Default: sudoNotAfter" +msgstr "初期値: sudoNotAfter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1178 +msgid "ldap_sudorule_order (string)" +msgstr "ldap_sudorule_order (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1181 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "ルールの並び替えインデックスに対応する LDAP 属性です。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1185 +msgid "Default: sudoOrder" +msgstr "初期値: sudoOrder" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1194 +msgid "AUTOFS ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1201 +msgid "IP HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1205 +msgid "ldap_iphost_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1208 +msgid "The object class of an iphost entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1211 +msgid "Default: ipHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1217 +msgid "ldap_iphost_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1220 +msgid "" +"The LDAP attribute that contains the name of the IP host attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1230 +msgid "ldap_iphost_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1233 +msgid "The LDAP attribute that contains the IP host address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1237 +msgid "Default: ipHostNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1246 +msgid "IP NETWORK ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1250 +msgid "ldap_ipnetwork_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1253 +msgid "The object class of an ipnetwork entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1256 +msgid "Default: ipNetwork" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1262 +msgid "ldap_ipnetwork_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1265 +msgid "" +"The LDAP attribute that contains the name of the IP network attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1275 +msgid "ldap_ipnetwork_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1278 +msgid "The LDAP attribute that contains the IP network address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1282 +msgid "Default: ipNetworkNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_localauth_plugin.8.xml:10 sssd_krb5_localauth_plugin.8.xml:15 +#, fuzzy +#| msgid "sssd_krb5_locator_plugin" +msgid "sssd_krb5_localauth_plugin" +msgstr "sssd_krb5_locator_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_localauth_plugin.8.xml:16 +msgid "Kerberos local authorization plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:22 +msgid "" +"The Kerberos local authorization plugin <command>sssd_krb5_localauth_plugin</" +"command> is used by libkrb5 to either find the local name for a given " +"Kerberos principal or to check if a given local name and a given Kerberos " +"principal relate to each other." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:29 +msgid "" +"SSSD handles the local names for users from a remote source and can read the " +"Kerberos user principal name from the remote source as well. With this " +"information SSSD can easily handle the mappings mentioned above even if the " +"local name and the Kerberos principal differ considerably." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:36 +msgid "" +"Additionally with the information read from the remote source SSSD can help " +"to prevent unexpected or unwanted mappings in case the user part of the " +"Kerberos principal accidentally corresponds to a local name of a different " +"user. By default libkrb5 might just strip the realm part of the Kerberos " +"principal to get the local name which would lead to wrong mappings in this " +"case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd_krb5_localauth_plugin.8.xml:46 +#, fuzzy +#| msgid "CONFIGURATION OPTIONS" +msgid "CONFIGURATION" +msgstr "設定オプション" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd_krb5_localauth_plugin.8.xml:56 +#, no-wrap +msgid "" +"[plugins]\n" +" localauth = {\n" +" module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so\n" +" }\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:48 +msgid "" +"The Kerberos local authorization plugin must be enabled explicitly in the " +"Kerberos configuration, see <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. SSSD will create a " +"config snippet with the content like e.g. <placeholder " +"type=\"programlisting\" id=\"0\"/> automatically in the SSSD's public " +"Kerberos configuration snippet directory. If this directory is included in " +"the local Kerberos configuration the plugin will be enabled automatically." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:3 +msgid "ldap_autofs_map_object_class (string)" +msgstr "ldap_autofs_map_object_class (文字列)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:6 +msgid "The object class of an automount map entry in LDAP." +msgstr "LDAP にある automount マップエントリーのオブジェクトクラスです。" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:9 +msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:16 +msgid "ldap_autofs_map_name (string)" +msgstr "ldap_autofs_map_name (文字列)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:19 +msgid "The name of an automount map entry in LDAP." +msgstr "LDAP における automount のマップエントリーの名前です。" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:22 +msgid "" +"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:29 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "ldap_autofs_entry_object_class (文字列)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:32 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:37 +msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:44 +msgid "ldap_autofs_entry_key (string)" +msgstr "ldap_autofs_entry_key (文字列)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:47 include/autofs_attributes.xml:61 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" +"LDAP にある automount エントリーのキーです。エントリーは一般的にマウントポイ" +"ントと対応します。" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:51 +msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:58 +msgid "ldap_autofs_entry_value (string)" +msgstr "ldap_autofs_entry_value (文字列)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:65 +msgid "" +"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise " +"automountInformation" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "サービス探索" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "設定" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" +"何もサーバーが指定されていなければ、バックエンドがサーバーを見つけようとする" +"ために、サービス探索を自動的に使用します。オプションとして、サーバーの一覧に" +"特別なキーワード <quote>_srv_</quote> を挿入することにより、ユーザーが固定" +"サーバーアドレスおよびサービス探索のどちらも使用することを選択できます。これ" +"は設定の順番が維持されます。たとえば、ユーザーができる限りサービス探索を使用" +"し、DNS を使用してサーバーを探索できないときに特定のサーバーにフォールバック" +"したい場合、この機能は有用です。" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "ドメイン名" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" +"詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> マニュアルページにある " +"<quote>dns_discovery_domain</quote> パラメーターを参照してください。" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "プロトコル" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" +"問い合わせは通常プロトコルとして _tcp を指定します。その他はそれぞれのオプ" +"ションの説明にドキュメント化されています。" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "関連項目" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "サービス検索メカニズムに関する詳細は RFC 2782 を参照してください。" + +#. type: Content of: <refentryinfo> +#: include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - https://github." +"com/SSSD/sssd/</orgname>" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "フェイルオーバー" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "フェイルオーバーの構文" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" +"サーバーの一覧がカンマ区切り一覧として与えられます。カンマの前後で空白はいく" +"つでも許されます。サーバーは性能の順番で一覧化されます。一覧はサーバーをいく" +"つでも含められます。" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "フェイルオーバーのメカニズム" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:53 +msgid "Failover time outs and tuning" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:55 +msgid "" +"Resolving a server to connect to can be as simple as running a single DNS " +"query or can involve several steps, such as finding the correct site or " +"trying out multiple host names in case some of the configured servers are " +"not reachable. The more complex scenarios can take some time and SSSD needs " +"to balance between providing enough time to finish the resolution process " +"but on the other hand, not trying for too long before falling back to " +"offline mode. If the SSSD debug logs show that the server resolution is " +"timing out before a live server is contacted, you can consider changing the " +"time outs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:76 +msgid "dns_resolver_server_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:80 +msgid "" +"Time in milliseconds that sets how long would SSSD talk to a single DNS " +"server before trying next one." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:90 +msgid "dns_resolver_op_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:94 +msgid "" +"Time in seconds to tell how long would SSSD try to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or discovery domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:106 +msgid "dns_resolver_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:110 +msgid "" +"How long would SSSD try to resolve a failover service. This service " +"resolution internally might include several steps, such as resolving DNS SRV " +"queries or locating the site." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:67 +msgid "" +"This section lists the available tunables. Please refer to their description " +"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:123 +msgid "" +"For LDAP-based providers, the resolve operation is performed as part of an " +"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout</" +"quote> timeout should be set to a larger value than " +"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger " +"value than <quote>dns_resolver_op_timeout</quote> which should be larger " +"than <quote>dns_resolver_server_timeout</quote>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "ID マッピング" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "マッピング・アルゴリズム" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "最小の設定 (<quote>[domain/DOMAINNAME]</quote> セクションにおいて):" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 200,000 and going up to " +"2,000,200,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "高度な設定" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "ldap_idmap_range_min (整数)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +#, fuzzy +#| msgid "" +#| "Specifies the lower bound of the range of POSIX IDs to use for mapping " +#| "Active Directory user and group SIDs." +msgid "" +"Specifies the lower (inclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"can be used for the mapping." +msgstr "" +"Active Directory ユーザーとグループの SID をマッピングするために使用する " +"POSIX ID の範囲の下限を指定します。" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:129 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:139 include/ldap_id_mapping.xml:197 +msgid "Default: 200000" +msgstr "初期値: 200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:144 +msgid "ldap_idmap_range_max (integer)" +msgstr "ldap_idmap_range_max (整数)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:147 +msgid "" +"Specifies the upper (exclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"cannot be used for the mapping anymore, i.e. one larger than the last one " +"which can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:155 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:165 +msgid "Default: 2000200000" +msgstr "初期値: 2000200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:170 +msgid "ldap_idmap_range_size (integer)" +msgstr "ldap_idmap_range_size (整数)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" +"各スライスに利用可能な ID 番号を指定します。範囲の大きさが最小値、最大値の中" +"にうまく分けられなければ、できる限り多くの完全なスライスとして作成されます。" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:185 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:192 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:202 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "ldap_idmap_default_domain_sid (文字列)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:205 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:216 +msgid "ldap_idmap_default_domain (string)" +msgstr "ldap_idmap_default_domain (文字列)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:219 +msgid "Specify the name of the default domain." +msgstr "初期ドメインの名前を指定します。" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:227 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "ldap_idmap_autorid_compat (論理値)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:230 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" +"winbind の <quote>idmap_autorid</quote> アルゴリズムとより同じように振る舞う" +"ために ID マッピングのアルゴリズムの振る舞いを変更します。" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:235 +#, fuzzy +#| msgid "" +#| "When this option is configured, domains will be allocated starting with " +#| "slice zero and increasing monatomically with each additional domain." +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monotonically with each additional domain." +msgstr "" +"このオプションが設定されるとき、ドメインはスライス 0 から始まり、各追加ドメイ" +"ンに単原子的に増加するよう割り当てられます。" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:240 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" +"注記: このアルゴリズムは非決定的です (ユーザーとグループが要求された順番に依" +"存します)。このモードはマシンが実行中の winbind と互換性が必要ならば、少なく" +"とも一つのドメインが一貫してスライス 0 に割り当てられることを保証するために、" +"<quote>ldap_idmap_default_domain_sid</quote> オプションも使用することが推奨さ" +"れます。" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:255 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:258 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:262 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:279 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:287 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:290 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:291 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:292 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:293 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:294 +msgid "Mandatory Label Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:295 +msgid "Authentication Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:296 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:297 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:299 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:303 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote>LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, " +"<quote>MANDATORY LABEL AUTHORITY</quote>, <quote>AUTHENTICATION AUTHORITY</" +"quote>, <quote>NT AUTHORITY</quote> and <quote>BUILTIN</quote> should not be " +"used as domain names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "<option>-?</option>,<option>--help</option>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "ヘルプメッセージを表示して終了します。" + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "<option>-h</option>,<option>--help</option>" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10 +msgid "Currently supported debug levels:" +msgstr "現在サポートされるデバッグレベル:" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill SSSD, but one that indicates that at least one major " +"feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x20000</emphasis>: Performance and " +"statistical data, please note that due to the way requests are processed " +"internally the logged execution time of a request might be longer than it " +"actually was." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:88 include/debug_levels_tools.xml:62 +msgid "" +"<emphasis>10</emphasis>, <emphasis>0x10000</emphasis>: Even more low-level " +"libldb tracing information. Almost never really required." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:93 include/debug_levels_tools.xml:67 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:97 include/debug_levels_tools.xml:71 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" +"<emphasis>例</emphasis>: 致命的なエラー、重大なエラー、深刻なエラーおよび関数" +"データをログに取得するには 0x0270 を使用します。" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:101 include/debug_levels_tools.xml:75 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" +"<emphasis>例</emphasis>: 致命的なエラー、設定値の設定、関数データ、内部制御関" +"数のトレースメッセージをログに取得するには 0x1310 を使用します。" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:106 include/debug_levels_tools.xml:80 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:110 include/debug_levels_tools.xml:84 +msgid "" +"<emphasis>Default</emphasis>: 0x0070 (i.e. fatal, critical and serious " +"failures; corresponds to setting 2 in decimal notation)" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "ローカルドメイン" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ldap-attributes</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ad</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +"condition=\"with_files_provider\"> <citerefentry> <refentrytitle>sssd-files</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, </phrase> <phrase " +"condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +"<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> " +"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> </phrase>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" +"オプションのベース DN。この属性の種別に対する LDAP 検索を制限する、検索範囲お" +"よび LDAP フィルター。" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "構文: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "override_homedir (文字列)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "UID 番号" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "ドメイン名" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "%f" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "完全修飾ユーザー名 (user@domain)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:27 +msgid "%l" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "The first letter of the login name." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:32 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:35 +msgid "%o" +msgstr "%o" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:37 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:44 +msgid "" +"The original home directory retrieved from the identity provider, but in " +"lower case." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:49 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:51 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"ユーザーのホームディレクトリーを上書きします。絶対パスまたはテンプレートを提" +"供できます。テンプレートでは、以下のシーケンスが置換されます: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:63 +msgid "This option can also be set per-domain." +msgstr "このオプションはドメインごとに設定できます。" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:68 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" +"override_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:72 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "初期値: 設定なし (SSSD は LDAP から取得された値を使用します)" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:76 +msgid "" +"Please note, the home directory from a specific override for the user, " +"either locally (see <citerefentry><refentrytitle>sss_override</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry>) or centrally managed " +"IPA id-overrides, has a higher precedence and will be used instead of the " +"value given by override_homedir." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2 +msgid "MODIFIED DEFAULT OPTIONS" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ad_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and AD provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9 +msgid "KRB5 Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13 +msgid "krb5_validate = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:18 +msgid "krb5_use_enterprise_principal = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:24 +msgid "LDAP Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:28 +msgid "ldap_schema = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38 +msgid "ldap_force_upper_case_realm = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:38 +msgid "ldap_id_mapping = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSS-SPNEGO" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:48 +msgid "ldap_referrals = false" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58 +msgid "ldap_use_tokengroups = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:63 +msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:66 +msgid "" +"The AD provider looks for a different principal than the LDAP provider by " +"default, because in an Active Directory environment the principals are " +"divided into two groups - User Principals and Service Principals. Only User " +"Principal can be used to obtain a TGT and by default, computer object's " +"principal is constructed from its sAMAccountName and the AD realm. The well-" +"known host/hostname@REALM principal is a Service Principal and thus cannot " +"be used to get a TGT with." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:80 +msgid "NSS configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:84 +msgid "fallback_homedir = /home/%d/%u" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:87 +msgid "" +"The AD provider automatically sets \"fallback_homedir = /home/%d/%u\" to " +"provide personal home directories for users without the homeDirectory " +"attribute. If your AD Domain is properly populated with Posix attributes, " +"and you want to avoid this fallback behavior, you can explicitly set " +"\"fallback_homedir = %o\"." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:96 +msgid "" +"Note that the system typically expects a home directory in /home/%u folder. " +"If you decide to use a different directory structure, some other parts of " +"your system may need adjustments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:102 +msgid "" +"For example automated creation of home directories in combination with " +"selinux requires selinux adjustment, otherwise the home directory will be " +"created with wrong selinux context." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ipa_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and IPA provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:18 +msgid "krb5_use_fast = try" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:23 +msgid "krb5_canonicalize = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:29 +msgid "LDAP Provider - General" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:33 +msgid "ldap_schema = ipa_v1" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSSAPI" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:48 +msgid "ldap_sasl_minssf = 56" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ipa" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:64 +msgid "LDAP Provider - User options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:68 +msgid "ldap_user_member_of = memberOf" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:73 +msgid "ldap_user_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:78 +msgid "ldap_user_ssh_public_key = ipaSshPubKey" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:83 +msgid "ldap_user_auth_type = ipaUserAuthType" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:89 +msgid "LDAP Provider - Group options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:93 +msgid "ldap_group_object_class = ipaUserGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:98 +msgid "ldap_group_object_class_alt = posixGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:103 +msgid "ldap_group_member = member" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:108 +msgid "ldap_group_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:113 +msgid "ldap_group_objectsid = ipaNTSecurityIdentifier" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:118 +msgid "ldap_group_external_member = ipaExternalMember" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:3 +msgid "krb5_auth_timeout (integer)" +msgstr "krb5_auth_timeout (整数)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:6 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" +"オンライン認証またはパスワード変更要求が中止された後の秒単位のタイムアウトで" +"す。可能ならば、認証要求がオフラインで継続されます。" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:17 +msgid "krb5_validate (boolean)" +msgstr "krb5_validate (論理値)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:20 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:29 +msgid "Default: false (IPA and AD provider: true)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:32 +#, fuzzy +#| msgid "" +#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> manual page for more details." +msgid "" +"Please note that the ticket validation is the first step when checking the " +"PAC (see 'pac_check' in the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page for " +"details). If ticket validation is disabled the PAC checks will be skipped as " +"well." +msgstr "" +"詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> マニュアルページにある " +"<quote>dns_discovery_domain</quote> パラメーターを参照してください。" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:44 +msgid "krb5_renewable_lifetime (string)" +msgstr "krb5_renewable_lifetime (文字列)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:47 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:52 include/krb5_options.xml:86 +#: include/krb5_options.xml:123 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "秒は <emphasis>s</emphasis>" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:55 include/krb5_options.xml:89 +#: include/krb5_options.xml:126 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "分は <emphasis>m</emphasis>" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:58 include/krb5_options.xml:92 +#: include/krb5_options.xml:129 +msgid "<emphasis>h</emphasis> for hours" +msgstr "時間は <emphasis>h</emphasis>" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:61 include/krb5_options.xml:95 +#: include/krb5_options.xml:132 +msgid "<emphasis>d</emphasis> for days." +msgstr "日は <emphasis>d</emphasis>" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:64 include/krb5_options.xml:135 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "単位が指定されていないと、<emphasis>s</emphasis> と仮定されます。" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:68 include/krb5_options.xml:139 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" +"注: 単位を混在できないことに注意してください。更新可能な生存期間を1時間30分に" +"指定したい場合、'1h30m' の代わりに '90m' を使用します。" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:73 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "初期値: 設定されません、つまり TGT は更新可能ではありません" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:79 +msgid "krb5_lifetime (string)" +msgstr "krb5_lifetime (文字列)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:82 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:98 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "単位が指定されていないと、<emphasis>s</emphasis> と仮定されます。" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:102 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" +"注: 単位を混在できないことに注意してください。更新可能な生存期間を1時間30分に" +"指定したい場合、'1h30m' の代わりに '90m' を使用してください。" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:107 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" +"初期値: 設定されません、つまり KDC において設定されているチケット有効期間の初" +"期値です。" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:114 +msgid "krb5_renew_interval (string)" +msgstr "krb5_renew_interval (文字列)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:117 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:144 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" +"このオプションが設定されていない場合、または 0 に設定されている場合、自動更新" +"は無効になります。" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:157 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" +"ホストとユーザーのプリンシパルが正規化されるかどうかを指定します。この機能は " +"MIT Kerberos 1.7 およびそれ以降で利用可能です。" + +#, fuzzy +#~| msgid "This option is not available in IPA provider." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。" + +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "" +#~ "ユーザーのクレディンシャルがローカル LDB キャッシュにキャッシュされるかど" +#~ "うかを決めます" + +#~ msgid "User credentials are stored in a SHA512 hash, not in plaintext" +#~ msgstr "" +#~ "ユーザーのクレディンシャルが、平文ではなく SHA512 ハッシュで保存されます" + +#~ msgid "" +#~ "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +#~ "which translates to \"the name is everything up to the <quote>@</quote> " +#~ "sign, the domain everything after that\"" +#~ msgstr "" +#~ "初期値: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> で" +#~ "す。\"the name is everything up to the <quote>@</quote> sign, the domain " +#~ "everything after that\" に解釈されます。" + +#~ msgid "The LDAP attribute that corresponds to the group name." +#~ msgstr "グループ名に対応する LDAP 属性です。" + +#~ msgid "" +#~ "Specifies the upper bound of the range of POSIX IDs to use for mapping " +#~ "Active Directory user and group SIDs." +#~ msgstr "" +#~ "Active Directory ユーザーとグループ SID をマッピングするために使用する " +#~ "POSIX ID の範囲の上限を指定します。" + +#~ msgid "sss_groupmod" +#~ msgstr "sss_groupmod" + +#~ msgid "modify a group" +#~ msgstr "グループを変更します。" + +#~ msgid "" +#~ "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_groupmod</command> modifies the group to reflect the changes " +#~ "that are specified on the command line." +#~ msgstr "" +#~ "<command>sss_groupmod</command> はコマンドラインにおいて指定された変更を反" +#~ "映するようグループを変更します。" + +#~ msgid "" +#~ "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +#~ "replaceable>" + +#~ msgid "" +#~ "Append this group to groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter " +#~ "is a comma separated list of group names." +#~ msgstr "" +#~ "このグループを <replaceable>GROUPS</replaceable> パラメーターにより指定さ" +#~ "れたグループに追加します。 <replaceable>GROUPS</replaceable> パラメーター" +#~ "はグループ名のカンマ区切り一覧です。" + +#~ msgid "" +#~ "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +#~ "replaceable>" + +#~ msgid "" +#~ "Remove this group from groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter." +#~ msgstr "" +#~ "このグループを <replaceable>GROUPS</replaceable> パラメーターにより指定さ" +#~ "れたグループから削除します。" + +#~ msgid "<quote>local</quote>: SSSD internal provider for local users" +#~ msgstr "<quote>local</quote>: ローカルユーザー向け SSSD 内部プロバイダー" + +#~ msgid "The local domain section" +#~ msgstr "ローカルドメインのセクション" + +#~ msgid "" +#~ "This section contains settings for domain that stores users and groups in " +#~ "SSSD native database, that is, a domain that uses " +#~ "<replaceable>id_provider=local</replaceable>." +#~ msgstr "" +#~ "このセクションは、ユーザーとグループを SSSD ネイティブデータベースに保存す" +#~ "るドメイン、つまり、 <replaceable>id_provider=local</replaceable> を使用す" +#~ "るドメインに対する設定を含みます。" + +#~ msgid "default_shell (string)" +#~ msgstr "default_shell (文字列)" + +#~ msgid "The default shell for users created with SSSD userspace tools." +#~ msgstr "SSSD ユーザー空間ツールを用いて作成されたユーザーの初期シェルです。" + +#~ msgid "Default: <filename>/bin/bash</filename>" +#~ msgstr "初期値: <filename>/bin/bash</filename>" + +#~ msgid "base_directory (string)" +#~ msgstr "base_directory (文字列)" + +#~ msgid "" +#~ "The tools append the login name to <replaceable>base_directory</" +#~ "replaceable> and use that as the home directory." +#~ msgstr "" +#~ "ツールがログイン名を <replaceable>base_directory</replaceable> に追加し" +#~ "て、ホームディレクトリーとして使用します。" + +#~ msgid "Default: <filename>/home</filename>" +#~ msgstr "初期値: <filename>/home</filename>" + +#~ msgid "create_homedir (bool)" +#~ msgstr "create_homedir (論理値)" + +#~ msgid "" +#~ "Indicate if a home directory should be created by default for new users. " +#~ "Can be overridden on command line." +#~ msgstr "" +#~ "初期状態で新規ユーザーに対するホームディレクトリーが作成されるかを指示しま" +#~ "す。コマンドラインにおいて上書きできます。" + +#~ msgid "remove_homedir (bool)" +#~ msgstr "remove_homedir (論理値)" + +#~ msgid "" +#~ "Indicate if a home directory should be removed by default for deleted " +#~ "users. Can be overridden on command line." +#~ msgstr "" +#~ "初期状態で新規ユーザーに対するホームディレクトリーが削除されるかを指示しま" +#~ "す。コマンドラインにおいて上書きできます。" + +#~ msgid "homedir_umask (integer)" +#~ msgstr "homedir_umask (整数)" + +#~ msgid "" +#~ "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +#~ "<manvolnum>8</manvolnum> </citerefentry> to specify the default " +#~ "permissions on a newly created home directory." +#~ msgstr "" +#~ "新規に作成されるホームディレクトリーにパーミッションの初期値を指定するため" +#~ "に <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +#~ "<manvolnum>8</manvolnum> </citerefentry> により使用されます。" + +#~ msgid "Default: 077" +#~ msgstr "初期値: 077" + +#~ msgid "skel_dir (string)" +#~ msgstr "skel_dir (文字列)" + +#~ msgid "" +#~ "The skeleton directory, which contains files and directories to be copied " +#~ "in the user's home directory, when the home directory is created by " +#~ "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +#~ "manvolnum> </citerefentry>" +#~ msgstr "" +#~ "ホームディレクトリーが <citerefentry> <refentrytitle>sss_useradd</" +#~ "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> により作成されると" +#~ "き、ユーザーのホームディレクトリーにコピーされるファイルおよびディレクト" +#~ "リーを含む、スケルトンディレクトリーです。" + +#~ msgid "Default: <filename>/etc/skel</filename>" +#~ msgstr "初期値: <filename>/etc/skel</filename>" + +#~ msgid "mail_dir (string)" +#~ msgstr "mail_dir (文字列)" + +#~ msgid "" +#~ "The mail spool directory. This is needed to manipulate the mailbox when " +#~ "its corresponding user account is modified or deleted. If not specified, " +#~ "a default value is used." +#~ msgstr "" +#~ "メールスプールディレクトリーです。これに対応するユーザーアカウントが変更ま" +#~ "たは削除されたとき、これを操作する必要があります。指定されていなければ、初" +#~ "期値が使用されます。" + +#~ msgid "Default: <filename>/var/mail</filename>" +#~ msgstr "初期値: <filename>/var/mail</filename>" + +#~ msgid "userdel_cmd (string)" +#~ msgstr "userdel_cmd (文字列)" + +#~ msgid "" +#~ "The command that is run after a user is removed. The command us passed " +#~ "the username of the user being removed as the first and only parameter. " +#~ "The return code of the command is not taken into account." +#~ msgstr "" +#~ "ユーザーの削除後に実行されるコマンドです。コマンドは最初の唯一のパラメー" +#~ "ターとして削除されるユーザーのユーザー名を渡します。コマンドの返り値は考慮" +#~ "されません。" + +#~ msgid "Default: None, no command is run" +#~ msgstr "初期値: なし、コマンドを実行しません" + +#~ msgid "sss_useradd" +#~ msgstr "sss_useradd" + +#~ msgid "create a new user" +#~ msgstr "新しいユーザーを作成する" + +#~ msgid "" +#~ "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_useradd</command> creates a new user account using the " +#~ "values specified on the command line plus the default values from the " +#~ "system." +#~ msgstr "" +#~ "<command>sss_useradd</command> は、コマンドラインにおいて指定された値とシ" +#~ "ステムの初期値を使用して、新しいユーザーを作成します。" + +#~ msgid "" +#~ "Set the UID of the user to the value of <replaceable>UID</replaceable>. " +#~ "If not given, it is chosen automatically." +#~ msgstr "" +#~ "ユーザーの UID を <replaceable>UID</replaceable> の値を設定します。与えら" +#~ "れないと、自動的に選択されます。" + +#~ msgid "" +#~ "The home directory of the user account. The default is to append the " +#~ "<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and " +#~ "use that as the home directory. The base that is prepended before " +#~ "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" +#~ "baseDirectory</quote> setting in sssd.conf." +#~ msgstr "" +#~ "ユーザーアカウントのホームディレクトリーです。初期値は <filename>/home</" +#~ "filename> に <replaceable>LOGIN</replaceable> の名前を追加して、ホームディ" +#~ "レクトリーとして使用します。 <replaceable>LOGIN</replaceable> の前につける" +#~ "ベースは sssd.conf において <quote>user_defaults/baseDirectory</quote> 設" +#~ "定で変更できます。" + +#~ msgid "" +#~ "The user's login shell. The default is currently <filename>/bin/bash</" +#~ "filename>. The default can be changed with <quote>user_defaults/" +#~ "defaultShell</quote> setting in sssd.conf." +#~ msgstr "" +#~ "ユーザーのログインシェルです。初期値は現在 <filename>/bin/bash</filename> " +#~ "です。初期値は sssd.conf において <quote>user_defaults/defaultShell</" +#~ "quote> で変更できます。" + +#~ msgid "" +#~ "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +#~ "replaceable>" + +#~ msgid "A list of existing groups this user is also a member of." +#~ msgstr "このユーザーがメンバーである既存のユーザーの一覧です。" + +#~ msgid "<option>-m</option>,<option>--create-home</option>" +#~ msgstr "<option>-m</option>,<option>--create-home</option>" + +#~ msgid "" +#~ "Create the user's home directory if it does not exist. The files and " +#~ "directories contained in the skeleton directory (which can be defined " +#~ "with the -k option or in the config file) will be copied to the home " +#~ "directory." +#~ msgstr "" +#~ "ユーザーのホームディレクトリーが存在しなければ、それを作成します。(-k オ" +#~ "プションまたは設定ファイルで定義できる)スケルトンディレクトリーにあるファ" +#~ "イルとディレクトリーがホームディレクトリーにコピーされます。" + +#~ msgid "<option>-M</option>,<option>--no-create-home</option>" +#~ msgstr "<option>-M</option>,<option>--no-create-home</option>" + +#~ msgid "" +#~ "Do not create the user's home directory. Overrides configuration settings." +#~ msgstr "ユーザーのホームディレクトリーを作成しません。設定を上書きします。" + +#~ msgid "" +#~ "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +#~ "replaceable>" + +#~ msgid "" +#~ "The skeleton directory, which contains files and directories to be copied " +#~ "in the user's home directory, when the home directory is created by " +#~ "<command>sss_useradd</command>." +#~ msgstr "" +#~ "スケルトンディレクトリーです。ホームディレクトリーが " +#~ "<command>sss_useradd</command> により作成されるとき、ユーザーのホームディ" +#~ "レクトリーにコピーされるファイルとディレクトリーを含みます。" + +#~ msgid "" +#~ "Special files (block devices, character devices, named pipes and unix " +#~ "sockets) will not be copied." +#~ msgstr "" +#~ "特殊ファイル (ブロックデバイス、キャラクターデバイス、名前付きパイプおよ" +#~ "び UNIX ソケット) はコピーされません。" + +#~ msgid "" +#~ "This option is only valid if the <option>-m</option> (or <option>--create-" +#~ "home</option>) option is specified, or creation of home directories is " +#~ "set to TRUE in the configuration." +#~ msgstr "" +#~ "<option>-m</option> (または <option>--create-home</option>) オプションが指" +#~ "定されたとき、またはホームディレクトリーの作成が設定において TRUE に設定さ" +#~ "れている場合のみ、このオプションが有効です。" + +#~ msgid "" +#~ "<option>-Z</option>,<option>--selinux-user</option> " +#~ "<replaceable>SELINUX_USER</replaceable>" +#~ msgstr "" +#~ "<option>-Z</option>,<option>--selinux-user</option> " +#~ "<replaceable>SELINUX_USER</replaceable>" + +#~ msgid "" +#~ "The SELinux user for the user's login. If not specified, the system " +#~ "default will be used." +#~ msgstr "" +#~ "ユーザーがログインする際の SELinux ユーザーです。未指定の場合、システムの" +#~ "初期値を使います。" + +#~ msgid "sss_groupadd" +#~ msgstr "sss_groupadd" + +#~ msgid "create a new group" +#~ msgstr "新しいグループを作成する" + +#~ msgid "" +#~ "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_groupadd</command> creates a new group. These groups are " +#~ "compatible with POSIX groups, with the additional feature that they can " +#~ "contain other groups as members." +#~ msgstr "" +#~ "<command>sss_groupadd</command> が新しいグループを作成します。これらのグ" +#~ "ループは POSIX グループと互換性があり、他のグループをメンバーとして含めら" +#~ "れる追加機能と互換性があります。" + +#~ msgid "" +#~ "Set the GID of the group to the value of <replaceable>GID</replaceable>. " +#~ "If not given, it is chosen automatically." +#~ msgstr "" +#~ "グループの GID を <replaceable>GID</replaceable> の値に設定します。与えら" +#~ "れないと、自動的に選択されます。" + +#~ msgid "sss_userdel" +#~ msgstr "sss_userdel" + +#~ msgid "delete a user account" +#~ msgstr "ユーザーアカウントを削除する" + +#~ msgid "" +#~ "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_userdel</command> deletes a user identified by login name " +#~ "<replaceable>LOGIN</replaceable> from the system." +#~ msgstr "" +#~ "<command>sss_userdel</command> はログイン名 <replaceable>LOGIN</" +#~ "replaceable> により識別されるユーザーをシステムから削除します。" + +#~ msgid "<option>-r</option>,<option>--remove</option>" +#~ msgstr "<option>-r</option>,<option>--remove</option>" + +#~ msgid "" +#~ "Files in the user's home directory will be removed along with the home " +#~ "directory itself and the user's mail spool. Overrides the configuration." +#~ msgstr "" +#~ "ユーザーのホームディレクトリーにあるファイルは、それ自身のホームディレクト" +#~ "リーとユーザーのメールスプールとともに削除されます。設定が上書きされます。" + +#~ msgid "<option>-R</option>,<option>--no-remove</option>" +#~ msgstr "<option>-R</option>,<option>--no-remove</option>" + +#~ msgid "" +#~ "Files in the user's home directory will NOT be removed along with the " +#~ "home directory itself and the user's mail spool. Overrides the " +#~ "configuration." +#~ msgstr "" +#~ "ユーザーのホームディレクトリーにあるファイルは、それ自身のホームディレクト" +#~ "リーとユーザーのメールスプールとともに削除されません。設定が上書きされま" +#~ "す。" + +#~ msgid "<option>-f</option>,<option>--force</option>" +#~ msgstr "<option>-f</option>,<option>--force</option>" + +#~ msgid "" +#~ "This option forces <command>sss_userdel</command> to remove the user's " +#~ "home directory and mail spool, even if they are not owned by the " +#~ "specified user." +#~ msgstr "" +#~ "このオプションは、指定されたユーザーにより所有されていないものさえ、" +#~ "<command>sss_userdel</command> がユーザーのホームディレクトリーとメールス" +#~ "プールを削除するよう強制します。" + +#~ msgid "<option>-k</option>,<option>--kick</option>" +#~ msgstr "<option>-k</option>,<option>--kick</option>" + +#~ msgid "Before actually deleting the user, terminate all his processes." +#~ msgstr "実際にユーザーを削除する前に、そのプロセスをすべて停止します。" + +#~ msgid "sss_groupdel" +#~ msgstr "sss_groupdel" + +#~ msgid "delete a group" +#~ msgstr "グループを削除する" + +#~ msgid "" +#~ "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_groupdel</command> deletes a group identified by its name " +#~ "<replaceable>GROUP</replaceable> from the system." +#~ msgstr "" +#~ "<command>sss_groupdel</command> は名前 <replaceable>GROUP</replaceable> に" +#~ "より識別されるグループをシステムから削除します。" + +#~ msgid "sss_groupshow" +#~ msgstr "sss_groupshow" + +#~ msgid "print properties of a group" +#~ msgstr "グループのプロパティーを表示します" + +#~ msgid "" +#~ "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_groupshow</command> displays information about a group " +#~ "identified by its name <replaceable>GROUP</replaceable>. The information " +#~ "includes the group ID number, members of the group and the parent group." +#~ msgstr "" +#~ "<command>sss_groupshow</command> はその名前 <replaceable>GROUP</" +#~ "replaceable> により識別されるグループに関する情報を表示します。情報はグ" +#~ "ループ ID 番号、グループのメンバーおよび親グループを含みます。" + +#~ msgid "<option>-R</option>,<option>--recursive</option>" +#~ msgstr "<option>-R</option>,<option>--recursive</option>" + +#~ msgid "" +#~ "Also print indirect group members in a tree-like hierarchy. Note that " +#~ "this also affects printing parent groups - without <option>R</option>, " +#~ "only the direct parent will be printed." +#~ msgstr "" +#~ "ツリー階層形式で間接的なグループメンバーも表示します。これは親グループの表" +#~ "示にも影響を与えることに注意してください - <option>R</option> を指定しない" +#~ "と、直接の親のみが表示されます。" + +#~ msgid "sss_usermod" +#~ msgstr "sss_usermod" + +#~ msgid "modify a user account" +#~ msgstr "ユーザーアカウントを修正します" + +#~ msgid "" +#~ "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_usermod</command> modifies the account specified by " +#~ "<replaceable>LOGIN</replaceable> to reflect the changes that are " +#~ "specified on the command line." +#~ msgstr "" +#~ "<command>sss_usermod</command> は、コマンドラインにおいて指定された変更を" +#~ "反映するために、 <replaceable>LOGIN</replaceable> により指定されたアカウン" +#~ "トを変更します。" + +#~ msgid "The home directory of the user account." +#~ msgstr "ユーザーアカウントのホームディレクトリーです。" + +#~ msgid "The user's login shell." +#~ msgstr "ユーザーのログインシェルです。" + +#~ msgid "" +#~ "Append this user to groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter " +#~ "is a comma separated list of group names." +#~ msgstr "" +#~ "このユーザーを <replaceable>GROUPS</replaceable> パラメーターにより指定さ" +#~ "れたグループに追加します。 <replaceable>GROUPS</replaceable> パラメーター" +#~ "はグループ名のカンマ区切り一覧です。" + +#~ msgid "" +#~ "Remove this user from groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter." +#~ msgstr "<replaceable>GROUPS</replaceable> " + +#~ msgid "<option>-l</option>,<option>--lock</option>" +#~ msgstr "<option>-l</option>,<option>--lock</option>" + +#~ msgid "Lock the user account. The user won't be able to log in." +#~ msgstr "" +#~ "ユーザーアカウントをロックします。ユーザーはログインできなくなります。" + +#~ msgid "<option>-u</option>,<option>--unlock</option>" +#~ msgstr "<option>-u</option>,<option>--unlock</option>" + +#~ msgid "Unlock the user account." +#~ msgstr "ユーザーアカウントのロックを解除します。" + +#~ msgid "The SELinux user for the user's login." +#~ msgstr "ユーザーのログインのための SELinux ユーザーです。" + +# auto translated by TM merge from project: SSSD, version: rhel-8, DocId: +# po/sssd +#~ msgid "Add an attribute/value pair. The format is attrname=value." +#~ msgstr "属性/値のペアを追加します。フォーマットは attrname=value です。" + +# auto translated by TM merge from project: SSSD, version: rhel-8, DocId: +# po/sssd +#~ msgid "" +#~ "Set an attribute to a name/value pair. The format is attrname=value. For " +#~ "multi-valued attributes, the command replaces the values already present" +#~ msgstr "" +#~ "名前/値のペアに属性を指定します。形式は attrname=value です。複数の値を持" +#~ "つ属性の場合、コマンドがすでに存在する値に置き換えられます" + +# auto translated by TM merge from project: SSSD, version: rhel-8, DocId: +# po/sssd +#~ msgid "Delete an attribute/value pair. The format is attrname=value." +#~ msgstr "属性/値のペアを削除します。フォーマットは attrname=value です。" + +#~ msgid "Default: /etc/krb5.keytab" +#~ msgstr "初期値: /etc/krb5.keytab" + +#~ msgid "memcache_timeout (int)" +#~ msgstr "memcache_timeout (整数)" + +#~ msgid "<option>-f</option>,<option>--debug-to-files</option>" +#~ msgstr "<option>-f</option>,<option>--debug-to-files</option>" + +#~ msgid "" +#~ "Send the debug output to files instead of stderr. By default, the log " +#~ "files are stored in <filename>/var/log/sssd</filename> and there are " +#~ "separate log files for every SSSD service and domain." +#~ msgstr "" +#~ "デバッグ出力を標準エラーの代わりにファイルに送信します。初期状態で、ログ" +#~ "ファイルは <filename>/var/log/sssd</filename> に保存され、すべての SSSD " +#~ "サービスとドメインに対して別々のログファイルがあります。" diff --git a/src/man/po/lv.po b/src/man/po/lv.po new file mode 100644 index 0000000..b136611 --- /dev/null +++ b/src/man/po/lv.po @@ -0,0 +1,18318 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# Kristaps, 2012 +# Kristaps, 2012 +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 2.3.0\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" +"PO-Revision-Date: 2014-12-15 12:00-0500\n" +"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" +"Language-Team: Latvian (http://www.transifex.com/projects/p/sssd/language/" +"lv/)\n" +"Language: lv\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 : " +"2);\n" +"X-Generator: Zanata 4.6.2\n" + +#. type: Content of: <reference><title> +#: sssd.conf.5.xml:8 sssd-ldap.5.xml:5 pam_sss.8.xml:5 pam_sss_gss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5 +#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 +#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sssd-krb5.5.xml:5 +#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5 +#: sssd-files.5.xml:5 sssd-session-recording.5.xml:5 sssd-kcm.8.xml:5 +#: sssd-systemtap.5.xml:5 sssd-ldap-attributes.5.xml:5 +#: sssd_krb5_localauth_plugin.8.xml:5 +msgid "SSSD Manual pages" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:13 sssd.conf.5.xml:19 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:14 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 +#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +#: sssd-files.5.xml:11 sssd-session-recording.5.xml:11 sssd-systemtap.5.xml:11 +#: sssd-ldap-attributes.5.xml:11 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:15 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 +#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +#: sssd-files.5.xml:12 sssd-session-recording.5.xml:12 sssd-kcm.8.xml:12 +#: sssd-systemtap.5.xml:12 sssd-ldap-attributes.5.xml:12 +msgid "File Formats and Conventions" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:20 +msgid "the configuration file for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:24 +msgid "FILE FORMAT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:32 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:27 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:39 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:44 +msgid "" +"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:50 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:56 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:62 +msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:65 +msgid "" +"The configuration file <filename>sssd.conf</filename> will include " +"configuration snippets using the include directory <filename>conf.d</" +"filename>. This feature is available if SSSD was compiled with libini " +"version 1.3.0 or later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:72 +msgid "" +"Any file placed in <filename>conf.d</filename> that ends in " +"<quote><filename>.conf</filename></quote> and does not begin with a dot " +"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> " +"to configure SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:80 +msgid "" +"The configuration snippets from <filename>conf.d</filename> have higher " +"priority than <filename>sssd.conf</filename> and will override " +"<filename>sssd.conf</filename> when conflicts occur. If several snippets are " +"present in <filename>conf.d</filename>, then they are included in " +"alphabetical order (based on locale). Files included later have higher " +"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, " +"<filename>02_snippet.conf</filename> etc.) can help visualize the priority " +"(higher number means higher priority)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:94 +msgid "" +"The snippet files require the same owner and permissions as <filename>sssd." +"conf</filename>. Which are by default root:root and 0600." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:101 +msgid "GENERAL OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:103 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:107 +msgid "Options usable in all sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:111 +msgid "debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:115 +msgid "debug (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:118 +msgid "" +"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias " +"for <replaceable>debug_level</replaceable> as a convenience feature. If both " +"are specified, the value of <replaceable>debug_level</replaceable> will be " +"used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:128 +msgid "debug_timestamps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:131 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 +msgid "Default: true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:141 +msgid "debug_microseconds (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:144 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 +#: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 +#: include/krb5_options.xml:163 +msgid "Default: false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:154 +msgid "debug_backtrace_enabled (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:157 +msgid "Enable debug backtrace." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:160 +msgid "" +"In case SSSD is run with debug_level less than 9, everything is logged to a " +"ring buffer in memory and flushed to a log file on any error up to and " +"including `min(0x0040, debug_level)` (i.e. if debug_level is explicitly set " +"to 0 or 1 then only those error levels will trigger backtrace, otherwise up " +"to 2)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:169 +msgid "" +"Feature is only supported for `logger == files` (i.e. setting doesn't have " +"effect for other logger types)." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 +#: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 +#: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 +#: sssd-ldap-attributes.5.xml:890 sssd-ldap-attributes.5.xml:987 +#: sssd-ldap-attributes.5.xml:1045 sssd-ldap-attributes.5.xml:1203 +#: sssd-ldap-attributes.5.xml:1248 include/autofs_attributes.xml:1 +#: include/krb5_options.xml:1 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:182 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:186 +msgid "timeout (integer)" +msgstr "noildze (vesels skaitlis)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:189 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests. Note " +"that after three missed heartbeats the process will terminate itself." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +msgid "Default: 10" +msgstr "Noklusējuma: 10" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:206 +msgid "SPECIAL SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:209 +msgid "The [sssd] section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><title> +#: sssd.conf.5.xml:218 +msgid "Section parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:220 +msgid "config_file_version (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:223 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:229 +msgid "services" +msgstr "pakalpojumi" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:232 +msgid "" +"Comma separated list of services that are started when sssd itself starts. " +"<phrase condition=\"have_systemd\"> The services' list is optional on " +"platforms where systemd is supported, as they will either be socket or D-Bus " +"activated when needed. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:241 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:249 +msgid "" +"<phrase condition=\"have_systemd\"> By default, all services are disabled " +"and the administrator must enable the ones allowed to be used by executing: " +"\"systemctl enable sssd-@service@.socket\". </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 +msgid "reconnection_retries (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 +#: include/failover.xml:100 +msgid "Default: 3" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:271 +msgid "domains" +msgstr "domēni" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:274 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter describes the list of domains in the order you want " +"them to be queried. A domain name is recommended to contain only " +"alphanumeric ASCII characters, dashes, dots and underscores. '/' character " +"is forbidden." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 +msgid "re_expression (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:290 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:295 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN SECTIONS " +"for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 +msgid "full_name_format (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 +msgid "%1$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 +msgid "user name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 +msgid "%2$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 +msgid "domain name as specified in the SSSD config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 +msgid "%3$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:344 +msgid "" +"Each domain can have an individual format string configured. See DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:350 +msgid "monitor_resolv_conf (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:353 +msgid "" +"Controls if SSSD should monitor the state of resolv.conf to identify when it " +"needs to update its internal DNS resolver." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:363 +msgid "try_inotify (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:366 +msgid "" +"By default, SSSD will attempt to use inotify to monitor configuration files " +"changes and will fall back to polling every five seconds if inotify cannot " +"be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:378 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:382 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:389 +msgid "krb5_rcache_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:396 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:402 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:409 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:412 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user. Currently the only supported value is '&sssd_user_name;'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:419 +msgid "" +"This option does not work when running socket-activated services, as the " +"user set up to run the processes is set up during compilation time. The way " +"to override the systemd unit files is by creating the appropriate files in /" +"etc/systemd/system/. Keep in mind that any change in the socket user, group " +"or permissions may result in a non-usable SSSD. The same may occur in case " +"of changes of the user running the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:433 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:438 +msgid "default_domain_suffix (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:441 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:451 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False. <phrase condition=\"with_files_provider\"> One exception from " +"this rule are domains with <quote>id_provider=files</quote> that always try " +"to match the behaviour of nss_files and therefore their output is not " +"qualified even when the default_domain_suffix option is used. </phrase>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 +#: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 +#: include/krb5_options.xml:148 +msgid "Default: not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:473 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:476 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:485 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:498 +msgid "certificate_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:506 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:508 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:516 +msgid "soft_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:518 +msgid "" +"If a connection cannot be established to an OCSP responder the OCSP check is " +"skipped. This option should be used to allow authentication when the system " +"is offline and the OCSP responder cannot be reached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:528 +msgid "ocsp_dgst" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "" +"Digest (hash) function used to create the certificate ID for the OCSP " +"request. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:534 +msgid "sha1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:535 +msgid "sha256" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:536 +msgid "sha384" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:537 +msgid "sha512" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:540 +msgid "Default: sha1 (to allow compatibility with RFC5019-compliant responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:546 +msgid "no_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:548 +msgid "" +"Disables verification completely. This option should only be used for " +"testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "partial_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:556 +msgid "" +"Allow verification to succeed even if a <replaceable>complete</replaceable> " +"chain cannot be built to a self-signed trust-anchor, provided it is possible " +"to construct a chain to a trusted certificate that might not be self-signed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:565 +msgid "ocsp_default_responder=URL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:567 +msgid "" +"Sets the OCSP default responder which should be used instead of the one " +"mentioned in the certificate. URL must be replaced with the URL of the OCSP " +"default responder e.g. http://example.com:80/ocsp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:577 +msgid "ocsp_default_responder_signing_cert=NAME" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:579 +msgid "" +"This option is currently ignored. All needed certificates must be available " +"in the PEM file given by pam_cert_db_path." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:587 +msgid "crl_file=/PATH/TO/CRL/FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:589 +msgid "" +"Use the Certificate Revocation List (CRL) from the given file during the " +"verification of the certificate. The CRL must be given in PEM format, see " +"<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</" +"manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:602 +msgid "soft_crl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:605 +msgid "" +"If a Certificate Revocation List (CRL) is expired ignore the CRL checks for " +"the related certificates. This option should be used to allow authentication " +"when the system is offline and the CRL cannot be renewed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:616 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:619 +msgid "Default: not set, i.e. do not restrict certificate verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:625 +msgid "disable_netlink (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "" +"SSSD hooks into the netlink interface to monitor changes to routes, " +"addresses, links and trigger certain actions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:633 +msgid "" +"The SSSD state changes caused by netlink events may be undesirable and can " +"be disabled by setting this option to 'true'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:638 +msgid "Default: false (netlink changes are detected)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:643 +msgid "enable_files_domain (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:646 +msgid "" +"When this option is enabled, SSSD prepends an implicit domain with " +"<quote>id_provider=files</quote> before any explicitly configured domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:657 +msgid "domain_resolution_order" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:660 +msgid "" +"Comma separated list of domains and subdomains representing the lookup order " +"that will be followed. The list doesn't have to include all possible " +"domains as the missing domains will be looked up based on the order they're " +"presented in the <quote>domains</quote> configuration option. The " +"subdomains which are not listed as part of <quote>lookup_order</quote> will " +"be looked up in a random order for each parent domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:672 +msgid "" +"Please, note that when this option is set the output format of all commands " +"is always fully-qualified even when using short names for input <phrase " +"condition=\"with_files_provider\"> , for all users but the ones managed by " +"the files provider </phrase>. In case the administrator wants the output " +"not fully-qualified, the full_name_format option can be used as shown below: " +"<quote>full_name_format=%1$s</quote> However, keep in mind that during " +"login, login applications often canonicalize the username by calling " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> which, if a shortname is returned for a qualified " +"input (while trying to reach a user which exists in multiple domains) might " +"re-route the login attempt into the domain which uses shortnames, making " +"this workaround totally not recommended in cases where usernames may overlap " +"between domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 +#: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 +msgid "Default: Not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:705 +msgid "implicit_pac_responder (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:708 +msgid "" +"The PAC responder is enabled automatically for the IPA and AD provider to " +"evaluate and check the PAC. If it has to be disabled set this option to " +"'false'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:719 +msgid "core_dumpable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:722 +msgid "" +"This option can be used for general system hardening: setting it to 'false' " +"forbids core dumps for all SSSD processes to avoid leaking plain text " +"passwords. See man page prctl:PR_SET_DUMPABLE for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:734 +msgid "passkey_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "user_verification (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:744 +msgid "" +"Enable or disable the user verification (i.e. PIN, fingerprint) during " +"authentication. If enabled, the PIN will always be requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:750 +msgid "" +"The default is that the key settings decide what to do. In the IPA or " +"kerberos pre-authentication case, this value will be overwritten by the " +"server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "" +"With this parameter the passkey verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:211 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:769 +msgid "SERVICES SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:771 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:778 +msgid "General service configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:780 +msgid "These options can be used to configure any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:797 +msgid "fd_limit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:800 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:814 +msgid "client_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:817 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system. The timeout " +"can't be shorter than 10 seconds. If a lower value is configured, it will be " +"adjusted to 10 seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 60, KCM: 300" +msgstr "Noklusējuma: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:831 +msgid "offline_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:834 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. By " +"default SSSD uses incremental behaviour to calculate delay in between " +"retries. So, the wait time for a given retry will be longer than the wait " +"time for the previous ones. After each unsuccessful attempt to go online, " +"the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 +msgid "" +"new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." +"offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:848 +msgid "" +"The offline_timeout default value is 60. The offline_timeout_max default " +"value is 3600. The offline_timeout_random_offset default value is 30. The " +"end result is amount of seconds before next retry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:854 +msgid "" +"Note that the maximum length of each interval is defined by " +"offline_timeout_max (apart of random part)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 +msgid "Default: 60" +msgstr "Noklusējuma: 60" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:863 +#, fuzzy +#| msgid "timeout (integer)" +msgid "offline_timeout_max (integer)" +msgstr "noildze (vesels skaitlis)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:866 +msgid "" +"Controls by how much the time between attempts to go online can be " +"incremented following unsuccessful attempts to go online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:871 +msgid "A value of 0 disables the incrementing behaviour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:874 +msgid "" +"The value of this parameter should be set in correlation to offline_timeout " +"parameter value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "" +"With offline_timeout set to 60 (default value) there is no point in setting " +"offlinet_timeout_max to less than 120 as it will saturate instantly. General " +"rule here should be to set offline_timeout_max to at least 4 times " +"offline_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "" +"Although a value between 0 and offline_timeout may be specified, it has the " +"effect of overriding the offline_timeout value so is of little use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:889 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 3600" +msgstr "Noklusējuma: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:894 +#, fuzzy +#| msgid "timeout (integer)" +msgid "offline_timeout_random_offset (integer)" +msgstr "noildze (vesels skaitlis)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:897 +msgid "" +"When SSSD is in offline mode it keeps probing backend servers in specified " +"time intervals:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:904 +msgid "" +"This parameter controls the value of the random offset used for the above " +"equation. Final random_offset value will be random number in range:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "[0 - offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:912 +msgid "A value of 0 disables the random offset addition." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:915 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 30" +msgstr "Noklusējuma: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:920 +msgid "responder_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:923 +msgid "" +"This option specifies the number of seconds that an SSSD responder process " +"can be up without being used. This value is limited in order to avoid " +"resource exhaustion on the system. The minimum acceptable value for this " +"option is 60 seconds. Setting this option to 0 (zero) means that no timeout " +"will be set up to the responder. This option only has effect when SSSD is " +"built with systemd support and when services are either socket or D-Bus " +"activated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 +msgid "Default: 300" +msgstr "Noklusējuma: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:942 +msgid "cache_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 +msgid "" +"This option specifies whether the responder should query all caches before " +"querying the Data Providers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:960 +msgid "NSS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:962 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:967 +msgid "enum_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:970 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:974 +msgid "Default: 120" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:979 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:982 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:988 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:998 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 +msgid "Default: 50" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1011 +msgid "entry_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 +msgid "Default: 15" +msgstr "Noklusējuma: 15" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1025 +msgid "local_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1028 +msgid "" +"Specifies for how many seconds nss_sss should keep local users and groups in " +"negative cache before trying to look it up in the back end again. Setting " +"the option to 0 disables this feature." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "Default: 14400 (4 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1039 +msgid "filter_users, filter_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1042 +msgid "" +"Exclude certain users or groups from being fetched from the sss NSS " +"database. This is particularly useful for system accounts. This option can " +"also be set per-domain or include fully-qualified names to filter only users " +"from the particular domain or by a user principal name (UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1050 +msgid "" +"NOTE: The filter_groups option doesn't affect inheritance of nested group " +"members, since filtering happens after they are propagated for returning via " +"NSS. E.g. a group having a member group filtered out will still have the " +"member users of the latter listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1058 +msgid "Default: root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1063 +msgid "filter_users_in_groups (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1066 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1077 +msgid "fallback_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1080 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1085 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1091 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1095 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1101 +msgid "override_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1104 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1116 +msgid "allowed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1119 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1122 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1126 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1131 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1136 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1139 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1146 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1149 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1153 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1158 +msgid "vetoed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1161 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1166 +msgid "shell_fallback (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1169 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1173 +msgid "Default: /bin/sh" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1178 +msgid "default_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1181 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1187 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 +msgid "get_domains_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1206 +#, fuzzy +#| msgid "timeout (integer)" +msgid "memcache_timeout (integer)" +msgstr "noildze (vesels skaitlis)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1209 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid. Setting this option to zero will disable the in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1217 +msgid "" +"WARNING: Disabling the in-memory cache will have significant negative impact " +"on SSSD's performance and should only be used for testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1231 +msgid "memcache_size_passwd (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1234 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for passwd requests. Setting the size to 0 will disable the passwd in-" +"memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 +msgid "" +"WARNING: Disabled or too small in-memory cache can have significant negative " +"impact on SSSD's performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1256 +#, fuzzy +#| msgid "timeout (integer)" +msgid "memcache_size_group (integer)" +msgstr "noildze (vesels skaitlis)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1259 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for group requests. Setting the size to 0 will disable the group in-memory " +"cache." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 +#: include/krb5_options.xml:11 +msgid "Default: 6" +msgstr "Noklusējuma: 6" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1281 +msgid "memcache_size_initgroups (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1284 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for initgroups requests. Setting the size to 0 will disable the initgroups " +"in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1306 +#, fuzzy +#| msgid "timeout (integer)" +msgid "memcache_size_sid (integer)" +msgstr "noildze (vesels skaitlis)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1309 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for SID related requests. Only SID-by-ID and ID-by-SID requests are " +"currently cached in fast in-memory cache. Setting the size to 0 will " +"disable the SID in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1336 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1349 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1354 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1359 +msgid "pwfield (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1362 +msgid "" +"The value that NSS operations that return users or groups will return for " +"the <quote>password</quote> field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1367 +#, fuzzy +#| msgid "Default: <quote>permit</quote>" +msgid "Default: <quote>*</quote>" +msgstr "Noklusējuma: <quote>atļaut</quote>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1370 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[nss] section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1374 +msgid "" +"Default: <quote>not set</quote> (remote domains), <phrase " +"condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" +"phrase> <quote>x</quote> (proxy domain with nss_files and sssd-shadowutils " +"target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1386 +msgid "PAM configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1388 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1393 +msgid "offline_credentials_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1396 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 +msgid "Default: 0 (No limit)" +msgstr "Noklusējuma: 0 (bez ierobežojuma)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1407 +msgid "offline_failed_login_attempts (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1410 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1420 +msgid "offline_failed_login_delay (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1423 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1428 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 +msgid "Default: 5" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1440 +msgid "pam_verbosity (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1443 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1448 +msgid "Currently sssd supports the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1451 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1454 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1458 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1465 sssd.8.xml:63 +msgid "Default: 1" +msgstr "Noklusējuma: 1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1471 +msgid "pam_response_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1474 +msgid "" +"A comma separated list of strings which allows to remove (filter) data sent " +"by the PAM responder to pam_sss PAM module. There are different kind of " +"responses sent to pam_sss e.g. messages displayed to the user or environment " +"variables which should be set by pam_sss." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1482 +msgid "" +"While messages already can be controlled with the help of the pam_verbosity " +"option this option allows to filter out other kind of responses as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1489 +msgid "ENV" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1490 +msgid "Do not send any environment variables to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1493 +msgid "ENV:var_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1494 +msgid "Do not send environment variable var_name to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1498 +msgid "ENV:var_name:service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1499 +msgid "Do not send environment variable var_name to service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1487 +msgid "" +"Currently the following filters are supported: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1506 +msgid "" +"The list of strings can either be the list of filters which would set this " +"list of filters and overwrite the defaults. Or each element of the list can " +"be prefixed by a '+' or '-' character which would add the filter to the " +"existing default or remove it from the defaults, respectively. Please note " +"that either all list elements must have a '+' or '-' prefix or none. It is " +"considered as an error to mix both styles." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1517 +msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1520 +msgid "" +"Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1527 +msgid "pam_id_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1530 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1536 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1550 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1556 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1567 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 +msgid "Default: 0" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1589 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1592 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to run PAM conversations against trusted domains. Users not " +"included in this list can only access domains marked as public with " +"<quote>pam_public_domains</quote>. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 +msgid "Default: All users are considered trusted by default" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1606 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1620 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1624 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1628 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 +msgid "Default: none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1637 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1640 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbosity is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1653 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1662 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1665 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1672 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1681 +msgid "pam_passkey_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 +msgid "Enable passkey device based authentication." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 +msgid "Default: False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1692 +msgid "passkey_debug_libfido2 (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1695 +msgid "Enable libfido2 library debug messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1703 +msgid "pam_cert_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1706 +msgid "" +"Enable certificate based Smartcard authentication. Since this requires " +"additional communication with the Smartcard which will delay the " +"authentication process this option is disabled by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1717 +msgid "pam_cert_db_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1720 +msgid "The path to the certificate database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 +msgid "Default:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 +msgid "" +"/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " +"certificates in PEM format)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1735 +msgid "pam_cert_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1738 +msgid "" +"With this parameter the PAM certificate verification can be tuned with a " +"comma separated list of options that override the " +"<quote>certificate_verification</quote> value in <quote>[sssd]</quote> " +"section. Supported options are the same of <quote>certificate_verification</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1749 +#, no-wrap +msgid "" +"pam_cert_verification = partial_chain\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1753 +msgid "" +"Default: not set, i.e. use default <quote>certificate_verification</quote> " +"option defined in <quote>[sssd]</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1760 +msgid "p11_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1763 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1772 +#, fuzzy +#| msgid "timeout (integer)" +msgid "passkey_child_timeout (integer)" +msgstr "noildze (vesels skaitlis)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1775 +msgid "" +"How many seconds will the PAM responder wait for passkey_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1784 +msgid "pam_app_services (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1787 +msgid "" +"Which PAM services are permitted to contact domains of type " +"<quote>application</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1796 +msgid "pam_p11_allowed_services (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1799 +msgid "" +"A comma-separated list of PAM service names for which it will be allowed to " +"use Smartcards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1814 +#, no-wrap +msgid "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1803 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in order " +"to replace a default PAM service name for authentication with Smartcards (e." +"g. <quote>login</quote>) with a custom PAM service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd-ad.5.xml:869 sssd-ad.5.xml:947 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1863 +msgid "gnome-screensaver" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1871 +msgid "p11_wait_for_card_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1874 +msgid "" +"If Smartcard authentication is required how many extra seconds in addition " +"to p11_child_timeout should the PAM responder wait until a Smartcard is " +"inserted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1885 +msgid "p11_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1888 +msgid "" +"PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " +"selection of devices used for Smartcard authentication. By default SSSD's " +"p11_child will search for a PKCS#11 slot (reader) where the 'removable' " +"flags is set and read the certificates from the inserted token from the " +"first slot found. If multiple readers are connected p11_uri can be used to " +"tell p11_child to use a specific reader." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1901 +#, no-wrap +msgid "" +"p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1905 +#, no-wrap +msgid "" +"p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1899 +msgid "" +"Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " +"type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " +"debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' " +"with e.g. the '--list-all' will show PKCS#11 URIs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1918 +msgid "pam_initgroups_scheme" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1926 +msgid "always" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1927 +msgid "" +"Always do an online lookup, please note that pam_id_timeout still applies" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1931 +msgid "no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1932 +msgid "" +"Only do an online lookup if there is no active session of the user, i.e. if " +"the user is currently not logged in" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1937 +msgid "never" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1938 +msgid "" +"Never force an online lookup, use the data from the cache as long as they " +"are not expired" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1921 +msgid "" +"The PAM responder can force an online lookup to get the current group " +"memberships of the user trying to log in. This option controls when this " +"should be done and the following values are allowed: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1945 +msgid "Default: no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 +msgid "pam_gssapi_services" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1953 +msgid "" +"Comma separated list of PAM services that are allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1958 +msgid "" +"To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[pam] section. It can also be set for trusted domain which overwrites the " +"value in the domain section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1970 +#, no-wrap +msgid "" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1974 +msgid "Default: - (GSSAPI authentication is disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 +msgid "pam_gssapi_check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1982 +msgid "" +"If True, SSSD will require that the Kerberos user principal that " +"successfully authenticated through GSSAPI can be associated with the user " +"who is being authenticated. Authentication will fail if the check fails." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1989 +msgid "" +"If False, every user that is able to obtained required service ticket will " +"be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 +#: sssd-files.5.xml:145 +msgid "Default: True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2004 +msgid "pam_gssapi_indicators_map" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2007 +msgid "" +"Comma separated list of authentication indicators required to be present in " +"a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2013 +msgid "" +"Each element of the list can be either an authentication indicator name or a " +"pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " +"service name will be required to access any PAM service configured to be " +"used with <option>pam_gssapi_services</option>. A resulting list of " +"indicators per PAM service is then checked against indicators in the " +"Kerberos ticket during authentication by pam_sss_gss.so. Any indicator from " +"the ticket that matches the resulting list of indicators for the PAM service " +"would grant access. If none of the indicators in the list match, access will " +"be denied. If the resulting list of indicators for the PAM service is empty, " +"the check will not prevent the access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"To disable GSSAPI authentication indicator check, set this option to <quote>-" +"</quote> (dash). To disable the check for a specific PAM service, add " +"<quote>service:-</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "" +"Following authentication indicators are supported by IPA Kerberos " +"deployments:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"pkinit -- pre-authentication using X.509 certificates -- whether stored in " +"files or on smart cards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2043 +msgid "" +"hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " +"FAST channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2046 +msgid "radius -- pre-authentication with the help of a RADIUS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2049 +msgid "" +"otp -- pre-authentication using integrated two-factor authentication (2FA or " +"one-time password, OTP) in IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2052 +msgid "idp -- pre-authentication using external identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:2062 +#, no-wrap +msgid "" +"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2057 +msgid "" +"Example: to require access to SUDO services only for users which obtained " +"their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " +"set <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2066 +msgid "Default: not set (use of authentication indicators is not required)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2074 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2076 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2093 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2096 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2108 +msgid "sudo_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2111 +msgid "" +"Maximum number of expired rules that can be refreshed at once. If number of " +"expired rules is below threshold, those rules are refreshed with " +"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a " +"<quote>full refresh</quote> of sudo rules is triggered instead. This " +"threshold number also applies to IPA sudo command and command group searches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2130 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2132 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2136 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2139 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2155 +msgid "SSH configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2157 +msgid "These options can be used to configure the SSH service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2161 +msgid "ssh_hash_known_hosts (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2164 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2173 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2176 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2180 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2185 +msgid "ssh_use_certificate_keys (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2188 +msgid "" +"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " +"keys derived from the public key of X.509 certificates stored in the user " +"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2203 +msgid "ssh_use_certificate_matching_rules (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2206 +msgid "" +"By default the ssh responder will use all available certificate matching " +"rules to filter the certificates so that ssh keys are only derived from the " +"matching ones. With this option the used rules can be restricted with a " +"comma separated list of mapping and matching rule names. All other rules " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2215 +msgid "" +"There are two special key words 'all_rules' and 'no_rules' which will enable " +"all or no rules, respectively. The latter means that no certificates will be " +"filtered out and ssh keys will be generated from all valid certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2222 +msgid "" +"If no rules are configured using 'all_rules' will enable a default rule " +"which enables all certificates suitable for client authentication. This is " +"the same behavior as for the PAM responder if certificate authentication is " +"enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2229 +msgid "" +"A non-existing rule name is considered an error. If as a result no rule is " +"selected all certificates will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2234 +msgid "" +"Default: not set, equivalent to 'all_rules', all found rules or the default " +"rule are used" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2240 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2243 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2263 +msgid "PAC responder configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2265 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. If " +"the PAC is decoded and evaluated some of the following operations are done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2274 +msgid "" +"If the remote user does not exist in the cache, it is created. The UID is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"GID will have the same value as the UID. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2282 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2288 +msgid "These options can be used to configure the PAC responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 +msgid "allowed_uids (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2295 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2301 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2305 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2314 +msgid "pac_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2317 +msgid "" +"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " +"data can be used to determine the group memberships of a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2327 +msgid "pac_check (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2330 +msgid "" +"Apply additional checks on the PAC of the Kerberos ticket which is available " +"in Active Directory and FreeIPA domains, if configured. Please note that " +"Kerberos ticket validation must be enabled to be able to check the PAC, i.e. " +"the krb5_validate option must be set to 'True' which is the default for the " +"IPA and AD provider. If krb5_validate is set to 'False' the PAC checks will " +"be skipped." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2344 +msgid "no_check" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2346 +msgid "" +"The PAC must not be present and even if it is present no additional checks " +"will be done." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2352 +msgid "pac_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2354 +msgid "" +"The PAC must be present in the service ticket which SSSD will request with " +"the help of the user's TGT. If the PAC is not available the authentication " +"will fail." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2362 +msgid "check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2364 +msgid "" +"If the PAC is present check if the user principal name (UPN) information is " +"consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2370 +msgid "check_upn_allow_missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2372 +msgid "" +"This option should be used together with 'check_upn' and handles the case " +"where a UPN is set on the server-side but is not read by SSSD. The typical " +"example is a FreeIPA domain where 'ldap_user_principal' is set to a not " +"existing attribute name. This was typically done to work-around issues in " +"the handling of enterprise principals. But this is fixed since quite some " +"time and FreeIPA can handle enterprise principals just fine and there is no " +"need anymore to set 'ldap_user_principal'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2384 +msgid "" +"Currently this option is set by default to avoid regressions in such " +"environments. A log message will be added to the system log and SSSD's debug " +"log in case a UPN is found in the PAC but not in SSSD's cache. To avoid this " +"log message it would be best to evaluate if the 'ldap_user_principal' option " +"can be removed. If this is not possible, removing 'check_upn' will skip the " +"test and avoid the log message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2398 +msgid "upn_dns_info_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2400 +msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2405 +msgid "check_upn_dns_info_ex" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2407 +msgid "" +"If the PAC is present and the extension to the UPN-DNS-INFO buffer is " +"available check if the information in the extension is consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2414 +msgid "upn_dns_info_ex_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2416 +msgid "" +"The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " +"'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2340 +msgid "" +"The following options can be used alone or in a comma-separated list: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2426 +msgid "" +"Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " +"check_upn_dns_info_ex')" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2435 +msgid "Session recording configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2437 +msgid "" +"Session recording works in conjunction with <citerefentry> " +"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>, a part of tlog package, to log what users see and type when " +"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-" +"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2450 +msgid "These options can be used to configure session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 +msgid "scope (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 +msgid "\"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 +msgid "No users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 +msgid "\"some\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 +msgid "" +"Users/groups specified by <replaceable>users</replaceable> and " +"<replaceable>groups</replaceable> options are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 +msgid "\"all\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 +msgid "All users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 +msgid "" +"One of the following strings specifying the scope of session recording: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 +msgid "Default: \"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 +msgid "users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 +msgid "" +"A comma-separated list of users which should have session recording enabled. " +"Matches user names as returned by NSS. I.e. after the possible space " +"replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 +msgid "Default: Empty. Matches no users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 +msgid "groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 +msgid "" +"A comma-separated list of groups, members of which should have session " +"recording enabled. Matches group names as returned by NSS. I.e. after the " +"possible space replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 +#: sssd-session-recording.5.xml:161 +msgid "" +"NOTE: using this option (having it set to anything) has a considerable " +"performance cost, because each uncached request for a user requires " +"retrieving and matching the groups the user is member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 +msgid "Default: Empty. Matches no groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 +msgid "exclude_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 +msgid "" +"A comma-separated list of users to be excluded from recording, only " +"applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 +msgid "Default: Empty. No users excluded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 +msgid "exclude_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 +msgid "" +"A comma-separated list of groups, members of which should be excluded from " +"recording. Only applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 +msgid "Default: Empty. No groups excluded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2568 +msgid "DOMAIN SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2575 +msgid "enabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2578 +msgid "" +"Explicitly enable or disable the domain. If <quote>true</quote>, the domain " +"is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " +"always <quote>disabled</quote>. If this option is not set, the domain is " +"enabled only if it is listed in the domains option in the <quote>[sssd]</" +"quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2590 +msgid "domain_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2593 +msgid "" +"Specifies whether the domain is meant to be used by POSIX-aware clients such " +"as the Name Service Switch or by applications that do not need POSIX data to " +"be present or generated. Only objects from POSIX domains are available to " +"the operating system interfaces and utilities." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2601 +msgid "" +"Allowed values for this option are <quote>posix</quote> and " +"<quote>application</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2605 +msgid "" +"POSIX domains are reachable by all services. Application domains are only " +"reachable from the InfoPipe responder (see <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>) and the PAM responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2613 +msgid "" +"NOTE: The application domains are currently well tested with " +"<quote>id_provider=ldap</quote> only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2617 +msgid "" +"For an easy way to configure a non-POSIX domains, please see the " +"<quote>Application domains</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2621 +msgid "Default: posix" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2627 +msgid "min_id,max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2630 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2635 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2642 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2646 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2652 +msgid "enumerate (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2655 +msgid "" +"Determines if a domain can be enumerated, that is, whether the domain can " +"list all the users and group it contains. Note that it is not required to " +"enable enumeration in order for secondary groups to be displayed. This " +"parameter can have one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2663 +msgid "TRUE = Users and groups are enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2666 +msgid "FALSE = No enumerations for this domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 +msgid "Default: FALSE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2672 +msgid "" +"Enumerating a domain requires SSSD to download and store ALL user and group " +"entries from the remote server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2677 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed. This can lead to the <quote>sssd_be</" +"quote> process becoming unresponsive or even restarted by the internal " +"watchdog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2692 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2697 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2705 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2713 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2720 +msgid "all" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2721 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2724 +msgid "none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2725 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2716 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2739 +msgid "entry_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2742 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2746 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2759 +msgid "Default: 5400" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2765 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2768 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2778 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2781 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2791 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2794 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2804 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2807 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2817 +msgid "entry_cache_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2820 +msgid "" +"How many seconds should nss_sss consider hosts and networks entries valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2831 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2834 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2844 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2847 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2858 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2861 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2872 +msgid "entry_cache_computer_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2875 +msgid "" +"How many seconds to keep the local computer entry before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2885 +msgid "refresh_expired_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2888 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2893 +msgid "" +"The background refresh will process users, groups and netgroups in the " +"cache. For users who have performed the initgroups (get group membership for " +"user, typically ran at login) operation in the past, both the user entry " +"and the group membership are updated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2901 +msgid "This option is automatically inherited for all trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2905 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2909 +msgid "" +"Cache entry will be refreshed by background task when 2/3 of cache timeout " +"has already passed. If there are existing cached entries, the background " +"task will refer to their original cache timeout values instead of current " +"configuration value. This may lead to a situation in which background " +"refresh task appears to not be working. This is done by design to improve " +"offline mode operation and reuse of existing valid cache entries. To make " +"this change instant the user may want to manually invalidate existing cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 +#: sssd-ipa.5.xml:270 +msgid "Default: 0 (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2928 +msgid "cache_credentials (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2942 +msgid "" +"Take a note that while credentials are stored as a salted SHA512 hash, this " +"still potentially poses some security risk in case an attacker manages to " +"get access to a cache file (normally requires privileged access) and to " +"break a password using brute force attack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2956 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2959 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2966 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2977 +msgid "account_cache_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2980 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2987 +msgid "Default: 0 (unlimited)" +msgstr "Noklusējuma: 0 (neierobežots)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2992 +msgid "pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3003 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3010 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3016 +msgid "id_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3019 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3023 +msgid "<quote>proxy</quote>: Support a legacy NSS provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3026 +msgid "" +"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" +"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on how to mirror local users and groups into SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3034 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3062 +msgid "use_fully_qualified_names (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3065 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3070 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3078 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3085 +msgid "" +"Default: FALSE (TRUE for trusted domain/sub-domains or if " +"default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3092 +msgid "ignore_group_members (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3095 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3098 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3116 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 +msgid "" +"This option can be also set per subdomain or inherited via " +"<emphasis>subdomain_inherit</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3132 +msgid "auth_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3135 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3146 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3170 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3173 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3176 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3182 +msgid "access_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3185 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3191 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3194 +msgid "<quote>deny</quote> always deny access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3221 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3228 +msgid "" +"<quote>krb5</quote>: .k5login based access control. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3235 +msgid "<quote>proxy</quote> for relaying access control to another PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3238 +msgid "Default: <quote>permit</quote>" +msgstr "Noklusējuma: <quote>atļaut</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3243 +msgid "chpass_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3246 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3251 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3259 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3284 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3288 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3291 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3298 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3301 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3305 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3313 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3317 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3321 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3328 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3343 +msgid "" +"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " +"background unless the sudo provider is explicitly disabled. Set " +"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related " +"activity in SSSD if you do not want to use sudo with SSSD at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3353 +msgid "selinux_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3356 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3362 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3370 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3373 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3379 +msgid "subdomains_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3382 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3388 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3397 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3406 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3416 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3419 +msgid "" +"The provider which configures and manages user session related tasks. The " +"only user session task currently provided is the integration with Fleet " +"Commander, which works only with IPA. Supported session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3426 +msgid "<quote>ipa</quote> to allow performing user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3430 +msgid "" +"<quote>none</quote> does not perform any kind of user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3434 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can perform " +"session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3438 +msgid "" +"<emphasis>NOTE:</emphasis> In order to have this feature working as expected " +"SSSD must be running as \"root\" and not as the unprivileged user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3446 +msgid "autofs_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3449 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3453 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3460 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3468 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3477 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3487 +msgid "hostid_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3490 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3494 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3502 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3512 +msgid "resolver_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3515 +msgid "" +"The provider which should handle hosts and networks lookups. Supported " +"resolver providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3519 +msgid "" +"<quote>proxy</quote> to forward lookups to another NSS library. See " +"<quote>proxy_resolver_lib_name</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3523 +msgid "" +"<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3530 +msgid "" +"<quote>ad</quote> to fetch hosts and networks stored in AD. See " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring the AD " +"provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3538 +msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3551 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3560 +msgid "" +"Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" +"[^@]+))$</quote> which allows two different styles for user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 +msgid "username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 +msgid "username@domain.name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3573 +msgid "" +"Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" +"name>[^@\\\\]+)))$</quote> which allows three different styles for user " +"names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3585 +msgid "domain\\username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3588 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3593 +msgid "" +"The default re_expression uses the <quote>@</quote> character as a separator " +"between the name and the domain. As a result of this setting the default " +"does not accept the <quote>@</quote> character in short names (as it is " +"allowed in Windows group names). If a user wishes to use short names with " +"<quote>@</quote> they must create their own re_expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3645 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "Noklusējuma: <quote>%1$s@%2$s</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3651 +msgid "lookup_family_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3654 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3658 +msgid "Supported values:" +msgstr "Atbalstītās vērtības:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3661 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3664 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3667 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3670 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3673 +msgid "Default: ipv4_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3679 +#, fuzzy +#| msgid "timeout (integer)" +msgid "dns_resolver_server_timeout (integer)" +msgstr "noildze (vesels skaitlis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3682 +msgid "" +"Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " +"server before trying next DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3687 +msgid "" +"The AD provider will use this option for the CLDAP ping timeouts as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 +msgid "" +"Please see the section <quote>FAILOVER</quote> for more information about " +"the service resolution." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 +msgid "Default: 1000" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3702 +#, fuzzy +#| msgid "timeout (integer)" +msgid "dns_resolver_op_timeout (integer)" +msgstr "noildze (vesels skaitlis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3705 +msgid "" +"Defines the amount of time (in seconds) to wait to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or DNS discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3722 +msgid "dns_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3725 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the " +"internal fail over service before assuming that the service is unreachable. " +"If this timeout is reached, the domain will continue to operate in offline " +"mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3743 +#, fuzzy +#| msgid "timeout (integer)" +msgid "dns_resolver_use_search_list (bool)" +msgstr "noildze (vesels skaitlis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3746 +msgid "" +"Normally, the DNS resolver searches the domain list defined in the " +"\"search\" directive from the resolv.conf file. This can lead to delays in " +"environments with improperly configured DNS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3752 +msgid "" +"If fully qualified domain names (or _srv_) are used in the SSSD " +"configuration, setting this option to FALSE can prevent unnecessary DNS " +"lookups in such environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3758 +#, fuzzy +#| msgid "Default: 6" +msgid "Default: TRUE" +msgstr "Noklusējuma: 6" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3764 +msgid "dns_discovery_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3767 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3771 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3777 +msgid "override_gid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3780 +msgid "Override the primary GID value with the one specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3786 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3793 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3796 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3802 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3804 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3808 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3811 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3819 +msgid "" +"If you want to set this value for trusted domain with IPA provider, you need " +"to set it on both the client and SSSD on the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3789 +msgid "" +"Treat user and group names as case sensitive. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3834 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3840 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3843 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3849 +msgid "ldap_search_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3852 +msgid "ldap_network_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3855 +msgid "ldap_opt_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3858 +#, fuzzy +#| msgid "timeout (integer)" +msgid "ldap_offline_timeout" +msgstr "noildze (vesels skaitlis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3861 +#, fuzzy +#| msgid "timeout (integer)" +msgid "ldap_enumeration_refresh_timeout" +msgstr "noildze (vesels skaitlis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3864 +msgid "ldap_enumeration_refresh_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3867 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3870 +msgid "ldap_purge_cache_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3873 +msgid "" +"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " +"is not set explicitly)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3877 +msgid "ldap_krb5_ticket_lifetime" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3880 +#, fuzzy +#| msgid "timeout (integer)" +msgid "ldap_enumeration_search_timeout" +msgstr "noildze (vesels skaitlis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3883 +#, fuzzy +#| msgid "timeout (integer)" +msgid "ldap_connection_expire_timeout" +msgstr "noildze (vesels skaitlis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3886 +#, fuzzy +#| msgid "timeout (integer)" +msgid "ldap_connection_expire_offset" +msgstr "noildze (vesels skaitlis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3889 +msgid "ldap_connection_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 +msgid "ldap_use_tokengroups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3895 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3898 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3901 +msgid "auto_private_groups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3904 +msgid "case_sensitive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:3909 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3916 +msgid "Note: This option only works with the IPA and AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3923 +msgid "subdomain_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3934 +msgid "%F" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3935 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3926 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3940 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3944 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3949 +msgid "realmd_tags (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3952 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3958 +msgid "cached_auth_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3961 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode. If the credentials are incorrect, SSSD falls back to online " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3969 +msgid "" +"This option's value is inherited by all trusted domains. At the moment it is " +"not possible to set a different value per trusted domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3974 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3978 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3989 +msgid "local_auth_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: 6" +msgid "Default: match" +msgstr "Noklusējuma: 6" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 +msgid "auto_private_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4050 +msgid "true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4053 +msgid "" +"Create user's private group unconditionally from user's UID number. The GID " +"number is ignored in this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4057 +msgid "" +"NOTE: Because the GID number and the user private group are inferred from " +"the UID number, it is not supported to have multiple entries with the same " +"UID or GID number with this option. In other words, enabling this option " +"enforces uniqueness across the ID space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4066 +msgid "false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4069 +msgid "" +"Always use the user's primary GID number. The GID number must refer to a " +"group object in the LDAP database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4075 +msgid "hybrid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4078 +msgid "" +"A primary group is autogenerated for user entries whose UID and GID numbers " +"have the same value and at the same time the GID number does not correspond " +"to a real group object in LDAP. If the values are the same, but the primary " +"GID in the user entry is also used by a group object, the primary GID of the " +"user resolves to that group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4091 +msgid "" +"If the UID and GID of a user are different, then the GID must correspond to " +"a group entry, otherwise the GID is simply not resolvable." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4098 +msgid "" +"This feature is useful for environments that wish to stop maintaining a " +"separate group objects for the user private groups, but also wish to retain " +"the existing user private groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4047 +msgid "" +"This option takes any of three available values: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4110 +msgid "" +"For subdomains, the default value is False for subdomains that use assigned " +"POSIX IDs and True for subdomains that use automatic ID-mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4118 +#, no-wrap +msgid "" +"[domain/forest.domain/sub.domain]\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4124 +#, no-wrap +msgid "" +"[domain/forest.domain]\n" +"subdomain_inherit = auto_private_groups\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4115 +msgid "" +"The value of auto_private_groups can either be set per subdomains in a " +"subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " +"globally for all subdomains in the main domain section using the " +"subdomain_inherit option: <placeholder type=\"programlisting\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2570 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4139 +msgid "proxy_pam_target (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4142 +msgid "The proxy target PAM proxies to." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4145 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4155 +msgid "proxy_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4158 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4168 +msgid "proxy_resolver_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4171 +msgid "" +"The name of the NSS library to use for hosts and networks lookups in proxy " +"domains. The NSS functions searched for in the library are in the form of " +"_nss_$(libName)_$(function), for example _nss_dns_gethostbyname2_r." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4182 +msgid "proxy_fast_alias (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4185 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4199 +msgid "proxy_max_children (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4202 +msgid "" +"This option specifies the number of pre-forked proxy children. It is useful " +"for high-load SSSD environments where sssd may run out of available child " +"slots, which would cause some issues due to the requests being queued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4135 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:4218 +msgid "Application domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4220 +msgid "" +"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " +"applications as a gateway to an LDAP directory where users and groups are " +"stored. However, contrary to the traditional SSSD deployment where all users " +"and groups either have POSIX attributes or those attributes can be inferred " +"from the Windows SIDs, in many cases the users and groups in the application " +"support scenario have no POSIX attributes. Instead of setting a " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the " +"administrator can set up an <quote>[application/<replaceable>NAME</" +"replaceable>]</quote> section that internally represents a domain with type " +"<quote>application</quote> optionally inherits settings from a tradition " +"SSSD domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4240 +msgid "" +"Please note that the application domain must still be explicitly enabled in " +"the <quote>domains</quote> parameter so that the lookup order between the " +"application domain and its POSIX sibling domain is set correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:4246 +msgid "Application domain parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4248 +msgid "inherit_from (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4251 +msgid "" +"The SSSD POSIX-type domain the application domain inherits all settings " +"from. The application domain can moreover add its own settings to the " +"application settings that augment or override the <quote>sibling</quote> " +"domain settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4265 +msgid "" +"The following example illustrates the use of an application domain. In this " +"setup, the POSIX domain is connected to an LDAP server and is used by the OS " +"through the NSS responder. In addition, the application domain also requests " +"the telephoneNumber attribute, stores it as the phone attribute in the cache " +"and makes the phone attribute reachable through the D-Bus interface." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> +#: sssd.conf.5.xml:4273 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = appdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +phone\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/appdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = phone:telephoneNumber\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4293 +msgid "TRUSTED DOMAIN SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4295 +msgid "" +"Some options used in the domain section can also be used in the trusted " +"domain section, that is, in a section called <quote>[domain/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</" +"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base " +"domain. Please refer to examples below for explanation. Currently supported " +"options in the trusted domain section are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4302 +msgid "ldap_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4303 +msgid "ldap_user_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4304 +msgid "ldap_group_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4305 +msgid "ldap_netgroup_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4306 +msgid "ldap_service_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4307 +msgid "ldap_sasl_mech," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4308 +msgid "ad_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4309 +msgid "ad_backup_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4310 +msgid "ad_site," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 +msgid "use_fully_qualified_names" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4315 +msgid "" +"For more details about these options see their individual description in the " +"manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4321 +msgid "CERTIFICATE MAPPING SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4323 +msgid "" +"To allow authentication with Smartcards and certificates SSSD must be able " +"to map certificates to users. This can be done by adding the full " +"certificate to the LDAP object of the user or to a local override. While " +"using the full certificate is required to use the Smartcard authentication " +"feature of SSH (see <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> for details) it " +"might be cumbersome or not even possible to do this for the general case " +"where local services use PAM for authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4337 +msgid "" +"To make the mapping more flexible mapping and matching rules were added to " +"SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4346 +msgid "" +"A mapping and matching rule can be added to the SSSD configuration in a " +"section on its own with a name like <quote>[certmap/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</" +"replaceable>]</quote>. In this section the following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4353 +msgid "matchrule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4356 +msgid "" +"Only certificates from the Smartcard which matches this rule will be " +"processed, all others are ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4360 +msgid "" +"Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " +"Extended Key Usage <quote>clientAuth</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4367 +msgid "maprule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4370 +msgid "Defines how the user is found for a given certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4376 +msgid "" +"LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " +"<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4382 +msgid "" +"The RULE_NAME for the <quote>files</quote> provider which tries to find a " +"user with the same name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4391 +msgid "domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4394 +msgid "" +"Comma separated list of domain names the rule should be applied. By default " +"a rule is only valid in the domain configured in sssd.conf. If the provider " +"supports subdomains this option can be used to add the rule to subdomains as " +"well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4401 +msgid "Default: the configured domain in sssd.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4406 +msgid "priority (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4409 +msgid "" +"Unsigned integer value defining the priority of the rule. The higher the " +"number the lower the priority. <quote>0</quote> stands for the highest " +"priority while <quote>4294967295</quote> is the lowest." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4415 +msgid "Default: the lowest priority" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4421 +msgid "" +"To make the configuration simple and reduce the amount of configuration " +"options the <quote>files</quote> provider has some special properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4427 +msgid "" +"if maprule is not set the RULE_NAME name is assumed to be the name of the " +"matching user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4433 +msgid "" +"if a maprule is used both a single user name or a template like " +"<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " +"<quote>(username)</quote> or <quote>({subject_rfc822_name.short_name})</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4442 +msgid "the <quote>domains</quote> option is ignored" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4450 +msgid "PROMPTING CONFIGURATION SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4452 +msgid "" +"If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" +"filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " +"which authentication methods are available for the user trying to log in. " +"Based on the results pam_sss will prompt the user for appropriate " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4460 +msgid "" +"With the growing number of authentication methods and the possibility that " +"there are multiple ones for a single user the heuristic used by pam_sss to " +"select the prompting might not be suitable for all use cases. The following " +"options should provide a better flexibility here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4472 +msgid "[prompting/password]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4475 +msgid "password_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4476 +msgid "to change the string of the password prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4474 +msgid "" +"to configure password prompting, allowed options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4484 +msgid "[prompting/2fa]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4488 +msgid "first_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4489 +msgid "to change the string of the prompt for the first factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4492 +msgid "second_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4493 +msgid "to change the string of the prompt for the second factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4496 +msgid "single_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4497 +msgid "" +"boolean value, if True there will be only a single prompt using the value of " +"first_prompt where it is expected that both factors are entered as a single " +"string. Please note that both factors have to be entered here, even if the " +"second factor is optional." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4486 +msgid "" +"to configure two-factor authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " +"optional and it should be possible to log in either only with the password " +"or with both factors two-step prompting has to be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4514 +msgid "[prompting/passkey]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4522 +msgid "" +"boolean value, if True prompt a message and wait before testing the presence " +"of a passkey device. Recommended if your device doesn’t have a tactile " +"trigger." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4530 +msgid "interactive_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4532 +msgid "to change the message of the interactive prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4537 +msgid "touch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4539 +msgid "" +"boolean value, if True prompt a message to remind the user to touch the " +"device." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4545 +msgid "touch_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4547 +msgid "to change the message of the touch prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4516 +msgid "" +"to configure passkey authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4467 +msgid "" +"Each supported authentication method has its own configuration subsection " +"under <quote>[prompting/...]</quote>. Currently there are: <placeholder " +"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/" +"> <placeholder type=\"variablelist\" id=\"2\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4558 +msgid "" +"It is possible to add a subsection for specific PAM services, e.g. " +"<quote>[prompting/password/sshd]</quote> to individual change the prompting " +"for this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +msgid "EXAMPLES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4571 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4567 +msgid "" +"1. The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4604 +#, no-wrap +msgid "" +"[domain/ipa.com/child.ad.com]\n" +"use_fully_qualified_names = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4598 +msgid "" +"2. The following example shows configuration of IPA AD trust where the AD " +"forest consists of two domains in a parent-child structure. Suppose IPA " +"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain " +"(child.ad.com). To enable shortnames in the child domain the following " +"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/" +">" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4615 +#, no-wrap +msgid "" +"[certmap/my.domain/rule_name]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +"maprule = (userCertificate;binary={cert!bin})\n" +"domains = my.domain, your.domain\n" +"priority = 10\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4609 +msgid "" +"3. The following example shows the configuration of a certificate mapping " +"rule. It is valid for the configured domain <quote>my.domain</quote> and " +"additionally for the subdomains <quote>your.domain</quote> and uses the full " +"certificate in the search filter. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "sssd-ldap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:21 pam_sss.8.xml:63 pam_sss_gss.8.xml:30 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21 +#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 +#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sssd-krb5.5.xml:21 +#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 +#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 +#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30 +#: sssd-files.5.xml:21 sssd-session-recording.5.xml:21 sssd-kcm.8.xml:21 +#: sssd-systemtap.5.xml:21 sssd-ldap-attributes.5.xml:21 +#: sssd_krb5_localauth_plugin.8.xml:20 +msgid "DESCRIPTION" +msgstr "APRAKSTS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 +#: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 +msgid "CONFIGURATION OPTIONS" +msgstr "KONFIGURĒŠANAS IESPĒJAS" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:67 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:77 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:80 +msgid "ldap[s]://<host>[:port]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:83 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:86 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:92 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:102 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:106 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:112 +msgid "ldap_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:115 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:123 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 +msgid "Examples:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:136 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:141 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:151 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:165 +msgid "ldap_schema (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:175 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:179 +msgid "rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:184 +msgid "rfc2307bis" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:189 +msgid "IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:194 +msgid "AD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:200 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:210 +msgid "Default: rfc2307" +msgstr "Noklusējuma: rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:216 +msgid "ldap_pwmodify_mode (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:219 +msgid "Specify the operation that is used to modify user password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:223 +msgid "Two modes are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:227 +msgid "exop - Password Modify Extended Operation (RFC 3062)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:233 +msgid "ldap_modify - Direct modification of userPassword (not recommended)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:240 +msgid "" +"Note: First, a new connection is established to verify current password by " +"binding as the user that requested password change. If successful, this " +"connection is used to change the password therefore the user must have write " +"access to userPassword attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:248 +msgid "Default: exop" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:254 +msgid "ldap_default_bind_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:264 +msgid "ldap_default_authtok_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:267 +msgid "The type of the authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:271 +msgid "The two mechanisms currently supported are:" +msgstr "Divi pašlaik atbalstītie mehānismi ir:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:274 +msgid "password" +msgstr "parole" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:277 +msgid "obfuscated_password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:280 +msgid "Default: password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "" +"See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:294 +msgid "ldap_default_authtok (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:297 +msgid "The authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:303 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:306 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:319 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:338 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:341 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:347 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:367 +msgid "ldap_group_nesting_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:370 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:395 +msgid "Default: 2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:404 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:439 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:444 +msgid "ldap_iphost_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:449 +msgid "ldap_ipnetwork_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:454 +msgid "ldap_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:457 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:463 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:480 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:483 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:501 +msgid "ldap_network_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:532 +msgid "ldap_opt_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:535 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:555 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:558 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:566 +msgid "" +"If the connection is idle (not actively running an operation) within " +"<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " +"closed early to ensure that a new query cannot require the connection to " +"remain open past its expiration. This implies that connections will always " +"be closed immediately and will never be reused if " +"<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:578 +msgid "" +"This timeout can be extended of a random value specified by " +"<emphasis>ldap_connection_expire_offset</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_connection_expire_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"Random offset between 0 and configured value is added to " +"<emphasis>ldap_connection_expire_timeout</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:613 +#, fuzzy +#| msgid "timeout (integer)" +msgid "ldap_connection_idle_timeout (integer)" +msgstr "noildze (vesels skaitlis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:616 +msgid "" +"Specifies a timeout (in seconds) that an idle connection to an LDAP server " +"will be maintained. If the connection is idle for more than this time then " +"the connection will be closed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:622 +msgid "You can disable this timeout by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:637 +msgid "ldap_page_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:640 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:651 +msgid "ldap_disable_paging (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:654 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:660 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:666 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:678 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:681 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:684 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:699 +msgid "ldap_sasl_minssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:702 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:715 +msgid "ldap_sasl_maxssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:718 +msgid "" +"When communicating with an LDAP server using SASL, specify the maximal " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:731 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:734 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:740 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0. " +"Please note that there are some codepaths in SSSD, like the IPA HBAC " +"provider, that are only implemented using the dereference call, so even with " +"dereference explicitly disabled, those parts will still use dereference if " +"the server supports it and advertises the dereference control in the rootDSE " +"object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:751 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:759 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:772 +msgid "ldap_ignore_unreadable_references (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:775 +msgid "" +"Ignore unreadable LDAP entries referenced in group's member attribute. If " +"this parameter is set to false an error will be returned and the operation " +"will fail instead of just ignoring the unreadable entry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:782 +msgid "" +"This parameter may be useful when using the AD provider and the computer " +"account that sssd uses to connect to AD does not have access to a particular " +"entry or LDAP sub-tree for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:795 +msgid "ldap_tls_reqcert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:798 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:808 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:815 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:821 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:827 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:831 +msgid "Default: hard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:837 +msgid "ldap_tls_cacert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:840 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:852 +msgid "ldap_tls_cacertdir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:855 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:870 +msgid "ldap_tls_cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:873 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:883 +msgid "ldap_tls_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:886 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:895 +msgid "ldap_tls_cipher_suite (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:898 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:914 +msgid "" +"Specifies that the id_provider connection must also use <systemitem " +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_id_mapping (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:934 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:944 +msgid "ldap_min_id, ldap_max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:947 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:959 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:965 +msgid "ldap_sasl_mech (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:968 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " +"tested and supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:972 +msgid "" +"If the backend supports sub-domains the value of ldap_sasl_mech is " +"automatically inherited to the sub-domains. If a different value is needed " +"for a sub-domain it can be overwritten by setting ldap_sasl_mech for this " +"sub-domain explicitly. Please see TRUSTED DOMAIN SECTION in " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:988 +msgid "ldap_sasl_authid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ldap.5.xml:1000 +#, no-wrap +msgid "" +"hostname@REALM\n" +"netbiosname$@REALM\n" +"host/hostname@REALM\n" +"*$@REALM\n" +"host/*@REALM\n" +"host/*\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:991 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " +"this represents the Kerberos principal used for authentication to the " +"directory. This option can either contain the full principal (for example " +"host/myhost@EXAMPLE.COM) or just the principal name (for example host/" +"myhost). By default, the value is not set and the following principals are " +"used: <placeholder type=\"programlisting\" id=\"0\"/> If none of them are " +"found, the first principal in keytab is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1011 +msgid "Default: host/hostname@REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1017 +msgid "ldap_sasl_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1026 +msgid "Default: the value of krb5_realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1032 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1035 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1040 +msgid "Default: false;" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1046 +msgid "ldap_krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1049 +msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1064 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1067 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI or GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1079 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 +msgid "Default: 86400 (24 hours)" +msgstr "Noklusējuma: 86400 (24 stundas)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1100 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1129 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1133 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 +msgid "krb5_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1142 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1182 +msgid "ldap_pwd_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1185 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1190 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired. Please see option " +"\"ldap_chpass_update_last_change\" as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1203 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1212 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1220 +msgid "ldap_referrals (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1223 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1227 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1232 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement. Setting this option to " +"false is therefore recommended in case the SSSD LDAP provider is used " +"together with Microsoft Active Directory as a backend. Even if SSSD would be " +"able to follow the referral to a different AD DC no additional data would be " +"available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1251 +msgid "ldap_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1254 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1258 +msgid "Default: ldap" +msgstr "Noklusējuma: ldap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1264 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1267 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1278 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1281 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1287 +msgid "" +"It is recommend to set this option explicitly if \"ldap_pwd_policy = " +"shadow\" is used to let SSSD know if the LDAP server will update " +"shadowLastChange LDAP attribute automatically after a password change or if " +"SSSD has to update it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1301 +msgid "ldap_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1304 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1324 +msgid "Example:" +msgstr "Piemērs:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1327 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1331 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1336 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 +msgid "Default: Empty" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1350 +msgid "ldap_account_expire_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1353 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1357 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1364 +msgid "The following values are allowed:" +msgstr "Atļautas šādas vērtības:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1367 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1372 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1379 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1393 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1406 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1413 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1416 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1426 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1433 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1450 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 +msgid "" +"The difference between these options is the action taken if user password is " +"expired:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 +msgid "pwd_expire_policy_reject - user is denied to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 +msgid "pwd_expire_policy_warn - user is still able to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 +msgid "" +"pwd_expire_policy_renew - user is prompted to change their password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1489 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1499 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1503 +msgid "" +"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " +"remote host can access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "" +"Please note, rhost field in pam is set by application, it is better to check " +"what the application sends to pam, before enabling this access control option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1512 +msgid "Default: filter" +msgstr "Noklusējuma: filtrēt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1515 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1522 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1525 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1533 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1536 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1542 +msgid "ldap_deref (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1545 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1550 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1559 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1564 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1569 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1577 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1580 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1584 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1595 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 +msgid "wildcard_limit (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1610 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1614 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1624 +msgid "ldap_library_debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1627 +msgid "" +"Switches on libldap debugging with the given level. The libldap debug " +"messages will be written independent of the general debug_level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1632 +msgid "" +"OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " +"enable full debug output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1637 +msgid "Default: 0 (libldap debugging disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:52 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. Note that SSSD " +"LDAP mapping attributes are described in the <citerefentry> " +"<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1647 +msgid "SUDO OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1649 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1660 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1663 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1668 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1673 +msgid "" +"You can disable full refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 +msgid "Default: 21600 (6 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest " +"server USN value that is currently known by SSSD)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1693 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1697 +msgid "" +"<emphasis>Note:</emphasis> the highest USN value can be updated by three " +"tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +"enumeration of users and groups (if enabled and updated users or groups are " +"found) and 3) by reconnecting to the server (by default every 15 minutes, " +"see <emphasis>ldap_connection_expire_timeout</emphasis>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1708 +msgid "" +"You can disable smart refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1719 +msgid "ldap_sudo_random_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1722 +msgid "" +"Random offset between 0 and configured value is added to smart and full " +"refresh periods each time the periodic task is scheduled. The value is in " +"seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Note that this random offset is also applied on the first SSSD start which " +"delays the first sudo rules refresh. This prolongs the time when the sudo " +"rules are not available for use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1734 +msgid "You can disable this offset by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1744 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1747 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1758 +msgid "ldap_sudo_hostnames (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1761 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1766 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 +msgid "Default: not specified" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1782 +msgid "ldap_sudo_ip (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1785 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1790 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1805 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1808 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1823 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1826 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +#: sssd-ldap.5.xml:1836 +msgid "" +"Using wildcard is an operation that is very costly to evaluate on the LDAP " +"server side!" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1848 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1858 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1866 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1869 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1872 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1883 +msgid "ADVANCED OPTIONS" +msgstr "PAPLAŠINĀTĀS IESPĒJAS" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1890 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1895 +msgid "ldap_user_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1900 +msgid "ldap_group_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:1905 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no GID mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:1914 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1916 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1885 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder " +"type=\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 +msgid "EXAMPLE" +msgstr "PIEMĒRS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1944 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 +#: include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1955 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1957 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1962 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "PIEZĪMES" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1979 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:11 pam_sss.8.xml:16 +msgid "pam_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: pam_sss.8.xml:12 pam_sss_gss.8.xml:12 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11 +#: sssd_krb5_localauth_plugin.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:17 +msgid "PAM module for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:22 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg " +"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg " +"choice='opt'> <replaceable>prompt_always</replaceable> </arg> <arg " +"choice='opt'> <replaceable>try_cert_auth</replaceable> </arg> <arg " +"choice='opt'> <replaceable>require_cert_auth</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:64 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123 +#: sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "IESPĒJAS" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:74 +msgid "<option>quiet</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:77 +msgid "Suppress log messages for unknown users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>forward_pass</option>" +msgstr "<option>forward_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:92 +msgid "<option>use_first_pass</option>" +msgstr "<option>use_first_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:95 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>use_authtok</option>" +msgstr "<option>use_authtok</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:113 +msgid "<option>retry=N</option>" +msgstr "<option>retry=N</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:116 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:118 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:130 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:137 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:141 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:148 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:152 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:158 +msgid "" +"NOTE: If this is used for a service not running as root user, e.g. a web-" +"server, it must be used in conjunction with the <quote>pam_trusted_users</" +"quote> and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:173 +msgid "<option>allow_missing_name</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:177 +msgid "" +"The main purpose of this option is to let SSSD determine the user name based " +"on additional information, e.g. the certificate from a Smartcard." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: pam_sss.8.xml:187 +#, no-wrap +msgid "" +"auth sufficient pam_sss.so allow_missing_name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:182 +msgid "" +"The current use case are login managers which can monitor a Smartcard reader " +"for card events. In case a Smartcard is inserted the login manager will call " +"a PAM stack which includes a line like <placeholder type=\"programlisting\" " +"id=\"0\"/> In this case SSSD will try to determine the user name based on " +"the content of the Smartcard, returns it to pam_sss which will finally put " +"it on the PAM stack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:197 +msgid "<option>prompt_always</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:201 +msgid "" +"Always prompt the user for credentials. With this option credentials " +"requested by other PAM modules, typically a password, will be ignored and " +"pam_sss will prompt for credentials again. Based on the pre-auth reply by " +"SSSD pam_sss might prompt for a password, a Smartcard PIN or other " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:212 +msgid "<option>try_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:216 +msgid "" +"Try to use certificate based authentication, i.e. authentication with a " +"Smartcard or similar devices. If a Smartcard is available and the service is " +"allowed for Smartcard authentication the user will be prompted for a PIN and " +"the certificate based authentication will continue" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:224 +msgid "" +"If no Smartcard is available or certificate based authentication is not " +"allowed for the current service PAM_AUTHINFO_UNAVAIL is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:232 +msgid "<option>require_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:236 +msgid "" +"Do certificate based authentication, i.e. authentication with a Smartcard " +"or similar devices. If a Smartcard is not available the user will be " +"prompted to insert one. SSSD will wait for a Smartcard until the timeout " +"defined by p11_wait_for_card_timeout passed, please see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:246 +msgid "" +"If no Smartcard is available after the timeout or certificate based " +"authentication is not allowed for the current service PAM_AUTHINFO_UNAVAIL " +"is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:256 pam_sss_gss.8.xml:103 +msgid "MODULE TYPES PROVIDED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:257 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:260 +msgid "" +"If SSSD's PAM responder is not running, e.g. if the PAM responder socket is " +"not available, pam_sss will return PAM_USER_UNKNOWN when called as " +"<option>account</option> module to avoid issues with users from other " +"sources during access control." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:267 pam_sss_gss.8.xml:108 +msgid "RETURN VALUES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:270 pam_sss_gss.8.xml:111 +msgid "PAM_SUCCESS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:273 pam_sss_gss.8.xml:114 +msgid "The PAM operation finished successfully." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:278 pam_sss_gss.8.xml:119 +msgid "PAM_USER_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:281 +msgid "" +"The user is not known to the authentication service or the SSSD's PAM " +"responder is not running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:287 pam_sss_gss.8.xml:128 +msgid "PAM_AUTH_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:290 +msgid "" +"Authentication failure. Also, could be returned when there is a problem with " +"getting the certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:296 +msgid "PAM_PERM_DENIED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:299 +msgid "" +"Permission denied. The SSSD log files may contain additional information " +"about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:305 +msgid "PAM_IGNORE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:308 +msgid "" +"See options <option>ignore_unknown_user</option> and " +"<option>ignore_authinfo_unavail</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:314 +msgid "PAM_AUTHTOK_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:317 +msgid "" +"Unable to obtain the new authentication token. Also, could be returned when " +"the user authenticates with certificates and multiple certificates are " +"available, but the installed version of GDM does not support selection from " +"multiple certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:325 pam_sss_gss.8.xml:136 +msgid "PAM_AUTHINFO_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:328 pam_sss_gss.8.xml:139 +msgid "" +"Unable to access the authentication information. This might be due to a " +"network or hardware failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:334 +msgid "PAM_BUF_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:337 +msgid "" +"A memory error occurred. Also, could be returned when options use_first_pass " +"or use_authtok were set, but no password was found from the previously " +"stacked PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:344 pam_sss_gss.8.xml:145 +msgid "PAM_SYSTEM_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:347 pam_sss_gss.8.xml:148 +msgid "" +"A system error occurred. The SSSD log files may contain additional " +"information about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:353 +msgid "PAM_CRED_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:356 +msgid "Unable to set the credentials of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:361 +msgid "PAM_CRED_INSUFFICIENT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:364 +msgid "" +"The application does not have sufficient credentials to authenticate the " +"user. For example, missing PIN during smartcard authentication or missing " +"factor during two-factor authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:372 +msgid "PAM_SERVICE_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:375 +msgid "Error in service module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:380 +msgid "PAM_NEW_AUTHTOK_REQD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:383 +msgid "The user's authentication token has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:388 +msgid "PAM_ACCT_EXPIRED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:391 +msgid "The user account has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:396 +msgid "PAM_SESSION_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:399 +msgid "Unable to fetch IPA Desktop Profile rules or user info." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:404 +msgid "PAM_CRED_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:407 +msgid "Unable to retrieve Kerberos user credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:412 +msgid "PAM_NO_MODULE_DATA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:415 +msgid "" +"No authentication method was found by Kerberos. This might happen if the " +"user has a Smartcard assigned but the pkint plugin is not available on the " +"client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:422 +msgid "PAM_CONV_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:425 +msgid "Conversation failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:430 +msgid "PAM_AUTHTOK_LOCK_BUSY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:433 +msgid "No KDC suitable for password change is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:438 +msgid "PAM_ABORT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:441 +msgid "Unknown PAM call." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:446 +msgid "PAM_MODULE_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:449 +msgid "Unsupported PAM task or command." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:454 +msgid "PAM_BAD_ITEM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:457 +msgid "The authentication module cannot handle Smartcard credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:465 +msgid "FILES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:466 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:471 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:481 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss_gss.8.xml:11 pam_sss_gss.8.xml:16 +msgid "pam_sss_gss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss_gss.8.xml:17 +msgid "PAM module for SSSD GSSAPI authentication" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss_gss.8.xml:22 +msgid "" +"<command>pam_sss_gss.so</command> <arg choice='opt'> <replaceable>debug</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:32 +msgid "" +"<command>pam_sss_gss.so</command> authenticates user over GSSAPI in " +"cooperation with SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:36 +msgid "" +"This module will try to authenticate the user using the GSSAPI hostbased " +"service name host@hostname which translates to host/hostname@REALM Kerberos " +"principal. The <emphasis>REALM</emphasis> part of the Kerberos principal " +"name is derived by Kerberos internal mechanisms and it can be set explicitly " +"in configuration of [domain_realm] section in /etc/krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:44 +msgid "" +"SSSD is used to provide desired service name and to validate the user's " +"credentials using GSSAPI calls. If the service ticket is already present in " +"the Kerberos credentials cache or if user's ticket granting ticket can be " +"used to get the correct service ticket then the user will be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:51 +msgid "" +"If <option>pam_gssapi_check_upn</option> is True (default) then SSSD " +"requires that the credentials used to obtain the service tickets can be " +"associated with the user. This means that the principal that owns the " +"Kerberos credentials must match with the user principal name as defined in " +"LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:58 +msgid "" +"To enable GSSAPI authentication in SSSD, set <option>pam_gssapi_services</" +"option> option in [pam] or domain section of sssd.conf. The service " +"credentials need to be stored in SSSD's keytab (it is already present if you " +"use ipa or ad provider). The keytab location can be set with " +"<option>krb5_keytab</option> option. See <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> and " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more details on these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:74 +msgid "" +"Some Kerberos deployments allow to associate authentication indicators with " +"a particular pre-authentication method used to obtain the ticket granting " +"ticket by the user. <command>pam_sss_gss.so</command> allows to enforce " +"presence of authentication indicators in the service tickets before a " +"particular PAM service can be accessed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:82 +msgid "" +"If <option>pam_gssapi_indicators_map</option> is set in the [pam] or domain " +"section of sssd.conf, then SSSD will perform a check of the presence of any " +"configured indicators in the service ticket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss_gss.8.xml:93 +#, fuzzy +#| msgid "<option>retry=N</option>" +msgid "<option>debug</option>" +msgstr "<option>retry=N</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:96 +msgid "Print debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:104 +msgid "Only the <option>auth</option> module type is provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:122 +msgid "" +"The user is not known to the authentication service or the GSSAPI " +"authentication is not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:131 +msgid "Authentication failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:159 +msgid "" +"The main use case is to provide password-less authentication in sudo but " +"without the need to disable authentication completely. To achieve this, " +"first enable GSSAPI authentication for sudo in sssd.conf:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:165 +#, no-wrap +msgid "" +"[domain/MYDOMAIN]\n" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:169 +msgid "" +"And then enable the module in desired PAM stack (e.g. /etc/pam.d/sudo and /" +"etc/pam.d/sudo-i)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:173 +#, no-wrap +msgid "" +"...\n" +"auth sufficient pam_sss_gss.so\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss_gss.8.xml:180 +msgid "TROUBLESHOOTING" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:182 +msgid "" +"SSSD logs, pam_sss_gss debug output and syslog may contain helpful " +"information about the error. Here are some common issues:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:186 +msgid "" +"1. I have KRB5CCNAME environment variable set and the authentication does " +"not work: Depending on your sudo version, it is possible that sudo does not " +"pass this variable to the PAM environment. Try adding KRB5CCNAME to " +"<option>env_keep</option> in /etc/sudoers or in your LDAP sudo rules default " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:193 +msgid "" +"2. Authentication does not work and syslog contains \"Server not found in " +"Kerberos database\": Kerberos is probably not able to resolve correct realm " +"for the service ticket based on the hostname. Try adding the hostname " +"directly to <option>[domain_realm]</option> in /etc/krb5.conf like so:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:200 +msgid "" +"3. Authentication does not work and syslog contains \"No Kerberos " +"credentials available\": You don't have any credentials that can be used to " +"obtain the required service ticket. Use kinit or authenticate over SSSD to " +"acquire those credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:206 +msgid "" +"4. Authentication does not work and SSSD sssd-pam log contains \"User with " +"UPN [$UPN] was not found.\" or \"UPN [$UPN] does not match target user " +"[$username].\": You are using credentials that can not be mapped to the user " +"that is being authenticated. Try to use kswitch to select different " +"principal, make sure you authenticated with SSSD or consider disabling " +"<option>pam_gssapi_check_upn</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:214 +#, no-wrap +msgid "" +"[domain_realm]\n" +".myhostname = MYREALM\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by libkrb5 to find KDCs for a given Kerberos realm. SSSD provides such " +"a plugin to guide all Kerberos clients on a system to a single KDC. In " +"general it should not matter to which KDC a client process is talking to. " +"But there are cases, e.g. after a password change, where not all KDCs are in " +"the same state because the new data has to be replicated first. To avoid " +"unexpected authentication failures and maybe even account lockings it would " +"be good to talk to a single KDC as long as possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:34 +msgid "" +"libkrb5 will search the locator plugin in the libkrb5 sub-directory of the " +"Kerberos plugin directory, see plugin_base_dir in <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for details. The plugin can only be disabled by removing the " +"plugin file. There is no option in the Kerberos configuration to disable it. " +"But the SSSD_KRB5_LOCATOR_DISABLE environment variable can be used to " +"disable the plugin for individual commands. Alternatively the SSSD option " +"krb5_use_kdcinfo=False can be used to not generate the data needed by the " +"plugin. With this the plugin is still called but will provide no data to the " +"caller so that libkrb5 can fall back to other methods defined in krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:50 +msgid "" +"The plugin reads the information about the KDCs of a given realm from a file " +"called <filename>kdcinfo.REALM</filename>. The file should contain one or " +"more DNS names or IP addresses either in dotted-decimal IPv4 notation or the " +"hexadecimal IPv6 notation. An optional port number can be added to the end " +"separated with a colon, the IPv6 address has to be enclosed in squared " +"brackets in this case as usual. Valid entries are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:58 +msgid "kdc.example.com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:59 +msgid "kdc.example.com:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:60 +msgid "1.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:61 +msgid "5.6.7.8:99" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:62 +msgid "2001:db8:85a3::8a2e:370:7334" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "[2001:db8:85a3::8a2e:370:7334]:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:65 +msgid "" +"SSSD's krb5 auth-provider which is used by the IPA and AD providers as well " +"adds the address of the current KDC or domain controller SSSD is using to " +"this file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:70 +msgid "" +"In environments with read-only and read-write KDCs where clients are " +"expected to use the read-only instances for the general operations and only " +"the read-write KDC for config changes like password changes a " +"<filename>kpasswdinfo.REALM</filename> is used as well to identify read-" +"write KDCs. If this file exists for the given realm the content will be used " +"by the plugin to reply to requests for a kpasswd or kadmin server or for the " +"MIT Kerberos specific master KDC. If the address contains a port number the " +"default KDC port 88 will be used for the latter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:85 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:91 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:95 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value " +"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the " +"caller." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:100 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES is set to " +"any value plugin will try to resolve all DNS names in kdcinfo file. By " +"default plugin returns KRB5_PLUGIN_NO_HANDLE to the caller immediately on " +"first DNS resolving failure." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "sssd-simple" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:83 sssd-ad.5.xml:131 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss-certmap.5.xml:10 sss-certmap.5.xml:16 +msgid "sss-certmap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss-certmap.5.xml:17 +msgid "SSSD Certificate Matching and Mapping Rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:23 +msgid "" +"The manual page describes the rules which can be used by SSSD and other " +"components to match X.509 certificates and map them to accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:28 +msgid "" +"Each rule has four components, a <quote>priority</quote>, a <quote>matching " +"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</" +"quote>. All components are optional. A missing <quote>priority</quote> will " +"add the rule with the lowest priority. The default <quote>matching rule</" +"quote> will match certificates with the digitalSignature key usage and " +"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty " +"the certificates will be searched in the userCertificate attribute as DER " +"encoded binary. If no domains are given only the local domain will be " +"searched." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:39 +msgid "" +"To allow extensions or completely different style of rule the " +"<quote>mapping</quote> and <quote>matching rules</quote> can contain a " +"prefix separated with a ':' from the main part of the rule. The prefix may " +"only contain upper-case ASCII letters and numbers. If the prefix is omitted " +"the default type will be used which is 'KRB5' for the matching rules and " +"'LDAP' for the mapping rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:48 +msgid "" +"The 'sssctl' utility provides the 'cert-eval-rule' command to check if a " +"given certificate matches a matching rules and how the output of a mapping " +"rule would look like." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss-certmap.5.xml:55 +msgid "RULE COMPONENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:57 +msgid "PRIORITY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:59 +msgid "" +"The rules are processed by priority while the number '0' (zero) indicates " +"the highest priority. The higher the number the lower is the priority. A " +"missing value indicates the lowest priority. The rules processing is stopped " +"when a matched rule is found and no further rules are checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:66 +msgid "" +"Internally the priority is treated as unsigned 32bit integer, using a " +"priority value larger than 4294967295 will cause an error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:70 +msgid "" +"If multiple rules have the same priority and only one of the related " +"matching rules applies, this rule will be chosen. If there are multiple " +"rules with the same priority which matches, one is chosen but which one is " +"undefined. To avoid this undefined behavior either use different priorities " +"or make the matching rules more specific e.g. by using distinct <" +"ISSUER> patterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:79 +msgid "MATCHING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:81 +msgid "" +"The matching rule is used to select a certificate to which the mapping rule " +"should be applied. It uses a system similar to the one used by " +"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a " +"keyword enclosed by '<' and '>' which identified a certain part of the " +"certificate and a pattern which should be found for the rule to match. " +"Multiple keyword pattern pairs can be either joined with '&&' (and) " +"or '||' (or)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:90 +msgid "" +"Given the similarity to MIT Kerberos the type prefix for this rule is " +"'KRB5'. But 'KRB5' will also be the default for <quote>matching rules</" +"quote> so that \"<SUBJECT>.*,DC=MY,DC=DOMAIN\" and \"KRB5:<" +"SUBJECT>.*,DC=MY,DC=DOMAIN\" are equivalent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:99 +msgid "<SUBJECT>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:102 +msgid "" +"With this a part or the whole subject name of the certificate can be " +"matched. For the matching POSIX Extended Regular Expression syntax is used, " +"see regex(7) for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:108 +msgid "" +"For the matching the subject name stored in the certificate in DER encoded " +"ASN.1 is converted into a string according to RFC 4514. This means the most " +"specific name component comes first. Please note that not all possible " +"attribute names are covered by RFC 4514. The names included are 'CN', 'L', " +"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might " +"be shown differently on different platform and by different tools. To avoid " +"confusion those attribute names are best not used or covered by a suitable " +"regular-expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:121 +msgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:124 +msgid "" +"Please note that the characters \"^.[$()|*+?{\\\" have a special meaning in " +"regular expressions and must be escaped with the help of the '\\' character " +"so that they are matched as ordinary characters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:130 +msgid "Example: <SUBJECT>^CN=.* \\(Admin\\),DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:135 +msgid "<ISSUER>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:138 +msgid "" +"With this a part or the whole issuer name of the certificate can be matched. " +"All comments for <SUBJECT> apply her as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:143 +msgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:148 +msgid "<KU>key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:151 +msgid "" +"This option can be used to specify which key usage values the certificate " +"should have. The following values can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:155 +msgid "digitalSignature" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:156 +msgid "nonRepudiation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:157 +msgid "keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:158 +msgid "dataEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:159 +msgid "keyAgreement" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:160 +msgid "keyCertSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:161 +msgid "cRLSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:162 +msgid "encipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:163 +msgid "decipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:167 +msgid "" +"A numerical value in the range of a 32bit unsigned integer can be used as " +"well to cover special use cases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:171 +msgid "Example: <KU>digitalSignature,keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:176 +msgid "<EKU>extended-key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:179 +msgid "" +"This option can be used to specify which extended key usage the certificate " +"should have. The following value can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:183 +msgid "serverAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:184 +msgid "clientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:185 +msgid "codeSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:186 +msgid "emailProtection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:187 +msgid "timeStamping" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:188 +msgid "OCSPSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:189 +msgid "KPClientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:190 +msgid "pkinit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:191 +msgid "msScLogin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:195 +msgid "" +"Extended key usages which are not listed above can be specified with their " +"OID in dotted-decimal notation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:199 +msgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:204 +msgid "<SAN>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:207 +msgid "" +"To be compatible with the usage of MIT Kerberos this option will match the " +"Kerberos principals in the PKINIT or AD NT Principal SAN as <SAN:" +"Principal> does." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:212 +msgid "Example: <SAN>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:217 +msgid "<SAN:Principal>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:220 +msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:224 +msgid "Example: <SAN:Principal>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:229 +msgid "<SAN:ntPrincipalName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:232 +msgid "Match the Kerberos principals from the AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:236 +msgid "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:241 +msgid "<SAN:pkinit>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:244 +msgid "Match the Kerberos principals from the PKINIT SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:247 +msgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:252 +msgid "<SAN:dotted-decimal-oid>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:255 +msgid "" +"Take the value of the otherName SAN component given by the OID in dotted-" +"decimal notation, interpret it as string and try to match it against the " +"regular expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:261 +msgid "Example: <SAN:1.2.3.4>test" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:266 +msgid "<SAN:otherName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:269 +msgid "" +"Do a binary match with the base64 encoded blob against all otherName SAN " +"components. With this option it is possible to match against custom " +"otherName components with special encodings which could not be treated as " +"strings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:276 +msgid "Example: <SAN:otherName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:281 +msgid "<SAN:rfc822Name>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:284 +msgid "Match the value of the rfc822Name SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:287 +msgid "Example: <SAN:rfc822Name>.*@email\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:292 +msgid "<SAN:dNSName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:295 +msgid "Match the value of the dNSName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:298 +msgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:303 +msgid "<SAN:x400Address>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:306 +msgid "Binary match the value of the x400Address SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:309 +msgid "Example: <SAN:x400Address>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:314 +msgid "<SAN:directoryName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:317 +msgid "" +"Match the value of the directoryName SAN. The same comments as given for <" +"ISSUER> and <SUBJECT> apply here as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:322 +msgid "Example: <SAN:directoryName>.*,DC=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:327 +msgid "<SAN:ediPartyName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:330 +msgid "Binary match the value of the ediPartyName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:333 +msgid "Example: <SAN:ediPartyName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:338 +msgid "<SAN:uniformResourceIdentifier>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:341 +msgid "Match the value of the uniformResourceIdentifier SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:344 +msgid "Example: <SAN:uniformResourceIdentifier>URN:.*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:349 +msgid "<SAN:iPAddress>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:352 +msgid "Match the value of the iPAddress SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:355 +msgid "Example: <SAN:iPAddress>192\\.168\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:360 +msgid "<SAN:registeredID>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:363 +msgid "Match the value of the registeredID SAN as dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:367 +msgid "Example: <SAN:registeredID>1\\.2\\.3\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:96 +msgid "" +"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:375 +msgid "MAPPING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:377 +msgid "" +"The mapping rule is used to associate a certificate with one or more " +"accounts. A Smartcard with the certificate and the matching private key can " +"then be used to authenticate as one of those accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:382 +msgid "" +"Currently SSSD basically only supports LDAP to lookup user information (the " +"exception is the proxy provider which is not of relevance here). Because of " +"this the mapping rule is based on LDAP search filter syntax with templates " +"to add certificate content to the filter. It is expected that the filter " +"will only contain the specific data needed for the mapping and that the " +"caller will embed it in another filter to do the actual search. Because of " +"this the filter string should start and stop with '(' and ')' respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:392 +msgid "" +"In general it is recommended to use attributes from the certificate and add " +"them to special attributes to the LDAP user object. E.g. the " +"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute " +"for IPA can be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:398 +msgid "" +"This should be preferred to read user specific data from the certificate " +"like e.g. an email address and search for it in the LDAP server. The reason " +"is that the user specific data in LDAP might change for various reasons " +"would break the mapping. On the other hand it would be hard to break the " +"mapping on purpose for a specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:406 +msgid "" +"The default <quote>mapping rule</quote> type is 'LDAP' which can be added as " +"a prefix to a rule like e.g. 'LDAP:(userCertificate;binary={cert!bin})'. " +"There is an extension called 'LDAPU1' which offer more templates for more " +"flexibility. To allow older versions of this library to ignore the extension " +"the prefix 'LDAPU1' must be used when using the new templates in a " +"<quote>mapping rule</quote> otherwise the old version of this library will " +"fail with a parsing error. The new templates are described in section <xref " +"linkend=\"map_ldapu1\"/>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:424 +msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:427 +msgid "" +"This template will add the full issuer DN converted to a string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:433 sss-certmap.5.xml:459 +msgid "" +"The conversion options starting with 'ad_' will use attribute names as used " +"by AD, e.g. 'S' instead of 'ST'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:437 sss-certmap.5.xml:463 +msgid "" +"The conversion options starting with 'nss_' will use attribute names as used " +"by NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:441 sss-certmap.5.xml:467 +msgid "" +"The default conversion option is 'nss', i.e. attribute names according to " +"NSS and LDAP/RFC 4514 ordering." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:445 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!" +"ad})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:450 +msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:453 +msgid "" +"This template will add the full subject DN converted to string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:471 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>" +"{subject_dn!nss_x500})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:476 +msgid "{cert[!(bin|base64)]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:479 +msgid "" +"This template will add the whole DER encoded certificate as a string to the " +"search filter. Depending on the conversion option the binary certificate is " +"either converted to an escaped hex sequence '\\xx' or base64. The escaped " +"hex sequence is the default and can e.g. be used with the LDAP attribute " +"'userCertificate;binary'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:487 +msgid "Example: (userCertificate;binary={cert!bin})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:492 +msgid "{subject_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:495 +msgid "" +"This template will add the Kerberos principal which is taken either from the " +"SAN used by pkinit or the one used by AD. The 'short_name' component " +"represents the first part of the principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:501 +msgid "" +"Example: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:506 +msgid "{subject_pkinit_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:509 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by pkinit. The 'short_name' component represents the first part of the " +"principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:515 +msgid "" +"Example: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:520 +msgid "{subject_nt_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:523 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by AD. The 'short_name' component represent the first part of the principal " +"before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:529 +msgid "" +"Example: (|(userPrincipalName={subject_nt_principal})" +"(samAccountName={subject_nt_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:534 +msgid "{subject_rfc822_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:537 +msgid "" +"This template will add the string which is stored in the rfc822Name " +"component of the SAN, typically an email address. The 'short_name' component " +"represents the first part of the address before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:543 +msgid "" +"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name." +"short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:548 +msgid "{subject_dns_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:551 +msgid "" +"This template will add the string which is stored in the dNSName component " +"of the SAN, typically a fully-qualified host name. The 'short_name' " +"component represents the first part of the name before the first '.' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:557 +msgid "" +"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:562 +msgid "{subject_uri}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:565 +msgid "" +"This template will add the string which is stored in the " +"uniformResourceIdentifier component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:569 +msgid "Example: (uri={subject_uri})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:574 +msgid "{subject_ip_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:577 +msgid "" +"This template will add the string which is stored in the iPAddress component " +"of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:581 +msgid "Example: (ip={subject_ip_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:586 +msgid "{subject_x400_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:589 +msgid "" +"This template will add the value which is stored in the x400Address " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:594 +msgid "Example: (attr:binary={subject_x400_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:599 +msgid "" +"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:602 +msgid "" +"This template will add the DN string of the value which is stored in the " +"directoryName component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:606 +msgid "Example: (orig_dn={subject_directory_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:611 +msgid "{subject_ediparty_name}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:614 +msgid "" +"This template will add the value which is stored in the ediPartyName " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:619 +msgid "Example: (attr:binary={subject_ediparty_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:624 +msgid "{subject_registered_id}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:627 +msgid "" +"This template will add the OID which is stored in the registeredID component " +"of the SAN as a dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:632 +msgid "Example: (oid={subject_registered_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:417 +msgid "" +"The templates to add certificate data to the search filter are based on " +"Python-style formatting strings. They consist of a keyword in curly braces " +"with an optional sub-component specifier separated by a '.' or an optional " +"conversion/formatting option separated by a '!'. Allowed values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><title> +#: sss-certmap.5.xml:639 +msgid "LDAPU1 extension" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para> +#: sss-certmap.5.xml:641 +msgid "The following template are available when using the 'LDAPU1' extension:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:647 +msgid "{serial_number[!(dec|hex[_ucr])]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:650 +msgid "" +"This template will add the serial number of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:655 +msgid "" +"With the formatting option '!dec' the number will be printed as decimal " +"string. The hexadecimal output can be printed with upper-case letters ('!" +"hex_u'), with a colon separating the hexadecimal bytes ('!hex_c') or with " +"the hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can " +"be combined so that e.g. '!hex_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:665 +msgid "Example: LDAPU1:(serial={serial_number})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:671 +msgid "{subject_key_id[!hex[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:674 +msgid "" +"This template will add the subject key id of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:679 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!hex_u'), " +"with a colon separating the hexadecimal bytes ('!hex_c') or with the " +"hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can be " +"combined so that e.g. '!hex_uc' will produce a colon-separated hexadecimal " +"string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:688 +msgid "Example: LDAPU1:(ski={subject_key_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:694 +msgid "{cert[!DIGEST[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:697 +msgid "" +"This template will add the hexadecimal digest/hash of the certificate where " +"DIGEST must be replaced with the name of a digest/hash function supported by " +"OpenSSL, e.g. 'sha512'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:703 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!sha512_u'), " +"with a colon separating the hexadecimal bytes ('!sha512_c') or with the " +"hexadecimal bytes in reverse order ('!sha512_r'). The postfix letters can be " +"combined so that e.g. '!sha512_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:712 +msgid "Example: LDAPU1:(dgst={cert!sha256})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:718 +msgid "{subject_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:721 +msgid "" +"This template will add an attribute value of a component of the subject DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:726 +msgid "" +"A different component can it either selected by attribute name, e.g. " +"{subject_dn_component.uid} or by position, e.g. {subject_dn_component.[2]} " +"where positive numbers start counting from the most specific component and " +"negative numbers start counting from the least specific component. Attribute " +"name and the position can be combined as e.g. {subject_dn_component.uid[2]} " +"which means that the name of the second component must be 'uid'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:737 +msgid "Example: LDAPU1:(uid={subject_dn_component.uid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:743 +msgid "{issuer_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:746 +msgid "" +"This template will add an attribute value of a component of the issuer DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:751 +msgid "" +"See 'subject_dn_component' for details about the attribute name and position " +"specifiers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:755 +msgid "" +"Example: LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component." +"dc[-1]})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:760 +msgid "{sid[.rid]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:763 +msgid "" +"This template will add the SID if the corresponding extension introduced by " +"Microsoft with the OID 1.3.6.1.4.1.311.25.2 is available. With the '.rid' " +"selector only the last component, i.e. the RID, will be added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:770 +msgid "Example: LDAPU1:(objectsid={sid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:779 +msgid "DOMAIN LIST" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:781 +msgid "" +"If the domain list is not empty users mapped to a given certificate are not " +"only searched in the local domain but in the listed domains as well as long " +"as they are know by SSSD. Domains not know to SSSD will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "sssd-ipa" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for IPA environments. The IPA provider accepts the same " +"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. " +"However, it is neither necessary nor recommended to set these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:57 +msgid "" +"The IPA provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"As an access provider, the IPA provider has a minimal configuration (see " +"<quote>ipa_access_order</quote>) as it mainly uses HBAC (host-based access " +"control) rules. Please refer to freeipa.org for more information about HBAC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:68 +msgid "" +"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ipa</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:74 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:90 +msgid "ipa_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:93 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:101 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:104 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:117 +msgid "ipa_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:120 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host. The " +"hostname must be fully qualified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:129 sssd-ad.5.xml:1181 +msgid "dyndns_update (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:132 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA with the IP address of this client. The update is secured " +"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the " +"updates, if it is not otherwise specified by using the <quote>dyndns_iface</" +"quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:141 sssd-ad.5.xml:1195 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:146 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:158 sssd-ad.5.xml:1206 +msgid "dyndns_ttl (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:161 sssd-ad.5.xml:1209 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:166 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:172 +msgid "Default: 1200 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:178 sssd-ad.5.xml:1220 +msgid "dyndns_iface (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 sssd-ad.5.xml:1223 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:188 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 sssd-ad.5.xml:1234 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 +msgid "dyndns_auth (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"updates with the DNS server, insecure updates can be sent by setting this " +"option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 +msgid "Default: GSS-TSIG" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 +msgid "dyndns_auth_ptr (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"PTR updates with the DNS server, insecure updates can be sent by setting " +"this option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 +msgid "Default: Same as dyndns_auth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:234 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:237 sssd-ad.5.xml:238 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example." +"com\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1240 +msgid "dyndns_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:263 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:276 sssd-ad.5.xml:1258 +msgid "dyndns_update_ptr (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:1261 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 +msgid "Default: False (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 +msgid "dyndns_force_tcp (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 +msgid "dyndns_update_per_family (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 +msgid "" +"DNS update is by default performed in two steps - IPv4 update and then IPv6 " +"update. In some cases it might be desirable to perform IPv4 and IPv6 update " +"in single step." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:353 +msgid "ipa_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:360 +msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:399 +msgid "" +"Please note that 'access_provider = ipa' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:406 +msgid "ipa_deskprofile_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:409 +msgid "" +"Optional. Use the given string as search base for Desktop Profile related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 +msgid "Default: Use base DN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:419 +msgid "ipa_subid_ranges_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"Optional. Use the given string as search base for subordinate ranges related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:426 +msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:433 +msgid "ipa_hbac_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:436 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 +msgid "Deprecated. Use ldap_host_search_base instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:455 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:458 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:474 +msgid "ipa_subdomains_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:477 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:486 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:493 +msgid "ipa_master_domain_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:496 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:505 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:524 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:534 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:538 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:564 +msgid "ipa_deskprofile_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:567 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server. This will reduce the latency and load on the IPA server if there " +"are many desktop profiles requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 +msgid "Default: 5 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:580 +msgid "ipa_deskprofile_request_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:583 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server in case the last request did not return any rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:588 +msgid "Default: 60 (minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:594 +msgid "ipa_hbac_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:597 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:610 +msgid "ipa_hbac_selinux (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:613 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:626 +msgid "ipa_server_mode (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "" +"This option will be set by the IPA installer (ipa-server-install) " +"automatically and denotes if SSSD is running on an IPA server or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:634 +msgid "" +"On an IPA server SSSD will lookup users and groups from trusted domains " +"directly while on a client it will ask an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:639 +msgid "" +"NOTE: There are currently some assumptions that must be met when SSSD is " +"running on an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "" +"The <quote>ipa_server</quote> option must be configured to point to the IPA " +"server itself. This is already the default set by the IPA installer, so no " +"manual change is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:653 +msgid "" +"The <quote>full_name_format</quote> option must not be tweaked to only print " +"short names for users from trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:668 +msgid "ipa_automount_location (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:671 +msgid "The automounter location this IPA client will be using" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:674 +msgid "Default: The location named \"default\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:682 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:691 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:694 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:697 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:703 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:706 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 +#: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 +#: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 +#: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 +msgid "Default: cn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:716 +msgid "ipa_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:719 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:722 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:728 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:731 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:735 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:741 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:744 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:749 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:752 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:755 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:758 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:761 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:764 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:767 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:770 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:775 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:781 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:784 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:789 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:792 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:795 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:800 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:684 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:812 +msgid "SUBDOMAINS PROVIDER" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:814 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:818 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:824 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:835 +msgid "TRUSTED DOMAINS CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:843 +#, no-wrap +msgid "" +"[domain/ipa.domain.com/ad.domain.com]\n" +"ad_server = dc.ad.domain.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:837 +msgid "" +"Some configuration options can also be set for a trusted domain. A trusted " +"domain configuration can be set using the trusted domain subsection as shown " +"in the example below. Alternatively, the <quote>subdomain_inherit</quote> " +"option can be used in the parent domain. <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:848 +msgid "" +"For more details, see the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:855 +msgid "" +"Different configuration options are tunable for a trusted domain depending " +"on whether you are configuring SSSD on an IPA server or an IPA client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:860 +msgid "OPTIONS TUNABLE ON IPA MASTERS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:862 +msgid "" +"The following options can be set in a subdomain section on an IPA master:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 +msgid "ad_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:869 +msgid "ad_backup_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 +msgid "ad_site" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:875 +msgid "ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:878 +msgid "ldap_user_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:881 +msgid "ldap_group_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:890 +msgid "OPTIONS TUNABLE ON IPA CLIENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:892 +msgid "" +"The following options can be set in a subdomain section on an IPA client:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:904 +msgid "" +"Note that if both options are set, only <quote>ad_server</quote> is " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:908 +msgid "" +"Since any request for a user or a group identity from a trusted domain " +"triggered from an IPA client is resolved by the IPA server, the " +"<quote>ad_server</quote> and <quote>ad_site</quote> options only affect " +"which AD DC will the authentication be performed against. In particular, the " +"addresses resolved from these lists will be written to <quote>kdcinfo</" +"quote> files read by the Kerberos locator plugin. Please refer to the " +"<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more details on the " +"Kerberos locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:932 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:939 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available. Back end communication occurs over a GSSAPI-encrypted " +"channel, SSL/TLS options should not be used with the AD provider and will be " +"superseded by Kerberos usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:44 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:48 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:54 +msgid "" +"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for Active Directory environments. The AD provider accepts the " +"same options used by the sssd-ldap and sssd-krb5 providers with some " +"exceptions. However, it is neither necessary nor recommended to set these " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"The AD provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:74 +msgid "" +"The AD provider can also be used as an access, chpass, sudo and autofs " +"provider. No configuration of the access provider is required on the client " +"side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:79 +msgid "" +"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ad</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:91 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:85 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should " +"be used, it is recommended for performance reasons that the attributes are " +"also replicated to the Global Catalog. If POSIX attributes are replicated, " +"SSSD will attempt to locate the domain of a requested numerical ID with the " +"help of the Global Catalog and only search that domain. In contrast, if " +"POSIX attributes are not replicated to the Global Catalog, SSSD must search " +"all the domains in the forest sequentially. Please note that the " +"<quote>cache_first</quote> option might be also helpful in speeding up " +"domainless searches. Note that if only a subset of POSIX attributes is " +"present in the Global Catalog, the non-replicated attributes are currently " +"not read from the LDAP port." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:108 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:113 +msgid "" +"SSSD only resolves Active Directory Security Groups. For more information " +"about AD group types see: <ulink url=\"https://docs.microsoft.com/en-us/" +"windows-server/identity/ad-ds/manage/understand-security-groups\"> Active " +"Directory security groups</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:120 +msgid "" +"SSSD filters out Domain Local groups from remote domains in the AD forest. " +"By default they are filtered out e.g. when following a nested group " +"hierarchy in remote domains because they are not valid in the local domain. " +"This is done to be in agreement with Active Directory's group-membership " +"assignment which can be seen in the PAC of the Kerberos ticket of a user " +"issued by Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:138 +msgid "ad_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:141 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:146 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:151 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:158 +msgid "ad_enabled_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:161 +msgid "" +"A comma-separated list of enabled Active Directory domains. If provided, " +"SSSD will ignore any domains not listed in this option. If left unset, all " +"discovered domains from the AD forest will be available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:168 +msgid "" +"During the discovery of the domains SSSD will filter out some domains where " +"flags or attributes indicate that they do not belong to the local forest or " +"are not trusted. If ad_enabled_domains is set, SSSD will try to enable all " +"listed domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:179 +#, no-wrap +msgid "" +"ad_enabled_domains = sales.example.com, eng.example.com\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:175 +msgid "" +"For proper operation, this option must be specified in all lower-case and as " +"the fully qualified domain name of the Active Directory domain. For example: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) will be " +"autodetected by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:193 +msgid "ad_server, ad_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:196 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:203 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:208 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:216 +msgid "ad_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:219 +msgid "" +"Optional. On machines where the hostname(5) does not reflect the fully " +"qualified name, sssd will try to expand the short name. If it is not " +"possible or the short name should be really used instead, set this parameter " +"explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:226 +msgid "" +"This field is used to determine the host principal in use in the keytab and " +"to perform dynamic DNS updates. It must match the hostname for which the " +"keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:235 +msgid "ad_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:258 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:261 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:269 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:277 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:285 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"Nested group membership must be searched for using a special OID " +"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain." +"example.org: syntax to ensure the parser does not attempt to interpret the " +"colon characters associated with the OID. If you do not use this OID then " +"nested group membership will not be resolved. See usage example below and " +"refer here for further information about the OID: <ulink url=\"https://msdn." +"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP " +"extensions</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:303 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:314 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +"\n" +"# apply filter for a member of a nested group in dom1:\n" +"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:333 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:347 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:350 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:358 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:372 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:384 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to the host. For more " +"information on the supported policy settings please refer to the " +"<quote>ad_gpo_map</quote> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:392 +msgid "" +"Please note that current version of SSSD does not support Active Directory's " +"built-in groups. Built-in groups (such as Administrators with SID " +"S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See " +"upstream issue tracker https://github.com/SSSD/sssd/issues/5063 ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:401 +msgid "" +"Before performing access control SSSD applies group policy security " +"filtering on the GPOs. For every single user login, the applicability of the " +"GPOs that are linked to the host is checked. In order for a GPO to apply to " +"a user, the user or at least one of the groups to which it belongs must have " +"following permissions on the GPO:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:411 +msgid "" +"Read: The user or one of its groups must have read access to the properties " +"of the GPO (RIGHT_DS_READ_PROPERTY)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:418 +msgid "" +"Apply Group Policy: The user or at least one of its groups must be allowed " +"to apply the GPO (RIGHT_DS_CONTROL_ACCESS)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:426 +msgid "" +"By default, the Authenticated Users group is present on a GPO and this group " +"has both Read and Apply Group Policy access rights. Since authentication of " +"a user must have been completed successfully before GPO security filtering " +"and access control are started, the Authenticated Users group permissions on " +"the GPO always apply also to the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:435 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing. For logging GPO-based access control debug level 'trace " +"functions' is required (see <citerefentry> <refentrytitle>sssctl</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:458 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:464 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:470 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:481 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:484 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:490 +msgid "ad_gpo_implicit_deny (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:493 +msgid "" +"Normally when no applicable GPOs are found the users are allowed access. " +"When this option is set to True users will be allowed access only when " +"explicitly allowed by a GPO rule. Otherwise users will be denied access. " +"This can be used to harden security but be careful when using this option " +"because it can deny access even to users in the built-in Administrators " +"group if no GPO rules apply to them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:509 +msgid "" +"The following 2 tables should illustrate when a user is allowed or rejected " +"based on the allow and deny login rights defined on the server-side and the " +"setting of ad_gpo_implicit_deny." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:521 +msgid "ad_gpo_implicit_deny = False (default)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "allow-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "deny-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:523 sssd-ad.5.xml:549 +msgid "results" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:526 sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:552 +#: sssd-ad.5.xml:555 sssd-ad.5.xml:558 +msgid "missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:527 +#, fuzzy +#| msgid "The following values are allowed:" +msgid "all users are allowed" +msgstr "Atļautas šādas vērtības:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:535 sssd-ad.5.xml:555 +#: sssd-ad.5.xml:558 sssd-ad.5.xml:561 +msgid "present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:530 +msgid "only users not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:533 sssd-ad.5.xml:559 +#, fuzzy +#| msgid "The following values are allowed:" +msgid "only users in allow-rules are allowed" +msgstr "Atļautas šādas vērtības:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:536 sssd-ad.5.xml:562 +msgid "only users in allow-rules and not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:547 +msgid "ad_gpo_implicit_deny = True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:553 sssd-ad.5.xml:556 +#, fuzzy +#| msgid "The following values are allowed:" +msgid "no users are allowed" +msgstr "Atļautas šādas vērtības:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:569 +msgid "ad_gpo_ignore_unreadable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:572 +msgid "" +"Normally when some group policy containers (AD object) of applicable group " +"policy objects are not readable by SSSD then users are denied access. This " +"option allows to ignore group policy containers and with them associated " +"policies if their attributes in group policy containers are not readable for " +"SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:589 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:605 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:608 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings. Only those GPOs are evaluated " +"for which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny interactive logon setting for the user or one of its groups, the user " +"is denied local access. If none of the evaluated GPOs has an interactive " +"logon right defined, the user is granted local access. If at least one " +"evaluated GPO contains interactive logon right settings, the user is granted " +"local access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:626 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:640 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:631 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:663 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:683 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:688 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:693 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:698 +msgid "unity" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:703 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:712 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:715 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings. Only those GPOs are " +"evaluated for which the user has Read and Apply Group Policy permission (see " +"option <quote>ad_gpo_access_control</quote>). If an evaluated GPO contains " +"the deny remote logon setting for the user or one of its groups, the user is " +"denied remote interactive access. If none of the evaluated GPOs has a " +"remote interactive logon right defined, the user is granted remote access. " +"If at least one evaluated GPO contains remote interactive logon right " +"settings, the user is granted remote access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:734 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:749 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:740 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:757 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:762 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:771 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny network logon setting for the user or one of its groups, the user is " +"denied network logon access. If none of the evaluated GPOs has a network " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains network logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:792 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:807 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:798 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:815 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:820 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:829 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:832 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings. Only those GPOs are evaluated for which the user has Read " +"and Apply Group Policy permission (see option <quote>ad_gpo_access_control</" +"quote>). If an evaluated GPO contains the deny batch logon setting for the " +"user or one of its groups, the user is denied batch logon access. If none " +"of the evaluated GPOs has a batch logon right defined, the user is granted " +"logon access. If at least one evaluated GPO contains batch logon right " +"settings, the user is granted logon access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:850 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:864 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:855 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:867 +msgid "" +"Note: Cron service name may differ depending on Linux distribution used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:873 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:882 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:885 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny service logon setting for the user or one of its groups, the user is " +"denied service logon access. If none of the evaluated GPOs has a service " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains service logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:903 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:916 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:908 sssd-ad.5.xml:983 +msgid "" +"It is possible to add a PAM service name to the default set by using " +"<quote>+service_name</quote>. Since the default set is empty, it is not " +"possible to remove a PAM service name from the default set. For example, in " +"order to add a custom pam service name (e.g. <quote>my_pam_service</quote>), " +"you would use the following configuration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:926 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:929 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:943 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:934 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:951 +msgid "polkit-1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:966 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:975 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:978 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:991 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1001 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1004 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1017 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1026 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1031 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1036 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1041 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1046 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1051 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1057 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1063 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1066 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1072 +msgid "Default: 30 days" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1078 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1081 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expects 2 integers separated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the initial timeout in seconds before the task is run for the " +"first time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1090 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1096 +msgid "ad_update_samba_machine_account_password (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1099 +msgid "" +"If enabled, when SSSD renews the machine account password, it will also be " +"updated in Samba's database. This prevents Samba's copy of the machine " +"account password from getting out of date when it is set up to use AD for " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1112 +msgid "ad_use_ldaps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1115 +msgid "" +"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " +"3628. If this option is set to True SSSD will use the LDAPS port 636 and " +"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " +"have multiple encryption layers on a single connection and we still want to " +"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " +"property maxssf is set to 0 (zero) for those connections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1132 +msgid "ad_allow_remote_domain_local_groups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1135 +msgid "" +"If this option is set to <quote>true</quote> SSSD will not filter out Domain " +"Local groups from remote domains in the AD forest. By default they are " +"filtered out e.g. when following a nested group hierarchy in remote domains " +"because they are not valid in the local domain. To be compatible with other " +"solutions which make AD users and groups available on Linux client this " +"option was added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1145 +msgid "" +"Please note that setting this option to <quote>true</quote> will be against " +"the intention of Domain Local group in Active Directory and <emphasis>SHOULD " +"ONLY BE USED TO FACILITATE MIGRATION FROM OTHER SOLUTIONS</emphasis>. " +"Although the group exists and user can be member of the group the intention " +"is that the group should be only used in the domain it is defined and in no " +"others. Since there is only one type of POSIX groups the only way to achieve " +"this on the Linux side is to ignore those groups. This is also done by " +"Active Directory as can be seen in the PAC of the Kerberos ticket for a " +"local service or in tokenGroups requests where remote Domain Local groups " +"are missing as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1161 +msgid "" +"Given the comments above, if this option is set to <quote>true</quote> the " +"tokenGroups request must be disabled by setting <quote>ldap_use_tokengroups</" +"quote> to <quote>false</quote> to get consistent group-memberships of a " +"users. Additionally the Global Catalog lookup should be skipped as well by " +"setting <quote>ad_enable_gc</quote> to <quote>false</quote>. Finally it " +"might be necessary to modify <quote>ldap_group_nesting_level</quote> if the " +"remote Domain Local groups can only be found with a deeper nesting level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1184 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1214 +msgid "Default: 3600 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1230 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1243 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true. Note that the " +"lowest possible value is 60 seconds in-case if value is provided less than " +"60, parameter will assume lowest value only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1393 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1400 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1420 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1416 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1426 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1434 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included in the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:98 +msgid "" +"<placeholder type=\"programlisting\" id=\"0\"/> <phrase " +"condition=\"have_systemd\"> It's important to note that on platforms where " +"systemd is supported there's no need to add the \"sudo\" provider to the " +"list of services, as it became optional. However, sssd-sudo.socket must be " +"enabled instead. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:118 +msgid "" +"When SSSD is configured to use IPA as the ID provider, the sudo provider is " +"automatically enabled. The sudo search base is configured to use the IPA " +"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in " +"sssd.conf, this value will be used instead. The compat tree (ou=sudoers," +"$SUFFIX) is no longer required for IPA sudo functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:128 +msgid "The SUDO rule caching mechanism" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:130 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:138 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:144 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:161 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:168 +msgid "keyword ALL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:173 +msgid "wildcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:178 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:183 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:188 +msgid "one of the IP addresses of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:193 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:199 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:213 +msgid "Tuning the performance" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:215 +msgid "" +"SSSD uses different kinds of mechanisms with more or less complex LDAP " +"filters to keep the cached sudo rules up to date. The default configuration " +"is set to values that should satisfy most of our users, but the following " +"paragraphs contain few tips on how to fine- tune the configuration to your " +"requirements." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:222 +msgid "" +"1. <emphasis>Index LDAP attributes</emphasis>. Make sure that following LDAP " +"attributes are indexed: objectClass, cn, entryUSN or modifyTimestamp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:227 +msgid "" +"2. <emphasis>Set ldap_sudo_search_base</emphasis>. Set the search base to " +"the container that holds the sudo rules to limit the scope of the lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:232 +msgid "" +"3. <emphasis>Set full and smart refresh interval</emphasis>. If your sudo " +"rules do not change often and you do not require quick update of cached " +"rules on your clients, you may consider increasing the " +"<emphasis>ldap_sudo_full_refresh_interval</emphasis> and " +"<emphasis>ldap_sudo_smart_refresh_interval</emphasis>. You may also consider " +"disabling the smart refresh by setting " +"<emphasis>ldap_sudo_smart_refresh_interval = 0</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:241 +msgid "" +"4. If you have large number of clients, you may consider increasing the " +"value of <emphasis>ldap_sudo_random_offset</emphasis> to distribute the load " +"on the server better." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "sssd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>--logger=</option><replaceable>value</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "Location where SSSD will send log messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:92 +msgid "" +"<emphasis>stderr</emphasis>: Redirect debug messages to standard error " +"output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:96 +msgid "" +"<emphasis>files</emphasis>: Redirect debug messages to the log files. By " +"default, the log files are stored in <filename>/var/log/sssd</filename> and " +"there are separate log files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:102 +msgid "" +"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:106 +msgid "" +"Default: not set (fall back to journald if available, otherwise to stderr)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:113 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:117 +msgid "Become a daemon after starting up." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:123 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:127 +msgid "Run in the foreground, don't become a daemon." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:133 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:137 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "<option>-g</option>,<option>--genconf</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:154 +msgid "" +"Do not start the SSSD, but refresh the configuration database from the " +"contents of <filename>/etc/sssd/sssd.conf</filename> and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:162 +msgid "<option>-s</option>,<option>--genconf-section</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:166 +msgid "" +"Similar to <quote>--genconf</quote>, but only refresh a single section from " +"the configuration file. This option is useful mainly to be called from " +"systemd unit files to allow socket-activated responders to refresh their " +"configuration without requiring the administrator to restart the whole SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:178 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:182 +msgid "Print version number and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:190 +msgid "Signals" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:193 +msgid "SIGTERM/SIGINT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:196 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:202 +msgid "SIGHUP" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:205 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:213 +msgid "SIGUSR1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:216 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:225 +msgid "SIGUSR2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:228 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:240 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:244 +msgid "" +"If the environment variable SSS_LOCKFREE is set to \"NO\", requests from " +"multiple threads of a single application will be serialized." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:48 +msgid "" +"<emphasis>NOTE:</emphasis> The options provided in this man page only work " +"with <quote>ldap</quote> and <quote>AD</quote> <quote> id_provider</quote>. " +"IPA overrides can be managed centrally on the IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:56 sssctl.8.xml:41 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:58 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:65 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED " +"CERTIFICATE</optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:78 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:86 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:91 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:100 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:105 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:113 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:118 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:124 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:134 +msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:137 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:146 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:149 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:155 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:160 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:168 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:175 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:183 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:188 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:197 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:202 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:210 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:215 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:221 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:231 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:234 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:243 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:246 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:252 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:257 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:267 sssctl.8.xml:50 +msgid "COMMON OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:269 sssctl.8.xml:52 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:274 sssctl.8.xml:57 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "sssd-krb5" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "Noklusējuma: / tmp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "%u" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "%U" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 include/override_homedir.xml:42 +msgid "%h" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:124 +msgid "home directory" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:31 +msgid "%P" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:56 +msgid "%%" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:57 +msgid "a literal '%'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:253 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:256 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:261 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:274 +msgid "krb5_use_fast (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:277 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:282 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:286 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:291 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:296 +msgid "Default: not set, i.e. FAST is not used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:299 +msgid "NOTE: a keytab or support for anonymous PKINIT is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:303 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:312 +msgid "krb5_fast_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:315 +msgid "Specifies the server principal to use for FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:321 +msgid "krb5_fast_use_anonymous_pkinit (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:324 +msgid "" +"If set to true try to use anonymous PKINIT instead of a keytab to get the " +"required credential for FAST. The krb5_fast_principal options is ignored in " +"this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:364 +msgid "krb5_kdcinfo_lookahead (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:367 +msgid "" +"When krb5_use_kdcinfo is set to true, you can limit the amount of servers " +"handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. This might be " +"helpful when there are too many servers discovered using SRV record." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:377 +msgid "" +"The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. " +"The first number represents number of primary servers used and the second " +"number specifies the number of backup servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:383 +msgid "" +"For example <emphasis>10:0</emphasis> means that up to 10 primary servers " +"will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " +"servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:392 +msgid "Default: 3:1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:398 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:401 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:407 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:410 +msgid "" +"The IPA provider will set to option to 'true' if it detects that the server " +"is capable of handling enterprise principals and the option is not set " +"explicitly in the config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:419 +msgid "krb5_use_subdomain_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:422 +msgid "" +"Specifies to use subdomains realms for the authentication of users from " +"trusted domains. This option can be set to 'true' if enterprise principals " +"are used with upnSuffixes which are not known on the parent domain KDCs. If " +"the option is set to 'true' SSSD will try to send the request directly to a " +"KDC of the trusted domain the user is coming from." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:438 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:453 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:458 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:485 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:493 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online. Options that invalidate a single object only accept a " +"single provided argument." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:43 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:47 +msgid "Invalidate all cached entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:53 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:58 +msgid "Invalidate specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:64 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:68 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:75 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:80 +msgid "Invalidate specific group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:86 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:90 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:97 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:102 +msgid "Invalidate specific netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:108 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:112 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:119 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:124 +msgid "Invalidate specific service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:130 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:134 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:141 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:146 +msgid "Invalidate specific autofs maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:152 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:156 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:163 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:168 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:174 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:178 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:186 +msgid "" +"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:191 +msgid "Invalidate particular sudo rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:197 +msgid "<option>-R</option>,<option>--sudo-rules</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:201 +msgid "" +"Invalidate all cached sudo rules. This option overrides invalidation of " +"specific sudo rule if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:209 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:214 +msgid "Restrict invalidation process only to a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_cache.8.xml:224 +msgid "EFFECTS ON THE FAST MEMORY CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:226 +msgid "" +"<command>sss_cache</command> also invalidates the memory cache. Since the " +"memory cache is a file which is mapped into the memory of each process which " +"called SSSD to resolve users or groups the file cannot be truncated. A " +"special flag is set in the header of the file to indicate that the content " +"is invalid and then the file is unlinked by SSSD's NSS responder and a new " +"cache file is created. Whenever a process is now doing a new lookup for a " +"user or a group it will see the flag, close the old memory cache file and " +"map the new one into its memory. When all processes which had opened the old " +"memory cache file have closed it while looking up a user or a group the " +"kernel can release the occupied disk space and the old memory cache file is " +"finally removed completely." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:240 +msgid "" +"A special case is long running processes which are doing user or group " +"lookups only at startup, e.g. to determine the name of the user the process " +"is running as. For those lookups the memory cache file is mapped into the " +"memory of the process. But since there will be no further lookups this " +"process would never detect if the memory cache file was invalidated and " +"hence it will be kept in memory and will occupy disk space until the process " +"stops. As a result calling <command>sss_cache</command> might increase the " +"disk usage because old memory cache files cannot be removed from the disk " +"because they are still mapped by long running processes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:252 +msgid "" +"A possible work-around for long running processes which are looking up users " +"and groups only at startup or very rarely is to run them with the " +"environment variable SSS_NSS_USE_MEMCACHE set to \"NO\" so that they won't " +"use the memory cache at all and not map the memory cache file into the " +"memory. In general a better solution is to tune the cache timeout parameters " +"so that they meet the local expectations and calling <command>sss_cache</" +"command> is not needed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "[DEPRECATED] change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl " +"debug-level command. Please refer to the <command>sssctl</command> man page " +"for more information on sssctl usage." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ifp.5.xml:43 +msgid "FIND BY VALID CERTIFICATE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:45 +msgid "" +"The following options can be used to control how the certificates are " +"validated when using the FindByValidCertificate() API:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:48 sss_ssh_authorizedkeys.1.xml:92 +msgid "ca_db" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:49 sss_ssh_authorizedkeys.1.xml:93 +msgid "p11_child_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:50 sss_ssh_authorizedkeys.1.xml:94 +msgid "certificate_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:52 +msgid "" +"For more details about the options see <citerefentry><refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:62 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:69 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:75 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:79 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:93 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:108 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:115 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:116 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:119 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:120 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:123 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:127 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:128 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:97 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:141 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:133 +msgid "" +"It is possible to add another attribute to this set by using " +"<quote>+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:145 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:155 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:160 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:316 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "SKATĪT ARĪ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the " +"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> man page for more details about this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:59 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:52 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_ssh_authorizedkeys.1.xml:65 +msgid "KEYS FROM CERTIFICATES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:67 +msgid "" +"In addition to the public SSH keys for user <replaceable>USER</replaceable> " +"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived " +"from the public key of a X.509 certificate as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:73 +msgid "" +"To enable this the <quote>ssh_use_certificate_keys</quote> option must be " +"set to true (default) in the [ssh] section of <filename>sssd.conf</" +"filename>. If the user entry contains certificates (see " +"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or " +"there is a certificate in an override entry for the user (see " +"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the " +"certificate is valid SSSD will extract the public key from the certificate " +"and convert it into the format expected by sshd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:90 +msgid "Besides <quote>ssh_use_certificate_keys</quote> the options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:96 +msgid "" +"can be used to control how the certificates are validated (see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:101 +msgid "" +"The validation is the benefit of using X.509 certificates instead of SSH " +"keys directly because e.g. it gives a better control of the lifetime of the " +"keys. When the ssh client is configured to use the private keys from a " +"Smartcard with the help of a PKCS#11 shared library (see " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> for details) it might be irritating that authentication is " +"still working even if the related X.509 certificate on the Smartcard is " +"already expired because neither <command>ssh</command> nor <command>sshd</" +"command> will look at the certificate at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:114 +msgid "" +"It has to be noted that the derived public SSH key can still be added to the " +"<filename>authorized_keys</filename> file of the user to bypass the " +"certificate validation if the <command>sshd</command> configuration permits " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:132 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:102 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:104 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and establishes the connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:89 +msgid "<option>-k</option>,<option>--pubkey</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:93 +msgid "" +"Print the host ssh public keys for host <replaceable>HOST</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: idmap_sss.8.xml:10 idmap_sss.8.xml:15 +msgid "idmap_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: idmap_sss.8.xml:16 +msgid "SSSD's idmap_sss Backend for Winbind" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:22 +msgid "" +"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. " +"No database is required in this case as the mapping is done by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: idmap_sss.8.xml:29 +msgid "IDMAP OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: idmap_sss.8.xml:33 +msgid "range = low - high" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: idmap_sss.8.xml:35 +msgid "" +"Defines the available matching UID and GID range for which the backend is " +"authoritative." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:45 +msgid "" +"This example shows how to configure idmap_sss as the default mapping module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: idmap_sss.8.xml:50 +#, no-wrap +msgid "" +"[global]\n" +"security = ads\n" +"workgroup = <AD-DOMAIN-SHORTNAME>\n" +"\n" +"idmap config <AD-DOMAIN-SHORTNAME> : backend = sss\n" +"idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647\n" +"\n" +"idmap config * : backend = tdb\n" +"idmap config * : range = 100000-199999\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:62 +msgid "" +"Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of " +"the AD domain. If multiple AD domains should be used each domain needs an " +"<literal>idmap config</literal> line with <literal>backend = sss</literal> " +"and a line with a suitable <literal>range</literal>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:69 +msgid "" +"Since Winbind requires a writeable default backend and idmap_sss is read-" +"only the example includes <literal>backend = tdb</literal> as default." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssctl.8.xml:10 sssctl.8.xml:15 +msgid "sssctl" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssctl.8.xml:16 +msgid "SSSD control and status utility" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssctl.8.xml:21 +msgid "" +"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:32 +msgid "" +"<command>sssctl</command> provides a simple and unified way to obtain " +"information about SSSD status, such as active server, auto-discovered " +"servers, domains and cached objects. In addition, it can manage SSSD data " +"files for troubleshooting in such a way that is safe to manipulate while " +"SSSD is running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:43 +msgid "" +"To list all available commands run <command>sssctl</command> without any " +"parameters. To print help for selected command run <command>sssctl COMMAND --" +"help</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-files.5.xml:10 sssd-files.5.xml:16 +msgid "sssd-files" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-files.5.xml:17 +msgid "SSSD files provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:23 +msgid "" +"This manual page describes the files provider for <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:36 +msgid "" +"The files provider mirrors the content of the <citerefentry> " +"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files " +"provider is to make the users and groups traditionally only accessible with " +"NSS interfaces also available through the SSSD interfaces such as " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:55 +msgid "" +"Another reason is to provide efficient caching of local users and groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:58 +msgid "" +"Please note that besides explicit domain definition the files provider can " +"be configured also implicitly using 'enable_files_domain' option. See " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:66 +msgid "" +"SSSD never handles resolution of user/group \"root\". Also resolution of UID/" +"GID 0 is not handled by SSSD. Such requests are passed to next NSS module " +"(usually files)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:71 +msgid "" +"When SSSD is not running or responding, nss_sss returns the UNAVAIL code " +"which causes the request to be passed to the next module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:95 +msgid "passwd_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:98 +msgid "" +"Comma-separated list of one or multiple password filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:104 +msgid "Default: /etc/passwd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:110 +msgid "group_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:113 +msgid "" +"Comma-separated list of one or multiple group filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:119 +msgid "Default: /etc/group" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:125 +msgid "fallback_to_nss (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:128 +msgid "" +"While updating the internal data SSSD will return an error and let the " +"client continue with the next NSS module. This helps to avoid delays when " +"using the default system files <filename>/etc/passwd</filename> and " +"<filename>/etc/group</filename> and the NSS configuration has 'sss' before " +"'files' for the 'passwd' and 'group' maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:138 +msgid "" +"If the files provider is configured to monitor other files it makes sense to " +"set this option to 'False' to avoid inconsistent behavior because in general " +"there would be no other NSS module which can be used as a fallback." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:79 +msgid "" +"In addition to the options listed below, generic SSSD domain options can be " +"set where applicable. Refer to the section <quote>DOMAIN SECTIONS</quote> " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for details on the configuration of " +"an SSSD domain. But the purpose of the files provider is to expose the same " +"data as the UNIX files, just through the SSSD interfaces. Therefore not all " +"generic domain options are supported. Likewise, some global options, such as " +"overriding the shell in the <quote>nss</quote> section for all domains has " +"no effect on the files domain unless explicitly specified per-domain. " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:157 +msgid "" +"The following example assumes that SSSD is correctly configured and files is " +"one of the domains in the <replaceable>[sssd]</replaceable> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:163 +#, no-wrap +msgid "" +"[domain/files]\n" +"id_provider = files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:168 +msgid "" +"To leverage caching of local users and groups by SSSD nss_sss module must be " +"listed before nss_files module in /etc/nsswitch.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:174 +#, no-wrap +msgid "" +"passwd: sss files\n" +"group: sss files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16 +msgid "sssd-session-recording" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-session-recording.5.xml:17 +msgid "Configuring session recording with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to " +"implement user session recording on text terminals. For a detailed " +"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> " +"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:41 +msgid "" +"SSSD can be set up to enable recording of everything specific users see or " +"type during their sessions on text terminals. E.g. when users log in on the " +"console, or via SSH. SSSD itself doesn't record anything, but makes sure " +"tlog-rec-session is started upon user login, so it can record according to " +"its configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:48 +msgid "" +"For users with session recording enabled, SSSD replaces the user shell with " +"tlog-rec-session in NSS responses, and adds a variable specifying the " +"original shell to the user environment, upon PAM session setup. This way " +"tlog-rec-session can be started in place of the user shell, and know which " +"actual shell to start, once it set up the recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:60 +msgid "These options can be used to configure the session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:178 +msgid "" +"The following snippet of sssd.conf enables session recording for users " +"\"contractor1\" and \"contractor2\", and group \"students\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-session-recording.5.xml:183 +#, no-wrap +msgid "" +"[session_recording]\n" +"scope = some\n" +"users = contractor1, contractor2\n" +"groups = students\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16 +msgid "sssd-kcm" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-kcm.8.xml:17 +msgid "SSSD Kerberos Cache Manager" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:23 +msgid "" +"This manual page describes the configuration of the SSSD Kerberos Cache " +"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos " +"credential caches. It originates in the Heimdal Kerberos project, although " +"the MIT Kerberos library also provides client side (more details on that " +"below) support for the KCM credential cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:31 +msgid "" +"In a setup where Kerberos caches are managed by KCM, the Kerberos library " +"(typically used through an application, like e.g., <citerefentry> " +"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </" +"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is " +"being referred to as a <quote>\"KCM server\"</quote>. The client and server " +"communicate over a UNIX socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:42 +msgid "" +"The KCM server keeps track of each credential caches's owner and performs " +"access check control based on the UID and GID of the KCM client. The root " +"user has access to all credential caches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:47 +msgid "The KCM credential cache has several interesting properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:51 +msgid "" +"since the process runs in userspace, it is subject to UID namespacing, " +"unlike the kernel keyring" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:56 +msgid "" +"unlike the kernel keyring-based cache, which is shared between all " +"containers, the KCM server is a separate process whose entry point is a UNIX " +"socket" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:61 +msgid "" +"the SSSD implementation stores the ccaches in a database, typically located " +"at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to " +"survive KCM server restarts or machine reboots." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:67 +msgid "" +"This allows the system to use a collection-aware credential cache, yet share " +"the credential cache between some or no containers by bind-mounting the " +"socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:72 +msgid "" +"The KCM default client idle timeout is 5 minutes, this allows more time for " +"user interaction with command line tools such as kinit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:78 +msgid "USING THE KCM CREDENTIAL CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:88 +#, no-wrap +msgid "" +"[libdefaults]\n" +" default_ccache_name = KCM:\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:80 +msgid "" +"In order to use KCM credential cache, it must be selected as the default " +"credential type in <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials " +"cache name must be only <quote>KCM:</quote> without any template " +"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:93 +msgid "" +"Next, make sure the Kerberos client libraries and the KCM server must agree " +"on the UNIX socket path. By default, both use the same path <replaceable>/" +"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos " +"library, change its <quote>kcm_socket</quote> option which is described in " +"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:115 +#, no-wrap +msgid "" +"systemctl start sssd-kcm.socket\n" +"systemctl enable sssd-kcm.socket\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:104 +msgid "" +"Finally, make sure the SSSD KCM server can be contacted. The KCM service is " +"typically socket-activated by <citerefentry> <refentrytitle>systemd</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD " +"services, it cannot be started by adding the <quote>kcm</quote> string to " +"the <quote>service</quote> directive. <placeholder type=\"programlisting\" " +"id=\"0\"/> Please note your distribution may already configure the units for " +"you." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:124 +msgid "THE CREDENTIAL CACHE STORAGE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:126 +msgid "" +"The credential caches are stored in a database, much like SSSD caches user " +"or group entries. The database is typically located at <quote>/var/lib/sss/" +"secrets</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:133 +msgid "OBTAINING DEBUG LOGS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:144 +#, no-wrap +msgid "" +"[kcm]\n" +"debug_level = 10\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:149 sssd-kcm.8.xml:211 +#, no-wrap +msgid "" +"systemctl restart sssd-kcm.service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:135 +msgid "" +"The sssd-kcm service is typically socket-activated <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry>. To generate debug logs, add the following either to the " +"<filename>/etc/sssd/sssd.conf</filename> file directly or as a configuration " +"snippet to <filename>/etc/sssd/conf.d/</filename> directory: <placeholder " +"type=\"programlisting\" id=\"0\"/> Then, restart the sssd-kcm service: " +"<placeholder type=\"programlisting\" id=\"1\"/> Finally, run whatever use-" +"case doesn't work for you. The KCM logs will be generated at <filename>/var/" +"log/sssd/sssd_kcm.log</filename>. It is recommended to disable the debug " +"logs when you no longer need the debugging to be enabled as the sssd-kcm " +"service can generate quite a large amount of debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:159 +msgid "" +"Please note that configuration snippets are, at the moment, only processed " +"if the main configuration file at <filename>/etc/sssd/sssd.conf</filename> " +"exists at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:166 +msgid "RENEWALS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:174 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"krb5_renew_interval = 60m\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:168 +msgid "" +"The sssd-kcm service can be configured to attempt TGT renewal for renewable " +"TGTs stored in the KCM ccache. Renewals are only attempted when half of the " +"ticket lifetime has been reached. KCM Renewals are configured when the " +"following options are set in the [kcm] section: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:179 +msgid "" +"SSSD can also inherit krb5 options for renewals from an existing domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: sssd-kcm.8.xml:183 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"tgt_renewal_inherit = domain-name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:191 +#, no-wrap +msgid "" +"krb5_renew_interval\n" +"krb5_renewable_lifetime\n" +"krb5_lifetime\n" +"krb5_validate\n" +"krb5_canonicalize\n" +"krb5_auth_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:187 +msgid "" +"The following krb5 options can be configured in the [kcm] section to control " +"renewal behavior, these options are described in detail below <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:204 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> section of the sssd." +"conf file. Please note that because the KCM service is typically socket-" +"activated, it is enough to just restart the <quote>sssd-kcm</quote> service " +"after changing options in the <quote>kcm</quote> section of sssd.conf: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:215 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> For a detailed " +"syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:223 +msgid "" +"The generic SSSD service options such as <quote>debug_level</quote> or " +"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for a complete list. In addition, " +"there are some KCM-specific options as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:234 +msgid "socket_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:237 +msgid "The socket the KCM service will listen on." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:240 +msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:243 +msgid "" +"<phrase condition=\"have_systemd\"> Note: on platforms where systemd is " +"supported, the socket path is overwritten by the one defined in the sssd-kcm." +"socket unit file. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:252 +msgid "max_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:255 +msgid "How many credential caches does the KCM database allow for all users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:259 +msgid "Default: 0 (unlimited, only the per-UID quota is enforced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:264 +msgid "max_uid_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:267 +msgid "" +"How many credential caches does the KCM database allow per UID. This is " +"equivalent to <quote>with how many principals you can kinit</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:272 +msgid "Default: 64" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:277 +msgid "max_ccache_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:280 +msgid "" +"How big can a credential cache be per ccache. Each service ticket accounts " +"into this quota." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:284 +msgid "Default: 65536" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:289 +msgid "tgt_renewal (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:292 +msgid "Enables TGT renewals functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:295 +msgid "Default: False (Automatic renewals disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:300 +msgid "tgt_renewal_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:303 +msgid "Domain to inherit krb5_* options from, for use with TGT renewals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:307 +#, fuzzy +#| msgid "Default: 1" +msgid "Default: NULL" +msgstr "Noklusējuma: 1" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:318 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>," +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16 +msgid "sssd-systemtap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-systemtap.5.xml:17 +msgid "SSSD systemtap information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:23 +msgid "" +"This manual page provides information about the systemtap functionality in " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:32 +msgid "" +"SystemTap Probe points have been added into various locations in SSSD code " +"to assist in troubleshooting and analyzing performance related issues." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:40 +msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:46 +msgid "" +"Probes and miscellaneous functions are defined in /usr/share/systemtap/" +"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp " +"respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:57 +msgid "PROBE POINTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:367 +msgid "" +"The information below lists the probe points and arguments available in the " +"following format:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:64 +msgid "probe $name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:67 +msgid "Description of probe point" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:70 +#, no-wrap +msgid "" +"variable1:datatype\n" +"variable2:datatype\n" +"variable3:datatype\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:80 +msgid "Database Transaction Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:84 +msgid "probe sssd_transaction_start" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:87 +msgid "" +"Start of a sysdb transaction, probes the sysdb_transaction_start() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118 +#: sssd-systemtap.5.xml:131 +#, no-wrap +msgid "" +"nesting:integer\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:97 +msgid "probe sssd_transaction_cancel" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:100 +msgid "" +"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() " +"function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:111 +msgid "probe sssd_transaction_commit_before" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:114 +msgid "Probes the sysdb_transaction_commit_before() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:124 +msgid "probe sssd_transaction_commit_after" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:127 +msgid "Probes the sysdb_transaction_commit_after() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:141 +msgid "LDAP Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:145 +msgid "probe sdap_search_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:148 +msgid "Probes the sdap_get_generic_ext_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:152 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"attrs:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:161 +msgid "probe sdap_search_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:164 +msgid "Probes the sdap_get_generic_ext_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:168 sssd-systemtap.5.xml:222 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:176 +msgid "probe sdap_parse_entry" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:179 +msgid "" +"Probes the sdap_parse_entry() function. It is called repeatedly with every " +"received attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:184 +#, no-wrap +msgid "" +"attr:string\n" +"value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:190 +msgid "probe sdap_parse_entry_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:193 +msgid "" +"Probes the sdap_parse_entry() function. It is called when parsing of " +"received object is finished." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:201 +msgid "probe sdap_deref_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:204 +msgid "Probes the sdap_deref_search_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:208 +#, no-wrap +msgid "" +"base_dn:string\n" +"deref_attr:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:215 +msgid "probe sdap_deref_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:218 +msgid "Probes the sdap_deref_search_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:234 +msgid "LDAP Account Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:238 +msgid "probe sdap_acct_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:241 +msgid "Probes the sdap_acct_req_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:245 sssd-systemtap.5.xml:260 +#, no-wrap +msgid "" +"entry_type:int\n" +"filter_type:int\n" +"filter_value:string\n" +"extra_value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:253 +msgid "probe sdap_acct_req_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:256 +msgid "Probes the sdap_acct_req_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:272 +msgid "LDAP User Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:276 +msgid "probe sdap_search_user_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:279 +msgid "Probes the sdap_search_user_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:283 sssd-systemtap.5.xml:295 sssd-systemtap.5.xml:307 +#: sssd-systemtap.5.xml:319 +#, no-wrap +msgid "" +"filter:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:288 +msgid "probe sdap_search_user_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:291 +msgid "Probes the sdap_search_user_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:300 +msgid "probe sdap_search_user_save_begin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:303 +msgid "Probes the sdap_search_user_save_begin() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:312 +msgid "probe sdap_search_user_save_end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:315 +msgid "Probes the sdap_search_user_save_end() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:328 +msgid "Data Provider Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:332 +msgid "probe dp_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:335 +msgid "A Data Provider request is submitted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:338 +#, no-wrap +msgid "" +"dp_req_domain:string\n" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:346 +msgid "probe dp_req_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:349 +msgid "A Data Provider request is completed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:352 +#, no-wrap +msgid "" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +"dp_ret:int\n" +"dp_errorstr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:365 +msgid "MISCELLANEOUS FUNCTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:372 +msgid "function acct_req_desc(entry_type)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:375 +msgid "Convert entry_type to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:380 +msgid "" +"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, " +"filter_value, extra_value)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:384 +msgid "Create probe string based on filter type" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:389 +msgid "function dp_target_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:392 +msgid "Convert target to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:397 +msgid "function dp_method_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:400 +msgid "Convert method to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:410 +msgid "SAMPLE SYSTEMTAP SCRIPTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:412 +msgid "" +"Start the SystemTap script (<command>stap /usr/share/sssd/systemtap/<" +"script_name>.stp</command>), then perform an identity operation and the " +"script will collect information from probes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:418 +msgid "Provided SystemTap scripts are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:422 +msgid "dp_request.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:425 +msgid "Monitoring of data provider request performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:430 +msgid "id_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:433 +msgid "Monitoring of <command>id</command> command performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:439 +msgid "ldap_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:442 +msgid "Monitoring of LDAP queries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:447 +msgid "nested_group_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:450 +msgid "Performance of nested groups resolving." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +msgid "sssd-ldap-attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap-attributes.5.xml:17 +msgid "SSSD LDAP Provider: Mapping Attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap-attributes.5.xml:23 +msgid "" +"This manual page describes the mapping attributes of SSSD LDAP provider " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. Refer to the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " +"for full details about SSSD LDAP provider configuration options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:38 +msgid "USER ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:42 +msgid "ldap_user_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:45 +msgid "The object class of a user entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:48 +msgid "Default: posixAccount" +msgstr "Noklusējuma: posixAccount" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:54 +msgid "ldap_user_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:57 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:61 +msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:68 +msgid "ldap_user_uid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:71 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:75 +msgid "Default: uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:81 +msgid "ldap_user_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:84 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:88 sssd-ldap-attributes.5.xml:698 +msgid "Default: gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:94 +msgid "ldap_user_primary_group (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:97 +msgid "" +"Active Directory primary group attribute for ID-mapping. Note that this " +"attribute should only be set manually if you are running the <quote>ldap</" +"quote> provider with ID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:103 +msgid "Default: unset (LDAP), primaryGroupID (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:109 +msgid "ldap_user_gecos (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:112 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:116 +msgid "Default: gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:122 +msgid "ldap_user_home_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:125 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:129 +msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:135 +msgid "ldap_user_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:138 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:142 +msgid "Default: loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:148 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:151 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:155 sssd-ldap-attributes.5.xml:724 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:162 +msgid "ldap_user_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:165 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:170 sssd-ldap-attributes.5.xml:739 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:177 +msgid "ldap_user_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:180 sssd-ldap-attributes.5.xml:749 +#: sssd-ldap-attributes.5.xml:872 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:184 sssd-ldap-attributes.5.xml:753 +#: sssd-ldap-attributes.5.xml:879 +msgid "Default: modifyTimestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:190 +msgid "ldap_user_shadow_last_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:193 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:203 +msgid "Default: shadowLastChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:209 +msgid "ldap_user_shadow_min (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:212 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:221 +msgid "Default: shadowMin" +msgstr "Noklusējuma: shadowMin" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:227 +msgid "ldap_user_shadow_max (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:230 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:239 +msgid "Default: shadowMax" +msgstr "Noklusējuma: shadowMax" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:245 +msgid "ldap_user_shadow_warning (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:248 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:258 +msgid "Default: shadowWarning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:264 +msgid "ldap_user_shadow_inactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:267 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:277 +msgid "Default: shadowInactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:283 +msgid "ldap_user_shadow_expire (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:286 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:296 +msgid "Default: shadowExpire" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:302 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:305 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:311 +msgid "Default: krbLastPwdChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:317 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:320 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:326 +msgid "Default: krbPasswordExpiration" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:332 +msgid "ldap_user_ad_account_expires (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:335 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:340 +msgid "Default: accountExpires" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:346 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:349 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:354 +msgid "Default: userAccountControl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:360 +msgid "ldap_ns_account_lock (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:363 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:368 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:374 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:377 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:381 sssd-ldap-attributes.5.xml:395 +msgid "Default: loginDisabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:387 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:390 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:401 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:404 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:409 +msgid "Default: loginAllowedTimeMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:415 +msgid "ldap_user_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:418 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:422 +msgid "Default: krbPrincipalName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:428 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:431 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:436 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:446 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:456 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:459 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:463 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:466 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:476 +msgid "ldap_user_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:479 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:483 sssd-ldap-attributes.5.xml:963 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:489 +msgid "ldap_user_fullname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:492 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:502 +msgid "ldap_user_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:505 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:509 sssd-ldap-attributes.5.xml:950 +msgid "Default: memberOf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:515 +msgid "ldap_user_authorized_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:518 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:525 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:530 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:537 +msgid "" +"Some distributions (such as Fedora-29+ or RHEL-8) always include the " +"<quote>systemd-user</quote> PAM service as part of the login process. " +"Therefore when using service-based access control, the <quote>systemd-user</" +"quote> service might need to be added to the list of allowed services." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:545 +msgid "Default: authorizedService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:551 +msgid "ldap_user_authorized_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:554 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:560 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:565 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:572 +msgid "Default: host" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:578 +msgid "ldap_user_authorized_rhost (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:581 +msgid "" +"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the " +"presence of the rhost attribute in the user's LDAP entry to determine access " +"privilege. Similarly to host verification process." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:588 +msgid "" +"An explicit deny (!rhost) is resolved first. Second, SSSD searches for " +"explicit allow (rhost) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:593 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>rhost</quote> in order for the " +"ldap_user_authorized_rhost option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:600 +msgid "Default: rhost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:606 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:609 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:613 +msgid "Default: userCertificate;binary" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:619 +msgid "ldap_user_email (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:622 +msgid "Name of the LDAP attribute containing the email address of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:626 +msgid "" +"Note: If an email address of a user conflicts with an email address or fully " +"qualified name of another user, then SSSD will not be able to serve those " +"users properly. If for some reason several users need to share the same " +"email address then set this option to a nonexistent attribute name in order " +"to disable user lookup/login by email." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:635 +msgid "Default: mail" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:640 +msgid "ldap_user_passkey (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:643 +msgid "" +"Name of the LDAP attribute containing the passkey mapping data of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:647 +msgid "Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:657 +msgid "GROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:661 +msgid "ldap_group_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:664 +msgid "The object class of a group entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:667 +msgid "Default: posixGroup" +msgstr "Noklusējuma: posixGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:673 +msgid "ldap_group_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:676 +msgid "" +"The LDAP attribute that corresponds to the group name. In an environment " +"with nested groups, this value must be an LDAP attribute which has a unique " +"name for every group. This requirement includes non-POSIX groups in the tree " +"of nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:684 +msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:691 +msgid "ldap_group_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:694 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:704 +msgid "ldap_group_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:707 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:711 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:717 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:720 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:731 +msgid "ldap_group_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:734 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:746 +msgid "ldap_group_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:759 +msgid "ldap_group_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:762 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:767 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:773 +msgid "Default: groupType in the AD provider, otherwise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:780 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:783 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:789 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:799 +msgid "NETGROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:803 +msgid "ldap_netgroup_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:806 +msgid "The object class of a netgroup entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:809 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:813 +msgid "Default: nisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:819 +msgid "ldap_netgroup_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:822 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:826 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:836 +msgid "ldap_netgroup_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:839 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:843 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:847 +msgid "Default: memberNisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:853 +msgid "ldap_netgroup_triple (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:856 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:860 sssd-ldap-attributes.5.xml:876 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:863 +msgid "Default: nisNetgroupTriple" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:869 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:888 +msgid "HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:892 +msgid "ldap_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:895 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:898 sssd-ldap-attributes.5.xml:995 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:904 +msgid "ldap_host_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:907 sssd-ldap-attributes.5.xml:933 +msgid "The LDAP attribute that corresponds to the host's name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:917 +msgid "ldap_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:920 +msgid "" +"The LDAP attribute that corresponds to the host's fully-qualified domain " +"name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:924 +msgid "Default: fqdn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:930 +msgid "ldap_host_serverhostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:937 +msgid "Default: serverHostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:943 +msgid "ldap_host_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:946 +msgid "The LDAP attribute that lists the host's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:956 +msgid "ldap_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:959 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:969 +msgid "ldap_host_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:972 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:985 +msgid "SERVICE ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:989 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:992 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1001 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1004 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1014 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1017 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1021 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1027 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1030 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1034 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1043 +msgid "SUDO ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1047 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1050 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1053 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1059 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1062 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1072 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1075 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1079 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1085 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1088 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1093 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1099 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1102 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1106 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1112 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1115 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1119 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1125 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1128 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1132 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1138 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1141 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1145 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1151 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1154 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1158 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1164 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1167 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1172 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1178 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1181 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1185 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1194 +msgid "AUTOFS ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1201 +msgid "IP HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1205 +msgid "ldap_iphost_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1208 +msgid "The object class of an iphost entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1211 +msgid "Default: ipHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1217 +msgid "ldap_iphost_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1220 +msgid "" +"The LDAP attribute that contains the name of the IP host attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1230 +msgid "ldap_iphost_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1233 +msgid "The LDAP attribute that contains the IP host address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1237 +msgid "Default: ipHostNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1246 +msgid "IP NETWORK ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1250 +msgid "ldap_ipnetwork_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1253 +msgid "The object class of an ipnetwork entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1256 +msgid "Default: ipNetwork" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1262 +msgid "ldap_ipnetwork_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1265 +msgid "" +"The LDAP attribute that contains the name of the IP network attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1275 +msgid "ldap_ipnetwork_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1278 +msgid "The LDAP attribute that contains the IP network address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1282 +msgid "Default: ipNetworkNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_localauth_plugin.8.xml:10 sssd_krb5_localauth_plugin.8.xml:15 +msgid "sssd_krb5_localauth_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_localauth_plugin.8.xml:16 +msgid "Kerberos local authorization plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:22 +msgid "" +"The Kerberos local authorization plugin <command>sssd_krb5_localauth_plugin</" +"command> is used by libkrb5 to either find the local name for a given " +"Kerberos principal or to check if a given local name and a given Kerberos " +"principal relate to each other." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:29 +msgid "" +"SSSD handles the local names for users from a remote source and can read the " +"Kerberos user principal name from the remote source as well. With this " +"information SSSD can easily handle the mappings mentioned above even if the " +"local name and the Kerberos principal differ considerably." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:36 +msgid "" +"Additionally with the information read from the remote source SSSD can help " +"to prevent unexpected or unwanted mappings in case the user part of the " +"Kerberos principal accidentally corresponds to a local name of a different " +"user. By default libkrb5 might just strip the realm part of the Kerberos " +"principal to get the local name which would lead to wrong mappings in this " +"case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd_krb5_localauth_plugin.8.xml:46 +#, fuzzy +#| msgid "CONFIGURATION OPTIONS" +msgid "CONFIGURATION" +msgstr "KONFIGURĒŠANAS IESPĒJAS" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd_krb5_localauth_plugin.8.xml:56 +#, no-wrap +msgid "" +"[plugins]\n" +" localauth = {\n" +" module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so\n" +" }\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:48 +msgid "" +"The Kerberos local authorization plugin must be enabled explicitly in the " +"Kerberos configuration, see <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. SSSD will create a " +"config snippet with the content like e.g. <placeholder " +"type=\"programlisting\" id=\"0\"/> automatically in the SSSD's public " +"Kerberos configuration snippet directory. If this directory is included in " +"the local Kerberos configuration the plugin will be enabled automatically." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:3 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:6 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:9 +msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:16 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:19 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:22 +msgid "" +"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:29 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:32 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:37 +msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:44 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:47 include/autofs_attributes.xml:61 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:51 +msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:58 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:65 +msgid "" +"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise " +"automountInformation" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" + +#. type: Content of: <refentryinfo> +#: include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - https://github." +"com/SSSD/sssd/</orgname>" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:53 +msgid "Failover time outs and tuning" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:55 +msgid "" +"Resolving a server to connect to can be as simple as running a single DNS " +"query or can involve several steps, such as finding the correct site or " +"trying out multiple host names in case some of the configured servers are " +"not reachable. The more complex scenarios can take some time and SSSD needs " +"to balance between providing enough time to finish the resolution process " +"but on the other hand, not trying for too long before falling back to " +"offline mode. If the SSSD debug logs show that the server resolution is " +"timing out before a live server is contacted, you can consider changing the " +"time outs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:76 +msgid "dns_resolver_server_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:80 +msgid "" +"Time in milliseconds that sets how long would SSSD talk to a single DNS " +"server before trying next one." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:90 +msgid "dns_resolver_op_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:94 +msgid "" +"Time in seconds to tell how long would SSSD try to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or discovery domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:106 +msgid "dns_resolver_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:110 +msgid "" +"How long would SSSD try to resolve a failover service. This service " +"resolution internally might include several steps, such as resolving DNS SRV " +"queries or locating the site." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:67 +msgid "" +"This section lists the available tunables. Please refer to their description " +"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:123 +msgid "" +"For LDAP-based providers, the resolve operation is performed as part of an " +"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout</" +"quote> timeout should be set to a larger value than " +"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger " +"value than <quote>dns_resolver_op_timeout</quote> which should be larger " +"than <quote>dns_resolver_server_timeout</quote>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 200,000 and going up to " +"2,000,200,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower (inclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:129 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:139 include/ldap_id_mapping.xml:197 +msgid "Default: 200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:144 +msgid "ldap_idmap_range_max (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:147 +msgid "" +"Specifies the upper (exclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"cannot be used for the mapping anymore, i.e. one larger than the last one " +"which can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:155 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:165 +msgid "Default: 2000200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:170 +msgid "ldap_idmap_range_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:185 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:192 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:202 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:205 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:216 +msgid "ldap_idmap_default_domain (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:219 +msgid "Specify the name of the default domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:227 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:230 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:235 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monotonically with each additional domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:240 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:255 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:258 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:262 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:279 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:287 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:290 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:291 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:292 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:293 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:294 +msgid "Mandatory Label Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:295 +msgid "Authentication Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:296 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:297 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:299 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:303 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote>LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, " +"<quote>MANDATORY LABEL AUTHORITY</quote>, <quote>AUTHENTICATION AUTHORITY</" +"quote>, <quote>NT AUTHORITY</quote> and <quote>BUILTIN</quote> should not be " +"used as domain names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10 +msgid "Currently supported debug levels:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill SSSD, but one that indicates that at least one major " +"feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x20000</emphasis>: Performance and " +"statistical data, please note that due to the way requests are processed " +"internally the logged execution time of a request might be longer than it " +"actually was." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:88 include/debug_levels_tools.xml:62 +msgid "" +"<emphasis>10</emphasis>, <emphasis>0x10000</emphasis>: Even more low-level " +"libldb tracing information. Almost never really required." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:93 include/debug_levels_tools.xml:67 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:97 include/debug_levels_tools.xml:71 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:101 include/debug_levels_tools.xml:75 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:106 include/debug_levels_tools.xml:80 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:110 include/debug_levels_tools.xml:84 +msgid "" +"<emphasis>Default</emphasis>: 0x0070 (i.e. fatal, critical and serious " +"failures; corresponds to setting 2 in decimal notation)" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ldap-attributes</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ad</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +"condition=\"with_files_provider\"> <citerefentry> <refentrytitle>sssd-files</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, </phrase> <phrase " +"condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +"<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> " +"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> </phrase>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:27 +msgid "%l" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "The first letter of the login name." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:32 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:35 +msgid "%o" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:37 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:44 +msgid "" +"The original home directory retrieved from the identity provider, but in " +"lower case." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:49 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:51 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:63 +msgid "This option can also be set per-domain." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:68 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:72 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:76 +msgid "" +"Please note, the home directory from a specific override for the user, " +"either locally (see <citerefentry><refentrytitle>sss_override</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry>) or centrally managed " +"IPA id-overrides, has a higher precedence and will be used instead of the " +"value given by override_homedir." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2 +msgid "MODIFIED DEFAULT OPTIONS" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ad_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and AD provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9 +msgid "KRB5 Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13 +msgid "krb5_validate = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:18 +msgid "krb5_use_enterprise_principal = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:24 +msgid "LDAP Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:28 +msgid "ldap_schema = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38 +msgid "ldap_force_upper_case_realm = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:38 +msgid "ldap_id_mapping = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSS-SPNEGO" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:48 +msgid "ldap_referrals = false" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58 +msgid "ldap_use_tokengroups = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:63 +msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:66 +msgid "" +"The AD provider looks for a different principal than the LDAP provider by " +"default, because in an Active Directory environment the principals are " +"divided into two groups - User Principals and Service Principals. Only User " +"Principal can be used to obtain a TGT and by default, computer object's " +"principal is constructed from its sAMAccountName and the AD realm. The well-" +"known host/hostname@REALM principal is a Service Principal and thus cannot " +"be used to get a TGT with." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:80 +msgid "NSS configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:84 +msgid "fallback_homedir = /home/%d/%u" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:87 +msgid "" +"The AD provider automatically sets \"fallback_homedir = /home/%d/%u\" to " +"provide personal home directories for users without the homeDirectory " +"attribute. If your AD Domain is properly populated with Posix attributes, " +"and you want to avoid this fallback behavior, you can explicitly set " +"\"fallback_homedir = %o\"." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:96 +msgid "" +"Note that the system typically expects a home directory in /home/%u folder. " +"If you decide to use a different directory structure, some other parts of " +"your system may need adjustments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:102 +msgid "" +"For example automated creation of home directories in combination with " +"selinux requires selinux adjustment, otherwise the home directory will be " +"created with wrong selinux context." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ipa_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and IPA provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:18 +msgid "krb5_use_fast = try" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:23 +msgid "krb5_canonicalize = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:29 +msgid "LDAP Provider - General" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:33 +msgid "ldap_schema = ipa_v1" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSSAPI" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:48 +msgid "ldap_sasl_minssf = 56" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ipa" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:64 +msgid "LDAP Provider - User options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:68 +msgid "ldap_user_member_of = memberOf" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:73 +msgid "ldap_user_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:78 +msgid "ldap_user_ssh_public_key = ipaSshPubKey" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:83 +msgid "ldap_user_auth_type = ipaUserAuthType" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:89 +msgid "LDAP Provider - Group options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:93 +msgid "ldap_group_object_class = ipaUserGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:98 +msgid "ldap_group_object_class_alt = posixGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:103 +msgid "ldap_group_member = member" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:108 +msgid "ldap_group_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:113 +msgid "ldap_group_objectsid = ipaNTSecurityIdentifier" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:118 +msgid "ldap_group_external_member = ipaExternalMember" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:3 +msgid "krb5_auth_timeout (integer)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:6 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:17 +msgid "krb5_validate (boolean)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:20 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:29 +msgid "Default: false (IPA and AD provider: true)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:32 +msgid "" +"Please note that the ticket validation is the first step when checking the " +"PAC (see 'pac_check' in the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page for " +"details). If ticket validation is disabled the PAC checks will be skipped as " +"well." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:44 +msgid "krb5_renewable_lifetime (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:47 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:52 include/krb5_options.xml:86 +#: include/krb5_options.xml:123 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:55 include/krb5_options.xml:89 +#: include/krb5_options.xml:126 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:58 include/krb5_options.xml:92 +#: include/krb5_options.xml:129 +msgid "<emphasis>h</emphasis> for hours" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:61 include/krb5_options.xml:95 +#: include/krb5_options.xml:132 +msgid "<emphasis>d</emphasis> for days." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:64 include/krb5_options.xml:135 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:68 include/krb5_options.xml:139 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:73 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:79 +msgid "krb5_lifetime (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:82 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:98 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:102 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:107 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:114 +msgid "krb5_renew_interval (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:117 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:144 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:157 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" + +#~ msgid "Default: <filename>/bin/bash</filename>" +#~ msgstr "Noklusējuma: <filename>/bin/bash</filename>" + +#~ msgid "Default: 077" +#~ msgstr "Noklusējuma: 077" + +#~ msgid "Default: <filename>/etc/skel</filename>" +#~ msgstr "Noklusējuma: <filename>/etc/skel</filename>" + +#~ msgid "Default: <filename>/var/mail</filename>" +#~ msgstr "Noklusējuma: <filename>/var/mail</filename>" + +#~ msgid "create a new user" +#~ msgstr "create a new user" + +#~ msgid "create a new group" +#~ msgstr "izveidot jaunu grupu" + +#~ msgid "sss_userdel" +#~ msgstr "sss_userdel" + +#~ msgid "delete a user account" +#~ msgstr "dzēst lietotāja kontu" + +#~ msgid "delete a group" +#~ msgstr "dzēst grupu" + +#~ msgid "sss_groupshow" +#~ msgstr "sss_groupshow" + +#~ msgid "sss_usermod" +#~ msgstr "sss_usermod" + +#~ msgid "Default: /etc/krb5.keytab" +#~ msgstr "Noklusējuma: /etc/krb5.keytab" diff --git a/src/man/po/nl.po b/src/man/po/nl.po new file mode 100644 index 0000000..d0333c0 --- /dev/null +++ b/src/man/po/nl.po @@ -0,0 +1,18394 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# Wijnand Modderman-Lenstra <accounts-transifex@maze.io>, 2011 +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 2.3.0\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" +"PO-Revision-Date: 2014-12-15 12:02-0500\n" +"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" +"Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/" +"nl/)\n" +"Language: nl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Zanata 4.6.2\n" + +#. type: Content of: <reference><title> +#: sssd.conf.5.xml:8 sssd-ldap.5.xml:5 pam_sss.8.xml:5 pam_sss_gss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5 +#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 +#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sssd-krb5.5.xml:5 +#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5 +#: sssd-files.5.xml:5 sssd-session-recording.5.xml:5 sssd-kcm.8.xml:5 +#: sssd-systemtap.5.xml:5 sssd-ldap-attributes.5.xml:5 +#: sssd_krb5_localauth_plugin.8.xml:5 +msgid "SSSD Manual pages" +msgstr "SSSD handleiding" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:13 sssd.conf.5.xml:19 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:14 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 +#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +#: sssd-files.5.xml:11 sssd-session-recording.5.xml:11 sssd-systemtap.5.xml:11 +#: sssd-ldap-attributes.5.xml:11 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:15 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 +#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +#: sssd-files.5.xml:12 sssd-session-recording.5.xml:12 sssd-kcm.8.xml:12 +#: sssd-systemtap.5.xml:12 sssd-ldap-attributes.5.xml:12 +msgid "File Formats and Conventions" +msgstr "Bestandsformaten en conventies" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:20 +msgid "the configuration file for SSSD" +msgstr "het configuratiebestand voor SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:24 +msgid "FILE FORMAT" +msgstr "BESTANDSFORMAAT" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:32 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:27 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Het bestand heeft een ini-stijl syntaxis en bestaat uit secties en " +"parameters. Een sectie begint met de naam van de sectie in rechte haken en " +"gaat verder totdat de volgende sectie begint. Een voorbeeld van een sectie " +"met een enkele en een meervoudige parameter: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:39 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" +"De datatypes gebruikt zijn tekst (geen quotes vereisd), numeriek en " +"booleaans (met de waardes <quote>TRUE/FALSE</quote>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:44 +msgid "" +"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:50 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" +"Alle secties kunnen een optionele <replaceable>description</replaceable> " +"parameter bevatten. Dit fungeert slechts als label voor de sectie." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:56 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" +"<filename>sssd.conf</filename> moet een standaardbestand zijn, de eigenaar " +"moet root zijn en alleen root mag hem lezen en schrijven." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:62 +msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:65 +msgid "" +"The configuration file <filename>sssd.conf</filename> will include " +"configuration snippets using the include directory <filename>conf.d</" +"filename>. This feature is available if SSSD was compiled with libini " +"version 1.3.0 or later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:72 +msgid "" +"Any file placed in <filename>conf.d</filename> that ends in " +"<quote><filename>.conf</filename></quote> and does not begin with a dot " +"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> " +"to configure SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:80 +msgid "" +"The configuration snippets from <filename>conf.d</filename> have higher " +"priority than <filename>sssd.conf</filename> and will override " +"<filename>sssd.conf</filename> when conflicts occur. If several snippets are " +"present in <filename>conf.d</filename>, then they are included in " +"alphabetical order (based on locale). Files included later have higher " +"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, " +"<filename>02_snippet.conf</filename> etc.) can help visualize the priority " +"(higher number means higher priority)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:94 +msgid "" +"The snippet files require the same owner and permissions as <filename>sssd." +"conf</filename>. Which are by default root:root and 0600." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:101 +msgid "GENERAL OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:103 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:107 +msgid "Options usable in all sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:111 +msgid "debug_level (integer)" +msgstr "debug_level (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:115 +msgid "debug (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:118 +msgid "" +"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias " +"for <replaceable>debug_level</replaceable> as a convenience feature. If both " +"are specified, the value of <replaceable>debug_level</replaceable> will be " +"used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:128 +msgid "debug_timestamps (bool)" +msgstr "debug_timestamps (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:131 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 +msgid "Default: true" +msgstr "Standaard: true" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:141 +msgid "debug_microseconds (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:144 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 +#: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 +#: include/krb5_options.xml:163 +msgid "Default: false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:154 +#, fuzzy +#| msgid "debug_timestamps (bool)" +msgid "debug_backtrace_enabled (bool)" +msgstr "debug_timestamps (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:157 +msgid "Enable debug backtrace." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:160 +msgid "" +"In case SSSD is run with debug_level less than 9, everything is logged to a " +"ring buffer in memory and flushed to a log file on any error up to and " +"including `min(0x0040, debug_level)` (i.e. if debug_level is explicitly set " +"to 0 or 1 then only those error levels will trigger backtrace, otherwise up " +"to 2)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:169 +msgid "" +"Feature is only supported for `logger == files` (i.e. setting doesn't have " +"effect for other logger types)." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 +#: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 +#: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 +#: sssd-ldap-attributes.5.xml:890 sssd-ldap-attributes.5.xml:987 +#: sssd-ldap-attributes.5.xml:1045 sssd-ldap-attributes.5.xml:1203 +#: sssd-ldap-attributes.5.xml:1248 include/autofs_attributes.xml:1 +#: include/krb5_options.xml:1 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:182 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:186 +msgid "timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:189 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests. Note " +"that after three missed heartbeats the process will terminate itself." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +msgid "Default: 10" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:206 +msgid "SPECIAL SECTIONS" +msgstr "SPECIALE SECTIES" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:209 +msgid "The [sssd] section" +msgstr "De [sssd] sectie" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><title> +#: sssd.conf.5.xml:218 +msgid "Section parameters" +msgstr "Sectie parameters" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:220 +msgid "config_file_version (integer)" +msgstr "config_file_version (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:223 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" +"Geeft aan welke syntaxis de configuratie gebruikt. SSSD 0.6.0 en hoger " +"gebruiken versie 2." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:229 +msgid "services" +msgstr "diensten" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:232 +msgid "" +"Comma separated list of services that are started when sssd itself starts. " +"<phrase condition=\"have_systemd\"> The services' list is optional on " +"platforms where systemd is supported, as they will either be socket or D-Bus " +"activated when needed. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:241 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:249 +msgid "" +"<phrase condition=\"have_systemd\"> By default, all services are disabled " +"and the administrator must enable the ones allowed to be used by executing: " +"\"systemctl enable sssd-@service@.socket\". </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 +msgid "reconnection_retries (integer)" +msgstr "reconnection_retries (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" +"Aantal keer dat de service moet proberen om opnieuw te verbinden indien een " +"Data Aanbieder crashed of opnieuw start voordat dit opgegeven wordt" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 +#: include/failover.xml:100 +msgid "Default: 3" +msgstr "Standaard: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:271 +msgid "domains" +msgstr "domeinen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:274 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter describes the list of domains in the order you want " +"them to be queried. A domain name is recommended to contain only " +"alphanumeric ASCII characters, dashes, dots and underscores. '/' character " +"is forbidden." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 +msgid "re_expression (string)" +msgstr "re_expression (tekst)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:290 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:295 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN SECTIONS " +"for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 +msgid "full_name_format (string)" +msgstr "full_name_format (tekst)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 +msgid "%1$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 +msgid "user name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 +msgid "%2$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 +msgid "domain name as specified in the SSSD config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 +msgid "%3$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:344 +msgid "" +"Each domain can have an individual format string configured. See DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:350 +msgid "monitor_resolv_conf (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:353 +msgid "" +"Controls if SSSD should monitor the state of resolv.conf to identify when it " +"needs to update its internal DNS resolver." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:363 +msgid "try_inotify (boolean)" +msgstr "try_inotify (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:366 +msgid "" +"By default, SSSD will attempt to use inotify to monitor configuration files " +"changes and will fall back to polling every five seconds if inotify cannot " +"be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" +"Er zijn een aantal situaties waarin het de voorkeur heeft dat we het gebruik " +"van inotify uitschakelen. In deze zeldzame gevallen kan de optie op 'false' " +"gezet worden" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:378 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" +"Standaard: true op systemen waar inotify is ondersteund. False op andere " +"systemen." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:382 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" +"Merk op: deze optie heeft geen effect op systemen waar inotify niet " +"beschikbaar is. Op deze systemen wordt altijd periodiek gekeken naar resolv." +"conf." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:389 +msgid "krb5_rcache_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" +"Map in het bestandssysteem waarin SSSD Kerberos replay cache bestanden moet " +"opslaan." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:396 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:402 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:409 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:412 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user. Currently the only supported value is '&sssd_user_name;'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:419 +msgid "" +"This option does not work when running socket-activated services, as the " +"user set up to run the processes is set up during compilation time. The way " +"to override the systemd unit files is by creating the appropriate files in /" +"etc/systemd/system/. Keep in mind that any change in the socket user, group " +"or permissions may result in a non-usable SSSD. The same may occur in case " +"of changes of the user running the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:433 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:438 +msgid "default_domain_suffix (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:441 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:451 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False. <phrase condition=\"with_files_provider\"> One exception from " +"this rule are domains with <quote>id_provider=files</quote> that always try " +"to match the behaviour of nss_files and therefore their output is not " +"qualified even when the default_domain_suffix option is used. </phrase>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 +#: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 +#: include/krb5_options.xml:148 +msgid "Default: not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:473 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:476 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:485 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:498 +msgid "certificate_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:506 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:508 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:516 +msgid "soft_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:518 +msgid "" +"If a connection cannot be established to an OCSP responder the OCSP check is " +"skipped. This option should be used to allow authentication when the system " +"is offline and the OCSP responder cannot be reached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:528 +msgid "ocsp_dgst" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "" +"Digest (hash) function used to create the certificate ID for the OCSP " +"request. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:534 +msgid "sha1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:535 +msgid "sha256" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:536 +msgid "sha384" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:537 +msgid "sha512" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:540 +msgid "Default: sha1 (to allow compatibility with RFC5019-compliant responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:546 +msgid "no_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:548 +msgid "" +"Disables verification completely. This option should only be used for " +"testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "partial_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:556 +msgid "" +"Allow verification to succeed even if a <replaceable>complete</replaceable> " +"chain cannot be built to a self-signed trust-anchor, provided it is possible " +"to construct a chain to a trusted certificate that might not be self-signed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:565 +msgid "ocsp_default_responder=URL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:567 +msgid "" +"Sets the OCSP default responder which should be used instead of the one " +"mentioned in the certificate. URL must be replaced with the URL of the OCSP " +"default responder e.g. http://example.com:80/ocsp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:577 +msgid "ocsp_default_responder_signing_cert=NAME" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:579 +msgid "" +"This option is currently ignored. All needed certificates must be available " +"in the PEM file given by pam_cert_db_path." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:587 +msgid "crl_file=/PATH/TO/CRL/FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:589 +msgid "" +"Use the Certificate Revocation List (CRL) from the given file during the " +"verification of the certificate. The CRL must be given in PEM format, see " +"<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</" +"manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:602 +msgid "soft_crl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:605 +msgid "" +"If a Certificate Revocation List (CRL) is expired ignore the CRL checks for " +"the related certificates. This option should be used to allow authentication " +"when the system is offline and the CRL cannot be renewed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:616 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:619 +msgid "Default: not set, i.e. do not restrict certificate verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:625 +msgid "disable_netlink (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "" +"SSSD hooks into the netlink interface to monitor changes to routes, " +"addresses, links and trigger certain actions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:633 +msgid "" +"The SSSD state changes caused by netlink events may be undesirable and can " +"be disabled by setting this option to 'true'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:638 +msgid "Default: false (netlink changes are detected)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:643 +msgid "enable_files_domain (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:646 +msgid "" +"When this option is enabled, SSSD prepends an implicit domain with " +"<quote>id_provider=files</quote> before any explicitly configured domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:657 +msgid "domain_resolution_order" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:660 +msgid "" +"Comma separated list of domains and subdomains representing the lookup order " +"that will be followed. The list doesn't have to include all possible " +"domains as the missing domains will be looked up based on the order they're " +"presented in the <quote>domains</quote> configuration option. The " +"subdomains which are not listed as part of <quote>lookup_order</quote> will " +"be looked up in a random order for each parent domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:672 +msgid "" +"Please, note that when this option is set the output format of all commands " +"is always fully-qualified even when using short names for input <phrase " +"condition=\"with_files_provider\"> , for all users but the ones managed by " +"the files provider </phrase>. In case the administrator wants the output " +"not fully-qualified, the full_name_format option can be used as shown below: " +"<quote>full_name_format=%1$s</quote> However, keep in mind that during " +"login, login applications often canonicalize the username by calling " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> which, if a shortname is returned for a qualified " +"input (while trying to reach a user which exists in multiple domains) might " +"re-route the login attempt into the domain which uses shortnames, making " +"this workaround totally not recommended in cases where usernames may overlap " +"between domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 +#: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 +msgid "Default: Not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:705 +msgid "implicit_pac_responder (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:708 +msgid "" +"The PAC responder is enabled automatically for the IPA and AD provider to " +"evaluate and check the PAC. If it has to be disabled set this option to " +"'false'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:719 +msgid "core_dumpable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:722 +msgid "" +"This option can be used for general system hardening: setting it to 'false' " +"forbids core dumps for all SSSD processes to avoid leaking plain text " +"passwords. See man page prctl:PR_SET_DUMPABLE for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:734 +#, fuzzy +#| msgid "re_expression (string)" +msgid "passkey_verification (string)" +msgstr "re_expression (tekst)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +#, fuzzy +#| msgid "re_expression (string)" +msgid "user_verification (boolean)" +msgstr "re_expression (tekst)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:744 +msgid "" +"Enable or disable the user verification (i.e. PIN, fingerprint) during " +"authentication. If enabled, the PIN will always be requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:750 +msgid "" +"The default is that the key settings decide what to do. In the IPA or " +"kerberos pre-authentication case, this value will be overwritten by the " +"server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "" +"With this parameter the passkey verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:211 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:769 +msgid "SERVICES SECTIONS" +msgstr "SERVICES SECTIE" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:771 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:778 +msgid "General service configuration options" +msgstr "Algemene service configuratie-opties" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:780 +msgid "These options can be used to configure any service." +msgstr "Deze opties kunnen gebruikt worden om services te configureren." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:797 +msgid "fd_limit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:800 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:814 +msgid "client_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:817 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system. The timeout " +"can't be shorter than 10 seconds. If a lower value is configured, it will be " +"adjusted to 10 seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: 60, KCM: 300" +msgstr "Standaard: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:831 +msgid "offline_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:834 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. By " +"default SSSD uses incremental behaviour to calculate delay in between " +"retries. So, the wait time for a given retry will be longer than the wait " +"time for the previous ones. After each unsuccessful attempt to go online, " +"the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 +msgid "" +"new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." +"offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:848 +msgid "" +"The offline_timeout default value is 60. The offline_timeout_max default " +"value is 3600. The offline_timeout_random_offset default value is 30. The " +"end result is amount of seconds before next retry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:854 +msgid "" +"Note that the maximum length of each interval is defined by " +"offline_timeout_max (apart of random part)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 +msgid "Default: 60" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:863 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "offline_timeout_max (integer)" +msgstr "enum_cache_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:866 +msgid "" +"Controls by how much the time between attempts to go online can be " +"incremented following unsuccessful attempts to go online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:871 +msgid "A value of 0 disables the incrementing behaviour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:874 +msgid "" +"The value of this parameter should be set in correlation to offline_timeout " +"parameter value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "" +"With offline_timeout set to 60 (default value) there is no point in setting " +"offlinet_timeout_max to less than 120 as it will saturate instantly. General " +"rule here should be to set offline_timeout_max to at least 4 times " +"offline_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "" +"Although a value between 0 and offline_timeout may be specified, it has the " +"effect of overriding the offline_timeout value so is of little use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:889 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: 3600" +msgstr "Standaard: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:894 +msgid "offline_timeout_random_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:897 +msgid "" +"When SSSD is in offline mode it keeps probing backend servers in specified " +"time intervals:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:904 +msgid "" +"This parameter controls the value of the random offset used for the above " +"equation. Final random_offset value will be random number in range:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "[0 - offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:912 +msgid "A value of 0 disables the random offset addition." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:915 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: 30" +msgstr "Standaard: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:920 +msgid "responder_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:923 +msgid "" +"This option specifies the number of seconds that an SSSD responder process " +"can be up without being used. This value is limited in order to avoid " +"resource exhaustion on the system. The minimum acceptable value for this " +"option is 60 seconds. Setting this option to 0 (zero) means that no timeout " +"will be set up to the responder. This option only has effect when SSSD is " +"built with systemd support and when services are either socket or D-Bus " +"activated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 +msgid "Default: 300" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:942 +msgid "cache_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 +msgid "" +"This option specifies whether the responder should query all caches before " +"querying the Data Providers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:960 +msgid "NSS configuration options" +msgstr "NSS configuratie-opties" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:962 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" +"Deze opties kunnen worden gebruikt om de Name Serice Switch (NSS) service te " +"configurere." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:967 +msgid "enum_cache_timeout (integer)" +msgstr "enum_cache_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:970 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" +"Hoeveel seconden zouden nss_sss cache enumeraties (verzoeken om informatie " +"over alle gebruikers)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:974 +msgid "Default: 120" +msgstr "Standaard: 120" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:979 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "entry_cache_nowait_percentage (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:982 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:988 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:998 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 +msgid "Default: 50" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1011 +msgid "entry_negative_timeout (integer)" +msgstr "entry_negative_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 +msgid "Default: 15" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1025 +msgid "local_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1028 +msgid "" +"Specifies for how many seconds nss_sss should keep local users and groups in " +"negative cache before trying to look it up in the back end again. Setting " +"the option to 0 disables this feature." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "Default: 14400 (4 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1039 +msgid "filter_users, filter_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1042 +msgid "" +"Exclude certain users or groups from being fetched from the sss NSS " +"database. This is particularly useful for system accounts. This option can " +"also be set per-domain or include fully-qualified names to filter only users " +"from the particular domain or by a user principal name (UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1050 +msgid "" +"NOTE: The filter_groups option doesn't affect inheritance of nested group " +"members, since filtering happens after they are propagated for returning via " +"NSS. E.g. a group having a member group filtered out will still have the " +"member users of the latter listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1058 +msgid "Default: root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1063 +msgid "filter_users_in_groups (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1066 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1077 +msgid "fallback_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1080 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1085 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1091 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1095 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1101 +msgid "override_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1104 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1116 +msgid "allowed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1119 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1122 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1126 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1131 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1136 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1139 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1146 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1149 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1153 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1158 +msgid "vetoed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1161 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1166 +msgid "shell_fallback (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1169 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1173 +msgid "Default: /bin/sh" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1178 +msgid "default_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1181 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1187 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 +msgid "get_domains_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1206 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_timeout (integer)" +msgstr "enum_cache_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1209 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid. Setting this option to zero will disable the in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1217 +msgid "" +"WARNING: Disabling the in-memory cache will have significant negative impact " +"on SSSD's performance and should only be used for testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1231 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_passwd (integer)" +msgstr "enum_cache_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1234 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for passwd requests. Setting the size to 0 will disable the passwd in-" +"memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 +msgid "" +"WARNING: Disabled or too small in-memory cache can have significant negative " +"impact on SSSD's performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1256 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_group (integer)" +msgstr "enum_cache_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1259 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for group requests. Setting the size to 0 will disable the group in-memory " +"cache." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 +#: include/krb5_options.xml:11 +msgid "Default: 6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1281 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_initgroups (integer)" +msgstr "enum_cache_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1284 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for initgroups requests. Setting the size to 0 will disable the initgroups " +"in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1306 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "memcache_size_sid (integer)" +msgstr "enum_cache_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1309 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for SID related requests. Only SID-by-ID and ID-by-SID requests are " +"currently cached in fast in-memory cache. Setting the size to 0 will " +"disable the SID in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1336 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1349 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1354 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1359 +msgid "pwfield (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1362 +msgid "" +"The value that NSS operations that return users or groups will return for " +"the <quote>password</quote> field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1367 +#, fuzzy +#| msgid "Default: <quote>%1$s@%2$s</quote>." +msgid "Default: <quote>*</quote>" +msgstr "Standaard: <quote>%1$s@%2$s</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1370 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[nss] section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1374 +msgid "" +"Default: <quote>not set</quote> (remote domains), <phrase " +"condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" +"phrase> <quote>x</quote> (proxy domain with nss_files and sssd-shadowutils " +"target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1386 +msgid "PAM configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1388 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1393 +msgid "offline_credentials_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1396 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 +msgid "Default: 0 (No limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1407 +msgid "offline_failed_login_attempts (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1410 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1420 +msgid "offline_failed_login_delay (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1423 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1428 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 +msgid "Default: 5" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1440 +msgid "pam_verbosity (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1443 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1448 +msgid "Currently sssd supports the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1451 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1454 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1458 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1465 sssd.8.xml:63 +msgid "Default: 1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1471 +#, fuzzy +#| msgid "re_expression (string)" +msgid "pam_response_filter (string)" +msgstr "re_expression (tekst)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1474 +msgid "" +"A comma separated list of strings which allows to remove (filter) data sent " +"by the PAM responder to pam_sss PAM module. There are different kind of " +"responses sent to pam_sss e.g. messages displayed to the user or environment " +"variables which should be set by pam_sss." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1482 +msgid "" +"While messages already can be controlled with the help of the pam_verbosity " +"option this option allows to filter out other kind of responses as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1489 +msgid "ENV" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1490 +msgid "Do not send any environment variables to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1493 +msgid "ENV:var_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1494 +msgid "Do not send environment variable var_name to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1498 +msgid "ENV:var_name:service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1499 +msgid "Do not send environment variable var_name to service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1487 +msgid "" +"Currently the following filters are supported: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1506 +msgid "" +"The list of strings can either be the list of filters which would set this " +"list of filters and overwrite the defaults. Or each element of the list can " +"be prefixed by a '+' or '-' character which would add the filter to the " +"existing default or remove it from the defaults, respectively. Please note " +"that either all list elements must have a '+' or '-' prefix or none. It is " +"considered as an error to mix both styles." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1517 +msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1520 +msgid "" +"Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1527 +msgid "pam_id_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1530 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1536 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1550 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1556 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1567 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 +msgid "Default: 0" +msgstr "Standaard: 0" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1589 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1592 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to run PAM conversations against trusted domains. Users not " +"included in this list can only access domains marked as public with " +"<quote>pam_public_domains</quote>. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 +msgid "Default: All users are considered trusted by default" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1606 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1620 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1624 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1628 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 +msgid "Default: none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1637 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1640 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbosity is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1653 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1662 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1665 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1672 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1681 +msgid "pam_passkey_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 +msgid "Enable passkey device based authentication." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 +msgid "Default: False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1692 +msgid "passkey_debug_libfido2 (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1695 +msgid "Enable libfido2 library debug messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1703 +msgid "pam_cert_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1706 +msgid "" +"Enable certificate based Smartcard authentication. Since this requires " +"additional communication with the Smartcard which will delay the " +"authentication process this option is disabled by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1717 +msgid "pam_cert_db_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1720 +msgid "The path to the certificate database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 +msgid "Default:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 +msgid "" +"/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " +"certificates in PEM format)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1735 +#, fuzzy +#| msgid "re_expression (string)" +msgid "pam_cert_verification (string)" +msgstr "re_expression (tekst)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1738 +msgid "" +"With this parameter the PAM certificate verification can be tuned with a " +"comma separated list of options that override the " +"<quote>certificate_verification</quote> value in <quote>[sssd]</quote> " +"section. Supported options are the same of <quote>certificate_verification</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1749 +#, no-wrap +msgid "" +"pam_cert_verification = partial_chain\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1753 +msgid "" +"Default: not set, i.e. use default <quote>certificate_verification</quote> " +"option defined in <quote>[sssd]</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1760 +msgid "p11_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1763 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1772 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "passkey_child_timeout (integer)" +msgstr "enum_cache_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1775 +msgid "" +"How many seconds will the PAM responder wait for passkey_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1784 +msgid "pam_app_services (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1787 +msgid "" +"Which PAM services are permitted to contact domains of type " +"<quote>application</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1796 +msgid "pam_p11_allowed_services (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1799 +msgid "" +"A comma-separated list of PAM service names for which it will be allowed to " +"use Smartcards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1814 +#, no-wrap +msgid "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1803 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in order " +"to replace a default PAM service name for authentication with Smartcards (e." +"g. <quote>login</quote>) with a custom PAM service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd-ad.5.xml:869 sssd-ad.5.xml:947 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1863 +msgid "gnome-screensaver" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1871 +msgid "p11_wait_for_card_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1874 +msgid "" +"If Smartcard authentication is required how many extra seconds in addition " +"to p11_child_timeout should the PAM responder wait until a Smartcard is " +"inserted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1885 +msgid "p11_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1888 +msgid "" +"PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " +"selection of devices used for Smartcard authentication. By default SSSD's " +"p11_child will search for a PKCS#11 slot (reader) where the 'removable' " +"flags is set and read the certificates from the inserted token from the " +"first slot found. If multiple readers are connected p11_uri can be used to " +"tell p11_child to use a specific reader." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1901 +#, no-wrap +msgid "" +"p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1905 +#, no-wrap +msgid "" +"p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1899 +msgid "" +"Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " +"type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " +"debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' " +"with e.g. the '--list-all' will show PKCS#11 URIs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1918 +msgid "pam_initgroups_scheme" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1926 +msgid "always" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1927 +msgid "" +"Always do an online lookup, please note that pam_id_timeout still applies" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1931 +msgid "no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1932 +msgid "" +"Only do an online lookup if there is no active session of the user, i.e. if " +"the user is currently not logged in" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1937 +msgid "never" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1938 +msgid "" +"Never force an online lookup, use the data from the cache as long as they " +"are not expired" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1921 +msgid "" +"The PAM responder can force an online lookup to get the current group " +"memberships of the user trying to log in. This option controls when this " +"should be done and the following values are allowed: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1945 +msgid "Default: no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 +msgid "pam_gssapi_services" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1953 +msgid "" +"Comma separated list of PAM services that are allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1958 +msgid "" +"To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[pam] section. It can also be set for trusted domain which overwrites the " +"value in the domain section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1970 +#, no-wrap +msgid "" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1974 +msgid "Default: - (GSSAPI authentication is disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 +msgid "pam_gssapi_check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1982 +msgid "" +"If True, SSSD will require that the Kerberos user principal that " +"successfully authenticated through GSSAPI can be associated with the user " +"who is being authenticated. Authentication will fail if the check fails." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1989 +msgid "" +"If False, every user that is able to obtained required service ticket will " +"be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 +#: sssd-files.5.xml:145 +msgid "Default: True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2004 +msgid "pam_gssapi_indicators_map" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2007 +msgid "" +"Comma separated list of authentication indicators required to be present in " +"a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2013 +msgid "" +"Each element of the list can be either an authentication indicator name or a " +"pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " +"service name will be required to access any PAM service configured to be " +"used with <option>pam_gssapi_services</option>. A resulting list of " +"indicators per PAM service is then checked against indicators in the " +"Kerberos ticket during authentication by pam_sss_gss.so. Any indicator from " +"the ticket that matches the resulting list of indicators for the PAM service " +"would grant access. If none of the indicators in the list match, access will " +"be denied. If the resulting list of indicators for the PAM service is empty, " +"the check will not prevent the access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"To disable GSSAPI authentication indicator check, set this option to <quote>-" +"</quote> (dash). To disable the check for a specific PAM service, add " +"<quote>service:-</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "" +"Following authentication indicators are supported by IPA Kerberos " +"deployments:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"pkinit -- pre-authentication using X.509 certificates -- whether stored in " +"files or on smart cards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2043 +msgid "" +"hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " +"FAST channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2046 +msgid "radius -- pre-authentication with the help of a RADIUS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2049 +msgid "" +"otp -- pre-authentication using integrated two-factor authentication (2FA or " +"one-time password, OTP) in IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2052 +msgid "idp -- pre-authentication using external identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:2062 +#, no-wrap +msgid "" +"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2057 +msgid "" +"Example: to require access to SUDO services only for users which obtained " +"their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " +"set <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2066 +msgid "Default: not set (use of authentication indicators is not required)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2074 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2076 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2093 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2096 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2108 +msgid "sudo_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2111 +msgid "" +"Maximum number of expired rules that can be refreshed at once. If number of " +"expired rules is below threshold, those rules are refreshed with " +"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a " +"<quote>full refresh</quote> of sudo rules is triggered instead. This " +"threshold number also applies to IPA sudo command and command group searches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2130 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2132 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2136 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2139 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2155 +msgid "SSH configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2157 +msgid "These options can be used to configure the SSH service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2161 +msgid "ssh_hash_known_hosts (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2164 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2173 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2176 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2180 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2185 +msgid "ssh_use_certificate_keys (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2188 +msgid "" +"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " +"keys derived from the public key of X.509 certificates stored in the user " +"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2203 +msgid "ssh_use_certificate_matching_rules (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2206 +msgid "" +"By default the ssh responder will use all available certificate matching " +"rules to filter the certificates so that ssh keys are only derived from the " +"matching ones. With this option the used rules can be restricted with a " +"comma separated list of mapping and matching rule names. All other rules " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2215 +msgid "" +"There are two special key words 'all_rules' and 'no_rules' which will enable " +"all or no rules, respectively. The latter means that no certificates will be " +"filtered out and ssh keys will be generated from all valid certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2222 +msgid "" +"If no rules are configured using 'all_rules' will enable a default rule " +"which enables all certificates suitable for client authentication. This is " +"the same behavior as for the PAM responder if certificate authentication is " +"enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2229 +msgid "" +"A non-existing rule name is considered an error. If as a result no rule is " +"selected all certificates will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2234 +msgid "" +"Default: not set, equivalent to 'all_rules', all found rules or the default " +"rule are used" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2240 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2243 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2263 +msgid "PAC responder configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2265 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. If " +"the PAC is decoded and evaluated some of the following operations are done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2274 +msgid "" +"If the remote user does not exist in the cache, it is created. The UID is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"GID will have the same value as the UID. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2282 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2288 +msgid "These options can be used to configure the PAC responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 +msgid "allowed_uids (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2295 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2301 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2305 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2314 +msgid "pac_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2317 +msgid "" +"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " +"data can be used to determine the group memberships of a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2327 +#, fuzzy +#| msgid "re_expression (string)" +msgid "pac_check (string)" +msgstr "re_expression (tekst)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2330 +msgid "" +"Apply additional checks on the PAC of the Kerberos ticket which is available " +"in Active Directory and FreeIPA domains, if configured. Please note that " +"Kerberos ticket validation must be enabled to be able to check the PAC, i.e. " +"the krb5_validate option must be set to 'True' which is the default for the " +"IPA and AD provider. If krb5_validate is set to 'False' the PAC checks will " +"be skipped." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2344 +msgid "no_check" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2346 +msgid "" +"The PAC must not be present and even if it is present no additional checks " +"will be done." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2352 +msgid "pac_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2354 +msgid "" +"The PAC must be present in the service ticket which SSSD will request with " +"the help of the user's TGT. If the PAC is not available the authentication " +"will fail." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2362 +msgid "check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2364 +msgid "" +"If the PAC is present check if the user principal name (UPN) information is " +"consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2370 +msgid "check_upn_allow_missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2372 +msgid "" +"This option should be used together with 'check_upn' and handles the case " +"where a UPN is set on the server-side but is not read by SSSD. The typical " +"example is a FreeIPA domain where 'ldap_user_principal' is set to a not " +"existing attribute name. This was typically done to work-around issues in " +"the handling of enterprise principals. But this is fixed since quite some " +"time and FreeIPA can handle enterprise principals just fine and there is no " +"need anymore to set 'ldap_user_principal'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2384 +msgid "" +"Currently this option is set by default to avoid regressions in such " +"environments. A log message will be added to the system log and SSSD's debug " +"log in case a UPN is found in the PAC but not in SSSD's cache. To avoid this " +"log message it would be best to evaluate if the 'ldap_user_principal' option " +"can be removed. If this is not possible, removing 'check_upn' will skip the " +"test and avoid the log message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2398 +msgid "upn_dns_info_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2400 +msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2405 +msgid "check_upn_dns_info_ex" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2407 +msgid "" +"If the PAC is present and the extension to the UPN-DNS-INFO buffer is " +"available check if the information in the extension is consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2414 +msgid "upn_dns_info_ex_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2416 +msgid "" +"The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " +"'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2340 +msgid "" +"The following options can be used alone or in a comma-separated list: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2426 +msgid "" +"Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " +"check_upn_dns_info_ex')" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2435 +msgid "Session recording configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2437 +msgid "" +"Session recording works in conjunction with <citerefentry> " +"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>, a part of tlog package, to log what users see and type when " +"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-" +"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2450 +msgid "These options can be used to configure session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 +msgid "scope (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 +msgid "\"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 +msgid "No users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 +msgid "\"some\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 +msgid "" +"Users/groups specified by <replaceable>users</replaceable> and " +"<replaceable>groups</replaceable> options are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 +msgid "\"all\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 +msgid "All users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 +msgid "" +"One of the following strings specifying the scope of session recording: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 +msgid "Default: \"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 +msgid "users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 +msgid "" +"A comma-separated list of users which should have session recording enabled. " +"Matches user names as returned by NSS. I.e. after the possible space " +"replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 +msgid "Default: Empty. Matches no users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 +msgid "groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 +msgid "" +"A comma-separated list of groups, members of which should have session " +"recording enabled. Matches group names as returned by NSS. I.e. after the " +"possible space replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 +#: sssd-session-recording.5.xml:161 +msgid "" +"NOTE: using this option (having it set to anything) has a considerable " +"performance cost, because each uncached request for a user requires " +"retrieving and matching the groups the user is member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 +msgid "Default: Empty. Matches no groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 +#, fuzzy +#| msgid "re_expression (string)" +msgid "exclude_users (string)" +msgstr "re_expression (tekst)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 +msgid "" +"A comma-separated list of users to be excluded from recording, only " +"applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 +msgid "Default: Empty. No users excluded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 +msgid "exclude_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 +msgid "" +"A comma-separated list of groups, members of which should be excluded from " +"recording. Only applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 +msgid "Default: Empty. No groups excluded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2568 +msgid "DOMAIN SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2575 +msgid "enabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2578 +msgid "" +"Explicitly enable or disable the domain. If <quote>true</quote>, the domain " +"is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " +"always <quote>disabled</quote>. If this option is not set, the domain is " +"enabled only if it is listed in the domains option in the <quote>[sssd]</" +"quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2590 +msgid "domain_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2593 +msgid "" +"Specifies whether the domain is meant to be used by POSIX-aware clients such " +"as the Name Service Switch or by applications that do not need POSIX data to " +"be present or generated. Only objects from POSIX domains are available to " +"the operating system interfaces and utilities." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2601 +msgid "" +"Allowed values for this option are <quote>posix</quote> and " +"<quote>application</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2605 +msgid "" +"POSIX domains are reachable by all services. Application domains are only " +"reachable from the InfoPipe responder (see <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>) and the PAM responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2613 +msgid "" +"NOTE: The application domains are currently well tested with " +"<quote>id_provider=ldap</quote> only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2617 +msgid "" +"For an easy way to configure a non-POSIX domains, please see the " +"<quote>Application domains</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2621 +msgid "Default: posix" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2627 +msgid "min_id,max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2630 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2635 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2642 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2646 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2652 +msgid "enumerate (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2655 +msgid "" +"Determines if a domain can be enumerated, that is, whether the domain can " +"list all the users and group it contains. Note that it is not required to " +"enable enumeration in order for secondary groups to be displayed. This " +"parameter can have one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2663 +msgid "TRUE = Users and groups are enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2666 +msgid "FALSE = No enumerations for this domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 +msgid "Default: FALSE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2672 +msgid "" +"Enumerating a domain requires SSSD to download and store ALL user and group " +"entries from the remote server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2677 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed. This can lead to the <quote>sssd_be</" +"quote> process becoming unresponsive or even restarted by the internal " +"watchdog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2692 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2697 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2705 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2713 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2720 +msgid "all" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2721 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2724 +msgid "none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2725 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2716 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2739 +msgid "entry_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2742 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2746 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2759 +msgid "Default: 5400" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2765 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2768 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2778 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2781 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2791 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2794 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2804 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2807 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2817 +msgid "entry_cache_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2820 +msgid "" +"How many seconds should nss_sss consider hosts and networks entries valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2831 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2834 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2844 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2847 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2858 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2861 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2872 +msgid "entry_cache_computer_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2875 +msgid "" +"How many seconds to keep the local computer entry before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2885 +msgid "refresh_expired_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2888 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2893 +msgid "" +"The background refresh will process users, groups and netgroups in the " +"cache. For users who have performed the initgroups (get group membership for " +"user, typically ran at login) operation in the past, both the user entry " +"and the group membership are updated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2901 +msgid "This option is automatically inherited for all trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2905 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2909 +msgid "" +"Cache entry will be refreshed by background task when 2/3 of cache timeout " +"has already passed. If there are existing cached entries, the background " +"task will refer to their original cache timeout values instead of current " +"configuration value. This may lead to a situation in which background " +"refresh task appears to not be working. This is done by design to improve " +"offline mode operation and reuse of existing valid cache entries. To make " +"this change instant the user may want to manually invalidate existing cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 +#: sssd-ipa.5.xml:270 +msgid "Default: 0 (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2928 +msgid "cache_credentials (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2942 +msgid "" +"Take a note that while credentials are stored as a salted SHA512 hash, this " +"still potentially poses some security risk in case an attacker manages to " +"get access to a cache file (normally requires privileged access) and to " +"break a password using brute force attack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2956 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2959 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2966 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2977 +msgid "account_cache_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2980 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2987 +msgid "Default: 0 (unlimited)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2992 +msgid "pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3003 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3010 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3016 +msgid "id_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3019 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3023 +msgid "<quote>proxy</quote>: Support a legacy NSS provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3026 +msgid "" +"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" +"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on how to mirror local users and groups into SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3034 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3062 +msgid "use_fully_qualified_names (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3065 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3070 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3078 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3085 +msgid "" +"Default: FALSE (TRUE for trusted domain/sub-domains or if " +"default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3092 +msgid "ignore_group_members (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3095 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3098 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3116 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 +msgid "" +"This option can be also set per subdomain or inherited via " +"<emphasis>subdomain_inherit</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3132 +msgid "auth_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3135 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3146 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3170 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3173 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3176 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3182 +msgid "access_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3185 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3191 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3194 +msgid "<quote>deny</quote> always deny access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3221 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3228 +msgid "" +"<quote>krb5</quote>: .k5login based access control. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3235 +msgid "<quote>proxy</quote> for relaying access control to another PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3238 +msgid "Default: <quote>permit</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3243 +msgid "chpass_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3246 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3251 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3259 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3284 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3288 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3291 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3298 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3301 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3305 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3313 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3317 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3321 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3328 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3343 +msgid "" +"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " +"background unless the sudo provider is explicitly disabled. Set " +"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related " +"activity in SSSD if you do not want to use sudo with SSSD at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3353 +msgid "selinux_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3356 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3362 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3370 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3373 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3379 +msgid "subdomains_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3382 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3388 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3397 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3406 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3416 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3419 +msgid "" +"The provider which configures and manages user session related tasks. The " +"only user session task currently provided is the integration with Fleet " +"Commander, which works only with IPA. Supported session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3426 +msgid "<quote>ipa</quote> to allow performing user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3430 +msgid "" +"<quote>none</quote> does not perform any kind of user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3434 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can perform " +"session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3438 +msgid "" +"<emphasis>NOTE:</emphasis> In order to have this feature working as expected " +"SSSD must be running as \"root\" and not as the unprivileged user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3446 +msgid "autofs_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3449 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3453 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3460 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3468 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3477 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3487 +msgid "hostid_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3490 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3494 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3502 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3512 +msgid "resolver_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3515 +msgid "" +"The provider which should handle hosts and networks lookups. Supported " +"resolver providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3519 +msgid "" +"<quote>proxy</quote> to forward lookups to another NSS library. See " +"<quote>proxy_resolver_lib_name</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3523 +msgid "" +"<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3530 +msgid "" +"<quote>ad</quote> to fetch hosts and networks stored in AD. See " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring the AD " +"provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3538 +msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3551 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3560 +msgid "" +"Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" +"[^@]+))$</quote> which allows two different styles for user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 +msgid "username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 +msgid "username@domain.name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3573 +msgid "" +"Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" +"name>[^@\\\\]+)))$</quote> which allows three different styles for user " +"names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3585 +msgid "domain\\username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3588 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3593 +msgid "" +"The default re_expression uses the <quote>@</quote> character as a separator " +"between the name and the domain. As a result of this setting the default " +"does not accept the <quote>@</quote> character in short names (as it is " +"allowed in Windows group names). If a user wishes to use short names with " +"<quote>@</quote> they must create their own re_expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3645 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "Standaard: <quote>%1$s@%2$s</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3651 +msgid "lookup_family_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3654 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3658 +msgid "Supported values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3661 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3664 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3667 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3670 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3673 +msgid "Default: ipv4_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3679 +#, fuzzy +#| msgid "entry_negative_timeout (integer)" +msgid "dns_resolver_server_timeout (integer)" +msgstr "entry_negative_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3682 +msgid "" +"Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " +"server before trying next DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3687 +msgid "" +"The AD provider will use this option for the CLDAP ping timeouts as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 +msgid "" +"Please see the section <quote>FAILOVER</quote> for more information about " +"the service resolution." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 +msgid "Default: 1000" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3702 +#, fuzzy +#| msgid "entry_negative_timeout (integer)" +msgid "dns_resolver_op_timeout (integer)" +msgstr "entry_negative_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3705 +msgid "" +"Defines the amount of time (in seconds) to wait to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or DNS discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3722 +msgid "dns_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3725 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the " +"internal fail over service before assuming that the service is unreachable. " +"If this timeout is reached, the domain will continue to operate in offline " +"mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3743 +#, fuzzy +#| msgid "entry_negative_timeout (integer)" +msgid "dns_resolver_use_search_list (bool)" +msgstr "entry_negative_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3746 +msgid "" +"Normally, the DNS resolver searches the domain list defined in the " +"\"search\" directive from the resolv.conf file. This can lead to delays in " +"environments with improperly configured DNS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3752 +msgid "" +"If fully qualified domain names (or _srv_) are used in the SSSD " +"configuration, setting this option to FALSE can prevent unnecessary DNS " +"lookups in such environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3758 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: TRUE" +msgstr "Standaard: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3764 +msgid "dns_discovery_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3767 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3771 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3777 +msgid "override_gid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3780 +msgid "Override the primary GID value with the one specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3786 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3793 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3796 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3802 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3804 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3808 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3811 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3819 +msgid "" +"If you want to set this value for trusted domain with IPA provider, you need " +"to set it on both the client and SSSD on the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3789 +msgid "" +"Treat user and group names as case sensitive. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3834 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3840 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3843 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3849 +msgid "ldap_search_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3852 +msgid "ldap_network_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3855 +msgid "ldap_opt_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3858 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "ldap_offline_timeout" +msgstr "enum_cache_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3861 +#, fuzzy +#| msgid "reconnection_retries (integer)" +msgid "ldap_enumeration_refresh_timeout" +msgstr "reconnection_retries (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3864 +msgid "ldap_enumeration_refresh_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3867 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3870 +msgid "ldap_purge_cache_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3873 +msgid "" +"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " +"is not set explicitly)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3877 +msgid "ldap_krb5_ticket_lifetime" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3880 +#, fuzzy +#| msgid "reconnection_retries (integer)" +msgid "ldap_enumeration_search_timeout" +msgstr "reconnection_retries (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3883 +#, fuzzy +#| msgid "reconnection_retries (integer)" +msgid "ldap_connection_expire_timeout" +msgstr "reconnection_retries (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3886 +#, fuzzy +#| msgid "reconnection_retries (integer)" +msgid "ldap_connection_expire_offset" +msgstr "reconnection_retries (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3889 +msgid "ldap_connection_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 +msgid "ldap_use_tokengroups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3895 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3898 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3901 +msgid "auto_private_groups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3904 +msgid "case_sensitive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:3909 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3916 +msgid "Note: This option only works with the IPA and AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3923 +msgid "subdomain_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3934 +msgid "%F" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3935 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3926 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3940 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3944 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3949 +msgid "realmd_tags (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3952 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3958 +msgid "cached_auth_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3961 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode. If the credentials are incorrect, SSSD falls back to online " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3969 +msgid "" +"This option's value is inherited by all trusted domains. At the moment it is " +"not possible to set a different value per trusted domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3974 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3978 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "re_expression (string)" +msgid "local_auth_policy (string)" +msgstr "re_expression (tekst)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: match" +msgstr "Standaard: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 +msgid "auto_private_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4050 +msgid "true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4053 +msgid "" +"Create user's private group unconditionally from user's UID number. The GID " +"number is ignored in this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4057 +msgid "" +"NOTE: Because the GID number and the user private group are inferred from " +"the UID number, it is not supported to have multiple entries with the same " +"UID or GID number with this option. In other words, enabling this option " +"enforces uniqueness across the ID space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4066 +msgid "false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4069 +msgid "" +"Always use the user's primary GID number. The GID number must refer to a " +"group object in the LDAP database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4075 +msgid "hybrid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4078 +msgid "" +"A primary group is autogenerated for user entries whose UID and GID numbers " +"have the same value and at the same time the GID number does not correspond " +"to a real group object in LDAP. If the values are the same, but the primary " +"GID in the user entry is also used by a group object, the primary GID of the " +"user resolves to that group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4091 +msgid "" +"If the UID and GID of a user are different, then the GID must correspond to " +"a group entry, otherwise the GID is simply not resolvable." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4098 +msgid "" +"This feature is useful for environments that wish to stop maintaining a " +"separate group objects for the user private groups, but also wish to retain " +"the existing user private groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4047 +msgid "" +"This option takes any of three available values: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4110 +msgid "" +"For subdomains, the default value is False for subdomains that use assigned " +"POSIX IDs and True for subdomains that use automatic ID-mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4118 +#, no-wrap +msgid "" +"[domain/forest.domain/sub.domain]\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4124 +#, no-wrap +msgid "" +"[domain/forest.domain]\n" +"subdomain_inherit = auto_private_groups\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4115 +msgid "" +"The value of auto_private_groups can either be set per subdomains in a " +"subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " +"globally for all subdomains in the main domain section using the " +"subdomain_inherit option: <placeholder type=\"programlisting\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2570 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4139 +msgid "proxy_pam_target (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4142 +msgid "The proxy target PAM proxies to." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4145 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4155 +msgid "proxy_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4158 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4168 +msgid "proxy_resolver_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4171 +msgid "" +"The name of the NSS library to use for hosts and networks lookups in proxy " +"domains. The NSS functions searched for in the library are in the form of " +"_nss_$(libName)_$(function), for example _nss_dns_gethostbyname2_r." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4182 +msgid "proxy_fast_alias (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4185 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4199 +msgid "proxy_max_children (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4202 +msgid "" +"This option specifies the number of pre-forked proxy children. It is useful " +"for high-load SSSD environments where sssd may run out of available child " +"slots, which would cause some issues due to the requests being queued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4135 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:4218 +msgid "Application domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4220 +msgid "" +"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " +"applications as a gateway to an LDAP directory where users and groups are " +"stored. However, contrary to the traditional SSSD deployment where all users " +"and groups either have POSIX attributes or those attributes can be inferred " +"from the Windows SIDs, in many cases the users and groups in the application " +"support scenario have no POSIX attributes. Instead of setting a " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the " +"administrator can set up an <quote>[application/<replaceable>NAME</" +"replaceable>]</quote> section that internally represents a domain with type " +"<quote>application</quote> optionally inherits settings from a tradition " +"SSSD domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4240 +msgid "" +"Please note that the application domain must still be explicitly enabled in " +"the <quote>domains</quote> parameter so that the lookup order between the " +"application domain and its POSIX sibling domain is set correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:4246 +msgid "Application domain parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4248 +msgid "inherit_from (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4251 +msgid "" +"The SSSD POSIX-type domain the application domain inherits all settings " +"from. The application domain can moreover add its own settings to the " +"application settings that augment or override the <quote>sibling</quote> " +"domain settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4265 +msgid "" +"The following example illustrates the use of an application domain. In this " +"setup, the POSIX domain is connected to an LDAP server and is used by the OS " +"through the NSS responder. In addition, the application domain also requests " +"the telephoneNumber attribute, stores it as the phone attribute in the cache " +"and makes the phone attribute reachable through the D-Bus interface." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> +#: sssd.conf.5.xml:4273 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = appdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +phone\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/appdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = phone:telephoneNumber\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4293 +msgid "TRUSTED DOMAIN SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4295 +msgid "" +"Some options used in the domain section can also be used in the trusted " +"domain section, that is, in a section called <quote>[domain/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</" +"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base " +"domain. Please refer to examples below for explanation. Currently supported " +"options in the trusted domain section are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4302 +msgid "ldap_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4303 +msgid "ldap_user_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4304 +msgid "ldap_group_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4305 +msgid "ldap_netgroup_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4306 +msgid "ldap_service_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4307 +msgid "ldap_sasl_mech," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4308 +msgid "ad_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4309 +msgid "ad_backup_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4310 +msgid "ad_site," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 +msgid "use_fully_qualified_names" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4315 +msgid "" +"For more details about these options see their individual description in the " +"manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4321 +msgid "CERTIFICATE MAPPING SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4323 +msgid "" +"To allow authentication with Smartcards and certificates SSSD must be able " +"to map certificates to users. This can be done by adding the full " +"certificate to the LDAP object of the user or to a local override. While " +"using the full certificate is required to use the Smartcard authentication " +"feature of SSH (see <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> for details) it " +"might be cumbersome or not even possible to do this for the general case " +"where local services use PAM for authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4337 +msgid "" +"To make the mapping more flexible mapping and matching rules were added to " +"SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4346 +msgid "" +"A mapping and matching rule can be added to the SSSD configuration in a " +"section on its own with a name like <quote>[certmap/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</" +"replaceable>]</quote>. In this section the following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4353 +msgid "matchrule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4356 +msgid "" +"Only certificates from the Smartcard which matches this rule will be " +"processed, all others are ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4360 +msgid "" +"Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " +"Extended Key Usage <quote>clientAuth</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4367 +msgid "maprule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4370 +msgid "Defines how the user is found for a given certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4376 +msgid "" +"LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " +"<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4382 +msgid "" +"The RULE_NAME for the <quote>files</quote> provider which tries to find a " +"user with the same name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4391 +msgid "domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4394 +msgid "" +"Comma separated list of domain names the rule should be applied. By default " +"a rule is only valid in the domain configured in sssd.conf. If the provider " +"supports subdomains this option can be used to add the rule to subdomains as " +"well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4401 +msgid "Default: the configured domain in sssd.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4406 +msgid "priority (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4409 +msgid "" +"Unsigned integer value defining the priority of the rule. The higher the " +"number the lower the priority. <quote>0</quote> stands for the highest " +"priority while <quote>4294967295</quote> is the lowest." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4415 +msgid "Default: the lowest priority" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4421 +msgid "" +"To make the configuration simple and reduce the amount of configuration " +"options the <quote>files</quote> provider has some special properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4427 +msgid "" +"if maprule is not set the RULE_NAME name is assumed to be the name of the " +"matching user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4433 +msgid "" +"if a maprule is used both a single user name or a template like " +"<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " +"<quote>(username)</quote> or <quote>({subject_rfc822_name.short_name})</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4442 +msgid "the <quote>domains</quote> option is ignored" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4450 +msgid "PROMPTING CONFIGURATION SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4452 +msgid "" +"If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" +"filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " +"which authentication methods are available for the user trying to log in. " +"Based on the results pam_sss will prompt the user for appropriate " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4460 +msgid "" +"With the growing number of authentication methods and the possibility that " +"there are multiple ones for a single user the heuristic used by pam_sss to " +"select the prompting might not be suitable for all use cases. The following " +"options should provide a better flexibility here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4472 +msgid "[prompting/password]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4475 +msgid "password_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4476 +msgid "to change the string of the password prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4474 +msgid "" +"to configure password prompting, allowed options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4484 +msgid "[prompting/2fa]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4488 +msgid "first_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4489 +msgid "to change the string of the prompt for the first factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4492 +msgid "second_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4493 +msgid "to change the string of the prompt for the second factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4496 +msgid "single_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4497 +msgid "" +"boolean value, if True there will be only a single prompt using the value of " +"first_prompt where it is expected that both factors are entered as a single " +"string. Please note that both factors have to be entered here, even if the " +"second factor is optional." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4486 +msgid "" +"to configure two-factor authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " +"optional and it should be possible to log in either only with the password " +"or with both factors two-step prompting has to be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4514 +msgid "[prompting/passkey]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4522 +msgid "" +"boolean value, if True prompt a message and wait before testing the presence " +"of a passkey device. Recommended if your device doesn’t have a tactile " +"trigger." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4530 +msgid "interactive_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4532 +msgid "to change the message of the interactive prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4537 +msgid "touch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4539 +msgid "" +"boolean value, if True prompt a message to remind the user to touch the " +"device." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4545 +msgid "touch_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4547 +msgid "to change the message of the touch prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4516 +msgid "" +"to configure passkey authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4467 +msgid "" +"Each supported authentication method has its own configuration subsection " +"under <quote>[prompting/...]</quote>. Currently there are: <placeholder " +"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/" +"> <placeholder type=\"variablelist\" id=\"2\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4558 +msgid "" +"It is possible to add a subsection for specific PAM services, e.g. " +"<quote>[prompting/password/sshd]</quote> to individual change the prompting " +"for this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +msgid "EXAMPLES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4571 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4567 +msgid "" +"1. The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4604 +#, no-wrap +msgid "" +"[domain/ipa.com/child.ad.com]\n" +"use_fully_qualified_names = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4598 +msgid "" +"2. The following example shows configuration of IPA AD trust where the AD " +"forest consists of two domains in a parent-child structure. Suppose IPA " +"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain " +"(child.ad.com). To enable shortnames in the child domain the following " +"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/" +">" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4615 +#, no-wrap +msgid "" +"[certmap/my.domain/rule_name]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +"maprule = (userCertificate;binary={cert!bin})\n" +"domains = my.domain, your.domain\n" +"priority = 10\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4609 +msgid "" +"3. The following example shows the configuration of a certificate mapping " +"rule. It is valid for the configured domain <quote>my.domain</quote> and " +"additionally for the subdomains <quote>your.domain</quote> and uses the full " +"certificate in the search filter. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:21 pam_sss.8.xml:63 pam_sss_gss.8.xml:30 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21 +#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 +#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sssd-krb5.5.xml:21 +#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 +#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 +#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30 +#: sssd-files.5.xml:21 sssd-session-recording.5.xml:21 sssd-kcm.8.xml:21 +#: sssd-systemtap.5.xml:21 sssd-ldap-attributes.5.xml:21 +#: sssd_krb5_localauth_plugin.8.xml:20 +msgid "DESCRIPTION" +msgstr "OMSCHRIJVING" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 +#: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 +msgid "CONFIGURATION OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:67 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:77 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:80 +msgid "ldap[s]://<host>[:port]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:83 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:86 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:92 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:102 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:106 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:112 +msgid "ldap_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:115 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:123 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 +msgid "Examples:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:136 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:141 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:151 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:165 +msgid "ldap_schema (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:175 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:179 +msgid "rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:184 +msgid "rfc2307bis" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:189 +msgid "IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:194 +msgid "AD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:200 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:210 +msgid "Default: rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:216 +msgid "ldap_pwmodify_mode (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:219 +msgid "Specify the operation that is used to modify user password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:223 +msgid "Two modes are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:227 +msgid "exop - Password Modify Extended Operation (RFC 3062)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:233 +msgid "ldap_modify - Direct modification of userPassword (not recommended)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:240 +msgid "" +"Note: First, a new connection is established to verify current password by " +"binding as the user that requested password change. If successful, this " +"connection is used to change the password therefore the user must have write " +"access to userPassword attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:248 +msgid "Default: exop" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:254 +msgid "ldap_default_bind_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:264 +msgid "ldap_default_authtok_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:267 +msgid "The type of the authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:271 +msgid "The two mechanisms currently supported are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:274 +msgid "password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:277 +msgid "obfuscated_password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:280 +msgid "Default: password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "" +"See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:294 +msgid "ldap_default_authtok (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:297 +msgid "The authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:303 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:306 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:319 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:338 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:341 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:347 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:367 +msgid "ldap_group_nesting_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:370 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:395 +msgid "Default: 2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:404 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:439 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:444 +msgid "ldap_iphost_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:449 +msgid "ldap_ipnetwork_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:454 +msgid "ldap_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:457 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:463 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:480 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:483 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:501 +msgid "ldap_network_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:532 +msgid "ldap_opt_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:535 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:555 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:558 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:566 +msgid "" +"If the connection is idle (not actively running an operation) within " +"<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " +"closed early to ensure that a new query cannot require the connection to " +"remain open past its expiration. This implies that connections will always " +"be closed immediately and will never be reused if " +"<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:578 +msgid "" +"This timeout can be extended of a random value specified by " +"<emphasis>ldap_connection_expire_offset</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_connection_expire_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"Random offset between 0 and configured value is added to " +"<emphasis>ldap_connection_expire_timeout</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:613 +#, fuzzy +#| msgid "reconnection_retries (integer)" +msgid "ldap_connection_idle_timeout (integer)" +msgstr "reconnection_retries (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:616 +msgid "" +"Specifies a timeout (in seconds) that an idle connection to an LDAP server " +"will be maintained. If the connection is idle for more than this time then " +"the connection will be closed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:622 +msgid "You can disable this timeout by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:637 +msgid "ldap_page_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:640 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:651 +msgid "ldap_disable_paging (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:654 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:660 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:666 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:678 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:681 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:684 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:699 +msgid "ldap_sasl_minssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:702 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:715 +msgid "ldap_sasl_maxssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:718 +msgid "" +"When communicating with an LDAP server using SASL, specify the maximal " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:731 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:734 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:740 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0. " +"Please note that there are some codepaths in SSSD, like the IPA HBAC " +"provider, that are only implemented using the dereference call, so even with " +"dereference explicitly disabled, those parts will still use dereference if " +"the server supports it and advertises the dereference control in the rootDSE " +"object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:751 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:759 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:772 +msgid "ldap_ignore_unreadable_references (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:775 +msgid "" +"Ignore unreadable LDAP entries referenced in group's member attribute. If " +"this parameter is set to false an error will be returned and the operation " +"will fail instead of just ignoring the unreadable entry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:782 +msgid "" +"This parameter may be useful when using the AD provider and the computer " +"account that sssd uses to connect to AD does not have access to a particular " +"entry or LDAP sub-tree for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:795 +msgid "ldap_tls_reqcert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:798 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:808 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:815 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:821 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:827 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:831 +msgid "Default: hard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:837 +msgid "ldap_tls_cacert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:840 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:852 +msgid "ldap_tls_cacertdir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:855 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:870 +msgid "ldap_tls_cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:873 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:883 +msgid "ldap_tls_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:886 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:895 +msgid "ldap_tls_cipher_suite (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:898 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:914 +msgid "" +"Specifies that the id_provider connection must also use <systemitem " +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_id_mapping (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:934 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:944 +msgid "ldap_min_id, ldap_max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:947 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:959 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:965 +msgid "ldap_sasl_mech (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:968 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " +"tested and supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:972 +msgid "" +"If the backend supports sub-domains the value of ldap_sasl_mech is " +"automatically inherited to the sub-domains. If a different value is needed " +"for a sub-domain it can be overwritten by setting ldap_sasl_mech for this " +"sub-domain explicitly. Please see TRUSTED DOMAIN SECTION in " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:988 +msgid "ldap_sasl_authid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ldap.5.xml:1000 +#, no-wrap +msgid "" +"hostname@REALM\n" +"netbiosname$@REALM\n" +"host/hostname@REALM\n" +"*$@REALM\n" +"host/*@REALM\n" +"host/*\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:991 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " +"this represents the Kerberos principal used for authentication to the " +"directory. This option can either contain the full principal (for example " +"host/myhost@EXAMPLE.COM) or just the principal name (for example host/" +"myhost). By default, the value is not set and the following principals are " +"used: <placeholder type=\"programlisting\" id=\"0\"/> If none of them are " +"found, the first principal in keytab is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1011 +msgid "Default: host/hostname@REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1017 +msgid "ldap_sasl_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1026 +msgid "Default: the value of krb5_realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1032 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1035 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1040 +msgid "Default: false;" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1046 +msgid "ldap_krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1049 +msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1064 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1067 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI or GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1079 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 +msgid "Default: 86400 (24 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1100 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1129 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1133 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 +msgid "krb5_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1142 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1182 +msgid "ldap_pwd_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1185 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1190 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired. Please see option " +"\"ldap_chpass_update_last_change\" as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1203 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1212 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1220 +msgid "ldap_referrals (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1223 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1227 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1232 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement. Setting this option to " +"false is therefore recommended in case the SSSD LDAP provider is used " +"together with Microsoft Active Directory as a backend. Even if SSSD would be " +"able to follow the referral to a different AD DC no additional data would be " +"available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1251 +msgid "ldap_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1254 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1258 +msgid "Default: ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1264 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1267 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1278 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1281 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1287 +msgid "" +"It is recommend to set this option explicitly if \"ldap_pwd_policy = " +"shadow\" is used to let SSSD know if the LDAP server will update " +"shadowLastChange LDAP attribute automatically after a password change or if " +"SSSD has to update it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1301 +msgid "ldap_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1304 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1324 +msgid "Example:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1327 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1331 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1336 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 +msgid "Default: Empty" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1350 +msgid "ldap_account_expire_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1353 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1357 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1364 +msgid "The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1367 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1372 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1379 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1393 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1406 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1413 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1416 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1426 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1433 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1450 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 +msgid "" +"The difference between these options is the action taken if user password is " +"expired:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 +msgid "pwd_expire_policy_reject - user is denied to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 +msgid "pwd_expire_policy_warn - user is still able to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 +msgid "" +"pwd_expire_policy_renew - user is prompted to change their password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1489 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1499 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1503 +msgid "" +"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " +"remote host can access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "" +"Please note, rhost field in pam is set by application, it is better to check " +"what the application sends to pam, before enabling this access control option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1512 +msgid "Default: filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1515 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1522 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1525 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1533 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1536 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1542 +msgid "ldap_deref (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1545 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1550 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1559 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1564 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1569 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1577 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1580 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1584 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1595 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 +msgid "wildcard_limit (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1610 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1614 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1624 +#, fuzzy +#| msgid "debug_level (integer)" +msgid "ldap_library_debug_level (integer)" +msgstr "debug_level (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1627 +msgid "" +"Switches on libldap debugging with the given level. The libldap debug " +"messages will be written independent of the general debug_level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1632 +msgid "" +"OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " +"enable full debug output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1637 +msgid "Default: 0 (libldap debugging disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:52 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. Note that SSSD " +"LDAP mapping attributes are described in the <citerefentry> " +"<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1647 +msgid "SUDO OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1649 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1660 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1663 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1668 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1673 +msgid "" +"You can disable full refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 +msgid "Default: 21600 (6 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest " +"server USN value that is currently known by SSSD)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1693 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1697 +msgid "" +"<emphasis>Note:</emphasis> the highest USN value can be updated by three " +"tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +"enumeration of users and groups (if enabled and updated users or groups are " +"found) and 3) by reconnecting to the server (by default every 15 minutes, " +"see <emphasis>ldap_connection_expire_timeout</emphasis>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1708 +msgid "" +"You can disable smart refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1719 +msgid "ldap_sudo_random_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1722 +msgid "" +"Random offset between 0 and configured value is added to smart and full " +"refresh periods each time the periodic task is scheduled. The value is in " +"seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Note that this random offset is also applied on the first SSSD start which " +"delays the first sudo rules refresh. This prolongs the time when the sudo " +"rules are not available for use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1734 +msgid "You can disable this offset by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1744 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1747 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1758 +msgid "ldap_sudo_hostnames (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1761 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1766 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 +msgid "Default: not specified" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1782 +msgid "ldap_sudo_ip (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1785 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1790 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1805 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1808 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1823 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1826 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +#: sssd-ldap.5.xml:1836 +msgid "" +"Using wildcard is an operation that is very costly to evaluate on the LDAP " +"server side!" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1848 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1858 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1866 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1869 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1872 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1883 +msgid "ADVANCED OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1890 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1895 +msgid "ldap_user_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1900 +msgid "ldap_group_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:1905 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no GID mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:1914 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1916 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1885 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder " +"type=\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 +msgid "EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1944 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 +#: include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1955 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1957 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1962 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1979 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:11 pam_sss.8.xml:16 +msgid "pam_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: pam_sss.8.xml:12 pam_sss_gss.8.xml:12 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11 +#: sssd_krb5_localauth_plugin.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:17 +msgid "PAM module for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:22 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg " +"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg " +"choice='opt'> <replaceable>prompt_always</replaceable> </arg> <arg " +"choice='opt'> <replaceable>try_cert_auth</replaceable> </arg> <arg " +"choice='opt'> <replaceable>require_cert_auth</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:64 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123 +#: sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "OPTIES" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:74 +msgid "<option>quiet</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:77 +msgid "Suppress log messages for unknown users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>forward_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:92 +msgid "<option>use_first_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:95 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>use_authtok</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:113 +msgid "<option>retry=N</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:116 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:118 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:130 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:137 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:141 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:148 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:152 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:158 +msgid "" +"NOTE: If this is used for a service not running as root user, e.g. a web-" +"server, it must be used in conjunction with the <quote>pam_trusted_users</" +"quote> and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:173 +msgid "<option>allow_missing_name</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:177 +msgid "" +"The main purpose of this option is to let SSSD determine the user name based " +"on additional information, e.g. the certificate from a Smartcard." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: pam_sss.8.xml:187 +#, no-wrap +msgid "" +"auth sufficient pam_sss.so allow_missing_name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:182 +msgid "" +"The current use case are login managers which can monitor a Smartcard reader " +"for card events. In case a Smartcard is inserted the login manager will call " +"a PAM stack which includes a line like <placeholder type=\"programlisting\" " +"id=\"0\"/> In this case SSSD will try to determine the user name based on " +"the content of the Smartcard, returns it to pam_sss which will finally put " +"it on the PAM stack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:197 +msgid "<option>prompt_always</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:201 +msgid "" +"Always prompt the user for credentials. With this option credentials " +"requested by other PAM modules, typically a password, will be ignored and " +"pam_sss will prompt for credentials again. Based on the pre-auth reply by " +"SSSD pam_sss might prompt for a password, a Smartcard PIN or other " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:212 +msgid "<option>try_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:216 +msgid "" +"Try to use certificate based authentication, i.e. authentication with a " +"Smartcard or similar devices. If a Smartcard is available and the service is " +"allowed for Smartcard authentication the user will be prompted for a PIN and " +"the certificate based authentication will continue" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:224 +msgid "" +"If no Smartcard is available or certificate based authentication is not " +"allowed for the current service PAM_AUTHINFO_UNAVAIL is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:232 +msgid "<option>require_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:236 +msgid "" +"Do certificate based authentication, i.e. authentication with a Smartcard " +"or similar devices. If a Smartcard is not available the user will be " +"prompted to insert one. SSSD will wait for a Smartcard until the timeout " +"defined by p11_wait_for_card_timeout passed, please see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:246 +msgid "" +"If no Smartcard is available after the timeout or certificate based " +"authentication is not allowed for the current service PAM_AUTHINFO_UNAVAIL " +"is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:256 pam_sss_gss.8.xml:103 +msgid "MODULE TYPES PROVIDED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:257 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:260 +msgid "" +"If SSSD's PAM responder is not running, e.g. if the PAM responder socket is " +"not available, pam_sss will return PAM_USER_UNKNOWN when called as " +"<option>account</option> module to avoid issues with users from other " +"sources during access control." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:267 pam_sss_gss.8.xml:108 +msgid "RETURN VALUES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:270 pam_sss_gss.8.xml:111 +msgid "PAM_SUCCESS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:273 pam_sss_gss.8.xml:114 +msgid "The PAM operation finished successfully." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:278 pam_sss_gss.8.xml:119 +msgid "PAM_USER_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:281 +msgid "" +"The user is not known to the authentication service or the SSSD's PAM " +"responder is not running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:287 pam_sss_gss.8.xml:128 +msgid "PAM_AUTH_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:290 +msgid "" +"Authentication failure. Also, could be returned when there is a problem with " +"getting the certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:296 +msgid "PAM_PERM_DENIED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:299 +msgid "" +"Permission denied. The SSSD log files may contain additional information " +"about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:305 +msgid "PAM_IGNORE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:308 +msgid "" +"See options <option>ignore_unknown_user</option> and " +"<option>ignore_authinfo_unavail</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:314 +msgid "PAM_AUTHTOK_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:317 +msgid "" +"Unable to obtain the new authentication token. Also, could be returned when " +"the user authenticates with certificates and multiple certificates are " +"available, but the installed version of GDM does not support selection from " +"multiple certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:325 pam_sss_gss.8.xml:136 +msgid "PAM_AUTHINFO_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:328 pam_sss_gss.8.xml:139 +msgid "" +"Unable to access the authentication information. This might be due to a " +"network or hardware failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:334 +msgid "PAM_BUF_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:337 +msgid "" +"A memory error occurred. Also, could be returned when options use_first_pass " +"or use_authtok were set, but no password was found from the previously " +"stacked PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:344 pam_sss_gss.8.xml:145 +msgid "PAM_SYSTEM_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:347 pam_sss_gss.8.xml:148 +msgid "" +"A system error occurred. The SSSD log files may contain additional " +"information about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:353 +msgid "PAM_CRED_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:356 +msgid "Unable to set the credentials of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:361 +msgid "PAM_CRED_INSUFFICIENT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:364 +msgid "" +"The application does not have sufficient credentials to authenticate the " +"user. For example, missing PIN during smartcard authentication or missing " +"factor during two-factor authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:372 +msgid "PAM_SERVICE_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:375 +msgid "Error in service module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:380 +msgid "PAM_NEW_AUTHTOK_REQD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:383 +msgid "The user's authentication token has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:388 +msgid "PAM_ACCT_EXPIRED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:391 +msgid "The user account has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:396 +msgid "PAM_SESSION_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:399 +msgid "Unable to fetch IPA Desktop Profile rules or user info." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:404 +msgid "PAM_CRED_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:407 +msgid "Unable to retrieve Kerberos user credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:412 +msgid "PAM_NO_MODULE_DATA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:415 +msgid "" +"No authentication method was found by Kerberos. This might happen if the " +"user has a Smartcard assigned but the pkint plugin is not available on the " +"client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:422 +msgid "PAM_CONV_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:425 +msgid "Conversation failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:430 +msgid "PAM_AUTHTOK_LOCK_BUSY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:433 +msgid "No KDC suitable for password change is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:438 +msgid "PAM_ABORT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:441 +msgid "Unknown PAM call." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:446 +msgid "PAM_MODULE_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:449 +msgid "Unsupported PAM task or command." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:454 +msgid "PAM_BAD_ITEM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:457 +msgid "The authentication module cannot handle Smartcard credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:465 +msgid "FILES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:466 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:471 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:481 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss_gss.8.xml:11 pam_sss_gss.8.xml:16 +msgid "pam_sss_gss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss_gss.8.xml:17 +msgid "PAM module for SSSD GSSAPI authentication" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss_gss.8.xml:22 +#, fuzzy +#| msgid "" +#| "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +#| "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#| "arg>" +msgid "" +"<command>pam_sss_gss.so</command> <arg choice='opt'> <replaceable>debug</" +"replaceable> </arg>" +msgstr "" +"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>opties</" +"replaceable> </arg> <arg choice='plain'><replaceable>GROEP</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:32 +msgid "" +"<command>pam_sss_gss.so</command> authenticates user over GSSAPI in " +"cooperation with SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:36 +msgid "" +"This module will try to authenticate the user using the GSSAPI hostbased " +"service name host@hostname which translates to host/hostname@REALM Kerberos " +"principal. The <emphasis>REALM</emphasis> part of the Kerberos principal " +"name is derived by Kerberos internal mechanisms and it can be set explicitly " +"in configuration of [domain_realm] section in /etc/krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:44 +msgid "" +"SSSD is used to provide desired service name and to validate the user's " +"credentials using GSSAPI calls. If the service ticket is already present in " +"the Kerberos credentials cache or if user's ticket granting ticket can be " +"used to get the correct service ticket then the user will be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:51 +msgid "" +"If <option>pam_gssapi_check_upn</option> is True (default) then SSSD " +"requires that the credentials used to obtain the service tickets can be " +"associated with the user. This means that the principal that owns the " +"Kerberos credentials must match with the user principal name as defined in " +"LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:58 +msgid "" +"To enable GSSAPI authentication in SSSD, set <option>pam_gssapi_services</" +"option> option in [pam] or domain section of sssd.conf. The service " +"credentials need to be stored in SSSD's keytab (it is already present if you " +"use ipa or ad provider). The keytab location can be set with " +"<option>krb5_keytab</option> option. See <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> and " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more details on these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:74 +msgid "" +"Some Kerberos deployments allow to associate authentication indicators with " +"a particular pre-authentication method used to obtain the ticket granting " +"ticket by the user. <command>pam_sss_gss.so</command> allows to enforce " +"presence of authentication indicators in the service tickets before a " +"particular PAM service can be accessed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:82 +msgid "" +"If <option>pam_gssapi_indicators_map</option> is set in the [pam] or domain " +"section of sssd.conf, then SSSD will perform a check of the presence of any " +"configured indicators in the service ticket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss_gss.8.xml:93 +msgid "<option>debug</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:96 +msgid "Print debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:104 +msgid "Only the <option>auth</option> module type is provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:122 +msgid "" +"The user is not known to the authentication service or the GSSAPI " +"authentication is not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:131 +msgid "Authentication failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:159 +msgid "" +"The main use case is to provide password-less authentication in sudo but " +"without the need to disable authentication completely. To achieve this, " +"first enable GSSAPI authentication for sudo in sssd.conf:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:165 +#, no-wrap +msgid "" +"[domain/MYDOMAIN]\n" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:169 +msgid "" +"And then enable the module in desired PAM stack (e.g. /etc/pam.d/sudo and /" +"etc/pam.d/sudo-i)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:173 +#, no-wrap +msgid "" +"...\n" +"auth sufficient pam_sss_gss.so\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss_gss.8.xml:180 +msgid "TROUBLESHOOTING" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:182 +msgid "" +"SSSD logs, pam_sss_gss debug output and syslog may contain helpful " +"information about the error. Here are some common issues:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:186 +msgid "" +"1. I have KRB5CCNAME environment variable set and the authentication does " +"not work: Depending on your sudo version, it is possible that sudo does not " +"pass this variable to the PAM environment. Try adding KRB5CCNAME to " +"<option>env_keep</option> in /etc/sudoers or in your LDAP sudo rules default " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:193 +msgid "" +"2. Authentication does not work and syslog contains \"Server not found in " +"Kerberos database\": Kerberos is probably not able to resolve correct realm " +"for the service ticket based on the hostname. Try adding the hostname " +"directly to <option>[domain_realm]</option> in /etc/krb5.conf like so:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:200 +msgid "" +"3. Authentication does not work and syslog contains \"No Kerberos " +"credentials available\": You don't have any credentials that can be used to " +"obtain the required service ticket. Use kinit or authenticate over SSSD to " +"acquire those credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:206 +msgid "" +"4. Authentication does not work and SSSD sssd-pam log contains \"User with " +"UPN [$UPN] was not found.\" or \"UPN [$UPN] does not match target user " +"[$username].\": You are using credentials that can not be mapped to the user " +"that is being authenticated. Try to use kswitch to select different " +"principal, make sure you authenticated with SSSD or consider disabling " +"<option>pam_gssapi_check_upn</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:214 +#, no-wrap +msgid "" +"[domain_realm]\n" +".myhostname = MYREALM\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by libkrb5 to find KDCs for a given Kerberos realm. SSSD provides such " +"a plugin to guide all Kerberos clients on a system to a single KDC. In " +"general it should not matter to which KDC a client process is talking to. " +"But there are cases, e.g. after a password change, where not all KDCs are in " +"the same state because the new data has to be replicated first. To avoid " +"unexpected authentication failures and maybe even account lockings it would " +"be good to talk to a single KDC as long as possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:34 +msgid "" +"libkrb5 will search the locator plugin in the libkrb5 sub-directory of the " +"Kerberos plugin directory, see plugin_base_dir in <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for details. The plugin can only be disabled by removing the " +"plugin file. There is no option in the Kerberos configuration to disable it. " +"But the SSSD_KRB5_LOCATOR_DISABLE environment variable can be used to " +"disable the plugin for individual commands. Alternatively the SSSD option " +"krb5_use_kdcinfo=False can be used to not generate the data needed by the " +"plugin. With this the plugin is still called but will provide no data to the " +"caller so that libkrb5 can fall back to other methods defined in krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:50 +msgid "" +"The plugin reads the information about the KDCs of a given realm from a file " +"called <filename>kdcinfo.REALM</filename>. The file should contain one or " +"more DNS names or IP addresses either in dotted-decimal IPv4 notation or the " +"hexadecimal IPv6 notation. An optional port number can be added to the end " +"separated with a colon, the IPv6 address has to be enclosed in squared " +"brackets in this case as usual. Valid entries are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:58 +msgid "kdc.example.com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:59 +msgid "kdc.example.com:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:60 +msgid "1.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:61 +msgid "5.6.7.8:99" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:62 +msgid "2001:db8:85a3::8a2e:370:7334" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "[2001:db8:85a3::8a2e:370:7334]:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:65 +msgid "" +"SSSD's krb5 auth-provider which is used by the IPA and AD providers as well " +"adds the address of the current KDC or domain controller SSSD is using to " +"this file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:70 +msgid "" +"In environments with read-only and read-write KDCs where clients are " +"expected to use the read-only instances for the general operations and only " +"the read-write KDC for config changes like password changes a " +"<filename>kpasswdinfo.REALM</filename> is used as well to identify read-" +"write KDCs. If this file exists for the given realm the content will be used " +"by the plugin to reply to requests for a kpasswd or kadmin server or for the " +"MIT Kerberos specific master KDC. If the address contains a port number the " +"default KDC port 88 will be used for the latter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:85 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:91 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:95 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value " +"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the " +"caller." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:100 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES is set to " +"any value plugin will try to resolve all DNS names in kdcinfo file. By " +"default plugin returns KRB5_PLUGIN_NO_HANDLE to the caller immediately on " +"first DNS resolving failure." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:83 sssd-ad.5.xml:131 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss-certmap.5.xml:10 sss-certmap.5.xml:16 +msgid "sss-certmap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss-certmap.5.xml:17 +msgid "SSSD Certificate Matching and Mapping Rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:23 +msgid "" +"The manual page describes the rules which can be used by SSSD and other " +"components to match X.509 certificates and map them to accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:28 +msgid "" +"Each rule has four components, a <quote>priority</quote>, a <quote>matching " +"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</" +"quote>. All components are optional. A missing <quote>priority</quote> will " +"add the rule with the lowest priority. The default <quote>matching rule</" +"quote> will match certificates with the digitalSignature key usage and " +"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty " +"the certificates will be searched in the userCertificate attribute as DER " +"encoded binary. If no domains are given only the local domain will be " +"searched." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:39 +msgid "" +"To allow extensions or completely different style of rule the " +"<quote>mapping</quote> and <quote>matching rules</quote> can contain a " +"prefix separated with a ':' from the main part of the rule. The prefix may " +"only contain upper-case ASCII letters and numbers. If the prefix is omitted " +"the default type will be used which is 'KRB5' for the matching rules and " +"'LDAP' for the mapping rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:48 +msgid "" +"The 'sssctl' utility provides the 'cert-eval-rule' command to check if a " +"given certificate matches a matching rules and how the output of a mapping " +"rule would look like." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss-certmap.5.xml:55 +msgid "RULE COMPONENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:57 +msgid "PRIORITY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:59 +msgid "" +"The rules are processed by priority while the number '0' (zero) indicates " +"the highest priority. The higher the number the lower is the priority. A " +"missing value indicates the lowest priority. The rules processing is stopped " +"when a matched rule is found and no further rules are checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:66 +msgid "" +"Internally the priority is treated as unsigned 32bit integer, using a " +"priority value larger than 4294967295 will cause an error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:70 +msgid "" +"If multiple rules have the same priority and only one of the related " +"matching rules applies, this rule will be chosen. If there are multiple " +"rules with the same priority which matches, one is chosen but which one is " +"undefined. To avoid this undefined behavior either use different priorities " +"or make the matching rules more specific e.g. by using distinct <" +"ISSUER> patterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:79 +msgid "MATCHING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:81 +msgid "" +"The matching rule is used to select a certificate to which the mapping rule " +"should be applied. It uses a system similar to the one used by " +"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a " +"keyword enclosed by '<' and '>' which identified a certain part of the " +"certificate and a pattern which should be found for the rule to match. " +"Multiple keyword pattern pairs can be either joined with '&&' (and) " +"or '||' (or)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:90 +msgid "" +"Given the similarity to MIT Kerberos the type prefix for this rule is " +"'KRB5'. But 'KRB5' will also be the default for <quote>matching rules</" +"quote> so that \"<SUBJECT>.*,DC=MY,DC=DOMAIN\" and \"KRB5:<" +"SUBJECT>.*,DC=MY,DC=DOMAIN\" are equivalent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:99 +msgid "<SUBJECT>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:102 +msgid "" +"With this a part or the whole subject name of the certificate can be " +"matched. For the matching POSIX Extended Regular Expression syntax is used, " +"see regex(7) for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:108 +msgid "" +"For the matching the subject name stored in the certificate in DER encoded " +"ASN.1 is converted into a string according to RFC 4514. This means the most " +"specific name component comes first. Please note that not all possible " +"attribute names are covered by RFC 4514. The names included are 'CN', 'L', " +"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might " +"be shown differently on different platform and by different tools. To avoid " +"confusion those attribute names are best not used or covered by a suitable " +"regular-expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:121 +msgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:124 +msgid "" +"Please note that the characters \"^.[$()|*+?{\\\" have a special meaning in " +"regular expressions and must be escaped with the help of the '\\' character " +"so that they are matched as ordinary characters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:130 +msgid "Example: <SUBJECT>^CN=.* \\(Admin\\),DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:135 +msgid "<ISSUER>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:138 +msgid "" +"With this a part or the whole issuer name of the certificate can be matched. " +"All comments for <SUBJECT> apply her as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:143 +msgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:148 +msgid "<KU>key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:151 +msgid "" +"This option can be used to specify which key usage values the certificate " +"should have. The following values can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:155 +msgid "digitalSignature" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:156 +msgid "nonRepudiation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:157 +msgid "keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:158 +msgid "dataEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:159 +msgid "keyAgreement" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:160 +msgid "keyCertSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:161 +msgid "cRLSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:162 +msgid "encipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:163 +msgid "decipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:167 +msgid "" +"A numerical value in the range of a 32bit unsigned integer can be used as " +"well to cover special use cases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:171 +msgid "Example: <KU>digitalSignature,keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:176 +msgid "<EKU>extended-key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:179 +msgid "" +"This option can be used to specify which extended key usage the certificate " +"should have. The following value can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:183 +msgid "serverAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:184 +msgid "clientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:185 +msgid "codeSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:186 +msgid "emailProtection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:187 +msgid "timeStamping" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:188 +msgid "OCSPSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:189 +msgid "KPClientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:190 +msgid "pkinit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:191 +msgid "msScLogin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:195 +msgid "" +"Extended key usages which are not listed above can be specified with their " +"OID in dotted-decimal notation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:199 +msgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:204 +msgid "<SAN>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:207 +msgid "" +"To be compatible with the usage of MIT Kerberos this option will match the " +"Kerberos principals in the PKINIT or AD NT Principal SAN as <SAN:" +"Principal> does." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:212 +msgid "Example: <SAN>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:217 +msgid "<SAN:Principal>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:220 +msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:224 +msgid "Example: <SAN:Principal>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:229 +msgid "<SAN:ntPrincipalName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:232 +msgid "Match the Kerberos principals from the AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:236 +msgid "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:241 +msgid "<SAN:pkinit>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:244 +msgid "Match the Kerberos principals from the PKINIT SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:247 +msgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:252 +msgid "<SAN:dotted-decimal-oid>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:255 +msgid "" +"Take the value of the otherName SAN component given by the OID in dotted-" +"decimal notation, interpret it as string and try to match it against the " +"regular expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:261 +msgid "Example: <SAN:1.2.3.4>test" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:266 +msgid "<SAN:otherName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:269 +msgid "" +"Do a binary match with the base64 encoded blob against all otherName SAN " +"components. With this option it is possible to match against custom " +"otherName components with special encodings which could not be treated as " +"strings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:276 +msgid "Example: <SAN:otherName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:281 +msgid "<SAN:rfc822Name>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:284 +msgid "Match the value of the rfc822Name SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:287 +msgid "Example: <SAN:rfc822Name>.*@email\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:292 +msgid "<SAN:dNSName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:295 +msgid "Match the value of the dNSName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:298 +msgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:303 +msgid "<SAN:x400Address>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:306 +msgid "Binary match the value of the x400Address SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:309 +msgid "Example: <SAN:x400Address>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:314 +msgid "<SAN:directoryName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:317 +msgid "" +"Match the value of the directoryName SAN. The same comments as given for <" +"ISSUER> and <SUBJECT> apply here as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:322 +msgid "Example: <SAN:directoryName>.*,DC=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:327 +msgid "<SAN:ediPartyName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:330 +msgid "Binary match the value of the ediPartyName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:333 +msgid "Example: <SAN:ediPartyName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:338 +msgid "<SAN:uniformResourceIdentifier>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:341 +msgid "Match the value of the uniformResourceIdentifier SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:344 +msgid "Example: <SAN:uniformResourceIdentifier>URN:.*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:349 +msgid "<SAN:iPAddress>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:352 +msgid "Match the value of the iPAddress SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:355 +msgid "Example: <SAN:iPAddress>192\\.168\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:360 +msgid "<SAN:registeredID>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:363 +msgid "Match the value of the registeredID SAN as dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:367 +msgid "Example: <SAN:registeredID>1\\.2\\.3\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:96 +msgid "" +"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:375 +msgid "MAPPING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:377 +msgid "" +"The mapping rule is used to associate a certificate with one or more " +"accounts. A Smartcard with the certificate and the matching private key can " +"then be used to authenticate as one of those accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:382 +msgid "" +"Currently SSSD basically only supports LDAP to lookup user information (the " +"exception is the proxy provider which is not of relevance here). Because of " +"this the mapping rule is based on LDAP search filter syntax with templates " +"to add certificate content to the filter. It is expected that the filter " +"will only contain the specific data needed for the mapping and that the " +"caller will embed it in another filter to do the actual search. Because of " +"this the filter string should start and stop with '(' and ')' respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:392 +msgid "" +"In general it is recommended to use attributes from the certificate and add " +"them to special attributes to the LDAP user object. E.g. the " +"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute " +"for IPA can be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:398 +msgid "" +"This should be preferred to read user specific data from the certificate " +"like e.g. an email address and search for it in the LDAP server. The reason " +"is that the user specific data in LDAP might change for various reasons " +"would break the mapping. On the other hand it would be hard to break the " +"mapping on purpose for a specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:406 +msgid "" +"The default <quote>mapping rule</quote> type is 'LDAP' which can be added as " +"a prefix to a rule like e.g. 'LDAP:(userCertificate;binary={cert!bin})'. " +"There is an extension called 'LDAPU1' which offer more templates for more " +"flexibility. To allow older versions of this library to ignore the extension " +"the prefix 'LDAPU1' must be used when using the new templates in a " +"<quote>mapping rule</quote> otherwise the old version of this library will " +"fail with a parsing error. The new templates are described in section <xref " +"linkend=\"map_ldapu1\"/>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:424 +msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:427 +msgid "" +"This template will add the full issuer DN converted to a string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:433 sss-certmap.5.xml:459 +msgid "" +"The conversion options starting with 'ad_' will use attribute names as used " +"by AD, e.g. 'S' instead of 'ST'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:437 sss-certmap.5.xml:463 +msgid "" +"The conversion options starting with 'nss_' will use attribute names as used " +"by NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:441 sss-certmap.5.xml:467 +msgid "" +"The default conversion option is 'nss', i.e. attribute names according to " +"NSS and LDAP/RFC 4514 ordering." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:445 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!" +"ad})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:450 +msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:453 +msgid "" +"This template will add the full subject DN converted to string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:471 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>" +"{subject_dn!nss_x500})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:476 +msgid "{cert[!(bin|base64)]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:479 +msgid "" +"This template will add the whole DER encoded certificate as a string to the " +"search filter. Depending on the conversion option the binary certificate is " +"either converted to an escaped hex sequence '\\xx' or base64. The escaped " +"hex sequence is the default and can e.g. be used with the LDAP attribute " +"'userCertificate;binary'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:487 +msgid "Example: (userCertificate;binary={cert!bin})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:492 +msgid "{subject_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:495 +msgid "" +"This template will add the Kerberos principal which is taken either from the " +"SAN used by pkinit or the one used by AD. The 'short_name' component " +"represents the first part of the principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:501 +msgid "" +"Example: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:506 +msgid "{subject_pkinit_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:509 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by pkinit. The 'short_name' component represents the first part of the " +"principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:515 +msgid "" +"Example: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:520 +msgid "{subject_nt_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:523 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by AD. The 'short_name' component represent the first part of the principal " +"before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:529 +msgid "" +"Example: (|(userPrincipalName={subject_nt_principal})" +"(samAccountName={subject_nt_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:534 +msgid "{subject_rfc822_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:537 +msgid "" +"This template will add the string which is stored in the rfc822Name " +"component of the SAN, typically an email address. The 'short_name' component " +"represents the first part of the address before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:543 +msgid "" +"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name." +"short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:548 +msgid "{subject_dns_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:551 +msgid "" +"This template will add the string which is stored in the dNSName component " +"of the SAN, typically a fully-qualified host name. The 'short_name' " +"component represents the first part of the name before the first '.' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:557 +msgid "" +"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:562 +msgid "{subject_uri}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:565 +msgid "" +"This template will add the string which is stored in the " +"uniformResourceIdentifier component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:569 +msgid "Example: (uri={subject_uri})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:574 +msgid "{subject_ip_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:577 +msgid "" +"This template will add the string which is stored in the iPAddress component " +"of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:581 +msgid "Example: (ip={subject_ip_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:586 +msgid "{subject_x400_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:589 +msgid "" +"This template will add the value which is stored in the x400Address " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:594 +msgid "Example: (attr:binary={subject_x400_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:599 +msgid "" +"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:602 +msgid "" +"This template will add the DN string of the value which is stored in the " +"directoryName component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:606 +msgid "Example: (orig_dn={subject_directory_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:611 +msgid "{subject_ediparty_name}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:614 +msgid "" +"This template will add the value which is stored in the ediPartyName " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:619 +msgid "Example: (attr:binary={subject_ediparty_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:624 +msgid "{subject_registered_id}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:627 +msgid "" +"This template will add the OID which is stored in the registeredID component " +"of the SAN as a dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:632 +msgid "Example: (oid={subject_registered_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:417 +msgid "" +"The templates to add certificate data to the search filter are based on " +"Python-style formatting strings. They consist of a keyword in curly braces " +"with an optional sub-component specifier separated by a '.' or an optional " +"conversion/formatting option separated by a '!'. Allowed values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><title> +#: sss-certmap.5.xml:639 +msgid "LDAPU1 extension" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para> +#: sss-certmap.5.xml:641 +msgid "The following template are available when using the 'LDAPU1' extension:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:647 +msgid "{serial_number[!(dec|hex[_ucr])]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:650 +msgid "" +"This template will add the serial number of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:655 +msgid "" +"With the formatting option '!dec' the number will be printed as decimal " +"string. The hexadecimal output can be printed with upper-case letters ('!" +"hex_u'), with a colon separating the hexadecimal bytes ('!hex_c') or with " +"the hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can " +"be combined so that e.g. '!hex_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:665 +msgid "Example: LDAPU1:(serial={serial_number})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:671 +msgid "{subject_key_id[!hex[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:674 +msgid "" +"This template will add the subject key id of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:679 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!hex_u'), " +"with a colon separating the hexadecimal bytes ('!hex_c') or with the " +"hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can be " +"combined so that e.g. '!hex_uc' will produce a colon-separated hexadecimal " +"string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:688 +msgid "Example: LDAPU1:(ski={subject_key_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:694 +msgid "{cert[!DIGEST[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:697 +msgid "" +"This template will add the hexadecimal digest/hash of the certificate where " +"DIGEST must be replaced with the name of a digest/hash function supported by " +"OpenSSL, e.g. 'sha512'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:703 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!sha512_u'), " +"with a colon separating the hexadecimal bytes ('!sha512_c') or with the " +"hexadecimal bytes in reverse order ('!sha512_r'). The postfix letters can be " +"combined so that e.g. '!sha512_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:712 +msgid "Example: LDAPU1:(dgst={cert!sha256})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:718 +msgid "{subject_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:721 +msgid "" +"This template will add an attribute value of a component of the subject DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:726 +msgid "" +"A different component can it either selected by attribute name, e.g. " +"{subject_dn_component.uid} or by position, e.g. {subject_dn_component.[2]} " +"where positive numbers start counting from the most specific component and " +"negative numbers start counting from the least specific component. Attribute " +"name and the position can be combined as e.g. {subject_dn_component.uid[2]} " +"which means that the name of the second component must be 'uid'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:737 +msgid "Example: LDAPU1:(uid={subject_dn_component.uid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:743 +msgid "{issuer_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:746 +msgid "" +"This template will add an attribute value of a component of the issuer DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:751 +msgid "" +"See 'subject_dn_component' for details about the attribute name and position " +"specifiers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:755 +msgid "" +"Example: LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component." +"dc[-1]})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:760 +msgid "{sid[.rid]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:763 +msgid "" +"This template will add the SID if the corresponding extension introduced by " +"Microsoft with the OID 1.3.6.1.4.1.311.25.2 is available. With the '.rid' " +"selector only the last component, i.e. the RID, will be added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:770 +msgid "Example: LDAPU1:(objectsid={sid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:779 +msgid "DOMAIN LIST" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:781 +msgid "" +"If the domain list is not empty users mapped to a given certificate are not " +"only searched in the local domain but in the listed domains as well as long " +"as they are know by SSSD. Domains not know to SSSD will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for IPA environments. The IPA provider accepts the same " +"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. " +"However, it is neither necessary nor recommended to set these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:57 +msgid "" +"The IPA provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"As an access provider, the IPA provider has a minimal configuration (see " +"<quote>ipa_access_order</quote>) as it mainly uses HBAC (host-based access " +"control) rules. Please refer to freeipa.org for more information about HBAC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:68 +msgid "" +"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ipa</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:74 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:90 +msgid "ipa_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:93 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:101 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:104 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:117 +msgid "ipa_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:120 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host. The " +"hostname must be fully qualified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:129 sssd-ad.5.xml:1181 +msgid "dyndns_update (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:132 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA with the IP address of this client. The update is secured " +"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the " +"updates, if it is not otherwise specified by using the <quote>dyndns_iface</" +"quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:141 sssd-ad.5.xml:1195 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:146 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:158 sssd-ad.5.xml:1206 +msgid "dyndns_ttl (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:161 sssd-ad.5.xml:1209 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:166 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:172 +msgid "Default: 1200 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:178 sssd-ad.5.xml:1220 +msgid "dyndns_iface (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 sssd-ad.5.xml:1223 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:188 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 sssd-ad.5.xml:1234 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 +msgid "dyndns_auth (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"updates with the DNS server, insecure updates can be sent by setting this " +"option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 +msgid "Default: GSS-TSIG" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 +msgid "dyndns_auth_ptr (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"PTR updates with the DNS server, insecure updates can be sent by setting " +"this option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 +msgid "Default: Same as dyndns_auth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:234 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:237 sssd-ad.5.xml:238 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example." +"com\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1240 +msgid "dyndns_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:263 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:276 sssd-ad.5.xml:1258 +msgid "dyndns_update_ptr (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:1261 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 +msgid "Default: False (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 +msgid "dyndns_force_tcp (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 +msgid "dyndns_update_per_family (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 +msgid "" +"DNS update is by default performed in two steps - IPv4 update and then IPv6 " +"update. In some cases it might be desirable to perform IPv4 and IPv6 update " +"in single step." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:353 +#, fuzzy +#| msgid "re_expression (string)" +msgid "ipa_access_order (string)" +msgstr "re_expression (tekst)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:360 +msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:399 +msgid "" +"Please note that 'access_provider = ipa' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:406 +msgid "ipa_deskprofile_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:409 +msgid "" +"Optional. Use the given string as search base for Desktop Profile related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 +msgid "Default: Use base DN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:419 +msgid "ipa_subid_ranges_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"Optional. Use the given string as search base for subordinate ranges related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:426 +msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:433 +msgid "ipa_hbac_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:436 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 +msgid "Deprecated. Use ldap_host_search_base instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:455 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:458 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:474 +msgid "ipa_subdomains_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:477 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:486 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:493 +msgid "ipa_master_domain_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:496 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:505 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:524 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:534 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:538 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:564 +msgid "ipa_deskprofile_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:567 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server. This will reduce the latency and load on the IPA server if there " +"are many desktop profiles requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 +msgid "Default: 5 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:580 +msgid "ipa_deskprofile_request_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:583 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server in case the last request did not return any rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:588 +msgid "Default: 60 (minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:594 +msgid "ipa_hbac_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:597 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:610 +msgid "ipa_hbac_selinux (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:613 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:626 +msgid "ipa_server_mode (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "" +"This option will be set by the IPA installer (ipa-server-install) " +"automatically and denotes if SSSD is running on an IPA server or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:634 +msgid "" +"On an IPA server SSSD will lookup users and groups from trusted domains " +"directly while on a client it will ask an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:639 +msgid "" +"NOTE: There are currently some assumptions that must be met when SSSD is " +"running on an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "" +"The <quote>ipa_server</quote> option must be configured to point to the IPA " +"server itself. This is already the default set by the IPA installer, so no " +"manual change is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:653 +msgid "" +"The <quote>full_name_format</quote> option must not be tweaked to only print " +"short names for users from trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:668 +msgid "ipa_automount_location (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:671 +msgid "The automounter location this IPA client will be using" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:674 +msgid "Default: The location named \"default\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:682 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:691 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:694 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:697 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:703 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:706 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 +#: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 +#: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 +#: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 +msgid "Default: cn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:716 +msgid "ipa_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:719 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:722 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:728 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:731 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:735 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:741 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:744 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:749 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:752 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:755 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:758 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:761 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:764 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:767 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:770 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:775 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:781 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:784 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:789 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:792 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:795 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:800 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:684 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:812 +msgid "SUBDOMAINS PROVIDER" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:814 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:818 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:824 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:835 +msgid "TRUSTED DOMAINS CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:843 +#, no-wrap +msgid "" +"[domain/ipa.domain.com/ad.domain.com]\n" +"ad_server = dc.ad.domain.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:837 +msgid "" +"Some configuration options can also be set for a trusted domain. A trusted " +"domain configuration can be set using the trusted domain subsection as shown " +"in the example below. Alternatively, the <quote>subdomain_inherit</quote> " +"option can be used in the parent domain. <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:848 +msgid "" +"For more details, see the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:855 +msgid "" +"Different configuration options are tunable for a trusted domain depending " +"on whether you are configuring SSSD on an IPA server or an IPA client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:860 +msgid "OPTIONS TUNABLE ON IPA MASTERS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:862 +msgid "" +"The following options can be set in a subdomain section on an IPA master:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 +msgid "ad_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:869 +msgid "ad_backup_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 +msgid "ad_site" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:875 +msgid "ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:878 +msgid "ldap_user_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:881 +msgid "ldap_group_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:890 +msgid "OPTIONS TUNABLE ON IPA CLIENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:892 +msgid "" +"The following options can be set in a subdomain section on an IPA client:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:904 +msgid "" +"Note that if both options are set, only <quote>ad_server</quote> is " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:908 +msgid "" +"Since any request for a user or a group identity from a trusted domain " +"triggered from an IPA client is resolved by the IPA server, the " +"<quote>ad_server</quote> and <quote>ad_site</quote> options only affect " +"which AD DC will the authentication be performed against. In particular, the " +"addresses resolved from these lists will be written to <quote>kdcinfo</" +"quote> files read by the Kerberos locator plugin. Please refer to the " +"<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more details on the " +"Kerberos locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:932 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:939 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available. Back end communication occurs over a GSSAPI-encrypted " +"channel, SSL/TLS options should not be used with the AD provider and will be " +"superseded by Kerberos usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:44 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:48 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:54 +msgid "" +"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for Active Directory environments. The AD provider accepts the " +"same options used by the sssd-ldap and sssd-krb5 providers with some " +"exceptions. However, it is neither necessary nor recommended to set these " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"The AD provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:74 +msgid "" +"The AD provider can also be used as an access, chpass, sudo and autofs " +"provider. No configuration of the access provider is required on the client " +"side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:79 +msgid "" +"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ad</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:91 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:85 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should " +"be used, it is recommended for performance reasons that the attributes are " +"also replicated to the Global Catalog. If POSIX attributes are replicated, " +"SSSD will attempt to locate the domain of a requested numerical ID with the " +"help of the Global Catalog and only search that domain. In contrast, if " +"POSIX attributes are not replicated to the Global Catalog, SSSD must search " +"all the domains in the forest sequentially. Please note that the " +"<quote>cache_first</quote> option might be also helpful in speeding up " +"domainless searches. Note that if only a subset of POSIX attributes is " +"present in the Global Catalog, the non-replicated attributes are currently " +"not read from the LDAP port." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:108 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:113 +msgid "" +"SSSD only resolves Active Directory Security Groups. For more information " +"about AD group types see: <ulink url=\"https://docs.microsoft.com/en-us/" +"windows-server/identity/ad-ds/manage/understand-security-groups\"> Active " +"Directory security groups</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:120 +msgid "" +"SSSD filters out Domain Local groups from remote domains in the AD forest. " +"By default they are filtered out e.g. when following a nested group " +"hierarchy in remote domains because they are not valid in the local domain. " +"This is done to be in agreement with Active Directory's group-membership " +"assignment which can be seen in the PAC of the Kerberos ticket of a user " +"issued by Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:138 +msgid "ad_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:141 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:146 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:151 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:158 +msgid "ad_enabled_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:161 +msgid "" +"A comma-separated list of enabled Active Directory domains. If provided, " +"SSSD will ignore any domains not listed in this option. If left unset, all " +"discovered domains from the AD forest will be available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:168 +msgid "" +"During the discovery of the domains SSSD will filter out some domains where " +"flags or attributes indicate that they do not belong to the local forest or " +"are not trusted. If ad_enabled_domains is set, SSSD will try to enable all " +"listed domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:179 +#, no-wrap +msgid "" +"ad_enabled_domains = sales.example.com, eng.example.com\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:175 +msgid "" +"For proper operation, this option must be specified in all lower-case and as " +"the fully qualified domain name of the Active Directory domain. For example: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) will be " +"autodetected by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:193 +msgid "ad_server, ad_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:196 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:203 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:208 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:216 +msgid "ad_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:219 +msgid "" +"Optional. On machines where the hostname(5) does not reflect the fully " +"qualified name, sssd will try to expand the short name. If it is not " +"possible or the short name should be really used instead, set this parameter " +"explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:226 +msgid "" +"This field is used to determine the host principal in use in the keytab and " +"to perform dynamic DNS updates. It must match the hostname for which the " +"keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:235 +msgid "ad_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:258 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:261 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:269 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:277 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:285 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"Nested group membership must be searched for using a special OID " +"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain." +"example.org: syntax to ensure the parser does not attempt to interpret the " +"colon characters associated with the OID. If you do not use this OID then " +"nested group membership will not be resolved. See usage example below and " +"refer here for further information about the OID: <ulink url=\"https://msdn." +"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP " +"extensions</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:303 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:314 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +"\n" +"# apply filter for a member of a nested group in dom1:\n" +"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:333 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:347 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:350 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:358 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:372 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:384 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to the host. For more " +"information on the supported policy settings please refer to the " +"<quote>ad_gpo_map</quote> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:392 +msgid "" +"Please note that current version of SSSD does not support Active Directory's " +"built-in groups. Built-in groups (such as Administrators with SID " +"S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See " +"upstream issue tracker https://github.com/SSSD/sssd/issues/5063 ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:401 +msgid "" +"Before performing access control SSSD applies group policy security " +"filtering on the GPOs. For every single user login, the applicability of the " +"GPOs that are linked to the host is checked. In order for a GPO to apply to " +"a user, the user or at least one of the groups to which it belongs must have " +"following permissions on the GPO:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:411 +msgid "" +"Read: The user or one of its groups must have read access to the properties " +"of the GPO (RIGHT_DS_READ_PROPERTY)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:418 +msgid "" +"Apply Group Policy: The user or at least one of its groups must be allowed " +"to apply the GPO (RIGHT_DS_CONTROL_ACCESS)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:426 +msgid "" +"By default, the Authenticated Users group is present on a GPO and this group " +"has both Read and Apply Group Policy access rights. Since authentication of " +"a user must have been completed successfully before GPO security filtering " +"and access control are started, the Authenticated Users group permissions on " +"the GPO always apply also to the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:435 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing. For logging GPO-based access control debug level 'trace " +"functions' is required (see <citerefentry> <refentrytitle>sssctl</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:458 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:464 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:470 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:481 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:484 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:490 +msgid "ad_gpo_implicit_deny (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:493 +msgid "" +"Normally when no applicable GPOs are found the users are allowed access. " +"When this option is set to True users will be allowed access only when " +"explicitly allowed by a GPO rule. Otherwise users will be denied access. " +"This can be used to harden security but be careful when using this option " +"because it can deny access even to users in the built-in Administrators " +"group if no GPO rules apply to them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:509 +msgid "" +"The following 2 tables should illustrate when a user is allowed or rejected " +"based on the allow and deny login rights defined on the server-side and the " +"setting of ad_gpo_implicit_deny." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:521 +msgid "ad_gpo_implicit_deny = False (default)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "allow-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "deny-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:523 sssd-ad.5.xml:549 +msgid "results" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:526 sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:552 +#: sssd-ad.5.xml:555 sssd-ad.5.xml:558 +msgid "missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:527 +msgid "all users are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:535 sssd-ad.5.xml:555 +#: sssd-ad.5.xml:558 sssd-ad.5.xml:561 +msgid "present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:530 +msgid "only users not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:533 sssd-ad.5.xml:559 +msgid "only users in allow-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:536 sssd-ad.5.xml:562 +msgid "only users in allow-rules and not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:547 +msgid "ad_gpo_implicit_deny = True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:553 sssd-ad.5.xml:556 +msgid "no users are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:569 +msgid "ad_gpo_ignore_unreadable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:572 +msgid "" +"Normally when some group policy containers (AD object) of applicable group " +"policy objects are not readable by SSSD then users are denied access. This " +"option allows to ignore group policy containers and with them associated " +"policies if their attributes in group policy containers are not readable for " +"SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:589 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:605 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:608 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings. Only those GPOs are evaluated " +"for which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny interactive logon setting for the user or one of its groups, the user " +"is denied local access. If none of the evaluated GPOs has an interactive " +"logon right defined, the user is granted local access. If at least one " +"evaluated GPO contains interactive logon right settings, the user is granted " +"local access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:626 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:640 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:631 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:663 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:683 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:688 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:693 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:698 +msgid "unity" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:703 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:712 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:715 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings. Only those GPOs are " +"evaluated for which the user has Read and Apply Group Policy permission (see " +"option <quote>ad_gpo_access_control</quote>). If an evaluated GPO contains " +"the deny remote logon setting for the user or one of its groups, the user is " +"denied remote interactive access. If none of the evaluated GPOs has a " +"remote interactive logon right defined, the user is granted remote access. " +"If at least one evaluated GPO contains remote interactive logon right " +"settings, the user is granted remote access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:734 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:749 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:740 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:757 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:762 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:771 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny network logon setting for the user or one of its groups, the user is " +"denied network logon access. If none of the evaluated GPOs has a network " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains network logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:792 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:807 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:798 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:815 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:820 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:829 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:832 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings. Only those GPOs are evaluated for which the user has Read " +"and Apply Group Policy permission (see option <quote>ad_gpo_access_control</" +"quote>). If an evaluated GPO contains the deny batch logon setting for the " +"user or one of its groups, the user is denied batch logon access. If none " +"of the evaluated GPOs has a batch logon right defined, the user is granted " +"logon access. If at least one evaluated GPO contains batch logon right " +"settings, the user is granted logon access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:850 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:864 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:855 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:867 +msgid "" +"Note: Cron service name may differ depending on Linux distribution used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:873 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:882 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:885 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny service logon setting for the user or one of its groups, the user is " +"denied service logon access. If none of the evaluated GPOs has a service " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains service logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:903 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:916 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:908 sssd-ad.5.xml:983 +msgid "" +"It is possible to add a PAM service name to the default set by using " +"<quote>+service_name</quote>. Since the default set is empty, it is not " +"possible to remove a PAM service name from the default set. For example, in " +"order to add a custom pam service name (e.g. <quote>my_pam_service</quote>), " +"you would use the following configuration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:926 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:929 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:943 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:934 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:951 +msgid "polkit-1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:966 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:975 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:978 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:991 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1001 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1004 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1017 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1026 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1031 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1036 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1041 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1046 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1051 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1057 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1063 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1066 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1072 +msgid "Default: 30 days" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1078 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1081 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expects 2 integers separated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the initial timeout in seconds before the task is run for the " +"first time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1090 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1096 +msgid "ad_update_samba_machine_account_password (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1099 +msgid "" +"If enabled, when SSSD renews the machine account password, it will also be " +"updated in Samba's database. This prevents Samba's copy of the machine " +"account password from getting out of date when it is set up to use AD for " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1112 +msgid "ad_use_ldaps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1115 +msgid "" +"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " +"3628. If this option is set to True SSSD will use the LDAPS port 636 and " +"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " +"have multiple encryption layers on a single connection and we still want to " +"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " +"property maxssf is set to 0 (zero) for those connections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1132 +msgid "ad_allow_remote_domain_local_groups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1135 +msgid "" +"If this option is set to <quote>true</quote> SSSD will not filter out Domain " +"Local groups from remote domains in the AD forest. By default they are " +"filtered out e.g. when following a nested group hierarchy in remote domains " +"because they are not valid in the local domain. To be compatible with other " +"solutions which make AD users and groups available on Linux client this " +"option was added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1145 +msgid "" +"Please note that setting this option to <quote>true</quote> will be against " +"the intention of Domain Local group in Active Directory and <emphasis>SHOULD " +"ONLY BE USED TO FACILITATE MIGRATION FROM OTHER SOLUTIONS</emphasis>. " +"Although the group exists and user can be member of the group the intention " +"is that the group should be only used in the domain it is defined and in no " +"others. Since there is only one type of POSIX groups the only way to achieve " +"this on the Linux side is to ignore those groups. This is also done by " +"Active Directory as can be seen in the PAC of the Kerberos ticket for a " +"local service or in tokenGroups requests where remote Domain Local groups " +"are missing as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1161 +msgid "" +"Given the comments above, if this option is set to <quote>true</quote> the " +"tokenGroups request must be disabled by setting <quote>ldap_use_tokengroups</" +"quote> to <quote>false</quote> to get consistent group-memberships of a " +"users. Additionally the Global Catalog lookup should be skipped as well by " +"setting <quote>ad_enable_gc</quote> to <quote>false</quote>. Finally it " +"might be necessary to modify <quote>ldap_group_nesting_level</quote> if the " +"remote Domain Local groups can only be found with a deeper nesting level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1184 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1214 +msgid "Default: 3600 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1230 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1243 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true. Note that the " +"lowest possible value is 60 seconds in-case if value is provided less than " +"60, parameter will assume lowest value only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1393 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1400 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1420 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1416 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1426 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1434 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included in the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:98 +msgid "" +"<placeholder type=\"programlisting\" id=\"0\"/> <phrase " +"condition=\"have_systemd\"> It's important to note that on platforms where " +"systemd is supported there's no need to add the \"sudo\" provider to the " +"list of services, as it became optional. However, sssd-sudo.socket must be " +"enabled instead. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:118 +msgid "" +"When SSSD is configured to use IPA as the ID provider, the sudo provider is " +"automatically enabled. The sudo search base is configured to use the IPA " +"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in " +"sssd.conf, this value will be used instead. The compat tree (ou=sudoers," +"$SUFFIX) is no longer required for IPA sudo functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:128 +msgid "The SUDO rule caching mechanism" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:130 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:138 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:144 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:161 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:168 +msgid "keyword ALL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:173 +msgid "wildcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:178 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:183 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:188 +msgid "one of the IP addresses of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:193 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:199 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:213 +msgid "Tuning the performance" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:215 +msgid "" +"SSSD uses different kinds of mechanisms with more or less complex LDAP " +"filters to keep the cached sudo rules up to date. The default configuration " +"is set to values that should satisfy most of our users, but the following " +"paragraphs contain few tips on how to fine- tune the configuration to your " +"requirements." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:222 +msgid "" +"1. <emphasis>Index LDAP attributes</emphasis>. Make sure that following LDAP " +"attributes are indexed: objectClass, cn, entryUSN or modifyTimestamp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:227 +msgid "" +"2. <emphasis>Set ldap_sudo_search_base</emphasis>. Set the search base to " +"the container that holds the sudo rules to limit the scope of the lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:232 +msgid "" +"3. <emphasis>Set full and smart refresh interval</emphasis>. If your sudo " +"rules do not change often and you do not require quick update of cached " +"rules on your clients, you may consider increasing the " +"<emphasis>ldap_sudo_full_refresh_interval</emphasis> and " +"<emphasis>ldap_sudo_smart_refresh_interval</emphasis>. You may also consider " +"disabling the smart refresh by setting " +"<emphasis>ldap_sudo_smart_refresh_interval = 0</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:241 +msgid "" +"4. If you have large number of clients, you may consider increasing the " +"value of <emphasis>ldap_sudo_random_offset</emphasis> to distribute the load " +"on the server better." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>--logger=</option><replaceable>value</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "Location where SSSD will send log messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:92 +msgid "" +"<emphasis>stderr</emphasis>: Redirect debug messages to standard error " +"output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:96 +msgid "" +"<emphasis>files</emphasis>: Redirect debug messages to the log files. By " +"default, the log files are stored in <filename>/var/log/sssd</filename> and " +"there are separate log files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:102 +msgid "" +"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:106 +msgid "" +"Default: not set (fall back to journald if available, otherwise to stderr)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:113 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:117 +msgid "Become a daemon after starting up." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:123 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:127 +msgid "Run in the foreground, don't become a daemon." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:133 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:137 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "<option>-g</option>,<option>--genconf</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:154 +msgid "" +"Do not start the SSSD, but refresh the configuration database from the " +"contents of <filename>/etc/sssd/sssd.conf</filename> and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:162 +msgid "<option>-s</option>,<option>--genconf-section</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:166 +msgid "" +"Similar to <quote>--genconf</quote>, but only refresh a single section from " +"the configuration file. This option is useful mainly to be called from " +"systemd unit files to allow socket-activated responders to refresh their " +"configuration without requiring the administrator to restart the whole SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:178 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:182 +msgid "Print version number and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:190 +msgid "Signals" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:193 +msgid "SIGTERM/SIGINT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:196 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:202 +msgid "SIGHUP" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:205 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:213 +msgid "SIGUSR1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:216 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:225 +msgid "SIGUSR2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:228 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:240 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:244 +msgid "" +"If the environment variable SSS_LOCKFREE is set to \"NO\", requests from " +"multiple threads of a single application will be serialized." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:48 +msgid "" +"<emphasis>NOTE:</emphasis> The options provided in this man page only work " +"with <quote>ldap</quote> and <quote>AD</quote> <quote> id_provider</quote>. " +"IPA overrides can be managed centrally on the IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:56 sssctl.8.xml:41 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:58 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:65 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED " +"CERTIFICATE</optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:78 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:86 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:91 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:100 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:105 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:113 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:118 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:124 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:134 +msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:137 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:146 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:149 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:155 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:160 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:168 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:175 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:183 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:188 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:197 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:202 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:210 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:215 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:221 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:231 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:234 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:243 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:246 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:252 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:257 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:267 sssctl.8.xml:50 +msgid "COMMON OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:269 sssctl.8.xml:52 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:274 sssctl.8.xml:57 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 include/override_homedir.xml:42 +msgid "%h" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:124 +msgid "home directory" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:31 +msgid "%P" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:56 +msgid "%%" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:57 +msgid "a literal '%'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:253 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:256 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:261 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:274 +msgid "krb5_use_fast (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:277 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:282 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:286 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:291 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:296 +msgid "Default: not set, i.e. FAST is not used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:299 +msgid "NOTE: a keytab or support for anonymous PKINIT is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:303 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:312 +msgid "krb5_fast_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:315 +msgid "Specifies the server principal to use for FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:321 +msgid "krb5_fast_use_anonymous_pkinit (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:324 +msgid "" +"If set to true try to use anonymous PKINIT instead of a keytab to get the " +"required credential for FAST. The krb5_fast_principal options is ignored in " +"this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:364 +msgid "krb5_kdcinfo_lookahead (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:367 +msgid "" +"When krb5_use_kdcinfo is set to true, you can limit the amount of servers " +"handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. This might be " +"helpful when there are too many servers discovered using SRV record." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:377 +msgid "" +"The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. " +"The first number represents number of primary servers used and the second " +"number specifies the number of backup servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:383 +msgid "" +"For example <emphasis>10:0</emphasis> means that up to 10 primary servers " +"will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " +"servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:392 +msgid "Default: 3:1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:398 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:401 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:407 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:410 +msgid "" +"The IPA provider will set to option to 'true' if it detects that the server " +"is capable of handling enterprise principals and the option is not set " +"explicitly in the config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:419 +msgid "krb5_use_subdomain_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:422 +msgid "" +"Specifies to use subdomains realms for the authentication of users from " +"trusted domains. This option can be set to 'true' if enterprise principals " +"are used with upnSuffixes which are not known on the parent domain KDCs. If " +"the option is set to 'true' SSSD will try to send the request directly to a " +"KDC of the trusted domain the user is coming from." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:438 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:453 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:458 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:485 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:493 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online. Options that invalidate a single object only accept a " +"single provided argument." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:43 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:47 +msgid "Invalidate all cached entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:53 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:58 +msgid "Invalidate specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:64 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:68 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:75 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:80 +msgid "Invalidate specific group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:86 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:90 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:97 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:102 +msgid "Invalidate specific netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:108 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:112 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:119 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:124 +msgid "Invalidate specific service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:130 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:134 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:141 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:146 +msgid "Invalidate specific autofs maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:152 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:156 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:163 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:168 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:174 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:178 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:186 +msgid "" +"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:191 +msgid "Invalidate particular sudo rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:197 +msgid "<option>-R</option>,<option>--sudo-rules</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:201 +msgid "" +"Invalidate all cached sudo rules. This option overrides invalidation of " +"specific sudo rule if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:209 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:214 +msgid "Restrict invalidation process only to a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_cache.8.xml:224 +msgid "EFFECTS ON THE FAST MEMORY CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:226 +msgid "" +"<command>sss_cache</command> also invalidates the memory cache. Since the " +"memory cache is a file which is mapped into the memory of each process which " +"called SSSD to resolve users or groups the file cannot be truncated. A " +"special flag is set in the header of the file to indicate that the content " +"is invalid and then the file is unlinked by SSSD's NSS responder and a new " +"cache file is created. Whenever a process is now doing a new lookup for a " +"user or a group it will see the flag, close the old memory cache file and " +"map the new one into its memory. When all processes which had opened the old " +"memory cache file have closed it while looking up a user or a group the " +"kernel can release the occupied disk space and the old memory cache file is " +"finally removed completely." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:240 +msgid "" +"A special case is long running processes which are doing user or group " +"lookups only at startup, e.g. to determine the name of the user the process " +"is running as. For those lookups the memory cache file is mapped into the " +"memory of the process. But since there will be no further lookups this " +"process would never detect if the memory cache file was invalidated and " +"hence it will be kept in memory and will occupy disk space until the process " +"stops. As a result calling <command>sss_cache</command> might increase the " +"disk usage because old memory cache files cannot be removed from the disk " +"because they are still mapped by long running processes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:252 +msgid "" +"A possible work-around for long running processes which are looking up users " +"and groups only at startup or very rarely is to run them with the " +"environment variable SSS_NSS_USE_MEMCACHE set to \"NO\" so that they won't " +"use the memory cache at all and not map the memory cache file into the " +"memory. In general a better solution is to tune the cache timeout parameters " +"so that they meet the local expectations and calling <command>sss_cache</" +"command> is not needed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "[DEPRECATED] change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl " +"debug-level command. Please refer to the <command>sssctl</command> man page " +"for more information on sssctl usage." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ifp.5.xml:43 +msgid "FIND BY VALID CERTIFICATE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:45 +msgid "" +"The following options can be used to control how the certificates are " +"validated when using the FindByValidCertificate() API:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:48 sss_ssh_authorizedkeys.1.xml:92 +msgid "ca_db" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:49 sss_ssh_authorizedkeys.1.xml:93 +msgid "p11_child_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:50 sss_ssh_authorizedkeys.1.xml:94 +msgid "certificate_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:52 +msgid "" +"For more details about the options see <citerefentry><refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:62 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:69 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:75 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:79 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:93 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:108 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:115 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:116 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:119 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:120 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:123 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:127 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:128 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:97 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:141 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:133 +msgid "" +"It is possible to add another attribute to this set by using " +"<quote>+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:145 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:155 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:160 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:316 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "ZIE OOK" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the " +"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> man page for more details about this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:59 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:52 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_ssh_authorizedkeys.1.xml:65 +msgid "KEYS FROM CERTIFICATES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:67 +msgid "" +"In addition to the public SSH keys for user <replaceable>USER</replaceable> " +"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived " +"from the public key of a X.509 certificate as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:73 +msgid "" +"To enable this the <quote>ssh_use_certificate_keys</quote> option must be " +"set to true (default) in the [ssh] section of <filename>sssd.conf</" +"filename>. If the user entry contains certificates (see " +"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or " +"there is a certificate in an override entry for the user (see " +"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the " +"certificate is valid SSSD will extract the public key from the certificate " +"and convert it into the format expected by sshd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:90 +msgid "Besides <quote>ssh_use_certificate_keys</quote> the options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:96 +msgid "" +"can be used to control how the certificates are validated (see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:101 +msgid "" +"The validation is the benefit of using X.509 certificates instead of SSH " +"keys directly because e.g. it gives a better control of the lifetime of the " +"keys. When the ssh client is configured to use the private keys from a " +"Smartcard with the help of a PKCS#11 shared library (see " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> for details) it might be irritating that authentication is " +"still working even if the related X.509 certificate on the Smartcard is " +"already expired because neither <command>ssh</command> nor <command>sshd</" +"command> will look at the certificate at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:114 +msgid "" +"It has to be noted that the derived public SSH key can still be added to the " +"<filename>authorized_keys</filename> file of the user to bypass the " +"certificate validation if the <command>sshd</command> configuration permits " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:132 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:102 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:104 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and establishes the connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:89 +msgid "<option>-k</option>,<option>--pubkey</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:93 +msgid "" +"Print the host ssh public keys for host <replaceable>HOST</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: idmap_sss.8.xml:10 idmap_sss.8.xml:15 +msgid "idmap_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: idmap_sss.8.xml:16 +msgid "SSSD's idmap_sss Backend for Winbind" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:22 +msgid "" +"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. " +"No database is required in this case as the mapping is done by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: idmap_sss.8.xml:29 +msgid "IDMAP OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: idmap_sss.8.xml:33 +msgid "range = low - high" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: idmap_sss.8.xml:35 +msgid "" +"Defines the available matching UID and GID range for which the backend is " +"authoritative." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:45 +msgid "" +"This example shows how to configure idmap_sss as the default mapping module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: idmap_sss.8.xml:50 +#, no-wrap +msgid "" +"[global]\n" +"security = ads\n" +"workgroup = <AD-DOMAIN-SHORTNAME>\n" +"\n" +"idmap config <AD-DOMAIN-SHORTNAME> : backend = sss\n" +"idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647\n" +"\n" +"idmap config * : backend = tdb\n" +"idmap config * : range = 100000-199999\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:62 +msgid "" +"Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of " +"the AD domain. If multiple AD domains should be used each domain needs an " +"<literal>idmap config</literal> line with <literal>backend = sss</literal> " +"and a line with a suitable <literal>range</literal>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:69 +msgid "" +"Since Winbind requires a writeable default backend and idmap_sss is read-" +"only the example includes <literal>backend = tdb</literal> as default." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssctl.8.xml:10 sssctl.8.xml:15 +msgid "sssctl" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssctl.8.xml:16 +msgid "SSSD control and status utility" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssctl.8.xml:21 +msgid "" +"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:32 +msgid "" +"<command>sssctl</command> provides a simple and unified way to obtain " +"information about SSSD status, such as active server, auto-discovered " +"servers, domains and cached objects. In addition, it can manage SSSD data " +"files for troubleshooting in such a way that is safe to manipulate while " +"SSSD is running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:43 +msgid "" +"To list all available commands run <command>sssctl</command> without any " +"parameters. To print help for selected command run <command>sssctl COMMAND --" +"help</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-files.5.xml:10 sssd-files.5.xml:16 +msgid "sssd-files" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-files.5.xml:17 +msgid "SSSD files provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:23 +msgid "" +"This manual page describes the files provider for <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:36 +msgid "" +"The files provider mirrors the content of the <citerefentry> " +"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files " +"provider is to make the users and groups traditionally only accessible with " +"NSS interfaces also available through the SSSD interfaces such as " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:55 +msgid "" +"Another reason is to provide efficient caching of local users and groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:58 +msgid "" +"Please note that besides explicit domain definition the files provider can " +"be configured also implicitly using 'enable_files_domain' option. See " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:66 +msgid "" +"SSSD never handles resolution of user/group \"root\". Also resolution of UID/" +"GID 0 is not handled by SSSD. Such requests are passed to next NSS module " +"(usually files)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:71 +msgid "" +"When SSSD is not running or responding, nss_sss returns the UNAVAIL code " +"which causes the request to be passed to the next module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:95 +msgid "passwd_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:98 +msgid "" +"Comma-separated list of one or multiple password filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:104 +msgid "Default: /etc/passwd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:110 +msgid "group_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:113 +msgid "" +"Comma-separated list of one or multiple group filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:119 +msgid "Default: /etc/group" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:125 +msgid "fallback_to_nss (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:128 +msgid "" +"While updating the internal data SSSD will return an error and let the " +"client continue with the next NSS module. This helps to avoid delays when " +"using the default system files <filename>/etc/passwd</filename> and " +"<filename>/etc/group</filename> and the NSS configuration has 'sss' before " +"'files' for the 'passwd' and 'group' maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:138 +msgid "" +"If the files provider is configured to monitor other files it makes sense to " +"set this option to 'False' to avoid inconsistent behavior because in general " +"there would be no other NSS module which can be used as a fallback." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:79 +msgid "" +"In addition to the options listed below, generic SSSD domain options can be " +"set where applicable. Refer to the section <quote>DOMAIN SECTIONS</quote> " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for details on the configuration of " +"an SSSD domain. But the purpose of the files provider is to expose the same " +"data as the UNIX files, just through the SSSD interfaces. Therefore not all " +"generic domain options are supported. Likewise, some global options, such as " +"overriding the shell in the <quote>nss</quote> section for all domains has " +"no effect on the files domain unless explicitly specified per-domain. " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:157 +msgid "" +"The following example assumes that SSSD is correctly configured and files is " +"one of the domains in the <replaceable>[sssd]</replaceable> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:163 +#, no-wrap +msgid "" +"[domain/files]\n" +"id_provider = files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:168 +msgid "" +"To leverage caching of local users and groups by SSSD nss_sss module must be " +"listed before nss_files module in /etc/nsswitch.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:174 +#, no-wrap +msgid "" +"passwd: sss files\n" +"group: sss files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16 +msgid "sssd-session-recording" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-session-recording.5.xml:17 +msgid "Configuring session recording with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to " +"implement user session recording on text terminals. For a detailed " +"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> " +"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:41 +msgid "" +"SSSD can be set up to enable recording of everything specific users see or " +"type during their sessions on text terminals. E.g. when users log in on the " +"console, or via SSH. SSSD itself doesn't record anything, but makes sure " +"tlog-rec-session is started upon user login, so it can record according to " +"its configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:48 +msgid "" +"For users with session recording enabled, SSSD replaces the user shell with " +"tlog-rec-session in NSS responses, and adds a variable specifying the " +"original shell to the user environment, upon PAM session setup. This way " +"tlog-rec-session can be started in place of the user shell, and know which " +"actual shell to start, once it set up the recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:60 +msgid "These options can be used to configure the session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:178 +msgid "" +"The following snippet of sssd.conf enables session recording for users " +"\"contractor1\" and \"contractor2\", and group \"students\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-session-recording.5.xml:183 +#, no-wrap +msgid "" +"[session_recording]\n" +"scope = some\n" +"users = contractor1, contractor2\n" +"groups = students\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16 +msgid "sssd-kcm" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-kcm.8.xml:17 +msgid "SSSD Kerberos Cache Manager" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:23 +msgid "" +"This manual page describes the configuration of the SSSD Kerberos Cache " +"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos " +"credential caches. It originates in the Heimdal Kerberos project, although " +"the MIT Kerberos library also provides client side (more details on that " +"below) support for the KCM credential cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:31 +msgid "" +"In a setup where Kerberos caches are managed by KCM, the Kerberos library " +"(typically used through an application, like e.g., <citerefentry> " +"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </" +"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is " +"being referred to as a <quote>\"KCM server\"</quote>. The client and server " +"communicate over a UNIX socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:42 +msgid "" +"The KCM server keeps track of each credential caches's owner and performs " +"access check control based on the UID and GID of the KCM client. The root " +"user has access to all credential caches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:47 +msgid "The KCM credential cache has several interesting properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:51 +msgid "" +"since the process runs in userspace, it is subject to UID namespacing, " +"unlike the kernel keyring" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:56 +msgid "" +"unlike the kernel keyring-based cache, which is shared between all " +"containers, the KCM server is a separate process whose entry point is a UNIX " +"socket" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:61 +msgid "" +"the SSSD implementation stores the ccaches in a database, typically located " +"at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to " +"survive KCM server restarts or machine reboots." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:67 +msgid "" +"This allows the system to use a collection-aware credential cache, yet share " +"the credential cache between some or no containers by bind-mounting the " +"socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:72 +msgid "" +"The KCM default client idle timeout is 5 minutes, this allows more time for " +"user interaction with command line tools such as kinit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:78 +msgid "USING THE KCM CREDENTIAL CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:88 +#, no-wrap +msgid "" +"[libdefaults]\n" +" default_ccache_name = KCM:\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:80 +msgid "" +"In order to use KCM credential cache, it must be selected as the default " +"credential type in <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials " +"cache name must be only <quote>KCM:</quote> without any template " +"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:93 +msgid "" +"Next, make sure the Kerberos client libraries and the KCM server must agree " +"on the UNIX socket path. By default, both use the same path <replaceable>/" +"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos " +"library, change its <quote>kcm_socket</quote> option which is described in " +"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:115 +#, no-wrap +msgid "" +"systemctl start sssd-kcm.socket\n" +"systemctl enable sssd-kcm.socket\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:104 +msgid "" +"Finally, make sure the SSSD KCM server can be contacted. The KCM service is " +"typically socket-activated by <citerefentry> <refentrytitle>systemd</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD " +"services, it cannot be started by adding the <quote>kcm</quote> string to " +"the <quote>service</quote> directive. <placeholder type=\"programlisting\" " +"id=\"0\"/> Please note your distribution may already configure the units for " +"you." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:124 +msgid "THE CREDENTIAL CACHE STORAGE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:126 +msgid "" +"The credential caches are stored in a database, much like SSSD caches user " +"or group entries. The database is typically located at <quote>/var/lib/sss/" +"secrets</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:133 +msgid "OBTAINING DEBUG LOGS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:144 +#, no-wrap +msgid "" +"[kcm]\n" +"debug_level = 10\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:149 sssd-kcm.8.xml:211 +#, no-wrap +msgid "" +"systemctl restart sssd-kcm.service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:135 +msgid "" +"The sssd-kcm service is typically socket-activated <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry>. To generate debug logs, add the following either to the " +"<filename>/etc/sssd/sssd.conf</filename> file directly or as a configuration " +"snippet to <filename>/etc/sssd/conf.d/</filename> directory: <placeholder " +"type=\"programlisting\" id=\"0\"/> Then, restart the sssd-kcm service: " +"<placeholder type=\"programlisting\" id=\"1\"/> Finally, run whatever use-" +"case doesn't work for you. The KCM logs will be generated at <filename>/var/" +"log/sssd/sssd_kcm.log</filename>. It is recommended to disable the debug " +"logs when you no longer need the debugging to be enabled as the sssd-kcm " +"service can generate quite a large amount of debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:159 +msgid "" +"Please note that configuration snippets are, at the moment, only processed " +"if the main configuration file at <filename>/etc/sssd/sssd.conf</filename> " +"exists at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:166 +msgid "RENEWALS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:174 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"krb5_renew_interval = 60m\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:168 +msgid "" +"The sssd-kcm service can be configured to attempt TGT renewal for renewable " +"TGTs stored in the KCM ccache. Renewals are only attempted when half of the " +"ticket lifetime has been reached. KCM Renewals are configured when the " +"following options are set in the [kcm] section: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:179 +msgid "" +"SSSD can also inherit krb5 options for renewals from an existing domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: sssd-kcm.8.xml:183 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"tgt_renewal_inherit = domain-name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:191 +#, no-wrap +msgid "" +"krb5_renew_interval\n" +"krb5_renewable_lifetime\n" +"krb5_lifetime\n" +"krb5_validate\n" +"krb5_canonicalize\n" +"krb5_auth_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:187 +msgid "" +"The following krb5 options can be configured in the [kcm] section to control " +"renewal behavior, these options are described in detail below <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:204 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> section of the sssd." +"conf file. Please note that because the KCM service is typically socket-" +"activated, it is enough to just restart the <quote>sssd-kcm</quote> service " +"after changing options in the <quote>kcm</quote> section of sssd.conf: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:215 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> For a detailed " +"syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:223 +msgid "" +"The generic SSSD service options such as <quote>debug_level</quote> or " +"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for a complete list. In addition, " +"there are some KCM-specific options as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:234 +msgid "socket_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:237 +msgid "The socket the KCM service will listen on." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:240 +msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:243 +msgid "" +"<phrase condition=\"have_systemd\"> Note: on platforms where systemd is " +"supported, the socket path is overwritten by the one defined in the sssd-kcm." +"socket unit file. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:252 +msgid "max_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:255 +msgid "How many credential caches does the KCM database allow for all users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:259 +msgid "Default: 0 (unlimited, only the per-UID quota is enforced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:264 +msgid "max_uid_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:267 +msgid "" +"How many credential caches does the KCM database allow per UID. This is " +"equivalent to <quote>with how many principals you can kinit</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:272 +msgid "Default: 64" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:277 +msgid "max_ccache_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:280 +msgid "" +"How big can a credential cache be per ccache. Each service ticket accounts " +"into this quota." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:284 +msgid "Default: 65536" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:289 +msgid "tgt_renewal (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:292 +msgid "Enables TGT renewals functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:295 +msgid "Default: False (Automatic renewals disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:300 +#, fuzzy +#| msgid "re_expression (string)" +msgid "tgt_renewal_inherit (string)" +msgstr "re_expression (tekst)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:303 +msgid "Domain to inherit krb5_* options from, for use with TGT renewals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:307 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: NULL" +msgstr "Standaard: 3" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:318 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>," +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16 +msgid "sssd-systemtap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-systemtap.5.xml:17 +msgid "SSSD systemtap information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:23 +msgid "" +"This manual page provides information about the systemtap functionality in " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:32 +msgid "" +"SystemTap Probe points have been added into various locations in SSSD code " +"to assist in troubleshooting and analyzing performance related issues." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:40 +msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:46 +msgid "" +"Probes and miscellaneous functions are defined in /usr/share/systemtap/" +"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp " +"respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:57 +msgid "PROBE POINTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:367 +msgid "" +"The information below lists the probe points and arguments available in the " +"following format:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:64 +msgid "probe $name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:67 +msgid "Description of probe point" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:70 +#, no-wrap +msgid "" +"variable1:datatype\n" +"variable2:datatype\n" +"variable3:datatype\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:80 +msgid "Database Transaction Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:84 +msgid "probe sssd_transaction_start" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:87 +msgid "" +"Start of a sysdb transaction, probes the sysdb_transaction_start() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118 +#: sssd-systemtap.5.xml:131 +#, no-wrap +msgid "" +"nesting:integer\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:97 +msgid "probe sssd_transaction_cancel" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:100 +msgid "" +"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() " +"function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:111 +msgid "probe sssd_transaction_commit_before" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:114 +msgid "Probes the sysdb_transaction_commit_before() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:124 +msgid "probe sssd_transaction_commit_after" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:127 +msgid "Probes the sysdb_transaction_commit_after() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:141 +msgid "LDAP Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:145 +msgid "probe sdap_search_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:148 +msgid "Probes the sdap_get_generic_ext_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:152 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"attrs:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:161 +msgid "probe sdap_search_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:164 +msgid "Probes the sdap_get_generic_ext_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:168 sssd-systemtap.5.xml:222 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:176 +msgid "probe sdap_parse_entry" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:179 +msgid "" +"Probes the sdap_parse_entry() function. It is called repeatedly with every " +"received attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:184 +#, no-wrap +msgid "" +"attr:string\n" +"value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:190 +msgid "probe sdap_parse_entry_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:193 +msgid "" +"Probes the sdap_parse_entry() function. It is called when parsing of " +"received object is finished." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:201 +msgid "probe sdap_deref_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:204 +msgid "Probes the sdap_deref_search_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:208 +#, no-wrap +msgid "" +"base_dn:string\n" +"deref_attr:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:215 +msgid "probe sdap_deref_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:218 +msgid "Probes the sdap_deref_search_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:234 +msgid "LDAP Account Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:238 +msgid "probe sdap_acct_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:241 +msgid "Probes the sdap_acct_req_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:245 sssd-systemtap.5.xml:260 +#, no-wrap +msgid "" +"entry_type:int\n" +"filter_type:int\n" +"filter_value:string\n" +"extra_value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:253 +msgid "probe sdap_acct_req_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:256 +msgid "Probes the sdap_acct_req_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:272 +msgid "LDAP User Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:276 +msgid "probe sdap_search_user_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:279 +msgid "Probes the sdap_search_user_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:283 sssd-systemtap.5.xml:295 sssd-systemtap.5.xml:307 +#: sssd-systemtap.5.xml:319 +#, no-wrap +msgid "" +"filter:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:288 +msgid "probe sdap_search_user_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:291 +msgid "Probes the sdap_search_user_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:300 +msgid "probe sdap_search_user_save_begin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:303 +msgid "Probes the sdap_search_user_save_begin() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:312 +msgid "probe sdap_search_user_save_end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:315 +msgid "Probes the sdap_search_user_save_end() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:328 +msgid "Data Provider Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:332 +msgid "probe dp_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:335 +msgid "A Data Provider request is submitted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:338 +#, no-wrap +msgid "" +"dp_req_domain:string\n" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:346 +msgid "probe dp_req_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:349 +msgid "A Data Provider request is completed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:352 +#, no-wrap +msgid "" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +"dp_ret:int\n" +"dp_errorstr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:365 +msgid "MISCELLANEOUS FUNCTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:372 +msgid "function acct_req_desc(entry_type)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:375 +msgid "Convert entry_type to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:380 +msgid "" +"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, " +"filter_value, extra_value)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:384 +msgid "Create probe string based on filter type" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:389 +msgid "function dp_target_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:392 +msgid "Convert target to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:397 +msgid "function dp_method_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:400 +msgid "Convert method to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:410 +msgid "SAMPLE SYSTEMTAP SCRIPTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:412 +msgid "" +"Start the SystemTap script (<command>stap /usr/share/sssd/systemtap/<" +"script_name>.stp</command>), then perform an identity operation and the " +"script will collect information from probes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:418 +msgid "Provided SystemTap scripts are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:422 +msgid "dp_request.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:425 +msgid "Monitoring of data provider request performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:430 +msgid "id_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:433 +msgid "Monitoring of <command>id</command> command performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:439 +msgid "ldap_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:442 +msgid "Monitoring of LDAP queries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:447 +msgid "nested_group_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:450 +msgid "Performance of nested groups resolving." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +msgid "sssd-ldap-attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap-attributes.5.xml:17 +msgid "SSSD LDAP Provider: Mapping Attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap-attributes.5.xml:23 +msgid "" +"This manual page describes the mapping attributes of SSSD LDAP provider " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. Refer to the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " +"for full details about SSSD LDAP provider configuration options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:38 +msgid "USER ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:42 +msgid "ldap_user_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:45 +msgid "The object class of a user entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:48 +msgid "Default: posixAccount" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:54 +msgid "ldap_user_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:57 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:61 +msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:68 +msgid "ldap_user_uid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:71 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:75 +msgid "Default: uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:81 +msgid "ldap_user_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:84 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:88 sssd-ldap-attributes.5.xml:698 +msgid "Default: gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:94 +msgid "ldap_user_primary_group (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:97 +msgid "" +"Active Directory primary group attribute for ID-mapping. Note that this " +"attribute should only be set manually if you are running the <quote>ldap</" +"quote> provider with ID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:103 +msgid "Default: unset (LDAP), primaryGroupID (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:109 +msgid "ldap_user_gecos (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:112 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:116 +msgid "Default: gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:122 +msgid "ldap_user_home_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:125 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:129 +msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:135 +msgid "ldap_user_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:138 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:142 +msgid "Default: loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:148 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:151 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:155 sssd-ldap-attributes.5.xml:724 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:162 +msgid "ldap_user_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:165 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:170 sssd-ldap-attributes.5.xml:739 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:177 +msgid "ldap_user_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:180 sssd-ldap-attributes.5.xml:749 +#: sssd-ldap-attributes.5.xml:872 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:184 sssd-ldap-attributes.5.xml:753 +#: sssd-ldap-attributes.5.xml:879 +msgid "Default: modifyTimestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:190 +msgid "ldap_user_shadow_last_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:193 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:203 +msgid "Default: shadowLastChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:209 +msgid "ldap_user_shadow_min (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:212 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:221 +msgid "Default: shadowMin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:227 +msgid "ldap_user_shadow_max (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:230 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:239 +msgid "Default: shadowMax" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:245 +msgid "ldap_user_shadow_warning (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:248 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:258 +msgid "Default: shadowWarning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:264 +msgid "ldap_user_shadow_inactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:267 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:277 +msgid "Default: shadowInactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:283 +msgid "ldap_user_shadow_expire (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:286 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:296 +msgid "Default: shadowExpire" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:302 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:305 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:311 +msgid "Default: krbLastPwdChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:317 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:320 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:326 +msgid "Default: krbPasswordExpiration" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:332 +msgid "ldap_user_ad_account_expires (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:335 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:340 +msgid "Default: accountExpires" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:346 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:349 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:354 +msgid "Default: userAccountControl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:360 +msgid "ldap_ns_account_lock (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:363 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:368 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:374 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:377 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:381 sssd-ldap-attributes.5.xml:395 +msgid "Default: loginDisabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:387 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:390 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:401 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:404 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:409 +msgid "Default: loginAllowedTimeMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:415 +msgid "ldap_user_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:418 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:422 +msgid "Default: krbPrincipalName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:428 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:431 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:436 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:446 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:456 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:459 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:463 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:466 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:476 +msgid "ldap_user_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:479 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:483 sssd-ldap-attributes.5.xml:963 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:489 +msgid "ldap_user_fullname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:492 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:502 +msgid "ldap_user_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:505 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:509 sssd-ldap-attributes.5.xml:950 +msgid "Default: memberOf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:515 +msgid "ldap_user_authorized_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:518 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:525 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:530 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:537 +msgid "" +"Some distributions (such as Fedora-29+ or RHEL-8) always include the " +"<quote>systemd-user</quote> PAM service as part of the login process. " +"Therefore when using service-based access control, the <quote>systemd-user</" +"quote> service might need to be added to the list of allowed services." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:545 +msgid "Default: authorizedService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:551 +msgid "ldap_user_authorized_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:554 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:560 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:565 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:572 +msgid "Default: host" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:578 +msgid "ldap_user_authorized_rhost (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:581 +msgid "" +"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the " +"presence of the rhost attribute in the user's LDAP entry to determine access " +"privilege. Similarly to host verification process." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:588 +msgid "" +"An explicit deny (!rhost) is resolved first. Second, SSSD searches for " +"explicit allow (rhost) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:593 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>rhost</quote> in order for the " +"ldap_user_authorized_rhost option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:600 +msgid "Default: rhost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:606 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:609 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:613 +msgid "Default: userCertificate;binary" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:619 +msgid "ldap_user_email (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:622 +msgid "Name of the LDAP attribute containing the email address of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:626 +msgid "" +"Note: If an email address of a user conflicts with an email address or fully " +"qualified name of another user, then SSSD will not be able to serve those " +"users properly. If for some reason several users need to share the same " +"email address then set this option to a nonexistent attribute name in order " +"to disable user lookup/login by email." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:635 +msgid "Default: mail" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:640 +#, fuzzy +#| msgid "re_expression (string)" +msgid "ldap_user_passkey (string)" +msgstr "re_expression (tekst)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:643 +msgid "" +"Name of the LDAP attribute containing the passkey mapping data of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:647 +msgid "Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:657 +msgid "GROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:661 +msgid "ldap_group_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:664 +msgid "The object class of a group entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:667 +msgid "Default: posixGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:673 +msgid "ldap_group_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:676 +msgid "" +"The LDAP attribute that corresponds to the group name. In an environment " +"with nested groups, this value must be an LDAP attribute which has a unique " +"name for every group. This requirement includes non-POSIX groups in the tree " +"of nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:684 +msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:691 +msgid "ldap_group_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:694 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:704 +msgid "ldap_group_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:707 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:711 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:717 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:720 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:731 +msgid "ldap_group_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:734 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:746 +msgid "ldap_group_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:759 +msgid "ldap_group_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:762 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:767 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:773 +msgid "Default: groupType in the AD provider, otherwise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:780 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:783 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:789 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:799 +msgid "NETGROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:803 +msgid "ldap_netgroup_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:806 +msgid "The object class of a netgroup entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:809 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:813 +msgid "Default: nisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:819 +msgid "ldap_netgroup_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:822 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:826 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:836 +msgid "ldap_netgroup_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:839 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:843 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:847 +msgid "Default: memberNisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:853 +msgid "ldap_netgroup_triple (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:856 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:860 sssd-ldap-attributes.5.xml:876 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:863 +msgid "Default: nisNetgroupTriple" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:869 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:888 +msgid "HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:892 +msgid "ldap_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:895 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:898 sssd-ldap-attributes.5.xml:995 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:904 +msgid "ldap_host_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:907 sssd-ldap-attributes.5.xml:933 +msgid "The LDAP attribute that corresponds to the host's name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:917 +msgid "ldap_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:920 +msgid "" +"The LDAP attribute that corresponds to the host's fully-qualified domain " +"name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:924 +msgid "Default: fqdn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:930 +msgid "ldap_host_serverhostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:937 +msgid "Default: serverHostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:943 +msgid "ldap_host_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:946 +msgid "The LDAP attribute that lists the host's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:956 +msgid "ldap_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:959 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:969 +msgid "ldap_host_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:972 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:985 +msgid "SERVICE ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:989 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:992 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1001 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1004 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1014 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1017 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1021 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1027 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1030 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1034 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1043 +msgid "SUDO ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1047 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1050 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1053 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1059 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1062 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1072 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1075 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1079 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1085 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1088 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1093 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1099 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1102 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1106 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1112 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1115 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1119 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1125 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1128 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1132 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1138 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1141 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1145 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1151 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1154 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1158 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1164 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1167 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1172 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1178 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1181 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1185 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1194 +msgid "AUTOFS ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1201 +msgid "IP HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1205 +msgid "ldap_iphost_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1208 +msgid "The object class of an iphost entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1211 +msgid "Default: ipHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1217 +msgid "ldap_iphost_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1220 +msgid "" +"The LDAP attribute that contains the name of the IP host attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1230 +msgid "ldap_iphost_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1233 +msgid "The LDAP attribute that contains the IP host address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1237 +msgid "Default: ipHostNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1246 +msgid "IP NETWORK ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1250 +msgid "ldap_ipnetwork_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1253 +msgid "The object class of an ipnetwork entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1256 +msgid "Default: ipNetwork" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1262 +msgid "ldap_ipnetwork_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1265 +msgid "" +"The LDAP attribute that contains the name of the IP network attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1275 +msgid "ldap_ipnetwork_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1278 +msgid "The LDAP attribute that contains the IP network address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1282 +msgid "Default: ipNetworkNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_localauth_plugin.8.xml:10 sssd_krb5_localauth_plugin.8.xml:15 +msgid "sssd_krb5_localauth_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_localauth_plugin.8.xml:16 +msgid "Kerberos local authorization plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:22 +msgid "" +"The Kerberos local authorization plugin <command>sssd_krb5_localauth_plugin</" +"command> is used by libkrb5 to either find the local name for a given " +"Kerberos principal or to check if a given local name and a given Kerberos " +"principal relate to each other." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:29 +msgid "" +"SSSD handles the local names for users from a remote source and can read the " +"Kerberos user principal name from the remote source as well. With this " +"information SSSD can easily handle the mappings mentioned above even if the " +"local name and the Kerberos principal differ considerably." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:36 +msgid "" +"Additionally with the information read from the remote source SSSD can help " +"to prevent unexpected or unwanted mappings in case the user part of the " +"Kerberos principal accidentally corresponds to a local name of a different " +"user. By default libkrb5 might just strip the realm part of the Kerberos " +"principal to get the local name which would lead to wrong mappings in this " +"case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd_krb5_localauth_plugin.8.xml:46 +msgid "CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd_krb5_localauth_plugin.8.xml:56 +#, no-wrap +msgid "" +"[plugins]\n" +" localauth = {\n" +" module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so\n" +" }\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:48 +msgid "" +"The Kerberos local authorization plugin must be enabled explicitly in the " +"Kerberos configuration, see <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. SSSD will create a " +"config snippet with the content like e.g. <placeholder " +"type=\"programlisting\" id=\"0\"/> automatically in the SSSD's public " +"Kerberos configuration snippet directory. If this directory is included in " +"the local Kerberos configuration the plugin will be enabled automatically." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:3 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:6 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:9 +msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:16 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:19 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:22 +msgid "" +"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:29 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:32 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:37 +msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:44 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:47 include/autofs_attributes.xml:61 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:51 +msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:58 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:65 +msgid "" +"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise " +"automountInformation" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" + +#. type: Content of: <refentryinfo> +#: include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - https://github." +"com/SSSD/sssd/</orgname>" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:53 +msgid "Failover time outs and tuning" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:55 +msgid "" +"Resolving a server to connect to can be as simple as running a single DNS " +"query or can involve several steps, such as finding the correct site or " +"trying out multiple host names in case some of the configured servers are " +"not reachable. The more complex scenarios can take some time and SSSD needs " +"to balance between providing enough time to finish the resolution process " +"but on the other hand, not trying for too long before falling back to " +"offline mode. If the SSSD debug logs show that the server resolution is " +"timing out before a live server is contacted, you can consider changing the " +"time outs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:76 +msgid "dns_resolver_server_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:80 +msgid "" +"Time in milliseconds that sets how long would SSSD talk to a single DNS " +"server before trying next one." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:90 +msgid "dns_resolver_op_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:94 +msgid "" +"Time in seconds to tell how long would SSSD try to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or discovery domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:106 +msgid "dns_resolver_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:110 +msgid "" +"How long would SSSD try to resolve a failover service. This service " +"resolution internally might include several steps, such as resolving DNS SRV " +"queries or locating the site." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:67 +msgid "" +"This section lists the available tunables. Please refer to their description " +"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:123 +msgid "" +"For LDAP-based providers, the resolve operation is performed as part of an " +"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout</" +"quote> timeout should be set to a larger value than " +"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger " +"value than <quote>dns_resolver_op_timeout</quote> which should be larger " +"than <quote>dns_resolver_server_timeout</quote>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 200,000 and going up to " +"2,000,200,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower (inclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:129 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:139 include/ldap_id_mapping.xml:197 +msgid "Default: 200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:144 +msgid "ldap_idmap_range_max (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:147 +msgid "" +"Specifies the upper (exclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"cannot be used for the mapping anymore, i.e. one larger than the last one " +"which can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:155 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:165 +msgid "Default: 2000200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:170 +msgid "ldap_idmap_range_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:185 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:192 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:202 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:205 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:216 +msgid "ldap_idmap_default_domain (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:219 +msgid "Specify the name of the default domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:227 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:230 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:235 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monotonically with each additional domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:240 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:255 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:258 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:262 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:279 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:287 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:290 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:291 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:292 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:293 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:294 +msgid "Mandatory Label Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:295 +msgid "Authentication Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:296 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:297 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:299 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:303 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote>LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, " +"<quote>MANDATORY LABEL AUTHORITY</quote>, <quote>AUTHENTICATION AUTHORITY</" +"quote>, <quote>NT AUTHORITY</quote> and <quote>BUILTIN</quote> should not be " +"used as domain names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10 +msgid "Currently supported debug levels:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill SSSD, but one that indicates that at least one major " +"feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x20000</emphasis>: Performance and " +"statistical data, please note that due to the way requests are processed " +"internally the logged execution time of a request might be longer than it " +"actually was." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:88 include/debug_levels_tools.xml:62 +msgid "" +"<emphasis>10</emphasis>, <emphasis>0x10000</emphasis>: Even more low-level " +"libldb tracing information. Almost never really required." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:93 include/debug_levels_tools.xml:67 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:97 include/debug_levels_tools.xml:71 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:101 include/debug_levels_tools.xml:75 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:106 include/debug_levels_tools.xml:80 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:110 include/debug_levels_tools.xml:84 +msgid "" +"<emphasis>Default</emphasis>: 0x0070 (i.e. fatal, critical and serious " +"failures; corresponds to setting 2 in decimal notation)" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ldap-attributes</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ad</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +"condition=\"with_files_provider\"> <citerefentry> <refentrytitle>sssd-files</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, </phrase> <phrase " +"condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +"<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> " +"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> </phrase>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:27 +msgid "%l" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "The first letter of the login name." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:32 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:35 +msgid "%o" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:37 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:44 +msgid "" +"The original home directory retrieved from the identity provider, but in " +"lower case." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:49 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:51 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:63 +msgid "This option can also be set per-domain." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:68 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:72 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:76 +msgid "" +"Please note, the home directory from a specific override for the user, " +"either locally (see <citerefentry><refentrytitle>sss_override</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry>) or centrally managed " +"IPA id-overrides, has a higher precedence and will be used instead of the " +"value given by override_homedir." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2 +msgid "MODIFIED DEFAULT OPTIONS" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ad_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and AD provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9 +msgid "KRB5 Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13 +msgid "krb5_validate = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:18 +msgid "krb5_use_enterprise_principal = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:24 +msgid "LDAP Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:28 +msgid "ldap_schema = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38 +msgid "ldap_force_upper_case_realm = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:38 +msgid "ldap_id_mapping = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSS-SPNEGO" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:48 +msgid "ldap_referrals = false" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58 +msgid "ldap_use_tokengroups = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:63 +msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:66 +msgid "" +"The AD provider looks for a different principal than the LDAP provider by " +"default, because in an Active Directory environment the principals are " +"divided into two groups - User Principals and Service Principals. Only User " +"Principal can be used to obtain a TGT and by default, computer object's " +"principal is constructed from its sAMAccountName and the AD realm. The well-" +"known host/hostname@REALM principal is a Service Principal and thus cannot " +"be used to get a TGT with." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:80 +msgid "NSS configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:84 +msgid "fallback_homedir = /home/%d/%u" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:87 +msgid "" +"The AD provider automatically sets \"fallback_homedir = /home/%d/%u\" to " +"provide personal home directories for users without the homeDirectory " +"attribute. If your AD Domain is properly populated with Posix attributes, " +"and you want to avoid this fallback behavior, you can explicitly set " +"\"fallback_homedir = %o\"." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:96 +msgid "" +"Note that the system typically expects a home directory in /home/%u folder. " +"If you decide to use a different directory structure, some other parts of " +"your system may need adjustments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:102 +msgid "" +"For example automated creation of home directories in combination with " +"selinux requires selinux adjustment, otherwise the home directory will be " +"created with wrong selinux context." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ipa_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and IPA provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:18 +msgid "krb5_use_fast = try" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:23 +msgid "krb5_canonicalize = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:29 +msgid "LDAP Provider - General" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:33 +msgid "ldap_schema = ipa_v1" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSSAPI" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:48 +msgid "ldap_sasl_minssf = 56" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ipa" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:64 +msgid "LDAP Provider - User options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:68 +msgid "ldap_user_member_of = memberOf" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:73 +msgid "ldap_user_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:78 +msgid "ldap_user_ssh_public_key = ipaSshPubKey" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:83 +msgid "ldap_user_auth_type = ipaUserAuthType" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:89 +msgid "LDAP Provider - Group options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:93 +msgid "ldap_group_object_class = ipaUserGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:98 +msgid "ldap_group_object_class_alt = posixGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:103 +msgid "ldap_group_member = member" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:108 +msgid "ldap_group_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:113 +msgid "ldap_group_objectsid = ipaNTSecurityIdentifier" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:118 +msgid "ldap_group_external_member = ipaExternalMember" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:3 +msgid "krb5_auth_timeout (integer)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:6 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:17 +msgid "krb5_validate (boolean)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:20 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:29 +msgid "Default: false (IPA and AD provider: true)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:32 +msgid "" +"Please note that the ticket validation is the first step when checking the " +"PAC (see 'pac_check' in the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page for " +"details). If ticket validation is disabled the PAC checks will be skipped as " +"well." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:44 +msgid "krb5_renewable_lifetime (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:47 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:52 include/krb5_options.xml:86 +#: include/krb5_options.xml:123 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:55 include/krb5_options.xml:89 +#: include/krb5_options.xml:126 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:58 include/krb5_options.xml:92 +#: include/krb5_options.xml:129 +msgid "<emphasis>h</emphasis> for hours" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:61 include/krb5_options.xml:95 +#: include/krb5_options.xml:132 +msgid "<emphasis>d</emphasis> for days." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:64 include/krb5_options.xml:135 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:68 include/krb5_options.xml:139 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:73 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:79 +msgid "krb5_lifetime (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:82 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:98 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:102 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:107 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:114 +msgid "krb5_renew_interval (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:117 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:144 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:157 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" + +#~ msgid "" +#~ "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +#~ "which translates to \"the name is everything up to the <quote>@</quote> " +#~ "sign, the domain everything after that\"" +#~ msgstr "" +#~ "Standaard: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +#~ "wat zich vertaalt tot \"de gebruikersnaam is alles tot <quote>@</quote> , " +#~ "het domein alles daarna\"" + +#~ msgid "sss_groupmod" +#~ msgstr "sss_groupmod" + +#~ msgid "modify a group" +#~ msgstr "muteer een groep" + +#~ msgid "" +#~ "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>opties</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROEP</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_groupmod</command> modifies the group to reflect the changes " +#~ "that are specified on the command line." +#~ msgstr "" +#~ "<command>sss_groupmod</command> muteert de groep en maakt de aanpassingen " +#~ "die via de opdrachtregel ingegeven zijn." + +#~ msgid "" +#~ "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-a</option>,<option>--append-group</option> <replaceable>GROEPEN</" +#~ "replaceable>" + +#~ msgid "" +#~ "Append this group to groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter " +#~ "is a comma separated list of group names." +#~ msgstr "" +#~ "Voeg deze groep toe aan de groepen opgegeven met de " +#~ "<replaceable>GROEPEN</replaceable> parameter. De <replaceable>GROEPEN</" +#~ "replaceable> parameter is een kommagescheiden lijst van groepnamen." + +#~ msgid "" +#~ "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-r</option>,<option>--remove-group</option> <replaceable>GROEPEN</" +#~ "replaceable>" + +#~ msgid "" +#~ "Remove this group from groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter." +#~ msgstr "" +#~ "Verwijder deze groep uit de groepen opgegeven in de <replaceable>GROEPEN</" +#~ "replaceable> parameter." diff --git a/src/man/po/po4a.cfg b/src/man/po/po4a.cfg new file mode 100644 index 0000000..1f20e4b --- /dev/null +++ b/src/man/po/po4a.cfg @@ -0,0 +1,49 @@ +[po4a_langs] br ca cs de es eu fi fr ja lv nl pt pt_BR ru sv tg uk zh_CN +[po4a_paths] po/sssd-docs.pot $lang:po/$lang.po +[type:docbook] sssd.conf.5.xml $lang:$(builddir)/$lang/sssd.conf.5.xml +[type:docbook] sssd-ldap.5.xml $lang:$(builddir)/$lang/sssd-ldap.5.xml +[type:docbook] pam_sss.8.xml $lang:$(builddir)/$lang/pam_sss.8.xml +[type:docbook] pam_sss_gss.8.xml $lang:$(builddir)/$lang/pam_sss_gss.8.xml +[type:docbook] sssd_krb5_locator_plugin.8.xml $lang:$(builddir)/$lang/sssd_krb5_locator_plugin.8.xml +[type:docbook] sssd-simple.5.xml $lang:$(builddir)/$lang/sssd-simple.5.xml +[type:docbook] sss-certmap.5.xml $lang:$(builddir)/$lang/sss-certmap.5.xml +[type:docbook] sssd-ipa.5.xml $lang:$(builddir)/$lang/sssd-ipa.5.xml +[type:docbook] sssd-ad.5.xml $lang:$(builddir)/$lang/sssd-ad.5.xml +[type:docbook] sssd-sudo.5.xml $lang:$(builddir)/$lang/sssd-sudo.5.xml +[type:docbook] sssd.8.xml $lang:$(builddir)/$lang/sssd.8.xml +[type:docbook] sss_obfuscate.8.xml $lang:$(builddir)/$lang/sss_obfuscate.8.xml +[type:docbook] sss_override.8.xml $lang:$(builddir)/$lang/sss_override.8.xml +[type:docbook] sssd-krb5.5.xml $lang:$(builddir)/$lang/sssd-krb5.5.xml +[type:docbook] sss_cache.8.xml $lang:$(builddir)/$lang/sss_cache.8.xml +[type:docbook] sss_debuglevel.8.xml $lang:$(builddir)/$lang/sss_debuglevel.8.xml +[type:docbook] sss_seed.8.xml $lang:$(builddir)/$lang/sss_seed.8.xml +[type:docbook] sssd-ifp.5.xml $lang:$(builddir)/$lang/sssd-ifp.5.xml +[type:docbook] sss_rpcidmapd.5.xml $lang:$(builddir)/$lang/sss_rpcidmapd.5.xml +[type:docbook] sss_ssh_authorizedkeys.1.xml $lang:$(builddir)/$lang/sss_ssh_authorizedkeys.1.xml +[type:docbook] sss_ssh_knownhostsproxy.1.xml $lang:$(builddir)/$lang/sss_ssh_knownhostsproxy.1.xml +[type:docbook] idmap_sss.8.xml $lang:$(builddir)/$lang/idmap_sss.8.xml +[type:docbook] sssctl.8.xml $lang:$(builddir)/$lang/sssctl.8.xml +[type:docbook] sssd-files.5.xml $lang:$(builddir)/$lang/sssd-files.5.xml +[type:docbook] sssd-session-recording.5.xml $lang:$(builddir)/$lang/sssd-session-recording.5.xml +[type:docbook] sssd-kcm.8.xml $lang:$(builddir)/$lang/sssd-kcm.8.xml opt:"-k 40" +[type:docbook] sssd-systemtap.5.xml $lang:$(builddir)/$lang/sssd-systemtap.5.xml +[type:docbook] sssd-ldap-attributes.5.xml $lang:$(builddir)/$lang/sssd-ldap-attributes.5.xml +[type:docbook] sssd_krb5_localauth_plugin.8.xml $lang:$(builddir)/$lang/sssd_krb5_localauth_plugin.8.xml +[type:docbook] include/autofs_attributes.xml $lang:$(builddir)/$lang/include/autofs_attributes.xml opt:"-k 0" +[type:docbook] include/service_discovery.xml $lang:$(builddir)/$lang/include/service_discovery.xml opt:"-k 0" +[type:docbook] include/upstream.xml $lang:$(builddir)/$lang/include/upstream.xml opt:"-k 0" +[type:docbook] include/failover.xml $lang:$(builddir)/$lang/include/failover.xml opt:"-k 0" +[type:docbook] include/ldap_id_mapping.xml $lang:$(builddir)/$lang/include/ldap_id_mapping.xml opt:"-k 0" +[type:docbook] include/param_help.xml $lang:$(builddir)/$lang/include/param_help.xml opt:"-k 0" +[type:docbook] include/param_help_py.xml $lang:$(builddir)/$lang/include/param_help_py.xml opt:"-k 0" +[type:docbook] include/debug_levels.xml $lang:$(builddir)/$lang/include/debug_levels.xml opt:"-k 0" +[type:docbook] include/debug_levels_tools.xml $lang:$(builddir)/$lang/include/debug_levels_tools.xml opt:"-k 0" +[type:docbook] include/local.xml $lang:$(builddir)/$lang/include/local.xml opt:"-k 0" +[type:docbook] include/seealso.xml $lang:$(builddir)/$lang/include/seealso.xml opt:"-k 0" +[type:docbook] include/ldap_search_bases.xml $lang:$(builddir)/$lang/include/ldap_search_bases.xml opt:"-k 0" +[type:docbook] include/autofs_restart.xml $lang:$(builddir)/$lang/include/autofs_restart.xml opt:"-k 0" +[type:docbook] include/override_homedir.xml $lang:$(builddir)/$lang/include/override_homedir.xml opt:"-k 0" +[type:docbook] include/homedir_substring.xml $lang:$(builddir)/$lang/include/homedir_substring.xml opt:"-k 0" +[type:docbook] include/ad_modified_defaults.xml $lang:$(builddir)/$lang/include/ad_modified_defaults.xml opt:"-k 0" +[type:docbook] include/ipa_modified_defaults.xml $lang:$(builddir)/$lang/include/ipa_modified_defaults.xml opt:"-k 0" +[type:docbook] include/krb5_options.xml $lang:$(builddir)/$lang/include/krb5_options.xml opt:"-k 0" diff --git a/src/man/po/pt.po b/src/man/po/pt.po new file mode 100644 index 0000000..d2ae946 --- /dev/null +++ b/src/man/po/pt.po @@ -0,0 +1,18561 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# Miguel Sousa <migueljorgesousa@sapo.pt>, 2011 +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 2.3.0\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" +"PO-Revision-Date: 2014-12-15 12:05-0500\n" +"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" +"Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/" +"pt/)\n" +"Language: pt\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Zanata 4.6.2\n" + +#. type: Content of: <reference><title> +#: sssd.conf.5.xml:8 sssd-ldap.5.xml:5 pam_sss.8.xml:5 pam_sss_gss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5 +#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 +#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sssd-krb5.5.xml:5 +#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5 +#: sssd-files.5.xml:5 sssd-session-recording.5.xml:5 sssd-kcm.8.xml:5 +#: sssd-systemtap.5.xml:5 sssd-ldap-attributes.5.xml:5 +#: sssd_krb5_localauth_plugin.8.xml:5 +msgid "SSSD Manual pages" +msgstr "Páginas de Manual de SSSD" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:13 sssd.conf.5.xml:19 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:14 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 +#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +#: sssd-files.5.xml:11 sssd-session-recording.5.xml:11 sssd-systemtap.5.xml:11 +#: sssd-ldap-attributes.5.xml:11 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:15 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 +#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +#: sssd-files.5.xml:12 sssd-session-recording.5.xml:12 sssd-kcm.8.xml:12 +#: sssd-systemtap.5.xml:12 sssd-ldap-attributes.5.xml:12 +msgid "File Formats and Conventions" +msgstr "Formatos de ficheiros e convenções" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:20 +msgid "the configuration file for SSSD" +msgstr "o ficheiro de configuração para SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:24 +msgid "FILE FORMAT" +msgstr "FORMATAR FICHEIRO" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:32 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:27 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:39 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" +"Os tipos de dados usados são cadeia de caracteres (sem aspas necessárias), " +"inteiro e bool (com valores de <quote>TRUE/FALSE</quote>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:44 +msgid "" +"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:50 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" +"Todas as seções podem ter um parâmetro opcional <replaceable>description</" +"replaceable>. Sua função é apenas como um rótulo para a secção." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:56 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" +"<filename>sssd.conf</filename> deve ser um ficheiro regular, pertencente a " +"raiz e somente raiz pode ler ou gravar o arquivo." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:62 +msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:65 +msgid "" +"The configuration file <filename>sssd.conf</filename> will include " +"configuration snippets using the include directory <filename>conf.d</" +"filename>. This feature is available if SSSD was compiled with libini " +"version 1.3.0 or later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:72 +msgid "" +"Any file placed in <filename>conf.d</filename> that ends in " +"<quote><filename>.conf</filename></quote> and does not begin with a dot " +"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> " +"to configure SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:80 +msgid "" +"The configuration snippets from <filename>conf.d</filename> have higher " +"priority than <filename>sssd.conf</filename> and will override " +"<filename>sssd.conf</filename> when conflicts occur. If several snippets are " +"present in <filename>conf.d</filename>, then they are included in " +"alphabetical order (based on locale). Files included later have higher " +"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, " +"<filename>02_snippet.conf</filename> etc.) can help visualize the priority " +"(higher number means higher priority)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:94 +msgid "" +"The snippet files require the same owner and permissions as <filename>sssd." +"conf</filename>. Which are by default root:root and 0600." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:101 +msgid "GENERAL OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:103 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:107 +msgid "Options usable in all sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:111 +msgid "debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:115 +msgid "debug (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:118 +msgid "" +"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias " +"for <replaceable>debug_level</replaceable> as a convenience feature. If both " +"are specified, the value of <replaceable>debug_level</replaceable> will be " +"used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:128 +msgid "debug_timestamps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:131 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 +msgid "Default: true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:141 +msgid "debug_microseconds (bool)" +msgstr "debug_microseconds (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:144 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 +#: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 +#: include/krb5_options.xml:163 +msgid "Default: false" +msgstr "Padrão: false" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:154 +#, fuzzy +#| msgid "debug_microseconds (bool)" +msgid "debug_backtrace_enabled (bool)" +msgstr "debug_microseconds (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:157 +msgid "Enable debug backtrace." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:160 +msgid "" +"In case SSSD is run with debug_level less than 9, everything is logged to a " +"ring buffer in memory and flushed to a log file on any error up to and " +"including `min(0x0040, debug_level)` (i.e. if debug_level is explicitly set " +"to 0 or 1 then only those error levels will trigger backtrace, otherwise up " +"to 2)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:169 +msgid "" +"Feature is only supported for `logger == files` (i.e. setting doesn't have " +"effect for other logger types)." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 +#: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 +#: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 +#: sssd-ldap-attributes.5.xml:890 sssd-ldap-attributes.5.xml:987 +#: sssd-ldap-attributes.5.xml:1045 sssd-ldap-attributes.5.xml:1203 +#: sssd-ldap-attributes.5.xml:1248 include/autofs_attributes.xml:1 +#: include/krb5_options.xml:1 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:182 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:186 +msgid "timeout (integer)" +msgstr "timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:189 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests. Note " +"that after three missed heartbeats the process will terminate itself." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +msgid "Default: 10" +msgstr "Padrão: 10" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:206 +msgid "SPECIAL SECTIONS" +msgstr "SECÇÕES ESPECIAIS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:209 +msgid "The [sssd] section" +msgstr "A seção [SSSD]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><title> +#: sssd.conf.5.xml:218 +msgid "Section parameters" +msgstr "Parâmetros de secção" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:220 +msgid "config_file_version (integer)" +msgstr "config_file_version (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:223 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" +"Indica qual é a sintaxe do arquivo config. SSSD 0.6.0 e posterior utilização " +"versão 2." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:229 +msgid "services" +msgstr "serviços" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:232 +msgid "" +"Comma separated list of services that are started when sssd itself starts. " +"<phrase condition=\"have_systemd\"> The services' list is optional on " +"platforms where systemd is supported, as they will either be socket or D-Bus " +"activated when needed. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:241 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:249 +msgid "" +"<phrase condition=\"have_systemd\"> By default, all services are disabled " +"and the administrator must enable the ones allowed to be used by executing: " +"\"systemctl enable sssd-@service@.socket\". </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 +msgid "reconnection_retries (integer)" +msgstr "reconnection_retries (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" +"Número de vezes que os serviços devem tentar reconectar-se no caso de uma " +"falha do provedor de dados ou reiniciar antes de eles desistirem" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 +#: include/failover.xml:100 +msgid "Default: 3" +msgstr "Padrão: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:271 +msgid "domains" +msgstr "domínios" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:274 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter describes the list of domains in the order you want " +"them to be queried. A domain name is recommended to contain only " +"alphanumeric ASCII characters, dashes, dots and underscores. '/' character " +"is forbidden." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 +msgid "re_expression (string)" +msgstr "re_expression (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:290 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:295 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN SECTIONS " +"for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 +msgid "full_name_format (string)" +msgstr "full_name_format (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 +msgid "%1$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 +msgid "user name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 +msgid "%2$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 +msgid "domain name as specified in the SSSD config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 +msgid "%3$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:344 +msgid "" +"Each domain can have an individual format string configured. See DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:350 +msgid "monitor_resolv_conf (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:353 +msgid "" +"Controls if SSSD should monitor the state of resolv.conf to identify when it " +"needs to update its internal DNS resolver." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:363 +msgid "try_inotify (boolean)" +msgstr "try_inotify (boolean)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:366 +msgid "" +"By default, SSSD will attempt to use inotify to monitor configuration files " +"changes and will fall back to polling every five seconds if inotify cannot " +"be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:378 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:382 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:389 +msgid "krb5_rcache_dir (string)" +msgstr "krb5_rcache_dir (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:396 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:402 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:409 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:412 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user. Currently the only supported value is '&sssd_user_name;'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:419 +msgid "" +"This option does not work when running socket-activated services, as the " +"user set up to run the processes is set up during compilation time. The way " +"to override the systemd unit files is by creating the appropriate files in /" +"etc/systemd/system/. Keep in mind that any change in the socket user, group " +"or permissions may result in a non-usable SSSD. The same may occur in case " +"of changes of the user running the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:433 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:438 +msgid "default_domain_suffix (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:441 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:451 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False. <phrase condition=\"with_files_provider\"> One exception from " +"this rule are domains with <quote>id_provider=files</quote> that always try " +"to match the behaviour of nss_files and therefore their output is not " +"qualified even when the default_domain_suffix option is used. </phrase>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 +#: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 +#: include/krb5_options.xml:148 +msgid "Default: not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:473 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:476 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:485 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:498 +msgid "certificate_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:506 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:508 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:516 +msgid "soft_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:518 +msgid "" +"If a connection cannot be established to an OCSP responder the OCSP check is " +"skipped. This option should be used to allow authentication when the system " +"is offline and the OCSP responder cannot be reached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:528 +msgid "ocsp_dgst" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "" +"Digest (hash) function used to create the certificate ID for the OCSP " +"request. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:534 +msgid "sha1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:535 +msgid "sha256" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:536 +msgid "sha384" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:537 +msgid "sha512" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:540 +msgid "Default: sha1 (to allow compatibility with RFC5019-compliant responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:546 +msgid "no_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:548 +msgid "" +"Disables verification completely. This option should only be used for " +"testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "partial_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:556 +msgid "" +"Allow verification to succeed even if a <replaceable>complete</replaceable> " +"chain cannot be built to a self-signed trust-anchor, provided it is possible " +"to construct a chain to a trusted certificate that might not be self-signed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:565 +msgid "ocsp_default_responder=URL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:567 +msgid "" +"Sets the OCSP default responder which should be used instead of the one " +"mentioned in the certificate. URL must be replaced with the URL of the OCSP " +"default responder e.g. http://example.com:80/ocsp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:577 +msgid "ocsp_default_responder_signing_cert=NAME" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:579 +msgid "" +"This option is currently ignored. All needed certificates must be available " +"in the PEM file given by pam_cert_db_path." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:587 +msgid "crl_file=/PATH/TO/CRL/FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:589 +msgid "" +"Use the Certificate Revocation List (CRL) from the given file during the " +"verification of the certificate. The CRL must be given in PEM format, see " +"<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</" +"manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:602 +msgid "soft_crl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:605 +msgid "" +"If a Certificate Revocation List (CRL) is expired ignore the CRL checks for " +"the related certificates. This option should be used to allow authentication " +"when the system is offline and the CRL cannot be renewed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:616 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:619 +msgid "Default: not set, i.e. do not restrict certificate verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:625 +msgid "disable_netlink (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "" +"SSSD hooks into the netlink interface to monitor changes to routes, " +"addresses, links and trigger certain actions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:633 +msgid "" +"The SSSD state changes caused by netlink events may be undesirable and can " +"be disabled by setting this option to 'true'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:638 +msgid "Default: false (netlink changes are detected)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:643 +msgid "enable_files_domain (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:646 +msgid "" +"When this option is enabled, SSSD prepends an implicit domain with " +"<quote>id_provider=files</quote> before any explicitly configured domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:657 +msgid "domain_resolution_order" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:660 +msgid "" +"Comma separated list of domains and subdomains representing the lookup order " +"that will be followed. The list doesn't have to include all possible " +"domains as the missing domains will be looked up based on the order they're " +"presented in the <quote>domains</quote> configuration option. The " +"subdomains which are not listed as part of <quote>lookup_order</quote> will " +"be looked up in a random order for each parent domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:672 +msgid "" +"Please, note that when this option is set the output format of all commands " +"is always fully-qualified even when using short names for input <phrase " +"condition=\"with_files_provider\"> , for all users but the ones managed by " +"the files provider </phrase>. In case the administrator wants the output " +"not fully-qualified, the full_name_format option can be used as shown below: " +"<quote>full_name_format=%1$s</quote> However, keep in mind that during " +"login, login applications often canonicalize the username by calling " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> which, if a shortname is returned for a qualified " +"input (while trying to reach a user which exists in multiple domains) might " +"re-route the login attempt into the domain which uses shortnames, making " +"this workaround totally not recommended in cases where usernames may overlap " +"between domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 +#: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 +msgid "Default: Not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:705 +#, fuzzy +#| msgid "ldap_krb5_init_creds (boolean)" +msgid "implicit_pac_responder (boolean)" +msgstr "ldap_krb5_init_creds (boolean)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:708 +msgid "" +"The PAC responder is enabled automatically for the IPA and AD provider to " +"evaluate and check the PAC. If it has to be disabled set this option to " +"'false'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:719 +#, fuzzy +#| msgid "krb5_validate (boolean)" +msgid "core_dumpable (boolean)" +msgstr "krb5_validate (boolean)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:722 +msgid "" +"This option can be used for general system hardening: setting it to 'false' " +"forbids core dumps for all SSSD processes to avoid leaking plain text " +"passwords. See man page prctl:PR_SET_DUMPABLE for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:734 +#, fuzzy +#| msgid "ldap_user_principal (string)" +msgid "passkey_verification (string)" +msgstr "ldap_user_principal (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +#, fuzzy +#| msgid "ldap_user_principal (string)" +msgid "user_verification (boolean)" +msgstr "ldap_user_principal (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:744 +msgid "" +"Enable or disable the user verification (i.e. PIN, fingerprint) during " +"authentication. If enabled, the PIN will always be requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:750 +msgid "" +"The default is that the key settings decide what to do. In the IPA or " +"kerberos pre-authentication case, this value will be overwritten by the " +"server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "" +"With this parameter the passkey verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:211 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:769 +msgid "SERVICES SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:771 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:778 +msgid "General service configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:780 +msgid "These options can be used to configure any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:797 +msgid "fd_limit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:800 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:814 +msgid "client_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:817 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system. The timeout " +"can't be shorter than 10 seconds. If a lower value is configured, it will be " +"adjusted to 10 seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 60, KCM: 300" +msgstr "Padrão: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:831 +msgid "offline_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:834 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. By " +"default SSSD uses incremental behaviour to calculate delay in between " +"retries. So, the wait time for a given retry will be longer than the wait " +"time for the previous ones. After each unsuccessful attempt to go online, " +"the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 +msgid "" +"new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." +"offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:848 +msgid "" +"The offline_timeout default value is 60. The offline_timeout_max default " +"value is 3600. The offline_timeout_random_offset default value is 30. The " +"end result is amount of seconds before next retry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:854 +msgid "" +"Note that the maximum length of each interval is defined by " +"offline_timeout_max (apart of random part)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 +msgid "Default: 60" +msgstr "Padrão: 60" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:863 +#, fuzzy +#| msgid "timeout (integer)" +msgid "offline_timeout_max (integer)" +msgstr "timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:866 +msgid "" +"Controls by how much the time between attempts to go online can be " +"incremented following unsuccessful attempts to go online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:871 +msgid "A value of 0 disables the incrementing behaviour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:874 +msgid "" +"The value of this parameter should be set in correlation to offline_timeout " +"parameter value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "" +"With offline_timeout set to 60 (default value) there is no point in setting " +"offlinet_timeout_max to less than 120 as it will saturate instantly. General " +"rule here should be to set offline_timeout_max to at least 4 times " +"offline_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "" +"Although a value between 0 and offline_timeout may be specified, it has the " +"effect of overriding the offline_timeout value so is of little use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:889 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 3600" +msgstr "Padrão: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:894 +#, fuzzy +#| msgid "dns_resolver_timeout (integer)" +msgid "offline_timeout_random_offset (integer)" +msgstr "dns_resolver_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:897 +msgid "" +"When SSSD is in offline mode it keeps probing backend servers in specified " +"time intervals:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:904 +msgid "" +"This parameter controls the value of the random offset used for the above " +"equation. Final random_offset value will be random number in range:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "[0 - offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:912 +msgid "A value of 0 disables the random offset addition." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:915 +#, fuzzy +#| msgid "Default: 300" +msgid "Default: 30" +msgstr "Padrão: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:920 +msgid "responder_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:923 +msgid "" +"This option specifies the number of seconds that an SSSD responder process " +"can be up without being used. This value is limited in order to avoid " +"resource exhaustion on the system. The minimum acceptable value for this " +"option is 60 seconds. Setting this option to 0 (zero) means that no timeout " +"will be set up to the responder. This option only has effect when SSSD is " +"built with systemd support and when services are either socket or D-Bus " +"activated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 +msgid "Default: 300" +msgstr "Padrão: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:942 +msgid "cache_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 +msgid "" +"This option specifies whether the responder should query all caches before " +"querying the Data Providers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:960 +msgid "NSS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:962 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:967 +msgid "enum_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:970 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:974 +msgid "Default: 120" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:979 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:982 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:988 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:998 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 +msgid "Default: 50" +msgstr "Padrão: 50" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1011 +msgid "entry_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 +msgid "Default: 15" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1025 +msgid "local_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1028 +msgid "" +"Specifies for how many seconds nss_sss should keep local users and groups in " +"negative cache before trying to look it up in the back end again. Setting " +"the option to 0 disables this feature." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "Default: 14400 (4 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1039 +msgid "filter_users, filter_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1042 +msgid "" +"Exclude certain users or groups from being fetched from the sss NSS " +"database. This is particularly useful for system accounts. This option can " +"also be set per-domain or include fully-qualified names to filter only users " +"from the particular domain or by a user principal name (UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1050 +msgid "" +"NOTE: The filter_groups option doesn't affect inheritance of nested group " +"members, since filtering happens after they are propagated for returning via " +"NSS. E.g. a group having a member group filtered out will still have the " +"member users of the latter listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1058 +msgid "Default: root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1063 +msgid "filter_users_in_groups (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1066 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1077 +msgid "fallback_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1080 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1085 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1091 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1095 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1101 +msgid "override_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1104 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1116 +msgid "allowed_shells (string)" +msgstr "allowed_shells (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1119 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1122 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1126 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1131 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1136 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1139 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1146 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1149 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1153 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1158 +msgid "vetoed_shells (string)" +msgstr "vetoed_shells (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1161 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1166 +msgid "shell_fallback (string)" +msgstr "shell_fallback (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1169 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1173 +msgid "Default: /bin/sh" +msgstr "Padrão: /bin/sh" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1178 +msgid "default_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1181 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1187 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 +msgid "get_domains_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1206 +#, fuzzy +#| msgid "entry_cache_timeout (integer)" +msgid "memcache_timeout (integer)" +msgstr "entry_cache_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1209 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid. Setting this option to zero will disable the in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1217 +msgid "" +"WARNING: Disabling the in-memory cache will have significant negative impact " +"on SSSD's performance and should only be used for testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1231 +#, fuzzy +#| msgid "entry_cache_timeout (integer)" +msgid "memcache_size_passwd (integer)" +msgstr "entry_cache_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1234 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for passwd requests. Setting the size to 0 will disable the passwd in-" +"memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 +msgid "" +"WARNING: Disabled or too small in-memory cache can have significant negative " +"impact on SSSD's performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1256 +#, fuzzy +#| msgid "entry_cache_timeout (integer)" +msgid "memcache_size_group (integer)" +msgstr "entry_cache_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1259 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for group requests. Setting the size to 0 will disable the group in-memory " +"cache." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 +#: include/krb5_options.xml:11 +msgid "Default: 6" +msgstr "Padrão: 6" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1281 +#, fuzzy +#| msgid "entry_cache_timeout (integer)" +msgid "memcache_size_initgroups (integer)" +msgstr "entry_cache_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1284 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for initgroups requests. Setting the size to 0 will disable the initgroups " +"in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1306 +#, fuzzy +#| msgid "entry_cache_timeout (integer)" +msgid "memcache_size_sid (integer)" +msgstr "entry_cache_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1309 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for SID related requests. Only SID-by-ID and ID-by-SID requests are " +"currently cached in fast in-memory cache. Setting the size to 0 will " +"disable the SID in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1336 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1349 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1354 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1359 +msgid "pwfield (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1362 +msgid "" +"The value that NSS operations that return users or groups will return for " +"the <quote>password</quote> field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1367 +#, fuzzy +#| msgid "Default: <quote>%1$s@%2$s</quote>." +msgid "Default: <quote>*</quote>" +msgstr "Default: <quote>%1$s@%2$s</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1370 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[nss] section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1374 +msgid "" +"Default: <quote>not set</quote> (remote domains), <phrase " +"condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" +"phrase> <quote>x</quote> (proxy domain with nss_files and sssd-shadowutils " +"target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1386 +msgid "PAM configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1388 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1393 +msgid "offline_credentials_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1396 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 +msgid "Default: 0 (No limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1407 +msgid "offline_failed_login_attempts (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1410 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1420 +msgid "offline_failed_login_delay (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1423 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1428 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 +msgid "Default: 5" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1440 +msgid "pam_verbosity (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1443 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1448 +msgid "Currently sssd supports the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1451 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1454 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1458 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1465 sssd.8.xml:63 +msgid "Default: 1" +msgstr "Padrão: 1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1471 +#, fuzzy +#| msgid "access_provider (string)" +msgid "pam_response_filter (string)" +msgstr "access_provider (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1474 +msgid "" +"A comma separated list of strings which allows to remove (filter) data sent " +"by the PAM responder to pam_sss PAM module. There are different kind of " +"responses sent to pam_sss e.g. messages displayed to the user or environment " +"variables which should be set by pam_sss." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1482 +msgid "" +"While messages already can be controlled with the help of the pam_verbosity " +"option this option allows to filter out other kind of responses as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1489 +msgid "ENV" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1490 +msgid "Do not send any environment variables to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1493 +msgid "ENV:var_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1494 +msgid "Do not send environment variable var_name to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1498 +msgid "ENV:var_name:service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1499 +msgid "Do not send environment variable var_name to service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1487 +msgid "" +"Currently the following filters are supported: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1506 +msgid "" +"The list of strings can either be the list of filters which would set this " +"list of filters and overwrite the defaults. Or each element of the list can " +"be prefixed by a '+' or '-' character which would add the filter to the " +"existing default or remove it from the defaults, respectively. Please note " +"that either all list elements must have a '+' or '-' prefix or none. It is " +"considered as an error to mix both styles." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1517 +msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1520 +msgid "" +"Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1527 +msgid "pam_id_timeout (integer)" +msgstr "pam_id_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1530 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1536 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1550 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "pam_pwd_expiration_warning (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1556 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1567 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 +msgid "Default: 0" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1589 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1592 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to run PAM conversations against trusted domains. Users not " +"included in this list can only access domains marked as public with " +"<quote>pam_public_domains</quote>. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 +msgid "Default: All users are considered trusted by default" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1606 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1620 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1624 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1628 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 +msgid "Default: none" +msgstr "Padrão: none" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1637 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1640 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbosity is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1653 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1662 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1665 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1672 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1681 +msgid "pam_passkey_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 +msgid "Enable passkey device based authentication." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 +msgid "Default: False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1692 +msgid "passkey_debug_libfido2 (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1695 +msgid "Enable libfido2 library debug messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1703 +msgid "pam_cert_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1706 +msgid "" +"Enable certificate based Smartcard authentication. Since this requires " +"additional communication with the Smartcard which will delay the " +"authentication process this option is disabled by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1717 +msgid "pam_cert_db_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1720 +msgid "The path to the certificate database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 +msgid "Default:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 +msgid "" +"/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " +"certificates in PEM format)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1735 +#, fuzzy +#| msgid "ldap_user_principal (string)" +msgid "pam_cert_verification (string)" +msgstr "ldap_user_principal (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1738 +msgid "" +"With this parameter the PAM certificate verification can be tuned with a " +"comma separated list of options that override the " +"<quote>certificate_verification</quote> value in <quote>[sssd]</quote> " +"section. Supported options are the same of <quote>certificate_verification</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1749 +#, no-wrap +msgid "" +"pam_cert_verification = partial_chain\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1753 +msgid "" +"Default: not set, i.e. use default <quote>certificate_verification</quote> " +"option defined in <quote>[sssd]</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1760 +msgid "p11_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1763 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1772 +#, fuzzy +#| msgid "pam_id_timeout (integer)" +msgid "passkey_child_timeout (integer)" +msgstr "pam_id_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1775 +msgid "" +"How many seconds will the PAM responder wait for passkey_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1784 +msgid "pam_app_services (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1787 +msgid "" +"Which PAM services are permitted to contact domains of type " +"<quote>application</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1796 +msgid "pam_p11_allowed_services (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1799 +msgid "" +"A comma-separated list of PAM service names for which it will be allowed to " +"use Smartcards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1814 +#, no-wrap +msgid "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1803 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in order " +"to replace a default PAM service name for authentication with Smartcards (e." +"g. <quote>login</quote>) with a custom PAM service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd-ad.5.xml:869 sssd-ad.5.xml:947 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1863 +msgid "gnome-screensaver" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1871 +msgid "p11_wait_for_card_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1874 +msgid "" +"If Smartcard authentication is required how many extra seconds in addition " +"to p11_child_timeout should the PAM responder wait until a Smartcard is " +"inserted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1885 +msgid "p11_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1888 +msgid "" +"PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " +"selection of devices used for Smartcard authentication. By default SSSD's " +"p11_child will search for a PKCS#11 slot (reader) where the 'removable' " +"flags is set and read the certificates from the inserted token from the " +"first slot found. If multiple readers are connected p11_uri can be used to " +"tell p11_child to use a specific reader." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1901 +#, no-wrap +msgid "" +"p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1905 +#, no-wrap +msgid "" +"p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1899 +msgid "" +"Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " +"type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " +"debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' " +"with e.g. the '--list-all' will show PKCS#11 URIs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1918 +msgid "pam_initgroups_scheme" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1926 +msgid "always" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1927 +msgid "" +"Always do an online lookup, please note that pam_id_timeout still applies" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1931 +msgid "no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1932 +msgid "" +"Only do an online lookup if there is no active session of the user, i.e. if " +"the user is currently not logged in" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1937 +msgid "never" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1938 +msgid "" +"Never force an online lookup, use the data from the cache as long as they " +"are not expired" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1921 +msgid "" +"The PAM responder can force an online lookup to get the current group " +"memberships of the user trying to log in. This option controls when this " +"should be done and the following values are allowed: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1945 +msgid "Default: no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 +msgid "pam_gssapi_services" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1953 +msgid "" +"Comma separated list of PAM services that are allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1958 +msgid "" +"To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[pam] section. It can also be set for trusted domain which overwrites the " +"value in the domain section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1970 +#, no-wrap +msgid "" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1974 +msgid "Default: - (GSSAPI authentication is disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 +msgid "pam_gssapi_check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1982 +msgid "" +"If True, SSSD will require that the Kerberos user principal that " +"successfully authenticated through GSSAPI can be associated with the user " +"who is being authenticated. Authentication will fail if the check fails." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1989 +msgid "" +"If False, every user that is able to obtained required service ticket will " +"be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 +#: sssd-files.5.xml:145 +msgid "Default: True" +msgstr "Padrão: TRUE" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2004 +msgid "pam_gssapi_indicators_map" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2007 +msgid "" +"Comma separated list of authentication indicators required to be present in " +"a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2013 +msgid "" +"Each element of the list can be either an authentication indicator name or a " +"pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " +"service name will be required to access any PAM service configured to be " +"used with <option>pam_gssapi_services</option>. A resulting list of " +"indicators per PAM service is then checked against indicators in the " +"Kerberos ticket during authentication by pam_sss_gss.so. Any indicator from " +"the ticket that matches the resulting list of indicators for the PAM service " +"would grant access. If none of the indicators in the list match, access will " +"be denied. If the resulting list of indicators for the PAM service is empty, " +"the check will not prevent the access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"To disable GSSAPI authentication indicator check, set this option to <quote>-" +"</quote> (dash). To disable the check for a specific PAM service, add " +"<quote>service:-</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "" +"Following authentication indicators are supported by IPA Kerberos " +"deployments:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"pkinit -- pre-authentication using X.509 certificates -- whether stored in " +"files or on smart cards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2043 +msgid "" +"hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " +"FAST channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2046 +msgid "radius -- pre-authentication with the help of a RADIUS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2049 +msgid "" +"otp -- pre-authentication using integrated two-factor authentication (2FA or " +"one-time password, OTP) in IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2052 +msgid "idp -- pre-authentication using external identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:2062 +#, no-wrap +msgid "" +"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2057 +msgid "" +"Example: to require access to SUDO services only for users which obtained " +"their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " +"set <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2066 +msgid "Default: not set (use of authentication indicators is not required)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2074 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2076 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2093 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2096 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2108 +msgid "sudo_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2111 +msgid "" +"Maximum number of expired rules that can be refreshed at once. If number of " +"expired rules is below threshold, those rules are refreshed with " +"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a " +"<quote>full refresh</quote> of sudo rules is triggered instead. This " +"threshold number also applies to IPA sudo command and command group searches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2130 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2132 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2136 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2139 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2155 +msgid "SSH configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2157 +msgid "These options can be used to configure the SSH service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2161 +msgid "ssh_hash_known_hosts (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2164 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2173 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2176 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2180 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2185 +msgid "ssh_use_certificate_keys (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2188 +msgid "" +"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " +"keys derived from the public key of X.509 certificates stored in the user " +"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2203 +msgid "ssh_use_certificate_matching_rules (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2206 +msgid "" +"By default the ssh responder will use all available certificate matching " +"rules to filter the certificates so that ssh keys are only derived from the " +"matching ones. With this option the used rules can be restricted with a " +"comma separated list of mapping and matching rule names. All other rules " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2215 +msgid "" +"There are two special key words 'all_rules' and 'no_rules' which will enable " +"all or no rules, respectively. The latter means that no certificates will be " +"filtered out and ssh keys will be generated from all valid certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2222 +msgid "" +"If no rules are configured using 'all_rules' will enable a default rule " +"which enables all certificates suitable for client authentication. This is " +"the same behavior as for the PAM responder if certificate authentication is " +"enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2229 +msgid "" +"A non-existing rule name is considered an error. If as a result no rule is " +"selected all certificates will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2234 +msgid "" +"Default: not set, equivalent to 'all_rules', all found rules or the default " +"rule are used" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2240 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2243 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2263 +msgid "PAC responder configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2265 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. If " +"the PAC is decoded and evaluated some of the following operations are done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2274 +msgid "" +"If the remote user does not exist in the cache, it is created. The UID is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"GID will have the same value as the UID. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2282 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2288 +msgid "These options can be used to configure the PAC responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 +msgid "allowed_uids (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2295 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2301 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2305 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2314 +msgid "pac_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2317 +msgid "" +"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " +"data can be used to determine the group memberships of a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2327 +#, fuzzy +#| msgid "ipa_hostname (string)" +msgid "pac_check (string)" +msgstr "ipa_hostname (string)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2330 +msgid "" +"Apply additional checks on the PAC of the Kerberos ticket which is available " +"in Active Directory and FreeIPA domains, if configured. Please note that " +"Kerberos ticket validation must be enabled to be able to check the PAC, i.e. " +"the krb5_validate option must be set to 'True' which is the default for the " +"IPA and AD provider. If krb5_validate is set to 'False' the PAC checks will " +"be skipped." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2344 +msgid "no_check" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2346 +msgid "" +"The PAC must not be present and even if it is present no additional checks " +"will be done." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2352 +msgid "pac_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2354 +msgid "" +"The PAC must be present in the service ticket which SSSD will request with " +"the help of the user's TGT. If the PAC is not available the authentication " +"will fail." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2362 +msgid "check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2364 +msgid "" +"If the PAC is present check if the user principal name (UPN) information is " +"consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2370 +msgid "check_upn_allow_missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2372 +msgid "" +"This option should be used together with 'check_upn' and handles the case " +"where a UPN is set on the server-side but is not read by SSSD. The typical " +"example is a FreeIPA domain where 'ldap_user_principal' is set to a not " +"existing attribute name. This was typically done to work-around issues in " +"the handling of enterprise principals. But this is fixed since quite some " +"time and FreeIPA can handle enterprise principals just fine and there is no " +"need anymore to set 'ldap_user_principal'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2384 +msgid "" +"Currently this option is set by default to avoid regressions in such " +"environments. A log message will be added to the system log and SSSD's debug " +"log in case a UPN is found in the PAC but not in SSSD's cache. To avoid this " +"log message it would be best to evaluate if the 'ldap_user_principal' option " +"can be removed. If this is not possible, removing 'check_upn' will skip the " +"test and avoid the log message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2398 +msgid "upn_dns_info_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2400 +msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2405 +msgid "check_upn_dns_info_ex" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2407 +msgid "" +"If the PAC is present and the extension to the UPN-DNS-INFO buffer is " +"available check if the information in the extension is consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2414 +msgid "upn_dns_info_ex_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2416 +msgid "" +"The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " +"'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2340 +msgid "" +"The following options can be used alone or in a comma-separated list: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2426 +msgid "" +"Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " +"check_upn_dns_info_ex')" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2435 +msgid "Session recording configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2437 +msgid "" +"Session recording works in conjunction with <citerefentry> " +"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>, a part of tlog package, to log what users see and type when " +"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-" +"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2450 +msgid "These options can be used to configure session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 +msgid "scope (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 +msgid "\"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 +msgid "No users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 +msgid "\"some\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 +msgid "" +"Users/groups specified by <replaceable>users</replaceable> and " +"<replaceable>groups</replaceable> options are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 +msgid "\"all\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 +msgid "All users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 +msgid "" +"One of the following strings specifying the scope of session recording: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 +msgid "Default: \"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 +msgid "users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 +msgid "" +"A comma-separated list of users which should have session recording enabled. " +"Matches user names as returned by NSS. I.e. after the possible space " +"replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 +msgid "Default: Empty. Matches no users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 +msgid "groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 +msgid "" +"A comma-separated list of groups, members of which should have session " +"recording enabled. Matches group names as returned by NSS. I.e. after the " +"possible space replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 +#: sssd-session-recording.5.xml:161 +msgid "" +"NOTE: using this option (having it set to anything) has a considerable " +"performance cost, because each uncached request for a user requires " +"retrieving and matching the groups the user is member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 +msgid "Default: Empty. Matches no groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 +#, fuzzy +#| msgid "ldap_user_shell (string)" +msgid "exclude_users (string)" +msgstr "ldap_user_shell (string)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 +msgid "" +"A comma-separated list of users to be excluded from recording, only " +"applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 +#, fuzzy +#| msgid "Default: empty, i.e. ldap_uri is used." +msgid "Default: Empty. No users excluded." +msgstr "Padrão: empty, ou seja, ldap_uri é usado." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 +#, fuzzy +#| msgid "ldap_group_search_base (string)" +msgid "exclude_groups (string)" +msgstr "ldap_group_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 +msgid "" +"A comma-separated list of groups, members of which should be excluded from " +"recording. Only applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 +#, fuzzy +#| msgid "Default: empty, i.e. ldap_uri is used." +msgid "Default: Empty. No groups excluded." +msgstr "Padrão: empty, ou seja, ldap_uri é usado." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2568 +msgid "DOMAIN SECTIONS" +msgstr "SECÇÕES DE DOMÍNIO" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2575 +msgid "enabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2578 +msgid "" +"Explicitly enable or disable the domain. If <quote>true</quote>, the domain " +"is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " +"always <quote>disabled</quote>. If this option is not set, the domain is " +"enabled only if it is listed in the domains option in the <quote>[sssd]</" +"quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2590 +msgid "domain_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2593 +msgid "" +"Specifies whether the domain is meant to be used by POSIX-aware clients such " +"as the Name Service Switch or by applications that do not need POSIX data to " +"be present or generated. Only objects from POSIX domains are available to " +"the operating system interfaces and utilities." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2601 +msgid "" +"Allowed values for this option are <quote>posix</quote> and " +"<quote>application</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2605 +msgid "" +"POSIX domains are reachable by all services. Application domains are only " +"reachable from the InfoPipe responder (see <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>) and the PAM responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2613 +msgid "" +"NOTE: The application domains are currently well tested with " +"<quote>id_provider=ldap</quote> only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2617 +msgid "" +"For an easy way to configure a non-POSIX domains, please see the " +"<quote>Application domains</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2621 +msgid "Default: posix" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2627 +msgid "min_id,max_id (integer)" +msgstr "min_id,max_id (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2630 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2635 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2642 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2646 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "Padrão: 1 para min_id, 0 (sem limite) para max_id" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2652 +msgid "enumerate (bool)" +msgstr "enumerate (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2655 +msgid "" +"Determines if a domain can be enumerated, that is, whether the domain can " +"list all the users and group it contains. Note that it is not required to " +"enable enumeration in order for secondary groups to be displayed. This " +"parameter can have one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2663 +msgid "TRUE = Users and groups are enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2666 +msgid "FALSE = No enumerations for this domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 +msgid "Default: FALSE" +msgstr "Padrão: FALSE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2672 +msgid "" +"Enumerating a domain requires SSSD to download and store ALL user and group " +"entries from the remote server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2677 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed. This can lead to the <quote>sssd_be</" +"quote> process becoming unresponsive or even restarted by the internal " +"watchdog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2692 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2697 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2705 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2713 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2720 +msgid "all" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2721 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2724 +msgid "none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2725 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2716 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2739 +msgid "entry_cache_timeout (integer)" +msgstr "entry_cache_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2742 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2746 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2759 +msgid "Default: 5400" +msgstr "Padrão: 5400" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2765 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2768 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2778 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2781 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2791 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2794 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2804 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2807 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2817 +msgid "entry_cache_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2820 +msgid "" +"How many seconds should nss_sss consider hosts and networks entries valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2831 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2834 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2844 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2847 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2858 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2861 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2872 +msgid "entry_cache_computer_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2875 +msgid "" +"How many seconds to keep the local computer entry before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2885 +msgid "refresh_expired_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2888 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2893 +msgid "" +"The background refresh will process users, groups and netgroups in the " +"cache. For users who have performed the initgroups (get group membership for " +"user, typically ran at login) operation in the past, both the user entry " +"and the group membership are updated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2901 +msgid "This option is automatically inherited for all trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2905 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2909 +msgid "" +"Cache entry will be refreshed by background task when 2/3 of cache timeout " +"has already passed. If there are existing cached entries, the background " +"task will refer to their original cache timeout values instead of current " +"configuration value. This may lead to a situation in which background " +"refresh task appears to not be working. This is done by design to improve " +"offline mode operation and reuse of existing valid cache entries. To make " +"this change instant the user may want to manually invalidate existing cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 +#: sssd-ipa.5.xml:270 +msgid "Default: 0 (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2928 +msgid "cache_credentials (bool)" +msgstr "cache_credentials (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2942 +msgid "" +"Take a note that while credentials are stored as a salted SHA512 hash, this " +"still potentially poses some security risk in case an attacker manages to " +"get access to a cache file (normally requires privileged access) and to " +"break a password using brute force attack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2956 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2959 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2966 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2977 +msgid "account_cache_expiration (integer)" +msgstr "account_cache_expiration (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2980 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2987 +msgid "Default: 0 (unlimited)" +msgstr "Padrão: 0 (ilimitado)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2992 +msgid "pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3003 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3010 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3016 +msgid "id_provider (string)" +msgstr "id_provider (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3019 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3023 +msgid "<quote>proxy</quote>: Support a legacy NSS provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3026 +msgid "" +"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" +"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on how to mirror local users and groups into SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3034 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3062 +msgid "use_fully_qualified_names (bool)" +msgstr "use_fully_qualified_names (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3065 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3070 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3078 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3085 +msgid "" +"Default: FALSE (TRUE for trusted domain/sub-domains or if " +"default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3092 +msgid "ignore_group_members (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3095 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3098 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3116 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 +msgid "" +"This option can be also set per subdomain or inherited via " +"<emphasis>subdomain_inherit</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3132 +msgid "auth_provider (string)" +msgstr "auth_provider (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3135 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3146 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3170 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3173 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3176 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3182 +msgid "access_provider (string)" +msgstr "access_provider (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3185 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3191 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3194 +msgid "<quote>deny</quote> always deny access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3221 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3228 +msgid "" +"<quote>krb5</quote>: .k5login based access control. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3235 +msgid "<quote>proxy</quote> for relaying access control to another PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3238 +msgid "Default: <quote>permit</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3243 +msgid "chpass_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3246 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3251 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3259 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3284 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3288 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3291 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3298 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3301 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3305 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3313 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3317 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3321 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3328 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3343 +msgid "" +"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " +"background unless the sudo provider is explicitly disabled. Set " +"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related " +"activity in SSSD if you do not want to use sudo with SSSD at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3353 +msgid "selinux_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3356 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3362 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3370 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3373 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3379 +msgid "subdomains_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3382 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3388 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3397 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3406 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3416 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3419 +msgid "" +"The provider which configures and manages user session related tasks. The " +"only user session task currently provided is the integration with Fleet " +"Commander, which works only with IPA. Supported session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3426 +msgid "<quote>ipa</quote> to allow performing user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3430 +msgid "" +"<quote>none</quote> does not perform any kind of user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3434 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can perform " +"session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3438 +msgid "" +"<emphasis>NOTE:</emphasis> In order to have this feature working as expected " +"SSSD must be running as \"root\" and not as the unprivileged user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3446 +msgid "autofs_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3449 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3453 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3460 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3468 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3477 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3487 +msgid "hostid_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3490 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3494 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3502 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3512 +msgid "resolver_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3515 +msgid "" +"The provider which should handle hosts and networks lookups. Supported " +"resolver providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3519 +msgid "" +"<quote>proxy</quote> to forward lookups to another NSS library. See " +"<quote>proxy_resolver_lib_name</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3523 +msgid "" +"<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3530 +msgid "" +"<quote>ad</quote> to fetch hosts and networks stored in AD. See " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring the AD " +"provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3538 +msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3551 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3560 +msgid "" +"Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" +"[^@]+))$</quote> which allows two different styles for user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 +msgid "username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 +msgid "username@domain.name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3573 +msgid "" +"Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" +"name>[^@\\\\]+)))$</quote> which allows three different styles for user " +"names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3585 +msgid "domain\\username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3588 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3593 +msgid "" +"The default re_expression uses the <quote>@</quote> character as a separator " +"between the name and the domain. As a result of this setting the default " +"does not accept the <quote>@</quote> character in short names (as it is " +"allowed in Windows group names). If a user wishes to use short names with " +"<quote>@</quote> they must create their own re_expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3645 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "Default: <quote>%1$s@%2$s</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3651 +msgid "lookup_family_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3654 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3658 +msgid "Supported values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3661 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3664 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3667 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3670 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3673 +msgid "Default: ipv4_first" +msgstr "Default: ipv4_first" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3679 +#, fuzzy +#| msgid "dns_resolver_timeout (integer)" +msgid "dns_resolver_server_timeout (integer)" +msgstr "dns_resolver_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3682 +msgid "" +"Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " +"server before trying next DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3687 +msgid "" +"The AD provider will use this option for the CLDAP ping timeouts as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 +msgid "" +"Please see the section <quote>FAILOVER</quote> for more information about " +"the service resolution." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 +msgid "Default: 1000" +msgstr "Padrão: 1000" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3702 +#, fuzzy +#| msgid "dns_resolver_timeout (integer)" +msgid "dns_resolver_op_timeout (integer)" +msgstr "dns_resolver_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3705 +msgid "" +"Defines the amount of time (in seconds) to wait to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or DNS discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3722 +msgid "dns_resolver_timeout (integer)" +msgstr "dns_resolver_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3725 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the " +"internal fail over service before assuming that the service is unreachable. " +"If this timeout is reached, the domain will continue to operate in offline " +"mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3743 +#, fuzzy +#| msgid "dns_resolver_timeout (integer)" +msgid "dns_resolver_use_search_list (bool)" +msgstr "dns_resolver_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3746 +msgid "" +"Normally, the DNS resolver searches the domain list defined in the " +"\"search\" directive from the resolv.conf file. This can lead to delays in " +"environments with improperly configured DNS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3752 +msgid "" +"If fully qualified domain names (or _srv_) are used in the SSSD " +"configuration, setting this option to FALSE can prevent unnecessary DNS " +"lookups in such environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3758 +msgid "Default: TRUE" +msgstr "Padrão: TRUE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3764 +msgid "dns_discovery_domain (string)" +msgstr "dns_discovery_domain (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3767 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3771 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3777 +msgid "override_gid (integer)" +msgstr "override_gid (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3780 +msgid "Override the primary GID value with the one specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3786 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3793 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3796 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3802 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3804 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3808 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3811 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3819 +msgid "" +"If you want to set this value for trusted domain with IPA provider, you need " +"to set it on both the client and SSSD on the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3789 +msgid "" +"Treat user and group names as case sensitive. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3834 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3840 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3843 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3849 +#, fuzzy +#| msgid "ldap_search_timeout (integer)" +msgid "ldap_search_timeout" +msgstr "ldap_search_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3852 +#, fuzzy +#| msgid "ldap_network_timeout (integer)" +msgid "ldap_network_timeout" +msgstr "ldap_network_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3855 +#, fuzzy +#| msgid "ldap_opt_timeout (integer)" +msgid "ldap_opt_timeout" +msgstr "ldap_opt_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3858 +#, fuzzy +#| msgid "ldap_enumeration_refresh_timeout (integer)" +msgid "ldap_offline_timeout" +msgstr "ldap_enumeration_refresh_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3861 +#, fuzzy +#| msgid "ldap_enumeration_refresh_timeout (integer)" +msgid "ldap_enumeration_refresh_timeout" +msgstr "ldap_enumeration_refresh_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3864 +#, fuzzy +#| msgid "ldap_enumeration_refresh_timeout (integer)" +msgid "ldap_enumeration_refresh_offset" +msgstr "ldap_enumeration_refresh_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3867 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3870 +msgid "ldap_purge_cache_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3873 +msgid "" +"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " +"is not set explicitly)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3877 +#, fuzzy +#| msgid "ldap_krb5_ticket_lifetime (integer)" +msgid "ldap_krb5_ticket_lifetime" +msgstr "ldap_krb5_ticket_lifetime (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3880 +#, fuzzy +#| msgid "ldap_enumeration_refresh_timeout (integer)" +msgid "ldap_enumeration_search_timeout" +msgstr "ldap_enumeration_refresh_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3883 +#, fuzzy +#| msgid "ldap_enumeration_refresh_timeout (integer)" +msgid "ldap_connection_expire_timeout" +msgstr "ldap_enumeration_refresh_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3886 +#, fuzzy +#| msgid "ldap_enumeration_refresh_timeout (integer)" +msgid "ldap_connection_expire_offset" +msgstr "ldap_enumeration_refresh_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3889 +#, fuzzy +#| msgid "ldap_enumeration_refresh_timeout (integer)" +msgid "ldap_connection_idle_timeout" +msgstr "ldap_enumeration_refresh_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 +msgid "ldap_use_tokengroups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3895 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3898 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3901 +msgid "auto_private_groups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3904 +msgid "case_sensitive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:3909 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3916 +msgid "Note: This option only works with the IPA and AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3923 +msgid "subdomain_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3934 +msgid "%F" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3935 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3926 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3940 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3944 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3949 +msgid "realmd_tags (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3952 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3958 +msgid "cached_auth_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3961 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode. If the credentials are incorrect, SSSD falls back to online " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3969 +msgid "" +"This option's value is inherited by all trusted domains. At the moment it is " +"not possible to set a different value per trusted domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3974 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3978 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: cn" +msgid "Default: match" +msgstr "Padrão: NC" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 +msgid "auto_private_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4050 +msgid "true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4053 +msgid "" +"Create user's private group unconditionally from user's UID number. The GID " +"number is ignored in this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4057 +msgid "" +"NOTE: Because the GID number and the user private group are inferred from " +"the UID number, it is not supported to have multiple entries with the same " +"UID or GID number with this option. In other words, enabling this option " +"enforces uniqueness across the ID space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4066 +msgid "false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4069 +msgid "" +"Always use the user's primary GID number. The GID number must refer to a " +"group object in the LDAP database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4075 +msgid "hybrid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4078 +msgid "" +"A primary group is autogenerated for user entries whose UID and GID numbers " +"have the same value and at the same time the GID number does not correspond " +"to a real group object in LDAP. If the values are the same, but the primary " +"GID in the user entry is also used by a group object, the primary GID of the " +"user resolves to that group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4091 +msgid "" +"If the UID and GID of a user are different, then the GID must correspond to " +"a group entry, otherwise the GID is simply not resolvable." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4098 +msgid "" +"This feature is useful for environments that wish to stop maintaining a " +"separate group objects for the user private groups, but also wish to retain " +"the existing user private groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4047 +msgid "" +"This option takes any of three available values: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4110 +msgid "" +"For subdomains, the default value is False for subdomains that use assigned " +"POSIX IDs and True for subdomains that use automatic ID-mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4118 +#, no-wrap +msgid "" +"[domain/forest.domain/sub.domain]\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4124 +#, no-wrap +msgid "" +"[domain/forest.domain]\n" +"subdomain_inherit = auto_private_groups\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4115 +msgid "" +"The value of auto_private_groups can either be set per subdomains in a " +"subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " +"globally for all subdomains in the main domain section using the " +"subdomain_inherit option: <placeholder type=\"programlisting\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2570 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4139 +msgid "proxy_pam_target (string)" +msgstr "proxy_pam_target (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4142 +msgid "The proxy target PAM proxies to." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4145 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4155 +msgid "proxy_lib_name (string)" +msgstr "proxy_lib_name (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4158 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4168 +msgid "proxy_resolver_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4171 +msgid "" +"The name of the NSS library to use for hosts and networks lookups in proxy " +"domains. The NSS functions searched for in the library are in the form of " +"_nss_$(libName)_$(function), for example _nss_dns_gethostbyname2_r." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4182 +msgid "proxy_fast_alias (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4185 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4199 +msgid "proxy_max_children (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4202 +msgid "" +"This option specifies the number of pre-forked proxy children. It is useful " +"for high-load SSSD environments where sssd may run out of available child " +"slots, which would cause some issues due to the requests being queued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4135 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:4218 +msgid "Application domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4220 +msgid "" +"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " +"applications as a gateway to an LDAP directory where users and groups are " +"stored. However, contrary to the traditional SSSD deployment where all users " +"and groups either have POSIX attributes or those attributes can be inferred " +"from the Windows SIDs, in many cases the users and groups in the application " +"support scenario have no POSIX attributes. Instead of setting a " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the " +"administrator can set up an <quote>[application/<replaceable>NAME</" +"replaceable>]</quote> section that internally represents a domain with type " +"<quote>application</quote> optionally inherits settings from a tradition " +"SSSD domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4240 +msgid "" +"Please note that the application domain must still be explicitly enabled in " +"the <quote>domains</quote> parameter so that the lookup order between the " +"application domain and its POSIX sibling domain is set correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:4246 +msgid "Application domain parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4248 +msgid "inherit_from (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4251 +msgid "" +"The SSSD POSIX-type domain the application domain inherits all settings " +"from. The application domain can moreover add its own settings to the " +"application settings that augment or override the <quote>sibling</quote> " +"domain settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4265 +msgid "" +"The following example illustrates the use of an application domain. In this " +"setup, the POSIX domain is connected to an LDAP server and is used by the OS " +"through the NSS responder. In addition, the application domain also requests " +"the telephoneNumber attribute, stores it as the phone attribute in the cache " +"and makes the phone attribute reachable through the D-Bus interface." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> +#: sssd.conf.5.xml:4273 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = appdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +phone\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/appdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = phone:telephoneNumber\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4293 +msgid "TRUSTED DOMAIN SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4295 +msgid "" +"Some options used in the domain section can also be used in the trusted " +"domain section, that is, in a section called <quote>[domain/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</" +"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base " +"domain. Please refer to examples below for explanation. Currently supported " +"options in the trusted domain section are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4302 +msgid "ldap_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4303 +msgid "ldap_user_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4304 +msgid "ldap_group_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4305 +msgid "ldap_netgroup_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4306 +msgid "ldap_service_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4307 +msgid "ldap_sasl_mech," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4308 +msgid "ad_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4309 +msgid "ad_backup_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4310 +msgid "ad_site," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 +msgid "use_fully_qualified_names" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4315 +msgid "" +"For more details about these options see their individual description in the " +"manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4321 +msgid "CERTIFICATE MAPPING SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4323 +msgid "" +"To allow authentication with Smartcards and certificates SSSD must be able " +"to map certificates to users. This can be done by adding the full " +"certificate to the LDAP object of the user or to a local override. While " +"using the full certificate is required to use the Smartcard authentication " +"feature of SSH (see <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> for details) it " +"might be cumbersome or not even possible to do this for the general case " +"where local services use PAM for authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4337 +msgid "" +"To make the mapping more flexible mapping and matching rules were added to " +"SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4346 +msgid "" +"A mapping and matching rule can be added to the SSSD configuration in a " +"section on its own with a name like <quote>[certmap/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</" +"replaceable>]</quote>. In this section the following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4353 +msgid "matchrule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4356 +msgid "" +"Only certificates from the Smartcard which matches this rule will be " +"processed, all others are ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4360 +msgid "" +"Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " +"Extended Key Usage <quote>clientAuth</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4367 +msgid "maprule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4370 +msgid "Defines how the user is found for a given certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4376 +msgid "" +"LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " +"<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4382 +msgid "" +"The RULE_NAME for the <quote>files</quote> provider which tries to find a " +"user with the same name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4391 +msgid "domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4394 +msgid "" +"Comma separated list of domain names the rule should be applied. By default " +"a rule is only valid in the domain configured in sssd.conf. If the provider " +"supports subdomains this option can be used to add the rule to subdomains as " +"well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4401 +msgid "Default: the configured domain in sssd.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4406 +msgid "priority (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4409 +msgid "" +"Unsigned integer value defining the priority of the rule. The higher the " +"number the lower the priority. <quote>0</quote> stands for the highest " +"priority while <quote>4294967295</quote> is the lowest." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4415 +msgid "Default: the lowest priority" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4421 +msgid "" +"To make the configuration simple and reduce the amount of configuration " +"options the <quote>files</quote> provider has some special properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4427 +msgid "" +"if maprule is not set the RULE_NAME name is assumed to be the name of the " +"matching user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4433 +msgid "" +"if a maprule is used both a single user name or a template like " +"<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " +"<quote>(username)</quote> or <quote>({subject_rfc822_name.short_name})</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4442 +msgid "the <quote>domains</quote> option is ignored" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4450 +msgid "PROMPTING CONFIGURATION SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4452 +msgid "" +"If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" +"filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " +"which authentication methods are available for the user trying to log in. " +"Based on the results pam_sss will prompt the user for appropriate " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4460 +msgid "" +"With the growing number of authentication methods and the possibility that " +"there are multiple ones for a single user the heuristic used by pam_sss to " +"select the prompting might not be suitable for all use cases. The following " +"options should provide a better flexibility here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4472 +msgid "[prompting/password]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4475 +msgid "password_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4476 +msgid "to change the string of the password prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4474 +msgid "" +"to configure password prompting, allowed options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4484 +msgid "[prompting/2fa]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4488 +msgid "first_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4489 +msgid "to change the string of the prompt for the first factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4492 +msgid "second_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4493 +msgid "to change the string of the prompt for the second factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4496 +msgid "single_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4497 +msgid "" +"boolean value, if True there will be only a single prompt using the value of " +"first_prompt where it is expected that both factors are entered as a single " +"string. Please note that both factors have to be entered here, even if the " +"second factor is optional." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4486 +msgid "" +"to configure two-factor authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " +"optional and it should be possible to log in either only with the password " +"or with both factors two-step prompting has to be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4514 +msgid "[prompting/passkey]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4522 +msgid "" +"boolean value, if True prompt a message and wait before testing the presence " +"of a passkey device. Recommended if your device doesn’t have a tactile " +"trigger." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4530 +msgid "interactive_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4532 +msgid "to change the message of the interactive prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4537 +msgid "touch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4539 +msgid "" +"boolean value, if True prompt a message to remind the user to touch the " +"device." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4545 +msgid "touch_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4547 +msgid "to change the message of the touch prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4516 +msgid "" +"to configure passkey authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4467 +msgid "" +"Each supported authentication method has its own configuration subsection " +"under <quote>[prompting/...]</quote>. Currently there are: <placeholder " +"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/" +"> <placeholder type=\"variablelist\" id=\"2\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4558 +msgid "" +"It is possible to add a subsection for specific PAM services, e.g. " +"<quote>[prompting/password/sshd]</quote> to individual change the prompting " +"for this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +msgid "EXAMPLES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4571 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4567 +msgid "" +"1. The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4604 +#, no-wrap +msgid "" +"[domain/ipa.com/child.ad.com]\n" +"use_fully_qualified_names = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4598 +msgid "" +"2. The following example shows configuration of IPA AD trust where the AD " +"forest consists of two domains in a parent-child structure. Suppose IPA " +"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain " +"(child.ad.com). To enable shortnames in the child domain the following " +"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/" +">" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4615 +#, no-wrap +msgid "" +"[certmap/my.domain/rule_name]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +"maprule = (userCertificate;binary={cert!bin})\n" +"domains = my.domain, your.domain\n" +"priority = 10\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4609 +msgid "" +"3. The following example shows the configuration of a certificate mapping " +"rule. It is valid for the configured domain <quote>my.domain</quote> and " +"additionally for the subdomains <quote>your.domain</quote> and uses the full " +"certificate in the search filter. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "sssd-ldap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:21 pam_sss.8.xml:63 pam_sss_gss.8.xml:30 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21 +#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 +#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sssd-krb5.5.xml:21 +#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 +#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 +#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30 +#: sssd-files.5.xml:21 sssd-session-recording.5.xml:21 sssd-kcm.8.xml:21 +#: sssd-systemtap.5.xml:21 sssd-ldap-attributes.5.xml:21 +#: sssd_krb5_localauth_plugin.8.xml:20 +msgid "DESCRIPTION" +msgstr "DESCRIÇÃO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 +#: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 +msgid "CONFIGURATION OPTIONS" +msgstr "OPÇÕES DE CONFIGURAÇÃO" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:67 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:77 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:80 +msgid "ldap[s]://<host>[:port]" +msgstr "ldap[s]://<host>[:port]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:83 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:86 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:92 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:102 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:106 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "Padrão: empty, ou seja, ldap_uri é usado." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:112 +msgid "ldap_search_base (string)" +msgstr "ldap_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:115 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:123 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 +msgid "Examples:" +msgstr "Exemplos:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:136 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:141 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:151 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:165 +msgid "ldap_schema (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:175 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:179 +msgid "rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:184 +msgid "rfc2307bis" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:189 +msgid "IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:194 +msgid "AD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:200 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:210 +msgid "Default: rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:216 +msgid "ldap_pwmodify_mode (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:219 +msgid "Specify the operation that is used to modify user password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:223 +msgid "Two modes are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:227 +msgid "exop - Password Modify Extended Operation (RFC 3062)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:233 +msgid "ldap_modify - Direct modification of userPassword (not recommended)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:240 +msgid "" +"Note: First, a new connection is established to verify current password by " +"binding as the user that requested password change. If successful, this " +"connection is used to change the password therefore the user must have write " +"access to userPassword attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:248 +msgid "Default: exop" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:254 +msgid "ldap_default_bind_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:264 +msgid "ldap_default_authtok_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:267 +msgid "The type of the authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:271 +msgid "The two mechanisms currently supported are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:274 +msgid "password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:277 +msgid "obfuscated_password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:280 +msgid "Default: password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "" +"See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:294 +msgid "ldap_default_authtok (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:297 +msgid "The authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:303 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "ldap_force_upper_case_realm (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:306 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:319 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "ldap_enumeration_refresh_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:338 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:341 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:347 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:367 +msgid "ldap_group_nesting_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:370 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:395 +msgid "Default: 2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:404 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:439 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:444 +msgid "ldap_iphost_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:449 +msgid "ldap_ipnetwork_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:454 +msgid "ldap_search_timeout (integer)" +msgstr "ldap_search_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:457 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:463 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:480 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:483 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:501 +msgid "ldap_network_timeout (integer)" +msgstr "ldap_network_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:532 +msgid "ldap_opt_timeout (integer)" +msgstr "ldap_opt_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:535 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:555 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:558 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:566 +msgid "" +"If the connection is idle (not actively running an operation) within " +"<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " +"closed early to ensure that a new query cannot require the connection to " +"remain open past its expiration. This implies that connections will always " +"be closed immediately and will never be reused if " +"<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:578 +msgid "" +"This timeout can be extended of a random value specified by " +"<emphasis>ldap_connection_expire_offset</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_connection_expire_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"Random offset between 0 and configured value is added to " +"<emphasis>ldap_connection_expire_timeout</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:613 +#, fuzzy +#| msgid "ldap_network_timeout (integer)" +msgid "ldap_connection_idle_timeout (integer)" +msgstr "ldap_network_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:616 +msgid "" +"Specifies a timeout (in seconds) that an idle connection to an LDAP server " +"will be maintained. If the connection is idle for more than this time then " +"the connection will be closed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:622 +msgid "You can disable this timeout by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:637 +msgid "ldap_page_size (integer)" +msgstr "ldap_page_size (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:640 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:651 +msgid "ldap_disable_paging (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:654 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:660 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:666 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:678 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:681 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:684 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:699 +msgid "ldap_sasl_minssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:702 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:715 +msgid "ldap_sasl_maxssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:718 +msgid "" +"When communicating with an LDAP server using SASL, specify the maximal " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:731 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:734 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:740 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0. " +"Please note that there are some codepaths in SSSD, like the IPA HBAC " +"provider, that are only implemented using the dereference call, so even with " +"dereference explicitly disabled, those parts will still use dereference if " +"the server supports it and advertises the dereference control in the rootDSE " +"object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:751 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:759 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:772 +msgid "ldap_ignore_unreadable_references (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:775 +msgid "" +"Ignore unreadable LDAP entries referenced in group's member attribute. If " +"this parameter is set to false an error will be returned and the operation " +"will fail instead of just ignoring the unreadable entry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:782 +msgid "" +"This parameter may be useful when using the AD provider and the computer " +"account that sssd uses to connect to AD does not have access to a particular " +"entry or LDAP sub-tree for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:795 +msgid "ldap_tls_reqcert (string)" +msgstr "ldap_tls_reqcert (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:798 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" +"<emphasis>never</emphasis> = O cliente não irá solicitar ou verificar " +"qualquer certificado de servidor." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:808 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:815 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:821 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:827 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:831 +msgid "Default: hard" +msgstr "Padrão: hard" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:837 +msgid "ldap_tls_cacert (string)" +msgstr "ldap_tls_cacert (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:840 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:852 +msgid "ldap_tls_cacertdir (string)" +msgstr "ldap_tls_cacertdir (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:855 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:870 +msgid "ldap_tls_cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:873 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:883 +msgid "ldap_tls_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:886 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:895 +msgid "ldap_tls_cipher_suite (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:898 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "ldap_id_use_start_tls (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:914 +msgid "" +"Specifies that the id_provider connection must also use <systemitem " +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_id_mapping (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:934 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:944 +msgid "ldap_min_id, ldap_max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:947 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:959 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:965 +msgid "ldap_sasl_mech (string)" +msgstr "ldap_sasl_mech (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:968 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " +"tested and supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:972 +msgid "" +"If the backend supports sub-domains the value of ldap_sasl_mech is " +"automatically inherited to the sub-domains. If a different value is needed " +"for a sub-domain it can be overwritten by setting ldap_sasl_mech for this " +"sub-domain explicitly. Please see TRUSTED DOMAIN SECTION in " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:988 +msgid "ldap_sasl_authid (string)" +msgstr "ldap_sasl_authid (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ldap.5.xml:1000 +#, no-wrap +msgid "" +"hostname@REALM\n" +"netbiosname$@REALM\n" +"host/hostname@REALM\n" +"*$@REALM\n" +"host/*@REALM\n" +"host/*\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:991 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " +"this represents the Kerberos principal used for authentication to the " +"directory. This option can either contain the full principal (for example " +"host/myhost@EXAMPLE.COM) or just the principal name (for example host/" +"myhost). By default, the value is not set and the following principals are " +"used: <placeholder type=\"programlisting\" id=\"0\"/> If none of them are " +"found, the first principal in keytab is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1011 +msgid "Default: host/hostname@REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1017 +msgid "ldap_sasl_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1026 +msgid "Default: the value of krb5_realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1032 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "ldap_sasl_canonicalize (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1035 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1040 +msgid "Default: false;" +msgstr "Padrão: false;" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1046 +msgid "ldap_krb5_keytab (string)" +msgstr "ldap_krb5_keytab (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1049 +msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" +"Padrão: Sistema keytab, normalmente <filename>/etc/krb5.keytab</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1064 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "ldap_krb5_init_creds (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1067 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI or GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1079 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "ldap_krb5_ticket_lifetime (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 +msgid "Default: 86400 (24 hours)" +msgstr "Padrão: 86400 (24 horas)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1100 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "krb5_realm (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1129 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1133 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 +msgid "krb5_canonicalize (boolean)" +msgstr "krb5_canonicalize (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1142 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1182 +msgid "ldap_pwd_policy (string)" +msgstr "ldap_pwd_policy (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1185 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1190 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired. Please see option " +"\"ldap_chpass_update_last_change\" as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1203 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1212 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1220 +msgid "ldap_referrals (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1223 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1227 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1232 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement. Setting this option to " +"false is therefore recommended in case the SSSD LDAP provider is used " +"together with Microsoft Active Directory as a backend. Even if SSSD would be " +"able to follow the referral to a different AD DC no additional data would be " +"available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1251 +msgid "ldap_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1254 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1258 +msgid "Default: ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1264 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1267 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1278 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1281 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1287 +msgid "" +"It is recommend to set this option explicitly if \"ldap_pwd_policy = " +"shadow\" is used to let SSSD know if the LDAP server will update " +"shadowLastChange LDAP attribute automatically after a password change or if " +"SSSD has to update it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1301 +msgid "ldap_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1304 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1324 +msgid "Example:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1327 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1331 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1336 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 +msgid "Default: Empty" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1350 +msgid "ldap_account_expire_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1353 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1357 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1364 +msgid "The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1367 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1372 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1379 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1393 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1406 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1413 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1416 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1426 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1433 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1450 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 +msgid "" +"The difference between these options is the action taken if user password is " +"expired:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 +msgid "pwd_expire_policy_reject - user is denied to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 +msgid "pwd_expire_policy_warn - user is still able to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 +msgid "" +"pwd_expire_policy_renew - user is prompted to change their password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1489 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1499 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1503 +msgid "" +"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " +"remote host can access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "" +"Please note, rhost field in pam is set by application, it is better to check " +"what the application sends to pam, before enabling this access control option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1512 +msgid "Default: filter" +msgstr "Padrão: filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1515 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1522 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1525 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1533 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1536 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1542 +msgid "ldap_deref (string)" +msgstr "ldap_deref (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1545 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1550 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1559 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1564 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1569 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1577 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1580 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1584 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1595 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 +msgid "wildcard_limit (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1610 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1614 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1624 +#, fuzzy +#| msgid "ldap_page_size (integer)" +msgid "ldap_library_debug_level (integer)" +msgstr "ldap_page_size (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1627 +msgid "" +"Switches on libldap debugging with the given level. The libldap debug " +"messages will be written independent of the general debug_level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1632 +msgid "" +"OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " +"enable full debug output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1637 +msgid "Default: 0 (libldap debugging disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:52 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. Note that SSSD " +"LDAP mapping attributes are described in the <citerefentry> " +"<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1647 +msgid "SUDO OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1649 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1660 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1663 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1668 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1673 +msgid "" +"You can disable full refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 +msgid "Default: 21600 (6 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest " +"server USN value that is currently known by SSSD)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1693 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1697 +msgid "" +"<emphasis>Note:</emphasis> the highest USN value can be updated by three " +"tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +"enumeration of users and groups (if enabled and updated users or groups are " +"found) and 3) by reconnecting to the server (by default every 15 minutes, " +"see <emphasis>ldap_connection_expire_timeout</emphasis>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1708 +msgid "" +"You can disable smart refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1719 +#, fuzzy +#| msgid "ldap_opt_timeout (integer)" +msgid "ldap_sudo_random_offset (integer)" +msgstr "ldap_opt_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1722 +msgid "" +"Random offset between 0 and configured value is added to smart and full " +"refresh periods each time the periodic task is scheduled. The value is in " +"seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Note that this random offset is also applied on the first SSSD start which " +"delays the first sudo rules refresh. This prolongs the time when the sudo " +"rules are not available for use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1734 +msgid "You can disable this offset by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1744 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1747 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1758 +msgid "ldap_sudo_hostnames (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1761 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1766 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 +msgid "Default: not specified" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1782 +msgid "ldap_sudo_ip (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1785 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1790 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1805 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1808 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1823 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1826 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +#: sssd-ldap.5.xml:1836 +msgid "" +"Using wildcard is an operation that is very costly to evaluate on the LDAP " +"server side!" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1848 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1858 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1866 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1869 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1872 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1883 +msgid "ADVANCED OPTIONS" +msgstr "OPÇÕES AVANÇADAS" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1890 +msgid "ldap_netgroup_search_base (string)" +msgstr "ldap_netgroup_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1895 +msgid "ldap_user_search_base (string)" +msgstr "ldap_user_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1900 +msgid "ldap_group_search_base (string)" +msgstr "ldap_group_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:1905 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no GID mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:1914 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1916 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1885 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder " +"type=\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 +msgid "EXAMPLE" +msgstr "EXEMPLO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1944 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 +#: include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1955 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1957 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1962 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "NOTAS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1979 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:11 pam_sss.8.xml:16 +msgid "pam_sss" +msgstr "pam_sss" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: pam_sss.8.xml:12 pam_sss_gss.8.xml:12 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11 +#: sssd_krb5_localauth_plugin.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:17 +msgid "PAM module for SSSD" +msgstr "Módulo PAM para SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:22 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg " +"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg " +"choice='opt'> <replaceable>prompt_always</replaceable> </arg> <arg " +"choice='opt'> <replaceable>try_cert_auth</replaceable> </arg> <arg " +"choice='opt'> <replaceable>require_cert_auth</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:64 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123 +#: sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "Opções" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:74 +msgid "<option>quiet</option>" +msgstr "<option>quiet</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:77 +msgid "Suppress log messages for unknown users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>forward_pass</option>" +msgstr "<option>forward_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:92 +msgid "<option>use_first_pass</option>" +msgstr "<option>use_first_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:95 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>use_authtok</option>" +msgstr "<option>use_authtok</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:113 +msgid "<option>retry=N</option>" +msgstr "<option>retry=N</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:116 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:118 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:130 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:137 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:141 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:148 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:152 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:158 +msgid "" +"NOTE: If this is used for a service not running as root user, e.g. a web-" +"server, it must be used in conjunction with the <quote>pam_trusted_users</" +"quote> and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:173 +msgid "<option>allow_missing_name</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:177 +msgid "" +"The main purpose of this option is to let SSSD determine the user name based " +"on additional information, e.g. the certificate from a Smartcard." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: pam_sss.8.xml:187 +#, no-wrap +msgid "" +"auth sufficient pam_sss.so allow_missing_name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:182 +msgid "" +"The current use case are login managers which can monitor a Smartcard reader " +"for card events. In case a Smartcard is inserted the login manager will call " +"a PAM stack which includes a line like <placeholder type=\"programlisting\" " +"id=\"0\"/> In this case SSSD will try to determine the user name based on " +"the content of the Smartcard, returns it to pam_sss which will finally put " +"it on the PAM stack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:197 +msgid "<option>prompt_always</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:201 +msgid "" +"Always prompt the user for credentials. With this option credentials " +"requested by other PAM modules, typically a password, will be ignored and " +"pam_sss will prompt for credentials again. Based on the pre-auth reply by " +"SSSD pam_sss might prompt for a password, a Smartcard PIN or other " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:212 +msgid "<option>try_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:216 +msgid "" +"Try to use certificate based authentication, i.e. authentication with a " +"Smartcard or similar devices. If a Smartcard is available and the service is " +"allowed for Smartcard authentication the user will be prompted for a PIN and " +"the certificate based authentication will continue" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:224 +msgid "" +"If no Smartcard is available or certificate based authentication is not " +"allowed for the current service PAM_AUTHINFO_UNAVAIL is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:232 +msgid "<option>require_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:236 +msgid "" +"Do certificate based authentication, i.e. authentication with a Smartcard " +"or similar devices. If a Smartcard is not available the user will be " +"prompted to insert one. SSSD will wait for a Smartcard until the timeout " +"defined by p11_wait_for_card_timeout passed, please see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:246 +msgid "" +"If no Smartcard is available after the timeout or certificate based " +"authentication is not allowed for the current service PAM_AUTHINFO_UNAVAIL " +"is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:256 pam_sss_gss.8.xml:103 +msgid "MODULE TYPES PROVIDED" +msgstr "MÓDULOS TIPO FORNECIDOS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:257 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:260 +msgid "" +"If SSSD's PAM responder is not running, e.g. if the PAM responder socket is " +"not available, pam_sss will return PAM_USER_UNKNOWN when called as " +"<option>account</option> module to avoid issues with users from other " +"sources during access control." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:267 pam_sss_gss.8.xml:108 +msgid "RETURN VALUES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:270 pam_sss_gss.8.xml:111 +msgid "PAM_SUCCESS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:273 pam_sss_gss.8.xml:114 +msgid "The PAM operation finished successfully." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:278 pam_sss_gss.8.xml:119 +msgid "PAM_USER_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:281 +msgid "" +"The user is not known to the authentication service or the SSSD's PAM " +"responder is not running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:287 pam_sss_gss.8.xml:128 +msgid "PAM_AUTH_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:290 +msgid "" +"Authentication failure. Also, could be returned when there is a problem with " +"getting the certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:296 +msgid "PAM_PERM_DENIED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:299 +msgid "" +"Permission denied. The SSSD log files may contain additional information " +"about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:305 +msgid "PAM_IGNORE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:308 +msgid "" +"See options <option>ignore_unknown_user</option> and " +"<option>ignore_authinfo_unavail</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:314 +msgid "PAM_AUTHTOK_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:317 +msgid "" +"Unable to obtain the new authentication token. Also, could be returned when " +"the user authenticates with certificates and multiple certificates are " +"available, but the installed version of GDM does not support selection from " +"multiple certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:325 pam_sss_gss.8.xml:136 +msgid "PAM_AUTHINFO_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:328 pam_sss_gss.8.xml:139 +msgid "" +"Unable to access the authentication information. This might be due to a " +"network or hardware failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:334 +msgid "PAM_BUF_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:337 +msgid "" +"A memory error occurred. Also, could be returned when options use_first_pass " +"or use_authtok were set, but no password was found from the previously " +"stacked PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:344 pam_sss_gss.8.xml:145 +msgid "PAM_SYSTEM_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:347 pam_sss_gss.8.xml:148 +msgid "" +"A system error occurred. The SSSD log files may contain additional " +"information about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:353 +msgid "PAM_CRED_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:356 +msgid "Unable to set the credentials of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:361 +msgid "PAM_CRED_INSUFFICIENT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:364 +msgid "" +"The application does not have sufficient credentials to authenticate the " +"user. For example, missing PIN during smartcard authentication or missing " +"factor during two-factor authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:372 +msgid "PAM_SERVICE_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:375 +msgid "Error in service module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:380 +msgid "PAM_NEW_AUTHTOK_REQD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:383 +msgid "The user's authentication token has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:388 +msgid "PAM_ACCT_EXPIRED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:391 +msgid "The user account has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:396 +msgid "PAM_SESSION_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:399 +msgid "Unable to fetch IPA Desktop Profile rules or user info." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:404 +msgid "PAM_CRED_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:407 +msgid "Unable to retrieve Kerberos user credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:412 +msgid "PAM_NO_MODULE_DATA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:415 +msgid "" +"No authentication method was found by Kerberos. This might happen if the " +"user has a Smartcard assigned but the pkint plugin is not available on the " +"client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:422 +msgid "PAM_CONV_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:425 +msgid "Conversation failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:430 +msgid "PAM_AUTHTOK_LOCK_BUSY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:433 +msgid "No KDC suitable for password change is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:438 +msgid "PAM_ABORT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:441 +msgid "Unknown PAM call." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:446 +msgid "PAM_MODULE_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:449 +msgid "Unsupported PAM task or command." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:454 +msgid "PAM_BAD_ITEM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:457 +msgid "The authentication module cannot handle Smartcard credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:465 +msgid "FILES" +msgstr "FICHEIROS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:466 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:471 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:481 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss_gss.8.xml:11 pam_sss_gss.8.xml:16 +#, fuzzy +#| msgid "pam_sss" +msgid "pam_sss_gss" +msgstr "pam_sss" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss_gss.8.xml:17 +#, fuzzy +#| msgid "PAM module for SSSD" +msgid "PAM module for SSSD GSSAPI authentication" +msgstr "Módulo PAM para SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss_gss.8.xml:22 +#, fuzzy +#| msgid "" +#| "<command>sssd</command> <arg choice='opt'> <replaceable>options</" +#| "replaceable> </arg>" +msgid "" +"<command>pam_sss_gss.so</command> <arg choice='opt'> <replaceable>debug</" +"replaceable> </arg>" +msgstr "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:32 +msgid "" +"<command>pam_sss_gss.so</command> authenticates user over GSSAPI in " +"cooperation with SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:36 +msgid "" +"This module will try to authenticate the user using the GSSAPI hostbased " +"service name host@hostname which translates to host/hostname@REALM Kerberos " +"principal. The <emphasis>REALM</emphasis> part of the Kerberos principal " +"name is derived by Kerberos internal mechanisms and it can be set explicitly " +"in configuration of [domain_realm] section in /etc/krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:44 +msgid "" +"SSSD is used to provide desired service name and to validate the user's " +"credentials using GSSAPI calls. If the service ticket is already present in " +"the Kerberos credentials cache or if user's ticket granting ticket can be " +"used to get the correct service ticket then the user will be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:51 +msgid "" +"If <option>pam_gssapi_check_upn</option> is True (default) then SSSD " +"requires that the credentials used to obtain the service tickets can be " +"associated with the user. This means that the principal that owns the " +"Kerberos credentials must match with the user principal name as defined in " +"LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:58 +msgid "" +"To enable GSSAPI authentication in SSSD, set <option>pam_gssapi_services</" +"option> option in [pam] or domain section of sssd.conf. The service " +"credentials need to be stored in SSSD's keytab (it is already present if you " +"use ipa or ad provider). The keytab location can be set with " +"<option>krb5_keytab</option> option. See <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> and " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more details on these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:74 +msgid "" +"Some Kerberos deployments allow to associate authentication indicators with " +"a particular pre-authentication method used to obtain the ticket granting " +"ticket by the user. <command>pam_sss_gss.so</command> allows to enforce " +"presence of authentication indicators in the service tickets before a " +"particular PAM service can be accessed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:82 +msgid "" +"If <option>pam_gssapi_indicators_map</option> is set in the [pam] or domain " +"section of sssd.conf, then SSSD will perform a check of the presence of any " +"configured indicators in the service ticket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss_gss.8.xml:93 +#, fuzzy +#| msgid "<option>quiet</option>" +msgid "<option>debug</option>" +msgstr "<option>quiet</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:96 +msgid "Print debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:104 +msgid "Only the <option>auth</option> module type is provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:122 +msgid "" +"The user is not known to the authentication service or the GSSAPI " +"authentication is not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:131 +msgid "Authentication failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:159 +msgid "" +"The main use case is to provide password-less authentication in sudo but " +"without the need to disable authentication completely. To achieve this, " +"first enable GSSAPI authentication for sudo in sssd.conf:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:165 +#, no-wrap +msgid "" +"[domain/MYDOMAIN]\n" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:169 +msgid "" +"And then enable the module in desired PAM stack (e.g. /etc/pam.d/sudo and /" +"etc/pam.d/sudo-i)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:173 +#, no-wrap +msgid "" +"...\n" +"auth sufficient pam_sss_gss.so\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss_gss.8.xml:180 +msgid "TROUBLESHOOTING" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:182 +msgid "" +"SSSD logs, pam_sss_gss debug output and syslog may contain helpful " +"information about the error. Here are some common issues:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:186 +msgid "" +"1. I have KRB5CCNAME environment variable set and the authentication does " +"not work: Depending on your sudo version, it is possible that sudo does not " +"pass this variable to the PAM environment. Try adding KRB5CCNAME to " +"<option>env_keep</option> in /etc/sudoers or in your LDAP sudo rules default " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:193 +msgid "" +"2. Authentication does not work and syslog contains \"Server not found in " +"Kerberos database\": Kerberos is probably not able to resolve correct realm " +"for the service ticket based on the hostname. Try adding the hostname " +"directly to <option>[domain_realm]</option> in /etc/krb5.conf like so:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:200 +msgid "" +"3. Authentication does not work and syslog contains \"No Kerberos " +"credentials available\": You don't have any credentials that can be used to " +"obtain the required service ticket. Use kinit or authenticate over SSSD to " +"acquire those credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:206 +msgid "" +"4. Authentication does not work and SSSD sssd-pam log contains \"User with " +"UPN [$UPN] was not found.\" or \"UPN [$UPN] does not match target user " +"[$username].\": You are using credentials that can not be mapped to the user " +"that is being authenticated. Try to use kswitch to select different " +"principal, make sure you authenticated with SSSD or consider disabling " +"<option>pam_gssapi_check_upn</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:214 +#, no-wrap +msgid "" +"[domain_realm]\n" +".myhostname = MYREALM\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "sssd_krb5_locator_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by libkrb5 to find KDCs for a given Kerberos realm. SSSD provides such " +"a plugin to guide all Kerberos clients on a system to a single KDC. In " +"general it should not matter to which KDC a client process is talking to. " +"But there are cases, e.g. after a password change, where not all KDCs are in " +"the same state because the new data has to be replicated first. To avoid " +"unexpected authentication failures and maybe even account lockings it would " +"be good to talk to a single KDC as long as possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:34 +msgid "" +"libkrb5 will search the locator plugin in the libkrb5 sub-directory of the " +"Kerberos plugin directory, see plugin_base_dir in <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for details. The plugin can only be disabled by removing the " +"plugin file. There is no option in the Kerberos configuration to disable it. " +"But the SSSD_KRB5_LOCATOR_DISABLE environment variable can be used to " +"disable the plugin for individual commands. Alternatively the SSSD option " +"krb5_use_kdcinfo=False can be used to not generate the data needed by the " +"plugin. With this the plugin is still called but will provide no data to the " +"caller so that libkrb5 can fall back to other methods defined in krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:50 +msgid "" +"The plugin reads the information about the KDCs of a given realm from a file " +"called <filename>kdcinfo.REALM</filename>. The file should contain one or " +"more DNS names or IP addresses either in dotted-decimal IPv4 notation or the " +"hexadecimal IPv6 notation. An optional port number can be added to the end " +"separated with a colon, the IPv6 address has to be enclosed in squared " +"brackets in this case as usual. Valid entries are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:58 +msgid "kdc.example.com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:59 +msgid "kdc.example.com:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:60 +msgid "1.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:61 +msgid "5.6.7.8:99" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:62 +msgid "2001:db8:85a3::8a2e:370:7334" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "[2001:db8:85a3::8a2e:370:7334]:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:65 +msgid "" +"SSSD's krb5 auth-provider which is used by the IPA and AD providers as well " +"adds the address of the current KDC or domain controller SSSD is using to " +"this file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:70 +msgid "" +"In environments with read-only and read-write KDCs where clients are " +"expected to use the read-only instances for the general operations and only " +"the read-write KDC for config changes like password changes a " +"<filename>kpasswdinfo.REALM</filename> is used as well to identify read-" +"write KDCs. If this file exists for the given realm the content will be used " +"by the plugin to reply to requests for a kpasswd or kadmin server or for the " +"MIT Kerberos specific master KDC. If the address contains a port number the " +"default KDC port 88 will be used for the latter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:85 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:91 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:95 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value " +"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the " +"caller." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:100 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES is set to " +"any value plugin will try to resolve all DNS names in kdcinfo file. By " +"default plugin returns KRB5_PLUGIN_NO_HANDLE to the caller immediately on " +"first DNS resolving failure." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "sssd-simple" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:83 sssd-ad.5.xml:131 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss-certmap.5.xml:10 sss-certmap.5.xml:16 +msgid "sss-certmap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss-certmap.5.xml:17 +msgid "SSSD Certificate Matching and Mapping Rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:23 +msgid "" +"The manual page describes the rules which can be used by SSSD and other " +"components to match X.509 certificates and map them to accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:28 +msgid "" +"Each rule has four components, a <quote>priority</quote>, a <quote>matching " +"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</" +"quote>. All components are optional. A missing <quote>priority</quote> will " +"add the rule with the lowest priority. The default <quote>matching rule</" +"quote> will match certificates with the digitalSignature key usage and " +"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty " +"the certificates will be searched in the userCertificate attribute as DER " +"encoded binary. If no domains are given only the local domain will be " +"searched." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:39 +msgid "" +"To allow extensions or completely different style of rule the " +"<quote>mapping</quote> and <quote>matching rules</quote> can contain a " +"prefix separated with a ':' from the main part of the rule. The prefix may " +"only contain upper-case ASCII letters and numbers. If the prefix is omitted " +"the default type will be used which is 'KRB5' for the matching rules and " +"'LDAP' for the mapping rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:48 +msgid "" +"The 'sssctl' utility provides the 'cert-eval-rule' command to check if a " +"given certificate matches a matching rules and how the output of a mapping " +"rule would look like." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss-certmap.5.xml:55 +msgid "RULE COMPONENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:57 +msgid "PRIORITY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:59 +msgid "" +"The rules are processed by priority while the number '0' (zero) indicates " +"the highest priority. The higher the number the lower is the priority. A " +"missing value indicates the lowest priority. The rules processing is stopped " +"when a matched rule is found and no further rules are checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:66 +msgid "" +"Internally the priority is treated as unsigned 32bit integer, using a " +"priority value larger than 4294967295 will cause an error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:70 +msgid "" +"If multiple rules have the same priority and only one of the related " +"matching rules applies, this rule will be chosen. If there are multiple " +"rules with the same priority which matches, one is chosen but which one is " +"undefined. To avoid this undefined behavior either use different priorities " +"or make the matching rules more specific e.g. by using distinct <" +"ISSUER> patterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:79 +msgid "MATCHING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:81 +msgid "" +"The matching rule is used to select a certificate to which the mapping rule " +"should be applied. It uses a system similar to the one used by " +"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a " +"keyword enclosed by '<' and '>' which identified a certain part of the " +"certificate and a pattern which should be found for the rule to match. " +"Multiple keyword pattern pairs can be either joined with '&&' (and) " +"or '||' (or)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:90 +msgid "" +"Given the similarity to MIT Kerberos the type prefix for this rule is " +"'KRB5'. But 'KRB5' will also be the default for <quote>matching rules</" +"quote> so that \"<SUBJECT>.*,DC=MY,DC=DOMAIN\" and \"KRB5:<" +"SUBJECT>.*,DC=MY,DC=DOMAIN\" are equivalent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:99 +msgid "<SUBJECT>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:102 +msgid "" +"With this a part or the whole subject name of the certificate can be " +"matched. For the matching POSIX Extended Regular Expression syntax is used, " +"see regex(7) for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:108 +msgid "" +"For the matching the subject name stored in the certificate in DER encoded " +"ASN.1 is converted into a string according to RFC 4514. This means the most " +"specific name component comes first. Please note that not all possible " +"attribute names are covered by RFC 4514. The names included are 'CN', 'L', " +"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might " +"be shown differently on different platform and by different tools. To avoid " +"confusion those attribute names are best not used or covered by a suitable " +"regular-expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:121 +msgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:124 +msgid "" +"Please note that the characters \"^.[$()|*+?{\\\" have a special meaning in " +"regular expressions and must be escaped with the help of the '\\' character " +"so that they are matched as ordinary characters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:130 +msgid "Example: <SUBJECT>^CN=.* \\(Admin\\),DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:135 +msgid "<ISSUER>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:138 +msgid "" +"With this a part or the whole issuer name of the certificate can be matched. " +"All comments for <SUBJECT> apply her as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:143 +msgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:148 +msgid "<KU>key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:151 +msgid "" +"This option can be used to specify which key usage values the certificate " +"should have. The following values can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:155 +msgid "digitalSignature" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:156 +msgid "nonRepudiation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:157 +msgid "keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:158 +msgid "dataEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:159 +msgid "keyAgreement" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:160 +msgid "keyCertSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:161 +msgid "cRLSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:162 +msgid "encipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:163 +msgid "decipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:167 +msgid "" +"A numerical value in the range of a 32bit unsigned integer can be used as " +"well to cover special use cases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:171 +msgid "Example: <KU>digitalSignature,keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:176 +msgid "<EKU>extended-key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:179 +msgid "" +"This option can be used to specify which extended key usage the certificate " +"should have. The following value can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:183 +msgid "serverAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:184 +msgid "clientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:185 +msgid "codeSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:186 +msgid "emailProtection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:187 +msgid "timeStamping" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:188 +msgid "OCSPSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:189 +msgid "KPClientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:190 +msgid "pkinit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:191 +msgid "msScLogin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:195 +msgid "" +"Extended key usages which are not listed above can be specified with their " +"OID in dotted-decimal notation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:199 +msgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:204 +msgid "<SAN>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:207 +msgid "" +"To be compatible with the usage of MIT Kerberos this option will match the " +"Kerberos principals in the PKINIT or AD NT Principal SAN as <SAN:" +"Principal> does." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:212 +msgid "Example: <SAN>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:217 +msgid "<SAN:Principal>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:220 +msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:224 +msgid "Example: <SAN:Principal>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:229 +msgid "<SAN:ntPrincipalName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:232 +msgid "Match the Kerberos principals from the AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:236 +msgid "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:241 +msgid "<SAN:pkinit>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:244 +msgid "Match the Kerberos principals from the PKINIT SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:247 +msgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:252 +msgid "<SAN:dotted-decimal-oid>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:255 +msgid "" +"Take the value of the otherName SAN component given by the OID in dotted-" +"decimal notation, interpret it as string and try to match it against the " +"regular expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:261 +msgid "Example: <SAN:1.2.3.4>test" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:266 +msgid "<SAN:otherName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:269 +msgid "" +"Do a binary match with the base64 encoded blob against all otherName SAN " +"components. With this option it is possible to match against custom " +"otherName components with special encodings which could not be treated as " +"strings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:276 +msgid "Example: <SAN:otherName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:281 +msgid "<SAN:rfc822Name>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:284 +msgid "Match the value of the rfc822Name SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:287 +msgid "Example: <SAN:rfc822Name>.*@email\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:292 +msgid "<SAN:dNSName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:295 +msgid "Match the value of the dNSName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:298 +msgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:303 +msgid "<SAN:x400Address>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:306 +msgid "Binary match the value of the x400Address SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:309 +msgid "Example: <SAN:x400Address>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:314 +msgid "<SAN:directoryName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:317 +msgid "" +"Match the value of the directoryName SAN. The same comments as given for <" +"ISSUER> and <SUBJECT> apply here as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:322 +msgid "Example: <SAN:directoryName>.*,DC=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:327 +msgid "<SAN:ediPartyName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:330 +msgid "Binary match the value of the ediPartyName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:333 +msgid "Example: <SAN:ediPartyName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:338 +msgid "<SAN:uniformResourceIdentifier>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:341 +msgid "Match the value of the uniformResourceIdentifier SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:344 +msgid "Example: <SAN:uniformResourceIdentifier>URN:.*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:349 +msgid "<SAN:iPAddress>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:352 +msgid "Match the value of the iPAddress SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:355 +msgid "Example: <SAN:iPAddress>192\\.168\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:360 +msgid "<SAN:registeredID>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:363 +msgid "Match the value of the registeredID SAN as dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:367 +msgid "Example: <SAN:registeredID>1\\.2\\.3\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:96 +msgid "" +"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:375 +msgid "MAPPING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:377 +msgid "" +"The mapping rule is used to associate a certificate with one or more " +"accounts. A Smartcard with the certificate and the matching private key can " +"then be used to authenticate as one of those accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:382 +msgid "" +"Currently SSSD basically only supports LDAP to lookup user information (the " +"exception is the proxy provider which is not of relevance here). Because of " +"this the mapping rule is based on LDAP search filter syntax with templates " +"to add certificate content to the filter. It is expected that the filter " +"will only contain the specific data needed for the mapping and that the " +"caller will embed it in another filter to do the actual search. Because of " +"this the filter string should start and stop with '(' and ')' respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:392 +msgid "" +"In general it is recommended to use attributes from the certificate and add " +"them to special attributes to the LDAP user object. E.g. the " +"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute " +"for IPA can be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:398 +msgid "" +"This should be preferred to read user specific data from the certificate " +"like e.g. an email address and search for it in the LDAP server. The reason " +"is that the user specific data in LDAP might change for various reasons " +"would break the mapping. On the other hand it would be hard to break the " +"mapping on purpose for a specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:406 +msgid "" +"The default <quote>mapping rule</quote> type is 'LDAP' which can be added as " +"a prefix to a rule like e.g. 'LDAP:(userCertificate;binary={cert!bin})'. " +"There is an extension called 'LDAPU1' which offer more templates for more " +"flexibility. To allow older versions of this library to ignore the extension " +"the prefix 'LDAPU1' must be used when using the new templates in a " +"<quote>mapping rule</quote> otherwise the old version of this library will " +"fail with a parsing error. The new templates are described in section <xref " +"linkend=\"map_ldapu1\"/>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:424 +msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:427 +msgid "" +"This template will add the full issuer DN converted to a string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:433 sss-certmap.5.xml:459 +msgid "" +"The conversion options starting with 'ad_' will use attribute names as used " +"by AD, e.g. 'S' instead of 'ST'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:437 sss-certmap.5.xml:463 +msgid "" +"The conversion options starting with 'nss_' will use attribute names as used " +"by NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:441 sss-certmap.5.xml:467 +msgid "" +"The default conversion option is 'nss', i.e. attribute names according to " +"NSS and LDAP/RFC 4514 ordering." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:445 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!" +"ad})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:450 +msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:453 +msgid "" +"This template will add the full subject DN converted to string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:471 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>" +"{subject_dn!nss_x500})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:476 +msgid "{cert[!(bin|base64)]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:479 +msgid "" +"This template will add the whole DER encoded certificate as a string to the " +"search filter. Depending on the conversion option the binary certificate is " +"either converted to an escaped hex sequence '\\xx' or base64. The escaped " +"hex sequence is the default and can e.g. be used with the LDAP attribute " +"'userCertificate;binary'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:487 +msgid "Example: (userCertificate;binary={cert!bin})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:492 +msgid "{subject_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:495 +msgid "" +"This template will add the Kerberos principal which is taken either from the " +"SAN used by pkinit or the one used by AD. The 'short_name' component " +"represents the first part of the principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:501 +msgid "" +"Example: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:506 +msgid "{subject_pkinit_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:509 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by pkinit. The 'short_name' component represents the first part of the " +"principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:515 +msgid "" +"Example: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:520 +msgid "{subject_nt_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:523 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by AD. The 'short_name' component represent the first part of the principal " +"before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:529 +msgid "" +"Example: (|(userPrincipalName={subject_nt_principal})" +"(samAccountName={subject_nt_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:534 +msgid "{subject_rfc822_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:537 +msgid "" +"This template will add the string which is stored in the rfc822Name " +"component of the SAN, typically an email address. The 'short_name' component " +"represents the first part of the address before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:543 +msgid "" +"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name." +"short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:548 +msgid "{subject_dns_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:551 +msgid "" +"This template will add the string which is stored in the dNSName component " +"of the SAN, typically a fully-qualified host name. The 'short_name' " +"component represents the first part of the name before the first '.' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:557 +msgid "" +"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:562 +msgid "{subject_uri}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:565 +msgid "" +"This template will add the string which is stored in the " +"uniformResourceIdentifier component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:569 +msgid "Example: (uri={subject_uri})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:574 +msgid "{subject_ip_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:577 +msgid "" +"This template will add the string which is stored in the iPAddress component " +"of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:581 +msgid "Example: (ip={subject_ip_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:586 +msgid "{subject_x400_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:589 +msgid "" +"This template will add the value which is stored in the x400Address " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:594 +msgid "Example: (attr:binary={subject_x400_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:599 +msgid "" +"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:602 +msgid "" +"This template will add the DN string of the value which is stored in the " +"directoryName component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:606 +msgid "Example: (orig_dn={subject_directory_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:611 +msgid "{subject_ediparty_name}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:614 +msgid "" +"This template will add the value which is stored in the ediPartyName " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:619 +msgid "Example: (attr:binary={subject_ediparty_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:624 +msgid "{subject_registered_id}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:627 +msgid "" +"This template will add the OID which is stored in the registeredID component " +"of the SAN as a dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:632 +msgid "Example: (oid={subject_registered_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:417 +msgid "" +"The templates to add certificate data to the search filter are based on " +"Python-style formatting strings. They consist of a keyword in curly braces " +"with an optional sub-component specifier separated by a '.' or an optional " +"conversion/formatting option separated by a '!'. Allowed values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><title> +#: sss-certmap.5.xml:639 +msgid "LDAPU1 extension" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para> +#: sss-certmap.5.xml:641 +msgid "The following template are available when using the 'LDAPU1' extension:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:647 +msgid "{serial_number[!(dec|hex[_ucr])]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:650 +msgid "" +"This template will add the serial number of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:655 +msgid "" +"With the formatting option '!dec' the number will be printed as decimal " +"string. The hexadecimal output can be printed with upper-case letters ('!" +"hex_u'), with a colon separating the hexadecimal bytes ('!hex_c') or with " +"the hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can " +"be combined so that e.g. '!hex_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:665 +msgid "Example: LDAPU1:(serial={serial_number})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:671 +msgid "{subject_key_id[!hex[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:674 +msgid "" +"This template will add the subject key id of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:679 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!hex_u'), " +"with a colon separating the hexadecimal bytes ('!hex_c') or with the " +"hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can be " +"combined so that e.g. '!hex_uc' will produce a colon-separated hexadecimal " +"string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:688 +msgid "Example: LDAPU1:(ski={subject_key_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:694 +msgid "{cert[!DIGEST[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:697 +msgid "" +"This template will add the hexadecimal digest/hash of the certificate where " +"DIGEST must be replaced with the name of a digest/hash function supported by " +"OpenSSL, e.g. 'sha512'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:703 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!sha512_u'), " +"with a colon separating the hexadecimal bytes ('!sha512_c') or with the " +"hexadecimal bytes in reverse order ('!sha512_r'). The postfix letters can be " +"combined so that e.g. '!sha512_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:712 +msgid "Example: LDAPU1:(dgst={cert!sha256})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:718 +msgid "{subject_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:721 +msgid "" +"This template will add an attribute value of a component of the subject DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:726 +msgid "" +"A different component can it either selected by attribute name, e.g. " +"{subject_dn_component.uid} or by position, e.g. {subject_dn_component.[2]} " +"where positive numbers start counting from the most specific component and " +"negative numbers start counting from the least specific component. Attribute " +"name and the position can be combined as e.g. {subject_dn_component.uid[2]} " +"which means that the name of the second component must be 'uid'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:737 +msgid "Example: LDAPU1:(uid={subject_dn_component.uid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:743 +msgid "{issuer_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:746 +msgid "" +"This template will add an attribute value of a component of the issuer DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:751 +msgid "" +"See 'subject_dn_component' for details about the attribute name and position " +"specifiers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:755 +msgid "" +"Example: LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component." +"dc[-1]})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:760 +msgid "{sid[.rid]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:763 +msgid "" +"This template will add the SID if the corresponding extension introduced by " +"Microsoft with the OID 1.3.6.1.4.1.311.25.2 is available. With the '.rid' " +"selector only the last component, i.e. the RID, will be added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:770 +msgid "Example: LDAPU1:(objectsid={sid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:779 +msgid "DOMAIN LIST" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:781 +msgid "" +"If the domain list is not empty users mapped to a given certificate are not " +"only searched in the local domain but in the listed domains as well as long " +"as they are know by SSSD. Domains not know to SSSD will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for IPA environments. The IPA provider accepts the same " +"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. " +"However, it is neither necessary nor recommended to set these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:57 +msgid "" +"The IPA provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"As an access provider, the IPA provider has a minimal configuration (see " +"<quote>ipa_access_order</quote>) as it mainly uses HBAC (host-based access " +"control) rules. Please refer to freeipa.org for more information about HBAC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:68 +msgid "" +"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ipa</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:74 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:90 +msgid "ipa_domain (string)" +msgstr "ipa_domain (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:93 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:101 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:104 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:117 +msgid "ipa_hostname (string)" +msgstr "ipa_hostname (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:120 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host. The " +"hostname must be fully qualified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:129 sssd-ad.5.xml:1181 +msgid "dyndns_update (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:132 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA with the IP address of this client. The update is secured " +"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the " +"updates, if it is not otherwise specified by using the <quote>dyndns_iface</" +"quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:141 sssd-ad.5.xml:1195 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:146 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:158 sssd-ad.5.xml:1206 +msgid "dyndns_ttl (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:161 sssd-ad.5.xml:1209 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:166 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:172 +msgid "Default: 1200 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:178 sssd-ad.5.xml:1220 +msgid "dyndns_iface (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 sssd-ad.5.xml:1223 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:188 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 sssd-ad.5.xml:1234 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 +msgid "dyndns_auth (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"updates with the DNS server, insecure updates can be sent by setting this " +"option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 +msgid "Default: GSS-TSIG" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 +#, fuzzy +#| msgid "auth_provider (string)" +msgid "dyndns_auth_ptr (string)" +msgstr "auth_provider (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"PTR updates with the DNS server, insecure updates can be sent by setting " +"this option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 +msgid "Default: Same as dyndns_auth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:234 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:237 sssd-ad.5.xml:238 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example." +"com\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1240 +msgid "dyndns_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:263 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:276 sssd-ad.5.xml:1258 +msgid "dyndns_update_ptr (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:1261 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 +msgid "Default: False (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 +msgid "dyndns_force_tcp (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 +msgid "dyndns_update_per_family (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 +msgid "" +"DNS update is by default performed in two steps - IPv4 update and then IPv6 " +"update. In some cases it might be desirable to perform IPv4 and IPv6 update " +"in single step." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:353 +#, fuzzy +#| msgid "access_provider (string)" +msgid "ipa_access_order (string)" +msgstr "access_provider (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:360 +msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:399 +msgid "" +"Please note that 'access_provider = ipa' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:406 +msgid "ipa_deskprofile_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:409 +msgid "" +"Optional. Use the given string as search base for Desktop Profile related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 +msgid "Default: Use base DN" +msgstr "Default: Use base DN" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:419 +#, fuzzy +#| msgid "ipa_hbac_search_base (string)" +msgid "ipa_subid_ranges_search_base (string)" +msgstr "ipa_hbac_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"Optional. Use the given string as search base for subordinate ranges related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:426 +msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:433 +msgid "ipa_hbac_search_base (string)" +msgstr "ipa_hbac_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:436 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 +msgid "Deprecated. Use ldap_host_search_base instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:455 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:458 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:474 +msgid "ipa_subdomains_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:477 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:486 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:493 +msgid "ipa_master_domain_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:496 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:505 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:524 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:534 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:538 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:564 +msgid "ipa_deskprofile_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:567 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server. This will reduce the latency and load on the IPA server if there " +"are many desktop profiles requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 +msgid "Default: 5 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:580 +msgid "ipa_deskprofile_request_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:583 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server in case the last request did not return any rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:588 +msgid "Default: 60 (minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:594 +msgid "ipa_hbac_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:597 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:610 +msgid "ipa_hbac_selinux (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:613 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:626 +msgid "ipa_server_mode (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "" +"This option will be set by the IPA installer (ipa-server-install) " +"automatically and denotes if SSSD is running on an IPA server or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:634 +msgid "" +"On an IPA server SSSD will lookup users and groups from trusted domains " +"directly while on a client it will ask an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:639 +msgid "" +"NOTE: There are currently some assumptions that must be met when SSSD is " +"running on an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "" +"The <quote>ipa_server</quote> option must be configured to point to the IPA " +"server itself. This is already the default set by the IPA installer, so no " +"manual change is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:653 +msgid "" +"The <quote>full_name_format</quote> option must not be tweaked to only print " +"short names for users from trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:668 +msgid "ipa_automount_location (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:671 +msgid "The automounter location this IPA client will be using" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:674 +msgid "Default: The location named \"default\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:682 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:691 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:694 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:697 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:703 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:706 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 +#: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 +#: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 +#: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 +msgid "Default: cn" +msgstr "Padrão: NC" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:716 +msgid "ipa_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:719 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:722 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:728 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:731 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:735 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:741 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:744 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:749 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:752 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:755 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:758 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:761 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:764 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:767 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:770 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:775 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:781 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:784 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:789 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:792 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:795 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:800 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:684 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:812 +msgid "SUBDOMAINS PROVIDER" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:814 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:818 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:824 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:835 +msgid "TRUSTED DOMAINS CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:843 +#, no-wrap +msgid "" +"[domain/ipa.domain.com/ad.domain.com]\n" +"ad_server = dc.ad.domain.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:837 +msgid "" +"Some configuration options can also be set for a trusted domain. A trusted " +"domain configuration can be set using the trusted domain subsection as shown " +"in the example below. Alternatively, the <quote>subdomain_inherit</quote> " +"option can be used in the parent domain. <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:848 +msgid "" +"For more details, see the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:855 +msgid "" +"Different configuration options are tunable for a trusted domain depending " +"on whether you are configuring SSSD on an IPA server or an IPA client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:860 +msgid "OPTIONS TUNABLE ON IPA MASTERS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:862 +msgid "" +"The following options can be set in a subdomain section on an IPA master:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 +msgid "ad_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:869 +msgid "ad_backup_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 +msgid "ad_site" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:875 +msgid "ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:878 +msgid "ldap_user_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:881 +msgid "ldap_group_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:890 +msgid "OPTIONS TUNABLE ON IPA CLIENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:892 +msgid "" +"The following options can be set in a subdomain section on an IPA client:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:904 +msgid "" +"Note that if both options are set, only <quote>ad_server</quote> is " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:908 +msgid "" +"Since any request for a user or a group identity from a trusted domain " +"triggered from an IPA client is resolved by the IPA server, the " +"<quote>ad_server</quote> and <quote>ad_site</quote> options only affect " +"which AD DC will the authentication be performed against. In particular, the " +"addresses resolved from these lists will be written to <quote>kdcinfo</" +"quote> files read by the Kerberos locator plugin. Please refer to the " +"<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more details on the " +"Kerberos locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:932 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:939 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available. Back end communication occurs over a GSSAPI-encrypted " +"channel, SSL/TLS options should not be used with the AD provider and will be " +"superseded by Kerberos usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:44 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:48 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:54 +msgid "" +"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for Active Directory environments. The AD provider accepts the " +"same options used by the sssd-ldap and sssd-krb5 providers with some " +"exceptions. However, it is neither necessary nor recommended to set these " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"The AD provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:74 +msgid "" +"The AD provider can also be used as an access, chpass, sudo and autofs " +"provider. No configuration of the access provider is required on the client " +"side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:79 +msgid "" +"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ad</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:91 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:85 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should " +"be used, it is recommended for performance reasons that the attributes are " +"also replicated to the Global Catalog. If POSIX attributes are replicated, " +"SSSD will attempt to locate the domain of a requested numerical ID with the " +"help of the Global Catalog and only search that domain. In contrast, if " +"POSIX attributes are not replicated to the Global Catalog, SSSD must search " +"all the domains in the forest sequentially. Please note that the " +"<quote>cache_first</quote> option might be also helpful in speeding up " +"domainless searches. Note that if only a subset of POSIX attributes is " +"present in the Global Catalog, the non-replicated attributes are currently " +"not read from the LDAP port." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:108 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:113 +msgid "" +"SSSD only resolves Active Directory Security Groups. For more information " +"about AD group types see: <ulink url=\"https://docs.microsoft.com/en-us/" +"windows-server/identity/ad-ds/manage/understand-security-groups\"> Active " +"Directory security groups</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:120 +msgid "" +"SSSD filters out Domain Local groups from remote domains in the AD forest. " +"By default they are filtered out e.g. when following a nested group " +"hierarchy in remote domains because they are not valid in the local domain. " +"This is done to be in agreement with Active Directory's group-membership " +"assignment which can be seen in the PAC of the Kerberos ticket of a user " +"issued by Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:138 +msgid "ad_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:141 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:146 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:151 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:158 +msgid "ad_enabled_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:161 +msgid "" +"A comma-separated list of enabled Active Directory domains. If provided, " +"SSSD will ignore any domains not listed in this option. If left unset, all " +"discovered domains from the AD forest will be available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:168 +msgid "" +"During the discovery of the domains SSSD will filter out some domains where " +"flags or attributes indicate that they do not belong to the local forest or " +"are not trusted. If ad_enabled_domains is set, SSSD will try to enable all " +"listed domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:179 +#, no-wrap +msgid "" +"ad_enabled_domains = sales.example.com, eng.example.com\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:175 +msgid "" +"For proper operation, this option must be specified in all lower-case and as " +"the fully qualified domain name of the Active Directory domain. For example: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) will be " +"autodetected by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:193 +msgid "ad_server, ad_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:196 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:203 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:208 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:216 +msgid "ad_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:219 +msgid "" +"Optional. On machines where the hostname(5) does not reflect the fully " +"qualified name, sssd will try to expand the short name. If it is not " +"possible or the short name should be really used instead, set this parameter " +"explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:226 +msgid "" +"This field is used to determine the host principal in use in the keytab and " +"to perform dynamic DNS updates. It must match the hostname for which the " +"keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:235 +msgid "ad_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:258 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:261 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:269 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:277 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:285 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"Nested group membership must be searched for using a special OID " +"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain." +"example.org: syntax to ensure the parser does not attempt to interpret the " +"colon characters associated with the OID. If you do not use this OID then " +"nested group membership will not be resolved. See usage example below and " +"refer here for further information about the OID: <ulink url=\"https://msdn." +"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP " +"extensions</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:303 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:314 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +"\n" +"# apply filter for a member of a nested group in dom1:\n" +"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:333 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:347 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:350 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:358 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:372 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:384 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to the host. For more " +"information on the supported policy settings please refer to the " +"<quote>ad_gpo_map</quote> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:392 +msgid "" +"Please note that current version of SSSD does not support Active Directory's " +"built-in groups. Built-in groups (such as Administrators with SID " +"S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See " +"upstream issue tracker https://github.com/SSSD/sssd/issues/5063 ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:401 +msgid "" +"Before performing access control SSSD applies group policy security " +"filtering on the GPOs. For every single user login, the applicability of the " +"GPOs that are linked to the host is checked. In order for a GPO to apply to " +"a user, the user or at least one of the groups to which it belongs must have " +"following permissions on the GPO:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:411 +msgid "" +"Read: The user or one of its groups must have read access to the properties " +"of the GPO (RIGHT_DS_READ_PROPERTY)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:418 +msgid "" +"Apply Group Policy: The user or at least one of its groups must be allowed " +"to apply the GPO (RIGHT_DS_CONTROL_ACCESS)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:426 +msgid "" +"By default, the Authenticated Users group is present on a GPO and this group " +"has both Read and Apply Group Policy access rights. Since authentication of " +"a user must have been completed successfully before GPO security filtering " +"and access control are started, the Authenticated Users group permissions on " +"the GPO always apply also to the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:435 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing. For logging GPO-based access control debug level 'trace " +"functions' is required (see <citerefentry> <refentrytitle>sssctl</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:458 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:464 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:470 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:481 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:484 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:490 +msgid "ad_gpo_implicit_deny (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:493 +msgid "" +"Normally when no applicable GPOs are found the users are allowed access. " +"When this option is set to True users will be allowed access only when " +"explicitly allowed by a GPO rule. Otherwise users will be denied access. " +"This can be used to harden security but be careful when using this option " +"because it can deny access even to users in the built-in Administrators " +"group if no GPO rules apply to them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:509 +msgid "" +"The following 2 tables should illustrate when a user is allowed or rejected " +"based on the allow and deny login rights defined on the server-side and the " +"setting of ad_gpo_implicit_deny." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:521 +msgid "ad_gpo_implicit_deny = False (default)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "allow-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "deny-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:523 sssd-ad.5.xml:549 +msgid "results" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:526 sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:552 +#: sssd-ad.5.xml:555 sssd-ad.5.xml:558 +msgid "missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:527 +msgid "all users are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:535 sssd-ad.5.xml:555 +#: sssd-ad.5.xml:558 sssd-ad.5.xml:561 +msgid "present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:530 +msgid "only users not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:533 sssd-ad.5.xml:559 +msgid "only users in allow-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:536 sssd-ad.5.xml:562 +msgid "only users in allow-rules and not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:547 +msgid "ad_gpo_implicit_deny = True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:553 sssd-ad.5.xml:556 +msgid "no users are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:569 +msgid "ad_gpo_ignore_unreadable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:572 +msgid "" +"Normally when some group policy containers (AD object) of applicable group " +"policy objects are not readable by SSSD then users are denied access. This " +"option allows to ignore group policy containers and with them associated " +"policies if their attributes in group policy containers are not readable for " +"SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:589 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:605 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:608 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings. Only those GPOs are evaluated " +"for which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny interactive logon setting for the user or one of its groups, the user " +"is denied local access. If none of the evaluated GPOs has an interactive " +"logon right defined, the user is granted local access. If at least one " +"evaluated GPO contains interactive logon right settings, the user is granted " +"local access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:626 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:640 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:631 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:663 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:683 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:688 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:693 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:698 +msgid "unity" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:703 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:712 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:715 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings. Only those GPOs are " +"evaluated for which the user has Read and Apply Group Policy permission (see " +"option <quote>ad_gpo_access_control</quote>). If an evaluated GPO contains " +"the deny remote logon setting for the user or one of its groups, the user is " +"denied remote interactive access. If none of the evaluated GPOs has a " +"remote interactive logon right defined, the user is granted remote access. " +"If at least one evaluated GPO contains remote interactive logon right " +"settings, the user is granted remote access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:734 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:749 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:740 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:757 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:762 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:771 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny network logon setting for the user or one of its groups, the user is " +"denied network logon access. If none of the evaluated GPOs has a network " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains network logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:792 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:807 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:798 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:815 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:820 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:829 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:832 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings. Only those GPOs are evaluated for which the user has Read " +"and Apply Group Policy permission (see option <quote>ad_gpo_access_control</" +"quote>). If an evaluated GPO contains the deny batch logon setting for the " +"user or one of its groups, the user is denied batch logon access. If none " +"of the evaluated GPOs has a batch logon right defined, the user is granted " +"logon access. If at least one evaluated GPO contains batch logon right " +"settings, the user is granted logon access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:850 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:864 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:855 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:867 +msgid "" +"Note: Cron service name may differ depending on Linux distribution used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:873 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:882 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:885 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny service logon setting for the user or one of its groups, the user is " +"denied service logon access. If none of the evaluated GPOs has a service " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains service logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:903 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:916 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:908 sssd-ad.5.xml:983 +msgid "" +"It is possible to add a PAM service name to the default set by using " +"<quote>+service_name</quote>. Since the default set is empty, it is not " +"possible to remove a PAM service name from the default set. For example, in " +"order to add a custom pam service name (e.g. <quote>my_pam_service</quote>), " +"you would use the following configuration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:926 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:929 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:943 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:934 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:951 +msgid "polkit-1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:966 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:975 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:978 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:991 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1001 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1004 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1017 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1026 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1031 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1036 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1041 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1046 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1051 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1057 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1063 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1066 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1072 +msgid "Default: 30 days" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1078 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1081 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expects 2 integers separated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the initial timeout in seconds before the task is run for the " +"first time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1090 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1096 +msgid "ad_update_samba_machine_account_password (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1099 +msgid "" +"If enabled, when SSSD renews the machine account password, it will also be " +"updated in Samba's database. This prevents Samba's copy of the machine " +"account password from getting out of date when it is set up to use AD for " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1112 +msgid "ad_use_ldaps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1115 +msgid "" +"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " +"3628. If this option is set to True SSSD will use the LDAPS port 636 and " +"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " +"have multiple encryption layers on a single connection and we still want to " +"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " +"property maxssf is set to 0 (zero) for those connections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1132 +msgid "ad_allow_remote_domain_local_groups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1135 +msgid "" +"If this option is set to <quote>true</quote> SSSD will not filter out Domain " +"Local groups from remote domains in the AD forest. By default they are " +"filtered out e.g. when following a nested group hierarchy in remote domains " +"because they are not valid in the local domain. To be compatible with other " +"solutions which make AD users and groups available on Linux client this " +"option was added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1145 +msgid "" +"Please note that setting this option to <quote>true</quote> will be against " +"the intention of Domain Local group in Active Directory and <emphasis>SHOULD " +"ONLY BE USED TO FACILITATE MIGRATION FROM OTHER SOLUTIONS</emphasis>. " +"Although the group exists and user can be member of the group the intention " +"is that the group should be only used in the domain it is defined and in no " +"others. Since there is only one type of POSIX groups the only way to achieve " +"this on the Linux side is to ignore those groups. This is also done by " +"Active Directory as can be seen in the PAC of the Kerberos ticket for a " +"local service or in tokenGroups requests where remote Domain Local groups " +"are missing as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1161 +msgid "" +"Given the comments above, if this option is set to <quote>true</quote> the " +"tokenGroups request must be disabled by setting <quote>ldap_use_tokengroups</" +"quote> to <quote>false</quote> to get consistent group-memberships of a " +"users. Additionally the Global Catalog lookup should be skipped as well by " +"setting <quote>ad_enable_gc</quote> to <quote>false</quote>. Finally it " +"might be necessary to modify <quote>ldap_group_nesting_level</quote> if the " +"remote Domain Local groups can only be found with a deeper nesting level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1184 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1214 +msgid "Default: 3600 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1230 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1243 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true. Note that the " +"lowest possible value is 60 seconds in-case if value is provided less than " +"60, parameter will assume lowest value only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1393 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1400 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1420 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1416 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1426 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1434 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included in the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:98 +msgid "" +"<placeholder type=\"programlisting\" id=\"0\"/> <phrase " +"condition=\"have_systemd\"> It's important to note that on platforms where " +"systemd is supported there's no need to add the \"sudo\" provider to the " +"list of services, as it became optional. However, sssd-sudo.socket must be " +"enabled instead. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:118 +msgid "" +"When SSSD is configured to use IPA as the ID provider, the sudo provider is " +"automatically enabled. The sudo search base is configured to use the IPA " +"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in " +"sssd.conf, this value will be used instead. The compat tree (ou=sudoers," +"$SUFFIX) is no longer required for IPA sudo functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:128 +msgid "The SUDO rule caching mechanism" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:130 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:138 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:144 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:161 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:168 +msgid "keyword ALL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:173 +msgid "wildcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:178 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:183 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:188 +msgid "one of the IP addresses of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:193 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:199 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:213 +msgid "Tuning the performance" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:215 +msgid "" +"SSSD uses different kinds of mechanisms with more or less complex LDAP " +"filters to keep the cached sudo rules up to date. The default configuration " +"is set to values that should satisfy most of our users, but the following " +"paragraphs contain few tips on how to fine- tune the configuration to your " +"requirements." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:222 +msgid "" +"1. <emphasis>Index LDAP attributes</emphasis>. Make sure that following LDAP " +"attributes are indexed: objectClass, cn, entryUSN or modifyTimestamp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:227 +msgid "" +"2. <emphasis>Set ldap_sudo_search_base</emphasis>. Set the search base to " +"the container that holds the sudo rules to limit the scope of the lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:232 +msgid "" +"3. <emphasis>Set full and smart refresh interval</emphasis>. If your sudo " +"rules do not change often and you do not require quick update of cached " +"rules on your clients, you may consider increasing the " +"<emphasis>ldap_sudo_full_refresh_interval</emphasis> and " +"<emphasis>ldap_sudo_smart_refresh_interval</emphasis>. You may also consider " +"disabling the smart refresh by setting " +"<emphasis>ldap_sudo_smart_refresh_interval = 0</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:241 +msgid "" +"4. If you have large number of clients, you may consider increasing the " +"value of <emphasis>ldap_sudo_random_offset</emphasis> to distribute the load " +"on the server better." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "sssd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "Daemon de serviços de segurança do sistema" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>--logger=</option><replaceable>value</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "Location where SSSD will send log messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:92 +msgid "" +"<emphasis>stderr</emphasis>: Redirect debug messages to standard error " +"output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:96 +msgid "" +"<emphasis>files</emphasis>: Redirect debug messages to the log files. By " +"default, the log files are stored in <filename>/var/log/sssd</filename> and " +"there are separate log files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:102 +msgid "" +"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:106 +msgid "" +"Default: not set (fall back to journald if available, otherwise to stderr)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:113 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "<option>-D</option>,<option>--daemon</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:117 +msgid "Become a daemon after starting up." +msgstr "Tornar-se um daemon após a instalação." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:123 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "<option>-i</option>,<option>--interactive</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:127 +msgid "Run in the foreground, don't become a daemon." +msgstr "Executar em primeiro plano, não se torne um daemon." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:133 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "<option>-c</option>,<option>--config</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:137 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "<option>-g</option>,<option>--genconf</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:154 +msgid "" +"Do not start the SSSD, but refresh the configuration database from the " +"contents of <filename>/etc/sssd/sssd.conf</filename> and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:162 +msgid "<option>-s</option>,<option>--genconf-section</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:166 +msgid "" +"Similar to <quote>--genconf</quote>, but only refresh a single section from " +"the configuration file. This option is useful mainly to be called from " +"systemd unit files to allow socket-activated responders to refresh their " +"configuration without requiring the administrator to restart the whole SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:178 +msgid "<option>--version</option>" +msgstr "<option>--version</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:182 +msgid "Print version number and exit." +msgstr "Imprimir o número da versão e sair." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:190 +msgid "Signals" +msgstr "Sinais" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:193 +msgid "SIGTERM/SIGINT" +msgstr "SIGTERM/SIGINT" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:196 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:202 +msgid "SIGHUP" +msgstr "SIGHUP" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:205 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:213 +msgid "SIGUSR1" +msgstr "SIGUSR1" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:216 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:225 +msgid "SIGUSR2" +msgstr "SIGUSR2" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:228 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:240 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:244 +msgid "" +"If the environment variable SSS_LOCKFREE is set to \"NO\", requests from " +"multiple threads of a single application will be serialized." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "sss_obfuscate" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "ofuscar uma senha de texto não criptografado" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "<option>-s</option>,<option>--stdin</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:48 +msgid "" +"<emphasis>NOTE:</emphasis> The options provided in this man page only work " +"with <quote>ldap</quote> and <quote>AD</quote> <quote> id_provider</quote>. " +"IPA overrides can be managed centrally on the IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:56 sssctl.8.xml:41 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:58 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:65 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED " +"CERTIFICATE</optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:78 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:86 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:91 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:100 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:105 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:113 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:118 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:124 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:134 +msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:137 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:146 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:149 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:155 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:160 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:168 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:175 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:183 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:188 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:197 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:202 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:210 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:215 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:221 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:231 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:234 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:243 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:246 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:252 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:257 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:267 sssctl.8.xml:50 +msgid "COMMON OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:269 sssctl.8.xml:52 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:274 sssctl.8.xml:57 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "Padrão: Usar o KDC" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "krb5_ccachedir (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "Padrão: /tmp." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "krb5_ccname_template (string)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "%u" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "nome de login" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "%U" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "%p" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "nome principal" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "%r" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "nome de território" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 include/override_homedir.xml:42 +msgid "%h" +msgstr "%h" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:124 +msgid "home directory" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "%d" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:31 +msgid "%P" +msgstr "%P" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:56 +msgid "%%" +msgstr "%%" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:57 +msgid "a literal '%'" +msgstr "um literal '%'" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_keytab (string)" +msgstr "krb5_keytab (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:253 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "krb5_store_password_if_offline (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:256 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:261 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:274 +msgid "krb5_use_fast (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:277 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:282 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:286 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:291 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:296 +msgid "Default: not set, i.e. FAST is not used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:299 +msgid "NOTE: a keytab or support for anonymous PKINIT is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:303 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:312 +msgid "krb5_fast_principal (string)" +msgstr "krb5_fast_principal (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:315 +msgid "Specifies the server principal to use for FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:321 +#, fuzzy +#| msgid "krb5_canonicalize (boolean)" +msgid "krb5_fast_use_anonymous_pkinit (boolean)" +msgstr "krb5_canonicalize (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:324 +msgid "" +"If set to true try to use anonymous PKINIT instead of a keytab to get the " +"required credential for FAST. The krb5_fast_principal options is ignored in " +"this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:364 +msgid "krb5_kdcinfo_lookahead (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:367 +msgid "" +"When krb5_use_kdcinfo is set to true, you can limit the amount of servers " +"handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. This might be " +"helpful when there are too many servers discovered using SRV record." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:377 +msgid "" +"The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. " +"The first number represents number of primary servers used and the second " +"number specifies the number of backup servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:383 +msgid "" +"For example <emphasis>10:0</emphasis> means that up to 10 primary servers " +"will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " +"servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:392 +msgid "Default: 3:1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:398 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:401 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:407 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:410 +msgid "" +"The IPA provider will set to option to 'true' if it detects that the server " +"is capable of handling enterprise principals and the option is not set " +"explicitly in the config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:419 +#, fuzzy +#| msgid "krb5_store_password_if_offline (boolean)" +msgid "krb5_use_subdomain_realm (boolean)" +msgstr "krb5_store_password_if_offline (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:422 +msgid "" +"Specifies to use subdomains realms for the authentication of users from " +"trusted domains. This option can be set to 'true' if enterprise principals " +"are used with upnSuffixes which are not known on the parent domain KDCs. If " +"the option is set to 'true' SSSD will try to send the request directly to a " +"KDC of the trusted domain the user is coming from." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:438 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:453 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:458 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:485 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:493 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online. Options that invalidate a single object only accept a " +"single provided argument." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:43 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:47 +msgid "Invalidate all cached entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:53 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:58 +msgid "Invalidate specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:64 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:68 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:75 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:80 +msgid "Invalidate specific group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:86 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:90 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:97 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:102 +msgid "Invalidate specific netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:108 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:112 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:119 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:124 +msgid "Invalidate specific service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:130 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:134 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:141 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:146 +msgid "Invalidate specific autofs maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:152 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:156 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:163 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:168 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:174 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:178 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:186 +msgid "" +"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:191 +msgid "Invalidate particular sudo rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:197 +msgid "<option>-R</option>,<option>--sudo-rules</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:201 +msgid "" +"Invalidate all cached sudo rules. This option overrides invalidation of " +"specific sudo rule if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:209 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:214 +msgid "Restrict invalidation process only to a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_cache.8.xml:224 +msgid "EFFECTS ON THE FAST MEMORY CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:226 +msgid "" +"<command>sss_cache</command> also invalidates the memory cache. Since the " +"memory cache is a file which is mapped into the memory of each process which " +"called SSSD to resolve users or groups the file cannot be truncated. A " +"special flag is set in the header of the file to indicate that the content " +"is invalid and then the file is unlinked by SSSD's NSS responder and a new " +"cache file is created. Whenever a process is now doing a new lookup for a " +"user or a group it will see the flag, close the old memory cache file and " +"map the new one into its memory. When all processes which had opened the old " +"memory cache file have closed it while looking up a user or a group the " +"kernel can release the occupied disk space and the old memory cache file is " +"finally removed completely." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:240 +msgid "" +"A special case is long running processes which are doing user or group " +"lookups only at startup, e.g. to determine the name of the user the process " +"is running as. For those lookups the memory cache file is mapped into the " +"memory of the process. But since there will be no further lookups this " +"process would never detect if the memory cache file was invalidated and " +"hence it will be kept in memory and will occupy disk space until the process " +"stops. As a result calling <command>sss_cache</command> might increase the " +"disk usage because old memory cache files cannot be removed from the disk " +"because they are still mapped by long running processes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:252 +msgid "" +"A possible work-around for long running processes which are looking up users " +"and groups only at startup or very rarely is to run them with the " +"environment variable SSS_NSS_USE_MEMCACHE set to \"NO\" so that they won't " +"use the memory cache at all and not map the memory cache file into the " +"memory. In general a better solution is to tune the cache timeout parameters " +"so that they meet the local expectations and calling <command>sss_cache</" +"command> is not needed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "[DEPRECATED] change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl " +"debug-level command. Please refer to the <command>sssctl</command> man page " +"for more information on sssctl usage." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ifp.5.xml:43 +msgid "FIND BY VALID CERTIFICATE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:45 +msgid "" +"The following options can be used to control how the certificates are " +"validated when using the FindByValidCertificate() API:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:48 sss_ssh_authorizedkeys.1.xml:92 +msgid "ca_db" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:49 sss_ssh_authorizedkeys.1.xml:93 +msgid "p11_child_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:50 sss_ssh_authorizedkeys.1.xml:94 +msgid "certificate_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:52 +msgid "" +"For more details about the options see <citerefentry><refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:62 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:69 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:75 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:79 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:93 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:108 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:115 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:116 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:119 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:120 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:123 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:127 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:128 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:97 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:141 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:133 +msgid "" +"It is possible to add another attribute to this set by using " +"<quote>+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:145 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:155 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:160 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:316 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "VER TAMBÉM" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the " +"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> man page for more details about this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:59 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:52 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_ssh_authorizedkeys.1.xml:65 +msgid "KEYS FROM CERTIFICATES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:67 +msgid "" +"In addition to the public SSH keys for user <replaceable>USER</replaceable> " +"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived " +"from the public key of a X.509 certificate as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:73 +msgid "" +"To enable this the <quote>ssh_use_certificate_keys</quote> option must be " +"set to true (default) in the [ssh] section of <filename>sssd.conf</" +"filename>. If the user entry contains certificates (see " +"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or " +"there is a certificate in an override entry for the user (see " +"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the " +"certificate is valid SSSD will extract the public key from the certificate " +"and convert it into the format expected by sshd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:90 +msgid "Besides <quote>ssh_use_certificate_keys</quote> the options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:96 +msgid "" +"can be used to control how the certificates are validated (see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:101 +msgid "" +"The validation is the benefit of using X.509 certificates instead of SSH " +"keys directly because e.g. it gives a better control of the lifetime of the " +"keys. When the ssh client is configured to use the private keys from a " +"Smartcard with the help of a PKCS#11 shared library (see " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> for details) it might be irritating that authentication is " +"still working even if the related X.509 certificate on the Smartcard is " +"already expired because neither <command>ssh</command> nor <command>sshd</" +"command> will look at the certificate at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:114 +msgid "" +"It has to be noted that the derived public SSH key can still be added to the " +"<filename>authorized_keys</filename> file of the user to bypass the " +"certificate validation if the <command>sshd</command> configuration permits " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:132 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:102 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:104 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and establishes the connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:89 +msgid "<option>-k</option>,<option>--pubkey</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:93 +msgid "" +"Print the host ssh public keys for host <replaceable>HOST</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: idmap_sss.8.xml:10 idmap_sss.8.xml:15 +msgid "idmap_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: idmap_sss.8.xml:16 +msgid "SSSD's idmap_sss Backend for Winbind" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:22 +msgid "" +"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. " +"No database is required in this case as the mapping is done by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: idmap_sss.8.xml:29 +msgid "IDMAP OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: idmap_sss.8.xml:33 +msgid "range = low - high" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: idmap_sss.8.xml:35 +msgid "" +"Defines the available matching UID and GID range for which the backend is " +"authoritative." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:45 +msgid "" +"This example shows how to configure idmap_sss as the default mapping module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: idmap_sss.8.xml:50 +#, no-wrap +msgid "" +"[global]\n" +"security = ads\n" +"workgroup = <AD-DOMAIN-SHORTNAME>\n" +"\n" +"idmap config <AD-DOMAIN-SHORTNAME> : backend = sss\n" +"idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647\n" +"\n" +"idmap config * : backend = tdb\n" +"idmap config * : range = 100000-199999\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:62 +msgid "" +"Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of " +"the AD domain. If multiple AD domains should be used each domain needs an " +"<literal>idmap config</literal> line with <literal>backend = sss</literal> " +"and a line with a suitable <literal>range</literal>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:69 +msgid "" +"Since Winbind requires a writeable default backend and idmap_sss is read-" +"only the example includes <literal>backend = tdb</literal> as default." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssctl.8.xml:10 sssctl.8.xml:15 +msgid "sssctl" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssctl.8.xml:16 +msgid "SSSD control and status utility" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssctl.8.xml:21 +msgid "" +"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:32 +msgid "" +"<command>sssctl</command> provides a simple and unified way to obtain " +"information about SSSD status, such as active server, auto-discovered " +"servers, domains and cached objects. In addition, it can manage SSSD data " +"files for troubleshooting in such a way that is safe to manipulate while " +"SSSD is running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:43 +msgid "" +"To list all available commands run <command>sssctl</command> without any " +"parameters. To print help for selected command run <command>sssctl COMMAND --" +"help</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-files.5.xml:10 sssd-files.5.xml:16 +msgid "sssd-files" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-files.5.xml:17 +msgid "SSSD files provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:23 +msgid "" +"This manual page describes the files provider for <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:36 +msgid "" +"The files provider mirrors the content of the <citerefentry> " +"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files " +"provider is to make the users and groups traditionally only accessible with " +"NSS interfaces also available through the SSSD interfaces such as " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:55 +msgid "" +"Another reason is to provide efficient caching of local users and groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:58 +msgid "" +"Please note that besides explicit domain definition the files provider can " +"be configured also implicitly using 'enable_files_domain' option. See " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:66 +msgid "" +"SSSD never handles resolution of user/group \"root\". Also resolution of UID/" +"GID 0 is not handled by SSSD. Such requests are passed to next NSS module " +"(usually files)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:71 +msgid "" +"When SSSD is not running or responding, nss_sss returns the UNAVAIL code " +"which causes the request to be passed to the next module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:95 +msgid "passwd_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:98 +msgid "" +"Comma-separated list of one or multiple password filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:104 +msgid "Default: /etc/passwd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:110 +msgid "group_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:113 +msgid "" +"Comma-separated list of one or multiple group filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:119 +msgid "Default: /etc/group" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:125 +#, fuzzy +#| msgid "ldap_krb5_init_creds (boolean)" +msgid "fallback_to_nss (boolean)" +msgstr "ldap_krb5_init_creds (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:128 +msgid "" +"While updating the internal data SSSD will return an error and let the " +"client continue with the next NSS module. This helps to avoid delays when " +"using the default system files <filename>/etc/passwd</filename> and " +"<filename>/etc/group</filename> and the NSS configuration has 'sss' before " +"'files' for the 'passwd' and 'group' maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:138 +msgid "" +"If the files provider is configured to monitor other files it makes sense to " +"set this option to 'False' to avoid inconsistent behavior because in general " +"there would be no other NSS module which can be used as a fallback." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:79 +msgid "" +"In addition to the options listed below, generic SSSD domain options can be " +"set where applicable. Refer to the section <quote>DOMAIN SECTIONS</quote> " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for details on the configuration of " +"an SSSD domain. But the purpose of the files provider is to expose the same " +"data as the UNIX files, just through the SSSD interfaces. Therefore not all " +"generic domain options are supported. Likewise, some global options, such as " +"overriding the shell in the <quote>nss</quote> section for all domains has " +"no effect on the files domain unless explicitly specified per-domain. " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:157 +msgid "" +"The following example assumes that SSSD is correctly configured and files is " +"one of the domains in the <replaceable>[sssd]</replaceable> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:163 +#, no-wrap +msgid "" +"[domain/files]\n" +"id_provider = files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:168 +msgid "" +"To leverage caching of local users and groups by SSSD nss_sss module must be " +"listed before nss_files module in /etc/nsswitch.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:174 +#, no-wrap +msgid "" +"passwd: sss files\n" +"group: sss files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16 +msgid "sssd-session-recording" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-session-recording.5.xml:17 +msgid "Configuring session recording with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to " +"implement user session recording on text terminals. For a detailed " +"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> " +"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:41 +msgid "" +"SSSD can be set up to enable recording of everything specific users see or " +"type during their sessions on text terminals. E.g. when users log in on the " +"console, or via SSH. SSSD itself doesn't record anything, but makes sure " +"tlog-rec-session is started upon user login, so it can record according to " +"its configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:48 +msgid "" +"For users with session recording enabled, SSSD replaces the user shell with " +"tlog-rec-session in NSS responses, and adds a variable specifying the " +"original shell to the user environment, upon PAM session setup. This way " +"tlog-rec-session can be started in place of the user shell, and know which " +"actual shell to start, once it set up the recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:60 +msgid "These options can be used to configure the session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:178 +msgid "" +"The following snippet of sssd.conf enables session recording for users " +"\"contractor1\" and \"contractor2\", and group \"students\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-session-recording.5.xml:183 +#, no-wrap +msgid "" +"[session_recording]\n" +"scope = some\n" +"users = contractor1, contractor2\n" +"groups = students\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16 +msgid "sssd-kcm" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-kcm.8.xml:17 +msgid "SSSD Kerberos Cache Manager" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:23 +msgid "" +"This manual page describes the configuration of the SSSD Kerberos Cache " +"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos " +"credential caches. It originates in the Heimdal Kerberos project, although " +"the MIT Kerberos library also provides client side (more details on that " +"below) support for the KCM credential cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:31 +msgid "" +"In a setup where Kerberos caches are managed by KCM, the Kerberos library " +"(typically used through an application, like e.g., <citerefentry> " +"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </" +"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is " +"being referred to as a <quote>\"KCM server\"</quote>. The client and server " +"communicate over a UNIX socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:42 +msgid "" +"The KCM server keeps track of each credential caches's owner and performs " +"access check control based on the UID and GID of the KCM client. The root " +"user has access to all credential caches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:47 +msgid "The KCM credential cache has several interesting properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:51 +msgid "" +"since the process runs in userspace, it is subject to UID namespacing, " +"unlike the kernel keyring" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:56 +msgid "" +"unlike the kernel keyring-based cache, which is shared between all " +"containers, the KCM server is a separate process whose entry point is a UNIX " +"socket" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:61 +msgid "" +"the SSSD implementation stores the ccaches in a database, typically located " +"at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to " +"survive KCM server restarts or machine reboots." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:67 +msgid "" +"This allows the system to use a collection-aware credential cache, yet share " +"the credential cache between some or no containers by bind-mounting the " +"socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:72 +msgid "" +"The KCM default client idle timeout is 5 minutes, this allows more time for " +"user interaction with command line tools such as kinit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:78 +msgid "USING THE KCM CREDENTIAL CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:88 +#, no-wrap +msgid "" +"[libdefaults]\n" +" default_ccache_name = KCM:\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:80 +msgid "" +"In order to use KCM credential cache, it must be selected as the default " +"credential type in <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials " +"cache name must be only <quote>KCM:</quote> without any template " +"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:93 +msgid "" +"Next, make sure the Kerberos client libraries and the KCM server must agree " +"on the UNIX socket path. By default, both use the same path <replaceable>/" +"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos " +"library, change its <quote>kcm_socket</quote> option which is described in " +"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:115 +#, no-wrap +msgid "" +"systemctl start sssd-kcm.socket\n" +"systemctl enable sssd-kcm.socket\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:104 +msgid "" +"Finally, make sure the SSSD KCM server can be contacted. The KCM service is " +"typically socket-activated by <citerefentry> <refentrytitle>systemd</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD " +"services, it cannot be started by adding the <quote>kcm</quote> string to " +"the <quote>service</quote> directive. <placeholder type=\"programlisting\" " +"id=\"0\"/> Please note your distribution may already configure the units for " +"you." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:124 +msgid "THE CREDENTIAL CACHE STORAGE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:126 +msgid "" +"The credential caches are stored in a database, much like SSSD caches user " +"or group entries. The database is typically located at <quote>/var/lib/sss/" +"secrets</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:133 +msgid "OBTAINING DEBUG LOGS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:144 +#, no-wrap +msgid "" +"[kcm]\n" +"debug_level = 10\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:149 sssd-kcm.8.xml:211 +#, no-wrap +msgid "" +"systemctl restart sssd-kcm.service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:135 +msgid "" +"The sssd-kcm service is typically socket-activated <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry>. To generate debug logs, add the following either to the " +"<filename>/etc/sssd/sssd.conf</filename> file directly or as a configuration " +"snippet to <filename>/etc/sssd/conf.d/</filename> directory: <placeholder " +"type=\"programlisting\" id=\"0\"/> Then, restart the sssd-kcm service: " +"<placeholder type=\"programlisting\" id=\"1\"/> Finally, run whatever use-" +"case doesn't work for you. The KCM logs will be generated at <filename>/var/" +"log/sssd/sssd_kcm.log</filename>. It is recommended to disable the debug " +"logs when you no longer need the debugging to be enabled as the sssd-kcm " +"service can generate quite a large amount of debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:159 +msgid "" +"Please note that configuration snippets are, at the moment, only processed " +"if the main configuration file at <filename>/etc/sssd/sssd.conf</filename> " +"exists at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:166 +msgid "RENEWALS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:174 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"krb5_renew_interval = 60m\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:168 +msgid "" +"The sssd-kcm service can be configured to attempt TGT renewal for renewable " +"TGTs stored in the KCM ccache. Renewals are only attempted when half of the " +"ticket lifetime has been reached. KCM Renewals are configured when the " +"following options are set in the [kcm] section: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:179 +msgid "" +"SSSD can also inherit krb5 options for renewals from an existing domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: sssd-kcm.8.xml:183 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"tgt_renewal_inherit = domain-name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:191 +#, no-wrap +msgid "" +"krb5_renew_interval\n" +"krb5_renewable_lifetime\n" +"krb5_lifetime\n" +"krb5_validate\n" +"krb5_canonicalize\n" +"krb5_auth_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:187 +msgid "" +"The following krb5 options can be configured in the [kcm] section to control " +"renewal behavior, these options are described in detail below <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:204 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> section of the sssd." +"conf file. Please note that because the KCM service is typically socket-" +"activated, it is enough to just restart the <quote>sssd-kcm</quote> service " +"after changing options in the <quote>kcm</quote> section of sssd.conf: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:215 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> For a detailed " +"syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:223 +msgid "" +"The generic SSSD service options such as <quote>debug_level</quote> or " +"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for a complete list. In addition, " +"there are some KCM-specific options as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:234 +msgid "socket_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:237 +msgid "The socket the KCM service will listen on." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:240 +msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:243 +msgid "" +"<phrase condition=\"have_systemd\"> Note: on platforms where systemd is " +"supported, the socket path is overwritten by the one defined in the sssd-kcm." +"socket unit file. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:252 +msgid "max_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:255 +msgid "How many credential caches does the KCM database allow for all users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:259 +msgid "Default: 0 (unlimited, only the per-UID quota is enforced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:264 +msgid "max_uid_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:267 +msgid "" +"How many credential caches does the KCM database allow per UID. This is " +"equivalent to <quote>with how many principals you can kinit</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:272 +msgid "Default: 64" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:277 +msgid "max_ccache_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:280 +msgid "" +"How big can a credential cache be per ccache. Each service ticket accounts " +"into this quota." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:284 +msgid "Default: 65536" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:289 +#, fuzzy +#| msgid "enumerate (bool)" +msgid "tgt_renewal (bool)" +msgstr "enumerate (bool)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:292 +msgid "Enables TGT renewals functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:295 +msgid "Default: False (Automatic renewals disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:300 +#, fuzzy +#| msgid "krb5_renewable_lifetime (string)" +msgid "tgt_renewal_inherit (string)" +msgstr "krb5_renewable_lifetime (string)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:303 +msgid "Domain to inherit krb5_* options from, for use with TGT renewals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:307 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: NULL" +msgstr "Padrão: 3" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:318 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>," +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16 +msgid "sssd-systemtap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-systemtap.5.xml:17 +msgid "SSSD systemtap information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:23 +msgid "" +"This manual page provides information about the systemtap functionality in " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:32 +msgid "" +"SystemTap Probe points have been added into various locations in SSSD code " +"to assist in troubleshooting and analyzing performance related issues." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:40 +msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:46 +msgid "" +"Probes and miscellaneous functions are defined in /usr/share/systemtap/" +"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp " +"respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:57 +msgid "PROBE POINTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:367 +msgid "" +"The information below lists the probe points and arguments available in the " +"following format:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:64 +msgid "probe $name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:67 +msgid "Description of probe point" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:70 +#, no-wrap +msgid "" +"variable1:datatype\n" +"variable2:datatype\n" +"variable3:datatype\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:80 +msgid "Database Transaction Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:84 +msgid "probe sssd_transaction_start" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:87 +msgid "" +"Start of a sysdb transaction, probes the sysdb_transaction_start() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118 +#: sssd-systemtap.5.xml:131 +#, no-wrap +msgid "" +"nesting:integer\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:97 +msgid "probe sssd_transaction_cancel" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:100 +msgid "" +"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() " +"function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:111 +msgid "probe sssd_transaction_commit_before" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:114 +msgid "Probes the sysdb_transaction_commit_before() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:124 +msgid "probe sssd_transaction_commit_after" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:127 +msgid "Probes the sysdb_transaction_commit_after() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:141 +msgid "LDAP Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:145 +msgid "probe sdap_search_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:148 +msgid "Probes the sdap_get_generic_ext_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:152 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"attrs:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:161 +msgid "probe sdap_search_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:164 +msgid "Probes the sdap_get_generic_ext_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:168 sssd-systemtap.5.xml:222 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:176 +msgid "probe sdap_parse_entry" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:179 +msgid "" +"Probes the sdap_parse_entry() function. It is called repeatedly with every " +"received attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:184 +#, no-wrap +msgid "" +"attr:string\n" +"value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:190 +msgid "probe sdap_parse_entry_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:193 +msgid "" +"Probes the sdap_parse_entry() function. It is called when parsing of " +"received object is finished." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:201 +msgid "probe sdap_deref_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:204 +msgid "Probes the sdap_deref_search_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:208 +#, no-wrap +msgid "" +"base_dn:string\n" +"deref_attr:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:215 +msgid "probe sdap_deref_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:218 +msgid "Probes the sdap_deref_search_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:234 +msgid "LDAP Account Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:238 +msgid "probe sdap_acct_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:241 +msgid "Probes the sdap_acct_req_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:245 sssd-systemtap.5.xml:260 +#, no-wrap +msgid "" +"entry_type:int\n" +"filter_type:int\n" +"filter_value:string\n" +"extra_value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:253 +msgid "probe sdap_acct_req_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:256 +msgid "Probes the sdap_acct_req_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:272 +msgid "LDAP User Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:276 +msgid "probe sdap_search_user_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:279 +msgid "Probes the sdap_search_user_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:283 sssd-systemtap.5.xml:295 sssd-systemtap.5.xml:307 +#: sssd-systemtap.5.xml:319 +#, no-wrap +msgid "" +"filter:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:288 +msgid "probe sdap_search_user_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:291 +msgid "Probes the sdap_search_user_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:300 +msgid "probe sdap_search_user_save_begin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:303 +msgid "Probes the sdap_search_user_save_begin() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:312 +msgid "probe sdap_search_user_save_end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:315 +msgid "Probes the sdap_search_user_save_end() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:328 +msgid "Data Provider Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:332 +msgid "probe dp_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:335 +msgid "A Data Provider request is submitted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:338 +#, no-wrap +msgid "" +"dp_req_domain:string\n" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:346 +msgid "probe dp_req_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:349 +msgid "A Data Provider request is completed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:352 +#, no-wrap +msgid "" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +"dp_ret:int\n" +"dp_errorstr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:365 +msgid "MISCELLANEOUS FUNCTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:372 +msgid "function acct_req_desc(entry_type)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:375 +msgid "Convert entry_type to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:380 +msgid "" +"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, " +"filter_value, extra_value)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:384 +msgid "Create probe string based on filter type" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:389 +msgid "function dp_target_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:392 +msgid "Convert target to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:397 +msgid "function dp_method_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:400 +msgid "Convert method to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:410 +msgid "SAMPLE SYSTEMTAP SCRIPTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:412 +msgid "" +"Start the SystemTap script (<command>stap /usr/share/sssd/systemtap/<" +"script_name>.stp</command>), then perform an identity operation and the " +"script will collect information from probes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:418 +msgid "Provided SystemTap scripts are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:422 +msgid "dp_request.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:425 +msgid "Monitoring of data provider request performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:430 +msgid "id_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:433 +msgid "Monitoring of <command>id</command> command performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:439 +msgid "ldap_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:442 +msgid "Monitoring of LDAP queries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:447 +msgid "nested_group_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:450 +msgid "Performance of nested groups resolving." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +msgid "sssd-ldap-attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap-attributes.5.xml:17 +msgid "SSSD LDAP Provider: Mapping Attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap-attributes.5.xml:23 +msgid "" +"This manual page describes the mapping attributes of SSSD LDAP provider " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. Refer to the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " +"for full details about SSSD LDAP provider configuration options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:38 +msgid "USER ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:42 +msgid "ldap_user_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:45 +msgid "The object class of a user entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:48 +msgid "Default: posixAccount" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:54 +msgid "ldap_user_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:57 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:61 +msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:68 +msgid "ldap_user_uid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:71 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:75 +msgid "Default: uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:81 +msgid "ldap_user_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:84 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:88 sssd-ldap-attributes.5.xml:698 +msgid "Default: gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:94 +msgid "ldap_user_primary_group (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:97 +msgid "" +"Active Directory primary group attribute for ID-mapping. Note that this " +"attribute should only be set manually if you are running the <quote>ldap</" +"quote> provider with ID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:103 +msgid "Default: unset (LDAP), primaryGroupID (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:109 +msgid "ldap_user_gecos (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:112 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:116 +msgid "Default: gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:122 +msgid "ldap_user_home_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:125 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:129 +msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:135 +msgid "ldap_user_shell (string)" +msgstr "ldap_user_shell (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:138 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:142 +msgid "Default: loginShell" +msgstr "Padrão: diret" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:148 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:151 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:155 sssd-ldap-attributes.5.xml:724 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:162 +msgid "ldap_user_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:165 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:170 sssd-ldap-attributes.5.xml:739 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:177 +msgid "ldap_user_modify_timestamp (string)" +msgstr "ldap_user_modify_timestamp (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:180 sssd-ldap-attributes.5.xml:749 +#: sssd-ldap-attributes.5.xml:872 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:184 sssd-ldap-attributes.5.xml:753 +#: sssd-ldap-attributes.5.xml:879 +msgid "Default: modifyTimestamp" +msgstr "Padrão: modifyTimestamp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:190 +msgid "ldap_user_shadow_last_change (string)" +msgstr "ldap_user_shadow_last_change (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:193 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:203 +msgid "Default: shadowLastChange" +msgstr "Padrão: shadowLastChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:209 +msgid "ldap_user_shadow_min (string)" +msgstr "ldap_user_shadow_min (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:212 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:221 +msgid "Default: shadowMin" +msgstr "Padrão: shadowMin" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:227 +msgid "ldap_user_shadow_max (string)" +msgstr "ldap_user_shadow_max (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:230 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:239 +msgid "Default: shadowMax" +msgstr "Padrão: shadowMax" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:245 +msgid "ldap_user_shadow_warning (string)" +msgstr "ldap_user_shadow_warning (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:248 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:258 +msgid "Default: shadowWarning" +msgstr "Padrão: shadowWarning" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:264 +msgid "ldap_user_shadow_inactive (string)" +msgstr "ldap_user_shadow_inactive (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:267 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:277 +msgid "Default: shadowInactive" +msgstr "Padrão: shadowInactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:283 +msgid "ldap_user_shadow_expire (string)" +msgstr "ldap_user_shadow_expire (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:286 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:296 +msgid "Default: shadowExpire" +msgstr "Padrão: shadowExpire" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:302 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "ldap_user_krb_last_pwd_change (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:305 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:311 +msgid "Default: krbLastPwdChange" +msgstr "Padrão: krbLastPwdChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:317 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "ldap_user_krb_password_expiration (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:320 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:326 +msgid "Default: krbPasswordExpiration" +msgstr "Padrão: krbPasswordExpiration" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:332 +msgid "ldap_user_ad_account_expires (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:335 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:340 +msgid "Default: accountExpires" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:346 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:349 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:354 +msgid "Default: userAccountControl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:360 +msgid "ldap_ns_account_lock (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:363 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:368 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:374 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:377 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:381 sssd-ldap-attributes.5.xml:395 +msgid "Default: loginDisabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:387 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:390 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:401 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:404 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:409 +msgid "Default: loginAllowedTimeMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:415 +msgid "ldap_user_principal (string)" +msgstr "ldap_user_principal (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:418 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:422 +msgid "Default: krbPrincipalName" +msgstr "Padrão: krbPrincipalName" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:428 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:431 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:436 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:446 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:456 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:459 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:463 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:466 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:476 +msgid "ldap_user_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:479 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:483 sssd-ldap-attributes.5.xml:963 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:489 +msgid "ldap_user_fullname (string)" +msgstr "ldap_user_fullname (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:492 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:502 +msgid "ldap_user_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:505 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:509 sssd-ldap-attributes.5.xml:950 +msgid "Default: memberOf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:515 +msgid "ldap_user_authorized_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:518 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:525 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:530 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:537 +msgid "" +"Some distributions (such as Fedora-29+ or RHEL-8) always include the " +"<quote>systemd-user</quote> PAM service as part of the login process. " +"Therefore when using service-based access control, the <quote>systemd-user</" +"quote> service might need to be added to the list of allowed services." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:545 +msgid "Default: authorizedService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:551 +msgid "ldap_user_authorized_host (string)" +msgstr "ldap_user_authorized_host (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:554 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:560 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:565 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:572 +msgid "Default: host" +msgstr "Padrão: host" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:578 +msgid "ldap_user_authorized_rhost (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:581 +msgid "" +"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the " +"presence of the rhost attribute in the user's LDAP entry to determine access " +"privilege. Similarly to host verification process." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:588 +msgid "" +"An explicit deny (!rhost) is resolved first. Second, SSSD searches for " +"explicit allow (rhost) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:593 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>rhost</quote> in order for the " +"ldap_user_authorized_rhost option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:600 +msgid "Default: rhost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:606 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:609 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:613 +msgid "Default: userCertificate;binary" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:619 +msgid "ldap_user_email (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:622 +msgid "Name of the LDAP attribute containing the email address of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:626 +msgid "" +"Note: If an email address of a user conflicts with an email address or fully " +"qualified name of another user, then SSSD will not be able to serve those " +"users properly. If for some reason several users need to share the same " +"email address then set this option to a nonexistent attribute name in order " +"to disable user lookup/login by email." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:635 +msgid "Default: mail" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:640 +#, fuzzy +#| msgid "ldap_user_shell (string)" +msgid "ldap_user_passkey (string)" +msgstr "ldap_user_shell (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:643 +msgid "" +"Name of the LDAP attribute containing the passkey mapping data of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:647 +msgid "Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:657 +msgid "GROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:661 +msgid "ldap_group_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:664 +msgid "The object class of a group entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:667 +msgid "Default: posixGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:673 +msgid "ldap_group_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:676 +msgid "" +"The LDAP attribute that corresponds to the group name. In an environment " +"with nested groups, this value must be an LDAP attribute which has a unique " +"name for every group. This requirement includes non-POSIX groups in the tree " +"of nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:684 +msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:691 +msgid "ldap_group_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:694 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:704 +msgid "ldap_group_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:707 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:711 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:717 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:720 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:731 +msgid "ldap_group_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:734 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:746 +msgid "ldap_group_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:759 +msgid "ldap_group_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:762 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:767 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:773 +msgid "Default: groupType in the AD provider, otherwise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:780 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:783 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:789 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:799 +msgid "NETGROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:803 +msgid "ldap_netgroup_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:806 +msgid "The object class of a netgroup entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:809 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:813 +msgid "Default: nisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:819 +msgid "ldap_netgroup_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:822 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:826 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:836 +msgid "ldap_netgroup_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:839 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:843 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:847 +msgid "Default: memberNisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:853 +msgid "ldap_netgroup_triple (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:856 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:860 sssd-ldap-attributes.5.xml:876 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:863 +msgid "Default: nisNetgroupTriple" +msgstr "Padrão: nisNetgroupTriple" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:869 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "ldap_netgroup_modify_timestamp (string)" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:888 +msgid "HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:892 +msgid "ldap_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:895 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:898 sssd-ldap-attributes.5.xml:995 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:904 +msgid "ldap_host_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:907 sssd-ldap-attributes.5.xml:933 +msgid "The LDAP attribute that corresponds to the host's name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:917 +msgid "ldap_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:920 +msgid "" +"The LDAP attribute that corresponds to the host's fully-qualified domain " +"name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:924 +msgid "Default: fqdn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:930 +msgid "ldap_host_serverhostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:937 +msgid "Default: serverHostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:943 +msgid "ldap_host_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:946 +msgid "The LDAP attribute that lists the host's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:956 +msgid "ldap_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:959 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:969 +msgid "ldap_host_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:972 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:985 +msgid "SERVICE ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:989 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:992 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1001 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1004 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1014 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1017 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1021 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1027 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1030 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1034 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1043 +msgid "SUDO ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1047 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1050 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1053 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1059 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1062 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1072 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1075 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1079 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1085 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1088 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1093 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1099 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1102 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1106 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1112 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1115 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1119 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1125 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1128 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1132 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1138 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1141 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1145 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1151 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1154 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1158 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1164 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1167 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1172 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1178 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1181 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1185 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1194 +msgid "AUTOFS ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1201 +msgid "IP HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1205 +msgid "ldap_iphost_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1208 +msgid "The object class of an iphost entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1211 +msgid "Default: ipHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1217 +msgid "ldap_iphost_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1220 +msgid "" +"The LDAP attribute that contains the name of the IP host attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1230 +msgid "ldap_iphost_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1233 +msgid "The LDAP attribute that contains the IP host address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1237 +msgid "Default: ipHostNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1246 +msgid "IP NETWORK ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1250 +msgid "ldap_ipnetwork_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1253 +msgid "The object class of an ipnetwork entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1256 +msgid "Default: ipNetwork" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1262 +msgid "ldap_ipnetwork_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1265 +msgid "" +"The LDAP attribute that contains the name of the IP network attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1275 +msgid "ldap_ipnetwork_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1278 +msgid "The LDAP attribute that contains the IP network address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1282 +msgid "Default: ipNetworkNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_localauth_plugin.8.xml:10 sssd_krb5_localauth_plugin.8.xml:15 +#, fuzzy +#| msgid "sssd_krb5_locator_plugin" +msgid "sssd_krb5_localauth_plugin" +msgstr "sssd_krb5_locator_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_localauth_plugin.8.xml:16 +msgid "Kerberos local authorization plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:22 +msgid "" +"The Kerberos local authorization plugin <command>sssd_krb5_localauth_plugin</" +"command> is used by libkrb5 to either find the local name for a given " +"Kerberos principal or to check if a given local name and a given Kerberos " +"principal relate to each other." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:29 +msgid "" +"SSSD handles the local names for users from a remote source and can read the " +"Kerberos user principal name from the remote source as well. With this " +"information SSSD can easily handle the mappings mentioned above even if the " +"local name and the Kerberos principal differ considerably." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:36 +msgid "" +"Additionally with the information read from the remote source SSSD can help " +"to prevent unexpected or unwanted mappings in case the user part of the " +"Kerberos principal accidentally corresponds to a local name of a different " +"user. By default libkrb5 might just strip the realm part of the Kerberos " +"principal to get the local name which would lead to wrong mappings in this " +"case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd_krb5_localauth_plugin.8.xml:46 +#, fuzzy +#| msgid "CONFIGURATION OPTIONS" +msgid "CONFIGURATION" +msgstr "OPÇÕES DE CONFIGURAÇÃO" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd_krb5_localauth_plugin.8.xml:56 +#, no-wrap +msgid "" +"[plugins]\n" +" localauth = {\n" +" module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so\n" +" }\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:48 +msgid "" +"The Kerberos local authorization plugin must be enabled explicitly in the " +"Kerberos configuration, see <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. SSSD will create a " +"config snippet with the content like e.g. <placeholder " +"type=\"programlisting\" id=\"0\"/> automatically in the SSSD's public " +"Kerberos configuration snippet directory. If this directory is included in " +"the local Kerberos configuration the plugin will be enabled automatically." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:3 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:6 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:9 +msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:16 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:19 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:22 +msgid "" +"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:29 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:32 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:37 +msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:44 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:47 include/autofs_attributes.xml:61 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:51 +msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:58 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:65 +msgid "" +"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise " +"automountInformation" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "DESCOBERTA DE SERVIÇOS" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "Configuração" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "O nome de domínio" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "O protocolo" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "Ver também" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" + +#. type: Content of: <refentryinfo> +#: include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - https://github." +"com/SSSD/sssd/</orgname>" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:53 +msgid "Failover time outs and tuning" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:55 +msgid "" +"Resolving a server to connect to can be as simple as running a single DNS " +"query or can involve several steps, such as finding the correct site or " +"trying out multiple host names in case some of the configured servers are " +"not reachable. The more complex scenarios can take some time and SSSD needs " +"to balance between providing enough time to finish the resolution process " +"but on the other hand, not trying for too long before falling back to " +"offline mode. If the SSSD debug logs show that the server resolution is " +"timing out before a live server is contacted, you can consider changing the " +"time outs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:76 +msgid "dns_resolver_server_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:80 +msgid "" +"Time in milliseconds that sets how long would SSSD talk to a single DNS " +"server before trying next one." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:90 +msgid "dns_resolver_op_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:94 +msgid "" +"Time in seconds to tell how long would SSSD try to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or discovery domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:106 +msgid "dns_resolver_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:110 +msgid "" +"How long would SSSD try to resolve a failover service. This service " +"resolution internally might include several steps, such as resolving DNS SRV " +"queries or locating the site." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:67 +msgid "" +"This section lists the available tunables. Please refer to their description " +"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:123 +msgid "" +"For LDAP-based providers, the resolve operation is performed as part of an " +"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout</" +"quote> timeout should be set to a larger value than " +"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger " +"value than <quote>dns_resolver_op_timeout</quote> which should be larger " +"than <quote>dns_resolver_server_timeout</quote>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 200,000 and going up to " +"2,000,200,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower (inclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:129 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:139 include/ldap_id_mapping.xml:197 +msgid "Default: 200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:144 +msgid "ldap_idmap_range_max (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:147 +msgid "" +"Specifies the upper (exclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"cannot be used for the mapping anymore, i.e. one larger than the last one " +"which can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:155 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:165 +msgid "Default: 2000200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:170 +msgid "ldap_idmap_range_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:185 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:192 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:202 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:205 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:216 +msgid "ldap_idmap_default_domain (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:219 +msgid "Specify the name of the default domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:227 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:230 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:235 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monotonically with each additional domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:240 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:255 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:258 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:262 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:279 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:287 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:290 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:291 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:292 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:293 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:294 +msgid "Mandatory Label Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:295 +msgid "Authentication Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:296 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:297 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:299 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:303 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote>LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, " +"<quote>MANDATORY LABEL AUTHORITY</quote>, <quote>AUTHENTICATION AUTHORITY</" +"quote>, <quote>NT AUTHORITY</quote> and <quote>BUILTIN</quote> should not be " +"used as domain names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "Exibe a mensagem de ajuda e sai." + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "<option>-h</option>,<option>--help</option>" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10 +msgid "Currently supported debug levels:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill SSSD, but one that indicates that at least one major " +"feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x20000</emphasis>: Performance and " +"statistical data, please note that due to the way requests are processed " +"internally the logged execution time of a request might be longer than it " +"actually was." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:88 include/debug_levels_tools.xml:62 +msgid "" +"<emphasis>10</emphasis>, <emphasis>0x10000</emphasis>: Even more low-level " +"libldb tracing information. Almost never really required." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:93 include/debug_levels_tools.xml:67 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:97 include/debug_levels_tools.xml:71 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:101 include/debug_levels_tools.xml:75 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:106 include/debug_levels_tools.xml:80 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:110 include/debug_levels_tools.xml:84 +msgid "" +"<emphasis>Default</emphasis>: 0x0070 (i.e. fatal, critical and serious " +"failures; corresponds to setting 2 in decimal notation)" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ldap-attributes</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ad</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +"condition=\"with_files_provider\"> <citerefentry> <refentrytitle>sssd-files</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, </phrase> <phrase " +"condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +"<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> " +"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> </phrase>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "override_homedir (string)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "Número UID" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "nome de domínio" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "%f" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "nome totalmente qualificado do utilizador (utilizador@domínio)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:27 +msgid "%l" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "The first letter of the login name." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:32 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:35 +msgid "%o" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:37 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:44 +msgid "" +"The original home directory retrieved from the identity provider, but in " +"lower case." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:49 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:51 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:63 +msgid "This option can also be set per-domain." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:68 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:72 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:76 +msgid "" +"Please note, the home directory from a specific override for the user, " +"either locally (see <citerefentry><refentrytitle>sss_override</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry>) or centrally managed " +"IPA id-overrides, has a higher precedence and will be used instead of the " +"value given by override_homedir." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2 +msgid "MODIFIED DEFAULT OPTIONS" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ad_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and AD provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9 +msgid "KRB5 Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13 +msgid "krb5_validate = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:18 +msgid "krb5_use_enterprise_principal = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:24 +msgid "LDAP Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:28 +msgid "ldap_schema = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38 +msgid "ldap_force_upper_case_realm = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:38 +msgid "ldap_id_mapping = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSS-SPNEGO" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:48 +msgid "ldap_referrals = false" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58 +msgid "ldap_use_tokengroups = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:63 +msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:66 +msgid "" +"The AD provider looks for a different principal than the LDAP provider by " +"default, because in an Active Directory environment the principals are " +"divided into two groups - User Principals and Service Principals. Only User " +"Principal can be used to obtain a TGT and by default, computer object's " +"principal is constructed from its sAMAccountName and the AD realm. The well-" +"known host/hostname@REALM principal is a Service Principal and thus cannot " +"be used to get a TGT with." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:80 +msgid "NSS configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:84 +msgid "fallback_homedir = /home/%d/%u" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:87 +msgid "" +"The AD provider automatically sets \"fallback_homedir = /home/%d/%u\" to " +"provide personal home directories for users without the homeDirectory " +"attribute. If your AD Domain is properly populated with Posix attributes, " +"and you want to avoid this fallback behavior, you can explicitly set " +"\"fallback_homedir = %o\"." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:96 +msgid "" +"Note that the system typically expects a home directory in /home/%u folder. " +"If you decide to use a different directory structure, some other parts of " +"your system may need adjustments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:102 +msgid "" +"For example automated creation of home directories in combination with " +"selinux requires selinux adjustment, otherwise the home directory will be " +"created with wrong selinux context." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ipa_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and IPA provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:18 +msgid "krb5_use_fast = try" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:23 +msgid "krb5_canonicalize = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:29 +msgid "LDAP Provider - General" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:33 +msgid "ldap_schema = ipa_v1" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSSAPI" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:48 +msgid "ldap_sasl_minssf = 56" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ipa" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:64 +msgid "LDAP Provider - User options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:68 +msgid "ldap_user_member_of = memberOf" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:73 +msgid "ldap_user_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:78 +msgid "ldap_user_ssh_public_key = ipaSshPubKey" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:83 +msgid "ldap_user_auth_type = ipaUserAuthType" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:89 +msgid "LDAP Provider - Group options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:93 +msgid "ldap_group_object_class = ipaUserGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:98 +msgid "ldap_group_object_class_alt = posixGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:103 +msgid "ldap_group_member = member" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:108 +msgid "ldap_group_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:113 +msgid "ldap_group_objectsid = ipaNTSecurityIdentifier" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:118 +msgid "ldap_group_external_member = ipaExternalMember" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:3 +msgid "krb5_auth_timeout (integer)" +msgstr "krb5_auth_timeout (integer)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:6 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:17 +msgid "krb5_validate (boolean)" +msgstr "krb5_validate (boolean)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:20 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:29 +msgid "Default: false (IPA and AD provider: true)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:32 +msgid "" +"Please note that the ticket validation is the first step when checking the " +"PAC (see 'pac_check' in the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page for " +"details). If ticket validation is disabled the PAC checks will be skipped as " +"well." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:44 +msgid "krb5_renewable_lifetime (string)" +msgstr "krb5_renewable_lifetime (string)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:47 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:52 include/krb5_options.xml:86 +#: include/krb5_options.xml:123 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:55 include/krb5_options.xml:89 +#: include/krb5_options.xml:126 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:58 include/krb5_options.xml:92 +#: include/krb5_options.xml:129 +msgid "<emphasis>h</emphasis> for hours" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:61 include/krb5_options.xml:95 +#: include/krb5_options.xml:132 +msgid "<emphasis>d</emphasis> for days." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:64 include/krb5_options.xml:135 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:68 include/krb5_options.xml:139 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:73 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "Padrão: não definido, ou seja, o TGT não é renovável" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:79 +msgid "krb5_lifetime (string)" +msgstr "krb5_lifetime (string)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:82 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:98 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:102 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:107 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:114 +msgid "krb5_renew_interval (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:117 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:144 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:157 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" + +#~ msgid "sss_groupmod" +#~ msgstr "sss_groupmod" + +#~ msgid "modify a group" +#~ msgstr "modificar um grupo" + +#~ msgid "" +#~ "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>Opções</" +#~ "replaceable></arg> <arg choice='plain'> <replaceable>grupo</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_groupmod</command> modifies the group to reflect the changes " +#~ "that are specified on the command line." +#~ msgstr "" +#~ "<command>sss_groupmod</command> modifica o grupo para refletir as " +#~ "alterações que são especificadas na linha de comando." + +#~ msgid "" +#~ "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +#~ "replaceable>" + +#~ msgid "" +#~ "Append this group to groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter " +#~ "is a comma separated list of group names." +#~ msgstr "" +#~ "Acrescente este grupo para grupos especificados pelo parâmetro de " +#~ "<replaceable>GROUPS</replaceable>. O parâmetro de <replaceable>GROUPS</" +#~ "replaceable> é uma lista separada por vírgulas de nomes de grupo." + +#~ msgid "" +#~ "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +#~ "replaceable>" + +#~ msgid "" +#~ "Remove this group from groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter." +#~ msgstr "" +#~ "Remova este grupo de grupos especificados pelo parâmetro de " +#~ "<replaceable>GROUPS</replaceable>." + +#~ msgid "The local domain section" +#~ msgstr "A secção de domínio local" + +#~ msgid "default_shell (string)" +#~ msgstr "default_shell (string)" + +#~ msgid "Default: <filename>/bin/bash</filename>" +#~ msgstr "Padrão: <filename>bash/bin/bash</filename>" + +#~ msgid "base_directory (string)" +#~ msgstr "base_directory (string)" + +#~ msgid "Default: <filename>/home</filename>" +#~ msgstr "Padrão: <filename>/ home</filename>" + +#~ msgid "create_homedir (bool)" +#~ msgstr "create_homedir (bool)" + +#~ msgid "remove_homedir (bool)" +#~ msgstr "remove_homedir (bool)" + +#~ msgid "homedir_umask (integer)" +#~ msgstr "homedir_umask (integer)" + +#~ msgid "Default: 077" +#~ msgstr "Padrão: 077" + +#~ msgid "skel_dir (string)" +#~ msgstr "skel_dir (string)" + +#~ msgid "Default: <filename>/etc/skel</filename>" +#~ msgstr "Padrão: <filename>skel/etc/skel</filename>" + +#~ msgid "mail_dir (string)" +#~ msgstr "mail_dir (string)" + +#~ msgid "Default: <filename>/var/mail</filename>" +#~ msgstr "Padrão: <filename>mail/var/mail</filename>" + +#~ msgid "userdel_cmd (string)" +#~ msgstr "userdel_cmd (string)" + +#~ msgid "Default: None, no command is run" +#~ msgstr "Padrão: None, nenhum comando é executado" + +#~ msgid "sss_groupdel" +#~ msgstr "sss_groupdel" + +#~ msgid "delete a group" +#~ msgstr "excluir um grupo" + +#~ msgid "" +#~ "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" + +#~ msgid "sss_groupshow" +#~ msgstr "sss_groupshow" + +#~ msgid "" +#~ "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" + +#~ msgid "<option>-R</option>,<option>--recursive</option>" +#~ msgstr "<option>-R</option>,<option>--recursive</option>" + +#~ msgid "sss_usermod" +#~ msgstr "sss_usermod" + +#~ msgid "modify a user account" +#~ msgstr "modificar uma conta de utilizador" + +#~ msgid "" +#~ "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" + +#~ msgid "<option>-l</option>,<option>--lock</option>" +#~ msgstr "<option>-l</option>,<option>--lock</option>" + +#~ msgid "Lock the user account. The user won't be able to log in." +#~ msgstr "" +#~ "Bloquear a conta do utilizador. O utilizador não será capaz de efetuar " +#~ "login." + +#~ msgid "<option>-u</option>,<option>--unlock</option>" +#~ msgstr "<option>-u</option>,<option>--unlock</option>" + +#~ msgid "Unlock the user account." +#~ msgstr "Desbloquear a conta de utilizador." + +#~ msgid "Default: /etc/krb5.keytab" +#~ msgstr "Padrão: /etc/krb5.keytab" + +#~ msgid "<option>-f</option>,<option>--debug-to-files</option>" +#~ msgstr "<option>-f</option>,<option>--debug-to-files</option>" diff --git a/src/man/po/pt_BR.po b/src/man/po/pt_BR.po new file mode 100644 index 0000000..1eaea8e --- /dev/null +++ b/src/man/po/pt_BR.po @@ -0,0 +1,18228 @@ +# Marco Aurélio Krause <ouesten@me.com>, 2015. #zanata +# Rodrigo de Araujo Sousa Fonseca <rodrigodearaujo@fedoraproject.org>, 2017. #zanata +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 2.3.0\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" +"PO-Revision-Date: 2017-01-29 10:11-0500\n" +"Last-Translator: Rodrigo de Araujo Sousa Fonseca " +"<rodrigodearaujo@fedoraproject.org>\n" +"Language-Team: Portuguese (Brazil)\n" +"Language: pt_BR\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1)\n" +"X-Generator: Zanata 4.6.2\n" + +#. type: Content of: <reference><title> +#: sssd.conf.5.xml:8 sssd-ldap.5.xml:5 pam_sss.8.xml:5 pam_sss_gss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5 +#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 +#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sssd-krb5.5.xml:5 +#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5 +#: sssd-files.5.xml:5 sssd-session-recording.5.xml:5 sssd-kcm.8.xml:5 +#: sssd-systemtap.5.xml:5 sssd-ldap-attributes.5.xml:5 +#: sssd_krb5_localauth_plugin.8.xml:5 +msgid "SSSD Manual pages" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:13 sssd.conf.5.xml:19 +msgid "sssd.conf" +msgstr "ssd.conf " + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:14 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 +#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +#: sssd-files.5.xml:11 sssd-session-recording.5.xml:11 sssd-systemtap.5.xml:11 +#: sssd-ldap-attributes.5.xml:11 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:15 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 +#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +#: sssd-files.5.xml:12 sssd-session-recording.5.xml:12 sssd-kcm.8.xml:12 +#: sssd-systemtap.5.xml:12 sssd-ldap-attributes.5.xml:12 +msgid "File Formats and Conventions" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:20 +msgid "the configuration file for SSSD" +msgstr "O arquivo de configuração para SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:24 +msgid "FILE FORMAT" +msgstr "FORMATO DE ARQUIVO " + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:32 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:27 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:39 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:44 +msgid "" +"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:50 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:56 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:62 +msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:65 +msgid "" +"The configuration file <filename>sssd.conf</filename> will include " +"configuration snippets using the include directory <filename>conf.d</" +"filename>. This feature is available if SSSD was compiled with libini " +"version 1.3.0 or later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:72 +msgid "" +"Any file placed in <filename>conf.d</filename> that ends in " +"<quote><filename>.conf</filename></quote> and does not begin with a dot " +"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> " +"to configure SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:80 +msgid "" +"The configuration snippets from <filename>conf.d</filename> have higher " +"priority than <filename>sssd.conf</filename> and will override " +"<filename>sssd.conf</filename> when conflicts occur. If several snippets are " +"present in <filename>conf.d</filename>, then they are included in " +"alphabetical order (based on locale). Files included later have higher " +"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, " +"<filename>02_snippet.conf</filename> etc.) can help visualize the priority " +"(higher number means higher priority)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:94 +msgid "" +"The snippet files require the same owner and permissions as <filename>sssd." +"conf</filename>. Which are by default root:root and 0600." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:101 +msgid "GENERAL OPTIONS" +msgstr "OPÇÕES GERAIS " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:103 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:107 +msgid "Options usable in all sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:111 +msgid "debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:115 +msgid "debug (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:118 +msgid "" +"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias " +"for <replaceable>debug_level</replaceable> as a convenience feature. If both " +"are specified, the value of <replaceable>debug_level</replaceable> will be " +"used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:128 +msgid "debug_timestamps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:131 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 +msgid "Default: true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:141 +msgid "debug_microseconds (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:144 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 +#: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 +#: include/krb5_options.xml:163 +msgid "Default: false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:154 +msgid "debug_backtrace_enabled (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:157 +msgid "Enable debug backtrace." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:160 +msgid "" +"In case SSSD is run with debug_level less than 9, everything is logged to a " +"ring buffer in memory and flushed to a log file on any error up to and " +"including `min(0x0040, debug_level)` (i.e. if debug_level is explicitly set " +"to 0 or 1 then only those error levels will trigger backtrace, otherwise up " +"to 2)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:169 +msgid "" +"Feature is only supported for `logger == files` (i.e. setting doesn't have " +"effect for other logger types)." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 +#: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 +#: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 +#: sssd-ldap-attributes.5.xml:890 sssd-ldap-attributes.5.xml:987 +#: sssd-ldap-attributes.5.xml:1045 sssd-ldap-attributes.5.xml:1203 +#: sssd-ldap-attributes.5.xml:1248 include/autofs_attributes.xml:1 +#: include/krb5_options.xml:1 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:182 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:186 +msgid "timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:189 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests. Note " +"that after three missed heartbeats the process will terminate itself." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +msgid "Default: 10" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:206 +msgid "SPECIAL SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:209 +msgid "The [sssd] section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><title> +#: sssd.conf.5.xml:218 +msgid "Section parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:220 +msgid "config_file_version (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:223 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:229 +msgid "services" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:232 +msgid "" +"Comma separated list of services that are started when sssd itself starts. " +"<phrase condition=\"have_systemd\"> The services' list is optional on " +"platforms where systemd is supported, as they will either be socket or D-Bus " +"activated when needed. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:241 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:249 +msgid "" +"<phrase condition=\"have_systemd\"> By default, all services are disabled " +"and the administrator must enable the ones allowed to be used by executing: " +"\"systemctl enable sssd-@service@.socket\". </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 +msgid "reconnection_retries (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 +#: include/failover.xml:100 +msgid "Default: 3" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:271 +msgid "domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:274 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter describes the list of domains in the order you want " +"them to be queried. A domain name is recommended to contain only " +"alphanumeric ASCII characters, dashes, dots and underscores. '/' character " +"is forbidden." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 +msgid "re_expression (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:290 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:295 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN SECTIONS " +"for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 +msgid "full_name_format (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 +msgid "%1$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 +msgid "user name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 +msgid "%2$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 +msgid "domain name as specified in the SSSD config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 +msgid "%3$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:344 +msgid "" +"Each domain can have an individual format string configured. See DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:350 +msgid "monitor_resolv_conf (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:353 +msgid "" +"Controls if SSSD should monitor the state of resolv.conf to identify when it " +"needs to update its internal DNS resolver." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:363 +msgid "try_inotify (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:366 +msgid "" +"By default, SSSD will attempt to use inotify to monitor configuration files " +"changes and will fall back to polling every five seconds if inotify cannot " +"be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:378 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:382 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:389 +msgid "krb5_rcache_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:396 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:402 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:409 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:412 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user. Currently the only supported value is '&sssd_user_name;'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:419 +msgid "" +"This option does not work when running socket-activated services, as the " +"user set up to run the processes is set up during compilation time. The way " +"to override the systemd unit files is by creating the appropriate files in /" +"etc/systemd/system/. Keep in mind that any change in the socket user, group " +"or permissions may result in a non-usable SSSD. The same may occur in case " +"of changes of the user running the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:433 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:438 +msgid "default_domain_suffix (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:441 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:451 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False. <phrase condition=\"with_files_provider\"> One exception from " +"this rule are domains with <quote>id_provider=files</quote> that always try " +"to match the behaviour of nss_files and therefore their output is not " +"qualified even when the default_domain_suffix option is used. </phrase>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 +#: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 +#: include/krb5_options.xml:148 +msgid "Default: not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:473 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:476 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:485 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:498 +msgid "certificate_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:506 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:508 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:516 +msgid "soft_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:518 +msgid "" +"If a connection cannot be established to an OCSP responder the OCSP check is " +"skipped. This option should be used to allow authentication when the system " +"is offline and the OCSP responder cannot be reached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:528 +msgid "ocsp_dgst" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "" +"Digest (hash) function used to create the certificate ID for the OCSP " +"request. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:534 +msgid "sha1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:535 +msgid "sha256" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:536 +msgid "sha384" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:537 +msgid "sha512" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:540 +msgid "Default: sha1 (to allow compatibility with RFC5019-compliant responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:546 +msgid "no_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:548 +msgid "" +"Disables verification completely. This option should only be used for " +"testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "partial_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:556 +msgid "" +"Allow verification to succeed even if a <replaceable>complete</replaceable> " +"chain cannot be built to a self-signed trust-anchor, provided it is possible " +"to construct a chain to a trusted certificate that might not be self-signed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:565 +msgid "ocsp_default_responder=URL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:567 +msgid "" +"Sets the OCSP default responder which should be used instead of the one " +"mentioned in the certificate. URL must be replaced with the URL of the OCSP " +"default responder e.g. http://example.com:80/ocsp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:577 +msgid "ocsp_default_responder_signing_cert=NAME" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:579 +msgid "" +"This option is currently ignored. All needed certificates must be available " +"in the PEM file given by pam_cert_db_path." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:587 +msgid "crl_file=/PATH/TO/CRL/FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:589 +msgid "" +"Use the Certificate Revocation List (CRL) from the given file during the " +"verification of the certificate. The CRL must be given in PEM format, see " +"<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</" +"manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:602 +msgid "soft_crl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:605 +msgid "" +"If a Certificate Revocation List (CRL) is expired ignore the CRL checks for " +"the related certificates. This option should be used to allow authentication " +"when the system is offline and the CRL cannot be renewed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:616 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:619 +msgid "Default: not set, i.e. do not restrict certificate verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:625 +msgid "disable_netlink (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "" +"SSSD hooks into the netlink interface to monitor changes to routes, " +"addresses, links and trigger certain actions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:633 +msgid "" +"The SSSD state changes caused by netlink events may be undesirable and can " +"be disabled by setting this option to 'true'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:638 +msgid "Default: false (netlink changes are detected)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:643 +msgid "enable_files_domain (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:646 +msgid "" +"When this option is enabled, SSSD prepends an implicit domain with " +"<quote>id_provider=files</quote> before any explicitly configured domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:657 +msgid "domain_resolution_order" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:660 +msgid "" +"Comma separated list of domains and subdomains representing the lookup order " +"that will be followed. The list doesn't have to include all possible " +"domains as the missing domains will be looked up based on the order they're " +"presented in the <quote>domains</quote> configuration option. The " +"subdomains which are not listed as part of <quote>lookup_order</quote> will " +"be looked up in a random order for each parent domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:672 +msgid "" +"Please, note that when this option is set the output format of all commands " +"is always fully-qualified even when using short names for input <phrase " +"condition=\"with_files_provider\"> , for all users but the ones managed by " +"the files provider </phrase>. In case the administrator wants the output " +"not fully-qualified, the full_name_format option can be used as shown below: " +"<quote>full_name_format=%1$s</quote> However, keep in mind that during " +"login, login applications often canonicalize the username by calling " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> which, if a shortname is returned for a qualified " +"input (while trying to reach a user which exists in multiple domains) might " +"re-route the login attempt into the domain which uses shortnames, making " +"this workaround totally not recommended in cases where usernames may overlap " +"between domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 +#: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 +msgid "Default: Not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:705 +msgid "implicit_pac_responder (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:708 +msgid "" +"The PAC responder is enabled automatically for the IPA and AD provider to " +"evaluate and check the PAC. If it has to be disabled set this option to " +"'false'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:719 +msgid "core_dumpable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:722 +msgid "" +"This option can be used for general system hardening: setting it to 'false' " +"forbids core dumps for all SSSD processes to avoid leaking plain text " +"passwords. See man page prctl:PR_SET_DUMPABLE for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:734 +msgid "passkey_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "user_verification (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:744 +msgid "" +"Enable or disable the user verification (i.e. PIN, fingerprint) during " +"authentication. If enabled, the PIN will always be requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:750 +msgid "" +"The default is that the key settings decide what to do. In the IPA or " +"kerberos pre-authentication case, this value will be overwritten by the " +"server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "" +"With this parameter the passkey verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:211 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:769 +msgid "SERVICES SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:771 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:778 +msgid "General service configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:780 +msgid "These options can be used to configure any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:797 +msgid "fd_limit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:800 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:814 +msgid "client_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:817 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system. The timeout " +"can't be shorter than 10 seconds. If a lower value is configured, it will be " +"adjusted to 10 seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "Default: 60, KCM: 300" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:831 +msgid "offline_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:834 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. By " +"default SSSD uses incremental behaviour to calculate delay in between " +"retries. So, the wait time for a given retry will be longer than the wait " +"time for the previous ones. After each unsuccessful attempt to go online, " +"the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 +msgid "" +"new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." +"offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:848 +msgid "" +"The offline_timeout default value is 60. The offline_timeout_max default " +"value is 3600. The offline_timeout_random_offset default value is 30. The " +"end result is amount of seconds before next retry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:854 +msgid "" +"Note that the maximum length of each interval is defined by " +"offline_timeout_max (apart of random part)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 +msgid "Default: 60" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:863 +msgid "offline_timeout_max (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:866 +msgid "" +"Controls by how much the time between attempts to go online can be " +"incremented following unsuccessful attempts to go online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:871 +msgid "A value of 0 disables the incrementing behaviour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:874 +msgid "" +"The value of this parameter should be set in correlation to offline_timeout " +"parameter value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "" +"With offline_timeout set to 60 (default value) there is no point in setting " +"offlinet_timeout_max to less than 120 as it will saturate instantly. General " +"rule here should be to set offline_timeout_max to at least 4 times " +"offline_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "" +"Although a value between 0 and offline_timeout may be specified, it has the " +"effect of overriding the offline_timeout value so is of little use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:889 +msgid "Default: 3600" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:894 +msgid "offline_timeout_random_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:897 +msgid "" +"When SSSD is in offline mode it keeps probing backend servers in specified " +"time intervals:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:904 +msgid "" +"This parameter controls the value of the random offset used for the above " +"equation. Final random_offset value will be random number in range:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "[0 - offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:912 +msgid "A value of 0 disables the random offset addition." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:915 +msgid "Default: 30" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:920 +msgid "responder_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:923 +msgid "" +"This option specifies the number of seconds that an SSSD responder process " +"can be up without being used. This value is limited in order to avoid " +"resource exhaustion on the system. The minimum acceptable value for this " +"option is 60 seconds. Setting this option to 0 (zero) means that no timeout " +"will be set up to the responder. This option only has effect when SSSD is " +"built with systemd support and when services are either socket or D-Bus " +"activated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 +msgid "Default: 300" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:942 +msgid "cache_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 +msgid "" +"This option specifies whether the responder should query all caches before " +"querying the Data Providers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:960 +msgid "NSS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:962 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:967 +msgid "enum_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:970 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:974 +msgid "Default: 120" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:979 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:982 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:988 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:998 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 +msgid "Default: 50" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1011 +msgid "entry_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 +msgid "Default: 15" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1025 +msgid "local_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1028 +msgid "" +"Specifies for how many seconds nss_sss should keep local users and groups in " +"negative cache before trying to look it up in the back end again. Setting " +"the option to 0 disables this feature." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "Default: 14400 (4 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1039 +msgid "filter_users, filter_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1042 +msgid "" +"Exclude certain users or groups from being fetched from the sss NSS " +"database. This is particularly useful for system accounts. This option can " +"also be set per-domain or include fully-qualified names to filter only users " +"from the particular domain or by a user principal name (UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1050 +msgid "" +"NOTE: The filter_groups option doesn't affect inheritance of nested group " +"members, since filtering happens after they are propagated for returning via " +"NSS. E.g. a group having a member group filtered out will still have the " +"member users of the latter listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1058 +msgid "Default: root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1063 +msgid "filter_users_in_groups (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1066 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1077 +msgid "fallback_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1080 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1085 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1091 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1095 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1101 +msgid "override_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1104 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1116 +msgid "allowed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1119 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1122 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1126 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1131 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1136 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1139 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1146 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1149 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1153 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1158 +msgid "vetoed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1161 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1166 +msgid "shell_fallback (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1169 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1173 +msgid "Default: /bin/sh" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1178 +msgid "default_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1181 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1187 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 +msgid "get_domains_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1206 +msgid "memcache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1209 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid. Setting this option to zero will disable the in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1217 +msgid "" +"WARNING: Disabling the in-memory cache will have significant negative impact " +"on SSSD's performance and should only be used for testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1231 +msgid "memcache_size_passwd (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1234 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for passwd requests. Setting the size to 0 will disable the passwd in-" +"memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 +msgid "" +"WARNING: Disabled or too small in-memory cache can have significant negative " +"impact on SSSD's performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1256 +msgid "memcache_size_group (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1259 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for group requests. Setting the size to 0 will disable the group in-memory " +"cache." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 +#: include/krb5_options.xml:11 +msgid "Default: 6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1281 +msgid "memcache_size_initgroups (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1284 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for initgroups requests. Setting the size to 0 will disable the initgroups " +"in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1306 +msgid "memcache_size_sid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1309 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for SID related requests. Only SID-by-ID and ID-by-SID requests are " +"currently cached in fast in-memory cache. Setting the size to 0 will " +"disable the SID in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1336 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1349 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1354 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1359 +msgid "pwfield (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1362 +msgid "" +"The value that NSS operations that return users or groups will return for " +"the <quote>password</quote> field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1367 +msgid "Default: <quote>*</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1370 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[nss] section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1374 +msgid "" +"Default: <quote>not set</quote> (remote domains), <phrase " +"condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" +"phrase> <quote>x</quote> (proxy domain with nss_files and sssd-shadowutils " +"target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1386 +msgid "PAM configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1388 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1393 +msgid "offline_credentials_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1396 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 +msgid "Default: 0 (No limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1407 +msgid "offline_failed_login_attempts (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1410 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1420 +msgid "offline_failed_login_delay (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1423 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1428 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 +msgid "Default: 5" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1440 +msgid "pam_verbosity (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1443 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1448 +msgid "Currently sssd supports the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1451 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1454 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1458 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1465 sssd.8.xml:63 +msgid "Default: 1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1471 +msgid "pam_response_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1474 +msgid "" +"A comma separated list of strings which allows to remove (filter) data sent " +"by the PAM responder to pam_sss PAM module. There are different kind of " +"responses sent to pam_sss e.g. messages displayed to the user or environment " +"variables which should be set by pam_sss." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1482 +msgid "" +"While messages already can be controlled with the help of the pam_verbosity " +"option this option allows to filter out other kind of responses as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1489 +msgid "ENV" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1490 +msgid "Do not send any environment variables to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1493 +msgid "ENV:var_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1494 +msgid "Do not send environment variable var_name to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1498 +msgid "ENV:var_name:service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1499 +msgid "Do not send environment variable var_name to service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1487 +msgid "" +"Currently the following filters are supported: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1506 +msgid "" +"The list of strings can either be the list of filters which would set this " +"list of filters and overwrite the defaults. Or each element of the list can " +"be prefixed by a '+' or '-' character which would add the filter to the " +"existing default or remove it from the defaults, respectively. Please note " +"that either all list elements must have a '+' or '-' prefix or none. It is " +"considered as an error to mix both styles." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1517 +msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1520 +msgid "" +"Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1527 +msgid "pam_id_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1530 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1536 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1550 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1556 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1567 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 +msgid "Default: 0" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1589 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1592 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to run PAM conversations against trusted domains. Users not " +"included in this list can only access domains marked as public with " +"<quote>pam_public_domains</quote>. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 +msgid "Default: All users are considered trusted by default" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1606 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1620 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1624 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1628 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 +msgid "Default: none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1637 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1640 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbosity is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1653 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1662 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1665 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1672 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1681 +msgid "pam_passkey_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 +msgid "Enable passkey device based authentication." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 +msgid "Default: False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1692 +msgid "passkey_debug_libfido2 (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1695 +msgid "Enable libfido2 library debug messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1703 +msgid "pam_cert_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1706 +msgid "" +"Enable certificate based Smartcard authentication. Since this requires " +"additional communication with the Smartcard which will delay the " +"authentication process this option is disabled by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1717 +msgid "pam_cert_db_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1720 +msgid "The path to the certificate database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 +msgid "Default:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 +msgid "" +"/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " +"certificates in PEM format)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1735 +msgid "pam_cert_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1738 +msgid "" +"With this parameter the PAM certificate verification can be tuned with a " +"comma separated list of options that override the " +"<quote>certificate_verification</quote> value in <quote>[sssd]</quote> " +"section. Supported options are the same of <quote>certificate_verification</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1749 +#, no-wrap +msgid "" +"pam_cert_verification = partial_chain\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1753 +msgid "" +"Default: not set, i.e. use default <quote>certificate_verification</quote> " +"option defined in <quote>[sssd]</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1760 +msgid "p11_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1763 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1772 +msgid "passkey_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1775 +msgid "" +"How many seconds will the PAM responder wait for passkey_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1784 +msgid "pam_app_services (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1787 +msgid "" +"Which PAM services are permitted to contact domains of type " +"<quote>application</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1796 +msgid "pam_p11_allowed_services (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1799 +msgid "" +"A comma-separated list of PAM service names for which it will be allowed to " +"use Smartcards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1814 +#, no-wrap +msgid "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1803 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in order " +"to replace a default PAM service name for authentication with Smartcards (e." +"g. <quote>login</quote>) with a custom PAM service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd-ad.5.xml:869 sssd-ad.5.xml:947 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1863 +msgid "gnome-screensaver" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1871 +msgid "p11_wait_for_card_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1874 +msgid "" +"If Smartcard authentication is required how many extra seconds in addition " +"to p11_child_timeout should the PAM responder wait until a Smartcard is " +"inserted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1885 +msgid "p11_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1888 +msgid "" +"PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " +"selection of devices used for Smartcard authentication. By default SSSD's " +"p11_child will search for a PKCS#11 slot (reader) where the 'removable' " +"flags is set and read the certificates from the inserted token from the " +"first slot found. If multiple readers are connected p11_uri can be used to " +"tell p11_child to use a specific reader." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1901 +#, no-wrap +msgid "" +"p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1905 +#, no-wrap +msgid "" +"p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1899 +msgid "" +"Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " +"type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " +"debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' " +"with e.g. the '--list-all' will show PKCS#11 URIs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1918 +msgid "pam_initgroups_scheme" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1926 +msgid "always" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1927 +msgid "" +"Always do an online lookup, please note that pam_id_timeout still applies" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1931 +msgid "no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1932 +msgid "" +"Only do an online lookup if there is no active session of the user, i.e. if " +"the user is currently not logged in" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1937 +msgid "never" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1938 +msgid "" +"Never force an online lookup, use the data from the cache as long as they " +"are not expired" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1921 +msgid "" +"The PAM responder can force an online lookup to get the current group " +"memberships of the user trying to log in. This option controls when this " +"should be done and the following values are allowed: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1945 +msgid "Default: no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 +msgid "pam_gssapi_services" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1953 +msgid "" +"Comma separated list of PAM services that are allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1958 +msgid "" +"To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[pam] section. It can also be set for trusted domain which overwrites the " +"value in the domain section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1970 +#, no-wrap +msgid "" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1974 +msgid "Default: - (GSSAPI authentication is disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 +msgid "pam_gssapi_check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1982 +msgid "" +"If True, SSSD will require that the Kerberos user principal that " +"successfully authenticated through GSSAPI can be associated with the user " +"who is being authenticated. Authentication will fail if the check fails." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1989 +msgid "" +"If False, every user that is able to obtained required service ticket will " +"be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 +#: sssd-files.5.xml:145 +msgid "Default: True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2004 +msgid "pam_gssapi_indicators_map" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2007 +msgid "" +"Comma separated list of authentication indicators required to be present in " +"a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2013 +msgid "" +"Each element of the list can be either an authentication indicator name or a " +"pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " +"service name will be required to access any PAM service configured to be " +"used with <option>pam_gssapi_services</option>. A resulting list of " +"indicators per PAM service is then checked against indicators in the " +"Kerberos ticket during authentication by pam_sss_gss.so. Any indicator from " +"the ticket that matches the resulting list of indicators for the PAM service " +"would grant access. If none of the indicators in the list match, access will " +"be denied. If the resulting list of indicators for the PAM service is empty, " +"the check will not prevent the access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"To disable GSSAPI authentication indicator check, set this option to <quote>-" +"</quote> (dash). To disable the check for a specific PAM service, add " +"<quote>service:-</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "" +"Following authentication indicators are supported by IPA Kerberos " +"deployments:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"pkinit -- pre-authentication using X.509 certificates -- whether stored in " +"files or on smart cards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2043 +msgid "" +"hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " +"FAST channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2046 +msgid "radius -- pre-authentication with the help of a RADIUS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2049 +msgid "" +"otp -- pre-authentication using integrated two-factor authentication (2FA or " +"one-time password, OTP) in IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2052 +msgid "idp -- pre-authentication using external identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:2062 +#, no-wrap +msgid "" +"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2057 +msgid "" +"Example: to require access to SUDO services only for users which obtained " +"their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " +"set <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2066 +msgid "Default: not set (use of authentication indicators is not required)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2074 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2076 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2093 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2096 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2108 +msgid "sudo_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2111 +msgid "" +"Maximum number of expired rules that can be refreshed at once. If number of " +"expired rules is below threshold, those rules are refreshed with " +"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a " +"<quote>full refresh</quote> of sudo rules is triggered instead. This " +"threshold number also applies to IPA sudo command and command group searches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2130 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2132 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2136 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2139 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2155 +msgid "SSH configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2157 +msgid "These options can be used to configure the SSH service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2161 +msgid "ssh_hash_known_hosts (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2164 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2173 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2176 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2180 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2185 +msgid "ssh_use_certificate_keys (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2188 +msgid "" +"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " +"keys derived from the public key of X.509 certificates stored in the user " +"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2203 +msgid "ssh_use_certificate_matching_rules (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2206 +msgid "" +"By default the ssh responder will use all available certificate matching " +"rules to filter the certificates so that ssh keys are only derived from the " +"matching ones. With this option the used rules can be restricted with a " +"comma separated list of mapping and matching rule names. All other rules " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2215 +msgid "" +"There are two special key words 'all_rules' and 'no_rules' which will enable " +"all or no rules, respectively. The latter means that no certificates will be " +"filtered out and ssh keys will be generated from all valid certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2222 +msgid "" +"If no rules are configured using 'all_rules' will enable a default rule " +"which enables all certificates suitable for client authentication. This is " +"the same behavior as for the PAM responder if certificate authentication is " +"enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2229 +msgid "" +"A non-existing rule name is considered an error. If as a result no rule is " +"selected all certificates will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2234 +msgid "" +"Default: not set, equivalent to 'all_rules', all found rules or the default " +"rule are used" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2240 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2243 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2263 +msgid "PAC responder configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2265 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. If " +"the PAC is decoded and evaluated some of the following operations are done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2274 +msgid "" +"If the remote user does not exist in the cache, it is created. The UID is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"GID will have the same value as the UID. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2282 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2288 +msgid "These options can be used to configure the PAC responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 +msgid "allowed_uids (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2295 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2301 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2305 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2314 +msgid "pac_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2317 +msgid "" +"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " +"data can be used to determine the group memberships of a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2327 +msgid "pac_check (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2330 +msgid "" +"Apply additional checks on the PAC of the Kerberos ticket which is available " +"in Active Directory and FreeIPA domains, if configured. Please note that " +"Kerberos ticket validation must be enabled to be able to check the PAC, i.e. " +"the krb5_validate option must be set to 'True' which is the default for the " +"IPA and AD provider. If krb5_validate is set to 'False' the PAC checks will " +"be skipped." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2344 +msgid "no_check" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2346 +msgid "" +"The PAC must not be present and even if it is present no additional checks " +"will be done." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2352 +msgid "pac_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2354 +msgid "" +"The PAC must be present in the service ticket which SSSD will request with " +"the help of the user's TGT. If the PAC is not available the authentication " +"will fail." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2362 +msgid "check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2364 +msgid "" +"If the PAC is present check if the user principal name (UPN) information is " +"consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2370 +msgid "check_upn_allow_missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2372 +msgid "" +"This option should be used together with 'check_upn' and handles the case " +"where a UPN is set on the server-side but is not read by SSSD. The typical " +"example is a FreeIPA domain where 'ldap_user_principal' is set to a not " +"existing attribute name. This was typically done to work-around issues in " +"the handling of enterprise principals. But this is fixed since quite some " +"time and FreeIPA can handle enterprise principals just fine and there is no " +"need anymore to set 'ldap_user_principal'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2384 +msgid "" +"Currently this option is set by default to avoid regressions in such " +"environments. A log message will be added to the system log and SSSD's debug " +"log in case a UPN is found in the PAC but not in SSSD's cache. To avoid this " +"log message it would be best to evaluate if the 'ldap_user_principal' option " +"can be removed. If this is not possible, removing 'check_upn' will skip the " +"test and avoid the log message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2398 +msgid "upn_dns_info_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2400 +msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2405 +msgid "check_upn_dns_info_ex" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2407 +msgid "" +"If the PAC is present and the extension to the UPN-DNS-INFO buffer is " +"available check if the information in the extension is consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2414 +msgid "upn_dns_info_ex_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2416 +msgid "" +"The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " +"'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2340 +msgid "" +"The following options can be used alone or in a comma-separated list: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2426 +msgid "" +"Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " +"check_upn_dns_info_ex')" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2435 +msgid "Session recording configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2437 +msgid "" +"Session recording works in conjunction with <citerefentry> " +"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>, a part of tlog package, to log what users see and type when " +"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-" +"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2450 +msgid "These options can be used to configure session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 +msgid "scope (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 +msgid "\"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 +msgid "No users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 +msgid "\"some\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 +msgid "" +"Users/groups specified by <replaceable>users</replaceable> and " +"<replaceable>groups</replaceable> options are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 +msgid "\"all\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 +msgid "All users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 +msgid "" +"One of the following strings specifying the scope of session recording: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 +msgid "Default: \"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 +msgid "users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 +msgid "" +"A comma-separated list of users which should have session recording enabled. " +"Matches user names as returned by NSS. I.e. after the possible space " +"replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 +msgid "Default: Empty. Matches no users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 +msgid "groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 +msgid "" +"A comma-separated list of groups, members of which should have session " +"recording enabled. Matches group names as returned by NSS. I.e. after the " +"possible space replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 +#: sssd-session-recording.5.xml:161 +msgid "" +"NOTE: using this option (having it set to anything) has a considerable " +"performance cost, because each uncached request for a user requires " +"retrieving and matching the groups the user is member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 +msgid "Default: Empty. Matches no groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 +msgid "exclude_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 +msgid "" +"A comma-separated list of users to be excluded from recording, only " +"applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 +msgid "Default: Empty. No users excluded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 +msgid "exclude_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 +msgid "" +"A comma-separated list of groups, members of which should be excluded from " +"recording. Only applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 +msgid "Default: Empty. No groups excluded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2568 +msgid "DOMAIN SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2575 +msgid "enabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2578 +msgid "" +"Explicitly enable or disable the domain. If <quote>true</quote>, the domain " +"is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " +"always <quote>disabled</quote>. If this option is not set, the domain is " +"enabled only if it is listed in the domains option in the <quote>[sssd]</" +"quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2590 +msgid "domain_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2593 +msgid "" +"Specifies whether the domain is meant to be used by POSIX-aware clients such " +"as the Name Service Switch or by applications that do not need POSIX data to " +"be present or generated. Only objects from POSIX domains are available to " +"the operating system interfaces and utilities." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2601 +msgid "" +"Allowed values for this option are <quote>posix</quote> and " +"<quote>application</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2605 +msgid "" +"POSIX domains are reachable by all services. Application domains are only " +"reachable from the InfoPipe responder (see <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>) and the PAM responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2613 +msgid "" +"NOTE: The application domains are currently well tested with " +"<quote>id_provider=ldap</quote> only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2617 +msgid "" +"For an easy way to configure a non-POSIX domains, please see the " +"<quote>Application domains</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2621 +msgid "Default: posix" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2627 +msgid "min_id,max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2630 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2635 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2642 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2646 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2652 +msgid "enumerate (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2655 +msgid "" +"Determines if a domain can be enumerated, that is, whether the domain can " +"list all the users and group it contains. Note that it is not required to " +"enable enumeration in order for secondary groups to be displayed. This " +"parameter can have one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2663 +msgid "TRUE = Users and groups are enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2666 +msgid "FALSE = No enumerations for this domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 +msgid "Default: FALSE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2672 +msgid "" +"Enumerating a domain requires SSSD to download and store ALL user and group " +"entries from the remote server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2677 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed. This can lead to the <quote>sssd_be</" +"quote> process becoming unresponsive or even restarted by the internal " +"watchdog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2692 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2697 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2705 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2713 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2720 +msgid "all" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2721 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2724 +msgid "none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2725 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2716 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2739 +msgid "entry_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2742 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2746 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2759 +msgid "Default: 5400" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2765 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2768 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2778 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2781 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2791 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2794 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2804 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2807 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2817 +msgid "entry_cache_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2820 +msgid "" +"How many seconds should nss_sss consider hosts and networks entries valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2831 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2834 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2844 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2847 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2858 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2861 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2872 +msgid "entry_cache_computer_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2875 +msgid "" +"How many seconds to keep the local computer entry before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2885 +msgid "refresh_expired_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2888 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2893 +msgid "" +"The background refresh will process users, groups and netgroups in the " +"cache. For users who have performed the initgroups (get group membership for " +"user, typically ran at login) operation in the past, both the user entry " +"and the group membership are updated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2901 +msgid "This option is automatically inherited for all trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2905 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2909 +msgid "" +"Cache entry will be refreshed by background task when 2/3 of cache timeout " +"has already passed. If there are existing cached entries, the background " +"task will refer to their original cache timeout values instead of current " +"configuration value. This may lead to a situation in which background " +"refresh task appears to not be working. This is done by design to improve " +"offline mode operation and reuse of existing valid cache entries. To make " +"this change instant the user may want to manually invalidate existing cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 +#: sssd-ipa.5.xml:270 +msgid "Default: 0 (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2928 +msgid "cache_credentials (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2942 +msgid "" +"Take a note that while credentials are stored as a salted SHA512 hash, this " +"still potentially poses some security risk in case an attacker manages to " +"get access to a cache file (normally requires privileged access) and to " +"break a password using brute force attack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2956 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2959 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2966 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2977 +msgid "account_cache_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2980 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2987 +msgid "Default: 0 (unlimited)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2992 +msgid "pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3003 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3010 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3016 +msgid "id_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3019 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3023 +msgid "<quote>proxy</quote>: Support a legacy NSS provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3026 +msgid "" +"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" +"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on how to mirror local users and groups into SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3034 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3062 +msgid "use_fully_qualified_names (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3065 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3070 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3078 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3085 +msgid "" +"Default: FALSE (TRUE for trusted domain/sub-domains or if " +"default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3092 +msgid "ignore_group_members (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3095 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3098 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3116 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 +msgid "" +"This option can be also set per subdomain or inherited via " +"<emphasis>subdomain_inherit</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3132 +msgid "auth_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3135 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3146 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3170 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3173 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3176 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3182 +msgid "access_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3185 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3191 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3194 +msgid "<quote>deny</quote> always deny access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3221 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3228 +msgid "" +"<quote>krb5</quote>: .k5login based access control. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3235 +msgid "<quote>proxy</quote> for relaying access control to another PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3238 +msgid "Default: <quote>permit</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3243 +msgid "chpass_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3246 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3251 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3259 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3284 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3288 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3291 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3298 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3301 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3305 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3313 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3317 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3321 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3328 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3343 +msgid "" +"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " +"background unless the sudo provider is explicitly disabled. Set " +"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related " +"activity in SSSD if you do not want to use sudo with SSSD at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3353 +msgid "selinux_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3356 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3362 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3370 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3373 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3379 +msgid "subdomains_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3382 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3388 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3397 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3406 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3416 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3419 +msgid "" +"The provider which configures and manages user session related tasks. The " +"only user session task currently provided is the integration with Fleet " +"Commander, which works only with IPA. Supported session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3426 +msgid "<quote>ipa</quote> to allow performing user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3430 +msgid "" +"<quote>none</quote> does not perform any kind of user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3434 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can perform " +"session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3438 +msgid "" +"<emphasis>NOTE:</emphasis> In order to have this feature working as expected " +"SSSD must be running as \"root\" and not as the unprivileged user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3446 +msgid "autofs_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3449 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3453 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3460 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3468 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3477 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3487 +msgid "hostid_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3490 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3494 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3502 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3512 +msgid "resolver_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3515 +msgid "" +"The provider which should handle hosts and networks lookups. Supported " +"resolver providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3519 +msgid "" +"<quote>proxy</quote> to forward lookups to another NSS library. See " +"<quote>proxy_resolver_lib_name</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3523 +msgid "" +"<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3530 +msgid "" +"<quote>ad</quote> to fetch hosts and networks stored in AD. See " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring the AD " +"provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3538 +msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3551 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3560 +msgid "" +"Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" +"[^@]+))$</quote> which allows two different styles for user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 +msgid "username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 +msgid "username@domain.name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3573 +msgid "" +"Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" +"name>[^@\\\\]+)))$</quote> which allows three different styles for user " +"names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3585 +msgid "domain\\username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3588 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3593 +msgid "" +"The default re_expression uses the <quote>@</quote> character as a separator " +"between the name and the domain. As a result of this setting the default " +"does not accept the <quote>@</quote> character in short names (as it is " +"allowed in Windows group names). If a user wishes to use short names with " +"<quote>@</quote> they must create their own re_expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3645 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3651 +msgid "lookup_family_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3654 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3658 +msgid "Supported values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3661 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3664 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3667 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3670 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3673 +msgid "Default: ipv4_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3679 +msgid "dns_resolver_server_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3682 +msgid "" +"Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " +"server before trying next DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3687 +msgid "" +"The AD provider will use this option for the CLDAP ping timeouts as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 +msgid "" +"Please see the section <quote>FAILOVER</quote> for more information about " +"the service resolution." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 +msgid "Default: 1000" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3702 +msgid "dns_resolver_op_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3705 +msgid "" +"Defines the amount of time (in seconds) to wait to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or DNS discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3722 +msgid "dns_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3725 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the " +"internal fail over service before assuming that the service is unreachable. " +"If this timeout is reached, the domain will continue to operate in offline " +"mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3743 +msgid "dns_resolver_use_search_list (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3746 +msgid "" +"Normally, the DNS resolver searches the domain list defined in the " +"\"search\" directive from the resolv.conf file. This can lead to delays in " +"environments with improperly configured DNS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3752 +msgid "" +"If fully qualified domain names (or _srv_) are used in the SSSD " +"configuration, setting this option to FALSE can prevent unnecessary DNS " +"lookups in such environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3758 +msgid "Default: TRUE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3764 +msgid "dns_discovery_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3767 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3771 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3777 +msgid "override_gid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3780 +msgid "Override the primary GID value with the one specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3786 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3793 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3796 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3802 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3804 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3808 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3811 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3819 +msgid "" +"If you want to set this value for trusted domain with IPA provider, you need " +"to set it on both the client and SSSD on the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3789 +msgid "" +"Treat user and group names as case sensitive. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3834 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3840 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3843 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3849 +msgid "ldap_search_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3852 +msgid "ldap_network_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3855 +msgid "ldap_opt_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3858 +msgid "ldap_offline_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3861 +msgid "ldap_enumeration_refresh_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3864 +msgid "ldap_enumeration_refresh_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3867 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3870 +msgid "ldap_purge_cache_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3873 +msgid "" +"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " +"is not set explicitly)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3877 +msgid "ldap_krb5_ticket_lifetime" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3880 +msgid "ldap_enumeration_search_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3883 +msgid "ldap_connection_expire_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3886 +msgid "ldap_connection_expire_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3889 +msgid "ldap_connection_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 +msgid "ldap_use_tokengroups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3895 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3898 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3901 +msgid "auto_private_groups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3904 +msgid "case_sensitive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:3909 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3916 +msgid "Note: This option only works with the IPA and AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3923 +msgid "subdomain_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3934 +msgid "%F" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3935 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3926 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3940 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3944 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3949 +msgid "realmd_tags (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3952 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3958 +msgid "cached_auth_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3961 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode. If the credentials are incorrect, SSSD falls back to online " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3969 +msgid "" +"This option's value is inherited by all trusted domains. At the moment it is " +"not possible to set a different value per trusted domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3974 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3978 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3989 +msgid "local_auth_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +msgid "Default: match" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 +msgid "auto_private_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4050 +msgid "true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4053 +msgid "" +"Create user's private group unconditionally from user's UID number. The GID " +"number is ignored in this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4057 +msgid "" +"NOTE: Because the GID number and the user private group are inferred from " +"the UID number, it is not supported to have multiple entries with the same " +"UID or GID number with this option. In other words, enabling this option " +"enforces uniqueness across the ID space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4066 +msgid "false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4069 +msgid "" +"Always use the user's primary GID number. The GID number must refer to a " +"group object in the LDAP database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4075 +msgid "hybrid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4078 +msgid "" +"A primary group is autogenerated for user entries whose UID and GID numbers " +"have the same value and at the same time the GID number does not correspond " +"to a real group object in LDAP. If the values are the same, but the primary " +"GID in the user entry is also used by a group object, the primary GID of the " +"user resolves to that group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4091 +msgid "" +"If the UID and GID of a user are different, then the GID must correspond to " +"a group entry, otherwise the GID is simply not resolvable." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4098 +msgid "" +"This feature is useful for environments that wish to stop maintaining a " +"separate group objects for the user private groups, but also wish to retain " +"the existing user private groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4047 +msgid "" +"This option takes any of three available values: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4110 +msgid "" +"For subdomains, the default value is False for subdomains that use assigned " +"POSIX IDs and True for subdomains that use automatic ID-mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4118 +#, no-wrap +msgid "" +"[domain/forest.domain/sub.domain]\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4124 +#, no-wrap +msgid "" +"[domain/forest.domain]\n" +"subdomain_inherit = auto_private_groups\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4115 +msgid "" +"The value of auto_private_groups can either be set per subdomains in a " +"subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " +"globally for all subdomains in the main domain section using the " +"subdomain_inherit option: <placeholder type=\"programlisting\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2570 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4139 +msgid "proxy_pam_target (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4142 +msgid "The proxy target PAM proxies to." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4145 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4155 +msgid "proxy_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4158 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4168 +msgid "proxy_resolver_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4171 +msgid "" +"The name of the NSS library to use for hosts and networks lookups in proxy " +"domains. The NSS functions searched for in the library are in the form of " +"_nss_$(libName)_$(function), for example _nss_dns_gethostbyname2_r." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4182 +msgid "proxy_fast_alias (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4185 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4199 +msgid "proxy_max_children (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4202 +msgid "" +"This option specifies the number of pre-forked proxy children. It is useful " +"for high-load SSSD environments where sssd may run out of available child " +"slots, which would cause some issues due to the requests being queued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4135 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:4218 +msgid "Application domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4220 +msgid "" +"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " +"applications as a gateway to an LDAP directory where users and groups are " +"stored. However, contrary to the traditional SSSD deployment where all users " +"and groups either have POSIX attributes or those attributes can be inferred " +"from the Windows SIDs, in many cases the users and groups in the application " +"support scenario have no POSIX attributes. Instead of setting a " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the " +"administrator can set up an <quote>[application/<replaceable>NAME</" +"replaceable>]</quote> section that internally represents a domain with type " +"<quote>application</quote> optionally inherits settings from a tradition " +"SSSD domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4240 +msgid "" +"Please note that the application domain must still be explicitly enabled in " +"the <quote>domains</quote> parameter so that the lookup order between the " +"application domain and its POSIX sibling domain is set correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:4246 +msgid "Application domain parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4248 +msgid "inherit_from (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4251 +msgid "" +"The SSSD POSIX-type domain the application domain inherits all settings " +"from. The application domain can moreover add its own settings to the " +"application settings that augment or override the <quote>sibling</quote> " +"domain settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4265 +msgid "" +"The following example illustrates the use of an application domain. In this " +"setup, the POSIX domain is connected to an LDAP server and is used by the OS " +"through the NSS responder. In addition, the application domain also requests " +"the telephoneNumber attribute, stores it as the phone attribute in the cache " +"and makes the phone attribute reachable through the D-Bus interface." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> +#: sssd.conf.5.xml:4273 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = appdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +phone\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/appdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = phone:telephoneNumber\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4293 +msgid "TRUSTED DOMAIN SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4295 +msgid "" +"Some options used in the domain section can also be used in the trusted " +"domain section, that is, in a section called <quote>[domain/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</" +"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base " +"domain. Please refer to examples below for explanation. Currently supported " +"options in the trusted domain section are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4302 +msgid "ldap_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4303 +msgid "ldap_user_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4304 +msgid "ldap_group_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4305 +msgid "ldap_netgroup_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4306 +msgid "ldap_service_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4307 +msgid "ldap_sasl_mech," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4308 +msgid "ad_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4309 +msgid "ad_backup_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4310 +msgid "ad_site," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 +msgid "use_fully_qualified_names" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4315 +msgid "" +"For more details about these options see their individual description in the " +"manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4321 +msgid "CERTIFICATE MAPPING SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4323 +msgid "" +"To allow authentication with Smartcards and certificates SSSD must be able " +"to map certificates to users. This can be done by adding the full " +"certificate to the LDAP object of the user or to a local override. While " +"using the full certificate is required to use the Smartcard authentication " +"feature of SSH (see <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> for details) it " +"might be cumbersome or not even possible to do this for the general case " +"where local services use PAM for authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4337 +msgid "" +"To make the mapping more flexible mapping and matching rules were added to " +"SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4346 +msgid "" +"A mapping and matching rule can be added to the SSSD configuration in a " +"section on its own with a name like <quote>[certmap/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</" +"replaceable>]</quote>. In this section the following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4353 +msgid "matchrule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4356 +msgid "" +"Only certificates from the Smartcard which matches this rule will be " +"processed, all others are ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4360 +msgid "" +"Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " +"Extended Key Usage <quote>clientAuth</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4367 +msgid "maprule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4370 +msgid "Defines how the user is found for a given certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4376 +msgid "" +"LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " +"<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4382 +msgid "" +"The RULE_NAME for the <quote>files</quote> provider which tries to find a " +"user with the same name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4391 +msgid "domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4394 +msgid "" +"Comma separated list of domain names the rule should be applied. By default " +"a rule is only valid in the domain configured in sssd.conf. If the provider " +"supports subdomains this option can be used to add the rule to subdomains as " +"well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4401 +msgid "Default: the configured domain in sssd.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4406 +msgid "priority (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4409 +msgid "" +"Unsigned integer value defining the priority of the rule. The higher the " +"number the lower the priority. <quote>0</quote> stands for the highest " +"priority while <quote>4294967295</quote> is the lowest." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4415 +msgid "Default: the lowest priority" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4421 +msgid "" +"To make the configuration simple and reduce the amount of configuration " +"options the <quote>files</quote> provider has some special properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4427 +msgid "" +"if maprule is not set the RULE_NAME name is assumed to be the name of the " +"matching user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4433 +msgid "" +"if a maprule is used both a single user name or a template like " +"<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " +"<quote>(username)</quote> or <quote>({subject_rfc822_name.short_name})</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4442 +msgid "the <quote>domains</quote> option is ignored" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4450 +msgid "PROMPTING CONFIGURATION SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4452 +msgid "" +"If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" +"filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " +"which authentication methods are available for the user trying to log in. " +"Based on the results pam_sss will prompt the user for appropriate " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4460 +msgid "" +"With the growing number of authentication methods and the possibility that " +"there are multiple ones for a single user the heuristic used by pam_sss to " +"select the prompting might not be suitable for all use cases. The following " +"options should provide a better flexibility here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4472 +msgid "[prompting/password]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4475 +msgid "password_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4476 +msgid "to change the string of the password prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4474 +msgid "" +"to configure password prompting, allowed options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4484 +msgid "[prompting/2fa]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4488 +msgid "first_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4489 +msgid "to change the string of the prompt for the first factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4492 +msgid "second_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4493 +msgid "to change the string of the prompt for the second factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4496 +msgid "single_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4497 +msgid "" +"boolean value, if True there will be only a single prompt using the value of " +"first_prompt where it is expected that both factors are entered as a single " +"string. Please note that both factors have to be entered here, even if the " +"second factor is optional." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4486 +msgid "" +"to configure two-factor authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " +"optional and it should be possible to log in either only with the password " +"or with both factors two-step prompting has to be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4514 +msgid "[prompting/passkey]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4522 +msgid "" +"boolean value, if True prompt a message and wait before testing the presence " +"of a passkey device. Recommended if your device doesn’t have a tactile " +"trigger." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4530 +msgid "interactive_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4532 +msgid "to change the message of the interactive prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4537 +msgid "touch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4539 +msgid "" +"boolean value, if True prompt a message to remind the user to touch the " +"device." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4545 +msgid "touch_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4547 +msgid "to change the message of the touch prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4516 +msgid "" +"to configure passkey authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4467 +msgid "" +"Each supported authentication method has its own configuration subsection " +"under <quote>[prompting/...]</quote>. Currently there are: <placeholder " +"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/" +"> <placeholder type=\"variablelist\" id=\"2\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4558 +msgid "" +"It is possible to add a subsection for specific PAM services, e.g. " +"<quote>[prompting/password/sshd]</quote> to individual change the prompting " +"for this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +msgid "EXAMPLES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4571 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4567 +msgid "" +"1. The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4604 +#, no-wrap +msgid "" +"[domain/ipa.com/child.ad.com]\n" +"use_fully_qualified_names = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4598 +msgid "" +"2. The following example shows configuration of IPA AD trust where the AD " +"forest consists of two domains in a parent-child structure. Suppose IPA " +"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain " +"(child.ad.com). To enable shortnames in the child domain the following " +"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/" +">" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4615 +#, no-wrap +msgid "" +"[certmap/my.domain/rule_name]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +"maprule = (userCertificate;binary={cert!bin})\n" +"domains = my.domain, your.domain\n" +"priority = 10\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4609 +msgid "" +"3. The following example shows the configuration of a certificate mapping " +"rule. It is valid for the configured domain <quote>my.domain</quote> and " +"additionally for the subdomains <quote>your.domain</quote> and uses the full " +"certificate in the search filter. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:21 pam_sss.8.xml:63 pam_sss_gss.8.xml:30 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21 +#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 +#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sssd-krb5.5.xml:21 +#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 +#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 +#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30 +#: sssd-files.5.xml:21 sssd-session-recording.5.xml:21 sssd-kcm.8.xml:21 +#: sssd-systemtap.5.xml:21 sssd-ldap-attributes.5.xml:21 +#: sssd_krb5_localauth_plugin.8.xml:20 +msgid "DESCRIPTION" +msgstr "DESCRIÇÃO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 +#: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 +msgid "CONFIGURATION OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:67 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:77 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:80 +msgid "ldap[s]://<host>[:port]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:83 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:86 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:92 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:102 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:106 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:112 +msgid "ldap_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:115 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:123 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 +msgid "Examples:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:136 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:141 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:151 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:165 +msgid "ldap_schema (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:175 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:179 +msgid "rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:184 +msgid "rfc2307bis" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:189 +msgid "IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:194 +msgid "AD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:200 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:210 +msgid "Default: rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:216 +msgid "ldap_pwmodify_mode (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:219 +msgid "Specify the operation that is used to modify user password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:223 +msgid "Two modes are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:227 +msgid "exop - Password Modify Extended Operation (RFC 3062)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:233 +msgid "ldap_modify - Direct modification of userPassword (not recommended)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:240 +msgid "" +"Note: First, a new connection is established to verify current password by " +"binding as the user that requested password change. If successful, this " +"connection is used to change the password therefore the user must have write " +"access to userPassword attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:248 +msgid "Default: exop" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:254 +msgid "ldap_default_bind_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:264 +msgid "ldap_default_authtok_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:267 +msgid "The type of the authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:271 +msgid "The two mechanisms currently supported are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:274 +msgid "password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:277 +msgid "obfuscated_password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:280 +msgid "Default: password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "" +"See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:294 +msgid "ldap_default_authtok (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:297 +msgid "The authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:303 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:306 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:319 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:338 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:341 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:347 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:367 +msgid "ldap_group_nesting_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:370 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:395 +msgid "Default: 2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:404 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:439 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:444 +msgid "ldap_iphost_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:449 +msgid "ldap_ipnetwork_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:454 +msgid "ldap_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:457 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:463 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:480 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:483 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:501 +msgid "ldap_network_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:532 +msgid "ldap_opt_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:535 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:555 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:558 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:566 +msgid "" +"If the connection is idle (not actively running an operation) within " +"<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " +"closed early to ensure that a new query cannot require the connection to " +"remain open past its expiration. This implies that connections will always " +"be closed immediately and will never be reused if " +"<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:578 +msgid "" +"This timeout can be extended of a random value specified by " +"<emphasis>ldap_connection_expire_offset</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_connection_expire_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"Random offset between 0 and configured value is added to " +"<emphasis>ldap_connection_expire_timeout</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:613 +msgid "ldap_connection_idle_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:616 +msgid "" +"Specifies a timeout (in seconds) that an idle connection to an LDAP server " +"will be maintained. If the connection is idle for more than this time then " +"the connection will be closed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:622 +msgid "You can disable this timeout by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:637 +msgid "ldap_page_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:640 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:651 +msgid "ldap_disable_paging (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:654 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:660 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:666 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:678 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:681 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:684 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:699 +msgid "ldap_sasl_minssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:702 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:715 +msgid "ldap_sasl_maxssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:718 +msgid "" +"When communicating with an LDAP server using SASL, specify the maximal " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:731 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:734 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:740 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0. " +"Please note that there are some codepaths in SSSD, like the IPA HBAC " +"provider, that are only implemented using the dereference call, so even with " +"dereference explicitly disabled, those parts will still use dereference if " +"the server supports it and advertises the dereference control in the rootDSE " +"object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:751 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:759 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:772 +msgid "ldap_ignore_unreadable_references (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:775 +msgid "" +"Ignore unreadable LDAP entries referenced in group's member attribute. If " +"this parameter is set to false an error will be returned and the operation " +"will fail instead of just ignoring the unreadable entry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:782 +msgid "" +"This parameter may be useful when using the AD provider and the computer " +"account that sssd uses to connect to AD does not have access to a particular " +"entry or LDAP sub-tree for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:795 +msgid "ldap_tls_reqcert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:798 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:808 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:815 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:821 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:827 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:831 +msgid "Default: hard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:837 +msgid "ldap_tls_cacert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:840 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:852 +msgid "ldap_tls_cacertdir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:855 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:870 +msgid "ldap_tls_cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:873 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:883 +msgid "ldap_tls_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:886 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:895 +msgid "ldap_tls_cipher_suite (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:898 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:914 +msgid "" +"Specifies that the id_provider connection must also use <systemitem " +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_id_mapping (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:934 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:944 +msgid "ldap_min_id, ldap_max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:947 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:959 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:965 +msgid "ldap_sasl_mech (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:968 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " +"tested and supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:972 +msgid "" +"If the backend supports sub-domains the value of ldap_sasl_mech is " +"automatically inherited to the sub-domains. If a different value is needed " +"for a sub-domain it can be overwritten by setting ldap_sasl_mech for this " +"sub-domain explicitly. Please see TRUSTED DOMAIN SECTION in " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:988 +msgid "ldap_sasl_authid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ldap.5.xml:1000 +#, no-wrap +msgid "" +"hostname@REALM\n" +"netbiosname$@REALM\n" +"host/hostname@REALM\n" +"*$@REALM\n" +"host/*@REALM\n" +"host/*\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:991 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " +"this represents the Kerberos principal used for authentication to the " +"directory. This option can either contain the full principal (for example " +"host/myhost@EXAMPLE.COM) or just the principal name (for example host/" +"myhost). By default, the value is not set and the following principals are " +"used: <placeholder type=\"programlisting\" id=\"0\"/> If none of them are " +"found, the first principal in keytab is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1011 +msgid "Default: host/hostname@REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1017 +msgid "ldap_sasl_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1026 +msgid "Default: the value of krb5_realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1032 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1035 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1040 +msgid "Default: false;" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1046 +msgid "ldap_krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1049 +msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1064 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1067 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI or GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1079 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 +msgid "Default: 86400 (24 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1100 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1129 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1133 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 +msgid "krb5_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1142 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1182 +msgid "ldap_pwd_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1185 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1190 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired. Please see option " +"\"ldap_chpass_update_last_change\" as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1203 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1212 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1220 +msgid "ldap_referrals (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1223 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1227 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1232 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement. Setting this option to " +"false is therefore recommended in case the SSSD LDAP provider is used " +"together with Microsoft Active Directory as a backend. Even if SSSD would be " +"able to follow the referral to a different AD DC no additional data would be " +"available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1251 +msgid "ldap_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1254 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1258 +msgid "Default: ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1264 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1267 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1278 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1281 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1287 +msgid "" +"It is recommend to set this option explicitly if \"ldap_pwd_policy = " +"shadow\" is used to let SSSD know if the LDAP server will update " +"shadowLastChange LDAP attribute automatically after a password change or if " +"SSSD has to update it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1301 +msgid "ldap_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1304 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1324 +msgid "Example:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1327 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1331 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1336 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 +msgid "Default: Empty" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1350 +msgid "ldap_account_expire_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1353 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1357 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1364 +msgid "The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1367 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1372 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1379 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1393 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1406 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1413 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1416 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1426 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1433 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1450 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 +msgid "" +"The difference between these options is the action taken if user password is " +"expired:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 +msgid "pwd_expire_policy_reject - user is denied to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 +msgid "pwd_expire_policy_warn - user is still able to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 +msgid "" +"pwd_expire_policy_renew - user is prompted to change their password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1489 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1499 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1503 +msgid "" +"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " +"remote host can access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "" +"Please note, rhost field in pam is set by application, it is better to check " +"what the application sends to pam, before enabling this access control option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1512 +msgid "Default: filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1515 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1522 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1525 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1533 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1536 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1542 +msgid "ldap_deref (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1545 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1550 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1559 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1564 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1569 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1577 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1580 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1584 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1595 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 +msgid "wildcard_limit (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1610 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1614 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1624 +msgid "ldap_library_debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1627 +msgid "" +"Switches on libldap debugging with the given level. The libldap debug " +"messages will be written independent of the general debug_level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1632 +msgid "" +"OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " +"enable full debug output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1637 +msgid "Default: 0 (libldap debugging disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:52 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. Note that SSSD " +"LDAP mapping attributes are described in the <citerefentry> " +"<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1647 +msgid "SUDO OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1649 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1660 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1663 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1668 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1673 +msgid "" +"You can disable full refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 +msgid "Default: 21600 (6 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest " +"server USN value that is currently known by SSSD)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1693 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1697 +msgid "" +"<emphasis>Note:</emphasis> the highest USN value can be updated by three " +"tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +"enumeration of users and groups (if enabled and updated users or groups are " +"found) and 3) by reconnecting to the server (by default every 15 minutes, " +"see <emphasis>ldap_connection_expire_timeout</emphasis>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1708 +msgid "" +"You can disable smart refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1719 +msgid "ldap_sudo_random_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1722 +msgid "" +"Random offset between 0 and configured value is added to smart and full " +"refresh periods each time the periodic task is scheduled. The value is in " +"seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Note that this random offset is also applied on the first SSSD start which " +"delays the first sudo rules refresh. This prolongs the time when the sudo " +"rules are not available for use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1734 +msgid "You can disable this offset by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1744 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1747 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1758 +msgid "ldap_sudo_hostnames (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1761 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1766 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 +msgid "Default: not specified" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1782 +msgid "ldap_sudo_ip (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1785 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1790 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1805 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1808 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1823 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1826 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +#: sssd-ldap.5.xml:1836 +msgid "" +"Using wildcard is an operation that is very costly to evaluate on the LDAP " +"server side!" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1848 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1858 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1866 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1869 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1872 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1883 +msgid "ADVANCED OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1890 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1895 +msgid "ldap_user_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1900 +msgid "ldap_group_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:1905 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no GID mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:1914 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1916 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1885 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder " +"type=\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 +msgid "EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1944 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 +#: include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1955 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1957 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1962 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1979 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:11 pam_sss.8.xml:16 +msgid "pam_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: pam_sss.8.xml:12 pam_sss_gss.8.xml:12 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11 +#: sssd_krb5_localauth_plugin.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:17 +msgid "PAM module for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:22 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg " +"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg " +"choice='opt'> <replaceable>prompt_always</replaceable> </arg> <arg " +"choice='opt'> <replaceable>try_cert_auth</replaceable> </arg> <arg " +"choice='opt'> <replaceable>require_cert_auth</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:64 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123 +#: sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "OPÇÕES" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:74 +msgid "<option>quiet</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:77 +msgid "Suppress log messages for unknown users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>forward_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:92 +msgid "<option>use_first_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:95 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>use_authtok</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:113 +msgid "<option>retry=N</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:116 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:118 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:130 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:137 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:141 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:148 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:152 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:158 +msgid "" +"NOTE: If this is used for a service not running as root user, e.g. a web-" +"server, it must be used in conjunction with the <quote>pam_trusted_users</" +"quote> and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:173 +msgid "<option>allow_missing_name</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:177 +msgid "" +"The main purpose of this option is to let SSSD determine the user name based " +"on additional information, e.g. the certificate from a Smartcard." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: pam_sss.8.xml:187 +#, no-wrap +msgid "" +"auth sufficient pam_sss.so allow_missing_name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:182 +msgid "" +"The current use case are login managers which can monitor a Smartcard reader " +"for card events. In case a Smartcard is inserted the login manager will call " +"a PAM stack which includes a line like <placeholder type=\"programlisting\" " +"id=\"0\"/> In this case SSSD will try to determine the user name based on " +"the content of the Smartcard, returns it to pam_sss which will finally put " +"it on the PAM stack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:197 +msgid "<option>prompt_always</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:201 +msgid "" +"Always prompt the user for credentials. With this option credentials " +"requested by other PAM modules, typically a password, will be ignored and " +"pam_sss will prompt for credentials again. Based on the pre-auth reply by " +"SSSD pam_sss might prompt for a password, a Smartcard PIN or other " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:212 +msgid "<option>try_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:216 +msgid "" +"Try to use certificate based authentication, i.e. authentication with a " +"Smartcard or similar devices. If a Smartcard is available and the service is " +"allowed for Smartcard authentication the user will be prompted for a PIN and " +"the certificate based authentication will continue" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:224 +msgid "" +"If no Smartcard is available or certificate based authentication is not " +"allowed for the current service PAM_AUTHINFO_UNAVAIL is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:232 +msgid "<option>require_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:236 +msgid "" +"Do certificate based authentication, i.e. authentication with a Smartcard " +"or similar devices. If a Smartcard is not available the user will be " +"prompted to insert one. SSSD will wait for a Smartcard until the timeout " +"defined by p11_wait_for_card_timeout passed, please see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:246 +msgid "" +"If no Smartcard is available after the timeout or certificate based " +"authentication is not allowed for the current service PAM_AUTHINFO_UNAVAIL " +"is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:256 pam_sss_gss.8.xml:103 +msgid "MODULE TYPES PROVIDED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:257 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:260 +msgid "" +"If SSSD's PAM responder is not running, e.g. if the PAM responder socket is " +"not available, pam_sss will return PAM_USER_UNKNOWN when called as " +"<option>account</option> module to avoid issues with users from other " +"sources during access control." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:267 pam_sss_gss.8.xml:108 +msgid "RETURN VALUES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:270 pam_sss_gss.8.xml:111 +msgid "PAM_SUCCESS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:273 pam_sss_gss.8.xml:114 +msgid "The PAM operation finished successfully." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:278 pam_sss_gss.8.xml:119 +msgid "PAM_USER_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:281 +msgid "" +"The user is not known to the authentication service or the SSSD's PAM " +"responder is not running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:287 pam_sss_gss.8.xml:128 +msgid "PAM_AUTH_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:290 +msgid "" +"Authentication failure. Also, could be returned when there is a problem with " +"getting the certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:296 +msgid "PAM_PERM_DENIED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:299 +msgid "" +"Permission denied. The SSSD log files may contain additional information " +"about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:305 +msgid "PAM_IGNORE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:308 +msgid "" +"See options <option>ignore_unknown_user</option> and " +"<option>ignore_authinfo_unavail</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:314 +msgid "PAM_AUTHTOK_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:317 +msgid "" +"Unable to obtain the new authentication token. Also, could be returned when " +"the user authenticates with certificates and multiple certificates are " +"available, but the installed version of GDM does not support selection from " +"multiple certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:325 pam_sss_gss.8.xml:136 +msgid "PAM_AUTHINFO_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:328 pam_sss_gss.8.xml:139 +msgid "" +"Unable to access the authentication information. This might be due to a " +"network or hardware failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:334 +msgid "PAM_BUF_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:337 +msgid "" +"A memory error occurred. Also, could be returned when options use_first_pass " +"or use_authtok were set, but no password was found from the previously " +"stacked PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:344 pam_sss_gss.8.xml:145 +msgid "PAM_SYSTEM_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:347 pam_sss_gss.8.xml:148 +msgid "" +"A system error occurred. The SSSD log files may contain additional " +"information about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:353 +msgid "PAM_CRED_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:356 +msgid "Unable to set the credentials of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:361 +msgid "PAM_CRED_INSUFFICIENT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:364 +msgid "" +"The application does not have sufficient credentials to authenticate the " +"user. For example, missing PIN during smartcard authentication or missing " +"factor during two-factor authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:372 +msgid "PAM_SERVICE_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:375 +msgid "Error in service module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:380 +msgid "PAM_NEW_AUTHTOK_REQD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:383 +msgid "The user's authentication token has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:388 +msgid "PAM_ACCT_EXPIRED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:391 +msgid "The user account has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:396 +msgid "PAM_SESSION_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:399 +msgid "Unable to fetch IPA Desktop Profile rules or user info." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:404 +msgid "PAM_CRED_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:407 +msgid "Unable to retrieve Kerberos user credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:412 +msgid "PAM_NO_MODULE_DATA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:415 +msgid "" +"No authentication method was found by Kerberos. This might happen if the " +"user has a Smartcard assigned but the pkint plugin is not available on the " +"client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:422 +msgid "PAM_CONV_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:425 +msgid "Conversation failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:430 +msgid "PAM_AUTHTOK_LOCK_BUSY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:433 +msgid "No KDC suitable for password change is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:438 +msgid "PAM_ABORT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:441 +msgid "Unknown PAM call." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:446 +msgid "PAM_MODULE_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:449 +msgid "Unsupported PAM task or command." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:454 +msgid "PAM_BAD_ITEM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:457 +msgid "The authentication module cannot handle Smartcard credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:465 +msgid "FILES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:466 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:471 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:481 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss_gss.8.xml:11 pam_sss_gss.8.xml:16 +msgid "pam_sss_gss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss_gss.8.xml:17 +msgid "PAM module for SSSD GSSAPI authentication" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss_gss.8.xml:22 +msgid "" +"<command>pam_sss_gss.so</command> <arg choice='opt'> <replaceable>debug</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:32 +msgid "" +"<command>pam_sss_gss.so</command> authenticates user over GSSAPI in " +"cooperation with SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:36 +msgid "" +"This module will try to authenticate the user using the GSSAPI hostbased " +"service name host@hostname which translates to host/hostname@REALM Kerberos " +"principal. The <emphasis>REALM</emphasis> part of the Kerberos principal " +"name is derived by Kerberos internal mechanisms and it can be set explicitly " +"in configuration of [domain_realm] section in /etc/krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:44 +msgid "" +"SSSD is used to provide desired service name and to validate the user's " +"credentials using GSSAPI calls. If the service ticket is already present in " +"the Kerberos credentials cache or if user's ticket granting ticket can be " +"used to get the correct service ticket then the user will be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:51 +msgid "" +"If <option>pam_gssapi_check_upn</option> is True (default) then SSSD " +"requires that the credentials used to obtain the service tickets can be " +"associated with the user. This means that the principal that owns the " +"Kerberos credentials must match with the user principal name as defined in " +"LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:58 +msgid "" +"To enable GSSAPI authentication in SSSD, set <option>pam_gssapi_services</" +"option> option in [pam] or domain section of sssd.conf. The service " +"credentials need to be stored in SSSD's keytab (it is already present if you " +"use ipa or ad provider). The keytab location can be set with " +"<option>krb5_keytab</option> option. See <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> and " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more details on these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:74 +msgid "" +"Some Kerberos deployments allow to associate authentication indicators with " +"a particular pre-authentication method used to obtain the ticket granting " +"ticket by the user. <command>pam_sss_gss.so</command> allows to enforce " +"presence of authentication indicators in the service tickets before a " +"particular PAM service can be accessed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:82 +msgid "" +"If <option>pam_gssapi_indicators_map</option> is set in the [pam] or domain " +"section of sssd.conf, then SSSD will perform a check of the presence of any " +"configured indicators in the service ticket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss_gss.8.xml:93 +msgid "<option>debug</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:96 +msgid "Print debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:104 +msgid "Only the <option>auth</option> module type is provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:122 +msgid "" +"The user is not known to the authentication service or the GSSAPI " +"authentication is not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:131 +msgid "Authentication failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:159 +msgid "" +"The main use case is to provide password-less authentication in sudo but " +"without the need to disable authentication completely. To achieve this, " +"first enable GSSAPI authentication for sudo in sssd.conf:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:165 +#, no-wrap +msgid "" +"[domain/MYDOMAIN]\n" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:169 +msgid "" +"And then enable the module in desired PAM stack (e.g. /etc/pam.d/sudo and /" +"etc/pam.d/sudo-i)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:173 +#, no-wrap +msgid "" +"...\n" +"auth sufficient pam_sss_gss.so\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss_gss.8.xml:180 +msgid "TROUBLESHOOTING" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:182 +msgid "" +"SSSD logs, pam_sss_gss debug output and syslog may contain helpful " +"information about the error. Here are some common issues:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:186 +msgid "" +"1. I have KRB5CCNAME environment variable set and the authentication does " +"not work: Depending on your sudo version, it is possible that sudo does not " +"pass this variable to the PAM environment. Try adding KRB5CCNAME to " +"<option>env_keep</option> in /etc/sudoers or in your LDAP sudo rules default " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:193 +msgid "" +"2. Authentication does not work and syslog contains \"Server not found in " +"Kerberos database\": Kerberos is probably not able to resolve correct realm " +"for the service ticket based on the hostname. Try adding the hostname " +"directly to <option>[domain_realm]</option> in /etc/krb5.conf like so:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:200 +msgid "" +"3. Authentication does not work and syslog contains \"No Kerberos " +"credentials available\": You don't have any credentials that can be used to " +"obtain the required service ticket. Use kinit or authenticate over SSSD to " +"acquire those credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:206 +msgid "" +"4. Authentication does not work and SSSD sssd-pam log contains \"User with " +"UPN [$UPN] was not found.\" or \"UPN [$UPN] does not match target user " +"[$username].\": You are using credentials that can not be mapped to the user " +"that is being authenticated. Try to use kswitch to select different " +"principal, make sure you authenticated with SSSD or consider disabling " +"<option>pam_gssapi_check_upn</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:214 +#, no-wrap +msgid "" +"[domain_realm]\n" +".myhostname = MYREALM\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by libkrb5 to find KDCs for a given Kerberos realm. SSSD provides such " +"a plugin to guide all Kerberos clients on a system to a single KDC. In " +"general it should not matter to which KDC a client process is talking to. " +"But there are cases, e.g. after a password change, where not all KDCs are in " +"the same state because the new data has to be replicated first. To avoid " +"unexpected authentication failures and maybe even account lockings it would " +"be good to talk to a single KDC as long as possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:34 +msgid "" +"libkrb5 will search the locator plugin in the libkrb5 sub-directory of the " +"Kerberos plugin directory, see plugin_base_dir in <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for details. The plugin can only be disabled by removing the " +"plugin file. There is no option in the Kerberos configuration to disable it. " +"But the SSSD_KRB5_LOCATOR_DISABLE environment variable can be used to " +"disable the plugin for individual commands. Alternatively the SSSD option " +"krb5_use_kdcinfo=False can be used to not generate the data needed by the " +"plugin. With this the plugin is still called but will provide no data to the " +"caller so that libkrb5 can fall back to other methods defined in krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:50 +msgid "" +"The plugin reads the information about the KDCs of a given realm from a file " +"called <filename>kdcinfo.REALM</filename>. The file should contain one or " +"more DNS names or IP addresses either in dotted-decimal IPv4 notation or the " +"hexadecimal IPv6 notation. An optional port number can be added to the end " +"separated with a colon, the IPv6 address has to be enclosed in squared " +"brackets in this case as usual. Valid entries are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:58 +msgid "kdc.example.com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:59 +msgid "kdc.example.com:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:60 +msgid "1.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:61 +msgid "5.6.7.8:99" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:62 +msgid "2001:db8:85a3::8a2e:370:7334" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "[2001:db8:85a3::8a2e:370:7334]:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:65 +msgid "" +"SSSD's krb5 auth-provider which is used by the IPA and AD providers as well " +"adds the address of the current KDC or domain controller SSSD is using to " +"this file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:70 +msgid "" +"In environments with read-only and read-write KDCs where clients are " +"expected to use the read-only instances for the general operations and only " +"the read-write KDC for config changes like password changes a " +"<filename>kpasswdinfo.REALM</filename> is used as well to identify read-" +"write KDCs. If this file exists for the given realm the content will be used " +"by the plugin to reply to requests for a kpasswd or kadmin server or for the " +"MIT Kerberos specific master KDC. If the address contains a port number the " +"default KDC port 88 will be used for the latter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:85 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:91 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:95 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value " +"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the " +"caller." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:100 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES is set to " +"any value plugin will try to resolve all DNS names in kdcinfo file. By " +"default plugin returns KRB5_PLUGIN_NO_HANDLE to the caller immediately on " +"first DNS resolving failure." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:83 sssd-ad.5.xml:131 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss-certmap.5.xml:10 sss-certmap.5.xml:16 +msgid "sss-certmap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss-certmap.5.xml:17 +msgid "SSSD Certificate Matching and Mapping Rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:23 +msgid "" +"The manual page describes the rules which can be used by SSSD and other " +"components to match X.509 certificates and map them to accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:28 +msgid "" +"Each rule has four components, a <quote>priority</quote>, a <quote>matching " +"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</" +"quote>. All components are optional. A missing <quote>priority</quote> will " +"add the rule with the lowest priority. The default <quote>matching rule</" +"quote> will match certificates with the digitalSignature key usage and " +"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty " +"the certificates will be searched in the userCertificate attribute as DER " +"encoded binary. If no domains are given only the local domain will be " +"searched." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:39 +msgid "" +"To allow extensions or completely different style of rule the " +"<quote>mapping</quote> and <quote>matching rules</quote> can contain a " +"prefix separated with a ':' from the main part of the rule. The prefix may " +"only contain upper-case ASCII letters and numbers. If the prefix is omitted " +"the default type will be used which is 'KRB5' for the matching rules and " +"'LDAP' for the mapping rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:48 +msgid "" +"The 'sssctl' utility provides the 'cert-eval-rule' command to check if a " +"given certificate matches a matching rules and how the output of a mapping " +"rule would look like." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss-certmap.5.xml:55 +msgid "RULE COMPONENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:57 +msgid "PRIORITY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:59 +msgid "" +"The rules are processed by priority while the number '0' (zero) indicates " +"the highest priority. The higher the number the lower is the priority. A " +"missing value indicates the lowest priority. The rules processing is stopped " +"when a matched rule is found and no further rules are checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:66 +msgid "" +"Internally the priority is treated as unsigned 32bit integer, using a " +"priority value larger than 4294967295 will cause an error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:70 +msgid "" +"If multiple rules have the same priority and only one of the related " +"matching rules applies, this rule will be chosen. If there are multiple " +"rules with the same priority which matches, one is chosen but which one is " +"undefined. To avoid this undefined behavior either use different priorities " +"or make the matching rules more specific e.g. by using distinct <" +"ISSUER> patterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:79 +msgid "MATCHING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:81 +msgid "" +"The matching rule is used to select a certificate to which the mapping rule " +"should be applied. It uses a system similar to the one used by " +"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a " +"keyword enclosed by '<' and '>' which identified a certain part of the " +"certificate and a pattern which should be found for the rule to match. " +"Multiple keyword pattern pairs can be either joined with '&&' (and) " +"or '||' (or)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:90 +msgid "" +"Given the similarity to MIT Kerberos the type prefix for this rule is " +"'KRB5'. But 'KRB5' will also be the default for <quote>matching rules</" +"quote> so that \"<SUBJECT>.*,DC=MY,DC=DOMAIN\" and \"KRB5:<" +"SUBJECT>.*,DC=MY,DC=DOMAIN\" are equivalent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:99 +msgid "<SUBJECT>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:102 +msgid "" +"With this a part or the whole subject name of the certificate can be " +"matched. For the matching POSIX Extended Regular Expression syntax is used, " +"see regex(7) for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:108 +msgid "" +"For the matching the subject name stored in the certificate in DER encoded " +"ASN.1 is converted into a string according to RFC 4514. This means the most " +"specific name component comes first. Please note that not all possible " +"attribute names are covered by RFC 4514. The names included are 'CN', 'L', " +"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might " +"be shown differently on different platform and by different tools. To avoid " +"confusion those attribute names are best not used or covered by a suitable " +"regular-expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:121 +msgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:124 +msgid "" +"Please note that the characters \"^.[$()|*+?{\\\" have a special meaning in " +"regular expressions and must be escaped with the help of the '\\' character " +"so that they are matched as ordinary characters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:130 +msgid "Example: <SUBJECT>^CN=.* \\(Admin\\),DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:135 +msgid "<ISSUER>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:138 +msgid "" +"With this a part or the whole issuer name of the certificate can be matched. " +"All comments for <SUBJECT> apply her as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:143 +msgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:148 +msgid "<KU>key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:151 +msgid "" +"This option can be used to specify which key usage values the certificate " +"should have. The following values can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:155 +msgid "digitalSignature" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:156 +msgid "nonRepudiation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:157 +msgid "keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:158 +msgid "dataEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:159 +msgid "keyAgreement" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:160 +msgid "keyCertSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:161 +msgid "cRLSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:162 +msgid "encipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:163 +msgid "decipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:167 +msgid "" +"A numerical value in the range of a 32bit unsigned integer can be used as " +"well to cover special use cases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:171 +msgid "Example: <KU>digitalSignature,keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:176 +msgid "<EKU>extended-key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:179 +msgid "" +"This option can be used to specify which extended key usage the certificate " +"should have. The following value can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:183 +msgid "serverAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:184 +msgid "clientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:185 +msgid "codeSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:186 +msgid "emailProtection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:187 +msgid "timeStamping" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:188 +msgid "OCSPSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:189 +msgid "KPClientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:190 +msgid "pkinit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:191 +msgid "msScLogin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:195 +msgid "" +"Extended key usages which are not listed above can be specified with their " +"OID in dotted-decimal notation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:199 +msgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:204 +msgid "<SAN>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:207 +msgid "" +"To be compatible with the usage of MIT Kerberos this option will match the " +"Kerberos principals in the PKINIT or AD NT Principal SAN as <SAN:" +"Principal> does." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:212 +msgid "Example: <SAN>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:217 +msgid "<SAN:Principal>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:220 +msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:224 +msgid "Example: <SAN:Principal>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:229 +msgid "<SAN:ntPrincipalName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:232 +msgid "Match the Kerberos principals from the AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:236 +msgid "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:241 +msgid "<SAN:pkinit>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:244 +msgid "Match the Kerberos principals from the PKINIT SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:247 +msgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:252 +msgid "<SAN:dotted-decimal-oid>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:255 +msgid "" +"Take the value of the otherName SAN component given by the OID in dotted-" +"decimal notation, interpret it as string and try to match it against the " +"regular expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:261 +msgid "Example: <SAN:1.2.3.4>test" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:266 +msgid "<SAN:otherName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:269 +msgid "" +"Do a binary match with the base64 encoded blob against all otherName SAN " +"components. With this option it is possible to match against custom " +"otherName components with special encodings which could not be treated as " +"strings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:276 +msgid "Example: <SAN:otherName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:281 +msgid "<SAN:rfc822Name>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:284 +msgid "Match the value of the rfc822Name SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:287 +msgid "Example: <SAN:rfc822Name>.*@email\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:292 +msgid "<SAN:dNSName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:295 +msgid "Match the value of the dNSName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:298 +msgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:303 +msgid "<SAN:x400Address>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:306 +msgid "Binary match the value of the x400Address SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:309 +msgid "Example: <SAN:x400Address>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:314 +msgid "<SAN:directoryName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:317 +msgid "" +"Match the value of the directoryName SAN. The same comments as given for <" +"ISSUER> and <SUBJECT> apply here as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:322 +msgid "Example: <SAN:directoryName>.*,DC=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:327 +msgid "<SAN:ediPartyName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:330 +msgid "Binary match the value of the ediPartyName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:333 +msgid "Example: <SAN:ediPartyName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:338 +msgid "<SAN:uniformResourceIdentifier>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:341 +msgid "Match the value of the uniformResourceIdentifier SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:344 +msgid "Example: <SAN:uniformResourceIdentifier>URN:.*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:349 +msgid "<SAN:iPAddress>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:352 +msgid "Match the value of the iPAddress SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:355 +msgid "Example: <SAN:iPAddress>192\\.168\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:360 +msgid "<SAN:registeredID>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:363 +msgid "Match the value of the registeredID SAN as dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:367 +msgid "Example: <SAN:registeredID>1\\.2\\.3\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:96 +msgid "" +"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:375 +msgid "MAPPING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:377 +msgid "" +"The mapping rule is used to associate a certificate with one or more " +"accounts. A Smartcard with the certificate and the matching private key can " +"then be used to authenticate as one of those accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:382 +msgid "" +"Currently SSSD basically only supports LDAP to lookup user information (the " +"exception is the proxy provider which is not of relevance here). Because of " +"this the mapping rule is based on LDAP search filter syntax with templates " +"to add certificate content to the filter. It is expected that the filter " +"will only contain the specific data needed for the mapping and that the " +"caller will embed it in another filter to do the actual search. Because of " +"this the filter string should start and stop with '(' and ')' respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:392 +msgid "" +"In general it is recommended to use attributes from the certificate and add " +"them to special attributes to the LDAP user object. E.g. the " +"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute " +"for IPA can be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:398 +msgid "" +"This should be preferred to read user specific data from the certificate " +"like e.g. an email address and search for it in the LDAP server. The reason " +"is that the user specific data in LDAP might change for various reasons " +"would break the mapping. On the other hand it would be hard to break the " +"mapping on purpose for a specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:406 +msgid "" +"The default <quote>mapping rule</quote> type is 'LDAP' which can be added as " +"a prefix to a rule like e.g. 'LDAP:(userCertificate;binary={cert!bin})'. " +"There is an extension called 'LDAPU1' which offer more templates for more " +"flexibility. To allow older versions of this library to ignore the extension " +"the prefix 'LDAPU1' must be used when using the new templates in a " +"<quote>mapping rule</quote> otherwise the old version of this library will " +"fail with a parsing error. The new templates are described in section <xref " +"linkend=\"map_ldapu1\"/>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:424 +msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:427 +msgid "" +"This template will add the full issuer DN converted to a string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:433 sss-certmap.5.xml:459 +msgid "" +"The conversion options starting with 'ad_' will use attribute names as used " +"by AD, e.g. 'S' instead of 'ST'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:437 sss-certmap.5.xml:463 +msgid "" +"The conversion options starting with 'nss_' will use attribute names as used " +"by NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:441 sss-certmap.5.xml:467 +msgid "" +"The default conversion option is 'nss', i.e. attribute names according to " +"NSS and LDAP/RFC 4514 ordering." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:445 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!" +"ad})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:450 +msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:453 +msgid "" +"This template will add the full subject DN converted to string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:471 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>" +"{subject_dn!nss_x500})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:476 +msgid "{cert[!(bin|base64)]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:479 +msgid "" +"This template will add the whole DER encoded certificate as a string to the " +"search filter. Depending on the conversion option the binary certificate is " +"either converted to an escaped hex sequence '\\xx' or base64. The escaped " +"hex sequence is the default and can e.g. be used with the LDAP attribute " +"'userCertificate;binary'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:487 +msgid "Example: (userCertificate;binary={cert!bin})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:492 +msgid "{subject_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:495 +msgid "" +"This template will add the Kerberos principal which is taken either from the " +"SAN used by pkinit or the one used by AD. The 'short_name' component " +"represents the first part of the principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:501 +msgid "" +"Example: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:506 +msgid "{subject_pkinit_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:509 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by pkinit. The 'short_name' component represents the first part of the " +"principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:515 +msgid "" +"Example: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:520 +msgid "{subject_nt_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:523 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by AD. The 'short_name' component represent the first part of the principal " +"before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:529 +msgid "" +"Example: (|(userPrincipalName={subject_nt_principal})" +"(samAccountName={subject_nt_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:534 +msgid "{subject_rfc822_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:537 +msgid "" +"This template will add the string which is stored in the rfc822Name " +"component of the SAN, typically an email address. The 'short_name' component " +"represents the first part of the address before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:543 +msgid "" +"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name." +"short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:548 +msgid "{subject_dns_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:551 +msgid "" +"This template will add the string which is stored in the dNSName component " +"of the SAN, typically a fully-qualified host name. The 'short_name' " +"component represents the first part of the name before the first '.' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:557 +msgid "" +"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:562 +msgid "{subject_uri}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:565 +msgid "" +"This template will add the string which is stored in the " +"uniformResourceIdentifier component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:569 +msgid "Example: (uri={subject_uri})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:574 +msgid "{subject_ip_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:577 +msgid "" +"This template will add the string which is stored in the iPAddress component " +"of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:581 +msgid "Example: (ip={subject_ip_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:586 +msgid "{subject_x400_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:589 +msgid "" +"This template will add the value which is stored in the x400Address " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:594 +msgid "Example: (attr:binary={subject_x400_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:599 +msgid "" +"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:602 +msgid "" +"This template will add the DN string of the value which is stored in the " +"directoryName component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:606 +msgid "Example: (orig_dn={subject_directory_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:611 +msgid "{subject_ediparty_name}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:614 +msgid "" +"This template will add the value which is stored in the ediPartyName " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:619 +msgid "Example: (attr:binary={subject_ediparty_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:624 +msgid "{subject_registered_id}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:627 +msgid "" +"This template will add the OID which is stored in the registeredID component " +"of the SAN as a dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:632 +msgid "Example: (oid={subject_registered_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:417 +msgid "" +"The templates to add certificate data to the search filter are based on " +"Python-style formatting strings. They consist of a keyword in curly braces " +"with an optional sub-component specifier separated by a '.' or an optional " +"conversion/formatting option separated by a '!'. Allowed values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><title> +#: sss-certmap.5.xml:639 +msgid "LDAPU1 extension" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para> +#: sss-certmap.5.xml:641 +msgid "The following template are available when using the 'LDAPU1' extension:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:647 +msgid "{serial_number[!(dec|hex[_ucr])]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:650 +msgid "" +"This template will add the serial number of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:655 +msgid "" +"With the formatting option '!dec' the number will be printed as decimal " +"string. The hexadecimal output can be printed with upper-case letters ('!" +"hex_u'), with a colon separating the hexadecimal bytes ('!hex_c') or with " +"the hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can " +"be combined so that e.g. '!hex_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:665 +msgid "Example: LDAPU1:(serial={serial_number})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:671 +msgid "{subject_key_id[!hex[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:674 +msgid "" +"This template will add the subject key id of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:679 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!hex_u'), " +"with a colon separating the hexadecimal bytes ('!hex_c') or with the " +"hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can be " +"combined so that e.g. '!hex_uc' will produce a colon-separated hexadecimal " +"string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:688 +msgid "Example: LDAPU1:(ski={subject_key_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:694 +msgid "{cert[!DIGEST[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:697 +msgid "" +"This template will add the hexadecimal digest/hash of the certificate where " +"DIGEST must be replaced with the name of a digest/hash function supported by " +"OpenSSL, e.g. 'sha512'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:703 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!sha512_u'), " +"with a colon separating the hexadecimal bytes ('!sha512_c') or with the " +"hexadecimal bytes in reverse order ('!sha512_r'). The postfix letters can be " +"combined so that e.g. '!sha512_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:712 +msgid "Example: LDAPU1:(dgst={cert!sha256})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:718 +msgid "{subject_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:721 +msgid "" +"This template will add an attribute value of a component of the subject DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:726 +msgid "" +"A different component can it either selected by attribute name, e.g. " +"{subject_dn_component.uid} or by position, e.g. {subject_dn_component.[2]} " +"where positive numbers start counting from the most specific component and " +"negative numbers start counting from the least specific component. Attribute " +"name and the position can be combined as e.g. {subject_dn_component.uid[2]} " +"which means that the name of the second component must be 'uid'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:737 +msgid "Example: LDAPU1:(uid={subject_dn_component.uid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:743 +msgid "{issuer_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:746 +msgid "" +"This template will add an attribute value of a component of the issuer DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:751 +msgid "" +"See 'subject_dn_component' for details about the attribute name and position " +"specifiers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:755 +msgid "" +"Example: LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component." +"dc[-1]})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:760 +msgid "{sid[.rid]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:763 +msgid "" +"This template will add the SID if the corresponding extension introduced by " +"Microsoft with the OID 1.3.6.1.4.1.311.25.2 is available. With the '.rid' " +"selector only the last component, i.e. the RID, will be added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:770 +msgid "Example: LDAPU1:(objectsid={sid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:779 +msgid "DOMAIN LIST" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:781 +msgid "" +"If the domain list is not empty users mapped to a given certificate are not " +"only searched in the local domain but in the listed domains as well as long " +"as they are know by SSSD. Domains not know to SSSD will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for IPA environments. The IPA provider accepts the same " +"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. " +"However, it is neither necessary nor recommended to set these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:57 +msgid "" +"The IPA provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"As an access provider, the IPA provider has a minimal configuration (see " +"<quote>ipa_access_order</quote>) as it mainly uses HBAC (host-based access " +"control) rules. Please refer to freeipa.org for more information about HBAC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:68 +msgid "" +"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ipa</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:74 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:90 +msgid "ipa_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:93 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:101 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:104 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:117 +msgid "ipa_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:120 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host. The " +"hostname must be fully qualified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:129 sssd-ad.5.xml:1181 +msgid "dyndns_update (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:132 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA with the IP address of this client. The update is secured " +"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the " +"updates, if it is not otherwise specified by using the <quote>dyndns_iface</" +"quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:141 sssd-ad.5.xml:1195 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:146 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:158 sssd-ad.5.xml:1206 +msgid "dyndns_ttl (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:161 sssd-ad.5.xml:1209 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:166 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:172 +msgid "Default: 1200 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:178 sssd-ad.5.xml:1220 +msgid "dyndns_iface (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 sssd-ad.5.xml:1223 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:188 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 sssd-ad.5.xml:1234 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 +msgid "dyndns_auth (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"updates with the DNS server, insecure updates can be sent by setting this " +"option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 +msgid "Default: GSS-TSIG" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 +msgid "dyndns_auth_ptr (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"PTR updates with the DNS server, insecure updates can be sent by setting " +"this option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 +msgid "Default: Same as dyndns_auth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:234 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:237 sssd-ad.5.xml:238 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example." +"com\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1240 +msgid "dyndns_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:263 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:276 sssd-ad.5.xml:1258 +msgid "dyndns_update_ptr (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:1261 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 +msgid "Default: False (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 +msgid "dyndns_force_tcp (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 +msgid "dyndns_update_per_family (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 +msgid "" +"DNS update is by default performed in two steps - IPv4 update and then IPv6 " +"update. In some cases it might be desirable to perform IPv4 and IPv6 update " +"in single step." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:353 +msgid "ipa_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:360 +msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:399 +msgid "" +"Please note that 'access_provider = ipa' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:406 +msgid "ipa_deskprofile_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:409 +msgid "" +"Optional. Use the given string as search base for Desktop Profile related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 +msgid "Default: Use base DN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:419 +msgid "ipa_subid_ranges_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"Optional. Use the given string as search base for subordinate ranges related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:426 +msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:433 +msgid "ipa_hbac_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:436 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 +msgid "Deprecated. Use ldap_host_search_base instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:455 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:458 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:474 +msgid "ipa_subdomains_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:477 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:486 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:493 +msgid "ipa_master_domain_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:496 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:505 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:524 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:534 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:538 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:564 +msgid "ipa_deskprofile_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:567 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server. This will reduce the latency and load on the IPA server if there " +"are many desktop profiles requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 +msgid "Default: 5 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:580 +msgid "ipa_deskprofile_request_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:583 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server in case the last request did not return any rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:588 +msgid "Default: 60 (minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:594 +msgid "ipa_hbac_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:597 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:610 +msgid "ipa_hbac_selinux (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:613 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:626 +msgid "ipa_server_mode (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "" +"This option will be set by the IPA installer (ipa-server-install) " +"automatically and denotes if SSSD is running on an IPA server or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:634 +msgid "" +"On an IPA server SSSD will lookup users and groups from trusted domains " +"directly while on a client it will ask an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:639 +msgid "" +"NOTE: There are currently some assumptions that must be met when SSSD is " +"running on an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "" +"The <quote>ipa_server</quote> option must be configured to point to the IPA " +"server itself. This is already the default set by the IPA installer, so no " +"manual change is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:653 +msgid "" +"The <quote>full_name_format</quote> option must not be tweaked to only print " +"short names for users from trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:668 +msgid "ipa_automount_location (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:671 +msgid "The automounter location this IPA client will be using" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:674 +msgid "Default: The location named \"default\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:682 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:691 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:694 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:697 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:703 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:706 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 +#: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 +#: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 +#: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 +msgid "Default: cn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:716 +msgid "ipa_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:719 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:722 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:728 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:731 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:735 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:741 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:744 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:749 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:752 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:755 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:758 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:761 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:764 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:767 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:770 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:775 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:781 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:784 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:789 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:792 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:795 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:800 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:684 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:812 +msgid "SUBDOMAINS PROVIDER" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:814 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:818 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:824 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:835 +msgid "TRUSTED DOMAINS CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:843 +#, no-wrap +msgid "" +"[domain/ipa.domain.com/ad.domain.com]\n" +"ad_server = dc.ad.domain.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:837 +msgid "" +"Some configuration options can also be set for a trusted domain. A trusted " +"domain configuration can be set using the trusted domain subsection as shown " +"in the example below. Alternatively, the <quote>subdomain_inherit</quote> " +"option can be used in the parent domain. <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:848 +msgid "" +"For more details, see the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:855 +msgid "" +"Different configuration options are tunable for a trusted domain depending " +"on whether you are configuring SSSD on an IPA server or an IPA client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:860 +msgid "OPTIONS TUNABLE ON IPA MASTERS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:862 +msgid "" +"The following options can be set in a subdomain section on an IPA master:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 +msgid "ad_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:869 +msgid "ad_backup_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 +msgid "ad_site" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:875 +msgid "ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:878 +msgid "ldap_user_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:881 +msgid "ldap_group_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:890 +msgid "OPTIONS TUNABLE ON IPA CLIENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:892 +msgid "" +"The following options can be set in a subdomain section on an IPA client:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:904 +msgid "" +"Note that if both options are set, only <quote>ad_server</quote> is " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:908 +msgid "" +"Since any request for a user or a group identity from a trusted domain " +"triggered from an IPA client is resolved by the IPA server, the " +"<quote>ad_server</quote> and <quote>ad_site</quote> options only affect " +"which AD DC will the authentication be performed against. In particular, the " +"addresses resolved from these lists will be written to <quote>kdcinfo</" +"quote> files read by the Kerberos locator plugin. Please refer to the " +"<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more details on the " +"Kerberos locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:932 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:939 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available. Back end communication occurs over a GSSAPI-encrypted " +"channel, SSL/TLS options should not be used with the AD provider and will be " +"superseded by Kerberos usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:44 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:48 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:54 +msgid "" +"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for Active Directory environments. The AD provider accepts the " +"same options used by the sssd-ldap and sssd-krb5 providers with some " +"exceptions. However, it is neither necessary nor recommended to set these " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"The AD provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:74 +msgid "" +"The AD provider can also be used as an access, chpass, sudo and autofs " +"provider. No configuration of the access provider is required on the client " +"side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:79 +msgid "" +"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ad</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:91 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:85 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should " +"be used, it is recommended for performance reasons that the attributes are " +"also replicated to the Global Catalog. If POSIX attributes are replicated, " +"SSSD will attempt to locate the domain of a requested numerical ID with the " +"help of the Global Catalog and only search that domain. In contrast, if " +"POSIX attributes are not replicated to the Global Catalog, SSSD must search " +"all the domains in the forest sequentially. Please note that the " +"<quote>cache_first</quote> option might be also helpful in speeding up " +"domainless searches. Note that if only a subset of POSIX attributes is " +"present in the Global Catalog, the non-replicated attributes are currently " +"not read from the LDAP port." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:108 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:113 +msgid "" +"SSSD only resolves Active Directory Security Groups. For more information " +"about AD group types see: <ulink url=\"https://docs.microsoft.com/en-us/" +"windows-server/identity/ad-ds/manage/understand-security-groups\"> Active " +"Directory security groups</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:120 +msgid "" +"SSSD filters out Domain Local groups from remote domains in the AD forest. " +"By default they are filtered out e.g. when following a nested group " +"hierarchy in remote domains because they are not valid in the local domain. " +"This is done to be in agreement with Active Directory's group-membership " +"assignment which can be seen in the PAC of the Kerberos ticket of a user " +"issued by Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:138 +msgid "ad_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:141 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:146 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:151 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:158 +msgid "ad_enabled_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:161 +msgid "" +"A comma-separated list of enabled Active Directory domains. If provided, " +"SSSD will ignore any domains not listed in this option. If left unset, all " +"discovered domains from the AD forest will be available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:168 +msgid "" +"During the discovery of the domains SSSD will filter out some domains where " +"flags or attributes indicate that they do not belong to the local forest or " +"are not trusted. If ad_enabled_domains is set, SSSD will try to enable all " +"listed domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:179 +#, no-wrap +msgid "" +"ad_enabled_domains = sales.example.com, eng.example.com\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:175 +msgid "" +"For proper operation, this option must be specified in all lower-case and as " +"the fully qualified domain name of the Active Directory domain. For example: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) will be " +"autodetected by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:193 +msgid "ad_server, ad_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:196 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:203 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:208 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:216 +msgid "ad_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:219 +msgid "" +"Optional. On machines where the hostname(5) does not reflect the fully " +"qualified name, sssd will try to expand the short name. If it is not " +"possible or the short name should be really used instead, set this parameter " +"explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:226 +msgid "" +"This field is used to determine the host principal in use in the keytab and " +"to perform dynamic DNS updates. It must match the hostname for which the " +"keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:235 +msgid "ad_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:258 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:261 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:269 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:277 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:285 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"Nested group membership must be searched for using a special OID " +"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain." +"example.org: syntax to ensure the parser does not attempt to interpret the " +"colon characters associated with the OID. If you do not use this OID then " +"nested group membership will not be resolved. See usage example below and " +"refer here for further information about the OID: <ulink url=\"https://msdn." +"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP " +"extensions</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:303 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:314 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +"\n" +"# apply filter for a member of a nested group in dom1:\n" +"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:333 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:347 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:350 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:358 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:372 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:384 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to the host. For more " +"information on the supported policy settings please refer to the " +"<quote>ad_gpo_map</quote> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:392 +msgid "" +"Please note that current version of SSSD does not support Active Directory's " +"built-in groups. Built-in groups (such as Administrators with SID " +"S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See " +"upstream issue tracker https://github.com/SSSD/sssd/issues/5063 ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:401 +msgid "" +"Before performing access control SSSD applies group policy security " +"filtering on the GPOs. For every single user login, the applicability of the " +"GPOs that are linked to the host is checked. In order for a GPO to apply to " +"a user, the user or at least one of the groups to which it belongs must have " +"following permissions on the GPO:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:411 +msgid "" +"Read: The user or one of its groups must have read access to the properties " +"of the GPO (RIGHT_DS_READ_PROPERTY)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:418 +msgid "" +"Apply Group Policy: The user or at least one of its groups must be allowed " +"to apply the GPO (RIGHT_DS_CONTROL_ACCESS)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:426 +msgid "" +"By default, the Authenticated Users group is present on a GPO and this group " +"has both Read and Apply Group Policy access rights. Since authentication of " +"a user must have been completed successfully before GPO security filtering " +"and access control are started, the Authenticated Users group permissions on " +"the GPO always apply also to the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:435 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing. For logging GPO-based access control debug level 'trace " +"functions' is required (see <citerefentry> <refentrytitle>sssctl</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:458 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:464 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:470 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:481 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:484 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:490 +msgid "ad_gpo_implicit_deny (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:493 +msgid "" +"Normally when no applicable GPOs are found the users are allowed access. " +"When this option is set to True users will be allowed access only when " +"explicitly allowed by a GPO rule. Otherwise users will be denied access. " +"This can be used to harden security but be careful when using this option " +"because it can deny access even to users in the built-in Administrators " +"group if no GPO rules apply to them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:509 +msgid "" +"The following 2 tables should illustrate when a user is allowed or rejected " +"based on the allow and deny login rights defined on the server-side and the " +"setting of ad_gpo_implicit_deny." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:521 +msgid "ad_gpo_implicit_deny = False (default)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "allow-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "deny-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:523 sssd-ad.5.xml:549 +msgid "results" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:526 sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:552 +#: sssd-ad.5.xml:555 sssd-ad.5.xml:558 +msgid "missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:527 +msgid "all users are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:535 sssd-ad.5.xml:555 +#: sssd-ad.5.xml:558 sssd-ad.5.xml:561 +msgid "present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:530 +msgid "only users not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:533 sssd-ad.5.xml:559 +msgid "only users in allow-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:536 sssd-ad.5.xml:562 +msgid "only users in allow-rules and not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:547 +msgid "ad_gpo_implicit_deny = True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:553 sssd-ad.5.xml:556 +msgid "no users are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:569 +msgid "ad_gpo_ignore_unreadable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:572 +msgid "" +"Normally when some group policy containers (AD object) of applicable group " +"policy objects are not readable by SSSD then users are denied access. This " +"option allows to ignore group policy containers and with them associated " +"policies if their attributes in group policy containers are not readable for " +"SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:589 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:605 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:608 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings. Only those GPOs are evaluated " +"for which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny interactive logon setting for the user or one of its groups, the user " +"is denied local access. If none of the evaluated GPOs has an interactive " +"logon right defined, the user is granted local access. If at least one " +"evaluated GPO contains interactive logon right settings, the user is granted " +"local access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:626 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:640 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:631 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:663 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:683 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:688 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:693 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:698 +msgid "unity" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:703 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:712 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:715 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings. Only those GPOs are " +"evaluated for which the user has Read and Apply Group Policy permission (see " +"option <quote>ad_gpo_access_control</quote>). If an evaluated GPO contains " +"the deny remote logon setting for the user or one of its groups, the user is " +"denied remote interactive access. If none of the evaluated GPOs has a " +"remote interactive logon right defined, the user is granted remote access. " +"If at least one evaluated GPO contains remote interactive logon right " +"settings, the user is granted remote access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:734 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:749 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:740 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:757 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:762 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:771 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny network logon setting for the user or one of its groups, the user is " +"denied network logon access. If none of the evaluated GPOs has a network " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains network logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:792 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:807 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:798 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:815 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:820 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:829 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:832 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings. Only those GPOs are evaluated for which the user has Read " +"and Apply Group Policy permission (see option <quote>ad_gpo_access_control</" +"quote>). If an evaluated GPO contains the deny batch logon setting for the " +"user or one of its groups, the user is denied batch logon access. If none " +"of the evaluated GPOs has a batch logon right defined, the user is granted " +"logon access. If at least one evaluated GPO contains batch logon right " +"settings, the user is granted logon access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:850 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:864 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:855 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:867 +msgid "" +"Note: Cron service name may differ depending on Linux distribution used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:873 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:882 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:885 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny service logon setting for the user or one of its groups, the user is " +"denied service logon access. If none of the evaluated GPOs has a service " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains service logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:903 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:916 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:908 sssd-ad.5.xml:983 +msgid "" +"It is possible to add a PAM service name to the default set by using " +"<quote>+service_name</quote>. Since the default set is empty, it is not " +"possible to remove a PAM service name from the default set. For example, in " +"order to add a custom pam service name (e.g. <quote>my_pam_service</quote>), " +"you would use the following configuration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:926 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:929 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:943 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:934 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:951 +msgid "polkit-1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:966 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:975 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:978 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:991 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1001 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1004 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1017 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1026 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1031 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1036 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1041 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1046 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1051 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1057 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1063 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1066 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1072 +msgid "Default: 30 days" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1078 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1081 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expects 2 integers separated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the initial timeout in seconds before the task is run for the " +"first time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1090 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1096 +msgid "ad_update_samba_machine_account_password (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1099 +msgid "" +"If enabled, when SSSD renews the machine account password, it will also be " +"updated in Samba's database. This prevents Samba's copy of the machine " +"account password from getting out of date when it is set up to use AD for " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1112 +msgid "ad_use_ldaps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1115 +msgid "" +"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " +"3628. If this option is set to True SSSD will use the LDAPS port 636 and " +"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " +"have multiple encryption layers on a single connection and we still want to " +"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " +"property maxssf is set to 0 (zero) for those connections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1132 +msgid "ad_allow_remote_domain_local_groups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1135 +msgid "" +"If this option is set to <quote>true</quote> SSSD will not filter out Domain " +"Local groups from remote domains in the AD forest. By default they are " +"filtered out e.g. when following a nested group hierarchy in remote domains " +"because they are not valid in the local domain. To be compatible with other " +"solutions which make AD users and groups available on Linux client this " +"option was added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1145 +msgid "" +"Please note that setting this option to <quote>true</quote> will be against " +"the intention of Domain Local group in Active Directory and <emphasis>SHOULD " +"ONLY BE USED TO FACILITATE MIGRATION FROM OTHER SOLUTIONS</emphasis>. " +"Although the group exists and user can be member of the group the intention " +"is that the group should be only used in the domain it is defined and in no " +"others. Since there is only one type of POSIX groups the only way to achieve " +"this on the Linux side is to ignore those groups. This is also done by " +"Active Directory as can be seen in the PAC of the Kerberos ticket for a " +"local service or in tokenGroups requests where remote Domain Local groups " +"are missing as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1161 +msgid "" +"Given the comments above, if this option is set to <quote>true</quote> the " +"tokenGroups request must be disabled by setting <quote>ldap_use_tokengroups</" +"quote> to <quote>false</quote> to get consistent group-memberships of a " +"users. Additionally the Global Catalog lookup should be skipped as well by " +"setting <quote>ad_enable_gc</quote> to <quote>false</quote>. Finally it " +"might be necessary to modify <quote>ldap_group_nesting_level</quote> if the " +"remote Domain Local groups can only be found with a deeper nesting level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1184 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1214 +msgid "Default: 3600 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1230 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1243 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true. Note that the " +"lowest possible value is 60 seconds in-case if value is provided less than " +"60, parameter will assume lowest value only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1393 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1400 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1420 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1416 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1426 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1434 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included in the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:98 +msgid "" +"<placeholder type=\"programlisting\" id=\"0\"/> <phrase " +"condition=\"have_systemd\"> It's important to note that on platforms where " +"systemd is supported there's no need to add the \"sudo\" provider to the " +"list of services, as it became optional. However, sssd-sudo.socket must be " +"enabled instead. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:118 +msgid "" +"When SSSD is configured to use IPA as the ID provider, the sudo provider is " +"automatically enabled. The sudo search base is configured to use the IPA " +"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in " +"sssd.conf, this value will be used instead. The compat tree (ou=sudoers," +"$SUFFIX) is no longer required for IPA sudo functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:128 +msgid "The SUDO rule caching mechanism" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:130 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:138 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:144 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:161 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:168 +msgid "keyword ALL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:173 +msgid "wildcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:178 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:183 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:188 +msgid "one of the IP addresses of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:193 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:199 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:213 +msgid "Tuning the performance" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:215 +msgid "" +"SSSD uses different kinds of mechanisms with more or less complex LDAP " +"filters to keep the cached sudo rules up to date. The default configuration " +"is set to values that should satisfy most of our users, but the following " +"paragraphs contain few tips on how to fine- tune the configuration to your " +"requirements." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:222 +msgid "" +"1. <emphasis>Index LDAP attributes</emphasis>. Make sure that following LDAP " +"attributes are indexed: objectClass, cn, entryUSN or modifyTimestamp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:227 +msgid "" +"2. <emphasis>Set ldap_sudo_search_base</emphasis>. Set the search base to " +"the container that holds the sudo rules to limit the scope of the lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:232 +msgid "" +"3. <emphasis>Set full and smart refresh interval</emphasis>. If your sudo " +"rules do not change often and you do not require quick update of cached " +"rules on your clients, you may consider increasing the " +"<emphasis>ldap_sudo_full_refresh_interval</emphasis> and " +"<emphasis>ldap_sudo_smart_refresh_interval</emphasis>. You may also consider " +"disabling the smart refresh by setting " +"<emphasis>ldap_sudo_smart_refresh_interval = 0</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:241 +msgid "" +"4. If you have large number of clients, you may consider increasing the " +"value of <emphasis>ldap_sudo_random_offset</emphasis> to distribute the load " +"on the server better." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>--logger=</option><replaceable>value</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "Location where SSSD will send log messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:92 +msgid "" +"<emphasis>stderr</emphasis>: Redirect debug messages to standard error " +"output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:96 +msgid "" +"<emphasis>files</emphasis>: Redirect debug messages to the log files. By " +"default, the log files are stored in <filename>/var/log/sssd</filename> and " +"there are separate log files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:102 +msgid "" +"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:106 +msgid "" +"Default: not set (fall back to journald if available, otherwise to stderr)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:113 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:117 +msgid "Become a daemon after starting up." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:123 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:127 +msgid "Run in the foreground, don't become a daemon." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:133 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:137 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "<option>-g</option>,<option>--genconf</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:154 +msgid "" +"Do not start the SSSD, but refresh the configuration database from the " +"contents of <filename>/etc/sssd/sssd.conf</filename> and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:162 +msgid "<option>-s</option>,<option>--genconf-section</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:166 +msgid "" +"Similar to <quote>--genconf</quote>, but only refresh a single section from " +"the configuration file. This option is useful mainly to be called from " +"systemd unit files to allow socket-activated responders to refresh their " +"configuration without requiring the administrator to restart the whole SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:178 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:182 +msgid "Print version number and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:190 +msgid "Signals" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:193 +msgid "SIGTERM/SIGINT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:196 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:202 +msgid "SIGHUP" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:205 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:213 +msgid "SIGUSR1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:216 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:225 +msgid "SIGUSR2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:228 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:240 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:244 +msgid "" +"If the environment variable SSS_LOCKFREE is set to \"NO\", requests from " +"multiple threads of a single application will be serialized." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:48 +msgid "" +"<emphasis>NOTE:</emphasis> The options provided in this man page only work " +"with <quote>ldap</quote> and <quote>AD</quote> <quote> id_provider</quote>. " +"IPA overrides can be managed centrally on the IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:56 sssctl.8.xml:41 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:58 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:65 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED " +"CERTIFICATE</optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:78 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:86 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:91 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:100 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:105 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:113 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:118 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:124 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:134 +msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:137 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:146 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:149 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:155 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:160 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:168 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:175 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:183 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:188 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:197 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:202 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:210 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:215 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:221 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:231 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:234 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:243 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:246 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:252 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:257 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:267 sssctl.8.xml:50 +msgid "COMMON OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:269 sssctl.8.xml:52 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:274 sssctl.8.xml:57 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 include/override_homedir.xml:42 +msgid "%h" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:124 +msgid "home directory" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:31 +msgid "%P" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:56 +msgid "%%" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:57 +msgid "a literal '%'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:253 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:256 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:261 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:274 +msgid "krb5_use_fast (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:277 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:282 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:286 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:291 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:296 +msgid "Default: not set, i.e. FAST is not used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:299 +msgid "NOTE: a keytab or support for anonymous PKINIT is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:303 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:312 +msgid "krb5_fast_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:315 +msgid "Specifies the server principal to use for FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:321 +msgid "krb5_fast_use_anonymous_pkinit (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:324 +msgid "" +"If set to true try to use anonymous PKINIT instead of a keytab to get the " +"required credential for FAST. The krb5_fast_principal options is ignored in " +"this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:364 +msgid "krb5_kdcinfo_lookahead (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:367 +msgid "" +"When krb5_use_kdcinfo is set to true, you can limit the amount of servers " +"handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. This might be " +"helpful when there are too many servers discovered using SRV record." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:377 +msgid "" +"The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. " +"The first number represents number of primary servers used and the second " +"number specifies the number of backup servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:383 +msgid "" +"For example <emphasis>10:0</emphasis> means that up to 10 primary servers " +"will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " +"servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:392 +msgid "Default: 3:1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:398 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:401 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:407 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:410 +msgid "" +"The IPA provider will set to option to 'true' if it detects that the server " +"is capable of handling enterprise principals and the option is not set " +"explicitly in the config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:419 +msgid "krb5_use_subdomain_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:422 +msgid "" +"Specifies to use subdomains realms for the authentication of users from " +"trusted domains. This option can be set to 'true' if enterprise principals " +"are used with upnSuffixes which are not known on the parent domain KDCs. If " +"the option is set to 'true' SSSD will try to send the request directly to a " +"KDC of the trusted domain the user is coming from." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:438 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:453 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:458 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:485 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:493 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online. Options that invalidate a single object only accept a " +"single provided argument." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:43 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:47 +msgid "Invalidate all cached entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:53 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:58 +msgid "Invalidate specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:64 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:68 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:75 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:80 +msgid "Invalidate specific group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:86 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:90 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:97 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:102 +msgid "Invalidate specific netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:108 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:112 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:119 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:124 +msgid "Invalidate specific service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:130 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:134 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:141 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:146 +msgid "Invalidate specific autofs maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:152 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:156 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:163 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:168 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:174 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:178 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:186 +msgid "" +"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:191 +msgid "Invalidate particular sudo rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:197 +msgid "<option>-R</option>,<option>--sudo-rules</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:201 +msgid "" +"Invalidate all cached sudo rules. This option overrides invalidation of " +"specific sudo rule if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:209 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:214 +msgid "Restrict invalidation process only to a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_cache.8.xml:224 +msgid "EFFECTS ON THE FAST MEMORY CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:226 +msgid "" +"<command>sss_cache</command> also invalidates the memory cache. Since the " +"memory cache is a file which is mapped into the memory of each process which " +"called SSSD to resolve users or groups the file cannot be truncated. A " +"special flag is set in the header of the file to indicate that the content " +"is invalid and then the file is unlinked by SSSD's NSS responder and a new " +"cache file is created. Whenever a process is now doing a new lookup for a " +"user or a group it will see the flag, close the old memory cache file and " +"map the new one into its memory. When all processes which had opened the old " +"memory cache file have closed it while looking up a user or a group the " +"kernel can release the occupied disk space and the old memory cache file is " +"finally removed completely." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:240 +msgid "" +"A special case is long running processes which are doing user or group " +"lookups only at startup, e.g. to determine the name of the user the process " +"is running as. For those lookups the memory cache file is mapped into the " +"memory of the process. But since there will be no further lookups this " +"process would never detect if the memory cache file was invalidated and " +"hence it will be kept in memory and will occupy disk space until the process " +"stops. As a result calling <command>sss_cache</command> might increase the " +"disk usage because old memory cache files cannot be removed from the disk " +"because they are still mapped by long running processes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:252 +msgid "" +"A possible work-around for long running processes which are looking up users " +"and groups only at startup or very rarely is to run them with the " +"environment variable SSS_NSS_USE_MEMCACHE set to \"NO\" so that they won't " +"use the memory cache at all and not map the memory cache file into the " +"memory. In general a better solution is to tune the cache timeout parameters " +"so that they meet the local expectations and calling <command>sss_cache</" +"command> is not needed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "[DEPRECATED] change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl " +"debug-level command. Please refer to the <command>sssctl</command> man page " +"for more information on sssctl usage." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ifp.5.xml:43 +msgid "FIND BY VALID CERTIFICATE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:45 +msgid "" +"The following options can be used to control how the certificates are " +"validated when using the FindByValidCertificate() API:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:48 sss_ssh_authorizedkeys.1.xml:92 +msgid "ca_db" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:49 sss_ssh_authorizedkeys.1.xml:93 +msgid "p11_child_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:50 sss_ssh_authorizedkeys.1.xml:94 +msgid "certificate_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:52 +msgid "" +"For more details about the options see <citerefentry><refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:62 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:69 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:75 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:79 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:93 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:108 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:115 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:116 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:119 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:120 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:123 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:127 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:128 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:97 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:141 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:133 +msgid "" +"It is possible to add another attribute to this set by using " +"<quote>+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:145 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:155 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:160 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:316 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the " +"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> man page for more details about this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:59 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:52 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_ssh_authorizedkeys.1.xml:65 +msgid "KEYS FROM CERTIFICATES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:67 +msgid "" +"In addition to the public SSH keys for user <replaceable>USER</replaceable> " +"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived " +"from the public key of a X.509 certificate as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:73 +msgid "" +"To enable this the <quote>ssh_use_certificate_keys</quote> option must be " +"set to true (default) in the [ssh] section of <filename>sssd.conf</" +"filename>. If the user entry contains certificates (see " +"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or " +"there is a certificate in an override entry for the user (see " +"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the " +"certificate is valid SSSD will extract the public key from the certificate " +"and convert it into the format expected by sshd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:90 +msgid "Besides <quote>ssh_use_certificate_keys</quote> the options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:96 +msgid "" +"can be used to control how the certificates are validated (see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:101 +msgid "" +"The validation is the benefit of using X.509 certificates instead of SSH " +"keys directly because e.g. it gives a better control of the lifetime of the " +"keys. When the ssh client is configured to use the private keys from a " +"Smartcard with the help of a PKCS#11 shared library (see " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> for details) it might be irritating that authentication is " +"still working even if the related X.509 certificate on the Smartcard is " +"already expired because neither <command>ssh</command> nor <command>sshd</" +"command> will look at the certificate at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:114 +msgid "" +"It has to be noted that the derived public SSH key can still be added to the " +"<filename>authorized_keys</filename> file of the user to bypass the " +"certificate validation if the <command>sshd</command> configuration permits " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:132 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:102 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:104 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and establishes the connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:89 +msgid "<option>-k</option>,<option>--pubkey</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:93 +msgid "" +"Print the host ssh public keys for host <replaceable>HOST</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: idmap_sss.8.xml:10 idmap_sss.8.xml:15 +msgid "idmap_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: idmap_sss.8.xml:16 +msgid "SSSD's idmap_sss Backend for Winbind" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:22 +msgid "" +"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. " +"No database is required in this case as the mapping is done by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: idmap_sss.8.xml:29 +msgid "IDMAP OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: idmap_sss.8.xml:33 +msgid "range = low - high" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: idmap_sss.8.xml:35 +msgid "" +"Defines the available matching UID and GID range for which the backend is " +"authoritative." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:45 +msgid "" +"This example shows how to configure idmap_sss as the default mapping module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: idmap_sss.8.xml:50 +#, no-wrap +msgid "" +"[global]\n" +"security = ads\n" +"workgroup = <AD-DOMAIN-SHORTNAME>\n" +"\n" +"idmap config <AD-DOMAIN-SHORTNAME> : backend = sss\n" +"idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647\n" +"\n" +"idmap config * : backend = tdb\n" +"idmap config * : range = 100000-199999\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:62 +msgid "" +"Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of " +"the AD domain. If multiple AD domains should be used each domain needs an " +"<literal>idmap config</literal> line with <literal>backend = sss</literal> " +"and a line with a suitable <literal>range</literal>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:69 +msgid "" +"Since Winbind requires a writeable default backend and idmap_sss is read-" +"only the example includes <literal>backend = tdb</literal> as default." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssctl.8.xml:10 sssctl.8.xml:15 +msgid "sssctl" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssctl.8.xml:16 +msgid "SSSD control and status utility" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssctl.8.xml:21 +msgid "" +"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:32 +msgid "" +"<command>sssctl</command> provides a simple and unified way to obtain " +"information about SSSD status, such as active server, auto-discovered " +"servers, domains and cached objects. In addition, it can manage SSSD data " +"files for troubleshooting in such a way that is safe to manipulate while " +"SSSD is running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:43 +msgid "" +"To list all available commands run <command>sssctl</command> without any " +"parameters. To print help for selected command run <command>sssctl COMMAND --" +"help</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-files.5.xml:10 sssd-files.5.xml:16 +msgid "sssd-files" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-files.5.xml:17 +msgid "SSSD files provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:23 +msgid "" +"This manual page describes the files provider for <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:36 +msgid "" +"The files provider mirrors the content of the <citerefentry> " +"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files " +"provider is to make the users and groups traditionally only accessible with " +"NSS interfaces also available through the SSSD interfaces such as " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:55 +msgid "" +"Another reason is to provide efficient caching of local users and groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:58 +msgid "" +"Please note that besides explicit domain definition the files provider can " +"be configured also implicitly using 'enable_files_domain' option. See " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:66 +msgid "" +"SSSD never handles resolution of user/group \"root\". Also resolution of UID/" +"GID 0 is not handled by SSSD. Such requests are passed to next NSS module " +"(usually files)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:71 +msgid "" +"When SSSD is not running or responding, nss_sss returns the UNAVAIL code " +"which causes the request to be passed to the next module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:95 +msgid "passwd_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:98 +msgid "" +"Comma-separated list of one or multiple password filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:104 +msgid "Default: /etc/passwd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:110 +msgid "group_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:113 +msgid "" +"Comma-separated list of one or multiple group filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:119 +msgid "Default: /etc/group" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:125 +msgid "fallback_to_nss (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:128 +msgid "" +"While updating the internal data SSSD will return an error and let the " +"client continue with the next NSS module. This helps to avoid delays when " +"using the default system files <filename>/etc/passwd</filename> and " +"<filename>/etc/group</filename> and the NSS configuration has 'sss' before " +"'files' for the 'passwd' and 'group' maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:138 +msgid "" +"If the files provider is configured to monitor other files it makes sense to " +"set this option to 'False' to avoid inconsistent behavior because in general " +"there would be no other NSS module which can be used as a fallback." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:79 +msgid "" +"In addition to the options listed below, generic SSSD domain options can be " +"set where applicable. Refer to the section <quote>DOMAIN SECTIONS</quote> " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for details on the configuration of " +"an SSSD domain. But the purpose of the files provider is to expose the same " +"data as the UNIX files, just through the SSSD interfaces. Therefore not all " +"generic domain options are supported. Likewise, some global options, such as " +"overriding the shell in the <quote>nss</quote> section for all domains has " +"no effect on the files domain unless explicitly specified per-domain. " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:157 +msgid "" +"The following example assumes that SSSD is correctly configured and files is " +"one of the domains in the <replaceable>[sssd]</replaceable> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:163 +#, no-wrap +msgid "" +"[domain/files]\n" +"id_provider = files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:168 +msgid "" +"To leverage caching of local users and groups by SSSD nss_sss module must be " +"listed before nss_files module in /etc/nsswitch.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:174 +#, no-wrap +msgid "" +"passwd: sss files\n" +"group: sss files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16 +msgid "sssd-session-recording" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-session-recording.5.xml:17 +msgid "Configuring session recording with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to " +"implement user session recording on text terminals. For a detailed " +"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> " +"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:41 +msgid "" +"SSSD can be set up to enable recording of everything specific users see or " +"type during their sessions on text terminals. E.g. when users log in on the " +"console, or via SSH. SSSD itself doesn't record anything, but makes sure " +"tlog-rec-session is started upon user login, so it can record according to " +"its configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:48 +msgid "" +"For users with session recording enabled, SSSD replaces the user shell with " +"tlog-rec-session in NSS responses, and adds a variable specifying the " +"original shell to the user environment, upon PAM session setup. This way " +"tlog-rec-session can be started in place of the user shell, and know which " +"actual shell to start, once it set up the recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:60 +msgid "These options can be used to configure the session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:178 +msgid "" +"The following snippet of sssd.conf enables session recording for users " +"\"contractor1\" and \"contractor2\", and group \"students\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-session-recording.5.xml:183 +#, no-wrap +msgid "" +"[session_recording]\n" +"scope = some\n" +"users = contractor1, contractor2\n" +"groups = students\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16 +msgid "sssd-kcm" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-kcm.8.xml:17 +msgid "SSSD Kerberos Cache Manager" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:23 +msgid "" +"This manual page describes the configuration of the SSSD Kerberos Cache " +"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos " +"credential caches. It originates in the Heimdal Kerberos project, although " +"the MIT Kerberos library also provides client side (more details on that " +"below) support for the KCM credential cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:31 +msgid "" +"In a setup where Kerberos caches are managed by KCM, the Kerberos library " +"(typically used through an application, like e.g., <citerefentry> " +"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </" +"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is " +"being referred to as a <quote>\"KCM server\"</quote>. The client and server " +"communicate over a UNIX socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:42 +msgid "" +"The KCM server keeps track of each credential caches's owner and performs " +"access check control based on the UID and GID of the KCM client. The root " +"user has access to all credential caches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:47 +msgid "The KCM credential cache has several interesting properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:51 +msgid "" +"since the process runs in userspace, it is subject to UID namespacing, " +"unlike the kernel keyring" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:56 +msgid "" +"unlike the kernel keyring-based cache, which is shared between all " +"containers, the KCM server is a separate process whose entry point is a UNIX " +"socket" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:61 +msgid "" +"the SSSD implementation stores the ccaches in a database, typically located " +"at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to " +"survive KCM server restarts or machine reboots." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:67 +msgid "" +"This allows the system to use a collection-aware credential cache, yet share " +"the credential cache between some or no containers by bind-mounting the " +"socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:72 +msgid "" +"The KCM default client idle timeout is 5 minutes, this allows more time for " +"user interaction with command line tools such as kinit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:78 +msgid "USING THE KCM CREDENTIAL CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:88 +#, no-wrap +msgid "" +"[libdefaults]\n" +" default_ccache_name = KCM:\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:80 +msgid "" +"In order to use KCM credential cache, it must be selected as the default " +"credential type in <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials " +"cache name must be only <quote>KCM:</quote> without any template " +"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:93 +msgid "" +"Next, make sure the Kerberos client libraries and the KCM server must agree " +"on the UNIX socket path. By default, both use the same path <replaceable>/" +"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos " +"library, change its <quote>kcm_socket</quote> option which is described in " +"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:115 +#, no-wrap +msgid "" +"systemctl start sssd-kcm.socket\n" +"systemctl enable sssd-kcm.socket\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:104 +msgid "" +"Finally, make sure the SSSD KCM server can be contacted. The KCM service is " +"typically socket-activated by <citerefentry> <refentrytitle>systemd</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD " +"services, it cannot be started by adding the <quote>kcm</quote> string to " +"the <quote>service</quote> directive. <placeholder type=\"programlisting\" " +"id=\"0\"/> Please note your distribution may already configure the units for " +"you." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:124 +msgid "THE CREDENTIAL CACHE STORAGE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:126 +msgid "" +"The credential caches are stored in a database, much like SSSD caches user " +"or group entries. The database is typically located at <quote>/var/lib/sss/" +"secrets</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:133 +msgid "OBTAINING DEBUG LOGS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:144 +#, no-wrap +msgid "" +"[kcm]\n" +"debug_level = 10\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:149 sssd-kcm.8.xml:211 +#, no-wrap +msgid "" +"systemctl restart sssd-kcm.service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:135 +msgid "" +"The sssd-kcm service is typically socket-activated <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry>. To generate debug logs, add the following either to the " +"<filename>/etc/sssd/sssd.conf</filename> file directly or as a configuration " +"snippet to <filename>/etc/sssd/conf.d/</filename> directory: <placeholder " +"type=\"programlisting\" id=\"0\"/> Then, restart the sssd-kcm service: " +"<placeholder type=\"programlisting\" id=\"1\"/> Finally, run whatever use-" +"case doesn't work for you. The KCM logs will be generated at <filename>/var/" +"log/sssd/sssd_kcm.log</filename>. It is recommended to disable the debug " +"logs when you no longer need the debugging to be enabled as the sssd-kcm " +"service can generate quite a large amount of debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:159 +msgid "" +"Please note that configuration snippets are, at the moment, only processed " +"if the main configuration file at <filename>/etc/sssd/sssd.conf</filename> " +"exists at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:166 +msgid "RENEWALS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:174 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"krb5_renew_interval = 60m\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:168 +msgid "" +"The sssd-kcm service can be configured to attempt TGT renewal for renewable " +"TGTs stored in the KCM ccache. Renewals are only attempted when half of the " +"ticket lifetime has been reached. KCM Renewals are configured when the " +"following options are set in the [kcm] section: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:179 +msgid "" +"SSSD can also inherit krb5 options for renewals from an existing domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: sssd-kcm.8.xml:183 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"tgt_renewal_inherit = domain-name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:191 +#, no-wrap +msgid "" +"krb5_renew_interval\n" +"krb5_renewable_lifetime\n" +"krb5_lifetime\n" +"krb5_validate\n" +"krb5_canonicalize\n" +"krb5_auth_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:187 +msgid "" +"The following krb5 options can be configured in the [kcm] section to control " +"renewal behavior, these options are described in detail below <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:204 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> section of the sssd." +"conf file. Please note that because the KCM service is typically socket-" +"activated, it is enough to just restart the <quote>sssd-kcm</quote> service " +"after changing options in the <quote>kcm</quote> section of sssd.conf: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:215 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> For a detailed " +"syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:223 +msgid "" +"The generic SSSD service options such as <quote>debug_level</quote> or " +"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for a complete list. In addition, " +"there are some KCM-specific options as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:234 +msgid "socket_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:237 +msgid "The socket the KCM service will listen on." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:240 +msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:243 +msgid "" +"<phrase condition=\"have_systemd\"> Note: on platforms where systemd is " +"supported, the socket path is overwritten by the one defined in the sssd-kcm." +"socket unit file. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:252 +msgid "max_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:255 +msgid "How many credential caches does the KCM database allow for all users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:259 +msgid "Default: 0 (unlimited, only the per-UID quota is enforced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:264 +msgid "max_uid_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:267 +msgid "" +"How many credential caches does the KCM database allow per UID. This is " +"equivalent to <quote>with how many principals you can kinit</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:272 +msgid "Default: 64" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:277 +msgid "max_ccache_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:280 +msgid "" +"How big can a credential cache be per ccache. Each service ticket accounts " +"into this quota." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:284 +msgid "Default: 65536" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:289 +msgid "tgt_renewal (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:292 +msgid "Enables TGT renewals functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:295 +msgid "Default: False (Automatic renewals disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:300 +msgid "tgt_renewal_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:303 +msgid "Domain to inherit krb5_* options from, for use with TGT renewals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:307 +msgid "Default: NULL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:318 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>," +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16 +msgid "sssd-systemtap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-systemtap.5.xml:17 +msgid "SSSD systemtap information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:23 +msgid "" +"This manual page provides information about the systemtap functionality in " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:32 +msgid "" +"SystemTap Probe points have been added into various locations in SSSD code " +"to assist in troubleshooting and analyzing performance related issues." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:40 +msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:46 +msgid "" +"Probes and miscellaneous functions are defined in /usr/share/systemtap/" +"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp " +"respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:57 +msgid "PROBE POINTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:367 +msgid "" +"The information below lists the probe points and arguments available in the " +"following format:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:64 +msgid "probe $name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:67 +msgid "Description of probe point" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:70 +#, no-wrap +msgid "" +"variable1:datatype\n" +"variable2:datatype\n" +"variable3:datatype\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:80 +msgid "Database Transaction Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:84 +msgid "probe sssd_transaction_start" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:87 +msgid "" +"Start of a sysdb transaction, probes the sysdb_transaction_start() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118 +#: sssd-systemtap.5.xml:131 +#, no-wrap +msgid "" +"nesting:integer\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:97 +msgid "probe sssd_transaction_cancel" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:100 +msgid "" +"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() " +"function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:111 +msgid "probe sssd_transaction_commit_before" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:114 +msgid "Probes the sysdb_transaction_commit_before() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:124 +msgid "probe sssd_transaction_commit_after" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:127 +msgid "Probes the sysdb_transaction_commit_after() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:141 +msgid "LDAP Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:145 +msgid "probe sdap_search_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:148 +msgid "Probes the sdap_get_generic_ext_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:152 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"attrs:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:161 +msgid "probe sdap_search_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:164 +msgid "Probes the sdap_get_generic_ext_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:168 sssd-systemtap.5.xml:222 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:176 +msgid "probe sdap_parse_entry" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:179 +msgid "" +"Probes the sdap_parse_entry() function. It is called repeatedly with every " +"received attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:184 +#, no-wrap +msgid "" +"attr:string\n" +"value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:190 +msgid "probe sdap_parse_entry_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:193 +msgid "" +"Probes the sdap_parse_entry() function. It is called when parsing of " +"received object is finished." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:201 +msgid "probe sdap_deref_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:204 +msgid "Probes the sdap_deref_search_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:208 +#, no-wrap +msgid "" +"base_dn:string\n" +"deref_attr:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:215 +msgid "probe sdap_deref_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:218 +msgid "Probes the sdap_deref_search_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:234 +msgid "LDAP Account Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:238 +msgid "probe sdap_acct_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:241 +msgid "Probes the sdap_acct_req_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:245 sssd-systemtap.5.xml:260 +#, no-wrap +msgid "" +"entry_type:int\n" +"filter_type:int\n" +"filter_value:string\n" +"extra_value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:253 +msgid "probe sdap_acct_req_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:256 +msgid "Probes the sdap_acct_req_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:272 +msgid "LDAP User Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:276 +msgid "probe sdap_search_user_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:279 +msgid "Probes the sdap_search_user_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:283 sssd-systemtap.5.xml:295 sssd-systemtap.5.xml:307 +#: sssd-systemtap.5.xml:319 +#, no-wrap +msgid "" +"filter:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:288 +msgid "probe sdap_search_user_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:291 +msgid "Probes the sdap_search_user_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:300 +msgid "probe sdap_search_user_save_begin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:303 +msgid "Probes the sdap_search_user_save_begin() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:312 +msgid "probe sdap_search_user_save_end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:315 +msgid "Probes the sdap_search_user_save_end() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:328 +msgid "Data Provider Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:332 +msgid "probe dp_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:335 +msgid "A Data Provider request is submitted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:338 +#, no-wrap +msgid "" +"dp_req_domain:string\n" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:346 +msgid "probe dp_req_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:349 +msgid "A Data Provider request is completed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:352 +#, no-wrap +msgid "" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +"dp_ret:int\n" +"dp_errorstr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:365 +msgid "MISCELLANEOUS FUNCTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:372 +msgid "function acct_req_desc(entry_type)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:375 +msgid "Convert entry_type to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:380 +msgid "" +"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, " +"filter_value, extra_value)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:384 +msgid "Create probe string based on filter type" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:389 +msgid "function dp_target_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:392 +msgid "Convert target to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:397 +msgid "function dp_method_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:400 +msgid "Convert method to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:410 +msgid "SAMPLE SYSTEMTAP SCRIPTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:412 +msgid "" +"Start the SystemTap script (<command>stap /usr/share/sssd/systemtap/<" +"script_name>.stp</command>), then perform an identity operation and the " +"script will collect information from probes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:418 +msgid "Provided SystemTap scripts are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:422 +msgid "dp_request.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:425 +msgid "Monitoring of data provider request performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:430 +msgid "id_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:433 +msgid "Monitoring of <command>id</command> command performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:439 +msgid "ldap_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:442 +msgid "Monitoring of LDAP queries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:447 +msgid "nested_group_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:450 +msgid "Performance of nested groups resolving." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +msgid "sssd-ldap-attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap-attributes.5.xml:17 +msgid "SSSD LDAP Provider: Mapping Attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap-attributes.5.xml:23 +msgid "" +"This manual page describes the mapping attributes of SSSD LDAP provider " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. Refer to the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " +"for full details about SSSD LDAP provider configuration options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:38 +msgid "USER ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:42 +msgid "ldap_user_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:45 +msgid "The object class of a user entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:48 +msgid "Default: posixAccount" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:54 +msgid "ldap_user_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:57 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:61 +msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:68 +msgid "ldap_user_uid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:71 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:75 +msgid "Default: uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:81 +msgid "ldap_user_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:84 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:88 sssd-ldap-attributes.5.xml:698 +msgid "Default: gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:94 +msgid "ldap_user_primary_group (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:97 +msgid "" +"Active Directory primary group attribute for ID-mapping. Note that this " +"attribute should only be set manually if you are running the <quote>ldap</" +"quote> provider with ID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:103 +msgid "Default: unset (LDAP), primaryGroupID (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:109 +msgid "ldap_user_gecos (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:112 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:116 +msgid "Default: gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:122 +msgid "ldap_user_home_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:125 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:129 +msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:135 +msgid "ldap_user_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:138 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:142 +msgid "Default: loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:148 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:151 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:155 sssd-ldap-attributes.5.xml:724 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:162 +msgid "ldap_user_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:165 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:170 sssd-ldap-attributes.5.xml:739 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:177 +msgid "ldap_user_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:180 sssd-ldap-attributes.5.xml:749 +#: sssd-ldap-attributes.5.xml:872 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:184 sssd-ldap-attributes.5.xml:753 +#: sssd-ldap-attributes.5.xml:879 +msgid "Default: modifyTimestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:190 +msgid "ldap_user_shadow_last_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:193 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:203 +msgid "Default: shadowLastChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:209 +msgid "ldap_user_shadow_min (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:212 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:221 +msgid "Default: shadowMin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:227 +msgid "ldap_user_shadow_max (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:230 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:239 +msgid "Default: shadowMax" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:245 +msgid "ldap_user_shadow_warning (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:248 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:258 +msgid "Default: shadowWarning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:264 +msgid "ldap_user_shadow_inactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:267 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:277 +msgid "Default: shadowInactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:283 +msgid "ldap_user_shadow_expire (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:286 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:296 +msgid "Default: shadowExpire" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:302 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:305 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:311 +msgid "Default: krbLastPwdChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:317 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:320 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:326 +msgid "Default: krbPasswordExpiration" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:332 +msgid "ldap_user_ad_account_expires (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:335 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:340 +msgid "Default: accountExpires" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:346 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:349 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:354 +msgid "Default: userAccountControl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:360 +msgid "ldap_ns_account_lock (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:363 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:368 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:374 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:377 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:381 sssd-ldap-attributes.5.xml:395 +msgid "Default: loginDisabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:387 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:390 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:401 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:404 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:409 +msgid "Default: loginAllowedTimeMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:415 +msgid "ldap_user_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:418 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:422 +msgid "Default: krbPrincipalName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:428 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:431 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:436 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:446 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:456 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:459 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:463 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:466 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:476 +msgid "ldap_user_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:479 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:483 sssd-ldap-attributes.5.xml:963 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:489 +msgid "ldap_user_fullname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:492 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:502 +msgid "ldap_user_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:505 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:509 sssd-ldap-attributes.5.xml:950 +msgid "Default: memberOf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:515 +msgid "ldap_user_authorized_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:518 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:525 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:530 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:537 +msgid "" +"Some distributions (such as Fedora-29+ or RHEL-8) always include the " +"<quote>systemd-user</quote> PAM service as part of the login process. " +"Therefore when using service-based access control, the <quote>systemd-user</" +"quote> service might need to be added to the list of allowed services." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:545 +msgid "Default: authorizedService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:551 +msgid "ldap_user_authorized_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:554 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:560 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:565 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:572 +msgid "Default: host" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:578 +msgid "ldap_user_authorized_rhost (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:581 +msgid "" +"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the " +"presence of the rhost attribute in the user's LDAP entry to determine access " +"privilege. Similarly to host verification process." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:588 +msgid "" +"An explicit deny (!rhost) is resolved first. Second, SSSD searches for " +"explicit allow (rhost) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:593 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>rhost</quote> in order for the " +"ldap_user_authorized_rhost option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:600 +msgid "Default: rhost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:606 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:609 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:613 +msgid "Default: userCertificate;binary" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:619 +msgid "ldap_user_email (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:622 +msgid "Name of the LDAP attribute containing the email address of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:626 +msgid "" +"Note: If an email address of a user conflicts with an email address or fully " +"qualified name of another user, then SSSD will not be able to serve those " +"users properly. If for some reason several users need to share the same " +"email address then set this option to a nonexistent attribute name in order " +"to disable user lookup/login by email." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:635 +msgid "Default: mail" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:640 +msgid "ldap_user_passkey (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:643 +msgid "" +"Name of the LDAP attribute containing the passkey mapping data of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:647 +msgid "Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:657 +msgid "GROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:661 +msgid "ldap_group_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:664 +msgid "The object class of a group entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:667 +msgid "Default: posixGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:673 +msgid "ldap_group_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:676 +msgid "" +"The LDAP attribute that corresponds to the group name. In an environment " +"with nested groups, this value must be an LDAP attribute which has a unique " +"name for every group. This requirement includes non-POSIX groups in the tree " +"of nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:684 +msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:691 +msgid "ldap_group_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:694 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:704 +msgid "ldap_group_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:707 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:711 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:717 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:720 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:731 +msgid "ldap_group_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:734 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:746 +msgid "ldap_group_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:759 +msgid "ldap_group_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:762 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:767 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:773 +msgid "Default: groupType in the AD provider, otherwise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:780 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:783 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:789 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:799 +msgid "NETGROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:803 +msgid "ldap_netgroup_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:806 +msgid "The object class of a netgroup entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:809 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:813 +msgid "Default: nisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:819 +msgid "ldap_netgroup_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:822 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:826 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:836 +msgid "ldap_netgroup_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:839 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:843 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:847 +msgid "Default: memberNisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:853 +msgid "ldap_netgroup_triple (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:856 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:860 sssd-ldap-attributes.5.xml:876 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:863 +msgid "Default: nisNetgroupTriple" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:869 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:888 +msgid "HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:892 +msgid "ldap_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:895 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:898 sssd-ldap-attributes.5.xml:995 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:904 +msgid "ldap_host_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:907 sssd-ldap-attributes.5.xml:933 +msgid "The LDAP attribute that corresponds to the host's name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:917 +msgid "ldap_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:920 +msgid "" +"The LDAP attribute that corresponds to the host's fully-qualified domain " +"name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:924 +msgid "Default: fqdn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:930 +msgid "ldap_host_serverhostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:937 +msgid "Default: serverHostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:943 +msgid "ldap_host_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:946 +msgid "The LDAP attribute that lists the host's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:956 +msgid "ldap_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:959 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:969 +msgid "ldap_host_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:972 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:985 +msgid "SERVICE ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:989 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:992 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1001 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1004 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1014 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1017 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1021 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1027 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1030 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1034 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1043 +msgid "SUDO ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1047 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1050 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1053 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1059 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1062 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1072 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1075 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1079 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1085 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1088 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1093 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1099 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1102 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1106 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1112 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1115 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1119 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1125 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1128 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1132 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1138 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1141 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1145 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1151 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1154 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1158 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1164 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1167 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1172 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1178 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1181 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1185 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1194 +msgid "AUTOFS ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1201 +msgid "IP HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1205 +msgid "ldap_iphost_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1208 +msgid "The object class of an iphost entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1211 +msgid "Default: ipHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1217 +msgid "ldap_iphost_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1220 +msgid "" +"The LDAP attribute that contains the name of the IP host attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1230 +msgid "ldap_iphost_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1233 +msgid "The LDAP attribute that contains the IP host address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1237 +msgid "Default: ipHostNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1246 +msgid "IP NETWORK ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1250 +msgid "ldap_ipnetwork_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1253 +msgid "The object class of an ipnetwork entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1256 +msgid "Default: ipNetwork" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1262 +msgid "ldap_ipnetwork_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1265 +msgid "" +"The LDAP attribute that contains the name of the IP network attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1275 +msgid "ldap_ipnetwork_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1278 +msgid "The LDAP attribute that contains the IP network address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1282 +msgid "Default: ipNetworkNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_localauth_plugin.8.xml:10 sssd_krb5_localauth_plugin.8.xml:15 +msgid "sssd_krb5_localauth_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_localauth_plugin.8.xml:16 +msgid "Kerberos local authorization plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:22 +msgid "" +"The Kerberos local authorization plugin <command>sssd_krb5_localauth_plugin</" +"command> is used by libkrb5 to either find the local name for a given " +"Kerberos principal or to check if a given local name and a given Kerberos " +"principal relate to each other." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:29 +msgid "" +"SSSD handles the local names for users from a remote source and can read the " +"Kerberos user principal name from the remote source as well. With this " +"information SSSD can easily handle the mappings mentioned above even if the " +"local name and the Kerberos principal differ considerably." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:36 +msgid "" +"Additionally with the information read from the remote source SSSD can help " +"to prevent unexpected or unwanted mappings in case the user part of the " +"Kerberos principal accidentally corresponds to a local name of a different " +"user. By default libkrb5 might just strip the realm part of the Kerberos " +"principal to get the local name which would lead to wrong mappings in this " +"case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd_krb5_localauth_plugin.8.xml:46 +msgid "CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd_krb5_localauth_plugin.8.xml:56 +#, no-wrap +msgid "" +"[plugins]\n" +" localauth = {\n" +" module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so\n" +" }\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:48 +msgid "" +"The Kerberos local authorization plugin must be enabled explicitly in the " +"Kerberos configuration, see <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. SSSD will create a " +"config snippet with the content like e.g. <placeholder " +"type=\"programlisting\" id=\"0\"/> automatically in the SSSD's public " +"Kerberos configuration snippet directory. If this directory is included in " +"the local Kerberos configuration the plugin will be enabled automatically." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:3 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:6 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:9 +msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:16 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:19 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:22 +msgid "" +"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:29 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:32 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:37 +msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:44 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:47 include/autofs_attributes.xml:61 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:51 +msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:58 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:65 +msgid "" +"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise " +"automountInformation" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" + +#. type: Content of: <refentryinfo> +#: include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - https://github." +"com/SSSD/sssd/</orgname>" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:53 +msgid "Failover time outs and tuning" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:55 +msgid "" +"Resolving a server to connect to can be as simple as running a single DNS " +"query or can involve several steps, such as finding the correct site or " +"trying out multiple host names in case some of the configured servers are " +"not reachable. The more complex scenarios can take some time and SSSD needs " +"to balance between providing enough time to finish the resolution process " +"but on the other hand, not trying for too long before falling back to " +"offline mode. If the SSSD debug logs show that the server resolution is " +"timing out before a live server is contacted, you can consider changing the " +"time outs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:76 +msgid "dns_resolver_server_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:80 +msgid "" +"Time in milliseconds that sets how long would SSSD talk to a single DNS " +"server before trying next one." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:90 +msgid "dns_resolver_op_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:94 +msgid "" +"Time in seconds to tell how long would SSSD try to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or discovery domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:106 +msgid "dns_resolver_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:110 +msgid "" +"How long would SSSD try to resolve a failover service. This service " +"resolution internally might include several steps, such as resolving DNS SRV " +"queries or locating the site." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:67 +msgid "" +"This section lists the available tunables. Please refer to their description " +"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:123 +msgid "" +"For LDAP-based providers, the resolve operation is performed as part of an " +"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout</" +"quote> timeout should be set to a larger value than " +"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger " +"value than <quote>dns_resolver_op_timeout</quote> which should be larger " +"than <quote>dns_resolver_server_timeout</quote>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 200,000 and going up to " +"2,000,200,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower (inclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:129 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:139 include/ldap_id_mapping.xml:197 +msgid "Default: 200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:144 +msgid "ldap_idmap_range_max (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:147 +msgid "" +"Specifies the upper (exclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"cannot be used for the mapping anymore, i.e. one larger than the last one " +"which can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:155 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:165 +msgid "Default: 2000200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:170 +msgid "ldap_idmap_range_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:185 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:192 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:202 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:205 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:216 +msgid "ldap_idmap_default_domain (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:219 +msgid "Specify the name of the default domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:227 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:230 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:235 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monotonically with each additional domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:240 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:255 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:258 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:262 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:279 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:287 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:290 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:291 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:292 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:293 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:294 +msgid "Mandatory Label Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:295 +msgid "Authentication Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:296 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:297 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:299 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:303 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote>LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, " +"<quote>MANDATORY LABEL AUTHORITY</quote>, <quote>AUTHENTICATION AUTHORITY</" +"quote>, <quote>NT AUTHORITY</quote> and <quote>BUILTIN</quote> should not be " +"used as domain names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10 +msgid "Currently supported debug levels:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill SSSD, but one that indicates that at least one major " +"feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x20000</emphasis>: Performance and " +"statistical data, please note that due to the way requests are processed " +"internally the logged execution time of a request might be longer than it " +"actually was." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:88 include/debug_levels_tools.xml:62 +msgid "" +"<emphasis>10</emphasis>, <emphasis>0x10000</emphasis>: Even more low-level " +"libldb tracing information. Almost never really required." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:93 include/debug_levels_tools.xml:67 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:97 include/debug_levels_tools.xml:71 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:101 include/debug_levels_tools.xml:75 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:106 include/debug_levels_tools.xml:80 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:110 include/debug_levels_tools.xml:84 +msgid "" +"<emphasis>Default</emphasis>: 0x0070 (i.e. fatal, critical and serious " +"failures; corresponds to setting 2 in decimal notation)" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ldap-attributes</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ad</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +"condition=\"with_files_provider\"> <citerefentry> <refentrytitle>sssd-files</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, </phrase> <phrase " +"condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +"<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> " +"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> </phrase>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:27 +msgid "%l" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "The first letter of the login name." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:32 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:35 +msgid "%o" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:37 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:44 +msgid "" +"The original home directory retrieved from the identity provider, but in " +"lower case." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:49 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:51 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:63 +msgid "This option can also be set per-domain." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:68 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:72 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:76 +msgid "" +"Please note, the home directory from a specific override for the user, " +"either locally (see <citerefentry><refentrytitle>sss_override</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry>) or centrally managed " +"IPA id-overrides, has a higher precedence and will be used instead of the " +"value given by override_homedir." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2 +msgid "MODIFIED DEFAULT OPTIONS" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ad_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and AD provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9 +msgid "KRB5 Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13 +msgid "krb5_validate = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:18 +msgid "krb5_use_enterprise_principal = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:24 +msgid "LDAP Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:28 +msgid "ldap_schema = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38 +msgid "ldap_force_upper_case_realm = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:38 +msgid "ldap_id_mapping = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSS-SPNEGO" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:48 +msgid "ldap_referrals = false" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58 +msgid "ldap_use_tokengroups = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:63 +msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:66 +msgid "" +"The AD provider looks for a different principal than the LDAP provider by " +"default, because in an Active Directory environment the principals are " +"divided into two groups - User Principals and Service Principals. Only User " +"Principal can be used to obtain a TGT and by default, computer object's " +"principal is constructed from its sAMAccountName and the AD realm. The well-" +"known host/hostname@REALM principal is a Service Principal and thus cannot " +"be used to get a TGT with." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:80 +msgid "NSS configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:84 +msgid "fallback_homedir = /home/%d/%u" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:87 +msgid "" +"The AD provider automatically sets \"fallback_homedir = /home/%d/%u\" to " +"provide personal home directories for users without the homeDirectory " +"attribute. If your AD Domain is properly populated with Posix attributes, " +"and you want to avoid this fallback behavior, you can explicitly set " +"\"fallback_homedir = %o\"." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:96 +msgid "" +"Note that the system typically expects a home directory in /home/%u folder. " +"If you decide to use a different directory structure, some other parts of " +"your system may need adjustments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:102 +msgid "" +"For example automated creation of home directories in combination with " +"selinux requires selinux adjustment, otherwise the home directory will be " +"created with wrong selinux context." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ipa_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and IPA provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:18 +msgid "krb5_use_fast = try" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:23 +msgid "krb5_canonicalize = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:29 +msgid "LDAP Provider - General" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:33 +msgid "ldap_schema = ipa_v1" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSSAPI" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:48 +msgid "ldap_sasl_minssf = 56" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ipa" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:64 +msgid "LDAP Provider - User options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:68 +msgid "ldap_user_member_of = memberOf" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:73 +msgid "ldap_user_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:78 +msgid "ldap_user_ssh_public_key = ipaSshPubKey" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:83 +msgid "ldap_user_auth_type = ipaUserAuthType" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:89 +msgid "LDAP Provider - Group options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:93 +msgid "ldap_group_object_class = ipaUserGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:98 +msgid "ldap_group_object_class_alt = posixGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:103 +msgid "ldap_group_member = member" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:108 +msgid "ldap_group_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:113 +msgid "ldap_group_objectsid = ipaNTSecurityIdentifier" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:118 +msgid "ldap_group_external_member = ipaExternalMember" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:3 +msgid "krb5_auth_timeout (integer)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:6 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:17 +msgid "krb5_validate (boolean)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:20 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:29 +msgid "Default: false (IPA and AD provider: true)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:32 +msgid "" +"Please note that the ticket validation is the first step when checking the " +"PAC (see 'pac_check' in the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page for " +"details). If ticket validation is disabled the PAC checks will be skipped as " +"well." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:44 +msgid "krb5_renewable_lifetime (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:47 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:52 include/krb5_options.xml:86 +#: include/krb5_options.xml:123 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:55 include/krb5_options.xml:89 +#: include/krb5_options.xml:126 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:58 include/krb5_options.xml:92 +#: include/krb5_options.xml:129 +msgid "<emphasis>h</emphasis> for hours" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:61 include/krb5_options.xml:95 +#: include/krb5_options.xml:132 +msgid "<emphasis>d</emphasis> for days." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:64 include/krb5_options.xml:135 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:68 include/krb5_options.xml:139 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:73 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:79 +msgid "krb5_lifetime (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:82 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:98 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:102 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:107 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:114 +msgid "krb5_renew_interval (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:117 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:144 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:157 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" + +#~ msgid "sss_groupmod" +#~ msgstr "sss_groupmod " + +#~ msgid "modify a group" +#~ msgstr "Modificar um grupo" diff --git a/src/man/po/ru.po b/src/man/po/ru.po new file mode 100644 index 0000000..6c3f3e4 --- /dev/null +++ b/src/man/po/ru.po @@ -0,0 +1,24069 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# Artyom Kunyov <artkun@guitarplayer.ru>, 2012 +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 2.3.0\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" +"PO-Revision-Date: 2022-12-14 19:20+0000\n" +"Last-Translator: Elena Mishina <lepata@basealt.ru>\n" +"Language-Team: Russian <https://translate.fedoraproject.org/projects/sssd/" +"sssd-manpage-master/ru/>\n" +"Language: ru\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && " +"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" +"X-Generator: Weblate 4.14.2\n" + +#. type: Content of: <reference><title> +#: sssd.conf.5.xml:8 sssd-ldap.5.xml:5 pam_sss.8.xml:5 pam_sss_gss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5 +#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 +#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sssd-krb5.5.xml:5 +#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5 +#: sssd-files.5.xml:5 sssd-session-recording.5.xml:5 sssd-kcm.8.xml:5 +#: sssd-systemtap.5.xml:5 sssd-ldap-attributes.5.xml:5 +#: sssd_krb5_localauth_plugin.8.xml:5 +msgid "SSSD Manual pages" +msgstr "Справка по SSSD" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:13 sssd.conf.5.xml:19 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:14 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 +#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +#: sssd-files.5.xml:11 sssd-session-recording.5.xml:11 sssd-systemtap.5.xml:11 +#: sssd-ldap-attributes.5.xml:11 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:15 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 +#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +#: sssd-files.5.xml:12 sssd-session-recording.5.xml:12 sssd-kcm.8.xml:12 +#: sssd-systemtap.5.xml:12 sssd-ldap-attributes.5.xml:12 +msgid "File Formats and Conventions" +msgstr "Форматы файлов и рекомендации" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:20 +msgid "the configuration file for SSSD" +msgstr "файл конфигурации SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:24 +msgid "FILE FORMAT" +msgstr "ФОРМАТ ФАЙЛА" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:32 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:27 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"В файле используются синтаксические конструкции в стиле ini, он состоит из " +"разделов и параметров. Раздел начинается с имени раздела в квадратных " +"скобках и продолжается до начала нового раздела. Пример раздела с " +"параметрами, которые имеют одно или несколько значений: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:39 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" +"Используемые типы данных: строка (кавычки не требуются), целое число и " +"логическое значение (возможны два значения: <quote>TRUE</quote> или " +"<quote>FALSE</quote>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:44 +msgid "" +"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" +"Строка комментария начинается со знака «решётка» (<quote>#</quote>) или " +"точки с запятой (<quote>;</quote>). Поддержка встроенных комментариев не " +"предусмотрена." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:50 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" +"Для всех разделов предусмотрен необязательный параметр " +"<replaceable>description</replaceable>. Он предназначен только для " +"обозначения раздела." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:56 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" +"<filename>sssd.conf</filename> должен быть обычным файлом, владельцем " +"которого является пользователь root. Права на чтение этого файла или запись " +"в него должен иметь только пользователь root." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:62 +msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY" +msgstr "ФРАГМЕНТЫ КОНФИГУРАЦИИ ИЗ КАТАЛОГА ВКЛЮЧЕНИЯ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:65 +msgid "" +"The configuration file <filename>sssd.conf</filename> will include " +"configuration snippets using the include directory <filename>conf.d</" +"filename>. This feature is available if SSSD was compiled with libini " +"version 1.3.0 or later." +msgstr "" +"В файл конфигурации <filename>sssd.conf</filename> будут включены фрагменты " +"конфигурации из каталога <filename>conf.d</filename>. Эта возможность " +"доступна, если сборка SSSD была выполнена с библиотекой libini версии 1.3.0 " +"или более поздней." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:72 +msgid "" +"Any file placed in <filename>conf.d</filename> that ends in " +"<quote><filename>.conf</filename></quote> and does not begin with a dot " +"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> " +"to configure SSSD." +msgstr "" +"Любой находящийся в каталоге <filename>conf.d</filename> файл, имя которого " +"заканчивается расширением <quote><filename>.conf</filename></quote> и не " +"начинается с точки (<quote>.</quote>), будет использоваться для настройки " +"SSSD вместе с файлом <filename>sssd.conf</filename>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:80 +msgid "" +"The configuration snippets from <filename>conf.d</filename> have higher " +"priority than <filename>sssd.conf</filename> and will override " +"<filename>sssd.conf</filename> when conflicts occur. If several snippets are " +"present in <filename>conf.d</filename>, then they are included in " +"alphabetical order (based on locale). Files included later have higher " +"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, " +"<filename>02_snippet.conf</filename> etc.) can help visualize the priority " +"(higher number means higher priority)." +msgstr "" +"Фрагменты конфигурации из каталога <filename>conf.d</filename> имеют более " +"высокий приоритет, чем файл <filename>sssd.conf</filename>. В случае " +"возникновения конфликтов они переопределят параметры, заданные в файле " +"<filename>sssd.conf</filename>. Если в каталоге <filename>conf.d</filename> " +"присутствуют несколько фрагментов, их включение выполняется в алфавитном " +"порядке (на основе локали). Чем позже включён файл, тем выше его приоритет. " +"Числовые префиксы (<filename>01_snippet.conf</filename>, " +"<filename>02_snippet.conf</filename> и так далее) могут помочь " +"визуализировать приоритет (чем больше число, тем выше приоритет)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:94 +msgid "" +"The snippet files require the same owner and permissions as <filename>sssd." +"conf</filename>. Which are by default root:root and 0600." +msgstr "" +"Файлы фрагментов должны иметь того же владельца и те же права доступа, что и " +"файл <filename>sssd.conf</filename>. По умолчанию: root:root и 0600." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:101 +msgid "GENERAL OPTIONS" +msgstr "ОБЩИЕ ПАРАМЕТРЫ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:103 +msgid "Following options are usable in more than one configuration sections." +msgstr "Следующие параметры используются в нескольких разделах конфигурации." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:107 +msgid "Options usable in all sections" +msgstr "Параметры, используемые во всех разделах" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:111 +msgid "debug_level (integer)" +msgstr "debug_level (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:115 +msgid "debug (integer)" +msgstr "debug (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:118 +msgid "" +"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias " +"for <replaceable>debug_level</replaceable> as a convenience feature. If both " +"are specified, the value of <replaceable>debug_level</replaceable> will be " +"used." +msgstr "" +"В SSSD 1.14 и более поздних версиях для параметра <replaceable>debug_level</" +"replaceable> из соображений удобства предусмотрен псевдоним " +"<replaceable>debug</replaceable>. Если указаны оба параметра, будет " +"использовано значение <replaceable>debug_level</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:128 +msgid "debug_timestamps (bool)" +msgstr "debug_timestamps (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:131 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" +"Добавить к сообщениям отладки отметку времени. Если для ведения журнала " +"отладки SSSD включена служба journald, этот параметр будет игнорироваться." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 +msgid "Default: true" +msgstr "По умолчанию: true" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:141 +msgid "debug_microseconds (bool)" +msgstr "debug_microseconds (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:144 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" +"Добавить микросекунды в отметку времени в сообщениях отладки. Если для " +"ведения журнала отладки SSSD включена служба journald, этот параметр будет " +"игнорироваться." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 +#: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 +#: include/krb5_options.xml:163 +msgid "Default: false" +msgstr "По умолчанию: false" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:154 +msgid "debug_backtrace_enabled (bool)" +msgstr "debug_backtrace_enabled (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:157 +msgid "Enable debug backtrace." +msgstr "Включить обратную трассировку отладки." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:160 +msgid "" +"In case SSSD is run with debug_level less than 9, everything is logged to a " +"ring buffer in memory and flushed to a log file on any error up to and " +"including `min(0x0040, debug_level)` (i.e. if debug_level is explicitly set " +"to 0 or 1 then only those error levels will trigger backtrace, otherwise up " +"to 2)." +msgstr "" +"Если SSSD работает со значением debug_level, которое меньше 9, весь журнал " +"работы записывается в кольцевой буфер в памяти и сбрасывается в файл журнала " +"при возникновении любой ошибки до уровня `min(0x0040, debug_level)` " +"включительно (если для параметра debug_level явно указано значение 0 или 1, " +"только ошибки соответствующих уровней вызовут обратную трассировку; в ином " +"случае — до 2)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:169 +msgid "" +"Feature is only supported for `logger == files` (i.e. setting doesn't have " +"effect for other logger types)." +msgstr "" +"Возможность поддерживается только для `logger == files` (параметр не влияет " +"на другие типы журнала)." + +#. type: Content of: outside any tag (error?) +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 +#: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 +#: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 +#: sssd-ldap-attributes.5.xml:890 sssd-ldap-attributes.5.xml:987 +#: sssd-ldap-attributes.5.xml:1045 sssd-ldap-attributes.5.xml:1203 +#: sssd-ldap-attributes.5.xml:1248 include/autofs_attributes.xml:1 +#: include/krb5_options.xml:1 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:182 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "Параметры, используемые в разделах SERVICE и DOMAIN" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:186 +msgid "timeout (integer)" +msgstr "timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:189 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests. Note " +"that after three missed heartbeats the process will terminate itself." +msgstr "" +"Тайм-аут в секундах между пакетами пульса этой службы. Используется, чтобы " +"убедиться в том, что процесс работает и может отвечать на запросы. Обратите " +"внимание: после трёх пропущенных пакетов пульса процесс самостоятельно " +"завершит свою работу." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +msgid "Default: 10" +msgstr "По умолчанию: 10" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:206 +msgid "SPECIAL SECTIONS" +msgstr "ОСОБЫЕ РАЗДЕЛЫ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:209 +msgid "The [sssd] section" +msgstr "Раздел [sssd]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><title> +#: sssd.conf.5.xml:218 +msgid "Section parameters" +msgstr "Параметры раздела" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:220 +msgid "config_file_version (integer)" +msgstr "config_file_version (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:223 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" +"Обозначает версию синтаксических конструкций файла конфигурации. Для SSSD " +"0.6.0 и более поздних версий используется версия 2." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:229 +msgid "services" +msgstr "services" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:232 +msgid "" +"Comma separated list of services that are started when sssd itself starts. " +"<phrase condition=\"have_systemd\"> The services' list is optional on " +"platforms where systemd is supported, as they will either be socket or D-Bus " +"activated when needed. </phrase>" +msgstr "" +"Разделённый запятыми список служб, которые запускаются вместе с sssd. " +"<phrase condition=\"have_systemd\"> Список служб является необязательным на " +"платформах, которые поддерживают systemd, так как эти службы при " +"необходимости будут активированы с помощью сокета или D-Bus. </phrase>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:241 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" +msgstr "" +"Поддерживаемые службы: nss, pam <phrase condition=\"with_sudo\">, sudo</" +"phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:249 +msgid "" +"<phrase condition=\"have_systemd\"> By default, all services are disabled " +"and the administrator must enable the ones allowed to be used by executing: " +"\"systemctl enable sssd-@service@.socket\". </phrase>" +msgstr "" +"<phrase condition=\"have_systemd\"> По умолчанию все службы отключены. " +"Администратор должен включить разрешённые для использования службы с помощью " +"следующей команды: «systemctl enable sssd-@service@.socket». </phrase>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 +msgid "reconnection_retries (integer)" +msgstr "reconnection_retries (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" +"Количество попыток восстановления подключения службами в случае сбоя или " +"перезапуска поставщика данных" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 +#: include/failover.xml:100 +msgid "Default: 3" +msgstr "По умолчанию: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:271 +msgid "domains" +msgstr "domains" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:274 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter describes the list of domains in the order you want " +"them to be queried. A domain name is recommended to contain only " +"alphanumeric ASCII characters, dashes, dots and underscores. '/' character " +"is forbidden." +msgstr "" +"Домен — это база данных, содержащая сведения о пользователях. SSSD " +"поддерживает использование сразу нескольких доменов, но необходимо настроить " +"как минимум один — иначе запуск SSSD не будет выполнен. С помощью этого " +"параметра можно указать список доменов в том порядке, в котором к ним " +"следует отправлять запросы. Рекомендуется использовать в именах доменов " +"только буквенно-цифровые символы ASCII, дефисы, точки и знаки подчёркивания. " +"Символ «/» использовать нельзя." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 +msgid "re_expression (string)" +msgstr "re_expression (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:290 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" +"Регулярное выражение по умолчанию, которое задаёт способ обработки строки, " +"содержащей имя пользователя и домен, для выделения этих частей." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:295 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN SECTIONS " +"for more info on these regular expressions." +msgstr "" +"Для каждого домена можно настроить отдельное регулярное выражение. Для " +"некоторых поставщиков ID также предусмотрены регулярные выражения по " +"умолчанию. Более подробные сведения об этих регулярных выражениях доступны в " +"разделе справки «РАЗДЕЛЫ ДОМЕНА»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 +msgid "full_name_format (string)" +msgstr "full_name_format (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" +"Совместимый с <citerefentry> <refentrytitle>printf</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> формат, который описывает способ " +"создания полностью определённого имени из имени пользователя и имени домена." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 +msgid "%1$s" +msgstr "%1$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 +msgid "user name" +msgstr "имя пользователя" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 +msgid "%2$s" +msgstr "%2$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 +msgid "domain name as specified in the SSSD config file." +msgstr "имя домена, указанное в файле конфигурации SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 +msgid "%3$s" +msgstr "%3$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" +"плоское имя домена. Чаще всего используется для доменов Active Directory, " +"как непосредственно настроенных, так и обнаруженных с помощью отношений " +"доверия IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"Поддерживаются следующие расширения: <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:344 +msgid "" +"Each domain can have an individual format string configured. See DOMAIN " +"SECTIONS for more info on this option." +msgstr "" +"Для каждого домена можно настроить отдельную строку формата. Более подробные " +"сведения об этом параметре доступны в разделе справки «РАЗДЕЛЫ ДОМЕНОВ»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:350 +msgid "monitor_resolv_conf (boolean)" +msgstr "monitor_resolv_conf (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:353 +msgid "" +"Controls if SSSD should monitor the state of resolv.conf to identify when it " +"needs to update its internal DNS resolver." +msgstr "" +"Управляет тем, следует ли SSSD отслеживать состояние resolv.conf для " +"определения момента, когда требуется обновить данные встроенного " +"сопоставителя DNS." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:363 +msgid "try_inotify (boolean)" +msgstr "try_inotify (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:366 +msgid "" +"By default, SSSD will attempt to use inotify to monitor configuration files " +"changes and will fall back to polling every five seconds if inotify cannot " +"be used." +msgstr "" +"По умолчанию SSSD будет пытаться использовать inotify для отслеживания " +"изменений файлов конфигурации. Если невозможно использовать inotify, вместо " +"этого снова будет выполняться опрос каждые пять секунд." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" +"В некоторых редких ситуациях не следует даже пытаться использовать inotify. " +"В таких случаях в этот параметр следует установить значение «false»" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:378 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" +"По умолчанию: true на платформах, которые поддерживают inotify. False на " +"других платформах." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:382 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" +"Примечание: этот параметр ни на что не влияет на тех платформах, где " +"недоступна подсистема inotify. На этих платформах всегда будет " +"использоваться опрос." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:389 +msgid "krb5_rcache_dir (string)" +msgstr "krb5_rcache_dir (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" +"Каталог файловой системы, в котором SSSD следует сохранять файлы кэша " +"повтора Kerberos." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:396 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" +"Этот параметр принимает специальное значение __LIBKRB5_DEFAULTS__, которое " +"указывает SSSD разрешить libkrb5 выбрать подходящее расположение кэша " +"повтора." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:402 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" +"По умолчанию: зависит от дистрибутива и указывается при сборке. " +"(__LIBKRB5_DEFAULTS__, если не настроено)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:409 +msgid "user (string)" +msgstr "user (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:412 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user. Currently the only supported value is '&sssd_user_name;'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:419 +#, fuzzy +#| msgid "" +#| "The user to drop the privileges to where appropriate to avoid running as " +#| "the root user. <phrase condition=\"have_systemd\"> This option does not " +#| "work when running socket-activated services, as the user set up to run " +#| "the processes is set up during compilation time. The way to override the " +#| "systemd unit files is by creating the appropriate files in /etc/systemd/" +#| "system/. Keep in mind that any change in the socket user, group or " +#| "permissions may result in a non-usable SSSD. The same may occur in case " +#| "of changes of the user running the NSS responder. </phrase>" +msgid "" +"This option does not work when running socket-activated services, as the " +"user set up to run the processes is set up during compilation time. The way " +"to override the systemd unit files is by creating the appropriate files in /" +"etc/systemd/system/. Keep in mind that any change in the socket user, group " +"or permissions may result in a non-usable SSSD. The same may occur in case " +"of changes of the user running the NSS responder." +msgstr "" +"Пользователь, чьи привилегии будут использоваться, чтобы избежать выполнения " +"от имени пользователя root. <phrase condition=\"have_systemd\"> Этот " +"параметр не работает для служб, которые активируются с помощью сокета, так " +"как пользователь, от имени которого запускаются процессы, настраивается во " +"время сборки. Чтобы переопределить файлы модулей systemd, следует создать " +"соответствующие файлы в /etc/systemd/system/. Следует учитывать, что любые " +"изменения пользователя сокета, группы или прав могут привести к потере " +"работоспособности SSSD. То же самое может произойти в случае изменения " +"пользователя, запускающего ответчик NSS. </phrase>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:433 +msgid "Default: not set, process will run as root" +msgstr "" +"По умолчанию: не задано, процесс будет запущен от имени пользователя root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:438 +msgid "default_domain_suffix (string)" +msgstr "default_domain_suffix (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:441 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" +"Эта строка будет использоваться как стандартное имя домена для всех имён без " +"компонента имени домена. В основном, этот параметр применяется в средах, где " +"основной домен предназначен для управления политиками узлов и все " +"пользователи находятся в доверенном домене. Параметр позволяет этим " +"пользователям входить в систему, предоставляя только своё имя пользователя и " +"не указывая имя домена." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:451 +#, fuzzy +#| msgid "" +#| "Please note that if this option is set all users from the primary domain " +#| "have to use their fully qualified name, e.g. user@domain.name, to log in. " +#| "Setting this option changes default of use_fully_qualified_names to True. " +#| "It is not allowed to use this option together with " +#| "use_fully_qualified_names set to False. One exception from this rule are " +#| "domains with <quote>id_provider=files</quote> that always try to match " +#| "the behaviour of nss_files and therefore their output is not qualified " +#| "even when the default_domain_suffix option is used." +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False. <phrase condition=\"with_files_provider\"> One exception from " +"this rule are domains with <quote>id_provider=files</quote> that always try " +"to match the behaviour of nss_files and therefore their output is not " +"qualified even when the default_domain_suffix option is used. </phrase>" +msgstr "" +"Обратите внимание, что если этот параметр задан, все пользователи из " +"основного домена будут должны использовать своё полностью определённое имя, " +"например user@domain.name, для входа в систему. Установка этого параметра " +"изменит стандартное значение use_fully_qualified_names на «True». Этот " +"параметр нельзя использовать вместе с параметром use_fully_qualified_names, " +"установленным в значение «False». Единственное исключение из этого правила — " +"домены с <quote>id_provider=files</quote>, для которых всегда выполняется " +"попытка установления поведения в соответствии с nss_files; следовательно, " +"выведенные для них имена не будут полными даже тогда, когда используется " +"параметр default_domain_suffix." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 +#: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 +#: include/krb5_options.xml:148 +msgid "Default: not set" +msgstr "По умолчанию: не задано" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:473 +msgid "override_space (string)" +msgstr "override_space (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:476 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" +"С помощью этого параметра пробелы (клавиша «пробел») в именах пользователей " +"и групп можно заменить указанным символом, например «_». Имя пользователя " +""john doe" превратится в "john_doe". Эта возможность " +"была добавлена для обеспечения совместимости со сценариями оболочки, у " +"которых возникают проблемы при обработке пробелов из-за того, что в оболочке " +"пробел является стандартным разделителем полей." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:485 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" +"Обратите внимание, что использование заменяющего символа, который может " +"использоваться в именах пользователей или групп, является ошибкой " +"конфигурации. Если имя содержит заменяющий символ, SSSD выполнит попытку " +"вернуть неизменённое имя, но в целом результат поиска будет не определён." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "Default: not set (spaces will not be replaced)" +msgstr "По умолчанию: не задано (пробелы не будут заменены)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:498 +msgid "certificate_verification (string)" +msgstr "certificate_verification (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:506 +msgid "no_ocsp" +msgstr "no_ocsp" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:508 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" +"Отключает проверки OCSP. Это может потребоваться, если указанные в " +"сертификате серверы OCSP недоступны со стороны клиента." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:516 +msgid "soft_ocsp" +msgstr "soft_ocsp" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:518 +msgid "" +"If a connection cannot be established to an OCSP responder the OCSP check is " +"skipped. This option should be used to allow authentication when the system " +"is offline and the OCSP responder cannot be reached." +msgstr "" +"Если соединение с ответчиком OCSP невозможно установить, проверка OCSP будет " +"пропущена. Этот параметр следует использовать для того, чтобы разрешить " +"проверку подлинности, когда система находится в автономном режиме и нельзя " +"связаться с ответчиком OCSP." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:528 +msgid "ocsp_dgst" +msgstr "ocsp_dgst" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "" +"Digest (hash) function used to create the certificate ID for the OCSP " +"request. Allowed values are:" +msgstr "" +"Функция вычисления контрольной суммы (хэша), используемая для создания ID " +"сертификата для запроса OCSP. Допустимые значения:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:534 +msgid "sha1" +msgstr "sha1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:535 +msgid "sha256" +msgstr "sha256" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:536 +msgid "sha384" +msgstr "sha384" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:537 +msgid "sha512" +msgstr "sha512" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:540 +msgid "Default: sha1 (to allow compatibility with RFC5019-compliant responder)" +msgstr "" +"По умолчанию: sha1 (для обеспечения совместимости с ответчиком, " +"соответствующим стандарту RFC5019)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:546 +msgid "no_verification" +msgstr "no_verification" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:548 +msgid "" +"Disables verification completely. This option should only be used for " +"testing." +msgstr "" +"Полностью отключает проверку. Этот параметр следует использовать только для " +"тестирования." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "partial_chain" +msgstr "partial_chain" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:556 +msgid "" +"Allow verification to succeed even if a <replaceable>complete</replaceable> " +"chain cannot be built to a self-signed trust-anchor, provided it is possible " +"to construct a chain to a trusted certificate that might not be self-signed." +msgstr "" +"Разрешить признать проверку успешной даже в том случае, если не удаётся " +"построить <replaceable>полную</replaceable> цепочку до самоподписанного " +"якоря доверия, при условии, что возможно построить цепочку до доверенного " +"сертификата, который может быть не самоподписанным." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:565 +msgid "ocsp_default_responder=URL" +msgstr "ocsp_default_responder=URL" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:567 +msgid "" +"Sets the OCSP default responder which should be used instead of the one " +"mentioned in the certificate. URL must be replaced with the URL of the OCSP " +"default responder e.g. http://example.com:80/ocsp." +msgstr "" +"Задаёт стандартный ответчик OCSP, который следует использовать вместо " +"ответчика, указанного в сертификате. URL необходимо заменить URL-адресом " +"стандартного ответчика OCSP, например: http://example.com:80/ocsp." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:577 +msgid "ocsp_default_responder_signing_cert=NAME" +msgstr "ocsp_default_responder_signing_cert=NAME" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:579 +msgid "" +"This option is currently ignored. All needed certificates must be available " +"in the PEM file given by pam_cert_db_path." +msgstr "" +"В настоящее время этот параметр игнорируется. Все необходимые сертификаты " +"должны быть доступны в файле PEM, указанном параметром pam_cert_db_path." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:587 +msgid "crl_file=/PATH/TO/CRL/FILE" +msgstr "crl_file=/ПУТЬ/К/ФАЙЛУ/CRL" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:589 +msgid "" +"Use the Certificate Revocation List (CRL) from the given file during the " +"verification of the certificate. The CRL must be given in PEM format, see " +"<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</" +"manvolnum> </citerefentry> for details." +msgstr "" +"Использовать список отзыва сертификатов (CRL) из указанного файла при " +"проверке этого сертификата. CRL должен быть указан в формате PEM. Подробнее: " +"<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:602 +msgid "soft_crl" +msgstr "soft_crl" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:605 +msgid "" +"If a Certificate Revocation List (CRL) is expired ignore the CRL checks for " +"the related certificates. This option should be used to allow authentication " +"when the system is offline and the CRL cannot be renewed." +msgstr "" +"Если срок действия списка отзыва сертификатов (CRL) истёк, игнорировать " +"проверки CRL для соответствующих сертификатов. Этот параметр следует " +"использовать, чтобы разрешить проверку подлинности, когда система находится " +"в автономном режиме и нельзя обновить CRL." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"При установке этого параметра проверку сертификатов можно настроить с " +"помощью разделённого запятыми списка параметров. Поддерживаемые параметры: " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:616 +msgid "Unknown options are reported but ignored." +msgstr "Неизвестные параметры передаются, но игнорируются." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:619 +msgid "Default: not set, i.e. do not restrict certificate verification" +msgstr "По умолчанию: не задано, то есть не ограничивать проверку сертификатов" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:625 +msgid "disable_netlink (boolean)" +msgstr "disable_netlink (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "" +"SSSD hooks into the netlink interface to monitor changes to routes, " +"addresses, links and trigger certain actions." +msgstr "" +"SSSD подключается к интерфейсу netlink для отслеживания изменений в " +"маршрутах,адресах, ссылках и вызова определённых действий." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:633 +msgid "" +"The SSSD state changes caused by netlink events may be undesirable and can " +"be disabled by setting this option to 'true'" +msgstr "" +"Изменения состояния SSSD, вызванные событиями netlink, могут быть " +"нежелательными. Чтобы их отключить, установите этот параметр в значение " +"«true»" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:638 +msgid "Default: false (netlink changes are detected)" +msgstr "По умолчанию: false (изменения netlink обнаруживаются)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:643 +msgid "enable_files_domain (boolean)" +msgstr "enable_files_domain (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:646 +msgid "" +"When this option is enabled, SSSD prepends an implicit domain with " +"<quote>id_provider=files</quote> before any explicitly configured domains." +msgstr "" +"Когда этот параметр включён, SSSD добавляет перед всеми явно настроенными " +"доменами неявный домен с<quote>id_provider=files</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:657 +msgid "domain_resolution_order" +msgstr "domain_resolution_order" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:660 +msgid "" +"Comma separated list of domains and subdomains representing the lookup order " +"that will be followed. The list doesn't have to include all possible " +"domains as the missing domains will be looked up based on the order they're " +"presented in the <quote>domains</quote> configuration option. The " +"subdomains which are not listed as part of <quote>lookup_order</quote> will " +"be looked up in a random order for each parent domain." +msgstr "" +"Разделённый запятыми список доменов и поддоменов, который указывает порядок " +"поиска. В список не требуется включать все возможные домены, так как поиск " +"отсутствующих доменов будет выполняться на основе порядка, в котором они " +"представлены в параметре конфигурации <quote>domains</quote>. Поиск " +"поддоменов, которые не указаны в параметре <quote>lookup_order</quote>, " +"будет выполняться в случайном порядке для каждого родительского домена." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:672 +#, fuzzy +#| msgid "" +#| "Please, note that when this option is set the output format of all " +#| "commands is always fully-qualified even when using short names for input, " +#| "for all users but the ones managed by the files provider. In case the " +#| "administrator wants the output not fully-qualified, the full_name_format " +#| "option can be used as shown below: <quote>full_name_format=%1$s</quote> " +#| "However, keep in mind that during login, login applications often " +#| "canonicalize the username by calling <citerefentry> " +#| "<refentrytitle>getpwnam</refentrytitle> <manvolnum>3</manvolnum> </" +#| "citerefentry> which, if a shortname is returned for a qualified input " +#| "(while trying to reach a user which exists in multiple domains) might re-" +#| "route the login attempt into the domain which uses shortnames, making " +#| "this workaround totally not recommended in cases where usernames may " +#| "overlap between domains." +msgid "" +"Please, note that when this option is set the output format of all commands " +"is always fully-qualified even when using short names for input <phrase " +"condition=\"with_files_provider\"> , for all users but the ones managed by " +"the files provider </phrase>. In case the administrator wants the output " +"not fully-qualified, the full_name_format option can be used as shown below: " +"<quote>full_name_format=%1$s</quote> However, keep in mind that during " +"login, login applications often canonicalize the username by calling " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> which, if a shortname is returned for a qualified " +"input (while trying to reach a user which exists in multiple domains) might " +"re-route the login attempt into the domain which uses shortnames, making " +"this workaround totally not recommended in cases where usernames may overlap " +"between domains." +msgstr "" +"Обратите внимание: когда этот параметр задан, для вывода всех команд будет " +"использоваться полный формат, даже если во входных данных использовались " +"краткие имена (для всех пользователей, кроме находящихся под управлением " +"поставщика файлов). Если администратору не требуется полный формат, " +"параметр full_name_format можно использовать следующим образом: " +"<quote>full_name_format=%1$s</quote>. Но следует учитывать, что при входе " +"приложения часто преобразуют имя пользователя в каноническую форму, вызывая " +"программу <citerefentry> <refentrytitle>getpwnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry>, которая, если для входных данных в " +"полной форме возвращается краткое имя (при попытке обработки данных " +"пользователя, существующего в нескольких доменах), может перенаправить " +"попытку входа в домен, который использует краткие имена; следовательно, " +"такое использование параметра категорически не рекомендуется, когда имена " +"пользователей в разных доменах могут быть одинаковыми." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 +#: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 +msgid "Default: Not set" +msgstr "По умолчанию: не задано" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:705 +msgid "implicit_pac_responder (boolean)" +msgstr "implicit_pac_responder (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:708 +msgid "" +"The PAC responder is enabled automatically for the IPA and AD provider to " +"evaluate and check the PAC. If it has to be disabled set this option to " +"'false'." +msgstr "" +"Ответчик PAC включается автоматически для поставщиков IPA и AD для оценки и " +"проверки PAC. Если его необходимо отключить, установите для этого параметра " +"значение «false»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:719 +msgid "core_dumpable (boolean)" +msgstr "core_dumpable (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:722 +msgid "" +"This option can be used for general system hardening: setting it to 'false' " +"forbids core dumps for all SSSD processes to avoid leaking plain text " +"passwords. See man page prctl:PR_SET_DUMPABLE for details." +msgstr "" +"Этот параметр можно использовать для общей защиты системы: установка " +"значения «false» запрещает создание дампов памяти для всех процессов SSSD, " +"чтобы избежать утечки паролей в открытом виде. Дополнительные сведения " +"доступны на справочной странице prctl:PR_SET_DUMPABLE." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:734 +#, fuzzy +#| msgid "pam_cert_verification (string)" +msgid "passkey_verification (string)" +msgstr "pam_cert_verification (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +#, fuzzy +#| msgid "pam_cert_verification (string)" +msgid "user_verification (boolean)" +msgstr "pam_cert_verification (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:744 +msgid "" +"Enable or disable the user verification (i.e. PIN, fingerprint) during " +"authentication. If enabled, the PIN will always be requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:750 +msgid "" +"The default is that the key settings decide what to do. In the IPA or " +"kerberos pre-authentication case, this value will be overwritten by the " +"server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +#, fuzzy +#| msgid "" +#| "With this parameter the certificate verification can be tuned with a " +#| "comma separated list of options. Supported options are: <placeholder " +#| "type=\"variablelist\" id=\"0\"/>" +msgid "" +"With this parameter the passkey verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"При установке этого параметра проверку сертификатов можно настроить с " +"помощью разделённого запятыми списка параметров. Поддерживаемые параметры: " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:211 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Отдельные функциональные возможности SSSD обеспечиваются специальными " +"службами SSSD, которые запускаются и останавливаются вместе с SSSD. Эти " +"службы находятся под управлением специальной службы, которую часто называют " +"<quote>монитором</quote>. Настройка монитора и некоторых других важных " +"параметров (например, доменов идентификации) выполняется в разделе " +"<quote>[sssd]</quote>. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:769 +msgid "SERVICES SECTIONS" +msgstr "РАЗДЕЛЫ СЛУЖБ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:771 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" +"В этом разделе приводится описание параметров, которые можно использовать " +"для настройки различных служб. Они должны находится в разделах с именами " +"[<replaceable>$NAME</replaceable>]. Например, для службы NSS это будет " +"раздел <quote>[nss]</quote>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:778 +msgid "General service configuration options" +msgstr "Общие параметры настройки служб" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:780 +msgid "These options can be used to configure any service." +msgstr "Эти параметры можно использовать для настройки любых служб." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:797 +msgid "fd_limit" +msgstr "fd_limit" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:800 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" +"Этот параметр задаёт максимальное количество файловых дескрипторов, которые " +"может одновременно открыть этот процесс SSSD. В системах, где у SSSD имеется " +"возможность CAP_SYS_RESOURCE, этот параметр будет использоваться независимо " +"от других параметров системы. В системах без такой возможности количество " +"дескрипторов будет определяться наименьшим значением этого параметра или " +"ограничением «hard» в limits.conf." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "По умолчанию: 8192 (или ограничение «hard» в limits.conf)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:814 +msgid "client_idle_timeout" +msgstr "client_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:817 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system. The timeout " +"can't be shorter than 10 seconds. If a lower value is configured, it will be " +"adjusted to 10 seconds." +msgstr "" +"Этот параметр задаёт количество секунд, в течение которого клиент процесса " +"SSSD может удерживать файловый дескриптор без передачи данных. Это значение " +"ограничено в целях предотвращения исчерпания ресурсов системы. Оно не может " +"быть меньше 10 секунд. Если указано меньшее значение, оно будет исправлено " +"на 10 секунд." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "Default: 60, KCM: 300" +msgstr "По умолчанию: 60, KCM: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:831 +msgid "offline_timeout (integer)" +msgstr "offline_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:834 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. By " +"default SSSD uses incremental behaviour to calculate delay in between " +"retries. So, the wait time for a given retry will be longer than the wait " +"time for the previous ones. After each unsuccessful attempt to go online, " +"the new interval is recalculated by the following:" +msgstr "" +"Когда SSSD переключается в автономный режим, количество времени до " +"выполнения попытки вернуться в сеть будет увеличиваться в соответствии со " +"временем, проведённым без подключения. По умолчанию SSSD использует " +"приращение для расчёта задержки между повторными попытками. Поэтому время " +"ожидания для конкретной попытки будет больше, чем для предыдущих. После " +"каждой неудачной попытки вернуться в сеть интервал будет пересчитываться по " +"следующей формуле:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 +msgid "" +"new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." +"offline_timeout_random_offset]" +msgstr "" +"new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." +"offline_timeout_random_offset]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:848 +msgid "" +"The offline_timeout default value is 60. The offline_timeout_max default " +"value is 3600. The offline_timeout_random_offset default value is 30. The " +"end result is amount of seconds before next retry." +msgstr "" +"Стандартное значение offline_timeout составляет 60. Стандартное значение " +"offline_timeout_max — 3600. Стандартное значение " +"offline_timeout_random_offset — 30. Конечный результат представляет собой " +"количество секунд до следующей попытки." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:854 +msgid "" +"Note that the maximum length of each interval is defined by " +"offline_timeout_max (apart of random part)." +msgstr "" +"Обратите внимание, что максимальная длительность каждого интервала задана " +"параметром offline_timeout_max (кроме случайной части)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 +msgid "Default: 60" +msgstr "По умолчанию: 60" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:863 +msgid "offline_timeout_max (integer)" +msgstr "offline_timeout_max (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:866 +msgid "" +"Controls by how much the time between attempts to go online can be " +"incremented following unsuccessful attempts to go online." +msgstr "" +"Управляет тем, насколько можно увеличить время между попытками вернуться в " +"сеть после неудачных попыток восстановления подключения." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:871 +msgid "A value of 0 disables the incrementing behaviour." +msgstr "Значение «0» отключает использование приращения." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:874 +msgid "" +"The value of this parameter should be set in correlation to offline_timeout " +"parameter value." +msgstr "" +"Значение этого параметра следует устанавливать с учётом значения параметра " +"offline_timeout." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "" +"With offline_timeout set to 60 (default value) there is no point in setting " +"offlinet_timeout_max to less than 120 as it will saturate instantly. General " +"rule here should be to set offline_timeout_max to at least 4 times " +"offline_timeout." +msgstr "" +"Если параметр offline_timeout установлен в значение «60» (значение по " +"умолчанию), нет смысла указывать для параметра offlinet_timeout_max значение " +"меньше 120, поскольку первый же шаг увеличения приведёт к его превышению. " +"Общее правило таково: значение offline_timeout_max должно по крайней мере в " +"4 раза превышать значение offline_timeout." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "" +"Although a value between 0 and offline_timeout may be specified, it has the " +"effect of overriding the offline_timeout value so is of little use." +msgstr "" +"Несмотря на то, что возможно указать значение от 0 до offline_timeout, " +"результатом этого станет переопределение значения offline_timeout, что не " +"имеет практического смысла." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:889 +msgid "Default: 3600" +msgstr "По умолчанию: 3600" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:894 +msgid "offline_timeout_random_offset (integer)" +msgstr "offline_timeout_random_offset (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:897 +msgid "" +"When SSSD is in offline mode it keeps probing backend servers in specified " +"time intervals:" +msgstr "" +"Когда сервис SSSD находится в автономном режиме, он продолжает обращаться к " +"внутренним серверам через заданные промежутки времени:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:904 +msgid "" +"This parameter controls the value of the random offset used for the above " +"equation. Final random_offset value will be random number in range:" +msgstr "" +"Этот параметр управляет значением случайной задержки, которое используется " +"для приведённого выше уравнения. Итоговым значением random_offset будет " +"случайное число, принадлежащее диапазону:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "[0 - offline_timeout_random_offset]" +msgstr "[0 - offline_timeout_random_offset]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:912 +msgid "A value of 0 disables the random offset addition." +msgstr "Значение «0» отключает добавление случайной задержки." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:915 +msgid "Default: 30" +msgstr "По умолчанию: 30" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:920 +msgid "responder_idle_timeout" +msgstr "responder_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:923 +msgid "" +"This option specifies the number of seconds that an SSSD responder process " +"can be up without being used. This value is limited in order to avoid " +"resource exhaustion on the system. The minimum acceptable value for this " +"option is 60 seconds. Setting this option to 0 (zero) means that no timeout " +"will be set up to the responder. This option only has effect when SSSD is " +"built with systemd support and when services are either socket or D-Bus " +"activated." +msgstr "" +"Этот параметр задаёт количество секунд, в течение которого процесс ответчика " +"SSSD может работать без использования. Это значение ограничено в целях " +"предотвращения исчерпания ресурсов системы. Минимально допустимое значение: " +"60 секунд. Установка этого параметра в значение «0» (ноль) означает, что для " +"ответчика не устанавливается тайм-аут. Этот параметр используется только в " +"том случае, если сервис SSSD собран с поддержкой systemd и если службы " +"активируются с помощью сокетов или D-Bus." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 +msgid "Default: 300" +msgstr "По умолчанию: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:942 +msgid "cache_first" +msgstr "cache_first" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 +msgid "" +"This option specifies whether the responder should query all caches before " +"querying the Data Providers." +msgstr "" +"Этот параметр определяет, следует ли ответчику опрашивать все кэши перед " +"опросом поставщиков данных." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:960 +msgid "NSS configuration options" +msgstr "Параметры настройки NSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:962 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" +"Эти параметры можно использовать для настройки службы диспетчера службы имён " +"(NSS)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:967 +msgid "enum_cache_timeout (integer)" +msgstr "enum_cache_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:970 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" +"Длительность хранения перечислений (запросов информации обо всех " +"пользователях) в кэше nss_sss в секундах" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:974 +msgid "Default: 120" +msgstr "По умолчанию: 120" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:979 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "entry_cache_nowait_percentage (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:982 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" +"Можно настроить кэш записей на автоматическое обновление записей в фоновом " +"режиме, если запрос о них поступает в срок, определённый в процентах от " +"значения entry_cache_timeout для домена." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:988 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" +"Например, если параметр entry_cache_timeout домена установлен в значение " +"«30s» (секунд), а параметр entry_cache_nowait_percentage установлен в " +"значение «50» (процентов), записи, которые поступят через 15 секунд после " +"последнего обновления кэша, будут возвращены сразу, но SSSD выполнит " +"обновление кэша, поэтому будущим запросам не потребуется блокировка в " +"ожидании обновления кэша." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:998 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" +"Корректные значения этого параметра находятся в диапазоне 0-99 и " +"представляют собой значение в процентах от entry_cache_timeout для каждого " +"домена. Чтобы сохранить производительность, это значение никогда не " +"уменьшает тайм-аут nowait так, что он становится меньше 10 секунд. Установка " +"значения «0» отключает эту возможность." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 +msgid "Default: 50" +msgstr "По умолчанию: 50" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1011 +msgid "entry_negative_timeout (integer)" +msgstr "entry_negative_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"Означает количество секунд, в течение которого в кэше nss_sss будут " +"храниться неудачные обращения к кэшу (запросы некорректных записей базы " +"данных, например, несуществующих) перед повторным запросом к внутреннему " +"серверу." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 +msgid "Default: 15" +msgstr "По умолчанию: 15" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1025 +msgid "local_negative_timeout (integer)" +msgstr "local_negative_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1028 +msgid "" +"Specifies for how many seconds nss_sss should keep local users and groups in " +"negative cache before trying to look it up in the back end again. Setting " +"the option to 0 disables this feature." +msgstr "" +"Означает количество секунд, в течение которого в негативном кэше nss_sss " +"будут храниться локальные пользователи и группы перед попыткой повторного " +"поиска на внутреннем сервере. Установка значения «0» отключает эту " +"возможность." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "Default: 14400 (4 hours)" +msgstr "По умолчанию: 14400 (4 часа)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1039 +msgid "filter_users, filter_groups (string)" +msgstr "filter_users, filter_groups (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1042 +msgid "" +"Exclude certain users or groups from being fetched from the sss NSS " +"database. This is particularly useful for system accounts. This option can " +"also be set per-domain or include fully-qualified names to filter only users " +"from the particular domain or by a user principal name (UPN)." +msgstr "" +"Исключить определённых пользователей или группы из списка получения данных " +"из базы данных NSS sss. Эта возможность особенно полезна для системных " +"учётных записей. Этот параметр также можно задать для каждого домена " +"отдельно или включить в него полные имена, чтобы выполнить фильтрацию только " +"пользователей из конкретного домена или по именам участников-пользователей " +"(UPN)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1050 +msgid "" +"NOTE: The filter_groups option doesn't affect inheritance of nested group " +"members, since filtering happens after they are propagated for returning via " +"NSS. E.g. a group having a member group filtered out will still have the " +"member users of the latter listed." +msgstr "" +"ПРИМЕЧАНИЕ: параметр filter_groups не влияет на наследование участников " +"вложенных групп, так как фильтрация выполняется после их распространения для " +"возврата с помощью NSS. Например, в списке участников группы, вложенная " +"группа которой была отфильтрована, останутся пользователи из этой " +"отфильтрованной вложенной группы." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1058 +msgid "Default: root" +msgstr "По умолчанию: root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1063 +msgid "filter_users_in_groups (bool)" +msgstr "filter_users_in_groups (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1066 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" +"Если отфильтрованные пользователи должны оставаться участниками групп, " +"установите этот параметр в значение «false»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1077 +msgid "fallback_homedir (string)" +msgstr "fallback_homedir (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1080 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" +"Установить стандартный шаблон для домашнего каталога пользователя, если он " +"явно не указан поставщиком данных домена." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1085 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" +"Допустимые значения этого параметра совпадают с допустимыми значениями " +"параметра override_homedir." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1091 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" +"fallback_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "пример: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1095 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "По умолчанию: не задано (без замен для незаданных домашних каталогов)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1101 +msgid "override_shell (string)" +msgstr "override_shell (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1104 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" +"Переопределить командную оболочку входа для всех пользователей. Этот " +"параметр имеет приоритет над любыми другими параметрами оболочки, когда " +"действует. Его возможно установить либо в разделе [nss], либо для каждого " +"домена отдельно." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" +"По умолчанию: не задано (SSSD будет использовать значение, полученное от " +"LDAP)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1116 +msgid "allowed_shells (string)" +msgstr "allowed_shells (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1119 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" +"Ограничить оболочку пользователя одним из указанных в списке значений. " +"Порядок вычисления:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1122 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" +"1. Если оболочка присутствует в файле <quote>/etc/shells</quote>, будет " +"использована она." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1126 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" +"2. Если оболочка присутствует в списке allowed_shells, но не в файле <quote>/" +"etc/shells</quote>, использовать значение параметра shell_fallback." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1131 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" +"3. Если оболочка отсутствует в списке allowed_shells и файле <quote>/etc/" +"shells</quote>, будет использована оболочка, которая не требует входа." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1136 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" +"Чтобы разрешить использование любой оболочки, можно использовать " +"подстановочный знак (*)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1139 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" +"Знаком (*) можно воспользоваться, чтобы использовать shell_fallback, когда " +"оболочка пользователя отсутствует в файле <quote>/etc/shells</quote>, а " +"ведение списка всех разрешённых оболочек в allowed_shells было бы излишним." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1146 +msgid "An empty string for shell is passed as-is to libc." +msgstr "Пустая строка оболочки передаётся libc «как есть»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1149 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" +"Чтение файла <quote>/etc/shells</quote> выполняется только при запуске SSSD. " +"Следовательно, в случае установки новой оболочки потребуется перезапуск SSSD." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1153 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" +"По умолчанию: не задано. Автоматически используется оболочка пользователя." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1158 +msgid "vetoed_shells (string)" +msgstr "vetoed_shells (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1161 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "Заменять все экземпляры этих оболочек на shell_fallback" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1166 +msgid "shell_fallback (string)" +msgstr "shell_fallback (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1169 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" +"Оболочка по умолчанию, которую следует использовать, если разрешённая " +"оболочка не установлена на компьютере." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1173 +msgid "Default: /bin/sh" +msgstr "По умолчанию: /bin/sh" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1178 +msgid "default_shell" +msgstr "default_shell" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1181 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" +"Оболочка по умолчанию, которую следует использовать, если поставщик не " +"вернул оболочку при поиске. Этот параметр можно указать как глобальный в " +"разделе [nss] или для каждого домена отдельно." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1187 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" +"По умолчанию: не задано (вернуть NULL, если оболочка не указана, и " +"положиться на libc в плане подстановки подходящего варианта, обычно /bin/sh)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 +msgid "get_domains_timeout (int)" +msgstr "get_domains_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" +"Указывает время в секундах, в течение которого список поддоменов считается " +"действительным." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1206 +msgid "memcache_timeout (integer)" +msgstr "memcache_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1209 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid. Setting this option to zero will disable the in-memory cache." +msgstr "" +"Указывает время в секундах, в течение которого записи кэша в памяти будут " +"оставаться действительными. Установка этого параметра в значение «0» " +"отключит кэш в памяти." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1217 +msgid "" +"WARNING: Disabling the in-memory cache will have significant negative impact " +"on SSSD's performance and should only be used for testing." +msgstr "" +"ПРЕДУПРЕЖДЕНИЕ: отключение кэша в памяти окажет значительное негативное " +"воздействие на производительность SSSD. Этот параметр следует использовать " +"только для тестирования." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" +"ПРИМЕЧАНИЕ: если переменная среды SSS_NSS_USE_MEMCACHE установлена в " +"значение «NO», клиентские приложения не будут использовать быстрый кэш в " +"памяти." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1231 +msgid "memcache_size_passwd (integer)" +msgstr "memcache_size_passwd (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1234 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for passwd requests. Setting the size to 0 will disable the passwd in-" +"memory cache." +msgstr "" +"Размер (в мегабайтах) таблицы данных, которая размещена в быстром кэше в " +"памяти для запросов passwd. Установка размера в значение «0» отключит кэш в " +"памяти для запросов passwd." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 +msgid "Default: 8" +msgstr "По умолчанию: 8" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 +msgid "" +"WARNING: Disabled or too small in-memory cache can have significant negative " +"impact on SSSD's performance." +msgstr "" +"ПРЕДУПРЕЖДЕНИЕ: отключение кэша в памяти или его слишком малый размер окажет " +"значительное негативное воздействие на производительность SSSD." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1256 +msgid "memcache_size_group (integer)" +msgstr "memcache_size_group (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1259 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for group requests. Setting the size to 0 will disable the group in-memory " +"cache." +msgstr "" +"Размер (в мегабайтах) таблицы данных, которая размещена в быстром кэше в " +"памяти для запросов group. Установка размера в значение «0» отключит кэш в " +"памяти для запросов group." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 +#: include/krb5_options.xml:11 +msgid "Default: 6" +msgstr "По умолчанию: 6" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1281 +msgid "memcache_size_initgroups (integer)" +msgstr "memcache_size_initgroups (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1284 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for initgroups requests. Setting the size to 0 will disable the initgroups " +"in-memory cache." +msgstr "" +"Размер (в мегабайтах) таблицы данных, которая размещена в быстром кэше в " +"памяти для запросов групп инициализации. Установка размера в значение «0» " +"отключит кэш в памяти для запросов групп инициализации." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1306 +msgid "memcache_size_sid (integer)" +msgstr "memcache_size_sid (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1309 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for SID related requests. Only SID-by-ID and ID-by-SID requests are " +"currently cached in fast in-memory cache. Setting the size to 0 will " +"disable the SID in-memory cache." +msgstr "" +"Размер (в мегабайтах) таблицы данных, которая размещена в быстром кэше в " +"памяти для связанных с SID запросов. В настоящее время кэширование в быстрой " +"памяти предусмотрено только для запросов SID-по-ID и ID-по-SID. Установка " +"размера в значение «0» отключит кэш SID в памяти." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 +msgid "user_attributes (string)" +msgstr "user_attributes (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1336 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" +"Некоторые из дополнительных запросов ответчика NSS могут возвращать больше " +"атрибутов, чем просто атрибуты POSIX, определённые интерфейсом NSS. Этот " +"параметр управляет списком атрибутов. Обработка выполняется тем же способом, " +"что и для параметра <quote>user_attributes</quote> ответчика InfoPipe (см. " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>), но без стандартных значений." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1349 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" +"Для упрощения настройки ответчик NSS проверит параметр InfoPipe на то, задан " +"ли он для ответчика NSS." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1354 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "По умолчанию: не задано, использовать параметр InfoPipe" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1359 +msgid "pwfield (string)" +msgstr "pwfield (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1362 +msgid "" +"The value that NSS operations that return users or groups will return for " +"the <quote>password</quote> field." +msgstr "" +"Значение, которое операции NSS, возвращающие пользователей или группы, " +"вернут для поля <quote>password</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1367 +msgid "Default: <quote>*</quote>" +msgstr "По умолчанию: <quote>*</quote>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1370 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[nss] section." +msgstr "" +"Примечание: этот параметр также можно задать для каждого домена отдельно, " +"что будет иметь приоритет над значением в разделе [nss]." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1374 +#, fuzzy +#| msgid "" +#| "Default: <quote>not set</quote> (remote domains), <quote>x</quote> (the " +#| "files domain), <quote>x</quote> (proxy domain with nss_files and sssd-" +#| "shadowutils target)" +msgid "" +"Default: <quote>not set</quote> (remote domains), <phrase " +"condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" +"phrase> <quote>x</quote> (proxy domain with nss_files and sssd-shadowutils " +"target)" +msgstr "" +"По умолчанию: <quote>не задано</quote> (удалённые домены), <quote>x</quote> " +"(домен файлов), <quote>x</quote> (домен прокси с nss_files и целью sssd-" +"shadowutils)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1386 +msgid "PAM configuration options" +msgstr "Параметры настройки PAM" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1388 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" +"Эти параметры можно использовать для настройки службы подключаемых модулей " +"проверки подлинности (PAM)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1393 +msgid "offline_credentials_expiration (integer)" +msgstr "offline_credentials_expiration (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1396 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" +"Определяет как долго следует разрешать вход по кэшированным данным, если " +"поставщик данных для аутентификации находится в автономном режиме (в днях с " +"момента последнего успешного входа)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 +msgid "Default: 0 (No limit)" +msgstr "По умолчанию: 0 (без ограничений)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1407 +msgid "offline_failed_login_attempts (integer)" +msgstr "offline_failed_login_attempts (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1410 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" +"Если поставщик данных для проверки подлинности находится в автономном " +"режиме, сколько следует допускать неудачных попыток входа." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1420 +msgid "offline_failed_login_delay (integer)" +msgstr "offline_failed_login_delay (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1423 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" +"Время в минутах, которое должно пройти после достижения значения " +"offline_failed_login_attempts, прежде чем станет возможной новая попытка " +"входа." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1428 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" +"Если задано значение «0», пользователь не сможет пройти проверку подлинности " +"в автономном режиме после достижения значения offline_failed_login_attempts. " +"Для того, чтобы проверка подлинности в автономном режиме снова стала " +"возможной, необходимо успешно пройти проверку подлинности в сетевом режиме." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 +msgid "Default: 5" +msgstr "По умолчанию: 5" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1440 +msgid "pam_verbosity (integer)" +msgstr "pam_verbosity (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1443 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" +"Управляет тем, какие сообщения будут показаны пользователю во время проверки " +"подлинности. Чем больше число, тем больше сообщений будет показано." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1448 +msgid "Currently sssd supports the following values:" +msgstr "В настоящее время sssd поддерживает следующие значения:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1451 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "<emphasis>0</emphasis>: не показывать никаких сообщений" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1454 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "<emphasis>1</emphasis>: показывать только важные сообщения" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1458 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "<emphasis>2</emphasis>: показывать информационные сообщения" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" +"<emphasis>3</emphasis>: показывать все сообщения и отладочную информацию" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1465 sssd.8.xml:63 +msgid "Default: 1" +msgstr "По умолчанию: 1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1471 +msgid "pam_response_filter (string)" +msgstr "pam_response_filter (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1474 +msgid "" +"A comma separated list of strings which allows to remove (filter) data sent " +"by the PAM responder to pam_sss PAM module. There are different kind of " +"responses sent to pam_sss e.g. messages displayed to the user or environment " +"variables which should be set by pam_sss." +msgstr "" +"Разделённый запятыми список строк, который позволяет удалять (фильтровать) " +"данные, отправленные ответчиком PAM модулю PAM pam_sss. Ответы, которые " +"отправляются pam_sss, могут быть разного вида (например, сообщения, которые " +"показываются пользователю, или переменные среды, которые должны быть " +"установлены pam_sss)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1482 +msgid "" +"While messages already can be controlled with the help of the pam_verbosity " +"option this option allows to filter out other kind of responses as well." +msgstr "" +"Сообщениями можно управлять с помощью параметра pam_verbosity, а этот " +"параметр позволяет отфильтровать также и другие типы ответов." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1489 +msgid "ENV" +msgstr "ENV" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1490 +msgid "Do not send any environment variables to any service." +msgstr "Не отправлять никаким службам никакие переменные среды." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1493 +msgid "ENV:var_name" +msgstr "ENV:var_name" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1494 +msgid "Do not send environment variable var_name to any service." +msgstr "Не отправлять переменную среды var_name никаким службам." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1498 +msgid "ENV:var_name:service" +msgstr "ENV:var_name:service" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1499 +msgid "Do not send environment variable var_name to service." +msgstr "Не отправлять переменную среды var_name указанной службе." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1487 +msgid "" +"Currently the following filters are supported: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"В настоящее время поддерживаются следующие фильтры: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1506 +msgid "" +"The list of strings can either be the list of filters which would set this " +"list of filters and overwrite the defaults. Or each element of the list can " +"be prefixed by a '+' or '-' character which would add the filter to the " +"existing default or remove it from the defaults, respectively. Please note " +"that either all list elements must have a '+' or '-' prefix or none. It is " +"considered as an error to mix both styles." +msgstr "" +"Список строк может представлять собой список фильтров, который установит эти " +"фильтры, перезаписав стандартные значения. Либо каждый элемент списка может " +"предваряться символом «+» или «-», что, соответственно, добавит этот фильтр " +"к существующим стандартным фильтрам или удалит его из стандартных фильтров. " +"Обратите внимание, что следует либо использовать префикс «+» или «-» для " +"всех элементов списка, либо не использовать его вообще. Использование " +"префикса только для части элементов списка считается ошибкой." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1517 +msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" +msgstr "По умолчанию: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1520 +msgid "" +"Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" +msgstr "Пример: -ENV:KRB5CCNAME:sudo-i удалит фильтр из списка стандартных" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1527 +msgid "pam_id_timeout (integer)" +msgstr "pam_id_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1530 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" +"При любом запросе PAM, поступающем во время работы SSSD в сети, SSSD " +"выполняет попытку незамедлительно обновить кэшированные данные идентификации " +"пользователя, чтобы при проверке подлинности использовались самые последние " +"данные." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1536 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" +"Полный обмен данными PAM может включать несколько запросов PAM (в частности, " +"для управления учётными записями и открытия сеансов). Этот параметр " +"управляет (для каждого клиента-приложения отдельно) длительностью (в " +"секундах) кэширования данных идентификации, позволяющего избежать повторных " +"обменов данными с поставщиком данных идентификации." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1550 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "pam_pwd_expiration_warning (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 +msgid "Display a warning N days before the password expires." +msgstr "Показать предупреждение за N дней до истечения срока действия пароля." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1556 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" +"Обратите внимание, что внутренний сервер должен предоставить информацию о " +"времени истечения срока действия пароля. Если она отсутствует, sssd не " +"сможет показать предупреждение." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" +"Если указан ноль, этот фильтр не применяется: если от внутреннего сервера " +"было получено предупреждение об истечении строка действия, оно будет " +"показано автоматически." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1567 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" +"Этот параметр можно переопределить, установив " +"<emphasis>pwd_expiration_warning</emphasis> для конкретного домена." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 +msgid "Default: 0" +msgstr "По умолчанию: 0" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1589 +msgid "pam_trusted_users (string)" +msgstr "pam_trusted_users (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1592 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to run PAM conversations against trusted domains. Users not " +"included in this list can only access domains marked as public with " +"<quote>pam_public_domains</quote>. User names are resolved to UIDs at " +"startup." +msgstr "" +"Разделённый запятыми список значений UID или имён пользователей, которым " +"разрешено выполнять обмен данными PAM с доверенными доменами. Пользователям, " +"которые отсутствуют в этом списке, разрешён доступ только к доменам, " +"отмеченным как общедоступные с помощью параметра <quote>pam_public_domains</" +"quote>. Имена пользователей разрешаются в UID при запуске." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 +msgid "Default: All users are considered trusted by default" +msgstr "По умолчанию: все пользователи считаются доверенными по умолчанию" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1606 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" +"Обратите внимание, что UID 0 всегда разрешён доступ к ответчику PAM, даже " +"если этот идентификатор пользователя отсутствует в списке pam_trusted_users." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "pam_public_domains (string)" +msgstr "pam_public_domains (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" +"Разделённый запятыми список имён доменов, которые доступны даже для " +"недоверенных пользователей." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1620 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "Для параметра pam_public_domains определены два специальных значения:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1624 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" +"all (недоверенным пользователя разрешён доступ ко всем доменам в ответчике " +"PAM)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1628 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" +"none (недоверенным пользователя запрещён доступ ко всем доменам в ответчике " +"PAM)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 +msgid "Default: none" +msgstr "По умолчанию: none" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1637 +msgid "pam_account_expired_message (string)" +msgstr "pam_account_expired_message (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1640 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" +"Позволяет задать пользовательское сообщение об истечении срока действия, " +"которое заменит стандартное сообщение «Доступ запрещён»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbosity is set to 3 (show all messages and debug information)." +msgstr "" +"Примечание: следует учитывать, что для службы SSH сообщение будет показано " +"только при условии, что параметр pam_verbosity установлен в значение " +"«3» (показывать все сообщения и отладочную информацию)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1653 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" +"pam_account_expired_message = Срок действия учётной записи истёк, обратитесь в службу поддержки.\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1662 +msgid "pam_account_locked_message (string)" +msgstr "pam_account_locked_message (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1665 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" +"Позволяет задать пользовательское сообщение о блокировке, которое заменит " +"стандартное сообщение «Доступ запрещён»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1672 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" +"pam_account_locked_message = Учётная запись заблокирована, обратитесь в службу поддержки.\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1681 +#, fuzzy +#| msgid "pam_cert_auth (bool)" +msgid "pam_passkey_auth (bool)" +msgstr "pam_cert_auth (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 +msgid "Enable passkey device based authentication." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 +msgid "Default: False" +msgstr "По умолчанию: false" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1692 +msgid "passkey_debug_libfido2 (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1695 +msgid "Enable libfido2 library debug messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1703 +msgid "pam_cert_auth (bool)" +msgstr "pam_cert_auth (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1706 +msgid "" +"Enable certificate based Smartcard authentication. Since this requires " +"additional communication with the Smartcard which will delay the " +"authentication process this option is disabled by default." +msgstr "" +"Включить проверку подлинности на основе сертификата или смарт-карты. Так как " +"для этого требуется дополнительный обмен данными со смарт-картой, который " +"задержит процесс проверки подлинности, по умолчанию этот параметр отключён." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1717 +msgid "pam_cert_db_path (string)" +msgstr "pam_cert_db_path (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1720 +msgid "The path to the certificate database." +msgstr "Путь к базе данных сертификатов." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 +msgid "Default:" +msgstr "По умолчанию:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 +msgid "" +"/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " +"certificates in PEM format)" +msgstr "" +"/etc/sssd/pki/sssd_auth_ca_db.pem (путь к файлу с доверенными сертификатами " +"CA в формате PEM)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1735 +msgid "pam_cert_verification (string)" +msgstr "pam_cert_verification (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1738 +msgid "" +"With this parameter the PAM certificate verification can be tuned with a " +"comma separated list of options that override the " +"<quote>certificate_verification</quote> value in <quote>[sssd]</quote> " +"section. Supported options are the same of <quote>certificate_verification</" +"quote>." +msgstr "" +"Этот параметр позволяет выполнить тонкую настройку проверки сертификатов PAM " +"с помощью разделённого запятыми списка параметров. Эти параметры " +"переопределяют значение <quote>certificate_verification</quote> в разделе " +"<quote>[sssd]</quote>. Поддерживаются те же параметры, что и для " +"<quote>certificate_verification</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1749 +#, no-wrap +msgid "" +"pam_cert_verification = partial_chain\n" +" " +msgstr "" +"pam_cert_verification = partial_chain\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1753 +msgid "" +"Default: not set, i.e. use default <quote>certificate_verification</quote> " +"option defined in <quote>[sssd]</quote> section." +msgstr "" +"По умолчанию: не задано, то есть следует использовать стандартный параметр " +"<quote>certificate_verification</quote>, указанный в разделе <quote>[sssd]</" +"quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1760 +msgid "p11_child_timeout (integer)" +msgstr "p11_child_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1763 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" +"Разрешённое количество секунд, в течение которого pam_sss ожидает завершения " +"работы p11_child." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1772 +#, fuzzy +#| msgid "p11_child_timeout (integer)" +msgid "passkey_child_timeout (integer)" +msgstr "p11_child_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1775 +#, fuzzy +#| msgid "How many seconds will pam_sss wait for p11_child to finish." +msgid "" +"How many seconds will the PAM responder wait for passkey_child to finish." +msgstr "" +"Разрешённое количество секунд, в течение которого pam_sss ожидает завершения " +"работы p11_child." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1784 +msgid "pam_app_services (string)" +msgstr "pam_app_services (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1787 +msgid "" +"Which PAM services are permitted to contact domains of type " +"<quote>application</quote>" +msgstr "" +"Указывает, каким службам PAM разрешено устанавливать соединение с доменами " +"типа <quote>application</quote>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1796 +msgid "pam_p11_allowed_services (integer)" +msgstr "pam_p11_allowed_services (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1799 +msgid "" +"A comma-separated list of PAM service names for which it will be allowed to " +"use Smartcards." +msgstr "" +"Разделённый запятыми список имён служб PAM, для которых будет разрешено " +"использовать смарт-карты." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1814 +#, no-wrap +msgid "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " +msgstr "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1803 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in order " +"to replace a default PAM service name for authentication with Smartcards (e." +"g. <quote>login</quote>) with a custom PAM service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Можно добавить имя ещё одной службы PAM в стандартный набор с помощью " +"<quote>+service_name</quote>. Также можно явно удалить имя службы PAM из " +"стандартного набора с помощью <quote>-service_name</quote>. Например, чтобы " +"заменить стандартное имя службы PAM для проверки подлинности с помощью смарт-" +"карт (например, <quote>login</quote>) на пользовательское имя службы PAM " +"(например, <quote>my_pam_service</quote>), необходимо использовать следующую " +"конфигурацию: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd-ad.5.xml:869 sssd-ad.5.xml:947 +msgid "Default: the default set of PAM service names includes:" +msgstr "По умолчанию: стандартный набор имён служб PAM включает:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 +msgid "login" +msgstr "login" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 +msgid "su" +msgstr "su" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 +msgid "su-l" +msgstr "su-l" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 +msgid "gdm-smartcard" +msgstr "gdm-smartcard" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 +msgid "gdm-password" +msgstr "gdm-password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 +msgid "kdm" +msgstr "kdm" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 +msgid "sudo" +msgstr "sudo" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 +msgid "sudo-i" +msgstr "sudo-i" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1863 +msgid "gnome-screensaver" +msgstr "gnome-screensaver" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1871 +msgid "p11_wait_for_card_timeout (integer)" +msgstr "p11_wait_for_card_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1874 +msgid "" +"If Smartcard authentication is required how many extra seconds in addition " +"to p11_child_timeout should the PAM responder wait until a Smartcard is " +"inserted." +msgstr "" +"Когда требуется проверка подлинности по смарт-карте, этот параметр " +"определяет, в течение какого количества секунд (в дополнение к значению " +"p11_child_timeout) ответчик PAM должен ожидать вставки смарт-карты." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1885 +msgid "p11_uri (string)" +msgstr "p11_uri (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1888 +msgid "" +"PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " +"selection of devices used for Smartcard authentication. By default SSSD's " +"p11_child will search for a PKCS#11 slot (reader) where the 'removable' " +"flags is set and read the certificates from the inserted token from the " +"first slot found. If multiple readers are connected p11_uri can be used to " +"tell p11_child to use a specific reader." +msgstr "" +"URI PKCS#11 (подробное описание доступно в RFC-7512) для ограничения перечня " +"устройств с проверкой подлинности по смарт-карте. По умолчанию p11_child " +"SSSD выполняет поиск слота PKCS#11 (устройства чтения) с установленным " +"флагом «removable» и затем чтение сертификатов со вставленного маркера из " +"первого найденного слота. Если подключено несколько устройств чтения, с " +"помощью p11_uri можно указать p11_child использовать конкретное устройство " +"чтения." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1901 +#, no-wrap +msgid "" +"p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" +" " +msgstr "" +"p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1905 +#, no-wrap +msgid "" +"p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +" " +msgstr "" +"p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1899 +msgid "" +"Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " +"type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " +"debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' " +"with e.g. the '--list-all' will show PKCS#11 URIs as well." +msgstr "" +"Пример: <placeholder type=\"programlisting\" id=\"0\"/> или <placeholder " +"type=\"programlisting\" id=\"1\"/> Чтобы найти подходящий URI, проверьте " +"отладочный вывод p11_child. Либо можно использовать утилиту «p11tool» " +"GnuTLS, например, с параметром «--list-all»: это тоже позволит просмотреть " +"URI PKCS#11." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1918 +msgid "pam_initgroups_scheme" +msgstr "pam_initgroups_scheme" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1926 +msgid "always" +msgstr "always" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1927 +msgid "" +"Always do an online lookup, please note that pam_id_timeout still applies" +msgstr "" +"Всегда выполнять поиск в сети (обратите внимание, что параметр " +"pam_id_timeout всё равно применяется)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1931 +msgid "no_session" +msgstr "no_session" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1932 +msgid "" +"Only do an online lookup if there is no active session of the user, i.e. if " +"the user is currently not logged in" +msgstr "" +"Выполнять поиск в сети только при отсутствии активного сеанса пользователя, " +"то есть тогда, когда пользователь не находится в системе" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1937 +msgid "never" +msgstr "never" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1938 +msgid "" +"Never force an online lookup, use the data from the cache as long as they " +"are not expired" +msgstr "" +"Никогда не выполнять поиск в сети принудительно, использовать данные из кэша " +"до тех пор, пока они не устареют" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1921 +msgid "" +"The PAM responder can force an online lookup to get the current group " +"memberships of the user trying to log in. This option controls when this " +"should be done and the following values are allowed: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Ответчик PAM может принудительно запустить поиск в сети для получения данных " +"об участии в группах того пользователя, который пытается войти в систему. " +"Этот параметр управляет тем, когда это следует делать, и имеет следующие " +"допустимые значения: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1945 +msgid "Default: no_session" +msgstr "По умолчанию: no_session" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 +msgid "pam_gssapi_services" +msgstr "pam_gssapi_services" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1953 +msgid "" +"Comma separated list of PAM services that are allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" +"Разделённый запятыми список служб PAM, которым разрешено пытаться выполнить " +"проверку подлинности по GSSAPI с помощью модуля pam_sss_gss.so." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1958 +msgid "" +"To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." +msgstr "" +"Чтобы отключить проверку подлинности с помощью GSSAPI, установите этот " +"параметр в значение <quote>-</quote> (дефис)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[pam] section. It can also be set for trusted domain which overwrites the " +"value in the domain section." +msgstr "" +"Примечание: этот параметр также можно задать для каждого домена отдельно, " +"что будет иметь приоритет над значением в разделе [pam]. Также этот параметр " +"можно задать для доверенного домена, что будет иметь приоритет над значением " +"в разделе домена." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1970 +#, no-wrap +msgid "" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" +"pam_gssapi_services = sudo, sudo-i\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "Пример: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1974 +msgid "Default: - (GSSAPI authentication is disabled)" +msgstr "По умолчанию: - (проверка подлинности с помощью GSSAPI отключена)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 +msgid "pam_gssapi_check_upn" +msgstr "pam_gssapi_check_upn" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1982 +msgid "" +"If True, SSSD will require that the Kerberos user principal that " +"successfully authenticated through GSSAPI can be associated with the user " +"who is being authenticated. Authentication will fail if the check fails." +msgstr "" +"Если значение «True», SSSD будет требоваться наличие привязки участника-" +"пользователя Kerberos, который успешно прошёл проверку подлинности с помощью " +"GSSAPI, к пользователю, проверка подлинности которого выполняется. Если " +"такой привязки нет, проверка подлинности завершится ошибкой." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1989 +msgid "" +"If False, every user that is able to obtained required service ticket will " +"be authenticated." +msgstr "" +"Если значение «False», проверка подлинности будет выполняться для всех " +"пользователей, получивших необходимый билет службы." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 +#: sssd-files.5.xml:145 +msgid "Default: True" +msgstr "По умолчанию: true" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2004 +msgid "pam_gssapi_indicators_map" +msgstr "pam_gssapi_indicators_map" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2007 +msgid "" +"Comma separated list of authentication indicators required to be present in " +"a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" +"Разделённый запятыми список индикаторов проверки подлинности, которые должны " +"присутствовать в билете Kerberos для получения доступа к службе PAM, которой " +"разрешено пытаться выполнить проверку подлинности по GSSAPI с помощью модуля " +"pam_sss_gss.so." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2013 +msgid "" +"Each element of the list can be either an authentication indicator name or a " +"pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " +"service name will be required to access any PAM service configured to be " +"used with <option>pam_gssapi_services</option>. A resulting list of " +"indicators per PAM service is then checked against indicators in the " +"Kerberos ticket during authentication by pam_sss_gss.so. Any indicator from " +"the ticket that matches the resulting list of indicators for the PAM service " +"would grant access. If none of the indicators in the list match, access will " +"be denied. If the resulting list of indicators for the PAM service is empty, " +"the check will not prevent the access." +msgstr "" +"Каждый элемент списка может быть либо именем индикатора проверки " +"подлинности, либо парой <quote>service:indicator</quote>. Индикаторы, " +"которые не предваряются именем службы PAM, будут требоваться для доступа к " +"любой службе PAM, настроенной на использование с " +"<option>pam_gssapi_services</option>. Итоговый список индикаторов для " +"отдельной службы PAM затем проверяется на соответствие индикаторам в билете " +"Kerberos во время проверки подлинности с помощью pam_sss_gss.so. Доступ " +"будет предоставлен, если в билете будет найден индикатор, совпадающий с " +"индикатором из итогового списка индикаторов для соответствующей службы PAM. " +"Доступ будет запрещён, если в списке не обнаружатся совпадающие индикаторы. " +"Если итоговый список индикаторов для службы PAM пуст, проверка не закроет " +"доступ." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"To disable GSSAPI authentication indicator check, set this option to <quote>-" +"</quote> (dash). To disable the check for a specific PAM service, add " +"<quote>service:-</quote>." +msgstr "" +"Чтобы отключить проверку индикаторов для проверки подлинности с помощью " +"GSSAPI, установите этот параметр в значение <quote>-</quote> (дефис). Чтобы " +"отключить проверку индикаторов для определённой службы PAM, добавьте " +"<quote>service:-</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "" +"Following authentication indicators are supported by IPA Kerberos " +"deployments:" +msgstr "" +"В развёрнутых системах IPA с Kerberos предусмотрена поддержка следующих " +"индикаторов проверки подлинности:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"pkinit -- pre-authentication using X.509 certificates -- whether stored in " +"files or on smart cards." +msgstr "" +"pkinit — предварительная проверка подлинности с помощью сертификатов X.509, " +"которые хранятся в файлах или на смарт-картах." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2043 +msgid "" +"hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " +"FAST channel." +msgstr "" +"hardened — предварительная проверка подлинности SPAKE или любая " +"предварительная проверка подлинности, помещённая в канал FAST." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2046 +msgid "radius -- pre-authentication with the help of a RADIUS server." +msgstr "" +"radius — предварительная проверка подлинности с помощью сервера RADIUS." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2049 +msgid "" +"otp -- pre-authentication using integrated two-factor authentication (2FA or " +"one-time password, OTP) in IPA." +msgstr "" +"otp — предварительная проверка подлинности с помощью встроенной " +"двухфакторной аутентификации (2FA или одноразовый пароль, OTP) в IPA." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2052 +msgid "idp -- pre-authentication using external identity provider." +msgstr "" +"idp -- предварительная аутентификация с использованием внешнего поставщика " +"удостоверений." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:2062 +#, no-wrap +msgid "" +"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" +" " +msgstr "" +"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2057 +msgid "" +"Example: to require access to SUDO services only for users which obtained " +"their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " +"set <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Пример: чтобы доступ к службам SUDO предоставлялся только пользователям, " +"которые получили свои билеты Kerberos с предварительной проверкой " +"подлинности сертификата X.509 (PKINIT), укажите <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2066 +msgid "Default: not set (use of authentication indicators is not required)" +msgstr "" +"По умолчанию: не задано (использование индикаторов проверки подлинности не " +"требуется)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2074 +msgid "SUDO configuration options" +msgstr "Параметры настройки SUDO" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2076 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Эти параметры можно использовать для настройки службы sudo. Подробные " +"инструкции по настройке <citerefentry> <refentrytitle>sudo</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> для работы с <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"доступны на справочной странице <citerefentry> <refentrytitle>sssd-sudo</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2093 +msgid "sudo_timed (bool)" +msgstr "sudo_timed (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2096 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" +"Следует ли обрабатывать атрибуты sudoNotBefore и sudoNotAfter, " +"предназначенные для определения временных ограничений для записей sudoers." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2108 +msgid "sudo_threshold (integer)" +msgstr "sudo_threshold (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2111 +msgid "" +"Maximum number of expired rules that can be refreshed at once. If number of " +"expired rules is below threshold, those rules are refreshed with " +"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a " +"<quote>full refresh</quote> of sudo rules is triggered instead. This " +"threshold number also applies to IPA sudo command and command group searches." +msgstr "" +"Максимальное количество устаревших правил, которые можно обновить за один " +"раз. Если количество устаревших правил меньше заданного порогового значения, " +"эти правила обновляются с помощью механизма <quote>обновления правил</" +"quote>. Если пороговое значение превышено, будет использоваться механизм " +"<quote>полного обновления</quote>. Это пороговое значение также применяется " +"к поискам команд и групп команд sudo IPA." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2130 +msgid "AUTOFS configuration options" +msgstr "Параметры настройки AUTOFS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2132 +msgid "These options can be used to configure the autofs service." +msgstr "Эти параметры можно использовать для настройки службы autofs." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2136 +msgid "autofs_negative_timeout (integer)" +msgstr "autofs_negative_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2139 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"Означает количество секунд, в течение которого в кэше ответчика autofs будут " +"храниться неудачные обращения к кэшу (запросы некорректных записей карты, " +"например, несуществующих) перед повторным запросом к внутреннему серверу." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2155 +msgid "SSH configuration options" +msgstr "Параметры настройки SSH" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2157 +msgid "These options can be used to configure the SSH service." +msgstr "Эти параметры можно использовать для настройки службы SSH." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2161 +msgid "ssh_hash_known_hosts (bool)" +msgstr "ssh_hash_known_hosts (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2164 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" +"Следует ли хэшировать имена и адреса узлов в управляемом файле known_hosts." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2173 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "ssh_known_hosts_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2176 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" +"Разрешённое количество секунд, в течение которого узел хранится в " +"управляемом файле known_hosts после запроса ключей этого узла." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2180 +msgid "Default: 180" +msgstr "По умолчанию: 180" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2185 +msgid "ssh_use_certificate_keys (bool)" +msgstr "ssh_use_certificate_keys (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2188 +msgid "" +"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " +"keys derived from the public key of X.509 certificates stored in the user " +"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details." +msgstr "" +"Если задано значение «true», команда <command>sss_ssh_authorizedkeys</" +"command> вернёт ключи SSH, производные от открытого ключа сертификатов " +"X.509, которые также хранятся в записи пользователя. Подробнее: " +"<citerefentry> <refentrytitle>sss_ssh_authorizedkeys</refentrytitle> " +"<manvolnum>1</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2203 +msgid "ssh_use_certificate_matching_rules (string)" +msgstr "ssh_use_certificate_matching_rules (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2206 +msgid "" +"By default the ssh responder will use all available certificate matching " +"rules to filter the certificates so that ssh keys are only derived from the " +"matching ones. With this option the used rules can be restricted with a " +"comma separated list of mapping and matching rule names. All other rules " +"will be ignored." +msgstr "" +"По умолчанию ответчик SSH использует все доступные правила сопоставления " +"сертификатов для фильтрации сертификатов, поэтому ключи SSH будут " +"создаваться на основе только тех сертификатов, для которых было установлено " +"соответствие. Этот параметр позволяет ограничить используемые правила " +"разделённым запятыми списком имён правил привязки и сопоставления. Все " +"другие правила будут игнорироваться." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2215 +msgid "" +"There are two special key words 'all_rules' and 'no_rules' which will enable " +"all or no rules, respectively. The latter means that no certificates will be " +"filtered out and ssh keys will be generated from all valid certificates." +msgstr "" +"Два особых ключевых слова «all_rules» и «no_rules» позволяют, " +"соответственно, включить все правила или не включать их вообще. Последнее " +"означает, что фильтрация сертификатов не будет выполняться; следовательно, " +"ключи SSH будут создаваться на основе всех действительных сертификатов." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2222 +msgid "" +"If no rules are configured using 'all_rules' will enable a default rule " +"which enables all certificates suitable for client authentication. This is " +"the same behavior as for the PAM responder if certificate authentication is " +"enabled." +msgstr "" +"Если не настроено никаких правил, использование «all_rules» приведёт к " +"включению стандартного правила, которое разрешает использовать все " +"сертификаты, подходящие для проверки подлинности клиента. Это поведение " +"соответствует поведению ответчика PAM в том случае, когда включена проверка " +"подлинности сертификатов." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2229 +msgid "" +"A non-existing rule name is considered an error. If as a result no rule is " +"selected all certificates will be ignored." +msgstr "" +"Несуществующее имя правила считается ошибкой. Если в результате не будет " +"выбрано ни одного правила, все сертификаты будут проигнорированы." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2234 +msgid "" +"Default: not set, equivalent to 'all_rules', all found rules or the default " +"rule are used" +msgstr "" +"По умолчанию: не задано, равнозначно «all_rules», используются все найденные " +"правила или правило по умолчанию" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2240 +msgid "ca_db (string)" +msgstr "ca_db (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2243 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" +"Путь к хранилищу доверенных сертификатов CA. Параметр используется для " +"проверки сертификатов пользователей перед получением из них открытых ключей " +"SSH." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2263 +msgid "PAC responder configuration options" +msgstr "Параметры настройки ответчика PAC" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2265 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. If " +"the PAC is decoded and evaluated some of the following operations are done:" +msgstr "" +"Ответчик PAC работает совместно с модулем данных проверки подлинности " +"sssd_pac_plugin.so для MIT Kerberos и поставщиком данных поддоменов. Этот " +"модуль отправляет данные PAC ответчику PAC во время проверки подлинности с " +"помощью GSSAPI. Поставщик данных поддоменов собирает данные по диапазонам " +"SID и ID домена, к которому присоединён клиент, а также удалённых доверенных " +"доменов с локального контроллера доменов. Если PAC расшифровывается и " +"обрабатывается, выполняются некоторые из следующих операций:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2274 +msgid "" +"If the remote user does not exist in the cache, it is created. The UID is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"GID will have the same value as the UID. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" +"Если запись удалённого пользователя отсутствует в кэше, она будет создана. " +"UID определяется с помощью SID, у доверенных доменов будут UPG, а GID будет " +"иметь то же значение, что и UID. Домашний каталог устанавливается на основе " +"значения параметра subdomain_homedir. По умолчанию значение оболочки будет " +"пустым, то есть будут использованы стандартные параметры системы, но их " +"можно переопределить с помощью параметра default_shell." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2282 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" +"Если имеются SID групп из известных SSSD доменов, пользователь будет " +"добавлен в эти группы." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2288 +msgid "These options can be used to configure the PAC responder." +msgstr "Эти параметры можно использовать для настройки ответчика PAC." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 +msgid "allowed_uids (string)" +msgstr "allowed_uids (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2295 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" +"Разделённый запятыми список значений UID или имён пользователей, которым " +"разрешён доступ к ответчику PAC. Имена пользователей разрешаются в UID при " +"запуске." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2301 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" +"По умолчанию: 0 (доступ к ответчику PAC разрешён только пользователю root)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2305 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" +"Обратите внимание: несмотря на то, что в качестве стандартного значения " +"используется UID 0, оно будет перезаписано этим параметром. Если всё равно " +"требуется разрешить пользователю root доступ к ответчику PAC (типичный " +"случай), будет необходимо добавить запись «0» в список UID, которым разрешён " +"доступ." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2314 +msgid "pac_lifetime (integer)" +msgstr "pac_lifetime (целое число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2317 +msgid "" +"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " +"data can be used to determine the group memberships of a user." +msgstr "" +"Время жизни записи PAC (в секундах). Пока запись PAC действительна, данные " +"PAC можно использовать для определения участия пользователя в группах." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2327 +msgid "pac_check (string)" +msgstr "pac_check (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2330 +msgid "" +"Apply additional checks on the PAC of the Kerberos ticket which is available " +"in Active Directory and FreeIPA domains, if configured. Please note that " +"Kerberos ticket validation must be enabled to be able to check the PAC, i.e. " +"the krb5_validate option must be set to 'True' which is the default for the " +"IPA and AD provider. If krb5_validate is set to 'False' the PAC checks will " +"be skipped." +msgstr "" +"Если настроено, применить дополнительные проверки к PAC билету Kerberos, " +"доступному в доменах Active Directory и FreeIPA. Обратите внимание, что для " +"проверки PAC должна быть включена проверка билетов Kerberos, то есть для " +"параметра krb5_validate должно быть установлено значение «True», которое " +"является значением по умолчанию для поставщиков данных IPA и AD. Если для " +"параметра krb5_validate установлено значение «False», проверка PAC будет " +"пропущена." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2344 +msgid "no_check" +msgstr "no_check" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2346 +msgid "" +"The PAC must not be present and even if it is present no additional checks " +"will be done." +msgstr "" +"PAC не должен присутствовать, и даже если он имеется, никакие дополнительные " +"проверки выполняться не будут." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2352 +msgid "pac_present" +msgstr "pac_present" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2354 +msgid "" +"The PAC must be present in the service ticket which SSSD will request with " +"the help of the user's TGT. If the PAC is not available the authentication " +"will fail." +msgstr "" +"PAC должен присутствовать в билете службы, который SSSD запрашивает с " +"помощью TGT пользователя. Если PAC недоступен, аутентификация завершится " +"ошибкой." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2362 +msgid "check_upn" +msgstr "check_upn" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2364 +msgid "" +"If the PAC is present check if the user principal name (UPN) information is " +"consistent." +msgstr "" +"Если PAC присутствует, проверить, что информация об основном имени " +"пользователя (UPN) верна." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2370 +msgid "check_upn_allow_missing" +msgstr "check_upn_allow_missing" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2372 +msgid "" +"This option should be used together with 'check_upn' and handles the case " +"where a UPN is set on the server-side but is not read by SSSD. The typical " +"example is a FreeIPA domain where 'ldap_user_principal' is set to a not " +"existing attribute name. This was typically done to work-around issues in " +"the handling of enterprise principals. But this is fixed since quite some " +"time and FreeIPA can handle enterprise principals just fine and there is no " +"need anymore to set 'ldap_user_principal'." +msgstr "" +"Этот параметр следует использовать вместе с 'check_upn' и он обрабатывает " +"случай, когда для UPN установлено значение на стороне сервера, но не " +"читается SSSD. Типичным примером является домен FreeIPA, в котором для " +"'ldap_user_principal' установлено название не существующего атрибута. Обычно " +"это делалось для обхода проблем при обработке корпоративных регистрационных " +"записей. Но это исправлено довольно давно, и FreeIPA может обрабатывать " +"корпоративные регистрационные записи, поэтому больше нет необходимости " +"устанавливать 'ldap_user_principal'." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2384 +msgid "" +"Currently this option is set by default to avoid regressions in such " +"environments. A log message will be added to the system log and SSSD's debug " +"log in case a UPN is found in the PAC but not in SSSD's cache. To avoid this " +"log message it would be best to evaluate if the 'ldap_user_principal' option " +"can be removed. If this is not possible, removing 'check_upn' will skip the " +"test and avoid the log message." +msgstr "" +"В настоящее время этот параметр установлен по умолчанию, чтобы избежать " +"регрессии в подобных средах. В системный журнал и журнал отладки SSSD будет " +"добавлено сообщение в случае обнаружения UPN в PAC, но не в кэше SSSD. Чтобы " +"избежать появления такого сообщения, проверьте, можно ли удалить параметр " +"'ldap_user_principal'. Если это невозможно, удаление 'check_upn' приведет к " +"пропуску проверки и сообщение не появится в журнале." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2398 +msgid "upn_dns_info_present" +msgstr "upn_dns_info_present" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2400 +msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." +msgstr "" +"PAC должен содержать буфер UPN-DNS-INFO, неявным образом устанавливает " +"'check_upn'." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2405 +msgid "check_upn_dns_info_ex" +msgstr "check_upn_dns_info_ex" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2407 +msgid "" +"If the PAC is present and the extension to the UPN-DNS-INFO buffer is " +"available check if the information in the extension is consistent." +msgstr "" +"Если PAC присутствует и доступно расширение буфера UPN-DNS-INFO, проверить, " +"согласованы ли данные в расширении." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2414 +msgid "upn_dns_info_ex_present" +msgstr "upn_dns_info_ex_present" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2416 +msgid "" +"The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " +"'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." +msgstr "" +"PAC должен содержать расширение буфера UPN-DNS-INFO, неявным образом " +"устанавливает 'check_upn_dns_info_ex', 'upn_dns_info_present' и 'check_upn'." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2340 +msgid "" +"The following options can be used alone or in a comma-separated list: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Следующие параметры можно использовать отдельно или в виде разделённого " +"запятыми списка: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2426 +msgid "" +"Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " +"check_upn_dns_info_ex')" +msgstr "" +"По умолчанию: no_check (для поставщиков AD и IPA — 'check_upn, " +"check_upn_allow_missing, check_upn_dns_info_ex')" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2435 +msgid "Session recording configuration options" +msgstr "Параметры настройки записи сеансов" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2437 +msgid "" +"Session recording works in conjunction with <citerefentry> " +"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>, a part of tlog package, to log what users see and type when " +"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-" +"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Запись сеансов работает совместно с <citerefentry> <refentrytitle>tlog-rec-" +"session</refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, частью " +"пакета tlog, обеспечивая ведение журнала данных, которые пользователи видят " +"и вводят после входа на текстовый терминал. См. также <citerefentry> " +"<refentrytitle>sssd-session-recording</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2450 +msgid "These options can be used to configure session recording." +msgstr "Эти параметры можно использовать для настройки записи сеансов." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 +msgid "scope (string)" +msgstr "scope (строка)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 +msgid "\"none\"" +msgstr "«none»" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 +msgid "No users are recorded." +msgstr "Пользователи не записываются." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 +msgid "\"some\"" +msgstr "«some»" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 +msgid "" +"Users/groups specified by <replaceable>users</replaceable> and " +"<replaceable>groups</replaceable> options are recorded." +msgstr "" +"Записываются пользователи и группы, указанные с помощью параметров " +"<replaceable>users</replaceable> и <replaceable>groups</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 +msgid "\"all\"" +msgstr "«all»" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 +msgid "All users are recorded." +msgstr "Записываются все пользователи." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 +msgid "" +"One of the following strings specifying the scope of session recording: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Одна из следующих строк, которые определяют область записи сеанса: " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 +msgid "Default: \"none\"" +msgstr "По умолчанию: «none»" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 +msgid "users (string)" +msgstr "users (строка)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 +msgid "" +"A comma-separated list of users which should have session recording enabled. " +"Matches user names as returned by NSS. I.e. after the possible space " +"replacement, case changes, etc." +msgstr "" +"Разделённый запятыми список пользователей, для которых включена запись " +"сеансов. Соответствие списку устанавливается по именам пользователей, " +"возвращённым NSS, то есть после возможной замены пробелов, смены регистра и " +"так далее." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 +msgid "Default: Empty. Matches no users." +msgstr "По умолчанию: пусто. Не соответствует ни одному пользователю." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 +msgid "groups (string)" +msgstr "groups (строка)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 +msgid "" +"A comma-separated list of groups, members of which should have session " +"recording enabled. Matches group names as returned by NSS. I.e. after the " +"possible space replacement, case changes, etc." +msgstr "" +"Разделённый запятыми список групп, для участников которых включена запись " +"сеансов. Соответствие списку устанавливается по именам групп, возвращённым " +"NSS, то есть после возможной замены пробелов, смены регистра и так далее." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 +#: sssd-session-recording.5.xml:161 +msgid "" +"NOTE: using this option (having it set to anything) has a considerable " +"performance cost, because each uncached request for a user requires " +"retrieving and matching the groups the user is member of." +msgstr "" +"ПРИМЕЧАНИЕ: использование этого параметра (его установка в одно из значений) " +"значительно сказывается на производительности, поскольку при каждом " +"некэшированном запросе данных пользователя требуется выполнить получение и " +"установление соответствия групп, участником которых он является." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 +msgid "Default: Empty. Matches no groups." +msgstr "По умолчанию: пусто. Не соответствует ни одной группе." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 +msgid "exclude_users (string)" +msgstr "exclude_users (строка)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 +msgid "" +"A comma-separated list of users to be excluded from recording, only " +"applicable with 'scope=all'." +msgstr "" +"Разделённый запятыми список пользователей, которые исключаются из записи; " +"применимо только при «scope=all»." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 +msgid "Default: Empty. No users excluded." +msgstr "По умолчанию: пусто. Не исключается ни один пользователь." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 +msgid "exclude_groups (string)" +msgstr "exclude_groups (строка)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 +msgid "" +"A comma-separated list of groups, members of which should be excluded from " +"recording. Only applicable with 'scope=all'." +msgstr "" +"Разделённый запятыми список групп, участники которых исключаются из записи; " +"применимо только при «scope=all»." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 +msgid "Default: Empty. No groups excluded." +msgstr "По умолчанию: пусто. Не исключается ни одна группа." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2568 +msgid "DOMAIN SECTIONS" +msgstr "РАЗДЕЛЫ ДОМЕНА" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2575 +msgid "enabled" +msgstr "enabled" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2578 +msgid "" +"Explicitly enable or disable the domain. If <quote>true</quote>, the domain " +"is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " +"always <quote>disabled</quote>. If this option is not set, the domain is " +"enabled only if it is listed in the domains option in the <quote>[sssd]</" +"quote> section." +msgstr "" +"Явно включить или отключить домен. Если <quote>true</quote>, домен всегда " +"<quote>включён</quote>. Если <quote>false</quote>, домен всегда " +"<quote>отключён</quote>. Если значение параметра не задано, домен будет " +"включён только в том случае, если он находится в списке, указанном с помощью " +"параметра domains в разделе <quote>[sssd]</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2590 +msgid "domain_type (string)" +msgstr "domain_type (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2593 +msgid "" +"Specifies whether the domain is meant to be used by POSIX-aware clients such " +"as the Name Service Switch or by applications that do not need POSIX data to " +"be present or generated. Only objects from POSIX domains are available to " +"the operating system interfaces and utilities." +msgstr "" +"Указывает, предназначен ли домен для использования клиентами, " +"поддерживающими POSIX (например, NSS), или приложениями, которым не " +"требуется наличие или создание данных POSIX. Интерфейсам и утилитам " +"операционной системы доступны только объекты из доменов POSIX." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2601 +msgid "" +"Allowed values for this option are <quote>posix</quote> and " +"<quote>application</quote>." +msgstr "" +"Допустимые значение этого параметра: <quote>posix</quote> и " +"<quote>application</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2605 +msgid "" +"POSIX domains are reachable by all services. Application domains are only " +"reachable from the InfoPipe responder (see <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>) and the PAM responder." +msgstr "" +"Домены POSIX доступны для всех служб. Домены приложений доступны только для " +"ответчика InfoPipe (см. <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) и ответчика PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2613 +msgid "" +"NOTE: The application domains are currently well tested with " +"<quote>id_provider=ldap</quote> only." +msgstr "" +"ПРИМЕЧАНИЕ: в настоящее время тщательно тестируются только домены приложений " +"с <quote>id_provider=ldap</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2617 +msgid "" +"For an easy way to configure a non-POSIX domains, please see the " +"<quote>Application domains</quote> section." +msgstr "" +"Описание простого способа настройки доменов не-POSIX доступно в разделе " +"<quote>Домены приложений</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2621 +msgid "Default: posix" +msgstr "По умолчанию: posix" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2627 +msgid "min_id,max_id (integer)" +msgstr "min_id,max_id (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2630 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" +"Пределы диапазона UID и GID для домена. Если домен содержит запись, " +"находящуюся вне указанного диапазона, она будет проигнорирована." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2635 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" +"Что касается записей пользователей, этот параметр ограничивает диапазон " +"основного GID. Запись пользователя не будет возвращена в NSS, если UID или " +"основной GID находится за пределами диапазона. Находящиеся в пределах " +"диапазона записи пользователей, которые не являются участниками основной " +"группы, будут выведены в обычном режиме." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2642 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" +"Эти пределы диапазона идентификаторов влияют даже на сохранение записей в " +"кэш, а не только на их возврат по имени или идентификатору." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2646 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "По умолчанию: 1 для min_id, 0 (без ограничений) для max_id" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2652 +msgid "enumerate (bool)" +msgstr "enumerate (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2655 +msgid "" +"Determines if a domain can be enumerated, that is, whether the domain can " +"list all the users and group it contains. Note that it is not required to " +"enable enumeration in order for secondary groups to be displayed. This " +"parameter can have one of the following values:" +msgstr "" +"Определяет, можно ли выполнить перечисление для домена, то есть может ли " +"домен вывести перечень всех содержащихся в нём пользователей и групп. " +"Обратите внимание, что перечисление не требуется включать для просмотра " +"вторичных групп. Этот параметр может иметь одно из следующих значений:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2663 +msgid "TRUE = Users and groups are enumerated" +msgstr "TRUE = пользователи и группы перечисляются" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2666 +msgid "FALSE = No enumerations for this domain" +msgstr "FALSE = для этого домена не выполняется перечисление" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 +msgid "Default: FALSE" +msgstr "По умолчанию: FALSE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2672 +msgid "" +"Enumerating a domain requires SSSD to download and store ALL user and group " +"entries from the remote server." +msgstr "" +"Чтобы выполнить перечисление для домена, SSSD потребуется загрузить и " +"сохранить ВСЕ записи пользователей и групп с удалённого сервера." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2677 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed. This can lead to the <quote>sssd_be</" +"quote> process becoming unresponsive or even restarted by the internal " +"watchdog." +msgstr "" +"Примечание: если включить перечисление, во время его выполнения " +"производительность SSSD умеренно снижается. Перечисление может занять до " +"нескольких минут после запуска SSSD. В это время отдельные запросы " +"информации отправляются непосредственно в LDAP, хотя это может выполняться " +"медленно из-за ресурсоёмкой обработки перечисления. Сохранение большого " +"количества записей в кэш после завершения перечисления также может давать " +"интенсивную вычислительную нагрузку на центральный процессор, так как данные " +"об участии в группах требуется вычислить заново. Это может привести к тому, " +"что процесс <quote>sssd_be</quote> перестанет отвечать или даже будет " +"перезапущен внутренним сторожевым таймером." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2692 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" +"Когда выполняется первое перечисление, запросы полных списков пользователей " +"или групп могут не вернуть результатов до момента завершения перечисления." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2697 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" +"Более того, включение перечисления может увеличить время, необходимое для " +"обнаружения отсутствия подключения к сети, так как для успешного выполнения " +"поисков перечисления требуются более длительные тайм-ауты. Дополнительные " +"сведения доступны на man-страницах конкретного используемого поставщика " +"идентификаторов (id_provider)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2705 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" +"По вышеуказанным причинам не рекомендуется включать перечисление, особенно в " +"средах большого размера." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2713 +msgid "subdomain_enumerate (string)" +msgstr "subdomain_enumerate (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2720 +msgid "all" +msgstr "all" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2721 +msgid "All discovered trusted domains will be enumerated" +msgstr "Выполнить перечисление для всех обнаруженных доверенных доменов" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2724 +msgid "none" +msgstr "none" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2725 +msgid "No discovered trusted domains will be enumerated" +msgstr "Не выполнять перечисление для обнаруженных доверенных доменов" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2716 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" +"Следует ли выполнять перечисление для каких-либо автоматически обнаруженных " +"доверенных доменов. Поддерживаемые значения: <placeholder " +"type=\"variablelist\" id=\"0\"/> При необходимости можно указать список из " +"одного или нескольких имён доверенных доменов, чтобы включить перечисление " +"только для них." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2739 +msgid "entry_cache_timeout (integer)" +msgstr "entry_cache_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2742 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" +"Количество секунд, в течение которого nss_sss следует считать записи " +"действительными, прежде чем снова обратиться к внутреннему серверу" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2746 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" +"Отметки времени устаревания записей кэша хранятся как атрибуты отдельных " +"объектов в кэше. Следовательно, изменение тайм-аута кэша повлияет только на " +"новые добавленные или устаревшие записи. Следует запустить инструмент " +"<citerefentry> <refentrytitle>sss_cache</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> для принудительного обновления записей, которые " +"уже были кэшированы." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2759 +msgid "Default: 5400" +msgstr "По умолчанию: 5400" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2765 +msgid "entry_cache_user_timeout (integer)" +msgstr "entry_cache_user_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2768 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" +"Количество секунд, в течение которого nss_sss следует считать записи " +"пользователей действительными, прежде чем снова обратиться к внутреннему " +"серверу" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 +msgid "Default: entry_cache_timeout" +msgstr "По умолчанию: entry_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2778 +msgid "entry_cache_group_timeout (integer)" +msgstr "entry_cache_group_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2781 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" +"Количество секунд, в течение которого nss_sss следует считать записи групп " +"действительными, прежде чем снова обратиться к внутреннему серверу" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2791 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "entry_cache_netgroup_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2794 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" +"Количество секунд, в течение которого nss_sss следует считать записи сетевых " +"групп действительными, прежде чем снова обратиться к внутреннему серверу" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2804 +msgid "entry_cache_service_timeout (integer)" +msgstr "entry_cache_service_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2807 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" +"Количество секунд, в течение которого nss_sss следует считать записи служб " +"действительными, прежде чем снова обратиться к внутреннему серверу" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2817 +msgid "entry_cache_resolver_timeout (integer)" +msgstr "entry_cache_resolver_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2820 +msgid "" +"How many seconds should nss_sss consider hosts and networks entries valid " +"before asking the backend again" +msgstr "" +"Количество секунд, в течение которого nss_sss следует считать записи узлов и " +"сетей действительными, прежде чем снова обратиться к внутреннему серверу" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2831 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "entry_cache_sudo_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2834 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" +"Количество секунд, в течение которого sudo следует считать правила " +"действительными, прежде чем снова обратиться к внутреннему серверу" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2844 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "entry_cache_autofs_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2847 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" +"Количество секунд, в течение которого службе autofs следует считать карты " +"автоматического монтирования действительными, прежде чем снова обратиться к " +"внутреннему серверу" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2858 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "entry_cache_ssh_host_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2861 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" +"Количество секунд, в течение которого ключ SSH узла хранится после " +"обновления. Иными словами, параметр определяет длительность хранения ключа " +"узла в кэше." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2872 +msgid "entry_cache_computer_timeout (integer)" +msgstr "entry_cache_computer_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2875 +msgid "" +"How many seconds to keep the local computer entry before asking the backend " +"again" +msgstr "" +"Количество секунд, в течение которого следует хранить запись локального " +"компьютера, прежде чем снова обратиться к внутреннему серверу" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2885 +msgid "refresh_expired_interval (integer)" +msgstr "refresh_expired_interval (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2888 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" +"Указывает время ожидания SSSD (в секундах) перед активацией задания фонового " +"обновления всех устаревших или почти устаревших записей." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2893 +msgid "" +"The background refresh will process users, groups and netgroups in the " +"cache. For users who have performed the initgroups (get group membership for " +"user, typically ran at login) operation in the past, both the user entry " +"and the group membership are updated." +msgstr "" +"При фоновом обновлении обрабатываются содержащиеся в кэше записи " +"пользователей, групп и сетевых групп. Обновление как записи пользователя, " +"так и участия в группах выполняется для тех пользователей, для которых ранее " +"выполнялись действия по инициализации групп (получение данных об участии " +"пользователя в группах, обычно выполняется при запуске)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2901 +msgid "This option is automatically inherited for all trusted domains." +msgstr "Этот параметр автоматически наследуется для всех доверенных доменов." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2905 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" +"Рекомендуется установить это значение равным 3/4 * entry_cache_timeout." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2909 +msgid "" +"Cache entry will be refreshed by background task when 2/3 of cache timeout " +"has already passed. If there are existing cached entries, the background " +"task will refer to their original cache timeout values instead of current " +"configuration value. This may lead to a situation in which background " +"refresh task appears to not be working. This is done by design to improve " +"offline mode operation and reuse of existing valid cache entries. To make " +"this change instant the user may want to manually invalidate existing cache." +msgstr "" +"Запись кэша будет обновлена фоновым заданием, если прошло 2/3 времени " +"ожидания устаревания кэша. Если в кэше уже есть записи, фоновое задание " +"будет использовать значения времени ожидания устаревания исходных записей, а " +"не текущее значение конфигурации. Может возникнуть ситуация, в которой будет " +"казаться, что фоновое задание по обновлению записей не работает. Это сделано " +"специально для усовершенствования работы в автономном режиме и повторного " +"использования имеющихся корректных записей в кэше. Чтобы мгновенно выполнить " +"изменение, пользователю следует вручную объявить недействительность " +"существующего кэша." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 +#: sssd-ipa.5.xml:270 +msgid "Default: 0 (disabled)" +msgstr "По умолчанию: 0 (отключено)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2928 +msgid "cache_credentials (bool)" +msgstr "cache_credentials (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2942 +msgid "" +"Take a note that while credentials are stored as a salted SHA512 hash, this " +"still potentially poses some security risk in case an attacker manages to " +"get access to a cache file (normally requires privileged access) and to " +"break a password using brute force attack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2956 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "cache_credentials_minimal_first_factor_length (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2959 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" +"Если используется двухфакторная проверка подлинности (2FA) и следует " +"сохранить учётные данные, это значение определяет минимальную длину первого " +"фактора проверки подлинности (долговременного пароля), который должен быть " +"сохранён в формате контрольной суммы SHA512 в кэше." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2966 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" +"Таким образом удаётся предотвратить ситуацию, когда короткие PIN-коды " +"основанной на PIN-кодах схемы 2FA хранятся в кэше и становятся лёгкой " +"мишенью для атак методом подбора." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2977 +msgid "account_cache_expiration (integer)" +msgstr "account_cache_expiration (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2980 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" +"Количество дней, в течение которого записи хранятся в кэше после последнего " +"успешного входа, прежде чем будут удалены при очистке кэша. Значение «0» " +"означает, что записи будут храниться вечно. Значение этого параметра должно " +"быть больше или равно значению offline_credentials_expiration." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2987 +msgid "Default: 0 (unlimited)" +msgstr "По умолчанию: 0 (без ограничений)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2992 +msgid "pwd_expiration_warning (integer)" +msgstr "pwd_expiration_warning (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3003 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" +"Обратите внимание, что внутренний сервер должен предоставить информацию о " +"времени истечения срока действия пароля. Если она отсутствует, sssd не " +"сможет показать предупреждение. Кроме того, для этого сервера следует " +"настроить поставщика данных проверки подлинности." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3010 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "По умолчанию: 7 (Kerberos), 0 (LDAP)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3016 +msgid "id_provider (string)" +msgstr "id_provider (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3019 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" +"Поставщик данных идентификации, который используется для домена. " +"Поддерживаемые поставщики ID:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3023 +msgid "<quote>proxy</quote>: Support a legacy NSS provider." +msgstr "<quote>proxy</quote>: поддержка устаревшего поставщика NSS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3026 +msgid "" +"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" +"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on how to mirror local users and groups into SSSD." +msgstr "" +"<quote>files</quote>: поставщик данных ФАЙЛОВ. Дополнительные сведения о " +"зеркалировании локальных пользователей и групп в SSSD: <citerefentry> " +"<refentrytitle>sssd-files</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3034 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" +"<quote>ldap</quote>: поставщик данных LDAP. Дополнительные сведения о " +"настройке LDAP: <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +#| "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> for more information on " +#| "configuring FreeIPA." +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." +msgstr "" +"<quote>ipa</quote>: поставщик данных FreeIPA и Red Hat Enterprise Identity " +"Management. Дополнительные сведения о настройке FreeIPA: <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" +"<quote>ad</quote>: поставщик данных Active Directory. Дополнительные " +"сведения о настройке Active Directory: <citerefentry> <refentrytitle>sssd-" +"ad</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3062 +msgid "use_fully_qualified_names (bool)" +msgstr "use_fully_qualified_names (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3065 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" +"Использовать полные имя и домен (в формате, заданном full_name_format " +"домена) в качестве имени для входа пользователя, которое сообщается NSS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3070 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" +"Если задано значение «TRUE», во всех запросах к домену должны использоваться " +"полные имена. Например, если этот параметр используется в домене LOCAL, " +"содержащем пользователя «test», с помощью команды <command>getent passwd " +"test</command> его не удастся найти, а с помощью команды <command>getent " +"passwd test@LOCAL</command> получится это сделать." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3078 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" +"ПРИМЕЧАНИЕ: этот параметр не влияет на поиск сетевых групп, так как они " +"зачастую включают вложенные сетевые группы без полных имён. Для сетевых " +"групп выполняется поиск во всех доменах, когда запрашивается неполное имя." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3085 +msgid "" +"Default: FALSE (TRUE for trusted domain/sub-domains or if " +"default_domain_suffix is used)" +msgstr "" +"По умолчанию: FALSE (TRUE для доверенных доменов/поддоменов или в случае " +"использования default_domain_suffix)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3092 +msgid "ignore_group_members (bool)" +msgstr "ignore_group_members (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3095 +msgid "Do not return group members for group lookups." +msgstr "Не возвращать участников групп для поиска групп." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3098 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" +"Если установлено значение «TRUE», атрибут участия в группах не запрашивается " +"с сервера LDAP, а списки участников групп не возвращаются при обработке " +"вызовов поиска групп, таких как <citerefentry> <refentrytitle>getgrnam</" +"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> или <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. Как следствие, <quote>getent group $groupname</quote> вернёт " +"запрошенную группу так, как будто она пуста." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3116 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" +"Включение этого параметра также может значительно ускорить проверки участия " +"в группах у поставщика доступа (особенно для групп, содержащих большое " +"количество участников)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 +msgid "" +"This option can be also set per subdomain or inherited via " +"<emphasis>subdomain_inherit</emphasis>." +msgstr "" +"Этот параметр также может быть задан для каждого поддомена отдельно или " +"унаследован с помощью <emphasis>subdomain_inherit</emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3132 +msgid "auth_provider (string)" +msgstr "auth_provider (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3135 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" +"Поставщик данных для проверки подлинности, который используется для домена. " +"Поддерживаемые поставщики данных для проверки подлинности:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> — использовать собственную проверку подлинности LDAP. " +"Дополнительные сведения о настройке LDAP: <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3146 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> — использовать проверку подлинности Kerberos. " +"Дополнительные сведения о настройке Kerberos: <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3170 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" +"<quote>proxy</quote> — передать проверку подлинности какой-либо другой цели " +"PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3173 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "<quote>none</quote> — явно отключить проверку подлинности." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3176 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" +"По умолчанию: использовать <quote>id_provider</quote>, если этот параметр " +"задан и поддерживает обработку запросов проверки подлинности." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3182 +msgid "access_provider (string)" +msgstr "access_provider (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3185 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" +"Поставщик управления доступом, который используется для домена. Существуют " +"два встроенных поставщика доступа (в дополнение к тем поставщикам, которые " +"включены в установленные внутренние серверы). Внутренние особые поставщики:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3191 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" +"<quote>permit</quote> — всегда разрешать доступ. Это единственный поставщик " +"разрешённого доступа для локального домена." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3194 +msgid "<quote>deny</quote> always deny access." +msgstr "<quote>deny</quote> — всегда отказывать в доступе." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3221 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" +"<quote>simple</quote> — управление доступом на основе разрешающего или " +"запрещающего списка. Дополнительные сведения о настройке модуля доступа " +"simple: <citerefentry> <refentrytitle>sssd-simple</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3228 +msgid "" +"<quote>krb5</quote>: .k5login based access control. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> — управление доступом на основе .k5login. Дополнительные " +"сведения о настройке Kerberos: <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3235 +msgid "<quote>proxy</quote> for relaying access control to another PAM module." +msgstr "" +"<quote>proxy</quote> — передать управление доступом другому модулю PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3238 +msgid "Default: <quote>permit</quote>" +msgstr "По умолчанию: <quote>permit</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3243 +msgid "chpass_provider (string)" +msgstr "chpass_provider (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3246 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" +"Поставщик данных, который должен обрабатывать операции смены пароля для " +"домена. Поддерживаемые поставщики данных смены пароля:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3251 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> — сменить пароль, который хранится на сервере LDAP. " +"Дополнительные сведения о настройке LDAP: <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3259 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> — сменить пароль Kerberos. Дополнительные сведения о " +"настройке Kerberos: <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3284 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" +"<quote>proxy</quote> — передать смену пароля какой-либо другой цели PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3288 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "<quote>none</quote> — явно запретить смену пароля." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3291 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" +"По умолчанию: использовать <quote>auth_provider</quote>, если этот параметр " +"задан и поддерживает обработку запросов смены пароля." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3298 +msgid "sudo_provider (string)" +msgstr "sudo_provider (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3301 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" +"Поставщик данных SUDO, который используется для домена. Поддерживаемые " +"поставщики данных SUDO:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3305 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> — для правил, которые хранятся в LDAP. Дополнительные " +"сведения о настройке LDAP: <citerefentry> <refentrytitle>sssd-ldap</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3313 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" +"<quote>ipa</quote> — то же, что и <quote>ldap</quote>, но со стандартными " +"параметрами IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3317 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" +"<quote>ad</quote> — то же, что и <quote>ldap</quote>, но со стандартными " +"параметрами AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3321 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "<quote>none</quote> — явно отключить SUDO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" +"По умолчанию: использовать значение <quote>id_provider</quote>, если этот " +"параметр задан." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3328 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Подробные инструкции по настройке sudo_provider доступны на справочной " +"странице <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. Предусмотрено много параметров, " +"которыми можно воспользоваться для настройки поведения программы. Подробное " +"описание доступно в разделах «ldap_sudo_*» <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3343 +msgid "" +"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " +"background unless the sudo provider is explicitly disabled. Set " +"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related " +"activity in SSSD if you do not want to use sudo with SSSD at all." +msgstr "" +"<emphasis>ПРИМЕЧАНИЕ:</emphasis> загрузка правил sudo периодически " +"выполняется в фоновом режиме (при условии, что поставщик данных SUDO не был " +"явно отключён). Укажите <emphasis>sudo_provider = None</emphasis> для " +"отключения в SSSD всей связанной с sudo активности, если в SSSD вообще не " +"планируется использовать sudo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3353 +msgid "selinux_provider (string)" +msgstr "selinux_provider (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3356 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" +"Поставщик данных, который должен обрабатывать загрузку параметров SELinux. " +"Обратите внимание, что этот поставщик будет вызываться сразу после окончания " +"работы поставщика доступа. Поддерживаемые поставщики данных SELinux:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3362 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> — загрузить параметры SELinux с сервера IPA. " +"Дополнительные сведения о настройке IPA: <citerefentry> <refentrytitle>sssd-" +"ipa</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3370 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "<quote>none</quote> — явно отключает получение параметров SELinux." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3373 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" +"По умолчанию: использовать <quote>id_provider</quote>, если этот параметр " +"задан и поддерживает обработку запросов загрузки параметров SELinux." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3379 +msgid "subdomains_provider (string)" +msgstr "subdomains_provider (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3382 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" +"Поставщик данных, который должен обрабатывать получение данных поддоменов. " +"Это значение всегда должно совпадать со значением id_provider. " +"Поддерживаемые поставщики данных поддоменов:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3388 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> — загрузить список поддоменов с сервера IPA. " +"Дополнительные сведения о настройке IPA: <citerefentry> <refentrytitle>sssd-" +"ipa</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3397 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" +"<quote>ad</quote> — загрузить список поддоменов с сервера Active Directory. " +"Дополнительные сведения о настройке поставщика данных AD: <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3406 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "<quote>none</quote> — явно отключает получение данных поддоменов." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3416 +msgid "session_provider (string)" +msgstr "session_provider (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3419 +msgid "" +"The provider which configures and manages user session related tasks. The " +"only user session task currently provided is the integration with Fleet " +"Commander, which works only with IPA. Supported session providers are:" +msgstr "" +"Поставщик данных, который настраивает задания, связанные с сеансами " +"пользователей, и управляет ими. В настоящее время предоставляется только " +"одно задание, связанное с сеансами пользователей: интеграция с Fleet " +"Commander (работает только c IPA). Поддерживаемые поставщики данных сеансов:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3426 +msgid "<quote>ipa</quote> to allow performing user session related tasks." +msgstr "" +"<quote>ipa</quote> — разрешить выполнение заданий, связанных с сеансами " +"пользователей." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3430 +msgid "" +"<quote>none</quote> does not perform any kind of user session related tasks." +msgstr "" +"<quote>none</quote> — не выполнять никакие задания, связанные с сеансами " +"пользователей." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3434 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can perform " +"session related tasks." +msgstr "" +"По умолчанию: использовать <quote>id_provider</quote>, если этот параметр " +"задан и поддерживает выполнение заданий, связанных с сеансами." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3438 +msgid "" +"<emphasis>NOTE:</emphasis> In order to have this feature working as expected " +"SSSD must be running as \"root\" and not as the unprivileged user." +msgstr "" +"<emphasis>ПРИМЕЧАНИЕ:</emphasis> чтобы эта возможность работала должным " +"образом, SSSD необходимо запускать от имени пользователя root, а не от имени " +"пользователя без привилегий." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3446 +msgid "autofs_provider (string)" +msgstr "autofs_provider (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3449 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" +"Поставщик данных autofs, который используется для домена. Поддерживаемые " +"поставщики данных autofs:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3453 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> — загрузить карты, которые хранятся в LDAP. " +"Дополнительные сведения о настройке LDAP: <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3460 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> — загрузить карты, которые хранятся на сервере IPA. " +"Дополнительные сведения о настройке IPA: <citerefentry> <refentrytitle>sssd-" +"ipa</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3468 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" +"<quote>ad</quote> — загрузить карты, которые хранятся на сервере AD. " +"Дополнительные сведения о настройке поставщика данных AD: <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3477 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "<quote>none</quote> — явно отключить autofs." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3487 +msgid "hostid_provider (string)" +msgstr "hostid_provider (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3490 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" +"Поставщик данных, который используется для получения данных идентификации " +"узла. Поддерживаемые поставщики hostid:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3494 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> — загрузить данные идентификации узла, которые хранятся " +"на сервере IPA. Дополнительные сведения о настройке IPA: <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3502 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "<quote>none</quote> — явно отключить hostid." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3512 +msgid "resolver_provider (string)" +msgstr "resolver_provider (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3515 +msgid "" +"The provider which should handle hosts and networks lookups. Supported " +"resolver providers are:" +msgstr "" +"Поставщик данных, который должен обрабатывать поиск узлов и сетей. " +"Поддерживаемые поставщики данных сопоставления:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3519 +msgid "" +"<quote>proxy</quote> to forward lookups to another NSS library. See " +"<quote>proxy_resolver_lib_name</quote>" +msgstr "" +"<quote>proxy</quote> — перенаправлять поисковые запросы другой библиотеке " +"NSS. См. <quote>proxy_resolver_lib_name</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3523 +msgid "" +"<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> — получить записи узлов и сетей, которые хранятся в " +"LDAP. Дополнительные сведения о настройке LDAP: <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3530 +msgid "" +"<quote>ad</quote> to fetch hosts and networks stored in AD. See " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring the AD " +"provider." +msgstr "" +"<quote>ad</quote> — получить записи узлов и сетей, которые хранятся на " +"сервере AD. Дополнительные сведения о настройке поставщика данных AD: " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3538 +msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." +msgstr "<quote>none</quote> — явно отключает получение записей узлов и сетей." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3551 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" +"Регулярное выражение для этого домена, которое описывает, как получить из " +"строки, содержащей имя пользователя и домен, эти компоненты. «domain» может " +"соответствовать либо имени домена в конфигурации SSSD, либо (в случае " +"поддоменов доверия IPA и доменов Active Directory) плоскому (NetBIOS) имени " +"домена." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3560 +#, fuzzy +#| msgid "" +#| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +#| "\\(?P<name>.+$))|((?P<name>.+)@(?P<domain>[^@]+$))|(^(?" +#| "P<name>[^@\\\\]+)$))</quote> which allows three different styles " +#| "for user names:" +msgid "" +"Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" +"[^@]+))$</quote> which allows two different styles for user names:" +msgstr "" +"Значение по умолчанию для поставщиков данных AD и IPA: <quote>(((?P<" +"domain>[^\\\\]+)\\\\(?P<name>.+$))|((?P<name>.+)@(?P<" +"domain>[^@]+$))|(^(?P<name>[^@\\\\]+)$))</quote> — оно позволяет " +"назначать три разных стиля записи имён пользователей:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 +msgid "username" +msgstr "username" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 +msgid "username@domain.name" +msgstr "username@domain.name" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3573 +#, fuzzy +#| msgid "" +#| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +#| "\\(?P<name>.+$))|((?P<name>.+)@(?P<domain>[^@]+$))|(^(?" +#| "P<name>[^@\\\\]+)$))</quote> which allows three different styles " +#| "for user names:" +msgid "" +"Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" +"name>[^@\\\\]+)))$</quote> which allows three different styles for user " +"names:" +msgstr "" +"Значение по умолчанию для поставщиков данных AD и IPA: <quote>(((?P<" +"domain>[^\\\\]+)\\\\(?P<name>.+$))|((?P<name>.+)@(?P<" +"domain>[^@]+$))|(^(?P<name>[^@\\\\]+)$))</quote> — оно позволяет " +"назначать три разных стиля записи имён пользователей:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3585 +msgid "domain\\username" +msgstr "domain\\username" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3588 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" +"Первые два стиля соответствуют общим стандартным стилям, а третий введён для " +"обеспечения простой интеграции пользователей из доменов Windows." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3593 +msgid "" +"The default re_expression uses the <quote>@</quote> character as a separator " +"between the name and the domain. As a result of this setting the default " +"does not accept the <quote>@</quote> character in short names (as it is " +"allowed in Windows group names). If a user wishes to use short names with " +"<quote>@</quote> they must create their own re_expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3645 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "По умолчанию: <quote>%1$s@%2$s</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3651 +msgid "lookup_family_order (string)" +msgstr "lookup_family_order (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3654 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" +"Предоставляет возможность выбрать предпочитаемое семейство адресов, которое " +"следует использовать при выполнении запросов DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3658 +msgid "Supported values:" +msgstr "Поддерживаемые значения:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3661 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" +"ipv4_first: попытаться найти адрес IPv4, в случае неудачи попытаться найти " +"адрес IPv6" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3664 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "ipv4_only: пытаться разрешать имена узлов только в адреса IPv4." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3667 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" +"ipv6_first: попытаться найти адрес IPv6, в случае неудачи попытаться найти " +"адрес IPv4" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3670 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "ipv6_only: пытаться разрешать имена узлов только в адреса IPv6." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3673 +msgid "Default: ipv4_first" +msgstr "По умолчанию: ipv4_first" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3679 +msgid "dns_resolver_server_timeout (integer)" +msgstr "dns_resolver_server_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3682 +msgid "" +"Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " +"server before trying next DNS server." +msgstr "" +"Определяет количество времени (в миллисекундах), в течение которого SSSD " +"будет пытаться обменяться данными с сервером DNS перед переходом к " +"следующему." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3687 +msgid "" +"The AD provider will use this option for the CLDAP ping timeouts as well." +msgstr "" +"Поставщик данных AD также будет использовать этот параметр для ограничения " +"времени проверки связи CLDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 +msgid "" +"Please see the section <quote>FAILOVER</quote> for more information about " +"the service resolution." +msgstr "" +"Более подробные сведения о разрешении служб доступны в разделе " +"<quote>ОБРАБОТКА ОТКАЗА</quote>." + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 +msgid "Default: 1000" +msgstr "По умолчанию: 1000" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3702 +msgid "dns_resolver_op_timeout (integer)" +msgstr "dns_resolver_op_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3705 +msgid "" +"Defines the amount of time (in seconds) to wait to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or DNS discovery." +msgstr "" +"Определяет количество времени (в секундах), в течение которого будет " +"ожидаться разрешение одного запроса DNS (например, разрешение имени узла или " +"записи SRV) перед попыткой перехода к следующему имени узла или поиску " +"следующего DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3722 +msgid "dns_resolver_timeout (integer)" +msgstr "dns_resolver_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3725 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the " +"internal fail over service before assuming that the service is unreachable. " +"If this timeout is reached, the domain will continue to operate in offline " +"mode." +msgstr "" +"Определяет количество времени (в секундах), в течение которого будет " +"ожидаться ответ от внутренней службы отказоустойчивости, прежде служба будет " +"считаться недоступной. Если это время ожидания истекло, домен продолжит " +"работу в автономном режиме." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3743 +msgid "dns_resolver_use_search_list (bool)" +msgstr "dns_resolver_use_search_list (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3746 +msgid "" +"Normally, the DNS resolver searches the domain list defined in the " +"\"search\" directive from the resolv.conf file. This can lead to delays in " +"environments with improperly configured DNS." +msgstr "" +"Обычно сопоставитель DNS выполняет поиск в списке доменов, указанных в " +"директиве «search» в файле resolv.conf. Это может привести к задержкам в " +"средах с неправильно настроенным DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3752 +msgid "" +"If fully qualified domain names (or _srv_) are used in the SSSD " +"configuration, setting this option to FALSE can prevent unnecessary DNS " +"lookups in such environments." +msgstr "" +"Если в конфигурации SSSD используются полные доменные имена (или _srv_), " +"установка для этого параметра значения FALSE может предотвратить ненужные " +"запросы DNS в таких средах." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3758 +msgid "Default: TRUE" +msgstr "По умолчанию: TRUE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3764 +msgid "dns_discovery_domain (string)" +msgstr "dns_discovery_domain (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3767 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" +"Если на внутреннем сервере используется обнаружение служб, указывает " +"доменную часть запроса обнаружения служб DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3771 +msgid "Default: Use the domain part of machine's hostname" +msgstr "По умолчанию: использовать доменную часть имени узла компьютера" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3777 +msgid "override_gid (integer)" +msgstr "override_gid (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3780 +msgid "Override the primary GID value with the one specified." +msgstr "Переопределить значение основного GID указанным значением." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3786 +msgid "case_sensitive (string)" +msgstr "case_sensitive (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3793 +msgid "True" +msgstr "True" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3796 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" +"С учётом регистра. Это значение не является корректным для поставщика данных " +"AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3802 +msgid "False" +msgstr "False" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3804 +msgid "Case insensitive." +msgstr "Без учёта регистра." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3808 +msgid "Preserving" +msgstr "Preserving" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3811 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" +"То же, что «False» (без учёта регистра), но не переводит в нижний регистр " +"имена в результатах операций NSS. Обратите внимание, что псевдонимы (а в " +"случае служб также и имена протоколов) всё равно будут переведены в нижний " +"регистр в выведенных данных." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3819 +msgid "" +"If you want to set this value for trusted domain with IPA provider, you need " +"to set it on both the client and SSSD on the server." +msgstr "" +"Если требуется установить это значение для доверенного домена с поставщиком " +"данных IPA, необходимо установить его как на стороне клиента, так и для SSSD " +"на сервере." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3789 +msgid "" +"Treat user and group names as case sensitive. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Учитывать регистр символов в именах пользователей и групп. Возможные " +"значения: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3834 +msgid "Default: True (False for AD provider)" +msgstr "По умолчанию: True (False для поставщика данных AD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3840 +msgid "subdomain_inherit (string)" +msgstr "subdomain_inherit (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3843 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" +"Позволяет указать список параметров конфигурации, которые должны " +"наследоваться поддоменом. Обратите внимание, что наследоваться могут не все " +"параметры. В настоящее время поддерживается наследование следующих " +"параметров:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3849 +msgid "ldap_search_timeout" +msgstr "ldap_search_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3852 +msgid "ldap_network_timeout" +msgstr "ldap_network_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3855 +msgid "ldap_opt_timeout" +msgstr "ldap_opt_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3858 +msgid "ldap_offline_timeout" +msgstr "ldap_offline_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3861 +msgid "ldap_enumeration_refresh_timeout" +msgstr "ldap_enumeration_refresh_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3864 +msgid "ldap_enumeration_refresh_offset" +msgstr "ldap_enumeration_refresh_offset" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3867 +msgid "ldap_purge_cache_timeout" +msgstr "ldap_purge_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3870 +msgid "ldap_purge_cache_offset" +msgstr "ldap_purge_cache_offset" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3873 +msgid "" +"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " +"is not set explicitly)" +msgstr "" +"ldap_krb5_keytab (будет использоваться значение krb5_keytab, если параметр " +"ldap_krb5_keytab не задан явно)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3877 +msgid "ldap_krb5_ticket_lifetime" +msgstr "ldap_krb5_ticket_lifetime" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3880 +msgid "ldap_enumeration_search_timeout" +msgstr "ldap_enumeration_search_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3883 +msgid "ldap_connection_expire_timeout" +msgstr "ldap_connection_expire_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3886 +msgid "ldap_connection_expire_offset" +msgstr "ldap_connection_expire_offset" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3889 +msgid "ldap_connection_idle_timeout" +msgstr "ldap_connection_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 +msgid "ldap_use_tokengroups" +msgstr "ldap_use_tokengroups" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3895 +msgid "ldap_user_principal" +msgstr "ldap_user_principal" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3898 +msgid "ignore_group_members" +msgstr "ignore_group_members" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3901 +msgid "auto_private_groups" +msgstr "auto_private_groups" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3904 +msgid "case_sensitive" +msgstr "case_sensitive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:3909 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3916 +msgid "Note: This option only works with the IPA and AD provider." +msgstr "" +"Примечание: этот параметр работает только для поставщиков данных IPA и AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3923 +msgid "subdomain_homedir (string)" +msgstr "subdomain_homedir (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3934 +msgid "%F" +msgstr "%F" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3935 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "плоское (NetBIOS) имя поддомена." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3926 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Использовать этот домашний каталог как значение по умолчанию для всех " +"поддоменов в пределах доверия AD IPA. Сведения о возможных значениях " +"доступны в описании параметра <emphasis>override_homedir</emphasis>. В " +"дополнение к этому, приведённое ниже расширение можно использовать только с " +"<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3940 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" +"Это значение может быть переопределено параметром " +"<emphasis>override_homedir</emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3944 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "По умолчанию: <filename>/home/%d/%u</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3949 +msgid "realmd_tags (string)" +msgstr "realmd_tags (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3952 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" +"Различные метки, сохранённые службой настройки realmd для этого домена." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3958 +msgid "cached_auth_timeout (int)" +msgstr "cached_auth_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3961 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode. If the credentials are incorrect, SSSD falls back to online " +"authentication." +msgstr "" +"Указывает время в секундах с момента последней успешной проверки подлинности " +"в сетевом режиме, в течение которого пользователь будет распознан с помощью " +"кэшированных учётных данных, когда SSSD находится в сетевом режиме. Если " +"учётные данные некорректны, SSSD будет использовать проверку подлинности в " +"сетевом режиме." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3969 +msgid "" +"This option's value is inherited by all trusted domains. At the moment it is " +"not possible to set a different value per trusted domain." +msgstr "" +"Значение этого параметра наследуется всеми доверенными доменами. В настоящее " +"время невозможно устанавливать для отдельных доверенных доменов другие " +"значения." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3974 +msgid "Special value 0 implies that this feature is disabled." +msgstr "Специальное значение «0» подразумевает, что эта возможность отключена." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3978 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" +"Обратите внимание: если <quote>cached_auth_timeout</quote> превышает " +"<quote>pam_id_timeout</quote>, то может быть вызван внутренний сервер для " +"обработки <quote>initgroups.</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "" +#| "The following example creates a container named 'mycontainer': " +#| "<placeholder type=\"programlisting\" id=\"0\"/>" +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"В следующем примере создаётся контейнер с именем «mycontainer»: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: mail" +msgid "Default: match" +msgstr "По умолчанию: mail" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 +msgid "auto_private_groups (string)" +msgstr "auto_private_groups (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4050 +msgid "true" +msgstr "true" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4053 +msgid "" +"Create user's private group unconditionally from user's UID number. The GID " +"number is ignored in this case." +msgstr "" +"Без проверки условий создавать закрытую группу пользователя на основе номера " +"UID пользователя. Номер GID в этом случае игнорируется." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4057 +msgid "" +"NOTE: Because the GID number and the user private group are inferred from " +"the UID number, it is not supported to have multiple entries with the same " +"UID or GID number with this option. In other words, enabling this option " +"enforces uniqueness across the ID space." +msgstr "" +"ПРИМЕЧАНИЕ: так как номер GID и закрытая группа пользователя зависят от " +"номера UID, при использовании этого параметра не предусмотрена поддержка " +"нескольких записей с одинаковым номером UID или GID. Иными словами, " +"включение этого параметра принудительно устанавливает уникальность записей в " +"пространстве идентификаторов." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4066 +msgid "false" +msgstr "false" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4069 +msgid "" +"Always use the user's primary GID number. The GID number must refer to a " +"group object in the LDAP database." +msgstr "" +"Всегда использовать основной номер GID пользователя. Номер GID должен " +"ссылаться на объект группы в базе данных LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4075 +msgid "hybrid" +msgstr "hybrid" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4078 +msgid "" +"A primary group is autogenerated for user entries whose UID and GID numbers " +"have the same value and at the same time the GID number does not correspond " +"to a real group object in LDAP. If the values are the same, but the primary " +"GID in the user entry is also used by a group object, the primary GID of the " +"user resolves to that group object." +msgstr "" +"Основная группа автоматически генерируется для записей пользователей, номера " +"UID и GID которых имеют одно и то же значение, и при этом номер GID не " +"соответствует реальному объекту группы в LDAP. Если значения совпадают, но " +"основной GID в записи пользователя также используется объектом группы, " +"основной GID этого пользователя разрешается в этот объект группы." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4091 +msgid "" +"If the UID and GID of a user are different, then the GID must correspond to " +"a group entry, otherwise the GID is simply not resolvable." +msgstr "" +"Если UID и GID пользователя отличаются, GID должен соответствовать записи " +"группы; в ином случае GID просто будет невозможно разрешить." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4098 +msgid "" +"This feature is useful for environments that wish to stop maintaining a " +"separate group objects for the user private groups, but also wish to retain " +"the existing user private groups." +msgstr "" +"Эта возможность полезна для сред, где требуется прекратить поддерживать " +"отдельные объекты групп для закрытых групп пользователей, но в то же время " +"сохранить существующие закрытые группы пользователей." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4047 +msgid "" +"This option takes any of three available values: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Этот параметр принимает одно из трёх допустимых значений: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4110 +msgid "" +"For subdomains, the default value is False for subdomains that use assigned " +"POSIX IDs and True for subdomains that use automatic ID-mapping." +msgstr "" +"В случае поддоменов, «False» является значением по умолчанию для поддоменов, " +"которые используют назначенные идентификаторы POSIX, а «True» — для " +"поддоменов, которые используют автоматическое сопоставление идентификаторов." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4118 +#, no-wrap +msgid "" +"[domain/forest.domain/sub.domain]\n" +"auto_private_groups = false\n" +msgstr "" +"[domain/forest.domain/sub.domain]\n" +"auto_private_groups = false\n" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4124 +#, no-wrap +msgid "" +"[domain/forest.domain]\n" +"subdomain_inherit = auto_private_groups\n" +"auto_private_groups = false\n" +msgstr "" +"[domain/forest.domain]\n" +"subdomain_inherit = auto_private_groups\n" +"auto_private_groups = false\n" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4115 +msgid "" +"The value of auto_private_groups can either be set per subdomains in a " +"subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " +"globally for all subdomains in the main domain section using the " +"subdomain_inherit option: <placeholder type=\"programlisting\" id=\"1\"/>" +msgstr "" +"Значение auto_private_groups можно установить либо на уровне отдельных " +"поддоменов в подразделе, например: <placeholder type=\"programlisting\" " +"id=\"0\"/>, либо на глобальном уровне для всех поддоменов в разделе " +"основного домена с помощью параметра subdomain_inherit: <placeholder " +"type=\"programlisting\" id=\"1\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2570 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Эти параметры конфигурации могут присутствовать в разделе конфигурации " +"домена, то есть в разделе с именем <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4139 +msgid "proxy_pam_target (string)" +msgstr "proxy_pam_target (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4142 +msgid "The proxy target PAM proxies to." +msgstr "Цель, которой пересылает данные прокси PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4145 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." +msgstr "" +"По умолчанию: не задано по умолчанию; следует воспользоваться существующей " +"конфигурацией PAM или создать новую и добавить здесь имя службы." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4155 +msgid "proxy_lib_name (string)" +msgstr "proxy_lib_name (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4158 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" +"Имя библиотеки NSS, которую следует использовать в доменах прокси. Функции " +"NSS, поиск которых выполняется в библиотеке, имеют вид " +"_nss_$(libName)_$(function), например: _nss_files_getpwent." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4168 +msgid "proxy_resolver_lib_name (string)" +msgstr "proxy_resolver_lib_name (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4171 +msgid "" +"The name of the NSS library to use for hosts and networks lookups in proxy " +"domains. The NSS functions searched for in the library are in the form of " +"_nss_$(libName)_$(function), for example _nss_dns_gethostbyname2_r." +msgstr "" +"Имя библиотеки NSS, которую следует использовать для поиска узлов и сетей в " +"доменах прокси. Функции NSS, поиск которых выполняется в библиотеке, имеют " +"вид _nss_$(libName)_$(function), например: _nss_dns_gethostbyname2_r." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4182 +msgid "proxy_fast_alias (boolean)" +msgstr "proxy_fast_alias (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4185 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" +"Когда на поставщике данных прокси выполняется поиск пользователя или группы " +"по имени, выполнять второй поиск по идентификатору для перевода имени в " +"каноническую форму в случае, если запрашиваемое имя было псевдонимом. При " +"установке этого параметра в значение «true» SSSD будет выполнять поиск " +"идентификатора в кэше в целях ускорения предоставления результатов." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4199 +msgid "proxy_max_children (integer)" +msgstr "proxy_max_children (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4202 +msgid "" +"This option specifies the number of pre-forked proxy children. It is useful " +"for high-load SSSD environments where sssd may run out of available child " +"slots, which would cause some issues due to the requests being queued." +msgstr "" +"Этот параметр задаёт количество предварительно ответвлённых дочерних прокси. " +"Он полезен в средах SSSD с высокой нагрузкой, в которых у sssd могут " +"закончиться доступные дочерние слоты, что может вызывать проблемы из-за " +"постановки запросов в очередь." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4135 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"Параметры, которые являются действительными для доменов прокси. " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:4218 +msgid "Application domains" +msgstr "Домены приложений" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4220 +msgid "" +"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " +"applications as a gateway to an LDAP directory where users and groups are " +"stored. However, contrary to the traditional SSSD deployment where all users " +"and groups either have POSIX attributes or those attributes can be inferred " +"from the Windows SIDs, in many cases the users and groups in the application " +"support scenario have no POSIX attributes. Instead of setting a " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the " +"administrator can set up an <quote>[application/<replaceable>NAME</" +"replaceable>]</quote> section that internally represents a domain with type " +"<quote>application</quote> optionally inherits settings from a tradition " +"SSSD domain." +msgstr "" +"SSSD, с его интерфейсом D-Bus (см. <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>), обращается к " +"программам как шлюз в каталог LDAP, где хранятся данные пользователей и " +"групп. Впрочем, в отличие от традиционного формата работы SSSD, где все " +"пользователи и группы имеют либо атрибуты POSIX, либо атрибуты, производные " +"от SID Windows, во многих случаях пользователи и группы в сценарии поддержки " +"приложений не имеют атрибутов POSIX. Вместо установки раздела " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> администратор может " +"установить раздел <quote>[application/<replaceable>NAME</replaceable>]</" +"quote>, который на внутреннем уровне представляет собой домен с типом " +"<quote>application</quote>, который может наследовать параметры " +"традиционного домена SSSD." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4240 +msgid "" +"Please note that the application domain must still be explicitly enabled in " +"the <quote>domains</quote> parameter so that the lookup order between the " +"application domain and its POSIX sibling domain is set correctly." +msgstr "" +"Обратите внимание: домен приложений всё равно должен быть явно включён с " +"помощью параметра <quote>domains</quote>; это позволит корректно задать " +"порядок поиска для домена приложений и его родственного домена POSIX." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:4246 +msgid "Application domain parameters" +msgstr "Параметры доменов приложений" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4248 +msgid "inherit_from (string)" +msgstr "inherit_from (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4251 +msgid "" +"The SSSD POSIX-type domain the application domain inherits all settings " +"from. The application domain can moreover add its own settings to the " +"application settings that augment or override the <quote>sibling</quote> " +"domain settings." +msgstr "" +"Домен типа POSIX SSSD, от которого домен приложений наследует все параметры. " +"Домен приложений также может добавить свои собственные параметры к " +"параметрам приложений для расширения или переопределения параметров " +"<quote>родственного</quote> домена." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4265 +msgid "" +"The following example illustrates the use of an application domain. In this " +"setup, the POSIX domain is connected to an LDAP server and is used by the OS " +"through the NSS responder. In addition, the application domain also requests " +"the telephoneNumber attribute, stores it as the phone attribute in the cache " +"and makes the phone attribute reachable through the D-Bus interface." +msgstr "" +"В следующем примере показано использование домена приложений. В этой " +"конфигурации домен POSIX подключён к серверу LDAP и используется ОС с " +"помощью ответчика NSS. Кроме того, домен приложений также запрашивает " +"атрибут telephoneNumber, сохраняет его как атрибут phone в кэше и делает " +"атрибут phone доступным через интерфейс D-Bus." + +#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> +#: sssd.conf.5.xml:4273 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = appdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +phone\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/appdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = phone:telephoneNumber\n" +msgstr "" +"[sssd]\n" +"domains = appdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +phone\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/appdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = phone:telephoneNumber\n" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4293 +msgid "TRUSTED DOMAIN SECTION" +msgstr "РАЗДЕЛ ДОВЕРЕННЫХ ДОМЕНОВ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4295 +msgid "" +"Some options used in the domain section can also be used in the trusted " +"domain section, that is, in a section called <quote>[domain/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</" +"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base " +"domain. Please refer to examples below for explanation. Currently supported " +"options in the trusted domain section are:" +msgstr "" +"Некоторые параметры, которые используются в разделе домена, также могут " +"использоваться в разделе доверенного домена, то есть разделе с именем " +"<quote>[domain/<replaceable>DOMAIN_NAME</replaceable>/" +"<replaceable>TRUSTED_DOMAIN_NAME</replaceable>]</quote>. DOMAIN_NAME — это " +"фактический базовый домен, к которому выполнено присоединение. Объяснение " +"приводится в примерах ниже. В настоящее время для раздела доверенного домена " +"поддерживаются следующие параметры:" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4302 +msgid "ldap_search_base," +msgstr "ldap_search_base," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4303 +msgid "ldap_user_search_base," +msgstr "ldap_user_search_base," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4304 +msgid "ldap_group_search_base," +msgstr "ldap_group_search_base," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4305 +msgid "ldap_netgroup_search_base," +msgstr "ldap_netgroup_search_base," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4306 +msgid "ldap_service_search_base," +msgstr "ldap_service_search_base," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4307 +msgid "ldap_sasl_mech," +msgstr "ldap_sasl_mech," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4308 +msgid "ad_server," +msgstr "ad_server," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4309 +msgid "ad_backup_server," +msgstr "ad_backup_server," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4310 +msgid "ad_site," +msgstr "ad_site," + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 +msgid "use_fully_qualified_names" +msgstr "use_fully_qualified_names" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4315 +msgid "" +"For more details about these options see their individual description in the " +"manual page." +msgstr "" +"Дополнительные сведения об этих параметрах доступны в их описаниях на " +"справочной странице." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4321 +msgid "CERTIFICATE MAPPING SECTION" +msgstr "РАЗДЕЛ СОПОСТАВЛЕНИЯ СЕРТИФИКАТОВ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4323 +msgid "" +"To allow authentication with Smartcards and certificates SSSD must be able " +"to map certificates to users. This can be done by adding the full " +"certificate to the LDAP object of the user or to a local override. While " +"using the full certificate is required to use the Smartcard authentication " +"feature of SSH (see <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> for details) it " +"might be cumbersome or not even possible to do this for the general case " +"where local services use PAM for authentication." +msgstr "" +"Чтобы сделать возможной проверку подлинности по смарт-картам и сертификатам, " +"SSSD необходима возможность сопоставления сертификатов пользователям. Это " +"можно сделать путём добавления полного сертификата к объекту LDAP " +"пользователя или к локальному переопределению. В то время как использование " +"полного сертификата необходимо для использования функции проверки " +"подлинности по смарт-картам SSH (см. <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>), это может быть затруднительно или даже " +"невозможно в общем случае, когда локальные службы используют PAM для " +"проверки подлинности." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4337 +msgid "" +"To make the mapping more flexible mapping and matching rules were added to " +"SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for details)." +msgstr "" +"Чтобы сделать сопоставление более гибким, в SSSD были добавлены правила " +"привязки и сопоставления (см. <citerefentry> <refentrytitle>sss-certmap</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4346 +msgid "" +"A mapping and matching rule can be added to the SSSD configuration in a " +"section on its own with a name like <quote>[certmap/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</" +"replaceable>]</quote>. In this section the following options are allowed:" +msgstr "" +"Правило привязки и сопоставления можно добавить в конфигурацию SSSD как " +"отдельный раздел с именем наподобие <quote>[certmap/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</" +"replaceable>]</quote>. В этом разделе допустимы следующие параметры:" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4353 +msgid "matchrule (string)" +msgstr "matchrule (строка)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4356 +msgid "" +"Only certificates from the Smartcard which matches this rule will be " +"processed, all others are ignored." +msgstr "" +"Будут обрабатываться только те сертификаты со смарт-карты, которые " +"соответствуют этому правилу. Все остальные будут игнорироваться." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4360 +msgid "" +"Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " +"Extended Key Usage <quote>clientAuth</quote>" +msgstr "" +"По умолчанию: KRB5:<EKU>clientAuth, то есть только те сертификаты, в " +"которых Extended Key Usage (расширенное использование ключа) равно " +"<quote>clientAuth</quote>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4367 +msgid "maprule (string)" +msgstr "maprule (строка)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4370 +msgid "Defines how the user is found for a given certificate." +msgstr "Определяет способ поиска пользователя для указанного сертификата." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4376 +msgid "" +"LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " +"<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." +msgstr "" +"LDAP:(userCertificate;binary={cert!bin}) для поставщиков данных на основе " +"LDAP, таких как <quote>ldap</quote>, <quote>AD</quote> или <quote>ipa</" +"quote>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4382 +msgid "" +"The RULE_NAME for the <quote>files</quote> provider which tries to find a " +"user with the same name." +msgstr "" +"RULE_NAME для поставщика данных <quote>files</quote>, который пытается найти " +"пользователя с таким же именем." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4391 +msgid "domains (string)" +msgstr "domains (строка)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4394 +msgid "" +"Comma separated list of domain names the rule should be applied. By default " +"a rule is only valid in the domain configured in sssd.conf. If the provider " +"supports subdomains this option can be used to add the rule to subdomains as " +"well." +msgstr "" +"Разделённый запятыми список имён доменов, к которым должно применяться " +"правило. По умолчанию правило действительно только в домене, настроенном в " +"sssd.conf. Если поставщик данных поддерживает поддомены, с помощью этого " +"параметра можно добавить правило также и в поддомены." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4401 +msgid "Default: the configured domain in sssd.conf" +msgstr "По умолчанию: настроенный домен в sssd.conf" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4406 +msgid "priority (integer)" +msgstr "priority (целое число)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4409 +msgid "" +"Unsigned integer value defining the priority of the rule. The higher the " +"number the lower the priority. <quote>0</quote> stands for the highest " +"priority while <quote>4294967295</quote> is the lowest." +msgstr "" +"Беззнаковое целое значение, которое определяет приоритет правила. Чем больше " +"число, тем ниже приоритет. <quote>0</quote> означает самый высокий " +"приоритет, а <quote>4294967295</quote> — самый низкий." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4415 +msgid "Default: the lowest priority" +msgstr "По умолчанию: самый низкий приоритет" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4421 +msgid "" +"To make the configuration simple and reduce the amount of configuration " +"options the <quote>files</quote> provider has some special properties:" +msgstr "" +"Чтобы упростить настройку и уменьшить количество её параметров, для " +"поставщика данных <quote>files</quote> предусмотрены некоторые особые " +"свойства:" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4427 +msgid "" +"if maprule is not set the RULE_NAME name is assumed to be the name of the " +"matching user" +msgstr "" +"Если значение maprule не задано, именем совпадающего пользователя считается " +"RULE_NAME" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4433 +msgid "" +"if a maprule is used both a single user name or a template like " +"<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " +"<quote>(username)</quote> or <quote>({subject_rfc822_name.short_name})</" +"quote>" +msgstr "" +"Если используется maprule, необходимо заключать в скобки как отдельное имя " +"пользователя, так и шаблон наподобие <quote>{subject_rfc822_name.short_name}" +"</quote>. Например: <quote>(username)</quote> или " +"<quote>({subject_rfc822_name.short_name})</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4442 +msgid "the <quote>domains</quote> option is ignored" +msgstr "параметр <quote>domains</quote> игнорируется" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4450 +msgid "PROMPTING CONFIGURATION SECTION" +msgstr "РАЗДЕЛ НАСТРОЙКИ ЗАПРОСОВ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4452 +msgid "" +"If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" +"filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " +"which authentication methods are available for the user trying to log in. " +"Based on the results pam_sss will prompt the user for appropriate " +"credentials." +msgstr "" +"Если специальный файл (<filename>/var/lib/sss/pubconf/pam_preauth_available</" +"filename>) существует, модуль PAM SSSD pam_sss отправит SSSD запрос, чтобы " +"узнать, какие способы проверки подлинности доступны для пользователя, " +"который пытается выполнить вход. В зависимости от полученного ответа pam_sss " +"запросит у пользователя соответствующие учётные данные." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4460 +msgid "" +"With the growing number of authentication methods and the possibility that " +"there are multiple ones for a single user the heuristic used by pam_sss to " +"select the prompting might not be suitable for all use cases. The following " +"options should provide a better flexibility here." +msgstr "" +"Так как количество способов проверки подлинности растёт и есть вероятность, " +"что для одного пользователя их имеется несколько, эвристика, которая " +"используется pam_sss для выбора запроса, подходит не для всех случаев. " +"Следующие параметры обеспечивают более гибкую настройку." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4472 +msgid "[prompting/password]" +msgstr "[prompting/password]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4475 +msgid "password_prompt" +msgstr "password_prompt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4476 +msgid "to change the string of the password prompt" +msgstr "изменить строку запроса пароля" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4474 +msgid "" +"to configure password prompting, allowed options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"допустимые параметры настройки запроса пароля: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4484 +msgid "[prompting/2fa]" +msgstr "[prompting/2fa]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4488 +msgid "first_prompt" +msgstr "first_prompt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4489 +msgid "to change the string of the prompt for the first factor" +msgstr "изменить строку запроса первого фактора" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4492 +msgid "second_prompt" +msgstr "second_prompt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4493 +msgid "to change the string of the prompt for the second factor" +msgstr "изменить строку запроса второго фактора" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4496 +msgid "single_prompt" +msgstr "single_prompt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4497 +msgid "" +"boolean value, if True there will be only a single prompt using the value of " +"first_prompt where it is expected that both factors are entered as a single " +"string. Please note that both factors have to be entered here, even if the " +"second factor is optional." +msgstr "" +"логическое значение, если «True», будет выполнен только один запрос с " +"использованием значения first_prompt. Ожидается, что оба фактора будет " +"введены как одна строка. Обратите внимание, что здесь необходимо ввести оба " +"фактора, даже если второй фактор является необязательным." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4486 +msgid "" +"to configure two-factor authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " +"optional and it should be possible to log in either only with the password " +"or with both factors two-step prompting has to be used." +msgstr "" +"допустимые параметры настройки запроса двухфакторной проверки подлинности: " +"<placeholder type=\"variablelist\" id=\"0\"/> Если второй фактор является " +"необязательным и должно быть возможно выполнить вход, указав либо только " +"пароль, либо оба фактора, следует использовать двухэтапный запрос." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4514 +#, fuzzy +#| msgid "[prompting/password]" +msgid "[prompting/passkey]" +msgstr "[prompting/password]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 +msgid "interactive" +msgstr "interactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4522 +msgid "" +"boolean value, if True prompt a message and wait before testing the presence " +"of a passkey device. Recommended if your device doesn’t have a tactile " +"trigger." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4530 +#, fuzzy +#| msgid "interactive" +msgid "interactive_prompt" +msgstr "interactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4532 +#, fuzzy +#| msgid "to change the string of the password prompt" +msgid "to change the message of the interactive prompt." +msgstr "изменить строку запроса пароля" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4537 +msgid "touch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4539 +msgid "" +"boolean value, if True prompt a message to remind the user to touch the " +"device." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4545 +#, fuzzy +#| msgid "first_prompt" +msgid "touch_prompt" +msgstr "first_prompt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4547 +#, fuzzy +#| msgid "to change the string of the password prompt" +msgid "to change the message of the touch prompt." +msgstr "изменить строку запроса пароля" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4516 +#, fuzzy +#| msgid "" +#| "to configure password prompting, allowed options are: <placeholder " +#| "type=\"variablelist\" id=\"0\"/>" +msgid "" +"to configure passkey authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"допустимые параметры настройки запроса пароля: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4467 +#, fuzzy +#| msgid "" +#| "Each supported authentication method has its own configuration subsection " +#| "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " +#| "type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" " +#| "id=\"1\"/>" +msgid "" +"Each supported authentication method has its own configuration subsection " +"under <quote>[prompting/...]</quote>. Currently there are: <placeholder " +"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/" +"> <placeholder type=\"variablelist\" id=\"2\"/>" +msgstr "" +"Для каждого поддерживаемого способа проверки подлинности предусмотрен " +"отдельный подраздел конфигурации: <quote>[prompting/...]</quote>. В " +"настоящее время это: <placeholder type=\"variablelist\" id=\"0\"/> " +"<placeholder type=\"variablelist\" id=\"1\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4558 +msgid "" +"It is possible to add a subsection for specific PAM services, e.g. " +"<quote>[prompting/password/sshd]</quote> to individual change the prompting " +"for this service." +msgstr "" +"Возможно добавить подраздел для определённых служб PAM, например " +"<quote>[prompting/password/sshd]</quote>; это позволяет изменить запрос " +"конкретно для этой службы." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +msgid "EXAMPLES" +msgstr "ПРИМЕРЫ" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4571 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4567 +msgid "" +"1. The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" +"1. В следующем примере показана типичная конфигурация SSSD. Описание " +"конфигурации самих доменов не приводится — оно доступно в соответствующей " +"документации. <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4604 +#, no-wrap +msgid "" +"[domain/ipa.com/child.ad.com]\n" +"use_fully_qualified_names = false\n" +msgstr "" +"[domain/ipa.com/child.ad.com]\n" +"use_fully_qualified_names = false\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4598 +msgid "" +"2. The following example shows configuration of IPA AD trust where the AD " +"forest consists of two domains in a parent-child structure. Suppose IPA " +"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain " +"(child.ad.com). To enable shortnames in the child domain the following " +"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/" +">" +msgstr "" +"2. В следующем примере показана конфигурация доверия AD IPA, где лес AD " +"состоит из двух доменов структуры «родитель — потомок». Предположим, что " +"домен IPA (ipa.com) имеет отношения доверия с доменом AD (ad.com). У ad.com " +"есть дочерний домен (child.ad.com). Чтобы включить краткие имена в дочернем " +"домене, следует использовать следующую конфигурацию. <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4615 +#, fuzzy, no-wrap +#| msgid "" +#| "[certmap/my.domain/rule_name]\n" +#| "matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +#| "maprule = (userCertificate;binary={cert!bin})\n" +#| "domains = my.domain, your.domain\n" +#| "priority = 10\n" +#| "\n" +#| "[certmap/files/myname]\n" +#| "matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$<SUBJECT>^CN=User.Name,DC=MY,DC=DOMAIN$\n" +msgid "" +"[certmap/my.domain/rule_name]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +"maprule = (userCertificate;binary={cert!bin})\n" +"domains = my.domain, your.domain\n" +"priority = 10\n" +msgstr "" +"[certmap/my.domain/rule_name]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +"maprule = (userCertificate;binary={cert!bin})\n" +"domains = my.domain, your.domain\n" +"priority = 10\n" +"\n" +"[certmap/files/myname]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$<SUBJECT>^CN=User.Name,DC=MY,DC=DOMAIN$\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4609 +#, fuzzy +#| msgid "" +#| "3. The following example shows the configuration for two certificate " +#| "mapping rules. The first is valid for the configured domain <quote>my." +#| "domain</quote> and additionally for the subdomains <quote>your.domain</" +#| "quote> and uses the full certificate in the search filter. The second " +#| "example is valid for the domain <quote>files</quote> where it is assumed " +#| "the files provider is used for this domain and contains a matching rule " +#| "for the local user <quote>myname</quote>. <placeholder " +#| "type=\"programlisting\" id=\"0\"/>" +msgid "" +"3. The following example shows the configuration of a certificate mapping " +"rule. It is valid for the configured domain <quote>my.domain</quote> and " +"additionally for the subdomains <quote>your.domain</quote> and uses the full " +"certificate in the search filter. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" +"3. В следующем примере показана конфигурация двух правил сопоставления " +"сертификатов. Первое действительно для настроенного домена <quote>my.domain</" +"quote>, а также для поддоменов <quote>your.domain</quote>, и использует " +"полный сертификат в фильтре поиска. Второе действительно для домена " +"<quote>files</quote>, где предполагается, что для этого домена используется " +"поставщик данных файлов и содержит правило установления соответствия для " +"локального пользователя <quote>myname</quote>. <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "sssd-ldap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "Поставщик данных LDAP SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:21 pam_sss.8.xml:63 pam_sss_gss.8.xml:30 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21 +#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 +#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sssd-krb5.5.xml:21 +#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 +#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 +#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30 +#: sssd-files.5.xml:21 sssd-session-recording.5.xml:21 sssd-kcm.8.xml:21 +#: sssd-systemtap.5.xml:21 sssd-ldap-attributes.5.xml:21 +#: sssd_krb5_localauth_plugin.8.xml:20 +msgid "DESCRIPTION" +msgstr "ОПИСАНИЕ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" +"На этой справочной странице представлено описание настройки доменов LDAP для " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Подробные сведения о синтаксисе доступны в разделе " +"<quote>ФОРМАТ ФАЙЛА</quote> справочной страницы <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "Возможно настроить SSSD на использование нескольких доменов LDAP." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." +msgstr "" +"Внутренний сервер LDAP поддерживает поставщиков данных идентификаторов (id), " +"проверки подлинности (auth), управления доступом (access) и смены пароля " +"(chpass). Если проверка подлинности должна выполняться на сервере LDAP, " +"требуется TLS/SSL или LDAPS. <command>sssd</command> <emphasis>не</emphasis> " +"поддерживает проверку подлинности по незашифрованному каналу. Если сервер " +"LDAP используется только как поставщик данных идентификации, зашифрованный " +"канал не требуется. Дополнительные сведения об использования LDAP в качестве " +"поставщика данных управления доступом доступны в описании параметра " +"конфигурации <quote>ldap_access_filter</quote>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 +#: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 +msgid "CONFIGURATION OPTIONS" +msgstr "ПАРАМЕТРЫ КОНФИГУРАЦИИ" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:67 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "ldap_uri, ldap_backup_uri (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"Разделённый запятыми список URI серверов LDAP, к которым SSSD следует " +"подключаться в порядке приоритета. Дополнительные сведения об отработке " +"отказа и избыточности сервера доступны в разделе <quote>ОТРАБОТКА ОТКАЗА</" +"quote>. Если не указан ни один из параметров, будет включено обнаружение " +"служб. Дополнительные сведения доступны в разделе <quote>ОБНАРУЖЕНИЕ СЛУЖБ</" +"quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:77 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "Формат URI должен соответствовать формату, определённому в RFC 2732:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:80 +msgid "ldap[s]://<host>[:port]" +msgstr "ldap[s]://<host>[:port]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:83 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" +"Для явного указания адресов IPv6 <host> необходимо заключать в скобки " +"[]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:86 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "пример: ldap://[fc00::126:25]:389" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:92 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" +"Разделённый запятыми список URI серверов LDAP, к которым SSSD следует " +"подключаться в порядке приоритета для смены пароля пользователя. " +"Дополнительные сведения об отработке отказа и избыточности сервера доступны " +"в разделе <quote>ОТРАБОТКА ОТКАЗА</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:102 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" +"Для включения обнаружения служб необходимо установить значение параметра " +"ldap_chpass_dns_service_name." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:106 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "По умолчанию: пусто, то есть используется ldap_uri." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:112 +msgid "ldap_search_base (string)" +msgstr "ldap_search_base (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:115 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" +"Стандартное base DN, которое следует использовать для выполнения действий от " +"имени пользователя LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" +"Начиная с версии 1.7.0, SSSD поддерживает несколько баз поиска. Используется " +"следующий синтаксис:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:123 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" +"Значением области может быть одно из следующих: «base», «onelevel» или " +"«subtree»." + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" +"Фильтр должен являться корректным фильтром поиска LDAP согласно спецификации " +"http://www.ietf.org/rfc/rfc2254.txt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 +msgid "Examples:" +msgstr "Примеры:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:136 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" +"ldap_search_base = dc=example,dc=com (что эквивалентно) ldap_search_base = " +"dc=example,dc=com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:141 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" +"Примечание: не поддерживается использование нескольких баз поиска, которые " +"ссылаются на объекты с одинаковыми именами (например, на группы с одинаковым " +"именем в двух разных базах поиска). Это приведёт к непредсказуемому " +"поведению программы на клиентских компьютерах." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:151 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" +"По умолчанию: если не задано, используется значение атрибута " +"defaultNamingContext или namingContexts из RootDSE сервера LDAP. Если " +"атрибут defaultNamingContext не существует или имеет пустое значение, " +"используется значение namingContexts. Для работы этого параметра необходимо, " +"чтобы атрибут namingContexts имел одно значение с DN базы поиска сервера " +"LDAP. Использование нескольких значений не поддерживается." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:165 +msgid "ldap_schema (string)" +msgstr "ldap_schema (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" +"Указывает тип схемы, который используется на сервере LDAP цели. Стандартные " +"имена атрибутов, получаемые с серверов, зависят от выбранной схемы. Также " +"может различаться и способ обработки некоторых атрибутов." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:175 +msgid "Four schema types are currently supported:" +msgstr "В настоящее время поддерживаются четыре типа схем:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:179 +msgid "rfc2307" +msgstr "rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:184 +msgid "rfc2307bis" +msgstr "rfc2307bis" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:189 +msgid "IPA" +msgstr "IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:194 +msgid "AD" +msgstr "AD" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:200 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" +"Главное различие между этими типами схем заключается в способе записи " +"участия в группах на сервере. В схеме rfc2307 записи участников групп " +"упорядочиваются по имени в атрибуте <emphasis>memberUid</emphasis>. В схемах " +"rfc2307bis и IPA записи участников групп упорядочиваются по DN и хранятся в " +"атрибуте <emphasis>member</emphasis>. В схеме AD атрибуты будут " +"соответствовать значениям 2008r2 Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:210 +msgid "Default: rfc2307" +msgstr "По умолчанию: rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:216 +msgid "ldap_pwmodify_mode (string)" +msgstr "ldap_pwmodify_mode (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:219 +msgid "Specify the operation that is used to modify user password." +msgstr "" +"Позволяет указать действие, которое выполняется для смены пароля " +"пользователя." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:223 +msgid "Two modes are currently supported:" +msgstr "В настоящее время поддерживаются два режима:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:227 +msgid "exop - Password Modify Extended Operation (RFC 3062)" +msgstr "exop — расширенное действие по изменению пароля (RFC 3062)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:233 +msgid "ldap_modify - Direct modification of userPassword (not recommended)." +msgstr "ldap_modify — прямое изменение userPassword (не рекомендуется)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:240 +msgid "" +"Note: First, a new connection is established to verify current password by " +"binding as the user that requested password change. If successful, this " +"connection is used to change the password therefore the user must have write " +"access to userPassword attribute." +msgstr "" +"Примечание: сначала устанавливается новое соединение для проверки текущего " +"пароля путём привязки от имени пользователя, запросившего смену пароля. В " +"случае успеха это соединение используется для смены пароля, следовательно, у " +"пользователя должны быть права на запись в атрибут userPassword." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:248 +msgid "Default: exop" +msgstr "По умолчанию: exop" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:254 +msgid "ldap_default_bind_dn (string)" +msgstr "ldap_default_bind_dn (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" +"Стандартное DN привязки, которое следует использовать для выполнения " +"действий LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:264 +msgid "ldap_default_authtok_type (string)" +msgstr "ldap_default_authtok_type (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:267 +msgid "The type of the authentication token of the default bind DN." +msgstr "Тип маркера проверки подлинности для bind DN по умолчанию." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:271 +msgid "The two mechanisms currently supported are:" +msgstr "В настоящее время поддерживаются два механизма:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:274 +msgid "password" +msgstr "password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:277 +msgid "obfuscated_password" +msgstr "obfuscated_password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:280 +msgid "Default: password" +msgstr "По умолчанию: password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "" +"See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more information." +msgstr "" +"Дополнительные сведения доступны на справочной странице <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:294 +msgid "ldap_default_authtok (string)" +msgstr "ldap_default_authtok (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:297 +msgid "The authentication token of the default bind DN." +msgstr "Маркер проверки подлинности стандартного DN привязки." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:303 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "ldap_force_upper_case_realm (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:306 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" +"Некоторые серверы каталогов, например Active Directory, могут предоставлять " +"часть области UPN в нижнем регистре, что может привести к сбою проверки " +"подлинности. Установите этот параметр в значение, отличное от нуля, если " +"следует использовать название области в верхнем регистре." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:319 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "ldap_enumeration_refresh_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" +"Указывает время ожидания SSSD (в секундах) перед обновлением своего кэша " +"перечисленных записей." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:338 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "ldap_purge_cache_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:341 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" +"Позволяет определить, как часто следует проверять кэш на наличие неактивных " +"записей (таких, как группы без участников и пользователи, которые никогда не " +"выполняли вход) и удалять эти записи для экономии места." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:347 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" +"Установка этого параметра в значение «0» отключит очистку кэша. Обратите " +"внимание: если перечисление включено, задание очистки должно выполняться для " +"определения записей, удалённых с сервера, и его нельзя отключить. По " +"умолчанию задание очистки выполняется раз в 3 часа, когда перечисление " +"включено." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:367 +msgid "ldap_group_nesting_level (integer)" +msgstr "ldap_group_nesting_level (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:370 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" +"Если в качестве значения ldap_schema выбран формат схемы, который " +"поддерживает вложенные группы (например, RFC2307bis), этот параметр " +"определяет количество уровней вложенности, которое будет обрабатываться " +"SSSD. Если используется схема RFC2307, этот параметр ни на что не влияет." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" +"Примечание: этот параметр задаёт гарантированный уровень вложенности групп, " +"который будет обрабатываться при любом поиске. Тем не менее, в результатах " +"поиска <emphasis>могут</emphasis> присутствовать вложенные группы, уровень " +"вложенности которых превышает указанное значение, если при предыдущих " +"поисках выполнялась обработка более глубоких уровней вложенности. Кроме " +"того, последующие поиски других групп могут увеличить набор результатов " +"исходного поиска, когда он будет выполнен повторно." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" +"Если параметр ldap_group_nesting_level установлен в значение «0», обработка " +"вложенных групп выполняться не будет. Тем не менее, если с помощью " +"<quote>id_provider=ad</quote> установлено соединение с Active Directory " +"Server 2008 и выше, также будет необходимо отключить использование групп " +"маркеров путём установки параметра ldap_use_tokengroups в значение «false» " +"для ограничения вложенности групп." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:395 +msgid "Default: 2" +msgstr "По умолчанию: 2" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:404 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" +"Этот параметр включает или отключает использование атрибута групп маркеров " +"при выполнении initgroup для пользователей Active Directory Server 2008 или " +"выше." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: True for AD and IPA otherwise False." +msgstr "По умолчанию: True для AD и IPA, в ином случае — False." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_host_search_base (string)" +msgstr "ldap_host_search_base (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" +"Необязательный параметр. Использовать указанную строку как базу поиска " +"объектов узлов." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" +"Сведения о настройке нескольких баз поиска доступны в описании параметра " +"<quote>ldap_search_base</quote>." + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "По умолчанию: значение <emphasis>ldap_search_base</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:439 +msgid "ldap_service_search_base (string)" +msgstr "ldap_service_search_base (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:444 +msgid "ldap_iphost_search_base (string)" +msgstr "ldap_iphost_search_base (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:449 +msgid "ldap_ipnetwork_search_base (string)" +msgstr "ldap_ipnetwork_search_base (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:454 +msgid "ldap_search_timeout (integer)" +msgstr "ldap_search_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:457 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" +"Позволяет указать тайм-аут (в секундах) для выполнения поиска LDAP, по " +"истечении которого поиск будет отменён и будут возвращены кэшированные " +"результаты (и выполнен переход в автономный режим)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:463 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" +"Примечание: этот параметр будет изменён в будущих версиях SSSD. Вероятно, " +"его заменит ряд тайм-аутов для отдельных типов поиска." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:480 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "ldap_enumeration_search_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:483 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" +"Позволяет указать тайм-аут (в секундах) для выполнения LDAP поиска " +"перечислений пользователей и групп, по истечении которого поиск будет " +"отменён и будут возвращены кэшированные результаты (и выполнен переход в " +"автономный режим)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:501 +msgid "ldap_network_timeout (integer)" +msgstr "ldap_network_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" +"Позволяет указать тайм-аут (в секундах), по истечении которого в случае " +"отсутствия активности возвращается <citerefentry> <refentrytitle>poll</" +"refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/<citerefentry> " +"<refentrytitle>select</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> после <citerefentry> <refentrytitle>connect</refentrytitle> " +"<manvolnum>2</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:532 +msgid "ldap_opt_timeout (integer)" +msgstr "ldap_opt_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:535 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" +"Позволяет указать тайм-аут (в секундах), по истечении которого вызовы " +"синхронных программных интерфейсов LDAP будут прекращены, если не будет " +"получен ответ. Этот параметр также управляет тайм-аутом при обмене данными с " +"KDC в случае использования привязки SASL, тайм-аутом операции привязки LDAP, " +"расширенного действия по смене пароля и действия StartTLS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:555 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "ldap_connection_expire_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:558 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" +"Позволяет указать тайм-аут (в секундах), в течение которого будет " +"поддерживаться соединение с сервером LDAP. По истечении этого времени будет " +"предпринята попытка повторного подключения. Если параллельно используется " +"SASL/GSSAPI, будет использоваться первое по времени наступления из этих двух " +"значений (значение этого параметра или значение времени жизни TGT)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:566 +msgid "" +"If the connection is idle (not actively running an operation) within " +"<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " +"closed early to ensure that a new query cannot require the connection to " +"remain open past its expiration. This implies that connections will always " +"be closed immediately and will never be reused if " +"<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" +msgstr "" +"Если соединение простаивает (активные операции не выполняются) в течение " +"<emphasis>ldap_opt_timeout</emphasis> секунд после истечения срока действия, " +"оно будет закрыто досрочно, чтобы гарантировать, что новый запрос не может " +"требовать, чтобы соединение оставалось открытым после истечения срока его " +"действия. Это означает, что соединения всегда будут закрываться немедленно, " +"и не будут использоваться повторно, если " +"<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:578 +msgid "" +"This timeout can be extended of a random value specified by " +"<emphasis>ldap_connection_expire_offset</emphasis>" +msgstr "" +"Этот тайм-аут может быть увеличен случайным значением, указанным с помощью " +"параметра <emphasis>ldap_connection_expire_offset</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 +msgid "Default: 900 (15 minutes)" +msgstr "По умолчанию: 900 (15 минут)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_connection_expire_offset (integer)" +msgstr "ldap_connection_expire_offset (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"Random offset between 0 and configured value is added to " +"<emphasis>ldap_connection_expire_timeout</emphasis>." +msgstr "" +"Случайная задержка от 0 до настроенного значения добавляется к " +"<emphasis>ldap_connection_expire_timeout</emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:613 +msgid "ldap_connection_idle_timeout (integer)" +msgstr "ldap_connection_idle_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:616 +msgid "" +"Specifies a timeout (in seconds) that an idle connection to an LDAP server " +"will be maintained. If the connection is idle for more than this time then " +"the connection will be closed." +msgstr "" +"Позволяет указать тайм-аут (в секундах), в течение которого будет " +"поддерживаться неактивное соединение с сервером LDAP. Если соединение " +"бездействует дольше этого времени, соединение будет закрыто." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:622 +msgid "You can disable this timeout by setting the value to 0." +msgstr "Можно отключить этот тайм-аут, установив значение «0»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:637 +msgid "ldap_page_size (integer)" +msgstr "ldap_page_size (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:640 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" +"Позволяет указать количество записей для получения от LDAP в ответ на один " +"запрос. На некоторых серверах LDAP задано ограничение максимального " +"количества на один запрос." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:651 +msgid "ldap_disable_paging (boolean)" +msgstr "ldap_disable_paging (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:654 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" +"Отключить управление переходами между страницами LDAP. Этот параметр следует " +"использовать, если сервер LDAP сообщает о том, что поддерживает управление " +"переходами между страницами LDAP в своём RootDSE, но оно не включено или не " +"работает надлежащим образом." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:660 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" +"Пример: серверы OpenLDAP с модулем управлением переходами между страницами, " +"который установлен на сервере, но не включён, будут сообщать о нём в " +"RootDSE, но не смогут использовать его." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:666 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" +"Пример: в 389 DS есть внутренняя ошибка, из-за которой для одного " +"подключения одновременно поддерживается только одно средство управления " +"переходами между страницами. Если поступает много запросов, это может " +"привести к отказам в выполнении некоторых из них." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:678 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "ldap_disable_range_retrieval (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:681 +msgid "Disable Active Directory range retrieval." +msgstr "Отключить получение диапазонов Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:684 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" +"Active Directory ограничивает количество участников, которые могут быть " +"получены за один поиск, с помощью политики MaxValRange (значение по " +"умолчанию — 1500 участников). Если группа содержит большее количество " +"участников, ответ будет включать специфичное для AD расширение диапазона. " +"Этот параметр отключает обработку расширения диапазона, следовательно, " +"большие группы будут показаны как группы без участников." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:699 +msgid "ldap_sasl_minssf (integer)" +msgstr "ldap_sasl_minssf (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:702 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" +"Позволяет указать минимальный уровень безопасности, необходимый для " +"установки соединения в случае обмена данными с сервером LDAP с помощью SASL. " +"Значение этого параметра определяется OpenLDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" +"По умолчанию: использовать стандартное системное значение (обычно " +"указывается в ldap.conf)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:715 +msgid "ldap_sasl_maxssf (integer)" +msgstr "ldap_sasl_maxssf (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:718 +msgid "" +"When communicating with an LDAP server using SASL, specify the maximal " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" +"Позволяет указать максимальный уровень безопасности, необходимый для " +"установки соединения в случае обмена данными с сервером LDAP с помощью SASL. " +"Значение этого параметра определяется OpenLDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:731 +msgid "ldap_deref_threshold (integer)" +msgstr "ldap_deref_threshold (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:734 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" +"Позволяет указать количество записей участников групп, которые должны " +"отсутствовать во внутреннем кэше для активации поиска с разыменованием. Если " +"отсутствует меньшее количество записей участников, поиск будет выполняться " +"для каждого из них по отдельности." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:740 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0. " +"Please note that there are some codepaths in SSSD, like the IPA HBAC " +"provider, that are only implemented using the dereference call, so even with " +"dereference explicitly disabled, those parts will still use dereference if " +"the server supports it and advertises the dereference control in the rootDSE " +"object." +msgstr "" +"Чтобы полностью отключить поиск с разыменованием, установите значение «0». " +"Обратите внимание, что в коде SSSD, например коде поставщика данных HBAC " +"IPA, имеются некоторые инструкции, которые реализуются только с " +"использованием вызова разыменования. Даже если разыменование явно отключено, " +"оно всё равно будет использоваться в этих частях кода, если сервер " +"поддерживает его и объявляет управление разыменованием в объекте rootDSE." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:751 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" +"Поиск с разыменованием позволяет получить всех участников групп за один " +"вызов LDAP. На разных серверах LDAP могут быть реализованы разные методы " +"разыменования. В настоящее время поддерживаются следующие серверы: 389/RHDS, " +"OpenLDAP и Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:759 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" +"<emphasis>Примечание:</emphasis> если какая-либо из баз поиска задаёт фильтр " +"поиска, то улучшение быстродействия поиска с разыменованием будет отключено," +"независимо от значения этого параметра." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:772 +msgid "ldap_ignore_unreadable_references (bool)" +msgstr "ldap_ignore_unreadable_references (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:775 +msgid "" +"Ignore unreadable LDAP entries referenced in group's member attribute. If " +"this parameter is set to false an error will be returned and the operation " +"will fail instead of just ignoring the unreadable entry." +msgstr "" +"Игнорировать нечитаемые записи LDAP, указанные в атрибуте участника группы. " +"Если для этого параметра установлено значение «false», будет возвращено " +"сообщение об ошибке, а действие завершится ошибкой вместо простого " +"игнорирования нечитаемой записи." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:782 +msgid "" +"This parameter may be useful when using the AD provider and the computer " +"account that sssd uses to connect to AD does not have access to a particular " +"entry or LDAP sub-tree for security reasons." +msgstr "" +"Этот параметр может быть полезен, если используется поставщик данных AD, а " +"учетная запись компьютера, используемая sssd для установления соединения с " +"AD, не имеет доступа к определенной записи или поддереву LDAP из соображений " +"безопасности." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:795 +msgid "ldap_tls_reqcert (string)" +msgstr "ldap_tls_reqcert (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:798 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" +"Позволяет указать, какие проверки следует выполнять для сертификатов сервера " +"в сеансе TLS, если это требуется. Можно указать одно из следующих значений:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" +"<emphasis>never</emphasis> = клиент не будет запрашивать или проверять " +"сертификаты сервера." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:808 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" +"<emphasis>allow</emphasis> = будет запрашиваться сертификат сервера. Если " +"сертификат не предоставлен, сеанс продолжится в обычном режиме. Если " +"предоставлен ошибочный сертификат, он будет проигнорирован, и сеанс " +"продолжится в обычном режиме." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:815 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" +"<emphasis>try</emphasis> = будет запрашиваться сертификат сервера. Если " +"сертификат не предоставлен, сеанс продолжится в обычном режиме. Если " +"предоставлен ошибочный сертификат, сеанс немедленно будет завершён." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:821 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" +"<emphasis>demand</emphasis> = будет требоваться сертификат сервера. Если " +"сертификат не предоставлен или предоставлен ошибочный сертификат, сеанс " +"немедленно будет завершён." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:827 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "<emphasis>hard</emphasis> = аналогично <quote>demand</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:831 +msgid "Default: hard" +msgstr "По умолчанию: hard" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:837 +msgid "ldap_tls_cacert (string)" +msgstr "ldap_tls_cacert (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:840 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" +"Позволяет указать файл, который содержит сертификаты для всех центров " +"сертификации, которые распознаются <command>sssd</command>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" +"По умолчанию: использовать стандартные параметры OpenLDAP, которые обычно " +"хранятся в <filename>/etc/openldap/ldap.conf</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:852 +msgid "ldap_tls_cacertdir (string)" +msgstr "ldap_tls_cacertdir (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:855 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" +"Позволяет указать путь к каталогу, в котором хранятся сертификаты центра " +"сертификации, каждый в своём файле. Обычно имена файлов — это хэш " +"сертификата, за которым следует «.0». Для создания корректных имён можно " +"использовать команду <command>cacertdir_rehash</command>, если она доступна." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:870 +msgid "ldap_tls_cert (string)" +msgstr "ldap_tls_cert (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:873 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "Позволяет указать файл, который содержит сертификат для ключа клиента." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:883 +msgid "ldap_tls_key (string)" +msgstr "ldap_tls_key (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:886 +msgid "Specifies the file that contains the client's key." +msgstr "Позволяет указать файл, который содержит ключ клиента." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:895 +msgid "ldap_tls_cipher_suite (string)" +msgstr "ldap_tls_cipher_suite (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:898 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" +"Позволяет указать допустимые комплекты шифров. Обычно представляет собой " +"список, разделённый двоеточиями. Описание формата доступно на справочной " +"странице <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "ldap_id_use_start_tls (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." +msgid "" +"Specifies that the id_provider connection must also use <systemitem " +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." +msgstr "" +"Позволяет указать, что подключение id_provider должно также использовать " +"<systemitem class=\"protocol\">tls</systemitem> для защиты канала." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_id_mapping (boolean)" +msgstr "ldap_id_mapping (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" +"Позволяет указать, что SSSD следует пытаться сопоставить идентификаторы " +"пользователя и группы из атрибутов ldap_user_objectsid и " +"ldap_group_objectsid, а не полагаться на ldap_user_uid_number и " +"ldap_group_gid_number." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:934 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" +"В настоящее время эта функциональная возможность поддерживает только " +"сопоставление objectSID Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:944 +msgid "ldap_min_id, ldap_max_id (integer)" +msgstr "ldap_min_id, ldap_max_id (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:947 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" +"В отличие от сопоставления идентификаторов на основе SID, которое " +"используется, если параметр ldap_id_mapping установлен в значение «true», " +"допустимый диапазон идентификаторов для ldap_user_uid_number и " +"ldap_group_gid_number является неограниченным. В конфигурациях с поддоменами " +"и доверенными доменами это может привести к конфликтам идентификаторов. " +"Чтобы избежать конфликтов, можно указать параметры ldap_min_id и ldap_max_id " +"для ограничения допустимого диапазона идентификаторов, чтение которых " +"выполняется непосредственно с сервера. После этого поддомены могут выбрать " +"другие диапазоны для сопоставления идентификаторов." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:959 +msgid "Default: not set (both options are set to 0)" +msgstr "По умолчанию: не задано (оба параметра установлены в значение 0)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:965 +msgid "ldap_sasl_mech (string)" +msgstr "ldap_sasl_mech (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:968 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " +"tested and supported." +msgstr "" +"Позволяет указать механизм SASL, который следует использовать. В настоящее " +"время протестированы и поддерживаются только GSSAPI и GSS-SPNEGO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:972 +msgid "" +"If the backend supports sub-domains the value of ldap_sasl_mech is " +"automatically inherited to the sub-domains. If a different value is needed " +"for a sub-domain it can be overwritten by setting ldap_sasl_mech for this " +"sub-domain explicitly. Please see TRUSTED DOMAIN SECTION in " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" +"Если внутренний сервер поддерживает поддомены, значение ldap_sasl_mech " +"автоматически наследуется поддоменами. Если для поддомена требуется " +"использовать другое значение, это значение можно перезаписать, явно указав " +"ldap_sasl_mech для этого поддомена. Для получения подробных сведений " +"смотрите «РАЗДЕЛ ДОВЕРЕННЫХ ДОМЕНОВ» на справочной странице " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:988 +msgid "ldap_sasl_authid (string)" +msgstr "ldap_sasl_authid (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ldap.5.xml:1000 +#, no-wrap +msgid "" +"hostname@REALM\n" +"netbiosname$@REALM\n" +"host/hostname@REALM\n" +"*$@REALM\n" +"host/*@REALM\n" +"host/*\n" +" " +msgstr "" +"hostname@REALM\n" +"netbiosname$@REALM\n" +"host/hostname@REALM\n" +"*$@REALM\n" +"host/*@REALM\n" +"host/*\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:991 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " +"this represents the Kerberos principal used for authentication to the " +"directory. This option can either contain the full principal (for example " +"host/myhost@EXAMPLE.COM) or just the principal name (for example host/" +"myhost). By default, the value is not set and the following principals are " +"used: <placeholder type=\"programlisting\" id=\"0\"/> If none of them are " +"found, the first principal in keytab is returned." +msgstr "" +"Позволяет указать идентификатор проверки подлинности SASL, который следует " +"использовать. Если используется GSSAPI/GSS-SPNEGO, он представляет собой " +"участника Kerberos, который используется для проверки подлинности при " +"доступе к каталогу. Этот параметр может содержать либо полное имя участника " +"(например, host/myhost@EXAMPLE.COM), либо просто имя участника (например, " +"host/myhost). По умолчанию это значение не задано, используются следующие " +"участники: <placeholder type=\"programlisting\" id=\"0\"/> Если они не " +"найдены, возвращается первый участник из таблицы ключей." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1011 +msgid "Default: host/hostname@REALM" +msgstr "По умолчанию: host/hostname@REALM" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1017 +msgid "ldap_sasl_realm (string)" +msgstr "ldap_sasl_realm (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" +"Позволяет указать область SASL, которую следует использовать. Если значение " +"не указано, по умолчанию будет использоваться значение krb5_realm. Если " +"ldap_sasl_authid также содержит область, этот параметр игнорируется." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1026 +msgid "Default: the value of krb5_realm." +msgstr "По умолчанию: значение krb5_realm." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1032 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "ldap_sasl_canonicalize (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1035 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" +"Если установлено в значение «true», библиотека LDAP будет выполнять обратный " +"просмотр для преобразования имени узла в каноническую форму во время " +"привязки SASL." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1040 +msgid "Default: false;" +msgstr "По умолчанию: false;" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1046 +msgid "ldap_krb5_keytab (string)" +msgstr "ldap_krb5_keytab (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1049 +msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." +msgstr "" +"Позволяет указать таблицу ключей, которую следует использовать при " +"использовании проверки подлинности с помощью SASL/GSSAPI/GSS-SPNEGO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" +"По умолчанию: системная таблица ключей, обычно <filename>/etc/krb5.keytab</" +"filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1064 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "ldap_krb5_init_creds (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1067 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI or GSS-SPNEGO." +msgstr "" +"Позволяет указать, что id_provider должен инициализировать учётные данные " +"Kerberos (TGT). Это действие выполняется только в том случае, если " +"используется SASL и выбран механизм GSSAPI или GSS-SPNEGO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1079 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "ldap_krb5_ticket_lifetime (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." +msgstr "" +"Позволяет указать время жизни TGT (в секундах), если используется GSSAPI или " +"GSS-SPNEGO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 +msgid "Default: 86400 (24 hours)" +msgstr "По умолчанию: 86400 (24 часа)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "krb5_server, krb5_backup_server (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1100 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" +"Разделённый запятыми список IP-адресов или имён узлов серверов Kerberos, к " +"которым SSSD следует подключаться в порядке приоритета. Дополнительные " +"сведения об отработке отказа и избыточности сервера доступны в разделе " +"<quote>ОТРАБОТКА ОТКАЗА</quote>. После адресов или имён узлов можно " +"(необязательно) добавить номер порта (предварив его двоеточием). Если у " +"параметра пустое значение, будет включено обнаружение служб — дополнительные " +"сведения доступны в разделе <quote>ОБНАРУЖЕНИЕ СЛУЖБ</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" +"При использовании обнаружения служб для серверов KDC или kpasswd SSSD " +"сначала выполняет поиск записей DNS, в которых в качестве протокола указан " +"_udp. Если такие записи не удаётся найти, SSSD выполняет поиск записей DNS, " +"в которых в качестве протокола указан _tcp." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" +"В предыдущих версиях SSSD этот параметр назывался <quote>krb5_kdcip</quote>. " +"Это устаревшее имя всё ещё распознаётся, но пользователям рекомендуется " +"перейти на использование <quote>krb5_server</quote> в файлах конфигурации." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "krb5_realm (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1129 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." +msgstr "" +"Позволяет указать область Kerberos (для проверки подлинности с помощью SASL/" +"GSSAPI/GSS-SPNEGO)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1133 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" +"По умолчанию: стандартные параметры системы, см. <filename>/etc/krb5.conf</" +"filename>" + +#. type: Content of: <variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 +msgid "krb5_canonicalize (boolean)" +msgstr "krb5_canonicalize (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1142 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" +"Позволяет указать, следует ли приводить в каноническую форму имя участника-" +"узла при подключении к серверу LDAP. Эта возможность доступна в MIT Kerberos " +">= 1.7" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "krb5_use_kdcinfo (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" +"Позволяет указать, следует ли SSSD сообщать библиотекам, какую область и " +"какие KDC нужно использовать. Этот параметр включён по умолчанию. Если " +"отключить его, потребуется настроить библиотеку Kerberos с помощью файла " +"конфигурации <citerefentry> <refentrytitle>krb5.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" +"Дополнительные сведения о модуле локатора доступны на справочной странице " +"<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1182 +msgid "ldap_pwd_policy (string)" +msgstr "ldap_pwd_policy (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1185 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" +"Позволяет выбрать политику оценки истечения срока действия пароля на стороне " +"клиента. Допускаются следующие значения:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1190 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" +"<emphasis>none</emphasis> — без оценки на стороне клиента. С помощью этого " +"параметра нельзя отключить политики паролей на стороне сервера." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired. Please see option " +"\"ldap_chpass_update_last_change\" as well." +msgstr "" +"<emphasis>shadow</emphasis> — использовать атрибуты в стиле " +"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> для проверки того, не истёк ли срок действия " +"пароля. См. также опцию «ldap_chpass_update_last_change»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1203 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" +"<emphasis>mit_kerberos</emphasis> — использовать атрибуты, которые " +"используются MIT Kerberos, для определения того, не истёк ли срок действия " +"пароля. Чтобы обновить эти атрибуты в случае смены пароля, воспользуйтесь " +"chpass_provider=krb5." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1212 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" +"<emphasis>Примечание</emphasis>: если на стороне сервера настроена политика " +"паролей, она всегда будет иметь приоритет над политикой, заданной с помощью " +"этого параметра." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1220 +msgid "ldap_referrals (boolean)" +msgstr "ldap_referrals (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1223 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" +"Позволяет указать, следует ли включить автоматическое прослеживание ссылок." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1227 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" +"Обратите внимание, что sssd поддерживает прослеживание ссылок только в том " +"случае, если сервис собран с OpenLDAP версии 2.4.13 или выше." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1232 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement. Setting this option to " +"false is therefore recommended in case the SSSD LDAP provider is used " +"together with Microsoft Active Directory as a backend. Even if SSSD would be " +"able to follow the referral to a different AD DC no additional data would be " +"available." +msgstr "" +"Прослеживание ссылок может замедлять работу в средах, где оно широко " +"применяется. Яркий пример такой среды — Microsoft Active Directory. Если в " +"используемой среде нет реальной необходимости в прослеживании ссылок, можно " +"установить этот параметр в значение «false»; это позволит заметно повысить " +"производительность. Поэтому в том случае, когда поставщик данных LDAP SSSD " +"используется совместно с Microsoft Active Directory в качестве внутреннего " +"сервера, рекомендуется установить этот параметр в значение «false». Даже " +"если бы у SSSD была возможность перейти по ссылке к другому контроллеру " +"домена AD, это не позволило бы получить дополнительные данные." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1251 +msgid "ldap_dns_service_name (string)" +msgstr "ldap_dns_service_name (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1254 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" +"Позволяет указать имя службы, которое будет использоваться, когда включено " +"обнаружение служб." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1258 +msgid "Default: ldap" +msgstr "По умолчанию: ldap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1264 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "ldap_chpass_dns_service_name (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1267 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" +"Позволяет указать имя службы для поиска сервера LDAP, который позволяет " +"менять пароль, когда включено обнаружение служб." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "По умолчанию: не задано, то есть обнаружение служб отключено" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1278 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "ldap_chpass_update_last_change (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1281 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" +"Позволяет указать, следует ли обновлять атрибут ldap_user_shadow_last_change " +"данными о количестве дней с момента выполнения действия по смены пароля." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1287 +msgid "" +"It is recommend to set this option explicitly if \"ldap_pwd_policy = " +"shadow\" is used to let SSSD know if the LDAP server will update " +"shadowLastChange LDAP attribute automatically after a password change or if " +"SSSD has to update it." +msgstr "" +"Рекомендуется установить этот параметр явно, если используется " +"«ldap_pwd_policy = shadow», чтобы сообщить SSSD, будет ли сервер LDAP " +"автоматически обновлять атрибут shadowLastChange LDAP после смены пароля или " +"SSSD должен обновить его." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1301 +msgid "ldap_access_filter (string)" +msgstr "ldap_access_filter (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1304 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" +"При использовании access_provider = ldap и ldap_access_order = filter (по " +"умолчанию) этот параметр является обязательным. Он задаёт условия фильтра " +"поиска LDAP, при условии соблюдения которых пользователю будет предоставлен " +"доступ к этому узлу. Если при использовании access_provider = ldap, " +"ldap_access_order = filter этот параметр не задан, всем пользователям будет " +"отказано в доступе. Чтобы изменить это стандартное поведение, используйте " +"access_provider = permit. Обратите внимание, что этот фильтр применяется " +"только к записи пользователя LDAP и, соответственно, может не работать " +"фильтрация на основе вложенных групп (например, атрибут memberOf в записях " +"AD указывает только на прямые родительские записи). Если фильтрацию на " +"основе вложенных групп необходимо выполнять, ознакомьтесь со справочной " +"страницей <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1324 +msgid "Example:" +msgstr "Пример:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1327 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1331 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" +"В этом примере доступ к узлу представляется только тем пользователям, " +"атрибут employeeType которых установлен в значение «admin»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1336 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice versa." +msgstr "" +"Автономное кэширование для этой возможности ограничивается определением " +"того, было ли предоставлено разрешение на доступ при последнем входе " +"пользователя в сетевом режиме. Если при последнем входе пользователю был " +"разрешён доступ, он также будет разрешён и в автономном режиме. Если же при " +"последнем входе пользователю был запрещён доступ, он также будет запрещён и " +"в автономном режиме." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 +msgid "Default: Empty" +msgstr "По умолчанию: пусто" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1350 +msgid "ldap_account_expire_policy (string)" +msgstr "ldap_account_expire_policy (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1353 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" +"С помощью этого параметра можно включить оценку атрибутов управления " +"доступом на стороне клиента." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1357 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" +"Обратите внимание, что всегда рекомендуется использовать управление доступом " +"на стороне сервера, то есть сервер LDAP должен отклонять запрос привязки с " +"соответствующим кодом ошибки, даже если пароль верен." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1364 +msgid "The following values are allowed:" +msgstr "Допускаются следующие значения:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1367 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" +"<emphasis>shadow</emphasis>: использовать значение ldap_user_shadow_expire " +"для определения того, не истёк ли срок действия учётной записи." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1372 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" +"<emphasis>ad</emphasis>: использовать значение 32-битного поля " +"ldap_user_ad_user_account_control и разрешать доступ, если второй бит не " +"задан. Если атрибут отсутствует, доступ предоставляется. Также проверяется, " +"не истёк ли срок действия учётной записи." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1379 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: использовать значение ldap_ns_account_lock, чтобы проверить, " +"разрешён ли доступ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" +"<emphasis>nds</emphasis>: использовать значения " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled и " +"ldap_user_nds_login_expiration_time, чтобы проверить, разрешён ли доступ. " +"Если все атрибуты отсутствуют, доступ предоставляется." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1393 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" +"Обратите внимание, что параметр конфигурации ldap_access_order " +"<emphasis>должен</emphasis> включать <quote>expire</quote>, чтобы можно было " +"использовать параметр ldap_account_expire_policy." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1406 +msgid "ldap_access_order (string)" +msgstr "ldap_access_order (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" +"Разделённый запятыми список параметров управления доступом. Допустимые " +"значения:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1413 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "<emphasis>filter</emphasis>: использовать ldap_access_filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1416 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" +"<emphasis>lockout</emphasis>: использовать блокировку учётных записей. Если " +"этот параметр установлен, он запрещает доступ, когда атрибут LDAP " +"«pwdAccountLockedTime» присутствует и имеет значение «000001010000Z». " +"Подробные сведения доступны в описании параметра ldap_pwdlockout_dn. " +"Обратите внимание, что для работы этой возможности необходимо задать " +"«access_provider = ldap»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1426 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" +"<emphasis> Обратите внимание, что над этим параметром имеет приоритет " +"параметр <quote>ppolicy</quote> и этот параметр может быть удалён в " +"следующей версии. </emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1433 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" +"<emphasis>ppolicy</emphasis>: использовать блокировку учётных записей. Если " +"этот параметр установлен, он запрещает доступ, когда атрибут LDAP " +"«pwdAccountLockedTime» присутствует и имеет значение «000001010000Z» или " +"представляет любое время в прошлом. Значение атрибута «pwdAccountLockedTime» " +"должно заканчиваться на «Z» (это означает часовой пояс UTC). В настоящее " +"время не поддерживается использование других часовых поясов; если они будут " +"заданы, при попытках пользователей войти в систему будет появляться " +"сообщение об отказе в доступе. Подробные сведения доступны в описании " +"параметра ldap_pwdlockout_dn. Обратите внимание, что для работы этой " +"возможности необходимо задать «access_provider = ldap»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1450 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "<emphasis>expire</emphasis>: использовать ldap_account_expire_policy" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> эти параметры полезны, если " +"пользователям нужно предупреждение о том, что срок действия пароля истекает, " +"и для проверки подлинности используются не пароли, а, например, ключи SSH." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 +msgid "" +"The difference between these options is the action taken if user password is " +"expired:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 +msgid "pwd_expire_policy_reject - user is denied to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 +msgid "pwd_expire_policy_warn - user is still able to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 +msgid "" +"pwd_expire_policy_renew - user is prompted to change their password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1489 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" +"Следует учитывать, что для работы этой возможности необходимо указать " +"«access_provider = ldap». Также необходимо указать соответствующую политику " +"паролей в качестве значения параметра «ldap_pwd_policy»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" +"<emphasis>authorized_service</emphasis>: использовать атрибут " +"authorizedService для определения возможности доступа" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1499 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" +"<emphasis>host</emphasis>: использовать атрибут host для определения " +"возможности доступа" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1503 +msgid "" +"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " +"remote host can access" +msgstr "" +"<emphasis>rhost</emphasis>: использовать атрибут rhost для определения " +"возможности доступа удалённого узла" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "" +"Please note, rhost field in pam is set by application, it is better to check " +"what the application sends to pam, before enabling this access control option" +msgstr "" +"Обратите внимание, что значение поля rhost в pam устанавливается " +"приложением; рекомендуется проверить, что приложение отправляет в pam, " +"прежде чем включать этот параметр управления доступом" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1512 +msgid "Default: filter" +msgstr "По умолчанию: filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1515 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" +"Обратите внимание, что использование значения более одного раза является " +"ошибкой конфигурации." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1522 +msgid "ldap_pwdlockout_dn (string)" +msgstr "ldap_pwdlockout_dn (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1525 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" +"Этот параметр позволяет указать DN записи политики паролей на сервере LDAP. " +"Обратите внимание: если в sssd.conf не будет этого параметра, когда " +"используется блокировка учётных записей, в доступе будет отказано из-за " +"невозможности надлежащим образом проверить атрибуты ppolicy на сервере LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1533 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "Пример: cn=ppolicy,ou=policies,dc=example,dc=com" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1536 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "По умолчанию: cn=ppolicy,ou=policies,$ldap_search_base" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1542 +msgid "ldap_deref (string)" +msgstr "ldap_deref (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1545 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" +"Позволяет указать, как осуществляется разыменование псевдонимов при " +"выполнении поиска. Допустимые варианты:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1550 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "<emphasis>never</emphasis>: разыменование псевдонимов не выполняется." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" +"<emphasis>searching</emphasis>: разыменование псевдонимов выполняется в " +"подчиненных базового объекта, но не при определении расположения базового " +"объекта поиска." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1559 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" +"<emphasis>finding</emphasis>: разыменование псевдонимов выполняется только " +"при определении расположения базового объекта поиска." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1564 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" +"<emphasis>always</emphasis>: разыменование псевдонимов выполняется как при " +"поиске, так и при определении расположения базового объекта поиска." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1569 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" +"По умолчанию: пусто (обрабатывается как <emphasis>never</emphasis> " +"клиентскими библиотеками LDAP)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1577 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "ldap_rfc2307_fallback_to_local_users (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1580 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" +"Разрешает сохранять локальных пользователей как участников группы LDAP для " +"серверов, которые используют схему RFC2307." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1584 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" +"В некоторых средах, где используется схема RFC2307, локальных пользователей " +"можно сделать участниками групп LDAP путём добавления их имён в атрибут " +"memberUid. При этом нарушается внутренняя согласованность домена, поэтому " +"SSSD обычно удаляет записи «отсутствующих» пользователей из кэшированных " +"данных об участии в группах, как только nsswitch выполняет попытку получить " +"информацию о пользователе через вызовы getpw*() или initgroups()." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1595 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" +"При использовании этого параметра программа возвращается к проверке наличия " +"ссылок на локальных пользователей и кэширует их записи, чтобы последующие " +"вызовы initgroups() расширяли список локальных пользователей дополнительными " +"группами LDAP." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 +msgid "wildcard_limit (integer)" +msgstr "wildcard_limit (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1610 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" +"Позволяет указать верхний предел количества записей, загружаемых во время " +"поиска с использованием подстановочных знаков." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1614 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" +"В настоящее время только ответчик InfoPipe поддерживает поиск с " +"использованием подстановочных знаков." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "Default: 1000 (often the size of one page)" +msgstr "По умолчанию: 1000 (часто размер одной страницы)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1624 +msgid "ldap_library_debug_level (integer)" +msgstr "ldap_library_debug_level (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1627 +msgid "" +"Switches on libldap debugging with the given level. The libldap debug " +"messages will be written independent of the general debug_level." +msgstr "" +"Включает отладку libldap на указанном уровне. Сообщения отладки libldap " +"записываются независимо от общего debug_level." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1632 +msgid "" +"OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " +"enable full debug output." +msgstr "" +"OpenLDAP использует битовую карту для включения отладки определённых " +"компонентов, -1 включает полный отладочный вывод." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1637 +msgid "Default: 0 (libldap debugging disabled)" +msgstr "По умолчанию: 0 (отладка libldap отключена)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:52 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. Note that SSSD " +"LDAP mapping attributes are described in the <citerefentry> " +"<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Все общие параметры конфигурации, которые применимы к доменам SSSD, также " +"применимы и к доменам LDAP. Подробные сведения доступны в разделе " +"<quote>РАЗДЕЛЫ ДОМЕНА</quote> справочной страницы <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>. Обратите внимание, что описание атрибутов сопоставления LDAP " +"SSSD LDAP приводится на справочной странице <citerefentry> " +"<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry>. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1647 +msgid "SUDO OPTIONS" +msgstr "ПАРАМЕТРЫ SUDO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1649 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Подробные инструкции по настройке sudo_provider доступны на справочной " +"странице <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1660 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "ldap_sudo_full_refresh_interval (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1663 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" +"Интервал в секундах между полными обновлениями правил sudo SSSD (при которых " +"загружаются все правила, которые хранятся на сервере)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1668 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" +"Это значение должно быть больше, чем " +"<emphasis>ldap_sudo_smart_refresh_interval </emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1673 +msgid "" +"You can disable full refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" +"Полное обновление можно отключить, установив этот параметр в значение «0». " +"Но должно быть включено либо интеллектуальное, либо полное обновление." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 +msgid "Default: 21600 (6 hours)" +msgstr "По умолчанию: 21600 (6 часов)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "ldap_sudo_smart_refresh_interval (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest " +"server USN value that is currently known by SSSD)." +msgstr "" +"Количество секунд, в течение которого SSSD ожидает перед выполнением " +"интеллектуального обновления правил sudo (при котором загружаются все " +"правила, USN которых больше самого высокого значения USN на сервере, которое " +"в настоящее время известно SSSD)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1693 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" +"Если сервер не поддерживает атрибуты USN, используется атрибут " +"modifyTimestamp." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1697 +msgid "" +"<emphasis>Note:</emphasis> the highest USN value can be updated by three " +"tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +"enumeration of users and groups (if enabled and updated users or groups are " +"found) and 3) by reconnecting to the server (by default every 15 minutes, " +"see <emphasis>ldap_connection_expire_timeout</emphasis>)." +msgstr "" +"<emphasis>Примечание:</emphasis> самое высокое значение USN может быть " +"обновлено тремя заданиями: 1) полным и интеллектуальным обновлением sudo " +"(если найдены обновлённые правила), 2) перечислением пользователей и групп " +"(если оно включено и найдены обновлённые пользователи или группы) и 3) " +"повторным подключением к серверу (по умолчанию каждые 15 минут, см. " +"<emphasis>ldap_connection_expire_timeout</emphasis>)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1708 +msgid "" +"You can disable smart refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" +"Интеллектуальное обновление можно отключить, установив этот параметр в " +"значение «0». Но должно быть включено либо интеллектуальное, либо полное " +"обновление." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1719 +msgid "ldap_sudo_random_offset (integer)" +msgstr "ldap_sudo_random_offset (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1722 +msgid "" +"Random offset between 0 and configured value is added to smart and full " +"refresh periods each time the periodic task is scheduled. The value is in " +"seconds." +msgstr "" +"Случайная задержка от 0 до настроенного значения добавляется к периодам " +"интеллектуального и полного обновления каждый раз при планировании " +"периодического задания. Значение указывается в секундах." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Note that this random offset is also applied on the first SSSD start which " +"delays the first sudo rules refresh. This prolongs the time when the sudo " +"rules are not available for use." +msgstr "" +"Обратите внимание, что эта случайная задержка также применяется при первом " +"запуске SSSD, что откладывает первое обновление правил sudo. Это увеличивает " +"время, в течение которого правила sudo недоступны для использования." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1734 +msgid "You can disable this offset by setting the value to 0." +msgstr "Можно отключить эту задержку, установив значение «0»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1744 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "ldap_sudo_use_host_filter (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1747 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" +"Если параметр установлен в значение «true», SSSD будет загружать только те " +"правила, которые применимы к этому компьютеру (на основе имён узлов и " +"адресов узлов/сетей в формате IPv4 или IPv6)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1758 +msgid "ldap_sudo_hostnames (string)" +msgstr "ldap_sudo_hostnames (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1761 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" +"Разделённый пробелами список имён узлов или полных доменных имён, которые " +"следует использовать для фильтрации правил." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1766 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" +"Если этот параметр имеет пустое значение, SSSD будет пытаться автоматически " +"обнаружить имя узла и полное доменное имя." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" +"Если значением <emphasis>ldap_sudo_use_host_filter</emphasis> является " +"<emphasis>false</emphasis>, этот параметр ни на что не влияет." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 +msgid "Default: not specified" +msgstr "По умолчанию: не указано" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1782 +msgid "ldap_sudo_ip (string)" +msgstr "ldap_sudo_ip (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1785 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" +"Разделённый пробелами список адресов IPv4 или IPv6 узлов/сетей, которые " +"следует использовать для фильтрации правил." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1790 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" +"Если этот параметр имеет пустое значение, SSSD будет пытаться автоматически " +"обнаружить адреса." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1805 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "ldap_sudo_include_netgroups (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1808 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" +"Если параметр установлен в значение «true», SSSD будет загружать все " +"правила, которые содержат сетевую группу в атрибуте sudoHost." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1823 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "ldap_sudo_include_regexp (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1826 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" +"Если параметр установлен в значение «true», SSSD будет загружать все " +"правила, которые содержат подстановочный знак в атрибуте sudoHost." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +#: sssd-ldap.5.xml:1836 +msgid "" +"Using wildcard is an operation that is very costly to evaluate on the LDAP " +"server side!" +msgstr "" +"Использование подстановочного знака — крайне ресурсоёмкая вычислительная " +"операция на стороне сервера LDAP!" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1848 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" +"На этой справочной странице содержится только описание сопоставления имён " +"атрибутов. Подробные сведения о семантике атрибутов, связанных с sudo, " +"доступны на справочной странице <citerefentry> <refentrytitle>sudoers.ldap</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1858 +msgid "AUTOFS OPTIONS" +msgstr "ПАРАМЕТРЫ AUTOFS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" +"Некоторые из стандартных значений приведённых ниже параметров зависят от " +"схемы LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1866 +msgid "ldap_autofs_map_master_name (string)" +msgstr "ldap_autofs_map_master_name (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1869 +msgid "The name of the automount master map in LDAP." +msgstr "Имя основной карты автоматического монтирования в LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1872 +msgid "Default: auto.master" +msgstr "По умолчанию: auto.master" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1883 +msgid "ADVANCED OPTIONS" +msgstr "ДОПОЛНИТЕЛЬНЫЕ ПАРАМЕТРЫ" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1890 +msgid "ldap_netgroup_search_base (string)" +msgstr "ldap_netgroup_search_base (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1895 +msgid "ldap_user_search_base (string)" +msgstr "ldap_user_search_base (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1900 +msgid "ldap_group_search_base (string)" +msgstr "ldap_group_search_base (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:1905 +msgid "<note>" +msgstr "<note>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no GID mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" +"Если параметр <quote>ldap_use_tokengroups</quote> включён, к поиску в Active " +"Directory не будут применяться какие-либо ограничения, он вернёт все данные " +"об участии в группах, даже без сопоставления GID. Рекомендуется отключить " +"эту возможность, если имена групп отображаются некорректно." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:1914 +msgid "</note>" +msgstr "</note>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1916 +msgid "ldap_sudo_search_base (string)" +msgstr "ldap_sudo_search_base (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_autofs_search_base (string)" +msgstr "ldap_autofs_search_base (строка)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1885 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder " +"type=\"variablelist\" id=\"1\"/>" +msgstr "" +"Эти параметры поддерживаются доменами LDAP, но их следует использовать с " +"осторожностью. Включайте их в конфигурацию, только если точно знаете, какой " +"эффект это произведёт. <placeholder type=\"variablelist\" id=\"0\"/> " +"<placeholder type=\"variablelist\" id=\"1\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 +msgid "EXAMPLE" +msgstr "ПРИМЕР" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" +"В следующем примере предполагается, что конфигурация SSSD корректна и что " +"установка LDAP выполнена для одного из доменов в разделе " +"<replaceable>[domains]</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1944 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 +#: include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1955 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "ПРИМЕР ФИЛЬТРА ДОСТУПА LDAP" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1957 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" +"В следующем примере предполагается, что конфигурация SSSD корректна и что " +"используется ldap_access_order=lockout." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1962 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "ПРИМЕЧАНИЯ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1979 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" +"Описания некоторых параметров конфигурации на этой справочной странице " +"основаны на справочной странице <citerefentry> <refentrytitle>ldap.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> из дистрибутива " +"OpenLDAP 2.4." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:11 pam_sss.8.xml:16 +msgid "pam_sss" +msgstr "pam_sss" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: pam_sss.8.xml:12 pam_sss_gss.8.xml:12 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11 +#: sssd_krb5_localauth_plugin.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:17 +msgid "PAM module for SSSD" +msgstr "модуль PAM для SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:22 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg " +"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg " +"choice='opt'> <replaceable>prompt_always</replaceable> </arg> <arg " +"choice='opt'> <replaceable>try_cert_auth</replaceable> </arg> <arg " +"choice='opt'> <replaceable>require_cert_auth</replaceable> </arg>" +msgstr "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg " +"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg " +"choice='opt'> <replaceable>prompt_always</replaceable> </arg> <arg " +"choice='opt'> <replaceable>try_cert_auth</replaceable> </arg> <arg " +"choice='opt'> <replaceable>require_cert_auth</replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:64 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" +"<command>pam_sss.so</command> — это интерфейс PAM к сервису SSSD. Ошибки и " +"результаты записываются в журнал посредством <command>syslog(3)</command> с " +"LOG_AUTHPRIV." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123 +#: sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "ОПЦИИ" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:74 +msgid "<option>quiet</option>" +msgstr "<option>quiet</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:77 +msgid "Suppress log messages for unknown users." +msgstr "Подавлять сообщения журнала для неизвестных пользователей." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>forward_pass</option>" +msgstr "<option>forward_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" +"Если параметр <option>forward_pass</option> задан, введённый пароль будет " +"помещён в стек для использования другими модулями PAM." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:92 +msgid "<option>use_first_pass</option>" +msgstr "<option>use_first_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:95 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" +"Использование аргумента use_first_pass позволяет указать модулю " +"принудительно использовать пароль ранее добавленного в стек модуля и никогда " +"не запрашивать его у пользователя — если пароль недоступен или некорректен, " +"пользователю будет отказано в доступе." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>use_authtok</option>" +msgstr "<option>use_authtok</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" +"Если этот параметр задан, при смене пароля модуль установит в качестве " +"нового пароля тот пароль, который предоставлен ранее добавленным в стек " +"модулем обработки паролей." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:113 +msgid "<option>retry=N</option>" +msgstr "<option>retry=N</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:116 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" +"Если этот параметр задан, в случае неудачной проверки подлинности у " +"пользователя будет N раз запрашиваться пароль. Значение по умолчанию — 0." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:118 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" +"Обратите внимание, что этот параметр может не работать ожидаемым образом, " +"если приложение, которое вызывает PAM, самостоятельно обрабатывает диалог с " +"пользователем. Типичный пример: <command>sshd</command> с " +"<option>PasswordAuthentication</option>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_unknown_user</option>" +msgstr "<option>ignore_unknown_user</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:130 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" +"Если этот параметр указан и пользователь не существует, модуль PAM вернёт " +"PAM_IGNORE. В результате платформа PAM игнорирует этот модуль." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:137 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "<option>ignore_authinfo_unavail</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:141 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" +"Позволяет указать, что модуль PAM должен вернуть PAM_IGNORE, если ему не " +"удаётся связаться с сервисом SSSD. В результате платформа PAM игнорирует " +"этот модуль." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:148 +msgid "<option>domains</option>" +msgstr "<option>domains</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:152 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" +"Позволяет администратору ограничить перечень доменов, в которых может " +"проходить проверку подлинности определённая служба PAM. Формат: разделённый " +"запятыми список имён доменов SSSD, в том виде, в котором они указаны в файле " +"sssd.conf." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:158 +msgid "" +"NOTE: If this is used for a service not running as root user, e.g. a web-" +"server, it must be used in conjunction with the <quote>pam_trusted_users</" +"quote> and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" +"ПРИМЕЧАНИЕ: при использовании для службы, которая запущена не от имени " +"пользователя root (например, для веб-сервера), этот параметр необходимо " +"использовать совместно с параметрами <quote>pam_trusted_users</quote> и " +"<quote>pam_public_domains</quote>. Дополнительные сведения об этих двух " +"параметрах ответчика PAM доступны на справочной странице <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:173 +msgid "<option>allow_missing_name</option>" +msgstr "<option>allow_missing_name</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:177 +msgid "" +"The main purpose of this option is to let SSSD determine the user name based " +"on additional information, e.g. the certificate from a Smartcard." +msgstr "" +"Основная задача этого параметра — разрешить SSSD определять имя пользователя " +"на основе дополнительной информации (например, сертификата со смарт-карты)." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: pam_sss.8.xml:187 +#, no-wrap +msgid "" +"auth sufficient pam_sss.so allow_missing_name\n" +" " +msgstr "" +"auth sufficient pam_sss.so allow_missing_name\n" +" " + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:182 +msgid "" +"The current use case are login managers which can monitor a Smartcard reader " +"for card events. In case a Smartcard is inserted the login manager will call " +"a PAM stack which includes a line like <placeholder type=\"programlisting\" " +"id=\"0\"/> In this case SSSD will try to determine the user name based on " +"the content of the Smartcard, returns it to pam_sss which will finally put " +"it on the PAM stack." +msgstr "" +"В настоящее время используется диспетчерами входа, которые могут отслеживать " +"события карты на устройстве чтения смарт-карт. При вставке смарт-карты " +"диспетчер входа вызовет стек PAM, который включает строку наподобие " +"<placeholder type=\"programlisting\" id=\"0\"/> В этом случае SSSD " +"попытается определить имя пользователя на основе содержимого смарт-карты, " +"потом вернёт его pam_sss, который затем поместит его в стек PAM." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:197 +msgid "<option>prompt_always</option>" +msgstr "<option>prompt_always</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:201 +msgid "" +"Always prompt the user for credentials. With this option credentials " +"requested by other PAM modules, typically a password, will be ignored and " +"pam_sss will prompt for credentials again. Based on the pre-auth reply by " +"SSSD pam_sss might prompt for a password, a Smartcard PIN or other " +"credentials." +msgstr "" +"Всегда запрашивать учётные данные у пользователя. Если этот параметр " +"включён, учётные данные, запрошенные другими модулями PAM (обычно это " +"пароль), будут игнорироваться и pam_sss будет запрашивать учётные данные " +"снова. В зависимости от ответа предварительной проверки подлинности, " +"полученного от SSSD, pam_sss может запросить пароль, PIN-код смарт-карты или " +"другие учётные данные." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:212 +msgid "<option>try_cert_auth</option>" +msgstr "<option>try_cert_auth</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:216 +msgid "" +"Try to use certificate based authentication, i.e. authentication with a " +"Smartcard or similar devices. If a Smartcard is available and the service is " +"allowed for Smartcard authentication the user will be prompted for a PIN and " +"the certificate based authentication will continue" +msgstr "" +"Пытаться применить проверку подлинности на основе сертификата, то есть " +"проверку подлинности с помощью смарт-карты или аналогичных устройств. Если " +"смарт-карта доступна и для службы разрешена проверка подлинности по смарт-" +"карте, у пользователя будет запрошен PIN-код, после чего проверка " +"подлинности на основе сертификата будет продолжена" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:224 +msgid "" +"If no Smartcard is available or certificate based authentication is not " +"allowed for the current service PAM_AUTHINFO_UNAVAIL is returned." +msgstr "" +"Если смарт-карта недоступна или для текущей службы не разрешена проверка " +"подлинности на основе сертификата, возвращается PAM_AUTHINFO_UNAVAIL." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:232 +msgid "<option>require_cert_auth</option>" +msgstr "<option>require_cert_auth</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:236 +msgid "" +"Do certificate based authentication, i.e. authentication with a Smartcard " +"or similar devices. If a Smartcard is not available the user will be " +"prompted to insert one. SSSD will wait for a Smartcard until the timeout " +"defined by p11_wait_for_card_timeout passed, please see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" +"Выполнять проверку подлинности на основе сертификата, то есть проверку " +"подлинности с помощью смарт-карты или аналогичных устройств. Если смарт-" +"карта недоступна, пользователю будет предложено вставить её. SSSD будет " +"ожидать вставки смарт-карты до истечения тайм-аута, определённого параметром " +"p11_wait_for_card_timeout, подробные сведения доступны на справочной " +"странице <citerefentry><refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:246 +msgid "" +"If no Smartcard is available after the timeout or certificate based " +"authentication is not allowed for the current service PAM_AUTHINFO_UNAVAIL " +"is returned." +msgstr "" +"Если смарт-карта недоступна по истечении тайм-аута или для текущей службы не " +"разрешена проверка подлинности на основе сертификата, возвращается " +"PAM_AUTHINFO_UNAVAIL." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:256 pam_sss_gss.8.xml:103 +msgid "MODULE TYPES PROVIDED" +msgstr "ПРЕДОСТАВЛЯЕМЫЕ ТИПЫ МОДУЛЕЙ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:257 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" +"Предоставляются все типы модулей (<option>account</option>, <option>auth</" +"option>, <option>password</option> и <option>session</option>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:260 +msgid "" +"If SSSD's PAM responder is not running, e.g. if the PAM responder socket is " +"not available, pam_sss will return PAM_USER_UNKNOWN when called as " +"<option>account</option> module to avoid issues with users from other " +"sources during access control." +msgstr "" +"Если ответчик PAM SSSD не запущен (например, когда недоступен сокет " +"ответчика PAM), pam_sss вернёт PAM_USER_UNKNOWN при вызове в качестве модуля " +"<option>account</option>, чтобы избежать проблем с пользователями из других " +"источников во время управления доступом." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:267 pam_sss_gss.8.xml:108 +msgid "RETURN VALUES" +msgstr "ВОЗВРАЩАЕМЫЕ ЗНАЧЕНИЯ" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:270 pam_sss_gss.8.xml:111 +msgid "PAM_SUCCESS" +msgstr "PAM_SUCCESS" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:273 pam_sss_gss.8.xml:114 +msgid "The PAM operation finished successfully." +msgstr "Операция PAM успешно завершена." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:278 pam_sss_gss.8.xml:119 +msgid "PAM_USER_UNKNOWN" +msgstr "PAM_USER_UNKNOWN" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:281 +msgid "" +"The user is not known to the authentication service or the SSSD's PAM " +"responder is not running." +msgstr "" +"Пользователь неизвестен службе проверки подлинности или не запущен ответчик " +"PAM SSSD." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:287 pam_sss_gss.8.xml:128 +msgid "PAM_AUTH_ERR" +msgstr "PAM_AUTH_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:290 +msgid "" +"Authentication failure. Also, could be returned when there is a problem with " +"getting the certificate." +msgstr "" +"Сбой при проверке подлинности. Кроме того, может быть возвращено в случае " +"проблемы с получением сертификата." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:296 +msgid "PAM_PERM_DENIED" +msgstr "PAM_PERM_DENIED" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:299 +msgid "" +"Permission denied. The SSSD log files may contain additional information " +"about the error." +msgstr "" +"Доступ запрещён. В журнале SSSD могут быть дополнительные сведения об этой " +"ошибке." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:305 +msgid "PAM_IGNORE" +msgstr "PAM_IGNORE" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:308 +msgid "" +"See options <option>ignore_unknown_user</option> and " +"<option>ignore_authinfo_unavail</option>." +msgstr "" +"Смотрите описание параметров <option>ignore_unknown_user</option> и " +"<option>ignore_authinfo_unavail</option>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:314 +msgid "PAM_AUTHTOK_ERR" +msgstr "PAM_AUTHTOK_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:317 +msgid "" +"Unable to obtain the new authentication token. Also, could be returned when " +"the user authenticates with certificates and multiple certificates are " +"available, but the installed version of GDM does not support selection from " +"multiple certificates." +msgstr "" +"Не удалось получить новый маркер проверки подлинности. Кроме того, может " +"быть возвращено, когда пользователь проходит проверку подлинности с помощью " +"сертификатов и доступно несколько сертификатов, но установленная версия GDM " +"не поддерживает выбор из нескольких сертификатов." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:325 pam_sss_gss.8.xml:136 +msgid "PAM_AUTHINFO_UNAVAIL" +msgstr "PAM_AUTHINFO_UNAVAIL" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:328 pam_sss_gss.8.xml:139 +msgid "" +"Unable to access the authentication information. This might be due to a " +"network or hardware failure." +msgstr "" +"Не удалось получить доступ к данным проверки подлинности. Это может быть " +"связано со сбоем сети или оборудования." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:334 +msgid "PAM_BUF_ERR" +msgstr "PAM_BUF_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:337 +msgid "" +"A memory error occurred. Also, could be returned when options use_first_pass " +"or use_authtok were set, but no password was found from the previously " +"stacked PAM module." +msgstr "" +"Произошла ошибка памяти. Кроме того, может быть возвращено в том случае, " +"если заданы параметры use_first_pass или use_authtok, но не был найден " +"пароль, предоставленный ранее добавленным в стек модулем PAM." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:344 pam_sss_gss.8.xml:145 +msgid "PAM_SYSTEM_ERR" +msgstr "PAM_SYSTEM_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:347 pam_sss_gss.8.xml:148 +msgid "" +"A system error occurred. The SSSD log files may contain additional " +"information about the error." +msgstr "" +"Произошла системная ошибка. В журнале SSSD могут быть дополнительные " +"сведения об этой ошибке." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:353 +msgid "PAM_CRED_ERR" +msgstr "PAM_CRED_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:356 +msgid "Unable to set the credentials of the user." +msgstr "Не удалось задать учётные данные пользователя." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:361 +msgid "PAM_CRED_INSUFFICIENT" +msgstr "PAM_CRED_INSUFFICIENT" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:364 +msgid "" +"The application does not have sufficient credentials to authenticate the " +"user. For example, missing PIN during smartcard authentication or missing " +"factor during two-factor authentication." +msgstr "" +"Приложение не располагает учётными данными, достаточными для проверки " +"подлинности пользователя. Например, отсутствует PIN-код при проверке " +"подлинности по смарт-карте или отсутствует фактор при двухфакторной проверке " +"подлинности." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:372 +msgid "PAM_SERVICE_ERR" +msgstr "PAM_SERVICE_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:375 +msgid "Error in service module." +msgstr "Ошибка в модуле службы." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:380 +msgid "PAM_NEW_AUTHTOK_REQD" +msgstr "PAM_NEW_AUTHTOK_REQD" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:383 +msgid "The user's authentication token has expired." +msgstr "Срок действия маркера проверки подлинности пользователя истёк." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:388 +msgid "PAM_ACCT_EXPIRED" +msgstr "PAM_ACCT_EXPIRED" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:391 +msgid "The user account has expired." +msgstr "Срок действия учётной записи пользователя истёк." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:396 +msgid "PAM_SESSION_ERR" +msgstr "PAM_SESSION_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:399 +msgid "Unable to fetch IPA Desktop Profile rules or user info." +msgstr "" +"Не удалось получить правила профилей рабочего стола IPA или информацию о " +"пользователе." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:404 +msgid "PAM_CRED_UNAVAIL" +msgstr "PAM_CRED_UNAVAIL" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:407 +msgid "Unable to retrieve Kerberos user credentials." +msgstr "Не удалось получить учётные данные пользователя Kerberos." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:412 +msgid "PAM_NO_MODULE_DATA" +msgstr "PAM_NO_MODULE_DATA" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:415 +msgid "" +"No authentication method was found by Kerberos. This might happen if the " +"user has a Smartcard assigned but the pkint plugin is not available on the " +"client." +msgstr "" +"Kerberos не был найден способ проверки подлинности. Это могло произойти, " +"если для записи пользователя назначена смарт-карта, но на клиенте недоступен " +"модуль pkint." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:422 +msgid "PAM_CONV_ERR" +msgstr "PAM_CONV_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:425 +msgid "Conversation failure." +msgstr "Сбой обмена данными." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:430 +msgid "PAM_AUTHTOK_LOCK_BUSY" +msgstr "PAM_AUTHTOK_LOCK_BUSY" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:433 +msgid "No KDC suitable for password change is available." +msgstr "Нет доступных KDC, которые подходят для смены пароля." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:438 +msgid "PAM_ABORT" +msgstr "PAM_ABORT" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:441 +msgid "Unknown PAM call." +msgstr "Неизвестный вызов PAM." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:446 +msgid "PAM_MODULE_UNKNOWN" +msgstr "PAM_MODULE_UNKNOWN" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:449 +msgid "Unsupported PAM task or command." +msgstr "Неподдерживаемое задание или команда PAM." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:454 +msgid "PAM_BAD_ITEM" +msgstr "PAM_BAD_ITEM" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:457 +msgid "The authentication module cannot handle Smartcard credentials." +msgstr "" +"Модулю проверки подлинности не удалось обработать учётные данные со смарт-" +"карты." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:465 +msgid "FILES" +msgstr "ФАЙЛЫ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:466 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" +"Когда не удаётся выполнить сброс пароля от имени пользователя root из-за " +"того, что соответствующий поставщик SSSD не поддерживает сброс пароля, может " +"быть показано отдельное сообщение. Это сообщение может, например, содержать " +"инструкции по сбросу пароля." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:471 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" +"Это сообщение читается из файла <filename>pam_sss_pw_reset_message.LOC</" +"filename>, где LOC обозначает строку локали, возвращённую <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. Если такого файла нет, отображается содержимое " +"<filename>pam_sss_pw_reset_message.txt</filename>. Владельцем файлов должен " +"быть пользователь root, при этом права на чтение и запись могут быть только " +"у пользователя root, а у всех остальных пользователей должны быть права " +"только на чтение." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:481 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" +"Поиск этих файлов выполняется в каталоге <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. Если соответствующего файла нет, будет показано " +"общее сообщение." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss_gss.8.xml:11 pam_sss_gss.8.xml:16 +msgid "pam_sss_gss" +msgstr "pam_sss_gss" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss_gss.8.xml:17 +msgid "PAM module for SSSD GSSAPI authentication" +msgstr "Модуль PAM для проверки подлинности с помощью GSSAPI в SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss_gss.8.xml:22 +msgid "" +"<command>pam_sss_gss.so</command> <arg choice='opt'> <replaceable>debug</" +"replaceable> </arg>" +msgstr "" +"<command>pam_sss_gss.so</command> <arg choice='opt'> <replaceable>debug</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:32 +msgid "" +"<command>pam_sss_gss.so</command> authenticates user over GSSAPI in " +"cooperation with SSSD." +msgstr "" +"<command>pam_sss_gss.so</command> выполняет проверку подлинности " +"пользователя с помощью GSSAPI совместно с SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:36 +msgid "" +"This module will try to authenticate the user using the GSSAPI hostbased " +"service name host@hostname which translates to host/hostname@REALM Kerberos " +"principal. The <emphasis>REALM</emphasis> part of the Kerberos principal " +"name is derived by Kerberos internal mechanisms and it can be set explicitly " +"in configuration of [domain_realm] section in /etc/krb5.conf." +msgstr "" +"Этот модуль пытается проверить подлинность пользователя с помощью имени " +"серверной службы GSSAPI host@hostname, при разрешении которого получается " +"участник Kerberos host/hostname@REALM. Часть <emphasis>REALM</emphasis> " +"имени участника Kerberos определяется с помощью внутренних механизмов " +"Kerberos. Её можно указать в явном виде в конфигурации раздела " +"[domain_realm] в /etc/krb5.conf." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:44 +msgid "" +"SSSD is used to provide desired service name and to validate the user's " +"credentials using GSSAPI calls. If the service ticket is already present in " +"the Kerberos credentials cache or if user's ticket granting ticket can be " +"used to get the correct service ticket then the user will be authenticated." +msgstr "" +"SSSD используется для предоставления имени нужной службы и проверки учётных " +"данных пользователя с помощью вызовов GSSAPI. Если билет службы уже " +"присутствует в кэше учётных данных Kerberos или если билет пользователя на " +"получение билетов может быть использован для получения билета " +"соответствующей службы, проверка подлинности пользователя будет выполнена." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:51 +msgid "" +"If <option>pam_gssapi_check_upn</option> is True (default) then SSSD " +"requires that the credentials used to obtain the service tickets can be " +"associated with the user. This means that the principal that owns the " +"Kerberos credentials must match with the user principal name as defined in " +"LDAP." +msgstr "" +"Если параметр <option>pam_gssapi_check_upn</option> установлен в значение " +"«True» (по умолчанию), SSSD будет требоваться возможность сопоставления " +"пользователю тех учётных данных, которые были использованы для получения " +"билетов службы. Это означает, что участник, который является владельцем " +"учётных данных Kerberos, должен соответствовать имени участника-" +"пользователя, определённому в LDAP." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:58 +msgid "" +"To enable GSSAPI authentication in SSSD, set <option>pam_gssapi_services</" +"option> option in [pam] or domain section of sssd.conf. The service " +"credentials need to be stored in SSSD's keytab (it is already present if you " +"use ipa or ad provider). The keytab location can be set with " +"<option>krb5_keytab</option> option. See <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> and " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more details on these options." +msgstr "" +"Чтобы включить в SSSD проверку подлинности с помощью GSSAPI, задайте " +"параметр <option>pam_gssapi_services</option> в разделе [pam] или домена " +"sssd.conf. Учётные данные службы должны храниться в таблице ключей SSSD (она " +"уже присутствует, если используется поставщик данных IPA или AD). " +"Расположение таблицы ключей можно указать с помощью параметра " +"<option>krb5_keytab</option>. Подробные сведения об этих параметрах доступны " +"на справочных страницах <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> и <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:74 +msgid "" +"Some Kerberos deployments allow to associate authentication indicators with " +"a particular pre-authentication method used to obtain the ticket granting " +"ticket by the user. <command>pam_sss_gss.so</command> allows to enforce " +"presence of authentication indicators in the service tickets before a " +"particular PAM service can be accessed." +msgstr "" +"Некоторых развёрнутые системы Kerberos позволяют связывать индикаторы " +"проверки подлинности с определённым способом предварительной проверки " +"подлинности, используемым для получения пользователем билета на получение " +"билетов. <command>pam_sss_gss.so</command> позволяет принудительно " +"установить обязательность наличия индикаторов проверки подлинности в билетах " +"службы для получения возможности доступа к определённой службе PAM." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:82 +msgid "" +"If <option>pam_gssapi_indicators_map</option> is set in the [pam] or domain " +"section of sssd.conf, then SSSD will perform a check of the presence of any " +"configured indicators in the service ticket." +msgstr "" +"Если параметр <option>pam_gssapi_indicators_map</option> задан в разделе " +"[pam] или домена sssd.conf, SSSD будет проверять билет службы на наличие " +"настроенных индикаторов." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss_gss.8.xml:93 +msgid "<option>debug</option>" +msgstr "<option>debug</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:96 +msgid "Print debugging information." +msgstr "Вывести данные отладки." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:104 +msgid "Only the <option>auth</option> module type is provided." +msgstr "Предоставляется только модуль типа <option>auth</option>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:122 +msgid "" +"The user is not known to the authentication service or the GSSAPI " +"authentication is not supported." +msgstr "" +"Пользователь неизвестен службе проверки подлинности или не поддерживается " +"проверка подлинности с помощью GSSAPI." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:131 +msgid "Authentication failure." +msgstr "Сбой при проверке подлинности." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:159 +msgid "" +"The main use case is to provide password-less authentication in sudo but " +"without the need to disable authentication completely. To achieve this, " +"first enable GSSAPI authentication for sudo in sssd.conf:" +msgstr "" +"Основной вариант использования — обеспечить проверку подлинности без пароля " +"в sudo, но без необходимости отключать проверку подлинности полностью. Для " +"достижения такого результата следует сначала включить проверку подлинности с " +"помощью GSSAPI для sudo в sssd.conf:" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:165 +#, no-wrap +msgid "" +"[domain/MYDOMAIN]\n" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" +"[domain/MYDOMAIN]\n" +"pam_gssapi_services = sudo, sudo-i\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:169 +msgid "" +"And then enable the module in desired PAM stack (e.g. /etc/pam.d/sudo and /" +"etc/pam.d/sudo-i)." +msgstr "" +"А затем следует включить модуль в нужном стеке PAM (например, /etc/pam.d/" +"sudo и /etc/pam.d/sudo-i)." + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:173 +#, no-wrap +msgid "" +"...\n" +"auth sufficient pam_sss_gss.so\n" +"...\n" +" " +msgstr "" +"...\n" +"auth sufficient pam_sss_gss.so\n" +"...\n" +" " + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss_gss.8.xml:180 +msgid "TROUBLESHOOTING" +msgstr "УСТРАНЕНИЕ НЕПОЛАДОК" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:182 +msgid "" +"SSSD logs, pam_sss_gss debug output and syslog may contain helpful " +"information about the error. Here are some common issues:" +msgstr "" +"Журнал SSSD, отладочный вывод pam_sss_gss и системный журнал могут содержать " +"полезные сведения об ошибке. Вот некоторые распространённые проблемы:" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:186 +msgid "" +"1. I have KRB5CCNAME environment variable set and the authentication does " +"not work: Depending on your sudo version, it is possible that sudo does not " +"pass this variable to the PAM environment. Try adding KRB5CCNAME to " +"<option>env_keep</option> in /etc/sudoers or in your LDAP sudo rules default " +"options." +msgstr "" +"1. Переменная среды KRB5CCNAME задана, и проверка подлинности не работает: в " +"зависимости от используемой версии sudo, возможно, что sudo не передаёт эту " +"переменную среде PAM. Попробуйте добавить KRB5CCNAME в раздел " +"<option>env_keep</option> в /etc/sudoers или в стандартные параметры правил " +"sudo для LDAP." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:193 +msgid "" +"2. Authentication does not work and syslog contains \"Server not found in " +"Kerberos database\": Kerberos is probably not able to resolve correct realm " +"for the service ticket based on the hostname. Try adding the hostname " +"directly to <option>[domain_realm]</option> in /etc/krb5.conf like so:" +msgstr "" +"2. Проверка подлинности не работает, и в системном журнале есть запись " +"«Server not found in Kerberos database»: вероятно, Kerberos не удалось " +"определить корректную область для билета службы на основе имени узла. " +"Попробуйте добавить имя узла непосредственно в раздел " +"<option>[domain_realm]</option> в /etc/krb5.conf следующим образом:" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:200 +msgid "" +"3. Authentication does not work and syslog contains \"No Kerberos " +"credentials available\": You don't have any credentials that can be used to " +"obtain the required service ticket. Use kinit or authenticate over SSSD to " +"acquire those credentials." +msgstr "" +"3. Проверка подлинности не работает, и в системном журнале есть запись «No " +"Kerberos credentials available»: отсутствуют учётные данные, которые можно " +"было бы использовать для получения необходимого билета службы. Используйте " +"kinit или пройдите проверку подлинности с помощью SSSD для получения этих " +"учётных данных." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:206 +msgid "" +"4. Authentication does not work and SSSD sssd-pam log contains \"User with " +"UPN [$UPN] was not found.\" or \"UPN [$UPN] does not match target user " +"[$username].\": You are using credentials that can not be mapped to the user " +"that is being authenticated. Try to use kswitch to select different " +"principal, make sure you authenticated with SSSD or consider disabling " +"<option>pam_gssapi_check_upn</option>." +msgstr "" +"4. Проверка подлинности не работает, и в журнале sssd-pam SSSD есть запись " +"«User with UPN [$UPN] was not found.» или «UPN [$UPN] does not match target " +"user [$username].»: используются учётные данные, которые нельзя сопоставить " +"тому пользователю, проверка подлинности которого проводится. Попробуйте " +"использовать kswitch для выбора другого участника, убедитесь, что проверка " +"подлинности с помощью SSSD пройдена, или отключите " +"<option>pam_gssapi_check_upn</option>." + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:214 +#, no-wrap +msgid "" +"[domain_realm]\n" +".myhostname = MYREALM\n" +" " +msgstr "" +"[domain_realm]\n" +".myhostname = MYREALM\n" +" " + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "sssd_krb5_locator_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "Модуль локатора Kerberos" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by libkrb5 to find KDCs for a given Kerberos realm. SSSD provides such " +"a plugin to guide all Kerberos clients on a system to a single KDC. In " +"general it should not matter to which KDC a client process is talking to. " +"But there are cases, e.g. after a password change, where not all KDCs are in " +"the same state because the new data has to be replicated first. To avoid " +"unexpected authentication failures and maybe even account lockings it would " +"be good to talk to a single KDC as long as possible." +msgstr "" +"Модуль локатора Kerberos <command>sssd_krb5_locator_plugin</command> " +"используется libkrb5 для поиска KDC для указанной области Kerberos. SSSD " +"предоставляет этот модуль для направления всех клиентов Kerberos в системе в " +"один KDC. В целом, не имеет значения, с каким KDC обменивается данными " +"клиентский процесс. Но в некоторых случаях (например, после смены пароля) не " +"все KDC находятся в одинаковом состоянии, поскольку для этого сначала " +"необходимо выполнить репликацию новых данных. Чтобы избежать неожиданных " +"сбоев проверки подлинности и, возможно, даже блокировки учётных записей, " +"следует как можно дольше выполнять обмен данными с одним KDC." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:34 +msgid "" +"libkrb5 will search the locator plugin in the libkrb5 sub-directory of the " +"Kerberos plugin directory, see plugin_base_dir in <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for details. The plugin can only be disabled by removing the " +"plugin file. There is no option in the Kerberos configuration to disable it. " +"But the SSSD_KRB5_LOCATOR_DISABLE environment variable can be used to " +"disable the plugin for individual commands. Alternatively the SSSD option " +"krb5_use_kdcinfo=False can be used to not generate the data needed by the " +"plugin. With this the plugin is still called but will provide no data to the " +"caller so that libkrb5 can fall back to other methods defined in krb5.conf." +msgstr "" +"libkrb5 выполнит поиск модуля локатора в подкаталоге libkrb5 каталога " +"модулей Kerberos (см. plugin_base_dir в <citerefentry> <refentrytitle>krb5." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>). Модуль можно " +"отключить, только удалив соответствующий файл модуля. В конфигурации " +"Kerberos не предусмотрен параметр для его отключения. Но для отдельных " +"команд модуль можно отключить с помощью переменной среды " +"SSSD_KRB5_LOCATOR_DISABLE. Либо можно использовать параметр SSSD " +"krb5_use_kdcinfo=False, чтобы не создавать данные, которые требуются для " +"работы модуля. В этом случае модуль по-прежнему будет вызываться, но не " +"предоставит данные вызывающей стороне, поэтому libkrb5 перейдёт к " +"использованию других методов, определённых в krb5.conf." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:50 +msgid "" +"The plugin reads the information about the KDCs of a given realm from a file " +"called <filename>kdcinfo.REALM</filename>. The file should contain one or " +"more DNS names or IP addresses either in dotted-decimal IPv4 notation or the " +"hexadecimal IPv6 notation. An optional port number can be added to the end " +"separated with a colon, the IPv6 address has to be enclosed in squared " +"brackets in this case as usual. Valid entries are:" +msgstr "" +"Модуль выполняет чтение информации о KDC указанной области из файла " +"<filename>kdcinfo.REALM</filename>. Этот файл должен содержать одно или " +"несколько DNS-имён или IP-адресов (либо в десятичной записи IPv4, либо в " +"шестнадцатеричной записи IPv6). В конце можно (необязательно) добавить номер " +"порта, отделив его двоеточием; в этом случае адрес IPv6 необходимо, как и " +"обычно, заключить в квадратные скобки. Корректные записи:" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:58 +msgid "kdc.example.com" +msgstr "kdc.example.com" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:59 +msgid "kdc.example.com:321" +msgstr "kdc.example.com:321" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:60 +msgid "1.2.3.4" +msgstr "1.2.3.4" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:61 +msgid "5.6.7.8:99" +msgstr "5.6.7.8:99" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:62 +msgid "2001:db8:85a3::8a2e:370:7334" +msgstr "2001:db8:85a3::8a2e:370:7334" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "[2001:db8:85a3::8a2e:370:7334]:321" +msgstr "[2001:db8:85a3::8a2e:370:7334]:321" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:65 +msgid "" +"SSSD's krb5 auth-provider which is used by the IPA and AD providers as well " +"adds the address of the current KDC or domain controller SSSD is using to " +"this file." +msgstr "" +"Поставщик данных проверки подлинности krb5 SSSD, который также используется " +"поставщиками данных IPA и AD, добавляет в этот файл адрес текущего KDC или " +"контроллера домена, который используется SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:70 +msgid "" +"In environments with read-only and read-write KDCs where clients are " +"expected to use the read-only instances for the general operations and only " +"the read-write KDC for config changes like password changes a " +"<filename>kpasswdinfo.REALM</filename> is used as well to identify read-" +"write KDCs. If this file exists for the given realm the content will be used " +"by the plugin to reply to requests for a kpasswd or kadmin server or for the " +"MIT Kerberos specific master KDC. If the address contains a port number the " +"default KDC port 88 will be used for the latter." +msgstr "" +"В средах с доступными только для чтения и доступными для чтения и записи " +"KDC, где, как ожидается, клиенты будут использовать для общих операций " +"экземпляры, доступные только для чтения, а для изменений конфигурации, таких " +"как смена пароля, — только KDC, доступные для чтения и записи, также " +"используется файл <filename>kpasswdinfo.REALM</filename> для идентификации " +"доступных для чтения и записи KDC. Если этот файл существует для указанной " +"области, его содержимое будет использовано модулем для ответа на запросы по " +"серверу kpasswd или kadmin или определённому основному KDC MIT Kerberos. " +"Если адрес содержит номер порта, для последнего будет использоваться " +"стандартный порт KDC 88." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:85 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" +"Не все реализации Kerberos поддерживают использование модулей. Если в " +"системе нет <command>sssd_krb5_locator_plugin</command>, необходимо " +"отредактировать файл /etc/krb5.conf в соответствии с используемой версией " +"Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:91 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" +"Если переменная среды SSSD_KRB5_LOCATOR_DEBUG установлена в какое-либо " +"значение, сообщения отладки будут отправляться в stderr." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:95 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value " +"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the " +"caller." +msgstr "" +"Если переменная среды SSSD_KRB5_LOCATOR_DISABLE установлена в какое-либо " +"значение, модуль отключён и просто вернёт вызывающей стороне " +"KRB5_PLUGIN_NO_HANDLE." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:100 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES is set to " +"any value plugin will try to resolve all DNS names in kdcinfo file. By " +"default plugin returns KRB5_PLUGIN_NO_HANDLE to the caller immediately on " +"first DNS resolving failure." +msgstr "" +"Если переменная среды SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES установлена в " +"какое-либо значение, модуль будет пытаться разрешить все DNS-имена в файле " +"kdcinfo. По умолчанию модуль возвращает вызывающей стороне " +"KRB5_PLUGIN_NO_HANDLE сразу после первой неудачи при разрешении DNS." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "sssd-simple" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "файл конфигурации для «простого» поставщика управления доступом SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" +"На этой справочной странице представлено описание настройки простого " +"поставщика управления доступом для <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. Подробные сведения " +"о синтаксисе доступны в разделе <quote>ФОРМАТ ФАЙЛА</quote> справочной " +"страницы <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" +"Простой поставщик доступа предоставляет или запрещает доступ на основании " +"разрешающего или запрещающего списка имён пользователей или групп. " +"Применяются следующие правила:" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "Если все списки пусты, доступ предоставляется" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" +"Если предоставлен какой-либо список, используется порядок вычисления «allow," +"deny». Это означает, что любое соответствующее заданным условиям правило " +"запрета будет превалировать над любым соответствующим заданным условиям " +"правилом допуска." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" +"Если предоставлен один из или оба списка «allow», всем пользователям будет " +"предоставлен доступ только в том случае, если они присутствуют в списке." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" +"Если предоставлены только списки «deny», всем пользователям будет " +"предоставлен доступ только в том случае, если они отсутствуют в списке." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "simple_allow_users (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "Разделённый запятыми список пользователей, которым разрешён вход." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "simple_deny_users (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "Разделённый запятыми список пользователей, которым явно запрещён вход." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "simple_allow_groups (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" +"Разделённый запятыми список групп, пользователям которых разрешён вход. " +"Применимо только к группам внутри этого домена SSSD. Локальные группы не " +"обрабатываются." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "simple_deny_groups (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" +"Разделённый запятыми список групп, пользователям которых явно запрещён " +"доступ. Применимо только к группам внутри этого домена SSSD. Локальные " +"группы не обрабатываются." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:83 sssd-ad.5.xml:131 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Сведения о конфигурации домена SSSD доступны в разделе <quote>РАЗДЕЛЫ " +"ДОМЕНА</quote> справочной страницы <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" +"Если не указывать никаких значений для какого-либо из списков, считается, " +"что параметр не определён. Помните об этом при создании параметров простого " +"поставщика с помощью автоматизированных сценариев." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" +"Обратите внимание, что определение сразу и simple_allow_users, и " +"simple_deny_users является ошибкой конфигурации." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" +"В следующем примере предполагается, что конфигурация SSSD корректна и что " +"example.com — один из доменов в разделе <replaceable>[sssd]</replaceable>. В " +"примере показаны только параметры, специфичные для простого поставщика " +"доступа." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" +"Перед проверкой прав доступа разрешается вся иерархия участия в группах, " +"следовательно, в списки доступа могут быть включены даже вложенные группы. " +"Обратите внимание, что параметр <quote>ldap_group_nesting_level</quote> " +"может повлиять на результаты, поэтому следует установить для него " +"достаточное значение. См. <citerefentry> <refentrytitle>sssd-ldap</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss-certmap.5.xml:10 sss-certmap.5.xml:16 +msgid "sss-certmap" +msgstr "sss-certmap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss-certmap.5.xml:17 +msgid "SSSD Certificate Matching and Mapping Rules" +msgstr "Правила установления соответствия и сопоставления сертификатов SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:23 +msgid "" +"The manual page describes the rules which can be used by SSSD and other " +"components to match X.509 certificates and map them to accounts." +msgstr "" +"На этой справочной странице приводится описание правил, которые могут " +"использоваться SSSD и другими компонентами для установления соответствия " +"сертификатов X.509 и их сопоставления с учётными записями." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:28 +msgid "" +"Each rule has four components, a <quote>priority</quote>, a <quote>matching " +"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</" +"quote>. All components are optional. A missing <quote>priority</quote> will " +"add the rule with the lowest priority. The default <quote>matching rule</" +"quote> will match certificates with the digitalSignature key usage and " +"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty " +"the certificates will be searched in the userCertificate attribute as DER " +"encoded binary. If no domains are given only the local domain will be " +"searched." +msgstr "" +"Каждое правило содержит четыре компонента, <quote>приоритет</quote>, " +"<quote>правило установления соответствия</quote>, <quote>правило " +"сопоставления</quote> и <quote>список доменов</quote>. Все компоненты " +"являются необязательными. Если отсутствует <quote>приоритет</quote>, будет " +"добавлено правило с самым низким приоритетом. Стандартное <quote>правило " +"установления соответствия</quote> устанавливает соответствие сертификатов с " +"использованием ключа digitalSignature и расширенным использованием ключа " +"clientAuth. Если <quote>правило сопоставления</quote> не указано, в атрибуте " +"userCertificate будет выполняться поиск сертификатов как двоичных файлов в " +"кодировке DER. Если не указаны домены, поиск будет выполняться только в " +"локальном домене." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:39 +msgid "" +"To allow extensions or completely different style of rule the " +"<quote>mapping</quote> and <quote>matching rules</quote> can contain a " +"prefix separated with a ':' from the main part of the rule. The prefix may " +"only contain upper-case ASCII letters and numbers. If the prefix is omitted " +"the default type will be used which is 'KRB5' for the matching rules and " +"'LDAP' for the mapping rules." +msgstr "" +"Чтобы разрешить расширения или совершенно другой стиль правила, " +"<quote>сопоставления</quote> и <quote>правила соответствия</quote> могут " +"содержать префикс, отделенный символом «:» от основной части правила. " +"Префикс может содержать только ASCII-буквы верхнего регистра и цифры. Если " +"префикс опущен, будет использоваться тип по умолчанию: «KRB5» для правил " +"соответствия и «LDAP» для правил сопоставления." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:48 +msgid "" +"The 'sssctl' utility provides the 'cert-eval-rule' command to check if a " +"given certificate matches a matching rules and how the output of a mapping " +"rule would look like." +msgstr "" +"Утилита 'sssctl' предоставляет команду 'cert-eval-rule', предназначенную для " +"проверки, соответствует ли указанный сертификат правилам соответствия, и " +"определяет, как будет выглядеть вывод правила сопоставления." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss-certmap.5.xml:55 +msgid "RULE COMPONENTS" +msgstr "КОМПОНЕНТЫ ПРАВИЛА" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:57 +msgid "PRIORITY" +msgstr "ПРИОРИТЕТ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:59 +msgid "" +"The rules are processed by priority while the number '0' (zero) indicates " +"the highest priority. The higher the number the lower is the priority. A " +"missing value indicates the lowest priority. The rules processing is stopped " +"when a matched rule is found and no further rules are checked." +msgstr "" +"Правила обрабатываются в порядке приоритета. Ноль «0» означает наивысший " +"приоритет. Чем больше число, тем выше приоритет. Отсутствие значения " +"означает самый низкий приоритет. Обработка правил останавливается при " +"обнаружении соответствующего условиям правила, и никакие другие правила уже " +"не проверяются." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:66 +msgid "" +"Internally the priority is treated as unsigned 32bit integer, using a " +"priority value larger than 4294967295 will cause an error." +msgstr "" +"На внутреннем уровне приоритет обрабатывается как беззнаковое 32-битное " +"целое. Использование значения приоритета, превышающего 4294967295, приведёт " +"к ошибке." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:70 +msgid "" +"If multiple rules have the same priority and only one of the related " +"matching rules applies, this rule will be chosen. If there are multiple " +"rules with the same priority which matches, one is chosen but which one is " +"undefined. To avoid this undefined behavior either use different priorities " +"or make the matching rules more specific e.g. by using distinct <" +"ISSUER> patterns." +msgstr "" +"Если несколько правил имеют одинаковый приоритет, но только одно " +"соответствует связанным правилам установления соответствия, будет выбрано " +"это правило. Если имеется несколько правил с одинаковым приоритетом, которые " +"соответствуют, будет выбрано одно из них, но не будет определено, какое " +"именно. Чтобы предотвратить такое неопределённое поведение, следует либо " +"задать разный приоритет, либо сделать правила установления соответствия " +"более чёткими (например, с помощью разных шаблонов <ISSUER>)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:79 +msgid "MATCHING RULE" +msgstr "ПРАВИЛО УСТАНОВЛЕНИЯ СООТВЕТСТВИЯ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:81 +msgid "" +"The matching rule is used to select a certificate to which the mapping rule " +"should be applied. It uses a system similar to the one used by " +"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a " +"keyword enclosed by '<' and '>' which identified a certain part of the " +"certificate and a pattern which should be found for the rule to match. " +"Multiple keyword pattern pairs can be either joined with '&&' (and) " +"or '||' (or)." +msgstr "" +"Правило установления соответствия используется для выбора сертификата, к " +"которому следует применить правило сопоставления. В нём используется " +"система, похожую на ту, которая используется в параметре " +"<quote>pkinit_cert_match</quote> MIT Kerberos. Правило состоит из ключевого " +"слова, расположенного между «<» и «>», которое идентифицирует " +"определённую часть сертификата, и шаблона, который должен быть найден для " +"установления соответствия правила. Несколько пар «ключевое слово — шаблон» " +"можно соединить с помощью логического оператора «&&» (и) или «|" +"|» (или)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:90 +msgid "" +"Given the similarity to MIT Kerberos the type prefix for this rule is " +"'KRB5'. But 'KRB5' will also be the default for <quote>matching rules</" +"quote> so that \"<SUBJECT>.*,DC=MY,DC=DOMAIN\" and \"KRB5:<" +"SUBJECT>.*,DC=MY,DC=DOMAIN\" are equivalent." +msgstr "" +"Учитывая сходство с MIT Kerberos, префиксом для этого правила является " +"«KRB5». Но «KRB5» также будет использоваться по умолчанию для <quote>правил " +"установления соответствия</quote>, поэтому «<SUBJECT>.*,DC=MY," +"DC=DOMAIN» и «KRB5:<SUBJECT>.*,DC= MY,DC=DOMAIN» эквивалентны." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:99 +msgid "<SUBJECT>regular-expression" +msgstr "<SUBJECT>регулярное_выражение" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:102 +msgid "" +"With this a part or the whole subject name of the certificate can be " +"matched. For the matching POSIX Extended Regular Expression syntax is used, " +"see regex(7) for details." +msgstr "" +"Это правило позволяет установить соответствие части или всего имени субъекта " +"сертификата. Для установления соответствия используется синтаксис " +"расширенных регулярных выражений POSIX. Подробное описание синтаксиса " +"доступно на справочной странице regex(7)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:108 +msgid "" +"For the matching the subject name stored in the certificate in DER encoded " +"ASN.1 is converted into a string according to RFC 4514. This means the most " +"specific name component comes first. Please note that not all possible " +"attribute names are covered by RFC 4514. The names included are 'CN', 'L', " +"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might " +"be shown differently on different platform and by different tools. To avoid " +"confusion those attribute names are best not used or covered by a suitable " +"regular-expression." +msgstr "" +"Для установления соответствия имени субъекта, которое хранится в сертификате " +"в кодировке DER, ASN.1 преобразуется в строку в соответствии с RFC 4514. Это " +"означает, что сначала идёт наиболее специфичный компонент имени. Обратите " +"внимание, что в стандарте RFC 4514 перечислены не все возможные имени " +"атрибутов. В него включены имена «CN», «L», «ST», «O», «OU», «C», «STREET», " +"«DC» и «UID». Другие имена атрибутов могут отображаться по-разному на " +"различных платформах и с помощью различных инструментов. Чтобы избежать " +"путаницы, рекомендуется не использовать такие имена и не покрывать их " +"соответствующим регулярным выражением." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:121 +msgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN" +msgstr "Пример: <SUBJECT>.*,DC=MY,DC=DOMAIN" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:124 +msgid "" +"Please note that the characters \"^.[$()|*+?{\\\" have a special meaning in " +"regular expressions and must be escaped with the help of the '\\' character " +"so that they are matched as ordinary characters." +msgstr "" +"Обратите внимание, что символы «^.[$()|*+?{\\» имеют специальное значение в " +"регулярных выражениях, поэтому их необходимо экранировать с помощью символа " +"«\\», чтобы программа воспринимала их как обычные символы." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:130 +msgid "Example: <SUBJECT>^CN=.* \\(Admin\\),DC=MY,DC=DOMAIN$" +msgstr "Пример: <SUBJECT>^CN=.* \\(Admin\\),DC=MY,DC=DOMAIN$" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:135 +msgid "<ISSUER>regular-expression" +msgstr "<ISSUER>регулярное_выражение" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:138 +msgid "" +"With this a part or the whole issuer name of the certificate can be matched. " +"All comments for <SUBJECT> apply her as well." +msgstr "" +"Это правило позволяет установить соответствие части или всего имени издателя " +"сертификата. Этого параметра касаются те же комментарии, которые были " +"указаны для <SUBJECT>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:143 +msgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$" +msgstr "Пример: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:148 +msgid "<KU>key-usage" +msgstr "<KU>использование_ключа" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:151 +msgid "" +"This option can be used to specify which key usage values the certificate " +"should have. The following values can be used in a comma separated list:" +msgstr "" +"С помощью этого параметра можно указать, какие значения использования ключа " +"должен иметь сертификат. В разделённом запятыми списке можно указать " +"следующие значения:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:155 +msgid "digitalSignature" +msgstr "digitalSignature" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:156 +msgid "nonRepudiation" +msgstr "nonRepudiation" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:157 +msgid "keyEncipherment" +msgstr "keyEncipherment" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:158 +msgid "dataEncipherment" +msgstr "dataEncipherment" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:159 +msgid "keyAgreement" +msgstr "keyAgreement" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:160 +msgid "keyCertSign" +msgstr "keyCertSign" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:161 +msgid "cRLSign" +msgstr "cRLSign" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:162 +msgid "encipherOnly" +msgstr "encipherOnly" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:163 +msgid "decipherOnly" +msgstr "decipherOnly" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:167 +msgid "" +"A numerical value in the range of a 32bit unsigned integer can be used as " +"well to cover special use cases." +msgstr "" +"Для покрытия особых вариантов использования также можно использовать " +"значение в диапазоне 32-битного беззнакового целого." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:171 +msgid "Example: <KU>digitalSignature,keyEncipherment" +msgstr "Пример: <KU>digitalSignature,keyEncipherment" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:176 +msgid "<EKU>extended-key-usage" +msgstr "<EKU>расширенное_использование_ключа" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:179 +msgid "" +"This option can be used to specify which extended key usage the certificate " +"should have. The following value can be used in a comma separated list:" +msgstr "" +"С помощью этого параметра можно указать, какие значения расширенного " +"использования ключа должен иметь сертификат. В разделённом запятыми списке " +"можно указать следующие значения:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:183 +msgid "serverAuth" +msgstr "serverAuth" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:184 +msgid "clientAuth" +msgstr "clientAuth" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:185 +msgid "codeSigning" +msgstr "codeSigning" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:186 +msgid "emailProtection" +msgstr "emailProtection" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:187 +msgid "timeStamping" +msgstr "timeStamping" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:188 +msgid "OCSPSigning" +msgstr "OCSPSigning" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:189 +msgid "KPClientAuth" +msgstr "KPClientAuth" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:190 +msgid "pkinit" +msgstr "pkinit" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:191 +msgid "msScLogin" +msgstr "msScLogin" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:195 +msgid "" +"Extended key usages which are not listed above can be specified with their " +"OID in dotted-decimal notation." +msgstr "" +"Расширенные использования ключа, которые не входят в представленный выше " +"список, можно указать по их OID в десятичной записи." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:199 +msgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4" +msgstr "Пример: <EKU>clientAuth,1.3.6.1.5.2.3.4" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:204 +msgid "<SAN>regular-expression" +msgstr "<SAN>регулярное_выражение" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:207 +msgid "" +"To be compatible with the usage of MIT Kerberos this option will match the " +"Kerberos principals in the PKINIT or AD NT Principal SAN as <SAN:" +"Principal> does." +msgstr "" +"Для обеспечения совместимости с использованием MIT Kerberos этот параметр " +"будет устанавливать соответствие участников Kerberos в SAN PKINIT или SAN AD " +"NT Principal так, как это делает <SAN:Principal>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:212 +msgid "Example: <SAN>.*@MY\\.REALM" +msgstr "Пример: <SAN>.*@MY\\.REALM" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:217 +msgid "<SAN:Principal>regular-expression" +msgstr "<SAN:Principal>регулярное_выражение" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:220 +msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN." +msgstr "" +"Установить соответствие участников Kerberos в SAN PKINIT или SAN AD NT " +"Principal." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:224 +msgid "Example: <SAN:Principal>.*@MY\\.REALM" +msgstr "Пример: <SAN:Principal>.*@MY\\.REALM" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:229 +msgid "<SAN:ntPrincipalName>regular-expression" +msgstr "<SAN:ntPrincipalName>регулярное_выражение" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:232 +msgid "Match the Kerberos principals from the AD NT Principal SAN." +msgstr "Установить соответствие участников Kerberos в SAN AD NT Principal." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:236 +msgid "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM" +msgstr "Пример: <SAN:ntPrincipalName>.*@MY.AD.REALM" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:241 +msgid "<SAN:pkinit>regular-expression" +msgstr "<SAN:pkinit>регулярное_выражение" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:244 +msgid "Match the Kerberos principals from the PKINIT SAN." +msgstr "Установить соответствие участников Kerberos в SAN PKINIT." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:247 +msgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM" +msgstr "Пример: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:252 +msgid "<SAN:dotted-decimal-oid>regular-expression" +msgstr "<SAN:dotted-decimal-oid>регулярное_выражение" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:255 +msgid "" +"Take the value of the otherName SAN component given by the OID in dotted-" +"decimal notation, interpret it as string and try to match it against the " +"regular expression." +msgstr "" +"Взять значение компонента otherName SAN, указанное с помощью OID в " +"десятичном формате, интерпретировать его как строку и попытаться установить " +"его соответствие регулярному выражению." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:261 +msgid "Example: <SAN:1.2.3.4>test" +msgstr "Пример: <SAN:1.2.3.4>test" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:266 +msgid "<SAN:otherName>base64-string" +msgstr "<SAN:otherName>строка_base64" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:269 +msgid "" +"Do a binary match with the base64 encoded blob against all otherName SAN " +"components. With this option it is possible to match against custom " +"otherName components with special encodings which could not be treated as " +"strings." +msgstr "" +"Выполнить установление двоичного соответствия blob-объекта в кодировке " +"base64 всем компонентам otherName SAN. С помощью этого параметра возможно " +"устанавливать соответствие пользовательским компонентам otherName в особых " +"кодировках, которые не могут обрабатываться как строки." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:276 +msgid "Example: <SAN:otherName>MTIz" +msgstr "Пример: <SAN:otherName>MTIz" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:281 +msgid "<SAN:rfc822Name>regular-expression" +msgstr "<SAN:rfc822Name>регулярное_выражение" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:284 +msgid "Match the value of the rfc822Name SAN." +msgstr "Установить соответствие значения SAN rfc822Name." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:287 +msgid "Example: <SAN:rfc822Name>.*@email\\.domain" +msgstr "Пример: <SAN:rfc822Name>.*@email\\.domain" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:292 +msgid "<SAN:dNSName>regular-expression" +msgstr "<SAN:dNSName>регулярное_выражение" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:295 +msgid "Match the value of the dNSName SAN." +msgstr "Установить соответствие значения SAN dNSName." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:298 +msgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain" +msgstr "Пример: <SAN:dNSName>.*\\.my\\.dns\\.domain" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:303 +msgid "<SAN:x400Address>base64-string" +msgstr "<SAN:x400Address>строка_base64" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:306 +msgid "Binary match the value of the x400Address SAN." +msgstr "Установить двоичное соответствие значения SAN x400Address." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:309 +msgid "Example: <SAN:x400Address>MTIz" +msgstr "Пример: <SAN:x400Address>MTIz" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:314 +msgid "<SAN:directoryName>regular-expression" +msgstr "<SAN:directoryName>регулярное_выражение" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:317 +msgid "" +"Match the value of the directoryName SAN. The same comments as given for <" +"ISSUER> and <SUBJECT> apply here as well." +msgstr "" +"Установить соответствие значения SAN directoryName. Этого параметра касаются " +"те же комментарии, которые были указаны для <ISSUER> и <SUBJECT>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:322 +msgid "Example: <SAN:directoryName>.*,DC=com" +msgstr "Пример: <SAN:directoryName>.*,DC=com" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:327 +msgid "<SAN:ediPartyName>base64-string" +msgstr "<SAN:ediPartyName>строка_base64" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:330 +msgid "Binary match the value of the ediPartyName SAN." +msgstr "Установить двоичное соответствие значения SAN ediPartyName." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:333 +msgid "Example: <SAN:ediPartyName>MTIz" +msgstr "Пример: <SAN:ediPartyName>MTIz" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:338 +msgid "<SAN:uniformResourceIdentifier>regular-expression" +msgstr "<SAN:uniformResourceIdentifier>регулярное_выражение" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:341 +msgid "Match the value of the uniformResourceIdentifier SAN." +msgstr "Установить соответствие значения SAN uniformResourceIdentifier." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:344 +msgid "Example: <SAN:uniformResourceIdentifier>URN:.*" +msgstr "Пример: <SAN:uniformResourceIdentifier>URN:.*" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:349 +msgid "<SAN:iPAddress>regular-expression" +msgstr "<SAN:iPAddress>регулярное_выражение" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:352 +msgid "Match the value of the iPAddress SAN." +msgstr "Установить соответствие значения SAN iPAddress." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:355 +msgid "Example: <SAN:iPAddress>192\\.168\\..*" +msgstr "Пример: <SAN:iPAddress>192\\.168\\..*" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:360 +msgid "<SAN:registeredID>regular-expression" +msgstr "<SAN:registeredID>регулярное_выражение" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:363 +msgid "Match the value of the registeredID SAN as dotted-decimal string." +msgstr "" +"Установить соответствие значения SAN registeredID в виде десятичной строки." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:367 +msgid "Example: <SAN:registeredID>1\\.2\\.3\\..*" +msgstr "Пример: <SAN:registeredID>1\\.2\\.3\\..*" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:96 +msgid "" +"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "Доступные параметры: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:375 +msgid "MAPPING RULE" +msgstr "ПРАВИЛО СОПОСТАВЛЕНИЯ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:377 +msgid "" +"The mapping rule is used to associate a certificate with one or more " +"accounts. A Smartcard with the certificate and the matching private key can " +"then be used to authenticate as one of those accounts." +msgstr "" +"Правило сопоставления используется для связывания сертификата с одной или " +"несколькими учётными записями. После этого для прохождения проверки " +"подлинности в качестве одной из этих учётных записей будет можно " +"использовать смарт-карту с сертификатом и соответствующим закрытым ключом." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:382 +msgid "" +"Currently SSSD basically only supports LDAP to lookup user information (the " +"exception is the proxy provider which is not of relevance here). Because of " +"this the mapping rule is based on LDAP search filter syntax with templates " +"to add certificate content to the filter. It is expected that the filter " +"will only contain the specific data needed for the mapping and that the " +"caller will embed it in another filter to do the actual search. Because of " +"this the filter string should start and stop with '(' and ')' respectively." +msgstr "" +"В настоящее время SSSD поддерживает поиск данных пользователей в основном " +"только в LDAP (исключение — поставщик данных прокси, что несущественно в " +"данном контексте). Поэтому правило сопоставления основано на синтаксисе " +"фильтра поиска LDAP с шаблонами для добавления содержимого сертификата в " +"фильтр. Ожидается, что фильтр будет содержать только определённые данные, " +"необходимые для сопоставления, и что вызывающая сторона внедрит их в другой " +"фильтр для выполнения фактического поиска. Поэтому строка фильтра должна, " +"соответственно, начинаться символом «(» и заканчиваться символом «)»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:392 +msgid "" +"In general it is recommended to use attributes from the certificate and add " +"them to special attributes to the LDAP user object. E.g. the " +"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute " +"for IPA can be used." +msgstr "" +"В целом, рекомендуется использовать атрибуты из сертификата и добавлять их к " +"специальным атрибутам объекта пользователя LDAP. Например, можно " +"использовать атрибут «altSecurityIdentities» в AD или атрибут " +"«ipaCertMapData» для IPA." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:398 +msgid "" +"This should be preferred to read user specific data from the certificate " +"like e.g. an email address and search for it in the LDAP server. The reason " +"is that the user specific data in LDAP might change for various reasons " +"would break the mapping. On the other hand it would be hard to break the " +"mapping on purpose for a specific user." +msgstr "" +"Это предпочтительнее чтения относящихся к пользователю данных из сертификата " +"(например, адреса электронной почты) и поиска этих данных на сервере LDAP. " +"Дело в том, что относящиеся к пользователю данные в LDAP могут меняться по " +"ряду причин, и это приведёт к ошибке сопоставления. С другой стороны, сложно " +"специально вызвать ошибку сопоставления для определённого пользователя." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:406 +msgid "" +"The default <quote>mapping rule</quote> type is 'LDAP' which can be added as " +"a prefix to a rule like e.g. 'LDAP:(userCertificate;binary={cert!bin})'. " +"There is an extension called 'LDAPU1' which offer more templates for more " +"flexibility. To allow older versions of this library to ignore the extension " +"the prefix 'LDAPU1' must be used when using the new templates in a " +"<quote>mapping rule</quote> otherwise the old version of this library will " +"fail with a parsing error. The new templates are described in section <xref " +"linkend=\"map_ldapu1\"/>." +msgstr "" +"Типом <quote>правила сопоставления</quote> по умолчанию является «LDAP», " +"который можно добавить в качестве префикса к правилу, например. 'LDAP:" +"(userCertificate;binary={cert!bin})'. Расширение «LDAPU1» предоставляет " +"дополнительные шаблоны для увеличения гибкости. Чтобы разрешить устаревшим " +"версиям этой библиотеки игнорировать расширения, при использовании новых " +"шаблонов в <quote>правиле сопоставления</quote> должен быть использован " +"префикс «LDAPU1», иначе работа устаревшей версии этой библиотеки будет " +"завершена с сообщением об ошибке при обработке входных данных. Новые шаблоны " +"описаны в разделе <xref linkend=\"map_ldapu1\"/>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:424 +msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:427 +msgid "" +"This template will add the full issuer DN converted to a string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" +"Этот шаблон добавит полное DN издателя, преобразованное в строку в " +"соответствии с RFC 4514. Для упорядочения X.500 (самое специфичное RDN в " +"конце) следует использовать параметр с префиксом «_x500»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:433 sss-certmap.5.xml:459 +msgid "" +"The conversion options starting with 'ad_' will use attribute names as used " +"by AD, e.g. 'S' instead of 'ST'." +msgstr "" +"Параметры преобразования, которые начинаются с «ad_», используют имена " +"атрибутов, используемые AD (например, «S» вместо «ST»)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:437 sss-certmap.5.xml:463 +msgid "" +"The conversion options starting with 'nss_' will use attribute names as used " +"by NSS." +msgstr "" +"Параметры преобразования, которые начинаются с «nss_», используют имена " +"атрибутов, используемые NSS." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:441 sss-certmap.5.xml:467 +msgid "" +"The default conversion option is 'nss', i.e. attribute names according to " +"NSS and LDAP/RFC 4514 ordering." +msgstr "" +"Стандартным вариантом преобразования является «nss», то есть имена атрибутов " +"согласно NSS и упорядочение LDAP/RFC 4514." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:445 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!" +"ad})" +msgstr "" +"Пример: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!ad})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:450 +msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:453 +msgid "" +"This template will add the full subject DN converted to string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" +"Этот шаблон добавит полное DN субъекта, преобразованное в строку в " +"соответствии с RFC 4514. Для упорядочения X.500 (самое специфичное RDN в " +"конце) следует использовать параметр с префиксом «_x500»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:471 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>" +"{subject_dn!nss_x500})" +msgstr "" +"Пример: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>" +"{subject_dn!nss_x500})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:476 +msgid "{cert[!(bin|base64)]}" +msgstr "{cert[!(bin|base64)]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:479 +msgid "" +"This template will add the whole DER encoded certificate as a string to the " +"search filter. Depending on the conversion option the binary certificate is " +"either converted to an escaped hex sequence '\\xx' or base64. The escaped " +"hex sequence is the default and can e.g. be used with the LDAP attribute " +"'userCertificate;binary'." +msgstr "" +"Этот шаблон добавит в фильтр поиска весь сертификат в кодировке DER как " +"строку. В зависимости от значения параметра преобразования двоичный " +"сертификат будет преобразован либо в экранированную шестнадцатеричную " +"последовательность «\\xx», либо в код base64. Стандартным вариантом является " +"экранированная шестнадцатеричная последовательность. Она может " +"использоваться, например, с атрибутом LDAP «userCertificate;binary»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:487 +msgid "Example: (userCertificate;binary={cert!bin})" +msgstr "Пример: (userCertificate;binary={cert!bin})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:492 +msgid "{subject_principal[.short_name]}" +msgstr "{subject_principal[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:495 +msgid "" +"This template will add the Kerberos principal which is taken either from the " +"SAN used by pkinit or the one used by AD. The 'short_name' component " +"represents the first part of the principal before the '@' sign." +msgstr "" +"Этот шаблон добавит участника Kerberos, взятого либо из SAN, используемого " +"pkinit, либо из SAN, используемого AD. Компонент «short_name» представляет " +"первую часть записи участника, до знака «@»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:501 +msgid "" +"Example: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" +msgstr "" +"Пример: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:506 +msgid "{subject_pkinit_principal[.short_name]}" +msgstr "{subject_pkinit_principal[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:509 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by pkinit. The 'short_name' component represents the first part of the " +"principal before the '@' sign." +msgstr "" +"Этот шаблон добавит участника Kerberos, который указан в SAN, используемом " +"pkinit. Компонент «short_name» представляет первую часть записи участника, " +"до знака «@»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:515 +msgid "" +"Example: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" +msgstr "" +"Пример: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:520 +msgid "{subject_nt_principal[.short_name]}" +msgstr "{subject_nt_principal[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:523 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by AD. The 'short_name' component represent the first part of the principal " +"before the '@' sign." +msgstr "" +"Этот шаблон добавит участника Kerberos, который указан в SAN, используемом " +"AD. Компонент «short_name» представляет первую часть записи участника, до " +"знака «@»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:529 +msgid "" +"Example: (|(userPrincipalName={subject_nt_principal})" +"(samAccountName={subject_nt_principal.short_name}))" +msgstr "" +"Пример: (|(userPrincipalName={subject_nt_principal})" +"(samAccountName={subject_nt_principal.short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:534 +msgid "{subject_rfc822_name[.short_name]}" +msgstr "{subject_rfc822_name[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:537 +msgid "" +"This template will add the string which is stored in the rfc822Name " +"component of the SAN, typically an email address. The 'short_name' component " +"represents the first part of the address before the '@' sign." +msgstr "" +"Этот шаблон добавит строку, которая хранится в компоненте rfc822Name SAN " +"(обычно это адрес электронной почты). Компонент «short_name» представляет " +"первую часть записи адреса, до знака «@»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:543 +msgid "" +"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name." +"short_name}))" +msgstr "" +"Пример: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name.short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:548 +msgid "{subject_dns_name[.short_name]}" +msgstr "{subject_dns_name[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:551 +msgid "" +"This template will add the string which is stored in the dNSName component " +"of the SAN, typically a fully-qualified host name. The 'short_name' " +"component represents the first part of the name before the first '.' sign." +msgstr "" +"Этот шаблон добавит строку, которая хранится в компоненте dNSName SAN " +"(обычно это полное имя узла) Компонент «short_name» представляет первую " +"часть записи имени, до первого знака «.»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:557 +msgid "" +"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" +msgstr "" +"Пример: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:562 +msgid "{subject_uri}" +msgstr "{subject_uri}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:565 +msgid "" +"This template will add the string which is stored in the " +"uniformResourceIdentifier component of the SAN." +msgstr "" +"Этот шаблон добавит строку, которая хранится в компоненте " +"uniformResourceIdentifier SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:569 +msgid "Example: (uri={subject_uri})" +msgstr "Пример: (uri={subject_uri})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:574 +msgid "{subject_ip_address}" +msgstr "{subject_ip_address}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:577 +msgid "" +"This template will add the string which is stored in the iPAddress component " +"of the SAN." +msgstr "" +"Этот шаблон добавит строку, которая хранится в компоненте iPAddress SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:581 +msgid "Example: (ip={subject_ip_address})" +msgstr "Пример: (ip={subject_ip_address})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:586 +msgid "{subject_x400_address}" +msgstr "{subject_x400_address}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:589 +msgid "" +"This template will add the value which is stored in the x400Address " +"component of the SAN as escaped hex sequence." +msgstr "" +"Этот шаблон добавит значение, которое хранится в компоненте x400Address SAN " +"как экранированная шестнадцатеричная последовательность." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:594 +msgid "Example: (attr:binary={subject_x400_address})" +msgstr "Пример: (attr:binary={subject_x400_address})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:599 +msgid "" +"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" +"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:602 +msgid "" +"This template will add the DN string of the value which is stored in the " +"directoryName component of the SAN." +msgstr "" +"Этот шаблон добавит строку DN значения, которое хранится в компоненте " +"directoryName SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:606 +msgid "Example: (orig_dn={subject_directory_name})" +msgstr "Пример: (orig_dn={subject_directory_name})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:611 +msgid "{subject_ediparty_name}" +msgstr "{subject_ediparty_name}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:614 +msgid "" +"This template will add the value which is stored in the ediPartyName " +"component of the SAN as escaped hex sequence." +msgstr "" +"Этот шаблон добавит значение, которое хранится в компоненте ediPartyName SAN " +"как экранированная шестнадцатеричная последовательность." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:619 +msgid "Example: (attr:binary={subject_ediparty_name})" +msgstr "Пример: (attr:binary={subject_ediparty_name})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:624 +msgid "{subject_registered_id}" +msgstr "{subject_registered_id}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:627 +msgid "" +"This template will add the OID which is stored in the registeredID component " +"of the SAN as a dotted-decimal string." +msgstr "" +"Этот шаблон добавит OID, который хранится в компоненте registeredID SAN как " +"десятичная строка." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:632 +msgid "Example: (oid={subject_registered_id})" +msgstr "Пример: (oid={subject_registered_id})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:417 +msgid "" +"The templates to add certificate data to the search filter are based on " +"Python-style formatting strings. They consist of a keyword in curly braces " +"with an optional sub-component specifier separated by a '.' or an optional " +"conversion/formatting option separated by a '!'. Allowed values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Шаблоны для добавления данных сертификата в фильтр поиска основаны на " +"строках форматирования в стиле Python. Они состоят из ключевого слова в " +"фигурных скобках с необязательным указателем подкомпонента, который отделён " +"знаком «.», или необязательным параметром преобразования/форматирования, " +"который отделён знаком «!». Допустимые значения: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><title> +#: sss-certmap.5.xml:639 +msgid "LDAPU1 extension" +msgstr "Расширение LDAPU1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para> +#: sss-certmap.5.xml:641 +msgid "The following template are available when using the 'LDAPU1' extension:" +msgstr "При использовании расширения «LDAPU1» доступны следующие шаблоны:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:647 +msgid "{serial_number[!(dec|hex[_ucr])]}" +msgstr "{serial_number[!(dec|hex[_ucr])]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:650 +msgid "" +"This template will add the serial number of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" +"Этот шаблон добавит серийный номер сертификата. По умолчанию он будет " +"напечатан как шестнадцатеричное число буквами нижнего регистра." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:655 +msgid "" +"With the formatting option '!dec' the number will be printed as decimal " +"string. The hexadecimal output can be printed with upper-case letters ('!" +"hex_u'), with a colon separating the hexadecimal bytes ('!hex_c') or with " +"the hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can " +"be combined so that e.g. '!hex_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" +"Если используется параметр форматирования «!dec», число будет выведено в " +"виде десятичной строки. Шестнадцатеричный вывод может быть показан буквами в " +"верхнем регистре («!hex_u»), с двоеточием, разделяющим шестнадцатеричные " +"байты («!hex_c»), или с шестнадцатеричными байтами в обратном порядке («!" +"hex_r»). Буквы постфикса можно комбинировать, например, «!hex_uc» приведет к " +"выводу шестнадцатеричной строки, разделенной двоеточием, с буквами в верхнем " +"регистре." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:665 +msgid "Example: LDAPU1:(serial={serial_number})" +msgstr "Пример: LDAPU1:(serial={серийный_номер})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:671 +msgid "{subject_key_id[!hex[_ucr]]}" +msgstr "{subject_key_id[!hex[_ucr]]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:674 +msgid "" +"This template will add the subject key id of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" +"Этот шаблон добавит идентификатор ключа назначения сертификата. По умолчанию " +"он будет напечатан как шестнадцатеричное число буквами нижнего регистра." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:679 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!hex_u'), " +"with a colon separating the hexadecimal bytes ('!hex_c') or with the " +"hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can be " +"combined so that e.g. '!hex_uc' will produce a colon-separated hexadecimal " +"string with upper-case letters." +msgstr "" +"Шестнадцатеричный вывод может быть показан буквами в верхнем регистре («!" +"hex_u»), с двоеточием, разделяющим шестнадцатеричные байты («!hex_c»), или с " +"шестнадцатеричными байтами в обратном порядке («!hex_r»). Буквы постфикса " +"можно комбинировать, например, «!hex_uc» приведет к выводу шестнадцатеричной " +"строки, разделенной двоеточием, с буквами в верхнем регистре." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:688 +msgid "Example: LDAPU1:(ski={subject_key_id})" +msgstr "Пример: LDAPU1:(ski={subject_key_id})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:694 +msgid "{cert[!DIGEST[_ucr]]}" +msgstr "{cert[!DIGEST[_ucr]]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:697 +msgid "" +"This template will add the hexadecimal digest/hash of the certificate where " +"DIGEST must be replaced with the name of a digest/hash function supported by " +"OpenSSL, e.g. 'sha512'." +msgstr "" +"Этот шаблон добавит шестнадцатеричную контрольную сумму или хэш к " +"сертификату. Запись DIGEST должна быть заменена названием функции " +"контрольной суммы или хэша, поддержка которых предусмотрена в OpenSSL, " +"например. «sha512»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:703 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!sha512_u'), " +"with a colon separating the hexadecimal bytes ('!sha512_c') or with the " +"hexadecimal bytes in reverse order ('!sha512_r'). The postfix letters can be " +"combined so that e.g. '!sha512_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" +"Шестнадцатеричный вывод может быть показан буквами в верхнем регистре («!" +"sha512_u»), с двоеточием, разделяющим шестнадцатеричные байты («!sha512_c»), " +"или с шестнадцатеричными байтами в обратном порядке («!sha512_r»). Буквы " +"постфикса можно комбинировать, например, «!sha512_uc» приведет к выводу " +"шестнадцатеричной строки, разделенной двоеточием, с буквами в верхнем " +"регистре." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:712 +msgid "Example: LDAPU1:(dgst={cert!sha256})" +msgstr "Пример: LDAPU1:(dgst={cert!sha256})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:718 +msgid "{subject_dn_component[(.attr_name|[number]]}" +msgstr "{subject_dn_component[(.attr_name|[number]]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:721 +msgid "" +"This template will add an attribute value of a component of the subject DN, " +"by default the value of the most specific component." +msgstr "" +"Этот шаблон добавит значение атрибуту компонента DN субъекта, по умолчанию " +"значением является самый специфический компонент." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:726 +msgid "" +"A different component can it either selected by attribute name, e.g. " +"{subject_dn_component.uid} or by position, e.g. {subject_dn_component.[2]} " +"where positive numbers start counting from the most specific component and " +"negative numbers start counting from the least specific component. Attribute " +"name and the position can be combined as e.g. {subject_dn_component.uid[2]} " +"which means that the name of the second component must be 'uid'." +msgstr "" +"Другой компонент может быть выбран по имени атрибута, например, " +"{subject_dn_component.uid} или по позиции, например, {subject_dn_component." +"[2]}, где положительные числа означают отсчет от наиболее специфичного " +"компонента, а отрицательные числа — от наименее специфичного компонента. " +"Название атрибута и позиция могут быть объединены, например, " +"{subject_dn_component.uid[2]} означает, что имя второго компонента должно " +"быть «uid»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:737 +msgid "Example: LDAPU1:(uid={subject_dn_component.uid})" +msgstr "Пример: LDAPU1:(uid={subject_dn_component.uid})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:743 +msgid "{issuer_dn_component[(.attr_name|[number]]}" +msgstr "{issuer_dn_component[(.attr_name|[number]]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:746 +msgid "" +"This template will add an attribute value of a component of the issuer DN, " +"by default the value of the most specific component." +msgstr "" +"Этот шаблон добавит значение атрибуту компонента DN издателя, по умолчанию " +"значением является самый специфический компонент." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:751 +msgid "" +"See 'subject_dn_component' for details about the attribute name and position " +"specifiers." +msgstr "" +"См. раздел «subject_dn_component» для получения более подробной информации о " +"названиях атрибутов и спецификаторов позиции." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:755 +msgid "" +"Example: LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component." +"dc[-1]})" +msgstr "" +"Пример: LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component." +"dc[-1]})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:760 +msgid "{sid[.rid]}" +msgstr "{sid[.rid]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:763 +msgid "" +"This template will add the SID if the corresponding extension introduced by " +"Microsoft with the OID 1.3.6.1.4.1.311.25.2 is available. With the '.rid' " +"selector only the last component, i.e. the RID, will be added." +msgstr "" +"Этот шаблон добавит SID, если доступно соответствующее расширение, " +"представленное Microsoft с OID 1.3.6.1.4.1.311.25.2. С помощью селектора «." +"rid» будет добавлен только последний компонент, то есть RID." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:770 +msgid "Example: LDAPU1:(objectsid={sid})" +msgstr "Пример: LDAPU1:(objectsid={sid})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:779 +msgid "DOMAIN LIST" +msgstr "СПИСОК ДОМЕНОВ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:781 +msgid "" +"If the domain list is not empty users mapped to a given certificate are not " +"only searched in the local domain but in the listed domains as well as long " +"as they are know by SSSD. Domains not know to SSSD will be ignored." +msgstr "" +"Когда список доменов не пуст, поиск пользователей, сопоставленных указанному " +"сертификату, будет выполняться не только в локальном домене, но также и в " +"перечисленных в списке доменах, если они известны SSSD. Домены, которые " +"неизвестны SSSD, будут игнорироваться." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "sssd-ipa" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "Поставщик данных IPA SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"На этой справочной странице представлено описание настройки поставщика " +"данных IPA для <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. Подробные сведения о синтаксисе " +"доступны в разделе <quote>ФОРМАТ ФАЙЛА</quote> справочной страницы " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" +"Поставщик данных IPA — это внутренний сервер, который используется для " +"подключения к серверу IPA. (Сведения о серверах IPA доступны на веб-сайте " +"freeipa.org.) Для работы этого поставщика требуется, чтобы компьютер был " +"присоединён к домену IPA; настройка почти полностью автоматизирована, " +"получение её данных выполняется непосредственно с сервера." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for IPA environments. The IPA provider accepts the same " +"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. " +"However, it is neither necessary nor recommended to set these options." +msgstr "" +"Поставщик данных IPA позволяет SSSD использовать поставщика данных " +"идентификации <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> и поставщика данных проверки " +"подлинности <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> с оптимизацией для сред IPA. " +"Поставщик данных IPA принимает те же параметры, которые используются " +"поставщиками sssd-ldap и sssd-krb5 providers, за некоторыми исключениями. Но " +"установка этих параметров не является ни необходимой, ни рекомендуемой." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:57 +msgid "" +"The IPA provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" +"Поставщик данных IPA в основном копирует стандартные параметры традиционных " +"поставщиков данных ldap и krb5, за некоторыми исключениями. Список различий " +"доступен в разделе <quote>ИЗМЕНЁННЫЕ СТАНДАРТНЫЕ ПАРАМЕТРЫ</quote>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +#, fuzzy +#| msgid "" +#| "As an access provider, the IPA provider uses HBAC (host-based access " +#| "control) rules. Please refer to freeipa.org for more information about " +#| "HBAC. No configuration of access provider is required on the client side." +msgid "" +"As an access provider, the IPA provider has a minimal configuration (see " +"<quote>ipa_access_order</quote>) as it mainly uses HBAC (host-based access " +"control) rules. Please refer to freeipa.org for more information about HBAC." +msgstr "" +"Как поставщик доступа, поставщик данных IPA использует правила HBAC " +"(управление доступом на основе узлов). Более подробные сведения о HBAC " +"доступны на веб-сайте freeipa.org. Настройка поставщика доступа на стороне " +"клиента не требуется." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:68 +msgid "" +"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ipa</" +"quote>." +msgstr "" +"Если в sssd.conf указано <quote>auth_provider=ipa</quote> или " +"<quote>access_provider=ipa</quote>, параметр id_provider тоже необходимо " +"установить в значение <quote>ipa</quote>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:74 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" +"Поставщик данных IPA будет использовать ответчик PAC, если билеты Kerberos " +"пользователей из доверенных областей содержат PAC. Для упрощения настройки " +"запуск ответчика PAC выполняется автоматически, если настроен поставщик " +"идентификаторов IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:90 +msgid "ipa_domain (string)" +msgstr "ipa_domain (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:93 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" +"Позволяет указать имя домена IPA. Это необязательно. Если имя не указано, " +"используется имя домена в конфигурации." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:101 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "ipa_server, ipa_backup_server (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:104 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"Разделённый запятыми список IP-адресов или имён узлов серверов IPA, к " +"которым SSSD следует подключаться в порядке приоритета. Дополнительные " +"сведения об отработке отказа и избыточности сервера доступны в разделе " +"<quote>ОТРАБОТКА ОТКАЗА</quote>. Этот параметр является необязательным, если " +"включено автоматическое обнаружение служб. Дополнительные сведения об " +"обнаружении служб доступны в разделе <quote>ОБНАРУЖЕНИЕ СЛУЖБ</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:117 +msgid "ipa_hostname (string)" +msgstr "ipa_hostname (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:120 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host. The " +"hostname must be fully qualified." +msgstr "" +"Необязательный параметр. Может быть указан на компьютерах, где hostname(5) " +"не содержит полное имя, которое используется для идентификации этого узла в " +"домене IPA. Имя узла должно быть полным." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:129 sssd-ad.5.xml:1181 +msgid "dyndns_update (boolean)" +msgstr "dyndns_update (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:132 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA with the IP address of this client. The update is secured " +"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the " +"updates, if it is not otherwise specified by using the <quote>dyndns_iface</" +"quote> option." +msgstr "" +"Необязательный параметр. Этот параметр указывает SSSD автоматически " +"обновлять на сервере DNS, встроенном во FreeIPA, IP-адрес клиента. Защита " +"обновления обеспечивается с помощью GSS-TSIG. Для обновления будет " +"использован IP-адрес LDAP-соединения IPA, если с помощью параметра " +"<quote>dyndns_iface</quote> не указано иное." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:141 sssd-ad.5.xml:1195 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" +"ПРИМЕЧАНИЕ: на устаревших системах (например, RHEL 5) для корректной работы " +"в этом режиме необходимо надлежащим образом задать стандартную область " +"Kerberos в /etc/krb5.conf" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:146 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" +"ПРИМЕЧАНИЕ: прежнее имя параметра, <emphasis>ipa_dyndns_update</emphasis>, " +"всё ещё можно использовать, но пользователям рекомендуется перейти на " +"использование нового имени, <emphasis>dyndns_update</emphasis>, в файле " +"конфигурации." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:158 sssd-ad.5.xml:1206 +msgid "dyndns_ttl (integer)" +msgstr "dyndns_ttl (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:161 sssd-ad.5.xml:1209 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" +"Значение TTL, которое применяется при обновлении записи DNS клиента. Если " +"параметр dyndns_update установлен в значение «false», этот параметр ни на " +"что не влияет. Если администратором установлено значение TTL на стороне " +"сервера, оно будет переопределено этим параметром." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:166 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" +"ПРИМЕЧАНИЕ: прежнее имя параметра, <emphasis>ipa_dyndns_ttl</emphasis>, всё " +"ещё можно использовать, но пользователям рекомендуется перейти на " +"использование нового имени, <emphasis>dyndns_ttl</emphasis>, в файле " +"конфигурации." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:172 +msgid "Default: 1200 (seconds)" +msgstr "По умолчанию: 1200 (секунд)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:178 sssd-ad.5.xml:1220 +msgid "dyndns_iface (string)" +msgstr "dyndns_iface (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 sssd-ad.5.xml:1223 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" +"Необязательный параметр. Применимо только тогда, когда параметр " +"dyndns_update установлен в значение «true». Выберите интерфейс или список " +"интерфейсов, IP-адреса которых должны использоваться для динамических " +"обновлений DNS. Специальное значение <quote>*</quote> подразумевает, что " +"следует использовать IP-адреса всех интерфейсов." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:188 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" +"ПРИМЕЧАНИЕ: прежнее имя параметра, <emphasis>ipa_dyndns_iface</emphasis>, " +"всё ещё можно использовать, но пользователям рекомендуется перейти на " +"использование нового имени, <emphasis>dyndns_iface</emphasis>, в файле " +"конфигурации." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" +"По умолчанию: использовать IP-адреса интерфейса, который используется для " +"подключения LDAP IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 sssd-ad.5.xml:1234 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "Пример: dyndns_iface = em1, vnet1, vnet2" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 +msgid "dyndns_auth (string)" +msgstr "dyndns_auth (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"updates with the DNS server, insecure updates can be sent by setting this " +"option to 'none'." +msgstr "" +"Следует ли утилите nsupdate использовать проверку подлинности GSS-TSIG для " +"защищённых обновлений сервера DNS. Незащищённые отправления можно " +"отправлять, установив этот параметр в значение «none»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 +msgid "Default: GSS-TSIG" +msgstr "По умолчанию: GSS-TSIG" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 +msgid "dyndns_auth_ptr (string)" +msgstr "dyndns_auth_ptr (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"PTR updates with the DNS server, insecure updates can be sent by setting " +"this option to 'none'." +msgstr "" +"Следует ли утилите nsupdate использовать проверку подлинности GSS-TSIG для " +"защищённых обновлений PTR сервера DNS. Незащищённые отправления можно " +"отправлять, установив этот параметр в значение «none»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 +msgid "Default: Same as dyndns_auth" +msgstr "По умолчанию: то же, что и dyndns_auth" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:234 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "ipa_enable_dns_sites (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:237 sssd-ad.5.xml:238 +msgid "Enables DNS sites - location based service discovery." +msgstr "Включить сайты DNS — обнаружение служб по расположению." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example." +"com\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" +"Если параметр установлен в значение «true» и включено обнаружение служб " +"(смотрите абзац об обнаружении служб в нижней части справочной страницы), " +"SSSD сначала будет пробовать выполнить обнаружение на основе расположения с " +"помощью запроса, который содержит «_location.hostname.example.com», а затем " +"перейдёт к традиционному обнаружению SRV. Если обнаружение на основе " +"расположения будет выполнено успешно, серверы IPA, обнаруженные с помощью " +"обнаружения на основе расположения, будут считаться основными, а серверы " +"IPA, обнаруженные с помощью традиционного обнаружения SRV, будут " +"использоваться в качестве резервных" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1240 +msgid "dyndns_refresh_interval (integer)" +msgstr "dyndns_refresh_interval (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:263 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" +"Как часто внутреннему серверу следует выполнять периодическое обновление DNS " +"в дополнение к автоматическому обновлению, которое выполняется при переходе " +"внутреннего сервера в сетевой режим. Этот параметр является необязательным и " +"применяется только тогда, когда параметр dyndns_update установлен в значение " +"«true»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:276 sssd-ad.5.xml:1258 +msgid "dyndns_update_ptr (bool)" +msgstr "dyndns_update_ptr (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:1261 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" +"Следует ли также явно обновлять запись PTR при обновлении записей DNS " +"клиента. Применимо только тогда, когда параметр dyndns_update установлен в " +"значение «true»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" +"Этот параметр должен быть установлен в значение «False» в большинстве " +"развёрнутых систем IPA, так как сервер IPA генерирует записи PTR " +"автоматически при смене записей перенаправления." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 +msgid "Default: False (disabled)" +msgstr "По умолчанию: false (отключено)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 +msgid "dyndns_force_tcp (bool)" +msgstr "dyndns_force_tcp (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" +"Должна ли утилита nsupdate по умолчанию использовать TCP для обмена данными " +"с сервером DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "По умолчанию: false (разрешить nsupdate выбрать протокол)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 +msgid "dyndns_server (string)" +msgstr "dyndns_server (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" +"Сервер DNS, который следует использовать для выполнения обновления DNS. В " +"большинстве конфигураций рекомендуется не устанавливать значение для этого " +"параметра." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" +"Установка этого параметра имеет смысл для сред, в которых сервер DNS " +"отличается от сервера данных идентификации." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" +"Обратите внимание, что этот параметр используется только для резервной " +"попытки, которая выполняется тогда, когда предыдущая попытка с " +"использованием автоматически определённых параметров завершилась неудачей." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 +msgid "Default: None (let nsupdate choose the server)" +msgstr "По умолчанию: none (разрешить nsupdate выбрать сервер)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 +msgid "dyndns_update_per_family (boolean)" +msgstr "dyndns_update_per_family (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 +msgid "" +"DNS update is by default performed in two steps - IPv4 update and then IPv6 " +"update. In some cases it might be desirable to perform IPv4 and IPv6 update " +"in single step." +msgstr "" +"По умолчанию обновление DNS выполняется за два шага: обновление IPv4, а " +"затем обновление IPv4. В некоторых случаях может быть желательно выполнить " +"обновление IPv4 и IPv6 за один шаг." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:353 +#, fuzzy +#| msgid "ldap_access_order (string)" +msgid "ipa_access_order (string)" +msgstr "ldap_access_order (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:360 +#, fuzzy +#| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." +msgstr "<emphasis>expire</emphasis>: использовать ldap_account_expire_policy" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:399 +#, fuzzy +#| msgid "" +#| "Please note that 'access_provider = ldap' must be set for this feature to " +#| "work. Also 'ldap_pwd_policy' must be set to an appropriate password " +#| "policy." +msgid "" +"Please note that 'access_provider = ipa' must be set for this feature to " +"work." +msgstr "" +"Следует учитывать, что для работы этой возможности необходимо указать " +"«access_provider = ldap». Также необходимо указать соответствующую политику " +"паролей в качестве значения параметра «ldap_pwd_policy»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:406 +msgid "ipa_deskprofile_search_base (string)" +msgstr "ipa_deskprofile_search_base (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:409 +msgid "" +"Optional. Use the given string as search base for Desktop Profile related " +"objects." +msgstr "" +"Необязательный параметр. Использовать указанную строку как базу поиска " +"объектов, связанных с профилями рабочего стола." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 +msgid "Default: Use base DN" +msgstr "По умолчанию: использовать base DN" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:419 +msgid "ipa_subid_ranges_search_base (string)" +msgstr "ipa_subid_ranges_search_base (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"Optional. Use the given string as search base for subordinate ranges related " +"objects." +msgstr "" +"Необязательный параметр. Использовать указанную строку как базу поиска " +"объектов, связанных с подчиненными диапазонами объектов." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:426 +msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" +msgstr "По умолчанию: значение <emphasis>cn=subids,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:433 +msgid "ipa_hbac_search_base (string)" +msgstr "ipa_hbac_search_base (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:436 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" +"Необязательный параметр. Использовать указанную строку как базу поиска " +"объектов, связанных с HBAC." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 +msgid "ipa_host_search_base (string)" +msgstr "ipa_host_search_base (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 +msgid "Deprecated. Use ldap_host_search_base instead." +msgstr "Не рекомендуется. Используйте ldap_host_search_base." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:455 +msgid "ipa_selinux_search_base (string)" +msgstr "ipa_selinux_search_base (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:458 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" +"Необязательный параметр. Использовать указанную строку как базу поиска карт " +"пользователей SELinux." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:474 +msgid "ipa_subdomains_search_base (string)" +msgstr "ipa_subdomains_search_base (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:477 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" +"Необязательный параметр. Использовать указанную строку как базу поиска " +"доверенных доменов." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:486 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "По умолчанию: значение <emphasis>cn=trusts,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:493 +msgid "ipa_master_domain_search_base (string)" +msgstr "ipa_master_domain_search_base (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:496 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" +"Необязательный параметр. Использовать указанную строку как базу поиска " +"объекта главного домена." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:505 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "По умолчанию: значение <emphasis>cn=ad,cn=etc,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_views_search_base (string)" +msgstr "ipa_views_search_base (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" +"Необязательный параметр. Использовать указанную строку как базу поиска " +"контейнеров просмотра." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:524 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" +"По умолчанию: значение <emphasis>cn=views,cn=accounts,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:534 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" +"Имя области Kerberos. Это необязательный параметр, по умолчанию он имеет " +"значение <quote>ipa_domain</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:538 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" +"Имя области Kerberos имеет особое значение в IPA — оно преобразуется в base " +"DN, которое следует использовать для выполнения действий LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 +msgid "krb5_confd_path (string)" +msgstr "krb5_confd_path (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" +"Абсолютный путь к каталогу, в котором SSSD следует размещать фрагменты " +"конфигурации Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" +"Чтобы отключить создание фрагментов конфигурации, установите этот параметр в " +"значение «none»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" +"По умолчанию: не задано (подкаталог krb5.include.d каталога pubconf SSSD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:564 +msgid "ipa_deskprofile_refresh (integer)" +msgstr "ipa_deskprofile_refresh (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:567 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server. This will reduce the latency and load on the IPA server if there " +"are many desktop profiles requests made in a short period." +msgstr "" +"Временной интервал между сеансами поиска правил профилей рабочего стола на " +"сервере IPA. Это сократит задержки и нагрузку на сервер IPA, когда за " +"короткое время поступает много запросов на профили рабочего стола." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 +msgid "Default: 5 (seconds)" +msgstr "По умолчанию: 5 (секунд)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:580 +msgid "ipa_deskprofile_request_interval (integer)" +msgstr "ipa_deskprofile_request_interval (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:583 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server in case the last request did not return any rule." +msgstr "" +"Временной интервал между сеансами поиска правил профилей рабочего стола на " +"сервере IPA, если при последнем запросе не было возвращено ни одного правила." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:588 +msgid "Default: 60 (minutes)" +msgstr "По умолчанию: 60 (минут)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:594 +msgid "ipa_hbac_refresh (integer)" +msgstr "ipa_hbac_refresh (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:597 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" +"Временной интервал между сеансами поиска правил HBAC на сервере IPA. Это " +"сократит задержки и нагрузку на сервер IPA, когда за короткое время " +"поступает много запросов на управление доступом." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:610 +msgid "ipa_hbac_selinux (integer)" +msgstr "ipa_hbac_selinux (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:613 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" +"Временной интервал между сеансами поиска карт SELinux на сервере IPA. Это " +"сократит задержки и нагрузку на сервер IPA, когда за короткое время " +"поступает много запросов на вход пользователей." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:626 +msgid "ipa_server_mode (boolean)" +msgstr "ipa_server_mode (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "" +"This option will be set by the IPA installer (ipa-server-install) " +"automatically and denotes if SSSD is running on an IPA server or not." +msgstr "" +"Значение этого параметра будет задано автоматически установщиком IPA (ipa-" +"server-install). Оно определяет, работает SSSD на сервере IPA или нет." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:634 +msgid "" +"On an IPA server SSSD will lookup users and groups from trusted domains " +"directly while on a client it will ask an IPA server." +msgstr "" +"На сервере IPA SSSD выполняет поиск пользователей и групп из доверенных " +"доменов напрямую, но на клиенте SSSD отправит запрос серверу IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:639 +msgid "" +"NOTE: There are currently some assumptions that must be met when SSSD is " +"running on an IPA server." +msgstr "" +"ПРИМЕЧАНИЕ: необходимо соблюсти несколько условий, если SSSD работает на " +"сервере IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "" +"The <quote>ipa_server</quote> option must be configured to point to the IPA " +"server itself. This is already the default set by the IPA installer, so no " +"manual change is required." +msgstr "" +"Параметр <quote>ipa_server</quote> должен быть настроен так, чтобы он " +"указывал на сам сервер IPA. Такое стандартное значение уже задано " +"установщиком IPA, поэтому вносить изменения вручную не требуется." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:653 +msgid "" +"The <quote>full_name_format</quote> option must not be tweaked to only print " +"short names for users from trusted domains." +msgstr "" +"Параметр <quote>full_name_format</quote> не должен быть настроен таким " +"образом, чтобы отображались только краткие имена пользователей из доверенных " +"доменов." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:668 +msgid "ipa_automount_location (string)" +msgstr "ipa_automount_location (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:671 +msgid "The automounter location this IPA client will be using" +msgstr "" +"Расположение автоматического монтирования, которое будет использовать этот " +"клиент IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:674 +msgid "Default: The location named \"default\"" +msgstr "По умолчанию: расположение с именем «default»" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:682 +msgid "VIEWS AND OVERRIDES" +msgstr "ПРЕДСТАВЛЕНИЯ И ПЕРЕОПРЕДЕЛЕНИЯ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:691 +msgid "ipa_view_class (string)" +msgstr "ipa_view_class (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:694 +msgid "Objectclass of the view container." +msgstr "Класс объектов контейнера просмотра." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:697 +msgid "Default: nsContainer" +msgstr "По умолчанию: nsContainer" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:703 +msgid "ipa_view_name (string)" +msgstr "ipa_view_name (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:706 +msgid "Name of the attribute holding the name of the view." +msgstr "Имя атрибута, в котором хранится имя представления." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 +#: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 +#: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 +#: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 +msgid "Default: cn" +msgstr "По умолчанию: cn" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:716 +msgid "ipa_override_object_class (string)" +msgstr "ipa_override_object_class (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:719 +msgid "Objectclass of the override objects." +msgstr "Объектный класс переопределяемых объектов." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:722 +msgid "Default: ipaOverrideAnchor" +msgstr "По умолчанию: ipaOverrideAnchor" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:728 +msgid "ipa_anchor_uuid (string)" +msgstr "ipa_anchor_uuid (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:731 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" +"Имя атрибута, содержащего ссылку на исходный объект в удалённом домене." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:735 +msgid "Default: ipaAnchorUUID" +msgstr "По умолчанию: ipaAnchorUUID" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:741 +msgid "ipa_user_override_object_class (string)" +msgstr "ipa_user_override_object_class (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:744 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" +"Имя класса объектов для переопределений пользователя. Используется для того, " +"чтобы определить, связан ли найденный объект переопределения с пользователем " +"или группой." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:749 +msgid "User overrides can contain attributes given by" +msgstr "" +"Переопределения пользователя могут содержать атрибуты, указанные с помощью" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:752 +msgid "ldap_user_name" +msgstr "ldap_user_name" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:755 +msgid "ldap_user_uid_number" +msgstr "ldap_user_uid_number" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:758 +msgid "ldap_user_gid_number" +msgstr "ldap_user_gid_number" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:761 +msgid "ldap_user_gecos" +msgstr "ldap_user_gecos" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:764 +msgid "ldap_user_home_directory" +msgstr "ldap_user_home_directory" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:767 +msgid "ldap_user_shell" +msgstr "ldap_user_shell" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:770 +msgid "ldap_user_ssh_public_key" +msgstr "ldap_user_ssh_public_key" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:775 +msgid "Default: ipaUserOverride" +msgstr "По умолчанию: ipaUserOverride" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:781 +msgid "ipa_group_override_object_class (string)" +msgstr "ipa_group_override_object_class (строка)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:784 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" +"Имя класса объектов для переопределений группы. Используется для того, чтобы " +"определить, связан ли найденный объект переопределения с пользователем или " +"группой." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:789 +msgid "Group overrides can contain attributes given by" +msgstr "Переопределения группы могут содержать атрибуты, указанные с помощью" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:792 +msgid "ldap_group_name" +msgstr "ldap_group_name" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:795 +msgid "ldap_group_gid_number" +msgstr "ldap_group_gid_number" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:800 +msgid "Default: ipaGroupOverride" +msgstr "По умолчанию: ipaGroupOverride" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:684 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"SSSD может обрабатывать представления и переопределения, которые " +"предоставляет FreeIPA версии 4.1 и выше. Так как все пути и классы объектов " +"зафиксированы на стороне сервера, в целом нет необходимости в дополнительной " +"настройке. Для полноты картины далее перечислены соответствующие параметры и " +"их стандартные значения. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:812 +msgid "SUBDOMAINS PROVIDER" +msgstr "ПОСТАВЩИК ДАННЫХ ПОДДОМЕНОВ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:814 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" +"В зависимости от того, настроен ли поставщик данных поддоменов IPA явным или " +"неявным образом, его поведение будет немного отличаться." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:818 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" +"Если в разделе домена sssd.conf найден параметр «subdomains_provider = ipa», " +"поставщик данных поддоменов IPA настроен в явном виде, и при необходимости " +"все запросы поддоменов отправляются серверу IPA." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:824 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" +"Если в разделе домена sssd.conf не задан параметр «subdomains_provider», но " +"имеется параметр «id_provider = ipa», поставщик данных поддоменов IPA " +"настроен в неявном виде. В этом случае, если происходит ошибка запроса к " +"поддомену, которая указывает на то, что сервер не поддерживает поддомены, то " +"есть на нём не настроены отношения доверия, поставщик данных поддоменов IPA " +"будет отключён. Через час или после того, как поставщик данных IPA выходит в " +"сеть, поставщик данных поддоменов включается снова." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:835 +msgid "TRUSTED DOMAINS CONFIGURATION" +msgstr "КОНФИГУРАЦИЯ ДОВЕРЕННЫХ ДОМЕНОВ" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:843 +#, no-wrap +msgid "" +"[domain/ipa.domain.com/ad.domain.com]\n" +"ad_server = dc.ad.domain.com\n" +msgstr "" +"[domain/ipa.domain.com/ad.domain.com]\n" +"ad_server = dc.ad.domain.com\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:837 +msgid "" +"Some configuration options can also be set for a trusted domain. A trusted " +"domain configuration can be set using the trusted domain subsection as shown " +"in the example below. Alternatively, the <quote>subdomain_inherit</quote> " +"option can be used in the parent domain. <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Для доверенного домена также можно задать некоторые параметры конфигурации. " +"Настройку доверенного домена можно выполнить с помощью подраздела " +"доверенного домена, как показано в примере ниже. Либо можно воспользоваться " +"параметром <quote>subdomain_inherit</quote> в родительском домене. " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:848 +msgid "" +"For more details, see the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Дополнительные сведения доступны на справочной странице <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:855 +msgid "" +"Different configuration options are tunable for a trusted domain depending " +"on whether you are configuring SSSD on an IPA server or an IPA client." +msgstr "" +"Для доверенного домена можно выполнить тонкую настройку различных параметров " +"конфигурации в соответствии с тем, где настраивается SSSD: на сервере IPA " +"или на клиенте IPA." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:860 +msgid "OPTIONS TUNABLE ON IPA MASTERS" +msgstr "ПАРАМЕТРЫ, КОТОРЫЕ МОЖНО НАСТРОИТЬ НА ОСНОВНЫХ СЕРВЕРАХ IPA" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:862 +msgid "" +"The following options can be set in a subdomain section on an IPA master:" +msgstr "" +"В разделе поддомена на основном сервере IPA можно настроить следующие " +"параметры:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 +msgid "ad_server" +msgstr "ad_server" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:869 +msgid "ad_backup_server" +msgstr "ad_backup_server" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 +msgid "ad_site" +msgstr "ad_site" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:875 +msgid "ldap_search_base" +msgstr "ldap_search_base" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:878 +msgid "ldap_user_search_base" +msgstr "ldap_user_search_base" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:881 +msgid "ldap_group_search_base" +msgstr "ldap_group_search_base" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:890 +msgid "OPTIONS TUNABLE ON IPA CLIENTS" +msgstr "ПАРАМЕТРЫ, КОТОРЫЕ МОЖНО НАСТРОИТЬ НА КЛИЕНТАХ IPA" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:892 +msgid "" +"The following options can be set in a subdomain section on an IPA client:" +msgstr "" +"В разделе поддомена на клиенте IPA можно настроить следующие параметры:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:904 +msgid "" +"Note that if both options are set, only <quote>ad_server</quote> is " +"evaluated." +msgstr "" +"Обратите внимание: если заданы оба параметра, учитывается только " +"<quote>ad_server</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:908 +msgid "" +"Since any request for a user or a group identity from a trusted domain " +"triggered from an IPA client is resolved by the IPA server, the " +"<quote>ad_server</quote> and <quote>ad_site</quote> options only affect " +"which AD DC will the authentication be performed against. In particular, the " +"addresses resolved from these lists will be written to <quote>kdcinfo</" +"quote> files read by the Kerberos locator plugin. Please refer to the " +"<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more details on the " +"Kerberos locator plugin." +msgstr "" +"Так как любой запрос идентификационных данных пользователя или группы из " +"доверенного домена, который активирован клиентом IPA, разрешается сервером " +"IPA, параметры <quote>ad_server</quote> и <quote>ad_site</quote> влияют " +"только на то, на каком контроллере домена AD DC будет выполняться проверка " +"подлинности. В частности, полученные из этих списков адреса будут записаны в " +"файлы <quote>kdcinfo</quote>, чтение которых выполняет модуль локатора " +"Kerberos. Дополнительные сведения о модуле локатора Kerberos доступны на " +"справочной странице<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:932 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" +"В следующем примере предполагается, что конфигурация SSSD корректна и что " +"example.com — один из доменов в разделе <replaceable>[sssd]</replaceable>. В " +"примере показаны только параметры, относящиеся к поставщику данных IPA." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:939 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "sssd-ad" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "Поставщик Active Directory SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"На этой справочной странице представлено описание настройки поставщика " +"данных AD для <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. Подробные сведения о синтаксисе " +"доступны в разделе <quote>ФОРМАТ ФАЙЛА</quote> справочной страницы " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available. Back end communication occurs over a GSSAPI-encrypted " +"channel, SSL/TLS options should not be used with the AD provider and will be " +"superseded by Kerberos usage." +msgstr "" +"Поставщик данных AD — это внутренний сервер, который используется для " +"подключения к серверу Active Directory. Для работы этого поставщика " +"необходимо, чтобы компьютер был присоединён к домену AD и чтобы была " +"доступна таблица ключей. Обмен данными с внутренним сервером выполняется по " +"каналу с шифрованием GSSAPI. С поставщиком данных AD не следует использовать " +"параметры SSL/TLS, поскольку использование Kerberos будет иметь приоритет " +"над ними." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:44 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" +"Поставщик данных AD поддерживает подключение к Active Directory 2008 R2 или " +"выше. Работа с предшествующими версиями возможна, но не поддерживается." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:48 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" +"Поставщик данных AD может использоваться для получения данных пользователей " +"и проверки подлинности пользователей из доверенных доменов. В настоящее " +"время распознаются только домены, находящиеся в одном и том же лесу. Кроме " +"того, серверы из доверенных доменов всегда обнаруживаются автоматически." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:54 +msgid "" +"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for Active Directory environments. The AD provider accepts the " +"same options used by the sssd-ldap and sssd-krb5 providers with some " +"exceptions. However, it is neither necessary nor recommended to set these " +"options." +msgstr "" +"Поставщик данных AD позволяет SSSD использовать поставщика данных " +"идентификации <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> и поставщика данных проверки " +"подлинности <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> с оптимизацией для сред Active " +"Directory. Поставщик данных AD принимает те же параметры, которые " +"используются поставщиками sssd-ldap и sssd-krb5 providers, за некоторыми " +"исключениями. Но установка этих параметров не является ни необходимой, ни " +"рекомендуемой." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"The AD provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" +"Поставщик данных AD в основном копирует стандартные параметры традиционных " +"поставщиков данных ldap и krb5, за некоторыми исключениями. Список различий " +"доступен в разделе <quote>ИЗМЕНЁННЫЕ СТАНДАРТНЫЕ ПАРАМЕТРЫ</quote>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:74 +msgid "" +"The AD provider can also be used as an access, chpass, sudo and autofs " +"provider. No configuration of the access provider is required on the client " +"side." +msgstr "" +"Поставщик данных AD также может использоваться в качестве поставщика данных " +"управления доступом, chpass, sudo и autofs. Конфигурация поставщика доступа " +"на стороне клиента не требуется." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:79 +msgid "" +"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ad</" +"quote>." +msgstr "" +"Если в sssd.conf указано <quote>auth_provider=ad</quote> или " +"<quote>access_provider=ad</quote>, параметр id_provider тоже необходимо " +"установить в значение <quote>ad</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:91 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" +"ldap_id_mapping = False\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:85 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should " +"be used, it is recommended for performance reasons that the attributes are " +"also replicated to the Global Catalog. If POSIX attributes are replicated, " +"SSSD will attempt to locate the domain of a requested numerical ID with the " +"help of the Global Catalog and only search that domain. In contrast, if " +"POSIX attributes are not replicated to the Global Catalog, SSSD must search " +"all the domains in the forest sequentially. Please note that the " +"<quote>cache_first</quote> option might be also helpful in speeding up " +"domainless searches. Note that if only a subset of POSIX attributes is " +"present in the Global Catalog, the non-replicated attributes are currently " +"not read from the LDAP port." +msgstr "" +"По умолчанию поставщик данных AD сопоставляет значения UID и GID из " +"параметра objectSID в Active Directory. Подробные сведения об этом доступны " +"в разделе <quote>СОПОСТАВЛЕНИЕ ИДЕНТИФИКАТОРОВ</quote> ниже. Если требуется " +"отключить сопоставление идентификаторов и полагаться на атрибуты POSIX, " +"определённые в Active Directory, следует указать <placeholder " +"type=\"programlisting\" id=\"0\"/> Если должны быть использованы атрибуты " +"POSIX, в целях повышения производительности рекомендуется также " +"реплицировать эти атрибуты в глобальный каталог. Если атрибуты POSIX " +"реплицируются, SSSD попытается найти домен по числовому идентификатору из " +"запроса с помощью глобального каталога и выполнит поиск в этом домене. Если " +"же атрибуты POSIX не реплицируются в глобальный каталог, SSSD придётся " +"последовательно выполнить поиск во всех доменах в лесу. Обратите внимание, " +"что для ускорения поиска без доменов также может быть полезным использование " +"параметра <quote>cache_first</quote>. Учтите, что если в глобальном " +"каталоге присутствует только подмножество атрибутов POSIX, из порта LDAP не " +"будет выполняться чтение нереплицированных атрибутов." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:108 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" +"Регистр записей пользователей, групп и других сущностей, обслуживаемых SSSD, " +"никогда не учитывается поставщиком данных AD в целях обеспечения " +"совместимости с реализацией LDAP Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:113 +msgid "" +"SSSD only resolves Active Directory Security Groups. For more information " +"about AD group types see: <ulink url=\"https://docs.microsoft.com/en-us/" +"windows-server/identity/ad-ds/manage/understand-security-groups\"> Active " +"Directory security groups</ulink>" +msgstr "" +"SSSD разрешает только группы безопасности Active Directory. Дополнительные " +"сведения о типах групп AD см. в разделе <ulink url=\"https://docs.microsoft." +"com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups\"> " +"Группы безопасности Active Directory</ulink>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:120 +msgid "" +"SSSD filters out Domain Local groups from remote domains in the AD forest. " +"By default they are filtered out e.g. when following a nested group " +"hierarchy in remote domains because they are not valid in the local domain. " +"This is done to be in agreement with Active Directory's group-membership " +"assignment which can be seen in the PAC of the Kerberos ticket of a user " +"issued by Active Directory." +msgstr "" +"SSSD отфильтровывает локальные для домена группы от удалённых доменов в лесу " +"AD. По умолчанию группы будут отфильтрованы (например, при следовании по " +"иерархии вложенных групп в удалённых доменах), так не являются " +"действительными в локальном домене. Это сделано для обеспечения " +"согласованности с назначением групп и участия в них Active Directory, " +"которое можно увидеть в PAC билете Kerberos пользователя, выданного Active " +"Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:138 +msgid "ad_domain (string)" +msgstr "ad_domain (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:141 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" +"Позволяет указать имя домена Active Directory. Это необязательно. Если имя " +"не указано, используется имя домена в конфигурации." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:146 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" +"Для корректной работы этот параметр следует указывать в формате записи " +"полной версии имени домена Active Directory в нижнем регистре." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:151 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" +"Краткое имя домена (также называется именем NetBIOS или плоским именем) " +"автоматически определяется SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:158 +msgid "ad_enabled_domains (string)" +msgstr "ad_enabled_domains (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:161 +#, fuzzy +#| msgid "" +#| "A comma-separated list of enabled Active Directory domains. If provided, " +#| "SSSD will ignore any domains not listed in this option. If left unset, " +#| "all domains from the AD forest will be available." +msgid "" +"A comma-separated list of enabled Active Directory domains. If provided, " +"SSSD will ignore any domains not listed in this option. If left unset, all " +"discovered domains from the AD forest will be available." +msgstr "" +"Разделённый запятыми список включённых доменов Active Directory. Если он " +"предоставлен, SSSD будет игнорировать все домены, отсутствующие в этом " +"списке. Если параметр не задан, будут доступны все домены из леса AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:168 +msgid "" +"During the discovery of the domains SSSD will filter out some domains where " +"flags or attributes indicate that they do not belong to the local forest or " +"are not trusted. If ad_enabled_domains is set, SSSD will try to enable all " +"listed domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:179 +#, no-wrap +msgid "" +"ad_enabled_domains = sales.example.com, eng.example.com\n" +" " +msgstr "" +"ad_enabled_domains = sales.example.com, eng.example.com\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:175 +msgid "" +"For proper operation, this option must be specified in all lower-case and as " +"the fully qualified domain name of the Active Directory domain. For example: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Для корректной работы этот параметр должен быть указан полностью в нижнем " +"регистре и как полное доменное имя домена Active Directory. Например: " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) will be " +"autodetected by SSSD." +msgstr "" +"Краткое имя домена (также называется именем NetBIOS или плоским именем) " +"будет автоматически определено SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:193 +msgid "ad_server, ad_backup_server (string)" +msgstr "ad_server, ad_backup_server (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:196 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" +"Разделённый запятыми список имён узлов серверов AD, к которым SSSD следует " +"подключаться в порядке приоритета. Дополнительные сведения об отработке " +"отказа и избыточности сервера доступны в разделе <quote>ОТРАБОТКА ОТКАЗА</" +"quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:203 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"Этот параметр является необязательным, если включено автоматическое " +"обнаружение служб. Дополнительные сведения об обнаружении служб доступны в " +"разделе <quote>ОБНАРУЖЕНИЕ СЛУЖБ</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:208 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" +"Примечание: доверенные домены всегда автоматически обнаруживают серверы, " +"даже если в параметре ad_server явно определён основной сервер." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:216 +msgid "ad_hostname (string)" +msgstr "ad_hostname (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:219 +msgid "" +"Optional. On machines where the hostname(5) does not reflect the fully " +"qualified name, sssd will try to expand the short name. If it is not " +"possible or the short name should be really used instead, set this parameter " +"explicitly." +msgstr "" +"Необязательный параметр. На компьютерах, где hostname(5) не содержит полное " +"имя, sssd будет пытаться расширить краткое имя. Если это невозможно или если " +"следует использовать именно краткое имя, необходимо явно указать этот " +"параметр." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:226 +msgid "" +"This field is used to determine the host principal in use in the keytab and " +"to perform dynamic DNS updates. It must match the hostname for which the " +"keytab was issued." +msgstr "" +"Это поле используется для определения используемого участника-узла в таблице " +"ключей и выполнения динамических обновлений DNS. Его значение должно " +"соответствовать имени узла, для которого была выпущена таблица ключей." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:235 +msgid "ad_enable_dns_sites (boolean)" +msgstr "ad_enable_dns_sites (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" +"Если этот параметр установлен в значение «true» и включено обнаружение служб " +"(смотрите абзац об обнаружении служб в нижней части справочной страницы), " +"SSSD сначала попытается обнаружить сервер Active Directory, к которому " +"следует подключиться, с помощью возможности обнаружения сайтов Active " +"Directory, а затем, если сайт AD не удастся найти, будет использовать записи " +"SRV DNS. Конфигурация SRV DNS, включая домен обнаружения, используется также " +"и при обнаружении сайтов." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:258 +msgid "ad_access_filter (string)" +msgstr "ad_access_filter (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:261 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" +"Этот параметр позволяет указать фильтр управления доступом LDAP, условиям " +"которого должен соответствовать пользователь для получения доступа. Обратите " +"внимание, что этот параметр будет работать только в том случае, если " +"параметр <quote>access_provider</quote> явно установлен в значение " +"<quote>ad</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:269 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" +"Этот параметр также поддерживает указание разных фильтров для отдельных " +"доменов или лесов. Такой расширенный фильтр имеет следующий формат: " +"<quote>KEYWORD:NAME:FILTER</quote>. Ключевым словом может быть <quote>DOM</" +"quote> или <quote>FOREST</quote>, а также оно может отсутствовать." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:277 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" +"Если в качестве ключевого слова используется <quote>DOM</quote> или если " +"ключевое слово не указано, <quote>NAME</quote> указывает домен или поддомен, " +"к которому применяется фильтр. Если в качестве ключевого слова используется " +"<quote>FOREST</quote>, фильтр применяется ко всем доменам из леса, " +"указанного значением <quote>NAME</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:285 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" +"Несколько фильтров можно разделить с помощью символа <quote>?</quote>, " +"аналогично работе баз поиска." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"Nested group membership must be searched for using a special OID " +"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain." +"example.org: syntax to ensure the parser does not attempt to interpret the " +"colon characters associated with the OID. If you do not use this OID then " +"nested group membership will not be resolved. See usage example below and " +"refer here for further information about the OID: <ulink url=\"https://msdn." +"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP " +"extensions</ulink>" +msgstr "" +"Поиск участия во вложенных группах выполняется с помощью специального OID " +"<quote>:1.2.840.113556.1.4.1941:</quote> в дополнение к полной " +"синтаксической конструкции DOM:domain.example.org:, чтобы средство обработки " +"не пыталось интерпретировать символы двоеточия, связанные с OID. Без " +"использования этого OID разрешение участия во вложенных группах не будет " +"выполняться. Пример использования приводится ниже, а дополнительные сведения " +"о OID доступны <ulink url=\"https://msdn.microsoft.com/en-us/library/" +"cc223367.aspx\">в разделе технической спецификации Active Directory MS, " +"посвящённом расширениям LDAP</ulink>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:303 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" +"Всегда используется совпадение с наивысшим уровнем соответствия. Например, " +"если с помощью параметра задан фильтр для домена, участником которого " +"является пользователь, и глобальный фильтр, будет применяться фильтр для " +"домена. Если имеется несколько совпадений с одинаковым уровнем соответствия, " +"будет использоваться первое из них." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:314 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +"\n" +"# apply filter for a member of a nested group in dom1:\n" +"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" +"# применить фильтр только для домена с именем dom1:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# применить фильтр только для домена с именем dom2:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# применить фильтр только для леса с именем EXAMPLE.COM:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +"\n" +"# применить фильтр для участника вложенной группы в dom1:\n" +"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:333 +msgid "ad_site (string)" +msgstr "ad_site (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" +"Позволяет указать сайт AD, к которому клиенту следует попытаться " +"подключиться. Если этот параметр не указан, обнаружение сайта AD будет " +"выполнено автоматически." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:347 +msgid "ad_enable_gc (boolean)" +msgstr "ad_enable_gc (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:350 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" +"По умолчанию SSSD сначала подключается к глобальному каталогу для получения " +"данных пользователей из доверенных доменов, а порт LDAP используется для " +"получения данных об участии в группах или в качестве резервного способа. " +"Если этот параметр отключён, SSSD будет подключаться только к порту LDAP " +"текущего сервера AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:358 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" +"Обратите внимание, что отключение глобального каталога не отключает " +"получение данных пользователей из доверенных доменов. SSSD просто будет " +"подключаться к порту LDAP доверенных доменов. Тем не менее, для разрешения " +"данных о междоменном участии в группах необходимо использовать глобальный " +"каталог." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:372 +msgid "ad_gpo_access_control (string)" +msgstr "ad_gpo_access_control (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" +"Этот параметр позволяет указать режим работы функциональной возможности " +"управления доступом на основе GPO: отключённый, принудительный или " +"разрешительный. Обратите внимание, что для работы этого параметра необходимо " +"явно установить параметр <quote>access_provider</quote> в значение " +"<quote>ad</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:384 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to the host. For more " +"information on the supported policy settings please refer to the " +"<quote>ad_gpo_map</quote> options." +msgstr "" +"Функциональная возможность управления доступом на основе GPO использует " +"параметры политики GPO для определения того, разрешён ли конкретному " +"пользователю вход на узел. Дополнительные сведения о поддерживаемых " +"параметрах политики доступны в описании параметров <quote>ad_gpo_map</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:392 +msgid "" +"Please note that current version of SSSD does not support Active Directory's " +"built-in groups. Built-in groups (such as Administrators with SID " +"S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See " +"upstream issue tracker https://github.com/SSSD/sssd/issues/5063 ." +msgstr "" +"Обратите внимание, что текущая версия SSSD не поддерживает встроенные группы " +"Active Directory. Встроенные группы (например, Administrators с SID " +"S-1-5-32-544) в правилах управления доступом GPO будут проигнорированы SSSD. " +"Подробные сведения доступны в системе отслеживания ошибок: https://github." +"com/SSSD/sssd/issues/5063 ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:401 +msgid "" +"Before performing access control SSSD applies group policy security " +"filtering on the GPOs. For every single user login, the applicability of the " +"GPOs that are linked to the host is checked. In order for a GPO to apply to " +"a user, the user or at least one of the groups to which it belongs must have " +"following permissions on the GPO:" +msgstr "" +"Перед осуществлением управления доступом SSSD применяет к GPO фильтр " +"безопасности групповой политики. Для входа каждого пользователя проверяется " +"применимость GPO, связанных с узлом. Чтобы GPO применялся к пользователю, " +"пользователь или хотя бы одна из групп, участником которых он является, " +"должна обладать следующими правами GPO:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:411 +msgid "" +"Read: The user or one of its groups must have read access to the properties " +"of the GPO (RIGHT_DS_READ_PROPERTY)" +msgstr "" +"Read: пользователь или одна из его групп должна обладать правом чтения " +"свойств GPO (RIGHT_DS_READ_PROPERTY)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:418 +msgid "" +"Apply Group Policy: The user or at least one of its groups must be allowed " +"to apply the GPO (RIGHT_DS_CONTROL_ACCESS)." +msgstr "" +"Apply Group Policy: пользователю или хотя бы одной из его групп должно быть " +"разрешено применять GPO (RIGHT_DS_CONTROL_ACCESS)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:426 +msgid "" +"By default, the Authenticated Users group is present on a GPO and this group " +"has both Read and Apply Group Policy access rights. Since authentication of " +"a user must have been completed successfully before GPO security filtering " +"and access control are started, the Authenticated Users group permissions on " +"the GPO always apply also to the user." +msgstr "" +"По умолчанию в GPO присутствует группа Authenticated Users. Она обладает как " +"правом доступа Read, так и правом доступа Apply Group Policy. Так как " +"проверка подлинности пользователя должна успешно завершиться до того, как " +"будет применён фильтр безопасности и начато управление доступом на основе " +"GPO, этот пользователю всегда будет обладать правами группы Authenticated " +"Users GPO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:435 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing. For logging GPO-based access control debug level 'trace " +"functions' is required (see <citerefentry> <refentrytitle>sssctl</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)." +msgstr "" +"ПРИМЕЧАНИЕ: если в качестве режим работы выбран принудительный режим, " +"возможно, что пользователям, которым был ранее разрешён доступ для входа, " +"теперь будет отказано в доступе для входа (согласно параметрам политики " +"GPO). Чтобы облегчить переход на новую систему, для администраторов " +"предусмотрен разрешительный режим: правила управления доступом не " +"применяются в принудительном порядке. Программа просто проверяет " +"соответствие этим правилам и выводит в системный журнал сообщение в случае " +"отказа в доступе. Просмотрев этот журнал, администраторы смогут внести " +"необходимые изменения, а затем включить принудительный режим. Для ведения " +"журнала управления доступом на основе GPO необходимо включить уровень " +"отладки «трассировка функций» (см. справочную страницу <citerefentry> " +"<refentrytitle>sssctl</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "There are three supported values for this option:" +msgstr "Для этого параметра поддерживаются три значения:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:458 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" +"disabled: не осуществляется ни проверка соответствия правилам управления " +"доступом на основе GPO, ни их принудительное применение." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:464 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" +"enforcing: осуществляется проверка соответствия правилам управления доступом " +"на основе GPO и их принудительное применение." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:470 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" +"permissive: осуществляется проверка соответствия правилам управления " +"доступом на основе GPO, но не их принудительное применение. Вместо этого " +"создаётся сообщение системного журнала, означающее, что пользователю было бы " +"отказано в доступе, если бы в качестве значения этого параметра был задан " +"принудительный режим." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:481 +msgid "Default: permissive" +msgstr "По умолчанию: permissive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:484 +msgid "Default: enforcing" +msgstr "По умолчанию: enforcing" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:490 +msgid "ad_gpo_implicit_deny (boolean)" +msgstr "ad_gpo_implicit_deny (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:493 +msgid "" +"Normally when no applicable GPOs are found the users are allowed access. " +"When this option is set to True users will be allowed access only when " +"explicitly allowed by a GPO rule. Otherwise users will be denied access. " +"This can be used to harden security but be careful when using this option " +"because it can deny access even to users in the built-in Administrators " +"group if no GPO rules apply to them." +msgstr "" +"Обычно пользователям разрешается доступ, если применимые GPO не найдены. " +"Когда этот параметр установлен в значение «True», пользователям будет " +"разрешён доступ только в том случае, если это явно разрешено правилом GPO. В " +"ином случае пользователям будет отказано в доступе. Это можно сделать для " +"усиления защиты, но следует использовать этот параметр с осторожностью: " +"возможен отказ в доступе даже тем пользователям, которые состоят во " +"встроенной группе Administrators, если к ним не применяются правила GPO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:509 +msgid "" +"The following 2 tables should illustrate when a user is allowed or rejected " +"based on the allow and deny login rights defined on the server-side and the " +"setting of ad_gpo_implicit_deny." +msgstr "" +"В следующих двух таблицах показано, когда пользователю будет разрешён или " +"запрещён доступ на основе прав разрешения или запрета входа, которые " +"определены на стороне сервера, и установленного значения " +"ad_gpo_implicit_deny." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:521 +msgid "ad_gpo_implicit_deny = False (default)" +msgstr "ad_gpo_implicit_deny = False (по умолчанию)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "allow-rules" +msgstr "правила разрешения" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "deny-rules" +msgstr "правила запрета" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:523 sssd-ad.5.xml:549 +msgid "results" +msgstr "результат" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:526 sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:552 +#: sssd-ad.5.xml:555 sssd-ad.5.xml:558 +msgid "missing" +msgstr "отсутствуют" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:527 +msgid "all users are allowed" +msgstr "доступ разрешён всем пользователям" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:535 sssd-ad.5.xml:555 +#: sssd-ad.5.xml:558 sssd-ad.5.xml:561 +msgid "present" +msgstr "присутствуют" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:530 +msgid "only users not in deny-rules are allowed" +msgstr "доступ разрешён только пользователям, отсутствующим в правилах запрета" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:533 sssd-ad.5.xml:559 +msgid "only users in allow-rules are allowed" +msgstr "" +"доступ разрешён только пользователям, присутствующим в правилах разрешения" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:536 sssd-ad.5.xml:562 +msgid "only users in allow-rules and not in deny-rules are allowed" +msgstr "" +"доступ разрешён только пользователям, присутствующим в правилах разрешения и " +"отсутствующим в правилах запрета" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:547 +msgid "ad_gpo_implicit_deny = True" +msgstr "ad_gpo_implicit_deny = True" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:553 sssd-ad.5.xml:556 +msgid "no users are allowed" +msgstr "доступ запрещён всем пользователям" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:569 +msgid "ad_gpo_ignore_unreadable (boolean)" +msgstr "ad_gpo_ignore_unreadable (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:572 +msgid "" +"Normally when some group policy containers (AD object) of applicable group " +"policy objects are not readable by SSSD then users are denied access. This " +"option allows to ignore group policy containers and with them associated " +"policies if their attributes in group policy containers are not readable for " +"SSSD." +msgstr "" +"Обычно пользователям запрещён доступ, когда некоторые контейнеры групповой " +"политики (объекта AD) соответствующих объектов групповой политики недоступны " +"для чтения SSSD. Этот параметр позволяет игнорировать контейнеры групповой " +"политики, а также связанные с ними политики, если их атрибуты в контейнерах " +"групповой политики недоступны для чтения SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:589 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "ad_gpo_cache_timeout (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" +"Временной интервал между сеансами поиска файлов политики GPO на сервере AD. " +"Это сократит задержки и нагрузку на сервер AD, когда за короткое время " +"поступает много запросов на управление доступом." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:605 +msgid "ad_gpo_map_interactive (string)" +msgstr "ad_gpo_map_interactive (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:608 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings. Only those GPOs are evaluated " +"for which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny interactive logon setting for the user or one of its groups, the user " +"is denied local access. If none of the evaluated GPOs has an interactive " +"logon right defined, the user is granted local access. If at least one " +"evaluated GPO contains interactive logon right settings, the user is granted " +"local access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" +"Разделённый запятыми список имён служб PAM, для которых проверка " +"соответствия правилам управления доступом на основе GPO осуществляется на " +"основе параметров политики InteractiveLogonRight и " +"DenyInteractiveLogonRight. Обрабатываются только те GPO, на доступ к которым " +"у пользователя есть права Read и Apply Group Policy (смотрите описание " +"параметра <quote>ad_gpo_access_control</quote>). Если обработанный GPO " +"содержит параметр запрета интерактивного входа для пользователя или одной из " +"его групп, пользователю будет отказано в локальном доступе. Если ни в одном " +"из обработанных GPO нет определённого права интерактивного входа, " +"пользователю будет разрешён локальный доступ. Если хотя бы один обработанный " +"GPO содержит параметры права интерактивного входа, пользователю будет " +"разрешён только локальный доступ, если он или хотя бы одна из его групп " +"являются частью параметров политики." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:626 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" +"Примечание: в редакторе управления групповыми политиками это значение " +"называется «Разрешить локальный вход» («Allow log on locally») и «Запретить " +"локальный вход» («Deny log on locally»)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:640 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:631 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Можно добавить имя ещё одной службы PAM в стандартный набор с помощью " +"<quote>+service_name</quote>. Также можно явно удалить имя службы PAM из " +"стандартного набора с помощью <quote>-service_name</quote>. Например, чтобы " +"заменить стандартное имя службы PAM для этого права входа (например, " +"<quote>login</quote>) на пользовательское имя службы PAM (например, " +"<quote>my_pam_service</quote>), необходимо использовать следующую " +"конфигурацию: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:663 +msgid "gdm-fingerprint" +msgstr "gdm-fingerprint" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:683 +msgid "lightdm" +msgstr "lightdm" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:688 +msgid "lxdm" +msgstr "lxdm" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:693 +msgid "sddm" +msgstr "sddm" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:698 +msgid "unity" +msgstr "unity" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:703 +msgid "xdm" +msgstr "xdm" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:712 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "ad_gpo_map_remote_interactive (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:715 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings. Only those GPOs are " +"evaluated for which the user has Read and Apply Group Policy permission (see " +"option <quote>ad_gpo_access_control</quote>). If an evaluated GPO contains " +"the deny remote logon setting for the user or one of its groups, the user is " +"denied remote interactive access. If none of the evaluated GPOs has a " +"remote interactive logon right defined, the user is granted remote access. " +"If at least one evaluated GPO contains remote interactive logon right " +"settings, the user is granted remote access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" +"Разделённый запятыми список имён служб PAM, для которых проверка " +"соответствия правилам управления доступом на основе GPO осуществляется на " +"основе параметров политики RemoteInteractiveLogonRight и " +"DenyRemoteInteractiveLogonRight. Обрабатываются только те GPO, на доступ к " +"которым у пользователя есть права Read и Apply Group Policy (смотрите " +"описание параметра <quote>ad_gpo_access_control</quote>). Если обработанный " +"GPO содержит параметр запрета удалённого входа для пользователя или одной из " +"его групп, пользователю будет отказано в удалённом интерактивном доступе. " +"Если ни в одном из обработанных GPO нет определённого права удалённого " +"интерактивного входа, пользователю будет разрешён удалённый доступ. Если " +"хотя бы один обработанный GPO содержит параметры права удалённого " +"интерактивного входа, пользователю будет разрешён только удалённый доступ, " +"если он или хотя бы одна из его групп являются частью параметров политики." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:734 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" +"Примечание: в редакторе управления групповыми политиками это значение " +"называется «Разрешить вход через службы удалённых рабочих столов» («Allow " +"log on through Remote Desktop Services») и «Запретить вход через службы " +"удалённых рабочих столов» («Deny log on through Remote Desktop Services»)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:749 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:740 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Можно добавить имя ещё одной службы PAM в стандартный набор с помощью " +"<quote>+service_name</quote>. Также можно явно удалить имя службы PAM из " +"стандартного набора с помощью <quote>-service_name</quote>. Например, чтобы " +"заменить стандартное имя службы PAM для этого права входа (например, " +"<quote>sshd</quote>) на пользовательское имя службы PAM (например, " +"<quote>my_pam_service</quote>), необходимо использовать следующую " +"конфигурацию: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:757 +msgid "sshd" +msgstr "sshd" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:762 +msgid "cockpit" +msgstr "cockpit" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:771 +msgid "ad_gpo_map_network (string)" +msgstr "ad_gpo_map_network (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny network logon setting for the user or one of its groups, the user is " +"denied network logon access. If none of the evaluated GPOs has a network " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains network logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" +"Разделённый запятыми список имён служб PAM, для которых проверка " +"соответствия правилам управления доступом на основе GPO осуществляется на " +"основе параметров политики NetworkLogonRight и DenyNetworkLogonRight. " +"Обрабатываются только те GPO, на доступ к которым у пользователя есть права " +"Read и Apply Group Policy (смотрите описание параметра " +"<quote>ad_gpo_access_control</quote>). Если обработанный GPO содержит " +"параметр запрета входа в сеть для пользователя или одной из его групп, " +"пользователю будет отказано в доступе для входа в сеть. Если ни в одном из " +"обработанных GPO нет определённого права входа в сеть, пользователю будет " +"разрешён доступ для входа. Если хотя бы один обработанный GPO содержит " +"параметры права входа в сеть, пользователю будет разрешён только доступ для " +"входа, если он или хотя бы одна из его групп являются частью параметров " +"политики." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:792 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" +"Примечание: в редакторе управления групповыми политиками это значение " +"называется «Разрешить доступ к компьютеру из сети» («Access this computer " +"from the network») и «Запретить доступ к компьютеру из сети» («Deny access " +"to this computer from the network»)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:807 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:798 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Можно добавить имя ещё одной службы PAM в стандартный набор с помощью " +"<quote>+service_name</quote>. Также можно явно удалить имя службы PAM из " +"стандартного набора с помощью <quote>-service_name</quote>. Например, чтобы " +"заменить стандартное имя службы PAM для этого права входа (например, " +"<quote>ftp</quote>) на пользовательское имя службы PAM (например, " +"<quote>my_pam_service</quote>), необходимо использовать следующую " +"конфигурацию: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:815 +msgid "ftp" +msgstr "ftp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:820 +msgid "samba" +msgstr "samba" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:829 +msgid "ad_gpo_map_batch (string)" +msgstr "ad_gpo_map_batch (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:832 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings. Only those GPOs are evaluated for which the user has Read " +"and Apply Group Policy permission (see option <quote>ad_gpo_access_control</" +"quote>). If an evaluated GPO contains the deny batch logon setting for the " +"user or one of its groups, the user is denied batch logon access. If none " +"of the evaluated GPOs has a batch logon right defined, the user is granted " +"logon access. If at least one evaluated GPO contains batch logon right " +"settings, the user is granted logon access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" +"Разделённый запятыми список имён служб PAM, для которых проверка " +"соответствия правилам управления доступом на основе GPO осуществляется на " +"основе параметров политики BatchLogonRight и DenyBatchLogonRight. " +"Обрабатываются только те GPO, на доступ к которым у пользователя есть права " +"Read и Apply Group Policy (смотрите описание параметра " +"<quote>ad_gpo_access_control</quote>). Если обработанный GPO содержит " +"параметр запрета пакетного входа для пользователя или одной из его групп, " +"пользователю будет отказано в доступе для пакетного входа. Если ни в одном " +"из обработанных GPO нет определённого права пакетного входа, пользователю " +"будет разрешён доступ для входа. Если хотя бы один обработанный GPO содержит " +"параметры права пакетного входа, пользователю будет разрешён только доступ " +"для входа, если он или хотя бы одна из его групп являются частью параметров " +"политики." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:850 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" +"Примечание: в редакторе управления групповыми политиками это значение " +"называется «Разрешить вход в качестве пакетного задания» («Allow log on as a " +"batch job») и «Запретить вход в качестве пакетного задания» («Deny log on as " +"a batch job»)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:864 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:855 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Можно добавить имя ещё одной службы PAM в стандартный набор с помощью " +"<quote>+service_name</quote>. Также можно явно удалить имя службы PAM из " +"стандартного набора с помощью <quote>-service_name</quote>. Например, чтобы " +"заменить стандартное имя службы PAM для этого права входа (например, " +"<quote>crond</quote>) на пользовательское имя службы PAM (например, " +"<quote>my_pam_service</quote>), необходимо использовать следующую " +"конфигурацию: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:867 +msgid "" +"Note: Cron service name may differ depending on Linux distribution used." +msgstr "" +"Примечание: имя службы cron может различаться в зависимости от используемого " +"дистрибутива Linux." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:873 +msgid "crond" +msgstr "crond" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:882 +msgid "ad_gpo_map_service (string)" +msgstr "ad_gpo_map_service (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:885 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny service logon setting for the user or one of its groups, the user is " +"denied service logon access. If none of the evaluated GPOs has a service " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains service logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" +"Разделённый запятыми список имён служб PAM, для которых проверка " +"соответствия правилам управления доступом на основе GPO осуществляется на " +"основе параметров политики ServiceLogonRight и DenyServiceLogonRight. " +"Обрабатываются только те GPO, на доступ к которым у пользователя есть права " +"Read и Apply Group Policy (смотрите описание параметра " +"<quote>ad_gpo_access_control</quote>). Если обработанный GPO содержит " +"параметр запрета входа службы для пользователя или одной из его групп, " +"пользователю будет отказано в доступе для входа службы. Если ни в одном из " +"обработанных GPO нет определённого права входа службы, пользователю будет " +"разрешён доступ для входа. Если хотя бы один обработанный GPO содержит " +"параметры права входа службы, пользователю будет разрешён только доступ для " +"входа, если он или хотя бы одна из его групп являются частью параметров " +"политики." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:903 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" +"Примечание: в редакторе управления групповыми политиками это значение " +"называется «Разрешить вход в качестве службы» («Allow log on as a service») " +"и «Запретить вход в качестве службы» («Deny log on as a service»)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:916 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" +"ad_gpo_map_service = +my_pam_service\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:908 sssd-ad.5.xml:983 +msgid "" +"It is possible to add a PAM service name to the default set by using " +"<quote>+service_name</quote>. Since the default set is empty, it is not " +"possible to remove a PAM service name from the default set. For example, in " +"order to add a custom pam service name (e.g. <quote>my_pam_service</quote>), " +"you would use the following configuration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Можно добавить имя службы PAM в стандартный набор с помощью " +"<quote>+service_name</quote>. Так как стандартный набор является пустым, из " +"него невозможно удалить имя службы PAM. Например, чтобы добавить " +"пользовательское имя службы PAM (например, <quote>my_pam_service</quote>), " +"необходимо использовать следующую конфигурацию: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:926 +msgid "ad_gpo_map_permit (string)" +msgstr "ad_gpo_map_permit (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:929 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" +"Разделённый запятыми список имён служб PAM, которым всегда предоставляется " +"доступ на основе GPO, независимо от прав входа GPO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:943 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:934 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Можно добавить имя ещё одной службы PAM в стандартный набор с помощью " +"<quote>+service_name</quote>. Также можно явно удалить имя службы PAM из " +"стандартного набора с помощью <quote>-service_name</quote>. Например, чтобы " +"заменить стандартное имя службы PAM для безусловно разрешённого доступа " +"(например, <quote>sudo</quote>) на пользовательское имя службы PAM " +"(например, <quote>my_pam_service</quote>), необходимо использовать следующую " +"конфигурацию: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:951 +msgid "polkit-1" +msgstr "polkit-1" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:966 +msgid "systemd-user" +msgstr "systemd-user" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:975 +msgid "ad_gpo_map_deny (string)" +msgstr "ad_gpo_map_deny (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:978 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" +"Разделённый запятыми список имён служб PAM, которым всегда запрещается " +"доступ на основе GPO, независимо от прав входа GPO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:991 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" +"ad_gpo_map_deny = +my_pam_service\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1001 +msgid "ad_gpo_default_right (string)" +msgstr "ad_gpo_default_right (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1004 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" +"Этот параметр определяет, как обрабатываются правила управления доступом для " +"имён служб PAM, которые явно не указаны в одном из параметров ad_gpo_map_*. " +"Этот параметр можно установить двумя разными способами. Первый: с помощью " +"этого параметра можно задать использование стандартного права входа. " +"Например, установка этого параметра в значение «interactive» означает, что " +"несопоставленные имена служб PAM будут обрабатываться на основе параметров " +"политики InteractiveLogonRight и DenyInteractiveLogonRight. Второй: с " +"помощью этого параметра можно указать всегда разрешать или всегда запрещать " +"доступ для несопоставленных имён служб PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1017 +msgid "Supported values for this option include:" +msgstr "Для этого параметра поддерживаются следующие значения:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1026 +msgid "remote_interactive" +msgstr "remote_interactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1031 +msgid "network" +msgstr "network" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1036 +msgid "batch" +msgstr "batch" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1041 +msgid "service" +msgstr "service" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1046 +msgid "permit" +msgstr "permit" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1051 +msgid "deny" +msgstr "deny" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1057 +msgid "Default: deny" +msgstr "По умолчанию: deny" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1063 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "ad_maximum_machine_account_password_age (целое число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1066 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" +"SSSD будет раз в день проверять, не превышен ли указанный возраст (в днях) " +"пароля учётной записи компьютера, и в случае превышения попытается обновить " +"его. Значение «0» отключает попытку обновления." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1072 +msgid "Default: 30 days" +msgstr "По умолчанию: 30 дней" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1078 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "ad_machine_account_password_renewal_opts (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1081 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expects 2 integers separated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the initial timeout in seconds before the task is run for the " +"first time after startup." +msgstr "" +"Этот параметр следует использовать только для тестирования задания по " +"обновлению пароля учётной записи компьютера. Параметр ожидает 2 целых числа, " +"разделённых двоеточием («:»). Первое целое число определяет интервал (в " +"секундах) между последовательными запусками задания. Второе целое число " +"указывает начальный тайм-аут (в секундах) перед первым запуском задания " +"после перезапуска." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1090 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "По умолчанию: 86400:750 (24 часа и 15 минут)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1096 +msgid "ad_update_samba_machine_account_password (boolean)" +msgstr "ad_update_samba_machine_account_password (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1099 +msgid "" +"If enabled, when SSSD renews the machine account password, it will also be " +"updated in Samba's database. This prevents Samba's copy of the machine " +"account password from getting out of date when it is set up to use AD for " +"authentication." +msgstr "" +"Если этот параметр включён, когда SSSD обновляет пароль учётной записи " +"компьютера, он обновляется также в базе данных Samba. Это позволяет " +"предотвратить устаревание копии пароля учётной записи компьютера в Samba, " +"когда программа настроена на использование AD для проверки подлинности." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1112 +msgid "ad_use_ldaps (bool)" +msgstr "ad_use_ldaps (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1115 +msgid "" +"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " +"3628. If this option is set to True SSSD will use the LDAPS port 636 and " +"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " +"have multiple encryption layers on a single connection and we still want to " +"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " +"property maxssf is set to 0 (zero) for those connections." +msgstr "" +"По умолчанию SSSD использует простой порт LDAP 389 и порт глобального " +"каталога 3628. Если этот параметр установлен в значение «True», SSSD будет " +"использовать порт LDAPS 636 и порт глобального каталога 3629 с защитой " +"LDAPS. Так как AD не разрешает использование нескольких слоёв шифрования для " +"одного подключения и всё ещё требуется использовать SASL/GSSAPI или SASL/GSS-" +"SPNEGO для проверки подлинности, свойство безопасности SASL maxssf для таких " +"подключений будет установлено в значение «0» (ноль)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1132 +msgid "ad_allow_remote_domain_local_groups (boolean)" +msgstr "ad_allow_remote_domain_local_groups (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1135 +msgid "" +"If this option is set to <quote>true</quote> SSSD will not filter out Domain " +"Local groups from remote domains in the AD forest. By default they are " +"filtered out e.g. when following a nested group hierarchy in remote domains " +"because they are not valid in the local domain. To be compatible with other " +"solutions which make AD users and groups available on Linux client this " +"option was added." +msgstr "" +"Если этот параметр установлен в значение <quote>true</quote>, SSSD не будет " +"отфильтровывать группы, локальные в домене, в удалённых доменах в лесу AD. " +"По умолчанию они отфильтровываются (например, при следовании по иерархии " +"вложенных групп в удалённых доменах), так не являются действительными в " +"локальном домене. Этот параметр был добавлен для обеспечения совместимости с " +"другими решениями, которые делают пользователей и группы AD доступными на " +"клиенте Linux." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1145 +msgid "" +"Please note that setting this option to <quote>true</quote> will be against " +"the intention of Domain Local group in Active Directory and <emphasis>SHOULD " +"ONLY BE USED TO FACILITATE MIGRATION FROM OTHER SOLUTIONS</emphasis>. " +"Although the group exists and user can be member of the group the intention " +"is that the group should be only used in the domain it is defined and in no " +"others. Since there is only one type of POSIX groups the only way to achieve " +"this on the Linux side is to ignore those groups. This is also done by " +"Active Directory as can be seen in the PAC of the Kerberos ticket for a " +"local service or in tokenGroups requests where remote Domain Local groups " +"are missing as well." +msgstr "" +"Обратите внимание, что установка этого параметра в значение <quote>true</" +"quote> идёт вразрез со смыслом локальной группы домена в Active Directory и " +"<emphasis>ДОЛЖНА ВЫПОЛНЯТЬСЯ ТОЛЬКО ДЛЯ ОБЛЕГЧЕНИЯ ПЕРЕХОДА С ДРУГИХ " +"РЕШЕНИЙ</emphasis>. Хотя эта группа существует и пользователь может быть её " +"участником, смысл состоит в том, что группа должна использоваться только в " +"том домене, где она определена, и ни в каких других. Так как существует " +"только один тип групп POSIX, единственный способ добиться этого на стороне " +"Linux — игнорировать эти группы. Active Directory делает то же самое: в PAC " +"билета Kerberos для локальной службы и в запросах tokenGroups тоже " +"отсутствуют удалённые группы, локальные в домене." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1161 +msgid "" +"Given the comments above, if this option is set to <quote>true</quote> the " +"tokenGroups request must be disabled by setting <quote>ldap_use_tokengroups</" +"quote> to <quote>false</quote> to get consistent group-memberships of a " +"users. Additionally the Global Catalog lookup should be skipped as well by " +"setting <quote>ad_enable_gc</quote> to <quote>false</quote>. Finally it " +"might be necessary to modify <quote>ldap_group_nesting_level</quote> if the " +"remote Domain Local groups can only be found with a deeper nesting level." +msgstr "" +"Учитывая вышесказанное, при установке этого параметра в значение " +"<quote>true</quote> необходимо отключить запрос tokenGroups путём установки " +"параметра <quote>ldap_use_tokengroups</quote> в значение <quote>false</" +"quote> для получения согласованных данных об участии пользователей в " +"группах. Кроме того, также следует отключить поиск в глобальном каталоге " +"путём установки параметра <quote>ad_enable_gc</quote> в значение " +"<quote>false</quote>. И, наконец, может потребоваться изменить значение " +"параметра <quote>ldap_group_nesting_level</quote>, если удалённые группы, " +"локальные в домене, могут быть найдены только на более глубоком уровне " +"вложенности." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1184 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" +"Необязательный параметр. Этот параметр указывает SSSD автоматически " +"обновлять на сервере DNS Active Directory IP-адрес клиента. Защита " +"обновления обеспечивается с помощью GSS-TSIG. Соответственно, администратору " +"Active Directory требуется только разрешить защищённые обновления для зоны " +"DNS. Для обновления будет использован IP-адрес LDAP-соединения AD, если с " +"помощью параметра <quote>dyndns_iface</quote> не указано иное." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1214 +msgid "Default: 3600 (seconds)" +msgstr "По умолчанию: 3600 (секунд)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1230 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" +"По умолчанию: использовать IP-адреса интерфейса, который используется для " +"подключения LDAP AD" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1243 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true. Note that the " +"lowest possible value is 60 seconds in-case if value is provided less than " +"60, parameter will assume lowest value only." +msgstr "" +"Как часто внутреннему серверу следует выполнять периодическое обновление DNS " +"в дополнение к автоматическому обновлению, которое выполняется при переходе " +"внутреннего сервера в сетевой режим. Этот параметр является необязательным и " +"применяется только тогда, когда параметр dyndns_update установлен в значение " +"«true». Обратите внимание, что наименьшее допустимое значение составляет 60 " +"секунд: если будет указано меньшее значение, параметр примет наименьшее " +"допустимое значение (60 секунд)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1393 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" +"В следующем примере предполагается, что конфигурация SSSD корректна и что " +"example.com — один из доменов в разделе <replaceable>[sssd]</replaceable>. В " +"примере показаны только параметры, относящиеся к поставщику данных AD." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1400 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1420 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1416 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Поставщик данных управления доступом AD проверяет, не истёк ли срок действия " +"учётной записи. Работает так же, как и следующая конфигурация поставщика " +"данных LDAP: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1426 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" +"Тем не менее, если поставщик данных управления доступом <quote>ad</quote> не " +"настроен явным образом, поставщиком доступа по умолчанию является " +"<quote>permit</quote>. Обратите внимание, что при настройке поставщика " +"доступа, отличного <quote>ad</quote>, потребуется вручную указать все " +"параметры подключения, такие как URI LDAP и параметры шифрования." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1434 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included in the default Active Directory schema." +msgstr "" +"Когда поставщик данных autofs установлен в значение <quote>ad</quote>, " +"используется схема сопоставления атрибутов RFC2307 (nisMap, nisObject, ...), " +"так как эти атрибуты включены в стандартную схему Active Directory." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "sssd-sudo" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "Настройка sudo с помощью внутреннего сервера SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" +"На этой справочной странице представлено описание настройки <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"для работы с <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, а также кэширования правил sudo в " +"SSSD." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "Настройка sudo для совместной работы с SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" +"Чтобы включить SSSD как источник правил sudo, добавьте <emphasis>sss</" +"emphasis> в запись <emphasis>sudoers</emphasis> в файле <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" +"Например, чтобы настроить sudo на поиск правил сначала в стандартном файле " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> (который должен содержать правила, которые " +"применяются к локальным пользователям), а потом в SSSD, следует добавить в " +"файл nsswitch.conf следующую строку:" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "sudoers: files sss\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" +"Дополнительные сведения о настройке порядка поиска sudoers из файла nsswitch." +"conf, а также информация о схеме LDAP, используемой для сохранения правил " +"sudo в каталоге, доступны на справочной странице <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" +"<emphasis>Примечание</emphasis>: чтобы использовать в правилах sudo сетевые " +"группы или группы узлов IPA, также потребуется корректно установить " +"<citerefentry> <refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</" +"manvolnum> </citerefentry> в значение имени домена NIS (совпадает с именем " +"домена IPA в случае использования групп узлов)." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "Настройка SSSD для получения правил sudo" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" +"На стороне SSSD достаточно расширить список <emphasis>служб</emphasis> " +"добавлением «sudo» в раздел [sssd] <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. Чтобы ускорить " +"поиск LDAP, также можно указать базу поиска для правил sudo с помощью " +"параметра <emphasis>ldap_sudo_search_base</emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" +"В следующем примере показано, как настроить SSSD на загрузку правил sudo с " +"сервера LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:98 +msgid "" +"<placeholder type=\"programlisting\" id=\"0\"/> <phrase " +"condition=\"have_systemd\"> It's important to note that on platforms where " +"systemd is supported there's no need to add the \"sudo\" provider to the " +"list of services, as it became optional. However, sssd-sudo.socket must be " +"enabled instead. </phrase>" +msgstr "" +"<placeholder type=\"programlisting\" id=\"0\"/> <phrase " +"condition=\"have_systemd\"> Важно учитывать, что на платформах, где " +"поддерживается systemd, не требуется добавлять поставщика данных «sudo» в " +"список служб, так как он стал необязательным. Однако вместо этого следует " +"включить sssd-sudo.socket. </phrase>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:118 +msgid "" +"When SSSD is configured to use IPA as the ID provider, the sudo provider is " +"automatically enabled. The sudo search base is configured to use the IPA " +"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in " +"sssd.conf, this value will be used instead. The compat tree (ou=sudoers," +"$SUFFIX) is no longer required for IPA sudo functionality." +msgstr "" +"Когда программа SSSD настроена на использование IPA в качестве поставщика " +"ID, включение поставщика данных sudo выполняется автоматически. База поиска " +"sudo настроена на использование собственного дерева LDAP IPA (cn=sudo," +"$SUFFIX). Если в sssd.conf определена какая-либо другая база поиска, будет " +"использоваться это значение. Дерево совместимости (ou=sudoers,$SUFFIX) " +"больше не является необходимым для работы sudo IPA." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:128 +msgid "The SUDO rule caching mechanism" +msgstr "Механизм кэширования правил SUDO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:130 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" +"При разработке поддержки sudo в SSSD сложнее всего было сделать так, чтобы " +"работа sudo c SSSD в качестве источника данных обеспечивала такие же " +"скорость и взаимодействие с пользователем, что и sudo, при этом предоставляя " +"настолько актуальный набор правил, насколько это возможно. Для этого в SSSD " +"используются три вида обновлений: полное обновление, интеллектуальное " +"обновление и обновление правил." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:138 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" +"<emphasis>Интеллектуальное обновление</emphasis> периодически загружает " +"правила, которые являются новыми или были изменены после последнего " +"обновления. Основная задача — увеличивать базу данных путём получения " +"небольших порций данных, что не создаёт большой сетевой трафик." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:144 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" +"<emphasis>Полное обновление</emphasis> просто удаляет все правила sudo, " +"которые хранятся в кэше, и заменяет их всеми правилами, которые хранятся на " +"сервере. Это позволяет поддерживать согласованность кэша: удаляются все те " +"правила, которые были удалены с сервера. Однако полное обновление может " +"генерировать большое количества трафика, поэтому его следует выполнять " +"только иногда (промежуток между обновлениями зависит от размера и " +"стабильности правил sudo)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" +"<emphasis>Обновление правил</emphasis> обеспечивает, что пользователю не " +"будет предоставлено больше прав, чем определено. Это обновление выполняется " +"при каждом запуске sudo пользователем. Обновление правил находит все " +"правила, которые применяются к этому пользователю, проверяет срок их " +"действия и повторно загружает их, если этот срок истёк. Если на сервере " +"отсутствуют какие-либо из таких правил, SSSD выполнит общее полное " +"обновление, так как могло быть удалено гораздо больше правил (применяемых к " +"другим пользователям)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:161 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" +"Если этот параметр включён, SSSD будет сохранять только правила, которые " +"могут быть применены к этому компьютеру. Это те правила, которые содержат в " +"атрибуте <emphasis>sudoHost</emphasis> одно из следующих значений:" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:168 +msgid "keyword ALL" +msgstr "ключевое слово ALL" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:173 +msgid "wildcard" +msgstr "подстановочный знак" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:178 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "сетевая группа (в виде «+netgroup»)" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:183 +msgid "hostname or fully qualified domain name of this machine" +msgstr "имя узла или полное доменное имя компьютера" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:188 +msgid "one of the IP addresses of this machine" +msgstr "один из IP-адресов компьютера" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:193 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "один из IP-адресов сети (в виде «address/mask»)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:199 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Предусмотрено много параметров, которыми можно воспользоваться для настройки " +"поведения программы. Подробное описание доступно в разделах «ldap_sudo_*» " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> и «sudo_*» <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:213 +msgid "Tuning the performance" +msgstr "Тонкая настройка производительности" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:215 +msgid "" +"SSSD uses different kinds of mechanisms with more or less complex LDAP " +"filters to keep the cached sudo rules up to date. The default configuration " +"is set to values that should satisfy most of our users, but the following " +"paragraphs contain few tips on how to fine- tune the configuration to your " +"requirements." +msgstr "" +"SSSD использует различные типы механизмов со сложными и простыми фильтрами " +"LDAP для поддержания кэшированных правил sudo в актуальном состоянии. В " +"стандартной конфигурации заданы значения, которые должны подойти большинству " +"пользователей. Тем не менее, в последующих абзацах приводится несколько " +"советов по тонкой настройке конфигурации." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:222 +msgid "" +"1. <emphasis>Index LDAP attributes</emphasis>. Make sure that following LDAP " +"attributes are indexed: objectClass, cn, entryUSN or modifyTimestamp." +msgstr "" +"1. <emphasis>Индексируйте атрибуты LDAP</emphasis>. Убедитесь, что " +"выполняется индексирование следующих атрибутов LDAP: objectClass, cn, " +"entryUSN и modifyTimestamp." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:227 +msgid "" +"2. <emphasis>Set ldap_sudo_search_base</emphasis>. Set the search base to " +"the container that holds the sudo rules to limit the scope of the lookup." +msgstr "" +"2. <emphasis>Задайте ldap_sudo_search_base</emphasis>. Укажите в качестве " +"базы поиска контейнер, который содержит правила sudo, чтобы ограничить " +"область поиска." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:232 +msgid "" +"3. <emphasis>Set full and smart refresh interval</emphasis>. If your sudo " +"rules do not change often and you do not require quick update of cached " +"rules on your clients, you may consider increasing the " +"<emphasis>ldap_sudo_full_refresh_interval</emphasis> and " +"<emphasis>ldap_sudo_smart_refresh_interval</emphasis>. You may also consider " +"disabling the smart refresh by setting " +"<emphasis>ldap_sudo_smart_refresh_interval = 0</emphasis>." +msgstr "" +"3. <emphasis>Задайте интервал полного и интеллектуального обновления</" +"emphasis>. Если правила sudo меняются редко и не требуется быстро обновлять " +"кэшированные правила на клиентах, можно увеличить значения " +"<emphasis>ldap_sudo_full_refresh_interval</emphasis> и " +"<emphasis>ldap_sudo_smart_refresh_interval</emphasis>. Также можно отключить " +"интеллектуальное обновление: <emphasis>ldap_sudo_smart_refresh_interval = 0</" +"emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:241 +msgid "" +"4. If you have large number of clients, you may consider increasing the " +"value of <emphasis>ldap_sudo_random_offset</emphasis> to distribute the load " +"on the server better." +msgstr "" +"4. Если имеется большое количество клиентов, можно увеличить значение " +"<emphasis>ldap_sudo_random_offset</emphasis> для лучшего распределения " +"нагрузки на сервер." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "sssd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "cервис SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" +"<command>SSSD</command> предоставляет набор внутренних служб для управления " +"доступом к удалённым каталогам и механизмам проверки подлинности. Этот " +"сервис предоставляет интерфейс NSS и PAM к операционной системе и систему " +"подключаемых внутренних серверов для установки соединения с несколькими " +"разными источниками учётных записей, а также интерфейс D-Bus. Также он " +"является основой сервисов аудита и политики доступа клиентов для таких " +"проектов, как FreeIPA. SSSD предоставляет более надёжную базу данных для " +"хранения локальных пользователей, а также расширенных пользовательских " +"данных." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "<emphasis>1</emphasis>: добавить отметку времени к сообщениям отладки" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "<emphasis>0</emphasis>: отключить отметку времени в сообщениях отладки" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" +"<emphasis>1</emphasis>: добавить микросекунды в отметку времени в сообщениях " +"отладки" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "<emphasis>0</emphasis>: отключить микросекунды в отметке времени" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>--logger=</option><replaceable>value</replaceable>" +msgstr "<option>--logger=</option><replaceable>value</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "Location where SSSD will send log messages." +msgstr "Расположение, в которое SSSD будет отправлять сообщения журнала." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:92 +msgid "" +"<emphasis>stderr</emphasis>: Redirect debug messages to standard error " +"output." +msgstr "" +"<emphasis>stderr</emphasis>: перенаправлять сообщения отладки в стандартный " +"поток ошибок." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:96 +msgid "" +"<emphasis>files</emphasis>: Redirect debug messages to the log files. By " +"default, the log files are stored in <filename>/var/log/sssd</filename> and " +"there are separate log files for every SSSD service and domain." +msgstr "" +"<emphasis>files</emphasis>: перенаправлять сообщения отладки в файлы " +"журнала. По умолчанию файлы журнала хранятся в <filename>/var/log/sssd</" +"filename> и представляют собой отдельные файлы для каждой службы и домена " +"SSSD." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:102 +msgid "" +"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald" +msgstr "" +"<emphasis>journald</emphasis>: перенаправлять сообщения отладки в systemd-" +"journald" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:106 +msgid "" +"Default: not set (fall back to journald if available, otherwise to stderr)" +msgstr "" +"По умолчанию: не задано (использовать journald, если это возможно, в ином " +"случае — stderr)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:113 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "<option>-D</option>,<option>--daemon</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:117 +msgid "Become a daemon after starting up." +msgstr "Запускаться в качестве службы." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:123 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "<option>-i</option>,<option>--interactive</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:127 +msgid "Run in the foreground, don't become a daemon." +msgstr "Запускаться интерактивно, не в качестве службы." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:133 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "<option>-c</option>,<option>--config</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:137 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Позволяет указать файл конфигурации, отличный от стандартного. Стандартным " +"является <filename>/etc/sssd/sssd.conf</filename>. Сведения о синтаксисе и " +"параметрах файла конфигурации доступны на справочной странице <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "<option>-g</option>,<option>--genconf</option>" +msgstr "<option>-g</option>,<option>--genconf</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:154 +msgid "" +"Do not start the SSSD, but refresh the configuration database from the " +"contents of <filename>/etc/sssd/sssd.conf</filename> and exit." +msgstr "" +"Не запускать SSSD, но обновить базу данных конфигурации содержимым " +"<filename>/etc/sssd/sssd.conf</filename> и выйти." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:162 +msgid "<option>-s</option>,<option>--genconf-section</option>" +msgstr "<option>-s</option>,<option>--genconf-section</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:166 +msgid "" +"Similar to <quote>--genconf</quote>, but only refresh a single section from " +"the configuration file. This option is useful mainly to be called from " +"systemd unit files to allow socket-activated responders to refresh their " +"configuration without requiring the administrator to restart the whole SSSD." +msgstr "" +"Аналогично <quote>--genconf</quote>, но будет выполнено обновление только " +"одного раздела файла конфигурации. Этот параметр полезен главным образом при " +"вызове из файлов модулей systemd с целью позволить ответчикам, которые " +"активируются с помощью сокетов, обновлять свою конфигурацию без " +"необходимости в перезапуске всего сервиса SSSD администратором." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:178 +msgid "<option>--version</option>" +msgstr "<option>--version</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:182 +msgid "Print version number and exit." +msgstr "Вывести номер версии и выйти." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:190 +msgid "Signals" +msgstr "Сигналы" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:193 +msgid "SIGTERM/SIGINT" +msgstr "SIGTERM/SIGINT" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:196 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" +"Сообщает SSSD, что следует постепенно завершить все дочерние процессы и " +"затем отключить монитор." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:202 +msgid "SIGHUP" +msgstr "SIGHUP" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:205 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" +"Сообщает SSSD, что следует прекратить запись в текущие дескрипторы файлов " +"отладки, закрыть их и затем открыть снова. Это должно облегчить свёртывание " +"журнала с помощью таких программ, как logrotate." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:213 +msgid "SIGUSR1" +msgstr "SIGUSR1" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:216 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" +"Сообщает SSSD, что следует имитировать работу в автономном режиме в течение " +"времени, заданного параметром <quote>offline_timeout</quote>. Это полезно " +"при тестировании. Сигнал можно отправить либо процессу sssd, либо напрямую " +"любому процессу sssd_be." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:225 +msgid "SIGUSR2" +msgstr "SIGUSR2" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:228 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" +"Сообщает SSSD, что следует немедленно перейти в сетевой режим. Это полезно " +"при тестировании. Сигнал можно отправить либо процессу sssd, либо напрямую " +"любому процессу sssd_be." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:240 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in-memory cache." +msgstr "" +"Если переменная среды SSS_NSS_USE_MEMCACHE установлена в значение «NO», " +"клиентские приложения не будут использовать быстрый кэш в памяти." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:244 +msgid "" +"If the environment variable SSS_LOCKFREE is set to \"NO\", requests from " +"multiple threads of a single application will be serialized." +msgstr "" +"Если переменная среды SSS_LOCKFREE установлена в значение «NO», " +"одновременные запросы от нескольких потоков одного приложения будут " +"преобразованы в последовательность запросов." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "sss_obfuscate" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "скрыть открытый пароль" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>параметры</" +"replaceable> </arg> <arg choice='plain'><replaceable>[ПАРОЛЬ]</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" +"<command>sss_obfuscate</command> преобразует указанный пароль в формат, " +"нечитаемый человеком, и помещает его в соответствующем разделе домена файла " +"конфигурации SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" +"Открытый пароль читается из потока стандартного ввода или вводится в " +"интерактивном режиме. Скрытый пароль помещается в параметр " +"<quote>ldap_default_authtok</quote> указанного домена SSSD, и параметр " +"<quote>ldap_default_authtok_type</quote> устанавливается в значение " +"<quote>obfuscated_password</quote>. Дополнительные сведения об этих " +"параметрах доступны на справочной странице <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" +"Обратите внимание, что скрытие пароля <emphasis>на самом деле не повышает " +"уровень безопасности</emphasis>, так как злоумышленник всё равно сможет " +"реконструировать пароль. <emphasis>Настоятельно</emphasis> рекомендуется " +"использовать более совершенные механизмы проверки подлинности (например, " +"сертификаты на стороне клиента или GSSAPI)." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "<option>-s</option>,<option>--stdin</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "Пароль для скрытия будет прочитан из потока стандартного ввода." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" +"Домен SSSD, в котором используется пароль. Имя по умолчанию: <quote>default</" +"quote>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" +"Прочитать файл конфигурации, указанный с помощью позиционного параметра." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "По умолчанию: <filename>/etc/sssd/sssd.conf</filename>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "sss_override" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "создать локальные переопределения атрибутов пользователя и группы" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" +"<command>sss_override</command> <arg choice='plain'><replaceable>КОМАНДА</" +"replaceable></arg> <arg choice='opt'> <replaceable>параметры</replaceable> </" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" +"<command>sss_override</command> позволяет создать представление на стороне " +"клиента и изменить выбранные значения для определённых пользователей и " +"групп. Изменения будут применены только на локальном компьютере." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" +"Данные переопределений хранятся в кэше SSSD. При удалении кэша все локальные " +"переопределения будут потеряны. Обратите внимание, что после создания " +"первого переопределения с помощью любой из следующих команд: <emphasis>user-" +"add</emphasis>, <emphasis>group-add</emphasis>, <emphasis>user-import</" +"emphasis> или <emphasis>group-import</emphasis>, необходимо перезапустить " +"SSSD для вступления изменений в силу. Когда требуется перезапуск, " +"<emphasis>sss_override</emphasis> отображает соответствующее сообщение." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:48 +msgid "" +"<emphasis>NOTE:</emphasis> The options provided in this man page only work " +"with <quote>ldap</quote> and <quote>AD</quote> <quote> id_provider</quote>. " +"IPA overrides can be managed centrally on the IPA server." +msgstr "" +"<emphasis>ПРИМЕЧАНИЕ:</emphasis> представленные на этой справочной странице " +"параметры работают только для значений <quote>ldap</quote> и <quote>AD</" +"quote> параметра <quote> id_provider</quote>. Переопределениями IPA можно " +"управлять централизованно на сервере IPA." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:56 sssctl.8.xml:41 +msgid "AVAILABLE COMMANDS" +msgstr "ДОСТУПНЫЕ КОМАНДЫ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:58 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" +"Аргумент <emphasis>NAME</emphasis> — это имя исходного объекта во всех " +"командах. Невозможно переопределить <emphasis>uid</emphasis> или " +"<emphasis>gid</emphasis> в значение «0»." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:65 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED " +"CERTIFICATE</optional>" +msgstr "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED " +"CERTIFICATE</optional>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:78 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" +"Переопределить атрибуты пользователя. Следует учитывать, что при вызове этой " +"команды для указанного по имени (NAME) пользователя будет заменено " +"предыдущее переопределение, если таковое имеется." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:86 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "<option>user-del</option> <emphasis>NAME</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:91 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" +"Удалить переопределения пользователя. Необходимо учитывать, что " +"переопределённые атрибуты могут быть возвращены из кэша в памяти. Подробные " +"сведения доступны в описании параметра SSSD <emphasis>memcache_timeout</" +"emphasis>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:100 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:105 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" +"Вывести список всех пользователей, для которых заданы переопределения. Если " +"параметр <emphasis>DOMAIN</emphasis> задан, будут показаны только " +"пользователи из указанного домена." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:113 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "<option>user-show</option> <emphasis>NAME</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:118 +msgid "Show user overrides." +msgstr "Показать переопределения пользователя." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:124 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "<option>user-import</option> <emphasis>FILE</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" +"Импортировать переопределения пользователя из <emphasis>FILE</emphasis>. " +"Формат данных аналогичен стандартному файлу passwd. Формат:" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:134 +msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate" +msgstr "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:137 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" +"где original_name — исходное имя пользователя, атрибуты которого следует " +"переопределить. Остальные поля соответствуют новым значениям. Чтобы не " +"указывать значение, просто оставьте соответствующее поле пустым." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:146 +msgid "ckent:superman::::::" +msgstr "ckent:superman::::::" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:149 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:" +msgstr "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:155 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "<option>user-export</option> <emphasis>FILE</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:160 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" +"Экспортировать все переопределённые атрибуты и сохранить их в " +"<emphasis>FILE</emphasis>. Сведения о формате данных доступны в описании " +"команды <emphasis>user-import</emphasis>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:168 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:175 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" +"Переопределить атрибуты группы. Следует учитывать, что при вызове этой " +"команды для указанной по имени (NAME) группы будет заменено предыдущее " +"переопределение, если таковое имеется." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:183 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "<option>group-del</option> <emphasis>NAME</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:188 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" +"Удалить переопределения группы. Необходимо учитывать, что переопределённые " +"атрибуты могут быть возвращены из кэша в памяти. Подробные сведения доступны " +"в описании параметра SSSD <emphasis>memcache_timeout</emphasis>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:197 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:202 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" +"Вывести список всех групп, для которых заданы переопределения. Если параметр " +"<emphasis>DOMAIN</emphasis> задан, будут показаны только группы из " +"указанного домена." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:210 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "<option>group-show</option> <emphasis>NAME</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:215 +msgid "Show group overrides." +msgstr "Показать переопределения группы." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:221 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "<option>group-import</option> <emphasis>FILE</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" +"Импортировать переопределения группы из <emphasis>FILE</emphasis>. Формат " +"данных аналогичен стандартному файлу group. Формат:" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:231 +msgid "original_name:name:gid" +msgstr "original_name:name:gid" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:234 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" +"где original_name — исходное имя группы, атрибуты которой следует " +"переопределить. Остальные поля соответствуют новым значениям. Чтобы не " +"указывать значение, просто оставьте соответствующее поле пустым." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:243 +msgid "admins:administrators:" +msgstr "admins:administrators:" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:246 +msgid "Domain Users:Users:501" +msgstr "Domain Users:Users:501" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:252 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "<option>group-export</option> <emphasis>FILE</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:257 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" +"Экспортировать все переопределённые атрибуты и сохранить их в " +"<emphasis>FILE</emphasis>. Сведения о формате данных доступны в описании " +"команды <emphasis>group-import</emphasis>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:267 sssctl.8.xml:50 +msgid "COMMON OPTIONS" +msgstr "ОБЩИЕ ПАРАМЕТРЫ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:269 sssctl.8.xml:52 +msgid "Those options are available with all commands." +msgstr "Эти параметры доступны для всех команд." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:274 sssctl.8.xml:57 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "<option>--debug</option> <replaceable>LEVEL</replaceable>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "sssd-krb5" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "Поставщик данных Kerberos SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" +"На этой справочной странице представлено описание настройки внутреннего " +"сервера проверки подлинности Kerberos 5 для <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>. Подробные сведения о синтаксисе доступны в разделе " +"<quote>ФОРМАТ ФАЙЛА</quote> справочной страницы <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" +"Внутренний сервер проверки подлинности Kerberos 5 содержит поставщиков " +"данных для проверки подлинности (auth) и смены пароля (chpass). Для " +"корректной работы его необходимо использовать совместно с поставщиком данных " +"идентификации (например, id_provider = ldap). Некоторые данные, которые " +"требуются внутреннему серверу проверки подлинности Kerberos 5, должны " +"предоставляться поставщиком данных идентификации (например, имя участника " +"Kerberos пользователя (UPN)). В конфигурации поставщика данных идентификации " +"должна быть запись с указанием UPN. Сведения о том, как выполнить такую " +"настройку, доступны на справочной странице соответствующего поставщика " +"данных идентификации." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" +"Этот внутренний сервер также предоставляет возможность управления доступом " +"на основе файла .k5login в домашнем каталоге пользователя. Дополнительные " +"сведения доступны на справочной странице <citerefentry> " +"<refentrytitle>k5login</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>. Обратите внимание, что пользователю будет отказано в доступе, " +"если файл .k5login пуст. Чтобы активировать эту возможность, укажите " +"«access_provider = krb5» в конфигурации SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" +"Если на внутреннем сервере идентификации недоступен UPN, <command>sssd</" +"command> создаст UPN в формате <replaceable>username</" +"replaceable>@<replaceable>krb5_realm</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" +"Разделённый запятыми список IP-адресов или имён узлов серверов Kerberos, к " +"которым SSSD следует подключаться в порядке приоритета. Дополнительные " +"сведения об отработке отказа и избыточности сервера доступны в разделе " +"<quote>ОТРАБОТКА ОТКАЗА</quote>. После адресов или имён узлов можно " +"(необязательно) добавить номер порта (предварив его двоеточием). Если у " +"параметра пустое значение, будет включено обнаружение служб — дополнительные " +"сведения доступны в разделе <quote>ОБНАРУЖЕНИЕ СЛУЖБ</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" +"Имя области Kerberos. Этот параметр является обязательным и должен быть " +"указан." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "krb5_kpasswd, krb5_backup_kpasswd (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" +"Если на KDC не запущена служба смены паролей, здесь можно задать " +"альтернативные серверы. После адресов или имён узлов можно добавить " +"необязательный номер порта (предварив его двоеточием)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" +"Дополнительные сведения об отработке отказа и избыточности сервера доступны " +"в разделе <quote>ОТРАБОТКА ОТКАЗА</quote>. ПРИМЕЧАНИЕ: даже если список " +"серверов kpasswd будет исчерпан, внутренний сервер не перейдёт в автономный " +"режим работы, если всё ещё возможна проверка подлинности с помощью KDC." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "По умолчанию: использовать KDC" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "krb5_ccachedir (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" +"Каталог для хранения кэшей учётных данных. Здесь также можно использовать " +"все последовательности замещения krb5_ccname_template, за исключением %d и " +"%P. Каталог создаётся как закрытый, его владельцем является пользователь, " +"права доступа — 0700." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "По умолчанию: /tmp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "krb5_ccname_template (строка)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "%u" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "имя для входа" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "%U" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "UID для входа" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "%p" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "имя участника" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "%r" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "имя области" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 include/override_homedir.xml:42 +msgid "%h" +msgstr "%h" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:124 +msgid "home directory" +msgstr "домашний каталог" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "%d" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "значение krb5_ccachedir" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:31 +msgid "%P" +msgstr "%P" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "идентификатор процесса клиента SSSD" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:56 +msgid "%%" +msgstr "%%" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:57 +msgid "a literal '%'" +msgstr "литерал «%»" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" +"Расположение кэша учётных данных пользователя. В настоящее время " +"поддерживаются три типа кэша учётных данных: <quote>FILE</quote>, " +"<quote>DIR</quote> и <quote>KEYRING:persistent</quote>. Кэш можно указать " +"либо как <replaceable>TYPE:RESIDUAL</replaceable>, либо как абсолютный путь, " +"что предполагает тип <quote>FILE</quote>. В шаблоне заменяются следующие " +"последовательности: <placeholder type=\"variablelist\" id=\"0\"/> Если " +"шаблон заканчивается на «XXXXXX», для безопасного создания уникального имени " +"файла используется mkstemp(3)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" +"Если используются типы KEYRING, единственным поддерживаемым механизмом " +"является <quote>KEYRING:persistent:%U</quote>, то есть использование набора " +"ключей ядра Linux для хранения учётных данных на основе разделения по UID. " +"Этот вариант также является рекомендуемым, так как этот способ обеспечивает " +"наибольшую безопасность и предсказуемость." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" +"Источником стандартного значения имени кэша учётных данных является профиль, " +"который хранится в общесистемном файле конфигурации krb5.conf в разделе " +"[libdefaults]. Имя параметра — default_ccache_name. Дополнительные сведения " +"о формате расширения, определённом krb5.conf, доступны в абзаце о расширении " +"параметров (PARAMETER EXPANSION) krb5.conf(5)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" +"ПРИМЕЧАНИЕ: обратите внимание, что в шаблоне расширения ccache libkrb5 из " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> используются другие последовательности " +"расширения, чем в SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "По умолчанию: (из libkrb5)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_keytab (string)" +msgstr "krb5_keytab (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" +"Расположение таблицы ключей, которую следует использовать при проверке " +"учётных данных, полученных от KDC." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:253 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "krb5_store_password_if_offline (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:256 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" +"Сохранять пароль пользователя, если поставщик не в сети, и использовать его " +"для запроса TGT, когда поставщик снова появляется в сети." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:261 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" +"ПРИМЕЧАНИЕ: эта возможность доступна только в Linux. Пароли, сохранённые " +"таким образом, хранятся как простой текст в наборе ключей ядра и " +"потенциально доступны пользователю root (потребуются некоторые усилия)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:274 +msgid "krb5_use_fast (string)" +msgstr "krb5_use_fast (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:277 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" +"Включает защищённое туннелирование гибкой проверки подлинности (FAST) для " +"предварительной проверки подлинности Kerberos. Поддерживаются следующие " +"параметры:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:282 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" +"<emphasis>never</emphasis> — никогда не использовать FAST. Это равнозначно " +"тому варианту, когда значение этого параметра вообще не указано." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:286 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" +"<emphasis>try</emphasis> — пытаться использовать FAST. Если сервер не " +"поддерживает FAST, проверка подлинности будет продолжена без него." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:291 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" +"<emphasis>demand</emphasis> — требовать использования FAST. Проверка " +"подлинности будет неудачной, если сервер не требует использования FAST." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:296 +msgid "Default: not set, i.e. FAST is not used." +msgstr "По умолчанию: не задано, то есть FAST не используется." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:299 +msgid "NOTE: a keytab or support for anonymous PKINIT is required to use FAST." +msgstr "" +"ПРИМЕЧАНИЕ: для использования FAST необходима таблица ключей или поддержка " +"анонимного PKINIT." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:303 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" +"ПРИМЕЧАНИЕ: SSSD поддерживает FAST только для MIT Kerberos версии 1.8 и " +"выше. Если SSSD используется с более ранней версией MIT Kerberos, " +"использование этого параметра является ошибкой конфигурации." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:312 +msgid "krb5_fast_principal (string)" +msgstr "krb5_fast_principal (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:315 +msgid "Specifies the server principal to use for FAST." +msgstr "Указывает участник-сервер, который следует использовать для FAST." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:321 +msgid "krb5_fast_use_anonymous_pkinit (boolean)" +msgstr "krb5_fast_use_anonymous_pkinit (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:324 +msgid "" +"If set to true try to use anonymous PKINIT instead of a keytab to get the " +"required credential for FAST. The krb5_fast_principal options is ignored in " +"this case." +msgstr "" +"Если установлено значение «true», попытаться воспользоваться анонимным " +"PKINIT вместо таблицы ключей для получения необходимых учётных данных для " +"FAST. В этом случае параметры krb5_fast_principal игнорируются." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:364 +msgid "krb5_kdcinfo_lookahead (string)" +msgstr "krb5_kdcinfo_lookahead (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:367 +msgid "" +"When krb5_use_kdcinfo is set to true, you can limit the amount of servers " +"handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. This might be " +"helpful when there are too many servers discovered using SRV record." +msgstr "" +"Когда параметр krb5_use_kdcinfo установлен в значение «true», можно " +"ограничить количество серверов, которые передаются <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>. Это может быть полезно, когда с помощью записи " +"SRV обнаруживается слишком много серверов." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:377 +msgid "" +"The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. " +"The first number represents number of primary servers used and the second " +"number specifies the number of backup servers." +msgstr "" +"Параметр krb5_kdcinfo_lookahead содержит два числа, разделённых двоеточием. " +"Первое число представляет количество используемых основных серверов, а " +"второе — количество резервных серверов." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:383 +msgid "" +"For example <emphasis>10:0</emphasis> means that up to 10 primary servers " +"will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " +"servers." +msgstr "" +"Например, <emphasis>10:0</emphasis> означает, что <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> будут переданы 10 основных серверов, но ни одного " +"резервного сервера." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:392 +msgid "Default: 3:1" +msgstr "По умолчанию: 3:1" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:398 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "krb5_use_enterprise_principal (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:401 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" +"Позволяет указать, следует ли обрабатывать участника-пользователя как " +"участника-предприятие. Дополнительные сведения об участниках-предприятиях " +"доступны в разделе 5 RFC 6806." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:407 +msgid "Default: false (AD provider: true)" +msgstr "По умолчанию: false (поставщик данных AD: true)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:410 +msgid "" +"The IPA provider will set to option to 'true' if it detects that the server " +"is capable of handling enterprise principals and the option is not set " +"explicitly in the config file." +msgstr "" +"Поставщик данных IPA установит этот параметр в значение «true», если " +"определит, что сервер может обрабатывать участников-предприятия, и если этот " +"параметр не задан в явном виде в файле конфигурации." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:419 +msgid "krb5_use_subdomain_realm (boolean)" +msgstr "krb5_use_subdomain_realm (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:422 +msgid "" +"Specifies to use subdomains realms for the authentication of users from " +"trusted domains. This option can be set to 'true' if enterprise principals " +"are used with upnSuffixes which are not known on the parent domain KDCs. If " +"the option is set to 'true' SSSD will try to send the request directly to a " +"KDC of the trusted domain the user is coming from." +msgstr "" +"Указывает использовать области поддоменов для проверки подлинности " +"пользователей из доверенных доменов. Этот параметр можно установить в " +"значение «true», если участники-предприятия используются с upnSuffixes, " +"неизвестными KDC родительского домена. Если этот параметр установлен в " +"значение «true», SSSD будет пытаться отправить запрос напрямую KDC того " +"доверенного домена, из которого пришёл пользователь." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:438 +msgid "krb5_map_user (string)" +msgstr "krb5_map_user (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" +"Перечень сопоставлений указывается в виде разделённого запятыми списка пар " +"<quote>username:primary</quote>, где <quote>username</quote> — имя " +"пользователя UNIX, а <quote>primary</quote> — часть пользователя в записи " +"участника Kerberos. Это сопоставление задействуется, когда для проверки " +"подлинности пользователя используется <quote>auth_provider = krb5</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:453 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:458 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" +"<quote>joe</quote> и <quote>dick</quote> — имена пользователей UNIX, а " +"<quote>juser</quote> и <quote>richard</quote> — основные части участников " +"Kerberos. Для пользователей <quote>joe</quote> и <quote>dick</quote> SSSD " +"попытается выполнить kinit как, соответственно, <quote>juser@REALM</quote> и " +"<quote>richard@REALM</quote>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Если в домене SSSD используется модуль проверки подлинности krb5, необходимо " +"использовать следующие параметры. Сведения о конфигурации домена SSSD " +"доступны на справочной странице <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, в разделе " +"<quote>РАЗДЕЛЫ ДОМЕНА</quote>. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:485 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" +"В следующем примере предполагается, что конфигурация SSSD корректна и что " +"FOO — один из доменов в разделе <replaceable>[sssd]</replaceable>. В примере " +"показана только конфигурация проверки подлинности Kerberos; он не включает " +"какого-либо поставщика данных идентификации." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:493 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "sss_cache" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "выполнить очистку кэша" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online. Options that invalidate a single object only accept a " +"single provided argument." +msgstr "" +"<command>sss_cache</command> объявляет недействительными записи в кэше SSSD. " +"Объявленные недействительными записи принудительно повторно загружаются с " +"сервера, как только соответствующий внутренний сервер SSSD появляется в " +"сети. Параметры, объявляющие недействительность одного объекта, принимают " +"только один предоставленный аргумент." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:43 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "<option>-E</option>,<option>--everything</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:47 +msgid "Invalidate all cached entries." +msgstr "Объявить недействительными все кэшированные записи." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:53 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:58 +msgid "Invalidate specific user." +msgstr "Объявить недействительным определённого пользователя." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:64 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "<option>-U</option>,<option>--users</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:68 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" +"Объявить недействительными все записи пользователей. Этот параметр имеет " +"приоритет над параметром, который объявляет недействительным определённого " +"пользователя, если он также был задан." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:75 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:80 +msgid "Invalidate specific group." +msgstr "Объявить недействительной определённую группу." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:86 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "<option>-G</option>,<option>--groups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:90 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" +"Объявить недействительными все записи групп. Этот параметр имеет приоритет " +"над параметром, который объявляет недействительной определённую группу, если " +"он также был задан." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:97 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:102 +msgid "Invalidate specific netgroup." +msgstr "Объявить недействительной определённую сетевую группу." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:108 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "<option>-N</option>,<option>--netgroups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:112 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" +"Объявить недействительными все записи сетевых групп. Этот параметр имеет " +"приоритет над параметром, который объявляет недействительной определённую " +"сетевую группу, если он также был задан." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:119 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:124 +msgid "Invalidate specific service." +msgstr "Объявить недействительной определённую службу." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:130 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "<option>-S</option>,<option>--services</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:134 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" +"Объявить недействительными все записи служб. Этот параметр имеет приоритет " +"над параметром, который объявляет недействительной определённую службу, если " +"он также был задан." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:141 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:146 +msgid "Invalidate specific autofs maps." +msgstr "Объявить недействительной определённую карту autofs." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:152 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "<option>-A</option>,<option>--autofs-maps</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:156 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" +"Объявить недействительными все карты autofs. Этот параметр имеет приоритет " +"над параметром, который объявляет недействительной определённую карту " +"autofs, если он также был задан." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:163 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:168 +msgid "Invalidate SSH public keys of a specific host." +msgstr "Объявить недействительными открытые ключи SSH определённого узла." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:174 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "<option>-H</option>,<option>--ssh-hosts</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:178 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" +"Объявить недействительными открытые ключи SSH всех узлов. Этот параметр " +"имеет приоритет над параметром, который объявляет недействительными открытые " +"ключи SSH определённого узла, если он также был задан." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:186 +msgid "" +"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</" +"replaceable>" +msgstr "" +"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:191 +msgid "Invalidate particular sudo rule." +msgstr "Объявить недействительным определённое правило sudo." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:197 +msgid "<option>-R</option>,<option>--sudo-rules</option>" +msgstr "<option>-R</option>,<option>--sudo-rules</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:201 +msgid "" +"Invalidate all cached sudo rules. This option overrides invalidation of " +"specific sudo rule if it was also set." +msgstr "" +"Объявить недействительными все кэшированные правила sudo. Этот параметр " +"имеет приоритет над параметром, который объявляет недействительным " +"определённое правило sudo, если он также был задан." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:209 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:214 +msgid "Restrict invalidation process only to a particular domain." +msgstr "Ограничить процесс объявления недействительности определённым доменом." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_cache.8.xml:224 +msgid "EFFECTS ON THE FAST MEMORY CACHE" +msgstr "ВЛИЯНИЕ НА КЭШ В СВЕРХОПЕРАТИВНОЙ ПАМЯТИ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:226 +msgid "" +"<command>sss_cache</command> also invalidates the memory cache. Since the " +"memory cache is a file which is mapped into the memory of each process which " +"called SSSD to resolve users or groups the file cannot be truncated. A " +"special flag is set in the header of the file to indicate that the content " +"is invalid and then the file is unlinked by SSSD's NSS responder and a new " +"cache file is created. Whenever a process is now doing a new lookup for a " +"user or a group it will see the flag, close the old memory cache file and " +"map the new one into its memory. When all processes which had opened the old " +"memory cache file have closed it while looking up a user or a group the " +"kernel can release the occupied disk space and the old memory cache file is " +"finally removed completely." +msgstr "" +"<command>sss_cache</command> также объявляет недействительным кэш в памяти. " +"Так как кэш в памяти является файлом, который сопоставляется с памятью " +"каждого процесса, который вызывал SSSD для разрешения пользователей или " +"групп, этот файл не может быть усечён. В заголовке файла указывается " +"специальный флаг, который обозначает недействительность содержимого, и затем " +"ответчик NSS SSSD выполняет отмену связи этого файла, после чего создаётся " +"новый файл кэша. Теперь, когда процесс выполняет новый поиск пользователя " +"или группы, он видит флаг, закрывает старый файл кэша в памяти и " +"сопоставляет со своей памятью новый файл. Когда все процессы, которые " +"открывали старый файл кэша в памяти, закроют его при поиске пользователя или " +"группы, ядро сможет освободить занятое пространство на диске и старый файл " +"кэша в памяти будет полностью удалён." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:240 +msgid "" +"A special case is long running processes which are doing user or group " +"lookups only at startup, e.g. to determine the name of the user the process " +"is running as. For those lookups the memory cache file is mapped into the " +"memory of the process. But since there will be no further lookups this " +"process would never detect if the memory cache file was invalidated and " +"hence it will be kept in memory and will occupy disk space until the process " +"stops. As a result calling <command>sss_cache</command> might increase the " +"disk usage because old memory cache files cannot be removed from the disk " +"because they are still mapped by long running processes." +msgstr "" +"Особый случай представляют длительно выполняемые процессы, которые " +"осуществляют поиск пользователей или групп только при запуске (например, " +"чтобы определить имя пользователя, от имени которого запущен процесс). Для " +"такого поиска файл кэша в памяти сопоставляется с памятью процесса. Но, так " +"как дальнейшего поиска не будет, этот процесс никогда не определит, был ли " +"объявлен недействительным файл кэша в памяти, и поэтому он будет оставлен в " +"памяти и будет занимать пространство на диске до тех пор, пока процесс не " +"остановится. Следовательно, вызов <command>sss_cache</command> может " +"увеличить использование места на диске, потому что старые файлы кэша в " +"памяти не могут быть удалены с диска, так как они всё ещё сопоставляются " +"длительно выполняемыми процессами." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:252 +msgid "" +"A possible work-around for long running processes which are looking up users " +"and groups only at startup or very rarely is to run them with the " +"environment variable SSS_NSS_USE_MEMCACHE set to \"NO\" so that they won't " +"use the memory cache at all and not map the memory cache file into the " +"memory. In general a better solution is to tune the cache timeout parameters " +"so that they meet the local expectations and calling <command>sss_cache</" +"command> is not needed." +msgstr "" +"Чтобы обойти эту проблему для длительно выполняемых процессов, которые " +"выполняют поиск пользователей и групп только при запуске или очень редко, " +"можно запускать их с переменной среды SSS_NSS_USE_MEMCACHE, установленной в " +"значение «NO»: в этом случае они вообще не будут использовать кэш в памяти и " +"не будут сопоставлять файл кэша в памяти с памятью. В целом, лучшим решением " +"проблемы будет настроить параметры тайм-аута кэша таким образом, чтобы они " +"соответствовали локальным ожиданиям и не требовался вызов " +"<command>sss_cache</command>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "sss_debuglevel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "[DEPRECATED] change debug level while SSSD is running" +msgstr "[НЕ РЕКОМЕНДУЕТСЯ] изменить уровень отладки во время работы SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>параметры</" +"replaceable> </arg> <arg choice='plain'><replaceable>НОВЫЙ_УРОВЕНЬ_ОТЛАДКИ</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl " +"debug-level command. Please refer to the <command>sssctl</command> man page " +"for more information on sssctl usage." +msgstr "" +"<command>sss_debuglevel</command> устарела и заменена командой debug-level " +"sssctl. Дополнительные сведения об использовании sssctl доступны на man-" +"странице <command>sssctl</command>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "sss_seed" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "пополнить кэш SSSD данными пользователя" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" +"<command>sss_seed</command> пополняет кэш SSSD записью пользователя и " +"временным паролем. Если запись пользователя уже присутствует в кэше SSSD, " +"она будет обновлена данными временного пароля." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" +"Указать имя домена, участником которого является пользователь. Домен также " +"используется для получения данных пользователя. Домен необходимо настроить в " +"sssd.conf. Необходимо задать параметр <replaceable>DOMAIN</replaceable>. " +"Данные, полученные от домена, имеют приоритет над данными, указанными с " +"помощью параметров." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" +"Имя пользователя, запись которого следует создать или изменить в кэше. " +"Необходимо указать параметр <replaceable>ПОЛЬЗОВАТЕЛЬ</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "Установить UID пользователя в значение <replaceable>UID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "Установить GID пользователя в значение <replaceable>GID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" +"<option>-c</option>,<option>--gecos</option> <replaceable>КОММЕНТАРИЙ</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" +"Любая текстовая строка, описывающая пользователя. Часто используется в " +"качестве поля для полного имени пользователя." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" +"<option>-h</option>,<option>--home</option> <replaceable>ДОМАШНИЙ_КАТАЛОГ</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" +"Установить домашний каталог пользователя в значение " +"<replaceable>ДОМАШНИЙ_КАТАЛОГ</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" +"<option>-s</option>,<option>--shell</option> <replaceable>ОБОЛОЧКА</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" +"Установить командную оболочку входа пользователя в значение " +"<replaceable>ОБОЛОЧКА</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" +"Интерактивный режим ввода данных пользователя. При использовании этого " +"параметра программа отправляет запрос только тех данных, которые не были " +"получены из параметров команды или домена." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" +"<option>-p</option>,<option>--password-file</option> " +"<replaceable>ФАЙЛ_ПАРОЛЕЙ</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" +"Позволяет указать файл, из которого следует прочитать пароль пользователя. " +"Если значение не указано, программа запросит пароль" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" +"Длина пароля (или размер файла, указанного с помощью параметра -p или --" +"password-file) должна быть меньше или равна PASS_MAX байт (64 байт в " +"системах, где значение PASS_MAX не задано глобально)." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "sssd-ifp" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "Ответчик InfoPipe SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"На этой справочной странице представлено описание настройки ответчика " +"InfoPipe для <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. Подробные сведения о синтаксисе " +"доступны в разделе <quote>ФОРМАТ ФАЙЛА</quote> справочной страницы " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" +"Ответчик InfoPipe предоставляет общедоступный интерфейс D-Bus, доступный по " +"системной шине. Этот интерфейс позволяет пользователю запрашивать данные об " +"удалённых пользователях и группах по системной шине." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ifp.5.xml:43 +msgid "FIND BY VALID CERTIFICATE" +msgstr "ПОИСК ПО ДЕЙСТВУЮЩЕМУ СЕРТИФИКАТУ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:45 +msgid "" +"The following options can be used to control how the certificates are " +"validated when using the FindByValidCertificate() API:" +msgstr "" +"Следующие параметры можно использовать для управления тем, как будут " +"проверяться сертификаты при использовании API FindByValidCertificate():" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:48 sss_ssh_authorizedkeys.1.xml:92 +msgid "ca_db" +msgstr "ca_db" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:49 sss_ssh_authorizedkeys.1.xml:93 +msgid "p11_child_timeout" +msgstr "p11_child_timeout" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:50 sss_ssh_authorizedkeys.1.xml:94 +msgid "certificate_verification" +msgstr "certificate_verification" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:52 +msgid "" +"For more details about the options see <citerefentry><refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." +msgstr "" +"Подробнее об этих параметрах см. <citerefentry><refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:62 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "Эти параметры можно использовать для настройки ответчика InfoPipe." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:69 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" +"Разделённый запятыми список значений UID или имён пользователей, которым " +"разрешён доступ к ответчику InfoPipe. Имена пользователей разрешаются в UID " +"при запуске." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:75 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" +"По умолчанию: 0 (доступ к ответчику InfoPipe разрешён только пользователю " +"root)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:79 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" +"Обратите внимание: несмотря на то, что в качестве стандартного значения " +"используется UID 0, оно будет перезаписано этим параметром. Если всё равно " +"требуется разрешить пользователю root доступ к ответчику InfoPipe (типичный " +"случай), будет необходимо добавить запись «0» в список UID, которым разрешён " +"доступ." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:93 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" +"Разделённый запятыми список атрибутов из «белого» или «чёрного» списков." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "name" +msgstr "name" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:108 +msgid "user's login name" +msgstr "имя пользователя для входа" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "uidNumber" +msgstr "uidNumber" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user ID" +msgstr "идентификатор пользователя" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:115 +msgid "gidNumber" +msgstr "gidNumber" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:116 +msgid "primary group ID" +msgstr "идентификатор основной группы" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:119 +msgid "gecos" +msgstr "gecos" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:120 +msgid "user information, typically full name" +msgstr "данные о пользователе, обычно полное имя" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:123 +msgid "homeDirectory" +msgstr "homeDirectory" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:127 +msgid "loginShell" +msgstr "loginShell" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:128 +msgid "user shell" +msgstr "оболочка пользователя" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:97 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"По умолчанию ответчик InfoPipe позволяет запрашивать только стандартный " +"набор атрибутов POSIX. Этот тот же набор, который возвращает " +"программа<citerefentry> <refentrytitle>getpwnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry>, он содержит: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:141 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:133 +msgid "" +"It is possible to add another attribute to this set by using " +"<quote>+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"В этот набор можно добавить другой атрибут с помощью <quote>+attr_name</" +"quote> или явно удалить атрибут с помощью <quote>-attr_name</quote>. " +"Например, чтобы разрешить <quote>telephoneNumber</quote> и запретить " +"<quote>loginShell</quote>, следует использовать следующую конфигурацию: " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:145 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" +"По умолчанию: не задано. Разрешён только стандартный набор атрибутов POSIX." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:155 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" +"Позволяет указать верхний предел количества записей, загружаемых во время " +"поиска с использованием подстановочных знаков. Переопределяет предел, " +"установленный вызывающей стороной." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:160 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" +"По умолчанию: 0 (разрешить вызывающей стороне установить верхнее ограничение)" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" +"<productname>Модуль SSS rpc.idmapd</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Разработчик (2013—2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Разработчик (2014—)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "sss_rpcidmapd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "инструкции по настройке модуля sss для rpc.idmapd" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "ФАЙЛ КОНФИГУРАЦИИ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" +"Файл конфигурации rpc.idmapd обычно находится здесь: <emphasis>/etc/idmapd." +"conf</emphasis>. Дополнительные сведения доступны на справочной странице " +"<citerefentry> <refentrytitle>idmapd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "РАСШИРЕНИЕ КОНФИГУРАЦИИ SSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "Включить модуль SSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" +"В разделе <quote>[Translation]</quote> измените или укажите атрибут " +"<quote>Method</quote>, чтобы он содержал <emphasis>sss</emphasis>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "Раздел конфигурации [sss]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" +"Чтобы изменить стандартное значение одного из указанных ниже атрибутов " +"конфигурации модуля <emphasis>sss</emphasis>, для него потребуется создать " +"соответствующий раздел конфигурации с именем <quote>[sss]</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "Атрибуты конфигурации" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "memcache (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "Обозначает, следует ли использовать технику оптимизации memcache." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "ИНТЕГРАЦИЯ SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" +"Для работы модуля SSS необходимо включить в SSSD <emphasis>ответчик NSS</" +"emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" +"Атрибут <quote>use_fully_qualified_names</quote> необходимо включить для " +"всех доменов (клиенты NFSv4 ожидают передачи полного имени «на лету»)." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" +"[General]\n" +"Verbosity = 2\n" +"# домен должен быть синхронизирован между сервером NFSv4 и клиентами\n" +"# в Solaris/Illumos/AIX по умолчанию используется «localdomain»!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"В следующем примере показан минимальный idmapd.conf, где используется модуль " +"sss. <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:316 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "СМ. ТАКЖЕ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "sss_ssh_authorizedkeys" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "1" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "получить авторизованные ключи OpenSSH" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" +"<command>sss_ssh_authorizedkeys</command> получает открытые ключи SSH для " +"пользователя <replaceable>USER</replaceable> и выводит их в формате " +"authorized_keys OpenSSH (дополнительные сведения доступны в разделе " +"<quote>ФОРМАТ ФАЙЛА AUTHORIZED_KEYS</quote> справочной страницы " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the " +"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> man page for more details about this option." +msgstr "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> можно настроить на использование " +"<command>sss_ssh_authorizedkeys</command> для проверки подлинности " +"пользователей по открытым ключам, если программа собрана с поддержкой " +"параметра <quote>AuthorizedKeysCommand</quote>. Дополнительные сведения об " +"этом параметре доступны на справочной странице <citerefentry> " +"<refentrytitle>sshd_config</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:59 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:52 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Если параметр <quote>AuthorizedKeysCommand</quote> поддерживается, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> можно настроить на его использование, поместив следующие " +"инструкции в <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_ssh_authorizedkeys.1.xml:65 +msgid "KEYS FROM CERTIFICATES" +msgstr "КЛЮЧИ ИЗ СЕРТИФИКАТОВ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:67 +msgid "" +"In addition to the public SSH keys for user <replaceable>USER</replaceable> " +"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived " +"from the public key of a X.509 certificate as well." +msgstr "" +"Помимо открытых ключей SSH для пользователя <replaceable>USER</replaceable>, " +"<command>sss_ssh_authorizedkeys</command> может также возвращать открытые " +"ключи SSH, производные от открытого ключа сертификата X.509." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:73 +msgid "" +"To enable this the <quote>ssh_use_certificate_keys</quote> option must be " +"set to true (default) in the [ssh] section of <filename>sssd.conf</" +"filename>. If the user entry contains certificates (see " +"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or " +"there is a certificate in an override entry for the user (see " +"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the " +"certificate is valid SSSD will extract the public key from the certificate " +"and convert it into the format expected by sshd." +msgstr "" +"Чтобы включить эту возможность, необходимо установить параметр " +"<quote>ssh_use_certificate_keys</quote> в значение «true» (по умолчанию) в " +"разделе [ssh] файла <filename>sssd.conf</filename>. Если запись пользователя " +"содержит сертификаты (подробные сведения доступны в описании параметра " +"<quote>ldap_user_certificate</quote> на справочной странице " +"<citerefentry><refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>) или имеется сертификат в записи переопределения " +"для пользователя (подробные сведения доступны на справочной " +"странице<citerefentry><refentrytitle>sss_override</refentrytitle> " +"<manvolnum>8</manvolnum></citerefentry> или " +"<citerefentry><refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>) и этот сертификат действителен, то SSSD извлечёт " +"открытый ключ из сертификата и преобразует его в формат, ожидаемый sshd." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:90 +msgid "Besides <quote>ssh_use_certificate_keys</quote> the options" +msgstr "Помимо <quote>ssh_use_certificate_keys</quote>, параметры" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:96 +msgid "" +"can be used to control how the certificates are validated (see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details)." +msgstr "" +"могут использоваться для управления способом проверки сертификатов " +"(подробные сведения доступны на справочной странице " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:101 +msgid "" +"The validation is the benefit of using X.509 certificates instead of SSH " +"keys directly because e.g. it gives a better control of the lifetime of the " +"keys. When the ssh client is configured to use the private keys from a " +"Smartcard with the help of a PKCS#11 shared library (see " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> for details) it might be irritating that authentication is " +"still working even if the related X.509 certificate on the Smartcard is " +"already expired because neither <command>ssh</command> nor <command>sshd</" +"command> will look at the certificate at all." +msgstr "" +"Проверка действительности — то преимущество, которое даёт использование " +"сертификатов X.509 вместо непосредственно ключей SSH; это позволяет лучше " +"управлять временем жизни ключей. Когда клиент SSH настроен на использование " +"закрытых ключей со смарт-карты с помощью общей библиотеки PKCS#11 (подробные " +"сведения доступны на справочной странице <citerefentry><refentrytitle>ssh</" +"refentrytitle> <manvolnum>1</manvolnum></citerefentry>), может раздражать " +"то, что проверка подлинности продолжает работать даже в случае истечения " +"срока действия соответствующего сертификата X.509 на смарт-карте, так как ни " +"<command>ssh</command>, ни <command>sshd</command> не принимают сертификат " +"во внимание." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:114 +msgid "" +"It has to be noted that the derived public SSH key can still be added to the " +"<filename>authorized_keys</filename> file of the user to bypass the " +"certificate validation if the <command>sshd</command> configuration permits " +"this." +msgstr "" +"Следует отметить, что производный открытый ключ SSH можно добавить в " +"файл<filename>authorized_keys</filename> пользователя для обхода проверки " +"действительности сертификата, если это позволяет конфигурация <command>sshd</" +"command>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:132 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"Искать открытые ключи пользователя в домене SSSD <replaceable>DOMAIN</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:102 +msgid "EXIT STATUS" +msgstr "СОСТОЯНИЕ ВЫХОДА" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:104 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" +"В случае успеха возвращается значение состояния выхода «0». В ином случае " +"возвращается «1»." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "sss_ssh_knownhostsproxy" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "получить ключи OpenSSH узла" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and establishes the connection to the host." +msgstr "" +"<command>sss_ssh_knownhostsproxy</command> получает открытые ключи SSH узла " +"для узла <replaceable>HOST</replaceable>, сохраняет их в пользовательском " +"файле known_hosts OpenSSH (подробные сведения доступны в разделе " +"<quote>ФОРМАТ ФАЙЛА SSH_KNOWN_HOSTS</quote> справочной страницы " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry>) <filename>/var/lib/sss/pubconf/known_hosts</filename> и " +"устанавливает подключение к узлу." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" +"Если указано значение <replaceable>PROXY_COMMAND</replaceable>, оно будет " +"использовано для создания подключения к узлу вместо открытия сокета." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> можно настроить на использование " +"<command>sss_ssh_knownhostsproxy</command> для проверки подлинности ключа " +"узла с помощью следующих инструкций по настройке " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" +"Использовать порт <replaceable>PORT</replaceable> для подключения к узлу. По " +"умолчанию используется порт 22." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"Искать открытые ключи узла в домене SSSD <replaceable>DOMAIN</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:89 +msgid "<option>-k</option>,<option>--pubkey</option>" +msgstr "<option>-k</option>,<option>--pubkey</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:93 +msgid "" +"Print the host ssh public keys for host <replaceable>HOST</replaceable>." +msgstr "" +"Вывести открытые ключи SSH узла для узла <replaceable>HOST</replaceable>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: idmap_sss.8.xml:10 idmap_sss.8.xml:15 +msgid "idmap_sss" +msgstr "idmap_sss" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: idmap_sss.8.xml:16 +msgid "SSSD's idmap_sss Backend for Winbind" +msgstr "Внутренний сервер idmap_sss SSSD для Winbind" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:22 +msgid "" +"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. " +"No database is required in this case as the mapping is done by SSSD." +msgstr "" +"Модуль idmap_sss предоставляет способ вызова SSSD для сопоставления UID/GID " +"и SID. В этом случае не нужна база данных, потому что сопоставление " +"выполняет SSSD." + +#. type: Content of: <reference><refentry><refsect1><title> +#: idmap_sss.8.xml:29 +msgid "IDMAP OPTIONS" +msgstr "ПАРАМЕТРЫ IDMAP" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: idmap_sss.8.xml:33 +msgid "range = low - high" +msgstr "range = low - high" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: idmap_sss.8.xml:35 +msgid "" +"Defines the available matching UID and GID range for which the backend is " +"authoritative." +msgstr "" +"Определяет доступный совпадающий диапазон UID и GID, для которого является " +"полномочным внутренний сервер." + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:45 +msgid "" +"This example shows how to configure idmap_sss as the default mapping module." +msgstr "" +"В этом примере показано, как настроить idmap_sss в качестве модуля " +"сопоставления по умолчанию." + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: idmap_sss.8.xml:50 +#, no-wrap +msgid "" +"[global]\n" +"security = ads\n" +"workgroup = <AD-DOMAIN-SHORTNAME>\n" +"\n" +"idmap config <AD-DOMAIN-SHORTNAME> : backend = sss\n" +"idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647\n" +"\n" +"idmap config * : backend = tdb\n" +"idmap config * : range = 100000-199999\n" +" " +msgstr "" +"[global]\n" +"security = ads\n" +"workgroup = <AD-DOMAIN-SHORTNAME>\n" +"\n" +"idmap config <AD-DOMAIN-SHORTNAME> : backend = sss\n" +"idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647\n" +"\n" +"idmap config * : backend = tdb\n" +"idmap config * : range = 100000-199999\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:62 +msgid "" +"Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of " +"the AD domain. If multiple AD domains should be used each domain needs an " +"<literal>idmap config</literal> line with <literal>backend = sss</literal> " +"and a line with a suitable <literal>range</literal>." +msgstr "" +"Замените <AD-DOMAIN-SHORTNAME> на имя NetBIOS домена AD. Если следует " +"использовать несколько доменов AD, для каждого из них необходимо указать " +"строку <literal>idmap config</literal> с <literal>backend = sss</literal> и " +"строку с подходящим <literal>range</literal>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:69 +msgid "" +"Since Winbind requires a writeable default backend and idmap_sss is read-" +"only the example includes <literal>backend = tdb</literal> as default." +msgstr "" +"Так как для Winbind требуется внутренний сервер по умолчанию, который " +"доступен для записи, а idmap_sss доступен только для чтения, в примере в " +"качестве значения по умолчанию указано <literal>backend = tdb</literal>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssctl.8.xml:10 sssctl.8.xml:15 +msgid "sssctl" +msgstr "sssctl" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssctl.8.xml:16 +msgid "SSSD control and status utility" +msgstr "утилита управления и состояния SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssctl.8.xml:21 +msgid "" +"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" +"<command>sssctl</command> <arg choice='plain'><replaceable>КОМАНДА</" +"replaceable></arg> <arg choice='opt'> <replaceable>параметры</replaceable> </" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:32 +msgid "" +"<command>sssctl</command> provides a simple and unified way to obtain " +"information about SSSD status, such as active server, auto-discovered " +"servers, domains and cached objects. In addition, it can manage SSSD data " +"files for troubleshooting in such a way that is safe to manipulate while " +"SSSD is running." +msgstr "" +"<command>sssctl</command> предоставляет простой унифицированный способ " +"получения данных о состоянии SSSD (в частности, активного сервера, " +"автоматически обнаруженных серверов, доменов и кэшированных объектов). Кроме " +"того, программа позволяет управлять файлами данных SSSD для устранения " +"неполадок таким образом, что с ними можно безопасно работать, когда " +"выполняется SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:43 +msgid "" +"To list all available commands run <command>sssctl</command> without any " +"parameters. To print help for selected command run <command>sssctl COMMAND --" +"help</command>." +msgstr "" +"Чтобы вывести все доступные команды, выполните <command>sssctl</command> без " +"каких-либо параметров. Чтобы вывести справку по выбранной команде, выполните " +"<command>sssctl КОМАНДА --help</command>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-files.5.xml:10 sssd-files.5.xml:16 +msgid "sssd-files" +msgstr "sssd-files" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-files.5.xml:17 +msgid "SSSD files provider" +msgstr "поставщик данных файлов SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:23 +msgid "" +"This manual page describes the files provider for <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"На этой справочной странице представлено описание поставщика данных файлов " +"для <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>. Подробные сведения о синтаксисе доступны в " +"разделе <quote>ФОРМАТ ФАЙЛА</quote> справочной страницы <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:36 +msgid "" +"The files provider mirrors the content of the <citerefentry> " +"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files " +"provider is to make the users and groups traditionally only accessible with " +"NSS interfaces also available through the SSSD interfaces such as " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" +"Поставщик данных файлов создаёт зеркальную копию содержимого файлов " +"<citerefentry> <refentrytitle>passwd</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> и <citerefentry> <refentrytitle>group</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. Задача поставщика " +"данных файлов — сделать пользователей и группы, которые обычно доступны " +"только с помощью интерфейсов NSS, также доступными с помощью интерфейсов " +"SSSD, например <citerefentry> <refentrytitle>sssd-ifp</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:55 +msgid "" +"Another reason is to provide efficient caching of local users and groups." +msgstr "" +"Ещё одна задача — предоставить возможность эффективного кэширования данных " +"локальных пользователей и групп." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:58 +#, fuzzy +#| msgid "" +#| "Please note that some distributions enable the files domain " +#| "automatically, prepending the domain before any explicitly configured " +#| "domains. See enable_files_domain in <citerefentry> <refentrytitle>sssd." +#| "conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgid "" +"Please note that besides explicit domain definition the files provider can " +"be configured also implicitly using 'enable_files_domain' option. See " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details." +msgstr "" +"Обратите внимание, что в некоторых дистрибутивов домен файлов включается " +"автоматически, так как он добавлен перед явно настроенными доменами. " +"Смотрите описание параметра enable_files_domain на справочной странице " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:66 +msgid "" +"SSSD never handles resolution of user/group \"root\". Also resolution of UID/" +"GID 0 is not handled by SSSD. Such requests are passed to next NSS module " +"(usually files)." +msgstr "" +"SSSD никогда не обрабатывает разрешение пользователя/группы «root». Кроме " +"того, SSSD не обрабатывает разрешение UID/GID 0. Такие запросы передаются " +"следующему модулю NSS (обычно это модуль файлов)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:71 +msgid "" +"When SSSD is not running or responding, nss_sss returns the UNAVAIL code " +"which causes the request to be passed to the next module." +msgstr "" +"Если программа SSSD не запущена или не отвечает, nss_sss вернёт код UNAVAIL, " +"что приведёт к передаче запроса следующему модулю." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:95 +msgid "passwd_files (string)" +msgstr "passwd_files (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:98 +msgid "" +"Comma-separated list of one or multiple password filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" +"Разделённый запятыми список из одного или нескольких имён файлов паролей, " +"которые будут прочитаны и перечислены поставщиком данных файлов. Для каждого " +"указанного файла будет выполняться динамическое обнаружение изменений с " +"помощью inotify." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:104 +msgid "Default: /etc/passwd" +msgstr "По умолчанию: /etc/passwd" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:110 +msgid "group_files (string)" +msgstr "group_files (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:113 +msgid "" +"Comma-separated list of one or multiple group filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" +"Разделённый запятыми список из одного или нескольких имён файлов групп, " +"которые будут прочитаны и перечислены поставщиком данных файлов. Для каждого " +"указанного файла будет выполняться динамическое обнаружение изменений с " +"помощью inotify." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:119 +msgid "Default: /etc/group" +msgstr "Default: /etc/group" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:125 +msgid "fallback_to_nss (boolean)" +msgstr "fallback_to_nss (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:128 +msgid "" +"While updating the internal data SSSD will return an error and let the " +"client continue with the next NSS module. This helps to avoid delays when " +"using the default system files <filename>/etc/passwd</filename> and " +"<filename>/etc/group</filename> and the NSS configuration has 'sss' before " +"'files' for the 'passwd' and 'group' maps." +msgstr "" +"При обновлении внутренних данных SSSD вернёт ошибку и позволит клиенту " +"продолжить работу со следующим модулем NSS. Это позволяет избежать задержек, " +"когда используются стандартные системные файлы <filename>/etc/passwd</" +"filename> и <filename>/etc/group</filename> и в конфигурации NSS есть «sss» " +"перед «files» для карт «passwd» и «group»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:138 +msgid "" +"If the files provider is configured to monitor other files it makes sense to " +"set this option to 'False' to avoid inconsistent behavior because in general " +"there would be no other NSS module which can be used as a fallback." +msgstr "" +"Если поставщик данных файлов настроен на отслеживание других файлов, имеет " +"смысл установить этот параметр в значение «False», чтобы предотвратить " +"несогласованное поведение, потому что обычно нет другого модуля NSS, который " +"можно было бы использовать в качестве резервного." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:79 +msgid "" +"In addition to the options listed below, generic SSSD domain options can be " +"set where applicable. Refer to the section <quote>DOMAIN SECTIONS</quote> " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for details on the configuration of " +"an SSSD domain. But the purpose of the files provider is to expose the same " +"data as the UNIX files, just through the SSSD interfaces. Therefore not all " +"generic domain options are supported. Likewise, some global options, such as " +"overriding the shell in the <quote>nss</quote> section for all domains has " +"no effect on the files domain unless explicitly specified per-domain. " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"В дополнение к перечисленным ниже параметрам также можно указать типовые " +"параметры домена SSSD, если это применимо. Сведения о конфигурации домена " +"SSSD доступны в разделе <quote>РАЗДЕЛЫ ДОМЕНА</quote> справочной страницы " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. Но задача поставщика данных файлов — " +"предоставить те же данные, что и файлы UNIX, просто с помощью интерфейсов " +"SSSD. Следовательно, поддерживаются не все типовые параметры домена. " +"Аналогичным образом, некоторые глобальные параметры, такие как " +"переопределение оболочки в разделе <quote>nss</quote> для всех доменов, не " +"влияют на домен файлов, если только не указаны явным образом для отдельных " +"доменов. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:157 +msgid "" +"The following example assumes that SSSD is correctly configured and files is " +"one of the domains in the <replaceable>[sssd]</replaceable> section." +msgstr "" +"В следующем примере предполагается, что конфигурация SSSD корректна и что " +"files — один из доменов в разделе <replaceable>[sssd]</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:163 +#, no-wrap +msgid "" +"[domain/files]\n" +"id_provider = files\n" +msgstr "" +"[domain/files]\n" +"id_provider = files\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:168 +msgid "" +"To leverage caching of local users and groups by SSSD nss_sss module must be " +"listed before nss_files module in /etc/nsswitch.conf." +msgstr "" +"Чтобы воспользоваться преимуществами кэширования данных локальных " +"пользователей и групп с помощью SSSD, необходимо указать модуль nss_sss " +"перед модулем nss_files в /etc/nsswitch.conf." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:174 +#, no-wrap +msgid "" +"passwd: sss files\n" +"group: sss files\n" +msgstr "" +"passwd: sss files\n" +"group: sss files\n" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16 +msgid "sssd-session-recording" +msgstr "sssd-session-recording" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-session-recording.5.xml:17 +msgid "Configuring session recording with SSSD" +msgstr "Настройка записи сеансов с помощью SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to " +"implement user session recording on text terminals. For a detailed " +"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> " +"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"На этой справочной странице представлено описание настройки <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"для работы с <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, частью пакета tlog, для реализации " +"записи сеансов пользователей на текстовых терминалах. Подробные сведения о " +"синтаксисе доступны в разделе <quote>ФОРМАТ ФАЙЛА</quote> справочной " +"страницы <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:41 +msgid "" +"SSSD can be set up to enable recording of everything specific users see or " +"type during their sessions on text terminals. E.g. when users log in on the " +"console, or via SSH. SSSD itself doesn't record anything, but makes sure " +"tlog-rec-session is started upon user login, so it can record according to " +"its configuration." +msgstr "" +"SSSD можно настроить на включение записи всего, что определённые " +"пользователи видят или набирают во время сеансов работы на текстовых " +"терминалах. Например, можно записывать данные входа пользователей с помощью " +"терминала или SSH. Сам сервис SSSD ничего не записывает, но обеспечивает " +"запуск tlog-rec-session при входе пользователя, чтобы эта программа вела " +"запись согласно своим параметрам конфигурации." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:48 +msgid "" +"For users with session recording enabled, SSSD replaces the user shell with " +"tlog-rec-session in NSS responses, and adds a variable specifying the " +"original shell to the user environment, upon PAM session setup. This way " +"tlog-rec-session can be started in place of the user shell, and know which " +"actual shell to start, once it set up the recording." +msgstr "" +"Для пользователей, для которых включена запись сеансов, SSSD заменяет " +"оболочку пользователя на tlog-rec-session в ответах NSS и добавляет " +"переменную, которая указывает исходную оболочку для среды пользователя, при " +"настройке сеанса PAM. Таким образом обеспечивается запуск tlog-rec-session " +"вместо оболочки пользователя и предоставление данных о том, какую командную " +"оболочку следует запустить после настройки записи." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:60 +msgid "These options can be used to configure the session recording." +msgstr "Эти параметры можно использовать для настройки записи сеансов." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:178 +msgid "" +"The following snippet of sssd.conf enables session recording for users " +"\"contractor1\" and \"contractor2\", and group \"students\"." +msgstr "" +"Следующий фрагмент sssd.conf включает запись сеансов для пользователей " +"«contractor1» и «contractor2», а также группы «students»." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-session-recording.5.xml:183 +#, no-wrap +msgid "" +"[session_recording]\n" +"scope = some\n" +"users = contractor1, contractor2\n" +"groups = students\n" +msgstr "" +"[session_recording]\n" +"scope = some\n" +"users = contractor1, contractor2\n" +"groups = students\n" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16 +msgid "sssd-kcm" +msgstr "sssd-kcm" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-kcm.8.xml:17 +msgid "SSSD Kerberos Cache Manager" +msgstr "Диспетчер кэшей Kerberos SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:23 +msgid "" +"This manual page describes the configuration of the SSSD Kerberos Cache " +"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos " +"credential caches. It originates in the Heimdal Kerberos project, although " +"the MIT Kerberos library also provides client side (more details on that " +"below) support for the KCM credential cache." +msgstr "" +"На этой справочной странице представлено описание настройки диспетчера кэшей " +"Kerberos SSSD (Kerberos Cache Manager или KCM). KCM — это процесс, который " +"хранит кэши учётных данных Kerberos, отслеживает эти кэши и управляет ими. " +"Он был создан на основе проекта Heimdal Kerberos, хотя библиотека MIT " +"Kerberos также предоставляет поддержку со стороны клиента (подробнее об этом " +"далее) для кэша учётных данных KCM." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:31 +msgid "" +"In a setup where Kerberos caches are managed by KCM, the Kerberos library " +"(typically used through an application, like e.g., <citerefentry> " +"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </" +"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is " +"being referred to as a <quote>\"KCM server\"</quote>. The client and server " +"communicate over a UNIX socket." +msgstr "" +"В конфигурации, где кэшами Kerberos управляет KCM, библиотека Kerberos " +"(обычно используемая через приложение, например <citerefentry> " +"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </" +"citerefentry>) является <quote>клиентом KCM</quote>, а внутренняя служба KCM " +"называется <quote>сервером KCM</quote>. Клиент и сервер обмениваются данными " +"с помощью сокета UNIX." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:42 +msgid "" +"The KCM server keeps track of each credential caches's owner and performs " +"access check control based on the UID and GID of the KCM client. The root " +"user has access to all credential caches." +msgstr "" +"Сервер KCM следит за всеми владельцами кэшей учётных данных и осуществляет " +"управление проверками прав доступа на основе UID и GID клиента KCM. " +"Пользователь root имеет доступ ко всем кэшам учётных данных." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:47 +msgid "The KCM credential cache has several interesting properties:" +msgstr "Кэш учётных данных KCM обладает несколькими интересными свойствами:" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:51 +msgid "" +"since the process runs in userspace, it is subject to UID namespacing, " +"unlike the kernel keyring" +msgstr "" +"так как процесс выполняется в пространстве пользователей, он подлежит " +"ограничениям по пространству имён UID, в отличие от набора ключей ядра" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:56 +msgid "" +"unlike the kernel keyring-based cache, which is shared between all " +"containers, the KCM server is a separate process whose entry point is a UNIX " +"socket" +msgstr "" +"в отличие от кэша на основе набора ключей ядра, который является общим для " +"всех контейнеров, сервер KCM представляет собой отдельный процесс, точкой " +"входа которого является сокет UNIX" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:61 +msgid "" +"the SSSD implementation stores the ccaches in a database, typically located " +"at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to " +"survive KCM server restarts or machine reboots." +msgstr "" +"реализация SSSD сохраняет данные ccache в базе данных (обычно она находится " +"по адресу <replaceable>/var/lib/sss/secrets</replaceable>), что позволяет не " +"терять эти данные при перезапусках сервера KCM или перезагрузках компьютера." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:67 +msgid "" +"This allows the system to use a collection-aware credential cache, yet share " +"the credential cache between some or no containers by bind-mounting the " +"socket." +msgstr "" +"Это позволяет системе использовать кэш учётных данных с учётом сбора, " +"одновременно делая кэш учётных данных общим для нескольких контейнеров (или " +"для никаких контейнеров вообще) путём привязки-монтирования сокета." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:72 +msgid "" +"The KCM default client idle timeout is 5 minutes, this allows more time for " +"user interaction with command line tools such as kinit." +msgstr "" +"Тайм-аут простоя клиента KCM по умолчанию составляет 5 минут, что " +"предоставляет больше времени на взаимодействие пользователя с инструментами " +"командной строки, например kinit." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:78 +msgid "USING THE KCM CREDENTIAL CACHE" +msgstr "ИСПОЛЬЗОВАНИЕ КЭША УЧЁТНЫХ ДАННЫХ KCM" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:88 +#, no-wrap +msgid "" +"[libdefaults]\n" +" default_ccache_name = KCM:\n" +" " +msgstr "" +"[libdefaults]\n" +" default_ccache_name = KCM:\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:80 +msgid "" +"In order to use KCM credential cache, it must be selected as the default " +"credential type in <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials " +"cache name must be only <quote>KCM:</quote> without any template " +"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Чтобы использовать кэш учётных данных KCM, необходимо выбрать его в качестве " +"стандартного типа учётных данных в <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>. Именем кэша учётных " +"данных может быть только <quote>KCM:</quote>, без каких-либо расширений " +"шаблонов. Например: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:93 +msgid "" +"Next, make sure the Kerberos client libraries and the KCM server must agree " +"on the UNIX socket path. By default, both use the same path <replaceable>/" +"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos " +"library, change its <quote>kcm_socket</quote> option which is described in " +"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" +"Далее следует указать одинаковый путь к сокету UNIX для клиентских библиотек " +"Kerberos и сервера KCM. По умолчанию и для библиотек, и для сервера " +"используется путь <replaceable>/var/run/.heim_org.h5l.kcm-socket</" +"replaceable>. Чтобы настроить библиотеку Kerberos, измените её параметр " +"<quote>kcm_socket</quote>, описание которого приводится на справочной " +"странице <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:115 +#, no-wrap +msgid "" +"systemctl start sssd-kcm.socket\n" +"systemctl enable sssd-kcm.socket\n" +" " +msgstr "" +"systemctl start sssd-kcm.socket\n" +"systemctl enable sssd-kcm.socket\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:104 +msgid "" +"Finally, make sure the SSSD KCM server can be contacted. The KCM service is " +"typically socket-activated by <citerefentry> <refentrytitle>systemd</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD " +"services, it cannot be started by adding the <quote>kcm</quote> string to " +"the <quote>service</quote> directive. <placeholder type=\"programlisting\" " +"id=\"0\"/> Please note your distribution may already configure the units for " +"you." +msgstr "" +"И наконец, следует убедиться, что с сервером KCM SSSD можно связаться. " +"Служба KCM обычно активируется <citerefentry> <refentrytitle>systemd</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> с помощью сокета. В " +"отличие от других служб SSSD, её нельзя запустить, добавив строку " +"<quote>kcm</quote> к инструкции <quote>service</quote>. <placeholder " +"type=\"programlisting\" id=\"0\"/> Обратите внимание, что в дистрибутиве уже " +"может быть выполнена соответствующая настройка модулей." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:124 +msgid "THE CREDENTIAL CACHE STORAGE" +msgstr "ХРАНИЛИЩЕ КЭША УЧЁТНЫХ ДАННЫХ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:126 +msgid "" +"The credential caches are stored in a database, much like SSSD caches user " +"or group entries. The database is typically located at <quote>/var/lib/sss/" +"secrets</quote>." +msgstr "" +"Кэши учётных данных хранятся в базе данных, что очень похоже на хранение " +"кэшей записей пользователей и групп SSSD. Обычно эта база данных находится " +"по адресу <quote>/var/lib/sss/secrets</quote>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:133 +msgid "OBTAINING DEBUG LOGS" +msgstr "ПОЛУЧЕНИЕ ЖУРНАЛА ОТЛАДКИ" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:144 +#, no-wrap +msgid "" +"[kcm]\n" +"debug_level = 10\n" +" " +msgstr "" +"[kcm]\n" +"debug_level = 10\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:149 sssd-kcm.8.xml:211 +#, no-wrap +msgid "" +"systemctl restart sssd-kcm.service\n" +" " +msgstr "" +"systemctl restart sssd-kcm.service\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:135 +msgid "" +"The sssd-kcm service is typically socket-activated <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry>. To generate debug logs, add the following either to the " +"<filename>/etc/sssd/sssd.conf</filename> file directly or as a configuration " +"snippet to <filename>/etc/sssd/conf.d/</filename> directory: <placeholder " +"type=\"programlisting\" id=\"0\"/> Then, restart the sssd-kcm service: " +"<placeholder type=\"programlisting\" id=\"1\"/> Finally, run whatever use-" +"case doesn't work for you. The KCM logs will be generated at <filename>/var/" +"log/sssd/sssd_kcm.log</filename>. It is recommended to disable the debug " +"logs when you no longer need the debugging to be enabled as the sssd-kcm " +"service can generate quite a large amount of debugging information." +msgstr "" +"Служба sssd-kcm обычно активируется на сокете <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry>. Для генерации журнала отладки добавьте следующее либо " +"непосредственно в файл <filename>/etc/sssd/sssd.conf</filename>, либо как " +"фрагмент конфигурации в каталог <filename>/etc/sssd/conf.d/</filename>: " +"<placeholder type=\"programlisting\" id=\"0\"/> Затем перезапустите службу " +"sssd-kcm: <placeholder type=\"programlisting\" id=\"1\"/> И выполните те " +"действия, которые не приводят к желаемым результатам. Журнал KCM будет " +"записан в <filename>/var/log/sssd/sssd_kcm.log</filename>. Когда в работе " +"службы отладки больше не будет необходимости, рекомендуется отключить журнал " +"отладки, так как служба sssd-kcm может генерировать довольно большое " +"количество данных отладки." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:159 +msgid "" +"Please note that configuration snippets are, at the moment, only processed " +"if the main configuration file at <filename>/etc/sssd/sssd.conf</filename> " +"exists at all." +msgstr "" +"Обратите внимание, что в настоящее время фрагменты конфигурации " +"обрабатываются только в том случае, если основной файл конфигурации по пути " +"<filename>/etc/sssd/sssd.conf</filename> существует." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:166 +msgid "RENEWALS" +msgstr "ОБНОВЛЕНИЯ" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:174 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"krb5_renew_interval = 60m\n" +" " +msgstr "" +"tgt_renewal = true\n" +"krb5_renew_interval = 60m\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:168 +msgid "" +"The sssd-kcm service can be configured to attempt TGT renewal for renewable " +"TGTs stored in the KCM ccache. Renewals are only attempted when half of the " +"ticket lifetime has been reached. KCM Renewals are configured when the " +"following options are set in the [kcm] section: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Службу sssd-kcm можно настроить на выполнение попыток обновления TGT для " +"обновляемых TGT, которые хранятся в ccache KCM. Попытка обновления " +"выполняется только в том случае, если прошла половина времени жизни билета. " +"Обновления KCM настраиваются при установке следующих параметров в разделе " +"[kcm]: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:179 +msgid "" +"SSSD can also inherit krb5 options for renewals from an existing domain." +msgstr "" +"SSSD также может наследовать параметры krb5 для обновлений из существующего " +"домена." + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: sssd-kcm.8.xml:183 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"tgt_renewal_inherit = domain-name\n" +" " +msgstr "" +"tgt_renewal = true\n" +"tgt_renewal_inherit = domain-name\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:191 +#, no-wrap +msgid "" +"krb5_renew_interval\n" +"krb5_renewable_lifetime\n" +"krb5_lifetime\n" +"krb5_validate\n" +"krb5_canonicalize\n" +"krb5_auth_timeout\n" +" " +msgstr "" +"krb5_renew_interval\n" +"krb5_renewable_lifetime\n" +"krb5_lifetime\n" +"krb5_validate\n" +"krb5_canonicalize\n" +"krb5_auth_timeout\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:187 +msgid "" +"The following krb5 options can be configured in the [kcm] section to control " +"renewal behavior, these options are described in detail below <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Для управления поведением обновлений в разделе [kcm] можно настроить " +"следующие параметры krb5 (подробное описание этих параметров приводится " +"далее) <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:204 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> section of the sssd." +"conf file. Please note that because the KCM service is typically socket-" +"activated, it is enough to just restart the <quote>sssd-kcm</quote> service " +"after changing options in the <quote>kcm</quote> section of sssd.conf: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Служба KCM настраивается в разделе <quote>kcm</quote> файла sssd.conf. " +"Обратите внимание: так как служба KCM обычно активируется с помощью сокета, " +"достаточно просто перезапустить службу <quote>sssd-kcm</quote> после " +"изменения параметров в разделе <quote>kcm</quote> sssd.conf: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:215 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> For a detailed " +"syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" +"Настройки службы KCM выполняются с помощью <quote>kcm</quote>. Подробные " +"сведения о синтаксисе доступны в разделе <quote>ФОРМАТ ФАЙЛА</quote> " +"справочной страницы <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:223 +msgid "" +"The generic SSSD service options such as <quote>debug_level</quote> or " +"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for a complete list. In addition, " +"there are some KCM-specific options as well." +msgstr "" +"Службе kcm можно передавать типовые параметры сервиса SSSD, такие как " +"<quote>debug_level</quote> или<quote>fd_limit</quote>. Полный список " +"параметров доступен на справочной странице <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>. Кроме того, предусмотрено несколько специфичных для KCM " +"параметров." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:234 +msgid "socket_path (string)" +msgstr "socket_path (строка)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:237 +msgid "The socket the KCM service will listen on." +msgstr "Сокет, на котором будет ожидать передачи данных служба KCM." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:240 +msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" +msgstr "" +"По умолчанию: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:243 +msgid "" +"<phrase condition=\"have_systemd\"> Note: on platforms where systemd is " +"supported, the socket path is overwritten by the one defined in the sssd-kcm." +"socket unit file. </phrase>" +msgstr "" +"<phrase condition=\"have_systemd\"> Примечание: на платформах, которые " +"поддерживают systemd, путь к сокету перезаписан путём, который определён в " +"файле модуля sssd-kcm.socket. </phrase>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:252 +msgid "max_ccaches (integer)" +msgstr "max_ccaches (целое число)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:255 +msgid "How many credential caches does the KCM database allow for all users." +msgstr "" +"Сколько кэшей учётных данных может содержать база данных KCM для всех " +"пользователей." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:259 +msgid "Default: 0 (unlimited, only the per-UID quota is enforced)" +msgstr "" +"По умолчанию: 0 (без ограничений, принудительно применяется только квота для " +"отдельного UID)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:264 +msgid "max_uid_ccaches (integer)" +msgstr "max_uid_ccaches (целое число)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:267 +msgid "" +"How many credential caches does the KCM database allow per UID. This is " +"equivalent to <quote>with how many principals you can kinit</quote>." +msgstr "" +"Сколько кэшей учётных данных может содержать база данных KCM для одного UID. " +"Это эквивалентно <quote>количеству участников, инициализацию которых можно " +"выполнить с помощью kinit</quote>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:272 +msgid "Default: 64" +msgstr "По умолчанию: 64" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:277 +msgid "max_ccache_size (integer)" +msgstr "max_ccache_size (целое число)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:280 +msgid "" +"How big can a credential cache be per ccache. Each service ticket accounts " +"into this quota." +msgstr "" +"Максимальный размер кэша учётных данных для отдельного ccache. Эта квота " +"вычисляется сразу для всех билетов служб." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:284 +msgid "Default: 65536" +msgstr "По умолчанию: 65536" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:289 +msgid "tgt_renewal (bool)" +msgstr "tgt_renewal (логическое значение)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:292 +msgid "Enables TGT renewals functionality." +msgstr "Включает функциональную возможность обновлений TGT." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:295 +msgid "Default: False (Automatic renewals disabled)" +msgstr "По умолчанию: False (автоматические обновления отключены)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:300 +msgid "tgt_renewal_inherit (string)" +msgstr "tgt_renewal_inherit (строка)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:303 +msgid "Domain to inherit krb5_* options from, for use with TGT renewals." +msgstr "" +"Домен, от которого наследуются параметры krb5_*, для использования при " +"обновлении TGT." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:307 +msgid "Default: NULL" +msgstr "По умолчанию: NULL" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:318 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>," +msgstr "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>," + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16 +msgid "sssd-systemtap" +msgstr "sssd-systemtap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-systemtap.5.xml:17 +msgid "SSSD systemtap information" +msgstr "Информация о systemtap SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:23 +msgid "" +"This manual page provides information about the systemtap functionality in " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>." +msgstr "" +"На этой справочной странице представлена информация о функциональных " +"возможностях systemtap в <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:32 +msgid "" +"SystemTap Probe points have been added into various locations in SSSD code " +"to assist in troubleshooting and analyzing performance related issues." +msgstr "" +"В различные места кода SSSD были добавлены точки зондирования SystemTap для " +"упрощения анализа и устранения проблем с производительностью." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:40 +msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/" +msgstr "Примеры сценариев SystemTap: /usr/share/sssd/systemtap/" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:46 +msgid "" +"Probes and miscellaneous functions are defined in /usr/share/systemtap/" +"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp " +"respectively." +msgstr "" +"Зонды и прочие функции определены, соответственно, в /usr/share/systemtap/" +"tapset/sssd.stp и /usr/share/systemtap/tapset/sssd_functions.stp." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:57 +msgid "PROBE POINTS" +msgstr "ТОЧКИ ЗОНДИРОВАНИЯ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:367 +msgid "" +"The information below lists the probe points and arguments available in the " +"following format:" +msgstr "" +"Далее приводится список точек зондирования и аргументов, которые доступны в " +"следующем формате:" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:64 +msgid "probe $name" +msgstr "probe $name" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:67 +msgid "Description of probe point" +msgstr "Описание точки зондирования" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:70 +#, no-wrap +msgid "" +"variable1:datatype\n" +"variable2:datatype\n" +"variable3:datatype\n" +"...\n" +" " +msgstr "" +"variable1:datatype\n" +"variable2:datatype\n" +"variable3:datatype\n" +"...\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:80 +msgid "Database Transaction Probes" +msgstr "Зонды транзакций базы данных" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:84 +msgid "probe sssd_transaction_start" +msgstr "probe sssd_transaction_start" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:87 +msgid "" +"Start of a sysdb transaction, probes the sysdb_transaction_start() function." +msgstr "Начало транзакции sysdb, зондирует функцию sysdb_transaction_start()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118 +#: sssd-systemtap.5.xml:131 +#, no-wrap +msgid "" +"nesting:integer\n" +"probestr:string\n" +" " +msgstr "" +"nesting:целое число\n" +"probestr:строка\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:97 +msgid "probe sssd_transaction_cancel" +msgstr "probe sssd_transaction_cancel" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:100 +msgid "" +"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() " +"function." +msgstr "Отмена транзакции sysdb, зондирует функцию sysdb_transaction_cancel()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:111 +msgid "probe sssd_transaction_commit_before" +msgstr "probe sssd_transaction_commit_before" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:114 +msgid "Probes the sysdb_transaction_commit_before() function." +msgstr "Зондирует функцию sysdb_transaction_commit_before()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:124 +msgid "probe sssd_transaction_commit_after" +msgstr "probe sssd_transaction_commit_after" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:127 +msgid "Probes the sysdb_transaction_commit_after() function." +msgstr "Зондирует функцию sysdb_transaction_commit_after()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:141 +msgid "LDAP Search Probes" +msgstr "Зонды поиска LDAP" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:145 +msgid "probe sdap_search_send" +msgstr "probe sdap_search_send" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:148 +msgid "Probes the sdap_get_generic_ext_send() function." +msgstr "Зондирует функцию sdap_get_generic_ext_send()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:152 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"attrs:string\n" +"probestr:string\n" +" " +msgstr "" +"base:строка\n" +"scope:целое число\n" +"filter:строка\n" +"attrs:строка\n" +"probestr:строка\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:161 +msgid "probe sdap_search_recv" +msgstr "probe sdap_search_recv" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:164 +msgid "Probes the sdap_get_generic_ext_recv() function." +msgstr "Зондирует функцию sdap_get_generic_ext_recv()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:168 sssd-systemtap.5.xml:222 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"probestr:string\n" +" " +msgstr "" +"base:строка\n" +"scope:целое число\n" +"filter:строка\n" +"probestr:строка\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:176 +msgid "probe sdap_parse_entry" +msgstr "probe sdap_parse_entry" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:179 +msgid "" +"Probes the sdap_parse_entry() function. It is called repeatedly with every " +"received attribute." +msgstr "" +"Зондирует функцию sdap_parse_entry(). Вызывается повторно для каждого " +"полученного атрибута." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:184 +#, no-wrap +msgid "" +"attr:string\n" +"value:string\n" +" " +msgstr "" +"attr:строка\n" +"value:строка\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:190 +msgid "probe sdap_parse_entry_done" +msgstr "probe sdap_parse_entry_done" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:193 +msgid "" +"Probes the sdap_parse_entry() function. It is called when parsing of " +"received object is finished." +msgstr "" +"Зондирует функцию sdap_parse_entry(). Вызывается по завершении обработки " +"полученного объекта." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:201 +msgid "probe sdap_deref_send" +msgstr "probe sdap_deref_send" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:204 +msgid "Probes the sdap_deref_search_send() function." +msgstr "Зондирует функцию sdap_deref_search_send()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:208 +#, no-wrap +msgid "" +"base_dn:string\n" +"deref_attr:string\n" +"probestr:string\n" +" " +msgstr "" +"base_dn:строка\n" +"deref_attr:строка\n" +"probestr:строка\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:215 +msgid "probe sdap_deref_recv" +msgstr "probe sdap_deref_recv" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:218 +msgid "Probes the sdap_deref_search_recv() function." +msgstr "Зондирует функцию sdap_deref_search_recv()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:234 +msgid "LDAP Account Request Probes" +msgstr "Зонды запросов учётных записей LDAP" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:238 +msgid "probe sdap_acct_req_send" +msgstr "probe sdap_acct_req_send" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:241 +msgid "Probes the sdap_acct_req_send() function." +msgstr "Зондирует функцию sdap_acct_req_send()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:245 sssd-systemtap.5.xml:260 +#, no-wrap +msgid "" +"entry_type:int\n" +"filter_type:int\n" +"filter_value:string\n" +"extra_value:string\n" +" " +msgstr "" +"entry_type:целое число\n" +"filter_type:целое число\n" +"filter_value:строка\n" +"extra_value:строка\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:253 +msgid "probe sdap_acct_req_recv" +msgstr "probe sdap_acct_req_recv" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:256 +msgid "Probes the sdap_acct_req_recv() function." +msgstr "Зондирует функцию sdap_acct_req_recv()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:272 +msgid "LDAP User Search Probes" +msgstr "Зонды поиска пользователей LDAP" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:276 +msgid "probe sdap_search_user_send" +msgstr "probe sdap_search_user_send" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:279 +msgid "Probes the sdap_search_user_send() function." +msgstr "Зондирует функцию sdap_search_user_send()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:283 sssd-systemtap.5.xml:295 sssd-systemtap.5.xml:307 +#: sssd-systemtap.5.xml:319 +#, no-wrap +msgid "" +"filter:string\n" +" " +msgstr "" +"filter:строка\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:288 +msgid "probe sdap_search_user_recv" +msgstr "probe sdap_search_user_recv" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:291 +msgid "Probes the sdap_search_user_recv() function." +msgstr "Зондирует функцию sdap_search_user_recv()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:300 +msgid "probe sdap_search_user_save_begin" +msgstr "probe sdap_search_user_save_begin" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:303 +msgid "Probes the sdap_search_user_save_begin() function." +msgstr "Зондирует функцию sdap_search_user_save_begin()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:312 +msgid "probe sdap_search_user_save_end" +msgstr "probe sdap_search_user_save_end" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:315 +msgid "Probes the sdap_search_user_save_end() function." +msgstr "Зондирует функцию sdap_search_user_save_end()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:328 +msgid "Data Provider Request Probes" +msgstr "Зонды запросов поставщика данных" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:332 +msgid "probe dp_req_send" +msgstr "probe dp_req_send" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:335 +msgid "A Data Provider request is submitted." +msgstr "Запрос поставщика данных отправлен." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:338 +#, no-wrap +msgid "" +"dp_req_domain:string\n" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +" " +msgstr "" +"dp_req_domain:строка\n" +"dp_req_name:строка\n" +"dp_req_target:целое число\n" +"dp_req_method:целое число\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:346 +msgid "probe dp_req_done" +msgstr "probe dp_req_done" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:349 +msgid "A Data Provider request is completed." +msgstr "Запрос поставщика данных завершён." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:352 +#, no-wrap +msgid "" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +"dp_ret:int\n" +"dp_errorstr:string\n" +" " +msgstr "" +"dp_req_name:строка\n" +"dp_req_target:целое число\n" +"dp_req_method:целое число\n" +"dp_ret:целое число\n" +"dp_errorstr:строка\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:365 +msgid "MISCELLANEOUS FUNCTIONS" +msgstr "ПРОЧИЕ ФУНКЦИИ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:372 +msgid "function acct_req_desc(entry_type)" +msgstr "function acct_req_desc(entry_type)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:375 +msgid "Convert entry_type to string and return string" +msgstr "Преобразовать entry_type в строку и вернуть строку" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:380 +msgid "" +"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, " +"filter_value, extra_value)" +msgstr "" +"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, " +"filter_value, extra_value)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:384 +msgid "Create probe string based on filter type" +msgstr "Создать строку зондирования на основании типа фильтра" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:389 +msgid "function dp_target_str(target)" +msgstr "function dp_target_str(target)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:392 +msgid "Convert target to string and return string" +msgstr "Преобразовать цель в строку и вернуть строку" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:397 +msgid "function dp_method_str(target)" +msgstr "function dp_method_str(target)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:400 +msgid "Convert method to string and return string" +msgstr "Преобразовать метод в строку и вернуть строку" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:410 +msgid "SAMPLE SYSTEMTAP SCRIPTS" +msgstr "ПРИМЕРЫ СЦЕНАРИЕВ SYSTEMTAP" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:412 +msgid "" +"Start the SystemTap script (<command>stap /usr/share/sssd/systemtap/<" +"script_name>.stp</command>), then perform an identity operation and the " +"script will collect information from probes." +msgstr "" +"Запустите сценарий SystemTap (<command>stap /usr/share/sssd/systemtap/<" +"script_name>.stp</command>), затем выполните операцию идентификации, и " +"сценарий соберёт данные с помощью зондов." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:418 +msgid "Provided SystemTap scripts are:" +msgstr "Предоставляемые пакетом сценарии SystemTap:" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:422 +msgid "dp_request.stp" +msgstr "dp_request.stp" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:425 +msgid "Monitoring of data provider request performance." +msgstr "Отслеживание скорости обработки запросов поставщиком данных." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:430 +msgid "id_perf.stp" +msgstr "id_perf.stp" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:433 +msgid "Monitoring of <command>id</command> command performance." +msgstr "Отслеживание скорости выполнения команды <command>id</command>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:439 +msgid "ldap_perf.stp" +msgstr "ldap_perf.stp" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:442 +msgid "Monitoring of LDAP queries." +msgstr "Отслеживание запросов LDAP." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:447 +msgid "nested_group_perf.stp" +msgstr "nested_group_perf.stp" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:450 +msgid "Performance of nested groups resolving." +msgstr "Скорость разрешения вложенных групп." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +msgid "sssd-ldap-attributes" +msgstr "sssd-ldap-attributes" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap-attributes.5.xml:17 +msgid "SSSD LDAP Provider: Mapping Attributes" +msgstr "Поставщик данных LDAP SSSD: атрибуты сопоставления" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap-attributes.5.xml:23 +msgid "" +"This manual page describes the mapping attributes of SSSD LDAP provider " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. Refer to the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " +"for full details about SSSD LDAP provider configuration options." +msgstr "" +"На этой справочной странице представлено описание атрибутов сопоставления " +"поставщика данных LDAP SSSD <citerefentry> <refentrytitle>sssd-ldap</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. Подробные сведения " +"о параметрах настройки поставщика данных LDAP SSSD доступны на справочной " +"странице <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:38 +msgid "USER ATTRIBUTES" +msgstr "АТРИБУТЫ ПОЛЬЗОВАТЕЛЯ" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:42 +msgid "ldap_user_object_class (string)" +msgstr "ldap_user_object_class (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:45 +msgid "The object class of a user entry in LDAP." +msgstr "Класс объектов записи пользователя в LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:48 +msgid "Default: posixAccount" +msgstr "По умолчанию: posixAccount" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:54 +msgid "ldap_user_name (string)" +msgstr "ldap_user_name (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:57 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "Атрибут LDAP, соответствующий имени пользователя для входа." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:61 +msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "По умолчанию: uid (rfc2307, rfc2307bis и IPA), sAMAccountName (AD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:68 +msgid "ldap_user_uid_number (string)" +msgstr "ldap_user_uid_number (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:71 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "Атрибут LDAP, соответствующий идентификатору пользователя." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:75 +msgid "Default: uidNumber" +msgstr "По умолчанию: uidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:81 +msgid "ldap_user_gid_number (string)" +msgstr "ldap_user_gid_number (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:84 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" +"Атрибут LDAP, соответствующий идентификатору основной группы пользователя." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:88 sssd-ldap-attributes.5.xml:698 +msgid "Default: gidNumber" +msgstr "По умолчанию: gidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:94 +msgid "ldap_user_primary_group (string)" +msgstr "ldap_user_primary_group (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:97 +msgid "" +"Active Directory primary group attribute for ID-mapping. Note that this " +"attribute should only be set manually if you are running the <quote>ldap</" +"quote> provider with ID mapping." +msgstr "" +"Атрибут основной группы Active Directory для сопоставления ID. Обратите " +"внимание, что этот атрибут следует устанавливать только вручную, если " +"запущен поставщик <quote>ldap</quote> с сопоставлением ID." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:103 +msgid "Default: unset (LDAP), primaryGroupID (AD)" +msgstr "По умолчанию: не задано (LDAP), primaryGroupID (AD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:109 +msgid "ldap_user_gecos (string)" +msgstr "ldap_user_gecos (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:112 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "Атрибут LDAP, соответствующий полю gecos пользователя." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:116 +msgid "Default: gecos" +msgstr "По умолчанию: gecos" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:122 +msgid "ldap_user_home_directory (string)" +msgstr "ldap_user_home_directory (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:125 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "Атрибут LDAP, который содержит имя домашнего каталога пользователя." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:129 +msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)" +msgstr "По умолчанию: homeDirectory (LDAP и IPA), unixHomeDirectory (AD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:135 +msgid "ldap_user_shell (string)" +msgstr "ldap_user_shell (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:138 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" +"Атрибут LDAP, который содержит путь к стандартной оболочке пользователя." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:142 +msgid "Default: loginShell" +msgstr "По умолчанию: loginShell" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:148 +msgid "ldap_user_uuid (string)" +msgstr "ldap_user_uuid (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:151 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "Атрибут LDAP, который содержит UUID/GUID объекта пользователя LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:155 sssd-ldap-attributes.5.xml:724 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" +"По умолчанию: не задано в общем случае, objectGUID для AD и ipaUniqueID для " +"IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:162 +msgid "ldap_user_objectsid (string)" +msgstr "ldap_user_objectsid (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:165 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"Атрибут LDAP, который содержит objectSID объекта пользователя LDAP. Обычно " +"требуется только для серверов Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:170 sssd-ldap-attributes.5.xml:739 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" +"По умолчанию: objectSid для Active Directory, не задано для других серверов." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:177 +msgid "ldap_user_modify_timestamp (string)" +msgstr "ldap_user_modify_timestamp (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:180 sssd-ldap-attributes.5.xml:749 +#: sssd-ldap-attributes.5.xml:872 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" +"Атрибут LDAP, который содержит отметку времени последнего изменения " +"родительского объекта." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:184 sssd-ldap-attributes.5.xml:753 +#: sssd-ldap-attributes.5.xml:879 +msgid "Default: modifyTimestamp" +msgstr "По умолчанию: modifyTimestamp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:190 +msgid "ldap_user_shadow_last_change (string)" +msgstr "ldap_user_shadow_last_change (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:193 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" +"Если используется ldap_pwd_policy=shadow, этот параметр содержит имя " +"атрибута LDAP, соответствующего сопряжённому <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (дата последней смены пароля)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:203 +msgid "Default: shadowLastChange" +msgstr "По умолчанию: shadowLastChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:209 +msgid "ldap_user_shadow_min (string)" +msgstr "ldap_user_shadow_min (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:212 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" +"Если используется ldap_pwd_policy=shadow, этот параметр содержит имя " +"атрибута LDAP, соответствующего сопряжённому <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (минимальный срок действия пароля)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:221 +msgid "Default: shadowMin" +msgstr "По умолчанию: shadowMin" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:227 +msgid "ldap_user_shadow_max (string)" +msgstr "ldap_user_shadow_max (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:230 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" +"Если используется ldap_pwd_policy=shadow, этот параметр содержит имя " +"атрибута LDAP, соответствующего сопряжённому <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (максимальный срок действия пароля)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:239 +msgid "Default: shadowMax" +msgstr "По умолчанию: shadowMax" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:245 +msgid "ldap_user_shadow_warning (string)" +msgstr "ldap_user_shadow_warning (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:248 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" +"Если используется ldap_pwd_policy=shadow, этот параметр содержит имя " +"атрибута LDAP, соответствующего сопряжённому <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (срок предупреждения о пароле)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:258 +msgid "Default: shadowWarning" +msgstr "По умолчанию: shadowWarning" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:264 +msgid "ldap_user_shadow_inactive (string)" +msgstr "ldap_user_shadow_inactive (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:267 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" +"Если используется ldap_pwd_policy=shadow, этот параметр содержит имя " +"атрибута LDAP, соответствующего сопряжённому <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (срок неактивности пароля)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:277 +msgid "Default: shadowInactive" +msgstr "По умолчанию: shadowInactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:283 +msgid "ldap_user_shadow_expire (string)" +msgstr "ldap_user_shadow_expire (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:286 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" +"Если используется ldap_pwd_policy=shadow или " +"ldap_account_expire_policy=shadow, этот параметр содержит имя атрибута LDAP, " +"соответствующего сопряжённому <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> (дата истечения " +"срока действия учётной записи)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:296 +msgid "Default: shadowExpire" +msgstr "По умолчанию: shadowExpire" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:302 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "ldap_user_krb_last_pwd_change (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:305 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" +"Если используется ldap_pwd_policy=mit_kerberos, этот параметр содержит имя " +"атрибута LDAP, хранящего дату и время последней смены пароля в kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:311 +msgid "Default: krbLastPwdChange" +msgstr "По умолчанию: krbLastPwdChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:317 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "ldap_user_krb_password_expiration (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:320 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" +"Если используется ldap_pwd_policy=mit_kerberos, этот параметр содержит имя " +"атрибута LDAP, хранящего дату и время истечения срока действия текущего " +"пароля." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:326 +msgid "Default: krbPasswordExpiration" +msgstr "По умолчанию: krbPasswordExpiration" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:332 +msgid "ldap_user_ad_account_expires (string)" +msgstr "ldap_user_ad_account_expires (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:335 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" +"Если используется ldap_account_expire_policy=ad, этот параметр содержит имя " +"атрибута LDAP, хранящего время истечения срока действия учётной записи." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:340 +msgid "Default: accountExpires" +msgstr "По умолчанию: accountExpires" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:346 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "ldap_user_ad_user_account_control (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:349 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" +"Если используется ldap_account_expire_policy=ad, этот параметр содержит имя " +"атрибута LDAP, хранящего битовое поле управления учётной записью " +"пользователя." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:354 +msgid "Default: userAccountControl" +msgstr "По умолчанию: userAccountControl" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:360 +msgid "ldap_ns_account_lock (string)" +msgstr "ldap_ns_account_lock (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:363 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" +"Если используется ldap_account_expire_policy=rhds или эквивалент, этот " +"параметр определяет, разрешён ли доступ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:368 +msgid "Default: nsAccountLock" +msgstr "По умолчанию: nsAccountLock" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:374 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "ldap_user_nds_login_disabled (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:377 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" +"Если используется ldap_account_expire_policy=nds, этот атрибут определяет, " +"разрешён ли доступ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:381 sssd-ldap-attributes.5.xml:395 +msgid "Default: loginDisabled" +msgstr "По умолчанию: loginDisabled" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:387 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "ldap_user_nds_login_expiration_time (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:390 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" +"Если используется ldap_account_expire_policy=nds, этот атрибут определяет, " +"до какой даты предоставляется доступ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:401 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "ldap_user_nds_login_allowed_time_map (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:404 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" +"Если используется ldap_account_expire_policy=nds, этот атрибут определяет, в " +"какие часы дней недели предоставляется доступ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:409 +msgid "Default: loginAllowedTimeMap" +msgstr "По умолчанию: loginAllowedTimeMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:415 +msgid "ldap_user_principal (string)" +msgstr "ldap_user_principal (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:418 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" +"Атрибут LDAP, который содержит имя участника-пользователя Kerberos (UPN) " +"пользователя." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:422 +msgid "Default: krbPrincipalName" +msgstr "По умолчанию: krbPrincipalName" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:428 +msgid "ldap_user_extra_attrs (string)" +msgstr "ldap_user_extra_attrs (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:431 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" +"Разделённый запятыми список атрибутов LDAP, которые SSSD получит вместе с " +"обычным набором атрибутов пользователя." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:436 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" +"Список может содержать либо только имена атрибутов LDAP, либо разделённые " +"двоеточиями кортежи с именем атрибута кэша SSSD и именем атрибута LDAP. Если " +"указано только имя атрибута LDAP, атрибут сохраняется в кэш буквально. В " +"средах, где настроено несколько доменов SSSD с разными схемами LDAP, может " +"быть необходимо использование пользовательского имени атрибута SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:446 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" +"Обратите внимание, что несколько имён атрибутов зарезервировано SSSD (в " +"частности, атрибут <quote>name</quote>). SSSD сообщит об ошибке, если какие-" +"либо из них будут использованы в качестве имени дополнительного атрибута." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:456 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "ldap_user_extra_attrs = telephoneNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:459 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" +"Сохранить атрибут <quote>telephoneNumber</quote> из LDAP в кэш как " +"<quote>telephoneNumber</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:463 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "ldap_user_extra_attrs = phone:telephoneNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:466 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" +"Сохранить атрибут <quote>telephoneNumber</quote> из LDAP в кэш как " +"<quote>phone</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:476 +msgid "ldap_user_ssh_public_key (string)" +msgstr "ldap_user_ssh_public_key (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:479 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "Атрибут LDAP, который содержит открытые ключи SSH пользователя." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:483 sssd-ldap-attributes.5.xml:963 +msgid "Default: sshPublicKey" +msgstr "По умолчанию: sshPublicKey" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:489 +msgid "ldap_user_fullname (string)" +msgstr "ldap_user_fullname (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:492 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "Атрибут LDAP, соответствующий полному имени пользователя." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:502 +msgid "ldap_user_member_of (string)" +msgstr "ldap_user_member_of (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:505 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" +"Атрибут LDAP со списком групп, участником которых является пользователь." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:509 sssd-ldap-attributes.5.xml:950 +msgid "Default: memberOf" +msgstr "По умолчанию: memberOf" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:515 +msgid "ldap_user_authorized_service (string)" +msgstr "ldap_user_authorized_service (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:518 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" +"Если access_provider=ldap и ldap_access_order=authorized_service, SSSD будет " +"использовать наличие атрибута authorizedService в записи пользователя LDAP " +"для определения привилегий доступа." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:525 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" +"Сначала определяются явные запреты (!svc). Затем SSSD выполняет поиск явных " +"разрешений (svc), а после этого — поиск общих разрешений, allow_all (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:530 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" +"Обратите внимание, что параметр конфигурации ldap_access_order " +"<emphasis>должен</emphasis> включать <quote>authorized_service</quote>, " +"чтобы можно было использовать параметр ldap_user_authorized_service." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:537 +msgid "" +"Some distributions (such as Fedora-29+ or RHEL-8) always include the " +"<quote>systemd-user</quote> PAM service as part of the login process. " +"Therefore when using service-based access control, the <quote>systemd-user</" +"quote> service might need to be added to the list of allowed services." +msgstr "" +"В некоторых дистрибутивах (например, Fedora-29+ или RHEL-8) служба PAM " +"<quote>systemd-user</quote> всегда является частью процесса входа в систему. " +"Следовательно, когда используется управление доступом на основе данных " +"служб, следует добавить службу <quote>systemd-user</quote> в список " +"разрешённых служб." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:545 +msgid "Default: authorizedService" +msgstr "По умолчанию: authorizedService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:551 +msgid "ldap_user_authorized_host (string)" +msgstr "ldap_user_authorized_host (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:554 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" +"Если access_provider=ldap и ldap_access_order=host, SSSD будет использовать " +"наличие атрибута host в записи пользователя LDAP для определения привилегий " +"доступа." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:560 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" +"Сначала определяются явные запреты (!host). Затем SSSD выполняет поиск явных " +"разрешений (host), а после этого — поиск общих разрешений, allow_all (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:565 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" +"Обратите внимание, что параметр конфигурации ldap_access_order " +"<emphasis>должен</emphasis> включать <quote>host</quote>, чтобы можно было " +"использовать параметр ldap_user_authorized_host." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:572 +msgid "Default: host" +msgstr "По умолчанию: host" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:578 +msgid "ldap_user_authorized_rhost (string)" +msgstr "ldap_user_authorized_rhost (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:581 +msgid "" +"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the " +"presence of the rhost attribute in the user's LDAP entry to determine access " +"privilege. Similarly to host verification process." +msgstr "" +"Если access_provider=ldap и ldap_access_order=rhost, SSSD будет использовать " +"наличие атрибута rhost в записи пользователя LDAP для определения привилегий " +"доступа. Аналогично процессу проверки узла." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:588 +msgid "" +"An explicit deny (!rhost) is resolved first. Second, SSSD searches for " +"explicit allow (rhost) and finally for allow_all (*)." +msgstr "" +"Сначала определяются явные запреты (!rhost). Затем SSSD выполняет поиск " +"явных разрешений (rhost), а после этого — поиск общих разрешений, allow_all " +"(*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:593 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>rhost</quote> in order for the " +"ldap_user_authorized_rhost option to work." +msgstr "" +"Обратите внимание, что параметр конфигурации ldap_access_order " +"<emphasis>должен</emphasis> включать <quote>rhost</quote>, чтобы можно было " +"использовать параметр ldap_user_authorized_rhost." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:600 +msgid "Default: rhost" +msgstr "По умолчанию: rhost" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:606 +msgid "ldap_user_certificate (string)" +msgstr "ldap_user_certificate (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:609 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "Имя атрибута LDAP, содержащего сертификат X509 пользователя." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:613 +msgid "Default: userCertificate;binary" +msgstr "По умолчанию: userCertificate;binary" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:619 +msgid "ldap_user_email (string)" +msgstr "ldap_user_email (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:622 +msgid "Name of the LDAP attribute containing the email address of the user." +msgstr "" +"Имя атрибута LDAP, который содержит адрес электронной почты пользователя." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:626 +msgid "" +"Note: If an email address of a user conflicts with an email address or fully " +"qualified name of another user, then SSSD will not be able to serve those " +"users properly. If for some reason several users need to share the same " +"email address then set this option to a nonexistent attribute name in order " +"to disable user lookup/login by email." +msgstr "" +"Примечание: если адрес электронной почты пользователя конфликтует с адресом " +"электронной почты или полным именем другого пользователя, SSSD не удастся " +"надлежащим образом обслужить этих пользователей. Если у нескольких " +"пользователей по какой-либо причине должен быть один и тот же адрес " +"электронной почты, задайте в качестве значения этого параметра " +"несуществующее имя атрибута, чтобы отключить поиск/вход пользователей по " +"электронной почте." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:635 +msgid "Default: mail" +msgstr "По умолчанию: mail" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:640 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ldap_user_passkey (string)" +msgstr "ldap_user_name (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:643 +#, fuzzy +#| msgid "Name of the LDAP attribute containing the email address of the user." +msgid "" +"Name of the LDAP attribute containing the passkey mapping data of the user." +msgstr "" +"Имя атрибута LDAP, который содержит адрес электронной почты пользователя." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:647 +msgid "Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:657 +msgid "GROUP ATTRIBUTES" +msgstr "АТРИБУТЫ ГРУППЫ" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:661 +msgid "ldap_group_object_class (string)" +msgstr "ldap_group_object_class (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:664 +msgid "The object class of a group entry in LDAP." +msgstr "Класс объектов записи группы в LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:667 +msgid "Default: posixGroup" +msgstr "По умолчанию: posixGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:673 +msgid "ldap_group_name (string)" +msgstr "ldap_group_name (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:676 +msgid "" +"The LDAP attribute that corresponds to the group name. In an environment " +"with nested groups, this value must be an LDAP attribute which has a unique " +"name for every group. This requirement includes non-POSIX groups in the tree " +"of nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:684 +msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "По умолчанию: cn (rfc2307, rfc2307bis и IPA), sAMAccountName (AD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:691 +msgid "ldap_group_gid_number (string)" +msgstr "ldap_group_gid_number (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:694 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "Атрибут LDAP, соответствующий идентификатору группы." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:704 +msgid "ldap_group_member (string)" +msgstr "ldap_group_member (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:707 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "Атрибут LDAP, который содержит имена участников группы." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:711 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "По умолчанию: memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:717 +msgid "ldap_group_uuid (string)" +msgstr "ldap_group_uuid (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:720 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "Атрибут LDAP, который содержит UUID/GUID объекта группы LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:731 +msgid "ldap_group_objectsid (string)" +msgstr "ldap_group_objectsid (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:734 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"Атрибут LDAP, который содержит objectSID объекта группы LDAP. Обычно " +"требуется только для серверов Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:746 +msgid "ldap_group_modify_timestamp (string)" +msgstr "ldap_group_modify_timestamp (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:759 +msgid "ldap_group_type (string)" +msgstr "ldap_group_type (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:762 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" +"Атрибут LDAP, который содержит целое значение, обозначающее тип группы, и, " +"возможно, другие флаги." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:767 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" +"Этот атрибут в настоящее время используется только поставщиком данных AD для " +"определения того, является ли группа группой, локальной в домене, и должна " +"ли быть отфильтрована для доверенных доменов." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:773 +msgid "Default: groupType in the AD provider, otherwise not set" +msgstr "" +"По умолчанию: groupType для поставщика данных AD, в ином случае не задано" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:780 +msgid "ldap_group_external_member (string)" +msgstr "ldap_group_external_member (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:783 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" +"Атрибут LDAP, который ссылается на участников группы, которые определены во " +"внешнем домене. В настоящее время поддерживаются только внешние участники " +"IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:789 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" +"По умолчанию: ipaExternalMember для поставщика данных IPA, в ином случае не " +"задано." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:799 +msgid "NETGROUP ATTRIBUTES" +msgstr "АТРИБУТЫ СЕТЕВОЙ ГРУППЫ" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:803 +msgid "ldap_netgroup_object_class (string)" +msgstr "ldap_netgroup_object_class (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:806 +msgid "The object class of a netgroup entry in LDAP." +msgstr "Класс объектов записи сетевой группы в LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:809 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" +"В поставщике данных IPA следует использовать ipa_netgroup_object_class." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:813 +msgid "Default: nisNetgroup" +msgstr "По умолчанию: nisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:819 +msgid "ldap_netgroup_name (string)" +msgstr "ldap_netgroup_name (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:822 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "Атрибут LDAP, соответствующий имени сетевой группы." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:826 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "В поставщике данных IPA следует использовать ipa_netgroup_name." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:836 +msgid "ldap_netgroup_member (string)" +msgstr "ldap_netgroup_member (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:839 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "Атрибут LDAP, который содержит имена участников сетевой группы." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:843 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "В поставщике данных IPA следует использовать ipa_netgroup_member." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:847 +msgid "Default: memberNisNetgroup" +msgstr "По умолчанию: memberNisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:853 +msgid "ldap_netgroup_triple (string)" +msgstr "ldap_netgroup_triple (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:856 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" +"Атрибут LDAP, который содержит тройки (узел, пользователь, домен) сетевых " +"групп." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:860 sssd-ldap-attributes.5.xml:876 +msgid "This option is not available in IPA provider." +msgstr "Этот параметр недоступен в поставщике данных IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:863 +msgid "Default: nisNetgroupTriple" +msgstr "По умолчанию: nisNetgroupTriple" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:869 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "ldap_netgroup_modify_timestamp (строка)" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:888 +msgid "HOST ATTRIBUTES" +msgstr "АТРИБУТЫ УЗЛА" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:892 +msgid "ldap_host_object_class (string)" +msgstr "ldap_host_object_class (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:895 +msgid "The object class of a host entry in LDAP." +msgstr "Класс объектов записи узла в LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:898 sssd-ldap-attributes.5.xml:995 +msgid "Default: ipService" +msgstr "По умолчанию: ipService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:904 +msgid "ldap_host_name (string)" +msgstr "ldap_host_name (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:907 sssd-ldap-attributes.5.xml:933 +msgid "The LDAP attribute that corresponds to the host's name." +msgstr "Атрибут LDAP, соответствующий имени узла." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:917 +msgid "ldap_host_fqdn (string)" +msgstr "ldap_host_fqdn (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:920 +msgid "" +"The LDAP attribute that corresponds to the host's fully-qualified domain " +"name." +msgstr "Атрибут LDAP, соответствующий полному доменному имени узла." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:924 +msgid "Default: fqdn" +msgstr "По умолчанию: fqdn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:930 +msgid "ldap_host_serverhostname (string)" +msgstr "ldap_host_serverhostname (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:937 +msgid "Default: serverHostname" +msgstr "По умолчанию: serverHostname" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:943 +msgid "ldap_host_member_of (string)" +msgstr "ldap_host_member_of (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:946 +msgid "The LDAP attribute that lists the host's group memberships." +msgstr "Атрибут LDAP со списком групп, участником которых является узел." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:956 +msgid "ldap_host_ssh_public_key (string)" +msgstr "ldap_host_ssh_public_key (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:959 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "Атрибут LDAP, который содержит открытые ключи SSH узла." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:969 +msgid "ldap_host_uuid (string)" +msgstr "ldap_host_uuid (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:972 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object." +msgstr "Атрибут LDAP, который содержит UUID/GUID объекта узла LDAP." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:985 +msgid "SERVICE ATTRIBUTES" +msgstr "АТРИБУТЫ СЛУЖБЫ" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:989 +msgid "ldap_service_object_class (string)" +msgstr "ldap_service_object_class (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:992 +msgid "The object class of a service entry in LDAP." +msgstr "Класс объектов записи службы в LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1001 +msgid "ldap_service_name (string)" +msgstr "ldap_service_name (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1004 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "Атрибут LDAP, который содержит имя атрибутов службы и их псевдонимы." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1014 +msgid "ldap_service_port (string)" +msgstr "ldap_service_port (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1017 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "Атрибут LDAP, который содержит порт, управляемый этой службой." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1021 +msgid "Default: ipServicePort" +msgstr "По умолчанию: ipServicePort" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1027 +msgid "ldap_service_proto (string)" +msgstr "ldap_service_proto (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1030 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "Атрибут LDAP, который содержит протоколы, поддерживаемые этой службой." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1034 +msgid "Default: ipServiceProtocol" +msgstr "По умолчанию: ipServiceProtocol" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1043 +msgid "SUDO ATTRIBUTES" +msgstr "АТРИБУТЫ SUDO" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1047 +msgid "ldap_sudorule_object_class (string)" +msgstr "ldap_sudorule_object_class (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1050 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "Класс объектов записи правила sudo в LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1053 +msgid "Default: sudoRole" +msgstr "По умолчанию: sudoRole" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1059 +msgid "ldap_sudorule_name (string)" +msgstr "ldap_sudorule_name (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1062 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "Атрибут LDAP, соответствующий имени правила sudo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1072 +msgid "ldap_sudorule_command (string)" +msgstr "ldap_sudorule_command (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1075 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "Атрибут LDAP, соответствующий имени команды." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1079 +msgid "Default: sudoCommand" +msgstr "По умолчанию: sudoCommand" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1085 +msgid "ldap_sudorule_host (string)" +msgstr "ldap_sudorule_host (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1088 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" +"Атрибут LDAP, соответствующий имени узла (или IP-адресу узла, IP-сети узла " +"или сетевой группе узла)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1093 +msgid "Default: sudoHost" +msgstr "По умолчанию: sudoHost" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1099 +msgid "ldap_sudorule_user (string)" +msgstr "ldap_sudorule_user (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1102 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" +"Атрибут LDAP, соответствующий имени пользователя (или UID, имени группы или " +"сетевой группе пользователя)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1106 +msgid "Default: sudoUser" +msgstr "По умолчанию: sudoUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1112 +msgid "ldap_sudorule_option (string)" +msgstr "ldap_sudorule_option (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1115 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "Атрибут LDAP, соответствующий параметрам SUDO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1119 +msgid "Default: sudoOption" +msgstr "По умолчанию: sudoOption" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1125 +msgid "ldap_sudorule_runasuser (string)" +msgstr "ldap_sudorule_runasuser (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1128 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" +"Атрибут LDAP, соответствующий имени пользователя, от имени которого могут " +"выполняться команды." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1132 +msgid "Default: sudoRunAsUser" +msgstr "По умолчанию: sudoRunAsUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1138 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "ldap_sudorule_runasgroup (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1141 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" +"Атрибут LDAP, соответствующий имени группы или GID группы, от имени которой " +"могут выполняться команды." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1145 +msgid "Default: sudoRunAsGroup" +msgstr "По умолчанию: sudoRunAsGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1151 +msgid "ldap_sudorule_notbefore (string)" +msgstr "ldap_sudorule_notbefore (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1154 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" +"Атрибут LDAP, соответствующий дате и времени начала действия правила SUDO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1158 +msgid "Default: sudoNotBefore" +msgstr "По умолчанию: sudoNotBefore" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1164 +msgid "ldap_sudorule_notafter (string)" +msgstr "ldap_sudorule_notafter (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1167 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" +"Атрибут LDAP, соответствующий дате и времени истечения срока действия " +"правила sudo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1172 +msgid "Default: sudoNotAfter" +msgstr "По умолчанию: sudoNotAfter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1178 +msgid "ldap_sudorule_order (string)" +msgstr "ldap_sudorule_order (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1181 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "Атрибут LDAP, соответствующий порядковому номеру правила." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1185 +msgid "Default: sudoOrder" +msgstr "По умолчанию: sudoOrder" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1194 +msgid "AUTOFS ATTRIBUTES" +msgstr "АТРИБУТЫ AUTOFS" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1201 +msgid "IP HOST ATTRIBUTES" +msgstr "АТРИБУТЫ IP-УЗЛА" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1205 +msgid "ldap_iphost_object_class (string)" +msgstr "ldap_iphost_object_class (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1208 +msgid "The object class of an iphost entry in LDAP." +msgstr "Класс объектов записи IP-узла в LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1211 +msgid "Default: ipHost" +msgstr "По умолчанию: ipHost" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1217 +msgid "ldap_iphost_name (string)" +msgstr "ldap_iphost_name (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1220 +msgid "" +"The LDAP attribute that contains the name of the IP host attributes and " +"their aliases." +msgstr "Атрибут LDAP, который содержит имя атрибутов IP-узла и их псевдонимы." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1230 +msgid "ldap_iphost_number (string)" +msgstr "ldap_iphost_number (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1233 +msgid "The LDAP attribute that contains the IP host address." +msgstr "Атрибут LDAP, который содержит адрес IP-узла." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1237 +msgid "Default: ipHostNumber" +msgstr "По умолчанию: ipHostNumber" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1246 +msgid "IP NETWORK ATTRIBUTES" +msgstr "АТРИБУТЫ IP-СЕТИ" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1250 +msgid "ldap_ipnetwork_object_class (string)" +msgstr "ldap_ipnetwork_object_class (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1253 +msgid "The object class of an ipnetwork entry in LDAP." +msgstr "Класс объектов записи IP-сети в LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1256 +msgid "Default: ipNetwork" +msgstr "По умолчанию: ipNetwork" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1262 +msgid "ldap_ipnetwork_name (string)" +msgstr "ldap_ipnetwork_name (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1265 +msgid "" +"The LDAP attribute that contains the name of the IP network attributes and " +"their aliases." +msgstr "Атрибут LDAP, который содержит имя атрибутов IP-сети и их псевдонимы." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1275 +msgid "ldap_ipnetwork_number (string)" +msgstr "ldap_ipnetwork_number (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1278 +msgid "The LDAP attribute that contains the IP network address." +msgstr "Атрибут LDAP, который содержит адрес IP-сети." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1282 +msgid "Default: ipNetworkNumber" +msgstr "По умолчанию: ipNetworkNumber" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_localauth_plugin.8.xml:10 sssd_krb5_localauth_plugin.8.xml:15 +msgid "sssd_krb5_localauth_plugin" +msgstr "sssd_krb5_localauth_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_localauth_plugin.8.xml:16 +msgid "Kerberos local authorization plugin" +msgstr "Модуль локальной авторизации Kerberos" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:22 +msgid "" +"The Kerberos local authorization plugin <command>sssd_krb5_localauth_plugin</" +"command> is used by libkrb5 to either find the local name for a given " +"Kerberos principal or to check if a given local name and a given Kerberos " +"principal relate to each other." +msgstr "" +"Подключаемый модуль локальной авторизации Kerberos " +"<command>sssd_krb5_localauth_plugin</command> используется libkrb5 либо для " +"поиска локального имени для данного принципала Kerberos, либо для проверки " +"того, связаны ли данное локальное имя и данный принципал Kerberos друг с " +"другом." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:29 +msgid "" +"SSSD handles the local names for users from a remote source and can read the " +"Kerberos user principal name from the remote source as well. With this " +"information SSSD can easily handle the mappings mentioned above even if the " +"local name and the Kerberos principal differ considerably." +msgstr "" +"SSSD обрабатывает локальные имена пользователей из удаленного источника, а " +"также может считывать имя пользователя (UPN) Kerberos из удаленного " +"источника. С помощью этой информации SSSD может легко обрабатывать " +"сопоставления, упомянутые выше, даже если локальное имя и принципал Kerberos " +"значительно различаются." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:36 +msgid "" +"Additionally with the information read from the remote source SSSD can help " +"to prevent unexpected or unwanted mappings in case the user part of the " +"Kerberos principal accidentally corresponds to a local name of a different " +"user. By default libkrb5 might just strip the realm part of the Kerberos " +"principal to get the local name which would lead to wrong mappings in this " +"case." +msgstr "" +"Кроме того, благодаря информации, считанной с удаленного источника, SSSD " +"может предотвратить неожиданные или нежелательные привязки в случае, если " +"пользовательская часть принципала Kerberos случайно совпадает с локальным " +"именем другого пользователя. По умолчанию libkrb5 может просто удалить из " +"регистрационной записи Kerberos часть, связанную с областью действия, для " +"получения локального имени, что в этом случае может привести к ошибочным " +"привязкам." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd_krb5_localauth_plugin.8.xml:46 +msgid "CONFIGURATION" +msgstr "КОНФИГУРАЦИЯ" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd_krb5_localauth_plugin.8.xml:56 +#, no-wrap +msgid "" +"[plugins]\n" +" localauth = {\n" +" module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so\n" +" }\n" +msgstr "" +"[plugins]\n" +" localauth = {\n" +" module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so\n" +" }\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:48 +msgid "" +"The Kerberos local authorization plugin must be enabled explicitly in the " +"Kerberos configuration, see <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. SSSD will create a " +"config snippet with the content like e.g. <placeholder " +"type=\"programlisting\" id=\"0\"/> automatically in the SSSD's public " +"Kerberos configuration snippet directory. If this directory is included in " +"the local Kerberos configuration the plugin will be enabled automatically." +msgstr "" +"Подключаемый модуль локальной авторизации Kerberos должен быть явно включен " +"в конфигурации Kerberos, см. <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. SSSD автоматически " +"создаст фрагмент конфигурации, например, с таким содержимым: <placeholder " +"type=\"programlisting\" id=\"0\"/> в общедоступном каталоге фрагментов " +"конфигурации SSSD Kerberos. Если этот каталог включен в локальную " +"конфигурацию Kerberos, подключаемый модуль будет включен автоматически." + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:3 +msgid "ldap_autofs_map_object_class (string)" +msgstr "ldap_autofs_map_object_class (строка)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:6 +msgid "The object class of an automount map entry in LDAP." +msgstr "Класс объектов записи карты автоматического монтирования в LDAP." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:9 +msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap" +msgstr "" +"По умолчанию: nisMap (rfc2307, autofs_provider=ad), в ином случае — " +"automountMap" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:16 +msgid "ldap_autofs_map_name (string)" +msgstr "ldap_autofs_map_name (строка)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:19 +msgid "The name of an automount map entry in LDAP." +msgstr "Имя записи карты автоматического монтирования в LDAP." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:22 +msgid "" +"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName" +msgstr "" +"По умолчанию: nisMapName (rfc2307, autofs_provider=ad), в ином случае — " +"automountMapName" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:29 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "ldap_autofs_entry_object_class (строка)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:32 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" +"Класс объектов записи автоматического монтирования в LDAP. Запись обычно " +"соответствует точке монтирования." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:37 +msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount" +msgstr "" +"По умолчанию: nisObject (rfc2307, autofs_provider=ad), в ином случае — " +"automount" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:44 +msgid "ldap_autofs_entry_key (string)" +msgstr "ldap_autofs_entry_key (строка)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:47 include/autofs_attributes.xml:61 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" +"Ключ записи автоматического монтирования в LDAP. Запись обычно соответствует " +"точке монтирования." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:51 +msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey" +msgstr "" +"По умолчанию: cn (rfc2307, autofs_provider=ad), в ином случае — automountKey" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:58 +msgid "ldap_autofs_entry_value (string)" +msgstr "ldap_autofs_entry_value (строка)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:65 +msgid "" +"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise " +"automountInformation" +msgstr "" +"По умолчанию: nisMapEntry (rfc2307, autofs_provider=ad), в ином случае — " +"automountInformation" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "ОБНАРУЖЕНИЕ СЛУЖБ" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" +"Функция обнаружения служб позволяет внутренним серверам автоматически " +"находить серверы, к которым следует подключиться, с помощью специального " +"запроса DNS. Эта возможность не поддерживается для резервных серверов." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "Конфигурация" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" +"Если серверы не указаны, внутренний сервер будет автоматически использовать " +"обнаружение служб, чтобы попытаться найти сервер. Пользователь может " +"(необязательно) задать использование сразу и фиксированных адресов серверов, " +"и обнаружения служб, вставив в список серверов специальное ключевое слово " +"<quote>_srv_</quote>. Обработка выполняется в порядке приоритета. Эта " +"возможность полезна, например, если пользователь предпочитает использовать " +"обнаружение служб всегда, когда это возможно, и подключаться к определённому " +"серверу только в тех случаях, когда серверы не удалось обнаружить с помощью " +"DNS." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "Имя домена" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" +"Дополнительные сведения доступны в описании параметра " +"<quote>dns_discovery_domain</quote> на справочной странице <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "Протокол" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" +"В запросах обычно указан протокол _tcp. Исключения задокументированы в " +"описаниях соответствующих параметров." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "См. также" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" +"Дополнительные сведения о механизме обнаружения служб доступны в RFC 2782." + +#. type: Content of: <refentryinfo> +#: include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - https://github." +"com/SSSD/sssd/</orgname>" +msgstr "" +"<productname>SSSD</productname> <orgname>Восходящий источник («апстрим») " +"SSSD — https://github.com/SSSD/sssd/</orgname>" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "ОТРАБОТКА ОТКАЗА" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" +"Функция обработки отказа позволяет внутренним серверам автоматически " +"переключаться на другой сервер в случае сбоя текущего сервера." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "Синтаксис обработки отказа" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" +"Список серверов разделяется запятыми; рядом с запятыми допускается любое " +"количество пробелов. Серверы перечислены в порядке приоритета. Список может " +"содержать любое количество серверов." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" +"Для каждого параметра конфигурации с поддержкой отработки отказа существуют " +"два варианта: <emphasis>основной</emphasis> (primary) и <emphasis>резервный</" +"emphasis> (backup). Смысл в том, что приоритет получают серверы из списка " +"основных, а поиск резервных серверов выполняется только в том случае, если " +"не удалось связаться с основными серверами. Если выбран резервный сервер, " +"устанавливается 31-секундный тайм-аут. По его истечении SSSD будет " +"периодически пытаться восстановить подключение к одному из основных " +"серверов. Если попытка будет успешной, текущий активный (резервный) сервер " +"будет заменён на основной." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "Механизм отработки отказа" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" +"Механизм отработки отказа различает компьютеры и службы. Внутренний сервер " +"сначала пытается разрешить имя узла указанного компьютера; если попытка " +"разрешения завершается неудачей, компьютер считается работающим в автономном " +"режиме. Дальнейшие попытки подключиться к этому компьютеру для доступа к " +"другим службам не выполняются. Если попытка разрешения успешна, внутренний " +"сервер пытается подключиться к службе на этом компьютере. Если попытка " +"подключения к службе завершается неудачей, работающей в автономном режиме " +"будет считаться только эта служба, и внутренний сервер автоматически " +"переключится на следующую службу. Компьютер продолжает считаться находящимся " +"в сети, возможны дальнейшие попытки подключения к другим службам на нём." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" +"Дальнейшие попытки подключения к компьютерам или службам, обозначенным, как " +"работающие в автономном режиме, выполняются по истечении определённого " +"периода времени; в настоящее время это значения является жёстко заданным и " +"составляет 30 секунд." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" +"Если список компьютеров исчерпан, внутренний сервер целиком переключается на " +"автономный режим и затем пытается восстановить подключение каждые 30 секунд." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:53 +msgid "Failover time outs and tuning" +msgstr "Тайм-ауты и тонкая настройка отработки отказа" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:55 +msgid "" +"Resolving a server to connect to can be as simple as running a single DNS " +"query or can involve several steps, such as finding the correct site or " +"trying out multiple host names in case some of the configured servers are " +"not reachable. The more complex scenarios can take some time and SSSD needs " +"to balance between providing enough time to finish the resolution process " +"but on the other hand, not trying for too long before falling back to " +"offline mode. If the SSSD debug logs show that the server resolution is " +"timing out before a live server is contacted, you can consider changing the " +"time outs." +msgstr "" +"Разрешение имени сервера, к которому следует подключиться, может быть " +"выполнено как за один запрос DNS, так и за несколько шагов, например, при " +"поиске корректного сайта или переборе нескольких имён узлов, если некоторые " +"из настроенных серверов недоступны. Для более сложных сценариев требуется " +"больше времени, и SSSD требуется соблюсти баланс между предоставлением " +"достаточного количества времени для завершения процесса разрешения и не " +"слишком долгим ожиданием перед переходом в автономный режим. Если в журнале " +"отладки SSSD есть данные о том, что время на разрешение сервера истекло до " +"обращения к реальному серверу, рекомендуется изменить значения тайм-аутов." + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:76 +msgid "dns_resolver_server_timeout" +msgstr "dns_resolver_server_timeout" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:80 +msgid "" +"Time in milliseconds that sets how long would SSSD talk to a single DNS " +"server before trying next one." +msgstr "" +"Время (в миллисекундах), в течение которого SSSD будет обращаться к одному " +"серверу DNS перед переходом к следующему." + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:90 +msgid "dns_resolver_op_timeout" +msgstr "dns_resolver_op_timeout" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:94 +msgid "" +"Time in seconds to tell how long would SSSD try to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or discovery domain." +msgstr "" +"Время (в секундах), в течение которого SSSD будет пытаться разрешить один " +"запрос DNS (например, разрешение имени узла или записи SRV) перед переходом " +"к следующему имени узла или домену обнаружения." + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:106 +msgid "dns_resolver_timeout" +msgstr "dns_resolver_timeout" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:110 +msgid "" +"How long would SSSD try to resolve a failover service. This service " +"resolution internally might include several steps, such as resolving DNS SRV " +"queries or locating the site." +msgstr "" +"Как долго SSSD будет пытаться разрешить резервную службу. Это разрешение " +"службы может включать несколько внутренних шагов, например, при разрешении " +"запросов SRV DNS или определении расположения сайта." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:67 +msgid "" +"This section lists the available tunables. Please refer to their description " +"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"В этом разделе перечислены доступные настраиваемые параметры. Их описание " +"содержится на справочной странице <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:123 +msgid "" +"For LDAP-based providers, the resolve operation is performed as part of an " +"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout</" +"quote> timeout should be set to a larger value than " +"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger " +"value than <quote>dns_resolver_op_timeout</quote> which should be larger " +"than <quote>dns_resolver_server_timeout</quote>." +msgstr "" +"Для поставщиков данных на основе LDAP операция разрешения выполняется как " +"часть операции установления LDAP-соединения. Следовательно, тайм-аут " +"<quote>ldap_opt_timeout</quote> также следует установить в большее значение, " +"чем <quote>dns_resolver_timeout</quote>, который, в свою очередь, следует " +"установить в большее значение, чем <quote>dns_resolver_op_timeout</quote>, " +"который должен быть больше <quote>dns_resolver_server_timeout</quote>." + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "СОПОСТАВЛЕНИЕ ИДЕНТИФИКАТОРОВ" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" +"Возможность сопоставления идентификаторов позволяет SSSD выступать в роли " +"клиента Active Directory, при этом администраторам не требуется расширять " +"атрибуты пользователя с целью поддержки атрибутов POSIX для идентификаторов " +"пользователей и групп." + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" +"ПРИМЕЧАНИЕ: когда сопоставление идентификаторов включено, атрибуты uidNumber " +"и gidNumber игнорируются. Это позволяет избежать возможных конфликтов между " +"значениями, назначенными автоматически, и значениями, назначенными вручную. " +"Если требуется использовать значения, назначенные вручную, следует назначить " +"вручную ВСЕ значения." + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" +"Обратите внимание, что изменение параметров конфигурации, связанных с " +"сопоставлением идентификаторов, приведёт к изменению идентификаторов " +"пользователей и групп. В настоящее время SSSD не поддерживает изменение " +"идентификаторов, поэтому базу данных SSSD необходимо удалить. Так как " +"кэшированные пароли также хранятся в в этой базе данных, её удаление должно " +"выполняться только тогда, когда серверы проверки подлинности доступны; в " +"ином случае пользователи могут быть заблокированы. Для кэширования пароля " +"необходимо выполнить проверку подлинности. Для удаления базы данных " +"недостаточно использовать <citerefentry> <refentrytitle>sss_cache</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, на самом деле " +"требуются следующие шаги:" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "Проверка доступности удалённых серверов" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "Остановка службы SSSD" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "Удаление базы данных" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "Запуск службы SSSD" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" +"Более того, поскольку смена идентификаторов может сделать необходимым " +"изменение других свойств системы, таких как параметры владения файлами и " +"каталогами, рекомендуется спланировать всё заранее и тщательно " +"протестировать конфигурацию сопоставления идентификаторов." + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "Алгоритм сопоставления" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" +"Active Directory предоставляет objectSID для всех объектов пользователей и " +"групп в каталоге. Этот objectSID можно разбить на компоненты, которые " +"соответствуют идентификатору домена Active Directory и относительному " +"идентификатору (RID) объекта пользователя или группы." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" +"Алгоритм сопоставления идентификаторов SSSD берёт диапазон доступных UID и " +"делит его на разделы равного размера — «срезы». Каждый срез представляет " +"собой пространство, доступное домену Active Directory." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" +"Когда запись пользователя или группы определённого домена встречается SSSD в " +"первый раз, SSSD выделяет один из доступных срезов для этого домена. Чтобы " +"такое назначение срезов воспроизводилось на разных клиентских компьютерах, " +"предусмотрен следующий алгоритм выбора среза:" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" +"Строка SID передаётся через алгоритм murmurhash3 для её преобразования в 32-" +"битное хэшированное значение. Затем для выбора среза это значение с общим " +"количеством срезов берётся по модулю." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" +"ПРИМЕЧАНИЕ: между хэшем и полученным далее модулем возможны конфликты. В " +"таких случаях будет выбран следующий доступный срез, но на других " +"компьютерах может быть невозможно воспроизвести точно такой же набор срезов " +"(так как порядок, в котором они встречаются, определяет срез). В такой " +"ситуации рекомендуется либо переключиться на использование явных атрибутов " +"POSIX в Active Directory (отключить сопоставление идентификаторов), либо " +"настроить стандартный домен, чтобы гарантировать согласованность хотя бы для " +"одного. См. <quote>Конфигурация</quote>." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" +"Минимальная конфигурация (в разделе <quote>[domain/DOMAINNAME]</quote>):" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 200,000 and going up to " +"2,000,200,000. This should be sufficient for most deployments." +msgstr "" +"При стандартной конфигурации настраивается 10000 срезов, каждый из которых " +"может содержать до 200000 идентификаторов, начиная от 200000 и до " +"2000200000. Этого должно быть достаточно для большинства вариантов " +"развёртывания." + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "Дополнительная конфигурация" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "ldap_idmap_range_min (целое число)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower (inclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"can be used for the mapping." +msgstr "" +"Указывает нижнюю (включительно) границу диапазона идентификаторов POSIX, " +"которые следует использовать для сопоставления SID пользователей и групп " +"Active Directory. Это первый идентификатор POSIX, который можно использовать " +"для сопоставления." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:129 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" +"ПРИМЕЧАНИЕ: этот параметр отличается от <quote>min_id</quote>: " +"<quote>min_id</quote> работает как фильтр ответов на запросы к этому домену, " +"в то время как этот параметр управляет диапазоном назначения " +"идентификаторов. Это тонкое различие, но рекомендуется устанавливать " +"значение <quote>min_id</quote> меньшим или равным значению " +"<quote>ldap_idmap_range_min</quote>" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:139 include/ldap_id_mapping.xml:197 +msgid "Default: 200000" +msgstr "По умолчанию: 200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:144 +msgid "ldap_idmap_range_max (integer)" +msgstr "ldap_idmap_range_max (целое число)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:147 +msgid "" +"Specifies the upper (exclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"cannot be used for the mapping anymore, i.e. one larger than the last one " +"which can be used for the mapping." +msgstr "" +"Указывает верхнюю (не включительно) границу диапазона идентификаторов POSIX, " +"которые следует использовать для сопоставления идентификаторов SID " +"пользователей и групп Active Directory. Это первый идентификатор POSIX, " +"который нельзя использовать для сопоставления, т.е. данный идентификатор на " +"единицу больше последнего, которым можно воспользоваться для сопоставления." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:155 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" +"ПРИМЕЧАНИЕ: этот параметр отличается от <quote>max_id</quote>: " +"<quote>max_id</quote> работает как фильтр ответов на запросы к этому домену, " +"в то время как этот параметр управляет диапазоном назначения " +"идентификаторов. Это тонкое различие, но рекомендуется устанавливать " +"значение <quote>max_id</quote> большим или равным значению " +"<quote>ldap_idmap_range_max</quote>" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:165 +msgid "Default: 2000200000" +msgstr "По умолчанию: 2000200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:170 +msgid "ldap_idmap_range_size (integer)" +msgstr "ldap_idmap_range_size (целое число)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" +"Указывает количество идентификаторов, доступных для каждого среза. Если " +"размер диапазона не делится нацело на минимальное и максимальное значения, " +"будет создано столько полных срезов, сколько возможно." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" +"ПРИМЕЧАНИЕ: значение этого параметра должно быть не меньше значения " +"максимального RID пользователя, запланированного для использования на " +"сервере Active Directory. Поиск записи пользователя и вход завершатся " +"неудачей для всех пользователей, RID которых превышает значение этого " +"параметра." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:185 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" +"Например, если у последнего добавленного пользователя Active Directory " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"значение<quote>ldap_idmap_range_size</quote> должно равняться минимум 1108, " +"так как размер диапазона рассчитывается как максимальный SID минус " +"минимальный SID плюс один (т.е. 1108 = 1107 - 0 + 1)." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:192 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" +"Для будущего расширения важно всё спланировать заранее,поскольку изменение " +"этого значения приведёт к изменению всех сопоставлений идентификаторов в " +"системе и, следовательно, изменению локальных идентификаторов пользователей." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:202 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "ldap_idmap_default_domain_sid (строка)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:205 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" +"Позволяет указать SID стандартного домена. Это гарантирует, что этот домен " +"всегда будет назначаться нулевому срезу в карте идентификаторов, в обход " +"описанного выше алгоритма murmurhash." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:216 +msgid "ldap_idmap_default_domain (string)" +msgstr "ldap_idmap_default_domain (строка)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:219 +msgid "Specify the name of the default domain." +msgstr "Позволяет указать имена домена по умолчанию." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:227 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "ldap_idmap_autorid_compat (логическое значение)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:230 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" +"Изменяет поведения алгоритма сопоставления идентификаторов, делая его более " +"похожим на алгоритм <quote>idmap_autorid</quote> winbind." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:235 +#, fuzzy +#| msgid "" +#| "When this option is configured, domains will be allocated starting with " +#| "slice zero and increasing monatomically with each additional domain." +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monotonically with each additional domain." +msgstr "" +"Когда настроен этот параметр, домены будут выделяться, начиная с нулевого " +"среза, с постепенным увеличением для каждого дополнительного домена." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:240 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" +"ПРИМЕЧАНИЕ: этот алгоритм является недетерминированным (он зависит от " +"порядка, в котором запрашиваются пользователи и группы). Если этот режим " +"требуется для обеспечения совместимости с компьютерами, где работает " +"winbind, рекомендуется также использовать параметр " +"<quote>ldap_idmap_default_domain_sid</quote>, чтобы гарантировать постоянное " +"выделение хотя бы одного домена для нулевого среза." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:255 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "ldap_idmap_helper_table_size (целое число)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:258 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" +"Максимальное количество вторичных срезов, которое можно использовать при " +"сопоставлении идентификатору UNIX номера SID." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:262 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" +"Примечание: дополнительные вторичные срезы могут быть созданы, когда " +"выполняется сопоставление SID с идентификатором UNIX и часть RID SID " +"находится за пределами диапазона для уже созданных вторичных срезов. Если " +"значение параметра ldap_idmap_helper_table_size равно нулю, дополнительные " +"вторичные срезы не будут созданы." + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:279 +msgid "Well-Known SIDs" +msgstr "Известные SID" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" +"SSSD поддерживает поиск имён известных SID, то есть SID со специальным " +"жёстко заданным значением. Так как типичные пользователи и группы, связанные " +"с этими известными SID, не имеют аналогов в среде Linux/UNIX, для этих " +"объектов недоступны идентификаторы POSIX." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:287 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" +"Пространство имён SID организовано по центрам, которые можно рассматривать " +"как разные домены. Для известных SID используются следующие центры" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:290 +msgid "Null Authority" +msgstr "Null Authority" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:291 +msgid "World Authority" +msgstr "World Authority" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:292 +msgid "Local Authority" +msgstr "Local Authority" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:293 +msgid "Creator Authority" +msgstr "Creator Authority" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:294 +msgid "Mandatory Label Authority" +msgstr "Mandatory Label Authority" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:295 +msgid "Authentication Authority" +msgstr "Authentication Authority" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:296 +msgid "NT Authority" +msgstr "NT Authority" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:297 +msgid "Built-in" +msgstr "Built-in" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:299 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" +"Записанные прописными буквами варианты этих имён используются в качестве " +"имён доменов при возврате полных имён известных SID." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:303 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote>LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, " +"<quote>MANDATORY LABEL AUTHORITY</quote>, <quote>AUTHENTICATION AUTHORITY</" +"quote>, <quote>NT AUTHORITY</quote> and <quote>BUILTIN</quote> should not be " +"used as domain names in <filename>sssd.conf</filename>." +msgstr "" +"Так как некоторые утилиты позволяют изменять данные управления доступом на " +"основе SID с помощью имени, а не непосредственного использования SID, SSSD " +"также поддерживает поиск SID по имени. Чтобы избежать конфликтов, для поиска " +"известных SID разрешается использовать только полные имена. Следовательно, " +"нельзя использовать в качестве имён доменов в <filename>sssd.conf</filename> " +"следующие названия: <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</" +"quote>, <quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, " +"<quote>MANDATORY LABEL AUTHORITY</quote>, <quote>AUTHENTICATION AUTHORITY</" +"quote>, <quote>NT AUTHORITY</quote> и <quote>BUILTIN</quote>." + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "<option>-?</option>,<option>--help</option>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "Показать справочное сообщение и выйти." + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "<option>-h</option>,<option>--help</option>" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" +"В SSSD предусмотрены два представления для указания уровня отладки. Более " +"простое представление позволяет указать десятичное значение в диапазоне от 0 " +"до 9, которое будет включать соответствующий уровень и все более низкие " +"уровни сообщений отладки. Более сложное представление позволяет указать " +"шестнадцатеричную битовую маску для включения или отключения (подавления) " +"отдельных уровней." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" +"Обратите внимание, что каждая служба SSSD ведёт журнал в своём собственном " +"файле. Также следует учитывать, что включение параметра <quote>debug_level</" +"quote> в разделе <quote>[sssd]</quote> включает отладку только для самого " +"процесса sssd, а не для процессов ответчика или поставщика данных. Параметр " +"<quote>debug_level</quote> следует добавить во все разделы, для которых " +"требуется создать журналы отладки." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" +"Уровень отладки можно изменить не только с помощью параметра " +"<quote>debug_level</quote> в файле конфигурации (этот параметр является " +"постоянным, но требует перезапуска SSSD), но и «на лету», с помощью " +"инструмента <citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10 +msgid "Currently supported debug levels:" +msgstr "В настоящее время поддерживаются следующие уровни отладки:" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: фатальные ошибки. Всё, " +"что не позволяет выполнить запуск SSSD или вызывает прекращение работы " +"сервиса." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill SSSD, but one that indicates that at least one major " +"feature is not going to work properly." +msgstr "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: критические ошибки. " +"Ошибка, которая не прекращает работу SSSD, но означает, что как минимум одна " +"важная функциональная возможность не будет работать надлежащим образом." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: серьёзные ошибки. " +"Ошибка, которая сообщает о завершении неудачей определённого запроса или " +"действия." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: незначительные ошибки. " +"Это ошибки, которые могут стать причиной ошибок 2-го уровня (ошибок при " +"выполнении действий)." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: параметры конфигурации." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: данные функций." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: сообщения трассировки " +"для функций действий." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: сообщения трассировки " +"для функций внутреннего управления." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: содержимое внутренних " +"переменных функций, которое может представлять интерес." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: информация трассировки " +"крайне низкого уровня." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x20000</emphasis>: Performance and " +"statistical data, please note that due to the way requests are processed " +"internally the logged execution time of a request might be longer than it " +"actually was." +msgstr "" +"<emphasis>9</emphasis>, <emphasis>0x20000</emphasis>: быстродействие и " +"статистические данные. Пожалуйста, обратите внимание, что из-за способа " +"обработки запросов на внутреннем уровне, записанное в журнал время " +"выполнения запроса может быть больше, чем оно было на самом деле." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:88 include/debug_levels_tools.xml:62 +msgid "" +"<emphasis>10</emphasis>, <emphasis>0x10000</emphasis>: Even more low-level " +"libldb tracing information. Almost never really required." +msgstr "" +"<emphasis>10</emphasis>, <emphasis>0x10000</emphasis>: информация " +"трассировки libldb ещё более низкого уровня. Практически никогда не " +"требуется." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:93 include/debug_levels_tools.xml:67 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" +"Чтобы выполнять ведение журнала для необходимых уровней отладки, указанных в " +"представлении битовых масок, просто сложите их номера, как показано в " +"следующих примерах:" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:97 include/debug_levels_tools.xml:71 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" +"<emphasis>Пример</emphasis>: используйте 0x0270, чтобы вести журнал данных " +"фатальных ошибок, критических ошибок, серьёзных ошибок и данных функций." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:101 include/debug_levels_tools.xml:75 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" +"<emphasis>Пример</emphasis>: используйте 0x1310, чтобы вести журнал данных " +"фатальных ошибок, параметров конфигурации, данных функций, сообщений " +"трассировки для функций внутреннего управления." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:106 include/debug_levels_tools.xml:80 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" +"<emphasis>Примечание</emphasis>: формат битовых масок уровней отладки был " +"введён в версии 1.7.0." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:110 include/debug_levels_tools.xml:84 +msgid "" +"<emphasis>Default</emphasis>: 0x0070 (i.e. fatal, critical and serious " +"failures; corresponds to setting 2 in decimal notation)" +msgstr "" +"<emphasis>По умолчанию</emphasis>: 0x0070 (то есть фатальные, критические и " +"серьёзные ошибки; соответствует указанию значения «2» в десятичной записи)" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "ЛОКАЛЬНЫЙ ДОМЕН" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" +"Для корректной работы необходимо создать домен с <quote>id_provider=local</" +"quote> и запустить SSSD." + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" +"Администратор может отдать предпочтение использованию локальных записей " +"пользователей SSSD вместо традиционных записей пользователей UNIX, когда для " +"работы требуется вложенность групп (см. <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>). Записи локальных пользователей также позволяют выполнить " +"тестирование и разработку SSSD без необходимости развёртывания полного " +"удалённого сервера. Инструменты <command>sss_user*</command> и " +"<command>sss_group*</command> используют локальное хранилище данных LDB для " +"хранения записей пользователей и групп." + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +#, fuzzy +#| msgid "" +#| "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</" +#| "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +#| "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +#| "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +#| "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +#| "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +#| "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +#| "citerefentry>, <citerefentry> <refentrytitle>sssd-files</" +#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +#| "condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +#| "<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +#| "<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +#| "citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +#| "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +#| "citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +#| "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +#| "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> " +#| "<citerefentry> <refentrytitle>sss_ssh_authorizedkeys</refentrytitle> " +#| "<manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +#| "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +#| "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +#| "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry>, </phrase> <citerefentry> " +#| "<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </" +#| "citerefentry>. <citerefentry> <refentrytitle>sss_rpcidmapd</" +#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> <phrase " +#| "condition=\"with_stap\"> <citerefentry> <refentrytitle>sssd-systemtap</" +#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> </phrase>" +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ldap-attributes</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ad</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +"condition=\"with_files_provider\"> <citerefentry> <refentrytitle>sssd-files</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, </phrase> <phrase " +"condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +"<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> " +"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> </phrase>" +msgstr "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-files</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +"condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +"<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> " +"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> </phrase>" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" +"Необязательное base DN, область поиска и фильтр LDAP для ограничения поисков " +"LDAP для этого типа атрибутов." + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "синтаксис: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" +"Значением области может быть одно из следующих: «base», «onelevel» или " +"«subtree». Описание работы области доступно в разделе 4.5.1.2 http://tools." +"ietf.org/html/rfc4511" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" +"Примеры синтаксиса доступны в разделе примеров <quote>ldap_search_base</" +"quote>." + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" +"Обратите внимание, что указание области или фильтра не поддерживается для " +"поиска на сервере Active Directory; он может привести к получению большого " +"количества результатов и активировать расширение получения диапазонов (Range " +"Retrieval) в ответе." + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" +"Следует учитывать, что средство автоматического монтирования выполняет " +"чтение основной карты только при запуске, поэтому в случае внесения каких-" +"либо изменений, связанных с autofs, в файл sssd.conf, обычно также " +"потребуется перезапустить внутреннюю службу автоматического монтирования " +"после перезапуска SSSD." + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "override_homedir (строка)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "номер UID" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "имя домена" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "%f" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "полное имя пользователя (user@domain)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:27 +msgid "%l" +msgstr "%l" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "The first letter of the login name." +msgstr "Первая буква имени для входа." + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:32 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "UPN — имя участника-пользователя (name@REALM)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:35 +msgid "%o" +msgstr "%o" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:37 +msgid "The original home directory retrieved from the identity provider." +msgstr "" +"Исходный домашний каталог, полученный от поставщика данных идентификации." + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:44 +msgid "" +"The original home directory retrieved from the identity provider, but in " +"lower case." +msgstr "" +"Исходный домашний каталог, полученный от поставщика данных идентификации, но " +"в нижнем регистре." + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:49 +msgid "%H" +msgstr "%H" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:51 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" +"Значение параметра конфигурации <emphasis>homedir_substring</emphasis>." + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Переопределить домашний каталог пользователя. Можно указать либо абсолютное " +"значение, либо шаблон. В шаблоне заменяются следующие последовательности: " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:63 +msgid "This option can also be set per-domain." +msgstr "Этот параметр также можно задать для каждого домена отдельно." + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:68 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" +"override_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:72 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" +"По умолчанию: не задано (SSSD будет использовать значение, полученное от " +"LDAP)" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:76 +msgid "" +"Please note, the home directory from a specific override for the user, " +"either locally (see <citerefentry><refentrytitle>sss_override</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry>) or centrally managed " +"IPA id-overrides, has a higher precedence and will be used instead of the " +"value given by override_homedir." +msgstr "" +"Обратите внимание, что домашний каталог из конкретного переопределения для " +"пользователя, локально (см. <citerefentry><refentrytitle>sss_override</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry>) или централизованно " +"управляемых переопределений идентификаторов IPA, обладает более высоким " +"приоритетом и будет использоваться вместо значения, указанного с помощью " +"override_homedir." + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "homedir_substring (строка)" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" +"Значение этого параметра будет использоваться в расширении параметра " +"<emphasis>override_homedir</emphasis>, если шаблон содержит строку формата " +"<emphasis>%H</emphasis>. Запись каталога LDAP может непосредственно " +"содержать этот шаблон, поэтому этот параметр можно использовать для " +"расширения пути домашнего каталога для каждого клиентского компьютера (или " +"операционной системы). Его можно задать для отдельного домена или глобально " +"в разделе [nss]. Значение, указанное в разделе домена, переопределит то " +"значение, которое задано в разделе [nss]." + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "По умолчанию: /home" + +#. type: Content of: <refsect1><title> +#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2 +msgid "MODIFIED DEFAULT OPTIONS" +msgstr "ИЗМЕНЁННЫЕ СТАНДАРТНЫЕ ПАРАМЕТРЫ" + +#. type: Content of: <refsect1><para> +#: include/ad_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and AD provider-specific defaults are listed " +"below:" +msgstr "" +"Некоторые стандартные значения параметров не соответствуют стандартным " +"значениям параметров соответствующего внутреннего поставщика данных. Имена " +"этих параметров и специфичные для поставщика данных AD стандартные значения " +"параметров перечислены ниже:" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9 +msgid "KRB5 Provider" +msgstr "Поставщик данных KRB5" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13 +msgid "krb5_validate = true" +msgstr "krb5_validate = true" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:18 +msgid "krb5_use_enterprise_principal = true" +msgstr "krb5_use_enterprise_principal = true" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:24 +msgid "LDAP Provider" +msgstr "Поставщик данных LDAP" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:28 +msgid "ldap_schema = ad" +msgstr "ldap_schema = ad" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38 +msgid "ldap_force_upper_case_realm = true" +msgstr "ldap_force_upper_case_realm = true" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:38 +msgid "ldap_id_mapping = true" +msgstr "ldap_id_mapping = true" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSS-SPNEGO" +msgstr "ldap_sasl_mech = GSS-SPNEGO" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:48 +msgid "ldap_referrals = false" +msgstr "ldap_referrals = false" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ad" +msgstr "ldap_account_expire_policy = ad" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58 +msgid "ldap_use_tokengroups = true" +msgstr "ldap_use_tokengroups = true" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:63 +msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)" +msgstr "ldap_sasl_authid = sAMAccountName@REALM (обычно SHORTNAME$@REALM)" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:66 +msgid "" +"The AD provider looks for a different principal than the LDAP provider by " +"default, because in an Active Directory environment the principals are " +"divided into two groups - User Principals and Service Principals. Only User " +"Principal can be used to obtain a TGT and by default, computer object's " +"principal is constructed from its sAMAccountName and the AD realm. The well-" +"known host/hostname@REALM principal is a Service Principal and thus cannot " +"be used to get a TGT with." +msgstr "" +"Поставщик данных AD по умолчанию выполняет поиск других записей участников, " +"чем поставщик LDAP, потому что в окружении Active Directory участники " +"делятся на две группы: участники-пользователи и участники-службы. Для " +"получения TGT может использоваться только запись участника-пользователя, и " +"по умолчанию записи участников — объектов компьютеров создаются из их " +"sAMAccountName и области AD. Известный участник host/hostname@REALM является " +"участником-службой и, следовательно, не может использоваться для получения " +"TGT." + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:80 +msgid "NSS configuration" +msgstr "Настройка NSS" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:84 +msgid "fallback_homedir = /home/%d/%u" +msgstr "fallback_homedir = /home/%d/%u" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:87 +msgid "" +"The AD provider automatically sets \"fallback_homedir = /home/%d/%u\" to " +"provide personal home directories for users without the homeDirectory " +"attribute. If your AD Domain is properly populated with Posix attributes, " +"and you want to avoid this fallback behavior, you can explicitly set " +"\"fallback_homedir = %o\"." +msgstr "" +"Поставщик данных AD автоматически устанавливает «fallback_homedir = /home/%d/" +"%u», чтобы предоставить личные домашние каталоги для пользователей без " +"атрибута homeDirectory. Если домен AD надлежащим образом заполнен атрибутами " +"POSIX и требуется предотвратить такое поведение в качестве резервного, можно " +"явно указать «fallback_homedir = %o»." + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:96 +msgid "" +"Note that the system typically expects a home directory in /home/%u folder. " +"If you decide to use a different directory structure, some other parts of " +"your system may need adjustments." +msgstr "" +"Обратите внимание: система обычно ожидает, что домашний каталог будет в " +"папке /home/%u. Если принято решение использовать другую структуру каталога, " +"может потребоваться настроить некоторые другие части системы." + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:102 +msgid "" +"For example automated creation of home directories in combination with " +"selinux requires selinux adjustment, otherwise the home directory will be " +"created with wrong selinux context." +msgstr "" +"Например, автоматическое создание домашних каталогов в сочетании с SELinux " +"потребует настройки параметров SELinux; в ином случае домашний каталог будет " +"создан с неверным контекстом SELinux." + +#. type: Content of: <refsect1><para> +#: include/ipa_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and IPA provider-specific defaults are listed " +"below:" +msgstr "" +"Некоторые стандартные значения параметров не соответствуют стандартным " +"значениям параметров соответствующего внутреннего поставщика данных. Имена " +"этих параметров и специфичные для поставщика данных IPA стандартные значения " +"параметров перечислены ниже:" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:18 +msgid "krb5_use_fast = try" +msgstr "krb5_use_fast = try" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:23 +msgid "krb5_canonicalize = true" +msgstr "krb5_canonicalize = true" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:29 +msgid "LDAP Provider - General" +msgstr "Поставщик данных LDAP — Общие параметры" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:33 +msgid "ldap_schema = ipa_v1" +msgstr "ldap_schema = ipa_v1" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSSAPI" +msgstr "ldap_sasl_mech = GSSAPI" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:48 +msgid "ldap_sasl_minssf = 56" +msgstr "ldap_sasl_minssf = 56" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ipa" +msgstr "ldap_account_expire_policy = ipa" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:64 +msgid "LDAP Provider - User options" +msgstr "Поставщик данных LDAP — Параметры пользователей" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:68 +msgid "ldap_user_member_of = memberOf" +msgstr "ldap_user_member_of = memberOf" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:73 +msgid "ldap_user_uuid = ipaUniqueID" +msgstr "ldap_user_uuid = ipaUniqueID" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:78 +msgid "ldap_user_ssh_public_key = ipaSshPubKey" +msgstr "ldap_user_ssh_public_key = ipaSshPubKey" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:83 +msgid "ldap_user_auth_type = ipaUserAuthType" +msgstr "ldap_user_auth_type = ipaUserAuthType" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:89 +msgid "LDAP Provider - Group options" +msgstr "Поставщик данных LDAP — Параметры групп" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:93 +msgid "ldap_group_object_class = ipaUserGroup" +msgstr "ldap_group_object_class = ipaUserGroup" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:98 +msgid "ldap_group_object_class_alt = posixGroup" +msgstr "ldap_group_object_class_alt = posixGroup" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:103 +msgid "ldap_group_member = member" +msgstr "ldap_group_member = member" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:108 +msgid "ldap_group_uuid = ipaUniqueID" +msgstr "ldap_group_uuid = ipaUniqueID" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:113 +msgid "ldap_group_objectsid = ipaNTSecurityIdentifier" +msgstr "ldap_group_objectsid = ipaNTSecurityIdentifier" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:118 +msgid "ldap_group_external_member = ipaExternalMember" +msgstr "ldap_group_external_member = ipaExternalMember" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:3 +msgid "krb5_auth_timeout (integer)" +msgstr "krb5_auth_timeout (целое число)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:6 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" +"Тайм-аут в секундах после прерывания запроса проверки подлинности или смены " +"пароля в сетевом режиме. Обработка запроса проверки подлинности будет " +"продолжена в автономном режиме, если это возможно." + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:17 +msgid "krb5_validate (boolean)" +msgstr "krb5_validate (логическое значение)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:20 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" +"Проверить с помощью krb5_keytab, что полученный TGT не был подменён. " +"Проверка записей в таблице ключей выполняется последовательно, для проверки " +"действительности используется первая запись с соответствующей областью. Если " +"области не соответствует ни одна из записей, используется последняя запись в " +"таблице ключей. Этот процесс можно использовать для проверки сред, где " +"используются межобластные отношения доверия, поместив соответствующую запись " +"таблицы ключей в качестве последней или единственной записи в файле таблицы " +"ключей." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:29 +msgid "Default: false (IPA and AD provider: true)" +msgstr "По умолчанию: false (для поставщиков данных IPA и AD: true)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:32 +msgid "" +"Please note that the ticket validation is the first step when checking the " +"PAC (see 'pac_check' in the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page for " +"details). If ticket validation is disabled the PAC checks will be skipped as " +"well." +msgstr "" +"Обратите внимание, что проверка билета — это первый шаг при проверке PAC " +"(дополнительные сведения доступны в описании параметра «pac_check» на " +"справочной странице <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>). Если проверка билета отключена, " +"проверки PAC также будут пропущены." + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:44 +msgid "krb5_renewable_lifetime (string)" +msgstr "krb5_renewable_lifetime (строка)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:47 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" +"Запросить обновляемый билет с общим временем жизни, указанным как целое " +"число, сразу после которого следует единица измерения времени:" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:52 include/krb5_options.xml:86 +#: include/krb5_options.xml:123 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "<emphasis>s</emphasis> для секунд" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:55 include/krb5_options.xml:89 +#: include/krb5_options.xml:126 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "<emphasis>m</emphasis> для минут" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:58 include/krb5_options.xml:92 +#: include/krb5_options.xml:129 +msgid "<emphasis>h</emphasis> for hours" +msgstr "<emphasis>h</emphasis> для часов" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:61 include/krb5_options.xml:95 +#: include/krb5_options.xml:132 +msgid "<emphasis>d</emphasis> for days." +msgstr "<emphasis>d</emphasis> для дней." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:64 include/krb5_options.xml:135 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" +"Если единица измерения не указана, предполагается, что используется значение " +"<emphasis>s</emphasis>." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:68 include/krb5_options.xml:139 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" +"ПРИМЕЧАНИЕ: единицы измерения нельзя смешивать. Чтобы установить обновляемое " +"время жизни равным полутора часам, укажите «90m», а не «1h30m»." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:73 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "По умолчанию: не задано, то есть TGT не является обновляемым" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:79 +msgid "krb5_lifetime (string)" +msgstr "krb5_lifetime (строка)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:82 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" +"Запросить билет с временем жизни, указанным как целое число, сразу после " +"которого следует единица измерения времени:" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:98 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" +"Если единица измерения не указана, предполагается, что используется значение " +"<emphasis>s</emphasis>." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:102 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" +"ПРИМЕЧАНИЕ: единицы измерения нельзя смешивать. Чтобы установить время жизни " +"равным полутора часам, укажите «90m», а не «1h30m»." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:107 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" +"По умолчанию: не задано, то есть стандартное время жизни билета, настроенное " +"в параметрах KDC." + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:114 +msgid "krb5_renew_interval (string)" +msgstr "krb5_renew_interval (строка)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:117 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" +"Время в секундах между двумя проверками того, следует ли обновить TGT. " +"Обновление TGT выполняется в том случае, если прошла примерно половина " +"времени жизни билета, указанного как целое число, сразу после которого " +"следует единица измерения времени:" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:144 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" +"Если этот параметр не указан или установлен в значение «0», автоматическое " +"обновление отключено." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:157 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" +"Позволяет указать, следует ли приводить в каноническую форму имя участника-" +"узла и участника-пользователя. Эта возможность доступна в MIT Kerberos 1.7 и " +"выше." + +#, fuzzy +#~| msgid "This option is not available in IPA provider." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "Этот параметр недоступен в поставщике данных IPA." + +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "" +#~ "Определяет, следует ли также кэшировать учётные данные пользователя в " +#~ "локальном кэше LDB" + +#~ msgid "User credentials are stored in a SHA512 hash, not in plaintext" +#~ msgstr "" +#~ "Учётные данные пользователя хранятся в хэше SHA512, а не в виде простого " +#~ "текста" + +#~ msgid "" +#~ "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +#~ "which translates to \"the name is everything up to the <quote>@</quote> " +#~ "sign, the domain everything after that\"" +#~ msgstr "" +#~ "По умолчанию: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</" +#~ "quote>, что означает «имя — это всё, что предшествует знаку <quote>@</" +#~ "quote>, домен — всё, что идёт после этого знака»" + +#~ msgid "" +#~ "The difference between these options is the action taken if user password " +#~ "is expired: pwd_expire_policy_reject - user is denied to log in, " +#~ "pwd_expire_policy_warn - user is still able to log in, " +#~ "pwd_expire_policy_renew - user is prompted to change his password " +#~ "immediately." +#~ msgstr "" +#~ "Разница между этими параметрами заключается в том действии, которое " +#~ "выполняется, если срок действия пароля пользователя истёк: " +#~ "pwd_expire_policy_reject — пользователю запрещён вход, " +#~ "pwd_expire_policy_warn — пользователю всё ещё разрешён вход, " +#~ "pwd_expire_policy_renew — пользователю предлагается немедленно сменить " +#~ "пароль." + +#~ msgid "" +#~ "Note If user password is expired no explicit message is prompted by SSSD." +#~ msgstr "" +#~ "Обратите внимание, что при истечении срока действия пароля от SSSD не " +#~ "поступит запрос с явным уведомлением." + +#~ msgid "The LDAP attribute that corresponds to the group name." +#~ msgstr "Атрибут LDAP, соответствующий имени группы." + +#~ msgid "" +#~ "<emphasis> This is an experimental feature, please use https://github.com/" +#~ "SSSD/sssd/ to report any issues. </emphasis>" +#~ msgstr "" +#~ "<emphasis> Это экспериментальная возможность. Если возникнут проблемы в " +#~ "работе, сообщите о них здесь: https://github.com/SSSD/sssd/. </emphasis>" + +#~ msgid "" +#~ "Apply additional checks on the PAC of the Kerberos ticket which is " +#~ "available in Active Directory and FreeIPA domains, if configured. The " +#~ "following options can be used alone or in a comma-separated list: " +#~ "<placeholder type=\"variablelist\" id=\"0\"/>" +#~ msgstr "" +#~ "Применить дополнительные проверки PAC билета Kerberos, который, если " +#~ "настроен, доступен в доменах Active Directory и FreeIPA. Указанные ниже " +#~ "параметры можно использовать отдельно или в виде списка параметров, " +#~ "разделенного запятыми: <placeholder type=\"variablelist\" id=\"0\"/>" + +#~ msgid "" +#~ "NOTE: Some Active Directory groups, typically those used for MS Exchange " +#~ "contain an <quote>@</quote> sign in the name, which clashes with the " +#~ "default re_expression value for the AD and IPA providers. To support " +#~ "these groups, consider changing the re_expression value to: <quote>((?" +#~ "P<name>.+)@(?P<domain>[^@]+$))</quote>." +#~ msgstr "" +#~ "ПРИМЕЧАНИЕ: имена некоторых групп Active Directory (как правило, тех, " +#~ "которые используются для MS Exchange) содержат символ <quote>@</quote>, " +#~ "что конфликтует со стандартным значением re_expression для поставщиков " +#~ "данных AD и IPA. Чтобы обеспечить поддержку этих групп, рекомендуется " +#~ "изменить значение re_expression на <quote>((?P<name>.+)@(?P<" +#~ "domain>[^@]+$))</quote>." + +#~ msgid "" +#~ "Specifies the upper bound of the range of POSIX IDs to use for mapping " +#~ "Active Directory user and group SIDs." +#~ msgstr "" +#~ "Указывает верхнюю границу диапазона идентификаторов POSIX, которые " +#~ "следует использовать для сопоставления SID пользователей и групп Active " +#~ "Directory." + +#~ msgid "sssd-secrets" +#~ msgstr "sssd-secrets" + +#~ msgid "SSSD Secrets responder" +#~ msgstr "Ответчик секретов SSSD" + +#~ msgid "" +#~ "This manual page describes the configuration of the Secrets responder for " +#~ "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +#~ "manvolnum> </citerefentry>. For a detailed syntax reference, refer to " +#~ "the <quote>FILE FORMAT</quote> section of the <citerefentry> " +#~ "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +#~ "citerefentry> manual page." +#~ msgstr "" +#~ "На этой справочной странице представлено описание настройки ответчика " +#~ "секретов для <citerefentry> <refentrytitle>sssd</refentrytitle> " +#~ "<manvolnum>8</manvolnum> </citerefentry>. Подробные сведения о " +#~ "синтаксисе доступны в разделе <quote>ФОРМАТ ФАЙЛА</quote> справочной " +#~ "страницы <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +#~ "<manvolnum>5</manvolnum> </citerefentry>." + +#~ msgid "" +#~ "Many system and user applications need to store private information such " +#~ "as passwords or service keys and have no good way to properly deal with " +#~ "them. The simple approach is to embed these <quote>secrets</quote> into " +#~ "configuration files potentially ending up exposing sensitive key material " +#~ "to backups, config management system and in general making it harder to " +#~ "secure data." +#~ msgstr "" +#~ "Многим системным и пользовательским приложениям требуется сохранять " +#~ "конфиденциальные данные, такие как пароли или ключи служб, но в них не " +#~ "предусмотрено способов выполнения этой задачи надлежащим образом. Простое " +#~ "решение — встроить эти <quote>секреты</quote> в файлы конфигурации, что " +#~ "потенциально может привести к попаданию чувствительных данных ключей в " +#~ "резервные копии, систему управления конфигурацией, а также в целом " +#~ "осложняет защиту данных." + +#~ msgid "" +#~ "The <ulink url=\"https://github.com/latchset/custodia\">custodia</ulink> " +#~ "project was born to deal with this problem in cloud like environments, " +#~ "but we found the idea compelling even at a single system level. As a " +#~ "security service, SSSD is ideal to host this capability while offering " +#~ "the same API via a UNIX Socket. This will make it possible to use local " +#~ "calls and have them transparently routed to a local or a remote key " +#~ "management store like IPA Vault for storage, escrow and recovery." +#~ msgstr "" +#~ "Проект <ulink url=\"https://github.com/latchset/custodia\">custodia</" +#~ "ulink> изначально разрабатывался для решения этой задачи в облачной " +#~ "среде, но созданное решение можно применить и на уровне отдельной " +#~ "системы. Как служба безопасности, SSSD идеально подходит для реализации " +#~ "такой возможности, вместе с тем предоставляя тот же программный интерфейс " +#~ "посредством сокета UNIX. Благодаря этому возможно использовать локальные " +#~ "вызовы и прозрачно перенаправлять их в локальное или удалённое хранилище " +#~ "управления ключами (например, IPA Vault) для хранения, депонирования и " +#~ "восстановления данных." + +#~ msgid "" +#~ "The secrets are simple key-value pairs. Each user's secrets are " +#~ "namespaced using their user ID, which means the secrets will never " +#~ "collide between users. Secrets can be stored inside <quote>containers</" +#~ "quote> which can be nested." +#~ msgstr "" +#~ "Секреты — это простые пары «ключ — значение». Секреты каждого " +#~ "пользователя располагаются в пространстве имён с использованием " +#~ "соответствующего идентификатора пользователя, поэтому секреты разных " +#~ "пользователей никогда не будут конфликтовать друг с другом. Секреты можно " +#~ "хранить в <quote>контейнерах</quote>, которые могут быть вложенными." + +#~ msgid "secrets" +#~ msgstr "secrets" + +#~ msgid "secrets for general usage" +#~ msgstr "секреты для общего использования" + +#~ msgid "kcm" +#~ msgstr "kcm" + +#~ msgid "" +#~ "used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> " +#~ "<manvolnum>8</manvolnum> </citerefentry> service." +#~ msgstr "" +#~ "используется службой <citerefentry> <refentrytitle>sssd-kcm</" +#~ "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>." + +#~ msgid "" +#~ "Since the secrets responder can be used both externally to store general " +#~ "secrets, as described in the rest of this man page, but also internally " +#~ "by other SSSD components to store their secret material, some " +#~ "configuration options, like quotas can be configured per <quote>hive</" +#~ "quote> in a configuration subsection named after the hive. The currently " +#~ "supported hives are: <placeholder type=\"variablelist\" id=\"0\"/>" +#~ msgstr "" +#~ "Так как ответчик секретов может использоваться и извне (для хранения " +#~ "общих секретов, как описано в остальной части этой справочной страницы), " +#~ "и внутри (другими компонентами SSSD для хранения собственных секретов), " +#~ "некоторые параметры конфигурации, такие как квоты, можно настроить для " +#~ "отдельного <quote>куста</quote> в подразделе конфигурации с именем, " +#~ "соответствующим кусту. В настоящее время поддерживаются следующие кусты: " +#~ "<placeholder type=\"variablelist\" id=\"0\"/>" + +#~ msgid "USING THE SECRETS RESPONDER" +#~ msgstr "ИСПОЛЬЗОВАНИЕ ОТВЕТЧИКА СЕКРЕТОВ" + +#~ msgid "" +#~ "The UNIX socket the SSSD responder listens on is located at <filename>/" +#~ "var/run/secrets.socket</filename>." +#~ msgstr "" +#~ "Сокет UNIX, на котором ожидает передачи данных ответчик SSSD, расположен " +#~ "здесь: <filename>/var/run/secrets.socket</filename>." + +#, no-wrap +#~ msgid "" +#~ "systemctl start sssd-secrets.socket\n" +#~ "systemctl enable sssd-secrets.socket\n" +#~ "systemctl enable sssd-secrets.service\n" +#~ " " +#~ msgstr "" +#~ "systemctl start sssd-secrets.socket\n" +#~ "systemctl enable sssd-secrets.socket\n" +#~ "systemctl enable sssd-secrets.service\n" +#~ " " + +#~ msgid "" +#~ "The secrets responder is socket-activated by <citerefentry> " +#~ "<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +#~ "citerefentry>. Unlike other SSSD responders, it cannot be started by " +#~ "adding the <quote>secrets</quote> string to the <quote>service</quote> " +#~ "directive. The systemd socket unit is called <quote>sssd-secrets.socket</" +#~ "quote> and the corresponding service file is called <quote>sssd-secrets." +#~ "service</quote>. In order for the service to be socket-activated, make " +#~ "sure the socket is enabled and active and the service is enabled: " +#~ "<placeholder type=\"programlisting\" id=\"0\"/> Please note your " +#~ "distribution may already configure the units for you." +#~ msgstr "" +#~ "Ответчик секретов активируется <citerefentry> <refentrytitle>systemd</" +#~ "refentrytitle> <manvolnum>1</manvolnum> </citerefentry> с помощью сокета. " +#~ "В отличие от других ответчиков SSSD, его нельзя запустить, добавив " +#~ "строку <quote>secrets</quote> к инструкции <quote>service</quote>. " +#~ "Модуль сокета systemd называется <quote>sssd-secrets.socket</quote>, а " +#~ "соответствующий файл службы — <quote>sssd-secrets.service</quote>. Чтобы " +#~ "службу можно было активировать с помощью сокета, следует включить и " +#~ "активировать сокет, а также включить службу: <placeholder " +#~ "type=\"programlisting\" id=\"0\"/> Обратите внимание, что в дистрибутиве " +#~ "уже может быть выполнена соответствующая настройка модулей." + +#~ msgid "" +#~ "The generic SSSD responder options such as <quote>debug_level</quote> or " +#~ "<quote>fd_limit</quote> are accepted by the secrets responder. Please " +#~ "refer to the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +#~ "<manvolnum>5</manvolnum> </citerefentry> manual page for a complete list. " +#~ "In addition, there are some secrets-specific options as well." +#~ msgstr "" +#~ "Ответчику секретов SSSD можно передавать типовые параметры ответчика " +#~ "SSSD, такие как <quote>debug_level</quote> или<quote>fd_limit</quote> " +#~ "Полный список параметров доступен на справочной странице <citerefentry> " +#~ "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +#~ "citerefentry>. Кроме того, предусмотрено несколько специфичных для " +#~ "секретов параметров." + +#~ msgid "" +#~ "The secrets responder is configured with a global <quote>[secrets]</" +#~ "quote> section and an optional per-user <quote>[secrets/users/$uid]</" +#~ "quote> section in <filename>sssd.conf</filename>. Please note that some " +#~ "options, notably as the provider type, can only be specified in the per-" +#~ "user subsections." +#~ msgstr "" +#~ "Ответчик секретов настраивается в глобальном разделе <quote>[secrets]</" +#~ "quote> и (необязательно) для отдельных пользователей в разделе " +#~ "<quote>[secrets/users/$uid]</quote> файла <filename>sssd.conf</filename>. " +#~ "Обратите внимание, что некоторые параметры (яркий пример — тип поставщика " +#~ "данных) можно указать только в подразделах отдельных пользователей." + +#~ msgid "provider (string)" +#~ msgstr "provider (строка)" + +#~ msgid "local" +#~ msgstr "local" + +#~ msgid "" +#~ "The secrets are stored in a local database, encrypted at rest with a " +#~ "master key. The local provider does not have any additional config " +#~ "options at the moment." +#~ msgstr "" +#~ "Секреты хранятся в локальной базе данных, зашифрованные в неактивном " +#~ "состоянии с помощью главного ключа. В настоящее время для локального " +#~ "поставщика данных не предусмотрено каких-либо дополнительных параметров " +#~ "конфигурации." + +#~ msgid "proxy" +#~ msgstr "proxy" + +#~ msgid "" +#~ "The secrets responder forwards the requests to a Custodia server. The " +#~ "proxy provider supports several additional options (see below)." +#~ msgstr "" +#~ "Ответчик секретов перенаправляет запросы серверу Custodia. Для поставщика " +#~ "данных прокси предусмотрено несколько дополнительных параметров (см. " +#~ "ниже)." + +#~ msgid "" +#~ "This option specifies where should the secrets be stored. The secrets " +#~ "responder can configure a per-user subsections (e.g. <quote>[secrets/" +#~ "users/123]</quote> - see bottom of this manual page for a full example " +#~ "using Custodia for a particular user) that define which provider store " +#~ "the secrets for this particular user. The per-user subsections should " +#~ "contain all options for that user's provider. Please note that currently " +#~ "the global provider is always local, the proxy provider can only be " +#~ "specified in a per-user section. The following providers are supported: " +#~ "<placeholder type=\"variablelist\" id=\"0\"/>" +#~ msgstr "" +#~ "Этот параметр позволяет указать, где должны храниться секреты. Ответчик " +#~ "секретов может настроить подразделы для отдельных пользователей " +#~ "(например, <quote>[secrets/users/123]</quote> — полный пример " +#~ "использования Custodia для отдельного пользователя доступен в нижней " +#~ "части этой справочной страницы), которые определяют, какой поставщик " +#~ "хранит секреты для конкретного пользователя. Подразделы для отдельных " +#~ "пользователей должны содержать все параметры для поставщика данных этого " +#~ "пользователя. Обратите внимание, что в настоящее время глобальный " +#~ "поставщик данных всегда является локальным, поставщик данных прокси может " +#~ "быть указан только в разделе отдельного пользователя. Поддерживаются " +#~ "следующие поставщики данных: <placeholder type=\"variablelist\" id=\"0\"/>" + +#~ msgid "Default: local" +#~ msgstr "По умолчанию: local" + +#~ msgid "" +#~ "The following options affect only the secrets <quote>hive</quote> and " +#~ "therefore should be set in a per-hive subsection. Setting the option to 0 " +#~ "means \"unlimited\"." +#~ msgstr "" +#~ "Следующие параметры влияют только на <quote>куст</quote> секретов и, " +#~ "следовательно, должны настраиваться для подраздела отдельного куста. " +#~ "Указание значения «0» означает отсутствие ограничений." + +#~ msgid "containers_nest_level (integer)" +#~ msgstr "containers_nest_level (целое число)" + +#~ msgid "" +#~ "This option specifies the maximum allowed number of nested containers." +#~ msgstr "" +#~ "Этот параметр позволяет указать максимально допустимое количество " +#~ "вложенных контейнеров." + +#~ msgid "Default: 4" +#~ msgstr "По умолчанию: 4" + +#~ msgid "max_secrets (integer)" +#~ msgstr "max_secrets (целое число)" + +#~ msgid "" +#~ "This option specifies the maximum number of secrets that can be stored in " +#~ "the hive." +#~ msgstr "" +#~ "Этот параметр позволяет указать максимальное количество секретов, которое " +#~ "можно хранить в кусте." + +#~ msgid "Default: 1024 (secrets hive), 256 (kcm hive)" +#~ msgstr "По умолчанию: 1024 (куст секретов), 256 (куст kcm)" + +#~ msgid "max_uid_secrets (integer)" +#~ msgstr "max_uid_secrets (целое число)" + +#~ msgid "" +#~ "This option specifies the maximum number of secrets that can be stored " +#~ "per-UID in the hive." +#~ msgstr "" +#~ "Этот параметр позволяет указать максимальное количество секретов, которое " +#~ "можно хранить в кусте для отдельного UID." + +#~ msgid "Default: 256 (secrets hive), 64 (kcm hive)" +#~ msgstr "По умолчанию: 256 (куст секретов), 64 (куст kcm)" + +#~ msgid "max_payload_size (integer)" +#~ msgstr "max_payload_size (целое число)" + +#~ msgid "" +#~ "This option specifies the maximum payload size allowed for a secret " +#~ "payload in kilobytes." +#~ msgstr "" +#~ "Этот параметр позволяет указать максимально допустимый размер полезных " +#~ "данных секрета в килобайтах." + +#~ msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)" +#~ msgstr "По умолчанию: 16 (куст секретов), 65536 (64 МиБ) (куст kcm)" + +#, no-wrap +#~ msgid "" +#~ "[secrets/secrets]\n" +#~ "max_payload_size = 128\n" +#~ "\n" +#~ "[secrets/kcm]\n" +#~ "max_payload_size = 256\n" +#~ " " +#~ msgstr "" +#~ "[secrets/secrets]\n" +#~ "max_payload_size = 128\n" +#~ "\n" +#~ "[secrets/kcm]\n" +#~ "max_payload_size = 256\n" +#~ " " + +#~ msgid "" +#~ "For example, to adjust quotas differently for both the <quote>secrets</" +#~ "quote> and the <quote>kcm</quote> hives, configure the following: " +#~ "<placeholder type=\"programlisting\" id=\"0\"/>" +#~ msgstr "" +#~ "Например, чтобы по-разному настроить квоты для кустов <quote>secrets</" +#~ "quote> и <quote>kcm</quote>, укажите следующее: <placeholder " +#~ "type=\"programlisting\" id=\"0\"/>" + +#~ msgid "" +#~ "The following options are only applicable for configurations that use the " +#~ "<quote>proxy</quote> provider." +#~ msgstr "" +#~ "Следующие параметры применимы только для конфигураций, где используется " +#~ "поставщик данных <quote>прокси</quote>." + +#~ msgid "proxy_url (string)" +#~ msgstr "proxy_url (строка)" + +#~ msgid "" +#~ "The URL the Custodia server is listening on. At the moment, http and " +#~ "https protocols are supported." +#~ msgstr "" +#~ "URL-адрес, по которому ожидает передачи данных сервер Custodia. В " +#~ "настоящее время поддерживаются протоколы http и https." + +#~ msgid "http[s]://<host>[:port]" +#~ msgstr "http[s]://<host>[:port]" + +#~ msgid "Example: http://localhost:8080" +#~ msgstr "Пример: http://localhost:8080" + +#~ msgid "auth_type (string)" +#~ msgstr "auth_type (строка)" + +#~ msgid "" +#~ "The method to use when authenticating to a Custodia server. The following " +#~ "authentication methods are supported:" +#~ msgstr "" +#~ "Способ проверки подлинности на сервере Custodia. Поддерживаются следующие " +#~ "способы проверки подлинности:" + +#~ msgid "basic_auth" +#~ msgstr "basic_auth" + +#~ msgid "" +#~ "Authenticate with a username and a password as set in the " +#~ "<quote>username</quote> and <quote>password</quote> options." +#~ msgstr "" +#~ "Проверка подлинности по имени пользователя и паролю, заданным с помощью " +#~ "параметров <quote>username</quote> и <quote>password</quote>." + +#~ msgid "header" +#~ msgstr "header" + +#~ msgid "" +#~ "Authenticate with HTTP header value as defined in the " +#~ "<quote>auth_header_name</quote> and <quote>auth_header_value</quote> " +#~ "configuration options." +#~ msgstr "" +#~ "Проверка подлинности по значению заголовка HTTP, определённому с помощью " +#~ "параметров <quote>auth_header_name</quote> и <quote>auth_header_value</" +#~ "quote>." + +#~ msgid "auth_header_name (string)" +#~ msgstr "auth_header_name (строка)" + +#~ msgid "" +#~ "If set, the secrets responder would put a header with this name into the " +#~ "HTTP request with the value defined in the <quote>auth_header_value</" +#~ "quote> configuration option." +#~ msgstr "" +#~ "Если этот параметр установлен, ответчик секретов помещает заголовок с " +#~ "этим именем в HTTP-запрос со значением, определённым в параметре " +#~ "конфигурации <quote>auth_header_value</quote>." + +#~ msgid "Example: MYSECRETNAME" +#~ msgstr "Пример: MYSECRETNAME" + +#~ msgid "auth_header_value (string)" +#~ msgstr "auth_header_value (строка)" + +#~ msgid "" +#~ "The value sssd-secrets would use for the <quote>auth_header_name</quote>." +#~ msgstr "" +#~ "Значение, которое sssd-secrets использует для <quote>auth_header_name</" +#~ "quote>." + +#~ msgid "Example: mysecret" +#~ msgstr "Пример: mysecret" + +#~ msgid "forward_headers (list of strings)" +#~ msgstr "forward_headers (список строк)" + +#~ msgid "" +#~ "The list of HTTP headers to forward to the Custodia server together with " +#~ "the request." +#~ msgstr "" +#~ "Список заголовков HTTP, которые будут перенаправлены на сервер Custodia " +#~ "вместе с запросом." + +#~ msgid "verify_peer (boolean)" +#~ msgstr "verify_peer (логическое значение)" + +#~ msgid "" +#~ "Whether peer's certificate should be verified and valid if HTTPS protocol " +#~ "is used with the proxy provider." +#~ msgstr "" +#~ "Должен ли сертификат узла быть проверенным и действительным, если для " +#~ "поставщика данных прокси используется протокол HTTPS." + +#~ msgid "verify_host (boolean)" +#~ msgstr "verify_host (логическое значение)" + +#~ msgid "" +#~ "Whether peer's hostname must match with hostname in its certificate if " +#~ "HTTPS protocol is used with the proxy provider." +#~ msgstr "" +#~ "Должно ли имя узла соответствовать имени узла в его сертификате, если для " +#~ "поставщика данных прокси используется протокол HTTPS." + +#~ msgid "capath (string)" +#~ msgstr "capath (строка)" + +#~ msgid "" +#~ "Path to directory containing stored certificate authority certificates. " +#~ "System default path is used if this option is not set." +#~ msgstr "" +#~ "Путь к каталогу, который содержит сохранённые сертификаты центра " +#~ "сертификации. Если значение этого параметра не указано, используется " +#~ "стандартный системный путь." + +#~ msgid "cacert (string)" +#~ msgstr "cacert (строка)" + +#~ msgid "" +#~ "Path to file containing server's certificate authority certificate. If " +#~ "this option is not set then the CA's certificate is looked up in " +#~ "<quote>capath</quote>." +#~ msgstr "" +#~ "Путь к файлу, который содержит сертификат центра сертификации сервера. " +#~ "Если значение этого параметра не указано, программа ищет сертификат " +#~ "центра сертификации в <quote>capath</quote>." + +#~ msgid "cert (string)" +#~ msgstr "cert (строка)" + +#~ msgid "" +#~ "Path to file containing client's certificate if required by the server. " +#~ "This file may also contain private key or the private key may be in " +#~ "separate file set with <quote>key</quote>." +#~ msgstr "" +#~ "Путь к файлу, который содержит сертификат клиента, если таковой " +#~ "запрашивается сервером. Закрытый ключ может также содержаться в этом " +#~ "файле или храниться в отдельном файле, указанном с помощью параметра " +#~ "<quote>key</quote>." + +#~ msgid "key (string)" +#~ msgstr "key (строка)" + +#~ msgid "Path to file containing client's private key." +#~ msgstr "Путь к файлу, который содержит закрытый ключ клиента." + +#~ msgid "USING THE REST API" +#~ msgstr "ИСПОЛЬЗОВАНИЕ ПРОГРАММНОГО ИНТЕРФЕЙСА REST" + +#~ msgid "" +#~ "This section lists the available commands and includes examples using the " +#~ "<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</" +#~ "manvolnum> </citerefentry> utility. All requests towards the proxy " +#~ "provider must set the Content Type header to <quote>application/json</" +#~ "quote>. In addition, the local provider also supports Content Type set to " +#~ "<quote>application/octet-stream</quote>. Secrets stored with requests " +#~ "that set the Content Type header to <quote>application/octet-stream</" +#~ "quote> are base64-encoded when stored and decoded when retrieved, so it's " +#~ "not possible to store a secret with one Content Type and retrieve with " +#~ "another. The secret URI must begin with <filename>/secrets/</filename>." +#~ msgstr "" +#~ "В этом разделе перечислены доступные команды и приведены примеры " +#~ "использования утилиты <citerefentry> <refentrytitle>curl</refentrytitle> " +#~ "<manvolnum>1</manvolnum> </citerefentry>. Все запросы к поставщику данных " +#~ "прокси должны устанавливать заголовок Content Type в значение " +#~ "<quote>application/json</quote>. Кроме того, локальный поставщик также " +#~ "поддерживает установку Content Type в значение <quote>application/octet-" +#~ "stream</quote>. Секреты, сохранённые с запросами, которые устанавливают " +#~ "заголовок Content Type в значение <quote>application/octet-stream</" +#~ "quote>, кодируются как base64 при сохранении и расшифровываются при " +#~ "получении, поэтому невозможно сохранить секрет с одним Content Type и " +#~ "получить его с другим. URI секрета должен начинаться с <filename>/secrets/" +#~ "</filename>." + +#~ msgid "Listing secrets" +#~ msgstr "Показ секретов" + +#~ msgid "" +#~ "To list the available secrets, send a HTTP GET request with a trailing " +#~ "slash appended to the container path." +#~ msgstr "" +#~ "Чтобы вывести перечень доступных секретов, отправьте запрос GET HTTP с " +#~ "косой чертой после пути контейнера." + +#, no-wrap +#~ msgid "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XGET http://localhost/secrets/\n" +#~ " " +#~ msgstr "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XGET http://localhost/secrets/\n" +#~ " " + +#~ msgid "Retrieving a secret" +#~ msgstr "Получение секрета" + +#~ msgid "" +#~ "To read a value of a single secret, send a HTTP GET request without a " +#~ "trailing slash. The last portion of the URI is the name of the secret." +#~ msgstr "" +#~ "Чтобы прочитать значение отдельного секрета, отправьте запрос GET HTTP " +#~ "без косой черты в конце. Последняя часть URI является именем секрета." + +#, no-wrap +#~ msgid "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XGET http://localhost/secrets/foo\n" +#~ " " +#~ msgstr "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XGET http://localhost/secrets/foo\n" +#~ " " + +#, no-wrap +#~ msgid "" +#~ "curl -H \"Content-Type: application/octet-stream\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XGET http://localhost/secrets/bar\n" +#~ " " +#~ msgstr "" +#~ "curl -H \"Content-Type: application/octet-stream\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XGET http://localhost/secrets/bar\n" +#~ " " + +#~ msgid "" +#~ "Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder " +#~ "type=\"programlisting\" id=\"1\"/>" +#~ msgstr "" +#~ "Примеры: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder " +#~ "type=\"programlisting\" id=\"1\"/>" + +#~ msgid "Setting a secret" +#~ msgstr "Установка секрета" + +#~ msgid "" +#~ "To set a secret using the <quote>application/json</quote> type, send a " +#~ "HTTP PUT request with a JSON payload that includes type and value. The " +#~ "type should be set to \"simple\" and the value should be set to the " +#~ "secret value. If a secret with that name already exists, the response is " +#~ "a 409 HTTP error." +#~ msgstr "" +#~ "Чтобы задать секрет с использованием типа <quote>application/json</" +#~ "quote>, отправьте запрос PUT HTTP с полезными данными JSON, которые " +#~ "включают тип и значение. В качестве типа следует использовать «simple», а " +#~ "в качестве значения — секретное значение. Если секрет с таким именем уже " +#~ "существует, ответом будет ошибка HTTP 409." + +#~ msgid "" +#~ "The <quote>application/json</quote> type just sends the secret as the " +#~ "message payload." +#~ msgstr "" +#~ "Тип <quote>application/json</quote> просто отправляет секрет как полезные " +#~ "данные сообщения." + +#, no-wrap +#~ msgid "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XPUT http://localhost/secrets/foo \\\n" +#~ " -d'{\"type\":\"simple\",\"value\":\"foosecret\"}'\n" +#~ " " +#~ msgstr "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XPUT http://localhost/secrets/foo \\\n" +#~ " -d'{\"type\":\"simple\",\"value\":\"foosecret\"}'\n" +#~ " " + +#, no-wrap +#~ msgid "" +#~ "curl -H \"Content-Type: application/octet-stream\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XPUT http://localhost/secrets/bar \\\n" +#~ " -d'barsecret'\n" +#~ " " +#~ msgstr "" +#~ "curl -H \"Content-Type: application/octet-stream\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XPUT http://localhost/secrets/bar \\\n" +#~ " -d'barsecret'\n" +#~ " " + +#~ msgid "" +#~ "The following example sets a secret named 'foo' to a value of 'foosecret' " +#~ "and a secret named 'bar' to a value of 'barsecret' using a different " +#~ "Content Type. <placeholder type=\"programlisting\" id=\"0\"/> " +#~ "<placeholder type=\"programlisting\" id=\"1\"/>" +#~ msgstr "" +#~ "В следующем примере секрет с именем «foo» устанавливается в значение " +#~ "«foosecret», а секрет с именем «bar» — в значение «barsecret» с помощью " +#~ "другого Content Type. <placeholder type=\"programlisting\" id=\"0\"/> " +#~ "<placeholder type=\"programlisting\" id=\"1\"/>" + +#~ msgid "Creating a container" +#~ msgstr "Создание контейнера" + +#~ msgid "" +#~ "Containers provide an additional namespace for this user's secrets. To " +#~ "create a container, send a HTTP POST request, whose URI ends with the " +#~ "container name. Please note the URI must end with a trailing slash." +#~ msgstr "" +#~ "Контейнеры предоставляют дополнительное пространство имён для секретов " +#~ "пользователя. Чтобы создать контейнер, отправьте запрос POST HTTP, URI " +#~ "которого заканчивается именем контейнера. Обратите внимание, что в конце " +#~ "URI должна быть косая черта." + +#, no-wrap +#~ msgid "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XPOST http://localhost/secrets/mycontainer/\n" +#~ " " +#~ msgstr "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XPOST http://localhost/secrets/mycontainer/\n" +#~ " " + +#, no-wrap +#~ msgid "" +#~ "http://localhost/secrets/mycontainer/mysecret\n" +#~ " " +#~ msgstr "" +#~ "http://localhost/secrets/mycontainer/mysecret\n" +#~ " " + +#~ msgid "" +#~ "To manipulate secrets under this container, just nest the secrets " +#~ "underneath the container path: <placeholder type=\"programlisting\" " +#~ "id=\"0\"/>" +#~ msgstr "" +#~ "Чтобы работать с записями секретов в этом контейнере, просто вложите " +#~ "секреты по пути контейнера: <placeholder type=\"programlisting\" id=\"0\"/" +#~ ">" + +#~ msgid "Deleting a secret or a container" +#~ msgstr "Удаление секрета или контейнера" + +#~ msgid "" +#~ "To delete a secret or a container, send a HTTP DELETE request with a path " +#~ "to the secret or the container." +#~ msgstr "" +#~ "Чтобы удалить секрет или контейнер, отправьте запрос DELETE HTTP с путём " +#~ "к секрету или контейнеру." + +#, no-wrap +#~ msgid "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XDELETE http://localhost/secrets/foo\n" +#~ " " +#~ msgstr "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XDELETE http://localhost/secrets/foo\n" +#~ " " + +#~ msgid "" +#~ "The following example deletes a secret named 'foo'. <placeholder " +#~ "type=\"programlisting\" id=\"0\"/>" +#~ msgstr "" +#~ "В следующем примере удаляется секрет с именем «foo». <placeholder " +#~ "type=\"programlisting\" id=\"0\"/>" + +#~ msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION" +#~ msgstr "ПРИМЕР КОНФИГУРАЦИИ CUSTODIA И ПОСТАВЩИКА ДАННЫХ PROXY" + +#~ msgid "" +#~ "For testing the proxy provider, you need to set up a Custodia server to " +#~ "proxy requests to. Please always consult the Custodia documentation, the " +#~ "configuration directives might change with different Custodia versions." +#~ msgstr "" +#~ "Для тестирования поставщика данных прокси потребуется настроить сервер " +#~ "Custodia для передачи запросов на него. Всегда сверяйтесь с документацией " +#~ "Custodia: инструкции по настройке могут различаться в зависимости от " +#~ "используемой версии." + +#, no-wrap +#~ msgid "" +#~ "[global]\n" +#~ "server_version = \"Secret/0.0.7\"\n" +#~ "server_url = http://localhost:8080/\n" +#~ "auditlog = /var/log/custodia.log\n" +#~ "debug = True\n" +#~ "\n" +#~ "[store:simple]\n" +#~ "handler = custodia.store.sqlite.SqliteStore\n" +#~ "dburi = /var/lib/custodia.db\n" +#~ "table = secrets\n" +#~ "\n" +#~ "[auth:header]\n" +#~ "handler = custodia.httpd.authenticators.SimpleHeaderAuth\n" +#~ "header = MYSECRETNAME\n" +#~ "value = mysecretkey\n" +#~ "\n" +#~ "[authz:paths]\n" +#~ "handler = custodia.httpd.authorizers.SimplePathAuthz\n" +#~ "paths = /secrets\n" +#~ "\n" +#~ "[/]\n" +#~ "handler = custodia.root.Root\n" +#~ "store = simple\n" +#~ " " +#~ msgstr "" +#~ "[global]\n" +#~ "server_version = \"Secret/0.0.7\"\n" +#~ "server_url = http://localhost:8080/\n" +#~ "auditlog = /var/log/custodia.log\n" +#~ "debug = True\n" +#~ "\n" +#~ "[store:simple]\n" +#~ "handler = custodia.store.sqlite.SqliteStore\n" +#~ "dburi = /var/lib/custodia.db\n" +#~ "table = secrets\n" +#~ "\n" +#~ "[auth:header]\n" +#~ "handler = custodia.httpd.authenticators.SimpleHeaderAuth\n" +#~ "header = MYSECRETNAME\n" +#~ "value = mysecretkey\n" +#~ "\n" +#~ "[authz:paths]\n" +#~ "handler = custodia.httpd.authorizers.SimplePathAuthz\n" +#~ "paths = /secrets\n" +#~ "\n" +#~ "[/]\n" +#~ "handler = custodia.root.Root\n" +#~ "store = simple\n" +#~ " " + +#~ msgid "" +#~ "This configuration will set up a Custodia server listening on http://" +#~ "localhost:8080, allowing anyone with header named MYSECRETNAME set to " +#~ "mysecretkey to communicate with the Custodia server. Place the contents " +#~ "into a file (for example, <replaceable>custodia.conf</replaceable>): " +#~ "<placeholder type=\"programlisting\" id=\"0\"/>" +#~ msgstr "" +#~ "Эта конфигурация настраивает сервер Custodia, который ожидает данных по " +#~ "адресу http://localhost:8080, что позволяет всем, у кого заголовок с " +#~ "именем MYSECRETNAME установлен в значение mysecretkey, обмениваться " +#~ "данными с этим сервером Custodia. Поместите содержимое в файл (например, " +#~ "<replaceable>custodia.conf</replaceable>): <placeholder " +#~ "type=\"programlisting\" id=\"0\"/>" + +#~ msgid "" +#~ "Then run the <replaceable>custodia</replaceable> command, pointing it at " +#~ "the config file as a command line argument." +#~ msgstr "" +#~ "Затем выполните команду <replaceable>custodia</replaceable>, указав файл " +#~ "конфигурации как аргумент командной строки." + +#~ msgid "" +#~ "Please note that currently it's not possible to proxy all requests " +#~ "globally to a Custodia instance. Instead, per-user subsections for user " +#~ "IDs that should proxy requests to Custodia must be defined. The following " +#~ "example illustrates a configuration, where the user with UID 123 would " +#~ "proxy their requests to Custodia, but all other user's requests would be " +#~ "handled by a local provider." +#~ msgstr "" +#~ "Обратите внимание, что в настоящее время невозможно глобально пересылать " +#~ "все запросы экземпляру Custodia. Вместо этого необходимо на уровне " +#~ "отдельных пользователей определить подразделы для идентификаторов " +#~ "пользователей, которые должны пересылать запросы Custodia. В следующем " +#~ "примере показана конфигурация, где пользователь с UID 123 пересылает свои " +#~ "запросы Custodia, а запросы всех других пользователей обрабатываются " +#~ "локальным поставщиком." + +#, no-wrap +#~ msgid "" +#~ "[secrets]\n" +#~ "\n" +#~ "[secrets/users/123]\n" +#~ "provider = proxy\n" +#~ "proxy_url = http://localhost:8080/secrets/\n" +#~ "auth_type = header\n" +#~ "auth_header_name = MYSECRETNAME\n" +#~ "auth_header_value = mysecretkey\n" +#~ " " +#~ msgstr "" +#~ "[secrets]\n" +#~ "\n" +#~ "[secrets/users/123]\n" +#~ "provider = proxy\n" +#~ "proxy_url = http://localhost:8080/secrets/\n" +#~ "auth_type = header\n" +#~ "auth_header_name = MYSECRETNAME\n" +#~ "auth_header_value = mysecretkey\n" +#~ " " diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot new file mode 100644 index 0000000..4775e7c --- /dev/null +++ b/src/man/po/sssd-docs.pot @@ -0,0 +1,18285 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 2.9.3\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. type: Content of: <reference><title> +#: sssd.conf.5.xml:8 sssd-ldap.5.xml:5 pam_sss.8.xml:5 pam_sss_gss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5 +#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 +#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sssd-krb5.5.xml:5 +#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5 +#: sssd-files.5.xml:5 sssd-session-recording.5.xml:5 sssd-kcm.8.xml:5 +#: sssd-systemtap.5.xml:5 sssd-ldap-attributes.5.xml:5 +#: sssd_krb5_localauth_plugin.8.xml:5 +msgid "SSSD Manual pages" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:13 sssd.conf.5.xml:19 +msgid "sssd.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:14 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 +#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +#: sssd-files.5.xml:11 sssd-session-recording.5.xml:11 sssd-systemtap.5.xml:11 +#: sssd-ldap-attributes.5.xml:11 +msgid "5" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:15 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 +#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +#: sssd-files.5.xml:12 sssd-session-recording.5.xml:12 sssd-kcm.8.xml:12 +#: sssd-systemtap.5.xml:12 sssd-ldap-attributes.5.xml:12 +msgid "File Formats and Conventions" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:20 +msgid "the configuration file for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:24 +msgid "FILE FORMAT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:32 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:27 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and " +"multi-valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:39 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:44 +msgid "" +"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:50 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:56 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:62 +msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:65 +msgid "" +"The configuration file <filename>sssd.conf</filename> will include " +"configuration snippets using the include directory " +"<filename>conf.d</filename>. This feature is available if SSSD was compiled " +"with libini version 1.3.0 or later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:72 +msgid "" +"Any file placed in <filename>conf.d</filename> that ends in " +"<quote><filename>.conf</filename></quote> and does not begin with a dot " +"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> " +"to configure SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:80 +msgid "" +"The configuration snippets from <filename>conf.d</filename> have higher " +"priority than <filename>sssd.conf</filename> and will override " +"<filename>sssd.conf</filename> when conflicts occur. If several snippets are " +"present in <filename>conf.d</filename>, then they are included in " +"alphabetical order (based on locale). Files included later have higher " +"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, " +"<filename>02_snippet.conf</filename> etc.) can help visualize the priority " +"(higher number means higher priority)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:94 +msgid "" +"The snippet files require the same owner and permissions as " +"<filename>sssd.conf</filename>. Which are by default root:root and 0600." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:101 +msgid "GENERAL OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:103 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:107 +msgid "Options usable in all sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:111 +msgid "debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:115 +msgid "debug (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:118 +msgid "" +"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias " +"for <replaceable>debug_level</replaceable> as a convenience feature. If both " +"are specified, the value of <replaceable>debug_level</replaceable> will be " +"used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:128 +msgid "debug_timestamps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:131 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 +msgid "Default: true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:141 +msgid "debug_microseconds (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:144 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 +#: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 +#: include/krb5_options.xml:163 +msgid "Default: false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:154 +msgid "debug_backtrace_enabled (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:157 +msgid "Enable debug backtrace." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:160 +msgid "" +"In case SSSD is run with debug_level less than 9, everything is logged to a " +"ring buffer in memory and flushed to a log file on any error up to and " +"including `min(0x0040, debug_level)` (i.e. if debug_level is explicitly set " +"to 0 or 1 then only those error levels will trigger backtrace, otherwise up " +"to 2)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:169 +msgid "" +"Feature is only supported for `logger == files` (i.e. setting doesn't have " +"effect for other logger types)." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 +#: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 +#: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 +#: sssd-ldap-attributes.5.xml:890 sssd-ldap-attributes.5.xml:987 +#: sssd-ldap-attributes.5.xml:1045 sssd-ldap-attributes.5.xml:1203 +#: sssd-ldap-attributes.5.xml:1248 include/autofs_attributes.xml:1 +#: include/krb5_options.xml:1 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:182 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:186 +msgid "timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:189 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests. Note " +"that after three missed heartbeats the process will terminate itself." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +msgid "Default: 10" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:206 +msgid "SPECIAL SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:209 +msgid "The [sssd] section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><title> +#: sssd.conf.5.xml:218 +msgid "Section parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:220 +msgid "config_file_version (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:223 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:229 +msgid "services" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:232 +msgid "" +"Comma separated list of services that are started when sssd itself starts. " +"<phrase condition=\"have_systemd\"> The services' list is optional on " +"platforms where systemd is supported, as they will either be socket or D-Bus " +"activated when needed. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:241 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:249 +msgid "" +"<phrase condition=\"have_systemd\"> By default, all services are disabled " +"and the administrator must enable the ones allowed to be used by executing: " +"\"systemctl enable sssd-@service@.socket\". </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 +msgid "reconnection_retries (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 +#: include/failover.xml:100 +msgid "Default: 3" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:271 +msgid "domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:274 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter describes the list of domains in the order you want " +"them to be queried. A domain name is recommended to contain only " +"alphanumeric ASCII characters, dashes, dots and underscores. '/' character " +"is forbidden." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 +msgid "re_expression (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:290 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:295 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN SECTIONS " +"for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 +msgid "full_name_format (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry>-compatible format that describes " +"how to compose a fully qualified name from user name and domain name " +"components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 +msgid "%1$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 +msgid "user name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 +msgid "%2$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 +msgid "domain name as specified in the SSSD config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 +msgid "%3$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:344 +msgid "" +"Each domain can have an individual format string configured. See DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:350 +msgid "monitor_resolv_conf (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:353 +msgid "" +"Controls if SSSD should monitor the state of resolv.conf to identify when it " +"needs to update its internal DNS resolver." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:363 +msgid "try_inotify (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:366 +msgid "" +"By default, SSSD will attempt to use inotify to monitor configuration files " +"changes and will fall back to polling every five seconds if inotify cannot " +"be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:378 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:382 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:389 +msgid "krb5_rcache_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:396 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:402 +msgid "" +"Default: Distribution-specific and specified at " +"build-time. (__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:409 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:412 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user. Currently the only supported value is '&sssd_user_name;'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:419 +msgid "" +"This option does not work when running socket-activated services, as the " +"user set up to run the processes is set up during compilation time. The way " +"to override the systemd unit files is by creating the appropriate files in " +"/etc/systemd/system/. Keep in mind that any change in the socket user, " +"group or permissions may result in a non-usable SSSD. The same may occur in " +"case of changes of the user running the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:433 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:438 +msgid "default_domain_suffix (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:441 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:451 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log " +"in. Setting this option changes default of use_fully_qualified_names to " +"True. It is not allowed to use this option together with " +"use_fully_qualified_names set to False. <phrase " +"condition=\"with_files_provider\"> One exception from this rule are domains " +"with <quote>id_provider=files</quote> that always try to match the behaviour " +"of nss_files and therefore their output is not qualified even when the " +"default_domain_suffix option is used. </phrase>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 +#: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 +#: include/krb5_options.xml:148 +msgid "Default: not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:473 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:476 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:485 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:498 +msgid "certificate_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:506 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:508 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:516 +msgid "soft_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:518 +msgid "" +"If a connection cannot be established to an OCSP responder the OCSP check is " +"skipped. This option should be used to allow authentication when the system " +"is offline and the OCSP responder cannot be reached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:528 +msgid "ocsp_dgst" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "" +"Digest (hash) function used to create the certificate ID for the OCSP " +"request. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:534 +msgid "sha1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:535 +msgid "sha256" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:536 +msgid "sha384" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:537 +msgid "sha512" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:540 +msgid "Default: sha1 (to allow compatibility with RFC5019-compliant responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:546 +msgid "no_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:548 +msgid "" +"Disables verification completely. This option should only be used for " +"testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "partial_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:556 +msgid "" +"Allow verification to succeed even if a <replaceable>complete</replaceable> " +"chain cannot be built to a self-signed trust-anchor, provided it is possible " +"to construct a chain to a trusted certificate that might not be self-signed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:565 +msgid "ocsp_default_responder=URL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:567 +msgid "" +"Sets the OCSP default responder which should be used instead of the one " +"mentioned in the certificate. URL must be replaced with the URL of the OCSP " +"default responder e.g. http://example.com:80/ocsp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:577 +msgid "ocsp_default_responder_signing_cert=NAME" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:579 +msgid "" +"This option is currently ignored. All needed certificates must be available " +"in the PEM file given by pam_cert_db_path." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:587 +msgid "crl_file=/PATH/TO/CRL/FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:589 +msgid "" +"Use the Certificate Revocation List (CRL) from the given file during the " +"verification of the certificate. The CRL must be given in PEM format, see " +"<citerefentry> <refentrytitle>crl</refentrytitle> " +"<manvolnum>1ssl</manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:602 +msgid "soft_crl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:605 +msgid "" +"If a Certificate Revocation List (CRL) is expired ignore the CRL checks for " +"the related certificates. This option should be used to allow authentication " +"when the system is offline and the CRL cannot be renewed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:616 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:619 +msgid "Default: not set, i.e. do not restrict certificate verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:625 +msgid "disable_netlink (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "" +"SSSD hooks into the netlink interface to monitor changes to routes, " +"addresses, links and trigger certain actions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:633 +msgid "" +"The SSSD state changes caused by netlink events may be undesirable and can " +"be disabled by setting this option to 'true'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:638 +msgid "Default: false (netlink changes are detected)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:643 +msgid "enable_files_domain (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:646 +msgid "" +"When this option is enabled, SSSD prepends an implicit domain with " +"<quote>id_provider=files</quote> before any explicitly configured domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:657 +msgid "domain_resolution_order" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:660 +msgid "" +"Comma separated list of domains and subdomains representing the lookup order " +"that will be followed. The list doesn't have to include all possible " +"domains as the missing domains will be looked up based on the order they're " +"presented in the <quote>domains</quote> configuration option. The " +"subdomains which are not listed as part of <quote>lookup_order</quote> will " +"be looked up in a random order for each parent domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:672 +msgid "" +"Please, note that when this option is set the output format of all commands " +"is always fully-qualified even when using short names for input <phrase " +"condition=\"with_files_provider\"> , for all users but the ones managed by " +"the files provider </phrase>. In case the administrator wants the output " +"not fully-qualified, the full_name_format option can be used as shown below: " +"<quote>full_name_format=%1$s</quote> However, keep in mind that during " +"login, login applications often canonicalize the username by calling " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> which, if a shortname is returned " +"for a qualified input (while trying to reach a user which exists in multiple " +"domains) might re-route the login attempt into the domain which uses " +"shortnames, making this workaround totally not recommended in cases where " +"usernames may overlap between domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 +#: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 +msgid "Default: Not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:705 +msgid "implicit_pac_responder (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:708 +msgid "" +"The PAC responder is enabled automatically for the IPA and AD provider to " +"evaluate and check the PAC. If it has to be disabled set this option to " +"'false'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:719 +msgid "core_dumpable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:722 +msgid "" +"This option can be used for general system hardening: setting it to 'false' " +"forbids core dumps for all SSSD processes to avoid leaking plain text " +"passwords. See man page prctl:PR_SET_DUMPABLE for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:734 +msgid "passkey_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "user_verification (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:744 +msgid "" +"Enable or disable the user verification (i.e. PIN, fingerprint) during " +"authentication. If enabled, the PIN will always be requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:750 +msgid "" +"The default is that the key settings decide what to do. In the IPA or " +"kerberos pre-authentication case, this value will be overwritten by the " +"server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "" +"With this parameter the passkey verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:211 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:769 +msgid "SERVICES SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:771 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be " +"<quote>[nss]</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:778 +msgid "General service configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:780 +msgid "These options can be used to configure any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:797 +msgid "fd_limit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:800 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:814 +msgid "client_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:817 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system. The timeout " +"can't be shorter than 10 seconds. If a lower value is configured, it will be " +"adjusted to 10 seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "Default: 60, KCM: 300" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:831 +msgid "offline_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:834 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. By " +"default SSSD uses incremental behaviour to calculate delay in between " +"retries. So, the wait time for a given retry will be longer than the wait " +"time for the previous ones. After each unsuccessful attempt to go online, " +"the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 +msgid "" +"new_delay = Minimum(old_delay * 2, offline_timeout_max) + " +"random[0...offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:848 +msgid "" +"The offline_timeout default value is 60. The offline_timeout_max default " +"value is 3600. The offline_timeout_random_offset default value is 30. The " +"end result is amount of seconds before next retry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:854 +msgid "" +"Note that the maximum length of each interval is defined by " +"offline_timeout_max (apart of random part)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 +msgid "Default: 60" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:863 +msgid "offline_timeout_max (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:866 +msgid "" +"Controls by how much the time between attempts to go online can be " +"incremented following unsuccessful attempts to go online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:871 +msgid "A value of 0 disables the incrementing behaviour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:874 +msgid "" +"The value of this parameter should be set in correlation to offline_timeout " +"parameter value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "" +"With offline_timeout set to 60 (default value) there is no point in setting " +"offlinet_timeout_max to less than 120 as it will saturate instantly. General " +"rule here should be to set offline_timeout_max to at least 4 times " +"offline_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "" +"Although a value between 0 and offline_timeout may be specified, it has the " +"effect of overriding the offline_timeout value so is of little use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:889 +msgid "Default: 3600" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:894 +msgid "offline_timeout_random_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:897 +msgid "" +"When SSSD is in offline mode it keeps probing backend servers in specified " +"time intervals:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:904 +msgid "" +"This parameter controls the value of the random offset used for the above " +"equation. Final random_offset value will be random number in range:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "[0 - offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:912 +msgid "A value of 0 disables the random offset addition." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:915 +msgid "Default: 30" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:920 +msgid "responder_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:923 +msgid "" +"This option specifies the number of seconds that an SSSD responder process " +"can be up without being used. This value is limited in order to avoid " +"resource exhaustion on the system. The minimum acceptable value for this " +"option is 60 seconds. Setting this option to 0 (zero) means that no timeout " +"will be set up to the responder. This option only has effect when SSSD is " +"built with systemd support and when services are either socket or D-Bus " +"activated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 +msgid "Default: 300" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:942 +msgid "cache_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 +msgid "" +"This option specifies whether the responder should query all caches before " +"querying the Data Providers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:960 +msgid "NSS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:962 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) " +"service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:967 +msgid "enum_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:970 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:974 +msgid "Default: 120" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:979 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:982 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:988 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:998 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 +msgid "Default: 50" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1011 +msgid "entry_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 +msgid "Default: 15" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1025 +msgid "local_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1028 +msgid "" +"Specifies for how many seconds nss_sss should keep local users and groups in " +"negative cache before trying to look it up in the back end again. Setting " +"the option to 0 disables this feature." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "Default: 14400 (4 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1039 +msgid "filter_users, filter_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1042 +msgid "" +"Exclude certain users or groups from being fetched from the sss NSS " +"database. This is particularly useful for system accounts. This option can " +"also be set per-domain or include fully-qualified names to filter only users " +"from the particular domain or by a user principal name (UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1050 +msgid "" +"NOTE: The filter_groups option doesn't affect inheritance of nested group " +"members, since filtering happens after they are propagated for returning via " +"NSS. E.g. a group having a member group filtered out will still have the " +"member users of the latter listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1058 +msgid "Default: root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1063 +msgid "filter_users_in_groups (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1066 +msgid "If you want filtered user still be group members set this option to false." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1077 +msgid "fallback_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1080 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1085 +msgid "The available values for this option are the same as for override_homedir." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1091 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1095 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1101 +msgid "override_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1104 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1116 +msgid "allowed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1119 +msgid "Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1122 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1126 +msgid "" +"2. If the shell is in the allowed_shells list but not in " +"<quote>/etc/shells</quote>, use the value of the shell_fallback parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1131 +msgid "" +"3. If the shell is not in the allowed_shells list and not in " +"<quote>/etc/shells</quote>, a nologin shell is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1136 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1139 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1146 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1149 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1153 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1158 +msgid "vetoed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1161 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1166 +msgid "shell_fallback (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1169 +msgid "" +"The default shell to use if an allowed shell is not installed on the " +"machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1173 +msgid "Default: /bin/sh" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1178 +msgid "default_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1181 +msgid "" +"The default shell to use if the provider does not return one during " +"lookup. This option can be specified globally in the [nss] section or " +"per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1187 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 +msgid "get_domains_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1206 +msgid "memcache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1209 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid. Setting this option to zero will disable the in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1217 +msgid "" +"WARNING: Disabling the in-memory cache will have significant negative impact " +"on SSSD's performance and should only be used for testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1231 +msgid "memcache_size_passwd (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1234 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for passwd requests. Setting the size to 0 will disable the passwd " +"in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 +msgid "" +"WARNING: Disabled or too small in-memory cache can have significant negative " +"impact on SSSD's performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1256 +msgid "memcache_size_group (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1259 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for group requests. Setting the size to 0 will disable the group in-memory " +"cache." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 +#: include/krb5_options.xml:11 +msgid "Default: 6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1281 +msgid "memcache_size_initgroups (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1284 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for initgroups requests. Setting the size to 0 will disable the initgroups " +"in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1306 +msgid "memcache_size_sid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1309 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for SID related requests. Only SID-by-ID and ID-by-SID requests are " +"currently cached in fast in-memory cache. Setting the size to 0 will " +"disable the SID in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1336 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for details) but with no default " +"values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1349 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1354 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1359 +msgid "pwfield (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1362 +msgid "" +"The value that NSS operations that return users or groups will return for " +"the <quote>password</quote> field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1367 +msgid "Default: <quote>*</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1370 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[nss] section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1374 +msgid "" +"Default: <quote>not set</quote> (remote domains), <phrase " +"condition=\"with_files_provider\"> <quote>x</quote> (the files domain), " +"</phrase> <quote>x</quote> (proxy domain with nss_files and sssd-shadowutils " +"target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1386 +msgid "PAM configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1388 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1393 +msgid "offline_credentials_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1396 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 +msgid "Default: 0 (No limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1407 +msgid "offline_failed_login_attempts (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1410 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1420 +msgid "offline_failed_login_delay (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1423 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1428 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 +msgid "Default: 5" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1440 +msgid "pam_verbosity (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1443 +msgid "" +"Controls what kind of messages are shown to the user during " +"authentication. The higher the number to more messages are displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1448 +msgid "Currently sssd supports the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1451 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1454 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1458 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1465 sssd.8.xml:63 +msgid "Default: 1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1471 +msgid "pam_response_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1474 +msgid "" +"A comma separated list of strings which allows to remove (filter) data sent " +"by the PAM responder to pam_sss PAM module. There are different kind of " +"responses sent to pam_sss e.g. messages displayed to the user or environment " +"variables which should be set by pam_sss." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1482 +msgid "" +"While messages already can be controlled with the help of the pam_verbosity " +"option this option allows to filter out other kind of responses as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1489 +msgid "ENV" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1490 +msgid "Do not send any environment variables to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1493 +msgid "ENV:var_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1494 +msgid "Do not send environment variable var_name to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1498 +msgid "ENV:var_name:service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1499 +msgid "Do not send environment variable var_name to service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1487 +msgid "" +"Currently the following filters are supported: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1506 +msgid "" +"The list of strings can either be the list of filters which would set this " +"list of filters and overwrite the defaults. Or each element of the list can " +"be prefixed by a '+' or '-' character which would add the filter to the " +"existing default or remove it from the defaults, respectively. Please note " +"that either all list elements must have a '+' or '-' prefix or none. It is " +"considered as an error to mix both styles." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1517 +msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1520 +msgid "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1527 +msgid "pam_id_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1530 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1536 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a " +"per-client-application basis) how long (in seconds) we can cache the " +"identity information to avoid excessive round-trips to the identity " +"provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1550 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1556 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be " +"displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1567 +msgid "" +"This setting can be overridden by setting " +"<emphasis>pwd_expiration_warning</emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 +msgid "Default: 0" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1589 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1592 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to run PAM conversations against trusted domains. Users not " +"included in this list can only access domains marked as public with " +"<quote>pam_public_domains</quote>. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 +msgid "Default: All users are considered trusted by default" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1606 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1620 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1624 +msgid "all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1628 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 +msgid "Default: none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1637 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1640 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbosity is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1653 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1662 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1665 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1672 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1681 +msgid "pam_passkey_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 +msgid "Enable passkey device based authentication." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 +msgid "Default: False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1692 +msgid "passkey_debug_libfido2 (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1695 +msgid "Enable libfido2 library debug messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1703 +msgid "pam_cert_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1706 +msgid "" +"Enable certificate based Smartcard authentication. Since this requires " +"additional communication with the Smartcard which will delay the " +"authentication process this option is disabled by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1717 +msgid "pam_cert_db_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1720 +msgid "The path to the certificate database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 +msgid "Default:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 +msgid "" +"/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " +"certificates in PEM format)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1735 +msgid "pam_cert_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1738 +msgid "" +"With this parameter the PAM certificate verification can be tuned with a " +"comma separated list of options that override the " +"<quote>certificate_verification</quote> value in <quote>[sssd]</quote> " +"section. Supported options are the same of " +"<quote>certificate_verification</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1749 +#, no-wrap +msgid "" +"pam_cert_verification = partial_chain\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1753 +msgid "" +"Default: not set, i.e. use default <quote>certificate_verification</quote> " +"option defined in <quote>[sssd]</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1760 +msgid "p11_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1763 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1772 +msgid "passkey_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1775 +msgid "How many seconds will the PAM responder wait for passkey_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1784 +msgid "pam_app_services (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1787 +msgid "" +"Which PAM services are permitted to contact domains of type " +"<quote>application</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1796 +msgid "pam_p11_allowed_services (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1799 +msgid "" +"A comma-separated list of PAM service names for which it will be allowed to " +"use Smartcards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1814 +#, no-wrap +msgid "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1803 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in order " +"to replace a default PAM service name for authentication with Smartcards " +"(e.g. <quote>login</quote>) with a custom PAM service name " +"(e.g. <quote>my_pam_service</quote>), you would use the following " +"configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd-ad.5.xml:869 sssd-ad.5.xml:947 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1863 +msgid "gnome-screensaver" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1871 +msgid "p11_wait_for_card_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1874 +msgid "" +"If Smartcard authentication is required how many extra seconds in addition " +"to p11_child_timeout should the PAM responder wait until a Smartcard is " +"inserted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1885 +msgid "p11_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1888 +msgid "" +"PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " +"selection of devices used for Smartcard authentication. By default SSSD's " +"p11_child will search for a PKCS#11 slot (reader) where the 'removable' " +"flags is set and read the certificates from the inserted token from the " +"first slot found. If multiple readers are connected p11_uri can be used to " +"tell p11_child to use a specific reader." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1901 +#, no-wrap +msgid "" +"p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1905 +#, no-wrap +msgid "" +"p11_uri = " +"pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1899 +msgid "" +"Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " +"type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " +"debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' " +"with e.g. the '--list-all' will show PKCS#11 URIs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1918 +msgid "pam_initgroups_scheme" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1926 +msgid "always" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1927 +msgid "Always do an online lookup, please note that pam_id_timeout still applies" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1931 +msgid "no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1932 +msgid "" +"Only do an online lookup if there is no active session of the user, i.e. if " +"the user is currently not logged in" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1937 +msgid "never" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1938 +msgid "" +"Never force an online lookup, use the data from the cache as long as they " +"are not expired" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1921 +msgid "" +"The PAM responder can force an online lookup to get the current group " +"memberships of the user trying to log in. This option controls when this " +"should be done and the following values are allowed: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1945 +msgid "Default: no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 +msgid "pam_gssapi_services" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1953 +msgid "" +"Comma separated list of PAM services that are allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1958 +msgid "" +"To disable GSSAPI authentication, set this option to <quote>-</quote> " +"(dash)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[pam] section. It can also be set for trusted domain which overwrites the " +"value in the domain section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1970 +#, no-wrap +msgid "" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1974 +msgid "Default: - (GSSAPI authentication is disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 +msgid "pam_gssapi_check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1982 +msgid "" +"If True, SSSD will require that the Kerberos user principal that " +"successfully authenticated through GSSAPI can be associated with the user " +"who is being authenticated. Authentication will fail if the check fails." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1989 +msgid "" +"If False, every user that is able to obtained required service ticket will " +"be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 +#: sssd-files.5.xml:145 +msgid "Default: True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2004 +msgid "pam_gssapi_indicators_map" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2007 +msgid "" +"Comma separated list of authentication indicators required to be present in " +"a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2013 +msgid "" +"Each element of the list can be either an authentication indicator name or a " +"pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " +"service name will be required to access any PAM service configured to be " +"used with <option>pam_gssapi_services</option>. A resulting list of " +"indicators per PAM service is then checked against indicators in the " +"Kerberos ticket during authentication by pam_sss_gss.so. Any indicator from " +"the ticket that matches the resulting list of indicators for the PAM service " +"would grant access. If none of the indicators in the list match, access will " +"be denied. If the resulting list of indicators for the PAM service is empty, " +"the check will not prevent the access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"To disable GSSAPI authentication indicator check, set this option to " +"<quote>-</quote> (dash). To disable the check for a specific PAM service, " +"add <quote>service:-</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "" +"Following authentication indicators are supported by IPA Kerberos " +"deployments:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"pkinit -- pre-authentication using X.509 certificates -- whether stored in " +"files or on smart cards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2043 +msgid "" +"hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " +"FAST channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2046 +msgid "radius -- pre-authentication with the help of a RADIUS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2049 +msgid "" +"otp -- pre-authentication using integrated two-factor authentication (2FA or " +"one-time password, OTP) in IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2052 +msgid "idp -- pre-authentication using external identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:2062 +#, no-wrap +msgid "" +"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2057 +msgid "" +"Example: to require access to SUDO services only for users which obtained " +"their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " +"set <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2066 +msgid "Default: not set (use of authentication indicators is not required)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2074 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2076 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> are in the manual page " +"<citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2093 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2096 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2108 +msgid "sudo_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2111 +msgid "" +"Maximum number of expired rules that can be refreshed at once. If number of " +"expired rules is below threshold, those rules are refreshed with " +"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a " +"<quote>full refresh</quote> of sudo rules is triggered instead. This " +"threshold number also applies to IPA sudo command and command group " +"searches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2130 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2132 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2136 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2139 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2155 +msgid "SSH configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2157 +msgid "These options can be used to configure the SSH service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2161 +msgid "ssh_hash_known_hosts (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2164 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2173 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2176 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2180 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2185 +msgid "ssh_use_certificate_keys (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2188 +msgid "" +"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " +"keys derived from the public key of X.509 certificates stored in the user " +"entry as well. See <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> " +"<manvolnum>1</manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2203 +msgid "ssh_use_certificate_matching_rules (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2206 +msgid "" +"By default the ssh responder will use all available certificate matching " +"rules to filter the certificates so that ssh keys are only derived from the " +"matching ones. With this option the used rules can be restricted with a " +"comma separated list of mapping and matching rule names. All other rules " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2215 +msgid "" +"There are two special key words 'all_rules' and 'no_rules' which will enable " +"all or no rules, respectively. The latter means that no certificates will be " +"filtered out and ssh keys will be generated from all valid certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2222 +msgid "" +"If no rules are configured using 'all_rules' will enable a default rule " +"which enables all certificates suitable for client authentication. This is " +"the same behavior as for the PAM responder if certificate authentication is " +"enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2229 +msgid "" +"A non-existing rule name is considered an error. If as a result no rule is " +"selected all certificates will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2234 +msgid "" +"Default: not set, equivalent to 'all_rules', all found rules or the default " +"rule are used" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2240 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2243 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2263 +msgid "PAC responder configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2265 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. If " +"the PAC is decoded and evaluated some of the following operations are done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2274 +msgid "" +"If the remote user does not exist in the cache, it is created. The UID is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"GID will have the same value as the UID. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, " +"i.e. the system defaults are used, but can be overwritten with the " +"default_shell parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2282 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2288 +msgid "These options can be used to configure the PAC responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 +msgid "allowed_uids (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2295 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2301 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2305 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2314 +msgid "pac_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2317 +msgid "" +"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " +"data can be used to determine the group memberships of a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2327 +msgid "pac_check (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2330 +msgid "" +"Apply additional checks on the PAC of the Kerberos ticket which is available " +"in Active Directory and FreeIPA domains, if configured. Please note that " +"Kerberos ticket validation must be enabled to be able to check the PAC, " +"i.e. the krb5_validate option must be set to 'True' which is the default for " +"the IPA and AD provider. If krb5_validate is set to 'False' the PAC checks " +"will be skipped." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2344 +msgid "no_check" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2346 +msgid "" +"The PAC must not be present and even if it is present no additional checks " +"will be done." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2352 +msgid "pac_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2354 +msgid "" +"The PAC must be present in the service ticket which SSSD will request with " +"the help of the user's TGT. If the PAC is not available the authentication " +"will fail." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2362 +msgid "check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2364 +msgid "" +"If the PAC is present check if the user principal name (UPN) information is " +"consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2370 +msgid "check_upn_allow_missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2372 +msgid "" +"This option should be used together with 'check_upn' and handles the case " +"where a UPN is set on the server-side but is not read by SSSD. The typical " +"example is a FreeIPA domain where 'ldap_user_principal' is set to a not " +"existing attribute name. This was typically done to work-around issues in " +"the handling of enterprise principals. But this is fixed since quite some " +"time and FreeIPA can handle enterprise principals just fine and there is no " +"need anymore to set 'ldap_user_principal'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2384 +msgid "" +"Currently this option is set by default to avoid regressions in such " +"environments. A log message will be added to the system log and SSSD's debug " +"log in case a UPN is found in the PAC but not in SSSD's cache. To avoid this " +"log message it would be best to evaluate if the 'ldap_user_principal' option " +"can be removed. If this is not possible, removing 'check_upn' will skip the " +"test and avoid the log message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2398 +msgid "upn_dns_info_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2400 +msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2405 +msgid "check_upn_dns_info_ex" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2407 +msgid "" +"If the PAC is present and the extension to the UPN-DNS-INFO buffer is " +"available check if the information in the extension is consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2414 +msgid "upn_dns_info_ex_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2416 +msgid "" +"The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " +"'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2340 +msgid "" +"The following options can be used alone or in a comma-separated list: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2426 +msgid "" +"Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " +"check_upn_dns_info_ex')" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2435 +msgid "Session recording configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2437 +msgid "" +"Session recording works in conjunction with <citerefentry> " +"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>, a part of tlog package, to log what users see and type when " +"they log in on a text terminal. See also <citerefentry> " +"<refentrytitle>sssd-session-recording</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2450 +msgid "These options can be used to configure session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 +msgid "scope (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 +msgid "\"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 +msgid "No users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 +msgid "\"some\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 +msgid "" +"Users/groups specified by <replaceable>users</replaceable> and " +"<replaceable>groups</replaceable> options are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 +msgid "\"all\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 +msgid "All users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 +msgid "" +"One of the following strings specifying the scope of session recording: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 +msgid "Default: \"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 +msgid "users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 +msgid "" +"A comma-separated list of users which should have session recording " +"enabled. Matches user names as returned by NSS. I.e. after the possible " +"space replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 +msgid "Default: Empty. Matches no users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 +msgid "groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 +msgid "" +"A comma-separated list of groups, members of which should have session " +"recording enabled. Matches group names as returned by NSS. I.e. after the " +"possible space replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 +#: sssd-session-recording.5.xml:161 +msgid "" +"NOTE: using this option (having it set to anything) has a considerable " +"performance cost, because each uncached request for a user requires " +"retrieving and matching the groups the user is member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 +msgid "Default: Empty. Matches no groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 +msgid "exclude_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 +msgid "" +"A comma-separated list of users to be excluded from recording, only " +"applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 +msgid "Default: Empty. No users excluded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 +msgid "exclude_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 +msgid "" +"A comma-separated list of groups, members of which should be excluded from " +"recording. Only applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 +msgid "Default: Empty. No groups excluded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2568 +msgid "DOMAIN SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2575 +msgid "enabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2578 +msgid "" +"Explicitly enable or disable the domain. If <quote>true</quote>, the domain " +"is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " +"always <quote>disabled</quote>. If this option is not set, the domain is " +"enabled only if it is listed in the domains option in the " +"<quote>[sssd]</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2590 +msgid "domain_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2593 +msgid "" +"Specifies whether the domain is meant to be used by POSIX-aware clients such " +"as the Name Service Switch or by applications that do not need POSIX data to " +"be present or generated. Only objects from POSIX domains are available to " +"the operating system interfaces and utilities." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2601 +msgid "" +"Allowed values for this option are <quote>posix</quote> and " +"<quote>application</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2605 +msgid "" +"POSIX domains are reachable by all services. Application domains are only " +"reachable from the InfoPipe responder (see <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry>) and the PAM responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2613 +msgid "" +"NOTE: The application domains are currently well tested with " +"<quote>id_provider=ldap</quote> only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2617 +msgid "" +"For an easy way to configure a non-POSIX domains, please see the " +"<quote>Application domains</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2621 +msgid "Default: posix" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2627 +msgid "min_id,max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2630 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2635 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For " +"non-primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2642 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2646 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2652 +msgid "enumerate (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2655 +msgid "" +"Determines if a domain can be enumerated, that is, whether the domain can " +"list all the users and group it contains. Note that it is not required to " +"enable enumeration in order for secondary groups to be displayed. This " +"parameter can have one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2663 +msgid "TRUE = Users and groups are enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2666 +msgid "FALSE = No enumerations for this domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 +msgid "Default: FALSE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2672 +msgid "" +"Enumerating a domain requires SSSD to download and store ALL user and group " +"entries from the remote server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2677 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed. This can lead to the " +"<quote>sssd_be</quote> process becoming unresponsive or even restarted by " +"the internal watchdog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2692 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2697 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2705 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2713 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2720 +msgid "all" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2721 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2724 +msgid "none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2725 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2716 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2739 +msgid "entry_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2742 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2746 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2759 +msgid "Default: 5400" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2765 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2768 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2778 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2781 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2791 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2794 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2804 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2807 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2817 +msgid "entry_cache_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2820 +msgid "" +"How many seconds should nss_sss consider hosts and networks entries valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2831 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2834 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2844 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2847 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2858 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2861 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2872 +msgid "entry_cache_computer_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2875 +msgid "" +"How many seconds to keep the local computer entry before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2885 +msgid "refresh_expired_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2888 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2893 +msgid "" +"The background refresh will process users, groups and netgroups in the " +"cache. For users who have performed the initgroups (get group membership for " +"user, typically ran at login) operation in the past, both the user entry " +"and the group membership are updated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2901 +msgid "This option is automatically inherited for all trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2905 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2909 +msgid "" +"Cache entry will be refreshed by background task when 2/3 of cache timeout " +"has already passed. If there are existing cached entries, the background " +"task will refer to their original cache timeout values instead of current " +"configuration value. This may lead to a situation in which background " +"refresh task appears to not be working. This is done by design to improve " +"offline mode operation and reuse of existing valid cache entries. To make " +"this change instant the user may want to manually invalidate existing cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 +#: sssd-ipa.5.xml:270 +msgid "Default: 0 (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2928 +msgid "cache_credentials (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication " +"mechanisms. Passkey and Smartcard authentications are expected to work " +"offline as long as a successful online authentication is recorded in the " +"cache without additional configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2942 +msgid "" +"Take a note that while credentials are stored as a salted SHA512 hash, this " +"still potentially poses some security risk in case an attacker manages to " +"get access to a cache file (normally requires privileged access) and to " +"break a password using brute force attack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2956 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2959 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2966 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2977 +msgid "account_cache_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2980 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2987 +msgid "Default: 0 (unlimited)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2992 +msgid "pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3003 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3010 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3016 +msgid "id_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3019 +msgid "" +"The identification provider used for the domain. Supported ID providers " +"are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3023 +msgid "<quote>proxy</quote>: Support a legacy NSS provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3026 +msgid "" +"<quote>files</quote>: FILES provider. See <citerefentry> " +"<refentrytitle>sssd-files</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> for more information on how to mirror local users and groups " +"into SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3034 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"FreeIPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> for more information on configuring Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3062 +msgid "use_fully_qualified_names (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3065 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3070 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified " +"names. For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3078 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3085 +msgid "" +"Default: FALSE (TRUE for trusted domain/sub-domains or if " +"default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3092 +msgid "ignore_group_members (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3095 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3098 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> " +"</citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3116 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 +msgid "" +"This option can be also set per subdomain or inherited via " +"<emphasis>subdomain_inherit</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3132 +msgid "auth_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3135 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3146 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3170 +msgid "<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3173 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3176 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3182 +msgid "access_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3185 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3191 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3194 +msgid "<quote>deny</quote> always deny access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3221 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for more information on configuring " +"the simple access module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3228 +msgid "" +"<quote>krb5</quote>: .k5login based access control. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for more information on configuring " +"Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3235 +msgid "<quote>proxy</quote> for relaying access control to another PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3238 +msgid "Default: <quote>permit</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3243 +msgid "chpass_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3246 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3251 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3259 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3284 +msgid "<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3288 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3291 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3298 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3301 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3305 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3313 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3317 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3321 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3328 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3343 +msgid "" +"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " +"background unless the sudo provider is explicitly disabled. Set " +"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related " +"activity in SSSD if you do not want to use sudo with SSSD at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3353 +msgid "selinux_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3356 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3362 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3370 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3373 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3379 +msgid "subdomains_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3382 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3388 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3397 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3406 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3416 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3419 +msgid "" +"The provider which configures and manages user session related tasks. The " +"only user session task currently provided is the integration with Fleet " +"Commander, which works only with IPA. Supported session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3426 +msgid "<quote>ipa</quote> to allow performing user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3430 +msgid "<quote>none</quote> does not perform any kind of user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3434 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can perform " +"session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3438 +msgid "" +"<emphasis>NOTE:</emphasis> In order to have this feature working as expected " +"SSSD must be running as \"root\" and not as the unprivileged user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3446 +msgid "autofs_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3449 +msgid "The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3453 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3460 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3468 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3477 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3487 +msgid "hostid_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3490 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3494 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3502 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3512 +msgid "resolver_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3515 +msgid "" +"The provider which should handle hosts and networks lookups. Supported " +"resolver providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3519 +msgid "" +"<quote>proxy</quote> to forward lookups to another NSS library. See " +"<quote>proxy_resolver_lib_name</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3523 +msgid "" +"<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3530 +msgid "" +"<quote>ad</quote> to fetch hosts and networks stored in AD. See " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3538 +msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3551 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3560 +msgid "" +"Default: " +"<quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>[^@]+))$</quote> " +"which allows two different styles for user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 +msgid "username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 +msgid "username@domain.name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3573 +msgid "" +"Default for the AD and IPA provider: " +"<quote>^(((?P<domain>[^\\\\]+)\\\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<name>[^@\\\\]+)))$</quote> " +"which allows three different styles for user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3585 +msgid "domain\\username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3588 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3593 +msgid "" +"The default re_expression uses the <quote>@</quote> character as a separator " +"between the name and the domain. As a result of this setting the default " +"does not accept the <quote>@</quote> character in short names (as it is " +"allowed in Windows group names). If a user wishes to use short names with " +"<quote>@</quote> they must create their own re_expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3645 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3651 +msgid "lookup_family_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3654 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3658 +msgid "Supported values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3661 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3664 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3667 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3670 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3673 +msgid "Default: ipv4_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3679 +msgid "dns_resolver_server_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3682 +msgid "" +"Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " +"server before trying next DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3687 +msgid "The AD provider will use this option for the CLDAP ping timeouts as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 +msgid "" +"Please see the section <quote>FAILOVER</quote> for more information about " +"the service resolution." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 +msgid "Default: 1000" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3702 +msgid "dns_resolver_op_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3705 +msgid "" +"Defines the amount of time (in seconds) to wait to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or DNS discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3722 +msgid "dns_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3725 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the " +"internal fail over service before assuming that the service is " +"unreachable. If this timeout is reached, the domain will continue to operate " +"in offline mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3743 +msgid "dns_resolver_use_search_list (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3746 +msgid "" +"Normally, the DNS resolver searches the domain list defined in the " +"\"search\" directive from the resolv.conf file. This can lead to delays in " +"environments with improperly configured DNS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3752 +msgid "" +"If fully qualified domain names (or _srv_) are used in the SSSD " +"configuration, setting this option to FALSE can prevent unnecessary DNS " +"lookups in such environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3758 +msgid "Default: TRUE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3764 +msgid "dns_discovery_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3767 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3771 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3777 +msgid "override_gid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3780 +msgid "Override the primary GID value with the one specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3786 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3793 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3796 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3802 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3804 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3808 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3811 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3819 +msgid "" +"If you want to set this value for trusted domain with IPA provider, you need " +"to set it on both the client and SSSD on the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3789 +msgid "" +"Treat user and group names as case sensitive. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3834 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3840 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3843 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3849 +msgid "ldap_search_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3852 +msgid "ldap_network_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3855 +msgid "ldap_opt_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3858 +msgid "ldap_offline_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3861 +msgid "ldap_enumeration_refresh_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3864 +msgid "ldap_enumeration_refresh_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3867 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3870 +msgid "ldap_purge_cache_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3873 +msgid "" +"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " +"is not set explicitly)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3877 +msgid "ldap_krb5_ticket_lifetime" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3880 +msgid "ldap_enumeration_search_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3883 +msgid "ldap_connection_expire_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3886 +msgid "ldap_connection_expire_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3889 +msgid "ldap_connection_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 +msgid "ldap_use_tokengroups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3895 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3898 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3901 +msgid "auto_private_groups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3904 +msgid "case_sensitive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:3909 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3916 +msgid "Note: This option only works with the IPA and AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3923 +msgid "subdomain_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3934 +msgid "%F" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3935 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3926 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3940 +msgid "The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3944 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3949 +msgid "realmd_tags (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3952 +msgid "Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3958 +msgid "cached_auth_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3961 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode. If the credentials are incorrect, SSSD falls back to online " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3969 +msgid "" +"This option's value is inherited by all trusted domains. At the moment it is " +"not possible to set a different value per trusted domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3974 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3978 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3989 +msgid "local_auth_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, " +"enable. <quote>match</quote> is used to match offline and online states for " +"Kerberos methods. <quote>only</quote> ignores the online methods and only " +"offer the local ones. enable allows explicitly defining the methods for " +"local authentication. As an example, <quote>enable:passkey</quote>, only " +"enables passkey for local authentication. Multiple enable values should be " +"comma-separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +msgid "Default: match" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 +msgid "auto_private_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4050 +msgid "true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4053 +msgid "" +"Create user's private group unconditionally from user's UID number. The GID " +"number is ignored in this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4057 +msgid "" +"NOTE: Because the GID number and the user private group are inferred from " +"the UID number, it is not supported to have multiple entries with the same " +"UID or GID number with this option. In other words, enabling this option " +"enforces uniqueness across the ID space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4066 +msgid "false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4069 +msgid "" +"Always use the user's primary GID number. The GID number must refer to a " +"group object in the LDAP database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4075 +msgid "hybrid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4078 +msgid "" +"A primary group is autogenerated for user entries whose UID and GID numbers " +"have the same value and at the same time the GID number does not correspond " +"to a real group object in LDAP. If the values are the same, but the primary " +"GID in the user entry is also used by a group object, the primary GID of the " +"user resolves to that group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4091 +msgid "" +"If the UID and GID of a user are different, then the GID must correspond to " +"a group entry, otherwise the GID is simply not resolvable." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4098 +msgid "" +"This feature is useful for environments that wish to stop maintaining a " +"separate group objects for the user private groups, but also wish to retain " +"the existing user private groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4047 +msgid "" +"This option takes any of three available values: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4110 +msgid "" +"For subdomains, the default value is False for subdomains that use assigned " +"POSIX IDs and True for subdomains that use automatic ID-mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4118 +#, no-wrap +msgid "" +"[domain/forest.domain/sub.domain]\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4124 +#, no-wrap +msgid "" +"[domain/forest.domain]\n" +"subdomain_inherit = auto_private_groups\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4115 +msgid "" +"The value of auto_private_groups can either be set per subdomains in a " +"subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " +"globally for all subdomains in the main domain section using the " +"subdomain_inherit option: <placeholder type=\"programlisting\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2570 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4139 +msgid "proxy_pam_target (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4142 +msgid "The proxy target PAM proxies to." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4145 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4155 +msgid "proxy_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4158 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4168 +msgid "proxy_resolver_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4171 +msgid "" +"The name of the NSS library to use for hosts and networks lookups in proxy " +"domains. The NSS functions searched for in the library are in the form of " +"_nss_$(libName)_$(function), for example _nss_dns_gethostbyname2_r." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4182 +msgid "proxy_fast_alias (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4185 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4199 +msgid "proxy_max_children (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4202 +msgid "" +"This option specifies the number of pre-forked proxy children. It is useful " +"for high-load SSSD environments where sssd may run out of available child " +"slots, which would cause some issues due to the requests being queued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4135 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:4218 +msgid "Application domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4220 +msgid "" +"SSSD, with its D-Bus interface (see <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry>) is appealing to applications as a gateway to an LDAP " +"directory where users and groups are stored. However, contrary to the " +"traditional SSSD deployment where all users and groups either have POSIX " +"attributes or those attributes can be inferred from the Windows SIDs, in " +"many cases the users and groups in the application support scenario have no " +"POSIX attributes. Instead of setting a " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the " +"administrator can set up an " +"<quote>[application/<replaceable>NAME</replaceable>]</quote> section that " +"internally represents a domain with type <quote>application</quote> " +"optionally inherits settings from a tradition SSSD domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4240 +msgid "" +"Please note that the application domain must still be explicitly enabled in " +"the <quote>domains</quote> parameter so that the lookup order between the " +"application domain and its POSIX sibling domain is set correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:4246 +msgid "Application domain parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4248 +msgid "inherit_from (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4251 +msgid "" +"The SSSD POSIX-type domain the application domain inherits all settings " +"from. The application domain can moreover add its own settings to the " +"application settings that augment or override the <quote>sibling</quote> " +"domain settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4265 +msgid "" +"The following example illustrates the use of an application domain. In this " +"setup, the POSIX domain is connected to an LDAP server and is used by the OS " +"through the NSS responder. In addition, the application domain also requests " +"the telephoneNumber attribute, stores it as the phone attribute in the cache " +"and makes the phone attribute reachable through the D-Bus interface." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> +#: sssd.conf.5.xml:4273 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = appdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +phone\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/appdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = phone:telephoneNumber\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4293 +msgid "TRUSTED DOMAIN SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4295 +msgid "" +"Some options used in the domain section can also be used in the trusted " +"domain section, that is, in a section called " +"<quote>[domain/<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</replaceable>]</quote>. " +"Where DOMAIN_NAME is the actual joined-to base domain. Please refer to " +"examples below for explanation. Currently supported options in the trusted " +"domain section are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4302 +msgid "ldap_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4303 +msgid "ldap_user_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4304 +msgid "ldap_group_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4305 +msgid "ldap_netgroup_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4306 +msgid "ldap_service_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4307 +msgid "ldap_sasl_mech," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4308 +msgid "ad_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4309 +msgid "ad_backup_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4310 +msgid "ad_site," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 +msgid "use_fully_qualified_names" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4315 +msgid "" +"For more details about these options see their individual description in the " +"manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4321 +msgid "CERTIFICATE MAPPING SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4323 +msgid "" +"To allow authentication with Smartcards and certificates SSSD must be able " +"to map certificates to users. This can be done by adding the full " +"certificate to the LDAP object of the user or to a local override. While " +"using the full certificate is required to use the Smartcard authentication " +"feature of SSH (see <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> for details) it might be cumbersome " +"or not even possible to do this for the general case where local services " +"use PAM for authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4337 +msgid "" +"To make the mapping more flexible mapping and matching rules were added to " +"SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4346 +msgid "" +"A mapping and matching rule can be added to the SSSD configuration in a " +"section on its own with a name like " +"<quote>[certmap/<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</replaceable>]</quote>. " +"In this section the following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4353 +msgid "matchrule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4356 +msgid "" +"Only certificates from the Smartcard which matches this rule will be " +"processed, all others are ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4360 +msgid "" +"Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " +"Extended Key Usage <quote>clientAuth</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4367 +msgid "maprule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4370 +msgid "Defines how the user is found for a given certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4376 +msgid "" +"LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " +"<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4382 +msgid "" +"The RULE_NAME for the <quote>files</quote> provider which tries to find a " +"user with the same name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4391 +msgid "domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4394 +msgid "" +"Comma separated list of domain names the rule should be applied. By default " +"a rule is only valid in the domain configured in sssd.conf. If the provider " +"supports subdomains this option can be used to add the rule to subdomains as " +"well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4401 +msgid "Default: the configured domain in sssd.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4406 +msgid "priority (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4409 +msgid "" +"Unsigned integer value defining the priority of the rule. The higher the " +"number the lower the priority. <quote>0</quote> stands for the highest " +"priority while <quote>4294967295</quote> is the lowest." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4415 +msgid "Default: the lowest priority" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4421 +msgid "" +"To make the configuration simple and reduce the amount of configuration " +"options the <quote>files</quote> provider has some special properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4427 +msgid "" +"if maprule is not set the RULE_NAME name is assumed to be the name of the " +"matching user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4433 +msgid "" +"if a maprule is used both a single user name or a template like " +"<quote>{subject_rfc822_name.short_name}</quote> must be in braces like " +"e.g. <quote>(username)</quote> or " +"<quote>({subject_rfc822_name.short_name})</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4442 +msgid "the <quote>domains</quote> option is ignored" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4450 +msgid "PROMPTING CONFIGURATION SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4452 +msgid "" +"If a special file " +"(<filename>/var/lib/sss/pubconf/pam_preauth_available</filename>) exists " +"SSSD's PAM module pam_sss will ask SSSD to figure out which authentication " +"methods are available for the user trying to log in. Based on the results " +"pam_sss will prompt the user for appropriate credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4460 +msgid "" +"With the growing number of authentication methods and the possibility that " +"there are multiple ones for a single user the heuristic used by pam_sss to " +"select the prompting might not be suitable for all use cases. The following " +"options should provide a better flexibility here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4472 +msgid "[prompting/password]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4475 +msgid "password_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4476 +msgid "to change the string of the password prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4474 +msgid "" +"to configure password prompting, allowed options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4484 +msgid "[prompting/2fa]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4488 +msgid "first_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4489 +msgid "to change the string of the prompt for the first factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4492 +msgid "second_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4493 +msgid "to change the string of the prompt for the second factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4496 +msgid "single_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4497 +msgid "" +"boolean value, if True there will be only a single prompt using the value of " +"first_prompt where it is expected that both factors are entered as a single " +"string. Please note that both factors have to be entered here, even if the " +"second factor is optional." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4486 +msgid "" +"to configure two-factor authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " +"optional and it should be possible to log in either only with the password " +"or with both factors two-step prompting has to be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4514 +msgid "[prompting/passkey]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4522 +msgid "" +"boolean value, if True prompt a message and wait before testing the presence " +"of a passkey device. Recommended if your device doesn’t have a tactile " +"trigger." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4530 +msgid "interactive_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4532 +msgid "to change the message of the interactive prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4537 +msgid "touch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4539 +msgid "" +"boolean value, if True prompt a message to remind the user to touch the " +"device." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4545 +msgid "touch_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4547 +msgid "to change the message of the touch prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4516 +msgid "" +"to configure passkey authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4467 +msgid "" +"Each supported authentication method has its own configuration subsection " +"under <quote>[prompting/...]</quote>. Currently there are: <placeholder " +"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" " +"id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4558 +msgid "" +"It is possible to add a subsection for specific PAM services, " +"e.g. <quote>[prompting/password/sshd]</quote> to individual change the " +"prompting for this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +msgid "EXAMPLES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4571 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4567 +msgid "" +"1. The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4604 +#, no-wrap +msgid "" +"[domain/ipa.com/child.ad.com]\n" +"use_fully_qualified_names = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4598 +msgid "" +"2. The following example shows configuration of IPA AD trust where the AD " +"forest consists of two domains in a parent-child structure. Suppose IPA " +"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain " +"(child.ad.com). To enable shortnames in the child domain the following " +"configuration should be used. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4615 +#, no-wrap +msgid "" +"[certmap/my.domain/rule_name]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +"maprule = (userCertificate;binary={cert!bin})\n" +"domains = my.domain, your.domain\n" +"priority = 10\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4609 +msgid "" +"3. The following example shows the configuration of a certificate mapping " +"rule. It is valid for the configured domain <quote>my.domain</quote> and " +"additionally for the subdomains <quote>your.domain</quote> and uses the full " +"certificate in the search filter. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:21 pam_sss.8.xml:63 pam_sss_gss.8.xml:30 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21 +#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 +#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sssd-krb5.5.xml:21 +#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 +#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 +#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30 +#: sssd-files.5.xml:21 sssd-session-recording.5.xml:21 sssd-kcm.8.xml:21 +#: sssd-systemtap.5.xml:21 sssd-ldap-attributes.5.xml:21 +#: sssd_krb5_localauth_plugin.8.xml:20 +msgid "DESCRIPTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax " +"information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is " +"required. <command>sssd</command> <emphasis>does not</emphasis> support " +"authentication over an unencrypted channel. Even if the LDAP server is used " +"only as an identity provider, an encrypted channel is strongly " +"recommended. Please refer to <quote>ldap_access_filter</quote> config option " +"for more information about using LDAP as an access provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 +#: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 +msgid "CONFIGURATION OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:67 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the " +"<quote>FAILOVER</quote> section for more information on failover and server " +"redundancy. If neither option is specified, service discovery is " +"enabled. For more information, refer to the <quote>SERVICE DISCOVERY</quote> " +"section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:77 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:80 +msgid "ldap[s]://<host>[:port]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:83 +msgid "For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:86 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:92 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a " +"user. Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:102 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:106 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:112 +msgid "ldap_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:115 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:123 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by " +"http://www.ietf.org/rfc/rfc2254.txt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 +msgid "Examples:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:136 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:141 +msgid "" +"ldap_search_base = " +"cn=host_specific,dc=example,dc=com?subtree?(host=thishost)?dc=example.com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:151 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:165 +msgid "ldap_schema (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:175 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:179 +msgid "rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:184 +msgid "rfc2307bis" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:189 +msgid "IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:194 +msgid "AD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:200 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:210 +msgid "Default: rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:216 +msgid "ldap_pwmodify_mode (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:219 +msgid "Specify the operation that is used to modify user password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:223 +msgid "Two modes are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:227 +msgid "exop - Password Modify Extended Operation (RFC 3062)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:233 +msgid "ldap_modify - Direct modification of userPassword (not recommended)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:240 +msgid "" +"Note: First, a new connection is established to verify current password by " +"binding as the user that requested password change. If successful, this " +"connection is used to change the password therefore the user must have write " +"access to userPassword attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:248 +msgid "Default: exop" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:254 +msgid "ldap_default_bind_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:264 +msgid "ldap_default_authtok_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:267 +msgid "The type of the authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:271 +msgid "The two mechanisms currently supported are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:274 +msgid "password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:277 +msgid "obfuscated_password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:280 +msgid "Default: password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "" +"See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:294 +msgid "ldap_default_authtok (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:297 +msgid "The authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:303 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:306 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:319 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:338 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:341 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:347 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:367 +msgid "ldap_group_nesting_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:370 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups " +"(e.g. RFC2307bis), then this option controls how many levels of nesting SSSD " +"will follow. This option has no effect on the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:395 +msgid "Default: 2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:404 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:439 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:444 +msgid "ldap_iphost_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:449 +msgid "ldap_ipnetwork_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:454 +msgid "ldap_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:457 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:463 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:480 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:483 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:501 +msgid "ldap_network_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> " +"</citerefentry>/<citerefentry> <refentrytitle>select</refentrytitle> " +"<manvolnum>2</manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> " +"</citerefentry> returns in case of no activity." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:532 +msgid "ldap_opt_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:535 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:555 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:558 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value " +"vs. the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:566 +msgid "" +"If the connection is idle (not actively running an operation) within " +"<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " +"closed early to ensure that a new query cannot require the connection to " +"remain open past its expiration. This implies that connections will always " +"be closed immediately and will never be reused if " +"<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:578 +msgid "" +"This timeout can be extended of a random value specified by " +"<emphasis>ldap_connection_expire_offset</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_connection_expire_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"Random offset between 0 and configured value is added to " +"<emphasis>ldap_connection_expire_timeout</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:613 +msgid "ldap_connection_idle_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:616 +msgid "" +"Specifies a timeout (in seconds) that an idle connection to an LDAP server " +"will be maintained. If the connection is idle for more than this time then " +"the connection will be closed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:622 +msgid "You can disable this timeout by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:637 +msgid "ldap_page_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:640 +msgid "" +"Specify the number of records to retrieve from LDAP in a single " +"request. Some LDAP servers enforce a maximum limit per-request." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:651 +msgid "ldap_disable_paging (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:654 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:660 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use " +"it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:666 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:678 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:681 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:684 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:699 +msgid "ldap_sasl_minssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:702 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:715 +msgid "ldap_sasl_maxssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:718 +msgid "" +"When communicating with an LDAP server using SASL, specify the maximal " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:731 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:734 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:740 +msgid "" +"You can turn off dereference lookups completely by setting the value to " +"0. Please note that there are some codepaths in SSSD, like the IPA HBAC " +"provider, that are only implemented using the dereference call, so even with " +"dereference explicitly disabled, those parts will still use dereference if " +"the server supports it and advertises the dereference control in the rootDSE " +"object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:751 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:759 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:772 +msgid "ldap_ignore_unreadable_references (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:775 +msgid "" +"Ignore unreadable LDAP entries referenced in group's member attribute. If " +"this parameter is set to false an error will be returned and the operation " +"will fail instead of just ignoring the unreadable entry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:782 +msgid "" +"This parameter may be useful when using the AD provider and the computer " +"account that sssd uses to connect to AD does not have access to a particular " +"entry or LDAP sub-tree for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:795 +msgid "ldap_tls_reqcert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:798 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:808 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:815 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:821 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:827 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:831 +msgid "Default: hard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:837 +msgid "ldap_tls_cacert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:840 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 +msgid "" +"Default: use OpenLDAP defaults, typically in " +"<filename>/etc/openldap/ldap.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:852 +msgid "ldap_tls_cacertdir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:855 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:870 +msgid "ldap_tls_cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:873 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:883 +msgid "ldap_tls_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:886 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:895 +msgid "ldap_tls_cipher_suite (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:898 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:914 +msgid "" +"Specifies that the id_provider connection must also use <systemitem " +"class=\"protocol\">tls</systemitem> to protect the channel. " +"<emphasis>true</emphasis> is strongly recommended for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_id_mapping (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:934 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:944 +msgid "ldap_min_id, ldap_max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:947 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:959 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:965 +msgid "ldap_sasl_mech (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:968 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " +"tested and supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:972 +msgid "" +"If the backend supports sub-domains the value of ldap_sasl_mech is " +"automatically inherited to the sub-domains. If a different value is needed " +"for a sub-domain it can be overwritten by setting ldap_sasl_mech for this " +"sub-domain explicitly. Please see TRUSTED DOMAIN SECTION in " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:988 +msgid "ldap_sasl_authid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ldap.5.xml:1000 +#, no-wrap +msgid "" +"hostname@REALM\n" +"netbiosname$@REALM\n" +"host/hostname@REALM\n" +"*$@REALM\n" +"host/*@REALM\n" +"host/*\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:991 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " +"this represents the Kerberos principal used for authentication to the " +"directory. This option can either contain the full principal (for example " +"host/myhost@EXAMPLE.COM) or just the principal name (for example " +"host/myhost). By default, the value is not set and the following principals " +"are used: <placeholder type=\"programlisting\" id=\"0\"/> If none of them " +"are found, the first principal in keytab is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1011 +msgid "Default: host/hostname@REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1017 +msgid "ldap_sasl_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1026 +msgid "Default: the value of krb5_realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1032 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1035 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1040 +msgid "Default: false;" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1046 +msgid "ldap_krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1049 +msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1064 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1067 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI or GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1079 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is " +"used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 +msgid "Default: 86400 (24 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1100 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of " +"preference. For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of " +"SSSD. While the legacy name is recognized for the time being, users are " +"advised to migrate their config files to use <quote>krb5_server</quote> " +"instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1129 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1133 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 +msgid "krb5_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1142 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 +msgid "" +"See the <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more information on " +"the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1182 +msgid "ldap_pwd_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1185 +msgid "" +"Select the policy to evaluate the password expiration on the client " +"side. The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1190 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "" +"<emphasis>shadow</emphasis> - Use " +"<citerefentry><refentrytitle>shadow</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> style attributes to evaluate if the " +"password has expired. Please see option \"ldap_chpass_update_last_change\" " +"as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1203 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1212 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1220 +msgid "ldap_referrals (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1223 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1227 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1232 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement. Setting this option to " +"false is therefore recommended in case the SSSD LDAP provider is used " +"together with Microsoft Active Directory as a backend. Even if SSSD would be " +"able to follow the referral to a different AD DC no additional data would be " +"available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1251 +msgid "ldap_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1254 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1258 +msgid "Default: ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1264 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1267 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1278 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1281 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1287 +msgid "" +"It is recommend to set this option explicitly if \"ldap_pwd_policy = " +"shadow\" is used to let SSSD know if the LDAP server will update " +"shadowLastChange LDAP attribute automatically after a password change or if " +"SSSD has to update it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1301 +msgid "ldap_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1304 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> " +"</citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1324 +msgid "Example:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1327 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1331 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1336 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 +msgid "Default: Empty" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1350 +msgid "ldap_account_expire_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1353 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1357 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1364 +msgid "The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1367 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1372 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1379 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, " +"<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check " +"if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is " +"allowed. If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1393 +msgid "" +"Please note that the ldap_access_order configuration option " +"<emphasis>must</emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1406 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1413 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1416 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1426 +msgid "" +"<emphasis> Please note that this option is superseded by the " +"<quote>ppolicy</quote> option and might be removed in a future release. " +"</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1433 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1450 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 +msgid "" +"The difference between these options is the action taken if user password is " +"expired:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 +msgid "pwd_expire_policy_reject - user is denied to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 +msgid "pwd_expire_policy_warn - user is still able to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 +msgid "" +"pwd_expire_policy_renew - user is prompted to change their password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1489 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1499 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1503 +msgid "" +"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " +"remote host can access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "" +"Please note, rhost field in pam is set by application, it is better to check " +"what the application sends to pam, before enabling this access control " +"option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1512 +msgid "Default: filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1515 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1522 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1525 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1533 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1536 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1542 +msgid "ldap_deref (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1545 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1550 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1559 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1564 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1569 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1577 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1580 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1584 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1595 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 +msgid "wildcard_limit (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1610 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1614 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1624 +msgid "ldap_library_debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1627 +msgid "" +"Switches on libldap debugging with the given level. The libldap debug " +"messages will be written independent of the general debug_level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1632 +msgid "" +"OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " +"enable full debug output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1637 +msgid "Default: 0 (libldap debugging disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:52 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page for full details. Note " +"that SSSD LDAP mapping attributes are described in the <citerefentry> " +"<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1647 +msgid "SUDO OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1649 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1660 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1663 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1668 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval " +"</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1673 +msgid "" +"You can disable full refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 +msgid "Default: 21600 (6 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest " +"server USN value that is currently known by SSSD)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1693 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1697 +msgid "" +"<emphasis>Note:</emphasis> the highest USN value can be updated by three " +"tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +"enumeration of users and groups (if enabled and updated users or groups are " +"found) and 3) by reconnecting to the server (by default every 15 minutes, " +"see <emphasis>ldap_connection_expire_timeout</emphasis>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1708 +msgid "" +"You can disable smart refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1719 +msgid "ldap_sudo_random_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1722 +msgid "" +"Random offset between 0 and configured value is added to smart and full " +"refresh periods each time the periodic task is scheduled. The value is in " +"seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Note that this random offset is also applied on the first SSSD start which " +"delays the first sudo rules refresh. This prolongs the time when the sudo " +"rules are not available for use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1734 +msgid "You can disable this offset by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1744 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1747 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1758 +msgid "ldap_sudo_hostnames (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1761 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1766 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is " +"<emphasis>false</emphasis> then this option has no effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 +msgid "Default: not specified" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1782 +msgid "ldap_sudo_ip (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1785 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1790 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1805 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1808 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1823 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1826 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +#: sssd-ldap.5.xml:1836 +msgid "" +"Using wildcard is an operation that is very costly to evaluate on the LDAP " +"server side!" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1848 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> " +"</citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1858 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1866 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1869 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1872 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1883 +msgid "ADVANCED OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1890 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1895 +msgid "ldap_user_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1900 +msgid "ldap_group_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:1905 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no GID mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:1914 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1916 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1885 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder " +"type=\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 +msgid "EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1944 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 +#: include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1955 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1957 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1962 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1979 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:11 pam_sss.8.xml:16 +msgid "pam_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: pam_sss.8.xml:12 pam_sss_gss.8.xml:12 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11 +#: sssd_krb5_localauth_plugin.8.xml:11 +msgid "8" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:17 +msgid "PAM module for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:22 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> " +"<replaceable>quiet</replaceable> </arg> <arg choice='opt'> " +"<replaceable>forward_pass</replaceable> </arg> <arg choice='opt'> " +"<replaceable>use_first_pass</replaceable> </arg> <arg choice='opt'> " +"<replaceable>use_authtok</replaceable> </arg> <arg choice='opt'> " +"<replaceable>retry=N</replaceable> </arg> <arg choice='opt'> " +"<replaceable>ignore_unknown_user</replaceable> </arg> <arg choice='opt'> " +"<replaceable>ignore_authinfo_unavail</replaceable> </arg> <arg choice='opt'> " +"<replaceable>domains=X</replaceable> </arg> <arg choice='opt'> " +"<replaceable>allow_missing_name</replaceable> </arg> <arg choice='opt'> " +"<replaceable>prompt_always</replaceable> </arg> <arg choice='opt'> " +"<replaceable>try_cert_auth</replaceable> </arg> <arg choice='opt'> " +"<replaceable>require_cert_auth</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:64 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123 +#: sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:74 +msgid "<option>quiet</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:77 +msgid "Suppress log messages for unknown users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>forward_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:92 +msgid "<option>use_first_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:95 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied " +"access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>use_authtok</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:113 +msgid "<option>retry=N</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:116 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:118 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:130 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:137 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:141 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:148 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:152 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:158 +msgid "" +"NOTE: If this is used for a service not running as root user, e.g. a " +"web-server, it must be used in conjunction with the " +"<quote>pam_trusted_users</quote> and <quote>pam_public_domains</quote> " +"options. Please see the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page for more information on these two PAM responder " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:173 +msgid "<option>allow_missing_name</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:177 +msgid "" +"The main purpose of this option is to let SSSD determine the user name based " +"on additional information, e.g. the certificate from a Smartcard." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: pam_sss.8.xml:187 +#, no-wrap +msgid "" +"auth sufficient pam_sss.so allow_missing_name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:182 +msgid "" +"The current use case are login managers which can monitor a Smartcard reader " +"for card events. In case a Smartcard is inserted the login manager will call " +"a PAM stack which includes a line like <placeholder type=\"programlisting\" " +"id=\"0\"/> In this case SSSD will try to determine the user name based on " +"the content of the Smartcard, returns it to pam_sss which will finally put " +"it on the PAM stack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:197 +msgid "<option>prompt_always</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:201 +msgid "" +"Always prompt the user for credentials. With this option credentials " +"requested by other PAM modules, typically a password, will be ignored and " +"pam_sss will prompt for credentials again. Based on the pre-auth reply by " +"SSSD pam_sss might prompt for a password, a Smartcard PIN or other " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:212 +msgid "<option>try_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:216 +msgid "" +"Try to use certificate based authentication, i.e. authentication with a " +"Smartcard or similar devices. If a Smartcard is available and the service is " +"allowed for Smartcard authentication the user will be prompted for a PIN and " +"the certificate based authentication will continue" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:224 +msgid "" +"If no Smartcard is available or certificate based authentication is not " +"allowed for the current service PAM_AUTHINFO_UNAVAIL is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:232 +msgid "<option>require_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:236 +msgid "" +"Do certificate based authentication, i.e. authentication with a Smartcard " +"or similar devices. If a Smartcard is not available the user will be " +"prompted to insert one. SSSD will wait for a Smartcard until the timeout " +"defined by p11_wait_for_card_timeout passed, please see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:246 +msgid "" +"If no Smartcard is available after the timeout or certificate based " +"authentication is not allowed for the current service PAM_AUTHINFO_UNAVAIL " +"is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:256 pam_sss_gss.8.xml:103 +msgid "MODULE TYPES PROVIDED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:257 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:260 +msgid "" +"If SSSD's PAM responder is not running, e.g. if the PAM responder socket is " +"not available, pam_sss will return PAM_USER_UNKNOWN when called as " +"<option>account</option> module to avoid issues with users from other " +"sources during access control." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:267 pam_sss_gss.8.xml:108 +msgid "RETURN VALUES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:270 pam_sss_gss.8.xml:111 +msgid "PAM_SUCCESS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:273 pam_sss_gss.8.xml:114 +msgid "The PAM operation finished successfully." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:278 pam_sss_gss.8.xml:119 +msgid "PAM_USER_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:281 +msgid "" +"The user is not known to the authentication service or the SSSD's PAM " +"responder is not running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:287 pam_sss_gss.8.xml:128 +msgid "PAM_AUTH_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:290 +msgid "" +"Authentication failure. Also, could be returned when there is a problem with " +"getting the certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:296 +msgid "PAM_PERM_DENIED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:299 +msgid "" +"Permission denied. The SSSD log files may contain additional information " +"about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:305 +msgid "PAM_IGNORE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:308 +msgid "" +"See options <option>ignore_unknown_user</option> and " +"<option>ignore_authinfo_unavail</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:314 +msgid "PAM_AUTHTOK_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:317 +msgid "" +"Unable to obtain the new authentication token. Also, could be returned when " +"the user authenticates with certificates and multiple certificates are " +"available, but the installed version of GDM does not support selection from " +"multiple certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:325 pam_sss_gss.8.xml:136 +msgid "PAM_AUTHINFO_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:328 pam_sss_gss.8.xml:139 +msgid "" +"Unable to access the authentication information. This might be due to a " +"network or hardware failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:334 +msgid "PAM_BUF_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:337 +msgid "" +"A memory error occurred. Also, could be returned when options use_first_pass " +"or use_authtok were set, but no password was found from the previously " +"stacked PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:344 pam_sss_gss.8.xml:145 +msgid "PAM_SYSTEM_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:347 pam_sss_gss.8.xml:148 +msgid "" +"A system error occurred. The SSSD log files may contain additional " +"information about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:353 +msgid "PAM_CRED_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:356 +msgid "Unable to set the credentials of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:361 +msgid "PAM_CRED_INSUFFICIENT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:364 +msgid "" +"The application does not have sufficient credentials to authenticate the " +"user. For example, missing PIN during smartcard authentication or missing " +"factor during two-factor authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:372 +msgid "PAM_SERVICE_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:375 +msgid "Error in service module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:380 +msgid "PAM_NEW_AUTHTOK_REQD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:383 +msgid "The user's authentication token has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:388 +msgid "PAM_ACCT_EXPIRED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:391 +msgid "The user account has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:396 +msgid "PAM_SESSION_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:399 +msgid "Unable to fetch IPA Desktop Profile rules or user info." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:404 +msgid "PAM_CRED_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:407 +msgid "Unable to retrieve Kerberos user credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:412 +msgid "PAM_NO_MODULE_DATA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:415 +msgid "" +"No authentication method was found by Kerberos. This might happen if the " +"user has a Smartcard assigned but the pkint plugin is not available on the " +"client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:422 +msgid "PAM_CONV_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:425 +msgid "Conversation failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:430 +msgid "PAM_AUTHTOK_LOCK_BUSY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:433 +msgid "No KDC suitable for password change is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:438 +msgid "PAM_ABORT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:441 +msgid "Unknown PAM call." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:446 +msgid "PAM_MODULE_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:449 +msgid "Unsupported PAM task or command." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:454 +msgid "PAM_BAD_ITEM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:457 +msgid "The authentication module cannot handle Smartcard credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:465 +msgid "FILES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:466 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be " +"displayed. This message can e.g. contain instructions about how to reset a " +"password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:471 +msgid "" +"The message is read from the file " +"<filename>pam_sss_pw_reset_message.LOC</filename> where LOC stands for a " +"locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> " +"</citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:481 +msgid "" +"These files are searched in the directory " +"<filename>/etc/sssd/customize/DOMAIN_NAME/</filename>. If no matching file " +"is present a generic message is displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss_gss.8.xml:11 pam_sss_gss.8.xml:16 +msgid "pam_sss_gss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss_gss.8.xml:17 +msgid "PAM module for SSSD GSSAPI authentication" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss_gss.8.xml:22 +msgid "" +"<command>pam_sss_gss.so</command> <arg choice='opt'> " +"<replaceable>debug</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:32 +msgid "" +"<command>pam_sss_gss.so</command> authenticates user over GSSAPI in " +"cooperation with SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:36 +msgid "" +"This module will try to authenticate the user using the GSSAPI hostbased " +"service name host@hostname which translates to host/hostname@REALM Kerberos " +"principal. The <emphasis>REALM</emphasis> part of the Kerberos principal " +"name is derived by Kerberos internal mechanisms and it can be set explicitly " +"in configuration of [domain_realm] section in /etc/krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:44 +msgid "" +"SSSD is used to provide desired service name and to validate the user's " +"credentials using GSSAPI calls. If the service ticket is already present in " +"the Kerberos credentials cache or if user's ticket granting ticket can be " +"used to get the correct service ticket then the user will be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:51 +msgid "" +"If <option>pam_gssapi_check_upn</option> is True (default) then SSSD " +"requires that the credentials used to obtain the service tickets can be " +"associated with the user. This means that the principal that owns the " +"Kerberos credentials must match with the user principal name as defined in " +"LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:58 +msgid "" +"To enable GSSAPI authentication in SSSD, set " +"<option>pam_gssapi_services</option> option in [pam] or domain section of " +"sssd.conf. The service credentials need to be stored in SSSD's keytab (it is " +"already present if you use ipa or ad provider). The keytab location can be " +"set with <option>krb5_keytab</option> option. See <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> and <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more details on these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:74 +msgid "" +"Some Kerberos deployments allow to associate authentication indicators with " +"a particular pre-authentication method used to obtain the ticket granting " +"ticket by the user. <command>pam_sss_gss.so</command> allows to enforce " +"presence of authentication indicators in the service tickets before a " +"particular PAM service can be accessed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:82 +msgid "" +"If <option>pam_gssapi_indicators_map</option> is set in the [pam] or domain " +"section of sssd.conf, then SSSD will perform a check of the presence of any " +"configured indicators in the service ticket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss_gss.8.xml:93 +msgid "<option>debug</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:96 +msgid "Print debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:104 +msgid "Only the <option>auth</option> module type is provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:122 +msgid "" +"The user is not known to the authentication service or the GSSAPI " +"authentication is not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:131 +msgid "Authentication failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:159 +msgid "" +"The main use case is to provide password-less authentication in sudo but " +"without the need to disable authentication completely. To achieve this, " +"first enable GSSAPI authentication for sudo in sssd.conf:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:165 +#, no-wrap +msgid "" +"[domain/MYDOMAIN]\n" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:169 +msgid "" +"And then enable the module in desired PAM stack (e.g. /etc/pam.d/sudo and " +"/etc/pam.d/sudo-i)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:173 +#, no-wrap +msgid "" +"...\n" +"auth sufficient pam_sss_gss.so\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss_gss.8.xml:180 +msgid "TROUBLESHOOTING" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:182 +msgid "" +"SSSD logs, pam_sss_gss debug output and syslog may contain helpful " +"information about the error. Here are some common issues:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:186 +msgid "" +"1. I have KRB5CCNAME environment variable set and the authentication does " +"not work: Depending on your sudo version, it is possible that sudo does not " +"pass this variable to the PAM environment. Try adding KRB5CCNAME to " +"<option>env_keep</option> in /etc/sudoers or in your LDAP sudo rules default " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:193 +msgid "" +"2. Authentication does not work and syslog contains \"Server not found in " +"Kerberos database\": Kerberos is probably not able to resolve correct realm " +"for the service ticket based on the hostname. Try adding the hostname " +"directly to <option>[domain_realm]</option> in /etc/krb5.conf like so:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:200 +msgid "" +"3. Authentication does not work and syslog contains \"No Kerberos " +"credentials available\": You don't have any credentials that can be used to " +"obtain the required service ticket. Use kinit or authenticate over SSSD to " +"acquire those credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:206 +msgid "" +"4. Authentication does not work and SSSD sssd-pam log contains \"User with " +"UPN [$UPN] was not found.\" or \"UPN [$UPN] does not match target user " +"[$username].\": You are using credentials that can not be mapped to the user " +"that is being authenticated. Try to use kswitch to select different " +"principal, make sure you authenticated with SSSD or consider disabling " +"<option>pam_gssapi_check_upn</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:214 +#, no-wrap +msgid "" +"[domain_realm]\n" +".myhostname = MYREALM\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by libkrb5 to find KDCs for a given Kerberos realm. SSSD provides such " +"a plugin to guide all Kerberos clients on a system to a single KDC. In " +"general it should not matter to which KDC a client process is talking to. " +"But there are cases, e.g. after a password change, where not all KDCs are in " +"the same state because the new data has to be replicated first. To avoid " +"unexpected authentication failures and maybe even account lockings it would " +"be good to talk to a single KDC as long as possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:34 +msgid "" +"libkrb5 will search the locator plugin in the libkrb5 sub-directory of the " +"Kerberos plugin directory, see plugin_base_dir in <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> for details. The plugin can only be disabled by removing the " +"plugin file. There is no option in the Kerberos configuration to disable " +"it. But the SSSD_KRB5_LOCATOR_DISABLE environment variable can be used to " +"disable the plugin for individual commands. Alternatively the SSSD option " +"krb5_use_kdcinfo=False can be used to not generate the data needed by the " +"plugin. With this the plugin is still called but will provide no data to the " +"caller so that libkrb5 can fall back to other methods defined in krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:50 +msgid "" +"The plugin reads the information about the KDCs of a given realm from a file " +"called <filename>kdcinfo.REALM</filename>. The file should contain one or " +"more DNS names or IP addresses either in dotted-decimal IPv4 notation or the " +"hexadecimal IPv6 notation. An optional port number can be added to the end " +"separated with a colon, the IPv6 address has to be enclosed in squared " +"brackets in this case as usual. Valid entries are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:58 +msgid "kdc.example.com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:59 +msgid "kdc.example.com:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:60 +msgid "1.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:61 +msgid "5.6.7.8:99" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:62 +msgid "2001:db8:85a3::8a2e:370:7334" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "[2001:db8:85a3::8a2e:370:7334]:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:65 +msgid "" +"SSSD's krb5 auth-provider which is used by the IPA and AD providers as well " +"adds the address of the current KDC or domain controller SSSD is using to " +"this file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:70 +msgid "" +"In environments with read-only and read-write KDCs where clients are " +"expected to use the read-only instances for the general operations and only " +"the read-write KDC for config changes like password changes a " +"<filename>kpasswdinfo.REALM</filename> is used as well to identify " +"read-write KDCs. If this file exists for the given realm the content will be " +"used by the plugin to reply to requests for a kpasswd or kadmin server or " +"for the MIT Kerberos specific master KDC. If the address contains a port " +"number the default KDC port 88 will be used for the latter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:85 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:91 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:95 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value " +"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the " +"caller." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:100 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES is set to " +"any value plugin will try to resolve all DNS names in kdcinfo file. By " +"default plugin returns KRB5_PLUGIN_NO_HANDLE to the caller immediately on " +"first DNS resolving failure." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:83 sssd-ad.5.xml:131 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and " +"example.com is one of the domains in the <replaceable>[sssd]</replaceable> " +"section. This examples shows only the simple access provider-specific " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> " +"</citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss-certmap.5.xml:10 sss-certmap.5.xml:16 +msgid "sss-certmap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss-certmap.5.xml:17 +msgid "SSSD Certificate Matching and Mapping Rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:23 +msgid "" +"The manual page describes the rules which can be used by SSSD and other " +"components to match X.509 certificates and map them to accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:28 +msgid "" +"Each rule has four components, a <quote>priority</quote>, a <quote>matching " +"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain " +"list</quote>. All components are optional. A missing <quote>priority</quote> " +"will add the rule with the lowest priority. The default <quote>matching " +"rule</quote> will match certificates with the digitalSignature key usage and " +"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty " +"the certificates will be searched in the userCertificate attribute as DER " +"encoded binary. If no domains are given only the local domain will be " +"searched." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:39 +msgid "" +"To allow extensions or completely different style of rule the " +"<quote>mapping</quote> and <quote>matching rules</quote> can contain a " +"prefix separated with a ':' from the main part of the rule. The prefix may " +"only contain upper-case ASCII letters and numbers. If the prefix is omitted " +"the default type will be used which is 'KRB5' for the matching rules and " +"'LDAP' for the mapping rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:48 +msgid "" +"The 'sssctl' utility provides the 'cert-eval-rule' command to check if a " +"given certificate matches a matching rules and how the output of a mapping " +"rule would look like." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss-certmap.5.xml:55 +msgid "RULE COMPONENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:57 +msgid "PRIORITY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:59 +msgid "" +"The rules are processed by priority while the number '0' (zero) indicates " +"the highest priority. The higher the number the lower is the priority. A " +"missing value indicates the lowest priority. The rules processing is stopped " +"when a matched rule is found and no further rules are checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:66 +msgid "" +"Internally the priority is treated as unsigned 32bit integer, using a " +"priority value larger than 4294967295 will cause an error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:70 +msgid "" +"If multiple rules have the same priority and only one of the related " +"matching rules applies, this rule will be chosen. If there are multiple " +"rules with the same priority which matches, one is chosen but which one is " +"undefined. To avoid this undefined behavior either use different priorities " +"or make the matching rules more specific e.g. by using distinct " +"<ISSUER> patterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:79 +msgid "MATCHING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:81 +msgid "" +"The matching rule is used to select a certificate to which the mapping rule " +"should be applied. It uses a system similar to the one used by " +"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a " +"keyword enclosed by '<' and '>' which identified a certain part of the " +"certificate and a pattern which should be found for the rule to " +"match. Multiple keyword pattern pairs can be either joined with '&&' " +"(and) or '||' (or)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:90 +msgid "" +"Given the similarity to MIT Kerberos the type prefix for this rule is " +"'KRB5'. But 'KRB5' will also be the default for <quote>matching " +"rules</quote> so that \"<SUBJECT>.*,DC=MY,DC=DOMAIN\" and " +"\"KRB5:<SUBJECT>.*,DC=MY,DC=DOMAIN\" are equivalent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:99 +msgid "<SUBJECT>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:102 +msgid "" +"With this a part or the whole subject name of the certificate can be " +"matched. For the matching POSIX Extended Regular Expression syntax is used, " +"see regex(7) for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:108 +msgid "" +"For the matching the subject name stored in the certificate in DER encoded " +"ASN.1 is converted into a string according to RFC 4514. This means the most " +"specific name component comes first. Please note that not all possible " +"attribute names are covered by RFC 4514. The names included are 'CN', 'L', " +"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might " +"be shown differently on different platform and by different tools. To avoid " +"confusion those attribute names are best not used or covered by a suitable " +"regular-expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:121 +msgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:124 +msgid "" +"Please note that the characters \"^.[$()|*+?{\\\" have a special meaning in " +"regular expressions and must be escaped with the help of the '\\' character " +"so that they are matched as ordinary characters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:130 +msgid "Example: <SUBJECT>^CN=.* \\(Admin\\),DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:135 +msgid "<ISSUER>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:138 +msgid "" +"With this a part or the whole issuer name of the certificate can be " +"matched. All comments for <SUBJECT> apply her as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:143 +msgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:148 +msgid "<KU>key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:151 +msgid "" +"This option can be used to specify which key usage values the certificate " +"should have. The following values can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:155 +msgid "digitalSignature" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:156 +msgid "nonRepudiation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:157 +msgid "keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:158 +msgid "dataEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:159 +msgid "keyAgreement" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:160 +msgid "keyCertSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:161 +msgid "cRLSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:162 +msgid "encipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:163 +msgid "decipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:167 +msgid "" +"A numerical value in the range of a 32bit unsigned integer can be used as " +"well to cover special use cases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:171 +msgid "Example: <KU>digitalSignature,keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:176 +msgid "<EKU>extended-key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:179 +msgid "" +"This option can be used to specify which extended key usage the certificate " +"should have. The following value can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:183 +msgid "serverAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:184 +msgid "clientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:185 +msgid "codeSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:186 +msgid "emailProtection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:187 +msgid "timeStamping" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:188 +msgid "OCSPSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:189 +msgid "KPClientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:190 +msgid "pkinit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:191 +msgid "msScLogin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:195 +msgid "" +"Extended key usages which are not listed above can be specified with their " +"OID in dotted-decimal notation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:199 +msgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:204 +msgid "<SAN>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:207 +msgid "" +"To be compatible with the usage of MIT Kerberos this option will match the " +"Kerberos principals in the PKINIT or AD NT Principal SAN as " +"<SAN:Principal> does." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:212 +msgid "Example: <SAN>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:217 +msgid "<SAN:Principal>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:220 +msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:224 +msgid "Example: <SAN:Principal>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:229 +msgid "<SAN:ntPrincipalName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:232 +msgid "Match the Kerberos principals from the AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:236 +msgid "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:241 +msgid "<SAN:pkinit>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:244 +msgid "Match the Kerberos principals from the PKINIT SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:247 +msgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:252 +msgid "<SAN:dotted-decimal-oid>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:255 +msgid "" +"Take the value of the otherName SAN component given by the OID in " +"dotted-decimal notation, interpret it as string and try to match it against " +"the regular expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:261 +msgid "Example: <SAN:1.2.3.4>test" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:266 +msgid "<SAN:otherName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:269 +msgid "" +"Do a binary match with the base64 encoded blob against all otherName SAN " +"components. With this option it is possible to match against custom " +"otherName components with special encodings which could not be treated as " +"strings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:276 +msgid "Example: <SAN:otherName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:281 +msgid "<SAN:rfc822Name>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:284 +msgid "Match the value of the rfc822Name SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:287 +msgid "Example: <SAN:rfc822Name>.*@email\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:292 +msgid "<SAN:dNSName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:295 +msgid "Match the value of the dNSName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:298 +msgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:303 +msgid "<SAN:x400Address>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:306 +msgid "Binary match the value of the x400Address SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:309 +msgid "Example: <SAN:x400Address>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:314 +msgid "<SAN:directoryName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:317 +msgid "" +"Match the value of the directoryName SAN. The same comments as given for " +"<ISSUER> and <SUBJECT> apply here as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:322 +msgid "Example: <SAN:directoryName>.*,DC=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:327 +msgid "<SAN:ediPartyName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:330 +msgid "Binary match the value of the ediPartyName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:333 +msgid "Example: <SAN:ediPartyName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:338 +msgid "<SAN:uniformResourceIdentifier>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:341 +msgid "Match the value of the uniformResourceIdentifier SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:344 +msgid "Example: <SAN:uniformResourceIdentifier>URN:.*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:349 +msgid "<SAN:iPAddress>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:352 +msgid "Match the value of the iPAddress SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:355 +msgid "Example: <SAN:iPAddress>192\\.168\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:360 +msgid "<SAN:registeredID>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:363 +msgid "Match the value of the registeredID SAN as dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:367 +msgid "Example: <SAN:registeredID>1\\.2\\.3\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:96 +msgid "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:375 +msgid "MAPPING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:377 +msgid "" +"The mapping rule is used to associate a certificate with one or more " +"accounts. A Smartcard with the certificate and the matching private key can " +"then be used to authenticate as one of those accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:382 +msgid "" +"Currently SSSD basically only supports LDAP to lookup user information (the " +"exception is the proxy provider which is not of relevance here). Because of " +"this the mapping rule is based on LDAP search filter syntax with templates " +"to add certificate content to the filter. It is expected that the filter " +"will only contain the specific data needed for the mapping and that the " +"caller will embed it in another filter to do the actual search. Because of " +"this the filter string should start and stop with '(' and ')' respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:392 +msgid "" +"In general it is recommended to use attributes from the certificate and add " +"them to special attributes to the LDAP user object. E.g. the " +"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute " +"for IPA can be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:398 +msgid "" +"This should be preferred to read user specific data from the certificate " +"like e.g. an email address and search for it in the LDAP server. The reason " +"is that the user specific data in LDAP might change for various reasons " +"would break the mapping. On the other hand it would be hard to break the " +"mapping on purpose for a specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:406 +msgid "" +"The default <quote>mapping rule</quote> type is 'LDAP' which can be added as " +"a prefix to a rule like e.g. " +"'LDAP:(userCertificate;binary={cert!bin})'. There is an extension called " +"'LDAPU1' which offer more templates for more flexibility. To allow older " +"versions of this library to ignore the extension the prefix 'LDAPU1' must be " +"used when using the new templates in a <quote>mapping rule</quote> otherwise " +"the old version of this library will fail with a parsing error. The new " +"templates are described in section <xref linkend=\"map_ldapu1\"/>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:424 +msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:427 +msgid "" +"This template will add the full issuer DN converted to a string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:433 sss-certmap.5.xml:459 +msgid "" +"The conversion options starting with 'ad_' will use attribute names as used " +"by AD, e.g. 'S' instead of 'ST'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:437 sss-certmap.5.xml:463 +msgid "" +"The conversion options starting with 'nss_' will use attribute names as used " +"by NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:441 sss-certmap.5.xml:467 +msgid "" +"The default conversion option is 'nss', i.e. attribute names according to " +"NSS and LDAP/RFC 4514 ordering." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:445 +msgid "" +"Example: " +"(ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!ad})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:450 +msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:453 +msgid "" +"This template will add the full subject DN converted to string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:471 +msgid "" +"Example: " +"(ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>{subject_dn!nss_x500})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:476 +msgid "{cert[!(bin|base64)]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:479 +msgid "" +"This template will add the whole DER encoded certificate as a string to the " +"search filter. Depending on the conversion option the binary certificate is " +"either converted to an escaped hex sequence '\\xx' or base64. The escaped " +"hex sequence is the default and can e.g. be used with the LDAP attribute " +"'userCertificate;binary'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:487 +msgid "Example: (userCertificate;binary={cert!bin})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:492 +msgid "{subject_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:495 +msgid "" +"This template will add the Kerberos principal which is taken either from the " +"SAN used by pkinit or the one used by AD. The 'short_name' component " +"represents the first part of the principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:501 +msgid "" +"Example: " +"(|(userPrincipal={subject_principal})(samAccountName={subject_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:506 +msgid "{subject_pkinit_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:509 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by pkinit. The 'short_name' component represents the first part of the " +"principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:515 +msgid "" +"Example: " +"(|(userPrincipal={subject_pkinit_principal})(uid={subject_pkinit_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:520 +msgid "{subject_nt_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:523 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by AD. The 'short_name' component represent the first part of the principal " +"before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:529 +msgid "" +"Example: " +"(|(userPrincipalName={subject_nt_principal})(samAccountName={subject_nt_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:534 +msgid "{subject_rfc822_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:537 +msgid "" +"This template will add the string which is stored in the rfc822Name " +"component of the SAN, typically an email address. The 'short_name' component " +"represents the first part of the address before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:543 +msgid "" +"Example: " +"(|(mail={subject_rfc822_name})(uid={subject_rfc822_name.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:548 +msgid "{subject_dns_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:551 +msgid "" +"This template will add the string which is stored in the dNSName component " +"of the SAN, typically a fully-qualified host name. The 'short_name' " +"component represents the first part of the name before the first '.' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:557 +msgid "Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:562 +msgid "{subject_uri}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:565 +msgid "" +"This template will add the string which is stored in the " +"uniformResourceIdentifier component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:569 +msgid "Example: (uri={subject_uri})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:574 +msgid "{subject_ip_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:577 +msgid "" +"This template will add the string which is stored in the iPAddress component " +"of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:581 +msgid "Example: (ip={subject_ip_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:586 +msgid "{subject_x400_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:589 +msgid "" +"This template will add the value which is stored in the x400Address " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:594 +msgid "Example: (attr:binary={subject_x400_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:599 +msgid "{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:602 +msgid "" +"This template will add the DN string of the value which is stored in the " +"directoryName component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:606 +msgid "Example: (orig_dn={subject_directory_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:611 +msgid "{subject_ediparty_name}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:614 +msgid "" +"This template will add the value which is stored in the ediPartyName " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:619 +msgid "Example: (attr:binary={subject_ediparty_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:624 +msgid "{subject_registered_id}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:627 +msgid "" +"This template will add the OID which is stored in the registeredID component " +"of the SAN as a dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:632 +msgid "Example: (oid={subject_registered_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:417 +msgid "" +"The templates to add certificate data to the search filter are based on " +"Python-style formatting strings. They consist of a keyword in curly braces " +"with an optional sub-component specifier separated by a '.' or an optional " +"conversion/formatting option separated by a '!'. Allowed values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><title> +#: sss-certmap.5.xml:639 +msgid "LDAPU1 extension" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para> +#: sss-certmap.5.xml:641 +msgid "The following template are available when using the 'LDAPU1' extension:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:647 +msgid "{serial_number[!(dec|hex[_ucr])]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:650 +msgid "" +"This template will add the serial number of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:655 +msgid "" +"With the formatting option '!dec' the number will be printed as decimal " +"string. The hexadecimal output can be printed with upper-case letters " +"('!hex_u'), with a colon separating the hexadecimal bytes ('!hex_c') or with " +"the hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can " +"be combined so that e.g. '!hex_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:665 +msgid "Example: LDAPU1:(serial={serial_number})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:671 +msgid "{subject_key_id[!hex[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:674 +msgid "" +"This template will add the subject key id of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:679 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!hex_u'), " +"with a colon separating the hexadecimal bytes ('!hex_c') or with the " +"hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can be " +"combined so that e.g. '!hex_uc' will produce a colon-separated hexadecimal " +"string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:688 +msgid "Example: LDAPU1:(ski={subject_key_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:694 +msgid "{cert[!DIGEST[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:697 +msgid "" +"This template will add the hexadecimal digest/hash of the certificate where " +"DIGEST must be replaced with the name of a digest/hash function supported by " +"OpenSSL, e.g. 'sha512'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:703 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!sha512_u'), " +"with a colon separating the hexadecimal bytes ('!sha512_c') or with the " +"hexadecimal bytes in reverse order ('!sha512_r'). The postfix letters can be " +"combined so that e.g. '!sha512_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:712 +msgid "Example: LDAPU1:(dgst={cert!sha256})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:718 +msgid "{subject_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:721 +msgid "" +"This template will add an attribute value of a component of the subject DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:726 +msgid "" +"A different component can it either selected by attribute name, " +"e.g. {subject_dn_component.uid} or by position, " +"e.g. {subject_dn_component.[2]} where positive numbers start counting from " +"the most specific component and negative numbers start counting from the " +"least specific component. Attribute name and the position can be combined as " +"e.g. {subject_dn_component.uid[2]} which means that the name of the second " +"component must be 'uid'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:737 +msgid "Example: LDAPU1:(uid={subject_dn_component.uid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:743 +msgid "{issuer_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:746 +msgid "" +"This template will add an attribute value of a component of the issuer DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:751 +msgid "" +"See 'subject_dn_component' for details about the attribute name and position " +"specifiers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:755 +msgid "" +"Example: " +"LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component.dc[-1]})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:760 +msgid "{sid[.rid]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:763 +msgid "" +"This template will add the SID if the corresponding extension introduced by " +"Microsoft with the OID 1.3.6.1.4.1.311.25.2 is available. With the '.rid' " +"selector only the last component, i.e. the RID, will be added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:770 +msgid "Example: LDAPU1:(objectsid={sid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:779 +msgid "DOMAIN LIST" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:781 +msgid "" +"If the domain list is not empty users mapped to a given certificate are not " +"only searched in the local domain but in the listed domains as well as long " +"as they are know by SSSD. Domains not know to SSSD will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider enables SSSD to use the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> identity provider and the <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> authentication provider with optimizations for IPA " +"environments. The IPA provider accepts the same options used by the " +"sssd-ldap and sssd-krb5 providers with some exceptions. However, it is " +"neither necessary nor recommended to set these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:57 +msgid "" +"The IPA provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"As an access provider, the IPA provider has a minimal configuration (see " +"<quote>ipa_access_order</quote>) as it mainly uses HBAC (host-based access " +"control) rules. Please refer to freeipa.org for more information about HBAC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:68 +msgid "" +"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is " +"configured in sssd.conf then the id_provider must also be set to " +"<quote>ipa</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:74 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:90 +msgid "ipa_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:93 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:101 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:104 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:117 +msgid "ipa_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:120 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host. The " +"hostname must be fully qualified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:129 sssd-ad.5.xml:1181 +msgid "dyndns_update (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:132 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA with the IP address of this client. The update is secured " +"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the " +"updates, if it is not otherwise specified by using the " +"<quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:141 sssd-ad.5.xml:1195 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:146 +msgid "" +"NOTE: While it is still possible to use the old " +"<emphasis>ipa_dyndns_update</emphasis> option, users should migrate to using " +"<emphasis>dyndns_update</emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:158 sssd-ad.5.xml:1206 +msgid "dyndns_ttl (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:161 sssd-ad.5.xml:1209 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:166 +msgid "" +"NOTE: While it is still possible to use the old " +"<emphasis>ipa_dyndns_ttl</emphasis> option, users should migrate to using " +"<emphasis>dyndns_ttl</emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:172 +msgid "Default: 1200 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:178 sssd-ad.5.xml:1220 +msgid "dyndns_iface (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 sssd-ad.5.xml:1223 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:188 +msgid "" +"NOTE: While it is still possible to use the old " +"<emphasis>ipa_dyndns_iface</emphasis> option, users should migrate to using " +"<emphasis>dyndns_iface</emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 sssd-ad.5.xml:1234 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 +msgid "dyndns_auth (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"updates with the DNS server, insecure updates can be sent by setting this " +"option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 +msgid "Default: GSS-TSIG" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 +msgid "dyndns_auth_ptr (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"PTR updates with the DNS server, insecure updates can be sent by setting " +"this option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 +msgid "Default: Same as dyndns_auth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:234 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:237 sssd-ad.5.xml:238 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains " +"\"_location.hostname.example.com\" and then fall back to traditional SRV " +"discovery. If the location based discovery succeeds, the IPA servers located " +"with the location based discovery are treated as primary servers and the IPA " +"servers located using the traditional SRV discovery are used as back up " +"servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1240 +msgid "dyndns_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:263 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:276 sssd-ad.5.xml:1258 +msgid "dyndns_update_ptr (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:1261 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 +msgid "Default: False (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 +msgid "dyndns_force_tcp (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 +msgid "dyndns_update_per_family (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 +msgid "" +"DNS update is by default performed in two steps - IPv4 update and then IPv6 " +"update. In some cases it might be desirable to perform IPv4 and IPv6 update " +"in single step." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:353 +msgid "ipa_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:360 +msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:399 +msgid "" +"Please note that 'access_provider = ipa' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:406 +msgid "ipa_deskprofile_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:409 +msgid "" +"Optional. Use the given string as search base for Desktop Profile related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 +msgid "Default: Use base DN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:419 +msgid "ipa_subid_ranges_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"Optional. Use the given string as search base for subordinate ranges related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:426 +msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:433 +msgid "ipa_hbac_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:436 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 +msgid "Deprecated. Use ldap_host_search_base instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:455 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:458 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:474 +msgid "ipa_subdomains_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:477 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:486 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:493 +msgid "ipa_master_domain_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:496 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:505 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:524 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:534 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:538 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 +msgid "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:564 +msgid "ipa_deskprofile_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:567 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server. This will reduce the latency and load on the IPA server if there " +"are many desktop profiles requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 +msgid "Default: 5 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:580 +msgid "ipa_deskprofile_request_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:583 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server in case the last request did not return any rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:588 +msgid "Default: 60 (minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:594 +msgid "ipa_hbac_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:597 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:610 +msgid "ipa_hbac_selinux (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:613 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:626 +msgid "ipa_server_mode (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "" +"This option will be set by the IPA installer (ipa-server-install) " +"automatically and denotes if SSSD is running on an IPA server or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:634 +msgid "" +"On an IPA server SSSD will lookup users and groups from trusted domains " +"directly while on a client it will ask an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:639 +msgid "" +"NOTE: There are currently some assumptions that must be met when SSSD is " +"running on an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "" +"The <quote>ipa_server</quote> option must be configured to point to the IPA " +"server itself. This is already the default set by the IPA installer, so no " +"manual change is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:653 +msgid "" +"The <quote>full_name_format</quote> option must not be tweaked to only print " +"short names for users from trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:668 +msgid "ipa_automount_location (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:671 +msgid "The automounter location this IPA client will be using" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:674 +msgid "Default: The location named \"default\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:682 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:691 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:694 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:697 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:703 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:706 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 +#: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 +#: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 +#: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 +msgid "Default: cn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:716 +msgid "ipa_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:719 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:722 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:728 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:731 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:735 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:741 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:744 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:749 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:752 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:755 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:758 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:761 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:764 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:767 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:770 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:775 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:781 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:784 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:789 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:792 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:795 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:800 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:684 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:812 +msgid "SUBDOMAINS PROVIDER" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:814 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:818 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:824 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of " +"sssd.conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:835 +msgid "TRUSTED DOMAINS CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:843 +#, no-wrap +msgid "" +"[domain/ipa.domain.com/ad.domain.com]\n" +"ad_server = dc.ad.domain.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:837 +msgid "" +"Some configuration options can also be set for a trusted domain. A trusted " +"domain configuration can be set using the trusted domain subsection as shown " +"in the example below. Alternatively, the <quote>subdomain_inherit</quote> " +"option can be used in the parent domain. <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:848 +msgid "" +"For more details, see the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:855 +msgid "" +"Different configuration options are tunable for a trusted domain depending " +"on whether you are configuring SSSD on an IPA server or an IPA client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:860 +msgid "OPTIONS TUNABLE ON IPA MASTERS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:862 +msgid "The following options can be set in a subdomain section on an IPA master:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 +msgid "ad_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:869 +msgid "ad_backup_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 +msgid "ad_site" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:875 +msgid "ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:878 +msgid "ldap_user_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:881 +msgid "ldap_group_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:890 +msgid "OPTIONS TUNABLE ON IPA CLIENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:892 +msgid "The following options can be set in a subdomain section on an IPA client:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:904 +msgid "" +"Note that if both options are set, only <quote>ad_server</quote> is " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:908 +msgid "" +"Since any request for a user or a group identity from a trusted domain " +"triggered from an IPA client is resolved by the IPA server, the " +"<quote>ad_server</quote> and <quote>ad_site</quote> options only affect " +"which AD DC will the authentication be performed against. In particular, the " +"addresses resolved from these lists will be written to " +"<quote>kdcinfo</quote> files read by the Kerberos locator plugin. Please " +"refer to the <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more details on the " +"Kerberos locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:932 +msgid "" +"The following example assumes that SSSD is correctly configured and " +"example.com is one of the domains in the <replaceable>[sssd]</replaceable> " +"section. This examples shows only the ipa provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:939 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory " +"server. This provider requires that the machine be joined to the AD domain " +"and a keytab is available. Back end communication occurs over a " +"GSSAPI-encrypted channel, SSL/TLS options should not be used with the AD " +"provider and will be superseded by Kerberos usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:44 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or " +"later. Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:48 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always " +"auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:54 +msgid "" +"The AD provider enables SSSD to use the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> identity provider and the <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> authentication provider with optimizations for Active " +"Directory environments. The AD provider accepts the same options used by the " +"sssd-ldap and sssd-krb5 providers with some exceptions. However, it is " +"neither necessary nor recommended to set these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"The AD provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:74 +msgid "" +"The AD provider can also be used as an access, chpass, sudo and autofs " +"provider. No configuration of the access provider is required on the client " +"side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:79 +msgid "" +"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is " +"configured in sssd.conf then the id_provider must also be set to " +"<quote>ad</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:91 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:85 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should " +"be used, it is recommended for performance reasons that the attributes are " +"also replicated to the Global Catalog. If POSIX attributes are replicated, " +"SSSD will attempt to locate the domain of a requested numerical ID with the " +"help of the Global Catalog and only search that domain. In contrast, if " +"POSIX attributes are not replicated to the Global Catalog, SSSD must search " +"all the domains in the forest sequentially. Please note that the " +"<quote>cache_first</quote> option might be also helpful in speeding up " +"domainless searches. Note that if only a subset of POSIX attributes is " +"present in the Global Catalog, the non-replicated attributes are currently " +"not read from the LDAP port." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:108 +msgid "" +"Users, groups and other entities served by SSSD are always treated as " +"case-insensitive in the AD provider for compatibility with Active " +"Directory's LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:113 +msgid "" +"SSSD only resolves Active Directory Security Groups. For more information " +"about AD group types see: <ulink " +"url=\"https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups\"> " +"Active Directory security groups</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:120 +msgid "" +"SSSD filters out Domain Local groups from remote domains in the AD " +"forest. By default they are filtered out e.g. when following a nested group " +"hierarchy in remote domains because they are not valid in the local " +"domain. This is done to be in agreement with Active Directory's " +"group-membership assignment which can be seen in the PAC of the Kerberos " +"ticket of a user issued by Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:138 +msgid "ad_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:141 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:146 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:151 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:158 +msgid "ad_enabled_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:161 +msgid "" +"A comma-separated list of enabled Active Directory domains. If provided, " +"SSSD will ignore any domains not listed in this option. If left unset, all " +"discovered domains from the AD forest will be available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:168 +msgid "" +"During the discovery of the domains SSSD will filter out some domains where " +"flags or attributes indicate that they do not belong to the local forest or " +"are not trusted. If ad_enabled_domains is set, SSSD will try to enable all " +"listed domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:179 +#, no-wrap +msgid "" +"ad_enabled_domains = sales.example.com, eng.example.com\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:175 +msgid "" +"For proper operation, this option must be specified in all lower-case and as " +"the fully qualified domain name of the Active Directory domain. For example: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) will be " +"autodetected by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:193 +msgid "ad_server, ad_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:196 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:203 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:208 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:216 +msgid "ad_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:219 +msgid "" +"Optional. On machines where the hostname(5) does not reflect the fully " +"qualified name, sssd will try to expand the short name. If it is not " +"possible or the short name should be really used instead, set this parameter " +"explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:226 +msgid "" +"This field is used to determine the host principal in use in the keytab and " +"to perform dynamic DNS updates. It must match the hostname for which the " +"keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:235 +msgid "ad_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:258 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:261 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the " +"<quote>access_provider</quote> option must be explicitly set to " +"<quote>ad</quote> in order for this option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:269 +msgid "" +"The option also supports specifying different filters per domain or " +"forest. This extended filter would consist of: " +"<quote>KEYWORD:NAME:FILTER</quote>. The keyword can be either " +"<quote>DOM</quote>, <quote>FOREST</quote> or missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:277 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then " +"<quote>NAME</quote> specifies the domain or subdomain the filter applies " +"to. If the keyword equals to <quote>FOREST</quote>, then the filter equals " +"to all domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:285 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"Nested group membership must be searched for using a special OID " +"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full " +"DOM:domain.example.org: syntax to ensure the parser does not attempt to " +"interpret the colon characters associated with the OID. If you do not use " +"this OID then nested group membership will not be resolved. See usage " +"example below and refer here for further information about the OID: <ulink " +"url=\"https://msdn.microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] " +"section LDAP extensions</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:303 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the " +"per-domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:314 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +"\n" +"# apply filter for a member of a nested group in dom1:\n" +"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:333 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:347 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:350 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:358 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:372 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:384 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to the host. For more " +"information on the supported policy settings please refer to the " +"<quote>ad_gpo_map</quote> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:392 +msgid "" +"Please note that current version of SSSD does not support Active Directory's " +"built-in groups. Built-in groups (such as Administrators with SID " +"S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See " +"upstream issue tracker https://github.com/SSSD/sssd/issues/5063 ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:401 +msgid "" +"Before performing access control SSSD applies group policy security " +"filtering on the GPOs. For every single user login, the applicability of the " +"GPOs that are linked to the host is checked. In order for a GPO to apply to " +"a user, the user or at least one of the groups to which it belongs must have " +"following permissions on the GPO:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:411 +msgid "" +"Read: The user or one of its groups must have read access to the properties " +"of the GPO (RIGHT_DS_READ_PROPERTY)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:418 +msgid "" +"Apply Group Policy: The user or at least one of its groups must be allowed " +"to apply the GPO (RIGHT_DS_CONTROL_ACCESS)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:426 +msgid "" +"By default, the Authenticated Users group is present on a GPO and this group " +"has both Read and Apply Group Policy access rights. Since authentication of " +"a user must have been completed successfully before GPO security filtering " +"and access control are started, the Authenticated Users group permissions on " +"the GPO always apply also to the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:435 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing. For logging GPO-based access control debug level 'trace " +"functions' is required (see <citerefentry> " +"<refentrytitle>sssctl</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> manual page)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:458 +msgid "disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:464 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:470 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:481 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:484 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:490 +msgid "ad_gpo_implicit_deny (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:493 +msgid "" +"Normally when no applicable GPOs are found the users are allowed " +"access. When this option is set to True users will be allowed access only " +"when explicitly allowed by a GPO rule. Otherwise users will be denied " +"access. This can be used to harden security but be careful when using this " +"option because it can deny access even to users in the built-in " +"Administrators group if no GPO rules apply to them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:509 +msgid "" +"The following 2 tables should illustrate when a user is allowed or rejected " +"based on the allow and deny login rights defined on the server-side and the " +"setting of ad_gpo_implicit_deny." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:521 +msgid "ad_gpo_implicit_deny = False (default)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "allow-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "deny-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:523 sssd-ad.5.xml:549 +msgid "results" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:526 sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:552 +#: sssd-ad.5.xml:555 sssd-ad.5.xml:558 +msgid "missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:527 +msgid "all users are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:535 sssd-ad.5.xml:555 +#: sssd-ad.5.xml:558 sssd-ad.5.xml:561 +msgid "present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:530 +msgid "only users not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:533 sssd-ad.5.xml:559 +msgid "only users in allow-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:536 sssd-ad.5.xml:562 +msgid "only users in allow-rules and not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:547 +msgid "ad_gpo_implicit_deny = True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:553 sssd-ad.5.xml:556 +msgid "no users are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:569 +msgid "ad_gpo_ignore_unreadable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:572 +msgid "" +"Normally when some group policy containers (AD object) of applicable group " +"policy objects are not readable by SSSD then users are denied access. This " +"option allows to ignore group policy containers and with them associated " +"policies if their attributes in group policy containers are not readable for " +"SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:589 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:605 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:608 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings. Only those GPOs are evaluated " +"for which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny interactive logon setting for the user or one of its groups, the user " +"is denied local access. If none of the evaluated GPOs has an interactive " +"logon right defined, the user is granted local access. If at least one " +"evaluated GPO contains interactive logon right settings, the user is granted " +"local access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:626 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:640 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:631 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right " +"(e.g. <quote>login</quote>) with a custom pam service name " +"(e.g. <quote>my_pam_service</quote>), you would use the following " +"configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:663 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:683 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:688 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:693 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:698 +msgid "unity" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:703 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:712 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:715 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings. Only those GPOs are " +"evaluated for which the user has Read and Apply Group Policy permission (see " +"option <quote>ad_gpo_access_control</quote>). If an evaluated GPO contains " +"the deny remote logon setting for the user or one of its groups, the user is " +"denied remote interactive access. If none of the evaluated GPOs has a " +"remote interactive logon right defined, the user is granted remote " +"access. If at least one evaluated GPO contains remote interactive logon " +"right settings, the user is granted remote access only, if it or at least " +"one of its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:734 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:749 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:740 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right " +"(e.g. <quote>sshd</quote>) with a custom pam service name " +"(e.g. <quote>my_pam_service</quote>), you would use the following " +"configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:757 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:762 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:771 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny network logon setting for the user or one of its groups, the user is " +"denied network logon access. If none of the evaluated GPOs has a network " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains network logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:792 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:807 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:798 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right " +"(e.g. <quote>ftp</quote>) with a custom pam service name " +"(e.g. <quote>my_pam_service</quote>), you would use the following " +"configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:815 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:820 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:829 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:832 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings. Only those GPOs are evaluated for which the user has Read " +"and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny batch logon setting for the user or one of its groups, the user is " +"denied batch logon access. If none of the evaluated GPOs has a batch logon " +"right defined, the user is granted logon access. If at least one evaluated " +"GPO contains batch logon right settings, the user is granted logon access " +"only, if it or at least one of its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:850 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:864 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:855 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right " +"(e.g. <quote>crond</quote>) with a custom pam service name " +"(e.g. <quote>my_pam_service</quote>), you would use the following " +"configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:867 +msgid "Note: Cron service name may differ depending on Linux distribution used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:873 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:882 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:885 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny service logon setting for the user or one of its groups, the user is " +"denied service logon access. If none of the evaluated GPOs has a service " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains service logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:903 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:916 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:908 sssd-ad.5.xml:983 +msgid "" +"It is possible to add a PAM service name to the default set by using " +"<quote>+service_name</quote>. Since the default set is empty, it is not " +"possible to remove a PAM service name from the default set. For example, in " +"order to add a custom pam service name (e.g. <quote>my_pam_service</quote>), " +"you would use the following configuration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:926 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:929 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:943 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:934 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name " +"(e.g. <quote>my_pam_service</quote>), you would use the following " +"configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:951 +msgid "polkit-1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:966 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:975 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:978 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:991 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1001 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1004 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1017 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1026 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1031 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1036 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1041 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1046 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1051 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1057 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1063 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1066 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1072 +msgid "Default: 30 days" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1078 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1081 +msgid "" +"This option should only be used to test the machine account renewal " +"task. The option expects 2 integers separated by a colon (':'). The first " +"integer defines the interval in seconds how often the task is run. The " +"second specifies the initial timeout in seconds before the task is run for " +"the first time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1090 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1096 +msgid "ad_update_samba_machine_account_password (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1099 +msgid "" +"If enabled, when SSSD renews the machine account password, it will also be " +"updated in Samba's database. This prevents Samba's copy of the machine " +"account password from getting out of date when it is set up to use AD for " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1112 +msgid "ad_use_ldaps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1115 +msgid "" +"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " +"3628. If this option is set to True SSSD will use the LDAPS port 636 and " +"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " +"have multiple encryption layers on a single connection and we still want to " +"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " +"property maxssf is set to 0 (zero) for those connections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1132 +msgid "ad_allow_remote_domain_local_groups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1135 +msgid "" +"If this option is set to <quote>true</quote> SSSD will not filter out Domain " +"Local groups from remote domains in the AD forest. By default they are " +"filtered out e.g. when following a nested group hierarchy in remote domains " +"because they are not valid in the local domain. To be compatible with other " +"solutions which make AD users and groups available on Linux client this " +"option was added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1145 +msgid "" +"Please note that setting this option to <quote>true</quote> will be against " +"the intention of Domain Local group in Active Directory and <emphasis>SHOULD " +"ONLY BE USED TO FACILITATE MIGRATION FROM OTHER " +"SOLUTIONS</emphasis>. Although the group exists and user can be member of " +"the group the intention is that the group should be only used in the domain " +"it is defined and in no others. Since there is only one type of POSIX groups " +"the only way to achieve this on the Linux side is to ignore those " +"groups. This is also done by Active Directory as can be seen in the PAC of " +"the Kerberos ticket for a local service or in tokenGroups requests where " +"remote Domain Local groups are missing as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1161 +msgid "" +"Given the comments above, if this option is set to <quote>true</quote> the " +"tokenGroups request must be disabled by setting " +"<quote>ldap_use_tokengroups</quote> to <quote>false</quote> to get " +"consistent group-memberships of a users. Additionally the Global Catalog " +"lookup should be skipped as well by setting <quote>ad_enable_gc</quote> to " +"<quote>false</quote>. Finally it might be necessary to modify " +"<quote>ldap_group_nesting_level</quote> if the remote Domain Local groups " +"can only be found with a deeper nesting level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1184 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1214 +msgid "Default: 3600 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1230 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1243 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true. Note that the " +"lowest possible value is 60 seconds in-case if value is provided less than " +"60, parameter will assume lowest value only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1393 +msgid "" +"The following example assumes that SSSD is correctly configured and " +"example.com is one of the domains in the <replaceable>[sssd]</replaceable> " +"section. This example shows only the AD provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1400 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1420 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1416 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1426 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1434 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included in the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> file (which should contain rules " +"that apply to local users) and then in SSSD, the nsswitch.conf file should " +"contain the following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> " +"</citerefentry> to your NIS domain name (which equals to IPA domain name " +"when using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. To speed up the LDAP lookups, you " +"can also set search base for sudo rules using " +"<emphasis>ldap_sudo_search_base</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:98 +msgid "" +"<placeholder type=\"programlisting\" id=\"0\"/> <phrase " +"condition=\"have_systemd\"> It's important to note that on platforms where " +"systemd is supported there's no need to add the \"sudo\" provider to the " +"list of services, as it became optional. However, sssd-sudo.socket must be " +"enabled instead. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:118 +msgid "" +"When SSSD is configured to use IPA as the ID provider, the sudo provider is " +"automatically enabled. The sudo search base is configured to use the IPA " +"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in " +"sssd.conf, this value will be used instead. The compat tree " +"(ou=sudoers,$SUFFIX) is no longer required for IPA sudo functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:128 +msgid "The SUDO rule caching mechanism" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:130 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:138 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:144 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the " +"server. This is used to keep the cache consistent by removing every rule " +"which was deleted from the server. However, full refresh may produce a lot " +"of traffic and thus it should be run only occasionally depending on the size " +"and stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs " +"sudo. Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been " +"deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:161 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this " +"machine. This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:168 +msgid "keyword ALL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:173 +msgid "wildcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:178 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:183 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:188 +msgid "one of the IP addresses of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:193 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:199 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> and \"sudo_*\" in <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:213 +msgid "Tuning the performance" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:215 +msgid "" +"SSSD uses different kinds of mechanisms with more or less complex LDAP " +"filters to keep the cached sudo rules up to date. The default configuration " +"is set to values that should satisfy most of our users, but the following " +"paragraphs contain few tips on how to fine- tune the configuration to your " +"requirements." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:222 +msgid "" +"1. <emphasis>Index LDAP attributes</emphasis>. Make sure that following LDAP " +"attributes are indexed: objectClass, cn, entryUSN or modifyTimestamp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:227 +msgid "" +"2. <emphasis>Set ldap_sudo_search_base</emphasis>. Set the search base to " +"the container that holds the sudo rules to limit the scope of the lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:232 +msgid "" +"3. <emphasis>Set full and smart refresh interval</emphasis>. If your sudo " +"rules do not change often and you do not require quick update of cached " +"rules on your clients, you may consider increasing the " +"<emphasis>ldap_sudo_full_refresh_interval</emphasis> and " +"<emphasis>ldap_sudo_smart_refresh_interval</emphasis>. You may also consider " +"disabling the smart refresh by setting " +"<emphasis>ldap_sudo_smart_refresh_interval = 0</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:241 +msgid "" +"4. If you have large number of clients, you may consider increasing the " +"value of <emphasis>ldap_sudo_random_offset</emphasis> to distribute the load " +"on the server better." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> " +"<replaceable>LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>--logger=</option><replaceable>value</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "Location where SSSD will send log messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:92 +msgid "" +"<emphasis>stderr</emphasis>: Redirect debug messages to standard error " +"output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:96 +msgid "" +"<emphasis>files</emphasis>: Redirect debug messages to the log files. By " +"default, the log files are stored in <filename>/var/log/sssd</filename> and " +"there are separate log files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:102 +msgid "<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:106 +msgid "Default: not set (fall back to journald if available, otherwise to stderr)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:113 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:117 +msgid "Become a daemon after starting up." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:123 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:127 +msgid "Run in the foreground, don't become a daemon." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:133 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:137 +msgid "" +"Specify a non-default config file. The default is " +"<filename>/etc/sssd/sssd.conf</filename>. For reference on the config file " +"syntax and options, consult the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "<option>-g</option>,<option>--genconf</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:154 +msgid "" +"Do not start the SSSD, but refresh the configuration database from the " +"contents of <filename>/etc/sssd/sssd.conf</filename> and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:162 +msgid "<option>-s</option>,<option>--genconf-section</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:166 +msgid "" +"Similar to <quote>--genconf</quote>, but only refresh a single section from " +"the configuration file. This option is useful mainly to be called from " +"systemd unit files to allow socket-activated responders to refresh their " +"configuration without requiring the administrator to restart the whole SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:178 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:182 +msgid "Print version number and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:190 +msgid "Signals" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:193 +msgid "SIGTERM/SIGINT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:196 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:202 +msgid "SIGHUP" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:205 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:213 +msgid "SIGUSR1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:216 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:225 +msgid "SIGUSR2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:228 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:240 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:244 +msgid "" +"If the environment variable SSS_LOCKFREE is set to \"NO\", requests from " +"multiple threads of a single application will be serialized." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>[PASSWORD]</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into " +"human-unreadable format and places it into appropriate domain section of the " +"SSSD config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> for more details on these parameters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> " +"<replaceable>DOMAIN</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is " +"<quote>default</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg " +"choice='plain'><replaceable>COMMAND</replaceable></arg> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:48 +msgid "" +"<emphasis>NOTE:</emphasis> The options provided in this man page only work " +"with <quote>ldap</quote> and <quote>AD</quote> <quote> " +"id_provider</quote>. IPA overrides can be managed centrally on the IPA " +"server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:56 sssctl.8.xml:41 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:58 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:65 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> " +"<optional><option>-n,--name</option> NAME</optional> " +"<optional><option>-u,--uid</option> UID</optional> " +"<optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> " +"<optional><option>-s,--shell</option> SHELL</optional> " +"<optional><option>-c,--gecos</option> GECOS</optional> " +"<optional><option>-x,--certificate</option> BASE64 ENCODED " +"CERTIFICATE</optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:78 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:86 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:91 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:100 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> " +"DOMAIN</optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:105 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:113 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:118 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:124 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:134 +msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:137 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:146 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:149 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:155 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:160 +msgid "" +"Export all overridden attributes and store them in " +"<emphasis>FILE</emphasis>. See <emphasis>user-import</emphasis> for data " +"format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:168 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> " +"<optional><option>-n,--name</option> NAME</optional> " +"<optional><option>-g,--gid</option> GID</optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:175 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:183 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:188 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:197 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> " +"DOMAIN</optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:202 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:210 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:215 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:221 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:231 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:234 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:243 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:246 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:252 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:257 +msgid "" +"Export all overridden attributes and store them in " +"<emphasis>FILE</emphasis>. See <emphasis>group-import</emphasis> for data " +"format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:267 sssctl.8.xml:50 +msgid "COMMON OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:269 sssctl.8.xml:52 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:274 sssctl.8.xml:57 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, please refer to the " +"<quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> " +"<refentrytitle>k5login</refentrytitle><manvolnum>5</manvolnum> " +"</citerefentry> for more details. Please note that an empty .k5login file " +"will deny all access to this user. To activate this feature, use " +"'access_provider = krb5' in your SSSD configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of " +"preference. For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 include/override_homedir.xml:42 +msgid "%h" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:124 +msgid "home directory" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:31 +msgid "%P" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:56 +msgid "%%" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:57 +msgid "a literal '%'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is " +"<quote>KEYRING:persistent:%U</quote>, which uses the Linux kernel keyring to " +"store credentials on a per-UID basis. This is also the recommended choice, " +"as it is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> uses different expansion sequences " +"than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:253 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:256 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:261 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:274 +msgid "krb5_use_fast (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:277 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos " +"pre-authentication. The following options are supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:282 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:286 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:291 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:296 +msgid "Default: not set, i.e. FAST is not used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:299 +msgid "NOTE: a keytab or support for anonymous PKINIT is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:303 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:312 +msgid "krb5_fast_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:315 +msgid "Specifies the server principal to use for FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:321 +msgid "krb5_fast_use_anonymous_pkinit (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:324 +msgid "" +"If set to true try to use anonymous PKINIT instead of a keytab to get the " +"required credential for FAST. The krb5_fast_principal options is ignored in " +"this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:364 +msgid "krb5_kdcinfo_lookahead (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:367 +msgid "" +"When krb5_use_kdcinfo is set to true, you can limit the amount of servers " +"handed to <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. This might be helpful when there " +"are too many servers discovered using SRV record." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:377 +msgid "" +"The krb5_kdcinfo_lookahead option contains two numbers separated by a " +"colon. The first number represents number of primary servers used and the " +"second number specifies the number of backup servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:383 +msgid "" +"For example <emphasis>10:0</emphasis> means that up to 10 primary servers " +"will be handed to <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> but no backup servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:392 +msgid "Default: 3:1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:398 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:401 +msgid "" +"Specifies if the user principal should be treated as enterprise " +"principal. See section 5 of RFC 6806 for more details about enterprise " +"principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:407 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:410 +msgid "" +"The IPA provider will set to option to 'true' if it detects that the server " +"is capable of handling enterprise principals and the option is not set " +"explicitly in the config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:419 +msgid "krb5_use_subdomain_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:422 +msgid "" +"Specifies to use subdomains realms for the authentication of users from " +"trusted domains. This option can be set to 'true' if enterprise principals " +"are used with upnSuffixes which are not known on the parent domain KDCs. If " +"the option is set to 'true' SSSD will try to send the request directly to a " +"KDC of the trusted domain the user is coming from." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:438 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:453 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:458 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. " +"<quote>richard@REALM</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page, section <quote>DOMAIN SECTIONS</quote>, for " +"details on the configuration of an SSSD domain. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:485 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:493 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online. Options that invalidate a single object only accept a " +"single provided argument." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:43 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:47 +msgid "Invalidate all cached entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:53 +msgid "<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:58 +msgid "Invalidate specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:64 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:68 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:75 +msgid "" +"<option>-g</option>,<option>--group</option> " +"<replaceable>group</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:80 +msgid "Invalidate specific group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:86 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:90 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:97 +msgid "" +"<option>-n</option>,<option>--netgroup</option> " +"<replaceable>netgroup</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:102 +msgid "Invalidate specific netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:108 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:112 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:119 +msgid "" +"<option>-s</option>,<option>--service</option> " +"<replaceable>service</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:124 +msgid "Invalidate specific service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:130 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:134 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:141 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> " +"<replaceable>autofs-map</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:146 +msgid "Invalidate specific autofs maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:152 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:156 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:163 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> " +"<replaceable>hostname</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:168 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:174 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:178 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:186 +msgid "" +"<option>-r</option>,<option>--sudo-rule</option> " +"<replaceable>rule</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:191 +msgid "Invalidate particular sudo rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:197 +msgid "<option>-R</option>,<option>--sudo-rules</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:201 +msgid "" +"Invalidate all cached sudo rules. This option overrides invalidation of " +"specific sudo rule if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:209 +msgid "" +"<option>-d</option>,<option>--domain</option> " +"<replaceable>domain</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:214 +msgid "Restrict invalidation process only to a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_cache.8.xml:224 +msgid "EFFECTS ON THE FAST MEMORY CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:226 +msgid "" +"<command>sss_cache</command> also invalidates the memory cache. Since the " +"memory cache is a file which is mapped into the memory of each process which " +"called SSSD to resolve users or groups the file cannot be truncated. A " +"special flag is set in the header of the file to indicate that the content " +"is invalid and then the file is unlinked by SSSD's NSS responder and a new " +"cache file is created. Whenever a process is now doing a new lookup for a " +"user or a group it will see the flag, close the old memory cache file and " +"map the new one into its memory. When all processes which had opened the old " +"memory cache file have closed it while looking up a user or a group the " +"kernel can release the occupied disk space and the old memory cache file is " +"finally removed completely." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:240 +msgid "" +"A special case is long running processes which are doing user or group " +"lookups only at startup, e.g. to determine the name of the user the process " +"is running as. For those lookups the memory cache file is mapped into the " +"memory of the process. But since there will be no further lookups this " +"process would never detect if the memory cache file was invalidated and " +"hence it will be kept in memory and will occupy disk space until the process " +"stops. As a result calling <command>sss_cache</command> might increase the " +"disk usage because old memory cache files cannot be removed from the disk " +"because they are still mapped by long running processes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:252 +msgid "" +"A possible work-around for long running processes which are looking up users " +"and groups only at startup or very rarely is to run them with the " +"environment variable SSS_NSS_USE_MEMCACHE set to \"NO\" so that they won't " +"use the memory cache at all and not map the memory cache file into the " +"memory. In general a better solution is to tune the cache timeout parameters " +"so that they meet the local expectations and calling " +"<command>sss_cache</command> is not needed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "[DEPRECATED] change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>NEW_DEBUG_LEVEL</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl " +"debug-level command. Please refer to the <command>sssctl</command> man page " +"for more information on sssctl usage." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg choice='plain'>-D " +"<replaceable>DOMAIN</replaceable></arg> <arg choice='plain'>-n " +"<replaceable>USER</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> " +"<replaceable>DOMAIN</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> " +"<replaceable>USER</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:76 +msgid "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:88 +msgid "<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> " +"<replaceable>COMMENT</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> " +"<replaceable>HOME_DIR</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> " +"<replaceable>SHELL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> " +"<replaceable>PASS_FILE</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or " +"--password-file option) must be less than or equal to PASS_MAX bytes (64 " +"bytes on systems with no globally-defined PASS_MAX value)." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ifp.5.xml:43 +msgid "FIND BY VALID CERTIFICATE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:45 +msgid "" +"The following options can be used to control how the certificates are " +"validated when using the FindByValidCertificate() API:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:48 sss_ssh_authorizedkeys.1.xml:92 +msgid "ca_db" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:49 sss_ssh_authorizedkeys.1.xml:93 +msgid "p11_child_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:50 sss_ssh_authorizedkeys.1.xml:94 +msgid "certificate_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:52 +msgid "" +"For more details about the options see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:62 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:69 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:75 +msgid "Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:79 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:93 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:108 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:115 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:116 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:119 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:120 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:123 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:127 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:128 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:97 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> and includes: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:141 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:133 +msgid "" +"It is possible to add another attribute to this set by using " +"<quote>+attr_name</quote> or explicitly remove an attribute using " +"<quote>-attr_name</quote>. For example, to allow " +"<quote>telephoneNumber</quote> but deny <quote>loginShell</quote>, you would " +"use the following configuration: <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:145 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:155 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:160 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> " +"<firstname>Noam</firstname> <surname>Meltzer</surname> <affiliation> " +"<orgname>Primary Data Inc.</orgname> </affiliation> <contrib>Developer " +"(2013-2014)</contrib> </author> <author> <firstname>Noam</firstname> " +"<surname>Meltzer</surname> <contrib>Developer (2014-)</contrib> " +"<email>tsnoam@gmail.com</email> </author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at " +"<emphasis>/etc/idmapd.conf</emphasis>. See <citerefentry> " +"<refentrytitle>idmapd.conf</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:316 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> " +"</citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> " +"<manvolnum>8</manvolnum></citerefentry> for more information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> " +"<manvolnum>8</manvolnum></citerefentry> can be configured to use " +"<command>sss_ssh_authorizedkeys</command> for public key user authentication " +"if it is compiled with support for <quote>AuthorizedKeysCommand</quote> " +"option. Please refer to the <citerefentry> " +"<refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> man page for more details about this " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:59 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:52 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> " +"<manvolnum>8</manvolnum></citerefentry> can be configured to use it by " +"putting the following directives in <citerefentry> " +"<refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_ssh_authorizedkeys.1.xml:65 +msgid "KEYS FROM CERTIFICATES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:67 +msgid "" +"In addition to the public SSH keys for user <replaceable>USER</replaceable> " +"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived " +"from the public key of a X.509 certificate as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:73 +msgid "" +"To enable this the <quote>ssh_use_certificate_keys</quote> option must be " +"set to true (default) in the [ssh] section of " +"<filename>sssd.conf</filename>. If the user entry contains certificates (see " +"<quote>ldap_user_certificate</quote> in " +"<citerefentry><refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for details) or there is a " +"certificate in an override entry for the user (see " +"<citerefentry><refentrytitle>sss_override</refentrytitle> " +"<manvolnum>8</manvolnum></citerefentry> or " +"<citerefentry><refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for details) and the certificate is " +"valid SSSD will extract the public key from the certificate and convert it " +"into the format expected by sshd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:90 +msgid "Besides <quote>ssh_use_certificate_keys</quote> the options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:96 +msgid "" +"can be used to control how the certificates are validated (see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:101 +msgid "" +"The validation is the benefit of using X.509 certificates instead of SSH " +"keys directly because e.g. it gives a better control of the lifetime of the " +"keys. When the ssh client is configured to use the private keys from a " +"Smartcard with the help of a PKCS#11 shared library (see " +"<citerefentry><refentrytitle>ssh</refentrytitle> " +"<manvolnum>1</manvolnum></citerefentry> for details) it might be irritating " +"that authentication is still working even if the related X.509 certificate " +"on the Smartcard is already expired because neither <command>ssh</command> " +"nor <command>sshd</command> will look at the certificate at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:114 +msgid "" +"It has to be noted that the derived public SSH key can still be added to the " +"<filename>authorized_keys</filename> file of the user to bypass the " +"certificate validation if the <command>sshd</command> configuration permits " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:132 +msgid "" +"Search for user public keys in SSSD domain " +"<replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:102 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:104 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is " +"returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> " +"<manvolnum>8</manvolnum></citerefentry> for more information) " +"<filename>/var/lib/sss/pubconf/known_hosts</filename> and establishes the " +"connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> " +"<manvolnum>1</manvolnum></citerefentry> can be configured to use " +"<command>sss_ssh_knownhostsproxy</command> for host key authentication by " +"using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> " +"<manvolnum>1</manvolnum></citerefentry> configuration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain " +"<replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:89 +msgid "<option>-k</option>,<option>--pubkey</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:93 +msgid "Print the host ssh public keys for host <replaceable>HOST</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: idmap_sss.8.xml:10 idmap_sss.8.xml:15 +msgid "idmap_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: idmap_sss.8.xml:16 +msgid "SSSD's idmap_sss Backend for Winbind" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:22 +msgid "" +"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and " +"SIDs. No database is required in this case as the mapping is done by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: idmap_sss.8.xml:29 +msgid "IDMAP OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: idmap_sss.8.xml:33 +msgid "range = low - high" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: idmap_sss.8.xml:35 +msgid "" +"Defines the available matching UID and GID range for which the backend is " +"authoritative." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:45 +msgid "This example shows how to configure idmap_sss as the default mapping module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: idmap_sss.8.xml:50 +#, no-wrap +msgid "" +"[global]\n" +"security = ads\n" +"workgroup = <AD-DOMAIN-SHORTNAME>\n" +"\n" +"idmap config <AD-DOMAIN-SHORTNAME> : backend = sss\n" +"idmap config <AD-DOMAIN-SHORTNAME> : range = " +"200000-2147483647\n" +"\n" +"idmap config * : backend = tdb\n" +"idmap config * : range = 100000-199999\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:62 +msgid "" +"Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of " +"the AD domain. If multiple AD domains should be used each domain needs an " +"<literal>idmap config</literal> line with <literal>backend = sss</literal> " +"and a line with a suitable <literal>range</literal>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:69 +msgid "" +"Since Winbind requires a writeable default backend and idmap_sss is " +"read-only the example includes <literal>backend = tdb</literal> as default." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssctl.8.xml:10 sssctl.8.xml:15 +msgid "sssctl" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssctl.8.xml:16 +msgid "SSSD control and status utility" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssctl.8.xml:21 +msgid "" +"<command>sssctl</command> <arg " +"choice='plain'><replaceable>COMMAND</replaceable></arg> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:32 +msgid "" +"<command>sssctl</command> provides a simple and unified way to obtain " +"information about SSSD status, such as active server, auto-discovered " +"servers, domains and cached objects. In addition, it can manage SSSD data " +"files for troubleshooting in such a way that is safe to manipulate while " +"SSSD is running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:43 +msgid "" +"To list all available commands run <command>sssctl</command> without any " +"parameters. To print help for selected command run <command>sssctl COMMAND " +"--help</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-files.5.xml:10 sssd-files.5.xml:16 +msgid "sssd-files" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-files.5.xml:17 +msgid "SSSD files provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:23 +msgid "" +"This manual page describes the files provider for <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:36 +msgid "" +"The files provider mirrors the content of the <citerefentry> " +"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files " +"provider is to make the users and groups traditionally only accessible with " +"NSS interfaces also available through the SSSD interfaces such as " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:55 +msgid "Another reason is to provide efficient caching of local users and groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:58 +msgid "" +"Please note that besides explicit domain definition the files provider can " +"be configured also implicitly using 'enable_files_domain' option. See " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:66 +msgid "" +"SSSD never handles resolution of user/group \"root\". Also resolution of " +"UID/GID 0 is not handled by SSSD. Such requests are passed to next NSS " +"module (usually files)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:71 +msgid "" +"When SSSD is not running or responding, nss_sss returns the UNAVAIL code " +"which causes the request to be passed to the next module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:95 +msgid "passwd_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:98 +msgid "" +"Comma-separated list of one or multiple password filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:104 +msgid "Default: /etc/passwd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:110 +msgid "group_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:113 +msgid "" +"Comma-separated list of one or multiple group filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:119 +msgid "Default: /etc/group" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:125 +msgid "fallback_to_nss (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:128 +msgid "" +"While updating the internal data SSSD will return an error and let the " +"client continue with the next NSS module. This helps to avoid delays when " +"using the default system files <filename>/etc/passwd</filename> and " +"<filename>/etc/group</filename> and the NSS configuration has 'sss' before " +"'files' for the 'passwd' and 'group' maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:138 +msgid "" +"If the files provider is configured to monitor other files it makes sense to " +"set this option to 'False' to avoid inconsistent behavior because in general " +"there would be no other NSS module which can be used as a fallback." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:79 +msgid "" +"In addition to the options listed below, generic SSSD domain options can be " +"set where applicable. Refer to the section <quote>DOMAIN SECTIONS</quote> " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page for details on the " +"configuration of an SSSD domain. But the purpose of the files provider is to " +"expose the same data as the UNIX files, just through the SSSD " +"interfaces. Therefore not all generic domain options are " +"supported. Likewise, some global options, such as overriding the shell in " +"the <quote>nss</quote> section for all domains has no effect on the files " +"domain unless explicitly specified per-domain. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:157 +msgid "" +"The following example assumes that SSSD is correctly configured and files is " +"one of the domains in the <replaceable>[sssd]</replaceable> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:163 +#, no-wrap +msgid "" +"[domain/files]\n" +"id_provider = files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:168 +msgid "" +"To leverage caching of local users and groups by SSSD nss_sss module must be " +"listed before nss_files module in /etc/nsswitch.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:174 +#, no-wrap +msgid "" +"passwd: sss files\n" +"group: sss files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16 +msgid "sssd-session-recording" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-session-recording.5.xml:17 +msgid "Configuring session recording with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to " +"implement user session recording on text terminals. For a detailed " +"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> " +"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:41 +msgid "" +"SSSD can be set up to enable recording of everything specific users see or " +"type during their sessions on text terminals. E.g. when users log in on the " +"console, or via SSH. SSSD itself doesn't record anything, but makes sure " +"tlog-rec-session is started upon user login, so it can record according to " +"its configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:48 +msgid "" +"For users with session recording enabled, SSSD replaces the user shell with " +"tlog-rec-session in NSS responses, and adds a variable specifying the " +"original shell to the user environment, upon PAM session setup. This way " +"tlog-rec-session can be started in place of the user shell, and know which " +"actual shell to start, once it set up the recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:60 +msgid "These options can be used to configure the session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:178 +msgid "" +"The following snippet of sssd.conf enables session recording for users " +"\"contractor1\" and \"contractor2\", and group \"students\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-session-recording.5.xml:183 +#, no-wrap +msgid "" +"[session_recording]\n" +"scope = some\n" +"users = contractor1, contractor2\n" +"groups = students\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16 +msgid "sssd-kcm" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-kcm.8.xml:17 +msgid "SSSD Kerberos Cache Manager" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:23 +msgid "" +"This manual page describes the configuration of the SSSD Kerberos Cache " +"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos " +"credential caches. It originates in the Heimdal Kerberos project, although " +"the MIT Kerberos library also provides client side (more details on that " +"below) support for the KCM credential cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:31 +msgid "" +"In a setup where Kerberos caches are managed by KCM, the Kerberos library " +"(typically used through an application, like e.g., <citerefentry> " +"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> " +"</citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is " +"being referred to as a <quote>\"KCM server\"</quote>. The client and server " +"communicate over a UNIX socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:42 +msgid "" +"The KCM server keeps track of each credential caches's owner and performs " +"access check control based on the UID and GID of the KCM client. The root " +"user has access to all credential caches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:47 +msgid "The KCM credential cache has several interesting properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:51 +msgid "" +"since the process runs in userspace, it is subject to UID namespacing, " +"unlike the kernel keyring" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:56 +msgid "" +"unlike the kernel keyring-based cache, which is shared between all " +"containers, the KCM server is a separate process whose entry point is a UNIX " +"socket" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:61 +msgid "" +"the SSSD implementation stores the ccaches in a database, typically located " +"at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to " +"survive KCM server restarts or machine reboots." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:67 +msgid "" +"This allows the system to use a collection-aware credential cache, yet share " +"the credential cache between some or no containers by bind-mounting the " +"socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:72 +msgid "" +"The KCM default client idle timeout is 5 minutes, this allows more time for " +"user interaction with command line tools such as kinit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:78 +msgid "USING THE KCM CREDENTIAL CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:88 +#, no-wrap +msgid "" +"[libdefaults]\n" +" default_ccache_name = KCM:\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:80 +msgid "" +"In order to use KCM credential cache, it must be selected as the default " +"credential type in <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle><manvolnum>5</manvolnum> " +"</citerefentry>, The credentials cache name must be only <quote>KCM:</quote> " +"without any template expansions. For example: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:93 +msgid "" +"Next, make sure the Kerberos client libraries and the KCM server must agree " +"on the UNIX socket path. By default, both use the same path " +"<replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure " +"the Kerberos library, change its <quote>kcm_socket</quote> option which is " +"described in the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle><manvolnum>5</manvolnum> " +"</citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:115 +#, no-wrap +msgid "" +"systemctl start sssd-kcm.socket\n" +"systemctl enable sssd-kcm.socket\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:104 +msgid "" +"Finally, make sure the SSSD KCM server can be contacted. The KCM service is " +"typically socket-activated by <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> " +"</citerefentry>. Unlike other SSSD services, it cannot be started by adding " +"the <quote>kcm</quote> string to the <quote>service</quote> directive. " +"<placeholder type=\"programlisting\" id=\"0\"/> Please note your " +"distribution may already configure the units for you." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:124 +msgid "THE CREDENTIAL CACHE STORAGE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:126 +msgid "" +"The credential caches are stored in a database, much like SSSD caches user " +"or group entries. The database is typically located at " +"<quote>/var/lib/sss/secrets</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:133 +msgid "OBTAINING DEBUG LOGS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:144 +#, no-wrap +msgid "" +"[kcm]\n" +"debug_level = 10\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:149 sssd-kcm.8.xml:211 +#, no-wrap +msgid "" +"systemctl restart sssd-kcm.service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:135 +msgid "" +"The sssd-kcm service is typically socket-activated <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> " +"</citerefentry>. To generate debug logs, add the following either to the " +"<filename>/etc/sssd/sssd.conf</filename> file directly or as a configuration " +"snippet to <filename>/etc/sssd/conf.d/</filename> directory: <placeholder " +"type=\"programlisting\" id=\"0\"/> Then, restart the sssd-kcm service: " +"<placeholder type=\"programlisting\" id=\"1\"/> Finally, run whatever " +"use-case doesn't work for you. The KCM logs will be generated at " +"<filename>/var/log/sssd/sssd_kcm.log</filename>. It is recommended to " +"disable the debug logs when you no longer need the debugging to be enabled " +"as the sssd-kcm service can generate quite a large amount of debugging " +"information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:159 +msgid "" +"Please note that configuration snippets are, at the moment, only processed " +"if the main configuration file at <filename>/etc/sssd/sssd.conf</filename> " +"exists at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:166 +msgid "RENEWALS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:174 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"krb5_renew_interval = 60m\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:168 +msgid "" +"The sssd-kcm service can be configured to attempt TGT renewal for renewable " +"TGTs stored in the KCM ccache. Renewals are only attempted when half of the " +"ticket lifetime has been reached. KCM Renewals are configured when the " +"following options are set in the [kcm] section: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:179 +msgid "SSSD can also inherit krb5 options for renewals from an existing domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: sssd-kcm.8.xml:183 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"tgt_renewal_inherit = domain-name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:191 +#, no-wrap +msgid "" +"krb5_renew_interval\n" +"krb5_renewable_lifetime\n" +"krb5_lifetime\n" +"krb5_validate\n" +"krb5_canonicalize\n" +"krb5_auth_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:187 +msgid "" +"The following krb5 options can be configured in the [kcm] section to control " +"renewal behavior, these options are described in detail below <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:204 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> section of the " +"sssd.conf file. Please note that because the KCM service is typically " +"socket-activated, it is enough to just restart the <quote>sssd-kcm</quote> " +"service after changing options in the <quote>kcm</quote> section of " +"sssd.conf: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:215 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> For a detailed " +"syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:223 +msgid "" +"The generic SSSD service options such as <quote>debug_level</quote> or " +"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page for a complete list. In " +"addition, there are some KCM-specific options as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:234 +msgid "socket_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:237 +msgid "The socket the KCM service will listen on." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:240 +msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:243 +msgid "" +"<phrase condition=\"have_systemd\"> Note: on platforms where systemd is " +"supported, the socket path is overwritten by the one defined in the " +"sssd-kcm.socket unit file. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:252 +msgid "max_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:255 +msgid "How many credential caches does the KCM database allow for all users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:259 +msgid "Default: 0 (unlimited, only the per-UID quota is enforced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:264 +msgid "max_uid_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:267 +msgid "" +"How many credential caches does the KCM database allow per UID. This is " +"equivalent to <quote>with how many principals you can kinit</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:272 +msgid "Default: 64" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:277 +msgid "max_ccache_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:280 +msgid "" +"How big can a credential cache be per ccache. Each service ticket accounts " +"into this quota." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:284 +msgid "Default: 65536" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:289 +msgid "tgt_renewal (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:292 +msgid "Enables TGT renewals functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:295 +msgid "Default: False (Automatic renewals disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:300 +msgid "tgt_renewal_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:303 +msgid "Domain to inherit krb5_* options from, for use with TGT renewals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:307 +msgid "Default: NULL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:318 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> " +"</citerefentry>, <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> " +"</citerefentry>," +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16 +msgid "sssd-systemtap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-systemtap.5.xml:17 +msgid "SSSD systemtap information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:23 +msgid "" +"This manual page provides information about the systemtap functionality in " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:32 +msgid "" +"SystemTap Probe points have been added into various locations in SSSD code " +"to assist in troubleshooting and analyzing performance related issues." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:40 +msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:46 +msgid "" +"Probes and miscellaneous functions are defined in " +"/usr/share/systemtap/tapset/sssd.stp and " +"/usr/share/systemtap/tapset/sssd_functions.stp respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:57 +msgid "PROBE POINTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:367 +msgid "" +"The information below lists the probe points and arguments available in the " +"following format:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:64 +msgid "probe $name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:67 +msgid "Description of probe point" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:70 +#, no-wrap +msgid "" +"variable1:datatype\n" +"variable2:datatype\n" +"variable3:datatype\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:80 +msgid "Database Transaction Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:84 +msgid "probe sssd_transaction_start" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:87 +msgid "Start of a sysdb transaction, probes the sysdb_transaction_start() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118 +#: sssd-systemtap.5.xml:131 +#, no-wrap +msgid "" +"nesting:integer\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:97 +msgid "probe sssd_transaction_cancel" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:100 +msgid "" +"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() " +"function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:111 +msgid "probe sssd_transaction_commit_before" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:114 +msgid "Probes the sysdb_transaction_commit_before() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:124 +msgid "probe sssd_transaction_commit_after" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:127 +msgid "Probes the sysdb_transaction_commit_after() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:141 +msgid "LDAP Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:145 +msgid "probe sdap_search_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:148 +msgid "Probes the sdap_get_generic_ext_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:152 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"attrs:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:161 +msgid "probe sdap_search_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:164 +msgid "Probes the sdap_get_generic_ext_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:168 sssd-systemtap.5.xml:222 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:176 +msgid "probe sdap_parse_entry" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:179 +msgid "" +"Probes the sdap_parse_entry() function. It is called repeatedly with every " +"received attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:184 +#, no-wrap +msgid "" +"attr:string\n" +"value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:190 +msgid "probe sdap_parse_entry_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:193 +msgid "" +"Probes the sdap_parse_entry() function. It is called when parsing of " +"received object is finished." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:201 +msgid "probe sdap_deref_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:204 +msgid "Probes the sdap_deref_search_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:208 +#, no-wrap +msgid "" +"base_dn:string\n" +"deref_attr:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:215 +msgid "probe sdap_deref_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:218 +msgid "Probes the sdap_deref_search_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:234 +msgid "LDAP Account Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:238 +msgid "probe sdap_acct_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:241 +msgid "Probes the sdap_acct_req_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:245 sssd-systemtap.5.xml:260 +#, no-wrap +msgid "" +"entry_type:int\n" +"filter_type:int\n" +"filter_value:string\n" +"extra_value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:253 +msgid "probe sdap_acct_req_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:256 +msgid "Probes the sdap_acct_req_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:272 +msgid "LDAP User Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:276 +msgid "probe sdap_search_user_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:279 +msgid "Probes the sdap_search_user_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:283 sssd-systemtap.5.xml:295 sssd-systemtap.5.xml:307 +#: sssd-systemtap.5.xml:319 +#, no-wrap +msgid "" +"filter:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:288 +msgid "probe sdap_search_user_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:291 +msgid "Probes the sdap_search_user_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:300 +msgid "probe sdap_search_user_save_begin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:303 +msgid "Probes the sdap_search_user_save_begin() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:312 +msgid "probe sdap_search_user_save_end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:315 +msgid "Probes the sdap_search_user_save_end() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:328 +msgid "Data Provider Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:332 +msgid "probe dp_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:335 +msgid "A Data Provider request is submitted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:338 +#, no-wrap +msgid "" +"dp_req_domain:string\n" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:346 +msgid "probe dp_req_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:349 +msgid "A Data Provider request is completed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:352 +#, no-wrap +msgid "" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +"dp_ret:int\n" +"dp_errorstr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:365 +msgid "MISCELLANEOUS FUNCTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:372 +msgid "function acct_req_desc(entry_type)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:375 +msgid "Convert entry_type to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:380 +msgid "" +"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, " +"filter_value, extra_value)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:384 +msgid "Create probe string based on filter type" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:389 +msgid "function dp_target_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:392 +msgid "Convert target to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:397 +msgid "function dp_method_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:400 +msgid "Convert method to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:410 +msgid "SAMPLE SYSTEMTAP SCRIPTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:412 +msgid "" +"Start the SystemTap script (<command>stap " +"/usr/share/sssd/systemtap/<script_name>.stp</command>), then perform " +"an identity operation and the script will collect information from probes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:418 +msgid "Provided SystemTap scripts are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:422 +msgid "dp_request.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:425 +msgid "Monitoring of data provider request performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:430 +msgid "id_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:433 +msgid "Monitoring of <command>id</command> command performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:439 +msgid "ldap_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:442 +msgid "Monitoring of LDAP queries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:447 +msgid "nested_group_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:450 +msgid "Performance of nested groups resolving." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +msgid "sssd-ldap-attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap-attributes.5.xml:17 +msgid "SSSD LDAP Provider: Mapping Attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap-attributes.5.xml:23 +msgid "" +"This manual page describes the mapping attributes of SSSD LDAP provider " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. Refer to the <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page for full details about SSSD LDAP provider " +"configuration options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:38 +msgid "USER ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:42 +msgid "ldap_user_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:45 +msgid "The object class of a user entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:48 +msgid "Default: posixAccount" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:54 +msgid "ldap_user_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:57 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:61 +msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:68 +msgid "ldap_user_uid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:71 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:75 +msgid "Default: uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:81 +msgid "ldap_user_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:84 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:88 sssd-ldap-attributes.5.xml:698 +msgid "Default: gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:94 +msgid "ldap_user_primary_group (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:97 +msgid "" +"Active Directory primary group attribute for ID-mapping. Note that this " +"attribute should only be set manually if you are running the " +"<quote>ldap</quote> provider with ID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:103 +msgid "Default: unset (LDAP), primaryGroupID (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:109 +msgid "ldap_user_gecos (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:112 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:116 +msgid "Default: gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:122 +msgid "ldap_user_home_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:125 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:129 +msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:135 +msgid "ldap_user_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:138 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:142 +msgid "Default: loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:148 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:151 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:155 sssd-ldap-attributes.5.xml:724 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:162 +msgid "ldap_user_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:165 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:170 sssd-ldap-attributes.5.xml:739 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:177 +msgid "ldap_user_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:180 sssd-ldap-attributes.5.xml:749 +#: sssd-ldap-attributes.5.xml:872 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:184 sssd-ldap-attributes.5.xml:753 +#: sssd-ldap-attributes.5.xml:879 +msgid "Default: modifyTimestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:190 +msgid "ldap_user_shadow_last_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:193 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> counterpart (date of the last password change)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:203 +msgid "Default: shadowLastChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:209 +msgid "ldap_user_shadow_min (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:212 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> counterpart (minimum password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:221 +msgid "Default: shadowMin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:227 +msgid "ldap_user_shadow_max (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:230 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> counterpart (maximum password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:239 +msgid "Default: shadowMax" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:245 +msgid "ldap_user_shadow_warning (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:248 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> counterpart (password warning period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:258 +msgid "Default: shadowWarning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:264 +msgid "ldap_user_shadow_inactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:267 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> counterpart (password inactivity period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:277 +msgid "Default: shadowInactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:283 +msgid "ldap_user_shadow_expire (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:286 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> counterpart (account expiration " +"date)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:296 +msgid "Default: shadowExpire" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:302 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:305 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:311 +msgid "Default: krbLastPwdChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:317 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:320 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:326 +msgid "Default: krbPasswordExpiration" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:332 +msgid "ldap_user_ad_account_expires (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:335 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:340 +msgid "Default: accountExpires" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:346 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:349 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:354 +msgid "Default: userAccountControl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:360 +msgid "ldap_ns_account_lock (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:363 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:368 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:374 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:377 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:381 sssd-ldap-attributes.5.xml:395 +msgid "Default: loginDisabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:387 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:390 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:401 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:404 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:409 +msgid "Default: loginAllowedTimeMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:415 +msgid "ldap_user_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:418 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:422 +msgid "Default: krbPrincipalName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:428 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:431 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:436 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP " +"schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:446 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:456 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:459 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:463 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:466 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>phone</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:476 +msgid "ldap_user_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:479 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:483 sssd-ldap-attributes.5.xml:963 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:489 +msgid "ldap_user_fullname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:492 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:502 +msgid "ldap_user_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:505 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:509 sssd-ldap-attributes.5.xml:950 +msgid "Default: memberOf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:515 +msgid "ldap_user_authorized_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:518 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:525 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:530 +msgid "" +"Please note that the ldap_access_order configuration option " +"<emphasis>must</emphasis> include <quote>authorized_service</quote> in order " +"for the ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:537 +msgid "" +"Some distributions (such as Fedora-29+ or RHEL-8) always include the " +"<quote>systemd-user</quote> PAM service as part of the login " +"process. Therefore when using service-based access control, the " +"<quote>systemd-user</quote> service might need to be added to the list of " +"allowed services." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:545 +msgid "Default: authorizedService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:551 +msgid "ldap_user_authorized_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:554 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:560 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:565 +msgid "" +"Please note that the ldap_access_order configuration option " +"<emphasis>must</emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:572 +msgid "Default: host" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:578 +msgid "ldap_user_authorized_rhost (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:581 +msgid "" +"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the " +"presence of the rhost attribute in the user's LDAP entry to determine access " +"privilege. Similarly to host verification process." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:588 +msgid "" +"An explicit deny (!rhost) is resolved first. Second, SSSD searches for " +"explicit allow (rhost) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:593 +msgid "" +"Please note that the ldap_access_order configuration option " +"<emphasis>must</emphasis> include <quote>rhost</quote> in order for the " +"ldap_user_authorized_rhost option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:600 +msgid "Default: rhost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:606 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:609 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:613 +msgid "Default: userCertificate;binary" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:619 +msgid "ldap_user_email (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:622 +msgid "Name of the LDAP attribute containing the email address of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:626 +msgid "" +"Note: If an email address of a user conflicts with an email address or fully " +"qualified name of another user, then SSSD will not be able to serve those " +"users properly. If for some reason several users need to share the same " +"email address then set this option to a nonexistent attribute name in order " +"to disable user lookup/login by email." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:635 +msgid "Default: mail" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:640 +msgid "ldap_user_passkey (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:643 +msgid "Name of the LDAP attribute containing the passkey mapping data of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:647 +msgid "Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:657 +msgid "GROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:661 +msgid "ldap_group_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:664 +msgid "The object class of a group entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:667 +msgid "Default: posixGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:673 +msgid "ldap_group_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:676 +msgid "" +"The LDAP attribute that corresponds to the group name. In an environment " +"with nested groups, this value must be an LDAP attribute which has a unique " +"name for every group. This requirement includes non-POSIX groups in the tree " +"of nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:684 +msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:691 +msgid "ldap_group_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:694 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:704 +msgid "ldap_group_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:707 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:711 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:717 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:720 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:731 +msgid "ldap_group_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:734 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:746 +msgid "ldap_group_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:759 +msgid "ldap_group_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:762 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:767 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:773 +msgid "Default: groupType in the AD provider, otherwise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:780 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:783 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:789 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:799 +msgid "NETGROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:803 +msgid "ldap_netgroup_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:806 +msgid "The object class of a netgroup entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:809 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:813 +msgid "Default: nisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:819 +msgid "ldap_netgroup_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:822 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:826 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:836 +msgid "ldap_netgroup_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:839 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:843 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:847 +msgid "Default: memberNisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:853 +msgid "ldap_netgroup_triple (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:856 +msgid "The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:860 sssd-ldap-attributes.5.xml:876 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:863 +msgid "Default: nisNetgroupTriple" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:869 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:888 +msgid "HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:892 +msgid "ldap_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:895 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:898 sssd-ldap-attributes.5.xml:995 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:904 +msgid "ldap_host_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:907 sssd-ldap-attributes.5.xml:933 +msgid "The LDAP attribute that corresponds to the host's name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:917 +msgid "ldap_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:920 +msgid "" +"The LDAP attribute that corresponds to the host's fully-qualified domain " +"name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:924 +msgid "Default: fqdn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:930 +msgid "ldap_host_serverhostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:937 +msgid "Default: serverHostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:943 +msgid "ldap_host_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:946 +msgid "The LDAP attribute that lists the host's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:956 +msgid "ldap_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:959 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:969 +msgid "ldap_host_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:972 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:985 +msgid "SERVICE ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:989 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:992 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1001 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1004 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1014 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1017 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1021 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1027 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1030 +msgid "The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1034 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1043 +msgid "SUDO ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1047 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1050 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1053 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1059 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1062 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1072 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1075 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1079 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1085 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1088 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1093 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1099 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1102 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1106 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1112 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1115 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1119 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1125 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1128 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1132 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1138 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1141 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1145 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1151 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1154 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1158 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1164 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1167 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1172 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1178 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1181 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1185 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1194 +msgid "AUTOFS ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1201 +msgid "IP HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1205 +msgid "ldap_iphost_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1208 +msgid "The object class of an iphost entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1211 +msgid "Default: ipHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1217 +msgid "ldap_iphost_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1220 +msgid "" +"The LDAP attribute that contains the name of the IP host attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1230 +msgid "ldap_iphost_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1233 +msgid "The LDAP attribute that contains the IP host address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1237 +msgid "Default: ipHostNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1246 +msgid "IP NETWORK ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1250 +msgid "ldap_ipnetwork_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1253 +msgid "The object class of an ipnetwork entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1256 +msgid "Default: ipNetwork" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1262 +msgid "ldap_ipnetwork_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1265 +msgid "" +"The LDAP attribute that contains the name of the IP network attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1275 +msgid "ldap_ipnetwork_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1278 +msgid "The LDAP attribute that contains the IP network address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1282 +msgid "Default: ipNetworkNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_localauth_plugin.8.xml:10 sssd_krb5_localauth_plugin.8.xml:15 +msgid "sssd_krb5_localauth_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_localauth_plugin.8.xml:16 +msgid "Kerberos local authorization plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:22 +msgid "" +"The Kerberos local authorization plugin " +"<command>sssd_krb5_localauth_plugin</command> is used by libkrb5 to either " +"find the local name for a given Kerberos principal or to check if a given " +"local name and a given Kerberos principal relate to each other." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:29 +msgid "" +"SSSD handles the local names for users from a remote source and can read the " +"Kerberos user principal name from the remote source as well. With this " +"information SSSD can easily handle the mappings mentioned above even if the " +"local name and the Kerberos principal differ considerably." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:36 +msgid "" +"Additionally with the information read from the remote source SSSD can help " +"to prevent unexpected or unwanted mappings in case the user part of the " +"Kerberos principal accidentally corresponds to a local name of a different " +"user. By default libkrb5 might just strip the realm part of the Kerberos " +"principal to get the local name which would lead to wrong mappings in this " +"case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd_krb5_localauth_plugin.8.xml:46 +msgid "CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd_krb5_localauth_plugin.8.xml:56 +#, no-wrap +msgid "" +"[plugins]\n" +" localauth = {\n" +" module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so\n" +" }\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:48 +msgid "" +"The Kerberos local authorization plugin must be enabled explicitly in the " +"Kerberos configuration, see <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry>. SSSD will create a config snippet with the content like " +"e.g. <placeholder type=\"programlisting\" id=\"0\"/> automatically in the " +"SSSD's public Kerberos configuration snippet directory. If this directory is " +"included in the local Kerberos configuration the plugin will be enabled " +"automatically." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:3 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:6 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:9 +msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:16 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:19 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:22 +msgid "" +"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise " +"automountMapName" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:29 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:32 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:37 +msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:44 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:47 include/autofs_attributes.xml:61 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:51 +msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:58 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:65 +msgid "" +"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise " +"automountInformation" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" + +#. type: Content of: <refentryinfo> +#: include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - " +"https://github.com/SSSD/sssd/</orgname>" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of " +"preference. The list can contain any number of servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:53 +msgid "Failover time outs and tuning" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:55 +msgid "" +"Resolving a server to connect to can be as simple as running a single DNS " +"query or can involve several steps, such as finding the correct site or " +"trying out multiple host names in case some of the configured servers are " +"not reachable. The more complex scenarios can take some time and SSSD needs " +"to balance between providing enough time to finish the resolution process " +"but on the other hand, not trying for too long before falling back to " +"offline mode. If the SSSD debug logs show that the server resolution is " +"timing out before a live server is contacted, you can consider changing the " +"time outs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:76 +msgid "dns_resolver_server_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:80 +msgid "" +"Time in milliseconds that sets how long would SSSD talk to a single DNS " +"server before trying next one." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:90 +msgid "dns_resolver_op_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:94 +msgid "" +"Time in seconds to tell how long would SSSD try to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or discovery domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:106 +msgid "dns_resolver_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:110 +msgid "" +"How long would SSSD try to resolve a failover service. This service " +"resolution internally might include several steps, such as resolving DNS SRV " +"queries or locating the site." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:67 +msgid "" +"This section lists the available tunables. Please refer to their description " +"in the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> " +"</citerefentry>, manual page. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:123 +msgid "" +"For LDAP-based providers, the resolve operation is performed as part of an " +"LDAP connection operation. Therefore, also the " +"<quote>ldap_opt_timeout</quote> timeout should be set to a larger value than " +"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger " +"value than <quote>dns_resolver_op_timeout</quote> which should be larger " +"than <quote>dns_resolver_server_timeout</quote>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between " +"automatically-assigned and manually-assigned values. If you need to use " +"manually-assigned values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that " +"domain. In order to make this slice-assignment repeatable on different " +"client machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 200,000 and going up to " +"2,000,200,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower (inclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:129 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have " +"<quote>min_id</quote> be less-than or equal to " +"<quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:139 include/ldap_id_mapping.xml:197 +msgid "Default: 200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:144 +msgid "ldap_idmap_range_max (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:147 +msgid "" +"Specifies the upper (exclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"cannot be used for the mapping anymore, i.e. one larger than the last one " +"which can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:155 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have " +"<quote>max_id</quote> be greater-than or equal to " +"<quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:165 +msgid "Default: 2000200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:170 +msgid "ldap_idmap_range_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:185 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:192 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:202 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:205 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:216 +msgid "ldap_idmap_default_domain (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:219 +msgid "Specify the name of the default domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:227 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:230 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:235 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monotonically with each additional domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:240 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:255 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:258 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:262 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:279 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:287 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:290 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:291 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:292 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:293 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:294 +msgid "Mandatory Label Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:295 +msgid "Authentication Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:296 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:297 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:299 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:303 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote>LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, " +"<quote>MANDATORY LABEL AUTHORITY</quote>, <quote>AUTHENTICATION " +"AUTHORITY</quote>, <quote>NT AUTHORITY</quote> and <quote>BUILTIN</quote> " +"should not be used as domain names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10 +msgid "Currently supported debug levels:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal " +"failures. Anything that would prevent SSSD from starting up or causes it to " +"cease running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill SSSD, but one that indicates that at least one major " +"feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of " +"2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36 +msgid "<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of " +"function-internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x20000</emphasis>: Performance and " +"statistical data, please note that due to the way requests are processed " +"internally the logged execution time of a request might be longer than it " +"actually was." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:88 include/debug_levels_tools.xml:62 +msgid "" +"<emphasis>10</emphasis>, <emphasis>0x10000</emphasis>: Even more low-level " +"libldb tracing information. Almost never really required." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:93 include/debug_levels_tools.xml:67 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:97 include/debug_levels_tools.xml:71 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:101 include/debug_levels_tools.xml:75 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:106 include/debug_levels_tools.xml:80 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:110 include/debug_levels_tools.xml:84 +msgid "" +"<emphasis>Default</emphasis>: 0x0070 (i.e. fatal, critical and serious " +"failures; corresponds to setting 2 in decimal notation)" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with " +"<quote>id_provider=local</quote> must be created and the SSSD must be " +"running." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> " +"</citerefentry>, <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> " +"</citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> " +"</citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap-attributes</refentrytitle><manvolnum>5</manvolnum> " +"</citerefentry>, <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> " +"</citerefentry>, <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> " +"</citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle><manvolnum>5</manvolnum> " +"</citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> " +"</citerefentry>, <phrase condition=\"with_files_provider\"> <citerefentry> " +"<refentrytitle>sssd-files</refentrytitle><manvolnum>5</manvolnum> " +"</citerefentry>, </phrase> <phrase condition=\"with_sudo\"> <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry>, </phrase> <citerefentry> " +"<refentrytitle>sssd-session-recording</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> " +"</citerefentry>, <citerefentry> " +"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> " +"</citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> " +"</citerefentry>, <citerefentry> " +"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> " +"</citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</manvolnum> " +"</citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, </phrase> <phrase " +"condition=\"with_ifp\"> <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry>, </phrase> <citerefentry> " +"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> " +"</citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> <phrase condition=\"with_stap\"> <citerefentry> " +"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> </phrase>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of " +"http://tools.ietf.org/html/rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the " +"<quote>ldap_search_base</quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:27 +msgid "%l" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "The first letter of the login name." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:32 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:35 +msgid "%o" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:37 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:44 +msgid "" +"The original home directory retrieved from the identity provider, but in " +"lower case." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:49 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:51 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:63 +msgid "This option can also be set per-domain." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:68 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:72 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:76 +msgid "" +"Please note, the home directory from a specific override for the user, " +"either locally (see " +"<citerefentry><refentrytitle>sss_override</refentrytitle> " +"<manvolnum>8</manvolnum></citerefentry>) or centrally managed IPA " +"id-overrides, has a higher precedence and will be used instead of the value " +"given by override_homedir." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2 +msgid "MODIFIED DEFAULT OPTIONS" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ad_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and AD provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9 +msgid "KRB5 Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13 +msgid "krb5_validate = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:18 +msgid "krb5_use_enterprise_principal = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:24 +msgid "LDAP Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:28 +msgid "ldap_schema = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38 +msgid "ldap_force_upper_case_realm = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:38 +msgid "ldap_id_mapping = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSS-SPNEGO" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:48 +msgid "ldap_referrals = false" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58 +msgid "ldap_use_tokengroups = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:63 +msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:66 +msgid "" +"The AD provider looks for a different principal than the LDAP provider by " +"default, because in an Active Directory environment the principals are " +"divided into two groups - User Principals and Service Principals. Only User " +"Principal can be used to obtain a TGT and by default, computer object's " +"principal is constructed from its sAMAccountName and the AD realm. The " +"well-known host/hostname@REALM principal is a Service Principal and thus " +"cannot be used to get a TGT with." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:80 +msgid "NSS configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:84 +msgid "fallback_homedir = /home/%d/%u" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:87 +msgid "" +"The AD provider automatically sets \"fallback_homedir = /home/%d/%u\" to " +"provide personal home directories for users without the homeDirectory " +"attribute. If your AD Domain is properly populated with Posix attributes, " +"and you want to avoid this fallback behavior, you can explicitly set " +"\"fallback_homedir = %o\"." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:96 +msgid "" +"Note that the system typically expects a home directory in /home/%u " +"folder. If you decide to use a different directory structure, some other " +"parts of your system may need adjustments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:102 +msgid "" +"For example automated creation of home directories in combination with " +"selinux requires selinux adjustment, otherwise the home directory will be " +"created with wrong selinux context." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ipa_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and IPA provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:18 +msgid "krb5_use_fast = try" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:23 +msgid "krb5_canonicalize = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:29 +msgid "LDAP Provider - General" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:33 +msgid "ldap_schema = ipa_v1" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSSAPI" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:48 +msgid "ldap_sasl_minssf = 56" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ipa" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:64 +msgid "LDAP Provider - User options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:68 +msgid "ldap_user_member_of = memberOf" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:73 +msgid "ldap_user_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:78 +msgid "ldap_user_ssh_public_key = ipaSshPubKey" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:83 +msgid "ldap_user_auth_type = ipaUserAuthType" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:89 +msgid "LDAP Provider - Group options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:93 +msgid "ldap_group_object_class = ipaUserGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:98 +msgid "ldap_group_object_class_alt = posixGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:103 +msgid "ldap_group_member = member" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:108 +msgid "ldap_group_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:113 +msgid "ldap_group_objectsid = ipaNTSecurityIdentifier" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:118 +msgid "ldap_group_external_member = ipaExternalMember" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:3 +msgid "krb5_auth_timeout (integer)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:6 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:17 +msgid "krb5_validate (boolean)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:20 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:29 +msgid "Default: false (IPA and AD provider: true)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:32 +msgid "" +"Please note that the ticket validation is the first step when checking the " +"PAC (see 'pac_check' in the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page for details). If ticket validation is disabled " +"the PAC checks will be skipped as well." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:44 +msgid "krb5_renewable_lifetime (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:47 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:52 include/krb5_options.xml:86 +#: include/krb5_options.xml:123 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:55 include/krb5_options.xml:89 +#: include/krb5_options.xml:126 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:58 include/krb5_options.xml:92 +#: include/krb5_options.xml:129 +msgid "<emphasis>h</emphasis> for hours" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:61 include/krb5_options.xml:95 +#: include/krb5_options.xml:132 +msgid "<emphasis>d</emphasis> for days." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:64 include/krb5_options.xml:135 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:68 include/krb5_options.xml:139 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:73 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:79 +msgid "krb5_lifetime (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:82 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:98 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:102 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:107 +msgid "Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:114 +msgid "krb5_renew_interval (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:117 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:144 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:157 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" diff --git a/src/man/po/sv.po b/src/man/po/sv.po new file mode 100644 index 0000000..ff51320 --- /dev/null +++ b/src/man/po/sv.po @@ -0,0 +1,24344 @@ +# Göran Uddeborg <goeran@uddeborg.se>, 2018. #zanata +# Göran Uddeborg <goeran@uddeborg.se>, 2019. #zanata +# Anders Jonsson <anders.jonsson@norsjovallen.se>, 2020. #zanata +# Göran Uddeborg <goeran@uddeborg.se>, 2020. #zanata +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 2.3.0\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" +"PO-Revision-Date: 2023-02-15 14:20+0000\n" +"Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n" +"Language-Team: Swedish <https://translate.fedoraproject.org/projects/sssd/" +"sssd-manpage-master/sv/>\n" +"Language: sv\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" +"X-Generator: Weblate 4.15.2\n" + +#. type: Content of: <reference><title> +#: sssd.conf.5.xml:8 sssd-ldap.5.xml:5 pam_sss.8.xml:5 pam_sss_gss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5 +#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 +#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sssd-krb5.5.xml:5 +#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5 +#: sssd-files.5.xml:5 sssd-session-recording.5.xml:5 sssd-kcm.8.xml:5 +#: sssd-systemtap.5.xml:5 sssd-ldap-attributes.5.xml:5 +#: sssd_krb5_localauth_plugin.8.xml:5 +msgid "SSSD Manual pages" +msgstr "SSSD manualsidor" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:13 sssd.conf.5.xml:19 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:14 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 +#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +#: sssd-files.5.xml:11 sssd-session-recording.5.xml:11 sssd-systemtap.5.xml:11 +#: sssd-ldap-attributes.5.xml:11 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:15 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 +#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +#: sssd-files.5.xml:12 sssd-session-recording.5.xml:12 sssd-kcm.8.xml:12 +#: sssd-systemtap.5.xml:12 sssd-ldap-attributes.5.xml:12 +msgid "File Formats and Conventions" +msgstr "Filformat och konventioner" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:20 +msgid "the configuration file for SSSD" +msgstr "konfigurationsfilen för SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:24 +msgid "FILE FORMAT" +msgstr "FILFORMAT" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:32 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" +"<replaceable>[sektion]</replaceable>\n" +"<replaceable>nyckel</replaceable> = <replaceable>värde</replaceable>\n" +"<replaceable>nyckel2</replaceable> = <replaceable>värde2,värde3</replaceable>\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:27 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Filen har en syntax i ini-stil och består av sektioner och parametrar. En " +"sektion börjar med namnet på sektionen i hakparenteser och fortsätter tills " +"nästa sektion börjar. Ett exempel på en sektion med enkla och flervärda " +"parametrar: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:39 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" +"Datatyperna som används är sträng (inga citationstecken behövs), heltal och " +"bool (med värdena <quote>TRUE/FALSE</quote>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:44 +msgid "" +"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" +"En kommentarsrad börjar med ett nummertecken (<quote>#</quote>) eller ett " +"semikolon (<quote>;</quote>). Kommentarer inom raden stödjs inte." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:50 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" +"Alla sektioner kan valfritt ha en parameter <replaceable>description</" +"replaceable>. Dess funktion är endast som en etikett för sektionen." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:56 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" +"<filename>sssd.conf</filename> måste vara en normal fil, ägd av root och " +"endast root får läsa från eller skriva till filen." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:62 +msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY" +msgstr "KONFIGURATIONSSNUTTAR FRÅN EN INCLUDE-KATALOG" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:65 +msgid "" +"The configuration file <filename>sssd.conf</filename> will include " +"configuration snippets using the include directory <filename>conf.d</" +"filename>. This feature is available if SSSD was compiled with libini " +"version 1.3.0 or later." +msgstr "" +"Konfigurationsfilen <filename>sssd.conf</filename> kommer inkludera " +"konfigurationssnuttar från include-katalogen <filename>conf.d</filename>. " +"Denna funktion är tillgänglig om SSSD kompilerades med version 1.3.0 eller " +"senare av libini." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:72 +msgid "" +"Any file placed in <filename>conf.d</filename> that ends in " +"<quote><filename>.conf</filename></quote> and does not begin with a dot " +"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> " +"to configure SSSD." +msgstr "" +"Filer lagda i <filename>conf.d</filename> som slutar med <quote><filename>." +"conf</filename></quote> och inte börjar med en punkt (<quote>.</quote>) " +"kommer användas tillsammans med <filename>sssd.conf</filename> för att " +"konfigurera SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:80 +msgid "" +"The configuration snippets from <filename>conf.d</filename> have higher " +"priority than <filename>sssd.conf</filename> and will override " +"<filename>sssd.conf</filename> when conflicts occur. If several snippets are " +"present in <filename>conf.d</filename>, then they are included in " +"alphabetical order (based on locale). Files included later have higher " +"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, " +"<filename>02_snippet.conf</filename> etc.) can help visualize the priority " +"(higher number means higher priority)." +msgstr "" +"Konfigurationssnuttarna från <filename>conf.d</filename> har högre prioritet " +"än <filename>sssd.conf</filename> och kommer åsidosätta <filename>sssd.conf</" +"filename> när konflikter uppstår. Om flera snuttar finns i <filename>conf." +"d</filename> inkluderas de i alfabetisk ordning (baserat på lokalen). Filer " +"som inkluderas senare har högre prioritet. Numeriska prefix " +"(<filename>01_snutt.conf</filename>, <filename>02_snutt.conf</filename> " +"etc.) kan hjälpa till att visualisera prioriteten (högre tals betyder högre " +"prioritet)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:94 +msgid "" +"The snippet files require the same owner and permissions as <filename>sssd." +"conf</filename>. Which are by default root:root and 0600." +msgstr "" +"Snuttfilerna behöver samma ägare och rättigheter som <filename>sssd.conf</" +"filename>. Vilket som standard är root:root och 0600." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:101 +msgid "GENERAL OPTIONS" +msgstr "ALLMÄNNA FLAGGOR" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:103 +msgid "Following options are usable in more than one configuration sections." +msgstr "Följande flaggor är användbara i mer än en konfigurationssektion." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:107 +msgid "Options usable in all sections" +msgstr "Flaggor användbara i alla sektioner" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:111 +msgid "debug_level (integer)" +msgstr "debug_level (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:115 +msgid "debug (integer)" +msgstr "debug (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:118 +msgid "" +"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias " +"for <replaceable>debug_level</replaceable> as a convenience feature. If both " +"are specified, the value of <replaceable>debug_level</replaceable> will be " +"used." +msgstr "" +"SSSD 1.14 och senare inkluderar också aliaset <replaceable>debug</" +"replaceable> för <replaceable>debug_level</replaceable> som en " +"bekvämlighetsfiness. Om båda anges kommer värdet på<replaceable>debug_level</" +"replaceable> användas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:128 +msgid "debug_timestamps (bool)" +msgstr "debug_timestamps (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:131 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" +"Lägg till en tidsstämpel till felsökningsmeddelanden. Om journald är " +"aktiverat för SSSD-felsökningsloggning ignoreras denna flagga." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 +msgid "Default: true" +msgstr "Standard: true" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:141 +msgid "debug_microseconds (bool)" +msgstr "debug_microseconds (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:144 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" +"Lägg till mikrosekunder till tidsstämpeln till felsökningsmeddelanden. Om " +"journald är aktiverat för SSSD-felsökningsloggning ignoreras denna flagga." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 +#: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 +#: include/krb5_options.xml:163 +msgid "Default: false" +msgstr "Standard: false" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:154 +msgid "debug_backtrace_enabled (bool)" +msgstr "debug_backtrace_enabled (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:157 +msgid "Enable debug backtrace." +msgstr "Aktivera felsökningsspårning." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:160 +msgid "" +"In case SSSD is run with debug_level less than 9, everything is logged to a " +"ring buffer in memory and flushed to a log file on any error up to and " +"including `min(0x0040, debug_level)` (i.e. if debug_level is explicitly set " +"to 0 or 1 then only those error levels will trigger backtrace, otherwise up " +"to 2)." +msgstr "" +"Ifall SSSD körs med debug_level mindre än 9 loggas allting till en " +"ringbuffert i minnet och skrivs till en loggfil när nägot fel upp till och " +"inklusive ”min(0x0040, debug_level)” (d.v.s. om debug_level uttryckligen är " +"satt till 0 eller 1 kommer endast dessa felnivåer att orsaka en spårning, " +"annars upp till 2)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:169 +msgid "" +"Feature is only supported for `logger == files` (i.e. setting doesn't have " +"effect for other logger types)." +msgstr "" +"Funktionen stödjs endast för ”logger == files” (d.v.s. att sätta denna har " +"ingen effekt för andra loggningstyper)." + +#. type: Content of: outside any tag (error?) +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 +#: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 +#: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 +#: sssd-ldap-attributes.5.xml:890 sssd-ldap-attributes.5.xml:987 +#: sssd-ldap-attributes.5.xml:1045 sssd-ldap-attributes.5.xml:1203 +#: sssd-ldap-attributes.5.xml:1248 include/autofs_attributes.xml:1 +#: include/krb5_options.xml:1 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:182 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "Flaggor användbara i sektionerna SERVICE och DOMAIN" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:186 +msgid "timeout (integer)" +msgstr "timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:189 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests. Note " +"that after three missed heartbeats the process will terminate itself." +msgstr "" +"Tidsgräns i sekunder mellan hjärtslag för denna tjänst. Detta används för " +"att säkerställa att processen lever och kan svara på begäranden. Observera " +"att efter tre missade hjärtslag kommer processen avsluta sig själv." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +msgid "Default: 10" +msgstr "Standard: 10" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:206 +msgid "SPECIAL SECTIONS" +msgstr "SPECIALSEKTIONER" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:209 +msgid "The [sssd] section" +msgstr "Sektionen [sssd]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><title> +#: sssd.conf.5.xml:218 +msgid "Section parameters" +msgstr "Sektionsparametrar" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:220 +msgid "config_file_version (integer)" +msgstr "config_file_version (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:223 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" +"Indikerar vilken syntaxen är i konfigurationsfilen. SSSD 0.6.0 och senare " +"använder version 2." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:229 +msgid "services" +msgstr "services" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:232 +msgid "" +"Comma separated list of services that are started when sssd itself starts. " +"<phrase condition=\"have_systemd\"> The services' list is optional on " +"platforms where systemd is supported, as they will either be socket or D-Bus " +"activated when needed. </phrase>" +msgstr "" +"Kommaseparerad lista av tjänster som startas när sssd själv startas. " +"<phrase condition=\"have_systemd\"> Tjänstelistan är frivillig på " +"plattformar där systemd stödjs, eftersom de antingen kommer vara uttags- " +"eller D-Bus-aktiverade vid behov. </phrase>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:241 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" +msgstr "" +"Tjänster som stödjs: nss, pam <phrase condition=\"with_sudo\">, sudo</" +"phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:249 +msgid "" +"<phrase condition=\"have_systemd\"> By default, all services are disabled " +"and the administrator must enable the ones allowed to be used by executing: " +"\"systemctl enable sssd-@service@.socket\". </phrase>" +msgstr "" +"<phrase condition=\"have_systemd\"> Som standard är alla tjänster " +"avaktiverade och administratören måste aktivera de tillåtna genom att köra: " +"”systemctl enable sssd-@service@.socket\". </phrase>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 +msgid "reconnection_retries (integer)" +msgstr "reconnection_retries (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" +"Antal gånger som tjänster skall försöka återansluta i händelse av en " +"dataleverantörskrasch eller -omstart innan de ger upp" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 +#: include/failover.xml:100 +msgid "Default: 3" +msgstr "Standard: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:271 +msgid "domains" +msgstr "domains" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:274 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter describes the list of domains in the order you want " +"them to be queried. A domain name is recommended to contain only " +"alphanumeric ASCII characters, dashes, dots and underscores. '/' character " +"is forbidden." +msgstr "" +"En domän är en databas som innehåller användarinformation. SSSD kan använda " +"flera domäner på samma gång, men åtminstone en måste vara konfigurerad, " +"annars kommer inte SSSD starta. Denna parameter beskriver listan av domäner " +"i den ordning du vill att de skall tillfrågas. Ett domännamn rekommenderas " +"endast att bestå av alfanumeriska ASCII-tecken, bindestreck, punkter och " +"understrykningstecken. Tecknet ”/” är förbjudet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 +msgid "re_expression (string)" +msgstr "re_expression (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:290 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" +"Reguljärt standarduttryck som beskriver hur man skall tolka strängen som " +"innehåller användarnamnet och domänen in i dessa komponenter." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:295 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN SECTIONS " +"for more info on these regular expressions." +msgstr "" +"Varje domän kan ha ett eget reguljärt uttryck konfigurerat. För några ID-" +"leverantörer finns det också reguljära standarduttryck. Se DOMÄNSEKTIONER " +"för mer information om dessa reguljära uttryck." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 +msgid "full_name_format (string)" +msgstr "full_name_format (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" +"Ett <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-kompatibelt format som beskriver hur man sätter " +"samman ett fullständigt kvalificerat namn från namn- och domänkomponenter." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 +msgid "%1$s" +msgstr "%1$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 +msgid "user name" +msgstr "användarnamn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 +msgid "%2$s" +msgstr "%2$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 +msgid "domain name as specified in the SSSD config file." +msgstr "domännamn som det anges i SSSD-konfigurationsfilen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 +msgid "%3$s" +msgstr "%3$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" +"platt domännamn. Huvudsakligen användbart för Active Directory-domäner, både " +"direkt konfigurerade eller hittade via IPA-förtroenden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"Följande utvidgningar stödjs: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:344 +msgid "" +"Each domain can have an individual format string configured. See DOMAIN " +"SECTIONS for more info on this option." +msgstr "" +"Varje domän kan ha en egen formatsträng konfigurerad. Se DOMÄNSEKTIONER för " +"mer information om detta alternativ." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:350 +msgid "monitor_resolv_conf (boolean)" +msgstr "monitor_resolv_conf (boolean)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:353 +msgid "" +"Controls if SSSD should monitor the state of resolv.conf to identify when it " +"needs to update its internal DNS resolver." +msgstr "" +"Styr om SSSD skall övervaka tillståndet för resolv.conf för att identifiera " +"när den behöver uppdatera sin interna DNS-uppslagare." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:363 +msgid "try_inotify (boolean)" +msgstr "try_inotify (boolean)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:366 +msgid "" +"By default, SSSD will attempt to use inotify to monitor configuration files " +"changes and will fall back to polling every five seconds if inotify cannot " +"be used." +msgstr "" +"Som standard kommer SSSD försöka använda inotify för att övervaka ändringar " +"av konfigurationsfiler och kommer gå tillbaka till att polla var femte " +"sekund om inotify inte kan användas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" +"Det finns vissa situationer när det är att föredra att vi skall hoppa över " +"att ens försöka att använda inotify. I dessa sällsynta fall skall detta " +"alternativ sättas till ”false”" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:378 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" +"Standard: true på plattformar där inotify stödjs. False på andra plattformar." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:382 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" +"Obs: detta alternativ kommer inte ha någon effekt på plattformar där inotify " +"inte är tillgängligt. På dessa plattformar kommer pollning alltid användas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:389 +msgid "krb5_rcache_dir (string)" +msgstr "krb5_rcache_dir (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" +"Katalog i filsystemet där SSSD skall spara Kerberos-cachefiler för " +"återuppspelning." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:396 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" +"Detta alternativ godtar ett specialvärde __LIBKRB5_DEFAULTS__ som kommer " +"instruera SSSD att låta libkrb5 bestämma den lämpliga platsen för " +"cachefilerna för återuppspelning." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:402 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" +"Standard: distributionsspecifikt och anges vid byggtillfället. " +"(__LIBKRB5_DEFAULTS__ om inte konfigurerat)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:409 +msgid "user (string)" +msgstr "user (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:412 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user. Currently the only supported value is '&sssd_user_name;'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:419 +#, fuzzy +#| msgid "" +#| "The user to drop the privileges to where appropriate to avoid running as " +#| "the root user. <phrase condition=\"have_systemd\"> This option does not " +#| "work when running socket-activated services, as the user set up to run " +#| "the processes is set up during compilation time. The way to override the " +#| "systemd unit files is by creating the appropriate files in /etc/systemd/" +#| "system/. Keep in mind that any change in the socket user, group or " +#| "permissions may result in a non-usable SSSD. The same may occur in case " +#| "of changes of the user running the NSS responder. </phrase>" +msgid "" +"This option does not work when running socket-activated services, as the " +"user set up to run the processes is set up during compilation time. The way " +"to override the systemd unit files is by creating the appropriate files in /" +"etc/systemd/system/. Keep in mind that any change in the socket user, group " +"or permissions may result in a non-usable SSSD. The same may occur in case " +"of changes of the user running the NSS responder." +msgstr "" +"Användaren att släppa privilegierna till där det är tillämpligt för att " +"undvika att köra som användaren root. <phrase " +"condition=\"have_systemd\">Detta alternativ fungerar vid körning som " +"uttagsaktiverade tjänster, eftersom användaren som anges för att köra " +"processerna anges vid kompileringstillfället. Sättet att åsidosätta systemd " +"unit-filerna är genom att skapa de tillämpliga i /etc/systemd/system/. Kom " +"ihåg att eventuella ändringar av uttagets användare, grupp eller rättigheter " +"kan resultera i en oanvändbar SSSD. Samma sak kan hända vid ändring av " +"användaren som kör NSS-respondenten.</phrase>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:433 +msgid "Default: not set, process will run as root" +msgstr "Standard: inte angivet, processer kommer köra som root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:438 +msgid "default_domain_suffix (string)" +msgstr "default_domain_suffix (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:441 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" +"Strängen kommer användas som ett standardnamn för domänen för alla namn utan " +"en domännamnsdel. Det huvudsakliga användningsfallet är miljöer där " +"primärdomänen är avsedd för hantering av värdpolicyer och alla användare är " +"placerade i en betrodd domän. Alternativet låter dessa användare att logga " +"in med bara sitt användarnamn utan att dessutom ange ett domännamn." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:451 +#, fuzzy +#| msgid "" +#| "Please note that if this option is set all users from the primary domain " +#| "have to use their fully qualified name, e.g. user@domain.name, to log in. " +#| "Setting this option changes default of use_fully_qualified_names to True. " +#| "It is not allowed to use this option together with " +#| "use_fully_qualified_names set to False. One exception from this rule are " +#| "domains with <quote>id_provider=files</quote> that always try to match " +#| "the behaviour of nss_files and therefore their output is not qualified " +#| "even when the default_domain_suffix option is used." +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False. <phrase condition=\"with_files_provider\"> One exception from " +"this rule are domains with <quote>id_provider=files</quote> that always try " +"to match the behaviour of nss_files and therefore their output is not " +"qualified even when the default_domain_suffix option is used. </phrase>" +msgstr "" +"Observera att om denna flagga är satt måste alla användare från den primära " +"domänen använda sina fullständiga namn, t.ex. användare@domän.namn, för att " +"logga in. Att sätta denna flagga ändrar standardvärdet till " +"use_fully_qualified_names till Sant. Det är inte tillåtet att använda denna " +"flagga tillsammans med use_fully_qualified_names satt till Falskt. Ett " +"undantag från denna regel är domäner med <quote>id_provider=files</quote> " +"som alltid försöker matcha beteendet hos nss_files och därför är deras " +"utdata inte kvalificerat ens när flaggan default_domain_suffix används." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 +#: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 +#: include/krb5_options.xml:148 +msgid "Default: not set" +msgstr "Standard: inte satt" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:473 +msgid "override_space (string)" +msgstr "override_space (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:476 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" +"Denna parameter kommer ersätta blanksteg (mellanslag) med det angivna " +"tecknet i användar- och gruppnamn, t.ex. (_). Användarnamnet "sven " +"svensson" blir "sven_svensson" Denna funktion lades till för " +"att hjälpa till med kompatibiliteten med skalskript som har svårigheter att " +"hantera blanka, på grund av att det är standardfältseparatorn i skalet." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:485 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" +"Observera att det är ett konfigurationsfel att använda ett ersättningstecken " +"som kan användas i användar- eller gruppnamn. Om ett namn innehåller " +"ersättningstecknet försöker SSSD att returnera det omodifierade namnet men i " +"allmänhet är resultatet av en uppslagning odefinierat." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "Default: not set (spaces will not be replaced)" +msgstr "Standard: inte satt (blanka kommer inte ersättas)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:498 +msgid "certificate_verification (string)" +msgstr "certificate_verification (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:506 +msgid "no_ocsp" +msgstr "no_ocsp" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:508 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" +"Avaktiverar kontroller enligt Online Certificate Status Protocol (OCSP). " +"Detta kan behövas om OCSP-servrarna som definieras i certifikatet inte är " +"nåbara från klienten." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:516 +msgid "soft_ocsp" +msgstr "soft_ocsp" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:518 +msgid "" +"If a connection cannot be established to an OCSP responder the OCSP check is " +"skipped. This option should be used to allow authentication when the system " +"is offline and the OCSP responder cannot be reached." +msgstr "" +"Om en anslutning inte kan etableras till en OCSP-respondent hoppas OCSP-" +"kontrollen över. Denna flagga skall användas för att tillåta autentisering " +"när systemet är frånkopplat och OCSP-respondenten inte kan nås." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:528 +msgid "ocsp_dgst" +msgstr "ocsp_dgst" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "" +"Digest (hash) function used to create the certificate ID for the OCSP " +"request. Allowed values are:" +msgstr "" +"Kontrollsumme- (hash-)funktion som används för att skapa certifikats-ID för " +"OCSP-begäran. Tillåtna värden är:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:534 +msgid "sha1" +msgstr "sha1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:535 +msgid "sha256" +msgstr "sha256" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:536 +msgid "sha384" +msgstr "sha384" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:537 +msgid "sha512" +msgstr "sha512" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:540 +msgid "Default: sha1 (to allow compatibility with RFC5019-compliant responder)" +msgstr "" +"Standard: sha1 (för att tillåta kompatibilitet med respondenter som följer " +"RFC5019)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:546 +msgid "no_verification" +msgstr "no_verification" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:548 +msgid "" +"Disables verification completely. This option should only be used for " +"testing." +msgstr "" +"Avaktiverar helt verifiering. Detta alternativ skall endast användas för " +"testning." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "partial_chain" +msgstr "partial_chain" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:556 +msgid "" +"Allow verification to succeed even if a <replaceable>complete</replaceable> " +"chain cannot be built to a self-signed trust-anchor, provided it is possible " +"to construct a chain to a trusted certificate that might not be self-signed." +msgstr "" +"Tillåt verifikationen att lyckas även om en <replaceable>fullständig</" +"replaceable> kedja inte kan byggas till ett självsignerat förtroendeankare, " +"förutsatt att det är möjligt att konstruera en kedja till ett betrott " +"certifikat som inte behöver vara självsignerat." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:565 +msgid "ocsp_default_responder=URL" +msgstr "ocsp_default_responder=URL" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:567 +msgid "" +"Sets the OCSP default responder which should be used instead of the one " +"mentioned in the certificate. URL must be replaced with the URL of the OCSP " +"default responder e.g. http://example.com:80/ocsp." +msgstr "" +"Anger standard-OCSP-respondent som skall användas istället för den som nämns " +"i certifikatet. URL:en måste ersättas med URL:en till standard-OCSP-" +"respondenten t.ex. http://example.com:80/ocsp." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:577 +msgid "ocsp_default_responder_signing_cert=NAME" +msgstr "ocsp_default_responder_signing_cert=NAMN" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:579 +msgid "" +"This option is currently ignored. All needed certificates must be available " +"in the PEM file given by pam_cert_db_path." +msgstr "" +"Detta alternativ ignoreras för närvarande. Alla nödvändiga certifikat måste " +"vara tillgängliga i PEM-filen som anges av pam_cert_db_path." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:587 +msgid "crl_file=/PATH/TO/CRL/FILE" +msgstr "crl_file=/SÖKVÄG/TILL/CRL/FIL" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:589 +msgid "" +"Use the Certificate Revocation List (CRL) from the given file during the " +"verification of the certificate. The CRL must be given in PEM format, see " +"<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</" +"manvolnum> </citerefentry> for details." +msgstr "" +"Använd certifikatåterkallelselistan (Certificate Revocation List, CRL) från " +"den givna filen under verifikationen av certifikatet. CRL:en måste ges i PEM-" +"format, se <citerefentry> <refentrytitle>crl</refentrytitle> " +"<manvolnum>1ssl</manvolnum> </citerefentry> för detaljer." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:602 +msgid "soft_crl" +msgstr "soft_crl" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:605 +msgid "" +"If a Certificate Revocation List (CRL) is expired ignore the CRL checks for " +"the related certificates. This option should be used to allow authentication " +"when the system is offline and the CRL cannot be renewed." +msgstr "" +"Om en certifikatåterkalleleselista (CRL) gått ut, ignorera CRL-kontroller " +"för de relaterade certifikaten. Denna flagga skall användas för att tillåta " +"autentisering när systemet är frånkopplat och CRL:en inte kan förnyas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Med denna parameter kan verifieringen av certifikatet justeras med en " +"kommaseparerad lista av alternativ. Alternativ som stödjs är <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:616 +msgid "Unknown options are reported but ignored." +msgstr "Okända alternativ rapporteras men ignoreras." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:619 +msgid "Default: not set, i.e. do not restrict certificate verification" +msgstr "Standard: inte satt, d.v.s begränsa inte certifikatverifieringen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:625 +msgid "disable_netlink (boolean)" +msgstr "disable_netlink (boolean)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "" +"SSSD hooks into the netlink interface to monitor changes to routes, " +"addresses, links and trigger certain actions." +msgstr "" +"SSSD-hakar in i netlink-gränssnittet för att övervaka förändringar av " +"rutter, adresser, länkar och utlösa vissa åtgärder." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:633 +msgid "" +"The SSSD state changes caused by netlink events may be undesirable and can " +"be disabled by setting this option to 'true'" +msgstr "" +"Förändringar av SSSD-tillståndet från netlink-händelser kan vara opålitliga " +"och kan avaktiveras genom att sätta detta alternativ till ”true”" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:638 +msgid "Default: false (netlink changes are detected)" +msgstr "Standard: false (netlink-förändringar detekteras)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:643 +msgid "enable_files_domain (boolean)" +msgstr "enable_files_domain (boolean)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:646 +msgid "" +"When this option is enabled, SSSD prepends an implicit domain with " +"<quote>id_provider=files</quote> before any explicitly configured domains." +msgstr "" +"När detta alternativ är aktiverat skjuter SSSD in en implicit domän med " +"<quote>id_provider=files</quote> före några explicit konfigurerade domäner." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:657 +msgid "domain_resolution_order" +msgstr "domain_resolution_order" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:660 +msgid "" +"Comma separated list of domains and subdomains representing the lookup order " +"that will be followed. The list doesn't have to include all possible " +"domains as the missing domains will be looked up based on the order they're " +"presented in the <quote>domains</quote> configuration option. The " +"subdomains which are not listed as part of <quote>lookup_order</quote> will " +"be looked up in a random order for each parent domain." +msgstr "" +"Kommaseparerad lista av domäner och underdomäner som representerar ordningen " +"av uppslagningar skall följa. Listan behöver inte innehålla alla möjliga " +"domäner eftersom de saknade domänerna kommer slås upp baserat på ordningen " +"de presenteras i konfigurationsalternativet <quote>domains</quote>. " +"Underdomäner som inte är listade som en del av <quote>lookup_order</quote> " +"kommer slås upp i en slumpvis ordning för varje föräldradomän." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:672 +#, fuzzy +#| msgid "" +#| "Please, note that when this option is set the output format of all " +#| "commands is always fully-qualified even when using short names for input, " +#| "for all users but the ones managed by the files provider. In case the " +#| "administrator wants the output not fully-qualified, the full_name_format " +#| "option can be used as shown below: <quote>full_name_format=%1$s</quote> " +#| "However, keep in mind that during login, login applications often " +#| "canonicalize the username by calling <citerefentry> " +#| "<refentrytitle>getpwnam</refentrytitle> <manvolnum>3</manvolnum> </" +#| "citerefentry> which, if a shortname is returned for a qualified input " +#| "(while trying to reach a user which exists in multiple domains) might re-" +#| "route the login attempt into the domain which uses shortnames, making " +#| "this workaround totally not recommended in cases where usernames may " +#| "overlap between domains." +msgid "" +"Please, note that when this option is set the output format of all commands " +"is always fully-qualified even when using short names for input <phrase " +"condition=\"with_files_provider\"> , for all users but the ones managed by " +"the files provider </phrase>. In case the administrator wants the output " +"not fully-qualified, the full_name_format option can be used as shown below: " +"<quote>full_name_format=%1$s</quote> However, keep in mind that during " +"login, login applications often canonicalize the username by calling " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> which, if a shortname is returned for a qualified " +"input (while trying to reach a user which exists in multiple domains) might " +"re-route the login attempt into the domain which uses shortnames, making " +"this workaround totally not recommended in cases where usernames may overlap " +"between domains." +msgstr "" +"Observera att när detta alternativ är satt är alltid utmatningsformatet för " +"alla kommandon helt kvalificerat även när kortnamn används för indata, för " +"alla användare utom de som hanteras av filleverantörer. Ifall " +"administratören vill att utdata inte skall vara fullständigt kvalificerat " +"kan alternativet full_name_format anges som visas nedan: " +"<quote>full_name_format=%1$s</quote> Kom dock ihåg att under inloggningen " +"kanoniserar inloggningsprogram ofta användarnamnet genom att anropa " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> som, om ett kortnamn returneras för en " +"kvalificerad inmatning (vid försök att nå en användare som finns i flera " +"domäner) kan dirigera om inloggningsförsöket till domänen som använder " +"kortnamn, vilket gör att denna metod absolut inte rekommenderas i fall där " +"användarnamn kan överlappa mellan domäner." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 +#: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 +msgid "Default: Not set" +msgstr "Standard: inte satt" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:705 +msgid "implicit_pac_responder (boolean)" +msgstr "implicit_pac_responder (boolean)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:708 +msgid "" +"The PAC responder is enabled automatically for the IPA and AD provider to " +"evaluate and check the PAC. If it has to be disabled set this option to " +"'false'." +msgstr "" +"PAC-respondenten aktiveras automatiskt för IPA- och AD-leverantörerna för " +"att utvärdera och kontrollera PAC:en. Om den måste avaktiveras sätt detta " +"alternativ till ”false”." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:719 +msgid "core_dumpable (boolean)" +msgstr "core_dumpable (boolean)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:722 +msgid "" +"This option can be used for general system hardening: setting it to 'false' " +"forbids core dumps for all SSSD processes to avoid leaking plain text " +"passwords. See man page prctl:PR_SET_DUMPABLE for details." +msgstr "" +"Detta alternativ kan användas för allmän förstärkning: att sätta det till " +"”false” förbjuder kärndumpar för alla SSSD-processer för att undvika att " +"klartextlösenord läcker. Se manualsidan prctl:PR_SET_DUMPABLE för detaljer." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:734 +#, fuzzy +#| msgid "pam_cert_verification (string)" +msgid "passkey_verification (string)" +msgstr "pam_cert_verification (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +#, fuzzy +#| msgid "pam_cert_verification (string)" +msgid "user_verification (boolean)" +msgstr "pam_cert_verification (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:744 +msgid "" +"Enable or disable the user verification (i.e. PIN, fingerprint) during " +"authentication. If enabled, the PIN will always be requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:750 +msgid "" +"The default is that the key settings decide what to do. In the IPA or " +"kerberos pre-authentication case, this value will be overwritten by the " +"server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +#, fuzzy +#| msgid "" +#| "With this parameter the certificate verification can be tuned with a " +#| "comma separated list of options. Supported options are: <placeholder " +#| "type=\"variablelist\" id=\"0\"/>" +msgid "" +"With this parameter the passkey verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Med denna parameter kan verifieringen av certifikatet justeras med en " +"kommaseparerad lista av alternativ. Alternativ som stödjs är <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:211 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Enskilda delar av SSSD-funktionalitet tillhandahålls av speciella SSSD-" +"tjänster som startas och stoppas tillsammans med SSSD. Tjänsterna hanteras " +"av en speciell tjänst som ofta kallas <quote>monitor</quote>. Sektionen " +"<quote>[sssd]</quote> används för att konfigurera övervakaren såväl som " +"andra viktiga alternativ som identitetsdomänerna. <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:769 +msgid "SERVICES SECTIONS" +msgstr "TJÄNSTESEKTIONER" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:771 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" +"Inställningar som kan användas för att konfigurera olika tjänster beskrivs i " +"detta avsnitt. De skall ligga i sektionen [<replaceable>$NAME</" +"replaceable>], till exempel, för tjänsten NSS skulle sektionen vara " +"<quote>[nss]</quote>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:778 +msgid "General service configuration options" +msgstr "Allmänna alternativ för tjänstekonfiguration" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:780 +msgid "These options can be used to configure any service." +msgstr "Dessa alternativ kan användas för att konfigurera alla tjänster." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:797 +msgid "fd_limit" +msgstr "fd_limit" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:800 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" +"Detta alternativ anger det maximala antalet filbeskrivare som kan öppnas på " +"en gång av denna SSSD-process. På system där SSSD ges förmågan " +"CAP_SYS_RESOURCE kommer detta vara en absolut inställning. På system utan " +"denna förmåga kommer det resulterande värdet vara det lägre av detta värde " +"och den ”hårda” gränsen i limits.conf." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "Standard: 8192 (eller den ”hårda” gränsen i limits.conf)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:814 +msgid "client_idle_timeout" +msgstr "client_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:817 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system. The timeout " +"can't be shorter than 10 seconds. If a lower value is configured, it will be " +"adjusted to 10 seconds." +msgstr "" +"Detta alternativ anger antalet sekunder som en klient till en SSSD-process " +"kan hålla fast i en filbeskrivare utan att kommunicera över den. Detta värde " +"är begränsat för att undvika att resurserna på systemet tar slut. " +"Tidsgränsen kan inte vara kortare än 10 sekunder. Om ett lägre värde " +"konfigureras kommer det att justeras till 10 sekunder." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "Default: 60, KCM: 300" +msgstr "Standard: 60, KCM: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:831 +msgid "offline_timeout (integer)" +msgstr "offline_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:834 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. By " +"default SSSD uses incremental behaviour to calculate delay in between " +"retries. So, the wait time for a given retry will be longer than the wait " +"time for the previous ones. After each unsuccessful attempt to go online, " +"the new interval is recalculated by the following:" +msgstr "" +"När SSSD byter till frånkopplat läge, kommer tiden före den försöker gå " +"tillbaka till uppkopplat läge öka baserat på tiden tillbringad frånkopplad. " +"Som standard använder SSSD ett inkrementellt beteende för att beräkna " +"fördröjningen mellan återförsök. Så, väntetiden för ett givet återförsök " +"kommer vara längre än väntetiden för det föregående. Efter varje misslyckat " +"försök att bli uppkopplat beräknas det nya intervallet om enligt följande:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 +msgid "" +"new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." +"offline_timeout_random_offset]" +msgstr "" +"ny_fördröjning = Minimum(gammal_fördröjning * 2, offline_timeout_max) + " +"slumpvärde[0…offline_timeout_random_offset]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:848 +msgid "" +"The offline_timeout default value is 60. The offline_timeout_max default " +"value is 3600. The offline_timeout_random_offset default value is 30. The " +"end result is amount of seconds before next retry." +msgstr "" +"Standardvärdet för offline_timeout är 60. Standardvärdet på " +"offline_timeout_max är 3600. Standardvärdet på offline_timeout_random_offset " +"är 30. Slutresultatet är antalet sekunder före nästa omförsök." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:854 +msgid "" +"Note that the maximum length of each interval is defined by " +"offline_timeout_max (apart of random part)." +msgstr "" +"Observera att den maximala längde på varje intervall definieras av " +"offline_timeout_max (förutom slumpdelen)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 +msgid "Default: 60" +msgstr "Standard: 60" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:863 +msgid "offline_timeout_max (integer)" +msgstr "offline_timeout_max (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:866 +msgid "" +"Controls by how much the time between attempts to go online can be " +"incremented following unsuccessful attempts to go online." +msgstr "" +"Styr med hur mycket tiden mellan försök att ansluta kan ökas efter ett " +"misslyckat försök att koppla upp." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:871 +msgid "A value of 0 disables the incrementing behaviour." +msgstr "Ett värde på 0 avaktiverar det ökande beteendet." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:874 +msgid "" +"The value of this parameter should be set in correlation to offline_timeout " +"parameter value." +msgstr "" +"Värdet på denna parameter skall sättas i korrelation med parametervärdet " +"offline_timeout." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "" +"With offline_timeout set to 60 (default value) there is no point in setting " +"offlinet_timeout_max to less than 120 as it will saturate instantly. General " +"rule here should be to set offline_timeout_max to at least 4 times " +"offline_timeout." +msgstr "" +"Med offline_timout satt till 60 (standardvärdet) är det ingen poäng i att " +"sätta ofline_timeout_max till mindre än 120 eftersom det kommer mättas " +"omedelbart. En allmän regel här bör vara att sätta offline_timeout_max till " +"åtminstone 4 gånger offline_timeout." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "" +"Although a value between 0 and offline_timeout may be specified, it has the " +"effect of overriding the offline_timeout value so is of little use." +msgstr "" +"Även om ett värde mellan 0 och offline_timeout kan anges har det effekten " +"att åsidosätta värdet offline_timeout så det är inte så användbart." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:889 +msgid "Default: 3600" +msgstr "Standard: 3600" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:894 +msgid "offline_timeout_random_offset (integer)" +msgstr "offline_timeout_random_offset (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:897 +msgid "" +"When SSSD is in offline mode it keeps probing backend servers in specified " +"time intervals:" +msgstr "" +"När SSSD är i frånkopplat läge fortsätter den att prova bakändesservrar med " +"angivna tidsintervall:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:904 +msgid "" +"This parameter controls the value of the random offset used for the above " +"equation. Final random_offset value will be random number in range:" +msgstr "" +"Denna parameter styr värdet på den slumpvisa förskjutningen som används i " +"ovanstående ekvation. Det slutliga random_offset-värdet kommer vara ett " +"slumptal i intervallet:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "[0 - offline_timeout_random_offset]" +msgstr "[0 – offline_timeout_random_offset]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:912 +msgid "A value of 0 disables the random offset addition." +msgstr "Ett värde på 0 avaktiverar tillägget av en slumpfördröjning." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:915 +msgid "Default: 30" +msgstr "Standard: 30" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:920 +msgid "responder_idle_timeout" +msgstr "responder_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:923 +msgid "" +"This option specifies the number of seconds that an SSSD responder process " +"can be up without being used. This value is limited in order to avoid " +"resource exhaustion on the system. The minimum acceptable value for this " +"option is 60 seconds. Setting this option to 0 (zero) means that no timeout " +"will be set up to the responder. This option only has effect when SSSD is " +"built with systemd support and when services are either socket or D-Bus " +"activated." +msgstr "" +"Detta alternativ anger antalet sekunder som en SSSD-respondentprocess kan " +"vara uppe utan att användas. Detta värde är begränsat för att undvika att " +"resurserna på systemet tar slut. Det minsta acceptabla värdet för detta " +"alternativ är 60 sekunder. Att sätta detta alternativ till 0 (noll) betyder " +"att ingen tidsgräns kommer att sättas av respondenten. Detta alternativ har " +"bara effekt när SSSD är byggt med stöd för systemd och när tjänster är " +"antingen uttags- eller D-Bus-aktiverade." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 +msgid "Default: 300" +msgstr "Standard: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:942 +msgid "cache_first" +msgstr "cache_first" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 +msgid "" +"This option specifies whether the responder should query all caches before " +"querying the Data Providers." +msgstr "" +"Detta alternativ anger huruvida respondenten skall fråga alla cachar före " +"den frågar dataleverantörerna." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:960 +msgid "NSS configuration options" +msgstr "NSS-konfigurationsalternativ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:962 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" +"Dessa alternativ kan användas för att konfigurera tjänsten Name Service " +"Switch (NSS)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:967 +msgid "enum_cache_timeout (integer)" +msgstr "enum_cache_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:970 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" +"Hur många sekunder skall nss_sss cacha uppräkningar (begäranden för " +"information om alla användare)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:974 +msgid "Default: 120" +msgstr "Standard: 120" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:979 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "entry_cache_nowait_percentage (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:982 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" +"Cachen över poster kan ställas in att automatiskt uppdatera poster i " +"bakgrunden om de begärs utöver en procentsats av värdet entry_cache_timeout " +"för domänen." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:988 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" +"Till exempel, om domänens entry_cache_timeout är satt till 30 s och " +"entry_cache_nowait_percentage är satt till 50 (procent) kommer poster som " +"kommer in 15 sekunder efter den sista cacheuppdateringen returneras " +"omedelbart, men SSSD kommer att ta och uppdatera cachen på egen hand, så att " +"framtida begäranden kommer behöva blockera i väntan på en cacheuppdatering." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:998 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" +"Giltiga värden för detta alternativ är 0-99 och representerar en procentsats " +"av entry_cache_timeout för varje domän. Av prestandaskäl kommer denna " +"procentsats aldrig reducera nowait-tidsgränser till mindre än 10 sekunder. " +"(0 avaktiverar denna funktion)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 +msgid "Default: 50" +msgstr "Standard: 50" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1011 +msgid "entry_negative_timeout (integer)" +msgstr "entry_negative_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"Anger hur många sekunder nss_sss cachar negativa cacheträffar (det vill " +"säga, frågor om ogiltiga databasposter, som sådana som inte finns) innan " +"bakänden tillfrågas igen." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 +msgid "Default: 15" +msgstr "Standard: 15" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1025 +msgid "local_negative_timeout (integer)" +msgstr "local_negative_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1028 +msgid "" +"Specifies for how many seconds nss_sss should keep local users and groups in " +"negative cache before trying to look it up in the back end again. Setting " +"the option to 0 disables this feature." +msgstr "" +"Anger hur många sekunder nss_sss skall hålla lokala användare och grupper i " +"en negativ cache före den försöker slå upp dem i bakänden igen. Att ställa " +"in alternativet till 0 avaktiverar denna funktion." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "Default: 14400 (4 hours)" +msgstr "Standard: 14400 (4 timmar)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1039 +msgid "filter_users, filter_groups (string)" +msgstr "filter_users, filter_groups (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1042 +msgid "" +"Exclude certain users or groups from being fetched from the sss NSS " +"database. This is particularly useful for system accounts. This option can " +"also be set per-domain or include fully-qualified names to filter only users " +"from the particular domain or by a user principal name (UPN)." +msgstr "" +"Uteslut vissa användare eller grupper från att hämtas från sss NSS-" +"databasen. Detta är särskilt användbart för systemkonton. Detta alternativ " +"kan också anges per domän eller inkludera fullständigt kvalificerade namn " +"för att filtrera endast användare från den angivna domänen eller efter ett " +"användarhuvudmansnamn (UPN)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1050 +msgid "" +"NOTE: The filter_groups option doesn't affect inheritance of nested group " +"members, since filtering happens after they are propagated for returning via " +"NSS. E.g. a group having a member group filtered out will still have the " +"member users of the latter listed." +msgstr "" +"OBS: alternativet filter_groups påverkar inte arvet av nästade " +"gruppmedlemmar, eftersom filtrering sker efter att de propagerats för att " +"returnera via NSS. T.ex. en grupp som har en medlemsgrupp bortfiltrerad " +"kommer fortfarande ha medlemsanvändarna i den senare listade." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1058 +msgid "Default: root" +msgstr "Standard: root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1063 +msgid "filter_users_in_groups (bool)" +msgstr "filter_users_in_groups (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1066 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" +"Om du vill att filtrerade användare fortfarande skall vara gruppmedlemmar " +"sätt då detta alternativ till false." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1077 +msgid "fallback_homedir (string)" +msgstr "fallback_homedir (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1080 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" +"Ange en standardmall för en användares hemkatalog om ingen uttryckligen " +"anges av domänens dataleverantör." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1085 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" +"De tillgängliga värdena för detta alternativ är samma som för " +"override_homedir." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1091 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" +"fallback_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "exempel: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1095 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "Standard: inte satt (ingen ersättning för ej angivna hemkataloger)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1101 +msgid "override_shell (string)" +msgstr "override_shell (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1104 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" +"Åsidosätt inloggningsskalet för alla användare. Detta alternativ går före " +"alla andra skalalternativ om det har effekt och kan sättas antingen i " +"sektionen [nss] eller per domän." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" +"Standard: inte angivet (SSSD kommer använda värdet som hämtats från LDAP)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1116 +msgid "allowed_shells (string)" +msgstr "allowed_shells (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1119 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" +"Begränsa användarskal till ett av de listade värdena. Beräkningsordningen är:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1122 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "1. Om skalet finns i <quote>/etc/shells</quote> används det." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1126 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" +"2. Om skalet finns i listan allowed_shells men inte i <quote>/etc/shells</" +"quote>, använd värdet på parametern shell_fallback." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1131 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" +"3. Om skalet inte finns i listan allowed_shells och inte i <quote>/etc/" +"shells</quote> används ett nologin-skal." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1136 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "Jokertecknet (*) kan användas för att tillåta godtyckligt skal." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1139 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" +"(*) är användbart om du vill använda shell_fallback ifall den användarens " +"skal inte finns i <quote>/etc/shells</quote> och att underhålla listan över " +"alla skal i allowed_shells skulle vara för mycket overhead." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1146 +msgid "An empty string for shell is passed as-is to libc." +msgstr "En tom sträng som skal skickas som den är till libc." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1149 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" +"<quote>/etc/shells</quote> läses bara vid uppstart av SSSD, vilket betyder " +"att en omstart av SSSD behövs ifall ett nytt skal installeras." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1153 +msgid "Default: Not set. The user shell is automatically used." +msgstr "Standard: inte satt. Användarens skal används automatiskt." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1158 +msgid "vetoed_shells (string)" +msgstr "vetoed_shells (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1161 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "Ersätt alla instanser av dessa skal med shell_fallback" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1166 +msgid "shell_fallback (string)" +msgstr "shell_fallback (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1169 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" +"Standardskalet att använda om ett tillåtet skal inte är installerat på " +"maskinen." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1173 +msgid "Default: /bin/sh" +msgstr "Standard: /bin/sh" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1178 +msgid "default_shell" +msgstr "default_shell" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1181 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" +"Standardskalet att använda om leverantören inte returnerar något under " +"uppslagningen. Detta alternativ kan anges globalt i sektionen [nss] eller " +"per domän." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1187 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" +"Standard: inte satt (Returnera NULL om inget skal är angivet och lita på att " +"libc ersätter med något rimligt när nödvändigt, vanligen /bin/sh)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 +msgid "get_domains_timeout (int)" +msgstr "get_domains_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" +"Anger tiden i sekunder under vilken listan av underdomäner kommer betraktas " +"som giltiga." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1206 +msgid "memcache_timeout (integer)" +msgstr "memcache_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1209 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid. Setting this option to zero will disable the in-memory cache." +msgstr "" +"Anger tiden i sekunder under vilken poster i minnescachen kommer vara " +"giltiga. Att sätta detta alternativ till noll kommer avaktivera cachen i " +"minnet." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1217 +msgid "" +"WARNING: Disabling the in-memory cache will have significant negative impact " +"on SSSD's performance and should only be used for testing." +msgstr "" +"VARNING: att avaktivera cachen i minnet kommer ha signifikant negativ " +"påverkan på SSSD:s prestanda och skall bara användas för testning." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" +"OBS: om miljövariabeln SSS_NSS_USE_MEMCACHE är satt till ”NO” kommer " +"klientprogram inte använda den snabba cachen i minnet." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1231 +msgid "memcache_size_passwd (integer)" +msgstr "memcache_size_passwd (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1234 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for passwd requests. Setting the size to 0 will disable the passwd in-" +"memory cache." +msgstr "" +"Storlek (i megabyte) på datatabellen som allokeras inuti en snabb i-minnes-" +"cache för lösenordsbegäranden. Att sätta storleken till 0 kommer avaktivera " +"lösenords-cachen i minnet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 +msgid "Default: 8" +msgstr "Standard: 8" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 +msgid "" +"WARNING: Disabled or too small in-memory cache can have significant negative " +"impact on SSSD's performance." +msgstr "" +"VARNING: en avaktiverad eller för liten cache i minnet kan ha signifikant " +"negativ påverkan på SSSD:s prestanda." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1256 +msgid "memcache_size_group (integer)" +msgstr "memcache_size_group (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1259 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for group requests. Setting the size to 0 will disable the group in-memory " +"cache." +msgstr "" +"Storlek (i megabyte) på datatabellen som allokeras inuti en snabb i-minnes-" +"cache för gruppbegäranden. Att sätta storleken till 0 kommer avaktivera " +"grupp-cachen i minnet." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 +#: include/krb5_options.xml:11 +msgid "Default: 6" +msgstr "Standard: 6" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1281 +msgid "memcache_size_initgroups (integer)" +msgstr "memcache_size_initgroups (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1284 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for initgroups requests. Setting the size to 0 will disable the initgroups " +"in-memory cache." +msgstr "" +"Storlek (i megabyte) på datatabellen som allokeras inuti en snabb i-minnes-" +"cache för initgruppbegäranden. Att sätta storleken till 0 kommer avaktivera " +"initgrupp-cachen i minnet." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1306 +msgid "memcache_size_sid (integer)" +msgstr "memcache_size_sid (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1309 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for SID related requests. Only SID-by-ID and ID-by-SID requests are " +"currently cached in fast in-memory cache. Setting the size to 0 will " +"disable the SID in-memory cache." +msgstr "" +"Storlek (i megabyte) på datatabellen som allokeras inuti en snabb i-minnes-" +"cache för SID-realterade begäranden. Endast SID-via-ID- och ID-via-SID-" +"begäranden sparas för närvarande i den snabba cachen i minnet. Att sätta " +"storleken till 0 kommer avaktivera SID-cachen i minnet." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 +msgid "user_attributes (string)" +msgstr "user_attributes (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1336 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" +"Några av de ytterligare NSS-respondentbegäranden kan returnera fler attribut " +"än bara de som definieras av POSIX via NSS-gränssnittet. Listan av attribut " +"styrs av detta alternativ. Det hanteras på samma sätt som alternativet " +"<quote>user_attributes</quote> för InfoPipe-respondenten (se <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> för detaljer) men utan standardvärden." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1349 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" +"För att förenkla konfigurationen kommer NSS-respondenten kontrollera " +"InfoPipe-alternativet om det inte är satt för NSS-respondenten." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1354 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "Standard: inte satt, gå tillbaka till InfoPipe-alternativet" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1359 +msgid "pwfield (string)" +msgstr "pwfield (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1362 +msgid "" +"The value that NSS operations that return users or groups will return for " +"the <quote>password</quote> field." +msgstr "" +"Värdet som NSS-operationer som returnerar användare eller grupper kommer att " +"returnera i fältet <quote>password</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1367 +msgid "Default: <quote>*</quote>" +msgstr "Standard: <quote>*</quote>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1370 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[nss] section." +msgstr "" +"Observera: detta alternativ kan även sättas per domän vilket åsidosätter " +"värdet i [nss]-sektionen." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1374 +#, fuzzy +#| msgid "" +#| "Default: <quote>not set</quote> (remote domains), <quote>x</quote> (the " +#| "files domain), <quote>x</quote> (proxy domain with nss_files and sssd-" +#| "shadowutils target)" +msgid "" +"Default: <quote>not set</quote> (remote domains), <phrase " +"condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" +"phrase> <quote>x</quote> (proxy domain with nss_files and sssd-shadowutils " +"target)" +msgstr "" +"Standard: <quote>inte satt</quote> (fjärrdomäner), eller <quote>x</quote> " +"(fildomänerna), <quote>x</quote> (proxydomän med målet nss_files och sssd-" +"shadowutils)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1386 +msgid "PAM configuration options" +msgstr "PAM-konfigurationsalternativ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1388 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" +"Dessa alternativ kan användas för att konfigurera tjänsten Pluggable " +"Authentication Module (PAM)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1393 +msgid "offline_credentials_expiration (integer)" +msgstr "offline_credentials_expiration (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1396 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" +"Om autentiseringsleverantören inte är ansluten, hur länge skall vi tillåta " +"cachade inloggningar (i dagar efter den senaste lyckade uppkopplade " +"inloggningen)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 +msgid "Default: 0 (No limit)" +msgstr "Standard: 0 (ingen gräns)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1407 +msgid "offline_failed_login_attempts (integer)" +msgstr "offline_failed_login_attempts (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1410 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" +"Om autentiseringsleverantören inte är ansluten, hur många misslyckade " +"inloggningsförsök är tillåtna." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1420 +msgid "offline_failed_login_delay (integer)" +msgstr "offline_failed_login_delay (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1423 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" +"Tiden i minuter som måste förflyta efter att offline_failed_login_attempts " +"har nåtts före ett nytt inloggningsförsök är möjligt." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1428 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" +"Om satt till 0 kan inte användaren autentisera om " +"offline_failed_login_attempts har uppnåtts. Endast en lyckad uppkopplad " +"autentisering kan aktivera autentisering utan uppkoppling igen." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 +msgid "Default: 5" +msgstr "Standard: 5" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1440 +msgid "pam_verbosity (integer)" +msgstr "pam_verbosity (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1443 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" +"Styr vilken sorts meddelanden som visas för användaren under autentisering. " +"Ju högre tal desto fler meddelanden visas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1448 +msgid "Currently sssd supports the following values:" +msgstr "För närvarande stödjs följande värden:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1451 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "<emphasis>0</emphasis>: visa inte några meddelanden" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1454 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "<emphasis>1</emphasis>: visa endast viktiga meddelanden" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1458 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "<emphasis>2</emphasis>: visa informationsmeddelanden" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" +"<emphasis>3</emphasis>: visa alla meddelanden och felsökningsinformation" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1465 sssd.8.xml:63 +msgid "Default: 1" +msgstr "Standard: 1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1471 +msgid "pam_response_filter (string)" +msgstr "pam_response_filter (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1474 +msgid "" +"A comma separated list of strings which allows to remove (filter) data sent " +"by the PAM responder to pam_sss PAM module. There are different kind of " +"responses sent to pam_sss e.g. messages displayed to the user or environment " +"variables which should be set by pam_sss." +msgstr "" +"En kommaseparerad lista av strängar som möjliggör att ta bort (filtrera) " +"data skickat av PAM-respondenten till pam_sss-PAM-modulen. Det finns olika " +"sorters svar skickade till pam_sss, t.ex. meddelanden som visas för " +"användaren eller miljövariabler som skall sättas av pam_sss." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1482 +msgid "" +"While messages already can be controlled with the help of the pam_verbosity " +"option this option allows to filter out other kind of responses as well." +msgstr "" +"Medan meddelanden redan kan styras med hjälp av alternativet pam_verbosity " +"gör detta alternativ att man kan filtrera ut andra sorters svar dessutom." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1489 +msgid "ENV" +msgstr "ENV" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1490 +msgid "Do not send any environment variables to any service." +msgstr "Skicka inte några miljövariabler till någon tjänst." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1493 +msgid "ENV:var_name" +msgstr "ENV:varnamn" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1494 +msgid "Do not send environment variable var_name to any service." +msgstr "Skicka inte miljövariabeln varnamn till någon tjänst." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1498 +msgid "ENV:var_name:service" +msgstr "ENV:varnamn:tjänst" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1499 +msgid "Do not send environment variable var_name to service." +msgstr "Skicka inte miljövariabeln varnamn till tjänst." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1487 +msgid "" +"Currently the following filters are supported: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"För närvarande stödjs följande filter: <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1506 +msgid "" +"The list of strings can either be the list of filters which would set this " +"list of filters and overwrite the defaults. Or each element of the list can " +"be prefixed by a '+' or '-' character which would add the filter to the " +"existing default or remove it from the defaults, respectively. Please note " +"that either all list elements must have a '+' or '-' prefix or none. It is " +"considered as an error to mix both styles." +msgstr "" +"Listan av strängar kan antingen vara listan av filter vilka skulle sätta " +"denna lista av filter och åsidosätta standardvärdet. Eller så kan varje " +"element i listan ha ett tecken ”+” eller ”-” som prefix vilket skulle lägga " +"till filtret till det befintliga standardvärdet respektive ta bort det från " +"standardvärdet. Observera att antingen måste alla listelement ha ett ”+” " +"eller ”-” eller inget av dem. Det ses som ett fel att blanda båda sätten." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1517 +msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" +msgstr "Standard: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1520 +msgid "" +"Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" +msgstr "" +"Exempel: -ENV:KRB5CCNAME:sudo-i kommer ta bort det filtret från " +"standardlistan" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1527 +msgid "pam_id_timeout (integer)" +msgstr "pam_id_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1530 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" +"För alla PAM-begäranden när SSSD är uppkopplat kommer SSSD försöka att " +"omedelbart uppdatera cachad identitetsinformation för användaren för att se " +"till att autentisering sker med den senaste informationen." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1536 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" +"En fullständig PAM-konversation kan utföra flera PAM-begäranden såsom " +"hantering av konto och öppning av en session. Detta alternativ styr (på per-" +"klientprogrambasis) hur länge (i sekunder) vi kan cacha " +"identitetsinformationen för att undvika överdrivna rundturer till " +"identitetsleverantören." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1550 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "pam_pwd_expiration_warning (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 +msgid "Display a warning N days before the password expires." +msgstr "Visa en varning N dagar före lösenordet går ut." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1556 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" +"Observera att bakändeservern måste leverera information om utgångstiden för " +"lösenordet. Om denna information saknas kan sssd inte visa någon varning." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" +"Om noll anges tillämpas inte detta filter, d.v.s. om utgångsvarningen " +"mottogs från bakändeserver kommer den automatiskt visas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1567 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" +"Denna inställning kan åsidosättas genom att sätta " +"<emphasis>pwd_expiration_warning</emphasis> för en viss domän." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 +msgid "Default: 0" +msgstr "Standard: 0" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1589 +msgid "pam_trusted_users (string)" +msgstr "pam_trusted_users (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1592 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to run PAM conversations against trusted domains. Users not " +"included in this list can only access domains marked as public with " +"<quote>pam_public_domains</quote>. User names are resolved to UIDs at " +"startup." +msgstr "" +"Anger den kommaseparerade listan av AID-värden eller användarnamn som " +"tillåts köra PAM-konverteringar mot betrodda domäner. Användare som inte är " +"inkluderade i denna lista kan endast komma åt domäner som är markerade som " +"publika med <quote>pam_public_domains</quote>. Användarnamn slås upp till " +"UID vid uppstart." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 +msgid "Default: All users are considered trusted by default" +msgstr "Standard: alla användare betraktas som betrodda som standard" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1606 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" +"Observera att AID 0 alltid tillåts komma åt PAM-respondenten även ifall den " +"inte är i listan pam_trusted_users." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "pam_public_domains (string)" +msgstr "pam_public_domains (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" +"Anger den kommaseparerade listan över domännamn som är åtkomliga även för ej " +"betrodda användare." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1620 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" +"Två speciella värden för alternativet pam_public_domains är definierade:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1624 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" +"all (Ej betrodda användare tillåts komma åt alla domäner i PAM-respondenten.)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1628 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" +"none (Ej betrodda användare tillåts inte att komma åt några domäner i PAM-" +"respondenten.)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 +msgid "Default: none" +msgstr "Standard: none" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1637 +msgid "pam_account_expired_message (string)" +msgstr "pam_account_expired_message (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1640 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" +"Gör att det går att ange ett anpassat utgångsmeddelande som ersätter " +"standardmeddelandet ”åtkomst nekas”." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbosity is set to 3 (show all messages and debug information)." +msgstr "" +"Observera: var medveten om att meddelandet endast skrivs för tjänsten SSH om " +"inte pam_verbosity är satt till 3 (visa alla meddelanden och " +"felsökningsinformation)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1653 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" +"pam_account_expired_message = Kontot är utgånget, kontakta kundtjänsten.\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1662 +msgid "pam_account_locked_message (string)" +msgstr "pam_account_locked_message (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1665 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" +"Gör att det går att ange ett anpassat utlåsningsmeddelande som ersätter " +"standardmeddelandet ”åtkomst nekas”." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1672 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" +"pam_account_locked_message = Kontot är låst, kontakta kundtjänsten.\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1681 +#, fuzzy +#| msgid "pam_cert_auth (bool)" +msgid "pam_passkey_auth (bool)" +msgstr "pam_cert_auth (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 +msgid "Enable passkey device based authentication." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 +msgid "Default: False" +msgstr "Standard: False" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1692 +msgid "passkey_debug_libfido2 (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1695 +msgid "Enable libfido2 library debug messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1703 +msgid "pam_cert_auth (bool)" +msgstr "pam_cert_auth (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1706 +msgid "" +"Enable certificate based Smartcard authentication. Since this requires " +"additional communication with the Smartcard which will delay the " +"authentication process this option is disabled by default." +msgstr "" +"Aktivera certifikatbaserad smartkortsautentisering. Eftersom detta " +"förutsätter ytterligare kommunikation med smartkortet vilket kommer fördröja " +"autentiseringsprocessen är detta alternativ avaktiverat som standard." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1717 +msgid "pam_cert_db_path (string)" +msgstr "pam_cert_db_path (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1720 +msgid "The path to the certificate database." +msgstr "Sökvägen till certifikatdatabasen." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 +msgid "Default:" +msgstr "Standard:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 +msgid "" +"/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " +"certificates in PEM format)" +msgstr "" +"/etc/sssd/pki/sssd_auth_ca_db.pem (sökväg till en fil med betrodda CA-" +"certifikat i PEM-format)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1735 +msgid "pam_cert_verification (string)" +msgstr "pam_cert_verification (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1738 +msgid "" +"With this parameter the PAM certificate verification can be tuned with a " +"comma separated list of options that override the " +"<quote>certificate_verification</quote> value in <quote>[sssd]</quote> " +"section. Supported options are the same of <quote>certificate_verification</" +"quote>." +msgstr "" +"Med denna parameter kan verifieringen av PAM-certifikatet justeras med en " +"kommaseparerad lista av alternativ som åsidosätter värdet på " +"<quote>certificate_verification</quote> i sektionen <quote>[sssd]</quote>. " +"Flaggor som stödjs är samma som för <quote>certificate_verification</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1749 +#, no-wrap +msgid "" +"pam_cert_verification = partial_chain\n" +" " +msgstr "" +"pam_cert_verification = partial_chain\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1753 +msgid "" +"Default: not set, i.e. use default <quote>certificate_verification</quote> " +"option defined in <quote>[sssd]</quote> section." +msgstr "" +"Standard: inte satt, d.v.s. använd standardvärdet " +"<quote>certificate_verification</quote> definierat i sektionen " +"<quote>[sssd]</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1760 +msgid "p11_child_timeout (integer)" +msgstr "p11_child_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1763 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "Hur många sekunder pam_sss kommer vänta på p11_child att avsluta." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1772 +#, fuzzy +#| msgid "p11_child_timeout (integer)" +msgid "passkey_child_timeout (integer)" +msgstr "p11_child_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1775 +#, fuzzy +#| msgid "How many seconds will pam_sss wait for p11_child to finish." +msgid "" +"How many seconds will the PAM responder wait for passkey_child to finish." +msgstr "Hur många sekunder pam_sss kommer vänta på p11_child att avsluta." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1784 +msgid "pam_app_services (string)" +msgstr "pam_app_services (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1787 +msgid "" +"Which PAM services are permitted to contact domains of type " +"<quote>application</quote>" +msgstr "" +"Vilken PAM-tjänster tillåts att kontakta domäner av typen " +"<quote>application</quote>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1796 +msgid "pam_p11_allowed_services (integer)" +msgstr "pam_p11_allowed_services (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1799 +msgid "" +"A comma-separated list of PAM service names for which it will be allowed to " +"use Smartcards." +msgstr "" +"En kommaseparerad lista av PAM-tjänstenamn för vilka det kommer vara " +"tillåtet att använda smarta kort." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1814 +#, no-wrap +msgid "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " +msgstr "" +"pam_p11_allowed_services = +min_pam-tjänst, -login\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1803 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in order " +"to replace a default PAM service name for authentication with Smartcards (e." +"g. <quote>login</quote>) with a custom PAM service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Det är möjligt att lägga till ett annat PAM-tjänstenamn till " +"standarduppsättningen genom att använda <quote>+tjänstenamn</quote> eller " +"att uttryckligen ta bort ett PAM-tjänstenamn från standarduppsättningen " +"genom att använda <quote>-tjänstenamn</quote>. Till exempel, för att byta ut " +"ett standard-PAM-tjänstenamn för autentisering med smarta kort (t.ex. " +"<quote>login</quote>) mot ett anpassat PAM-tjänstenamn (t.ex. <quote>min_pam-" +"tjänst</quote>) skulle man använda följande konfiguration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd-ad.5.xml:869 sssd-ad.5.xml:947 +msgid "Default: the default set of PAM service names includes:" +msgstr "Standard: standarduppsättningen av PAM-tjänstenamn innefattar:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 +msgid "login" +msgstr "login" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 +msgid "su" +msgstr "su" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 +msgid "su-l" +msgstr "su-l" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 +msgid "gdm-smartcard" +msgstr "gdm-smartcard" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 +msgid "gdm-password" +msgstr "gdm-password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 +msgid "kdm" +msgstr "kdm" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 +msgid "sudo" +msgstr "sudo" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 +msgid "sudo-i" +msgstr "sudo-i" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1863 +msgid "gnome-screensaver" +msgstr "gnome-screensaver" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1871 +msgid "p11_wait_for_card_timeout (integer)" +msgstr "p11_wait_for_card_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1874 +msgid "" +"If Smartcard authentication is required how many extra seconds in addition " +"to p11_child_timeout should the PAM responder wait until a Smartcard is " +"inserted." +msgstr "" +"Om smartkortsautentisering krävs hur många extra sekunder utöver " +"p11_child_timeout PAM-respondenten skall vänta på att ett smartkort sätts in." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1885 +msgid "p11_uri (string)" +msgstr "p11_uri (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1888 +msgid "" +"PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " +"selection of devices used for Smartcard authentication. By default SSSD's " +"p11_child will search for a PKCS#11 slot (reader) where the 'removable' " +"flags is set and read the certificates from the inserted token from the " +"first slot found. If multiple readers are connected p11_uri can be used to " +"tell p11_child to use a specific reader." +msgstr "" +"PKCS#11 URI (se RFC-7512 för detaljer) som kan användas för att begränsa " +"urvalet av enheter som används för smartkortsautentisering. Som standard " +"kommer SSSD:s p11_child söka efter ett PKCS#11-fack (läsare) där flaggan " +"”removable” är satt och läsa certifikaten från det insatta elementet från " +"det första facket som hittas. Om flera läsare är anslutna kan p11_uri " +"användas för att säga till p11_child att använda en specifik läsare." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1901 +#, no-wrap +msgid "" +"p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" +" " +msgstr "" +"p11_uri = pkcs11:slot-description=Min%20smartkortsläsare\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1905 +#, no-wrap +msgid "" +"p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +" " +msgstr "" +"p11_uri = pkcs11:library-description=OpenSC%20smartkortsramverk;slot-id=2\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1899 +msgid "" +"Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " +"type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " +"debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' " +"with e.g. the '--list-all' will show PKCS#11 URIs as well." +msgstr "" +"Exempel: <placeholder type=\"programlisting\" id=\"0\"/> eller <placeholder " +"type=\"programlisting\" id=\"1\"/> För att hitta en lämplig URI, kontrollera " +"felsökningsutdata från p11_child. Som ett alternativ kommer GnuTLS-verktyget " +"”p11tool” med t.ex. ”--list-all” visa även PKCS#11 URI:er." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1918 +msgid "pam_initgroups_scheme" +msgstr "pam_initgroups_scheme" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1926 +msgid "always" +msgstr "always" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1927 +msgid "" +"Always do an online lookup, please note that pam_id_timeout still applies" +msgstr "" +"Gör alltid en uppkopplad uppslagning, observera att pam_id_timeout " +"fortfarande gäller" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1931 +msgid "no_session" +msgstr "no_session" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1932 +msgid "" +"Only do an online lookup if there is no active session of the user, i.e. if " +"the user is currently not logged in" +msgstr "" +"Gör bara en uppkopplad uppslagning om det inte finns någon aktiv session för " +"användaren, d.v.s. om användaren inte är inloggad för närvarande" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1937 +msgid "never" +msgstr "never" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1938 +msgid "" +"Never force an online lookup, use the data from the cache as long as they " +"are not expired" +msgstr "" +"Gör aldrig uppkopplade uppslagningar, använd data från cachen så länge de " +"inte har gått ut" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1921 +msgid "" +"The PAM responder can force an online lookup to get the current group " +"memberships of the user trying to log in. This option controls when this " +"should be done and the following values are allowed: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"PAM-respondenten kan framtvinga en uppkopplad uppslagning för att ta fram de " +"aktuella gruppmedlemskapen för användaren som försöker logga in. Denna " +"flagga styr när detta skall göras och följande värden är tillåtna: " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1945 +msgid "Default: no_session" +msgstr "Standard: no_session" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 +msgid "pam_gssapi_services" +msgstr "pam_gssapi_services" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1953 +msgid "" +"Comma separated list of PAM services that are allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" +"Kommaseparerad lista över PAM-tjänster som tillåts att försöka med GSSAPI-" +"autentisering med modulen pam_sss_gss.so." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1958 +msgid "" +"To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." +msgstr "" +"För att avaktivera GSSAPI-autentisering, sätt denna lista till <quote>-</" +"quote> (streck)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[pam] section. It can also be set for trusted domain which overwrites the " +"value in the domain section." +msgstr "" +"Observera: denna flagga kan även sättas per domän vilket skriver över värdet " +"i sektionen [pam]. Det kan också sättas för betrodda domäner vilket skriver " +"över värdet i domänsektionen." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1970 +#, no-wrap +msgid "" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" +"pam_gssapi_services = sudo, sudo-i\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "Exempel: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1974 +msgid "Default: - (GSSAPI authentication is disabled)" +msgstr "Standard: - (GSSAPI-autentisering är avaktiverat)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 +msgid "pam_gssapi_check_upn" +msgstr "pam_gssapi_check_upn" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1982 +msgid "" +"If True, SSSD will require that the Kerberos user principal that " +"successfully authenticated through GSSAPI can be associated with the user " +"who is being authenticated. Authentication will fail if the check fails." +msgstr "" +"Om sant kommer SSSD kräva att det Kerberos användarhuvudmansnamn som lyckats " +"autentisera via GSSAPI kan associeras med användaren som autentiseras. " +"Autentisering kommer misslyckas om kontrollen misslyckas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1989 +msgid "" +"If False, every user that is able to obtained required service ticket will " +"be authenticated." +msgstr "" +"Om falskt kommer varje användare som kan få den begärda biljetten att " +"autentiseras." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 +#: sssd-files.5.xml:145 +msgid "Default: True" +msgstr "Standard: True" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2004 +msgid "pam_gssapi_indicators_map" +msgstr "pam_gssapi_indicators_map" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2007 +msgid "" +"Comma separated list of authentication indicators required to be present in " +"a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" +"Kommaseparerad lista över autentiseringsindikatorer som måste finnas i en " +"Kerberos-biljett för att komma åt en PAM-tjänst som får prova GSSAPI-" +"autentisering med modulen pam_sss_gss.so." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2013 +msgid "" +"Each element of the list can be either an authentication indicator name or a " +"pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " +"service name will be required to access any PAM service configured to be " +"used with <option>pam_gssapi_services</option>. A resulting list of " +"indicators per PAM service is then checked against indicators in the " +"Kerberos ticket during authentication by pam_sss_gss.so. Any indicator from " +"the ticket that matches the resulting list of indicators for the PAM service " +"would grant access. If none of the indicators in the list match, access will " +"be denied. If the resulting list of indicators for the PAM service is empty, " +"the check will not prevent the access." +msgstr "" +"Varje element i listan kan antingen vara ett autentiseringsindikatornamn " +"eller ett par <quote>tjänst:indikator</quote>. Indikatorer som inte har PAM-" +"tjänsten som prefix kommer krävas för att komma åt någon PAM-tjänst alls som " +"är konfigurerad att användas med <option>pam_gssapi_services</option>. En " +"resulterande lista över indikatorer per PAM-tjänst kontrolleras sedan mot " +"indikatorer i Kerberos-biljetten under autentisering via pam_sss_gss.so. Om " +"någon indikator från biljetten matchar den resulterande listan av " +"indikatorer för PAM-tjänsten så ges åtkomst. Om ingen av indikatorerna i " +"listan matchar, kommer åtkomst nekas. Om den resulterande listan av " +"indikatorer för PAM-tjänsten är tom kommer kontrollen inte att förhindra " +"åtkomsten." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"To disable GSSAPI authentication indicator check, set this option to <quote>-" +"</quote> (dash). To disable the check for a specific PAM service, add " +"<quote>service:-</quote>." +msgstr "" +"För att avaktivera indikatorkontrollen med GSSAPI-autentisering, sätt denna " +"flagga till <quote>-</quote> (streck). För att avaktivera kontrollen för en " +"specifik PAM-tjänst, lägg till <quote>tjänst:-</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "" +"Following authentication indicators are supported by IPA Kerberos " +"deployments:" +msgstr "" +"Följande autentiseringsindikatorer stödjs av IPA-Kerberosinstallationer:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"pkinit -- pre-authentication using X.509 certificates -- whether stored in " +"files or on smart cards." +msgstr "" +"pkinit — förautentisering med X.509-certifikat — oavsett om de lagrats i " +"filer eller på smarta kort." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2043 +msgid "" +"hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " +"FAST channel." +msgstr "" +"hardened — SPAKE-förautentisering eller godtycklig förautentisering inslagen " +"i en FAST-kanal." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2046 +msgid "radius -- pre-authentication with the help of a RADIUS server." +msgstr "radius — förautentisering med hjälp av en RADIUS-server." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2049 +msgid "" +"otp -- pre-authentication using integrated two-factor authentication (2FA or " +"one-time password, OTP) in IPA." +msgstr "" +"otp — förautentisering med användning av integrerad tvåfaktorautentisering " +"(2FA eller engångslösenord, OTP) i IPA." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2052 +msgid "idp -- pre-authentication using external identity provider." +msgstr "idp — förautentisering med extern identitetsleverantör." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:2062 +#, no-wrap +msgid "" +"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" +" " +msgstr "" +"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2057 +msgid "" +"Example: to require access to SUDO services only for users which obtained " +"their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " +"set <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Exempel: för att begära åtkomst till SUDO-tjänster endast för användare som " +"fick sina Kerberos-biljetter med förautentisering med ett X.509-certifikat " +"(PKINIT), sätt <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2066 +msgid "Default: not set (use of authentication indicators is not required)" +msgstr "" +"Standard: inte satt (användning av autentiseringsindikatorer krävs inte)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2074 +msgid "SUDO configuration options" +msgstr "SUDO-konfigurationsalternativ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2076 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Dessa alternativ kan användas för att konfigurera tjänsten sudo. De " +"detaljerade instruktionerna för konfiguration av <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"för att fungera med <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> finns i manualsidan <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2093 +msgid "sudo_timed (bool)" +msgstr "sudo_timed (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2096 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" +"Huruvida attributen sudoNotBefore och sudoNotAfter som implementerar " +"tidsberoende sudoers-poster skall evalueras eller inte." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2108 +msgid "sudo_threshold (integer)" +msgstr "sudo_threshold (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2111 +msgid "" +"Maximum number of expired rules that can be refreshed at once. If number of " +"expired rules is below threshold, those rules are refreshed with " +"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a " +"<quote>full refresh</quote> of sudo rules is triggered instead. This " +"threshold number also applies to IPA sudo command and command group searches." +msgstr "" +"Maximalt antal utgångna regler som kan uppdateras på en gång. Om antalet " +"utgångna regler är under gränsen uppdateras dessa regler med mekanismen " +"<quote>regeluppdatering</quote>. Om gränsen överskrids triggas en " +"<quote>fullständig uppdatering</quote> av sudo-regler istället. Detta " +"gränsvärde gäller även IPA-sudo-kommandon och kommandogruppsökningar." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2130 +msgid "AUTOFS configuration options" +msgstr "AUTOFS-konfigurationsalternativ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2132 +msgid "These options can be used to configure the autofs service." +msgstr "Dessa alternativ kan användas för att konfigurera tjänsten autofs." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2136 +msgid "autofs_negative_timeout (integer)" +msgstr "autofs_negative_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2139 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"Anger hur många sekunder autofs-respondenten cachar negativa cacheträffar " +"(det vill säga, frågor om ogiltiga mappningsposter, som sådana som inte " +"finns) innan bakänden tillfrågas igen." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2155 +msgid "SSH configuration options" +msgstr "SSH-konfigurationsalternativ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2157 +msgid "These options can be used to configure the SSH service." +msgstr "Dessa alternativ kan användas för att konfigurera tjänsten SSH." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2161 +msgid "ssh_hash_known_hosts (bool)" +msgstr "ssh_hash_known_hosts (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2164 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" +"Huruvida värdnamn och adresser i den hanterade filen known_hosts skall göras " +"till kontrollsummor eller inte." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2173 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "ssh_known_hosts_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2176 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" +"Hur många sekunder en värd behålls i den hanterade filen known_hosts efter " +"att dess värdnycklar begärdes." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2180 +msgid "Default: 180" +msgstr "Standard: 180" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2185 +msgid "ssh_use_certificate_keys (bool)" +msgstr "ssh_use_certificate_keys (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2188 +msgid "" +"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " +"keys derived from the public key of X.509 certificates stored in the user " +"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details." +msgstr "" +"Om satt till true kommer <command>sss_ssh_authorizedkeys</command> returnera " +"ssh-nycklar härledda från den publika nyckeln i X.509-certifikat även " +"lagrade i användarposten. Se <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>1</" +"manvolnum> </citerefentry> för detaljer." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2203 +msgid "ssh_use_certificate_matching_rules (string)" +msgstr "ssh_use_certificate_matching_rules (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2206 +msgid "" +"By default the ssh responder will use all available certificate matching " +"rules to filter the certificates so that ssh keys are only derived from the " +"matching ones. With this option the used rules can be restricted with a " +"comma separated list of mapping and matching rule names. All other rules " +"will be ignored." +msgstr "" +"Som standard kommer ssh-respondenten använda alla tillgängliga " +"certifikatmatchningsregler för att filtrera certifikaten så att ssh-nycklar " +"bara härleds från de matchande. Med denna flagga kan de använda reglerna " +"begränsas med en kommaseparerad lista av avbildningar och matchande " +"regelnamn. Alla andra regler kommer ignoreras." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2215 +msgid "" +"There are two special key words 'all_rules' and 'no_rules' which will enable " +"all or no rules, respectively. The latter means that no certificates will be " +"filtered out and ssh keys will be generated from all valid certificates." +msgstr "" +"Det finns två speciella nyckelord ”all_rules” och ”no_rules” som kommer " +"aktivera alla respektive inga regler. Det senare betyder att inga certifikat " +"kommer filtreras ut och att ssh-nycklar kommer genereras från alla giltiga " +"certifikat." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2222 +msgid "" +"If no rules are configured using 'all_rules' will enable a default rule " +"which enables all certificates suitable for client authentication. This is " +"the same behavior as for the PAM responder if certificate authentication is " +"enabled." +msgstr "" +"Om inga regler är konfigurerade kommer att använda ”all_rules” aktivera en " +"standardregel som aktiverar alla certifikat som passar " +"klientautentiseringen. Detta är samma beteende som för PAM-respondenten om " +"certifikatautentisering är aktiverat." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2229 +msgid "" +"A non-existing rule name is considered an error. If as a result no rule is " +"selected all certificates will be ignored." +msgstr "" +"Ett namn på en regel som inte finns anses som ett fel. Om som ett resultat " +"ingen regel blir vald kommer alla certifikat ignoreras." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2234 +msgid "" +"Default: not set, equivalent to 'all_rules', all found rules or the default " +"rule are used" +msgstr "" +"Standard: inte satt, likvärdigt med ”all_rules”, alla regler som finns eller " +"standardregeln används" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2240 +msgid "ca_db (string)" +msgstr "ca_db (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2243 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" +"Sökväg till lagring av betrodda CA-certifikat. Alternativet används för att " +"validera användarcertifikat före publika ssh-nycklar härleds från dem." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2263 +msgid "PAC responder configuration options" +msgstr "PAC-respondentskonfigurationsalternativ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2265 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. If " +"the PAC is decoded and evaluated some of the following operations are done:" +msgstr "" +"PAC-respondenten fungerar tillsammans med insticksmodulen för " +"auktoriseringsdata för MIT Kerberos sssd_pac_plugin.so och en " +"underdomänsleverantör. Insticksmodulen skickar PAC-data under en GSSAPI-" +"autentisering till PAC-respondenten. Underdomänsleverantören samlar domän-" +"SID och ID-intervall för domänen klienten går med i och från betrodda " +"domäner från den lokala domänhanteraren. Om PAC:en är avkodad och beräknad " +"kommer några av följande operationer att göras:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2274 +msgid "" +"If the remote user does not exist in the cache, it is created. The UID is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"GID will have the same value as the UID. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" +"Om fjärranvändaren inte finns i cachen skapas den. AID:t avgörs med hjälp av " +"SID:t, betrodda domäner kommer ha UPG:er och GID:t kommer ha samma värde som " +"AID:t. Hemkatalogen är satt baserat på parametern subdomain_homedir. Skalet " +"kommer vara tomt som standard, d.v.s. systemstandarden används, men kan " +"skrivas över med parametern default_shell." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2282 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" +"Om det finns SID:er av grupper från domäner sssd känner till kommer " +"användaren läggas till i dessa grupper." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2288 +msgid "These options can be used to configure the PAC responder." +msgstr "Dessa alternativ kan användas för att konfigurera PAC-respondenten." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 +msgid "allowed_uids (string)" +msgstr "allowed_uids (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2295 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" +"Anger den kommaseparerade listan av AID-värden eller användarnamn som " +"tillåts använda PAC-respondenten. Användarnamn slås upp till AID:er vid " +"uppstart." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2301 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "Standard: 0 (endast root-användaren tillåts komma åt PAC-respondenten)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2305 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" +"Observera att även om AID 0 används som standard kommer det att skrivas över " +"av detta alternativ. Om du fortfarande vill tillåta root-användaren att " +"komma åt PAC-respondenten, vilket man typiskt vill, måste du lägga till även " +"0 i listan av tillåtna AID:er." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2314 +msgid "pac_lifetime (integer)" +msgstr "pac_lifetime (heltal)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2317 +msgid "" +"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " +"data can be used to determine the group memberships of a user." +msgstr "" +"Livslängd på PAC-posterna i sekunder. Så länge som PAC:en är giltig kan PAC-" +"datan användas för att avgöra gruppmedlemskap för en användare." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2327 +msgid "pac_check (string)" +msgstr "pac_check (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2330 +msgid "" +"Apply additional checks on the PAC of the Kerberos ticket which is available " +"in Active Directory and FreeIPA domains, if configured. Please note that " +"Kerberos ticket validation must be enabled to be able to check the PAC, i.e. " +"the krb5_validate option must be set to 'True' which is the default for the " +"IPA and AD provider. If krb5_validate is set to 'False' the PAC checks will " +"be skipped." +msgstr "" +"Använd ytterligare kontroller på PAC:en i Kerberosbiljetten som är " +"tillgängliga i Active Directory och FreeIPA-domäner, om konfigurerat. " +"Observera att validering av Kerberosbiljetten måste aktiveras för att kunna " +"kontrollera PAC:en, d.v.s. alternativet krb5_validate måste vara satt till " +"”True” vilket är standardvärdet för leverantörerna IPA och AD. Om " +"krb5_validate är satt till ”False” kommer PAC-kontrollerna hoppas över." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2344 +msgid "no_check" +msgstr "no_check" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2346 +msgid "" +"The PAC must not be present and even if it is present no additional checks " +"will be done." +msgstr "" +"PAC:en får inte finnas och även om den finns kommer inga ytterligare " +"kontroller att göras." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2352 +msgid "pac_present" +msgstr "pac_present" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2354 +msgid "" +"The PAC must be present in the service ticket which SSSD will request with " +"the help of the user's TGT. If the PAC is not available the authentication " +"will fail." +msgstr "" +"PAC:en måste finnas i tjänstebiljetten som SSSD kommer begära med hjälp av " +"användarens TGT. Om PAC:en inte är tillgänglig kommer autentiseringen att " +"misslyckas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2362 +msgid "check_upn" +msgstr "check_upn" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2364 +msgid "" +"If the PAC is present check if the user principal name (UPN) information is " +"consistent." +msgstr "" +"Om PAC:en finns kontrollera om informationen om användarens huvudmannanamn " +"(UPN) är konsistent." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2370 +msgid "check_upn_allow_missing" +msgstr "check_upn_allow_missing" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2372 +msgid "" +"This option should be used together with 'check_upn' and handles the case " +"where a UPN is set on the server-side but is not read by SSSD. The typical " +"example is a FreeIPA domain where 'ldap_user_principal' is set to a not " +"existing attribute name. This was typically done to work-around issues in " +"the handling of enterprise principals. But this is fixed since quite some " +"time and FreeIPA can handle enterprise principals just fine and there is no " +"need anymore to set 'ldap_user_principal'." +msgstr "" +"Detta alternativ skall användas tillsammans med ”check_upn” och haterar " +"fallet då en UPN är satt på serversidan men inte läses av SSSD. Det typiska " +"exemplet är en FreeIPA-domän där ”ldap_user_principal” är satt till ett " +"attributnamn som inte finns. Detta gjordes typiskt för att gå runt problem i " +"hanteringen av företagshuvudmän. Men detta är rättat sedan ganska lång tid " +"tillbaka och FreeIPA kan hantera företagshuvudmän utan problem och det finns " +"inte längre någon anledning att sätta ”ldap_user_principal”." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2384 +msgid "" +"Currently this option is set by default to avoid regressions in such " +"environments. A log message will be added to the system log and SSSD's debug " +"log in case a UPN is found in the PAC but not in SSSD's cache. To avoid this " +"log message it would be best to evaluate if the 'ldap_user_principal' option " +"can be removed. If this is not possible, removing 'check_upn' will skip the " +"test and avoid the log message." +msgstr "" +"För närvarande är detta alternativ satt som standard för att undvika " +"regressioner i sådana miljöer. Ett loggmeddelande kommer läggas till i " +"systemloggen och SSSD:s felsökningslogg ifall en UPN finns i PAC:en men " +"inte i SSSD:s cache. För att undvika detta loggmeddelande vore det bäst att " +"avgöra om alternativet ”ldap_user_principal” kan tas bort. Om detta inte är " +"möjligt kommer att ta bort ”check_upn” hoppa över testen och undvika " +"loggmeddelandet." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2398 +msgid "upn_dns_info_present" +msgstr "upn_dns_info_present" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2400 +msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." +msgstr "PAC:en måste innehålla bufferten UPN-DNS-INFO, implicerar ”check_upn”." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2405 +msgid "check_upn_dns_info_ex" +msgstr "check_upn_dns_info_ex" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2407 +msgid "" +"If the PAC is present and the extension to the UPN-DNS-INFO buffer is " +"available check if the information in the extension is consistent." +msgstr "" +"Om PAC:en finns och utökningen till bufferten UPN-DNS-INFO är tillgänglig " +"kontrollera om informationen i utökningen är konsistent." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2414 +msgid "upn_dns_info_ex_present" +msgstr "upn_dns_info_ex_present" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2416 +msgid "" +"The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " +"'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." +msgstr "" +"PAC:en måste innehålla utökningen av bufferten UPN-DNS-INFO, implicerar " +"”check_upn_dns_info_ex”, ”upn_dns_info_present” och ”check_upn”." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2340 +msgid "" +"The following options can be used alone or in a comma-separated list: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Följande alternativ kan användas ensamma eller i en kommaseparerad lista: " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2426 +msgid "" +"Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " +"check_upn_dns_info_ex')" +msgstr "" +"Standard: no_check (AD- och IPA-leverantörerna ”check_upn, " +"check_upn_allow_missing, check_upn_dns_info_ex”)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2435 +msgid "Session recording configuration options" +msgstr "Konfigurationsalternativ för inspelning av sessioner" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2437 +msgid "" +"Session recording works in conjunction with <citerefentry> " +"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>, a part of tlog package, to log what users see and type when " +"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-" +"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Inspelning av sessioner fungerar tillsammans med <citerefentry> " +"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>, en del av paketet tlog, för att logga vad användaren ser och " +"skriver när de är inloggade på en textterminal. Se även <citerefentry> " +"<refentrytitle>sssd-session-recording</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2450 +msgid "These options can be used to configure session recording." +msgstr "" +"Dessa alternativ kan användas för att konfigurera inspelning av sessioner." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 +msgid "scope (string)" +msgstr "scope (sträng)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 +msgid "\"none\"" +msgstr "”none”" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 +msgid "No users are recorded." +msgstr "Inga användare spelas in." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 +msgid "\"some\"" +msgstr "”some”" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 +msgid "" +"Users/groups specified by <replaceable>users</replaceable> and " +"<replaceable>groups</replaceable> options are recorded." +msgstr "" +"Användare/grupper angivna i alternativen <replaceable>users</replaceable> " +"och <replaceable>groups</replaceable> spelas in." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 +msgid "\"all\"" +msgstr "”all”" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 +msgid "All users are recorded." +msgstr "Alla användare spelas in." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 +msgid "" +"One of the following strings specifying the scope of session recording: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"En av följande strängar anger utsträckningen för inspelning av sessioner: " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 +msgid "Default: \"none\"" +msgstr "Standard: ”none”" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 +msgid "users (string)" +msgstr "users (sträng)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 +msgid "" +"A comma-separated list of users which should have session recording enabled. " +"Matches user names as returned by NSS. I.e. after the possible space " +"replacement, case changes, etc." +msgstr "" +"En kommaseparerad lista över användare vilka skall ha inspelning av " +"sessioner aktiverat. Matchar användarnamn som de returneras av NSS. D.v.s. " +"efter eventuellt utbyte av mellanslag, ändring av skiftläge, etc." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 +msgid "Default: Empty. Matches no users." +msgstr "Standard: Tomt. Matchar inte några användare." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 +msgid "groups (string)" +msgstr "groups (sträng)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 +msgid "" +"A comma-separated list of groups, members of which should have session " +"recording enabled. Matches group names as returned by NSS. I.e. after the " +"possible space replacement, case changes, etc." +msgstr "" +"En kommaseparerad lista över gruppmedlemmar vilka skall ha inspelning av " +"sessioner aktiverat. Matchar gruppnamn som de returneras av NSS. D.v.s. " +"efter eventuellt utbyte av mellanslag, ändring av skiftläge, etc." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 +#: sssd-session-recording.5.xml:161 +msgid "" +"NOTE: using this option (having it set to anything) has a considerable " +"performance cost, because each uncached request for a user requires " +"retrieving and matching the groups the user is member of." +msgstr "" +"OBSERVERA: att använda detta alternativ (ha det satt till något) har en " +"betydande prestandakostnad, ty varje begäran som inte cachas för en " +"användare måste hämtas och matchas mot grupperna användaren är en medlem i." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 +msgid "Default: Empty. Matches no groups." +msgstr "Standard: Tom. Matchar inga grupper." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 +msgid "exclude_users (string)" +msgstr "exclude_users (sträng)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 +msgid "" +"A comma-separated list of users to be excluded from recording, only " +"applicable with 'scope=all'." +msgstr "" +"En kommaseparerad lista av användare att undanta från inspelning, endast " +"tillämpligt med ”scope=all”." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 +msgid "Default: Empty. No users excluded." +msgstr "Standard: Tomt. Inga användare uteslutna." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 +msgid "exclude_groups (string)" +msgstr "exclude_groups (sträng)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 +msgid "" +"A comma-separated list of groups, members of which should be excluded from " +"recording. Only applicable with 'scope=all'." +msgstr "" +"En kommaseparerad lista av grupper vars medlemmar skall undantas från " +"inspelning. Endast tillämpligt med ”scope=all”." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 +msgid "Default: Empty. No groups excluded." +msgstr "Standard: Tom. Inga grupper uteslutna." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2568 +msgid "DOMAIN SECTIONS" +msgstr "DOMÄNSEKTIONER" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2575 +msgid "enabled" +msgstr "aktiverat" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2578 +msgid "" +"Explicitly enable or disable the domain. If <quote>true</quote>, the domain " +"is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " +"always <quote>disabled</quote>. If this option is not set, the domain is " +"enabled only if it is listed in the domains option in the <quote>[sssd]</" +"quote> section." +msgstr "" +"Aktivera eller avaktivera uttryckligen domänen. Om <quote>true</quote> är " +"domänen alltid <quote>aktiverad</quote>. Om <quote>false</quote> är domänen " +"alltid <quote>avaktiverad</quote>. Om denna flagga inte är satt är domänen " +"aktiverad endast om den är listad i domänflaggan i sektionen <quote>[sssd]</" +"quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2590 +msgid "domain_type (string)" +msgstr "domain_type (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2593 +msgid "" +"Specifies whether the domain is meant to be used by POSIX-aware clients such " +"as the Name Service Switch or by applications that do not need POSIX data to " +"be present or generated. Only objects from POSIX domains are available to " +"the operating system interfaces and utilities." +msgstr "" +"Anger huruvida domänen är avsedd att användas av POSIX-kunniga klienter " +"såsom Name Service Switch eller av program som inte behöver att POSIX-data " +"finns eller genereras. Endast objekt från POSIX-domäner är tillgängliga för " +"operativsystemets gränssnitt och verktyg." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2601 +msgid "" +"Allowed values for this option are <quote>posix</quote> and " +"<quote>application</quote>." +msgstr "" +"Tillåtna värden på detta alternativ är <quote>posix</quote> och " +"<quote>application</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2605 +msgid "" +"POSIX domains are reachable by all services. Application domains are only " +"reachable from the InfoPipe responder (see <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>) and the PAM responder." +msgstr "" +"POSIX-domäner kan nås av alla tjänster. Programdomäner kan endast nås från " +"InfoPipe-respondenten (se <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) och PAM-" +"respondenten." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2613 +msgid "" +"NOTE: The application domains are currently well tested with " +"<quote>id_provider=ldap</quote> only." +msgstr "" +"OBSERVERA: Programdomänerna är för närvarande bara vältestade med " +"<quote>id_provider=ldap</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2617 +msgid "" +"For an easy way to configure a non-POSIX domains, please see the " +"<quote>Application domains</quote> section." +msgstr "" +"För ett lätt sätt att konfigurera en icke-POSIX-DOMÄN, se avsnittet " +"<quote>Programdomäner</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2621 +msgid "Default: posix" +msgstr "Standard: posix" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2627 +msgid "min_id,max_id (integer)" +msgstr "min_id,max_id (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2630 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" +"AID- och GID-gränser för domänen. Om en domän innehåller en post som ligger " +"utanför dessa gränser ignoreras den." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2635 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" +"För användare påverkar detta gränsen för det primära GID:t. Användaren " +"kommer inte returneras till NSS om antingen AID:t eller det primära GID:t " +"ligger utanför intervallet. För icke primära gruppmedlemskap kommer de som " +"ligger i intervallet rapporteras som förväntat." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2642 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" +"Dessa ID-gränser påverkar även när poster sparas till cachen, inte endast " +"när de returneras via namn eller ID." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2646 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "Standard: 1 för min_id, 0 (ingen gräns) för max_id" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2652 +msgid "enumerate (bool)" +msgstr "enumerate (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2655 +msgid "" +"Determines if a domain can be enumerated, that is, whether the domain can " +"list all the users and group it contains. Note that it is not required to " +"enable enumeration in order for secondary groups to be displayed. This " +"parameter can have one of the following values:" +msgstr "" +"Bestämmer om en domän kan räknas upp, det vill säga, huruvida domänen kan " +"lista alla användare och grupper den innehåller. Observera att det inte är " +"nödvändigt att aktivera uppräkning för att sekundära grupper skall visas. " +"Denna parameter kan ha ett av följande värden:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2663 +msgid "TRUE = Users and groups are enumerated" +msgstr "TRUE = Användare och grupper räknas upp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2666 +msgid "FALSE = No enumerations for this domain" +msgstr "FALSE = Inga uppräkningar för denna domän" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 +msgid "Default: FALSE" +msgstr "Standard: FALSE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2672 +msgid "" +"Enumerating a domain requires SSSD to download and store ALL user and group " +"entries from the remote server." +msgstr "" +"Att räkna upp en domän tvingar SSSD att hämta och lagra ALLA användar- och " +"grupposter från fjärrservern." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2677 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed. This can lead to the <quote>sssd_be</" +"quote> process becoming unresponsive or even restarted by the internal " +"watchdog." +msgstr "" +"Obs: att aktivera uppräkning har en måttlig påverkan på prestandan hos SSSD " +"medan uppräkningen pågår. Det kan ta upp till flera minuter efter att SSSD " +"startat upp för att helt fullborda uppräkningar. Under denna tid kommer " +"enskilda begäranden om information att gå direkt till LDAP, fast det kan " +"vara långsamt på grund av den tunga bearbetningen av uppräkningen. Att " +"spara ett stort antal poster i cachen efter att uppräkningen är klar kan " +"också vara CPU-intensivt eftersom medlemskap måste beräknas om. Detta kan " +"leda till att processen <quote>sssd_be</quote> blir oåtkomlig eller till och " +"med startas om av den interna vakthunden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2692 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" +"Medan den första uppräkningen körs kan begäranden om den fullständiga " +"användar- eller grupplistan returnera utan resultat tills den är färdig." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2697 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" +"Vidare, att aktivera uppräkning kan öka tiden som behövs för att upptäcka " +"urkoppling av nätverk, eftersom längre tidsgränser behövs för att " +"säkerställa att uppräkningsuppslagningarna blir klara som de skall. För mer " +"information, se manualsidorna för den specifika id-leverantören som används." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2705 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" +"Av ovan nämnda skäl rekommenderas inte att aktivera uppräkning, särskilt i " +"stora miljöer." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2713 +msgid "subdomain_enumerate (string)" +msgstr "subdomain_enumerate (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2720 +msgid "all" +msgstr "all" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2721 +msgid "All discovered trusted domains will be enumerated" +msgstr "Alla upptäckta betrodda domäner kommer räknas upp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2724 +msgid "none" +msgstr "none" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2725 +msgid "No discovered trusted domains will be enumerated" +msgstr "Inga upptäckta betrodda domäner kommer räknas upp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2716 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" +"Huruvida några av de automatiskt upptäckta betrodda domänerna skall räknas " +"upp. De värden som stödjs är <placeholder type=\"variablelist\" id=\"0\"/> " +"Om så önskas kan en lista med en eller flera domännamn aktivera uppräkning " +"bara för dessa betrodda domäner." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2739 +msgid "entry_cache_timeout (integer)" +msgstr "entry_cache_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2742 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" +"Hur många sekunder nss_sss skall anse poster giltiga före den frågar " +"bakänden igen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2746 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" +"Tidsstämplarna för när cachen går ut lagras som attribut på de enskilda " +"objekten i cachen. Därför har ändringar av tidsgränsen för cachen endast " +"effekt för nyligen tillagda eller utgångna poster. Du skall köra verktyget " +"<citerefentry> <refentrytitle>sss_cache</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> för att tvinga fram en uppdatering av poster som " +"redan har cachats." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2759 +msgid "Default: 5400" +msgstr "Standard: 5400" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2765 +msgid "entry_cache_user_timeout (integer)" +msgstr "entry_cache_user_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2768 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" +"Hur många sekunder nss_sss skall anse användarposter giltiga före den frågar " +"bakänden igen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 +msgid "Default: entry_cache_timeout" +msgstr "Standard: entry_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2778 +msgid "entry_cache_group_timeout (integer)" +msgstr "entry_cache_group_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2781 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" +"Hur många sekunder nss_sss skall anse grupposter giltiga före den frågar " +"bakänden igen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2791 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "entry_cache_netgroup_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2794 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" +"Hur många sekunder nss_sss skall anse nätgruppsposter giltiga före den " +"frågar bakänden igen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2804 +msgid "entry_cache_service_timeout (integer)" +msgstr "entry_cache_service_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2807 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" +"Hur många sekunder nss_sss skall anse tjänsteposter giltiga före den frågar " +"bakänden igen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2817 +msgid "entry_cache_resolver_timeout (integer)" +msgstr "entry_cache_resolver_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2820 +msgid "" +"How many seconds should nss_sss consider hosts and networks entries valid " +"before asking the backend again" +msgstr "" +"Hur många sekunder nss_sss skall anse värd- och nätgruppsposter giltiga före " +"den frågar bakänden igen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2831 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "entry_cache_sudo_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2834 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" +"Hur många sekunder sudo skall anse regler giltiga före den frågar bakänden " +"igen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2844 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "entry_cache_autofs_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2847 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" +"Hur många sekunder tjänsten autofs skall anse automatmonteringskartor " +"giltiga före den frågar bakänden igen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2858 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "entry_cache_ssh_host_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2861 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" +"Hur många sekunder en värds ssh-nyckel behålls efter en uppdatering. D.v.s. " +"hur länge värdnyckeln skall cachas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2872 +msgid "entry_cache_computer_timeout (integer)" +msgstr "entry_cache_computer_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2875 +msgid "" +"How many seconds to keep the local computer entry before asking the backend " +"again" +msgstr "" +"Hur många sekunder som den lokala datorns post sparas före bakänden frågas " +"igen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2885 +msgid "refresh_expired_interval (integer)" +msgstr "refresh_expired_interval (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2888 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" +"Anger hur många sekunder SSSD måste vänta före en uppdateringsuppgift " +"startas i bakgrunden som kommer uppdatera alla utgångna eller nästan " +"utgångna poster." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2893 +msgid "" +"The background refresh will process users, groups and netgroups in the " +"cache. For users who have performed the initgroups (get group membership for " +"user, typically ran at login) operation in the past, both the user entry " +"and the group membership are updated." +msgstr "" +"Bakgrundsuppdateringen kommer behandla användare, grupper och nätgrupper i " +"cachen. För användare som har utfört operationen initgroups (hämta " +"gruppmedlemskap för en användare, normalt kört vid inloggning) tidigare " +"uppdateras både användarposten och gruppmedlemskapet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2901 +msgid "This option is automatically inherited for all trusted domains." +msgstr "Denna flagga ärvs automatiskt för alla betrodda domäner." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2905 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "Du kan överväga att sätta detta värde till ¾ · entry_cache_timeout." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2909 +msgid "" +"Cache entry will be refreshed by background task when 2/3 of cache timeout " +"has already passed. If there are existing cached entries, the background " +"task will refer to their original cache timeout values instead of current " +"configuration value. This may lead to a situation in which background " +"refresh task appears to not be working. This is done by design to improve " +"offline mode operation and reuse of existing valid cache entries. To make " +"this change instant the user may want to manually invalidate existing cache." +msgstr "" +"Cacheposter kommer uppdateras av ett bakgrundsjobb när ⅔ av cachetidsgränsen " +"redan har gått. Om det finns cachade poster kommer bakgrundsjobbet referera " +"till deras urpsprungliga cachetidsgränsvärden istället för det aktuella " +"konfiguartionsvärdet. Detta kan leda till en situation där " +"bakgrundsuppdateringsjobbet förefaller inte fungera. Detta är gjort med " +"avsikt för att förbättra funktionen i frånkopplat läge och återanvändning av " +"giltiga cacheposter. För att göra denna ändring omedelbart kan användaren " +"vilja manuellt invalidera den befintliga cachen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 +#: sssd-ipa.5.xml:270 +msgid "Default: 0 (disabled)" +msgstr "Standard: 0 (avaktiverat)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2928 +msgid "cache_credentials (bool)" +msgstr "cache_credentials (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2942 +msgid "" +"Take a note that while credentials are stored as a salted SHA512 hash, this " +"still potentially poses some security risk in case an attacker manages to " +"get access to a cache file (normally requires privileged access) and to " +"break a password using brute force attack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2956 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "cache_credentials_minimal_first_factor_length (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2959 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" +"Om 2-faktorautentisering (2FA) används och kreditiv skall sparas avgör detta " +"värde den minsta längden den första autentiseringsfaktorn (långvarigt " +"lösenord) måste ha för att sparas som en SHA512-kontrollsumma i cachen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2966 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" +"Detta skall undvika att de korta PIN:arna i ett PIN-baserat 2FA-arrangemang " +"sparas i cachen vilket skulle gjort dem till lätta mål för uttömmande " +"attacker." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2977 +msgid "account_cache_expiration (integer)" +msgstr "account_cache_expiration (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2980 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" +"Antal dagar poster sparas i cachen efter den senaste lyckade inloggningen " +"före de tas bort under en rensning av cachen. 0 betyder behåll för alltid. " +"Värdet på denna parameter måste vara större än eller lika med " +"offline_credentials_expiration." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2987 +msgid "Default: 0 (unlimited)" +msgstr "Standard: 0 (obegränsat)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2992 +msgid "pwd_expiration_warning (integer)" +msgstr "pwd_expiration_warning (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3003 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" +"Observera att bakändeservern måste leverera information om utgångstiden för " +"lösenordet. Om denna information saknas kan sssd inte visa någon varning. " +"Dessutom måste en autentiseringsleverantör ha konfigurerats för bakänden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3010 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "Standard: 7 (Kerberos), 0 (LDAP)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3016 +msgid "id_provider (string)" +msgstr "id_provider (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3019 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" +"Identifikationsleverantören som används för domänen. ID-leverantörer som " +"stödjs är:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3023 +msgid "<quote>proxy</quote>: Support a legacy NSS provider." +msgstr "<quote>proxy</quote>: Stöd en tidigare NSS-leverantör." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3026 +msgid "" +"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" +"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on how to mirror local users and groups into SSSD." +msgstr "" +"<quote>files</quote>: FIL-leverantör. Se <citerefentry> <refentrytitle>sssd-" +"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> för mer " +"information om hur lokala användare och grupper kan speglas in i SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3034 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" +"<quote>ldap</quote>: LDAP-leverantör. Se <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> för mer " +"information om att konfigurera LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +#| "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> for more information on " +#| "configuring FreeIPA." +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." +msgstr "" +"<quote>ipa</quote>: Leverantören FreeIPA och Red Hat Enterprise Identity " +"Management. Se <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> för mer information om att " +"konfigurera FreeIPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" +"<quote>ad</quote>: Active Directory-leverantör. Se <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> för mer information om att konfigurera Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3062 +msgid "use_fully_qualified_names (bool)" +msgstr "use_fully_qualified_names (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3065 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" +"Använd det fullständiga namnet och domänen (formaterat med domänens " +"full_name_format) som användarens inloggningsnamn rapporterat till NSS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3070 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" +"Om satt till TRUE måste alla begäranden till denna domän använda " +"fullständigt kvalificerade namn. Till exempel, om använt i en domän LOKAL " +"som innehåller en användare ”test”, skulle <command>getent passwd test</" +"command> inte hitta användaren medan <command>getent passwd test@LOKAL</" +"command> skulle det." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3078 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" +"OBSERVERA: Detta alternativ har ingen effekt på nätgruppsuppslagningar på " +"grund av deras tendens att innehålla nästade nätgrupper utan kvalificerade " +"namn. För nätgrupper kommer alla domäner sökas igenom när ett okvalificerat " +"namn begärs." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3085 +msgid "" +"Default: FALSE (TRUE for trusted domain/sub-domains or if " +"default_domain_suffix is used)" +msgstr "" +"Standard: FALSE (TRUE för betrodda domäner/underdomäner eller om " +"default_domain_suffix används)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3092 +msgid "ignore_group_members (bool)" +msgstr "ignore_group_members (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3095 +msgid "Do not return group members for group lookups." +msgstr "Returnera inte gruppmedlemmar för gruppuppslagningar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3098 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" +"Om satt till TRUE begärs inte attributet gruppmedlemskap från ldap-servern, " +"och gruppmedlemmar returneras inte vid behandling av gruppuppslagningsanrop, " +"såsom <citerefentry> <refentrytitle>getgrnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> eller <citerefentry> <refentrytitle>getgrgid</" +"refentrytitle> <manvolnum>3</manvolnum> </citerefentry>. Som en effekt " +"skulle <quote>getent group $groupname</quote> returnera den begärda gruppen " +"som om den vore tom." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3116 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" +"Att aktivera detta alternativ kan även göra kontroller av gruppmedlemskap " +"hos åtkomstleverantören väsentligt snabbare, särskilt för grupper som " +"innehåller många medlemmar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 +msgid "" +"This option can be also set per subdomain or inherited via " +"<emphasis>subdomain_inherit</emphasis>." +msgstr "" +"Detta alternativ kan även sättas per underdomän eller ärvt via " +"<emphasis>subdomain_inherit</emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3132 +msgid "auth_provider (string)" +msgstr "auth_provider (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3135 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" +"Autentiseringsleverantören som används för domänen. Leverantörer som stödjs " +"är:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> för inbyggd LDAP-autentisering. Se <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> för mer information om att konfigurera LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3146 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> för Kerberosautentisering. Se <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> för mer information om att konfigurera Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3170 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" +"<quote>proxy</quote> för att skicka vidare autentiseringen till något annat " +"PAM-mål." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3173 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "<quote>none</quote> avaktiverar explicit autentisering." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3176 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" +"Standard: <quote>id_provider</quote> används om det är satt och kan hantera " +"autentiseringsbegäranden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3182 +msgid "access_provider (string)" +msgstr "access_provider (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3185 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" +"Leverantören av åtkomstkontroll för domänen. Det finns två inbyggda " +"åtkomstleverantörer (utöver alla inkluderade i installerade bakändar). " +"Interna specialleverantörer är:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3191 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" +"<quote>permit</quote> tillåt alltid åtkomst. Det är den enda tillåtna " +"åtkomstleverantören för en lokal domän." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3194 +msgid "<quote>deny</quote> always deny access." +msgstr "<quote>deny</quote> neka alltid åtkomst." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3221 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" +"<quote>simple</quote> åtkomstkontroll baserat på åtkomst- eller " +"nekandelistor. Se <citerefentry> <refentrytitle>sssd-simple</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> för mer information om att " +"konfigurera åtkomstmodulen simple." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3228 +msgid "" +"<quote>krb5</quote>: .k5login based access control. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote>: .k5login-baserad åtkomstkontroll. Se <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> för mer information om att konfigurera Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3235 +msgid "<quote>proxy</quote> for relaying access control to another PAM module." +msgstr "" +"<quote>proxy</quote> för att skicka vidare åtkomstkontroll till någon annan " +"PAM-modul." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3238 +msgid "Default: <quote>permit</quote>" +msgstr "Standard: <quote>permit</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3243 +msgid "chpass_provider (string)" +msgstr "chpass_provider (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3246 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" +"Leverantören som skall hantera lösenordsändringar för domänen. Leverantörer " +"av lösenordsändring som stödjs är:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3251 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> för att ändra lösenord lagrade i en LDAP-server. Se " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> för mer information om att konfigurera LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3259 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> för att ändra Kerberoslösenordet. Se <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> för mer information om att konfigurera Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3284 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" +"<quote>proxy</quote> för att skicka vidare lösenordsändringar till något " +"annat PAM-mål." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3288 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "<quote>none</quote> tillåter uttryckligen inte lösenordsändringar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3291 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" +"Standard: <quote>auth_provider</quote> används om det är satt och kan " +"hantera begäranden om ändring av lösenord." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3298 +msgid "sudo_provider (string)" +msgstr "sudo_provider (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3301 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" +"SUDO-leverantören som används för domänen. SUDO-leverantörer som stödjs är:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3305 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> för regler lagrade i LDAP. Se <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> för mer information om att konfigurera LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3313 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" +"<quote>ipa</quote> samma som <quote>ldap</quote> men med " +"standardsinställningar för IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3317 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" +"<quote>ad</quote> samma som <quote>ldap</quote> men med " +"standardsinställningar för AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3321 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "<quote>none</quote> avaktiverar explicit SUDO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "Standard: värdet på <quote>id_provider</quote> används om det är satt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3328 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"De detaljerade instruktionerna för att konfigurera sudo_provider finns i " +"manualsidan <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. Det finns många " +"konfigurationsalternativ som kan användas för att justera beteendet. Se " +"”ldap_sudo_*” i <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3343 +msgid "" +"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " +"background unless the sudo provider is explicitly disabled. Set " +"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related " +"activity in SSSD if you do not want to use sudo with SSSD at all." +msgstr "" +"<emphasis>OBSERVERA:</emphasis> Sudo-regler hämtas periodiskt i bakgrunden " +"om inte sudo-leverantören uttryckligen avaktiverats. Ange " +"<emphasis>sudo_provider = None</emphasis> för att avaktivera all sudo-" +"relaterad aktivitet i SSSD om du inte vill använda sudo med SSSD alls." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3353 +msgid "selinux_provider (string)" +msgstr "selinux_provider (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3356 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" +"Leverantören som skall hantera inläsning av selinux-inställningar. " +"Observera att denna leverantör kommer anropas direkt efter att " +"åtkomstleverantören avslutar. Selinux-leverantörer som stödjs är:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3362 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> för att läsa in selinux-inställningar från en IPA-server. " +"Se <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> för mer information om att konfigurera IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3370 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" +"<quote>none</quote> tillåter uttryckligen inte att hämta selinux-" +"inställningar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3373 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" +"Standard: <quote>id_provider</quote> används om det är satt och kan hantera " +"begäranden om inläsning av selinux." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3379 +msgid "subdomains_provider (string)" +msgstr "subdomains_provider (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3382 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" +"Leverantören som skall hantera hämtandet av underdomäner. Detta värde skall " +"alltid vara samma som id_provider. Underdomänsleverantörer som stödjs är:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3388 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> för att läsa in en lista av underdomäner från en IPA-" +"server. Se <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> för mer information om att " +"konfigurera IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3397 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" +"<quote>ad</quote> för att läsa in en lista av underdomäner från en Active " +"Directory-server. Se <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> för mer information om att " +"konfigurera AD-leverantören." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3406 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "<quote>none</quote> tillåter uttryckligen inte att hämta underdomäner." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3416 +msgid "session_provider (string)" +msgstr "session_provider (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3419 +msgid "" +"The provider which configures and manages user session related tasks. The " +"only user session task currently provided is the integration with Fleet " +"Commander, which works only with IPA. Supported session providers are:" +msgstr "" +"Leverantören som konfigurerar och hanterar uppgifter relaterade till " +"användarsessioner. De enda användarsessionsuppgifter som för närvarande " +"tillhandahålls är integration med Fleet Commander, vilket fungerar endast " +"med IPA. Sessionsleverantörer som stödjs är:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3426 +msgid "<quote>ipa</quote> to allow performing user session related tasks." +msgstr "" +"<quote>ipa</quote> för att utföra uppgifter relaterade till " +"användarsessioner." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3430 +msgid "" +"<quote>none</quote> does not perform any kind of user session related tasks." +msgstr "" +"<quote>none</quote> utför inte någon sorts uppgifter relaterade till " +"användarsessioner." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3434 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can perform " +"session related tasks." +msgstr "" +"Standard: <quote>id_provider</quote> används om det är satt och kan utföra " +"sessionsrelaterade uppgifter." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3438 +msgid "" +"<emphasis>NOTE:</emphasis> In order to have this feature working as expected " +"SSSD must be running as \"root\" and not as the unprivileged user." +msgstr "" +"<emphasis>OBSERVERA:</emphasis> För att denna funktion skall fungera som " +"förväntat måste SSSD köra som ”root” och inte som den oprivilegierade " +"användaren." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3446 +msgid "autofs_provider (string)" +msgstr "autofs_provider (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3449 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" +"Autofs-leverantören som används för domänen. Autofs-leverantörer som stödjs " +"är:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3453 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> för att läsa mappar lagrade i LDAP. Se <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> för mer information om att konfigurera LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3460 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> för att läsa mappar lagrade i en IPA-server. Se " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> för mer information om att konfigurera IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3468 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" +"<quote>ad</quote> för att läsa mappar lagrade i en AD-server. Se " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> för mer information om att konfigurera AD-" +"leverantören." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3477 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "<quote>none</quote> avaktiverar explicit autofs." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3487 +msgid "hostid_provider (string)" +msgstr "hostid_provider (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3490 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" +"Leverantören som används för att hämta värdidentitetsinformation. Värd-id-" +"leverantörer som stödjs är:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3494 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> för att läsa värdidentiteter lagrade i en IPA-server. Se " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> för mer information om att konfigurera IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3502 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "<quote>none</quote> avaktiverar explicit värd-id:n." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3512 +msgid "resolver_provider (string)" +msgstr "resolver_provider (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3515 +msgid "" +"The provider which should handle hosts and networks lookups. Supported " +"resolver providers are:" +msgstr "" +"Leverantören som skall hantera värd- och nätverksuppslagningar. " +"Uppslagsleverantörer som stödjs är:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3519 +msgid "" +"<quote>proxy</quote> to forward lookups to another NSS library. See " +"<quote>proxy_resolver_lib_name</quote>" +msgstr "" +"<quote>proxy</quote> för att vidarebefordra uppslagningar till ett annat NSS-" +"bibliotek. Se <quote>proxy_resolver_lib_name</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3523 +msgid "" +"<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> för att hämta värdar och nätverk lagrade i LDAP. Se " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> för mer information om att konfigurera LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3530 +msgid "" +"<quote>ad</quote> to fetch hosts and networks stored in AD. See " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring the AD " +"provider." +msgstr "" +"<quote>ldap</quote> för att hämta värdar och nätverk lagrade i AD. Se " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> för mer information om att konfigurera AD-" +"leverantören." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3538 +msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." +msgstr "" +"<quote>none</quote> tillåter uttryckligen inte att hämta värdar och nätverk." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3551 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" +"Reguljärt uttryck för denna domän som beskriver hur man skall tolka strängen " +"som innehåller användarnamnet och domänen in i dessa komponenter. Domänen " +"kan matcha antingen domännamnet i SSSD-konfigurationen eller, i fallet med " +"betrodda underdomäner i IPA och Active Directory-domäner, det platta " +"(NetBIOS) namnet på domänen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3560 +#, fuzzy +#| msgid "" +#| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +#| "\\(?P<name>.+$))|((?P<name>.+)@(?P<domain>[^@]+$))|(^(?" +#| "P<name>[^@\\\\]+)$))</quote> which allows three different styles " +#| "for user names:" +msgid "" +"Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" +"[^@]+))$</quote> which allows two different styles for user names:" +msgstr "" +"Standard för leverantörerna AD och IPA: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>.+)@(?P<domain>[^@]+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> vilket tillåter tre olika stilar av " +"användarnamn:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 +msgid "username" +msgstr "användarnamn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 +msgid "username@domain.name" +msgstr "användarnamn@domän.namn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3573 +#, fuzzy +#| msgid "" +#| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +#| "\\(?P<name>.+$))|((?P<name>.+)@(?P<domain>[^@]+$))|(^(?" +#| "P<name>[^@\\\\]+)$))</quote> which allows three different styles " +#| "for user names:" +msgid "" +"Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" +"name>[^@\\\\]+)))$</quote> which allows three different styles for user " +"names:" +msgstr "" +"Standard för leverantörerna AD och IPA: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>.+)@(?P<domain>[^@]+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> vilket tillåter tre olika stilar av " +"användarnamn:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3585 +msgid "domain\\username" +msgstr "domän\\användarnamn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3588 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" +"Medan de första två motsvarar det allmänna standardfallet introduceras den " +"tredje för att tillåta enkel integration av användare från Windows-domäner." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3593 +msgid "" +"The default re_expression uses the <quote>@</quote> character as a separator " +"between the name and the domain. As a result of this setting the default " +"does not accept the <quote>@</quote> character in short names (as it is " +"allowed in Windows group names). If a user wishes to use short names with " +"<quote>@</quote> they must create their own re_expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3645 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "Standard: <quote>%1$s@%2$s</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3651 +msgid "lookup_family_order (string)" +msgstr "lookup_family_order (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3654 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" +"Ger möjligheten att välja föredragen adressfamilj att använda vid DNS-" +"uppslagningar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3658 +msgid "Supported values:" +msgstr "Värden som stödjs:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3661 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" +"ipv4_first: Försök slå upp IPv4-adresser, om det misslyckas, prova IPv6" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3664 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "ipv4_only: Försök endast slå upp värdnamn som IPv4-adresser." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3667 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" +"ipv6_first: Försök slå upp IPv6-adresser, om det misslyckas, prova IPv4" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3670 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "ipv6_only: Försök endast slå upp värdnamn som IPv6-adresser." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3673 +msgid "Default: ipv4_first" +msgstr "Standard: ipv4_first" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3679 +msgid "dns_resolver_server_timeout (integer)" +msgstr "dns_resolver_server_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3682 +msgid "" +"Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " +"server before trying next DNS server." +msgstr "" +"Definierar mängden tid (i millisekunder) SSSD skall försöka att tala med en " +"DNS-server före den provar nästa DNS-server." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3687 +msgid "" +"The AD provider will use this option for the CLDAP ping timeouts as well." +msgstr "" +"AD-leverantören kommer även att använda detta alternativ för CLDAP-" +"pingtidsgränsen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 +msgid "" +"Please see the section <quote>FAILOVER</quote> for more information about " +"the service resolution." +msgstr "" +"Se avsnittet <quote>RESERVER</quote> för mer information om tjänstevalet." + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 +msgid "Default: 1000" +msgstr "Standard: 1000" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3702 +msgid "dns_resolver_op_timeout (integer)" +msgstr "dns_resolver_op_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3705 +msgid "" +"Defines the amount of time (in seconds) to wait to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or DNS discovery." +msgstr "" +"Definierar mängden tid (i sekunder) att vänta på att slå upp en viss DNS-" +"fråga (t.ex. uppslagning av ett värdnamn eller en SRV-post) före den provar " +"nästa värdnamn eller DNS-upptäckt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3722 +msgid "dns_resolver_timeout (integer)" +msgstr "dns_resolver_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3725 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the " +"internal fail over service before assuming that the service is unreachable. " +"If this timeout is reached, the domain will continue to operate in offline " +"mode." +msgstr "" +"Definierar tiden (i sekunder) att vänta på ett svar från den interna " +"reservtjänsten före man antar att tjänsten inte kan nås. Om denna tidsgräns " +"nås kommer domänen fortsätta att fungera i frånkopplat läge." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3743 +msgid "dns_resolver_use_search_list (bool)" +msgstr "dns_resolver_use_search_list (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3746 +msgid "" +"Normally, the DNS resolver searches the domain list defined in the " +"\"search\" directive from the resolv.conf file. This can lead to delays in " +"environments with improperly configured DNS." +msgstr "" +"Normalt söker DNS-uppslagaren domänlistan som är definierad i direktivet " +"”search” från filen resolv.conf. Detta kan leda till fördröjningar i miljöer " +"med felaktigt konfigurerad DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3752 +msgid "" +"If fully qualified domain names (or _srv_) are used in the SSSD " +"configuration, setting this option to FALSE can prevent unnecessary DNS " +"lookups in such environments." +msgstr "" +"Om fullständigt kvalificerade domännamn (eller _srv_) används i SSSD-" +"konfigurationen kan att sätta detta alternativ till FALSE förhindra onödiga " +"DNS-uppslagningar i sådana miljöer." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3758 +msgid "Default: TRUE" +msgstr "Standard: TRUE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3764 +msgid "dns_discovery_domain (string)" +msgstr "dns_discovery_domain (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3767 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" +"Om tjänsteupptäckt används i bakänden anger domändelen av tjänstens DNS-" +"fråga om tjänsteupptäckt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3771 +msgid "Default: Use the domain part of machine's hostname" +msgstr "Standard: använd domändelen av maskinens värdnamn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3777 +msgid "override_gid (integer)" +msgstr "override_gid (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3780 +msgid "Override the primary GID value with the one specified." +msgstr "Ersätt det primära GID-värdet med det angivna." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3786 +msgid "case_sensitive (string)" +msgstr "case_sensitive (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3793 +msgid "True" +msgstr "True" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3796 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "Skiftlägeskänsligt. Detta värde är inte giltigt för AD-leverantörer." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3802 +msgid "False" +msgstr "False" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3804 +msgid "Case insensitive." +msgstr "Skiftlägesokänsligt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3808 +msgid "Preserving" +msgstr "Preserving" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3811 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" +"Samma som False (skiftlägesokänsligt), men skiftar inte ner namn i " +"resultaten från NSS-operationer. Observera att namnalias (och i fallet med " +"tjänster även protokollnamn) fortfarande skiftas ner i utdata." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3819 +msgid "" +"If you want to set this value for trusted domain with IPA provider, you need " +"to set it on both the client and SSSD on the server." +msgstr "" +"Om du vill sätta detta värde för en betrodd domän med IPA-leverantör behöver " +"du sätta det på både klienten och SSSD på servern." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3789 +msgid "" +"Treat user and group names as case sensitive. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Behandla användar- och gruppnamn som skiftlägeskänsliga. De tillgängliga " +"värdena på alternativen är: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3834 +msgid "Default: True (False for AD provider)" +msgstr "Standard: True (False för AD-leverantören)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3840 +msgid "subdomain_inherit (string)" +msgstr "subdomain_inherit (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3843 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" +"Anger en lista av konfigurationsparametrar som skall ärvas av underdomänen. " +"Observera att endast valda parametrar kan ärvas. För närvarande kan " +"följande alternativ ärvas:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3849 +msgid "ldap_search_timeout" +msgstr "ldap_search_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3852 +msgid "ldap_network_timeout" +msgstr "ldap_network_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3855 +msgid "ldap_opt_timeout" +msgstr "ldap_opt_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3858 +msgid "ldap_offline_timeout" +msgstr "ldap_offline_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3861 +msgid "ldap_enumeration_refresh_timeout" +msgstr "ldap_enumeration_refresh_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3864 +msgid "ldap_enumeration_refresh_offset" +msgstr "ldap_enumeration_refresh_offset" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3867 +msgid "ldap_purge_cache_timeout" +msgstr "ldap_purge_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3870 +msgid "ldap_purge_cache_offset" +msgstr "ldap_purge_cache_offset" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3873 +msgid "" +"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " +"is not set explicitly)" +msgstr "" +"ldap_krb5_keytab (värdet på krb5_keytab kommer användas om inte " +"ldap_krb5_keytab sätts särskilt)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3877 +msgid "ldap_krb5_ticket_lifetime" +msgstr "ldap_krb5_ticket_lifetime" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3880 +msgid "ldap_enumeration_search_timeout" +msgstr "ldap_enumeration_search_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3883 +msgid "ldap_connection_expire_timeout" +msgstr "ldap_connection_expire_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3886 +msgid "ldap_connection_expire_offset" +msgstr "ldap_connection_expire_offset" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3889 +msgid "ldap_connection_idle_timeout" +msgstr "ldap_connection_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 +msgid "ldap_use_tokengroups" +msgstr "ldap_use_tokengroups" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3895 +msgid "ldap_user_principal" +msgstr "ldap_user_principal" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3898 +msgid "ignore_group_members" +msgstr "ignore_group_members" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3901 +msgid "auto_private_groups" +msgstr "auto_private_groups" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3904 +msgid "case_sensitive" +msgstr "case_sensitive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:3909 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3916 +msgid "Note: This option only works with the IPA and AD provider." +msgstr "" +"Observera: detta alternativ fungerar endast med leverantörerna IPA och AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3923 +msgid "subdomain_homedir (string)" +msgstr "subdomain_homedir (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3934 +msgid "%F" +msgstr "%F" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3935 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "platt (NetBIOS) namn på en underdomän." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3926 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Använd denna hemkatalog som standardvärde för alla underdomäner inom denna " +"domän i IPA AD-förtroende. Se <emphasis>override_homedir</emphasis> för " +"information om möjliga värden. Utöver dessa kan expansionen nedan endast " +"användas med <emphasis>subdomain_homedir</emphasis>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3940 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" +"Värdet kan åsidosättas av alternativet <emphasis>override_homedir</emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3944 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "Standard: <filename>/home/%d/%u</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3949 +msgid "realmd_tags (string)" +msgstr "realmd_tags (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3952 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" +"Diverse taggar lagrade av realmd-konfigurationstjänsten för denna domän." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3958 +msgid "cached_auth_timeout (int)" +msgstr "cached_auth_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3961 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode. If the credentials are incorrect, SSSD falls back to online " +"authentication." +msgstr "" +"Anger tiden i sekunder sedan senaste lyckade uppkopplade autentisering under " +"vilka användaren kommer autentiseras med cachade kreditiv medan SSSD är i " +"uppkopplat läge. Om kreditiven är felaktiga faller SSSD tillbaka till " +"uppkopplad autentisering." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3969 +msgid "" +"This option's value is inherited by all trusted domains. At the moment it is " +"not possible to set a different value per trusted domain." +msgstr "" +"Detta alternativs värde ärvs av alla betrodda domäner. För närvarande är det " +"inte möjligt att ange olika värden för varje betrodd domän." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3974 +msgid "Special value 0 implies that this feature is disabled." +msgstr "Specialvärdet 0 betyder att denna funktion är avaktiverad." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3978 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" +"Observera att om <quote>cached_auth_timeout</quote> är längre än " +"<quote>pam_id_timeout</quote> kan bakänden anropas för att hantera " +"<quote>initgroups.</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "" +#| "The following example creates a container named 'mycontainer': " +#| "<placeholder type=\"programlisting\" id=\"0\"/>" +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Följande exempel skapar en behållare som heter ”minbehållare”:<placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: mail" +msgid "Default: match" +msgstr "Standard: mail" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 +msgid "auto_private_groups (string)" +msgstr "auto_private_groups (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4050 +msgid "true" +msgstr "true" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4053 +msgid "" +"Create user's private group unconditionally from user's UID number. The GID " +"number is ignored in this case." +msgstr "" +"Skapa användares privata grupp ovillkorligt från användarens AID-nummer. " +"GID-numret ignoreras i detta läge." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4057 +msgid "" +"NOTE: Because the GID number and the user private group are inferred from " +"the UID number, it is not supported to have multiple entries with the same " +"UID or GID number with this option. In other words, enabling this option " +"enforces uniqueness across the ID space." +msgstr "" +"OBSERVERA: Eftersom GID-numret och användarens privata grupp härleds från " +"AID-numret stödjs det inte att ha flera poster med samma AID- eller GID-" +"nummer med detta alternativ. Med andra ord, att aktivera detta alternativ " +"framtvingar unika nummer över hela ID-rymden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4066 +msgid "false" +msgstr "false" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4069 +msgid "" +"Always use the user's primary GID number. The GID number must refer to a " +"group object in the LDAP database." +msgstr "" +"Använd alltid användarens primära GID-nummer. GID-numret måste referera till " +"ett gruppobjekt i LDAP-databasen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4075 +msgid "hybrid" +msgstr "hybrid" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4078 +msgid "" +"A primary group is autogenerated for user entries whose UID and GID numbers " +"have the same value and at the same time the GID number does not correspond " +"to a real group object in LDAP. If the values are the same, but the primary " +"GID in the user entry is also used by a group object, the primary GID of the " +"user resolves to that group object." +msgstr "" +"En primär grupp autogenereras för användarposter vars AID- och GID-nummer " +"har samma värde och GID-numret på samma gång inte motsvarar ett verkligt " +"gruppobjekt i LDAP. Om värdena är samma, men det primära GID:t i " +"användarposten även används av ett gruppobjekt slås användarens primära GID " +"upp till det gruppobjektet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4091 +msgid "" +"If the UID and GID of a user are different, then the GID must correspond to " +"a group entry, otherwise the GID is simply not resolvable." +msgstr "" +"Om användarens AID och GID är olika måste GID:t motsvara en gruppost, annars " +"kan GID:t helt enkelt inte slås upp." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4098 +msgid "" +"This feature is useful for environments that wish to stop maintaining a " +"separate group objects for the user private groups, but also wish to retain " +"the existing user private groups." +msgstr "" +"Denna funktion är användbar i miljöer som vill sluta underhålla separata " +"gruppobjekt för användares privata grupper, men även vill behålla de " +"befintliga användarnas privata grupper." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4047 +msgid "" +"This option takes any of three available values: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Detta alternativ tar något av tre tillgängliga värden: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4110 +msgid "" +"For subdomains, the default value is False for subdomains that use assigned " +"POSIX IDs and True for subdomains that use automatic ID-mapping." +msgstr "" +"För underdomäner är standardvärdet False för underdomäner som använder " +"tilldelade POSIX ID:n och True för underdomäner som använder automatisk ID-" +"översättning." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4118 +#, no-wrap +msgid "" +"[domain/forest.domain/sub.domain]\n" +"auto_private_groups = false\n" +msgstr "" +"[domain/forest.domain/sub.domain]\n" +"auto_private_groups = false\n" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4124 +#, no-wrap +msgid "" +"[domain/forest.domain]\n" +"subdomain_inherit = auto_private_groups\n" +"auto_private_groups = false\n" +msgstr "" +"[domain/forest.domain]\n" +"subdomain_inherit = auto_private_groups\n" +"auto_private_groups = false\n" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4115 +msgid "" +"The value of auto_private_groups can either be set per subdomains in a " +"subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " +"globally for all subdomains in the main domain section using the " +"subdomain_inherit option: <placeholder type=\"programlisting\" id=\"1\"/>" +msgstr "" +"Värdet på auto_private_groups kan antingen anges per underdomän i en " +"undersektion, till exempel: <placeholder type=\"programlisting\" id=\"0\"/> " +"eller globalt för alla underdomäner i huvuddomänavsnittet genom att använda " +"alternativet subdomain_inherit: <placeholder type=\"programlisting\" " +"id=\"1\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2570 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Dessa konfigurationsalternativ kan finnas i en domänkonfigurationssektion, " +"det vill säga en sektion som heter <quote>[domain/<replaceable>NAMN</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4139 +msgid "proxy_pam_target (string)" +msgstr "proxy_pam_target (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4142 +msgid "The proxy target PAM proxies to." +msgstr "Proxymålet PAM är en proxy för." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4145 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." +msgstr "" +"Standard: inte satt som standard, du måste ta en befintlig pam-konfiguration " +"eller skapa en ny och lägga till tjänstenamnet här." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4155 +msgid "proxy_lib_name (string)" +msgstr "proxy_lib_name (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4158 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" +"Namnet på NSS-biblioteket att använda i proxy-domäner. NSS-funktioner som " +"letas efter i biblioteket har formen _nss_$(libName)_$(function), till " +"exempel _nss_files_getpwent." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4168 +msgid "proxy_resolver_lib_name (string)" +msgstr "proxy_resolver_lib_name (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4171 +msgid "" +"The name of the NSS library to use for hosts and networks lookups in proxy " +"domains. The NSS functions searched for in the library are in the form of " +"_nss_$(libName)_$(function), for example _nss_dns_gethostbyname2_r." +msgstr "" +"Namnet på NSS-biblioteket att använda för uppslagning av värdar och nätverk " +"i proxy-domäner. NSS-funktioner som letas efter i biblioteket har formen " +"_nss_$(libName)_$(function), till exempel _nss_dns_gethostbyname2_r." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4182 +msgid "proxy_fast_alias (boolean)" +msgstr "proxy_fast_alias (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4185 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" +"När en användare eller grupp slås upp efter namn i proxy-leverantören görs " +"en andra uppslagning efter ID för att \"kanonisera\" namnet i händelse det " +"begärda namnet var ett alias. Att sätta detta alternativ till sant skulle få " +"SSSD att utföra ID-uppslagningen från cachen av prestandaskäl." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4199 +msgid "proxy_max_children (integer)" +msgstr "proxy_max_children (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4202 +msgid "" +"This option specifies the number of pre-forked proxy children. It is useful " +"for high-load SSSD environments where sssd may run out of available child " +"slots, which would cause some issues due to the requests being queued." +msgstr "" +"Detta alternativ anger antalet i förhand avgrenade proxy-barn. Det är " +"användbart för SSSD-miljöer med hög last där sssd kan få slut på " +"tillgängliga barnfack, vilket skulle orsaka problem på grund av att " +"begäranden skulle köas upp." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4135 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"Giltiga alternativ för proxy-domäner. <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:4218 +msgid "Application domains" +msgstr "Programdomäner" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4220 +msgid "" +"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " +"applications as a gateway to an LDAP directory where users and groups are " +"stored. However, contrary to the traditional SSSD deployment where all users " +"and groups either have POSIX attributes or those attributes can be inferred " +"from the Windows SIDs, in many cases the users and groups in the application " +"support scenario have no POSIX attributes. Instead of setting a " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the " +"administrator can set up an <quote>[application/<replaceable>NAME</" +"replaceable>]</quote> section that internally represents a domain with type " +"<quote>application</quote> optionally inherits settings from a tradition " +"SSSD domain." +msgstr "" +"SSSD, med sitt D-Bus-gränssnitt (se <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) är tilltalande för " +"program som en portgång till en LDAP-katalog där användare och grupper " +"lagras. Dock, tvärtemot den traditionella SSSD-installationen där alla " +"användare och grupper antingen har POSIX-attribut eller så kan dessa " +"attribut härledas Windows-SID:arna, har i många fall användarna och " +"grupperna i programstödsscenariot inga POSIX-attribut. Istället för att " +"göra en sektion <quote>[domain/<replaceable>NAMN</replaceable>]</quote> kan " +"administratören skapa en sektion <quote>[application/<replaceable>NAMN</" +"replaceable>]</quote> som internt representerar en domän med typen " +"<quote>application</quote> och eventuellt ärver inställningar från en " +"traditionell SSSD-domän." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4240 +msgid "" +"Please note that the application domain must still be explicitly enabled in " +"the <quote>domains</quote> parameter so that the lookup order between the " +"application domain and its POSIX sibling domain is set correctly." +msgstr "" +"Observera att programdomänen fortfarande uttryckligen måste aktiveras i " +"parametern <quote>domains</quote> så att uppslagningsordningen mellan " +"programdomänen och dess POSIX-syskondomän sätts korrekt." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:4246 +msgid "Application domain parameters" +msgstr "Programdomänparametrar" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4248 +msgid "inherit_from (string)" +msgstr "inherit_from (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4251 +msgid "" +"The SSSD POSIX-type domain the application domain inherits all settings " +"from. The application domain can moreover add its own settings to the " +"application settings that augment or override the <quote>sibling</quote> " +"domain settings." +msgstr "" +"Den SSSD-domän av POSIX-typ som programdomänen ärver alla inställningar " +"ifrån. Programdomänen kan dessutom lägga till sina egna inställningar till " +"programinställningarna som kompletterar eller åsidosätter <quote>syskon</" +"quote>domänens inställningar." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4265 +msgid "" +"The following example illustrates the use of an application domain. In this " +"setup, the POSIX domain is connected to an LDAP server and is used by the OS " +"through the NSS responder. In addition, the application domain also requests " +"the telephoneNumber attribute, stores it as the phone attribute in the cache " +"and makes the phone attribute reachable through the D-Bus interface." +msgstr "" +"Följande exempel illustrerar användningen av en programdomän. I denna " +"uppsättning är POSIX-domänen kopplad till en LDAP-server och används av OS:" +"et via NSS-respondenten. Dessutom begär programdomänen attributet " +"telephoneNumber, lagrar det som attributet telefon i cachen och gör " +"attributet telefon nåbart via D-Bus-gränssnittet." + +#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> +#: sssd.conf.5.xml:4273 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = appdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +phone\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/appdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = phone:telephoneNumber\n" +msgstr "" +"[sssd]\n" +"domains = progdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +telefon\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/progdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = telefon:telephoneNumber\n" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4293 +msgid "TRUSTED DOMAIN SECTION" +msgstr "SEKTIONEN BETRODDA DOMÄNER" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4295 +msgid "" +"Some options used in the domain section can also be used in the trusted " +"domain section, that is, in a section called <quote>[domain/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</" +"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base " +"domain. Please refer to examples below for explanation. Currently supported " +"options in the trusted domain section are:" +msgstr "" +"Några alternativ som används i domänsektionen kan även användas i sektionen " +"för betrodda domäner, det vill säga, i en sektion som heter <quote>[domain/" +"<replaceable>DOMÄNNAMN</replaceable>/<replaceable>NAMN_PÅ_BETRODD_DOMÄN</" +"replaceable>]</quote>. Där DOMÄNNAMN är den aktuella basdomänen som " +"anslutits till. Se exempel nedan för förklaring. För närvarande stödda " +"alternativ i sektionen för betrodda domäner är:" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4302 +msgid "ldap_search_base," +msgstr "ldap_search_base," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4303 +msgid "ldap_user_search_base," +msgstr "ldap_user_search_base," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4304 +msgid "ldap_group_search_base," +msgstr "ldap_group_search_base," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4305 +msgid "ldap_netgroup_search_base," +msgstr "ldap_netgroup_search_base," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4306 +msgid "ldap_service_search_base," +msgstr "ldap_service_search_base," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4307 +msgid "ldap_sasl_mech," +msgstr "ldap_sasl_mech," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4308 +msgid "ad_server," +msgstr "ad_server," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4309 +msgid "ad_backup_server," +msgstr "ad_backup_server," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4310 +msgid "ad_site," +msgstr "ad_site," + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 +msgid "use_fully_qualified_names" +msgstr "use_fully_qualified_names" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4315 +msgid "" +"For more details about these options see their individual description in the " +"manual page." +msgstr "" +"För fler detaljer om dessa alternativ se deras individuella beskrivningar i " +"manualsidan." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4321 +msgid "CERTIFICATE MAPPING SECTION" +msgstr "CERTIFIKATSMAPPNINGSSEKTION" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4323 +msgid "" +"To allow authentication with Smartcards and certificates SSSD must be able " +"to map certificates to users. This can be done by adding the full " +"certificate to the LDAP object of the user or to a local override. While " +"using the full certificate is required to use the Smartcard authentication " +"feature of SSH (see <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> for details) it " +"might be cumbersome or not even possible to do this for the general case " +"where local services use PAM for authentication." +msgstr "" +"För att tillåta autentisering med smartkort och certifikat måste SSSD kunna " +"översätta certifikat till användare. Detta kan göras genom att lägga till " +"det fullständiga certifikatet till användarens LDAP-objekt eller till en " +"lokal ersättning. Medan det krävs att man använder det fullständiga " +"certifikatet för att använda funktionen smartkortsautentisering i SSH (se " +"<citerefentry> <refentrytitle>sss_ssh_authorizedkeys</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> för detaljer) kan det vara " +"besvärligt eller kanske inte ens möjligt att använda detta i det allmänna " +"fallet när lokala tjänster använder PAM för autentisering." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4337 +msgid "" +"To make the mapping more flexible mapping and matching rules were added to " +"SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for details)." +msgstr "" +"För att göra översättningen mer flexibel lades översättnings- och " +"matchningsregler till till SSSD (se <citerefentry> <refentrytitle>sss-" +"certmap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> för " +"detaljer)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4346 +msgid "" +"A mapping and matching rule can be added to the SSSD configuration in a " +"section on its own with a name like <quote>[certmap/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</" +"replaceable>]</quote>. In this section the following options are allowed:" +msgstr "" +"En översättnings- och matchningsregel kan läggas till till SSSD-" +"konfigurationen i en egen sektion för sig själv med ett namn som " +"<quote>[certmap/<replaceable>DOMÄNNAMN</replaceable>/<replaceable>REGELNAMN</" +"replaceable>]</quote>. I denna sektion är följande alternativ tillåtna:" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4353 +msgid "matchrule (string)" +msgstr "matchrule (sträng)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4356 +msgid "" +"Only certificates from the Smartcard which matches this rule will be " +"processed, all others are ignored." +msgstr "" +"Endast certifikat från smartkort som matchar denna regel kommer bearbetas, " +"alla andra ignoreras." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4360 +msgid "" +"Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " +"Extended Key Usage <quote>clientAuth</quote>" +msgstr "" +"Standard: KRB5:<EKU>clientAuth, d.v.s. endast certifikat som har " +"Extended Key Usage <quote>clientAuth</quote>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4367 +msgid "maprule (string)" +msgstr "maprule (sträng)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4370 +msgid "Defines how the user is found for a given certificate." +msgstr "Definierar hur användaren hittas för ett givet certifikat." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4376 +msgid "" +"LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " +"<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." +msgstr "" +"LDAP:(userCertificate;binary={cert!bin}) för LDAP-baserade leverantörer som " +"<quote>ldap</quote>, <quote>AD</quote> eller <quote>ipa</quote>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4382 +msgid "" +"The RULE_NAME for the <quote>files</quote> provider which tries to find a " +"user with the same name." +msgstr "" +"REGELNAMNet för leverantören <quote>files</quote> som försöker hitta en " +"användare med samma namn." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4391 +msgid "domains (string)" +msgstr "domains (sträng)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4394 +msgid "" +"Comma separated list of domain names the rule should be applied. By default " +"a rule is only valid in the domain configured in sssd.conf. If the provider " +"supports subdomains this option can be used to add the rule to subdomains as " +"well." +msgstr "" +"Kommaseparerad lista av domännamn regeln skall användas på. Som standard är " +"endast en regel giltig i domänen där den är konfigurerad i sssd.conf. Om " +"leverantören stödjer underdomäner kan detta alternativ användas för att " +"lägga till regeln till underdomäner också." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4401 +msgid "Default: the configured domain in sssd.conf" +msgstr "Standard: den konfigurerade domänen i sssd.conf" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4406 +msgid "priority (integer)" +msgstr "priority (heltal)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4409 +msgid "" +"Unsigned integer value defining the priority of the rule. The higher the " +"number the lower the priority. <quote>0</quote> stands for the highest " +"priority while <quote>4294967295</quote> is the lowest." +msgstr "" +"Teckenlöst heltalsvärde som definierar prioriteten för regeln. Ju högre " +"talet är desto lägre är prioriteten. <quote>0</quote> står för den högsta " +"prioriteten medan <quote>4294967295</quote> är den lägsta." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4415 +msgid "Default: the lowest priority" +msgstr "Standard: den lägsta prioriteten" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4421 +msgid "" +"To make the configuration simple and reduce the amount of configuration " +"options the <quote>files</quote> provider has some special properties:" +msgstr "" +"För att göra konfigurationen enkel och reducera mängden " +"konfigurationsalternativ har leverantören <quote>files</quote> några " +"speciella egenskaper:" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4427 +msgid "" +"if maprule is not set the RULE_NAME name is assumed to be the name of the " +"matching user" +msgstr "" +"om maprule inte är satt antas namnet REGELNAMN vara namnet på den matchande " +"användaren" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4433 +msgid "" +"if a maprule is used both a single user name or a template like " +"<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " +"<quote>(username)</quote> or <quote>({subject_rfc822_name.short_name})</" +"quote>" +msgstr "" +"om en maprule används måste både ett ensamt användarnamn eller en mall som " +"<quote>{subject_rfc822_name.short_name}</quote> vara i krullparenteser som t." +"ex. <quote>(username)</quote> eller <quote>({subject_rfc822_name." +"short_name})</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4442 +msgid "the <quote>domains</quote> option is ignored" +msgstr "alternativet <quote>domains</quote> ignoreras" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4450 +msgid "PROMPTING CONFIGURATION SECTION" +msgstr "SEKTIONEN FÖR FRÅGEKONFIGURATION" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4452 +msgid "" +"If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" +"filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " +"which authentication methods are available for the user trying to log in. " +"Based on the results pam_sss will prompt the user for appropriate " +"credentials." +msgstr "" +"Om en särskild fil (<filename>/var/lib/sss/pubconf/pam_preauth_available</" +"filename>) finns kommer SSSD:s PAM-modul pam_sss be SSSD att ta reda på " +"vilka autentiseringsmetoder som är tillgängliga för användaren som försöker " +"logga in. Baserat på resultatet kommer pam_sss fråga användaren efter " +"tillämpliga kreditiv." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4460 +msgid "" +"With the growing number of authentication methods and the possibility that " +"there are multiple ones for a single user the heuristic used by pam_sss to " +"select the prompting might not be suitable for all use cases. The following " +"options should provide a better flexibility here." +msgstr "" +"Med det växande antalet autentiseringsmetoder och möjligheten att det finns " +"flera olika för en enskild användare kan det hända att heuristiken som " +"används av pam_sss för att välja fråga inte är lämplig för alla " +"användarfall. Följande alternativ bör ge en bättre flexibilitet här." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4472 +msgid "[prompting/password]" +msgstr "[prompting/password]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4475 +msgid "password_prompt" +msgstr "password_prompt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4476 +msgid "to change the string of the password prompt" +msgstr "för att ändra strängen i lösenordsfrågan" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4474 +msgid "" +"to configure password prompting, allowed options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"för att konfigurera lösenordsfråga är de tillåtna alternativen: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4484 +msgid "[prompting/2fa]" +msgstr "[prompting/2fa]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4488 +msgid "first_prompt" +msgstr "first_prompt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4489 +msgid "to change the string of the prompt for the first factor" +msgstr "för att ändra strängen som frågar efter den första faktorn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4492 +msgid "second_prompt" +msgstr "second_prompt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4493 +msgid "to change the string of the prompt for the second factor" +msgstr "för att ändra strängen som frågar efter den andra faktorn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4496 +msgid "single_prompt" +msgstr "single_prompt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4497 +msgid "" +"boolean value, if True there will be only a single prompt using the value of " +"first_prompt where it is expected that both factors are entered as a single " +"string. Please note that both factors have to be entered here, even if the " +"second factor is optional." +msgstr "" +"booleskt värde, om True kommer det bara vara en fråga som använder värdet på " +"first_prompt där det förväntas att båda faktorerna matas in som en enda " +"sträng. Observera att båda faktorerna måste anges här, även om den andra " +"faktorn är frivillig." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4486 +msgid "" +"to configure two-factor authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " +"optional and it should be possible to log in either only with the password " +"or with both factors two-step prompting has to be used." +msgstr "" +"för att konfigurera efterfrågan av tvåfaktorautentisering är de tillåtna " +"flaggorna: <placeholder type=\"variablelist\" id=\"0\"/> Om den andra " +"faktorn är frivillig och det skall vara möjligt att logga in antingen edast " +"med lösenordet eller med båda faktorerna måste tvåstegsförfrågan användas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4514 +#, fuzzy +#| msgid "[prompting/password]" +msgid "[prompting/passkey]" +msgstr "[prompting/password]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 +msgid "interactive" +msgstr "interactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4522 +msgid "" +"boolean value, if True prompt a message and wait before testing the presence " +"of a passkey device. Recommended if your device doesn’t have a tactile " +"trigger." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4530 +#, fuzzy +#| msgid "interactive" +msgid "interactive_prompt" +msgstr "interactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4532 +#, fuzzy +#| msgid "to change the string of the password prompt" +msgid "to change the message of the interactive prompt." +msgstr "för att ändra strängen i lösenordsfrågan" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4537 +msgid "touch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4539 +msgid "" +"boolean value, if True prompt a message to remind the user to touch the " +"device." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4545 +#, fuzzy +#| msgid "first_prompt" +msgid "touch_prompt" +msgstr "first_prompt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4547 +#, fuzzy +#| msgid "to change the string of the password prompt" +msgid "to change the message of the touch prompt." +msgstr "för att ändra strängen i lösenordsfrågan" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4516 +#, fuzzy +#| msgid "" +#| "to configure two-factor authentication prompting, allowed options are: " +#| "<placeholder type=\"variablelist\" id=\"0\"/>" +msgid "" +"to configure passkey authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"för att konfigurera frågor för tvåfaktorautentisering är de tillåtna " +"alternativen: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4467 +#, fuzzy +#| msgid "" +#| "Each supported authentication method has its own configuration subsection " +#| "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " +#| "type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" " +#| "id=\"1\"/>" +msgid "" +"Each supported authentication method has its own configuration subsection " +"under <quote>[prompting/...]</quote>. Currently there are: <placeholder " +"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/" +"> <placeholder type=\"variablelist\" id=\"2\"/>" +msgstr "" +"Varje autentiseringsmetod som stödjs har sin egen konfigurationsundersektion " +"under <quote>[prompting/…]</quote>. För närvarande finns det: <placeholder " +"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/" +">" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4558 +msgid "" +"It is possible to add a subsection for specific PAM services, e.g. " +"<quote>[prompting/password/sshd]</quote> to individual change the prompting " +"for this service." +msgstr "" +"Det är möjligt att lägga till en undersektion för specifika PAM-tjänster som " +"t.ex. <quote>[prompting/password/sshd]</quote> för att ändra frågorna " +"enskilt för denna tjänst." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +msgid "EXAMPLES" +msgstr "EXEMPEL" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4571 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4567 +msgid "" +"1. The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" +"1. Följande exempel visar en typisk SSSD-konfiguration. Den beskriver inte " +"konfigurationen av själva domänerna – se dokumentationen om att konfigurera " +"domäner för fler detaljer. <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4604 +#, no-wrap +msgid "" +"[domain/ipa.com/child.ad.com]\n" +"use_fully_qualified_names = false\n" +msgstr "" +"[domain/ipa.se/barn.ad.se]\n" +"use_fully_qualified_names = false\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4598 +msgid "" +"2. The following example shows configuration of IPA AD trust where the AD " +"forest consists of two domains in a parent-child structure. Suppose IPA " +"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain " +"(child.ad.com). To enable shortnames in the child domain the following " +"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/" +">" +msgstr "" +"2. Följande exempel visar konfigurationen av IPA AD-förtroende i en förälder-" +"barn-struktur. Anta att IPA-domänen (ipa.se) har förtroende för AD-domänen " +"(ad.se). ad.se har en barndomän (barn.ad.se). För att aktivera kortnamn i " +"barndomänen skall följande konfiguration användas. <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4615 +#, fuzzy, no-wrap +#| msgid "" +#| "[certmap/my.domain/rule_name]\n" +#| "matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +#| "maprule = (userCertificate;binary={cert!bin})\n" +#| "domains = my.domain, your.domain\n" +#| "priority = 10\n" +#| "\n" +#| "[certmap/files/myname]\n" +#| "matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$<SUBJECT>^CN=User.Name,DC=MY,DC=DOMAIN$\n" +msgid "" +"[certmap/my.domain/rule_name]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +"maprule = (userCertificate;binary={cert!bin})\n" +"domains = my.domain, your.domain\n" +"priority = 10\n" +msgstr "" +"[certmap/min.domän/rule_name]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MIN,DC=DOMÄN$\n" +"maprule = (userCertificate;binary={cert!bin})\n" +"domains = min.domän, din.domän\n" +"priority = 10\n" +"\n" +"[certmap/files/mittnamn]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MIN,DC=DOMÄN$<SUBJECT>^CN=User.Name,DC=MIN,DC=DOMÄN$\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4609 +#, fuzzy +#| msgid "" +#| "3. The following example shows the configuration for two certificate " +#| "mapping rules. The first is valid for the configured domain <quote>my." +#| "domain</quote> and additionally for the subdomains <quote>your.domain</" +#| "quote> and uses the full certificate in the search filter. The second " +#| "example is valid for the domain <quote>files</quote> where it is assumed " +#| "the files provider is used for this domain and contains a matching rule " +#| "for the local user <quote>myname</quote>. <placeholder " +#| "type=\"programlisting\" id=\"0\"/>" +msgid "" +"3. The following example shows the configuration of a certificate mapping " +"rule. It is valid for the configured domain <quote>my.domain</quote> and " +"additionally for the subdomains <quote>your.domain</quote> and uses the full " +"certificate in the search filter. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" +"3. Följande exempel visar konfigurationen för två " +"certifikatmappningsregler. Den första är giltig för den konfigurerade " +"domänen <quote>min.domän</quote> och dessutom för underdomänerna <quote>din." +"domän</quote> och använder det fullständiga certifikatet i sökfiltret. Det " +"andra exemplet är giltigt för domänen <quote>files</quote> där det antas att " +"files-leverantören används för denna domän och innehåller en matchande regel " +"för den lokala användaren <quote>mittnamn</quote>. <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "sssd-ldap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "SSSD LDAP-leverantör" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:21 pam_sss.8.xml:63 pam_sss_gss.8.xml:30 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21 +#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 +#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sssd-krb5.5.xml:21 +#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 +#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 +#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30 +#: sssd-files.5.xml:21 sssd-session-recording.5.xml:21 sssd-kcm.8.xml:21 +#: sssd-systemtap.5.xml:21 sssd-ldap-attributes.5.xml:21 +#: sssd_krb5_localauth_plugin.8.xml:20 +msgid "DESCRIPTION" +msgstr "BESKRIVNING" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" +"Denna manualsida beskriver konfigurationen av LDAP-domäner för " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Se avsnittet <quote>FILFORMAT</quote> av manualsidan " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> för detaljerad syntaxinformation." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "Du kan konfigurera SSSD för att använda mer än en LDAP-domän." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." +msgstr "" +"LDAP-bakändar stödjer leverantörer av id, autentisering, åtkomst och " +"lösenordsändring. Om du vill autentisera mot en LDAP-server krävs antingen " +"TLS/SSL eller LDAPS. <command>sssd</command> stödjer <emphasis>inte</" +"emphasis> autentisering över en okrypterad kanal. Om LDAP-servern används " +"endast som en identitetsleverantör behövs inte en krypterad kanal. Se " +"konfigurationsalternativet <quote>ldap_access_filter</quote> för mer " +"information om att använda LDAP som en åtkomstleverantör." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 +#: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 +msgid "CONFIGURATION OPTIONS" +msgstr "KONFIGURATIONSALTERNATIV" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:67 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "ldap_uri, ldap_backup_uri (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"Anger en kommaseparerad lista av URI:er till LDAP-servrar till vilka SSSD " +"skall ansluta i prioritetsordning. Se avsnittet <quote>RESERVER</quote> för " +"mer information om reserver och serverredundans. Om ingendera alternativ är " +"angivet kommer tjänsteupptäckt användas. För mer information, se avsnittet " +"<quote>TJÄNSTEUPPTÄCKT</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:77 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "Formatet på URI:n måste stämma med formatet som definieras i RFC 2732:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:80 +msgid "ldap[s]://<host>[:port]" +msgstr "ldap[s]://<värd>[:port]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:83 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" +"För explicita IPv6-adresser måste <host> vara omslutet av " +"hakparenteser []" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:86 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "exempel: ldap://[fc00::126:25]:389" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:92 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" +"Anger en kommaseparerad lista av URI:er till LDAP-servrar till vilka SSSD " +"skall ansluta i prioritetsordning för att ändra lösenordet för en användare. " +"Se avsnittet <quote>RESERVER</quote> för mer information om reserver och " +"serverredundans." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:102 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" +"För att aktivera tjänsteuppslagning måste ldap_chpass_dns_service_name vara " +"satt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:106 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "Standard: tomt, d.v.s. ldap_uri används." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:112 +msgid "ldap_search_base (string)" +msgstr "ldap_search_base (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:115 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "Standard bas-DN att använda för att utföra LDAP-användaroperationer." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" +"Med början med SSSD 1.7.0 stödjer SSSD flera sökbaser genom att använda " +"syntaxen:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:123 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "sökbas[?räckvidd?[filter][?sökbas?räckvidd?[filter]]*]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "Räckvidden kan vara en av ”base”, ”onelevel” eller ”subtree”." + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" +"Filtret måste vara ett korrekt LDAP-sökfilter som specificerat i http://www." +"ietf.org/rfc/rfc2254.txt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 +msgid "Examples:" +msgstr "Exempel:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:136 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" +"ldap_search_base = dc=example,dc=com (vilket är ekvivalent med) " +"ldap_search_base = dc=example,dc=com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:141 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" +"Observera: det stödjs inte att ha flera sökbaser som refererar identiskt " +"namngivna objekt (till exempel, grupper med samma namn i två olika " +"sökbaser). Detta kommer medföra oförutsägbart beteende på klientmaskinerna." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:151 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" +"Standard: om inte satt används värdet från attributet defaultNamingContext " +"eller namingContexts från RootDSE:n hos LDAP-servern. Om " +"defaultNamingContext inte finns eller har ett tomt värde används " +"namingContexts. Attributet namingContexts måste ha ett ensamt värde med DN:" +"n hos sökbasen hos LDAP-servern för att detta skall fungera. Flera värden " +"stödjs inte." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:165 +msgid "ldap_schema (string)" +msgstr "ldap_schema (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" +"Anger schematypen som används på mål-LDAP-servern. Beroende på det valda " +"schemat kan standardattributnamnen som hämtas från servrarna variera. " +"Sättet som en del attribut hanteras kan också skilja." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:175 +msgid "Four schema types are currently supported:" +msgstr "Fyra schematyper stödjs för närvarande:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:179 +msgid "rfc2307" +msgstr "rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:184 +msgid "rfc2307bis" +msgstr "rfc2307bis" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:189 +msgid "IPA" +msgstr "IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:194 +msgid "AD" +msgstr "AD" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:200 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" +"Den huvudsakliga skillnaden mellan dessa schematyper är hur gruppmedlemskap " +"lagras i servern. Med rfc2307 listas gruppmedlemskap med namn i attributet " +"<emphasis>memberUid</emphasis>. Med rfc2307bis och IPA listas " +"gruppmedlemskap av DN och lagras i attributet <emphasis>member</emphasis>. " +"AD-schematypen sätter attributen till att motsvara Active Directory 2008r2-" +"värden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:210 +msgid "Default: rfc2307" +msgstr "Standard: rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:216 +msgid "ldap_pwmodify_mode (string)" +msgstr "ldap_pwmodify_mode (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:219 +msgid "Specify the operation that is used to modify user password." +msgstr "Ange operationen som används för att ändra användarens lösenord." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:223 +msgid "Two modes are currently supported:" +msgstr "Två lägen stödjs för närvarande:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:227 +msgid "exop - Password Modify Extended Operation (RFC 3062)" +msgstr "exop - Password Modify Extended Operation (RFC 3062)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:233 +msgid "ldap_modify - Direct modification of userPassword (not recommended)." +msgstr "ldap_modify - Direkt ändring av userPassword (rekommenderas inte)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:240 +msgid "" +"Note: First, a new connection is established to verify current password by " +"binding as the user that requested password change. If successful, this " +"connection is used to change the password therefore the user must have write " +"access to userPassword attribute." +msgstr "" +"Obs: först etableras en ny förbindelse för att verifiera det aktuella " +"lösenordet genom att binda som användaren som begärde lösenordsändringen. Om " +"det lyckas används denna förbindelse för att ändra lösenordet och därför " +"måste användaren ha skrivrätt på attributet userPassword." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:248 +msgid "Default: exop" +msgstr "Standard: exop" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:254 +msgid "ldap_default_bind_dn (string)" +msgstr "ldap_default_bind_dn (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "Standardbindnings-DN att använda för att utföra LDAP-operationer." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:264 +msgid "ldap_default_authtok_type (string)" +msgstr "ldap_default_authtok_type (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:267 +msgid "The type of the authentication token of the default bind DN." +msgstr "Typen på autentiseringstecknet hos standardbindnings-DN." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:271 +msgid "The two mechanisms currently supported are:" +msgstr "De två mekanismerna som stödjs för närvarande är:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:274 +msgid "password" +msgstr "password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:277 +msgid "obfuscated_password" +msgstr "obfuscated_password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:280 +msgid "Default: password" +msgstr "Standard: password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "" +"See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more information." +msgstr "" +"Se manualsidan <citerefentry> <refentrytitle>sss_obvuscate</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> för mer information." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:294 +msgid "ldap_default_authtok (string)" +msgstr "ldap_default_authtok (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:297 +msgid "The authentication token of the default bind DN." +msgstr "Autentiseringstecknet hos standardbindnings-DN." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:303 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "ldap_force_upper_case_realm (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:306 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" +"Några katalogservrar, till exempel Active Directory, kan leverera delen rike " +"av UPN:en i gemener, vilket kan få autentiseringen att misslyckas. Sätt " +"detta alternativ till ett värde skilt från noll ifall du vill använda ett " +"rike i versaler." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:319 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "ldap_enumeration_refresh_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" +"Anger hur många sekunder SSSD måste vänta före den uppdaterar sin cache av " +"uppräknade poster." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:338 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "ldap_purge_cache_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:341 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" +"Bestäm hur ofta cachen skall kontrolleras för inaktiva poster (såsom grupper " +"utan medlemmar och användare som aldrig har loggat in) och ta bort dem för " +"att spara utrymme." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:347 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" +"Att sätta detta alternativ till noll kommer avaktivera rensningsoperationen " +"för cachen. Observera att om uppräkning är aktiverat krävs rensningsjobbet " +"för att upptäcka poster som tas bort från servern och inte kan avaktiveras. " +"Som standard kör rensningsjobbet var 3:e timma när uppräkning är aktiverat." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:367 +msgid "ldap_group_nesting_level (integer)" +msgstr "ldap_group_nesting_level (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:370 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" +"Om ldap_schema är satt till ett schemaformat som stödjer nästade grupper (t." +"ex. RFC2307bis), då styr detta alternativ hur många nivåer av nästning SSSD " +"kommer följa. Detta alternativ har ingen effekt på schemat RFC2307." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" +"Obs: detta alternativ anger den garanterade nivån av nästade grupper som " +"skall bearbetas för en godtycklig uppslagning. Dock <emphasis>kan</" +"emphasis> nästade grupper utöver denna gräns returneras om tidigare " +"uppslagningar redan har slagit upp de djupare nästningsnivåerna. Följande " +"uppslagningar för andra grupper kan också utöka resultatmängden för den " +"ursprungliga uppslagningen om den slås upp igen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" +"Om ldap_group_nesting_level sätts till 0 bearbetas inga nästade grupper " +"alls. Dock krävs det dessutom att användningen av Token-Groups avaktiveras " +"vid anslutning till Active-Directory Server 2008 och senare vid användning " +"av <quote>id_provider=ad</quote> genom att sätta ldap_use_tokengroups till " +"false för att begränsa gruppnästning." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:395 +msgid "Default: 2" +msgstr "Standard: 2" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:404 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" +"Detta alternativ aktiverar eller avaktiverar användningen av attributet " +"Token-Groups när initgroup utförs för användare från Active Directory Server " +"2008 och senare." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: True for AD and IPA otherwise False." +msgstr "Standard: true för AD och IPA annars false." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_host_search_base (string)" +msgstr "ldap_host_search_base (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "Optional. Use the given string as search base for host objects." +msgstr "Frivillig. Använd den givna strängen som en sökbas för värdobjekt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" +"Se <quote>ldap_search_base</quote> för information om konfiguration av " +"multipla sökbaser." + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "Standard: värdet på <emphasis>ldap_search_base</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:439 +msgid "ldap_service_search_base (string)" +msgstr "ldap_service_search_base (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:444 +msgid "ldap_iphost_search_base (string)" +msgstr "ldap_iphost_search_base (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:449 +msgid "ldap_ipnetwork_search_base (string)" +msgstr "ldap_ipnetwork_search_base (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:454 +msgid "ldap_search_timeout (integer)" +msgstr "ldap_search_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:457 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" +"Anger tiden (i sekunder) som ldap-sökningar tillåts köra före de annulleras " +"och cachade resultat returneras (och går in i frånkopplat läge)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:463 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" +"Obs: detta alternativ kan komma att ändras i framtida versioner av SSSD. Det " +"kommer sannolikt ersättas vid någon tidpunkt med en serie tidsgränser för " +"specifika uppslagningstyper." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:480 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "ldap_enumeration_search_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:483 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" +"Anger tiden (i sekunder) som ldap-sökningar för användar- och " +"gruppuppräkningar tillåts köra före de annulleras och cachade resultat " +"returneras (och går in i frånkopplat läge)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:501 +msgid "ldap_network_timeout (integer)" +msgstr "ldap_network_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" +"Anger tidsgränsen (i sekunder) efter vilken <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> som följer efter en <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returnerar om inget händer." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:532 +msgid "ldap_opt_timeout (integer)" +msgstr "ldap_opt_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:535 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" +"Anger en tid (i sekunder) efter vilken anrop till synkrona LDAP API:er " +"kommer avbrytas om det inte kommer något svar. Styr även tidsgränsen vid " +"kommunikation med KDC:n i fallet SASL-bindningar, tidsgränsen för en LDAP-" +"bindningsoperation, utökad operation för lösenordsändring och StartTLS-" +"operationen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:555 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "ldap_connection_expire_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:558 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" +"Anger en tidsgräns (i sekunder) som en förbindelse med en LDAP-server kommer " +"underhållas. Efter den tiden kommer förbindelsen återetableras. Om den " +"används parallellt med SASL/GSSAPI kommer det tidigare av de två värdena " +"(detta värde eller TGT-livslängden) användas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:566 +msgid "" +"If the connection is idle (not actively running an operation) within " +"<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " +"closed early to ensure that a new query cannot require the connection to " +"remain open past its expiration. This implies that connections will always " +"be closed immediately and will never be reused if " +"<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" +msgstr "" +"Om anslutningen är inaktiv (inte aktivt kör en åtgärd) under " +"<emphasis>ldap_opt_timeout</emphasis> sekunders utgångstid, då kommer den " +"att stängas i förväg för att säkerställa att en ny begäran inte kan kräva " +"att förbindelsen skall hållas öppen utöver dess utgångstid. Detta implicerar " +"att anslutningar alltid kommer stängas omedelbart och aldrig kommer " +"återanvändas om <emphasis>ldap_connection_expire_timoute ≤ ldap_opt_timeout</" +"emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:578 +msgid "" +"This timeout can be extended of a random value specified by " +"<emphasis>ldap_connection_expire_offset</emphasis>" +msgstr "" +"Tidsgränsen kan utökas med ett slumpvärde angivet av " +"<emphasis>ldap_connection_expire_offset</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 +msgid "Default: 900 (15 minutes)" +msgstr "Standard: 900 (15 minuter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_connection_expire_offset (integer)" +msgstr "ldap_connection_expire_offset (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"Random offset between 0 and configured value is added to " +"<emphasis>ldap_connection_expire_timeout</emphasis>." +msgstr "" +"En slumptillägg mellan 0 och ett konfigurerat värde läggs till " +"till<emphasis>ldap_connection_expire_timeout</emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:613 +msgid "ldap_connection_idle_timeout (integer)" +msgstr "ldap_connection_idle_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:616 +msgid "" +"Specifies a timeout (in seconds) that an idle connection to an LDAP server " +"will be maintained. If the connection is idle for more than this time then " +"the connection will be closed." +msgstr "" +"Anger en tidsgräns (i sekunder) som en inaktiv förbindelse med en LDAP-" +"server kommer underhållas. Om anslutningen är inaktiv längre än denna tid " +"kommer förbindelsen att stängas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:622 +msgid "You can disable this timeout by setting the value to 0." +msgstr "Man kan avaktivera denna tidsgräns genom att sätta värdet till 0." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:637 +msgid "ldap_page_size (integer)" +msgstr "ldap_page_size (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:640 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" +"Ange antalet poster som skall hämtas från LDAP i en enskild begäran. Några " +"LDAP-servrar framtvingar en maximal gräns per begäran." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:651 +msgid "ldap_disable_paging (boolean)" +msgstr "ldap_disable_paging (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:654 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" +"Avaktivera flödesstyrningen (paging) av LDAP. Detta alternativ bör användas " +"om LDAP-servern rapporterar att den stödjer LDAP-flödesstyrning i sin " +"RootDSE men det inte är aktiverat eller inte fungerar som det skall." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:660 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" +"Exempel: OpenLDAP-servrar med flödesstyrningsmodulen installerad på servern " +"men inte aktiverad kommer rapportera det i RootDSE:n men inte kunna använda " +"den." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:666 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" +"Exempel: 389 DS har ett fel där den endast kan stödja en flödesstyrning åt " +"gången på en enskild förbindelse. På aktiva klienter kan detta resultera i " +"att några begäranden nekas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:678 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "ldap_disable_range_retrieval (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:681 +msgid "Disable Active Directory range retrieval." +msgstr "Avaktivera Active Directory intervallhämtning." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:684 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" +"Active Directory begränsar antalet medlemmar som kan hämtas i en enskild " +"uppslagning med policyn MaxValRange (vilket som standard är 1500 medlemmar). " +"Om en grupp innehåller fler medlemmar skulle svaret innehålla en AD-specifik " +"intervallutökning. Detta alternativ avaktiverar tolkning av " +"intervallutökningar, därför kommer stora grupper förefalla inte ha några " +"medlemmar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:699 +msgid "ldap_sasl_minssf (integer)" +msgstr "ldap_sasl_minssf (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:702 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" +"Vid kommunikation med en LDAP-server med SASL, ange den minsta " +"säkerhetsnivån som är nödvändig för att etablera förbindelsen. Värdet på " +"detta alternativ är definierat av OpenLDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "Standard: använd systemstandard (vanligen angivet i ldap.conf)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:715 +msgid "ldap_sasl_maxssf (integer)" +msgstr "ldap_sasl_maxssf (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:718 +msgid "" +"When communicating with an LDAP server using SASL, specify the maximal " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" +"Vid kommunikation med en LDAP-server med SASL, ange den masimala " +"säkerhetsnivån som är nödvändig för att etablera förbindelsen. Värdet på " +"detta alternativ är definierat av OpenLDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:731 +msgid "ldap_deref_threshold (integer)" +msgstr "ldap_deref_threshold (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:734 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" +"Ange antalet gruppmedlemmar som måste saknas i den interna cachen för att " +"orsaka en derefereringsuppslagning. Om färre medlemmar saknas slås de upp " +"individuellt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:740 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0. " +"Please note that there are some codepaths in SSSD, like the IPA HBAC " +"provider, that are only implemented using the dereference call, so even with " +"dereference explicitly disabled, those parts will still use dereference if " +"the server supports it and advertises the dereference control in the rootDSE " +"object." +msgstr "" +"Du kan slå av derefereringsuppslagningar helt genom att sätta värdet till 0. " +"Observera att det finns några kodvägar i SSSD, som IPA HBAC-leverantören, " +"som endast är implementerade med derefereringsanropet, så att även med " +"dereferens uttryckligen avaktiverat kommer dessa delar ändå använda " +"dereferenser om servern stödjer det och annonserar derefereringsstyrning i " +"rootDSE-objektet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:751 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" +"En derefereringsuppslagning är ett sätt att hämta alla gruppmedlemmar i ett " +"enda LDAP-anrop. Olika LDAP-servrar kan implementera olika " +"derefereringsmetoder. De servrar som stödjs för närvarande är 389/RHDS, " +"OpenLDAP och Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:759 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" +"<emphasis>Obs:</emphasis> om någon av sökbaserna anger ett sökfilter, då " +"kommer prestandaförbättringen med derefereringsuppslagningar avaktiveras " +"oavsett denna inställning." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:772 +msgid "ldap_ignore_unreadable_references (bool)" +msgstr "ldap_ignore_unreadable_references (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:775 +msgid "" +"Ignore unreadable LDAP entries referenced in group's member attribute. If " +"this parameter is set to false an error will be returned and the operation " +"will fail instead of just ignoring the unreadable entry." +msgstr "" +"Ignorera oläsbara LDAP-poster refererade i gruppens medlemsattribut. Om " +"denna parameter sätts till falskt kommer ett fel returneras och åtgärden " +"misslyckas istället för att den oläsbara posten bara ignoreras." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:782 +msgid "" +"This parameter may be useful when using the AD provider and the computer " +"account that sssd uses to connect to AD does not have access to a particular " +"entry or LDAP sub-tree for security reasons." +msgstr "" +"Denna parameter kan vara användbar när man använder AD-leverantören och " +"datorkontot som sssd använder för att ansluta till AD inte har tillgång till " +"en viss post eller ett visst LDAP-underträd av säkerhetsskäl." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:795 +msgid "ldap_tls_reqcert (string)" +msgstr "ldap_tls_reqcert (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:798 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" +"Anger vilka kontroller som utförs av servercertifikat i en TLS-session, om " +"några. Det kan anges som ett av följande värden:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" +"<emphasis>never</emphasis> = Klienten kommer inte begära eller kontrollera " +"några servercertifikat." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:808 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" +"<emphasis>allow</emphasis> = Servercertifikatet begärs. Om inget certifikat " +"tillhandahålls fortsätter sessionen normalt. Om ett felaktigt certifikat " +"tillhandahålls kommer det ignoreras och sessionen fortsätta normalt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:815 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" +"<emphasis>try</emphasis> = Servercertifikatet begärs. Om inget certifikat " +"tillhandahålls fortsätter sessionen normalt. Om ett felaktigt certifikat " +"tillhandahålls avslutas sessionen omedelbart." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:821 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" +"<emphasis>demand</emphasis> = Servercertifikatet begärs. Om inget certifikat " +"tillhandahålls eller ett felaktigt certifikat tillhandahålls avslutas " +"sessionen omedelbart." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:827 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "<emphasis>hard</emphasis> = Samma som <quote>demand</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:831 +msgid "Default: hard" +msgstr "Standard: hard" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:837 +msgid "ldap_tls_cacert (string)" +msgstr "ldap_tls_cacert (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:840 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" +"Anger filen som innehåller certifikat för alla Certifikatauktoriteterna som " +"<command>sssd</command> kommer godkänna." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" +"Standard: använd standardvärden för OpenLDAP, typiskt i <filename>/etc/" +"openldap/ldap.conf</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:852 +msgid "ldap_tls_cacertdir (string)" +msgstr "ldap_tls_cacertdir (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:855 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" +"Anger sökvägen till en katalog som innehåller certifikat för " +"Certifikatauktoriteter i individuella filer. Typiskt måste filnamnen vara " +"kontrollsummor av certifikaten följda av ”.0”. Om det är tillgängligt kan " +"<command>cacertdir_rehash</command> användas för att skapa de korrekta " +"namnen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:870 +msgid "ldap_tls_cert (string)" +msgstr "ldap_tls_cert (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:873 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "Anger filen som innehåller certifikatet för klientens nyckel." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:883 +msgid "ldap_tls_key (string)" +msgstr "ldap_tls_key (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:886 +msgid "Specifies the file that contains the client's key." +msgstr "Anger filen som innehåller klientens nyckel." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:895 +msgid "ldap_tls_cipher_suite (string)" +msgstr "ldap_tls_cipher_suite (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:898 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" +"Anger acceptabla chiffersviter. Typiskt är detta en kolonseparerad lista. " +"Se <citerefentry><refentrytitle>ldap.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> för formatet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "ldap_id_use_start_tls (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." +msgid "" +"Specifies that the id_provider connection must also use <systemitem " +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." +msgstr "" +"Anger att id-leverantörsförbindelsen också måste använda <systemitem " +"class=\"protocol\">tls</systemitem> för att skydda kanalen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_id_mapping (boolean)" +msgstr "ldap_id_mapping (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" +"Anger att SSSD skall försöka översätta användar- och grupp-ID:n från " +"attributen ldap_user_objectsid och ldap_group_objectsid istället för att " +"förlita sig på ldap_user_uid_number och ldap_group_gid_number." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:934 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" +"För närvarande stödjer denna funktion endast ActiveDirectory objectSID." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:944 +msgid "ldap_min_id, ldap_max_id (integer)" +msgstr "ldap_min_id, ldap_max_id (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:947 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" +"I kontrast mot den SID-baserade ID-översättningen som används om " +"ldap_id_mapping är satt till sant är det tillåtna ID-intervallet för " +"ldap_user_uid_number och ldap_group_gid_number obegränsat. I en uppsättning " +"med underdomäner/betrodda domäner kan detta leda till ID-kollisioner. För " +"att undvika kollisioner kan ldap_min_id och ldap_max_id sättas till att " +"begränsa det tillåtna intervallet för ID:na som läses direkt från servern. " +"Underdomäner kan sedan välja andra intervall för att översätta ID:n." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:959 +msgid "Default: not set (both options are set to 0)" +msgstr "Standard: inte satt (båda alternativen är satta till 0)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:965 +msgid "ldap_sasl_mech (string)" +msgstr "ldap_sasl_mech (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:968 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " +"tested and supported." +msgstr "" +"Ange SASL-mekanismen att använda. För närvarande testas och stödjs endast " +"GSSAPI och GSS-SPNEGO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:972 +msgid "" +"If the backend supports sub-domains the value of ldap_sasl_mech is " +"automatically inherited to the sub-domains. If a different value is needed " +"for a sub-domain it can be overwritten by setting ldap_sasl_mech for this " +"sub-domain explicitly. Please see TRUSTED DOMAIN SECTION in " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" +"Om bakänden stödjer underdomäner ärvs automatiskt värdet av ldap_sasl_mech " +"till underdomänerna. Om ett annat värde behövs för en underdomän kan det " +"skrivas över genom att sätta ldap_sasl_mech för denna underdomän explicit. " +"Se avsnittet SEKTIONEN BETRODDA DOMÄNER i <citerefentry><refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry> för detaljer." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:988 +msgid "ldap_sasl_authid (string)" +msgstr "ldap_sasl_authid (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ldap.5.xml:1000 +#, no-wrap +msgid "" +"hostname@REALM\n" +"netbiosname$@REALM\n" +"host/hostname@REALM\n" +"*$@REALM\n" +"host/*@REALM\n" +"host/*\n" +" " +msgstr "" +"värdnamn@RIKE\n" +"netbiosnamn$@RIKE\n" +"host/värdnamn@RIKE\n" +"*$@RIKE\n" +"host/*@RIKE\n" +"host/*\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:991 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " +"this represents the Kerberos principal used for authentication to the " +"directory. This option can either contain the full principal (for example " +"host/myhost@EXAMPLE.COM) or just the principal name (for example host/" +"myhost). By default, the value is not set and the following principals are " +"used: <placeholder type=\"programlisting\" id=\"0\"/> If none of them are " +"found, the first principal in keytab is returned." +msgstr "" +"Ange SASL-auktoriserings-id:t att använda. När GSSAPI/GSS-SPNEGO används " +"representerar detta Kerberos-huvudmannen som används för autentisering till " +"katalogen. Detta alternativ kan antingen innehålla den fullständiga " +"huvudmannen (till exempel host/minvärd@EXAMPLE.COM) eller bara " +"huvudmannanamnet (till exempel host/minvärd). Som standard är värdet inte " +"satt och följande huvudmän används: <placeholder type=\"programlisting\" " +"id=\"0\"/> Om ingen av dem kan hittas returneras den första huvudmannen i " +"keytab." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1011 +msgid "Default: host/hostname@REALM" +msgstr "Standard: host/värdnamn@RIKE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1017 +msgid "ldap_sasl_realm (string)" +msgstr "ldap_sasl_realm (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" +"Ange SASL-riket att använda. När det inte anges får detta alternativ " +"standardvärdet från krb5_realm. Om ldap_sasl_authid också innehåller riket " +"ignoreras detta alternativ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1026 +msgid "Default: the value of krb5_realm." +msgstr "Standard: värdet på krb5_realm." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1032 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "ldap_sasl_canonicalize (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1035 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" +"Om satt till sant kommer LDAP-biblioteket utföra en omvänd uppslagning för " +"att ta fram värdnamnets kanoniska form under en SASL-bindning." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1040 +msgid "Default: false;" +msgstr "Standard: false;" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1046 +msgid "ldap_krb5_keytab (string)" +msgstr "ldap_krb5_keytab (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1049 +msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." +msgstr "" +"Ange den keytab som skall användas vid användning av SASL/GSSAPI/GSS-SPNEGO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" +"Standard: Systemets keytab, normalt <filename>/etc/krb5.keytab</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1064 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "ldap_krb5_init_creds (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1067 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI or GSS-SPNEGO." +msgstr "" +"Anger att id-leverantören skall initiera Kerberoskreditiv (TGT). Denna " +"åtgärd utförs endast om SASL används och den valda mekanismen är GSSAPI " +"eller GSS-SPNEGO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1079 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "ldap_krb5_ticket_lifetime (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." +msgstr "" +"Anger livslängden i sekunder på TGT:n om GSSAPI eller GSS-SPNEGO används." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 +msgid "Default: 86400 (24 hours)" +msgstr "Standard: 86400 (24 timmar)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "krb5_server, krb5_backup_server (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1100 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" +"Anger en kommaseparerad lista av IP-adresser eller värdnamn till " +"Kerberosservrar till vilka SSSD skall ansluta i prioritetsordning. För mer " +"information om reserver och serverredundans se avsnittet <quote>RESERVER</" +"quote>. Ett frivilligt portnummer (föregånget av ett kolon) kan läggas till " +"till adresserna eller värdnamnen. Om tomt aktiveras tjänsteupptäckt – för " +"mer information, se avsnittet <quote>TJÄNSTEUPPTÄCKT</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" +"När tjänsteupptäckt används för KDC eller kpasswd-servrar söker SSSD först " +"efter DNS-poster som anger _udp som protokoll och provar sedan _tcp om inget " +"hittas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" +"Detta alternativ hade namnet <quote>krb5_kdcip</quote> i tidigare utgåvor av " +"SSSD. Medan det äldre namnet känns igen tills vidare rekommenderas användare " +"att migrera sina konfigurationsfiler till att använda <quote>krb5_server</" +"quote> istället." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "krb5_realm (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1129 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." +msgstr "Ange Kerberos-RIKE (för SASL/GSSAPI/GSS-SPNEGO aut)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1133 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "Standard: Systemstandard, se <filename>/etc/krb5.conf</filename>" + +#. type: Content of: <variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 +msgid "krb5_canonicalize (boolean)" +msgstr "krb5_canonicalize (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1142 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" +"Anger om värdens huvudman skall göras kanonisk vid anslutning till LDAP-" +"servern. Denna funktion är tillgänglig med MIT Kerberos ≥ 1.7" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "krb5_use_kdcinfo (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" +"Anger om SSSD skall instruera Kerberos-biblioteken om vilket rike och vilka " +"KDC:er som skall användas. Detta alternativ är på som standard, om du " +"avaktiverar det behöver du konfigurera Kerberos-biblioteket i " +"konfigurationsfilen <citerefentry> <refentrytitle>krb5.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" +"Se manualsidan <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> för mer information " +"om lokaliseringsinsticksmodulen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1182 +msgid "ldap_pwd_policy (string)" +msgstr "ldap_pwd_policy (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1185 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" +"Välj policyn för att utvärdera utgång av lösenord på klientsidan. Följande " +"värden är tillåtna:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1190 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" +"<emphasis>none</emphasis> – Ingen utvärdering på klientsidan. Detta " +"alternativ kan inte avaktivera lösenordspolicyer på serversidan." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired. Please see option " +"\"ldap_chpass_update_last_change\" as well." +msgstr "" +"<emphasis>shadow</emphasis> – Använd attribut i stilen " +"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> för att utvärdera om lösenordet har gått ut. Se " +"även alternativet ”ldap_chpass_update_last_change”." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1203 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" +"<emphasis>mit_kerberos</emphasis> – Använd attributen som används av MIT " +"Kerberos för att avgöra om lösenordet har gått ut. Använd " +"chpass_provider=krb5 för att uppdatera dessa attribut när lösenordet ändras." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1212 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" +"<emphasis>Obs</emphasis>: om en lösenordspolicy konfigureras på serversidan " +"kommer den alltid gå före framför policyn som sätts med detta alternativ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1220 +msgid "ldap_referrals (boolean)" +msgstr "ldap_referrals (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1223 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "Anger huruvida automatisk uppföljning av referenser skall aktiveras." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1227 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" +"Observera att sssd endast stödjer uppföljning av referenser när den är " +"kompilerad med OpenLDAP version 2.4.13 eller senare." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1232 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement. Setting this option to " +"false is therefore recommended in case the SSSD LDAP provider is used " +"together with Microsoft Active Directory as a backend. Even if SSSD would be " +"able to follow the referral to a different AD DC no additional data would be " +"available." +msgstr "" +"Att följa upp referenser kan orsaka en prestandaförlust i miljöer som " +"använder dem mycket, ett notabelt exempel är Microsoft Active Directory. Om " +"din uppsättning inte faktiskt behöver använda referenser kan att sätta detta " +"alternativ till falskt medföra en märkbar prestandaförbättring. Att sätta " +"denna flagga till falskt rekommenderas därför ifall SSSD LDAP-leverantören " +"används tillsammans med Microsoft Active Directory som bakände. Även om SSSD " +"skulle kunna följa referensen till en annan AD DC skulle inga ytterligare " +"data vara tillgängliga." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1251 +msgid "ldap_dns_service_name (string)" +msgstr "ldap_dns_service_name (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1254 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" +"Anger tjänstenamnet som skall användas när tjänsteupptäckt är aktiverat." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1258 +msgid "Default: ldap" +msgstr "Standard: ldap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1264 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "ldap_chpass_dns_service_name (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1267 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" +"Anger tjänstenamnet att använda för att hitta en LDAP-server som tillåter " +"lösenordsändringar när tjänsteupptäckt är aktiverat." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "Standard: inte satt, d.v.s. tjänsteupptäckt är avaktiverat" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1278 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "ldap_chpass_update_last_change (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1281 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" +"Anger huruvida attributet ldap_user_shadow_last_change skall uppdateras med " +"dagar sedan epoken efter en ändring av lösenord." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1287 +msgid "" +"It is recommend to set this option explicitly if \"ldap_pwd_policy = " +"shadow\" is used to let SSSD know if the LDAP server will update " +"shadowLastChange LDAP attribute automatically after a password change or if " +"SSSD has to update it." +msgstr "" +"Det rekommenderas att explicit sätta detta alternativ om ”ldap_pwd_policy = " +"shadow” används för att låta SSSD veta om LDAP-servern kommer uppdatera LDAP-" +"attributet shadowLastChange automatiskt efter en lösenordsändring eller om " +"SSSD måste uppdatera det." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1301 +msgid "ldap_access_filter (string)" +msgstr "ldap_access_filter (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1304 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" +"Om man använder access_provider = ldap och ldap_access_order = filter " +"(standard) är detta alternativ nödvändigt. Det anger ett LDAP-" +"sökfilterkriterium som måste uppfyllas för att användaren skall ges åtkomst " +"till denna värd. Om access_provider = ldap, ldap_access_order = filter och " +"detta alternativ inte är satt kommer det resultera i att alla användare " +"nekas åtkomst. Använd access_provider = permit för att ändra detta " +"standardbeteende. Observera att detta filter endast tillämpas på LDAP-" +"användarposten och därmed filter baserade på nästade grupper kanske inte " +"fungerar (t.ex. attributet memberOf i AD-poster pekar endast på direkta " +"föräldrar). Om filtrering baserad på nästade grupper behövs, se " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1324 +msgid "Example:" +msgstr "Exempel:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1327 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1331 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" +"Detta exempel betyder att åtkomst till denna värd är begränsad till " +"användare vars attribut employeeType är satt till ”admin”." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1336 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice versa." +msgstr "" +"Frånkopplad cachning för denna funktion är begränsad till att avgöra " +"huruvida användarens senaste uppkopplade inloggning tilläts " +"åtkomsträttigheter. Om de tilläts vid senaste inloggningen kommer de " +"fortsätta ges åtkomst under frånkoppling, och vice versa." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 +msgid "Default: Empty" +msgstr "Standard: Empty" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1350 +msgid "ldap_account_expire_policy (string)" +msgstr "ldap_account_expire_policy (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1353 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" +"Med detta alternativ kan en utvärdering på klientsidan av " +"åtkomststyrningsattribut aktiveras." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1357 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" +"Observera att det alltid är rekommenderat att använda åtkomstkontroll på " +"serversidan, d.v.s. LDAP-servern skall neka bindningsbegäran med en passande " +"felkod även om lösenordet är korrekt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1364 +msgid "The following values are allowed:" +msgstr "Följande värden är tillåtna:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1367 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" +"<emphasis>shadow</emphasis>: använd värdet på ldap_user_shadow_expire för " +"att avgöra om kontot har gått ut." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1372 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" +"<emphasis>ad</emphasis>: använd värdet på 32-bitarsfältet " +"ldap_user_ad_user_account_control och tillåt åtkomst om den andra biten inte " +"är satt. Om attributet saknas tillåts åtkomst. Utgångstiden för kontot " +"kontrolleras också." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1379 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: använd värdet på ldap_ns_account_lock för att avgöra om åtkomst " +"tillåts eller inte." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" +"<emphasis>nds</emphasis>: värdena på ldap_user_nds_login_allowed_time_map, " +"ldap_user_nds_login_disabled och ldap_user_nds_login_expiration_time används " +"för att avgöra om åtkomst tillåts. Om båda attributen saknas tillåts åtkomst." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1393 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" +"Observera att konfigurationsalternativet ldap_access_order <emphasis>måste</" +"emphasis> innehålla <quote>expire</quote> för att alternativet " +"ldap_account_expire_policy skall fungera." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1406 +msgid "ldap_access_order (string)" +msgstr "ldap_access_order (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" +"Kommaseparerad lista över åtkomststyrningsalternativ. Tillåtna värden är:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1413 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "<emphasis>filter</emphasis>: använd ldap_access_filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1416 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" +"<emphasis>lockout</emphasis>: använd kontolåsning. Om satt nekar detta " +"alternativ åtkomst ifall ldap-attributet ”pwdAccountLockedTime” finns och " +"har värdet ”000001010000Z”. Se alternativet ldap_pwdlockout_dn. Observera " +"att ”access_provider = ldap” måste vara satt för att denna funktion skall " +"fungera." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1426 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" +"<emphasis>Observera att detta alternativ ersätts av alternativet " +"<quote>ppolicy</quote> och kan komma att tas bort i en framtida utgåva.</" +"emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1433 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" +"<emphasis>ppolicy</emphasis>: använd kontolåsning. Om satt nekar detta " +"alternativ åtkomst ifall ldap-attributet ”pwdAccountLockedTime” finns och " +"har värdet ”000001010000Z” eller representerar en tidpunkt i det förgångna. " +"Värdet på attributet ”pwdAccountLockedTime” måste sluta med ”Z”, som " +"markerar tidszonen UTC. Andra tidszoner stödjs för närvarande inte och " +"kommer resultera i ”access-denied” när användare försöker logga in. Se " +"alternativet ldap_pwdlockout_dn. Observera att ”access_provider = ldap” " +"måste vara satt för att denna funktion skall fungera." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1450 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "<emphasis>expire</emphasis>: använd ldap_account_expire_policy" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> Dessa alternativ är användbara om " +"användare vill bli varnade att lösenordet är på gång att gå ut och " +"autentisering är baserat på användning av en annan metod än lösenord – till " +"exempel SSH-nycklar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 +msgid "" +"The difference between these options is the action taken if user password is " +"expired:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 +msgid "pwd_expire_policy_reject - user is denied to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 +msgid "pwd_expire_policy_warn - user is still able to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 +msgid "" +"pwd_expire_policy_renew - user is prompted to change their password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1489 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" +"Observera att ”access_provider = ldap” måste vara satt för att denna " +"funktion skall fungera. ”ldap_pwd_policy” måste också vara satt till en " +"lämplig lösenordspolicy." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" +"<emphasis>authorized_service</emphasis>: använd attributet authorizedService " +"för att avgöra åtkomst" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1499 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" +"<emphasis>host</emphasis>: använd attributet host för att avgöra åtkomst" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1503 +msgid "" +"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " +"remote host can access" +msgstr "" +"<emphasis>rhost</emphasis>: använd attributet rhost för att avgöra huruvida " +"fjärrvärdar kan få åtkomst" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "" +"Please note, rhost field in pam is set by application, it is better to check " +"what the application sends to pam, before enabling this access control option" +msgstr "" +"Observera, rhost-fältet i pam sätts av programmet, det är bättre att " +"kontrollera vad programmet skickar till pam, före detta alternativ för " +"åtkomstkontroll aktiveras" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1512 +msgid "Default: filter" +msgstr "Standard: filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1515 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" +"Observera att det är ett konfigurationsfel om ett värde används mer än en " +"gång." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1522 +msgid "ldap_pwdlockout_dn (string)" +msgstr "ldap_pwdlockout_dn (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1525 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" +"Detta alternativ anger DN för lösenordspolicyposten på LDAP-servern. Notera " +"att frånvaro av detta alternativ i sssd.conf när kontroll av kontolåsning är " +"aktiverat kommer att resultera i nekad åtkomst eftersom ppolicy-attribut på " +"LDAP-servern inte kan kontrolleras ordentligt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1533 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "Exempel: cn=ppolicy,ou=policies,dc=example,dc=com" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1536 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "Standard: cn=ppolicy,ou=policies,$ldap_search_base" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1542 +msgid "ldap_deref (string)" +msgstr "ldap_deref (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1545 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" +"Anger hur dereferering av alias görs när sökningar utförs. Följande " +"alternativ är tillåtna:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1550 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "<emphasis>never</emphasis>: Alias är aldrig derefererade." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" +"<emphasis>searching</emphasis>: Alias derefereras i underordnade till " +"basobjektet, men inte vid lokalisering av basobjektet för sökningen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1559 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" +"<emphasis>finding</emphasis>: Alias derefereras endast vid lokalisering av " +"basobjektet för sökningen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1564 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" +"<emphasis>always</emphasis>: Alias derefereras både i sökning och i " +"lokalisering av basobjektet för sökningen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1569 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" +"Standard: Tomt (detta hanteras som <emphasis>never</emphasis> av LDAP-" +"klientbiblioteken)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1577 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "ldap_rfc2307_fallback_to_local_users (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1580 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" +"Tillåter att behålla lokala användare som medlemmar i en LDAP-grupp för " +"servrar som använder schemat RFC2307." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1584 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" +"I en del miljöer där schemat RFC2307 används görs lokala användare till " +"medlemmar i LDAP-grupper genom att lägga till deras namn till attributet " +"memberUid. Den interna konsistensen i domänen bryts när detta görs, så SSSD " +"skulle normalt ta bort de ”saknade” användarna från de cachade " +"gruppmedlemskapen så fort nsswitch försöker hämta information om användaren " +"via anrop av getpw*() eller initgroups()." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1595 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" +"Detta alternativ faller tillbaka på att kontrollera om lokala användare är " +"refererade, och cachar dem så att senare anrop av initgroups() kommer utöka " +"de lokala användarna med de extra LDAP-grupperna." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 +msgid "wildcard_limit (integer)" +msgstr "wildcard_limit (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1610 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" +"Anger en övre gräns på antalet poster som hämtas under en uppslagning med " +"jokertecken." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1614 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" +"För närvarande stödjer endast respondenten InfoPipe jokeruppslagningar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "Default: 1000 (often the size of one page)" +msgstr "Standard: 1000 (ofta storleken på en sida)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1624 +msgid "ldap_library_debug_level (integer)" +msgstr "ldap_library_debug_level (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1627 +msgid "" +"Switches on libldap debugging with the given level. The libldap debug " +"messages will be written independent of the general debug_level." +msgstr "" +"Slår på libldap-felsökning med den angivna nivån. Libldap-felmeddelanden " +"kommer skrivas oberoende av den allmänna debug_level." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1632 +msgid "" +"OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " +"enable full debug output." +msgstr "" +"OpenLDAP använder en bitavbildning för att aktivera felsökning för specifika " +"komponenter, -1 kommer aktivera fullständig felsökningsutmatning." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1637 +msgid "Default: 0 (libldap debugging disabled)" +msgstr "Standard: 0 (libldap-felsökning avaktiverat)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:52 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. Note that SSSD " +"LDAP mapping attributes are described in the <citerefentry> " +"<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Alla de vanliga konfigurationsflaggorna som gäller för SSSD-domäner gäller " +"även för LDAP-domäner. Se avsnittet <quote>DOMÄNSEKTIONER</quote> i " +"manualsidan <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> för fullständiga detaljer. " +"Observera att SSSD LDAP-avbildningsattribut beskrivs i manualsidan " +"<citerefentry> <refentrytitle>sssd-ldap-attributes</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1647 +msgid "SUDO OPTIONS" +msgstr "SUDOALTERNATIV" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1649 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"De detaljerade instruktionerna för att konfigurera sudo-leverantören finns i " +"manualsidan <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1660 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "ldap_sudo_full_refresh_interval (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1663 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" +"Hur många sekunder SSSD kommer vänta mellan körningar av fullständiga " +"uppdateringar av sudo-regler (som hämtar alla regler som är lagrade på " +"servern)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1668 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" +"Värdet måste vara större än <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1673 +msgid "" +"You can disable full refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" +"Man kan avaktivera fullständig uppdatering genom att sätta denna flagga till " +"0. Dock måste antingen smart eller fullständig uppdatering aktiveras." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 +msgid "Default: 21600 (6 hours)" +msgstr "Standard: 21600 (6 timmar)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "ldap_sudo_smart_refresh_interval (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest " +"server USN value that is currently known by SSSD)." +msgstr "" +"Hur många sekunder SSSD måste vänta mellan körningar av en smart uppdatering " +"av sudo-regler (som hämtar alla regler som har USN högre än serverns högsta " +"USN-värde som för närvarande är känt av SSSD)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1693 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" +"Om USN-attribut inte stödjs av servern används attributet modifyTimestamp " +"istället." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1697 +msgid "" +"<emphasis>Note:</emphasis> the highest USN value can be updated by three " +"tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +"enumeration of users and groups (if enabled and updated users or groups are " +"found) and 3) by reconnecting to the server (by default every 15 minutes, " +"see <emphasis>ldap_connection_expire_timeout</emphasis>)." +msgstr "" +"<emphasis>Obs:</emphasis> det högsta USN-värdet kan uppdateras av tre " +"uppgifter: 1) Genom fullständig och smart sudo-uppdatering (om det finns " +"uppdaterade regler), 2) genom uppräkning av användare och grupper (om det " +"finns aktiverade och uppdaterade användare eller grupper) och 3) genom att " +"återansluta till servern (som standard var 15:e minut, se " +"<emphasis>ldap_connection_expire_timeout</emphasis>)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1708 +msgid "" +"You can disable smart refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" +"Man kan avaktivera smart uppdatering genom att sätta denna flagga till 0. " +"Dock måste antingen smart eller fullständig uppdatering aktiveras." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1719 +msgid "ldap_sudo_random_offset (integer)" +msgstr "ldap_sudo_random_offset (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1722 +msgid "" +"Random offset between 0 and configured value is added to smart and full " +"refresh periods each time the periodic task is scheduled. The value is in " +"seconds." +msgstr "" +"En slumptillägg mellan 0 och ett konfigurerat värde läggs till till smart " +"och fullständig uppdateringsperioder varje gång den periodiska uppgiften " +"schemaläggs. Värdet är i sekunder." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Note that this random offset is also applied on the first SSSD start which " +"delays the first sudo rules refresh. This prolongs the time when the sudo " +"rules are not available for use." +msgstr "" +"Observera att detta slumpvisa tilläg även används på den första SSSD-starten " +"vilked fördröjer den första uppdateringen av sudo-regler. Detta förlänger " +"tiden under vilken sudo-reglerna inte är tillgängliga för användning." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1734 +msgid "You can disable this offset by setting the value to 0." +msgstr "Man kan avaktivera denna fördröjning genom att sätta värdet till 0." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1744 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "ldap_sudo_use_host_filter (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1747 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" +"Om sann kommer SSSD hämta endast regler som är tillämpliga för denna maskin " +"(genom användning av IPv4- och IPv6-värd-/-nätverksadresser och värdnamn)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1758 +msgid "ldap_sudo_hostnames (string)" +msgstr "ldap_sudo_hostnames (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1761 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" +"Mellanrumsseparerad lista över värdnamn eller fullständigt kvalificerade " +"domännamn som skall användas för att filtrera reglerna." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1766 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" +"Om detta alternativ är tomt kommer SSSD försöka upptäcka värdnamnet och det " +"fullständigt kvalificerade domännamnet automatiskt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" +"Om <emphasis>ldap_sudo_use_host_filter</emphasis> är <emphasis>false</" +"emphasis> har detta alternativ ingen effekt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 +msgid "Default: not specified" +msgstr "Standard: inte angivet" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1782 +msgid "ldap_sudo_ip (string)" +msgstr "ldap_sudo_ip (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1785 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" +"Mellanrumsseparerad lista över IPv4- eller IPv6 värd-/nätverksadresser som " +"skall användas för att filtrera reglerna." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1790 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" +"Om detta alternativ är tomt kommer SSSD försöka upptäcka adresser " +"automatiskt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1805 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "ldap_sudo_include_netgroups (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1808 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" +"Om sant kommer SSSD hämta varje regel som innehåller en nätgrupp i " +"attributet sudoHost." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1823 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "ldap_sudo_include_regexp (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1826 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" +"Om sant kommer SSSD hämta varje regel som innehåller ett jokertecken i " +"attributet sudoHost." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +#: sssd-ldap.5.xml:1836 +msgid "" +"Using wildcard is an operation that is very costly to evaluate on the LDAP " +"server side!" +msgstr "" +"Att använda jokertecken är en operation som är väldigt dyr att evaluera på " +"LDAP-serversidan!" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1848 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" +"Denna manualsida beskriver endast attributnamnsöversättningar. För " +"detaljerade beskrivningar av semantiken hos sudo-relaterade attribut, se " +"<citerefentry> <refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1858 +msgid "AUTOFS OPTIONS" +msgstr "AUTOFSALTERNATIV" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" +"Några av standardvärdena för parametrar nedan är beroende på LDAP-schemat." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1866 +msgid "ldap_autofs_map_master_name (string)" +msgstr "ldap_autofs_map_master_name (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1869 +msgid "The name of the automount master map in LDAP." +msgstr "Namnet på automount master-kartan i LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1872 +msgid "Default: auto.master" +msgstr "Standard: auto.master" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1883 +msgid "ADVANCED OPTIONS" +msgstr "AVANCERADE ALTERNATIV" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1890 +msgid "ldap_netgroup_search_base (string)" +msgstr "ldap_netgroup_search_base (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1895 +msgid "ldap_user_search_base (string)" +msgstr "ldap_user_search_base (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1900 +msgid "ldap_group_search_base (string)" +msgstr "ldap_group_search_base (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:1905 +msgid "<note>" +msgstr "<note>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no GID mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" +"Om alternativet <quote>ldap_use_tokengroups</quote> är aktiverat kommer " +"sökningarna i Active Directory inte vara begränsade och returnera alla " +"gruppmedlemskap, även utan någon GID-översättning. Det rekommenderas att " +"avaktivera denna funktion om gruppnamn inte visas korrekt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:1914 +msgid "</note>" +msgstr "</note>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1916 +msgid "ldap_sudo_search_base (string)" +msgstr "ldap_sudo_search_base (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_autofs_search_base (string)" +msgstr "ldap_autofs_search_base (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1885 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder " +"type=\"variablelist\" id=\"1\"/>" +msgstr "" +"Dessa alternativ stödjs av LDAP-domäner, men de skall användas med " +"försiktighet. Inkludera dem endast i din konfiguration om du vet vad du " +"gör. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder " +"type=\"variablelist\" id=\"1\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 +msgid "EXAMPLE" +msgstr "EXEMPEL" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" +"Följande exempel antar att SSSD är korrekt konfigurerat och att LDAP är satt " +"till en av domänerna i avsnittet <replaceable>[domains]</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1944 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mindomän.se\n" +"ldap_search_base = dc=mindomän,dc=se\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 +#: include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1955 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "LDAP-ÅTKOMSTFILTEREXEMPEL" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1957 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" +"Följande exempel antar att SSSD är korrekt konfigurerat och att " +"ldap_access_order=lockout används." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1962 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mindomän,dc=se\n" +"ldap_uri = ldap://ldap.mindomän.se\n" +"ldap_search_base = dc=mindomän,dc=se\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "NOTER" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1979 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" +"Beskrivningarna av en del konfigurationsalternativ i denna manualsida är " +"baserade på manualsidan <citerefentry> <refentrytitle>ldap.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> från distributionen " +"OpenLDAP 2.4." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:11 pam_sss.8.xml:16 +msgid "pam_sss" +msgstr "pam_sss" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: pam_sss.8.xml:12 pam_sss_gss.8.xml:12 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11 +#: sssd_krb5_localauth_plugin.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:17 +msgid "PAM module for SSSD" +msgstr "PAM-modul för SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:22 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg " +"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg " +"choice='opt'> <replaceable>prompt_always</replaceable> </arg> <arg " +"choice='opt'> <replaceable>try_cert_auth</replaceable> </arg> <arg " +"choice='opt'> <replaceable>require_cert_auth</replaceable> </arg>" +msgstr "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg " +"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg " +"choice='opt'> <replaceable>prompt_always</replaceable> </arg> <arg " +"choice='opt'> <replaceable>try_cert_auth</replaceable> </arg> <arg " +"choice='opt'> <replaceable>require_cert_auth</replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:64 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" +"<command>pam_sss.so</command> är PAM-gränssnittet till System Security " +"Services daemon (SSSD). Fel och resultat loggas via <command>syslog(3)</" +"command> med funktionen LOG_AUTHPRIV." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123 +#: sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "FLAGGOR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:74 +msgid "<option>quiet</option>" +msgstr "<option>quiet</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:77 +msgid "Suppress log messages for unknown users." +msgstr "Undertryck loggmeddelanden om okända användare." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>forward_pass</option>" +msgstr "<option>forward_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" +"Om <option>forward_pass</option> är satt läggs det inskrivna lösenordet på " +"stacken så att andra PAM-moduler kan använda det." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:92 +msgid "<option>use_first_pass</option>" +msgstr "<option>use_first_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:95 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" +"Argumentet use_first_pass tvingar modulen att använda tidigare stackade " +"modulers lösenord och kommer aldrig fråga användaren – om inget lösenord är " +"tillgängligt eller lösenordet inte stämmer kommer användaren nekas åtkomst." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>use_authtok</option>" +msgstr "<option>use_authtok</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" +"Vid lösenordsändring tvinga modulen till att sätta det nya lösenordet till " +"det som gavs av en tidigare stackad lösenordsmodul." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:113 +msgid "<option>retry=N</option>" +msgstr "<option>retry=N</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:116 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" +"Om angivet frågas användaren ytterligare N gånger om ett lösenord ifall " +"autentiseringen misslyckas. Standard är 0." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:118 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" +"Observera att detta alternativ kanske inte fungerar som förväntat ifall " +"programmet som anropar PAM hanterar användardialogen själv. Ett typiskt " +"exempel är <command>sshd</command> med <option>PasswordAuthentication</" +"option>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_unknown_user</option>" +msgstr "<option>ignore_unknown_user</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:130 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" +"Om detta alternativ anges och användaren inte finns kommer PAM-modulen " +"returnera PAM_IGNORE. Detta får PAM-ramverket att ignorera denna modul." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:137 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "<option>ignore_authinfo_unavail</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:141 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" +"Anger att PAM-modulen skall returnera PAM_IGNORE om det inte kan kontakta " +"SSSD-demonen. Detta får PAM-ramverket att ignorera denna modul." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:148 +msgid "<option>domains</option>" +msgstr "<option>domains</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:152 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" +"Tillåter administratören att begränsa domänerna en viss PAM-tjänst tillåts " +"autentisera emot. Formatet är en kommaseparerad lista över SSSD-domännamn " +"som de specificeras i filen sssd.conf." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:158 +msgid "" +"NOTE: If this is used for a service not running as root user, e.g. a web-" +"server, it must be used in conjunction with the <quote>pam_trusted_users</" +"quote> and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" +"OBS: om detta används för en tjänst som inte kör som root-användaren, t.ex. " +"en webb-server, måste det användas tillsammans med flaggorna " +"<quote>pam_trusted_users</quote> och <quote>pam_public_domains</quote>. Se " +"manualsidan <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> för mer information om dessa två " +"PAM-respondentalternativ." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:173 +msgid "<option>allow_missing_name</option>" +msgstr "<option>allow_missing_name</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:177 +msgid "" +"The main purpose of this option is to let SSSD determine the user name based " +"on additional information, e.g. the certificate from a Smartcard." +msgstr "" +"Huvudsyftet med denna flagga är att låta SSSD avgöra användarnamnet baserat " +"på ytterligare information, t.ex. certifikatet från ett smartkort." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: pam_sss.8.xml:187 +#, no-wrap +msgid "" +"auth sufficient pam_sss.so allow_missing_name\n" +" " +msgstr "" +"auth sufficient pam_sss.so allow_missing_name\n" +" " + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:182 +msgid "" +"The current use case are login managers which can monitor a Smartcard reader " +"for card events. In case a Smartcard is inserted the login manager will call " +"a PAM stack which includes a line like <placeholder type=\"programlisting\" " +"id=\"0\"/> In this case SSSD will try to determine the user name based on " +"the content of the Smartcard, returns it to pam_sss which will finally put " +"it on the PAM stack." +msgstr "" +"Det aktuella användningsfallet är inloggningshanterare som kan övervaka en " +"smartkortläsare om korthändelser. Ifall en smartkort sätts in kommer " +"inloggningshanteraren anropa en PAM-stack som innehåller en rad som " +"<placeholder type=\"programlisting\" id=\"0\"/> I detta fall kommer SSSD " +"försöka avgöra användarnamnet baserat på innehållet på smartkortet, " +"returnerar det till pam_sss som slutligen kommer lägga det på PAM-stacken." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:197 +msgid "<option>prompt_always</option>" +msgstr "<option>prompt_always</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:201 +msgid "" +"Always prompt the user for credentials. With this option credentials " +"requested by other PAM modules, typically a password, will be ignored and " +"pam_sss will prompt for credentials again. Based on the pre-auth reply by " +"SSSD pam_sss might prompt for a password, a Smartcard PIN or other " +"credentials." +msgstr "" +"Fråga alltid användaren om kreditiv. Med denna flagga kommer kreditiv " +"begärda av andra PAM-moduler, typiskt ett lösenord, ignoreras och pam_sss " +"kommer fråga efter kreditiv igen. Baserat på förautentiseringssvaret från " +"SSSD kan pam_sss komma att fråga efter ett lösenord, ett smartkorts-PIN " +"eller andra kreditiv." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:212 +msgid "<option>try_cert_auth</option>" +msgstr "<option>try_cert_auth</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:216 +msgid "" +"Try to use certificate based authentication, i.e. authentication with a " +"Smartcard or similar devices. If a Smartcard is available and the service is " +"allowed for Smartcard authentication the user will be prompted for a PIN and " +"the certificate based authentication will continue" +msgstr "" +"Försök använda certifikatbaserad smartkortsautentisering, d.v.s. " +"autentisering med smartkort eller liknande enheter. Om ett smartkort är " +"tillgängligt och tjänsten tillåter smartkortsautentisering kommer användaren " +"frågas om ett PIN och certifikatbaserad autentisering kommer fortsätta" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:224 +msgid "" +"If no Smartcard is available or certificate based authentication is not " +"allowed for the current service PAM_AUTHINFO_UNAVAIL is returned." +msgstr "" +"Om inget smartkort är tillgängligt eller certifikatbaserad autentisering " +"inte är tillåten för den aktuella tjänsten returneras PAM_AUTHINFO_UNAVAIL." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:232 +msgid "<option>require_cert_auth</option>" +msgstr "<option>require_cert_auth</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:236 +msgid "" +"Do certificate based authentication, i.e. authentication with a Smartcard " +"or similar devices. If a Smartcard is not available the user will be " +"prompted to insert one. SSSD will wait for a Smartcard until the timeout " +"defined by p11_wait_for_card_timeout passed, please see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" +"Använd certifikatbaserad autentisering, d.v.s. autentisering med smartkort " +"eller liknande enheter. Om ett smartkort inte är tillgängligt ombeds " +"användaren att sätta in ett. SSSD kommer att vänta på ett smartkort tills " +"tidsgränsen definierad av p11_wait_for_card_timeout har passerats, se " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> för detaljer." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:246 +msgid "" +"If no Smartcard is available after the timeout or certificate based " +"authentication is not allowed for the current service PAM_AUTHINFO_UNAVAIL " +"is returned." +msgstr "" +"Om inget smartkort är tillgängligt efter att tidsgränsen passerats eller om " +"certifikatbaserad autentisering inte är tillåten för den aktuella tjänsten " +"returneras PAM_AUTHINFO_UNAVAIL." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:256 pam_sss_gss.8.xml:103 +msgid "MODULE TYPES PROVIDED" +msgstr "TILLHANDAHÅLLNA MODULTYPER" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:257 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" +"Alla modultyper (<option>account</option>, <option>auth</option>, " +"<option>password</option> och <option>session</option>) tillhandahålls." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:260 +msgid "" +"If SSSD's PAM responder is not running, e.g. if the PAM responder socket is " +"not available, pam_sss will return PAM_USER_UNKNOWN when called as " +"<option>account</option> module to avoid issues with users from other " +"sources during access control." +msgstr "" +"Om SSSD:s PAM-respondent inte kör, t.ex. om PAM-respondentens uttag (socket) " +"inte är tillgängligt kommer pam_sss returnera PAM_USER_UNKNOWN när det " +"anropas som modulen <option>account</option> för att undvika problem med " +"användare från andra källor under åtkomstkontroll." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:267 pam_sss_gss.8.xml:108 +msgid "RETURN VALUES" +msgstr "RETURVÄRDEN" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:270 pam_sss_gss.8.xml:111 +msgid "PAM_SUCCESS" +msgstr "PAM_SUCCESS" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:273 pam_sss_gss.8.xml:114 +msgid "The PAM operation finished successfully." +msgstr "PAM-åtgärden avslutades framgångsrikt." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:278 pam_sss_gss.8.xml:119 +msgid "PAM_USER_UNKNOWN" +msgstr "PAM_USER_UNKNOWN" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:281 +msgid "" +"The user is not known to the authentication service or the SSSD's PAM " +"responder is not running." +msgstr "" +"Användaren är inte känd av autentiseringstjänsten eller så kör inte SSSD:s " +"PAM-respondent." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:287 pam_sss_gss.8.xml:128 +msgid "PAM_AUTH_ERR" +msgstr "PAM_AUTH_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:290 +msgid "" +"Authentication failure. Also, could be returned when there is a problem with " +"getting the certificate." +msgstr "" +"Misslyckad autentisering. Kan också returneras när det är problem med att " +"hämta certifikatet." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:296 +msgid "PAM_PERM_DENIED" +msgstr "PAM_PERM_DENIED" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:299 +msgid "" +"Permission denied. The SSSD log files may contain additional information " +"about the error." +msgstr "" +"Åtkomst nekas. SSSD-loggfilerna kan innehålla ytterligare information om " +"felet." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:305 +msgid "PAM_IGNORE" +msgstr "PAM_IGNORE" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:308 +msgid "" +"See options <option>ignore_unknown_user</option> and " +"<option>ignore_authinfo_unavail</option>." +msgstr "" +"Se flaggorna <option>ignore_unknown_user</option> och " +"<option>ignore_authinfo_unavail</option>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:314 +msgid "PAM_AUTHTOK_ERR" +msgstr "PAM_AUTHTOK_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:317 +msgid "" +"Unable to obtain the new authentication token. Also, could be returned when " +"the user authenticates with certificates and multiple certificates are " +"available, but the installed version of GDM does not support selection from " +"multiple certificates." +msgstr "" +"Kan inte hämta det nya autentiseringstecknet. Kan också returneras när " +"användaren autentiserar med certifikat och flera certifikat är tillgängliga, " +"men den installerade versionen av GDM inte stödjer val bland flera " +"certifikat." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:325 pam_sss_gss.8.xml:136 +msgid "PAM_AUTHINFO_UNAVAIL" +msgstr "PAM_AUTHINFO_UNAVAIL" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:328 pam_sss_gss.8.xml:139 +msgid "" +"Unable to access the authentication information. This might be due to a " +"network or hardware failure." +msgstr "" +"Kan inte komma åt autentiseringsinformationen. Detta kan bero på ett " +"nätverks- eller hårdvarufel." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:334 +msgid "PAM_BUF_ERR" +msgstr "PAM_BUF_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:337 +msgid "" +"A memory error occurred. Also, could be returned when options use_first_pass " +"or use_authtok were set, but no password was found from the previously " +"stacked PAM module." +msgstr "" +"Ett minnesfel uppstod. Kan också returneras när flagga use_first_pass eller " +"use_authtok är satt, men inget lösenord hittades från den tidigare stackade " +"PAM-modulen." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:344 pam_sss_gss.8.xml:145 +msgid "PAM_SYSTEM_ERR" +msgstr "PAM_SYSTEM_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:347 pam_sss_gss.8.xml:148 +msgid "" +"A system error occurred. The SSSD log files may contain additional " +"information about the error." +msgstr "" +"Ett systemfel uppstod. SSSD-loggfilerna kan innehålla ytterligare " +"information om felet." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:353 +msgid "PAM_CRED_ERR" +msgstr "PAM_CRED_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:356 +msgid "Unable to set the credentials of the user." +msgstr "Kan inte sätta kreditiv för användaren." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:361 +msgid "PAM_CRED_INSUFFICIENT" +msgstr "PAM_CRED_INSUFFICIENT" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:364 +msgid "" +"The application does not have sufficient credentials to authenticate the " +"user. For example, missing PIN during smartcard authentication or missing " +"factor during two-factor authentication." +msgstr "" +"Programmet har inte tillräckliga kreditiv för att autentisera användaren. " +"Till exempel saknas PIN under smartkortsautentisering eller en saknad faktor " +"under tvåfaktorautentisering." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:372 +msgid "PAM_SERVICE_ERR" +msgstr "PAM_SERVICE_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:375 +msgid "Error in service module." +msgstr "Fel i tjänstemodul." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:380 +msgid "PAM_NEW_AUTHTOK_REQD" +msgstr "PAM_NEW_AUTHTOK_REQD" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:383 +msgid "The user's authentication token has expired." +msgstr "Användarens autentiseringstecken har gått ut." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:388 +msgid "PAM_ACCT_EXPIRED" +msgstr "PAM_ACCT_EXPIRED" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:391 +msgid "The user account has expired." +msgstr "Användarkontot har gått ut." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:396 +msgid "PAM_SESSION_ERR" +msgstr "PAM_SESSION_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:399 +msgid "Unable to fetch IPA Desktop Profile rules or user info." +msgstr "Kan inte hämta IPA-skrivbordsprofilsregler eller -användarinformation." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:404 +msgid "PAM_CRED_UNAVAIL" +msgstr "PAM_CRED_UNAVAIL" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:407 +msgid "Unable to retrieve Kerberos user credentials." +msgstr "Kan inte hämta Kerberos-användarkreditiv." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:412 +msgid "PAM_NO_MODULE_DATA" +msgstr "PAM_NO_MODULE_DATA" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:415 +msgid "" +"No authentication method was found by Kerberos. This might happen if the " +"user has a Smartcard assigned but the pkint plugin is not available on the " +"client." +msgstr "" +"Ingen autentiseringsmetod hittades av Kerberos. Detta kan inträffa om " +"användaren har ett smartkort tilldelat men insticksmodulen pkint inte är " +"tillgänglig på klienten." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:422 +msgid "PAM_CONV_ERR" +msgstr "PAM_CONV_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:425 +msgid "Conversation failure." +msgstr "Konversationsfel." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:430 +msgid "PAM_AUTHTOK_LOCK_BUSY" +msgstr "PAM_AUTHTOK_LOCK_BUSY" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:433 +msgid "No KDC suitable for password change is available." +msgstr "Ingen KDC lämpad för lösenordsändringar finns tillgänglig." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:438 +msgid "PAM_ABORT" +msgstr "PAM_ABORT" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:441 +msgid "Unknown PAM call." +msgstr "Okänt PAM-anrop." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:446 +msgid "PAM_MODULE_UNKNOWN" +msgstr "PAM_MODULE_UNKNOWN" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:449 +msgid "Unsupported PAM task or command." +msgstr "PAM-uppgift eller -kommando som inte stödjs." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:454 +msgid "PAM_BAD_ITEM" +msgstr "PAM_BAD_ITEM" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:457 +msgid "The authentication module cannot handle Smartcard credentials." +msgstr "Autentiseringsmodulen kan inte hantera smartkortskreditiv." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:465 +msgid "FILES" +msgstr "FILER" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:466 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" +"Om en återställning av lösenord av root misslyckas, för att motsvarande SSSD-" +"leverantör inte stödjer återställning av lösenord, kan ett individuellt " +"meddelande visas. Detta meddelande kan t.ex. innehålla instruktioner hur man " +"återställer ett lösenord." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:471 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" +"Meddelandet läses från filen <filename>pam_sss_pw_reset_message.LOK</" +"filename> där LOK står för en lokalsträng som den returneras av " +"<citerefentry> <refentrytitle>setlocale</refentrytitle><manvolnum>3</" +"manvolnum> </citerefentry>. Om det inte finns någon matchande fil visas " +"innehållet i <filename>pam_sss_pw_reset_message.txt</filename>. Root måste " +"vara ägaren av filerna och endast root får ha läs- och skrivrättigheter " +"medan alla andra användare endast får ha läsrättigheter." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:481 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" +"Dessa filer söks efter i katalogen <filename>/etc/sssd/customize/DOMÄNNAMN/</" +"filename>. Om ingen matchande fil finns visas ett allmänt meddelande." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss_gss.8.xml:11 pam_sss_gss.8.xml:16 +msgid "pam_sss_gss" +msgstr "pam_sss_gss" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss_gss.8.xml:17 +msgid "PAM module for SSSD GSSAPI authentication" +msgstr "PAM-modul för SSSD GSSAPI-autentisering" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss_gss.8.xml:22 +msgid "" +"<command>pam_sss_gss.so</command> <arg choice='opt'> <replaceable>debug</" +"replaceable> </arg>" +msgstr "" +"<command>pam_sss_gss.so</command> <arg choice='opt'> " +"<replaceable>felsökning</replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:32 +msgid "" +"<command>pam_sss_gss.so</command> authenticates user over GSSAPI in " +"cooperation with SSSD." +msgstr "" +"<command>pam_sss_gss.so</command> autentiserar användaren över GSSAPI i " +"samarbete med SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:36 +msgid "" +"This module will try to authenticate the user using the GSSAPI hostbased " +"service name host@hostname which translates to host/hostname@REALM Kerberos " +"principal. The <emphasis>REALM</emphasis> part of the Kerberos principal " +"name is derived by Kerberos internal mechanisms and it can be set explicitly " +"in configuration of [domain_realm] section in /etc/krb5.conf." +msgstr "" +"Denna modul kommer försöka autentisera användaren med det värdbaserade " +"GSSAPI-tjänstenamnet värd@värdnamn vilket översätts till Kerberos-" +"huvudmannen värd/värdnamn@RIKE. Delen <emphasis>RIKE</emphasis> av Kerberos-" +"huvudmannanamnet härleds av Kerberos interna mekanismer och det kan sättas " +"uttryckligen i konfigurationen av sektionen [domain_realm] i /etc/krb5.conf." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:44 +msgid "" +"SSSD is used to provide desired service name and to validate the user's " +"credentials using GSSAPI calls. If the service ticket is already present in " +"the Kerberos credentials cache or if user's ticket granting ticket can be " +"used to get the correct service ticket then the user will be authenticated." +msgstr "" +"SSSD används för att tillhandahålla det önskade tjänstenamnet och för att " +"validera användarens kreditiv med GSSAPI-anrop. Om tjänstebiljetten redan är " +"tillgänglig i Kerberos kreditiv-cache eller om användarens " +"biljettgivarbiljett kan användas för att få det korrekta tjänstebiljetten, i " +"så fall kommer användaren autentiseras." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:51 +msgid "" +"If <option>pam_gssapi_check_upn</option> is True (default) then SSSD " +"requires that the credentials used to obtain the service tickets can be " +"associated with the user. This means that the principal that owns the " +"Kerberos credentials must match with the user principal name as defined in " +"LDAP." +msgstr "" +"Om <option>pam_gssapi_check_upn</option> är sant (standard) kräver SSSD att " +"kreditiven som använts till att få denna tjänstebiljett kan associeras med " +"användaren. Detta betydera tt huvudmannen som äger Kerberos-kreditiven måste " +"stämma med användarens huvudmannanamn så som det definieras i LDAP." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:58 +msgid "" +"To enable GSSAPI authentication in SSSD, set <option>pam_gssapi_services</" +"option> option in [pam] or domain section of sssd.conf. The service " +"credentials need to be stored in SSSD's keytab (it is already present if you " +"use ipa or ad provider). The keytab location can be set with " +"<option>krb5_keytab</option> option. See <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> and " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more details on these options." +msgstr "" +"För att aktivera GSSAPI-autentisering i SSSD, sätt alternativet " +"<option>pam_gssapi_services</option> i [pam] eller domänsektionen i sssd." +"conf. Tjänstekreditiven behöver lagras i SSSD:s keytab (de finns där redan " +"om man använder leverantören ipa eller ad). Keytab-platsen kan anges med " +"alternativet <option>krb5_keytab</option>. Se <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> och <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> för fler detaljer om dessa " +"alternativ." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:74 +msgid "" +"Some Kerberos deployments allow to associate authentication indicators with " +"a particular pre-authentication method used to obtain the ticket granting " +"ticket by the user. <command>pam_sss_gss.so</command> allows to enforce " +"presence of authentication indicators in the service tickets before a " +"particular PAM service can be accessed." +msgstr "" +"Några Kerberos-installationer tillåter associationen av " +"autentiseringsindikatorer med en viss förautentiseringsmetod använd för att " +"hämta biljettgivarbiljetten av användaren. <command>pam_sss_gss.so</command> " +"gör att man kan kräva närvaron av autentiseringsindikatorer i " +"tjänstebiljetten för en viss PAM-tjänst kan nås." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:82 +msgid "" +"If <option>pam_gssapi_indicators_map</option> is set in the [pam] or domain " +"section of sssd.conf, then SSSD will perform a check of the presence of any " +"configured indicators in the service ticket." +msgstr "" +"Om <option>pam_gssapi_indicators_map</option> är satt i sektionen [pam] " +"eller domänsektionen i sssd.conf kommer SSSD utföra en kontroll av närvaron " +"av några konfigurerade indikatorer i tjänstebiljetten." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss_gss.8.xml:93 +msgid "<option>debug</option>" +msgstr "<option>debug</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:96 +msgid "Print debugging information." +msgstr "Skriv ut felsökningsinformation." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:104 +msgid "Only the <option>auth</option> module type is provided." +msgstr "Endast modulen <option>auth</option> tillhandahålls." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:122 +msgid "" +"The user is not known to the authentication service or the GSSAPI " +"authentication is not supported." +msgstr "" +"Användaren är inte känd av autentiseringstjänsten eller så stödjs inte " +"autentisering med GSSAPI." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:131 +msgid "Authentication failure." +msgstr "Autentiseringsfel." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:159 +msgid "" +"The main use case is to provide password-less authentication in sudo but " +"without the need to disable authentication completely. To achieve this, " +"first enable GSSAPI authentication for sudo in sssd.conf:" +msgstr "" +"Det huvudsakliga användningsfallet är att tillhandahålla lösenordsfri " +"autentisering i sudo men utan behovet av att avaktivera autentisering helt. " +"För att uppnå detta, aktivera först GSSAPI-autentisering av sudo i sssd.conf:" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:165 +#, no-wrap +msgid "" +"[domain/MYDOMAIN]\n" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" +"[domain/MINDOMÄN]\n" +"pam_gssapi_services = sudo, sudo-i\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:169 +msgid "" +"And then enable the module in desired PAM stack (e.g. /etc/pam.d/sudo and /" +"etc/pam.d/sudo-i)." +msgstr "" +"Aktivera sedan modulen i den önskande PAM-stacken (t.ex. /etc/pam.d/sudo " +"och /etc/pam.d/sudo-i)." + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:173 +#, no-wrap +msgid "" +"...\n" +"auth sufficient pam_sss_gss.so\n" +"...\n" +" " +msgstr "" +"…\n" +"auth sufficient pam_sss_gss.so\n" +"…\n" +" " + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss_gss.8.xml:180 +msgid "TROUBLESHOOTING" +msgstr "FELSÖKNING" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:182 +msgid "" +"SSSD logs, pam_sss_gss debug output and syslog may contain helpful " +"information about the error. Here are some common issues:" +msgstr "" +"SSSD-loggar, pam_sss_gss felsökningsutmatning och syslog kan innehålla " +"användbar information om felet. Här är några vanliga problem:" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:186 +msgid "" +"1. I have KRB5CCNAME environment variable set and the authentication does " +"not work: Depending on your sudo version, it is possible that sudo does not " +"pass this variable to the PAM environment. Try adding KRB5CCNAME to " +"<option>env_keep</option> in /etc/sudoers or in your LDAP sudo rules default " +"options." +msgstr "" +"1. Jag har miljövariabeln KRB5CCNAME satt och autentiseringen fungerar inte: " +"beroende på din sudo-versionär det möjligt att sudo inte skickar denna " +"variabel till PAM-miljön. Försök lägga till KRB5CCNAME till " +"<option>env_keep</option> i /etc/sudoers eller i dina LDAP-sudo-reglers " +"standardalternativ." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:193 +msgid "" +"2. Authentication does not work and syslog contains \"Server not found in " +"Kerberos database\": Kerberos is probably not able to resolve correct realm " +"for the service ticket based on the hostname. Try adding the hostname " +"directly to <option>[domain_realm]</option> in /etc/krb5.conf like so:" +msgstr "" +"2. Autentiseringen fungerar inte och syslog innehåller ”Server not found in " +"Kerberos database”: Kerberos kan förmodligen inte lösa upp det korrekta " +"riket för tjänstebiljetten baserat på värdnamnet. Försök att lägga till " +"värdnamnet direk till <option>[domain_realm[</option> i /etc/krb5.conf så " +"här:" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:200 +msgid "" +"3. Authentication does not work and syslog contains \"No Kerberos " +"credentials available\": You don't have any credentials that can be used to " +"obtain the required service ticket. Use kinit or authenticate over SSSD to " +"acquire those credentials." +msgstr "" +"3. Autentiseringen fungerar inte och syslog innehåller ”No Kerberos " +"credentials available”: du har inte några kreditiv som kan användas för att " +"få den önskade tjänstebiljetten. Använd kinit eller autentisera över SSSD " +"för att få dessa kreditiv." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:206 +msgid "" +"4. Authentication does not work and SSSD sssd-pam log contains \"User with " +"UPN [$UPN] was not found.\" or \"UPN [$UPN] does not match target user " +"[$username].\": You are using credentials that can not be mapped to the user " +"that is being authenticated. Try to use kswitch to select different " +"principal, make sure you authenticated with SSSD or consider disabling " +"<option>pam_gssapi_check_upn</option>." +msgstr "" +"4. Autentisering fungerar inte och SSSD sssd-pam-loggen innehåller ”User " +"with UPN [$UPN] was not found.” eller ”UPN [$UPN] does not match target user " +"[$username].”: du använder kreditiv som inte kan kopplas till användaren som " +"autentiseras. Försök att använda kswitch för att välja en annan huvudman, se " +"till att du autentiserade med SSSD eller överväg att avaktivera " +"<option>pam_gssapi_check_upn</option>." + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:214 +#, no-wrap +msgid "" +"[domain_realm]\n" +".myhostname = MYREALM\n" +" " +msgstr "" +"[domain_realm]\n" +".myhostname = MITTRIKE\n" +" " + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "sssd_krb5_locator_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "Kerberos lokaliseringsinsticksmodul" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by libkrb5 to find KDCs for a given Kerberos realm. SSSD provides such " +"a plugin to guide all Kerberos clients on a system to a single KDC. In " +"general it should not matter to which KDC a client process is talking to. " +"But there are cases, e.g. after a password change, where not all KDCs are in " +"the same state because the new data has to be replicated first. To avoid " +"unexpected authentication failures and maybe even account lockings it would " +"be good to talk to a single KDC as long as possible." +msgstr "" +"Kerberos lokaliseringsinsticksmodul <command>sssd_krb5_locator_plugin</" +"command> används av libkrb5 för att hitta KDC:er för ett givet Kerberos-" +"rike. SSSD tillhandahåller en sådan insticksmodul för att styra alla " +"Kerberos-klienter på ett system till en ensam KDC. I allmänhet skall det " +"inte ha någon betydelse vilken KDC en klientprocess pratar med. Men det " +"finns fall, t.ex. efter en lösenordsändring, då inte alla KDC:er är i samma " +"tillstånd för att den nya datan måste spridas först. För att undvika " +"oväntade autentiseringsfel och kanske även kontolåsningar kan det vara bra " +"att prata med en enskild KDC så länge som möjligt." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:34 +msgid "" +"libkrb5 will search the locator plugin in the libkrb5 sub-directory of the " +"Kerberos plugin directory, see plugin_base_dir in <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for details. The plugin can only be disabled by removing the " +"plugin file. There is no option in the Kerberos configuration to disable it. " +"But the SSSD_KRB5_LOCATOR_DISABLE environment variable can be used to " +"disable the plugin for individual commands. Alternatively the SSSD option " +"krb5_use_kdcinfo=False can be used to not generate the data needed by the " +"plugin. With this the plugin is still called but will provide no data to the " +"caller so that libkrb5 can fall back to other methods defined in krb5.conf." +msgstr "" +"libkrb5 kommer söka efter lokaliseringsinsticksmodulen i underkatalogen " +"libkrb5 till Kerberos katalog för insticksmoduler, se plugin_base_dir i " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> för detaljer. Insticksmodulen kan endast " +"avaktiveras genom att ta bort filen med insticksmodulen. Det finns ingen " +"möjlighet att avaktivera den i Kerberos konfiguration. Men miljövariabeln " +"SSSD_KRB5_LOCATOR_DISABLE kan användas för att avaktivera insticksmodulen " +"för individuella kommandon. Alternativt kan SSSD-alternativet " +"krb5_use_kdcinfo=False användas för att inte generera de data som behövs av " +"insticksmodulen. Med denna anropas fortfarande insticksmodulen men den " +"tillhandahåller inga data till anroparen så att libkrb5 kan falla tillbaka " +"på andra metoder som är definierade i krb5.conf." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:50 +msgid "" +"The plugin reads the information about the KDCs of a given realm from a file " +"called <filename>kdcinfo.REALM</filename>. The file should contain one or " +"more DNS names or IP addresses either in dotted-decimal IPv4 notation or the " +"hexadecimal IPv6 notation. An optional port number can be added to the end " +"separated with a colon, the IPv6 address has to be enclosed in squared " +"brackets in this case as usual. Valid entries are:" +msgstr "" +"Insticksmodulen läser information om KDC:erna för ett givet rike från en fil " +"som heter <filename>kdcinfo.RIKE</filename>. Filen skall innehålla ett " +"eller flera DNS-namn eller IP-adresser antingen i punktad decimal IPv4-" +"notation eller den hexadecimala IPv6-notationen. Ett frivilligt portnummer " +"kan läggas till på slutet separerat av ett kolon, IPv6-adressen måste " +"inneslutas i hakparenteser i detta fall som vanligt. Giltiga poster är:" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:58 +msgid "kdc.example.com" +msgstr "kdc.example.com" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:59 +msgid "kdc.example.com:321" +msgstr "kdc.example.com:321" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:60 +msgid "1.2.3.4" +msgstr "1.2.3.4" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:61 +msgid "5.6.7.8:99" +msgstr "5.6.7.8:99" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:62 +msgid "2001:db8:85a3::8a2e:370:7334" +msgstr "2001:db8:85a3::8a2e:370:7334" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "[2001:db8:85a3::8a2e:370:7334]:321" +msgstr "[2001:db8:85a3::8a2e:370:7334]:321" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:65 +msgid "" +"SSSD's krb5 auth-provider which is used by the IPA and AD providers as well " +"adds the address of the current KDC or domain controller SSSD is using to " +"this file." +msgstr "" +"SSSD:s krb5-autentiseringsleverantör som också används av IPA- och AD-" +"leverantörerna lägger till adresser till den aktuella KDC- eller " +"domänkontrollern SSSD använder till denna fil." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:70 +msgid "" +"In environments with read-only and read-write KDCs where clients are " +"expected to use the read-only instances for the general operations and only " +"the read-write KDC for config changes like password changes a " +"<filename>kpasswdinfo.REALM</filename> is used as well to identify read-" +"write KDCs. If this file exists for the given realm the content will be used " +"by the plugin to reply to requests for a kpasswd or kadmin server or for the " +"MIT Kerberos specific master KDC. If the address contains a port number the " +"default KDC port 88 will be used for the latter." +msgstr "" +"I miljöer med KDC:er som endast är för läsning och för läsning och skrivning " +"där klienter förväntas använda instanser endast för läsning för allmänna " +"operationer och endast KDC:n för läsning och skrivning för " +"konfigurationsändringar som lösenordsändringar används även en " +"<filename>kpasswdinfo.RIKE</filename> för att identifiera KDC:er för läsning " +"och skrivning. Om denna fil finns för det givna riket kommer innehållet " +"användas av insticksmodulen för att svara på begäranden om en kpasswd- eller " +"kadmin-server eller om huvud-KDC:n specifik för MIT Kerberos. Om adressen " +"innehåller ett portnummer kommer standard-KDC-porten 88 användas för det " +"senare." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:85 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" +"Inte alla Kerberosimplementationer stödjer användningen av insticksmoduler. " +"Om <command>sssd_krb5_locator_plugin</command> inte är tillgänglig på ditt " +"system måste du redigera /etc/krb5.conf för att avspegla din " +"Kerberosuppsättning." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:91 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" +"Om miljövariabeln SSSD_KRB5_LOCATOR_DEBUG är satt till något värde kommer " +"felsökningsmeddelanden skrivas till standard fel." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:95 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value " +"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the " +"caller." +msgstr "" +"Om miljövariabeln SSSD_KRB5_LOCATOR_DISABLE är satt till något värde " +"avaktiveras insticksmodulen och kommer bara returnera KRB5_PLUGIN_NO_HANDLE " +"till anroparen." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:100 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES is set to " +"any value plugin will try to resolve all DNS names in kdcinfo file. By " +"default plugin returns KRB5_PLUGIN_NO_HANDLE to the caller immediately on " +"first DNS resolving failure." +msgstr "" +"Om miljövariabeln SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES är satt till något " +"värde kommer insticksmodulen försöka slå upp alla DNS-namn i filen kdcinfo. " +"Som standard returneras KRB5_PLUGIN_NO_HANDLE till anroparen omedelbart vid " +"den första misslyckade DNS-uppslagningen." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "sssd-simple" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "konfigurationsfilen för SSSD:s åtkomststyrningsleverantör ”simple”" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" +"Denna manualsida beskriver konfigurationen av åtkomststyrningsleverantören " +"simple till <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>. För en detaljerad referens om syntaxen, se " +"avsnittet <quote>FILFORMAT</quote> i manualsidan <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" +"Åtkomstleverantören simple tillåter eller nekar åtkomst baserat på en " +"åtkomst- eller nekandelista över användar- eller gruppnamn. Följande regler " +"är tillämpliga:" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "Om alla listor är tomma tillåts åtkomst" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" +"Om någon lista tillhandahålls är evalueringsordningen allow,deny. Detta " +"betyder att en deny-regel som matchar kommer gå före en eventuell matchande " +"allow-regel." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" +"Om antingen den ena eller båda ”tillåtelselistorna” tillhandahålls nekas " +"alla användare om de inte förekommer i listan." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" +"Om endast ”nekandelistor” tillhandahålls tillåts alla användare åtkomst om " +"de inte förekommer i listan." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "simple_allow_users (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "Kommaseparerad lista över användare som tillåts att logga in." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "simple_deny_users (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "Kommaseparerad lista över användare som explicit nekas åtkomst." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "simple_allow_groups (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" +"Kommaseparerad lista över grupper som tillåts logga in. Detta är endast " +"tillämpligt på grupper i denna SSSD-domän. Lokala grupper utvärderas inte." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "simple_deny_groups (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" +"Kommaseparerad lista över grupper som nekas åtkomst. Detta är endast " +"tillämpligt på grupper i denna SSSD-domän. Lokala grupper utvärderas inte." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:83 sssd-ad.5.xml:131 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Se <quote>DOMÄNSEKTIONER</quote> i manualsidan <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> för detaljer om konfigurationen av en SSSD-domän. " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" +"Att inte ange några värden för någon av listorna är likvärdigt med att hoppa " +"över det helt. Var medveten om detta när parametrar genereras för " +"leverantören simple med automatiserade skript." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" +"Observera att det är ett konfigurationsfel om båda, simple_allow_users och " +"simple_deny_users, är definierade." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" +"Följande exempel antar att SSSD är korrekt konfigurerat och att example.com " +"är en av domänerna i avsnittet <replaceable>[sssd]</replaceable>. Dessa " +"exempel visar endast alternativ som är specifika för åtkomstleverantören " +"simple." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = användare1, användare2\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" +"Den fullständiga gruppmedlemskapshierarkin löses upp före åtkomstkontrollen, " +"alltså kan även nästade grupper inkluderas i åtkomstlistorna. Var medveten " +"om att alternativet <quote>ldap_group_nesting_level</quote> kan påverka " +"resultaten och skall sättas till ett tillräckligt värde. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>)." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss-certmap.5.xml:10 sss-certmap.5.xml:16 +msgid "sss-certmap" +msgstr "sss-certmap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss-certmap.5.xml:17 +msgid "SSSD Certificate Matching and Mapping Rules" +msgstr "SSSD:s certifikatmatchnings- och -mappningsregler" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:23 +msgid "" +"The manual page describes the rules which can be used by SSSD and other " +"components to match X.509 certificates and map them to accounts." +msgstr "" +"Manualsidan beskriver reglerna som kan användas av SSSD och andra " +"komponenter för att matcha X.509-certifikat och koppla dem till konton." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:28 +msgid "" +"Each rule has four components, a <quote>priority</quote>, a <quote>matching " +"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</" +"quote>. All components are optional. A missing <quote>priority</quote> will " +"add the rule with the lowest priority. The default <quote>matching rule</" +"quote> will match certificates with the digitalSignature key usage and " +"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty " +"the certificates will be searched in the userCertificate attribute as DER " +"encoded binary. If no domains are given only the local domain will be " +"searched." +msgstr "" +"Varje regel har fyra komponenter, en <quote>prioritet</quote>, en " +"<quote>matchningsregel</quote>, en <quote>mappningsregel</quote> och en " +"<quote>domänlista</quote>. Alla komponenter är frivilliga. En saknad " +"<quote>prioritet</quote> kommer lägga till regeln med den lägsta " +"prioriteten. Standard-<quote>matchningsregeln</quote> kommer matcha " +"certifikat med digitalSignature-nyckelanvändning och clientAuth-" +"utökadnyckelanvändning. Om <quote>mappningsregeln</quote> är tom kommer " +"certifikaten sökas efter i attributet userCertificate som DER-kodade " +"binärer. Om inga domäner anges kommer endast den lokala domänen sökas." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:39 +msgid "" +"To allow extensions or completely different style of rule the " +"<quote>mapping</quote> and <quote>matching rules</quote> can contain a " +"prefix separated with a ':' from the main part of the rule. The prefix may " +"only contain upper-case ASCII letters and numbers. If the prefix is omitted " +"the default type will be used which is 'KRB5' for the matching rules and " +"'LDAP' for the mapping rules." +msgstr "" +"För att tillåta utökningar eller helt annorluda regelstil kan " +"<quote>mapping</quote> och <quote>matching rules</quote> innehålla ett " +"prefix separerat med ett ”:” från huvuddelen av regeln. Prefixet får bara " +"innehålla versala ASCII-bokstäver och siffror. Om prefixet utelämnas kommer " +"standardtypen användas vilken är ”KRB5” för matchningsregler och ”LDAP” för " +"avbildningsregler." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:48 +msgid "" +"The 'sssctl' utility provides the 'cert-eval-rule' command to check if a " +"given certificate matches a matching rules and how the output of a mapping " +"rule would look like." +msgstr "" +"Verktyget ”sssctl” tillhandahåller kommandot ”cert-eval-rule” för att " +"kontrollera om ett givet certifikat stämmer med en matchningsregel och hur " +"utdata från en avbildningsregel skulle se ut." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss-certmap.5.xml:55 +msgid "RULE COMPONENTS" +msgstr "REGELKOMPONENTER" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:57 +msgid "PRIORITY" +msgstr "PRIORITET" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:59 +msgid "" +"The rules are processed by priority while the number '0' (zero) indicates " +"the highest priority. The higher the number the lower is the priority. A " +"missing value indicates the lowest priority. The rules processing is stopped " +"when a matched rule is found and no further rules are checked." +msgstr "" +"Reglerna bearbetas i prioritetsordning där ”0” (noll) indikerar den högsta " +"prioriteten. Ju högre talet är desto lägre är prioriteten. Ett saknat " +"värde indikerar den lägsta prioriteten. Regelbearbetningen stoppas när en " +"regel som matchar hittas och inga ytterligare regler kontrolleras." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:66 +msgid "" +"Internally the priority is treated as unsigned 32bit integer, using a " +"priority value larger than 4294967295 will cause an error." +msgstr "" +"Internt behandlas prioriteten som teckenlösa 32-bitars heltal, att använda " +"ett prioritetsvärde större än 4294967295 kommer orsaka ett fel." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:70 +msgid "" +"If multiple rules have the same priority and only one of the related " +"matching rules applies, this rule will be chosen. If there are multiple " +"rules with the same priority which matches, one is chosen but which one is " +"undefined. To avoid this undefined behavior either use different priorities " +"or make the matching rules more specific e.g. by using distinct <" +"ISSUER> patterns." +msgstr "" +"Om flera regler har samma prioritet och bara en av de relaterade " +"matchningsreglerna gäller kommer denna regel att väljas. Om det finns flera " +"regler med samma prioritet som matchar väljs en men vilken av den är " +"odefinierat. För att undvika detta beteende, använd antingen olika " +"prioriteter eller gör matchningsregeln mer specifik, t.ex. genom att använda " +"olika <ISSUER>-mönster." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:79 +msgid "MATCHING RULE" +msgstr "MATCHNINGSREGEL" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:81 +msgid "" +"The matching rule is used to select a certificate to which the mapping rule " +"should be applied. It uses a system similar to the one used by " +"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a " +"keyword enclosed by '<' and '>' which identified a certain part of the " +"certificate and a pattern which should be found for the rule to match. " +"Multiple keyword pattern pairs can be either joined with '&&' (and) " +"or '||' (or)." +msgstr "" +"Matchningsregeln används för att välja ett certifikat som " +"översättningsregeln skall tillämpas på. Det använder ett system liknande det " +"som används av alternativet <quote>pkinit_cert_match</quote> i MIT Kerberos. " +"Det består av ett nyckelord omgivet av ”<” och ”>” som identifierar en " +"specifik del av certifikatet och ett mönster som skall finnas för att regeln " +"skall matcha. Flera nyckelord/mönster-par kan antingen sammanfogas med ”&" +"&” (och) eller ”||” (eller)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:90 +msgid "" +"Given the similarity to MIT Kerberos the type prefix for this rule is " +"'KRB5'. But 'KRB5' will also be the default for <quote>matching rules</" +"quote> so that \"<SUBJECT>.*,DC=MY,DC=DOMAIN\" and \"KRB5:<" +"SUBJECT>.*,DC=MY,DC=DOMAIN\" are equivalent." +msgstr "" +"Givet likheten med MIT Kerberos är typprefixet för denna regel ”KRB5”. Men " +"”KRB5” kommer även vara standardvärdet för <quote>matching rules</quote> så " +"att ”<SUBJEKT>.*,DC=MIN,DC=DOMÄN” och ”KRB5:<SUBJEKT>.*,DC=MIN," +"DC=DOMÄN” är likvärdiga." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:99 +msgid "<SUBJECT>regular-expression" +msgstr "<SUBJECT>reguljärt-uttryck" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:102 +msgid "" +"With this a part or the whole subject name of the certificate can be " +"matched. For the matching POSIX Extended Regular Expression syntax is used, " +"see regex(7) for details." +msgstr "" +"Med denna kan en del eller hela certifikatets subject-namn matchas. För " +"matchningen används POSIX syntax för utökade reguljära uttryck, se regex(7) " +"för detaljer." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:108 +msgid "" +"For the matching the subject name stored in the certificate in DER encoded " +"ASN.1 is converted into a string according to RFC 4514. This means the most " +"specific name component comes first. Please note that not all possible " +"attribute names are covered by RFC 4514. The names included are 'CN', 'L', " +"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might " +"be shown differently on different platform and by different tools. To avoid " +"confusion those attribute names are best not used or covered by a suitable " +"regular-expression." +msgstr "" +"För matchningen konverteras subject-namnet lagrat i certifikatet i DER-kodad " +"ASN.1 till en sträng i enlighet med RFC 4514. Detta betyder att den mest " +"specifika namnkomponenten kommer först. Observera att inte alla möjliga " +"attributnamn täcks av RFC 4514. De inkluderade namnen är ”CN”, ”L”, ”ST”, " +"”O”, ”OU”, ”C”, ”STREET”, ”DC” och ”UID”. Andra attributnamn kan visas olika " +"på olika plattformar och av olika verktyg. För att undvika förvirring är det " +"bäst att dessa attributnamn inte används eller täcks av ett lämpligt " +"reguljärt uttryck." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:121 +msgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN" +msgstr "Exempel: <SUBJECT>.*,DC=MIN,DC=DOMÄN" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:124 +msgid "" +"Please note that the characters \"^.[$()|*+?{\\\" have a special meaning in " +"regular expressions and must be escaped with the help of the '\\' character " +"so that they are matched as ordinary characters." +msgstr "" +"Observera att tecknen ”^.[$()|*+?{\\” har en särskild betydelse i reguljära " +"uttryck och måste skyddas med hjälp av tecknet ”\\” så att de kan matchas " +"som vanliga tecken." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:130 +msgid "Example: <SUBJECT>^CN=.* \\(Admin\\),DC=MY,DC=DOMAIN$" +msgstr "Exempel: <SUBJECT>^CN=.* \\(Admin\\),DC=MIN,DC=DOMÄN$" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:135 +msgid "<ISSUER>regular-expression" +msgstr "<ISSUER>reguljärt-uttryck" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:138 +msgid "" +"With this a part or the whole issuer name of the certificate can be matched. " +"All comments for <SUBJECT> apply her as well." +msgstr "" +"Med denna kan en del eller hela certifikatets issuer-namn matchas. Alla " +"kommentarer för <SUBJECT> är tillämpliga här också." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:143 +msgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$" +msgstr "Exempel: <ISSUER>^CN=Min-CA,DC=MIN,DC=DOMÄN$" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:148 +msgid "<KU>key-usage" +msgstr "<KU>nyckelanvändning" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:151 +msgid "" +"This option can be used to specify which key usage values the certificate " +"should have. The following values can be used in a comma separated list:" +msgstr "" +"Detta alternativ kan användas för att specificera vilka " +"nyckelanvändningsvärden certifikatet skall ha. Följande värden kan användas " +"i en kommaseparerad lista:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:155 +msgid "digitalSignature" +msgstr "digitalSignature" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:156 +msgid "nonRepudiation" +msgstr "nonRepudiation" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:157 +msgid "keyEncipherment" +msgstr "keyEncipherment" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:158 +msgid "dataEncipherment" +msgstr "dataEncipherment" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:159 +msgid "keyAgreement" +msgstr "keyAgreement" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:160 +msgid "keyCertSign" +msgstr "keyCertSign" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:161 +msgid "cRLSign" +msgstr "cRLSign" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:162 +msgid "encipherOnly" +msgstr "encipherOnly" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:163 +msgid "decipherOnly" +msgstr "decipherOnly" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:167 +msgid "" +"A numerical value in the range of a 32bit unsigned integer can be used as " +"well to cover special use cases." +msgstr "" +"Ett numeriskt värde i intervallet hos ett 32-bitars teckenlöst heltal kan " +"användas också för att täcka speciella användningsfall." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:171 +msgid "Example: <KU>digitalSignature,keyEncipherment" +msgstr "Exempel: <KU>digitalSignature,keyEncipherment" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:176 +msgid "<EKU>extended-key-usage" +msgstr "<EKU>utökad-nyckel-användning" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:179 +msgid "" +"This option can be used to specify which extended key usage the certificate " +"should have. The following value can be used in a comma separated list:" +msgstr "" +"Detta alternativ kan användas för att specificera vilka utökade-nyckel-" +"användningsvärden certifikatet skall ha. Följande värden kan användas i en " +"kommaseparerad lista:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:183 +msgid "serverAuth" +msgstr "serverAuth" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:184 +msgid "clientAuth" +msgstr "clientAuth" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:185 +msgid "codeSigning" +msgstr "codeSigning" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:186 +msgid "emailProtection" +msgstr "emailProtection" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:187 +msgid "timeStamping" +msgstr "timeStamping" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:188 +msgid "OCSPSigning" +msgstr "OCSPSigning" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:189 +msgid "KPClientAuth" +msgstr "KPClientAuth" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:190 +msgid "pkinit" +msgstr "pkinit" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:191 +msgid "msScLogin" +msgstr "msScLogin" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:195 +msgid "" +"Extended key usages which are not listed above can be specified with their " +"OID in dotted-decimal notation." +msgstr "" +"Användningar av utökade nycklar som inte listas ovanför kan specificeras med " +"sina OID:er i punktad decimal notation." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:199 +msgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4" +msgstr "Exempel: <EKU>clientAuth,1.3.6.1.5.2.3.4" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:204 +msgid "<SAN>regular-expression" +msgstr "<SAN>reguljärt-uttryck" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:207 +msgid "" +"To be compatible with the usage of MIT Kerberos this option will match the " +"Kerberos principals in the PKINIT or AD NT Principal SAN as <SAN:" +"Principal> does." +msgstr "" +"För att vara kompatibel med användningen av MIT Kerberos kommer detta " +"alternativ matcha Kerberos-huvudmän i PKINIT eller AD NT-Principal SAN som " +"<SAN:Principal> gör." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:212 +msgid "Example: <SAN>.*@MY\\.REALM" +msgstr "Exempel: <SAN>.*@MITT\\.RIKE" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:217 +msgid "<SAN:Principal>regular-expression" +msgstr "<SAN:Principal>reguljärt-uttryck" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:220 +msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN." +msgstr "Matcha Kerberos-huvudmännen i PKINIT eller AD NT Principal SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:224 +msgid "Example: <SAN:Principal>.*@MY\\.REALM" +msgstr "Exempel: <SAN:Principal>.*@MITT\\.RIKE" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:229 +msgid "<SAN:ntPrincipalName>regular-expression" +msgstr "<SAN:ntPrincipalName>reguljärt-uttryck" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:232 +msgid "Match the Kerberos principals from the AD NT Principal SAN." +msgstr "Matcha Kerberos-huvudmän från AD NT Principal SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:236 +msgid "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM" +msgstr "Exempel: <SAN:ntPrincipalName>.*@MITT.AD.RIKE" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:241 +msgid "<SAN:pkinit>regular-expression" +msgstr "<SAN:pkinit>reguljärt-uttryck" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:244 +msgid "Match the Kerberos principals from the PKINIT SAN." +msgstr "Matcha Kerberos-huvudmän från PKINIT SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:247 +msgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM" +msgstr "Exempel: <SAN:ntPrincipalName>.*@MITT\\.PKINIT\\.RIKE" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:252 +msgid "<SAN:dotted-decimal-oid>regular-expression" +msgstr "<SAN:dotted-decimal-oid>reguljärt-uttryck" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:255 +msgid "" +"Take the value of the otherName SAN component given by the OID in dotted-" +"decimal notation, interpret it as string and try to match it against the " +"regular expression." +msgstr "" +"Ta värdet från otherName SAN-komponenten som anges av OID:n i punktad " +"decimal notation, tolka den som en sträng och försök att matcha den mot det " +"reguljära uttrycket." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:261 +msgid "Example: <SAN:1.2.3.4>test" +msgstr "Exempel: <SAN:1.2.3.4>test" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:266 +msgid "<SAN:otherName>base64-string" +msgstr "<SAN:otherName>base64-sträng" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:269 +msgid "" +"Do a binary match with the base64 encoded blob against all otherName SAN " +"components. With this option it is possible to match against custom " +"otherName components with special encodings which could not be treated as " +"strings." +msgstr "" +"Gör en binär matchning med den base64-kodade klicken mot alla otherName SAN-" +"komponenter. Med detta alternativ är det möjligt att matcha mot anpassade " +"otherName-komponenter med speciella kodningar som inte kan hanteras som " +"strängar." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:276 +msgid "Example: <SAN:otherName>MTIz" +msgstr "Exempel: <SAN:otherName>MTIz" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:281 +msgid "<SAN:rfc822Name>regular-expression" +msgstr "<SAN:rfc822Name>reguljärt-uttryck" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:284 +msgid "Match the value of the rfc822Name SAN." +msgstr "Matcha värdet på rfc822Name SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:287 +msgid "Example: <SAN:rfc822Name>.*@email\\.domain" +msgstr "Exempel: <SAN:rfc822Name>.*@epost\\.domän" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:292 +msgid "<SAN:dNSName>regular-expression" +msgstr "<SAN:dNSName>reguljärt-uttryck" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:295 +msgid "Match the value of the dNSName SAN." +msgstr "Matcha värdet på dNSName SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:298 +msgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain" +msgstr "Exempel: <SAN:dNSName>.*\\.min\\.dns\\.domän" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:303 +msgid "<SAN:x400Address>base64-string" +msgstr "<SAN:x400Address>base64-sträng" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:306 +msgid "Binary match the value of the x400Address SAN." +msgstr "Matcha binärt värdet på x400Address SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:309 +msgid "Example: <SAN:x400Address>MTIz" +msgstr "Exempel: <SAN:x400Address>MTIz" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:314 +msgid "<SAN:directoryName>regular-expression" +msgstr "<SAN:directoryName>reguljärt-uttryck" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:317 +msgid "" +"Match the value of the directoryName SAN. The same comments as given for <" +"ISSUER> and <SUBJECT> apply here as well." +msgstr "" +"Matcha värdet på directoryName SAN. Samma kommentarer som gavs för <" +"ISSUER> och <SUBJECT> gäller här också." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:322 +msgid "Example: <SAN:directoryName>.*,DC=com" +msgstr "Exempel: <SAN:directoryName>.*,DC=com" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:327 +msgid "<SAN:ediPartyName>base64-string" +msgstr "<SAN:ediPartyName>base64-sträng" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:330 +msgid "Binary match the value of the ediPartyName SAN." +msgstr "Matcha binärt värdet på ediPartyName SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:333 +msgid "Example: <SAN:ediPartyName>MTIz" +msgstr "Exempel: <SAN:ediPartyName>MTIz" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:338 +msgid "<SAN:uniformResourceIdentifier>regular-expression" +msgstr "<SAN:uniformResourceIdentifier>reguljärt-uttryck" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:341 +msgid "Match the value of the uniformResourceIdentifier SAN." +msgstr "Matcha värdet på uniformResourceIdentifier SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:344 +msgid "Example: <SAN:uniformResourceIdentifier>URN:.*" +msgstr "Exempel: <SAN:uniformResourceIdentifier>URN:.*" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:349 +msgid "<SAN:iPAddress>regular-expression" +msgstr "<SAN:iPAddress>reguljärt-uttryck" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:352 +msgid "Match the value of the iPAddress SAN." +msgstr "Matcha värdet på iPAddress SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:355 +msgid "Example: <SAN:iPAddress>192\\.168\\..*" +msgstr "Exempel: <SAN:iPAddress>192\\.168\\..*" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:360 +msgid "<SAN:registeredID>regular-expression" +msgstr "<SAN:registeredID>reguljärt-uttryck" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:363 +msgid "Match the value of the registeredID SAN as dotted-decimal string." +msgstr "Matcha värdet på registeredID SAN som punktad decimal sträng." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:367 +msgid "Example: <SAN:registeredID>1\\.2\\.3\\..*" +msgstr "Exempel: <SAN:registeredID>1\\.2\\.3\\..*" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:96 +msgid "" +"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"De tillgängliga alternativen är: <placeholder type=\"variablelist\" id=\"0\"/" +">" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:375 +msgid "MAPPING RULE" +msgstr "MAPPNINGSREGEL" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:377 +msgid "" +"The mapping rule is used to associate a certificate with one or more " +"accounts. A Smartcard with the certificate and the matching private key can " +"then be used to authenticate as one of those accounts." +msgstr "" +"Mappningsregeln används för att koppla ett certifikat med ett eller flera " +"konton. Ett smartkort med certifikat och den matchande privata nyckeln kan " +"då användas för autentisering som ett av dessa konton." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:382 +msgid "" +"Currently SSSD basically only supports LDAP to lookup user information (the " +"exception is the proxy provider which is not of relevance here). Because of " +"this the mapping rule is based on LDAP search filter syntax with templates " +"to add certificate content to the filter. It is expected that the filter " +"will only contain the specific data needed for the mapping and that the " +"caller will embed it in another filter to do the actual search. Because of " +"this the filter string should start and stop with '(' and ')' respectively." +msgstr "" +"För närvarande stödjer SSSD egentligen bara LDAP för att slå upp " +"användarinformation (undantaget är proxy-leverantören som inte är relevant " +"här. På grund av detta är mappningsregeln baserad på syntaxen för LDAP-" +"sökfilter med mallar för att lägga till certifikatinnehåll till filtret. " +"Det antas att filtret endast kommer innehålla de specifika data som behövs " +"för mappningen och att anroparen kommer bädda in dem i ett annat filter för " +"att göra den egentliga sökningen. Därför skall filtersträngen börja och " +"sluta med ”(” respektive ”)”." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:392 +msgid "" +"In general it is recommended to use attributes from the certificate and add " +"them to special attributes to the LDAP user object. E.g. the " +"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute " +"for IPA can be used." +msgstr "" +"I allmänhet rekommenderas det att använda attribut från certifikatet och " +"lägga till dem till speciella attribut till LDAP-användarobjektet. T.ex. " +"kan attributet ”altSecurityIdentities” i AD eller attributet " +"”ipaCertMapData” i IPA användas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:398 +msgid "" +"This should be preferred to read user specific data from the certificate " +"like e.g. an email address and search for it in the LDAP server. The reason " +"is that the user specific data in LDAP might change for various reasons " +"would break the mapping. On the other hand it would be hard to break the " +"mapping on purpose for a specific user." +msgstr "" +"Detta bör hellre användas än att läsa användarspecifik data från " +"certifikatet som t.ex. en e-postadress och söka efter den i LDAP-servern. " +"Anledningen är att användarspecifika data i LDAP kan ändras av olika " +"anledningar vilket skulle göra sönder mappningen. Å andra sidan skulle det " +"vara svårt att bryta mappningen avsiktligt för en specifik användare." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:406 +msgid "" +"The default <quote>mapping rule</quote> type is 'LDAP' which can be added as " +"a prefix to a rule like e.g. 'LDAP:(userCertificate;binary={cert!bin})'. " +"There is an extension called 'LDAPU1' which offer more templates for more " +"flexibility. To allow older versions of this library to ignore the extension " +"the prefix 'LDAPU1' must be used when using the new templates in a " +"<quote>mapping rule</quote> otherwise the old version of this library will " +"fail with a parsing error. The new templates are described in section <xref " +"linkend=\"map_ldapu1\"/>." +msgstr "" +"Standardtypen för <quote>mapping rule</quote> är ”LDAP” vilket kan läggas " +"till som ett prefix till en regel som t.ex. ”LDAP:(userCertificate;" +"binary={cert!bin})”. Det finns en utökning som heter ”LDAPU1” som erbjuder " +"fler mallar för mer flexibilitet. För att tillåta äldre versioner av detta " +"bibliotek att ignorera utökningen måste prefixet ”LDAPU1” användas när de " +"nya mallarna i en <quote>mapping rule</quote> används annars kommer den " +"gamla versionen av biblioteket misslyckas med ett tolkningsfel. Den nya " +"mallarna beskrivs i avsnittet <xref linkend=\"map_ldapu1\"/>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:424 +msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:427 +msgid "" +"This template will add the full issuer DN converted to a string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" +"Mallen kommer lägga till den fullständiga utgivar-DN:en konverterad till en " +"sträng enligt RFC 4514. Om X.500-ordning (mest specifik RDN kommer sist) " +"skall ett alternativ med prefixet ”_x500” användas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:433 sss-certmap.5.xml:459 +msgid "" +"The conversion options starting with 'ad_' will use attribute names as used " +"by AD, e.g. 'S' instead of 'ST'." +msgstr "" +"Konverteringsalternativen som börjar med ”ad_” kommer använda attribut som " +"de används av AD, t.ex. ”S” istället för ”ST”." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:437 sss-certmap.5.xml:463 +msgid "" +"The conversion options starting with 'nss_' will use attribute names as used " +"by NSS." +msgstr "" +"Konverteringsalternativen som börjar med ”nss_” kommer använda attributnamn " +"som de används av NSS." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:441 sss-certmap.5.xml:467 +msgid "" +"The default conversion option is 'nss', i.e. attribute names according to " +"NSS and LDAP/RFC 4514 ordering." +msgstr "" +"Standard för konverteringsalternativ är ”nss”, d.v.s. attributnamn enligt " +"NSS och LDAP/RFC 4514-ordning." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:445 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!" +"ad})" +msgstr "" +"Exempel: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!" +"ad})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:450 +msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:453 +msgid "" +"This template will add the full subject DN converted to string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" +"Mallen kommer lägga till den fullständiga subjekt-DN:en konverterad till en " +"sträng enligt RFC 4514. Om X.500-ordning (mest specifik RDN kommer sist) " +"skall ett alternativ med prefixet ”_x500” användas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:471 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>" +"{subject_dn!nss_x500})" +msgstr "" +"Exempel: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>" +"{subject_dn!nss_x500})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:476 +msgid "{cert[!(bin|base64)]}" +msgstr "{cert[!(bin|base64)]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:479 +msgid "" +"This template will add the whole DER encoded certificate as a string to the " +"search filter. Depending on the conversion option the binary certificate is " +"either converted to an escaped hex sequence '\\xx' or base64. The escaped " +"hex sequence is the default and can e.g. be used with the LDAP attribute " +"'userCertificate;binary'." +msgstr "" +"Denna mall kommer lägga till hela det DER-kodade certifikatet som än sträng " +"till sökfiltret. Beroende på konverteringsalternativen konverteras antingen " +"certifikatet till en hex-sekvens med styrtecken ”\\xx” eller till base64. " +"Hex-strängen med styrtecken är standard och kan t.ex. användas med LDAP-" +"attributet ”userCertificate;binary”." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:487 +msgid "Example: (userCertificate;binary={cert!bin})" +msgstr "Exempel: (userCertificate;binary={cert!bin})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:492 +msgid "{subject_principal[.short_name]}" +msgstr "{subject_principal[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:495 +msgid "" +"This template will add the Kerberos principal which is taken either from the " +"SAN used by pkinit or the one used by AD. The 'short_name' component " +"represents the first part of the principal before the '@' sign." +msgstr "" +"Denna mall kommer lägga till Kerberos-huvudmannen som hämtas antingen från " +"den SAN som används av pkinit eller den som används av AD. Komponenten " +"”short_name” representerar första delen av huvudmannen före tecknet ”@”." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:501 +msgid "" +"Example: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" +msgstr "" +"Exempel: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:506 +msgid "{subject_pkinit_principal[.short_name]}" +msgstr "{subject_pkinit_principal[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:509 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by pkinit. The 'short_name' component represents the first part of the " +"principal before the '@' sign." +msgstr "" +"Denna mall kommer lägga till Kerberos-huvudmannen som hämtas från den SAN " +"som används av pkinit. Komponenten ”short_name” representerar första delen " +"av huvudmannen före tecknet ”@”." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:515 +msgid "" +"Example: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" +msgstr "" +"Exempel: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:520 +msgid "{subject_nt_principal[.short_name]}" +msgstr "{subject_nt_principal[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:523 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by AD. The 'short_name' component represent the first part of the principal " +"before the '@' sign." +msgstr "" +"Denna mall kommer lägga till Kerberos-huvudmannen som hämtas från den SAN " +"som används av AD. Komponenten ”short_name” representerar första delen av " +"huvudmannen före tecknet ”@”." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:529 +msgid "" +"Example: (|(userPrincipalName={subject_nt_principal})" +"(samAccountName={subject_nt_principal.short_name}))" +msgstr "" +"Exempel: (|(userPrincipalName={subject_nt_principal})" +"(samAccountName={subject_nt_principal.short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:534 +msgid "{subject_rfc822_name[.short_name]}" +msgstr "{subject_rfc822_name[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:537 +msgid "" +"This template will add the string which is stored in the rfc822Name " +"component of the SAN, typically an email address. The 'short_name' component " +"represents the first part of the address before the '@' sign." +msgstr "" +"Denna mall kommer lägga till strängen som lagras i komponenten rfc822Name i " +"SAN:en, normalt en e-postadress. Komponenten ”short_name” representerar " +"första delen av huvudmannen före tecknet ”@”." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:543 +msgid "" +"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name." +"short_name}))" +msgstr "" +"Exempel: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name." +"short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:548 +msgid "{subject_dns_name[.short_name]}" +msgstr "{subject_dns_name[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:551 +msgid "" +"This template will add the string which is stored in the dNSName component " +"of the SAN, typically a fully-qualified host name. The 'short_name' " +"component represents the first part of the name before the first '.' sign." +msgstr "" +"Denna mall kommer lägga till strängen som lagras i komponenten dNSName i SAN:" +"en, normalt ett fullständigt kvalificerat värdnamn. Komponenten " +"”short_name” representerar första delen av huvudmannen före det första ”.”-" +"tecknet." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:557 +msgid "" +"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" +msgstr "" +"Exempel: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:562 +msgid "{subject_uri}" +msgstr "{subject_uri}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:565 +msgid "" +"This template will add the string which is stored in the " +"uniformResourceIdentifier component of the SAN." +msgstr "" +"Denna mall kommer lägga till strängen som lagras i komponenten " +"uniformResourceIdentifier i SAN:en." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:569 +msgid "Example: (uri={subject_uri})" +msgstr "Exempel: (uri={subject_uri})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:574 +msgid "{subject_ip_address}" +msgstr "{subject_ip_address}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:577 +msgid "" +"This template will add the string which is stored in the iPAddress component " +"of the SAN." +msgstr "" +"Denna mall kommer lägga till strängen som lagras i komponenten iPAddress i " +"SAN:en." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:581 +msgid "Example: (ip={subject_ip_address})" +msgstr "Exempel: (ip={subject_ip_address})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:586 +msgid "{subject_x400_address}" +msgstr "{subject_x400_address}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:589 +msgid "" +"This template will add the value which is stored in the x400Address " +"component of the SAN as escaped hex sequence." +msgstr "" +"Denna mall kommer lägga till värdet som lagras i komponenten x400Address i " +"SAN:en som en hex-sekvens med styrtecken." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:594 +msgid "Example: (attr:binary={subject_x400_address})" +msgstr "Exempel: (attr:binary={subject_x400_address})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:599 +msgid "" +"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" +"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:602 +msgid "" +"This template will add the DN string of the value which is stored in the " +"directoryName component of the SAN." +msgstr "" +"Denna mall kommer lägga till DN-strängen för värdet som lagras i komponenten " +"directoryName i SAN:en." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:606 +msgid "Example: (orig_dn={subject_directory_name})" +msgstr "Exempel: (orig_dn={subject_directory_name})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:611 +msgid "{subject_ediparty_name}" +msgstr "{subject_ediparty_name}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:614 +msgid "" +"This template will add the value which is stored in the ediPartyName " +"component of the SAN as escaped hex sequence." +msgstr "" +"Denna mall kommer lägga till värdet som lagras i komponenten ediPartyName i " +"SAN:en som en hex-sekvens med styrtecken." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:619 +msgid "Example: (attr:binary={subject_ediparty_name})" +msgstr "Exempel: (attr:binary={subject_ediparty_name})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:624 +msgid "{subject_registered_id}" +msgstr "{subject_registered_id}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:627 +msgid "" +"This template will add the OID which is stored in the registeredID component " +"of the SAN as a dotted-decimal string." +msgstr "" +"Denna mall kommer lägga till OID:n som lagras i komponenten registeredID i " +"SAN:en som en punktad decimal sträng." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:632 +msgid "Example: (oid={subject_registered_id})" +msgstr "Exempel: (oid={subject_registered_id})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:417 +msgid "" +"The templates to add certificate data to the search filter are based on " +"Python-style formatting strings. They consist of a keyword in curly braces " +"with an optional sub-component specifier separated by a '.' or an optional " +"conversion/formatting option separated by a '!'. Allowed values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Mallarna för att lägga till certifikatdata till sökfiltret baseras på " +"formateringssträngar i Python-stil. De består av ett nyckelord i " +"krullparenteser med en valfri underkomponentspecificerare separerad av en " +"”.” eller ett valfritt konverterings-/formateringsalternativ separerat av " +"ett ”!”. Tillåtna värden är: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><title> +#: sss-certmap.5.xml:639 +msgid "LDAPU1 extension" +msgstr "LDAPU1-utvidgningen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para> +#: sss-certmap.5.xml:641 +msgid "The following template are available when using the 'LDAPU1' extension:" +msgstr "Följande mall är tillgänglig när utökningen ”LDAPU1” används:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:647 +msgid "{serial_number[!(dec|hex[_ucr])]}" +msgstr "{serial_number[!(dec|hex[_ucr])]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:650 +msgid "" +"This template will add the serial number of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" +"Denna mall kommer lägga till certifikatets serienummer. Som standard kommer " +"det skrivas som ett hexadecimalt tal med gemena bokstäver." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:655 +msgid "" +"With the formatting option '!dec' the number will be printed as decimal " +"string. The hexadecimal output can be printed with upper-case letters ('!" +"hex_u'), with a colon separating the hexadecimal bytes ('!hex_c') or with " +"the hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can " +"be combined so that e.g. '!hex_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" +"Med formateringsalternativet ”!dec” kommer numret skrivas som en decimal " +"sträng. Den exadecimala utdatan kan skrivas med versala bokstäver (”!" +"hex_u”), med ett kolon som separator mellan hexadecimala byte (”!hex_c”) " +"eller med de hexadecimala byten i omvänd ordning (”!hex_r”). " +"Postfixbokstäverna kan kombineras så att t.ex. ”!hex_uc\" kommer producera " +"en kolonseparerad hexadecimal sträng med versaler." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:665 +msgid "Example: LDAPU1:(serial={serial_number})" +msgstr "Exempel: LDAPU1:(serial={serial_number})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:671 +msgid "{subject_key_id[!hex[_ucr]]}" +msgstr "{subject_key_id[!hex[_ucr]]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:674 +msgid "" +"This template will add the subject key id of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" +"Denna mall kommer lägga till certifikatets subjektnyckel-id. Som standard " +"kommer det skrivas som ett hexadecimalt tal med gemena bokstäver." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:679 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!hex_u'), " +"with a colon separating the hexadecimal bytes ('!hex_c') or with the " +"hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can be " +"combined so that e.g. '!hex_uc' will produce a colon-separated hexadecimal " +"string with upper-case letters." +msgstr "" +"Den hexadecimala utdatan kan skrivas med versala bokstäver (”!hex_u”), med " +"ett kolon som separator mellan hexadecimala byte (”!hex_c”) eller med de " +"hexadecimala byten i omvänd ordning (”!hex_r”). Postfixbokstäverna kan " +"kombineras så att t.ex. ”!hex_uc\" kommer producera en kolonseparerad " +"hexadecimal sträng med versaler." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:688 +msgid "Example: LDAPU1:(ski={subject_key_id})" +msgstr "Exempel: LDAPU1:(ski={subject_key_id})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:694 +msgid "{cert[!DIGEST[_ucr]]}" +msgstr "{cert[!KONTROLLSUMMA[_ucr]]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:697 +msgid "" +"This template will add the hexadecimal digest/hash of the certificate where " +"DIGEST must be replaced with the name of a digest/hash function supported by " +"OpenSSL, e.g. 'sha512'." +msgstr "" +"Denna mall kommer läga till certifikatets hexadecimala kontrollsumma/hash " +"där KONTROLLSUMMA måste ersättas med namnet på en kontrollsumme-/hash-" +"funktion som stödjs av OpenSSL, t.ex. ”sha512”." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:703 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!sha512_u'), " +"with a colon separating the hexadecimal bytes ('!sha512_c') or with the " +"hexadecimal bytes in reverse order ('!sha512_r'). The postfix letters can be " +"combined so that e.g. '!sha512_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" +"Den hexadecimala utdatan kan skrivas med versala bokstäver (”!sha512_u”), " +"med ett kolon som separator mellan hexadecimala byte (”!sha512_c”) eller med " +"de hexadecimala byten i omvänd ordning (”!sha512_r”). Postfixbokstäverna kan " +"kombineras så att t.ex. ”!sha512_uc\" kommer producera en kolonseparerad " +"hexadecimal sträng med versaler." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:712 +msgid "Example: LDAPU1:(dgst={cert!sha256})" +msgstr "Exempel: LDAPU1:(dgst={cert!sha256})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:718 +msgid "{subject_dn_component[(.attr_name|[number]]}" +msgstr "{subject_dn_component[(.attr_name|[number]]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:721 +msgid "" +"This template will add an attribute value of a component of the subject DN, " +"by default the value of the most specific component." +msgstr "" +"Denna mall kommer lägga till ett av komponentens attributvärden från subjekt-" +"DN, som standard värdet på den mest specifika komponenten." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:726 +msgid "" +"A different component can it either selected by attribute name, e.g. " +"{subject_dn_component.uid} or by position, e.g. {subject_dn_component.[2]} " +"where positive numbers start counting from the most specific component and " +"negative numbers start counting from the least specific component. Attribute " +"name and the position can be combined as e.g. {subject_dn_component.uid[2]} " +"which means that the name of the second component must be 'uid'." +msgstr "" +"En annan komponent kan antingen väljas via attributnamnet, t.ex. " +"{subject_dn_component.uid} eller via position, t.ex. {subject_dn_component." +"[2]} där positiva tal börjar räknas från den mest specifika komponenten och " +"negativa tal börjar räkna från den minst specifika komponenten Attributnamn " +"och positionen kan kombineras, t.ex. {subject_dn_component.uid[2]} vilket " +"betyder att namnet på den andra komponenten måste vara ”uid”." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:737 +msgid "Example: LDAPU1:(uid={subject_dn_component.uid})" +msgstr "Exempel: LDAPU1:(uid={subject_dn_component.uid})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:743 +msgid "{issuer_dn_component[(.attr_name|[number]]}" +msgstr "{issuer_dn_component[(.attr_namn|[tal]]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:746 +msgid "" +"This template will add an attribute value of a component of the issuer DN, " +"by default the value of the most specific component." +msgstr "" +"Denna mall kommer lägga till ett av komponentens attributvärden från utgivar-" +"DN, som standard värdet på den mest specifika komponenten." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:751 +msgid "" +"See 'subject_dn_component' for details about the attribute name and position " +"specifiers." +msgstr "" +"Se ”subject_dn_component” för detaljer om attributnamn och " +"positionsangivelser." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:755 +msgid "" +"Example: LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component." +"dc[-1]})" +msgstr "" +"Exempel: LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component." +"dc[-1]})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:760 +msgid "{sid[.rid]}" +msgstr "{sid[.rid]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:763 +msgid "" +"This template will add the SID if the corresponding extension introduced by " +"Microsoft with the OID 1.3.6.1.4.1.311.25.2 is available. With the '.rid' " +"selector only the last component, i.e. the RID, will be added." +msgstr "" +"Denna mall kommer lägga till SID:n om den motsvarande utökningen " +"introducerad av Microsoft med OID 1.3.6.1.4.1.311.25.2 är tillgänglig. Med " +"selektorn ”.rid” kommer endast den sista komponenten, d.v.s RID:n, att " +"läggas till." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:770 +msgid "Example: LDAPU1:(objectsid={sid})" +msgstr "Exempel: LDAPU1:(objectsid={sid})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:779 +msgid "DOMAIN LIST" +msgstr "DOMÄNLISTA" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:781 +msgid "" +"If the domain list is not empty users mapped to a given certificate are not " +"only searched in the local domain but in the listed domains as well as long " +"as they are know by SSSD. Domains not know to SSSD will be ignored." +msgstr "" +"Om domänlistan inte är tom söks användare mappade till ett givet certifikat " +"inte bara i den lokala domänen utan i de listade domänerna också förutsatt " +"att de är kända av SSSD. Domäner som SSSD inte känner till kommer ignoreras." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "sssd-ipa" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "SSSD IPA-leverantör" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Denna manualsida beskriver konfigurationen av leverantören IPA till " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. För en detaljerad referens om syntaxen, se avsnittet " +"<quote>FILFORMAT</quote> i manualsidan <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" +"IPA-leverantören är en bakände som används för att ansluta till en IPA-" +"server. (Se webbsidan freeipa.org för information om IPA-servrar.) " +"Leverantören förutsätter att maskinen är inlagt i IPA-domänen; " +"konfigurationen är nästan helt självupptäckande och hämtas direkt från " +"servern." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for IPA environments. The IPA provider accepts the same " +"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. " +"However, it is neither necessary nor recommended to set these options." +msgstr "" +"IPA-leverantören gör att SSSD kan använda identitetsleverantören " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> och autentiseringsleverantören <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> med optimeringar för IPA-miljöer. IPA-leverantören tar samma " +"alternativ som används av leverantörerna sssd-ldap och sssd-krb5 med några " +"undantag. Dock är det varken nödvändigt eller lämpligt att sätta dessa " +"alternativ." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:57 +msgid "" +"The IPA provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" +"IPA-leverantören kopierar i huvudsak standardalternativen för de " +"traditionella leverantörerna ldap och krb5 med några undantag. Skillnaderna " +"listas i avsnittet <quote>ÄNDRADE STANDARDINSTÄLLNINGAR</quote>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +#, fuzzy +#| msgid "" +#| "As an access provider, the IPA provider uses HBAC (host-based access " +#| "control) rules. Please refer to freeipa.org for more information about " +#| "HBAC. No configuration of access provider is required on the client side." +msgid "" +"As an access provider, the IPA provider has a minimal configuration (see " +"<quote>ipa_access_order</quote>) as it mainly uses HBAC (host-based access " +"control) rules. Please refer to freeipa.org for more information about HBAC." +msgstr "" +"Som en åtkomstleverantör använder leverantören IPA HBAC-regler (host-based " +"access control, värdbaserad åtkomstkontroll). Se freeipa.org för mer " +"information om HBAC. Ingen konfiguration av åtkomstleverantören behövs på " +"klientsidan." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:68 +msgid "" +"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ipa</" +"quote>." +msgstr "" +"Om <quote>auth_provider=ipa</quote> eller <quote>access_provider=ipa</quote> " +"konfigureras i sssd.conf måste id-leverantören också sättas till <quote>ipa</" +"quote>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:74 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" +"IPA-leverantörer kommer använda PAC-respondenten om Kerberos-biljetter för " +"användare för betrodda riken innehåller en PAC. För att göra " +"konfigurationen enklare startas PAC-respondenten automatiskt om ID-" +"leverantören IPA är konfigurerad." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:90 +msgid "ipa_domain (string)" +msgstr "ipa_domain (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:93 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" +"Anger namnet på IPA-domänen. Detta är frivilligt. Om det inte anges " +"används namnet på den konfigurerade domänen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:101 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "ipa_server, ipa_backup_server (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:104 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"Den kommaseparerade listan av IP-adresser eller värdnamn till IPA-servrar " +"till vilka SSSD skall ansluta i prioritetsordning. För mer information om " +"reserver och serverredundans se avsnittet <quote>RESERVER</quote>. Detta är " +"frivilligt om automatupptäckt är aktiverat. För mer information om " +"tjänsteupptäckt, se avsnittet <quote>TJÄNSTEUPPTÄCKT</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:117 +msgid "ipa_hostname (string)" +msgstr "ipa_hostname (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:120 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host. The " +"hostname must be fully qualified." +msgstr "" +"Valfri. Kan sättas på maskiner där hostname(5) inte avspeglar det " +"fullständigt kvalificerade namnet som används i IPA-domänen för att " +"identifiera denna värd. Värdnamnet måste vara fullständigt kvalificerat." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:129 sssd-ad.5.xml:1181 +msgid "dyndns_update (boolean)" +msgstr "dyndns_update (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:132 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA with the IP address of this client. The update is secured " +"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the " +"updates, if it is not otherwise specified by using the <quote>dyndns_iface</" +"quote> option." +msgstr "" +"Valfritt. Detta alternativ säger till SSSD att automatiskt uppdatera DNS-" +"servern som är inbyggd i FreeIPA med IP-adressen för denna klient. " +"Uppdateringen säkras med GSS-TSIG. IP-adressen för IPA-LDAP-förbindelsen " +"används för uppdateringar, om det inte specificeras på annat sätt med " +"alternativet <quote>dyndns_iface</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:141 sssd-ad.5.xml:1195 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" +"OBS: på äldre system (såsom RHEL 5) måste standardriket för Kerberos sättas " +"i /etc/krb5.conf för att detta beteende skall fungera pålitligt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:146 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" +"OBS: även om det fortfarande är möjligt att använda det gamla alternativet " +"<emphasis>ipa_dyndns_update</emphasis> bör användare migrera till att " +"använda <emphasis>dyndns_update</emphasis> i sin konfigurationsfil." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:158 sssd-ad.5.xml:1206 +msgid "dyndns_ttl (integer)" +msgstr "dyndns_ttl (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:161 sssd-ad.5.xml:1209 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" +"TTL:en att använda för klientens DNS-post vid uppdatering. Om dyndns_update " +"är falsk har detta ingen effekt. Detta kommer åsidosätta TTL på serversidan " +"om det är satt av en administratör." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:166 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" +"OBS: även om det fortfarande är möjligt att använda det gamla alternativet " +"<emphasis>ipa_dyndns_ttl</emphasis> bör användare migrera till att använda " +"<emphasis>dyndns_ttl</emphasis> i sin konfigurationsfil." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:172 +msgid "Default: 1200 (seconds)" +msgstr "Standard: 1200 (sekunder)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:178 sssd-ad.5.xml:1220 +msgid "dyndns_iface (string)" +msgstr "dyndns_iface (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 sssd-ad.5.xml:1223 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" +"Valfri. Endast tillämpligt när dyndns_update är sann. Välj gränssnittet " +"eller en lista av gränssnitt vars IP-adresser skall användas för dynamiska " +"DNS-uppdateringar. Specialvärdet <quote>*</quote> betyder att IP:n från " +"alla gränssnitt skall användas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:188 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" +"OBS: även om det fortfarande är möjligt att använda det gamla alternativet " +"<emphasis>ipa_dyndns_iface</emphasis> bör användare migrera till att använda " +"<emphasis>dyndns_iface</emphasis> i sin konfigurationsfil." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" +"Standard: använd IP-adresser för gränssnittet som används för IPA LDAP-" +"förbindelsen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 sssd-ad.5.xml:1234 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "Exempel: dyndns_iface = em1, vnet1, vnet2" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 +msgid "dyndns_auth (string)" +msgstr "dyndns_auth (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"updates with the DNS server, insecure updates can be sent by setting this " +"option to 'none'." +msgstr "" +"Huruvida verktyget nsupdate skall använda GSS-TSIG-autentisering för säkra " +"uppdateringar av DNS-servern, osäkra uppdateringar kan skickas genom att " +"sätta detta alternativ till ”none”." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 +msgid "Default: GSS-TSIG" +msgstr "Standard: GSS-TSIG" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 +msgid "dyndns_auth_ptr (string)" +msgstr "dyndns_auth_ptr (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"PTR updates with the DNS server, insecure updates can be sent by setting " +"this option to 'none'." +msgstr "" +"Huruvida verktyget nsupdate skall använda GSS-TSIG-autentisering för säkra " +"PTR-uppdateringar av DNS-servern, osäkra uppdateringar kan skickas genom att " +"sätta detta alternativ till ”none”." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 +msgid "Default: Same as dyndns_auth" +msgstr "Standard: samma som dyndns_auth" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:234 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "ipa_enable_dns_sites (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:237 sssd-ad.5.xml:238 +msgid "Enables DNS sites - location based service discovery." +msgstr "Aktiverar DNS-sajter – platsbaserat tjänsteupptäckt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example." +"com\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" +"Om sant och tjänsteupptäckt (se stycket Tjänsteupptäckt i slutet av " +"manualsidan) är aktiverat kommer SSSD först att försöka med platsbaserad " +"upptäckt med en fråga som innehåller ”_location.hostname.example.com” och " +"sedan falla tillbaka på traditionell SRV-upptäckt. Om platsbaserad upptäckt " +"lyckas betraktas IPA-servrarna som lokaliserats med platsbaserad upptäckt " +"som primära servrar och IPA-servrarna som hittas med den traditionella SRV-" +"upptäckten används som backup-servrar" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1240 +msgid "dyndns_refresh_interval (integer)" +msgstr "dyndns_refresh_interval (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:263 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" +"Hur ofta bakänden skall utföra periodiska DNS-uppdateringar utöver den " +"automatiska uppdateringen som utförs när bakänden kopplar upp. Detta " +"alternativ är valfritt och tillämpligt endast när dyndns_update är sann." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:276 sssd-ad.5.xml:1258 +msgid "dyndns_update_ptr (bool)" +msgstr "dyndns_update_ptr (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:1261 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" +"Huruvida PTR-posten också skall uppdateras explicit när klientens DNS-post " +"uppdateras. Tillämpligt endast när dyndns_update är sann." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" +"Detta alternativ är False i de flesta IPA-installationer eftersom IPA-" +"servern genererar PTR-posterna automatiskt när framåtposterna ändras." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 +msgid "Default: False (disabled)" +msgstr "Standard: False (avaktiverat)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 +msgid "dyndns_force_tcp (bool)" +msgstr "dyndns_force_tcp (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" +"Huruvida nsupdate-verktyget som standard skall använda TCP för kommunikation " +"med DNS-servern." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "Standard: False (låt nsupdate välja protokollet)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 +msgid "dyndns_server (string)" +msgstr "dyndns_server (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" +"DNS-servern som skall användas när en uppdatering av DNS utförs. I de " +"flesta uppsättningar rekommenderas det att låta detta alternativ vara osatt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" +"Att sätta detta alternativ är meningsfullt i miljöer där DNS-servern är " +"skild från identitetsservern." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" +"Observera att detta alternativ bara kommer användas i försök att falla " +"tillbaka på när tidigare försök som använder automatiskt upptäckta " +"inställningar misslyckas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 +msgid "Default: None (let nsupdate choose the server)" +msgstr "Standard: Ingen (låt nsupdate välja servern)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 +msgid "dyndns_update_per_family (boolean)" +msgstr "dyndns_update_per_family (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 +msgid "" +"DNS update is by default performed in two steps - IPv4 update and then IPv6 " +"update. In some cases it might be desirable to perform IPv4 and IPv6 update " +"in single step." +msgstr "" +"DNS-uppdateringar utförs som standard i två steg – IPv4-uppdatering och " +"sedan IPv6-uppdatering. I några fall kan det vara önskvärt att utföra IPv4- " +"och IPv6-uppdateringar i ett enda steg." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:353 +#, fuzzy +#| msgid "ldap_access_order (string)" +msgid "ipa_access_order (string)" +msgstr "ldap_access_order (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:360 +#, fuzzy +#| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." +msgstr "<emphasis>expire</emphasis>: använd ldap_account_expire_policy" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:399 +#, fuzzy +#| msgid "" +#| "Please note that 'access_provider = ldap' must be set for this feature to " +#| "work. Also 'ldap_pwd_policy' must be set to an appropriate password " +#| "policy." +msgid "" +"Please note that 'access_provider = ipa' must be set for this feature to " +"work." +msgstr "" +"Observera att ”access_provider = ldap” måste vara satt för att denna " +"funktion skall fungera. ”ldap_pwd_policy” måste också vara satt till en " +"lämplig lösenordspolicy." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:406 +msgid "ipa_deskprofile_search_base (string)" +msgstr "ipa_deskprofile_search_base (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:409 +msgid "" +"Optional. Use the given string as search base for Desktop Profile related " +"objects." +msgstr "" +"Frivillig. Använd den givna strängen som sökbas för " +"skrivbordsprofilrelaterade objekt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 +msgid "Default: Use base DN" +msgstr "Standard: använd bas-DN" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:419 +msgid "ipa_subid_ranges_search_base (string)" +msgstr "ipa_subid_ranges_search_base (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"Optional. Use the given string as search base for subordinate ranges related " +"objects." +msgstr "" +"Frivillig. Använd den givna strängen som sökbas för " +"underordningsintervallsrelaterade objekt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:426 +msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" +msgstr "Standard: värdet på <emphasis>cn=subids,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:433 +msgid "ipa_hbac_search_base (string)" +msgstr "ipa_hbac_search_base (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:436 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" +"Frivillig. Använd den givna strängen som sökbas för HBAC-relaterade objekt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 +msgid "ipa_host_search_base (string)" +msgstr "ipa_host_search_base (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 +msgid "Deprecated. Use ldap_host_search_base instead." +msgstr "Undanbedes. Använd ldap_host_search_base istället." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:455 +msgid "ipa_selinux_search_base (string)" +msgstr "ipa_selinux_search_base (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:458 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" +"Frivillig. Använd den givna strängen som en sökbas för SELinux-" +"användaröversättningar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:474 +msgid "ipa_subdomains_search_base (string)" +msgstr "ipa_subdomains_search_base (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:477 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" +"Frivillig. Använd den givna strängen som en sökbas för betrodda domäner." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:486 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "Standard: värdet på <emphasis>cn=trusts,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:493 +msgid "ipa_master_domain_search_base (string)" +msgstr "ipa_master_domain_search_base (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:496 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" +"Frivillig. Använd den givna strängen som en sökbas för huvuddomänobjekt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:505 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "Standard: värdet av <emphasis>cn=ad,cn=etc,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_views_search_base (string)" +msgstr "ipa_views_search_base (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "Optional. Use the given string as search base for views containers." +msgstr "Frivillig. Använd den givna strängen som en sökbas för vybehållare." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:524 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "Standard: värdet av <emphasis>cn=views,cn=accounts,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:534 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" +"Namnet på Kerberos-riket. Detta är frivilligt och som standard blir det " +"värdet av <quote>ipa_domain</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:538 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" +"Namnet på Kerberos-riket har en speciell betydelse i IPA – det konverteras " +"till bas-DN:en för att användas när LDAP-operationer utförs." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 +msgid "krb5_confd_path (string)" +msgstr "krb5_confd_path (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" +"Absolut sökväg till en katalog där SSSD skall placera konfigurationsstycken " +"för Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" +"För att förhindra att konfigurationsstycken skapas, sätt parametern till " +"”none”." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" +"Standard: inte satt (underkatalogen krb5.include.d till SSSD:s pubconf-" +"katalog)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:564 +msgid "ipa_deskprofile_refresh (integer)" +msgstr "ipa_deskprofile_refresh (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:567 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server. This will reduce the latency and load on the IPA server if there " +"are many desktop profiles requests made in a short period." +msgstr "" +"Tiden mellan uppslagningar av skrivbordsprofilsregler mot IPA-servern. " +"Detta kommer reducera tidsfördröjningen och lasten på IPA-servern om det " +"görs många begäranden om skrivbordsprofiler under en kort tid." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 +msgid "Default: 5 (seconds)" +msgstr "Standard: 5 (sekunder)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:580 +msgid "ipa_deskprofile_request_interval (integer)" +msgstr "ipa_deskprofile_request_interval (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:583 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server in case the last request did not return any rule." +msgstr "" +"Tiden mellan uppslagningar av skrivbordsprofilsregler mot IPA-servern ifall " +"den senaste förfrågan inte returnerade någon regel." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:588 +msgid "Default: 60 (minutes)" +msgstr "Standard: 60 (minuter)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:594 +msgid "ipa_hbac_refresh (integer)" +msgstr "ipa_hbac_refresh (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:597 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" +"Tiden mellan uppslagningar av HBAC-regler mot IPA-servern. Detta kommer " +"reducera tidsfördröjningen och lasten på IPA-servern om det görs många " +"begäranden om åtkomstkontroll under en kort tid." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:610 +msgid "ipa_hbac_selinux (integer)" +msgstr "ipa_hbac_selinux (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:613 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" +"Tiden mellan uppslagningar av SELinux-översättningar mot IPA-servern. Detta " +"kommer reducera tidsfördröjningen och lasten på IPA-servern om det görs " +"många begäranden om användarinloggningar under en kort tid." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:626 +msgid "ipa_server_mode (boolean)" +msgstr "ipa_server_mode (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "" +"This option will be set by the IPA installer (ipa-server-install) " +"automatically and denotes if SSSD is running on an IPA server or not." +msgstr "" +"Detta alternativ sätts automatiskt av IPA-installeraren (ipa-server-install) " +"och markerar om SSSD kör på en IPA-server eller inte." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:634 +msgid "" +"On an IPA server SSSD will lookup users and groups from trusted domains " +"directly while on a client it will ask an IPA server." +msgstr "" +"På en IPA-server kommer SSSD slå upp användare och grupper från betrodda " +"domäner direkt medan på en klient kommer den att fråga en IPA-server." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:639 +msgid "" +"NOTE: There are currently some assumptions that must be met when SSSD is " +"running on an IPA server." +msgstr "" +"OBS: det finns för närvarande några antaganden som måste uppfyllas när SSSD " +"kör på en IPA-server." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "" +"The <quote>ipa_server</quote> option must be configured to point to the IPA " +"server itself. This is already the default set by the IPA installer, so no " +"manual change is required." +msgstr "" +"Alternativet <quote>ipa_server</quote> måste konfigureras till att peka på " +"själva IPA-servern. Detta är redan standardvärdet som sätts av IPA-" +"installeraren, så det behövs inga manuella ändringar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:653 +msgid "" +"The <quote>full_name_format</quote> option must not be tweaked to only print " +"short names for users from trusted domains." +msgstr "" +"Alternativet <quote>full_name_format</quote> får inte ändras till att bara " +"skriva korta namn på användare från betrodda domäner." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:668 +msgid "ipa_automount_location (string)" +msgstr "ipa_automount_location (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:671 +msgid "The automounter location this IPA client will be using" +msgstr "Automonteringsplatsen denna IPA-klient kommer använda" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:674 +msgid "Default: The location named \"default\"" +msgstr "Standard: platsen som heter ”default”" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:682 +msgid "VIEWS AND OVERRIDES" +msgstr "VYER OCH ÅSIDOSÄTTANDEN" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:691 +msgid "ipa_view_class (string)" +msgstr "ipa_view_class (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:694 +msgid "Objectclass of the view container." +msgstr "Objektklass för vybehållaren." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:697 +msgid "Default: nsContainer" +msgstr "Standard: nsContainer" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:703 +msgid "ipa_view_name (string)" +msgstr "ipa_view_name (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:706 +msgid "Name of the attribute holding the name of the view." +msgstr "Namn på attributet som har namnet på vyn." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 +#: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 +#: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 +#: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 +msgid "Default: cn" +msgstr "Standard: cn" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:716 +msgid "ipa_override_object_class (string)" +msgstr "ipa_override_object_class (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:719 +msgid "Objectclass of the override objects." +msgstr "Objektklass för åsidosättande objekt." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:722 +msgid "Default: ipaOverrideAnchor" +msgstr "Standard: ipaOverrideAnchor" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:728 +msgid "ipa_anchor_uuid (string)" +msgstr "ipa_anchor_uuid (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:731 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" +"Namn på attributet som innehåller referensen till originalobjektet i en " +"fjärrdomän." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:735 +msgid "Default: ipaAnchorUUID" +msgstr "Standard: ipaAnchorUUID" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:741 +msgid "ipa_user_override_object_class (string)" +msgstr "ipa_user_override_object_class (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:744 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" +"Namn på objektklassen för användaråsidosättanden. Det används för att " +"avgöra om det funna åsidosättande objektet är relaterat till en användare " +"eller en grupp." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:749 +msgid "User overrides can contain attributes given by" +msgstr "Användaråsidosättanden kan innehålla attribut givna av" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:752 +msgid "ldap_user_name" +msgstr "ldap_user_name" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:755 +msgid "ldap_user_uid_number" +msgstr "ldap_user_uid_number" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:758 +msgid "ldap_user_gid_number" +msgstr "ldap_user_gid_number" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:761 +msgid "ldap_user_gecos" +msgstr "ldap_user_gecos" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:764 +msgid "ldap_user_home_directory" +msgstr "ldap_user_home_directory" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:767 +msgid "ldap_user_shell" +msgstr "ldap_user_shell" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:770 +msgid "ldap_user_ssh_public_key" +msgstr "ldap_user_ssh_public_key" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:775 +msgid "Default: ipaUserOverride" +msgstr "Standard: ipaUserOverride" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:781 +msgid "ipa_group_override_object_class (string)" +msgstr "ipa_group_override_object_class (sträng)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:784 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" +"Namn på objektklassen för gruppåsidosättanden. Det används för att avgöra " +"om det funna åsidosättandeobjektet är relaterat till en användare eller en " +"grupp." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:789 +msgid "Group overrides can contain attributes given by" +msgstr "Gruppåsidosättanden kan innehålla attribut givna av" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:792 +msgid "ldap_group_name" +msgstr "ldap_group_name" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:795 +msgid "ldap_group_gid_number" +msgstr "ldap_group_gid_number" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:800 +msgid "Default: ipaGroupOverride" +msgstr "Standard: ipaGroupOverride" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:684 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"SSSD kan hantera vyer och åsidosättanden som erbjuds av FreeIPA 4.1 och " +"senare versioner. Eftersom alla sökvägar och objektklasser är fasta på " +"serversidan finns det egentligen inget behov av att konfigurera något. För " +"fullständighets skull är de tillhörande alternativen listade här med sina " +"standardvärden. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:812 +msgid "SUBDOMAINS PROVIDER" +msgstr "UNDERDOMÄNSLEVERANTÖR" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:814 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" +"IPA-underdomänsleverantören beter sig något annorlunda om den konfigureras " +"explicit eller implicit." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:818 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" +"Om alternativet ”subdomains_provider = ipa” finns i domänavsnittet i sssd." +"conf konfigureras IPA-underdomänsleverantören explicit, och alla begäranden " +"av underdomäner skickas till IPA-servern om nödvändigt." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:824 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" +"Om alternativet ”subdomains_provider” inte är satt i domänavsnittet av sssd." +"conf men alternativet ”id_provider = ipa” finns konfigureras IPA-" +"underdomänsleverantören implicit. I det fallet, om en underdomänsbegäran " +"misslyckas och indikerar att servern inte stödjer underdomäner, d.v.s. den " +"är inte konfigurerad för förtroenden, avaktiveras IPA-" +"underdomänsleverantören. Efter en timma eller efter att IPA-leverantören " +"blir uppkopplad aktiveras underdomänsleverantören igen." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:835 +msgid "TRUSTED DOMAINS CONFIGURATION" +msgstr "KONFIGURATION AV BETRODDA DOMÄNER" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:843 +#, no-wrap +msgid "" +"[domain/ipa.domain.com/ad.domain.com]\n" +"ad_server = dc.ad.domain.com\n" +msgstr "" +"[domain/ipa.domain.com/ad.domain.com]\n" +"ad_server = dc.ad.domain.com\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:837 +msgid "" +"Some configuration options can also be set for a trusted domain. A trusted " +"domain configuration can be set using the trusted domain subsection as shown " +"in the example below. Alternatively, the <quote>subdomain_inherit</quote> " +"option can be used in the parent domain. <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Några konfigurationflaggor kan även sättas för betrodda domäner. En betrodd " +"domämns konfiguration kan sättas med den betrodda domänens undersektion som " +"visas i exemplet nedan. Alternativt kan flaggan <quote>subdomain_inherit</" +"quote> användas i föräldradomänen. <placeholder type=\"programlisting\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:848 +msgid "" +"For more details, see the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"För fler detaljer, se manualsidan <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:855 +msgid "" +"Different configuration options are tunable for a trusted domain depending " +"on whether you are configuring SSSD on an IPA server or an IPA client." +msgstr "" +"Olika konfigurationsalternativ kan ställas in för en betrodd domän beroende " +"på huruvida man konfigurerar SSSD på en IPA-server eller en IPA-klient." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:860 +msgid "OPTIONS TUNABLE ON IPA MASTERS" +msgstr "ALTERNATIV ATT STÄLLA IN PÅ IPA-MASTRAR" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:862 +msgid "" +"The following options can be set in a subdomain section on an IPA master:" +msgstr "" +"Följande alternativ kan sättas i ett underdomänsavsnitt på en IPA-master:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 +msgid "ad_server" +msgstr "ad_server" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:869 +msgid "ad_backup_server" +msgstr "ad_backup_server" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 +msgid "ad_site" +msgstr "ad_site" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:875 +msgid "ldap_search_base" +msgstr "ldap_search_base" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:878 +msgid "ldap_user_search_base" +msgstr "ldap_user_search_base" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:881 +msgid "ldap_group_search_base" +msgstr "ldap_group_search_base" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:890 +msgid "OPTIONS TUNABLE ON IPA CLIENTS" +msgstr "ALTERNATIV ATT STÄLLA IN PÅ IPA-KLIENTER" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:892 +msgid "" +"The following options can be set in a subdomain section on an IPA client:" +msgstr "" +"Följande alternativ kan sättas i ett underdomänsavsnitt på en IPA-klient:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:904 +msgid "" +"Note that if both options are set, only <quote>ad_server</quote> is " +"evaluated." +msgstr "" +"Observera att om båda alternativen sätts evalueras endast <quote>ad_server</" +"quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:908 +msgid "" +"Since any request for a user or a group identity from a trusted domain " +"triggered from an IPA client is resolved by the IPA server, the " +"<quote>ad_server</quote> and <quote>ad_site</quote> options only affect " +"which AD DC will the authentication be performed against. In particular, the " +"addresses resolved from these lists will be written to <quote>kdcinfo</" +"quote> files read by the Kerberos locator plugin. Please refer to the " +"<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more details on the " +"Kerberos locator plugin." +msgstr "" +"Eftersom alla begäranden om en användar- eller en gruppidentitet från en " +"betrodd domän startad från en IPA-klient löses upp av IPA-servern, påverkar " +"alternativen <quote>ad_server</quote> och <quote>ad_site</quote> bara vilken " +"AD DC autentiseringen kommer utföras emot. I synnerhet kommer adresserna " +"som löses upp från dessa listor att skrivas till <quote>kdcinfo</quote>-" +"filer som läses av Kerberos-lokaliseringsinsticksmodulen. För fler detaljer " +"om Kerberos-lokaliseringsinsticksmodulen hänvisas till manualsidan " +"<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:932 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" +"Följande exempel antar att SSSD är korrekt konfigurerat och att example.com " +"är en av domänerna i avsnittet <replaceable>[sssd]</replaceable>. Dessa " +"exempel visar endast alternativ som är specifika för leverantören ipa." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:939 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = minvärd.example.com\n" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "sssd-ad" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "SSSD Active Directory-leverantör" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Denna manualsida beskriver konfigurationen av leverantören AD till " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. För en detaljerad referens om syntaxen, se avsnittet " +"<quote>FILFORMAT</quote> i manualsidan <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available. Back end communication occurs over a GSSAPI-encrypted " +"channel, SSL/TLS options should not be used with the AD provider and will be " +"superseded by Kerberos usage." +msgstr "" +"Leverantören AD är en bakände som används för att ansluta till en Active " +"Directory-server. Leverantören kräver att maskinen läggs in i AD-domänen " +"och att en keytab är tillgänglig. Bakändekommunikationen sker över en " +"GSSAPI-krypterad kanal, SSL/TLS-alternativ skall inte användas tillsammans " +"med AD-leverantören och kommer ersättas av Kerberos-användning." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:44 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" +"AD-leverantören stödjer anslutning till Active Directory 2008 R2 eller " +"senare. Tidigare versioner kan fungera, men stödjs inte." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:48 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" +"AD-leverantören kan användas för att få användarinformation och autentisera " +"användare från betrodda domäner. För närvarande känns endast betrodda " +"domäner i samma skog igen. Dessutom automatupptäcks alltid servrar från " +"betrodda domäner." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:54 +msgid "" +"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for Active Directory environments. The AD provider accepts the " +"same options used by the sssd-ldap and sssd-krb5 providers with some " +"exceptions. However, it is neither necessary nor recommended to set these " +"options." +msgstr "" +"AD-leverantören gör att SSSD kan använda identitetsleverantören " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> och autentiseringsleverantören <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> med optimeringar för Active Directory-miljöer. AD-" +"leverantören tar samma alternativ som används av leverantörerna sssd-ldap " +"och sssd-krb5 med några undantag. Dock är det varken nödvändigt eller " +"lämpligt att sätta dessa alternativ." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"The AD provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" +"AD-leverantören kopierar i huvudsak standardalternativen för de " +"traditionella leverantörerna ldap och krb5 med några undantag. Skillnaderna " +"listas i avsnittet <quote>ÄNDRADE STANDARDINSTÄLLNINGAR</quote>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:74 +msgid "" +"The AD provider can also be used as an access, chpass, sudo and autofs " +"provider. No configuration of the access provider is required on the client " +"side." +msgstr "" +"AD-leverantören kan även användas som en åtkomst-, chpass-, sudo- och autofs-" +"leverantör. Ingen konfiguration av åtkomstleverantören behövs på " +"klientsidan." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:79 +msgid "" +"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ad</" +"quote>." +msgstr "" +"Om <quote>auth_provider=ad</quote> eller <quote>access_provider=ad</quote> " +"konfigureras i sssd.conf måste id-leverantören också sättas till <quote>ad</" +"quote>." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:91 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" +"ldap_id_mapping = False\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:85 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should " +"be used, it is recommended for performance reasons that the attributes are " +"also replicated to the Global Catalog. If POSIX attributes are replicated, " +"SSSD will attempt to locate the domain of a requested numerical ID with the " +"help of the Global Catalog and only search that domain. In contrast, if " +"POSIX attributes are not replicated to the Global Catalog, SSSD must search " +"all the domains in the forest sequentially. Please note that the " +"<quote>cache_first</quote> option might be also helpful in speeding up " +"domainless searches. Note that if only a subset of POSIX attributes is " +"present in the Global Catalog, the non-replicated attributes are currently " +"not read from the LDAP port." +msgstr "" +"Som standard kommer AD-leverantören översätta AID- och GID-värden från " +"parametern objectSID i Active Directory. För detaljer om detta se avsnittet " +"<quote>ID-ÖVERSÄTTNING</quote> nedan. Om du vill avaktivera ID-översättning " +"och istället lita på POSIX-attribut definierade i Active Directory skall du " +"sätta <placeholder type=\"programlisting\" id=\"0\"/>. Om POSIX-attribut " +"skall användas rekommenderas det av prestandaskäl att attributen även " +"replikeras till den globala katalogen. Om POSIX-attribut replikeras kommer " +"SSSD försöka att hitta domänen för den begärda numeriska ID:n med hjälp av " +"den globala katalogen och endast söka i den domänen. Om POSIX-attribut " +"däremot inte replikeras till den globala katalogen måste SSSD söka i alla " +"domänerna i skogen sekventiellt. Observera att alternativet " +"<quote>cache_first</quote> också kan vara till hjälp för att snabba upp " +"domänlösa sökningar. Observera att om endast en delmängd av POSIX-" +"attributen finns i den globala katalogen läses för närvarande inte de " +"attribut som inte replikeras från LDAP-porten." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:108 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" +"Användare, grupper och andra enheter som servas av SSSD behandlas alltid som " +"skiftlägesokänsliga i AD-leverantören för kompatibilitet med Active " +"Directorys LDAP-implementation." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:113 +msgid "" +"SSSD only resolves Active Directory Security Groups. For more information " +"about AD group types see: <ulink url=\"https://docs.microsoft.com/en-us/" +"windows-server/identity/ad-ds/manage/understand-security-groups\"> Active " +"Directory security groups</ulink>" +msgstr "" +"SSSD slår endast up Active Directory Security Groups. För mer information om " +"AD-grupptyper se: <ulink url=\"https://docs.microsoft.com/en-us/windows-" +"server/identity/ad-ds/manage/understand-security-groups\">Active Directory " +"security grouips</ulink>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:120 +msgid "" +"SSSD filters out Domain Local groups from remote domains in the AD forest. " +"By default they are filtered out e.g. when following a nested group " +"hierarchy in remote domains because they are not valid in the local domain. " +"This is done to be in agreement with Active Directory's group-membership " +"assignment which can be seen in the PAC of the Kerberos ticket of a user " +"issued by Active Directory." +msgstr "" +"SSSD filtrerar ut domänlokala grupper från fjärrdomäner i AD-skogen. Som " +"standard filtreras de ut t.ex. när man följer en nästad grupphierarki i " +"fjärrdomäner för att de inte är giltiga i den lokala domänen. Detta görs för " +"att stämma med Active Directorys gruppmedlemskapstilldelning vilken kan ses " +"i Kerberosbiljettens PAC för en användare utgiven av Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:138 +msgid "ad_domain (string)" +msgstr "ad_domain (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:141 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" +"Anger namnet på Active Directory-domänen. Detta är frivilligt. Om det inte " +"anges används namnet på den konfigurerade domänen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:146 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" +"För att fungera ordentligt skall detta alternativ anges som den gemena " +"versionen av den långa versionen av Active Directorys domän." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:151 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" +"Det korta domännamnet (även känt som NetBIOS-namnet eller det platta namnet) " +"detekteras automatiskt av SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:158 +msgid "ad_enabled_domains (string)" +msgstr "ad_enabled_domains (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:161 +#, fuzzy +#| msgid "" +#| "A comma-separated list of enabled Active Directory domains. If provided, " +#| "SSSD will ignore any domains not listed in this option. If left unset, " +#| "all domains from the AD forest will be available." +msgid "" +"A comma-separated list of enabled Active Directory domains. If provided, " +"SSSD will ignore any domains not listed in this option. If left unset, all " +"discovered domains from the AD forest will be available." +msgstr "" +"En kommaseparerad lista av aktiverade Active Directory-domäner. Om det " +"tillhandahålls kommer SSSD ignorera eventuella domäner som inte räknas upp i " +"detta alternativ. Om det lämnas osatt kommer alla domäner från AD-skogen " +"vara tillgängliga." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:168 +msgid "" +"During the discovery of the domains SSSD will filter out some domains where " +"flags or attributes indicate that they do not belong to the local forest or " +"are not trusted. If ad_enabled_domains is set, SSSD will try to enable all " +"listed domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:179 +#, no-wrap +msgid "" +"ad_enabled_domains = sales.example.com, eng.example.com\n" +" " +msgstr "" +"ad_enabled_domains = marknad.example.com, tekn.example.com\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:175 +msgid "" +"For proper operation, this option must be specified in all lower-case and as " +"the fully qualified domain name of the Active Directory domain. For example: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"För att fungera ordentligt bör detta alternativ anges helt i gemener och som " +"det fullständigt kvalificerade namnet på Active Directory-domänen. Till " +"exempel: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) will be " +"autodetected by SSSD." +msgstr "" +"Det korta domännamnet (även känt som NetBIOS-namnet eller det platta namnet) " +"kommer detekteras automatiskt av SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:193 +msgid "ad_server, ad_backup_server (string)" +msgstr "ad_server, ad_backup_server (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:196 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" +"Den kommaseparerade listan av värdnamn till AD-servrar till vilka SSSD skall " +"ansluta i prioritetsordning. För mer information om reserver och " +"serverredundans se avsnittet <quote>RESERVER</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:203 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"Detta är frivilligt om automatupptäckt är aktiverat. För mer information om " +"tjänsteupptäckt se avsnittet <quote>TJÄNSTEUPPTÄCKT</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:208 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" +"Observera: betrodda domäner kommer alltid automatiskt upptäcka servrar även " +"om den primära servern definieras uttryckligen i alternativet ad_server." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:216 +msgid "ad_hostname (string)" +msgstr "ad_hostname (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:219 +msgid "" +"Optional. On machines where the hostname(5) does not reflect the fully " +"qualified name, sssd will try to expand the short name. If it is not " +"possible or the short name should be really used instead, set this parameter " +"explicitly." +msgstr "" +"Valfri. På maskiner där hostname(5) inte avspeglar det fullständigt " +"kvalificerade namnet kommer sssd försöka expandera det korta namnet. Om det " +"inte är möjligt eller det korta namnet verkligen skall användas istället, " +"sätt då denna parameter uttryckligen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:226 +msgid "" +"This field is used to determine the host principal in use in the keytab and " +"to perform dynamic DNS updates. It must match the hostname for which the " +"keytab was issued." +msgstr "" +"Detta fält används för att avgöra värd-huvudmannen som används i keytab:en " +"och utföra dynamiska DNS-uppdateringar. Det måste stämma med värdnamnet som " +"keytab:en gavs ut för." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:235 +msgid "ad_enable_dns_sites (boolean)" +msgstr "ad_enable_dns_sites (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" +"Om sant och tjänsteupptäckt (se stycket Tjänsteupptäckt i slutet av " +"manualsidan) är aktiverat kommer SSSD först att försöka hitta en Active " +"Directory-server att ansluta till med Active Directory Site Discovery och " +"sedan falla tillbaka på traditionell SRV-upptäckt om ingen AD-sajt hittas. " +"Konfigurationen av DNS SRV, inklusive upptäcktsdomänen, används också under " +"sajtupptäckten." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:258 +msgid "ad_access_filter (string)" +msgstr "ad_access_filter (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:261 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" +"Detta alternativ anger LDAP:s åtkomstkontrollfilter som användaren måste " +"matcha för att tillåtas åtkomst. Observera att alternativet " +"<quote>access_provider</quote> måste vara uttryckligen satt till <quote>ad</" +"quote> för att detta alternativ skall ha någon effekt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:269 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" +"Alternativet stödjer också att ange olika filter per domän eller skog. " +"Detta utökade filter skulle bestå av: <quote>NYCKELORD:NAMN:FILTER</quote>. " +"Nyckelordet kan vara antingen <quote>DOM</quote>, <quote>FOREST</quote> " +"eller utelämnas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:277 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" +"Om nyckelordet är lika med <quote>DOM</quote> eller saknas anger " +"<quote>NAMN</quote> domänen eller underdomänen filtret gäller för. Om " +"nyckelordet är lika med <quote>FOREST</quote> är filtret lika för alla " +"domäner från skogen som anges av <quote>NAMN</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:285 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" +"Flera filter kan avgränsas med tecknet <quote>?</quote>, i likhet med hur " +"sökbaser fungerar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"Nested group membership must be searched for using a special OID " +"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain." +"example.org: syntax to ensure the parser does not attempt to interpret the " +"colon characters associated with the OID. If you do not use this OID then " +"nested group membership will not be resolved. See usage example below and " +"refer here for further information about the OID: <ulink url=\"https://msdn." +"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP " +"extensions</ulink>" +msgstr "" +"Nästade gruppmedlemskap måste sökas efter med en speciell OID " +"<quote>:1.2.840.113556.1.4.1941:</quote> utöver den fullständiga syntaxen " +"DOM:domän.example.com: för att säkerställa att tolken inte försöker tolka " +"kolontecknen som hör till OID:n. Om man inte använder denna OID kommer " +"nästade gruppmedlemskap inte slås upp. Se användningsexempel nedan och se " +"här för ytterligare information om OID:n: <ulink url=\"https://msdn." +"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] avsnittet LDAP-" +"utökningar</ulink>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:303 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" +"Den mest specifika matchningen används alltid. Till exempel, om " +"alternativet angav filter för en domän användaren är medlem i och ett " +"globalt filter skulle det domänspecifika filtret tillämpas. Om det finns " +"fler matchningar med samma specifikation används den första." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:314 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +"\n" +"# apply filter for a member of a nested group in dom1:\n" +"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" +"# tillämpa endast filtret på en domän som heter dom1:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# tillämpa endast filtret på en domän som heter dom2:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# tillämpa endast filtret på en skog som heter EXAMPLE.COM:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +"\n" +"# tillämpa filtret på en medlem av en nästad grupp i dom1:\n" +"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:333 +msgid "ad_site (string)" +msgstr "ad_site (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" +"Ange en AD-sajt som klienten skall försöka ansluta till. Om detta " +"alternativ inte anges kommer AD-sajten att automatupptäckas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:347 +msgid "ad_enable_gc (boolean)" +msgstr "ad_enable_gc (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:350 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" +"Som standard ansluter SSSD till den globala katalogen först för att hämta " +"användare från betrodda domäner och använder LDAP-porten för att hämta " +"gruppmedlemskap som en reserv. Att avaktivera detta alternativ gör att SSSD " +"endast ansluter till LDAP-porten på den aktuella AD-servern." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:358 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" +"Observera att att avaktivera stöd för den globala katalogen inte avaktiverar " +"att hämta användare från betrodda domäner. SSSD skulle ansluta till LDAP-" +"porten på den betrodda domänen istället. Dock måste den globala katalogen " +"användas för att slå upp gruppmedlemskap över domäner." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:372 +msgid "ad_gpo_access_control (string)" +msgstr "ad_gpo_access_control (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" +"Detta alternativ anger arbetsläget för GPO-baserad " +"åtkomstkontrollsfunktionalitet: huruvida det arbetar i avaktiverat läge, " +"tvingande läge eller tillåtande läge. Observera att alternativet " +"<quote>access_provider</quote> måste vara uttryckligen satt till <quote>ad</" +"quote> för att detta alternativ skall ha någon effekt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:384 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to the host. For more " +"information on the supported policy settings please refer to the " +"<quote>ad_gpo_map</quote> options." +msgstr "" +"Funktionalitet för GPO-baserad åtkomststyrning använder GPO-" +"policyinställningar för att avgöra huruvida en viss användare tillåts logga " +"in på värden eller inte. För mer information om de stödda " +"policyinställningarna se flaggan <quote>ad_gpo_map</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:392 +msgid "" +"Please note that current version of SSSD does not support Active Directory's " +"built-in groups. Built-in groups (such as Administrators with SID " +"S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See " +"upstream issue tracker https://github.com/SSSD/sssd/issues/5063 ." +msgstr "" +"Observera att den aktuella versionen av SSSD inte stöjder Active Directorys " +"inbyggda grupper. Inbyggda grupper (såsom administratörer med SID " +"S-1-5-32-544) i GPO-åtkomststyrningsregler kommer ignoreras av SSSD. Se " +"uppströms ärendehanterare https://github.com/SSSD/sssd/issues/5063 ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:401 +msgid "" +"Before performing access control SSSD applies group policy security " +"filtering on the GPOs. For every single user login, the applicability of the " +"GPOs that are linked to the host is checked. In order for a GPO to apply to " +"a user, the user or at least one of the groups to which it belongs must have " +"following permissions on the GPO:" +msgstr "" +"Före åtkomstkontroll utförs tillämpar SSSD säkerhetsfiltrering enligt " +"gruppolicy på GPO:erna. För varje enskild användares inloggning kontrolleras " +"tillämpligheten av GPO:erna som är länkade till värden. För att en GPO skall " +"vara tillämplig på en användare måste användaren eller åtminstone en av de " +"grupper den tillhör ha följande rättigheter på GPO:n:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:411 +msgid "" +"Read: The user or one of its groups must have read access to the properties " +"of the GPO (RIGHT_DS_READ_PROPERTY)" +msgstr "" +"Läs: användaren eller en av dess grupper måste ha läsrättigheter till " +"egenskaperna hos GPO:n (RIGHT_DS_READ_PROPERTY)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:418 +msgid "" +"Apply Group Policy: The user or at least one of its groups must be allowed " +"to apply the GPO (RIGHT_DS_CONTROL_ACCESS)." +msgstr "" +"Verkställ gruppolicy: användaren eller åtminstone en av dess grupper måste " +"ha tillåtelse att verkställa GPO:n (RIGHT_DS_CONTROL_ACCESS)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:426 +msgid "" +"By default, the Authenticated Users group is present on a GPO and this group " +"has both Read and Apply Group Policy access rights. Since authentication of " +"a user must have been completed successfully before GPO security filtering " +"and access control are started, the Authenticated Users group permissions on " +"the GPO always apply also to the user." +msgstr "" +"Som standard fins en autentiserad användares grupp på en GPO och denna grupp " +"har både Läs- och Verkställ gruppolicy-åtkomsträttigheter. Eftersom " +"autentisering av en användare måste ha fullgjorts framgångsrikt före GPO-" +"säkerhetsfiltrering och åtkomstkontroll börjar gäller alltid även den " +"autentiserade användarens grupprättigheter på GPO:n för användaren." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:435 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing. For logging GPO-based access control debug level 'trace " +"functions' is required (see <citerefentry> <refentrytitle>sssctl</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)." +msgstr "" +"OBS: Om åtgärdsläget är satt till tvingande är det möjligt att användarna " +"som tidigare var tillåtna inloggningsåtkomst nu kommer nekast " +"inloggningsåtkomst (som det dikteras av GPO-policyinställningar). För att " +"möjliggöra en smidig övergång för administratörer finns ett tillåtande läge " +"tillgängligt som inte kommer genomdriva åtkomststyrningsreglerna, utan " +"kommer beräkna deom och skriva ut ett syslog-meddelande om åtkomst skulle ha " +"nekats. Genom att granska loggarna kan administratörer sedan göra de " +"nödvändiga ändringarna före läget ställs in som tvingande. För att logga " +"felsökningsnivå av GPO-baserad åtkomstkontroll krävs ”trace functions” (se " +"manualsidan <citerefentry><refentrytitle>sssctl</refentrytitle> " +"<manvolnum>8</manvolnum></citerefentry>)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "There are three supported values for this option:" +msgstr "Det finns tre stödda värden för detta alternativ:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:458 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" +"disabled: GPO-baserade åtkomstkontrollsregler varken evalueras eller " +"påtvingas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:464 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "enforcing: GPO-baserade åtkomstkontrollregler evalueras och påtvingas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:470 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" +"permissive: GPO-baserade åtkomstkontrollregler evalueras men påtvingas " +"inte. Istället skickas ett syslog-meddelande ut som indikerar att " +"användaren skulle ha nekats åtkomst om detta alternativs värde vore satt " +"till enforcing." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:481 +msgid "Default: permissive" +msgstr "Standard: permissive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:484 +msgid "Default: enforcing" +msgstr "Standard: enforcing" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:490 +msgid "ad_gpo_implicit_deny (boolean)" +msgstr "ad_gpo_implicit_deny (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:493 +msgid "" +"Normally when no applicable GPOs are found the users are allowed access. " +"When this option is set to True users will be allowed access only when " +"explicitly allowed by a GPO rule. Otherwise users will be denied access. " +"This can be used to harden security but be careful when using this option " +"because it can deny access even to users in the built-in Administrators " +"group if no GPO rules apply to them." +msgstr "" +"Normalt när inga tillämpliga GPO:er finns tillåts användarna åtkomst. När " +"detta alternativ är satt till True kommer användare att tillåtas åtkomst " +"endast när det uttryckligen tillåts av en GPO-regel. Annars kommer " +"användare nekas åtkomst. Detta kan användas för att stärka säkerheten men " +"var försiktig när detta alternativ används för det kan neka åtkomst även " +"till användare i den inbyggda administratörsgruppen om inga GPO-regler är " +"tillämpliga på dem." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:509 +msgid "" +"The following 2 tables should illustrate when a user is allowed or rejected " +"based on the allow and deny login rights defined on the server-side and the " +"setting of ad_gpo_implicit_deny." +msgstr "" +"Följande 2 tabeller bör illustrera när en användare tillåts eller nekas " +"baserat på de tillåtande eller nekande inloggningsrättigheterna definierade " +"på serversidan och inställningen av ad_gpo_implicit_deny." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:521 +msgid "ad_gpo_implicit_deny = False (default)" +msgstr "ad_gpo_implicit_deny = False (standard)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "allow-rules" +msgstr "tillåtelseregler" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "deny-rules" +msgstr "nekanderegler" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:523 sssd-ad.5.xml:549 +msgid "results" +msgstr "resultat" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:526 sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:552 +#: sssd-ad.5.xml:555 sssd-ad.5.xml:558 +msgid "missing" +msgstr "saknas" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:527 +msgid "all users are allowed" +msgstr "alla användare tillåts" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:535 sssd-ad.5.xml:555 +#: sssd-ad.5.xml:558 sssd-ad.5.xml:561 +msgid "present" +msgstr "finns" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:530 +msgid "only users not in deny-rules are allowed" +msgstr "endast användare som inte finns i nekanderegler tillåts" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:533 sssd-ad.5.xml:559 +msgid "only users in allow-rules are allowed" +msgstr "endast användare i tillåtelseregler tillåts" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:536 sssd-ad.5.xml:562 +msgid "only users in allow-rules and not in deny-rules are allowed" +msgstr "endast användare i tillåtelse och inte i nekanderegler tillåts" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:547 +msgid "ad_gpo_implicit_deny = True" +msgstr "ad_gpo_implicit_deny = True" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:553 sssd-ad.5.xml:556 +msgid "no users are allowed" +msgstr "inga användare tillåts" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:569 +msgid "ad_gpo_ignore_unreadable (boolean)" +msgstr "ad_gpo_ignore_unreadable (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:572 +msgid "" +"Normally when some group policy containers (AD object) of applicable group " +"policy objects are not readable by SSSD then users are denied access. This " +"option allows to ignore group policy containers and with them associated " +"policies if their attributes in group policy containers are not readable for " +"SSSD." +msgstr "" +"Normalt när några gruppolicybehållare (AD-objekt) av några tillämpliga " +"gruppolicyobjekt inte är läsbara av SSSD så nekas användare åtkomst. Detta " +"alternativ tillåter att man ignorerar gruppolicybehållare och med dem " +"tillhörande policyer om deras attribut i gruppolicybehållare inte är läsbara " +"för SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:589 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "ad_gpo_cache_timeout (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" +"Tiden mellan uppslagningar av GPO-policyfiler mot AD-servern. Detta kommer " +"reducera tidsfördröjningen och lasten på AD-servern om det görs många " +"begäranden om åtkomstkontroll under en kort tid." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:605 +msgid "ad_gpo_map_interactive (string)" +msgstr "ad_gpo_map_interactive (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:608 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings. Only those GPOs are evaluated " +"for which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny interactive logon setting for the user or one of its groups, the user " +"is denied local access. If none of the evaluated GPOs has an interactive " +"logon right defined, the user is granted local access. If at least one " +"evaluated GPO contains interactive logon right settings, the user is granted " +"local access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" +"En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad " +"åtkomstkontroll beräknas baserat på policyinställningarna " +"InteractiveLogonRight och DenyInteractiveLogonRight. Endast de GPO:er " +"beräknas för vilka användaren har Läs- eller Verkställ gruppolicy-" +"rättigheter (se flaggan <quote>ad_gpo_access_control</quote>). Om en " +"beräknad GPO innehåller inställningen neka interaktiv inloggning för " +"användaren eller en av dess grupper nekas användaren lokal åtkomst. Om ingen " +"av de evaluerade GPO:erna har en interaktiv inloggningsrättighet definierad " +"ges användaren lokal åtkomst. Om åtminstone en beräknad GPO innehåller " +"inställningen interaktiv inloggningsrättighet ges användaren lokal åtkomst " +"endast om denne eller åtminstone en av dess grupper är del av den " +"policyinställningen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:626 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" +"Obs: när man använder gruppolicyhanteringsredigeraren kallas detta värde " +"”Tillåt inloggning lokalt” och ”Neka inloggning lokalt”." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:640 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" +"ad_gpo_map_interactive = +min_pam-tjänst, -login\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:631 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Det är möjligt att lägga till ett annat PAM-tjänstenamn till " +"standarduppsättningen genom att använda <quote>+tjänstenamn</quote> eller " +"att uttryckligen ta bort ett PAM-tjänstenamn från standarduppsättningen " +"genom att använda <quote>-tjänstenamn</quote>. Till exempel, för att byta " +"ut ett standard-PAM-tjänstenamn för denna inloggningsrätt (t.ex. " +"<quote>login</quote>) mot ett anpassat PAM-tjänstenamn (t.ex. <quote>min_pam-" +"tjänst</quote>) skulle man använda följande konfiguration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:663 +msgid "gdm-fingerprint" +msgstr "gdm-fingerprint" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:683 +msgid "lightdm" +msgstr "lightdm" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:688 +msgid "lxdm" +msgstr "lxdm" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:693 +msgid "sddm" +msgstr "sddm" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:698 +msgid "unity" +msgstr "unity" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:703 +msgid "xdm" +msgstr "xdm" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:712 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "ad_gpo_map_remote_interactive (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:715 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings. Only those GPOs are " +"evaluated for which the user has Read and Apply Group Policy permission (see " +"option <quote>ad_gpo_access_control</quote>). If an evaluated GPO contains " +"the deny remote logon setting for the user or one of its groups, the user is " +"denied remote interactive access. If none of the evaluated GPOs has a " +"remote interactive logon right defined, the user is granted remote access. " +"If at least one evaluated GPO contains remote interactive logon right " +"settings, the user is granted remote access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" +"En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad " +"åtkomstkontroll beräknas baserat på policyinställningarna " +"RemoteInteractiveLogonRight och DenyRemoteInteractiveLogonRight. Endast de " +"GPO:er beräknas för vilka användaren har Läs- eller Verkställ gruppolicy-" +"rättigheter (se flaggan <quote>ad_gpo_access_control</quote>). Om en " +"beräknad GPO innehåller inställningen neka fjärrinloggning för användaren " +"eller en av dess grupper nekas användaren interaktiv fjärråtkomst. Om ingen " +"av de evaluerade GPO:erna har en interaktiv inloggningsrättighet definierad " +"ges användaren interaktiv fjärråtkomst. Om åtminstone en beräknad GPO " +"innehåller inställningen interaktiv fjärrinloggningsrättighet ges användaren " +"fjärråtkomst endast om denne eller åtminstone en av dess grupper är del av " +"den policyinställningen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:734 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" +"Obs: när man använder gruppolicyhanteringsredigeraren kallas detta värde " +"”Tillåt inloggning via fjärrskrivbordstjänster” och ”Neka inloggning via " +"fjärrinloggningstjänster”." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:749 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" +"ad_gpo_map_remote_interactive = +min_pam-tjänst, -sshd\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:740 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Det är möjligt att lägga till ett annat PAM-tjänstenamn till " +"standarduppsättningen genom att använda <quote>+tjänstenamn</quote> eller " +"att uttryckligen ta bort ett PAM-tjänstenamn från standarduppsättningen " +"genom att använda <quote>-tjänstenamn</quote>. Till exempel, för att byta " +"ut ett standard-PAM-tjänstenamn för denna inloggningsrätt (t.ex. " +"<quote>sshd</quote>) mot ett anpassat PAM-tjänstenamn (t.ex. <quote>min_pam-" +"tjänst</quote>) skulle man använda följande konfiguration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:757 +msgid "sshd" +msgstr "sshd" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:762 +msgid "cockpit" +msgstr "cockpit" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:771 +msgid "ad_gpo_map_network (string)" +msgstr "ad_gpo_map_network (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny network logon setting for the user or one of its groups, the user is " +"denied network logon access. If none of the evaluated GPOs has a network " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains network logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" +"En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad " +"åtkomstkontroll beräknas baserat på policyinställningarna NetworkLogonRight " +"och DenyNetworkLogonRight. Endast de GPO:er beräknas för vilka användaren " +"har Läs- eller Verkställ gruppolicy-rättigheter (se flaggan " +"<quote>ad_gpo_access_control</quote>). Om en beräknad GPO innehåller " +"inställningen neka nätverksinloggning för användaren eller en av dess " +"grupper nekas användaren nätverksåtkomst. Om ingen av de evaluerade GPO:erna " +"har en nätverksinloggningsrättighet definierad ges användaren " +"inloggningsåtkomst. Om åtminstone en beräknad GPO innehåller inställningen " +"nätverksinloggningsrättighet ges användaren inloggningsåtkomst endast om " +"denne eller åtminstone en av dess grupper är del av den policyinställningen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:792 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" +"Obs: när man använder gruppolicyhanteringsredigeraren kallas detta värde " +"”Kom åt denna dator från nätverket” och ”Neka åtkomst till denna dator från " +"nätverket”." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:807 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" +"ad_gpo_map_network = +min_pam-tjänst, -ftp\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:798 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Det är möjligt att lägga till ett annat PAM-tjänstenamn till " +"standarduppsättningen genom att använda <quote>+tjänstenamn</quote> eller " +"att uttryckligen ta bort ett PAM-tjänstenamn från standarduppsättningen " +"genom att använda <quote>-tjänstenamn</quote>. Till exempel, för att byta " +"ut ett standard-PAM-tjänstenamn för denna inloggningsrätt (t.ex. <quote>ftp</" +"quote>) mot ett anpassat PAM-tjänstenamn (t.ex. <quote>min_pam-tjänst</" +"quote>) skulle man använda följande konfiguration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:815 +msgid "ftp" +msgstr "ftp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:820 +msgid "samba" +msgstr "samba" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:829 +msgid "ad_gpo_map_batch (string)" +msgstr "ad_gpo_map_batch (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:832 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings. Only those GPOs are evaluated for which the user has Read " +"and Apply Group Policy permission (see option <quote>ad_gpo_access_control</" +"quote>). If an evaluated GPO contains the deny batch logon setting for the " +"user or one of its groups, the user is denied batch logon access. If none " +"of the evaluated GPOs has a batch logon right defined, the user is granted " +"logon access. If at least one evaluated GPO contains batch logon right " +"settings, the user is granted logon access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" +"En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad " +"åtkomstkontroll beräknas baserat på policyinställningarna BatchLogonRight " +"och DenyBatchLogonRight. Endast de GPO:er beräknas för vilka användaren har " +"Läs- eller Verkställ gruppolicy-rättigheter (se flaggan " +"<quote>ad_gpo_access_control</quote>). Om en beräknad GPO innehåller " +"inställningen neka satsvis inloggning för användaren eller en av dess " +"grupper nekas användaren satsvis inloggningsåtkomst. Om ingen av de " +"evaluerade GPO:erna har en satsvis inloggningsrättighet definierad ges " +"användaren inloggningsåtkomst. Om åtminstone en beräknad GPO innehåller " +"inställningen satsvis inloggningsrättighet ges användaren inloggningsåtkomst " +"endast om denne eller åtminstone en av dess grupper är del av den " +"policyinställningen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:850 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" +"Obs: när man använder gruppolicyhanteringsredigeraren kallas detta värde " +"”Tillåt inloggning som ett batch-jobb” och ”Neka inloggning som ett batch-" +"jobb”." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:864 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" +"ad_gpo_map_batch = +min_pam-tjänst, -crond\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:855 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Det är möjligt att lägga till ett annat PAM-tjänstenamn till " +"standarduppsättningen genom att använda <quote>+tjänstenamn</quote> eller " +"att uttryckligen ta bort ett PAM-tjänstenamn från standarduppsättningen " +"genom att använda <quote>-tjänstenamn</quote>. Till exempel, för att byta " +"ut ett standard-PAM-tjänstenamn för denna inloggningsrätt (t.ex. " +"<quote>crond</quote>) mot ett anpassat PAM-tjänstenamn (t.ex. <quote>min_pam-" +"tjänst</quote>) skulle man använda följande konfiguration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:867 +msgid "" +"Note: Cron service name may differ depending on Linux distribution used." +msgstr "" +"Obs: cron-tjänstenamn kan skilja beroende på vilken Linuxdistribution som " +"används." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:873 +msgid "crond" +msgstr "crond" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:882 +msgid "ad_gpo_map_service (string)" +msgstr "ad_gpo_map_service (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:885 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny service logon setting for the user or one of its groups, the user is " +"denied service logon access. If none of the evaluated GPOs has a service " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains service logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" +"En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad " +"åtkomstkontroll beräknas baserat på policyinställningarna ServiceLogonRight " +"och DenyServiceLogonRight. Endast de GPO:er beräknas för vilka användaren " +"har Läs- eller Verkställ gruppolicy-rättigheter (se flaggan " +"<quote>ad_gpo_access_control</quote>). Om en beräknad GPO innehåller " +"inställningen neka tjänsteinloggning för användaren eller en av dess grupper " +"nekas användaren tjänsteinloggningsåtkomst. Om ingen av de evaluerade GPO:" +"erna har en tjänsteinloggningsrättighet definierad ges användaren " +"inloggningsåtkomst. Om åtminstone en beräknad GPO innehåller inställningen " +"tjänsteinloggningsrättighet ges användaren inloggningsåtkomst endast om " +"denne eller åtminstone en av dess grupper är del av den policyinställningen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:903 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" +"Obs: när man använder gruppolicyhanteringsredigeraren kallas detta värde " +"”Tillåt inloggning som en tjänst” och ”Neka inloggning som en tjänst”." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:916 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" +"ad_gpo_map_service = +min_pam-tjänst\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:908 sssd-ad.5.xml:983 +msgid "" +"It is possible to add a PAM service name to the default set by using " +"<quote>+service_name</quote>. Since the default set is empty, it is not " +"possible to remove a PAM service name from the default set. For example, in " +"order to add a custom pam service name (e.g. <quote>my_pam_service</quote>), " +"you would use the following configuration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Det är möjligt att lägga till ett PAM-tjänstenamn till standarduppsättningen " +"genom att använda <quote>+tjänstenamn</quote>. Eftersom " +"standarduppsättningen är tom är det inte möjligt att ta bort ett PAM-" +"tjänstenamn från standarduppsättningen. Till exempel, för att lägga till " +"ett anpassat PAM-tjänstenamn (t.ex. <quote>min_pam-tjänst</quote>) skulle " +"man använda följande konfiguration: <placeholder type=\"programlisting\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:926 +msgid "ad_gpo_map_permit (string)" +msgstr "ad_gpo_map_permit (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:929 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" +"En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad åtkomst " +"alltid tillåts, oavsett några andra GPO-inloggningsrättigheter." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:943 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" +"ad_gpo_map_permit = +min_pam-tjänst, -sudo\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:934 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Det är möjligt att lägga till ett annat PAM-tjänstenamn till " +"standarduppsättningen genom att använda <quote>+tjänstenamn</quote> eller " +"att uttryckligen ta bort ett PAM-tjänstenamn från standarduppsättningen " +"genom att använda <quote>-tjänstenamn</quote>. Till exempel, för att byta " +"ut ett standard-PAM-tjänstenamn för ovillkorligt tillåten åtkomst (t.ex. " +"<quote>sudo</quote>) mot ett anpassat PAM-tjänstenamn (t.ex. <quote>min_pam-" +"tjänst</quote>) skulle man använda följande konfiguration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:951 +msgid "polkit-1" +msgstr "polkit-1" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:966 +msgid "systemd-user" +msgstr "systemd-user" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:975 +msgid "ad_gpo_map_deny (string)" +msgstr "ad_gpo_map_deny (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:978 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" +"En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad åtkomst " +"alltid nekas, oavsett några andra GPO-inloggningsrättigheter." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:991 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" +"ad_gpo_map_deny = +min_pam-tjänst\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1001 +msgid "ad_gpo_default_right (string)" +msgstr "ad_gpo_default_right (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1004 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" +"Detta alternativ definierar hur åtkomstkontroll beräknas för PAM-tjänstenamn " +"som inte är uttryckligen listade i en av alternativen ad_gpo_map_*. Detta " +"alternativ kan anges på två olika sätt. Antingen kan detta alternativ " +"sättas till att ange standardinloggningsrättigheter. Till exempel, om detta " +"alternativ är satt till ”interactive” betyder det att omappade PAM-" +"tjänstenamn kommer bearbetas baserat på policyinställningarna " +"InteractiveLogonRight och DenyInteractiveLogonRight. Alternativt kan detta " +"alternativ sättas till att antingen alltid tillåta eller alltid neka åtkomst " +"för omappade PAM-tjänstenamn." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1017 +msgid "Supported values for this option include:" +msgstr "Värden som stödjs för detta alternativ inkluderar:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1026 +msgid "remote_interactive" +msgstr "remote_interactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1031 +msgid "network" +msgstr "network" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1036 +msgid "batch" +msgstr "batch" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1041 +msgid "service" +msgstr "service" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1046 +msgid "permit" +msgstr "permit" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1051 +msgid "deny" +msgstr "deny" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1057 +msgid "Default: deny" +msgstr "Standard: deny" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1063 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "ad_maximum_machine_account_password_age (heltal)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1066 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" +"SSSD kommer en gång om dagen kontrollera om maskinkontolösenordet är äldre " +"än den givna åldern i dagar och försöka förnya det. Ett värde på 0 kommer " +"förhindra förnyelseförsöket." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1072 +msgid "Default: 30 days" +msgstr "Standard: 30 dagar" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1078 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "ad_machine_account_password_renewal_opts (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1081 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expects 2 integers separated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the initial timeout in seconds before the task is run for the " +"first time after startup." +msgstr "" +"Detta alternativ skall endast användas för att testa " +"maskinkontoförnyelsefunktionen. Alternativet förväntar sig 2 heltal " +"separerade av ett kolon (”:”). Det första heltalet anger intervallet i " +"sekunder hur ofta funktionen körs. Det andra anger den initiala tidsgränsen " +"i sekunder före funktionen körs för första gången efter uppstart." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1090 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "Standard: 86400:750 (24h och 15m)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1096 +msgid "ad_update_samba_machine_account_password (boolean)" +msgstr "ad_update_samba_machine_account_password (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1099 +msgid "" +"If enabled, when SSSD renews the machine account password, it will also be " +"updated in Samba's database. This prevents Samba's copy of the machine " +"account password from getting out of date when it is set up to use AD for " +"authentication." +msgstr "" +"Om aktiverat kommer lösenordet i Sambas databas också uppdateras när SSSD " +"förnyar maskinkontolösenordet. Detta förhindrar Sambas exemplar av " +"maskinkontolösenordet från att bli inaktuellt när det är uppsatt att använda " +"AD för autentisering." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1112 +msgid "ad_use_ldaps (bool)" +msgstr "ad_use_ldaps (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1115 +msgid "" +"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " +"3628. If this option is set to True SSSD will use the LDAPS port 636 and " +"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " +"have multiple encryption layers on a single connection and we still want to " +"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " +"property maxssf is set to 0 (zero) for those connections." +msgstr "" +"Som standard använder SSSD den enkla LDAP-porten 389 porten 3628 för den " +"globala katalogen. Om denna flagga är satt till sant kommer SSSD använda " +"LDAPS-porten 636 och porten 3629 för den globala katalogen med LDAPS-skydd. " +"Eftersom AD inte tillåter att ha flera krypteringsnivåer på en ensam " +"förbindelse och vi fortfarande vill använda SASL/GSSAPI eller SASL/GSS-" +"SPNEGO till autentisering är SASL-säkerhetsegenskapen maxssf satt till 0 " +"(noll) för dessa förbindelser." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1132 +msgid "ad_allow_remote_domain_local_groups (boolean)" +msgstr "ad_allow_remote_domain_local_groups (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1135 +msgid "" +"If this option is set to <quote>true</quote> SSSD will not filter out Domain " +"Local groups from remote domains in the AD forest. By default they are " +"filtered out e.g. when following a nested group hierarchy in remote domains " +"because they are not valid in the local domain. To be compatible with other " +"solutions which make AD users and groups available on Linux client this " +"option was added." +msgstr "" +"Om detta alternativ är satt till <quote>sant</quote> kommer SSSD inte att " +"filtrera ut domänlokala grupper från fjärrdomäner i AD-skogen. Som standard " +"filtreras de ut t.ex. när man följer en nästad grupphierarki i fjärrdomäner " +"för att de inte är giltiga i den lokala domänen. För att vara kompatibel med " +"andra lösningar som gör AD-användare och -grupper tillgängliga i " +"Linuxklienter lades detta alternativ till." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1145 +msgid "" +"Please note that setting this option to <quote>true</quote> will be against " +"the intention of Domain Local group in Active Directory and <emphasis>SHOULD " +"ONLY BE USED TO FACILITATE MIGRATION FROM OTHER SOLUTIONS</emphasis>. " +"Although the group exists and user can be member of the group the intention " +"is that the group should be only used in the domain it is defined and in no " +"others. Since there is only one type of POSIX groups the only way to achieve " +"this on the Linux side is to ignore those groups. This is also done by " +"Active Directory as can be seen in the PAC of the Kerberos ticket for a " +"local service or in tokenGroups requests where remote Domain Local groups " +"are missing as well." +msgstr "" +"Observera att sätta detta alternativ till <quote>sant</quote> kommer strida " +"mot avsikten med domänlokala grupper i Active Directory och <emphasis>SKALL " +"ENDAST ANVÄNDAS FÖR ATT MÖJLIGGÖRA MIGRERING FRÅN ANDRA LÖSNINGAR</" +"emphasis>. Även om grruppen finns och användaren kan vara medlem av gruppen " +"är avsikten att gruppen endast skall användas i domänen den är definierad " +"och inte i några andra. Eftersom det endast finns en typ av POSIX-grupper är " +"det enda sättet att uppnå detta på Linuxsidan att ignorera dessa grupper. " +"Detta görs också av Active Directory som kan ses i PAC:en i " +"Kerberosbiljetten för en lokal tjänst sller i tokenGroups-begäranden där " +"också de domänlokala fjärrgrupperna saknas." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1161 +msgid "" +"Given the comments above, if this option is set to <quote>true</quote> the " +"tokenGroups request must be disabled by setting <quote>ldap_use_tokengroups</" +"quote> to <quote>false</quote> to get consistent group-memberships of a " +"users. Additionally the Global Catalog lookup should be skipped as well by " +"setting <quote>ad_enable_gc</quote> to <quote>false</quote>. Finally it " +"might be necessary to modify <quote>ldap_group_nesting_level</quote> if the " +"remote Domain Local groups can only be found with a deeper nesting level." +msgstr "" +"Givet ovanstående kommentarer, om detta alternativ är satt till <quote>sant</" +"quote> måste tokenGroups-begäranden avaktiveras genom att sätta " +"<quote>ldap_use_tokengroups</quote> till <quote>falskt</quote> för att få " +"konsistenta gruppmedlemskap för en användare. Dessutom skall uppslagningar i " +"Global Catalog också hoppas över genom att sätta <quote>ad_enable_gc</quote> " +"till <quote>falskt</quote>. Slutligen kan det vara nödvändigt att ändra " +"<quote>ldap_group_nesting_level</quote> om de domänlokala fjärrgurpperna " +"endast finns med en djupare nästningsnivå." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1184 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" +"Valfritt. Detta alternativ säger till SSSD att automatiskt uppdatera DNS-" +"servern i Active Directory med IP-adressen för denna klient. Uppdateringen " +"säkras med GSS-TSIG. Som en konsekvens av det behöver Active Directory-" +"administratören bara tillåta säkra uppdateringar för DNS-zonen. IP-adressen " +"för AD-LDAP-förbindelsen används för uppdateringar, om det inte specificeras " +"på annat sätt med alternativet <quote>dyndns_iface</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1214 +msgid "Default: 3600 (seconds)" +msgstr "Standard: 3600 (sekunder)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1230 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" +"Standard: använd IP-adresser för gränssnittet som används för AD LDAP-" +"förbindelsen" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1243 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true. Note that the " +"lowest possible value is 60 seconds in-case if value is provided less than " +"60, parameter will assume lowest value only." +msgstr "" +"Hur ofta bakänden skall utföra periodiska DNS-uppdateringar utöver den " +"automatiska uppdateringen som utförs när bakänden kopplar upp. Detta " +"alternativ är valfritt och tillämpligt endast när dyndns_update är sann. " +"Observera att det lägsta möjliga värdet är 60 sekunder, ifall ett värde " +"mindre än 60 ges kommer parametern endast anta det lägsta värdet." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1393 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" +"Följande exempel antar att SSSD är korrekt konfigurerat och att example.com " +"är en av domänerna i avsnittet <replaceable>[sssd]</replaceable>. Detta " +"exempel visar endast alternativ som är specifika för leverantören AD." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1400 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" +"[domain/EXEMPEL]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1420 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1416 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Leverantören AD av åtkomstkontroll kontrollerar om kontot har gått ut. Det " +"har samma effekt som följande konfiguration av LDAP-leverantören: " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1426 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" +"Dock, om inte åtkomstleverantören <quote>ad</quote> är konfigurerad explicit " +"är standardåtkomstleverantören <quote>permit</quote>. Observera att om man " +"konfigurerar en annan åtkomstleverantör än <quote>ad</quote> behöver man " +"sätta alla anslutningsparametrarna (såsom LDAP URI:er och " +"krypteringsdetaljer) manuellt." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1434 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included in the default Active Directory schema." +msgstr "" +"När autofs-leverantören är satt till <quote>ad</quote> används " +"översättningen av schemaattribut enligt RFC2307 (nisMap, nisObject, …), för " +"att dessa attribut inkluderas i standardschemat för Active Directory." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "sssd-sudo" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "Konfigurera sudo med SSSD-bakänden" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" +"Denna manualsida beskriver hur man konfigurerar <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"till att fungera med <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> och hur SSSD cachar sudo-regler." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "Konfigurera sudo att samarbeta med SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" +"För att aktivera SSSD som en källa för sudo-regler, lägg till <emphasis>sss</" +"emphasis> till posten <emphasis>sudoers</emphasis> i <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" +"Till exempel, för att konfigurera sudo till att först slå upp regler i " +"standardfilen <citerefentry> <refentrytitle>sudoers</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> (som bör innehålla regler som " +"gäller för lokala användare) och sedan i SSSD, skall filen nsswitch.conf " +"innehålla följande rad:" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "sudoers: files sss\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" +"Mer information om att konfigurera sökordningen för sudoers från filen " +"nsswitch.conf liksom information om LDAP-schemat som används för att spara " +"sudo-regler i katalogen finns i <citerefentry> <refentrytitle>sudoers.ldap</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" +"<emphasis>Observera</emphasis>: för att använda nätgrupper eller IPA-" +"värdgrupper i sudo-regler behöver man även sätta <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> korrekt till sitt NIS-domännamn (som är samma som IPA-" +"domännamnet när värdgrupper används)." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "Konfigurera SSSD till att hämta sudo-regler" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" +"All konfiguration som behövs på SSSD-sidan är att utöka listan över " +"<emphasis>tjänster</emphasis> med ”sudo” i avsnittet [sssd] i <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>. För att snabba upp LDAP-uppslagningarna kan man även sätta " +"sökbasen för sudo-regler med alternativet <emphasis>ldap_sudo_search_base</" +"emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" +"Följande exempel visar hur man konfigurerar SSSD att hämta sudo-regler från " +"en LDAP-server." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXEMPEL\n" +"\n" +"[domain/EXEMPEL]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:98 +msgid "" +"<placeholder type=\"programlisting\" id=\"0\"/> <phrase " +"condition=\"have_systemd\"> It's important to note that on platforms where " +"systemd is supported there's no need to add the \"sudo\" provider to the " +"list of services, as it became optional. However, sssd-sudo.socket must be " +"enabled instead. </phrase>" +msgstr "" +"<placeholder type=\"programlisting\" id=\"0\"/> <phrase " +"condition=\"have_systemd\"> Det är viktigt att observera att på plattformar " +"där systemd stödjs finns det inget behov av att lägga till ”sudo”-" +"leverantören till listan av tjänster, eftersom det blev frivilligt. Dock " +"måste sssd-sudo.socket vara aktiverat istället. </phrase>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:118 +msgid "" +"When SSSD is configured to use IPA as the ID provider, the sudo provider is " +"automatically enabled. The sudo search base is configured to use the IPA " +"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in " +"sssd.conf, this value will be used instead. The compat tree (ou=sudoers," +"$SUFFIX) is no longer required for IPA sudo functionality." +msgstr "" +"När SSSD är konfigurerat till att använda IPA som ID-leverantör aktiveras " +"sudo-leverantören automatiskt. Sudo-sökbasen konfigureras till att använda " +"IPA:s egna LDAP-träd (cn=sudo,$SUFFIX). Om någon annan sökbas är definierad " +"i sssd.conf kommer detta värde användas istället. Kompatibilitetsträdet " +"(ou=sudoers,$SUFFIX) behövs inte längre för IPA-sudo-funktionalitet." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:128 +msgid "The SUDO rule caching mechanism" +msgstr "Cachnings-mekanismen för SUDO-regler" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:130 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" +"Den största utmaningen vid utvecklingen av stöd för sudo i SSSD var att " +"säkerställa att köra sudo med SSSD som datakälla ger samma " +"användarupplevelse och är lika snabbt som sudo men tillhandahåller de " +"senaste reglerna så mycket som möjligt. För att uppfylla dessa krav " +"använder SSSD tre sorters uppdateringar. De refereras till som fullständig " +"uppdatering, smart uppdatering och regeluppdatering." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:138 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" +"Den <emphasis>smarta uppdateringen</emphasis> hämtar periodiskt regler som " +"är nya eller ändrades efter den senaste uppdateringen. Dess primära mål är " +"att se till att databasen växer genom att bara hämta små inkrementella steg " +"som inte genererar stora mängder med nätverkstrafik." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:144 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" +"Den <emphasis>fullständiga uppdateringen</emphasis> raderar helt enkelt alla " +"sudo-regler som är lagrade i cachen och ersätter dem med alla regler som är " +"sparade på servern. Detta används för att hålla cachen konsistent genom att " +"ta bort varje regel som var raderad från servern. Dock kan en fullständig " +"uppdatering skapa mycket trafik och den bör alltså bara köras ibland " +"beroende på storleken och stabiliteten hos sudo-reglerna." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" +"<emphasis>Regeluppdateringen</emphasis> säkerställer att vi inte ger " +"användaren fler rättigheter än definierat. Den triggas varje gång " +"användaren kör sudo. Regeluppdateringen kommer hitta alla regler som är " +"tillämpliga på den användaren, kontrollera deras utgångstidpunkt och hämta " +"om dem om de gått ut. Ifall att någon av dessa regler saknas på servern " +"kommer SSSD göra en fullständig uppdatering vid sidan av för att fler regler " +"(som är tillämpliga på andra användare) kan ha raderats." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:161 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" +"Om aktiverat kommer SSSD endast lagra regler som kan tillämpas på denna " +"maskin. Detta betyder att regler som innehåller ett av följande värden i " +"attributet <emphasis>sudoHost</emphasis>:" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:168 +msgid "keyword ALL" +msgstr "nyckelordet ALL" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:173 +msgid "wildcard" +msgstr "jokertecken (wildcard)" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:178 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "nätgrupp (i formen ”+nätgrupp”)" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:183 +msgid "hostname or fully qualified domain name of this machine" +msgstr "värdnamn eller fullständigt kvalificerat domännamn på denna maskin" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:188 +msgid "one of the IP addresses of this machine" +msgstr "en av IP-adresserna till denna maskin" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:193 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "en av IP-adresserna till nätverket (på formen ”adress/mask”)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:199 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Det finns många konfigurationsalternativ som kan användas för att justera " +"beteendet. Se ”ldap_sudo_*” i <citerefentry> <refentrytitle>sssd-ldap</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> och ”sudo_*” i " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:213 +msgid "Tuning the performance" +msgstr "Trimning av prestandan" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:215 +msgid "" +"SSSD uses different kinds of mechanisms with more or less complex LDAP " +"filters to keep the cached sudo rules up to date. The default configuration " +"is set to values that should satisfy most of our users, but the following " +"paragraphs contain few tips on how to fine- tune the configuration to your " +"requirements." +msgstr "" +"SSSD använder olika mekanismer med mer eller mindre komplexa LDAP-filter för " +"att hålla de cachade sudo-reglerna uppdaterade. Standardkonfigurationen är " +"satt till värden som skall passa de flesta av våra användare, men följande " +"stycken innehåller några tips om hur man kan finjustera konfigurationen för " +"sina behov." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:222 +msgid "" +"1. <emphasis>Index LDAP attributes</emphasis>. Make sure that following LDAP " +"attributes are indexed: objectClass, cn, entryUSN or modifyTimestamp." +msgstr "" +"1. <emphasis>Indexera LDAP-attribut</emphasis>. Se till att följande LDAP-" +"attribut är indexerade: objectClass, cn, entryUSN eller modifyTimestamp." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:227 +msgid "" +"2. <emphasis>Set ldap_sudo_search_base</emphasis>. Set the search base to " +"the container that holds the sudo rules to limit the scope of the lookup." +msgstr "" +"2. <emphasis>Sätt ldap_sudo_search_base</emphasis>. Sätt sökbasen till den " +"behållare som innehåller sudo-reglerna för att begränsa räckvidden för " +"uppslagningen." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:232 +msgid "" +"3. <emphasis>Set full and smart refresh interval</emphasis>. If your sudo " +"rules do not change often and you do not require quick update of cached " +"rules on your clients, you may consider increasing the " +"<emphasis>ldap_sudo_full_refresh_interval</emphasis> and " +"<emphasis>ldap_sudo_smart_refresh_interval</emphasis>. You may also consider " +"disabling the smart refresh by setting " +"<emphasis>ldap_sudo_smart_refresh_interval = 0</emphasis>." +msgstr "" +"3. <emphasis>Sätt fullt och smart uppdateringsintervall</emphasis>. Om ens " +"sudo-regler inte ändras ofta och man inte behöver snabba uppdateringar av " +"cachade regler på sina klienter kan man avsevärt öka " +"<emphasis>ldap_sudo_full_refresh_interval</emphasis> och " +"<emphasis>ldap_sudo_smart_refresh_interval</emphasis>. Man kan också " +"överväga att avaktivera den smarta uppdateringen genom att sätta " +"<emphasis>ldap_sudo_smart_refresh_interval = 0</emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:241 +msgid "" +"4. If you have large number of clients, you may consider increasing the " +"value of <emphasis>ldap_sudo_random_offset</emphasis> to distribute the load " +"on the server better." +msgstr "" +"4. Om man har ett stort antal klienter kan man överväga att öka värdet på " +"<emphasis>ldap_sudo_random_offset</emphasis> för att fördela lasten på " +"servern bättre." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "sssd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "Demonen för systemsäkerhetstjänster" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sssd</command> <arg choice='opt'> <replaceable>flaggor</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" +"<command>SSSD</command> tillhandahåller en uppsättning demoner för att " +"hantera åtkomst till fjärrkataloger och autentiseringsmekanismer. Det " +"tillhandahåller ett NSS- och PAM-gränssnitt mot systemet och ett system med " +"insticksmoduler till bakänden för att ansluta till flera olika kontokällor, " +"såväl som ett D-Bus-gränssnitt. Det är också basen för att tillhandahålla " +"klientgranskning och policytjänster för projekt som FreeIPA. Det " +"tillhandahåller en mer robust databas att spara lokala användare såväl som " +"utökade användardata." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>NIVÅ</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-timestamps=</option><replaceable>läge</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" +"<emphasis>1</emphasis>: Lägg till en tidsstämpel till felsökningsmeddelandena" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" +"<emphasis>0</emphasis>: Avaktivera tidsstämpeln i felsökningsmeddelanden" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-microseconds=</option><replaceable>läge</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" +"<emphasis>1</emphasis>: Lägg till mikrosekunder till tidsstämpeln i " +"felsökningsmeddelanden" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "<emphasis>0</emphasis>: Avaktivera mikrosekunder i tidsstämpeln" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>--logger=</option><replaceable>value</replaceable>" +msgstr "<option>--logger=</option><replaceable>värde</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "Location where SSSD will send log messages." +msgstr "Platsen dit SSSD kommer skicka loggmeddelanden." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:92 +msgid "" +"<emphasis>stderr</emphasis>: Redirect debug messages to standard error " +"output." +msgstr "" +"<emphasis>stderr</emphasis>: Omdirigera felmeddelanden till standard fel-" +"utmatning." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:96 +msgid "" +"<emphasis>files</emphasis>: Redirect debug messages to the log files. By " +"default, the log files are stored in <filename>/var/log/sssd</filename> and " +"there are separate log files for every SSSD service and domain." +msgstr "" +"<emphasis>files</emphasis>: Omdirigera felsökningsmeddelanden till " +"loggfilerna. Som standard lagras loggfilerna i <filename>/var/log/sssd</" +"filename> och det finns separata loggfiler för varje SSSD-tjänst och domän." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:102 +msgid "" +"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald" +msgstr "" +"<emphasis>journald</emphasis>: Omdirigera felsökningsmeddelanden till " +"systemd-journald" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:106 +msgid "" +"Default: not set (fall back to journald if available, otherwise to stderr)" +msgstr "" +"Standard: inte satt (fall tillbaka på journald om den är tillgänglig, annars " +"standard fel)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:113 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "<option>-D</option>,<option>--daemon</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:117 +msgid "Become a daemon after starting up." +msgstr "Bli en demon efter att ha startat upp." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:123 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "<option>-i</option>,<option>--interactive</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:127 +msgid "Run in the foreground, don't become a daemon." +msgstr "Kör i förgrunden, bli inte en demon." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:133 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "<option>-c</option>,<option>--config</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:137 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Ange en annan konfigurationsfil än standard. Standard är <filename>/etc/" +"sssd/sssd.conf</filename>. För referens till konfigurationsfilsyntaxen och -" +"alternativ, konsultera manualsidan <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "<option>-g</option>,<option>--genconf</option>" +msgstr "<option>-g</option>,<option>--genconf</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:154 +msgid "" +"Do not start the SSSD, but refresh the configuration database from the " +"contents of <filename>/etc/sssd/sssd.conf</filename> and exit." +msgstr "" +"Starta inte SSSD, men uppdatera konfigurationsdatabasen från innehållet i " +"<filename>/etc/sssd/sssd.conf</filename> och avsluta sedan." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:162 +msgid "<option>-s</option>,<option>--genconf-section</option>" +msgstr "<option>-s</option>,<option>--genconf-section</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:166 +msgid "" +"Similar to <quote>--genconf</quote>, but only refresh a single section from " +"the configuration file. This option is useful mainly to be called from " +"systemd unit files to allow socket-activated responders to refresh their " +"configuration without requiring the administrator to restart the whole SSSD." +msgstr "" +"Liknande <quote>--genconf</quote>, men uppdatera endast ett enskilt avsnitt " +"av konfigurationsfilen. Detta alternativt är huvudsakligen användbart för " +"att anropas från systemd:s unit-filer för att låta uttagsaktiverade " +"respondenter att uppdatera sina konfigurationer utan att kräva att " +"administratören startar om hela SSSD." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:178 +msgid "<option>--version</option>" +msgstr "<option>--version</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:182 +msgid "Print version number and exit." +msgstr "Skriv ut versionsnumret och avsluta." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:190 +msgid "Signals" +msgstr "Signaler" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:193 +msgid "SIGTERM/SIGINT" +msgstr "SIGTERM/SIGINT" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:196 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" +"Säger till SSSD att snyggt avsluta alla dess barnprocesser och sedan stänga " +"av monitorn." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:202 +msgid "SIGHUP" +msgstr "SIGHUP" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:205 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" +"Säger till SSSD att sluta skriva till dess aktuella felsökningsfilbeskrivare " +"och stänga och öppna om dem. Detta är tänkt att möjliggöra loggrullning med " +"program som logrotate." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:213 +msgid "SIGUSR1" +msgstr "SIGUSR1" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:216 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" +"Säger till SSSD att simulera frånkopplad funktion under tiden hos parametern " +"<quote>offline_timeout</quote>. Detta är användbart för att testa. " +"Signalen kan skickas antingen till sssd-processen eller direkt till någon " +"sssd_be-process." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:225 +msgid "SIGUSR2" +msgstr "SIGUSR2" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:228 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" +"Säger till SSSD att gå till uppkopplat läge omedelbart. Detta är användbart " +"för att testa. Signalen kan skickas antingen till sssd-processen eller " +"direkt till någon sssd_be-process." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:240 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in-memory cache." +msgstr "" +"Om miljövariabeln SSS_NSS_USE_MEMCACHE är satt till ”NO” kommer " +"klientprogram inte använda den snabba cachen i minnet." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:244 +msgid "" +"If the environment variable SSS_LOCKFREE is set to \"NO\", requests from " +"multiple threads of a single application will be serialized." +msgstr "" +"Om miljövariabeln SSS_LOCKFREE är satt till ”NO” kommer begäranden från " +"multipla trådar i ett enskilt program att seriaaliseras." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "sss_obfuscate" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "fördunkla ett klartextlösenord" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>flaggor</" +"replaceable> </arg> <arg choice='plain'><replaceable>[LÖSENORD]</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" +"<command>sss_obfuscate</command> konverterar ett givet lösenord till ett " +"format oläsbart för människor och placerar det i det passande domänavsnittet " +"av SSSD-konfigurationsfilen." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" +"Klartextlösenordet läses från standard in eller skrivs interaktivt. Det " +"fördunklade lösenordet läggs in i parametern <quote>ldap_default_authtok</" +"quote> av en given SSSD-domän och parametern " +"<quote>ldap_default_authtok_type</quote> sätts till " +"<quote>obfuscated_password</quote>. Se <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> för fler " +"detaljer om dessa parametrar." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" +"Observera att fördunklandet av lösenord ger <emphasis>ingen riktigt " +"säkerhetsförbättring</emphasis> eftersom det fortfarande är möjligt för en " +"anfallare att återskapa lösenordet. Det rekommenderas <emphasis>starkt</" +"emphasis> att använda en bättre autentiseringsmekanism såsom " +"klientsidecertifikat eller GSSAPI." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "<option>-s</option>,<option>--stdin</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "Lösenordet att fördunkla kommer läsas från standard in." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMÄN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" +"SSSD-domäner att använda lösenordet i. Standardnamnet är <quote>default</" +"quote>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" +"<option>-f</option>,<option>--file</option> <replaceable>FIL</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "Läs konfigurationsfilen som anges av positionsparametern." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "Standard: <filename>/etc/sssd/sssd.conf</filename>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "sss_override" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "skapa lokala åsidosättanden av användar- och gruppattribut" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" +"<command>sss_override</command> <arg choice='plain'><replaceable>KOMMANDO</" +"replaceable></arg> <arg choice='opt'> <replaceable>flaggor</replaceable> </" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" +"<command>sss_override</command> gör det möjligt att skapa en klientsidevy " +"och tillåter att man ändrar valda värden på specifika användare och " +"grupper. Denna ändring gäller endast på den lokala maskinen." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" +"Data om åsidosättanden lagras i SSSD-cachen. Om cachen raderas förloras " +"alla lokala åsidosättanden. Observera att efter det första åsidosättandet " +"har skapats med något av följande kommandon <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> eller " +"<emphasis>group-import</emphasis> behöver SSSD startas om för att det skall " +"få effekt. <emphasis>sss_override</emphasis> skriver ett meddelande när en " +"omstart behövs." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:48 +msgid "" +"<emphasis>NOTE:</emphasis> The options provided in this man page only work " +"with <quote>ldap</quote> and <quote>AD</quote> <quote> id_provider</quote>. " +"IPA overrides can be managed centrally on the IPA server." +msgstr "" +"<emphasis>OBSERVERA:</emphasis> alternativen som ges i denna manualsida " +"fungerar endast med <quote>id_provider</quote> <quote>ldap</quote> och " +"<quote>AD</quote>. IPA-åsidosättanden kan hanteras centralt på IPA-servern." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:56 sssctl.8.xml:41 +msgid "AVAILABLE COMMANDS" +msgstr "TILLGÄNGLIGA KOMMANDON" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:58 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" +"Argumentet <emphasis>NAMN</emphasis> är namnet på originalobjektet i alla " +"kommandon. Det är inte möjligt att åsidosätta <emphasis>uid</emphasis> " +"eller <emphasis>gid</emphasis> till 0." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:65 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED " +"CERTIFICATE</optional>" +msgstr "" +"<option>user-add</option> <emphasis>NAMN</emphasis> <optional><option>-n,--" +"name</option> NAMN</optional> <optional><option>-u,--uid</option> AID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HEM</optional> <optional><option>-s,--" +"shell</option> SKAL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional> <optional><option>-x,--certificate</option> BASE64-KODAT " +"CERTIFIKAT</optional>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:78 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" +"Åsidosätt attribut på en användare. Var medveten om att anropa detta " +"kommando kommer ersätta eventuella tidigare åsidosättanden för (den " +"NAMNgivna) användaren." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:86 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "<option>user-del</option> <emphasis>NAMN</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:91 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" +"Ta bort användaråsidosättanden. Var dock medveten om att åsidosatta " +"attribut kan returneras från minnescachen. Se SSSD-alternativet " +"<emphasis>memcache_timeout</emphasis> för fler detaljer." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:100 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMÄN</" +"optional>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:105 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" +"Lista alla användare med satta åsidosättanden. Om parametern " +"<emphasis>DOMÄN</emphasis> är satt listas endast användare från den domänen." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:113 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "<option>user-show</option> <emphasis>NAMN</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:118 +msgid "Show user overrides." +msgstr "Visa användaråsidosättanden." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:124 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "<option>user-import</option> <emphasis>FIL</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" +"Importera användaråsidosättanden från <emphasis>FIL</emphasis>. " +"Dataformatet liknar den vanliga passwd-filen. Formatet är:" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:134 +msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate" +msgstr "ursprungligt_namn:namn:aid:gid:gecos:hem:skal:bas64-kodat_certifikat" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:137 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" +"där ursprungligt_namn är användarens originalnamn vars attribut skall " +"åsidosättas. Resten av fälten motsvarar nya värden. Man kan utelämna ett " +"värde helt enkelt genom att lämna motsvarande fält tomt." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:146 +msgid "ckent:superman::::::" +msgstr "kwalker:fantomen::::::" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:149 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:" +msgstr "kwalker@bangalla.com::501:501:Fantomen:/home/bangalla:/bin/bash:" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:155 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "<option>user-export</option> <emphasis>FIL</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:160 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" +"Exportera alla åsidosatta attribut och spara dem i <emphasis>FIL</" +"emphasis>. Se <emphasis>user-import</emphasis> för dataformatet." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:168 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" +"<option>group-add</option> <emphasis>NAMN</emphasis> <optional><option>-n,--" +"name</option> NAMN</optional> <optional><option>-g,--gid</option> GID</" +"optional>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:175 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" +"Åsidosätt attribut på en grupp. Var medveten om att anropa detta kommando " +"kommer ersätta eventuella tidigare åsidosättanden för (den NAMNgivna) " +"gruppen." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:183 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "<option>group-del</option> <emphasis>NAMN</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:188 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" +"Ta bort gruppåsidosättanden. Var dock medveten om att åsidosatta attribut " +"kan returneras från minnescachen. Se SSSD-alternativet " +"<emphasis>memcache_timeout</emphasis> för fler detaljer." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:197 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMÄN</" +"optional>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:202 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" +"Lista alla grupper med satta åsidosättanden. Om parametern <emphasis>DOMÄN</" +"emphasis> är satt listas endast grupper från den domänen." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:210 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "<option>group-show</option> <emphasis>NAMN</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:215 +msgid "Show group overrides." +msgstr "Visa gruppåsidosättanden." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:221 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "<option>grupp-import</option> <emphasis>FIL</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" +"Importera gruppåsidosättanden från <emphasis>FIL</emphasis>. Dataformatet " +"liknar den vanliga group-filen. Formatet är:" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:231 +msgid "original_name:name:gid" +msgstr "ursprungligt_namn:namn:gid" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:234 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" +"där ursprungligt_namn är gruppens originalnamn vars attribut skall " +"åsidosättas. Resten av fälten motsvarar nya värden. Man kan utelämna ett " +"värde helt enkelt genom att lämna motsvarande fält tomt." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:243 +msgid "admins:administrators:" +msgstr "admin:administratorer:" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:246 +msgid "Domain Users:Users:501" +msgstr "Domain Users:Users:501" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:252 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "<option>group-export</option> <emphasis>FIL</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:257 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" +"Exportera alla åsidosatta attribut och spara dem i <emphasis>FIL</" +"emphasis>. Se <emphasis>group-import</emphasis> för dataformatet." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:267 sssctl.8.xml:50 +msgid "COMMON OPTIONS" +msgstr "GEMENSAMMA FLAGGOR" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:269 sssctl.8.xml:52 +msgid "Those options are available with all commands." +msgstr "Dessa flaggor är tillgängliga med alla kommandon." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:274 sssctl.8.xml:57 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "<option>--debug</option> <replaceable>NIVÅ</replaceable>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "sssd-krb5" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "SSSD:s Kerberos-leverantör" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" +"Denna manualsida beskriver konfigurationen av bakänden för Kerberos 5-" +"autentisering för <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. För en detaljerad syntaxreferens, " +"se avsnittet <quote>FILFORMAT</quote> i manualsidan <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" +"Kerberos 5-autentiseringsbakänden innehåller auth- och chpass-leverantörer. " +"Den måste paras ihop med en identitetsleverantör för att fungera korrekt " +"(till exempel, id_provider = ldap). En del information krävs av Kerberos 5-" +"autentiseringsbakänden måste tillhandahållas av identitetsleverantören, " +"såsom användarens Kerberos huvudmannanamn (UPN). Konfigurationen av " +"identitetsleverantören skall ha en post för att ange UPN:en. Se manualsidan " +"för den tillämpliga identitetsleverantören för detaljer om hur man " +"konfigurerar detta." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" +"Denna bakände tillhandahåller även åtkomstkontroll baserad på filen .k5login " +"i användarens hemkatalog Se <citerefentry> <refentrytitle>k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> för mer detaljer. " +"Observera att en tom .k5login-fil kommer neka all åtkomst till denna " +"användare. För att aktivera denna funktion, använd ”access_provider = krb5” " +"i din SSSD-konfiguration." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" +"I situationer där UPN:en inte är tillgänglig i identitetsbakänden kommer " +"<command>sssd</command> konstruera en UPN genom att använda formatet " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" +"Anger en kommaseparerad lista av IP-adresser eller värdnamn till " +"Kerberosservrar till vilka SSSD skall ansluta, i prioritetsordning. För mer " +"information om reserver och serverredundans se avsnittet <quote>RESERVER</" +"quote>. Ett frivilligt portnummer (föregånget av ett kolon) kan läggas till " +"till adresserna eller värdnamnen. Om tomt aktiveras tjänsteupptäckt; för " +"mer information, se avsnittet <quote>TJÄNSTEUPPTÄCKT</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" +"Namnet på Kerberos-riket. Detta alternativ är nödvändigt och måste anges." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "krb5_kpasswd, krb5_backup_kpasswd (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" +"Om tjänsten för att ändra lösenord inte kör på KDC:n kan alternativa servrar " +"definieras här. Ett frivilligt portnummer (föregått av ett kolon) kan " +"läggas till efter adresser eller värdnamn." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" +"För mer information om reserver och serverredundans se avsnittet " +"<quote>RESERVER</quote>. OBSERVERA: även om det inte finns några fler " +"kpasswd-servrar att försöka med byter inte bakänden till att köra " +"frånkopplat om autentisering mot KDC:n fortfarande är möjligt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "Standard: använd KDC:n" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "krb5_ccachedir (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" +"Katalog att lagra kreditiv-cachar i. Alla substitutionssekvenserna i " +"krb5_ccname_template kan användas här också, utom %d och %P. Katalogen " +"skapas som privat och ägd av användaren, med rättigheterna satta till 0700." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "Standard: /tmp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "krb5_ccname_template (sträng)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "%u" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "inloggningsnamn" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "%U" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "inloggnings-AID" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "%p" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "huvudmannanamn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "%r" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "namn på rike" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 include/override_homedir.xml:42 +msgid "%h" +msgstr "%h" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:124 +msgid "home directory" +msgstr "hemkatalog" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "%d" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "värdet på krb5_ccachedir" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:31 +msgid "%P" +msgstr "%P" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "process-ID:t på SSSD-klienten" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:56 +msgid "%%" +msgstr "%%" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:57 +msgid "a literal '%'" +msgstr "ett bokstavligt ”%”" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" +"Platsen för användarens kreditiv-cache. Tre typer av kreditiv-cachar stödjs " +"för närvarande: <quote>FILE</quote>, <quote>DIR</quote> och <quote>KEYRING:" +"persistent</quote>. Cachen kan anges antingen som <replaceable>TYP:" +"ÅTERSTOD</replaceable>, eller som en absolut sökväg, vilket implicerar typen " +"<quote>FILE</quote>. I mallen ersätts följande sekvenser: <placeholder " +"type=\"variablelist\" id=\"0\"/> Om mallen slutar med ”XXXXXX” används " +"mkstemp(3) för att skapa ett unikt filnamn på ett säkert sätt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" +"När KEYRING-typer används är den enda mekanismen som stödjs <quote>KEYRING:" +"persistent:%U</quote>, vilket använder Linuxkärnans nyckelring för att lagra " +"kreditiv på per-AID-bas. Detta är också det rekommenderade valet, eftersom " +"det är den säkraste och mest förutsägbara metoden." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" +"Standardvärdet för namnet på kreditiv-cachen läses från profilen som fil " +"sparad i den systemtäckande konfigurationsfilen krb5.conf i avsnittet " +"[libdefaults]. Alternativnamnet är default_ccache_name. Se krb5.conf(5)s " +"avsnitt PARAMETEREXPANSION för mer information om expansionsformatet som " +"definieras av krb5.conf." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" +"OBSERVERA: var medveten om att ccache-expansionsmallen för libkrb5 från " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> använder andra expansionssekvenser än SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "Standard: (från libkrb5)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_keytab (string)" +msgstr "krb5_keytab (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" +"Platsen där keytab:en som skall användas för validering av kreditiv som tas " +"emot från KDC:er finns." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:253 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "krb5_store_password_if_offline (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:256 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" +"Spara lösenordet för användaren om leverantören är frånkopplad och använd " +"det för att begära en TGT när leverantören blir uppkopplad igen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:261 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" +"OBS: denna funktion är endast tillgänglig på Linux. Lösenord som lagras på " +"detta sätt hålls i klartext i kärnans nyckelring och är potentiellt " +"åtkomliga för root-användaren (med svårighet)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:274 +msgid "krb5_use_fast (string)" +msgstr "krb5_use_fast (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:277 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" +"Aktiverar flexibel autentisering via säker tunnling (flexible authentication " +"secure tunneling, FAST) för Kerberos förautentisering. Följande alternativ " +"stödjs:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:282 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" +"<emphasis>never</emphasis> använd aldrig FAST. Detta är ekvivalent med att " +"inte ställa in detta alternativ alls." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:286 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" +"<emphasis>try</emphasis> försök använda FAST. Om servern inte stödjer FAST, " +"fortsätt då autentiseringen utan den." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:291 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" +"<emphasis>demand</emphasis> kräv användning av FAST. Autentiseringen " +"misslyckas om servern inte begär fast." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:296 +msgid "Default: not set, i.e. FAST is not used." +msgstr "Standard: inte satt, d.v.s. FAST används inte." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:299 +msgid "NOTE: a keytab or support for anonymous PKINIT is required to use FAST." +msgstr "" +"OBSERVERA: en keytab eller stöd för anonym PKINIT krävs för att använda FAST." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:303 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" +"OBSERVERA: SSSD stödjer endast FAST med MIT Kerberos version 1.8 och " +"senare. Om SSSD används med en äldre version av MIT Kerberos är det ett " +"konfigurationsfel att använda detta alternativ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:312 +msgid "krb5_fast_principal (string)" +msgstr "krb5_fast_principal (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:315 +msgid "Specifies the server principal to use for FAST." +msgstr "Anger serverhuvudmannen att använda för FAST." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:321 +msgid "krb5_fast_use_anonymous_pkinit (boolean)" +msgstr "krb5_fast_use_anonymous_pkinit (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:324 +msgid "" +"If set to true try to use anonymous PKINIT instead of a keytab to get the " +"required credential for FAST. The krb5_fast_principal options is ignored in " +"this case." +msgstr "" +"Om satt till sant, försök använda anonym PKINIT istället för en keytab för " +"att få de begärda kreditiven för FAST. Alternativet krb5_fast_prinicpal " +"ignoreras i detta fall." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:364 +msgid "krb5_kdcinfo_lookahead (string)" +msgstr "krb5_kdcinfo_lookahead (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:367 +msgid "" +"When krb5_use_kdcinfo is set to true, you can limit the amount of servers " +"handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. This might be " +"helpful when there are too many servers discovered using SRV record." +msgstr "" +"När krb5_use_kdcinfo är satt till true kan man begränsa mängden servrar som " +"skickas till <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. Detta kan vara " +"användbart när det finns för många servrar som upptäcks med hjälp av SRV-" +"poster." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:377 +msgid "" +"The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. " +"The first number represents number of primary servers used and the second " +"number specifies the number of backup servers." +msgstr "" +"Alternativet krb5_kdcinfo_lookahead innehåller två tal separerade av ett " +"kolon. Det första talet representerar antalet primärservrar som används och " +"det andra talet anger antalet reservservrar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:383 +msgid "" +"For example <emphasis>10:0</emphasis> means that up to 10 primary servers " +"will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " +"servers." +msgstr "" +"Till exempel betyder <emphasis>10:0</emphasis> att upp till 10 primärservrar " +"kommer lämnas till <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> men inga " +"reservservrar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:392 +msgid "Default: 3:1" +msgstr "Standard: 3:1" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:398 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "krb5_use_enterprise_principal (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:401 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" +"Anger om användarens huvudman skall behandlas som företagshuvudman. Se " +"avsnitt 5 i RFC 6806 för mer detaljer om företagshuvudmän." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:407 +msgid "Default: false (AD provider: true)" +msgstr "Standard: false (AD-leverantör: true)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:410 +msgid "" +"The IPA provider will set to option to 'true' if it detects that the server " +"is capable of handling enterprise principals and the option is not set " +"explicitly in the config file." +msgstr "" +"IPA-leverantören kommer sätta detta alternativ till ”true” om den upptäcker " +"att servern klarar av att hantera företagshuvudmän och alternativet inte är " +"uttryckligen satt i konfigurationsfilen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:419 +msgid "krb5_use_subdomain_realm (boolean)" +msgstr "krb5_use_subdomain_realm (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:422 +msgid "" +"Specifies to use subdomains realms for the authentication of users from " +"trusted domains. This option can be set to 'true' if enterprise principals " +"are used with upnSuffixes which are not known on the parent domain KDCs. If " +"the option is set to 'true' SSSD will try to send the request directly to a " +"KDC of the trusted domain the user is coming from." +msgstr "" +"Anger att använda underdomänriken för autentiseringen av användare från " +"betrodda domäner. Detta alternativ kan sättas till ”sant” om " +"företagshuvudmän används med upnSuffixes vilka inte är kända av " +"föräldradomänens KDC:er. Om alternativet sätts till ”sant” kommer SSSD " +"försöka skicka begäran direkt till en KDC för den betrodda domänen " +"användaren kommer ifrån." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:438 +msgid "krb5_map_user (string)" +msgstr "krb5_map_user (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" +"Listan av mappningar anges som en kommaseparerad lista av par " +"<quote>användarnamn:primär</quote> där <quote>användarnamn</quote> är ett " +"UNIX-användarnamn och <quote>primär</quote> är en användardel av en " +"kerberoshuvudman. Denna mappning används när användaren autentiserar med " +"<quote>auth_provider = krb5</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:453 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" +"krb5_realm = RIKE\n" +"krb5_map_user = maria:manvnd,hasse:hans\n" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:458 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" +"<quote>maria</quote> och <quote>hasse</quote> är UNIX-användarnamn och " +"<quote>manvnd</quote> och <quote>hans</quote> är primärer i " +"kerberoshuvudmän. För användaren <quote>maria</quote> resp. <quote>hasse</" +"quote> kommer SSSD försöka att göra kinit som <quote>manvnd@RIKE</quote> " +"resp. <quote>hans@RIKE</quote>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Om autentiseringsmodulen krb5 används i en SSSD-domän måste följande " +"alternativ användas. Se manualsidan <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, avsnittet " +"<quote>DOMÄNSEKTIONER</quote> för detaljer om konfigurationen av en SSSD-" +"domän. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:485 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" +"Följande exempel antar att SSSD är korrekt konfigurerad och att APA är en av " +"domänerna i avsnittet <replaceable>[sssd]</replaceable>. Detta exempel " +"visar endast konfigurationen av Kerberosautentisering; det inkluderar inte " +"någon identitetsleverantör." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:493 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" +"[domain/APA]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "sss_cache" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "utför cacherensning" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>flaggor</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online. Options that invalidate a single object only accept a " +"single provided argument." +msgstr "" +"<command>sss_cache</command> invaliderar poster i SSSD-cachen. Invaliderade " +"poster måste hämtas om från servern så fort den tillhörande SSSD-bakänden är " +"ansluten. Flaggor som invaliderar ett enstaka objekt tar bara ett ensamt " +"argument." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:43 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "<option>-E</option>,<option>--everything</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:47 +msgid "Invalidate all cached entries." +msgstr "Invalidera alla cachade poster." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:53 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" +"<option>-u</option>,<option>--user</option> <replaceable>inloggning</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:58 +msgid "Invalidate specific user." +msgstr "Invalidera en viss användare." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:64 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "<option>-U</option>,<option>--users</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:68 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" +"Invalidera alla användarposter. Detta alternativ åsidosätter invalidering " +"av en viss användare om det också angavs." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:75 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" +"<option>-g</option>,<option>--group</option> <replaceable>grupp</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:80 +msgid "Invalidate specific group." +msgstr "Invalidera en viss grupp." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:86 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "<option>-G</option>,<option>--groups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:90 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" +"Invalidera alla grupposter. Detta alternativ åsidosätter invalidering av en " +"viss grupp om det också angavs." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:97 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>nätgrupp</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:102 +msgid "Invalidate specific netgroup." +msgstr "Invalidera en viss nätgrupp." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:108 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "<option>-N</option>,<option>--netgroups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:112 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" +"Invalidera alla nätgruppsposter. Detta alternativ åsidosätter invalidering " +"av en viss nätgrupp om det också angavs." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:119 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" +"<option>-s</option>,<option>--service</option> <replaceable>tjänst</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:124 +msgid "Invalidate specific service." +msgstr "Invalidera en viss tjänst." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:130 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "<option>-S</option>,<option>--services</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:134 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" +"Invalidera alla tjänsteposter. Detta alternativ åsidosätter invalidering av " +"en viss tjänst om det också angavs." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:141 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-" +"översättning</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:146 +msgid "Invalidate specific autofs maps." +msgstr "Invalidera specifika autofs-översättningar." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:152 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "<option>-A</option>,<option>--autofs-maps</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:156 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" +"Invalidera alla autofs-översättningar. Detta alternativ åsidosätter " +"invalidering av en viss översättning om det också angavs." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:163 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>värdnamn</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:168 +msgid "Invalidate SSH public keys of a specific host." +msgstr "Invalidera publika SSH-nycklar för en viss värd." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:174 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "<option>-H</option>,<option>--ssh-hosts</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:178 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" +"Invalidera publika SSH-nycklar för alla värdar. Detta alternativ " +"åsidosätter invalidering av SSH-nycklar för en viss värd om det också angavs." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:186 +msgid "" +"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</" +"replaceable>" +msgstr "" +"<option>-r</option>,<option>--sudo-rule</option> <replaceable>regel</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:191 +msgid "Invalidate particular sudo rule." +msgstr "Invalidera en viss sudo-regel." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:197 +msgid "<option>-R</option>,<option>--sudo-rules</option>" +msgstr "<option>-R</option>,<option>--sudo-rules</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:201 +msgid "" +"Invalidate all cached sudo rules. This option overrides invalidation of " +"specific sudo rule if it was also set." +msgstr "" +"Invalidera alla cachade sudo-regler. Detta alternativ åsidosätter " +"invalidering av en viss sudo-regel om det också angavs." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:209 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>domän</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:214 +msgid "Restrict invalidation process only to a particular domain." +msgstr "Begränsa invalideringsprocessen till endast en viss domän." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_cache.8.xml:224 +msgid "EFFECTS ON THE FAST MEMORY CACHE" +msgstr "EFFEKTER PÅ DEN SNABBA MINNESCACHEN" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:226 +msgid "" +"<command>sss_cache</command> also invalidates the memory cache. Since the " +"memory cache is a file which is mapped into the memory of each process which " +"called SSSD to resolve users or groups the file cannot be truncated. A " +"special flag is set in the header of the file to indicate that the content " +"is invalid and then the file is unlinked by SSSD's NSS responder and a new " +"cache file is created. Whenever a process is now doing a new lookup for a " +"user or a group it will see the flag, close the old memory cache file and " +"map the new one into its memory. When all processes which had opened the old " +"memory cache file have closed it while looking up a user or a group the " +"kernel can release the occupied disk space and the old memory cache file is " +"finally removed completely." +msgstr "" +"<command>sss_cache</command> invaliderar även minnescachen. Eftersom " +"minnescachen är en fil som avbildas in i minnet för varje process som " +"anropar SSSD för att slå upp användare eller grupper kan filen inte huggas " +"av. En speciell flagga sätts i huvudet på filen för att indikera att " +"innehållet är ogiltigt och sedan tas länken bort av SSSD:s NSS-respondent " +"och en ny cache-fil skapas. När än en process nu gör en ny uppslagning av en " +"användare eller en grupp kommer den att se flaggan, stänga den gamla " +"minnescachfilen och avbilda in den ny in i sitt minne. När alla processer " +"som har öppnat den gamla minnescachefilen har stängt den under uppslagning " +"av en användare eller grupp kan kärnan släppa det använda diskutrymmet och " +"den gamla minnescachefilen är slutligen helt borttagen." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:240 +msgid "" +"A special case is long running processes which are doing user or group " +"lookups only at startup, e.g. to determine the name of the user the process " +"is running as. For those lookups the memory cache file is mapped into the " +"memory of the process. But since there will be no further lookups this " +"process would never detect if the memory cache file was invalidated and " +"hence it will be kept in memory and will occupy disk space until the process " +"stops. As a result calling <command>sss_cache</command> might increase the " +"disk usage because old memory cache files cannot be removed from the disk " +"because they are still mapped by long running processes." +msgstr "" +"Ett särskilt fall är långlivade processer som gör användar- eller " +"gruppuppslagningar endast vid uppstart, t.ex. för att avgöra namnet på " +"användaren processen kör som. För dessa uppslagningar är minnescachfilen " +"avbildad in i processens minne. Men eftersom det inte kommer vara några " +"ytterligare uppslagningar skulle dessa processer aldrig upptäcka om " +"minnescachefilen invalideras och därmed kommer den hållas kvar i minnet och " +"kommer den att använda diskutrymme tills processen slutar. Som ett resultat " +"kan att anropa <command>sss_cache</command> öka diskanvändningen eftersom " +"gamla minnescachefiler inte kan tas bort från disken eftersom de fortfarande " +"är avbildade av långlivade processer." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:252 +msgid "" +"A possible work-around for long running processes which are looking up users " +"and groups only at startup or very rarely is to run them with the " +"environment variable SSS_NSS_USE_MEMCACHE set to \"NO\" so that they won't " +"use the memory cache at all and not map the memory cache file into the " +"memory. In general a better solution is to tune the cache timeout parameters " +"so that they meet the local expectations and calling <command>sss_cache</" +"command> is not needed." +msgstr "" +"Ett möjligt sätt att gå runt problemet för långlivade processer som slår upp " +"användare och grupper endast vid uppstart eller väldigt sällan är att köra " +"dem med miljövariabeln SSS_NSS_USE_MEMCACHE satt till ”NO” så att de inte " +"kommer använda minnescachen alls och inte avbilda minnescachefilen in i " +"minnet. I allmänhet är en bättre lösning att trimma parametrarna för cachens " +"tidsgräns så att de stämmer med lokala förväntningar och det inte är " +"nödvändigt att anropa <command>sss_cache</command>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "sss_debuglevel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "[DEPRECATED] change debug level while SSSD is running" +msgstr "[FÖRÅLDRAD] ändra felsökningsnivå medan SSSD kör" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>flaggor</" +"replaceable> </arg> <arg choice='plain'><replaceable>NY_FELSÖKNINGSNIVÅ</" +"replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl " +"debug-level command. Please refer to the <command>sssctl</command> man page " +"for more information on sssctl usage." +msgstr "" +"<command>sss_debuglevel</command> är föråldrat och ersatt av kommandot " +"sssctl debug-level. Se manualsidan <command>sssctl</command> för mer " +"information om användning av sssctl." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "sss_seed" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "initiera SSSD-cachen med en användare" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>flaggor</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMÄN</replaceable></" +"arg> <arg choice='plain'>-n <replaceable>ANVÄNDARE</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" +"<command>sss_seed</command> initierar SSSD-cachen med en användarpost och " +"tillfälligt lösenord. Om en användarpost redan finns i SSSD-cachen " +"uppdateras den posten med det tillfälliga lösenordet." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMÄN</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" +"Ange namnet på domänen i vilken användaren är en medlem. Domänen används " +"också för att hämta användarinformation. Domänen måste vara konfigurerad i " +"sssd.conf. Alternativet <replaceable>DOMÄN</replaceable> måste anges. " +"Information som hämtas från domänen åsidosätter vad som anges i flaggorna." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--username</option> <replaceable>ANVÄNDARE</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" +"Användarnamnet på posten som skall skapas eller ändras i cachen. Flaggan " +"<replaceable>ANVÄNDARE</replaceable> måste anges." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" +"<option>-u</option>,<option>--uid</option> <replaceable>AID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "Sätt användarens UID till <replaceable>UID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "Sätt användarens GID till <replaceable>GID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" +"<option>-c</option>,<option>--gecos</option> <replaceable>KOMMENTAR</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" +"Godtycklig textsträng som beskriver användaren. Ofta använt som ett fält " +"för användarens fullständiga namn." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" +"<option>-h</option>,<option>--home</option> <replaceable>HEMKATALOG</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "Sätt användarens hemkatalog till <replaceable>HEMKAT</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" +"<option>-s</option>,<option>--shell</option> <replaceable>SKAL</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "Sätt användarens inloggningsskal till <replaceable>SKAL</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" +"Interaktivt läge för att ange användarinformation. Detta alternativ kommer " +"bara att fråga efter information som inte angavs med flaggor eller hämtades " +"från domänen." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" +"<option>-p</option>,<option>--password-file</option> <replaceable>LÖSENFIL</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" +"Ange filen att läsa användarnas lösenord ifrån. (om inte angivet " +"efterfrågas lösenord)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" +"Längden på lösenordet (eller storleken på filen som anges med flaggan -p " +"eller --password-file) måste vara mindre eller lika med PASS_MAX byte (64 " +"byte på system utan något globalt definierat PASS_MAX-värde)." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "sssd-ifp" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "SSSD InfoPipe-respondent" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Denna manualsida beskriver konfigurationen av InfoPipe-respondenten till " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. För en detaljerad referens om syntaxen, se avsnittet " +"<quote>FILFORMAT</quote> i manualsidan <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" +"InfoPipe-respondenten tillhandahåller ett publikt D-Bus-gränssnitt åtkomligt " +"över systembussen. Gränssnittet låter användaren att fråga efter " +"information om fjärranvändare och -grupper över systembussen." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ifp.5.xml:43 +msgid "FIND BY VALID CERTIFICATE" +msgstr "HITTA MED GILTIGT CERTIFIKAT" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:45 +msgid "" +"The following options can be used to control how the certificates are " +"validated when using the FindByValidCertificate() API:" +msgstr "" +"Följande alternativ kan användas för att styra hur certifikat valideras när " +"API:et FindByValidCertificate() används:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:48 sss_ssh_authorizedkeys.1.xml:92 +msgid "ca_db" +msgstr "ca_db" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:49 sss_ssh_authorizedkeys.1.xml:93 +msgid "p11_child_timeout" +msgstr "p11_child_timeout" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:50 sss_ssh_authorizedkeys.1.xml:94 +msgid "certificate_verification" +msgstr "certificate_verification" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:52 +msgid "" +"For more details about the options see <citerefentry><refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." +msgstr "" +"För fler detaljer om alternativet, se <citerefentry><refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:62 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" +"Dessa alternativ kan användas för att konfigurera InfoPipe-respondenten." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:69 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" +"Anger den kommaseparerade listan av AID-värden eller användarnamn som " +"tillåts använda InfoPipe-respondenten. Användarnamn slås upp till AID:er " +"vid uppstart." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:75 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" +"Standard: 0 (endast root-användaren tillåts komma åt InfoPipe-respondenten)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:79 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" +"Observera att även om AID 0 används som standard kommer det att skrivas över " +"av detta alternativ. Om du fortfarande vill tillåta root-användaren att " +"komma åt InfoPipe-respondenten, vilket man typiskt vill, måste du lägga till " +"även 0 i listan av tillåtna AID:er." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:93 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" +"Anger den kommaseparerade listan över vit- eller svartlistade attribut." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "name" +msgstr "name" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:108 +msgid "user's login name" +msgstr "användarens inloggningsnamn" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "uidNumber" +msgstr "uidNumber" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user ID" +msgstr "användar-ID" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:115 +msgid "gidNumber" +msgstr "gidNumber" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:116 +msgid "primary group ID" +msgstr "primär grupps ID" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:119 +msgid "gecos" +msgstr "gecos" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:120 +msgid "user information, typically full name" +msgstr "användarinformation, normalt fullständigt namn" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:123 +msgid "homeDirectory" +msgstr "homeDirectory" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:127 +msgid "loginShell" +msgstr "loginShell" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:128 +msgid "user shell" +msgstr "användarens skal" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:97 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"Som standard tillåter bara InfoPipe-respondenten att standarduppsättningen " +"av POSIX-attribut begärs. Denna uppsättning är densamma som returneras av " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> och inkluderar: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:141 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:133 +msgid "" +"It is possible to add another attribute to this set by using " +"<quote>+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Det är möjligt att lägga till ett annat attribut till denna uppsättning " +"genom att använda <quote>+attrnamn</quote> eller uttryckligen ta bort ett " +"attribut genom att använda <quote>-attrnamn</quote>. Till exempel, för att " +"tillåta <quote>telephoneNumber</quote> men neka <quote>loginShell</quote> " +"skulle man använda följande konfiguration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:145 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" +"Standard: inte satt. Endast standarduppsättningen av POSIX-attribut är " +"tillåtna." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:155 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" +"Anger en övre gräns på antalet poster som hämtas under en uppslagning med " +"jokertecken som åsidosätter gränsen anroparen tillhandahåller." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:160 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "Standard: 0 (låt anroparen sätta en övre gräns)" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Utvecklare (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Utvecklare (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "sss_rpcidmapd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "sss insticksmoduls konfigurationsdirektiv för rpc.idmapd" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "KONFIGURATIONSFIL" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" +"rpc.idmapd konfigurationsfil finns vanligen som <emphasis>/etc/idmapd.conf</" +"emphasis>. Se <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> för mer information." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "SSS-KONFIGURATIONSUTVIDGNING" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "Aktivera SSS-insticksmodul" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" +"I avsnittet <quote>[Translation]</quote>, ändra/sätt attributet " +"<quote>Method</quote> till att innehålla <emphasis>sss</emphasis>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "[sss] konfigurationsavsnitt" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" +"För att ändra standardvärdet på ett av konfigurationsattributen för " +"insticksmodulen <emphasis>sss</emphasis> som räknas upp nedan behöver man " +"skapa ett konfigurationsavsnitt för den, med namnet <quote>[sss]</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "Konfigurationsattribut" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "memcache (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" +"Indikerar huruvida optimeringstekniken memcache skall användas eller inte." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "SSSD-INTEGRATION" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" +"Insticksmodulen sss kräver att <emphasis>NSS-respondenten</emphasis> är " +"aktiverad i sssd." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" +"Attributet <quote>use_fully_qualified_names</quote> måste aktiveras i alla " +"domäner (NFSv4-klienter förväntar sig att ett fullständigt kvalificerat namn " +"skickas över tråden)." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" +"[General]\n" +"Verbosity = 2\n" +"# domänen måste synkroniseras mellan NFSv4-servern och -klienter\n" +"# Solaris/Illumos/AIX använder \"localdomain\" som standard!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Följande exempel visar en minimal idmapd.conf som använder insticksmodulen " +"sss. <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:316 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "SE ÄVEN" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "sss_ssh_authorizedkeys" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "1" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "hämta auktoriserade OpenSSH-nycklar" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>flaggor</replaceable> </arg> <arg " +"choice='plain'><replaceable>ANVÄNDARE</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" +"<command>sss_ssh_authorizedkeys</command> hämtar publika SSH-nycklar för " +"användaren <replaceable>ANVÄNDARE</replaceable> och skriver ut dem i " +"formatet för OpenSSH authorized_keys (se avsnittet <quote>AUTHORIZED_KEYS-" +"FILFORMAT</quote> i <citerefentry><refentrytitle>sshd</refentrytitle> " +"<manvolnum>8</manvolnum></citerefentry> för mer information)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the " +"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> man page for more details about this option." +msgstr "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> kan konfigureras till att använda " +"<command>sss_ssh_authorizedkeys</command> för autentisering med användares " +"publika nyckel om den är kompilerad med stöd för alternativet " +"<quote>AuthorizedKeysCommand</quote>. Se manualsidan <citerefentry> " +"<refentrytitle>sshd_config</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> för mer detaljer om detta alternativ." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:59 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:52 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Om <quote>AuthorizedKeysCommand</quote> stödjs kan " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> konfigureras för att använda den genom att lägga in följande " +"direktiv <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_ssh_authorizedkeys.1.xml:65 +msgid "KEYS FROM CERTIFICATES" +msgstr "NYCKLAR FRÅN CERTIFIKAT" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:67 +msgid "" +"In addition to the public SSH keys for user <replaceable>USER</replaceable> " +"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived " +"from the public key of a X.509 certificate as well." +msgstr "" +"Utöver de publika SSH-nycklarna för användaren <replaceable>ANVÄNDARE</" +"replaceable> kan <command>sss_ssh_authorizedkeys</command> även returnera " +"publika SSH-nycklar härledda från den publika nyckeln i ett X.509-certifikat." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:73 +msgid "" +"To enable this the <quote>ssh_use_certificate_keys</quote> option must be " +"set to true (default) in the [ssh] section of <filename>sssd.conf</" +"filename>. If the user entry contains certificates (see " +"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or " +"there is a certificate in an override entry for the user (see " +"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the " +"certificate is valid SSSD will extract the public key from the certificate " +"and convert it into the format expected by sshd." +msgstr "" +"För att aktivera detta måste alternativet <quote>ssh_use_certificate_keys</" +"quote> sättas till true (standard) i avsnittet [ssh] av <filename>sssd.conf</" +"filename>. Om användarposten innehåller certifikat (se " +"<quote>ldap_user_certificate</quote> i <citerefentry><refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> för detaljer) " +"eller det finns ett certifikat i en åsidosättande post för användaren (se " +"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> eller <citerefentry><refentrytitle>sssd-ipa</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> för detaljer) och " +"certifikatet är giltigt kommer SSSD extrahera den publika nyckeln från " +"certifikatet och konvertera den till formatet som sshd förväntar sig." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:90 +msgid "Besides <quote>ssh_use_certificate_keys</quote> the options" +msgstr "Vid sidan av <quote>ssh_use_certificate_keys</quote> kan alternativen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:96 +msgid "" +"can be used to control how the certificates are validated (see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details)." +msgstr "" +"användas för att styra hur certifikaten valideras (se " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> för detaljer)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:101 +msgid "" +"The validation is the benefit of using X.509 certificates instead of SSH " +"keys directly because e.g. it gives a better control of the lifetime of the " +"keys. When the ssh client is configured to use the private keys from a " +"Smartcard with the help of a PKCS#11 shared library (see " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> for details) it might be irritating that authentication is " +"still working even if the related X.509 certificate on the Smartcard is " +"already expired because neither <command>ssh</command> nor <command>sshd</" +"command> will look at the certificate at all." +msgstr "" +"Valideringen är fördelen med att använda X.509-certifikat istället för att " +"använda SSH-nycklar direkt för att det t.ex. ger en bättre kontroll över " +"livslängden hos nycklarna. När ssh-klienten är konfigurerad att använda de " +"privata nycklarna från ett smartkort med hjälp av det delade PKCS#11-" +"biblioteket (se <citerefentry><refentrytitle>ssh</refentrytitle> " +"<manvolnum>1</manvolnum></citerefentry> för detaljer) kan det vara " +"irriterande att autentiseringen fortfarande fungerar även om det tillhörande " +"X.509-certifikatet på smartkortet redan har gått ut eftersom varken " +"<command>ssh</command> eller <command>sshd</command> kommer titta på " +"certifikatet över huvud taget." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:114 +msgid "" +"It has to be noted that the derived public SSH key can still be added to the " +"<filename>authorized_keys</filename> file of the user to bypass the " +"certificate validation if the <command>sshd</command> configuration permits " +"this." +msgstr "" +"Det måste påpekas att den härledda publika SSH-nyckeln fortfarande kan " +"läggas till i användarens fil <filename>authorized_keys</filename> för att " +"gå runt certifikatvalideringen om konfigurationen av <command>sshd</command> " +"tillåter detta." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:132 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"Sök efter användares publika nycklar i SSSD-domänen <replaceable>DOMÄN</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:102 +msgid "EXIT STATUS" +msgstr "SLUTSTATUS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:104 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "Om det lyckas returneras 0 som slutstatus. Annars returneras 1." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "sss_ssh_knownhostsproxy" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "hämta OpenSSH-värdnycklar" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>flaggor</replaceable> </arg> <arg " +"choice='plain'><replaceable>VÄRD</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY-KOMMANDO</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and establishes the connection to the host." +msgstr "" +"<command>sss_ssh_knownhostsproxy</command> hämtar publika SSH-värdnycklar " +"för värden <replaceable>VÄRD</replaceable>, lagrar dem i en anpassad OpenSSH-" +"known_hosts-fil (se avsnittet <quote>SSH_KNOWN_HOSTS-FILFORMAT</quote> i " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> för mer information) <filename>/var/lib/sss/pubconf/" +"known_hosts</filename> och upprättar anslutningen till värden." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" +"Om <replaceable>PROXY-KOMMANDO</replaceable> anges används det för att skapa " +"anslutningen till värden istället för att öppna ett uttag." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> kan konfigureras till att använda " +"<command>sss_ssh_knownhostsproxy</command> för värdnyckelautentisering genom " +"att använda följande direktiv i konfigurationen av " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" +"Använd porten <replaceable>PORT</replaceable> för att ansluta till värden. " +"Som standard används port 22." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"Sök efter värdars publika nycklar i SSSD-domänen <replaceable>DOMÄN</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:89 +msgid "<option>-k</option>,<option>--pubkey</option>" +msgstr "<option>-k</option>,<option>--pubkey</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:93 +msgid "" +"Print the host ssh public keys for host <replaceable>HOST</replaceable>." +msgstr "" +"Skriv ut värdens publika ssh-nycklar för värden <replaceable>VÄRD</" +"replaceable>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: idmap_sss.8.xml:10 idmap_sss.8.xml:15 +msgid "idmap_sss" +msgstr "idmap_sss" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: idmap_sss.8.xml:16 +msgid "SSSD's idmap_sss Backend for Winbind" +msgstr "SSSD:s idmap_sss-bakände för Winbind" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:22 +msgid "" +"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. " +"No database is required in this case as the mapping is done by SSSD." +msgstr "" +"Modulen idmap_sss tillhandahåller ett sätt att anropa SSSD för att översätta " +"AID:er/GID:er och SID:er. Ingen databas behövs i detta fall eftersom " +"översättningen görs av SSSD." + +#. type: Content of: <reference><refentry><refsect1><title> +#: idmap_sss.8.xml:29 +msgid "IDMAP OPTIONS" +msgstr "IDMAP-ALTERNATIV" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: idmap_sss.8.xml:33 +msgid "range = low - high" +msgstr "range = låg - hög" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: idmap_sss.8.xml:35 +msgid "" +"Defines the available matching UID and GID range for which the backend is " +"authoritative." +msgstr "" +"Definierar de tillgängliga matchnings-UID- och GID-intervallen som bakänden " +"är auktoritativ för." + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:45 +msgid "" +"This example shows how to configure idmap_sss as the default mapping module." +msgstr "" +"Detta exempel visar hur man konfigurerar idmap_sss som " +"standardöversättningsmodulen." + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: idmap_sss.8.xml:50 +#, no-wrap +msgid "" +"[global]\n" +"security = ads\n" +"workgroup = <AD-DOMAIN-SHORTNAME>\n" +"\n" +"idmap config <AD-DOMAIN-SHORTNAME> : backend = sss\n" +"idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647\n" +"\n" +"idmap config * : backend = tdb\n" +"idmap config * : range = 100000-199999\n" +" " +msgstr "" +"[global]\n" +"security = ads\n" +"workgroup = <AD-DOMÄNKORTNAMN>\n" +"\n" +"idmap config <AD-DOMÄNKORTNAMN> : backend = sss\n" +"idmap config <AD-DOMÄNKORTNAMN> : range = 200000-2147483647\n" +"\n" +"idmap config * : backend = tdb\n" +"idmap config * : range = 100000-199999\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:62 +msgid "" +"Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of " +"the AD domain. If multiple AD domains should be used each domain needs an " +"<literal>idmap config</literal> line with <literal>backend = sss</literal> " +"and a line with a suitable <literal>range</literal>." +msgstr "" +"Ersätt <AD-DOMÄNKORTNAMN> med NetBIOS-domännamnet för AD-domänen. Om " +"flera AD-domäner skall användas behöver varje domän en <literal>idmap " +"config</literal>-rad med <literal>backend = sss</literal> och en rad med ett " +"lämpligt <literal>range</literal>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:69 +msgid "" +"Since Winbind requires a writeable default backend and idmap_sss is read-" +"only the example includes <literal>backend = tdb</literal> as default." +msgstr "" +"Eftersom Winbind kräver en skrivbar standardbakände och idmap_sss endast är " +"läsbar inkluderar exemplet <literal>backend = tdb</literal> som standard." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssctl.8.xml:10 sssctl.8.xml:15 +msgid "sssctl" +msgstr "sssctl" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssctl.8.xml:16 +msgid "SSSD control and status utility" +msgstr "SSSD kontroll- och statusverktyg" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssctl.8.xml:21 +msgid "" +"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" +"<command>sssctl</command> <arg choice='plain'><replaceable>KOMMANDO</" +"replaceable></arg> <arg choice='opt'> <replaceable>flaggor</replaceable> </" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:32 +msgid "" +"<command>sssctl</command> provides a simple and unified way to obtain " +"information about SSSD status, such as active server, auto-discovered " +"servers, domains and cached objects. In addition, it can manage SSSD data " +"files for troubleshooting in such a way that is safe to manipulate while " +"SSSD is running." +msgstr "" +"<command>sssctl</command> tillhandahåller ett enkelt och enhetligt sätt att " +"få information om SSSD:s status, såsom aktiv server, automatupptäckta " +"servrar, domäner och cachade objekt. Dessutom kan det hantera SSSD:s " +"datafiler för felsökning på ett sådant sätt att det är säkert att hantera " +"medan SSSD kör." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:43 +msgid "" +"To list all available commands run <command>sssctl</command> without any " +"parameters. To print help for selected command run <command>sssctl COMMAND --" +"help</command>." +msgstr "" +"För att lista alla tillgängliga kommandon, kör <command>sssctl</command> " +"utan några parametrar. För att skriva ut hjälp om ett valt kommando, kör " +"<command>sssctl KOMMANDO --help</command>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-files.5.xml:10 sssd-files.5.xml:16 +msgid "sssd-files" +msgstr "sssd-files" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-files.5.xml:17 +msgid "SSSD files provider" +msgstr "SSSD:s filleverantör" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:23 +msgid "" +"This manual page describes the files provider for <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Denna manualsida beskriver filleverantören till <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>. För en detaljerad referens om syntaxen, se avsnittet " +"<quote>FILFORMAT</quote> i manualsidan <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:36 +msgid "" +"The files provider mirrors the content of the <citerefentry> " +"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files " +"provider is to make the users and groups traditionally only accessible with " +"NSS interfaces also available through the SSSD interfaces such as " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" +"Filleverantören speglar innehållet i filerna <citerefentry> " +"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> och <citerefentry> <refentrytitle>group</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. Syftet med filleverantören är att " +"göra användarna och grupperna som traditionellt bara är tillgängliga via NSS-" +"gränssnitt även tillgängliga via SSSD-gränssnitten såsom <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:55 +msgid "" +"Another reason is to provide efficient caching of local users and groups." +msgstr "" +"Ett annat skäl är att tillhandahålla effektiv cachning av lokala användare " +"och grupper." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:58 +#, fuzzy +#| msgid "" +#| "Please note that some distributions enable the files domain " +#| "automatically, prepending the domain before any explicitly configured " +#| "domains. See enable_files_domain in <citerefentry> <refentrytitle>sssd." +#| "conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgid "" +"Please note that besides explicit domain definition the files provider can " +"be configured also implicitly using 'enable_files_domain' option. See " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details." +msgstr "" +"Observera att en del distributioner aktiverar fildomänen automatiskt, och " +"lägger domänen före alla explicit konfigurerade domäner. Se " +"enable_files_domain i <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:66 +msgid "" +"SSSD never handles resolution of user/group \"root\". Also resolution of UID/" +"GID 0 is not handled by SSSD. Such requests are passed to next NSS module " +"(usually files)." +msgstr "" +"SSSD hanterar aldrig uppslagning av användaren/gruppen ”root”. " +"Uppslagningen av AID/GID 0 hanteras inte heller av SSSD. Sådana begäranden " +"skickas till nästa NSS-modul (vanligen filer)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:71 +msgid "" +"When SSSD is not running or responding, nss_sss returns the UNAVAIL code " +"which causes the request to be passed to the next module." +msgstr "" +"När SSSD inte kör eller svarar returnerar nss_sss koden UNAVAIL som får " +"begäran att skickas vidare till nästa modul." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:95 +msgid "passwd_files (string)" +msgstr "passwd_files (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:98 +msgid "" +"Comma-separated list of one or multiple password filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" +"Kommaseparerad lista av ett eller flera namn på lösenordsfiler att läsa och " +"räkna upp av filleverantören, inotify-övervakningsvakter kommer att sättas " +"på varje fil för att upptäcka ändringar dynamiskt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:104 +msgid "Default: /etc/passwd" +msgstr "Standard: /etc/passwd" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:110 +msgid "group_files (string)" +msgstr "group_files (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:113 +msgid "" +"Comma-separated list of one or multiple group filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" +"Kommaseparerad lista av ett eller flera namn på gruppfiler att läsa och " +"räkna upp av filleverantören, inotify-övervakningsvakter kommer att sättas " +"på varje fil för att upptäcka ändringar dynamiskt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:119 +msgid "Default: /etc/group" +msgstr "Standard: /etc/group" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:125 +msgid "fallback_to_nss (boolean)" +msgstr "fallback_to_nss (boolean)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:128 +msgid "" +"While updating the internal data SSSD will return an error and let the " +"client continue with the next NSS module. This helps to avoid delays when " +"using the default system files <filename>/etc/passwd</filename> and " +"<filename>/etc/group</filename> and the NSS configuration has 'sss' before " +"'files' for the 'passwd' and 'group' maps." +msgstr "" +"Under uppdatering av interna data kommer SSSD att returnera ett fel och låta " +"klienten fortsätta med nästa NSS-modul. Detta hjälper till att undvika " +"fördröjningar vid användning systemet standardfiler <filename>/etc/passwd</" +"filename> och <filename>/etc/group</filename> och när NSS-konfigurationen " +"har ”sss” före ”files” för avbildningarna ”passwd” och ”group”." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:138 +msgid "" +"If the files provider is configured to monitor other files it makes sense to " +"set this option to 'False' to avoid inconsistent behavior because in general " +"there would be no other NSS module which can be used as a fallback." +msgstr "" +"Om filleverantören är konfigurerad att övervaka andra filer är det vettigt " +"att sätta detta alternativ till ”False” för att undvika inkonsistent " +"beteende eftersom det i allmänhet inte skulle finnas någon annan NSS-modul " +"som kan användas att falla tillbaka på." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:79 +msgid "" +"In addition to the options listed below, generic SSSD domain options can be " +"set where applicable. Refer to the section <quote>DOMAIN SECTIONS</quote> " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for details on the configuration of " +"an SSSD domain. But the purpose of the files provider is to expose the same " +"data as the UNIX files, just through the SSSD interfaces. Therefore not all " +"generic domain options are supported. Likewise, some global options, such as " +"overriding the shell in the <quote>nss</quote> section for all domains has " +"no effect on the files domain unless explicitly specified per-domain. " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Utöver de alternativ som räknas upp nedan kan generella SSSD-domänalternativ " +"sättas där de är tillämpliga. Se <quote>DOMÄNSEKTIONER</quote> i " +"manualsidan <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> för detaljer om konfigurationen av " +"en SSSD-domän. Men syftet med leverantören files är att exponera samma data " +"som UNIX-filerna, bara via gränssnitten för SSSD. Därför stödjs inte alla " +"generella domänalternativ. På samma sätt har några globala alternativ, " +"såsom att åsidosätta skalet i avsnittet <quote>nss</quote> för alla domäner " +"ingen effekt på domänen files om det inte anges uttryckligen per domän. " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:157 +msgid "" +"The following example assumes that SSSD is correctly configured and files is " +"one of the domains in the <replaceable>[sssd]</replaceable> section." +msgstr "" +"Följande exempel antar att SSSD är korrekt konfigurerat och att files är en " +"av domänerna i avsnittet <replaceable>[sssd]</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:163 +#, no-wrap +msgid "" +"[domain/files]\n" +"id_provider = files\n" +msgstr "" +"[domain/files]\n" +"id_provider = files\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:168 +msgid "" +"To leverage caching of local users and groups by SSSD nss_sss module must be " +"listed before nss_files module in /etc/nsswitch.conf." +msgstr "" +"För att dra nytta av SSSD:s cachning av lokala användare och grupper måste " +"modulen nss_sss listas före modulen nss_files i /etc/nsswitch.conf." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:174 +#, no-wrap +msgid "" +"passwd: sss files\n" +"group: sss files\n" +msgstr "" +"passwd: sss files\n" +"group: sss files\n" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16 +msgid "sssd-session-recording" +msgstr "sssd-session-recording" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-session-recording.5.xml:17 +msgid "Configuring session recording with SSSD" +msgstr "Konfigurera sessionsinspelning med SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to " +"implement user session recording on text terminals. For a detailed " +"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> " +"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Denna manualsida beskriver hur man konfigurerar <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"att fungera med <citerefentry> <refentrytitle>tlog-rec-session</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, en del av paketet " +"tlog, för att implementera inspelning av användarsessioner på en " +"textterminal. För en detaljerad referens till konfigurationssyntaxen, se " +"avsnittet <quote>FILE FORMAT</quote> av manualsidan <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:41 +msgid "" +"SSSD can be set up to enable recording of everything specific users see or " +"type during their sessions on text terminals. E.g. when users log in on the " +"console, or via SSH. SSSD itself doesn't record anything, but makes sure " +"tlog-rec-session is started upon user login, so it can record according to " +"its configuration." +msgstr "" +"SSSD kan sättas upp för att möjliggöra inspelning av allting specifika " +"användare ser eller skriver under sina sessioner på en textterminal. T.ex., " +"när användare loggar in på konsolen, eller via SSH. SSSD själv spelar inte " +"in någonting, men ser till att tlog-rec-session startas när användaren " +"loggar in, så att den kan spela in enligt sin konfiguration." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:48 +msgid "" +"For users with session recording enabled, SSSD replaces the user shell with " +"tlog-rec-session in NSS responses, and adds a variable specifying the " +"original shell to the user environment, upon PAM session setup. This way " +"tlog-rec-session can be started in place of the user shell, and know which " +"actual shell to start, once it set up the recording." +msgstr "" +"För användare med sessionsinspelning aktiverad ersätter SSSD användarens " +"skal med tlog-rec-session i NSS-svar, och lägger till en variabel som anger " +"det ursprungliga skalet till användarens miljö när PAM sätter upp " +"sessionen. På detta sätt kan tlog-rec-session startas istället för " +"användarens skal, och veta vilket faktiskt skal som skall startas när den " +"satt upp inspelningen." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:60 +msgid "These options can be used to configure the session recording." +msgstr "Dessa alternativ kan användas för att konfigurera sessionsinspelning." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:178 +msgid "" +"The following snippet of sssd.conf enables session recording for users " +"\"contractor1\" and \"contractor2\", and group \"students\"." +msgstr "" +"Följande snutt från sssd.conf gör det möjligt att spela in sessioner för " +"användarna ”konsult1” och ”konsult2” och gruppen ”studenter”." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-session-recording.5.xml:183 +#, no-wrap +msgid "" +"[session_recording]\n" +"scope = some\n" +"users = contractor1, contractor2\n" +"groups = students\n" +msgstr "" +"[session_recording]\n" +"scope = some\n" +"users = konsult1,konsult2\n" +"groups = studenter\n" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16 +msgid "sssd-kcm" +msgstr "sssd-kcm" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-kcm.8.xml:17 +msgid "SSSD Kerberos Cache Manager" +msgstr "SSSD Kerberos cache-hanterare" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:23 +msgid "" +"This manual page describes the configuration of the SSSD Kerberos Cache " +"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos " +"credential caches. It originates in the Heimdal Kerberos project, although " +"the MIT Kerberos library also provides client side (more details on that " +"below) support for the KCM credential cache." +msgstr "" +"Denna manualsida beskriver konfigurationen av SSSD:s Kerberos cache-" +"hanterare (KCM). KCM är en process som lagrar, spårar och hanterar " +"Kerberoskreditiv-cachar. Det kommer från projektet Heimdal Kerberos, fast " +"biblioteket MIT Kerberos tillhandahåller även stöd för klientsidan (mer " +"detaljer om det nedan) av KCM-kreditiv-cachen." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:31 +msgid "" +"In a setup where Kerberos caches are managed by KCM, the Kerberos library " +"(typically used through an application, like e.g., <citerefentry> " +"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </" +"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is " +"being referred to as a <quote>\"KCM server\"</quote>. The client and server " +"communicate over a UNIX socket." +msgstr "" +"I en uppsättning där Kerberos cachar hanteras av KCM är Kerberosbiblioteket " +"(typiskt använt via ett program, som t.ex., <citerefentry> " +"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </" +"citerefentry>, en <quote>”KCM-klient\"</quote> och KCMdemonen refereras till " +"som en <quote>”KCM-server\"</quote>. Klienten och servern kommunicerar via " +"ett UNIX-uttag." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:42 +msgid "" +"The KCM server keeps track of each credential caches's owner and performs " +"access check control based on the UID and GID of the KCM client. The root " +"user has access to all credential caches." +msgstr "" +"KCM-servern håller reda på ägaren till varje kreditiv-cache och utför " +"åtkomstkontroller baserat på AID:t och GID:t på KCM-klienten. Root-" +"användaren har åtkomst till alla kreditiv-cachar." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:47 +msgid "The KCM credential cache has several interesting properties:" +msgstr "KCM-kreditiv-cachen har flera intressanta egenskaper:" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:51 +msgid "" +"since the process runs in userspace, it is subject to UID namespacing, " +"unlike the kernel keyring" +msgstr "" +"eftersom processen kör i användarrymden är den föremål för AID-namnrymder, " +"till skillnad mot kärnans nyckelring" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:56 +msgid "" +"unlike the kernel keyring-based cache, which is shared between all " +"containers, the KCM server is a separate process whose entry point is a UNIX " +"socket" +msgstr "" +"till skillnad mot kärnans nyckelringsbaserade cache, som delas mellan alla " +"behållare, är KCM-servern en separat process vars ingångspunkt är ett UNIX-" +"uttag" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:61 +msgid "" +"the SSSD implementation stores the ccaches in a database, typically located " +"at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to " +"survive KCM server restarts or machine reboots." +msgstr "" +"SSSD-implementationen sparar ccache:rna i en databas, vanligen placerad i " +"<replaceable>/var/lib/sss/secrets</replaceable>, vilket gör att ccache:rna " +"kan överleva att KCM-servern eller hela maskinen startas om." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:67 +msgid "" +"This allows the system to use a collection-aware credential cache, yet share " +"the credential cache between some or no containers by bind-mounting the " +"socket." +msgstr "" +"Detta gör att systemet kan använda en samlingsmedveten kreditiv-cache, och " +"ändå dela kreditivcachen mellan några eller inga behållare genom " +"bindmontering av uttaget." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:72 +msgid "" +"The KCM default client idle timeout is 5 minutes, this allows more time for " +"user interaction with command line tools such as kinit." +msgstr "" +"KCM-standardklientens tidsgräns för inaktivitet är 5 minuter, detta ger mer " +"tid för användarinteraktion med kommandoradsverktyg såsom kinit." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:78 +msgid "USING THE KCM CREDENTIAL CACHE" +msgstr "ATT ANVÄNDA KCM-KREDITIV-CACHEN" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:88 +#, no-wrap +msgid "" +"[libdefaults]\n" +" default_ccache_name = KCM:\n" +" " +msgstr "" +"[libdefaults]\n" +" default_ccache_name = KCM:\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:80 +msgid "" +"In order to use KCM credential cache, it must be selected as the default " +"credential type in <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials " +"cache name must be only <quote>KCM:</quote> without any template " +"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"För att använda KCM-kreditiv-cachen måste den väljas som " +"standardkreditivtypen i <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>. Kreditiv-cachens " +"namn skall bara vara <quote>KCM:</quote> utan några mallexpansioner. Till " +"exempel: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:93 +msgid "" +"Next, make sure the Kerberos client libraries and the KCM server must agree " +"on the UNIX socket path. By default, both use the same path <replaceable>/" +"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos " +"library, change its <quote>kcm_socket</quote> option which is described in " +"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" +"Se därefter till att Kerberos-klientbiblioteken och KCM-servern är överens " +"om sökvägen till UNIX-uttaget. Som standard använder båda samma sökväg " +"<replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>. För att " +"konfigurera Kerberos-biblioteket, ändra dess alternativ <quote>kcm_socket</" +"quote> som beskrivs i manualsidan <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:115 +#, no-wrap +msgid "" +"systemctl start sssd-kcm.socket\n" +"systemctl enable sssd-kcm.socket\n" +" " +msgstr "" +"systemctl start sssd-kcm.socket\n" +"systemctl enable sssd-kcm.socket\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:104 +msgid "" +"Finally, make sure the SSSD KCM server can be contacted. The KCM service is " +"typically socket-activated by <citerefentry> <refentrytitle>systemd</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD " +"services, it cannot be started by adding the <quote>kcm</quote> string to " +"the <quote>service</quote> directive. <placeholder type=\"programlisting\" " +"id=\"0\"/> Please note your distribution may already configure the units for " +"you." +msgstr "" +"Se slutligen till att SSSD KCM-servern kan kontaktas. KCM-tjänsten är " +"normalt uttagsaktiverad av <citerefentry> <refentrytitle>systemd</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Till skillnad mot " +"andra SSSD-tjänster kan den inte startas genom att lägga till strängen " +"<quote>kcm</quote> till direktivet <quote>service</quote>. <placeholder " +"type=\"programlisting\" id=\"0\"/> Observera att din distribution kanske " +"redan konfigurerar enheterna åt dig." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:124 +msgid "THE CREDENTIAL CACHE STORAGE" +msgstr "KREDITIV-CACHE-LAGRINGEN" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:126 +msgid "" +"The credential caches are stored in a database, much like SSSD caches user " +"or group entries. The database is typically located at <quote>/var/lib/sss/" +"secrets</quote>." +msgstr "" +"Kreditiv-cachen lagras i en databas, snarlikt hur SSSD cachar användar- " +"eller grupposter. Databasen finns normalt i <quote>/var/lib/sss/secrets</" +"quote>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:133 +msgid "OBTAINING DEBUG LOGS" +msgstr "ATT FÅ TAG I FELSÖKNINGSLOGGAR" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:144 +#, no-wrap +msgid "" +"[kcm]\n" +"debug_level = 10\n" +" " +msgstr "" +"[kcm]\n" +"debug_level = 10\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:149 sssd-kcm.8.xml:211 +#, no-wrap +msgid "" +"systemctl restart sssd-kcm.service\n" +" " +msgstr "" +"systemctl restart sssd-kcm.service\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:135 +msgid "" +"The sssd-kcm service is typically socket-activated <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry>. To generate debug logs, add the following either to the " +"<filename>/etc/sssd/sssd.conf</filename> file directly or as a configuration " +"snippet to <filename>/etc/sssd/conf.d/</filename> directory: <placeholder " +"type=\"programlisting\" id=\"0\"/> Then, restart the sssd-kcm service: " +"<placeholder type=\"programlisting\" id=\"1\"/> Finally, run whatever use-" +"case doesn't work for you. The KCM logs will be generated at <filename>/var/" +"log/sssd/sssd_kcm.log</filename>. It is recommended to disable the debug " +"logs when you no longer need the debugging to be enabled as the sssd-kcm " +"service can generate quite a large amount of debugging information." +msgstr "" +"Tjänsten sssd-kcm är normalt uttagsaktiverad av <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry>. För att skapa felsökningsloggar, lägg till följande antingen " +"direkt till filen <filename>/etc/sssd/sssd.conf</filename> eller som en " +"konfigurationssnutt till katalogen <filename>/etc/sssd/conf.d/</filename>: " +"<placeholder type=\"programlisting\" id=\"0\"/> Starta sedan om tjänsten " +"sssd-kcm: <placeholder type=\"programlisting\" id=\"1\"/> Kör slutligen det " +"användningsfall som inte fungerar. KCM-loggarna kommer skapas i <filename>/" +"var/log/sssd/sssd_kcm.log</filename>. Det rekommenderas att avaktivera " +"felsökningsloggarna när man inte längre behöver informationen aktiverad " +"eftersom tjänsten sssd-kcm kan skapa en ganska stor mängd " +"felsökningsinformation." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:159 +msgid "" +"Please note that configuration snippets are, at the moment, only processed " +"if the main configuration file at <filename>/etc/sssd/sssd.conf</filename> " +"exists at all." +msgstr "" +"Observera att konfigurationssnuttar för närvarande endast behandlas om " +"huvudkonfigurationsfilen på <filename>/etc/sssd/sssd.conf</filename> över " +"huvud taget finns." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:166 +msgid "RENEWALS" +msgstr "FÖRNYELSER" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:174 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"krb5_renew_interval = 60m\n" +" " +msgstr "" +"tgt_renewal = true\n" +"krb5_renew_interval = 60m\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:168 +msgid "" +"The sssd-kcm service can be configured to attempt TGT renewal for renewable " +"TGTs stored in the KCM ccache. Renewals are only attempted when half of the " +"ticket lifetime has been reached. KCM Renewals are configured when the " +"following options are set in the [kcm] section: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Tjänsten sssd-kcm kan konfigureras till att försöka göra TGT-förnyelser med " +"förnybara TGT:er lagrade i KCM-ccachen. Förnyelseförsök görs bara när halva " +"biljettens livstid har uppnåtts. KCM-förnyelser konfigureras när följande " +"alternativ sätts i sektionen [kcm]: <placeholder type=\"programlisting\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:179 +msgid "" +"SSSD can also inherit krb5 options for renewals from an existing domain." +msgstr "" +"SSSD kan även ärva krb5-alternativ för förnyelser från en befintlig domän." + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: sssd-kcm.8.xml:183 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"tgt_renewal_inherit = domain-name\n" +" " +msgstr "" +"tgt_renewal = true\n" +"tgt_renewal_inherit = domännamn\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:191 +#, no-wrap +msgid "" +"krb5_renew_interval\n" +"krb5_renewable_lifetime\n" +"krb5_lifetime\n" +"krb5_validate\n" +"krb5_canonicalize\n" +"krb5_auth_timeout\n" +" " +msgstr "" +"krb5_renew_interval\n" +"krb5_renewable_lifetime\n" +"krb5_lifetime\n" +"krb5_validate\n" +"krb5_canonicalize\n" +"krb5_auth_timeout\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:187 +msgid "" +"The following krb5 options can be configured in the [kcm] section to control " +"renewal behavior, these options are described in detail below <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Följande krb5-alternativ kan konfigureras i sektionen [kcm] för att styra " +"förnyelsebeteendet, dessa alternativ beskrivs i detalj nedan <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:204 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> section of the sssd." +"conf file. Please note that because the KCM service is typically socket-" +"activated, it is enough to just restart the <quote>sssd-kcm</quote> service " +"after changing options in the <quote>kcm</quote> section of sssd.conf: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Tjänsten KCM är konfigurerad i sektionen <quote>kcm</quote> av filen sssd." +"conf. Observera att eftersom tjänsten KCM typiskt är uttagsaktiverad är det " +"tillräckligt att bara starta om tjänsten <quote>sssd-kcm</quote> efter att " +"ha ändrat flaggorna i sektionen <quote>kcm</quote> av sssd.conf: " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:215 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> For a detailed " +"syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" +"Tjänsten KCM konfigureras i <quote>kcm</quote> För en detaljeras " +"syntaxreferens, se avsnittet <quote>FILFORMAT</quote> i manualsidan " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:223 +msgid "" +"The generic SSSD service options such as <quote>debug_level</quote> or " +"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for a complete list. In addition, " +"there are some KCM-specific options as well." +msgstr "" +"De allmänna alternativen för tjänsten SSSD såsom <quote>debug_level</quote> " +"eller <quote>fd_limit</quote> accepteras av tjänsten kcm. Se manualsidan " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> för en fullständig lista. Dessutom finns det " +"några KCM-specifika alternativ också." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:234 +msgid "socket_path (string)" +msgstr "socket_path (sträng)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:237 +msgid "The socket the KCM service will listen on." +msgstr "Uttaget tjänsten KCM kommer lyssna på." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:240 +msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" +msgstr "Standard: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:243 +msgid "" +"<phrase condition=\"have_systemd\"> Note: on platforms where systemd is " +"supported, the socket path is overwritten by the one defined in the sssd-kcm." +"socket unit file. </phrase>" +msgstr "" +"<phrase condition=\"have_systemd\"> Observera: på plattformar där systemd " +"stödjs skrivs uttagssökvägen över av den som definieras i enhetsfilen sssd-" +"kcm.socket. </phrase>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:252 +msgid "max_ccaches (integer)" +msgstr "max_ccaches (heltal)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:255 +msgid "How many credential caches does the KCM database allow for all users." +msgstr "Hur många kreditivcacher KCM-databasen tillåter för alla användare." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:259 +msgid "Default: 0 (unlimited, only the per-UID quota is enforced)" +msgstr "Standard: 0 (obegränsad, endast kvot per AID upprätthålls)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:264 +msgid "max_uid_ccaches (integer)" +msgstr "max_uid_ccaches (heltal)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:267 +msgid "" +"How many credential caches does the KCM database allow per UID. This is " +"equivalent to <quote>with how many principals you can kinit</quote>." +msgstr "" +"Hur många kreditiv-cachningar KCM-databasen tillåter per AID. Detta är " +"ekvivalent med <quote>med hur många huvudmän man kan kinit:a</quote>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:272 +msgid "Default: 64" +msgstr "Standard: 64" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:277 +msgid "max_ccache_size (integer)" +msgstr "max_ccache_size (heltal)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:280 +msgid "" +"How big can a credential cache be per ccache. Each service ticket accounts " +"into this quota." +msgstr "" +"Hor stor kan en kreditivcach vara per ccache. Varje tjänsteärende räknas in " +"i denna kvot." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:284 +msgid "Default: 65536" +msgstr "Standard: 65536" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:289 +msgid "tgt_renewal (bool)" +msgstr "tgt_renewal (bool)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:292 +msgid "Enables TGT renewals functionality." +msgstr "Aktiverar TGT-förnyelsefunktionalitet." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:295 +msgid "Default: False (Automatic renewals disabled)" +msgstr "Standard: False (Automatiska förnyelser avaktiverade)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:300 +msgid "tgt_renewal_inherit (string)" +msgstr "tgt_renewal_inherit (sträng)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:303 +msgid "Domain to inherit krb5_* options from, for use with TGT renewals." +msgstr "" +"Domän att ärva krb5_*-alternativ ifrån, att användas med TGT-förnyelser." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:307 +msgid "Default: NULL" +msgstr "Standard: NULL" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:318 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>," +msgstr "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>," + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16 +msgid "sssd-systemtap" +msgstr "sssd-systemtap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-systemtap.5.xml:17 +msgid "SSSD systemtap information" +msgstr "SSSD systemtap-information" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:23 +msgid "" +"This manual page provides information about the systemtap functionality in " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>." +msgstr "" +"Denna manualsida innehåller information om systemtap-funktionen i " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:32 +msgid "" +"SystemTap Probe points have been added into various locations in SSSD code " +"to assist in troubleshooting and analyzing performance related issues." +msgstr "" +"SystemTap-testpunkter har lagts till på diverse platser i SSSD-koden för att " +"hjälpa till i felsökning och analys av prestandarelaterade problem." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:40 +msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/" +msgstr "Exempel på SystemTap-skript finns i /usr/share/sssd/systemtap/" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:46 +msgid "" +"Probes and miscellaneous functions are defined in /usr/share/systemtap/" +"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp " +"respectively." +msgstr "" +"Testpunkter och diverse funktioner definieras i /usr/share/systemtap/tapset/" +"sssd.stp respektive /usr/share/systemtap/tapset/sssd_functions.stp." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:57 +msgid "PROBE POINTS" +msgstr "TESTPUNKTER" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:367 +msgid "" +"The information below lists the probe points and arguments available in the " +"following format:" +msgstr "" +"Informationen nedan räknar upp testpunkterna och argumenten som är " +"tillgängliga i följande format:" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:64 +msgid "probe $name" +msgstr "probe $name" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:67 +msgid "Description of probe point" +msgstr "Beskrivning av testpunkten" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:70 +#, no-wrap +msgid "" +"variable1:datatype\n" +"variable2:datatype\n" +"variable3:datatype\n" +"...\n" +" " +msgstr "" +"variabel1:datatyp\n" +"variabel2:datatyp\n" +"variabel3:datatyp\n" +"…\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:80 +msgid "Database Transaction Probes" +msgstr "Databastransaktionstestpunkter" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:84 +msgid "probe sssd_transaction_start" +msgstr "probe sssd_transaction_start" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:87 +msgid "" +"Start of a sysdb transaction, probes the sysdb_transaction_start() function." +msgstr "" +"Start av en sysdb-transaktion, känner av funktionen " +"sysdb_transaction_start()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118 +#: sssd-systemtap.5.xml:131 +#, no-wrap +msgid "" +"nesting:integer\n" +"probestr:string\n" +" " +msgstr "" +"nesting:heltal\n" +"probestr:sträng\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:97 +msgid "probe sssd_transaction_cancel" +msgstr "probe sssd_transaction_cancel" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:100 +msgid "" +"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() " +"function." +msgstr "" +"Annullering av en sysdb-transaktion, känner av funktionen " +"sysdb_transaction_cancel()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:111 +msgid "probe sssd_transaction_commit_before" +msgstr "probe sssd_transaction_commit_before" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:114 +msgid "Probes the sysdb_transaction_commit_before() function." +msgstr "Känner av funktionen sysdb_transaction_commit_before()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:124 +msgid "probe sssd_transaction_commit_after" +msgstr "probe sssd_transaction_commit_after" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:127 +msgid "Probes the sysdb_transaction_commit_after() function." +msgstr "Känner av funktionen sysdb_transaction_commit_after()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:141 +msgid "LDAP Search Probes" +msgstr "LDAP-sökningstestpunkter" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:145 +msgid "probe sdap_search_send" +msgstr "probe sdap_search_send" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:148 +msgid "Probes the sdap_get_generic_ext_send() function." +msgstr "Känner av funktionen sdap_get_generic_ext_send()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:152 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"attrs:string\n" +"probestr:string\n" +" " +msgstr "" +"base:sträng\n" +"scope:heltal\n" +"filter:sträng\n" +"attrs:sträng\n" +"probestr:sträng\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:161 +msgid "probe sdap_search_recv" +msgstr "probe sdap_search_recv" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:164 +msgid "Probes the sdap_get_generic_ext_recv() function." +msgstr "Känner av funktionen sdap_get_generic_ext_recv()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:168 sssd-systemtap.5.xml:222 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"probestr:string\n" +" " +msgstr "" +"base:sträng\n" +"scope:heltal\n" +"filter:sträng\n" +"probestr:sträng\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:176 +msgid "probe sdap_parse_entry" +msgstr "probe sdap_parse_entry" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:179 +msgid "" +"Probes the sdap_parse_entry() function. It is called repeatedly with every " +"received attribute." +msgstr "" +"Känner av funktionen sdap_parse_entry(). Den anropas upprepat för varje " +"mottaget attribut." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:184 +#, no-wrap +msgid "" +"attr:string\n" +"value:string\n" +" " +msgstr "" +"attr:sträng\n" +"value:sträng\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:190 +msgid "probe sdap_parse_entry_done" +msgstr "probe sdap_parse_entry_done" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:193 +msgid "" +"Probes the sdap_parse_entry() function. It is called when parsing of " +"received object is finished." +msgstr "" +"Känner av funktionen sdap_parse_entry(). Den anropas när tolkning av " +"mottagna objekt är klar." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:201 +msgid "probe sdap_deref_send" +msgstr "probe sdap_deref_send" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:204 +msgid "Probes the sdap_deref_search_send() function." +msgstr "Känner av funktionen sdap_deref_search_send()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:208 +#, no-wrap +msgid "" +"base_dn:string\n" +"deref_attr:string\n" +"probestr:string\n" +" " +msgstr "" +"base_dn:sträng\n" +"deref_attr:sträng\n" +"probestr:sträng\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:215 +msgid "probe sdap_deref_recv" +msgstr "probe sdap_deref_recv" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:218 +msgid "Probes the sdap_deref_search_recv() function." +msgstr "Känner av funktionen sdap_deref_search_recv()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:234 +msgid "LDAP Account Request Probes" +msgstr "Testpunkter av LDAP-kontobegäranden" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:238 +msgid "probe sdap_acct_req_send" +msgstr "probe sdap_acct_req_send" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:241 +msgid "Probes the sdap_acct_req_send() function." +msgstr "Känner av funktionen sdap_acct_req_send()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:245 sssd-systemtap.5.xml:260 +#, no-wrap +msgid "" +"entry_type:int\n" +"filter_type:int\n" +"filter_value:string\n" +"extra_value:string\n" +" " +msgstr "" +"entry_type:heltal\n" +"filter_type:heltal\n" +"filter_value:sträng\n" +"extra_value:sträng\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:253 +msgid "probe sdap_acct_req_recv" +msgstr "probe sdap_acct_req_recv" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:256 +msgid "Probes the sdap_acct_req_recv() function." +msgstr "Känner av funktionen sdap_acct_req_recv()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:272 +msgid "LDAP User Search Probes" +msgstr "Testpunkter av LDAP-användarsökningar" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:276 +msgid "probe sdap_search_user_send" +msgstr "probe sdap_search_user_send" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:279 +msgid "Probes the sdap_search_user_send() function." +msgstr "Känner av funktionen sdap_search_user_send()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:283 sssd-systemtap.5.xml:295 sssd-systemtap.5.xml:307 +#: sssd-systemtap.5.xml:319 +#, no-wrap +msgid "" +"filter:string\n" +" " +msgstr "" +"filter:sträng\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:288 +msgid "probe sdap_search_user_recv" +msgstr "probe sdap_search_user_recv" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:291 +msgid "Probes the sdap_search_user_recv() function." +msgstr "Känner av funktionen sdap_search_user_recv()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:300 +msgid "probe sdap_search_user_save_begin" +msgstr "probe sdap_search_user_save_begin" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:303 +msgid "Probes the sdap_search_user_save_begin() function." +msgstr "Känner av funktionen sdap_search_user_save_begin()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:312 +msgid "probe sdap_search_user_save_end" +msgstr "probe sdap_search_user_save_end" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:315 +msgid "Probes the sdap_search_user_save_end() function." +msgstr "Känner av funktionen sdap_search_user_save_end()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:328 +msgid "Data Provider Request Probes" +msgstr "Testpunkter av dataleverantörsbegäranden" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:332 +msgid "probe dp_req_send" +msgstr "probe dp_req_send" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:335 +msgid "A Data Provider request is submitted." +msgstr "En dataleverantörsbegäran skickas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:338 +#, no-wrap +msgid "" +"dp_req_domain:string\n" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +" " +msgstr "" +"dp_req_domain:sträng\n" +"dp_req_name:sträng\n" +"dp_req_target:heltal\n" +"dp_req_method:heltal\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:346 +msgid "probe dp_req_done" +msgstr "probe dp_req_done" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:349 +msgid "A Data Provider request is completed." +msgstr "En dataleverantörsbegäran avslutas." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:352 +#, no-wrap +msgid "" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +"dp_ret:int\n" +"dp_errorstr:string\n" +" " +msgstr "" +"dp_req_name:sträng\n" +"dp_req_target:heltal\n" +"dp_req_method:heltal\n" +"dp_ret:heltal\n" +"dp_errorstr:sträng\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:365 +msgid "MISCELLANEOUS FUNCTIONS" +msgstr "DIVERSE FUNKTIONER" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:372 +msgid "function acct_req_desc(entry_type)" +msgstr "funktionen acct_req_desc(posttyp)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:375 +msgid "Convert entry_type to string and return string" +msgstr "Konvertera posttyp till en sträng och returnera strängen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:380 +msgid "" +"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, " +"filter_value, extra_value)" +msgstr "" +"function sssd_acct_req_probestr(fc_namn, posttyp, filtertyp, filtervärde, " +"extravärde)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:384 +msgid "Create probe string based on filter type" +msgstr "Skapa testpunktsträng baserad på filtertyp" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:389 +msgid "function dp_target_str(target)" +msgstr "funktionen dp_target_str(mål)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:392 +msgid "Convert target to string and return string" +msgstr "Konvertera målet till en sträng och returnera strängen" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:397 +msgid "function dp_method_str(target)" +msgstr "funktionen dp_method_str(mål)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:400 +msgid "Convert method to string and return string" +msgstr "Konvertera metoden till en sträng och returnera strängen" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:410 +msgid "SAMPLE SYSTEMTAP SCRIPTS" +msgstr "PROV PÅ SYSTEMTAP-SKRIPT" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:412 +msgid "" +"Start the SystemTap script (<command>stap /usr/share/sssd/systemtap/<" +"script_name>.stp</command>), then perform an identity operation and the " +"script will collect information from probes." +msgstr "" +"Starta SystemTap-skriptet (<command>stap /usr/share/sssd/systemtap/<" +"skriptnamn>.stp</command>), utför sedan en identitetsåtgärd och skriptet " +"kommer samla information från sonder." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:418 +msgid "Provided SystemTap scripts are:" +msgstr "Levererade SystemTap-skript är:" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:422 +msgid "dp_request.stp" +msgstr "dp_request.stp" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:425 +msgid "Monitoring of data provider request performance." +msgstr "Övervakning av prestanda hos dataleverantörbegäranden." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:430 +msgid "id_perf.stp" +msgstr "id_perf.stp" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:433 +msgid "Monitoring of <command>id</command> command performance." +msgstr "Övervakning av prestanda hos kommandot <command>id</command>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:439 +msgid "ldap_perf.stp" +msgstr "ldap_perf.stp" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:442 +msgid "Monitoring of LDAP queries." +msgstr "Övervakning av LDAP-begäranden." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:447 +msgid "nested_group_perf.stp" +msgstr "nested_group_perf.stp" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:450 +msgid "Performance of nested groups resolving." +msgstr "Prestanda vid uppslagning av nästade grupper." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +msgid "sssd-ldap-attributes" +msgstr "sssd-ldap-attributes" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap-attributes.5.xml:17 +msgid "SSSD LDAP Provider: Mapping Attributes" +msgstr "SSSD LDAP-leverantör: Avbildningsattribut" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap-attributes.5.xml:23 +msgid "" +"This manual page describes the mapping attributes of SSSD LDAP provider " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. Refer to the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " +"for full details about SSSD LDAP provider configuration options." +msgstr "" +"Denna manualsida beskriver avbildningsattributen till SSSD LDAP-leverantören " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. Se manualsidan <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> för fullständiga detaljer om SSSD LDAP-leverantörens " +"konfigurationsflaggor." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:38 +msgid "USER ATTRIBUTES" +msgstr "ANVÄNDARATTRIBUT" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:42 +msgid "ldap_user_object_class (string)" +msgstr "ldap_user_object_class (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:45 +msgid "The object class of a user entry in LDAP." +msgstr "Objektklassen hos en användarpost i LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:48 +msgid "Default: posixAccount" +msgstr "Standard: posixAccount" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:54 +msgid "ldap_user_name (string)" +msgstr "ldap_user_name (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:57 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "LDAP-attributet som motsvarar användarens inloggningsnamn." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:61 +msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "Standard: uid (rfc2307, rfc2307bis och IPA), sAMAccountName (AD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:68 +msgid "ldap_user_uid_number (string)" +msgstr "ldap_user_uid_number (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:71 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "LDAP-attributet som motsvarar användarens id." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:75 +msgid "Default: uidNumber" +msgstr "Standard: uidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:81 +msgid "ldap_user_gid_number (string)" +msgstr "ldap_user_gid_number (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:84 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "LDAP-attributet som motsvarar användarens primära grupp-id." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:88 sssd-ldap-attributes.5.xml:698 +msgid "Default: gidNumber" +msgstr "Standard: gidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:94 +msgid "ldap_user_primary_group (string)" +msgstr "ldap_user_primary_group (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:97 +msgid "" +"Active Directory primary group attribute for ID-mapping. Note that this " +"attribute should only be set manually if you are running the <quote>ldap</" +"quote> provider with ID mapping." +msgstr "" +"Active Directorys primära gruppattribut för ID-mappning. Observera att " +"detta attribut skall bara sättas manuellt om du kör <quote>ldap</quote>-" +"leverantören med ID-mappning." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:103 +msgid "Default: unset (LDAP), primaryGroupID (AD)" +msgstr "Standard: ej satt (LDAP), primaryGroupID (AD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:109 +msgid "ldap_user_gecos (string)" +msgstr "ldap_user_gecos (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:112 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "LDAP-attributet som motsvarar användarens gecos-fält." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:116 +msgid "Default: gecos" +msgstr "Standard: gecos" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:122 +msgid "ldap_user_home_directory (string)" +msgstr "ldap_user_home_directory (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:125 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "LDAP-attributet som innehåller namnet på användarens hemkatalog." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:129 +msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)" +msgstr "Standard: homeDirectory (LDAP och IPA), unixHomeDirectory (AD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:135 +msgid "ldap_user_shell (string)" +msgstr "ldap_user_shell (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:138 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "LDAP-attributet som innehåller sökvägen till användarens standardskal." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:142 +msgid "Default: loginShell" +msgstr "Standard: loginShell" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:148 +msgid "ldap_user_uuid (string)" +msgstr "ldap_user_uuid (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:151 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "LDAP-attributet som innehåller UUID/GUID för ett LDAP-användarobjekt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:155 sssd-ldap-attributes.5.xml:724 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" +"Standard: inte satt i det allmänna fallet, objectGUID för AD och ipaUniqueID " +"för IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:162 +msgid "ldap_user_objectsid (string)" +msgstr "ldap_user_objectsid (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:165 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"LDAP-attributet som innehåller objectSID för ett LDAP-användarobjekt. Detta " +"är normalt bara nödvändigt för Active Directory-servrar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:170 sssd-ldap-attributes.5.xml:739 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "Standard: objectSid för Active Directory, inte satt för andra servrar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:177 +msgid "ldap_user_modify_timestamp (string)" +msgstr "ldap_user_modify_timestamp (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:180 sssd-ldap-attributes.5.xml:749 +#: sssd-ldap-attributes.5.xml:872 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" +"LDAP-attributet som innehåller tidsstämpeln för den senaste ändringen av " +"föräldraobjektet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:184 sssd-ldap-attributes.5.xml:753 +#: sssd-ldap-attributes.5.xml:879 +msgid "Default: modifyTimestamp" +msgstr "Standard: modifyTimestamp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:190 +msgid "ldap_user_shadow_last_change (string)" +msgstr "ldap_user_shadow_last_change (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:193 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" +"När ldap_pwd_policy=shadow används innehåller denna parameter namnet på ett " +"LDAP-attribut som utgör dess motsvarighet i <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (tidpunkt för senaste lösenordsändring)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:203 +msgid "Default: shadowLastChange" +msgstr "Standard: shadowLastChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:209 +msgid "ldap_user_shadow_min (string)" +msgstr "ldap_user_shadow_min (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:212 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" +"När ldap_pwd_policy=shadow används innehåller denna parameter namnet på ett " +"LDAP-attribut som utgör dess motsvarighet i <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (minsta lösenordsålder)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:221 +msgid "Default: shadowMin" +msgstr "Standard: shadowMin" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:227 +msgid "ldap_user_shadow_max (string)" +msgstr "ldap_user_shadow_max (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:230 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" +"När ldap_pwd_policy=shadow används innehåller denna parameter namnet på ett " +"LDAP-attribut som utgör dess motsvarighet i <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (största lösenordsålder)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:239 +msgid "Default: shadowMax" +msgstr "Standard: shadowMax" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:245 +msgid "ldap_user_shadow_warning (string)" +msgstr "ldap_user_shadow_warning (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:248 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" +"När ldap_pwd_policy=shadow används innehåller denna parameter namnet på ett " +"LDAP-attribut som utgör dess motsvarighet i <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (varningsperiod för lösenord)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:258 +msgid "Default: shadowWarning" +msgstr "Standard: shadowWarning" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:264 +msgid "ldap_user_shadow_inactive (string)" +msgstr "ldap_user_shadow_inactive (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:267 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" +"När ldap_pwd_policy=shadow används innehåller denna parameter namnet på ett " +"LDAP-attribut som utgör dess motsvarighet i <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (inaktivitetsperiod för lösenord)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:277 +msgid "Default: shadowInactive" +msgstr "Standard: shadowInactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:283 +msgid "ldap_user_shadow_expire (string)" +msgstr "ldap_user_shadow_expire (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:286 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" +"När ldap_pwd_policy=shadow används innehåller denna parameter namnet på ett " +"LDAP-attribut som utgör dess motsvarighet i <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (tid då kontot går ut)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:296 +msgid "Default: shadowExpire" +msgstr "Standard: shadowExpire" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:302 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "ldap_user_krb_last_pwd_change (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:305 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" +"När ldap_pwd_policy=mit_kerberos används innehåller denna parameter namnet " +"på ett LDAP-attribut som lagrar dag och tid för senaste lösenordsändring i " +"kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:311 +msgid "Default: krbLastPwdChange" +msgstr "Standard: krbLastPwdChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:317 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "ldap_user_krb_password_expiration (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:320 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" +"När ldap_pwd_policy=mit_kerberos används innehåller denna parameter namnet " +"på ett LDAP-attribut som lagrar dag och tid när det nuvarande lösenordet går " +"ut." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:326 +msgid "Default: krbPasswordExpiration" +msgstr "Standard: krbPasswordExpiration" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:332 +msgid "ldap_user_ad_account_expires (string)" +msgstr "ldap_user_ad_account_expires (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:335 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" +"När ldap_account_expire_policy=ad används innehåller denna parameter namnet " +"på ett LDAP-attribut som lagrar tidpunkten när kontot går ut." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:340 +msgid "Default: accountExpires" +msgstr "Standard: accountExpires" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:346 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "ldap_user_ad_user_account_control (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:349 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" +"När ldap_account_expire_policy=ad används innehåller denna parameter namnet " +"på ett LDAP-attribut som lagrar användarkontots styrbitfält." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:354 +msgid "Default: userAccountControl" +msgstr "Standard: userAccountControl" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:360 +msgid "ldap_ns_account_lock (string)" +msgstr "ldap_ns_account_lock (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:363 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" +"När ldap_account_expire_policy=rhds eller likvärdigt används avgör denna " +"parameter om åtkomst skall tillåtas eller inte." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:368 +msgid "Default: nsAccountLock" +msgstr "Standard: nsAccountLock" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:374 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "ldap_user_nds_login_disabled (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:377 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" +"När ldap_account_expire_policy=nds används avgör detta attribut om åtkomst " +"skall tillåtas eller inte." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:381 sssd-ldap-attributes.5.xml:395 +msgid "Default: loginDisabled" +msgstr "Standard: loginDisabled" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:387 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "ldap_user_nds_login_expiration_time (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:390 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" +"När ldap_account_expire_policy=nds används avgör detta attribut till vilket " +"datum åtkomst tillåts." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:401 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "ldap_user_nds_login_allowed_time_map (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:404 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" +"När ldap_account_expire_policy=nds används avgör detta attribut vilka timmar " +"på dagen i en vecka åtkomst tillåts." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:409 +msgid "Default: loginAllowedTimeMap" +msgstr "Standard: loginAllowedTimeMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:415 +msgid "ldap_user_principal (string)" +msgstr "ldap_user_principal (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:418 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" +"LDAP-attributet som innehåller användarens användarhuvudmansnamn i Kerberos " +"(UPN)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:422 +msgid "Default: krbPrincipalName" +msgstr "Standard: krbPrincipalName" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:428 +msgid "ldap_user_extra_attrs (string)" +msgstr "ldap_user_extra_attrs (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:431 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" +"Kommaseparerad lista av LDAP-attribut som SSSD skall hämta tillsammans med " +"den vanliga uppsättningen av användarattribut." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:436 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" +"Listan kan antingen innehålla endast LDAP-attributnamn, eller " +"kolonseparerade tupler av SSSD-cacheattribut och LDAP-attributnamn. Ifall " +"endast LDAP-attributnamn anges sparas attributet i cachen ordagrant. Att " +"använda ett anpassat SSSD-attributnamn kan vara nödvändigt i miljöer som " +"konfigurerar flera SSSD-domäner med olika LDAP-scheman." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:446 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" +"Observera att flera attributnamn är reserverade av SSSD, speciellt " +"attributet <quote>name</quote>. SSSD rapporterar ett fel om något av de " +"reserverade attributnamnen används som ett extra attributnamn." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:456 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "ldap_user_extra_attrs = telephoneNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:459 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" +"Spara attributet <quote>telephoneNumber</quote> från LDAP som " +"<quote>telephoneNumber</quote> i cachen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:463 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "ldap_user_extra_attrs = phone:telephoneNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:466 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" +"Spara attributet <quote>telephoneNumber</quote> från LDAP som <quote>phone</" +"quote> i cachen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:476 +msgid "ldap_user_ssh_public_key (string)" +msgstr "ldap_user_ssh_public_key (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:479 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "LDAP-attributet som innehåller användarens publika SSH-nycklar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:483 sssd-ldap-attributes.5.xml:963 +msgid "Default: sshPublicKey" +msgstr "Standard: sshPublicKey" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:489 +msgid "ldap_user_fullname (string)" +msgstr "ldap_user_fullname (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:492 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "LDAP-attributet som motsvarar användarens fullständiga namn." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:502 +msgid "ldap_user_member_of (string)" +msgstr "ldap_user_member_of (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:505 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "LDAP-attributet som räknar upp användarens gruppmedlemskap." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:509 sssd-ldap-attributes.5.xml:950 +msgid "Default: memberOf" +msgstr "Standard: memberOf" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:515 +msgid "ldap_user_authorized_service (string)" +msgstr "ldap_user_authorized_service (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:518 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" +"Om access_provider=ldap och ldap_access_order=authorized_service kommer SSSD " +"använda förekomsten av attributet authorizedService i användarens LDAP-post " +"för att avgöra åtkomstprivilegier." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:525 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" +"Ett explicit nekande (!svc) avgörs först. Därefter söker SSSD efter " +"explicit tillåtelse (svc) och slutligen efter allow_all (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:530 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" +"Observera att konfigurationsalternativet ldap_access_order <emphasis>måste</" +"emphasis> innehålla <quote>authorized_service</quote> för att alternativet " +"ldap_user_authorized_service skall fungera." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:537 +msgid "" +"Some distributions (such as Fedora-29+ or RHEL-8) always include the " +"<quote>systemd-user</quote> PAM service as part of the login process. " +"Therefore when using service-based access control, the <quote>systemd-user</" +"quote> service might need to be added to the list of allowed services." +msgstr "" +"Några distributioner (såsom Fedora-29+ eller RHEL-8) inkluderar alltid PAM-" +"tjänsten <quote>systemd-user</quote> som en del av inloggningsprocessen. " +"Därför kan när tjänstebaserad åtkomstkontroll används tjänsten " +"<quote>systemd-user</quote> behöva läggas till till listan av tillåtna " +"tjänster." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:545 +msgid "Default: authorizedService" +msgstr "Standard: authorizedService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:551 +msgid "ldap_user_authorized_host (string)" +msgstr "ldap_user_authorized_host (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:554 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" +"Om access_provider=ldap och ldap_access_order=host kommer SSSD använda " +"förekomsten av attributet host i användarens LDAP-post för att avgöra " +"åtkomstprivilegier." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:560 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" +"Ett explicit nekande (!host) avgörs först. Därefter söker SSSD efter " +"explicit tillåtelse (host) och slutligen efter allow_all (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:565 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" +"Observera att konfigurationsalternativet ldap_access_order <emphasis>måste</" +"emphasis> innehålla <quote>host</quote> för att alternativet " +"ldap_user_authorized_host skall fungera." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:572 +msgid "Default: host" +msgstr "Standard: host" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:578 +msgid "ldap_user_authorized_rhost (string)" +msgstr "ldap_user_authorized_rhost (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:581 +msgid "" +"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the " +"presence of the rhost attribute in the user's LDAP entry to determine access " +"privilege. Similarly to host verification process." +msgstr "" +"Om access_provider=ldap och ldap_access_order=rhost kommer SSSD använda " +"förekomsten av attributet rhost i användarens LDAP-post för att avgöra " +"åtkomstprivilegier. Liknande värdverifieringsprocessen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:588 +msgid "" +"An explicit deny (!rhost) is resolved first. Second, SSSD searches for " +"explicit allow (rhost) and finally for allow_all (*)." +msgstr "" +"Ett explicit nekande (!rhost) avgörs först. Därefter söker SSSD efter " +"explicit tillåtelse (rhost) och slutligen efter allow_all (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:593 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>rhost</quote> in order for the " +"ldap_user_authorized_rhost option to work." +msgstr "" +"Observera att konfigurationsalternativet ldap_access_order <emphasis>måste</" +"emphasis> innehålla <quote>rhost</quote> för att alternativet " +"ldap_user_authorized_rhost skall fungera." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:600 +msgid "Default: rhost" +msgstr "Standard: rhost" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:606 +msgid "ldap_user_certificate (string)" +msgstr "ldap_user_certificate (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:609 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "Namnet på LDAP-attributet som innehåller användarens X509-certifikat." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:613 +msgid "Default: userCertificate;binary" +msgstr "Standard: userCertificate;binary" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:619 +msgid "ldap_user_email (string)" +msgstr "ldap_user_email (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:622 +msgid "Name of the LDAP attribute containing the email address of the user." +msgstr "Namnet på LDAP-attributet som innehåller användarens e-postadress." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:626 +msgid "" +"Note: If an email address of a user conflicts with an email address or fully " +"qualified name of another user, then SSSD will not be able to serve those " +"users properly. If for some reason several users need to share the same " +"email address then set this option to a nonexistent attribute name in order " +"to disable user lookup/login by email." +msgstr "" +"Observera: om en e-postadress för användaren står i konflikt med en e-" +"postadress eller fullt kvalificerat namn för en annan användare, då kommer " +"SSSD inte kunna serva dessa användare ordentligt. Om flera användare av " +"något skäl behöver dela samma e-postadress, sätt då detta attributnamn till " +"ett som inte finns för att avaktivera uppslagning/inloggning av användare " +"via e-post." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:635 +msgid "Default: mail" +msgstr "Standard: mail" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:640 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ldap_user_passkey (string)" +msgstr "ldap_user_name (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:643 +#, fuzzy +#| msgid "Name of the LDAP attribute containing the email address of the user." +msgid "" +"Name of the LDAP attribute containing the passkey mapping data of the user." +msgstr "Namnet på LDAP-attributet som innehåller användarens e-postadress." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:647 +msgid "Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:657 +msgid "GROUP ATTRIBUTES" +msgstr "GRUPPATTRIBUT" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:661 +msgid "ldap_group_object_class (string)" +msgstr "ldap_group_object_class (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:664 +msgid "The object class of a group entry in LDAP." +msgstr "Objektklassen hos en gruppost i LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:667 +msgid "Default: posixGroup" +msgstr "Standard: posixGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:673 +msgid "ldap_group_name (string)" +msgstr "ldap_group_name (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:676 +msgid "" +"The LDAP attribute that corresponds to the group name. In an environment " +"with nested groups, this value must be an LDAP attribute which has a unique " +"name for every group. This requirement includes non-POSIX groups in the tree " +"of nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:684 +msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "Standard: cn (rfc2307, rfc2307bis och IPA), sAMAccountName (AD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:691 +msgid "ldap_group_gid_number (string)" +msgstr "ldap_group_gid_number (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:694 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "LDAP-attributet som motsvarar gruppens id." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:704 +msgid "ldap_group_member (string)" +msgstr "ldap_group_member (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:707 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "LDAP-attributet som innehåller namnen på gruppens medlemmar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:711 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "Standard: memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:717 +msgid "ldap_group_uuid (string)" +msgstr "ldap_group_uuid (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:720 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "LDAP-attributet som innehåller UUID/GUID för ett LDAP-gruppobjekt." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:731 +msgid "ldap_group_objectsid (string)" +msgstr "ldap_group_objectsid (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:734 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"LDAP-attributet som innehåller objectSID för ett LDAP-gruppobjekt. Detta är " +"normalt bara nödvändigt för Active Directory-servrar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:746 +msgid "ldap_group_modify_timestamp (string)" +msgstr "ldap_group_modify_timestamp (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:759 +msgid "ldap_group_type (string)" +msgstr "ldap_group_type (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:762 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" +"LDAP-attributet som innehåller ett heltalsvärde som indikerar grupptypen och " +"kanske andra flaggor." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:767 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" +"Detta attribut används för närvarande bara av AD-leverantören för att avgöra " +"om en grupp är en domänlokal grupp och behöver filtreras bort för betrodda " +"domäner." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:773 +msgid "Default: groupType in the AD provider, otherwise not set" +msgstr "Standard: groupType i AD-leverantören, inte satt annars" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:780 +msgid "ldap_group_external_member (string)" +msgstr "ldap_group_external_member (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:783 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" +"LDAP-attributet som refererar gruppmedlemmar som är definierade i en extern " +"domän. För närvarande stödjs endast IPA:s externa medlemmar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:789 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "Standard: ipaExternalMember i IPA-leverantören, inte satt annars." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:799 +msgid "NETGROUP ATTRIBUTES" +msgstr "NÄTGRUPPSATTRIBUT" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:803 +msgid "ldap_netgroup_object_class (string)" +msgstr "ldap_netgroup_object_class (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:806 +msgid "The object class of a netgroup entry in LDAP." +msgstr "Objektklassen hos en nätgruppspost i LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:809 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "I IPA-leverantören skall ipa_netgroup_object_class användas istället." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:813 +msgid "Default: nisNetgroup" +msgstr "Standard: nisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:819 +msgid "ldap_netgroup_name (string)" +msgstr "ldap_netgroup_name (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:822 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "LDAP-attributet som motsvarar nätgruppnamnet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:826 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "I IPA-leverantören skall ipa_netgroup_name användas istället." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:836 +msgid "ldap_netgroup_member (string)" +msgstr "ldap_netgroup_member (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:839 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "LDAP-attributet som innehåller namnen på nätgruppens medlemmar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:843 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "I IPA-leverantören skall ipa_netgroup_member användas istället." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:847 +msgid "Default: memberNisNetgroup" +msgstr "Standard: memberNisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:853 +msgid "ldap_netgroup_triple (string)" +msgstr "ldap_netgroup_triple (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:856 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" +"LDAP-attributet som innehåller nätgrupptrippeln (värd, användare, domän)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:860 sssd-ldap-attributes.5.xml:876 +msgid "This option is not available in IPA provider." +msgstr "Detta alternativ är inte tillgängligt i IPA-leverantören." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:863 +msgid "Default: nisNetgroupTriple" +msgstr "Standard: nisNetgroupTriple" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:869 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "ldap_netgroup_modify_timestamp (sträng)" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:888 +msgid "HOST ATTRIBUTES" +msgstr "VÄRDATTRIBUT" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:892 +msgid "ldap_host_object_class (string)" +msgstr "ldap_host_object_class (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:895 +msgid "The object class of a host entry in LDAP." +msgstr "Objektklassen hos en värdpost i LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:898 sssd-ldap-attributes.5.xml:995 +msgid "Default: ipService" +msgstr "Standard: ipService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:904 +msgid "ldap_host_name (string)" +msgstr "ldap_host_name (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:907 sssd-ldap-attributes.5.xml:933 +msgid "The LDAP attribute that corresponds to the host's name." +msgstr "LDAP-attributet som motsvarar värdens namn." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:917 +msgid "ldap_host_fqdn (string)" +msgstr "ldap_host_fqdn (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:920 +msgid "" +"The LDAP attribute that corresponds to the host's fully-qualified domain " +"name." +msgstr "" +"LDAP-attributet som motsvarar värdens fullständigt kvalificerade domännamn." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:924 +msgid "Default: fqdn" +msgstr "Standard: fqdn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:930 +msgid "ldap_host_serverhostname (string)" +msgstr "ldap_host_serverhostname (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:937 +msgid "Default: serverHostname" +msgstr "Standard: serverHostname" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:943 +msgid "ldap_host_member_of (string)" +msgstr "ldap_host_member_of (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:946 +msgid "The LDAP attribute that lists the host's group memberships." +msgstr "LDAP-attributet som räknar upp värdens gruppmedlemskap." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:956 +msgid "ldap_host_ssh_public_key (string)" +msgstr "ldap_host_ssh_public_key (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:959 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "LDAP-attributet som innehåller värdens publika SSH-nycklar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:969 +msgid "ldap_host_uuid (string)" +msgstr "ldap_host_uuid (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:972 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object." +msgstr "LDAP-attributet som innehåller UUID/GUID för ett LDAP-värdobjekt." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:985 +msgid "SERVICE ATTRIBUTES" +msgstr "TJÄNSTEATTRIBUT" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:989 +msgid "ldap_service_object_class (string)" +msgstr "ldap_service_object_class (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:992 +msgid "The object class of a service entry in LDAP." +msgstr "Objektklassen hos en servicepost i LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1001 +msgid "ldap_service_name (string)" +msgstr "ldap_service_name (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1004 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" +"LDAP-attributet som innehåller namnet på tjänsteattribut och deras alias." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1014 +msgid "ldap_service_port (string)" +msgstr "ldap_service_port (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1017 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "LDAP-attributet som innehåller porten som hanteras av denna tjänst." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1021 +msgid "Default: ipServicePort" +msgstr "Standard: ipServicePort" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1027 +msgid "ldap_service_proto (string)" +msgstr "ldap_service_proto (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1030 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "LDAP-attributet som innehåller protokollen som denna tjänst förstår." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1034 +msgid "Default: ipServiceProtocol" +msgstr "Standard: ipServiceProtocol" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1043 +msgid "SUDO ATTRIBUTES" +msgstr "SUDO-ATTRIBUT" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1047 +msgid "ldap_sudorule_object_class (string)" +msgstr "ldap_sudorule_object_class (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1050 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "Objektklassen hos en sudo-regelpost i LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1053 +msgid "Default: sudoRole" +msgstr "Standard: sudoRole" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1059 +msgid "ldap_sudorule_name (string)" +msgstr "ldap_sudorule_name (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1062 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "LDAP-attributet som motsvarar sudo-regelnamnet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1072 +msgid "ldap_sudorule_command (string)" +msgstr "ldap_sudorule_command (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1075 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "LDAP-attributet som motsvarar kommandonamnet." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1079 +msgid "Default: sudoCommand" +msgstr "Standard: sudoCommand" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1085 +msgid "ldap_sudorule_host (string)" +msgstr "ldap_sudorule_host (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1088 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" +"LDAP-attributet som motsvarar värdnamnet (eller värdens IP-adress, värdens " +"IP-nätverk eller värdens nätgrupp)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1093 +msgid "Default: sudoHost" +msgstr "Standard: sudoHost" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1099 +msgid "ldap_sudorule_user (string)" +msgstr "ldap_sudorule_user (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1102 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" +"LDAP-attributet som motsvarar användarnamnet (eller AID, gruppnamnet eller " +"användarens nätgrupp)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1106 +msgid "Default: sudoUser" +msgstr "Standard: sudoUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1112 +msgid "ldap_sudorule_option (string)" +msgstr "ldap_sudorule_option (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1115 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "LDAP-attributet som motsvarar sudo-alternativen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1119 +msgid "Default: sudoOption" +msgstr "Standard: sudoOption" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1125 +msgid "ldap_sudorule_runasuser (string)" +msgstr "ldap_sudorule_runasuser (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1128 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" +"LDAP-attributet som motsvarar användarnamnet som kommandon får köras som." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1132 +msgid "Default: sudoRunAsUser" +msgstr "Standard: sudoRunAsUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1138 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "ldap_sudorule_runasgroup (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1141 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" +"LDAP-attributet som motsvarar gruppnamnet eller grupp-GID:t som kommandon " +"får köras som." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1145 +msgid "Default: sudoRunAsGroup" +msgstr "Standard: sudoRunAsGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1151 +msgid "ldap_sudorule_notbefore (string)" +msgstr "ldap_sudorule_notbefore (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1154 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" +"LDAP-attributet som motsvarar startdagen/-tiden då sudo-regeln är giltig." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1158 +msgid "Default: sudoNotBefore" +msgstr "Standard: sudoNotBefore" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1164 +msgid "ldap_sudorule_notafter (string)" +msgstr "ldap_sudorule_notafter (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1167 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" +"LDAP-attributet som motsvarar utgångsdagen/-tiden då sudo-regeln inte längre " +"är giltig." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1172 +msgid "Default: sudoNotAfter" +msgstr "Standard: sudoNotAfter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1178 +msgid "ldap_sudorule_order (string)" +msgstr "ldap_sudorule_order (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1181 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "LDAP-attributet som motsvarar ordningsindexet för regeln." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1185 +msgid "Default: sudoOrder" +msgstr "Standard: sudoOrder" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1194 +msgid "AUTOFS ATTRIBUTES" +msgstr "AUTOFS-ATTRIBUT" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1201 +msgid "IP HOST ATTRIBUTES" +msgstr "IP-VÄRDATTRIBUT" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1205 +msgid "ldap_iphost_object_class (string)" +msgstr "ldap_iphost_object_class (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1208 +msgid "The object class of an iphost entry in LDAP." +msgstr "Objektklassen för en iphost-post i LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1211 +msgid "Default: ipHost" +msgstr "Standard: ipHost" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1217 +msgid "ldap_iphost_name (string)" +msgstr "ldap_iphost_name (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1220 +msgid "" +"The LDAP attribute that contains the name of the IP host attributes and " +"their aliases." +msgstr "" +"LDAP-attributet som innehåller namnet på IP-värdattributen och deras alias." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1230 +msgid "ldap_iphost_number (string)" +msgstr "ldap_iphost_number (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1233 +msgid "The LDAP attribute that contains the IP host address." +msgstr "LDAP-attributet som innehåller IP-värdadressen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1237 +msgid "Default: ipHostNumber" +msgstr "Standard: ipHostNumber" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1246 +msgid "IP NETWORK ATTRIBUTES" +msgstr "IP-NÄTVERKSATTRIBUT" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1250 +msgid "ldap_ipnetwork_object_class (string)" +msgstr "ldap_ipnetwork_object_class (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1253 +msgid "The object class of an ipnetwork entry in LDAP." +msgstr "Objektklassen för en ipnetwork-post i LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1256 +msgid "Default: ipNetwork" +msgstr "Standard: ipNetwork" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1262 +msgid "ldap_ipnetwork_name (string)" +msgstr "ldap_ipnetwork_name (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1265 +msgid "" +"The LDAP attribute that contains the name of the IP network attributes and " +"their aliases." +msgstr "" +"LDAP-attributet som innehåller namnet på IP-nätverksattributen och deras " +"alias." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1275 +msgid "ldap_ipnetwork_number (string)" +msgstr "ldap_ipnetwork_number (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1278 +msgid "The LDAP attribute that contains the IP network address." +msgstr "LDAP-attributet som innehåller IP-nätverksadressen." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1282 +msgid "Default: ipNetworkNumber" +msgstr "Standard: ipNetworkNumber" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_localauth_plugin.8.xml:10 sssd_krb5_localauth_plugin.8.xml:15 +msgid "sssd_krb5_localauth_plugin" +msgstr "sssd_krb5_localauth_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_localauth_plugin.8.xml:16 +msgid "Kerberos local authorization plugin" +msgstr "Kerberos lokala auktoriseringsinsticksmodul" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:22 +msgid "" +"The Kerberos local authorization plugin <command>sssd_krb5_localauth_plugin</" +"command> is used by libkrb5 to either find the local name for a given " +"Kerberos principal or to check if a given local name and a given Kerberos " +"principal relate to each other." +msgstr "" +"Kerberos lokala auktoriseringsinsticksmodul " +"<command>sssd_krb5_localauth_plugin</command> används av libkrb5 för att " +"antingen hitta det lokala namnet för en given Kerberoshuvudman eller för att " +"kontrollera om ett givet lokalt namn och en given Kerberoshuvudman relaterar " +"till varandra." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:29 +msgid "" +"SSSD handles the local names for users from a remote source and can read the " +"Kerberos user principal name from the remote source as well. With this " +"information SSSD can easily handle the mappings mentioned above even if the " +"local name and the Kerberos principal differ considerably." +msgstr "" +"SSSD hanterar de lokala namnen för användare från fjärrkällor och kan även " +"läsa från Kerberos användarhuvudmannanamn från fjärrkällor. Med denna " +"information kan SSSD enkelt hantera avbildningarna nämnda ovan även om det " +"lokala namnet och Kerberoshuvudmannen skiljer avsevärt." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:36 +msgid "" +"Additionally with the information read from the remote source SSSD can help " +"to prevent unexpected or unwanted mappings in case the user part of the " +"Kerberos principal accidentally corresponds to a local name of a different " +"user. By default libkrb5 might just strip the realm part of the Kerberos " +"principal to get the local name which would lead to wrong mappings in this " +"case." +msgstr "" +"Dessutom kan SSSD med informationen som lästs från fjärrkällor hjälpa till " +"att förhindra oväntade eller oönskade avbildningar ifall användardelen av " +"Kerberoshuvudmannen oavsiktligt motsvarar ett lokalt namn på en annan " +"användare. Som standard kan libkrb5 bara plocka bort delen rike från " +"Kerberoshuvudmannen för att få det lokala namnet vilket skulle leda till " +"felaktiga avbildningar i detta fall." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd_krb5_localauth_plugin.8.xml:46 +msgid "CONFIGURATION" +msgstr "KONFIGURATION" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd_krb5_localauth_plugin.8.xml:56 +#, no-wrap +msgid "" +"[plugins]\n" +" localauth = {\n" +" module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so\n" +" }\n" +msgstr "" +"[plugins]\n" +" localauth = {\n" +" module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so\n" +" }\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:48 +msgid "" +"The Kerberos local authorization plugin must be enabled explicitly in the " +"Kerberos configuration, see <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. SSSD will create a " +"config snippet with the content like e.g. <placeholder " +"type=\"programlisting\" id=\"0\"/> automatically in the SSSD's public " +"Kerberos configuration snippet directory. If this directory is included in " +"the local Kerberos configuration the plugin will be enabled automatically." +msgstr "" +"Kerberos lokala auktoriseringsinsticksmodul måste aktiveras explicit i " +"Kerberoskonfigurationen, se <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. SSSD kommer " +"automatiskt skapa en konfigurationssnutt med innehållet som t.ex. " +"<placeholder type=\"programlisting\" id=\"0\"/> i SSSD:s publika katalog med " +"Kerberoskonfigurationssnuttar. Om denna katalog är inkluderad i den lokala " +"Kerberoskonfigurationen kommer insticksmodulen automatiskt aktiveras." + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:3 +msgid "ldap_autofs_map_object_class (string)" +msgstr "ldap_autofs_map_object_class (sträng)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:6 +msgid "The object class of an automount map entry in LDAP." +msgstr "Objektklassen hos en automatmonteringskartepost i LDAP." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:9 +msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap" +msgstr "Standard: nisMap (rfc2307, autofs_provider=ad), annars automountMap" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:16 +msgid "ldap_autofs_map_name (string)" +msgstr "ldap_autofs_map_name (sträng)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:19 +msgid "The name of an automount map entry in LDAP." +msgstr "Namnet på en automatmonteringskartepost i LDAP." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:22 +msgid "" +"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName" +msgstr "" +"Standard: nisMapName (rfc2307, autofs_provider=ad), annars automountMapName" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:29 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "ldap_autofs_entry_object_class (sträng)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:32 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" +"Objektklassen hos en automatmonteringspost i LDAP. Posten motsvarar " +"vanligen en monteringspunkt." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:37 +msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount" +msgstr "Standard: nisObject (rfc2307, autofs_provider=ad), annars automount" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:44 +msgid "ldap_autofs_entry_key (string)" +msgstr "ldap_autofs_entry_key (sträng)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:47 include/autofs_attributes.xml:61 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" +"Nyckeln till en automatmonteringspost i LDAP. Posten motsvarar vanligen en " +"monteringspunkt." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:51 +msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey" +msgstr "Standard: cn (rfc2307, autofs_provider=ad), annars automountKey" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:58 +msgid "ldap_autofs_entry_value (string)" +msgstr "ldap_autofs_entry_value (sträng)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:65 +msgid "" +"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise " +"automountInformation" +msgstr "" +"Standard: nisMapEntry (rfc2307, autofs_provider=ad), annars " +"automountInformation" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "TJÄNSTEUPPTÄCKT" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" +"Tjänsteupptäcktsfunktionen gör att bakändar automatiskt kan hitta en lämplig " +"server att ansluta till med en speciell DNS-fråga. Denna funktion stödjs " +"inte för backup-servrar." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "Konfiguration" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" +"Om inga servrar anges använder bakänden automatiskt tjänsteupptäckt för att " +"försöka hitta en server. Användaren kan om så önskas välja att använda både " +"en bestämd serveradress och tjänsteupptäckt genom att infoga ett speciellt " +"nyckelord, <quote>_srv_</quote>, i listan av servrar. Preferensordningen " +"bibehålls. Denna funktion är användbar om, till exempel, användaren " +"föredrar att använda tjänsteupptäckt närhelst det är möjligt, och falla " +"tillbaka på en specifik server när inga servrar kan upptäckas med DNS." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "Domännamnet" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" +"Se parametern <quote>dns_discovery_domain</quote> i manualsidan " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> för fler detaljer." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "Protokollet" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" +"Frågorna anger vanligen _tcp som protokoll. Undantag är dokumenterade i " +"respektive alternativs beskrivning." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "Se även" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "För mer information om tjänsteupptäcktsmekanismen, se RFC 2782." + +#. type: Content of: <refentryinfo> +#: include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - https://github." +"com/SSSD/sssd/</orgname>" +msgstr "" +"<productname>SSSD</productname> <orgname>SSSD uppströms – https://github.com/" +"SSSD/sssd/</orgname>" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "RESERVER" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" +"Reservfunktionen gör att bakändar automatiskt kan byta till en annan server " +"om den nuvarande servern slutar fungera." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "Reservsyntax" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" +"Listan av servrar ges som en kommaseparerad lista; godtyckligt antal " +"mellanslag tillåts runt kommatecknet. Servrarna listas i preferensordning. " +"Listan kan innehålla obegränsat antal servrar." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" +"För varje reservaktiverat konfigurationsalternativ finns det två varianter: " +"<emphasis>primary</emphasis> och <emphasis>backup</emphasis>. Tanken är att " +"servrar i den primära listan föredras och backup-servrar bara provas om inga " +"primära servrar kan nås. Om en backup-server väljs sätts en tidsgräns på 31 " +"sekunder. Efter denna tidsgräns kommer SSSD periodiskt att försöka " +"återansluta till en av de primära servrarna. Om det lyckas kommer den " +"ersätta den nu aktiva (backup-)servern." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "Reservmekanismen" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" +"Reservmekanismen gör skillnad mellan en maskin och en tjänst. Bakänden " +"försöker först att slå upp värdnamnet för en given maskin; om denna " +"uppslagning misslyckas antas maskinen vara bortkopplad. Inga ytterligare " +"försök görs att ansluta till denna maskin för någon annan tjänst. Om " +"uppslagningsförsöket lyckas försöker bakänden ansluta till en tjänst på " +"denna maskin. Om tjänsteanslutningen misslyckas anses bara just denna " +"tjänst frånkopplad och bakänden byter automatiskt till nästa tjänst. " +"Maskinen betraktas fortfarande som uppkopplad och kan användas vid försök " +"att nå en annan tjänst." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" +"Ytterligare försök att ansluta görs till maskiner eller tjänster som " +"markerats som frånkopplade efter en viss tidsperiod, detta är för närvarande " +"hårdkodat till 30 sekunder." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" +"Om det inte finns några fler maskiner att prova byter bakänden i sin helhet " +"till frånkopplat läge, och försöker sedan återansluta var 30:e sekund." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:53 +msgid "Failover time outs and tuning" +msgstr "Tidsgränser och trimning av reservfunktioner" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:55 +msgid "" +"Resolving a server to connect to can be as simple as running a single DNS " +"query or can involve several steps, such as finding the correct site or " +"trying out multiple host names in case some of the configured servers are " +"not reachable. The more complex scenarios can take some time and SSSD needs " +"to balance between providing enough time to finish the resolution process " +"but on the other hand, not trying for too long before falling back to " +"offline mode. If the SSSD debug logs show that the server resolution is " +"timing out before a live server is contacted, you can consider changing the " +"time outs." +msgstr "" +"Att slå upp en server att ansluta till kan vara så enkelt som att göra en " +"enstaka DNS-fråga eller kan innebära flera steg, såsom att hitta den rätta " +"sajten eller försöka med flera värdnamn ifall några av de konfigurerade " +"servrarna inte kan nås. De mer komplexa scenariona kan ta en stund och SSSD " +"behöver balansera mellan att tillhandahålla tillräckligt med tid för att " +"färdigställa upplösningsprocessen men å andra sidan inte försöka för länge " +"före den faller tillbaka på frånkopplat läge. Om SSSD:s felsökningsloggar " +"visar att serverns upplösning överskrider tidsgränsen före en aktiv server " +"nås kan du överväga att ändra tidsgränserna." + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:76 +msgid "dns_resolver_server_timeout" +msgstr "dns_resolver_server_timeout" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:80 +msgid "" +"Time in milliseconds that sets how long would SSSD talk to a single DNS " +"server before trying next one." +msgstr "" +"Tid i millisekunder som anger hur länge SSSD skall tala med en viss DNS-" +"server före den provar nästa." + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:90 +msgid "dns_resolver_op_timeout" +msgstr "dns_resolver_op_timeout" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:94 +msgid "" +"Time in seconds to tell how long would SSSD try to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or discovery domain." +msgstr "" +"Tid i sekunder hur länge SSSD skall försöka slå upp en viss DNS-fråga (t.ex. " +"uppslagning av ett värdnamn eller en SRV-post) före den provar nästa " +"värdnamn eller upptäcktsdomän." + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:106 +msgid "dns_resolver_timeout" +msgstr "dns_resolver_timeout" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:110 +msgid "" +"How long would SSSD try to resolve a failover service. This service " +"resolution internally might include several steps, such as resolving DNS SRV " +"queries or locating the site." +msgstr "" +"Hur länge skall SSSD försöka slå upp en reservtjänst. Denna " +"tjänsteuppslagning kan internt bestå av flera steg, såsom att slå upp DNS " +"SRV-frågor och lokalisera sajten." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:67 +msgid "" +"This section lists the available tunables. Please refer to their description " +"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"Detta avsnitt listar tillgängliga trimningsvariabler. Se deras beskrivning " +"i manualsidan <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:123 +msgid "" +"For LDAP-based providers, the resolve operation is performed as part of an " +"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout</" +"quote> timeout should be set to a larger value than " +"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger " +"value than <quote>dns_resolver_op_timeout</quote> which should be larger " +"than <quote>dns_resolver_server_timeout</quote>." +msgstr "" +"För LDAP-baserade leverantörer utförs uppslagningsoperationen som en del av " +"LDAP-anslutningsoperationen. Därför skall även tidsgränsen " +"<quote>ldap_opt_timeout</quote> sättas till ett större värde än " +"<quote>dns_resolver_timeout</quote> som i sin tur skall sättas till ett " +"större värde än <quote>dns_resolver_op_timeout</quote> som skall vara större " +"än <quote>dns_resolver_server_timeout</quote>." + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "ID-MAPPNING" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" +"ID-mappningsfunktionen låter SSSD fungera som en klient till Active " +"Directory utan att kräva att administratörer utökar användarattribut till " +"att stödja POSIX-attribut för användar- och gruppidentifierare." + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" +"OBSERVERA: När ID-mappning aktiveras ignoreras attributen uidNumber och " +"gidNumber. Detta är för att undvika möjligheten av konflikt mellan " +"automatiskt tilldelade och manuellt tilldelade värden. Om du behöver " +"använda manuellt tilldelade värden måste ALLA värden tilldelas manuellt." + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" +"Observera att byte av ID-mappnings relaterade konfigurationsalternativ " +"kommer få användar- och grupp-ID:n att ändras. För närvarande stödjer inte " +"SSSD byte av ID:n, så SSSD-databasen måste tas bort. Eftersom cachade " +"lösenord också lagras i databasen skall databasen bara tas bort när " +"autentiseringsservrarna kan nås, annars kan användare låsas ute. För att " +"cacha lösenordet måste en autentisering göras. Det är inte tillräckligt att " +"använda <citerefentry> <refentrytitle>sss_cache</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> för att ta bort databasen, istället " +"består processen av:" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "Se till att fjärrservrarna är nåbara" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "Stoppa tjänsten SSSD" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "Ta bort databasen" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "Starta tjänsten SSSD" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" +"Dessutom, eftersom ändringen av ID:n kan göra det nödvändigt att justera " +"andra systemegenskaper såsom ägare av filer och kataloger, är det lämpligt " +"att planera i förväg och testa konfigurationen av ID-översättningar noggrant." + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "Översättningsalgoritm" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" +"Active Directory tillhandahåller ett objectSID för varje användar- och " +"gruppobjekt i katalogen. Detta objectSID kan delas upp i komponenter som " +"representerar Active Directorys domänidentitet och den relativa " +"identifieraren (RID) till användar- eller gruppobjektet." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" +"SSSD ID-översättningsalgoritmen tar ett intervall av tillgängliga AID:er och " +"delar upp det i lika stora komponentavsnitt – kallade ”skivor” (”slices”) " +"–. Varje skiva representerar utrymmet som är tillgängligt för en Active " +"Directory-domän." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" +"När en användar- eller gruppost för en viss domän påträffas för första " +"gången allokerar SSSD en av de tillgängliga skivorna för den domänen. För " +"att göra denna skivtilldelning upprepbar på olika klientmaskiner väljer vi " +"skivan baserat på följande algoritm:" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" +"SID-strängen skickas genom algoritmen murmurhash3 för att konvertera den " +"till ett 32-bitars hash-värde. Vi tar sedan modulo på detta värde med det " +"totala antalet tillgängliga skivor och väljer den skivan." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" +"OBSERVERA: Det är möjligt att träffa på kollisioner i hash:en och den " +"påföljande moduloberäkningen. I dessa situationer kommer vi välja nästa " +"tillgängliga skiva, men det är kanske inte möjligt att reproducera exakt " +"samma uppsättning av skivor på andra maskiner (eftersom ordningen som de " +"påträffas kommer avgöra deras skiva). I den här situationen rekommenderas " +"det att antingen byta till att använda explicita POSIX-attribut i Active " +"Directory (avaktivera ID-mappningen) eller konfigurera en standarddomän för " +"att garantera att åtminstone en alltid är konsistent. Se " +"<quote>Konfiguration</quote> för detaljer." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "Minimikonfiguration (i avsnittet <quote>[domain/DOMÄNNAMN]</quote>):" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 200,000 and going up to " +"2,000,200,000. This should be sufficient for most deployments." +msgstr "" +"Standardkonfigurationen resulterar i konfiguration av 10 000 skivor, som var " +"och en kan innehålla upp till 200 000 ID:n, med början på 200 000 och upp " +"till 2 000 200 000. Detta bör vara tillräckligt för de flesta " +"installationer." + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "Avancerad konfiguration" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "ldap_idmap_range_min (heltal)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower (inclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"can be used for the mapping." +msgstr "" +"Anger den lägre (inklusiva) gränsen för intervallet av POSIX ID:n att " +"använda för översättning av användar- och grupp-SID:n från Active Directory. " +"Det är det första POSIX-ID:t som kan användas för översättning." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:129 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" +"OBSERVERA: Detta alternativ är inte detsamma som <quote>min_id</quote> " +"eftersom <quote>min_id</quote> fungerar som ett filter av utmatade " +"begäranden till denna domän, medan detta alternativ styr intervallet av ID-" +"tilldelningen. Detta är en subtil distinktion, men det allmänna goda rådet " +"skulle vara att ha <quote>min_id</quote> mindre än eller lika med " +"<quote>ldap_idmap_range_min</quote>" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:139 include/ldap_id_mapping.xml:197 +msgid "Default: 200000" +msgstr "Standard: 200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:144 +msgid "ldap_idmap_range_max (integer)" +msgstr "ldap_idmap_range_max (heltal)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:147 +msgid "" +"Specifies the upper (exclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"cannot be used for the mapping anymore, i.e. one larger than the last one " +"which can be used for the mapping." +msgstr "" +"Anger den övre (exklusiva) gränsen för intervallet av POSIX ID:n att använda " +"för översättning av användar- och grupp-SID:n från Active Directory. Det är " +"det första POSIX-ID:t som inte kan användas för översättning längre, d.v.s. " +"ett mer än det sista som kan användas för översättningen." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:155 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" +"OBSERVERA: Detta alternativ är inte detsamma som <quote>max_id</quote> " +"eftersom <quote>max_id</quote> fungerar som ett filter av utmatade " +"begäranden till denna domän, medan detta alternativ styr intervallet av ID-" +"tilldelningen. Detta är en subtil distinktion, men det allmänna goda rådet " +"skulle vara att ha <quote>max_id</quote> större än eller lika med " +"<quote>ldap_idmap_range_max</quote>" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:165 +msgid "Default: 2000200000" +msgstr "Standard: 2000200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:170 +msgid "ldap_idmap_range_size (integer)" +msgstr "ldap_idmap_range_size (heltal)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" +"Anger antalet ID:n som är tillgängliga för varje skiva. Om storleken på " +"intervallet inte delas jämnt mellan min- och maxvärdena kommer den skapa så " +"många fullständiga skivor den kan." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" +"OBSERVERA: Värdet på detta alternativ måste vara åtminstone så stort som den " +"högsta RID som planeras användas i Active Directory-servern. " +"Användaruppslagningar och inloggningar kommer misslyckas för eventuella " +"användare vars RID är större än detta värde." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:185 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" +"Till exempel, om den senaste tillagda Active Directory-användaren har " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, måste " +"<quote>ldap_idmap_range_size</quote> vara åtminstone 1108 eftersom " +"intervallstorleken är lika med maximal SID minus minimal SID plus ett (t.ex. " +"1108 = 1107 - 0 + 1)." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:192 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" +"Det är viktigt att planera i förväg för framtida expansioner, eftersom " +"ändring av detta värde skulle resultera i att ändra alla ID-översättningar " +"på systemet, vilket skulle leda till användare med andra lokala ID:n än de " +"tidigare hade." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:202 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "ldap_idmap_default_domain_sid (sträng)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:205 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" +"Ange domän-SID:n för standarddomänen. Detta kommer garantera att denna " +"domän alltid kommer tilldelas till skiva noll i ID-översättningen, och " +"undviker murmurhash-algoritmen som beskrivs ovan." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:216 +msgid "ldap_idmap_default_domain (string)" +msgstr "ldap_idmap_default_domain (sträng)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:219 +msgid "Specify the name of the default domain." +msgstr "Ange namnet på standarddomänen." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:227 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "ldap_idmap_autorid_compat (boolean)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:230 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" +"Ändrar beteendet på ID-översättningsalgoritmen till att bete sig mer likt " +"winbind:s <quote>idmap_autorid</quote>-algoritm." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:235 +#, fuzzy +#| msgid "" +#| "When this option is configured, domains will be allocated starting with " +#| "slice zero and increasing monatomically with each additional domain." +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monotonically with each additional domain." +msgstr "" +"När detta alternativ konfigureras kommer domäner allokeras med början med " +"skiva noll och ökar monatomärt med varje ytterligare domän." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:240 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" +"OBSERVERA: Denna algoritm är inte deterministisk (den beror på ordningen som " +"användare och grupper efterfrågas). Om detta läge krävs för kompatibilitet " +"med maskiner som kör winbind rekommenderas det att även använda alternativet " +"<quote>ldap_idmap_default_domain_sid</quote> för att garantera att " +"åtminstone en domän är konsekvent allokerat till skiva noll." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:255 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "ldap_idmap_helper_table_size (heltal)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:258 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" +"Maximalt antal sekundära skivor som provas när mappningen från UNIX id till " +"SID utförs." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:262 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" +"Observera: ytterligare sekundära skivor kan genereras när en SID översätts " +"till UNIX-id och RID-delen av SID:n är utanför intervallet för sekundära " +"skivor som genererats hittills. Om värdet på ldap_idmap_helper_table_size " +"är lika med 0 genereras inga ytterligare sekundära skivor." + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:279 +msgid "Well-Known SIDs" +msgstr "Välkända SID:er" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" +"SSSD stödjer uppslagning av namnen på välkända SID:er, d.v.s. SID:er med en " +"speciell hårdkodad betydelse. Eftersom de allmänna användarna och grupperna " +"relaterade till dessa välkända SID:er inte har någon motsvarighet i en " +"Linux-/UNIX-miljö är inga POSIX-ID:n tillgängliga för dessa objekt." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:287 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" +"SID-namnrymden är organiserad i auktoriteter som kan ses som olika domäner. " +"Auktoriteterna för välkända SID:er är" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:290 +msgid "Null Authority" +msgstr "Null-auktoritet" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:291 +msgid "World Authority" +msgstr "Världsauktoritet" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:292 +msgid "Local Authority" +msgstr "Lokal auktoritet" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:293 +msgid "Creator Authority" +msgstr "Skaparauktoritet" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:294 +msgid "Mandatory Label Authority" +msgstr "Tvingande etikettsauktoritet" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:295 +msgid "Authentication Authority" +msgstr "Autentiseringsauktoritet" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:296 +msgid "NT Authority" +msgstr "NT-auktoritet" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:297 +msgid "Built-in" +msgstr "Inbyggd" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:299 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" +"Den versala versionen av dessa namn används som domännamn när det " +"fullständigt kvalificerade namnet på en välkänd SID returneras." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:303 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote>LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, " +"<quote>MANDATORY LABEL AUTHORITY</quote>, <quote>AUTHENTICATION AUTHORITY</" +"quote>, <quote>NT AUTHORITY</quote> and <quote>BUILTIN</quote> should not be " +"used as domain names in <filename>sssd.conf</filename>." +msgstr "" +"Eftersom några verktyg tillåter att man ändrar SID-baserad " +"åtkomststyrningsinformation med hjälp av ett namn istället för att använda " +"SID:en direkt stödjer SSSD uppslagning av SID:en med detta namn också. För " +"att undvika kollisioner kan bara de fullständigt kvalificerade namnen " +"användas för att slå upp välkända SID:er. Som ett resultat skall domännamnen " +"<quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, <quote>LOCAL " +"AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>MANDATORY LABEL " +"AUTHORITY</quote>, <quote>AUTHENTICATION AUTHORITY</quote>, <quote>NT " +"AUTHORITY</quote> och <quote>BUILTIN</quote> inte användas som domännamn i " +"<filename>sssd.conf</filename>." + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "<option>-?</option>,<option>--help</option>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "Visa ett hjälpmeddelande och avsluta." + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "<option>-h</option>,<option>--help</option>" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" +"SSSD stödjer två representationer för att ange felsökningsnivå. Det " +"enklaste är att ange ett decimalt värde från 0-9 som representerar " +"aktivering av den nivån och alla lägre nivåer av felsökningsmeddelanden. " +"Det mer fullständiga alternativet är att ange en hexadecimal bitmask för att " +"aktivera eller avaktivera specifika nivåer (såsom om du önskar undertrycka " +"en nivå)." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" +"Observera att varje SSSD-tjänst loggar till sin egen loggfil. Observera " +"också att aktivering av <quote>debug_level</quote> i avsnittet " +"<quote>[sssd]</quote> bara aktiverar felsökning just för själva sssd-" +"processen, inte för respondent- eller leverantörsprocesser. Parametern " +"<quote>debug_level</quote> skall läggas till i alla sektioner som man vill " +"producera felsökningsloggar ifrån." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" +"Utöver att ändra loggnivån i konfigurationsfilen med parametern " +"<quote>debug_level</quote>, som är bestående, men kräver omstart av SSSD, är " +"det även möjligt att ändra felsökningsnivån i farten med verktyget " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10 +msgid "Currently supported debug levels:" +msgstr "Felsökningsnivåer som för närvarande stödjs:" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Ödesdigra fel. Allt " +"som skulle hindra SSSD från att starta upp eller får den att sluta köra." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill SSSD, but one that indicates that at least one major " +"feature is not going to work properly." +msgstr "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Kritiska fel. Ett fel " +"som inte dödar SSSD, men ett som indikerar att åtminstone en viktig funktion " +"inte kommer fungera korrekt." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Allvarliga fel. Ett " +"fel som rapporterar att en viss begäran eller operation har misslyckats." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Smärre fel. Detta är " +"fel som skulle kunna bubbla ner till att orsaka funktionsfelet 2." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: " +"Konfigurationsinställningar." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Funktionsdata." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Spårmeddelanden för " +"åtgärdsfunktioner." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Spårmeddelanden för " +"interna styrfunktioner." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Innehållet i interna " +"variabler som kan vara intressant." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Spårningsinformation på " +"extremt låg nivå." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x20000</emphasis>: Performance and " +"statistical data, please note that due to the way requests are processed " +"internally the logged execution time of a request might be longer than it " +"actually was." +msgstr "" +"<emphasis>9</emphasis>,<emphasis>0x20000</emphasis>: Prestanda och " +"statistiska data, observera att på grund av hur förfrågningar behandlas " +"internt kan den loggade exekveringstiden för en förfrågan vara längre än den " +"faktiskt var." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:88 include/debug_levels_tools.xml:62 +msgid "" +"<emphasis>10</emphasis>, <emphasis>0x10000</emphasis>: Even more low-level " +"libldb tracing information. Almost never really required." +msgstr "" +"<emphasis>10</emphasis>, <emphasis>0x10000</emphasis>: Ännu mer lågnivå " +"spårningsinformation om libldb. Det behövs nästan aldrig." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:93 include/debug_levels_tools.xml:67 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" +"För att logga begärda bitmaskfelsökningsnivåer, lägg helt enkelt ihop deras " +"tal som visas i följande exempel:" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:97 include/debug_levels_tools.xml:71 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" +"<emphasis>Exempel</emphasis>: För att logga ödesdigra fel, kritiska fel, " +"allvarliga fel och funktionsdata, använd 0x0270." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:101 include/debug_levels_tools.xml:75 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" +"<emphasis>Exempel</emphasis>: För att logga ödesdigra fel, " +"konfigurationsinställningar, funktionsdata och spårmeddelanden för interna " +"styrfunktioner, använd 0x1310." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:106 include/debug_levels_tools.xml:80 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" +"<emphasis>Observera</emphasis>: bitmaskformatet för felsökningsnivåer " +"introducerades i 1.7.0." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:110 include/debug_levels_tools.xml:84 +msgid "" +"<emphasis>Default</emphasis>: 0x0070 (i.e. fatal, critical and serious " +"failures; corresponds to setting 2 in decimal notation)" +msgstr "" +"<emphasis>Standard</emphasis>: 0x0070 (d.v.s. ödesdigra, kritiska och " +"allvarliga fel; motsvarar inställningen 2 i decimal notation)" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "DEN LOKALA DOMÄNEN" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" +"För att fungera korrekt måste en domän med <quote>id_provider=local</quote> " +"skapas och SSSD måste köra." + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" +"Administratören kan vilja använda SSSD:s lokala användare istället för " +"traditionella UNIX-användare i fall när nästning av grupper (se " +"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>) behövs. De lokala användarna är också " +"användbara för att testa och utveckla SSSD utan att behöva installera en " +"fullständig fjärrserver. Verktygen <command>sss_user*</command> och " +"<command>sss_group*</command> använder en lokal LDB-lagring för att lagra " +"användare och grupper." + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +#, fuzzy +#| msgid "" +#| "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</" +#| "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +#| "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +#| "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +#| "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +#| "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +#| "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +#| "citerefentry>, <citerefentry> <refentrytitle>sssd-files</" +#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +#| "condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +#| "<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +#| "<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +#| "citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +#| "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +#| "citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +#| "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +#| "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> " +#| "<citerefentry> <refentrytitle>sss_ssh_authorizedkeys</refentrytitle> " +#| "<manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +#| "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +#| "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +#| "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry>, </phrase> <citerefentry> " +#| "<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </" +#| "citerefentry>. <citerefentry> <refentrytitle>sss_rpcidmapd</" +#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> <phrase " +#| "condition=\"with_stap\"> <citerefentry> <refentrytitle>sssd-systemtap</" +#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> </phrase>" +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ldap-attributes</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ad</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +"condition=\"with_files_provider\"> <citerefentry> <refentrytitle>sssd-files</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, </phrase> <phrase " +"condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +"<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> " +"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> </phrase>" +msgstr "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-files</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +"condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +"<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> " +"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> </phrase>" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" +"En valfri bas-DN, sökräckvidd och LDAP-filter för att begränsa LDAP-" +"sökningar för denna attributtyp." + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "search_base[?räckvidd?[filter][?search_base?räckvidd?[filter]]*]\n" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" +"Räckvidden kan vara en av ”base”, ”onelevel” eller ”subtree”. " +"Räckviddsfunktionerna beskrivs i avsnitt 4.5.1.2 av http://tools.ietf.org/" +"html/rfc4511" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" +"För exempel på denna syntax, se exempelsektionen av <quote>ldap_search_base</" +"quote>." + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" +"Observera att angivelse av räckvidd eller filter inte stödjs för sökningar i " +"en Active Directory-server som kan resultera i ett stort antal resultat och " +"trigga utökningen Range Retrieval i svaret." + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" +"Observera att automounter:n bara läser master-kartan vid uppstart, så om " +"några autofs-relaterade ändringar görs av sssd.conf behöver du normalt även " +"starta om automounter-demonen efter att ha startat om SSSD." + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "override_homedir (sträng)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "AID-nummer" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "domännamn" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "%f" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "fullständigt kvalificerat användarnamn (användare@domän)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:27 +msgid "%l" +msgstr "%l" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "The first letter of the login name." +msgstr "Första bokstaven i inloggningsnamnet." + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:32 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "UPN – Användarens Huvudmansnamn (namn@RIKE)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:35 +msgid "%o" +msgstr "%o" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:37 +msgid "The original home directory retrieved from the identity provider." +msgstr "" +"Den ursprungliga hemkatalogen som hämtades från identitetsleverantören." + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:44 +msgid "" +"The original home directory retrieved from the identity provider, but in " +"lower case." +msgstr "" +"Den ursprungliga hemkatalogen som hämtades från identitetsleverantören, men " +"i gemener." + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:49 +msgid "%H" +msgstr "%H" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:51 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" +"Värdet på konfigurationsalternativet <emphasis>homedir_substring</emphasis>." + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Åsidosätt användarens hemkatalog. Du kan antingen ge ett absolut värde " +"eller en mall. I mallen ersätts följande sekvenser: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:63 +msgid "This option can also be set per-domain." +msgstr "Detta alternativ kan även sättas per domän." + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:68 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" +"override_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:72 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "Standard: Inte satt (SSSD kommer använda värdet som hämtas från LDAP)" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:76 +msgid "" +"Please note, the home directory from a specific override for the user, " +"either locally (see <citerefentry><refentrytitle>sss_override</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry>) or centrally managed " +"IPA id-overrides, has a higher precedence and will be used instead of the " +"value given by override_homedir." +msgstr "" +"Observera att hemkatalog från ett specifikt åsidosättande för användaren, " +"antingen lokalt (se <citerefentry><refentrytitle>sss_override</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry>) eller centralt " +"hanterat IPA-id-åsidosättande, har en högre precedens och kommer användas " +"istället för värdet gom ges av override_homedir." + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "homedir_substring (sträng)" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" +"Värdet på detta alternativ kommer användas i expansionen av alternativet " +"<emphasis>override_homedir</emphasis> om mallen innehåller formatsträngen " +"<emphasis>%H</emphasis>. En LDAP-katalogpost kan innehålla denna mall " +"direkt så att detta alternativ kan användas för att expandera sökvägen till " +"hemkatalogen för varje klientmaskin (eller operativsystem). Den kan sättas " +"per domän eller globalt i avsnittet [nss]. Ett värde som anges i ett " +"domänavsnitt kommer åsidosätta ett som är satt i avsnittet [nss]." + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "Standard: /home" + +#. type: Content of: <refsect1><title> +#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2 +msgid "MODIFIED DEFAULT OPTIONS" +msgstr "ÄNDRADE STANDARDALTERNATIV" + +#. type: Content of: <refsect1><para> +#: include/ad_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and AD provider-specific defaults are listed " +"below:" +msgstr "" +"Vissa alternativs standardvärde stämmer inte med deras respektive bakändars " +"standardvärden, dessa alternativnamn och AD-leverantörspecifika " +"standardvärden är uppräknade nedan:" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9 +msgid "KRB5 Provider" +msgstr "KRB5-leverantör" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13 +msgid "krb5_validate = true" +msgstr "krb5_validate = true" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:18 +msgid "krb5_use_enterprise_principal = true" +msgstr "krb5_use_enterprise_principal = true" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:24 +msgid "LDAP Provider" +msgstr "LDAP-leverantör" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:28 +msgid "ldap_schema = ad" +msgstr "ldap_schema = ad" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38 +msgid "ldap_force_upper_case_realm = true" +msgstr "ldap_force_upper_case_realm = true" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:38 +msgid "ldap_id_mapping = true" +msgstr "ldap_id_mapping = true" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSS-SPNEGO" +msgstr "ldap_sasl_mech = GSS-SPNEGO" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:48 +msgid "ldap_referrals = false" +msgstr "ldap_referrals = false" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ad" +msgstr "ldap_account_expire_policy = ad" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58 +msgid "ldap_use_tokengroups = true" +msgstr "ldap_use_tokengroups = true" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:63 +msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)" +msgstr "ldap_sasl_authid = sAMAccountName@RIKE (typiskt KORTNAMN$@RIKE)" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:66 +msgid "" +"The AD provider looks for a different principal than the LDAP provider by " +"default, because in an Active Directory environment the principals are " +"divided into two groups - User Principals and Service Principals. Only User " +"Principal can be used to obtain a TGT and by default, computer object's " +"principal is constructed from its sAMAccountName and the AD realm. The well-" +"known host/hostname@REALM principal is a Service Principal and thus cannot " +"be used to get a TGT with." +msgstr "" +"AD-leverantören letar efter en annan huvudman än LDAP-leverantören som " +"standard, eftersom huvudmännen i en Active Directory-miljö är uppdelade i " +"två grupper – användarhuvudmän och tjänstehuvudmän. Endast " +"användarhuvudmannen kan användas för att hämta en TGT och som standard är " +"datorobjekts huvudman konstruerade från dess sAMAccountName och AD-riket. " +"Den välkända huvudmannen för värd/värdnamn@RIKE är en tjänstehuvudman och " +"kan därmed inte användas för att hämta en TGT." + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:80 +msgid "NSS configuration" +msgstr "NSS-konfiguration" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:84 +msgid "fallback_homedir = /home/%d/%u" +msgstr "fallback_homedir = /home/%d/%u" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:87 +msgid "" +"The AD provider automatically sets \"fallback_homedir = /home/%d/%u\" to " +"provide personal home directories for users without the homeDirectory " +"attribute. If your AD Domain is properly populated with Posix attributes, " +"and you want to avoid this fallback behavior, you can explicitly set " +"\"fallback_homedir = %o\"." +msgstr "" +"AD-leverantören sätter automatiskt ”fallback_homedir = /home/%d/%u” för att " +"tillhandahålla personliga hemkataloger för användare utan attributet " +"homeDirectory. Om ens AD-domän är vederbörligen populerad med Posix-" +"attribut, och man vill undvika att falla tillbaka på detta beteende, kan man " +"uttryckligen sätta ”fallback_homedir = %o”." + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:96 +msgid "" +"Note that the system typically expects a home directory in /home/%u folder. " +"If you decide to use a different directory structure, some other parts of " +"your system may need adjustments." +msgstr "" +"Observera att systemet typiskt förväntar sig en hemkatalog i mappen /home/" +"%u. Om man bestämmer sig för att använda en annan katalogstruktur kan några " +"andra delar av ens system behöva justeras." + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:102 +msgid "" +"For example automated creation of home directories in combination with " +"selinux requires selinux adjustment, otherwise the home directory will be " +"created with wrong selinux context." +msgstr "" +"Till exempel kräver automatiserat skapande av hemkataloger i kombination med " +"selinux anpassningar av selinux, annars kommer hemkatalogen skapas med fel " +"selinux-kontext." + +#. type: Content of: <refsect1><para> +#: include/ipa_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and IPA provider-specific defaults are listed " +"below:" +msgstr "" +"Vissa alternativs standardvärde stämmer inte med deras respektive bakändars " +"standardvärden, dessa alternativnamn och IPA-leverantörspecifika " +"standardvärden är uppräknade nedan:" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:18 +msgid "krb5_use_fast = try" +msgstr "krb5_use_fast = try" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:23 +msgid "krb5_canonicalize = true" +msgstr "krb5_canonicalize = true" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:29 +msgid "LDAP Provider - General" +msgstr "LDAP-leverantör – allmänt" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:33 +msgid "ldap_schema = ipa_v1" +msgstr "ldap_schema = ipa_v1" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSSAPI" +msgstr "ldap_sasl_mech = GSSAPI" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:48 +msgid "ldap_sasl_minssf = 56" +msgstr "ldap_sasl_minssf = 56" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ipa" +msgstr "ldap_account_expire_policy = ipa" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:64 +msgid "LDAP Provider - User options" +msgstr "LDAP-leverantör – användaralternativ" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:68 +msgid "ldap_user_member_of = memberOf" +msgstr "ldap_user_member_of = memberOf" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:73 +msgid "ldap_user_uuid = ipaUniqueID" +msgstr "ldap_user_uuid = ipaUniqueID" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:78 +msgid "ldap_user_ssh_public_key = ipaSshPubKey" +msgstr "ldap_user_ssh_public_key = ipaSshPubKey" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:83 +msgid "ldap_user_auth_type = ipaUserAuthType" +msgstr "ldap_user_auth_type = ipaUserAuthType" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:89 +msgid "LDAP Provider - Group options" +msgstr "LDAP-leverantör – gruppalternativ" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:93 +msgid "ldap_group_object_class = ipaUserGroup" +msgstr "ldap_group_object_class = ipaUserGroup" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:98 +msgid "ldap_group_object_class_alt = posixGroup" +msgstr "ldap_group_object_class_alt = posixGroup" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:103 +msgid "ldap_group_member = member" +msgstr "ldap_group_member = member" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:108 +msgid "ldap_group_uuid = ipaUniqueID" +msgstr "ldap_group_uuid = ipaUniqueID" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:113 +msgid "ldap_group_objectsid = ipaNTSecurityIdentifier" +msgstr "ldap_group_objectsid = ipaNTSecurityIdentifier" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:118 +msgid "ldap_group_external_member = ipaExternalMember" +msgstr "ldap_group_external_member = ipaExternalMember" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:3 +msgid "krb5_auth_timeout (integer)" +msgstr "krb5_auth_timeout (heltal)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:6 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" +"Tidsgräns i sekunder efter vilken en uppkopplad begäran om autentisering " +"eller begäran om lösenordsändring avbryts. Om möjligt fortsätts begäran om " +"autentisering frånkopplat." + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:17 +msgid "krb5_validate (boolean)" +msgstr "krb5_validate (boolean)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:20 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" +"Verifiera med hjälp av krb5_keytab att den TGT om hämtats inte har " +"förfalskats. I keytab:en kontrolleras poster sekventiellt, och den första " +"posten med ett matchande rike används för validering. Om ingen post matchar " +"riket används den sista posten i keytab:en. Denna process kan användas för " +"att validera miljöer genom att använda förtroenden mellan riken genom att " +"placera den motsvarande keytab-posten som sista post eller den enda posten i " +"keytab-filen." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:29 +msgid "Default: false (IPA and AD provider: true)" +msgstr "Standard: false (IPA- och AD-leverantör: true)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:32 +msgid "" +"Please note that the ticket validation is the first step when checking the " +"PAC (see 'pac_check' in the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page for " +"details). If ticket validation is disabled the PAC checks will be skipped as " +"well." +msgstr "" +"Observera att biljettvalideringen är första steget vid kontroll av PAC:n (se " +"”pac_check” i manualsidan <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> för detaljer). Om " +"biljettvalideringen är avaktiverad kommer PAC-kontrollerna också att hoppas " +"över." + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:44 +msgid "krb5_renewable_lifetime (string)" +msgstr "krb5_renewable_lifetime (sträng)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:47 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" +"Begär en förnybar biljett med en total livslängd, given som ett heltal " +"omedelbart följd av en tidsenhet:" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:52 include/krb5_options.xml:86 +#: include/krb5_options.xml:123 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "<emphasis>s</emphasis> för sekunder" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:55 include/krb5_options.xml:89 +#: include/krb5_options.xml:126 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "<emphasis>m</emphasis> för minuter" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:58 include/krb5_options.xml:92 +#: include/krb5_options.xml:129 +msgid "<emphasis>h</emphasis> for hours" +msgstr "<emphasis>h</emphasis> för timmar" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:61 include/krb5_options.xml:95 +#: include/krb5_options.xml:132 +msgid "<emphasis>d</emphasis> for days." +msgstr "<emphasis>d</emphasis> för dagar." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:64 include/krb5_options.xml:135 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "Om ingen enhet anges antas <emphasis>s</emphasis>." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:68 include/krb5_options.xml:139 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" +"OBSERVERA: det är inte möjligt att blanda enheter. För att sätta den " +"förnybara livslängden till en och en halv timma, använd ”90m” istället för " +"”1h30m”." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:73 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "Standard: inte satt, d.v.s. TGT:en är inte förnybar" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:79 +msgid "krb5_lifetime (string)" +msgstr "krb5_lifetime (sträng)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:82 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" +"Begär en biljett med en livslängd, given som ett heltal omedelbart följd av " +"en tidsenhet:" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:98 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "Om ingen enhet anges antas <emphasis>s</emphasis>." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:102 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" +"OBSERVERA: det är inte möjligt att blanda enheter. För att sätta " +"livslängden till en och en halv timma, använd ”90m” istället för ”1h30m”." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:107 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" +"Standard: inte satt, d.v.s. biljettens standardlivslängd konfigurerad på KDC:" +"n." + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:114 +msgid "krb5_renew_interval (string)" +msgstr "krb5_renew_interval (sträng)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:117 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" +"Tiden i sekunder mellan två kontroller om TGT:en skall förnyas. TGT:er " +"förnyas om ungefär halva deras livstid har överskridits, givet som ett " +"heltal omedelbart följt av en tidsenhet:" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:144 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" +"Om detta alternativ inte är satt eller är 0 är den automatiska förnyelsen " +"avaktiverad." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:157 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" +"Anger om värdens och användarens huvudman skall göras kanonisk. Denna " +"funktion är tillgänglig med MIT Kerberos 1.7 och senare versioner." + +#, fuzzy +#~| msgid "This option is not available in IPA provider." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "Detta alternativ är inte tillgängligt i IPA-leverantören." + +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "Bestämmer om användarkreditiv också cachas i den lokala LDB-cachen" + +#~ msgid "User credentials are stored in a SHA512 hash, not in plaintext" +#~ msgstr "Användarkreditiv sparas i en SHA512-kontrollsumma, inte i klartext" + +#~ msgid "" +#~ "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +#~ "which translates to \"the name is everything up to the <quote>@</quote> " +#~ "sign, the domain everything after that\"" +#~ msgstr "" +#~ "Standard: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +#~ "vilket kan översättas till ”namnet är allting fram till tecknet <quote>@</" +#~ "quote>, sedan är domänen allting efter det”" + +#~ msgid "" +#~ "The difference between these options is the action taken if user password " +#~ "is expired: pwd_expire_policy_reject - user is denied to log in, " +#~ "pwd_expire_policy_warn - user is still able to log in, " +#~ "pwd_expire_policy_renew - user is prompted to change his password " +#~ "immediately." +#~ msgstr "" +#~ "Skillnaden mellan dessa alternativ är åtgärden som vidtas om användarens " +#~ "lösenord gått ut: pwd_expire_policy_reject – användaren nekas att logga " +#~ "in, pwd_expire_policy_warn – användaren kan fortfarande logga in, " +#~ "pwd_expire_policy_renew – användaren ombeds ändra sitt lösenord " +#~ "omedelbart." + +#~ msgid "" +#~ "Note If user password is expired no explicit message is prompted by SSSD." +#~ msgstr "" +#~ "Observera att om användarlösenordet har gått ut ges inget särskilt " +#~ "meddelande av SSSD." + +#~ msgid "The LDAP attribute that corresponds to the group name." +#~ msgstr "LDAP-attributet som motsvarar gruppnamnet." + +#~ msgid "" +#~ "<emphasis> This is an experimental feature, please use https://github.com/" +#~ "SSSD/sssd/ to report any issues. </emphasis>" +#~ msgstr "" +#~ "<emphasis>Detta är en experimentell funktion, använd https://github.com/" +#~ "SSSD/sssd/ för att rapportera eventuella problem.</emphasis>" + +#~ msgid "" +#~ "Apply additional checks on the PAC of the Kerberos ticket which is " +#~ "available in Active Directory and FreeIPA domains, if configured. The " +#~ "following options can be used alone or in a comma-separated list: " +#~ "<placeholder type=\"variablelist\" id=\"0\"/>" +#~ msgstr "" +#~ "Tillämpa ytterligare kontroller av PAC:en för Kerberos-biljetten vilka är " +#~ "tillgänglig i domänen Active Direcktory och FreeIPA, om konfigurerade. " +#~ "Följande alternativ kan användas ensamma eller i en kommaseparerad lista: " +#~ "<placeholder type=\"variablelist\" id=\"0\"/>" + +#~ msgid "" +#~ "Both a user name and a uid can be used but the user should be a local " +#~ "one, i.e. accessible via <quote>files</quote> service of " +#~ "<filename>nsswitch.conf</filename>." +#~ msgstr "" +#~ "Både ett användarnamn och ett aid kan användas men användaren skall vara " +#~ "lokal, d.v.s. åtkomlig via tjänsten <quote>files</quote> i " +#~ "<filename>nsswitch.conf</filename>." + +#~ msgid "" +#~ "Local user names are required, i.e. accessible via <quote>files</quote> " +#~ "service of <filename>nsswitch.conf</filename>." +#~ msgstr "" +#~ "Lokalt användarnamn krävs, d.v.s. åtkomligt via tjänsten <quote>files</" +#~ "quote> i <filename>nsswitch.conf</filename>." + +#~ msgid "" +#~ "NOTE: Some Active Directory groups, typically those used for MS Exchange " +#~ "contain an <quote>@</quote> sign in the name, which clashes with the " +#~ "default re_expression value for the AD and IPA providers. To support " +#~ "these groups, consider changing the re_expression value to: <quote>((?" +#~ "P<name>.+)@(?P<domain>[^@]+$))</quote>." +#~ msgstr "" +#~ "OBS: några Active Directory-grupper, typiskt de som används för MS " +#~ "Exchange innehåller ett <quote>@</quote>-tecken i namnet, vilket " +#~ "kolliderar med standardvärdet på re_expression för AD- och IPA-" +#~ "leverantörer. Överväg för att stödja dessa grupper att ändra värdet på " +#~ "re_expression till: <quote>((?P<name>.+)@(?P<domain>[^@]+$))</" +#~ "quote>." + +#~ msgid "" +#~ "Specifies the upper bound of the range of POSIX IDs to use for mapping " +#~ "Active Directory user and group SIDs." +#~ msgstr "" +#~ "Anger den övre gränsen för intervallet av POSIX ID:n att använda för " +#~ "översättning av användar- och grupp-SID:n från Active Directory." + +#~ msgid "sssd-secrets" +#~ msgstr "sssd-secrets" + +#~ msgid "SSSD Secrets responder" +#~ msgstr "SSSD Secrets-respondent" + +#~ msgid "" +#~ "This manual page describes the configuration of the Secrets responder for " +#~ "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +#~ "manvolnum> </citerefentry>. For a detailed syntax reference, refer to " +#~ "the <quote>FILE FORMAT</quote> section of the <citerefentry> " +#~ "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +#~ "citerefentry> manual page." +#~ msgstr "" +#~ "Denna manualsida beskriver konfigurationen av Secrets-respondenten till " +#~ "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +#~ "manvolnum> </citerefentry>. För en detaljerad referens om syntaxen, se " +#~ "avsnittet <quote>FILFORMAT</quote> i manualsidan <citerefentry> " +#~ "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +#~ "citerefentry>." + +#~ msgid "" +#~ "Many system and user applications need to store private information such " +#~ "as passwords or service keys and have no good way to properly deal with " +#~ "them. The simple approach is to embed these <quote>secrets</quote> into " +#~ "configuration files potentially ending up exposing sensitive key material " +#~ "to backups, config management system and in general making it harder to " +#~ "secure data." +#~ msgstr "" +#~ "Många system och användarprogram behöver lagra privat information såsom " +#~ "lösenord eller tjänstenycklar och har inget bra sätt att ta hand om dem " +#~ "ordentligt. Den enkla vägen är att bädda in dessa <quote>hemligheter</" +#~ "quote> i konfigurationsfiler där de potentiellt kan komma att exponera " +#~ "känslig nyckelinformation till säkerhetskopior, " +#~ "konfigurationshanteringssystem och gör det i allmänhet svårare att säkra " +#~ "datan." + +#~ msgid "" +#~ "The <ulink url=\"https://github.com/latchset/custodia\">custodia</ulink> " +#~ "project was born to deal with this problem in cloud like environments, " +#~ "but we found the idea compelling even at a single system level. As a " +#~ "security service, SSSD is ideal to host this capability while offering " +#~ "the same API via a UNIX Socket. This will make it possible to use local " +#~ "calls and have them transparently routed to a local or a remote key " +#~ "management store like IPA Vault for storage, escrow and recovery." +#~ msgstr "" +#~ "Projektet <ulink url=\"https://github.com/latchset/custodia\">custodia</" +#~ "ulink> föddes för att ta hand om detta problem i molnlika miljöer, men vi " +#~ "tyckte att idén var övertygande även på nivån av enstaka system. Som en " +#~ "säkerhetstjänst är SSSD ideal för att hantera denna funktionalitet och " +#~ "samtidigt erbjuda samma API via ett UNIX-uttag. Detta kommer göra det " +#~ "möjligt att använda lokala anrop och få dem dirigerade transparent till " +#~ "ett lokalt eller fjärran nyckelhanteringslager såsom IPA Vault för " +#~ "lagring, deponering och återhämtning." + +#~ msgid "" +#~ "The secrets are simple key-value pairs. Each user's secrets are " +#~ "namespaced using their user ID, which means the secrets will never " +#~ "collide between users. Secrets can be stored inside <quote>containers</" +#~ "quote> which can be nested." +#~ msgstr "" +#~ "Hemligheterna är enkla nyckel-värde-par. Varje användares hemligheter " +#~ "ligger i en namnrymd efter deras användar-ID, vilket betyder att " +#~ "hemligheter aldrig kommer kollidera mellan användare. Hemligheter kan " +#~ "lagras inuti <quote>behållare</quote> som kan nästas." + +#~ msgid "secrets" +#~ msgstr "secrets" + +#~ msgid "secrets for general usage" +#~ msgstr "hemligheter för allmän användning" + +#~ msgid "kcm" +#~ msgstr "kcm" + +#~ msgid "" +#~ "used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> " +#~ "<manvolnum>8</manvolnum> </citerefentry> service." +#~ msgstr "" +#~ "används av tjänsten <citerefentry> <refentrytitle>sssd-kcm</" +#~ "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>." + +#~ msgid "" +#~ "Since the secrets responder can be used both externally to store general " +#~ "secrets, as described in the rest of this man page, but also internally " +#~ "by other SSSD components to store their secret material, some " +#~ "configuration options, like quotas can be configured per <quote>hive</" +#~ "quote> in a configuration subsection named after the hive. The currently " +#~ "supported hives are: <placeholder type=\"variablelist\" id=\"0\"/>" +#~ msgstr "" +#~ "Eftersom secrets-respondenten kan användas både externt för att lagra " +#~ "allmänna hemligheter, såsom beskrives i resten av den här manualsidan, " +#~ "men också internt av andra SSSD-komponenter för att lagra deras material " +#~ "kan några konfigurationsalternativ, som kvoter konfigureras per " +#~ "<quote>svärm</quote> i ett konfigurationsavsnitt namngivet efter " +#~ "svärmen. De svärmar som stödjs för närvarande är: <placeholder " +#~ "type=\"variablelist\" id=\"0\"/>" + +#~ msgid "USING THE SECRETS RESPONDER" +#~ msgstr "ANVÄNDA SECRETS-RESPONDENTEN" + +#~ msgid "" +#~ "The UNIX socket the SSSD responder listens on is located at <filename>/" +#~ "var/run/secrets.socket</filename>." +#~ msgstr "" +#~ "UNIX-uttaget SSSD-respondenten lyssnar på finns på <filename>/var/run/" +#~ "secrets.socket</filename>." + +#, no-wrap +#~ msgid "" +#~ "systemctl start sssd-secrets.socket\n" +#~ "systemctl enable sssd-secrets.socket\n" +#~ "systemctl enable sssd-secrets.service\n" +#~ " " +#~ msgstr "" +#~ "systemctl start sssd-secrets.socket\n" +#~ "systemctl enable sssd-secrets.socket\n" +#~ "systemctl enable sssd-secrets.service\n" +#~ " " + +#~ msgid "" +#~ "The secrets responder is socket-activated by <citerefentry> " +#~ "<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +#~ "citerefentry>. Unlike other SSSD responders, it cannot be started by " +#~ "adding the <quote>secrets</quote> string to the <quote>service</quote> " +#~ "directive. The systemd socket unit is called <quote>sssd-secrets.socket</" +#~ "quote> and the corresponding service file is called <quote>sssd-secrets." +#~ "service</quote>. In order for the service to be socket-activated, make " +#~ "sure the socket is enabled and active and the service is enabled: " +#~ "<placeholder type=\"programlisting\" id=\"0\"/> Please note your " +#~ "distribution may already configure the units for you." +#~ msgstr "" +#~ "Secrets-respondenten är uttagsaktiverad av <citerefentry> " +#~ "<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +#~ "citerefentry>. Till skillnad mot andra SSSD-respondenter, kan den inte " +#~ "startas genom att lägga till strängen <quote>secrets</quote> till " +#~ "direktivet <quote>service</quote>. Systemd-uttagsenheten heter " +#~ "<quote>sssd-secrets.socket</quote> och den motsvarande tjänstefilen heter " +#~ "<quote>sssd-secrets.service</quote>. För att tjänsten skall vara " +#~ "uttagsaktiverad, se till att uttaget är aktiverat och aktivt och att " +#~ "tjänsten är aktiverad: <placeholder type=\"programlisting\" id=\"0\"/> " +#~ "Observera att din distribution redan kan ha konfigurerat enheterna åt dig." + +#~ msgid "" +#~ "The generic SSSD responder options such as <quote>debug_level</quote> or " +#~ "<quote>fd_limit</quote> are accepted by the secrets responder. Please " +#~ "refer to the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +#~ "<manvolnum>5</manvolnum> </citerefentry> manual page for a complete list. " +#~ "In addition, there are some secrets-specific options as well." +#~ msgstr "" +#~ "De allmänna alternativen för SSSD-respondenter såsom <quote>debug_level</" +#~ "quote> eller <quote>fd_limit</quote> accepteras av secrets-respondenten. " +#~ "Se manualsidan <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +#~ "<manvolnum>5</manvolnum> </citerefentry> för en fullständig lista. " +#~ "Dessutom finns det några secrets-specifika alternativ också." + +#~ msgid "" +#~ "The secrets responder is configured with a global <quote>[secrets]</" +#~ "quote> section and an optional per-user <quote>[secrets/users/$uid]</" +#~ "quote> section in <filename>sssd.conf</filename>. Please note that some " +#~ "options, notably as the provider type, can only be specified in the per-" +#~ "user subsections." +#~ msgstr "" +#~ "Secrets-respondenten är konfigurerad i ett globalt avsnitt " +#~ "<quote>[secrets]</quote> och ett valfritt avsnitt per användare " +#~ "<quote>[secrets/users/$uid]</quote> i <filename>sssd.conf</filename>. " +#~ "Observera att några alternativ, speciellt leverantörstypen, bara kan " +#~ "anges i underavsnitt per användare." + +#~ msgid "provider (string)" +#~ msgstr "provider (sträng)" + +#~ msgid "local" +#~ msgstr "local" + +#~ msgid "" +#~ "The secrets are stored in a local database, encrypted at rest with a " +#~ "master key. The local provider does not have any additional config " +#~ "options at the moment." +#~ msgstr "" +#~ "Hemligheterna sparas i en lokal databas, krypterad i vila med en " +#~ "huvudnyckel. Den lokala leverantören har inte några ytterligare " +#~ "konfigurationsalternativ för tillfället." + +#~ msgid "proxy" +#~ msgstr "proxy" + +#~ msgid "" +#~ "The secrets responder forwards the requests to a Custodia server. The " +#~ "proxy provider supports several additional options (see below)." +#~ msgstr "" +#~ "Secrets-respondenten vidarebefordrar begäranden till en Custodia-server. " +#~ "Proxy-leverantören stödjer flera ytterligare alternativ (se nedan)." + +#~ msgid "" +#~ "This option specifies where should the secrets be stored. The secrets " +#~ "responder can configure a per-user subsections (e.g. <quote>[secrets/" +#~ "users/123]</quote> - see bottom of this manual page for a full example " +#~ "using Custodia for a particular user) that define which provider store " +#~ "the secrets for this particular user. The per-user subsections should " +#~ "contain all options for that user's provider. Please note that currently " +#~ "the global provider is always local, the proxy provider can only be " +#~ "specified in a per-user section. The following providers are supported: " +#~ "<placeholder type=\"variablelist\" id=\"0\"/>" +#~ msgstr "" +#~ "Alternativet anger var hemligheterna skall sparas. Secrets-respondenten " +#~ "kan konfigurera ett underavsnitt per användare (t.ex. <quote>[secrets/" +#~ "users/123]</quote> – se slutet av denna manualsida för ett fullständigt " +#~ "exempel som använder Custodia för en viss användare) som definierar " +#~ "vilken leverantör som sparar hemligheterna för denna specifika " +#~ "användare. Underavsnittet per användare skall innehålla alla alternativ " +#~ "för den användarens leverantör. Observera att för närvarande är alltid " +#~ "den globala leverantören lokal, proxy-leverantören kan endast anges i ett " +#~ "avsnitt per användare. Följande leverantörer stödjs: <placeholder " +#~ "type=\"variablelist\" id=\"0\"/>" + +#~ msgid "Default: local" +#~ msgstr "Standard: local" + +#~ msgid "" +#~ "The following options affect only the secrets <quote>hive</quote> and " +#~ "therefore should be set in a per-hive subsection. Setting the option to 0 " +#~ "means \"unlimited\"." +#~ msgstr "" +#~ "Följande alternativ påverkar endast hemlighets-<quote>svärmen</quote> och " +#~ "skall därför sättas i ett underavsnitt per svärm. Att sätta alternativet " +#~ "till 0 betyder ”obegränsat”." + +#~ msgid "containers_nest_level (integer)" +#~ msgstr "containers_nest_level (heltal)" + +#~ msgid "" +#~ "This option specifies the maximum allowed number of nested containers." +#~ msgstr "" +#~ "Detta alternativ specificerar det maximala antalet tillåtna nästade " +#~ "behållare." + +#~ msgid "Default: 4" +#~ msgstr "Standard: 4" + +#~ msgid "max_secrets (integer)" +#~ msgstr "max_secrets (heltal)" + +#~ msgid "" +#~ "This option specifies the maximum number of secrets that can be stored in " +#~ "the hive." +#~ msgstr "" +#~ "Detta alternativ anger det maximala antalet hemligheter som kan sparas i " +#~ "svärmen." + +#~ msgid "Default: 1024 (secrets hive), 256 (kcm hive)" +#~ msgstr "Standard: 1024 (secrets-svärm), 256 (kcm-svärm)" + +#~ msgid "max_uid_secrets (integer)" +#~ msgstr "max_uid_secrets (heltal)" + +#~ msgid "" +#~ "This option specifies the maximum number of secrets that can be stored " +#~ "per-UID in the hive." +#~ msgstr "" +#~ "Detta alternativ anger det maximala antalet hemligheter som kan sparas " +#~ "per AID i svärmen." + +#~ msgid "Default: 256 (secrets hive), 64 (kcm hive)" +#~ msgstr "Standard: 256 (secrets-svärm), 64 (kcm-svärm)" + +#~ msgid "max_payload_size (integer)" +#~ msgstr "max_payload_size (heltal)" + +#~ msgid "" +#~ "This option specifies the maximum payload size allowed for a secret " +#~ "payload in kilobytes." +#~ msgstr "" +#~ "Detta alternativ anger den maximala laststorleken som tillåts för en " +#~ "hemlighetslast i kilobyte." + +#~ msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)" +#~ msgstr "Standard: 16 (secrets-svärm), 65536 (64 MiB) (kcm-svärm)" + +#, no-wrap +#~ msgid "" +#~ "[secrets/secrets]\n" +#~ "max_payload_size = 128\n" +#~ "\n" +#~ "[secrets/kcm]\n" +#~ "max_payload_size = 256\n" +#~ " " +#~ msgstr "" +#~ "[secrets/secrets]\n" +#~ "max_payload_size = 128\n" +#~ "\n" +#~ "[secrets/kcm]\n" +#~ "max_payload_size = 256\n" +#~ " " + +#~ msgid "" +#~ "For example, to adjust quotas differently for both the <quote>secrets</" +#~ "quote> and the <quote>kcm</quote> hives, configure the following: " +#~ "<placeholder type=\"programlisting\" id=\"0\"/>" +#~ msgstr "" +#~ "Till exempel, för att justera kvoter olika för både svärmen " +#~ "<quote>secrets</quote> och <quote>kcm</quote>, konfigurera följande: " +#~ "<placeholder type=\"programlisting\" id=\"0\"/>" + +#~ msgid "" +#~ "The following options are only applicable for configurations that use the " +#~ "<quote>proxy</quote> provider." +#~ msgstr "" +#~ "Följande alternativ är endast användbara för konfigurationer som använder " +#~ "leverantören <quote>proxy</quote>." + +#~ msgid "proxy_url (string)" +#~ msgstr "proxy_url (sträng)" + +#~ msgid "" +#~ "The URL the Custodia server is listening on. At the moment, http and " +#~ "https protocols are supported." +#~ msgstr "" +#~ "URL:en Custodia-servern lyssnar på. För tillfället stödjs protokollen " +#~ "http och https." + +#~ msgid "http[s]://<host>[:port]" +#~ msgstr "http[s]://<värd>[:port]" + +#~ msgid "Example: http://localhost:8080" +#~ msgstr "Exempel: http://localhost:8080" + +#~ msgid "auth_type (string)" +#~ msgstr "auth_type (sträng)" + +#~ msgid "" +#~ "The method to use when authenticating to a Custodia server. The following " +#~ "authentication methods are supported:" +#~ msgstr "" +#~ "Metoden att använda vid autentisering mot en Custodia-server. Följande " +#~ "autentiseringsmetoder stödjs:" + +#~ msgid "basic_auth" +#~ msgstr "basic_auth" + +#~ msgid "" +#~ "Authenticate with a username and a password as set in the " +#~ "<quote>username</quote> and <quote>password</quote> options." +#~ msgstr "" +#~ "Autentisera med ett användarnamn och lösenord som satts i alternativen " +#~ "<quote>username</quote> och <quote>password</quote>." + +#~ msgid "header" +#~ msgstr "header" + +#~ msgid "" +#~ "Authenticate with HTTP header value as defined in the " +#~ "<quote>auth_header_name</quote> and <quote>auth_header_value</quote> " +#~ "configuration options." +#~ msgstr "" +#~ "Autentisera med ett HTTP-huvudvärde som det är definierat i " +#~ "konfigurationsalternativen <quote>auth_header_name</quote> och " +#~ "<quote>auth_header_value</quote>." + +#~ msgid "auth_header_name (string)" +#~ msgstr "auth_header_name (sträng)" + +#~ msgid "" +#~ "If set, the secrets responder would put a header with this name into the " +#~ "HTTP request with the value defined in the <quote>auth_header_value</" +#~ "quote> configuration option." +#~ msgstr "" +#~ "Om satt kommer secrets-respondenten lägga in ett huvud med detta namn i " +#~ "HTTP-begäranden med värdet som definieras i konfigurationsalternativet " +#~ "<quote>auth_header_value</quote>." + +#~ msgid "Example: MYSECRETNAME" +#~ msgstr "Exempel: MITTHEMLIGANAMN" + +#~ msgid "auth_header_value (string)" +#~ msgstr "auth_header_value (sträng)" + +#~ msgid "" +#~ "The value sssd-secrets would use for the <quote>auth_header_name</quote>." +#~ msgstr "" +#~ "Värdet sssd-secrets kommer använda till <quote>auth_header_name</quote>." + +#~ msgid "Example: mysecret" +#~ msgstr "Exempel: minhemlighet" + +#~ msgid "forward_headers (list of strings)" +#~ msgstr "forward_headers (lista av strängar)" + +#~ msgid "" +#~ "The list of HTTP headers to forward to the Custodia server together with " +#~ "the request." +#~ msgstr "" +#~ "Listan över HTTP-huvuden att vidarebefordra till Custodia-servern " +#~ "tillsammans med begäran." + +#~ msgid "verify_peer (boolean)" +#~ msgstr "verify_peer (boolean)" + +#~ msgid "" +#~ "Whether peer's certificate should be verified and valid if HTTPS protocol " +#~ "is used with the proxy provider." +#~ msgstr "" +#~ "Huruvida motpartens certifikat skall verifieras och vara giltigt om HTTPS-" +#~ "protokollet används med proxy-leverantören." + +#~ msgid "verify_host (boolean)" +#~ msgstr "verify_host (boolean)" + +#~ msgid "" +#~ "Whether peer's hostname must match with hostname in its certificate if " +#~ "HTTPS protocol is used with the proxy provider." +#~ msgstr "" +#~ "Huruvida motpartens värdnamn måste stämma med värdnamnet i dess " +#~ "certifikat om HTTPS-protokollet används med proxy-leverantören." + +#~ msgid "capath (string)" +#~ msgstr "capath (sträng)" + +#~ msgid "" +#~ "Path to directory containing stored certificate authority certificates. " +#~ "System default path is used if this option is not set." +#~ msgstr "" +#~ "Sökväg till katalogen som innehåller lagrade certifikatutfärdares " +#~ "certifikat. Systemets standardsökväg används om detta alternativ inte är " +#~ "satt." + +#~ msgid "cacert (string)" +#~ msgstr "cacert (sträng)" + +#~ msgid "" +#~ "Path to file containing server's certificate authority certificate. If " +#~ "this option is not set then the CA's certificate is looked up in " +#~ "<quote>capath</quote>." +#~ msgstr "" +#~ "Sökväg till filen som innehåller serverns " +#~ "certifikatauktoritetscertifikat. Om detta alternativ inte är satt, då " +#~ "slås CA:ns certifikat upp i <quote>capath</quote>." + +#~ msgid "cert (string)" +#~ msgstr "cert (sträng)" + +#~ msgid "" +#~ "Path to file containing client's certificate if required by the server. " +#~ "This file may also contain private key or the private key may be in " +#~ "separate file set with <quote>key</quote>." +#~ msgstr "" +#~ "Sökväg till filen som innehåller klientens certifikat om det krävs av " +#~ "servern. Denna fil kan också innehålla en privat nyckel eller så kan den " +#~ "privata nyckeln finnas i en separat fil som anges med <quote>key</quote>." + +#~ msgid "key (string)" +#~ msgstr "key (sträng)" + +#~ msgid "Path to file containing client's private key." +#~ msgstr "Sökväg till filen som innehåller klientens privata nyckel." + +#~ msgid "USING THE REST API" +#~ msgstr "ATT ANVÄNDA REST-API:ET" + +#~ msgid "" +#~ "This section lists the available commands and includes examples using the " +#~ "<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</" +#~ "manvolnum> </citerefentry> utility. All requests towards the proxy " +#~ "provider must set the Content Type header to <quote>application/json</" +#~ "quote>. In addition, the local provider also supports Content Type set to " +#~ "<quote>application/octet-stream</quote>. Secrets stored with requests " +#~ "that set the Content Type header to <quote>application/octet-stream</" +#~ "quote> are base64-encoded when stored and decoded when retrieved, so it's " +#~ "not possible to store a secret with one Content Type and retrieve with " +#~ "another. The secret URI must begin with <filename>/secrets/</filename>." +#~ msgstr "" +#~ "Detta avsnitt listar tillgängliga kommandon och inkluderar exempel som " +#~ "använder verktyget <citerefentry> <refentrytitle>curl</refentrytitle> " +#~ "<manvolnum>1</manvolnum> </citerefentry>. Alla begäranden av proxy-" +#~ "leverantören måste sätta huvudet Content Type till <quote>application/" +#~ "json</quote>. Dessutom stödjer den lokala leverantören även att Content " +#~ "Type sätts till <quote>application/octet-stream</quote>. Hemligheter " +#~ "sparade med begäranden som sätter huvudet Content Type till " +#~ "<quote>application/octet-stream</quote> base64-kodas när de lagras och " +#~ "avkodas när de hämtas, så det är inte möjligt att lagra en hemlighet med " +#~ "en Content Type och hämta med en annan. URI:n för hemligheter måste " +#~ "börja med <filename>/secrets/</filename>." + +#~ msgid "Listing secrets" +#~ msgstr "Lista hemligheter" + +#~ msgid "" +#~ "To list the available secrets, send a HTTP GET request with a trailing " +#~ "slash appended to the container path." +#~ msgstr "" +#~ "För att lista de tillgängliga hemligheterna, skicka en HTTP GET-begäran " +#~ "med ett avslutande snedstreck tillagt på behållarsökvägen." + +#, no-wrap +#~ msgid "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XGET http://localhost/secrets/\n" +#~ " " +#~ msgstr "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XGET http://localhost/secrets/\n" +#~ " " + +#~ msgid "Retrieving a secret" +#~ msgstr "Hämta en hemlighet" + +#~ msgid "" +#~ "To read a value of a single secret, send a HTTP GET request without a " +#~ "trailing slash. The last portion of the URI is the name of the secret." +#~ msgstr "" +#~ "För att läsa värdet på en enskild hemlighet, skicka en HTTP GET-begäran " +#~ "utan ett avslutande snedstreck. Den sista delen av URI:n är namnet på " +#~ "hemligheten." + +#, no-wrap +#~ msgid "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XGET http://localhost/secrets/foo\n" +#~ " " +#~ msgstr "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XGET http://localhost/secrets/apa\n" +#~ " " + +#, no-wrap +#~ msgid "" +#~ "curl -H \"Content-Type: application/octet-stream\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XGET http://localhost/secrets/bar\n" +#~ " " +#~ msgstr "" +#~ "curl -H \"Content-Type: application/octet-stream\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XGET http://localhost/secrets/bepa\n" +#~ " " + +#~ msgid "" +#~ "Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder " +#~ "type=\"programlisting\" id=\"1\"/>" +#~ msgstr "" +#~ "Exempel: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder " +#~ "type=\"programlisting\" id=\"1\"/>" + +#~ msgid "Setting a secret" +#~ msgstr "Spara en hemlighet" + +#~ msgid "" +#~ "To set a secret using the <quote>application/json</quote> type, send a " +#~ "HTTP PUT request with a JSON payload that includes type and value. The " +#~ "type should be set to \"simple\" and the value should be set to the " +#~ "secret value. If a secret with that name already exists, the response is " +#~ "a 409 HTTP error." +#~ msgstr "" +#~ "För att spara en hemlighet med typen <quote>application/json</quote>, " +#~ "skicka en HTTP PUT-begäran med en JSON-last som innehåller typ och " +#~ "värde. Typen skall sättas till ”simple” och värdet skall sättas till " +#~ "hemlighetens värde. Om en hemlighet med det namnet redan finns blir " +#~ "svaret ett 409 HTTP-fel." + +#~ msgid "" +#~ "The <quote>application/json</quote> type just sends the secret as the " +#~ "message payload." +#~ msgstr "" +#~ "Typen <quote>application/json</quote> skickar bara hemligheten som " +#~ "meddelandets last." + +#, no-wrap +#~ msgid "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XPUT http://localhost/secrets/foo \\\n" +#~ " -d'{\"type\":\"simple\",\"value\":\"foosecret\"}'\n" +#~ " " +#~ msgstr "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XPUT http://localhost/secrets/apa \\\n" +#~ " -d'{\"type\":\"simple\",\"value\":\"hemligapa\"}'\n" +#~ " " + +#, no-wrap +#~ msgid "" +#~ "curl -H \"Content-Type: application/octet-stream\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XPUT http://localhost/secrets/bar \\\n" +#~ " -d'barsecret'\n" +#~ " " +#~ msgstr "" +#~ "curl -H \"Content-Type: application/octet-stream\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XPUT http://localhost/secrets/bepa \\\n" +#~ " -d'hemligbepa'\n" +#~ " " + +#~ msgid "" +#~ "The following example sets a secret named 'foo' to a value of 'foosecret' " +#~ "and a secret named 'bar' to a value of 'barsecret' using a different " +#~ "Content Type. <placeholder type=\"programlisting\" id=\"0\"/> " +#~ "<placeholder type=\"programlisting\" id=\"1\"/>" +#~ msgstr "" +#~ "Följande exempel sparar en hemlighet som heter ”apa” till värdet " +#~ "”hemligapa” och en hemlighet som heter ”bepa” till värdet ”hemligbepa” " +#~ "genom att använda en annan Content Type. <placeholder " +#~ "type=\"programlisting\" id=\"0\"/> <placeholder type=\"programlisting\" " +#~ "id=\"1\"/>" + +#~ msgid "Creating a container" +#~ msgstr "Att skapa en behållare" + +#~ msgid "" +#~ "Containers provide an additional namespace for this user's secrets. To " +#~ "create a container, send a HTTP POST request, whose URI ends with the " +#~ "container name. Please note the URI must end with a trailing slash." +#~ msgstr "" +#~ "Behållare tillhandahåller en ytterligare namnrymd för denna användares " +#~ "hemligheter. För att skapa en behållare, skicka en HTTP POST-begäran, " +#~ "vars URI slutar med behållarnamnet. Observera att URI:n måste sluta med " +#~ "ett avslutande snedstreck." + +#, no-wrap +#~ msgid "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XPOST http://localhost/secrets/mycontainer/\n" +#~ " " +#~ msgstr "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XPOST http://localhost/secrets/minbeh%C3%A5llare/\n" +#~ " " + +#, no-wrap +#~ msgid "" +#~ "http://localhost/secrets/mycontainer/mysecret\n" +#~ " " +#~ msgstr "" +#~ "http://localhost/secrets/minbeh%C3%A5llare/minhemlighet\n" +#~ " " + +#~ msgid "" +#~ "To manipulate secrets under this container, just nest the secrets " +#~ "underneath the container path: <placeholder type=\"programlisting\" " +#~ "id=\"0\"/>" +#~ msgstr "" +#~ "För att hantera hemligheter under den här behållaren, nästa bara " +#~ "hemligheter under behållarsökvägen: <placeholder type=\"programlisting\" " +#~ "id=\"0\"/>" + +#~ msgid "Deleting a secret or a container" +#~ msgstr "Radera en hemlighet eller behållare" + +#~ msgid "" +#~ "To delete a secret or a container, send a HTTP DELETE request with a path " +#~ "to the secret or the container." +#~ msgstr "" +#~ "För att radera en hemlighet eller behållare, skicka en HTTP DELETE-" +#~ "begäran med en sökväg till hemligheten eller behållaren." + +#, no-wrap +#~ msgid "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XDELETE http://localhost/secrets/foo\n" +#~ " " +#~ msgstr "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XDELETE http://localhost/secrets/apa\n" +#~ " " + +#~ msgid "" +#~ "The following example deletes a secret named 'foo'. <placeholder " +#~ "type=\"programlisting\" id=\"0\"/>" +#~ msgstr "" +#~ "Följande exempel raderar en hemlighet som heter ”apa”:<placeholder " +#~ "type=\"programlisting\" id=\"0\"/>" + +#~ msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION" +#~ msgstr "EXEMPEL PÅ KONFIGURATION AV CUSTODIA- OCH PROXY-LEVERANTÖRER" + +#~ msgid "" +#~ "For testing the proxy provider, you need to set up a Custodia server to " +#~ "proxy requests to. Please always consult the Custodia documentation, the " +#~ "configuration directives might change with different Custodia versions." +#~ msgstr "" +#~ "För att testa proxy-leverantören behöver du sätta upp en Custodia-server " +#~ "att vidarebefordra begäranden till. Se till att läsa dokumentationen " +#~ "till Custodia, konfigurationsdirektiven kan ändras med olika Custodia-" +#~ "versioner." + +#, no-wrap +#~ msgid "" +#~ "[global]\n" +#~ "server_version = \"Secret/0.0.7\"\n" +#~ "server_url = http://localhost:8080/\n" +#~ "auditlog = /var/log/custodia.log\n" +#~ "debug = True\n" +#~ "\n" +#~ "[store:simple]\n" +#~ "handler = custodia.store.sqlite.SqliteStore\n" +#~ "dburi = /var/lib/custodia.db\n" +#~ "table = secrets\n" +#~ "\n" +#~ "[auth:header]\n" +#~ "handler = custodia.httpd.authenticators.SimpleHeaderAuth\n" +#~ "header = MYSECRETNAME\n" +#~ "value = mysecretkey\n" +#~ "\n" +#~ "[authz:paths]\n" +#~ "handler = custodia.httpd.authorizers.SimplePathAuthz\n" +#~ "paths = /secrets\n" +#~ "\n" +#~ "[/]\n" +#~ "handler = custodia.root.Root\n" +#~ "store = simple\n" +#~ " " +#~ msgstr "" +#~ "[global]\n" +#~ "server_version = \"Secret/0.0.7\"\n" +#~ "server_url = http://localhost:8080/\n" +#~ "auditlog = /var/log/custodia.log\n" +#~ "debug = True\n" +#~ "\n" +#~ "[store:simple]\n" +#~ "handler = custodia.store.sqlite.SqliteStore\n" +#~ "dburi = /var/lib/custodia.db\n" +#~ "table = secrets\n" +#~ "\n" +#~ "[auth:header]\n" +#~ "handler = custodia.httpd.authenticators.SimpleHeaderAuth\n" +#~ "header = MITTHEMLIGANAMN\n" +#~ "value = minhemliganyckel\n" +#~ "\n" +#~ "[authz:paths]\n" +#~ "handler = custodia.httpd.authorizers.SimplePathAuthz\n" +#~ "paths = /secrets\n" +#~ "\n" +#~ "[/]\n" +#~ "handler = custodia.root.Root\n" +#~ "store = simple\n" +#~ " " + +#~ msgid "" +#~ "This configuration will set up a Custodia server listening on http://" +#~ "localhost:8080, allowing anyone with header named MYSECRETNAME set to " +#~ "mysecretkey to communicate with the Custodia server. Place the contents " +#~ "into a file (for example, <replaceable>custodia.conf</replaceable>): " +#~ "<placeholder type=\"programlisting\" id=\"0\"/>" +#~ msgstr "" +#~ "Denna konfiguration kommer sätta upp en Custodia-server som lyssnar på " +#~ "http://localhost:8080, tillåter vem som helst med ett huvud med namnet " +#~ "MITTHEMLIGANAMN satt till minhemliganyckel att kommunicera med Custodia-" +#~ "servern. Placera innehållet i en fil (till exempel, " +#~ "<replaceable>custodia.conf</replaceable>): <placeholder " +#~ "type=\"programlisting\" id=\"0\"/>" + +#~ msgid "" +#~ "Then run the <replaceable>custodia</replaceable> command, pointing it at " +#~ "the config file as a command line argument." +#~ msgstr "" +#~ "Kör sedan kommandot <replaceable>custodia</replaceable> och peka det på " +#~ "konfigurationsfilen som ett kommandoradsargument." + +#~ msgid "" +#~ "Please note that currently it's not possible to proxy all requests " +#~ "globally to a Custodia instance. Instead, per-user subsections for user " +#~ "IDs that should proxy requests to Custodia must be defined. The following " +#~ "example illustrates a configuration, where the user with UID 123 would " +#~ "proxy their requests to Custodia, but all other user's requests would be " +#~ "handled by a local provider." +#~ msgstr "" +#~ "Observera att det för närvarande inte är möjligt att vidarebefordra alla " +#~ "begäranden globalt till en Custodia-instans. Istället måste underavsnitt " +#~ "per användare för användar-ID:n som skall skicka vidare begäranden till " +#~ "Custodia definieras. Följande exempel illustrerar en konfiguration där " +#~ "användaren med AID 123 skulle skicka vidare sina begäranden till " +#~ "Custodia, men alla andra användares begäranden skulle hanteras av en " +#~ "lokal leverantör." + +#, no-wrap +#~ msgid "" +#~ "[secrets]\n" +#~ "\n" +#~ "[secrets/users/123]\n" +#~ "provider = proxy\n" +#~ "proxy_url = http://localhost:8080/secrets/\n" +#~ "auth_type = header\n" +#~ "auth_header_name = MYSECRETNAME\n" +#~ "auth_header_value = mysecretkey\n" +#~ " " +#~ msgstr "" +#~ "[secrets]\n" +#~ "\n" +#~ "[secrets/users/123]\n" +#~ "provider = proxy\n" +#~ "proxy_url = http://localhost:8080/secrets/\n" +#~ "auth_type = header\n" +#~ "auth_header_name = MITTHEMLIGANAMN\n" +#~ "auth_header_value = minhemliganyckel\n" +#~ " " + +#~ msgid "sss_groupmod" +#~ msgstr "sss_groupmod" + +#~ msgid "modify a group" +#~ msgstr "ändra en grupp" + +#~ msgid "" +#~ "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>flaggor</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GRUPP</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_groupmod</command> modifies the group to reflect the changes " +#~ "that are specified on the command line." +#~ msgstr "" +#~ "<command>sss_groupmod</command> ändrar gruppen till att avspegla " +#~ "ändringarna som anges på kommandoraden." + +#~ msgid "" +#~ "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-a</option>,<option>--append-group</option> <replaceable>GRUPPER</" +#~ "replaceable>" + +#~ msgid "" +#~ "Append this group to groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter " +#~ "is a comma separated list of group names." +#~ msgstr "" +#~ "Lägg till denna grupp till grupperna som anges av parametern " +#~ "<replaceable>GRUPPER</replaceable>. Parametern <replaceable>GRUPPER</" +#~ "replaceable> är en kommaseparerad lista av gruppnamn." + +#~ msgid "" +#~ "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-r</option>,<option>--remove-group</option> <replaceable>GRUPPER</" +#~ "replaceable>" + +#~ msgid "" +#~ "Remove this group from groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter." +#~ msgstr "" +#~ "Ta bort denna grupp från grupperna som anges av parametern " +#~ "<replaceable>GRUPPER</replaceable>." + +#~ msgid "" +#~ "<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)." +#~ msgstr "" +#~ "<quote>local</quote>: SSSD:s interna leverantör för lokala användare " +#~ "(FÖRÅLDRAT)." + +#~ msgid "<quote>local</quote>: SSSD internal provider for local users" +#~ msgstr "" +#~ "<quote>local</quote>: SSSD:s interna leverantör för lokala användare" + +#~ msgid "" +#~ "Treat user and group names as case sensitive. <phrase " +#~ "condition=\"enable_local_provider\"> At the moment, this option is not " +#~ "supported in the local provider. </phrase> Possible option values are: " +#~ "<placeholder type=\"variablelist\" id=\"0\"/>" +#~ msgstr "" +#~ "Behandla användar- och gruppnamn som skiftlägeskänsliga. <phrase " +#~ "condition=\"enable_local_provider\">För tillfället stödjs inte detta " +#~ "alternativ för den lokala leverantören. </phrase> Möjliga värden på " +#~ "alternativet är: <placeholder type=\"variablelist\" id=\"0\"/>" + +#~ msgid "The local domain section" +#~ msgstr "Den lokala domänsektionen" + +#~ msgid "" +#~ "This section contains settings for domain that stores users and groups in " +#~ "SSSD native database, that is, a domain that uses " +#~ "<replaceable>id_provider=local</replaceable>." +#~ msgstr "" +#~ "Denna sektion innehåller inställningar för domänen som lagrar användare " +#~ "och grupper i SSSD:s egna databas, det vill säga, en domän som använder " +#~ "<replaceable>id_provider=local</replaceable>." + +#~ msgid "default_shell (string)" +#~ msgstr "default_shell (sträng)" + +#~ msgid "The default shell for users created with SSSD userspace tools." +#~ msgstr "" +#~ "Standardskalet för användare som skapas med SSSD:s verktyg för " +#~ "användarrymden." + +#~ msgid "Default: <filename>/bin/bash</filename>" +#~ msgstr "Standard: <filename>/bin/bash</filename>" + +#~ msgid "base_directory (string)" +#~ msgstr "base_directory (sträng)" + +#~ msgid "" +#~ "The tools append the login name to <replaceable>base_directory</" +#~ "replaceable> and use that as the home directory." +#~ msgstr "" +#~ "Verktygen lägger till inloggningsnamnet till <replaceable>base_directory</" +#~ "replaceable> och använder det som hemkatalogen." + +#~ msgid "Default: <filename>/home</filename>" +#~ msgstr "Standard: <filename>/home</filename>" + +#~ msgid "create_homedir (bool)" +#~ msgstr "create_homedir (bool)" + +#~ msgid "" +#~ "Indicate if a home directory should be created by default for new users. " +#~ "Can be overridden on command line." +#~ msgstr "" +#~ "Indikera om en hemkatalog skall skapas som standard för nya användare. " +#~ "Kan åsidosättas på kommandoraden." + +#~ msgid "remove_homedir (bool)" +#~ msgstr "remove_homedir (bool)" + +#~ msgid "" +#~ "Indicate if a home directory should be removed by default for deleted " +#~ "users. Can be overridden on command line." +#~ msgstr "" +#~ "Indikera om en hemkatalog skall tas bort som standard för raderade " +#~ "användare. Kan åsidosättas på kommandoraden." + +#~ msgid "homedir_umask (integer)" +#~ msgstr "homedir_umask (heltal)" + +#~ msgid "" +#~ "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +#~ "<manvolnum>8</manvolnum> </citerefentry> to specify the default " +#~ "permissions on a newly created home directory." +#~ msgstr "" +#~ "Används av <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +#~ "<manvolnum>8</manvolnum> </citerefentry> för att ange " +#~ "standardrättigheterna på en nyskapad hemkatalog." + +#~ msgid "Default: 077" +#~ msgstr "Standard: 077" + +#~ msgid "skel_dir (string)" +#~ msgstr "skel_dir (sträng)" + +#~ msgid "" +#~ "The skeleton directory, which contains files and directories to be copied " +#~ "in the user's home directory, when the home directory is created by " +#~ "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +#~ "manvolnum> </citerefentry>" +#~ msgstr "" +#~ "Skelettkatalogen, som innehåller filer och kataloger som skall kopieras " +#~ "till användarens hemkatalog, när hemkatalogen skapas av <citerefentry> " +#~ "<refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</manvolnum> </" +#~ "citerefentry>" + +#~ msgid "Default: <filename>/etc/skel</filename>" +#~ msgstr "Standard: <filename>/etc/skel</filename>" + +#~ msgid "mail_dir (string)" +#~ msgstr "mail_dir (sträng)" + +#~ msgid "" +#~ "The mail spool directory. This is needed to manipulate the mailbox when " +#~ "its corresponding user account is modified or deleted. If not specified, " +#~ "a default value is used." +#~ msgstr "" +#~ "Brevlådekatalogen. Detta behövs för att hantera brevlådan när det " +#~ "motsvarande användarkontot ändras eller raderas. Om inte angivet används " +#~ "ett standardvärde." + +#~ msgid "Default: <filename>/var/mail</filename>" +#~ msgstr "Standard: <filename>/var/mail</filename>" + +#~ msgid "userdel_cmd (string)" +#~ msgstr "userdel_cmd (sträng)" + +#~ msgid "" +#~ "The command that is run after a user is removed. The command us passed " +#~ "the username of the user being removed as the first and only parameter. " +#~ "The return code of the command is not taken into account." +#~ msgstr "" +#~ "Kommandot att köra efter att en användare tagits bort. Kommandot får " +#~ "användarnamnet på användaren som tas bort som första och enda parameter. " +#~ "Ingen hänsyn tas till returkoden från kommandot." + +#~ msgid "Default: None, no command is run" +#~ msgstr "Standard: Inget, inget kommando körs" + +#~ msgid "sss_useradd" +#~ msgstr "sss_useradd" + +#~ msgid "create a new user" +#~ msgstr "skapa en ny användare" + +#~ msgid "" +#~ "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_useradd</command> <arg choice='opt'> <replaceable>flaggor</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>INLOGGNINGSNAMN</" +#~ "replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_useradd</command> creates a new user account using the " +#~ "values specified on the command line plus the default values from the " +#~ "system." +#~ msgstr "" +#~ "<command>sss_useradd</command> skapar ett nytt användarkonto med värdena " +#~ "som anges på kommandoraden plus standardvärden från systemet." + +#~ msgid "" +#~ "Set the UID of the user to the value of <replaceable>UID</replaceable>. " +#~ "If not given, it is chosen automatically." +#~ msgstr "" +#~ "Sätt AID:t för användaren till värdet av <replaceable>AID</replaceable>. " +#~ "Om det inte anges väljs det automatiskt." + +#~ msgid "" +#~ "The home directory of the user account. The default is to append the " +#~ "<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and " +#~ "use that as the home directory. The base that is prepended before " +#~ "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" +#~ "baseDirectory</quote> setting in sssd.conf." +#~ msgstr "" +#~ "Hemkatalogen för användarkontot. Standardvärde är att lägga till namnet " +#~ "<replaceable>INLOGGNINGSNAMN</replaceable> till <filename>/home</" +#~ "filename> och använda det som hemkatalog. Basen som läggs till före " +#~ "<replaceable>INLOGGNINGSNAMN</replaceable> kan ställas in med " +#~ "inställningen <quote>user_defaults/baseDirectory</quote> i sssd.conf." + +#~ msgid "" +#~ "The user's login shell. The default is currently <filename>/bin/bash</" +#~ "filename>. The default can be changed with <quote>user_defaults/" +#~ "defaultShell</quote> setting in sssd.conf." +#~ msgstr "" +#~ "Användarens inloggningsskal. Standard är för närvarande <filename>/bin/" +#~ "bash</filename>. Standardvärdet kan ändras med inställningen " +#~ "<quote>user_defaults/defaultShell</quote> i sssd.conf." + +#~ msgid "" +#~ "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-G</option>,<option>--groups</option> <replaceable>GRUPPER</" +#~ "replaceable>" + +#~ msgid "A list of existing groups this user is also a member of." +#~ msgstr "" +#~ "En lista av befintliga grupper denna användare också är en medlem i." + +#~ msgid "<option>-m</option>,<option>--create-home</option>" +#~ msgstr "<option>-m</option>,<option>--create-home</option>" + +#~ msgid "" +#~ "Create the user's home directory if it does not exist. The files and " +#~ "directories contained in the skeleton directory (which can be defined " +#~ "with the -k option or in the config file) will be copied to the home " +#~ "directory." +#~ msgstr "" +#~ "Skapa användarens hemkatalog om den inte redan finns. Filerna och " +#~ "katalogerna som finns i skelettkatalogen (som kan definieras med flaggan -" +#~ "k eller i konfigurationsfilen) kommer kopieras till hemkatalogen." + +#~ msgid "<option>-M</option>,<option>--no-create-home</option>" +#~ msgstr "<option>-M</option>,<option>--no-create-home</option>" + +#~ msgid "" +#~ "Do not create the user's home directory. Overrides configuration settings." +#~ msgstr "" +#~ "Skapa inte användarens hemkatalog. Åsidosätter " +#~ "konfigurationsinställningar." + +#~ msgid "" +#~ "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-k</option>,<option>--skel</option> <replaceable>SKELKAT</" +#~ "replaceable>" + +#~ msgid "" +#~ "The skeleton directory, which contains files and directories to be copied " +#~ "in the user's home directory, when the home directory is created by " +#~ "<command>sss_useradd</command>." +#~ msgstr "" +#~ "Skelettkatalogen, som innehåller filer och kataloger som skall kopieras " +#~ "till användarens hemkatalog, när hemkatalogen skapas av " +#~ "<command>sss_useradd</command>." + +#~ msgid "" +#~ "Special files (block devices, character devices, named pipes and unix " +#~ "sockets) will not be copied." +#~ msgstr "" +#~ "Specialfiler (blockenheter, teckenenheter, namngivna rör och unix-uttag) " +#~ "kommer inte kopieras." + +#~ msgid "" +#~ "This option is only valid if the <option>-m</option> (or <option>--create-" +#~ "home</option>) option is specified, or creation of home directories is " +#~ "set to TRUE in the configuration." +#~ msgstr "" +#~ "Denna flagga är endast giltig om flaggan <option>-m</option> (eller " +#~ "<option>--create-home</option>) anges, eller att skapandet av " +#~ "hemkataloger är satt till TRUE i konfigurationen." + +#~ msgid "" +#~ "<option>-Z</option>,<option>--selinux-user</option> " +#~ "<replaceable>SELINUX_USER</replaceable>" +#~ msgstr "" +#~ "<option>-Z</option>,<option>--selinux-user</option> <replaceable>SELINUX-" +#~ "ANVÄNDARE</replaceable>" + +#~ msgid "" +#~ "The SELinux user for the user's login. If not specified, the system " +#~ "default will be used." +#~ msgstr "" +#~ "SELinux-användaren för användarens inloggning. Om det inte anges används " +#~ "systemstandarden." + +#~ msgid "sss_groupadd" +#~ msgstr "sss_groupadd" + +#~ msgid "create a new group" +#~ msgstr "skapa en ny grupp" + +#~ msgid "" +#~ "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>flaggor</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GRUPP</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_groupadd</command> creates a new group. These groups are " +#~ "compatible with POSIX groups, with the additional feature that they can " +#~ "contain other groups as members." +#~ msgstr "" +#~ "<command>sss_groupadd</command> skapar en ny grupp. Dessa grupper är " +#~ "kompatibla med POSIX-grupper, med den ytterligare funktionen att de kan " +#~ "innehålla andra grupper som medlemmar." + +#~ msgid "" +#~ "Set the GID of the group to the value of <replaceable>GID</replaceable>. " +#~ "If not given, it is chosen automatically." +#~ msgstr "" +#~ "Sätt GID:t för gruppen till värdet av <replaceable>GID</replaceable>. Om " +#~ "det inte anges väljs det automatiskt." + +#~ msgid "sss_userdel" +#~ msgstr "sss_userdel" + +#~ msgid "delete a user account" +#~ msgstr "ta bort ett användarkonto" + +#~ msgid "" +#~ "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_userdel</command> <arg choice='opt'> <replaceable>flaggor</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>INLOGGNINGSNAMN</" +#~ "replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_userdel</command> deletes a user identified by login name " +#~ "<replaceable>LOGIN</replaceable> from the system." +#~ msgstr "" +#~ "<command>sss_userdel</command> tar bort en användare identifierad av " +#~ "inloggningsnamnet <replaceable>INLOGGNINGSNAMN</replaceable> från " +#~ "systemet." + +#~ msgid "<option>-r</option>,<option>--remove</option>" +#~ msgstr "<option>-r</option>,<option>--remove</option>" + +#~ msgid "" +#~ "Files in the user's home directory will be removed along with the home " +#~ "directory itself and the user's mail spool. Overrides the configuration." +#~ msgstr "" +#~ "Filer i användarens hemkatalog kommer tas bort tillsammans med själva " +#~ "hemkatalogen och användarens brevlåda. Åsidosätter konfigurationen." + +#~ msgid "<option>-R</option>,<option>--no-remove</option>" +#~ msgstr "<option>-R</option>,<option>--no-remove</option>" + +#~ msgid "" +#~ "Files in the user's home directory will NOT be removed along with the " +#~ "home directory itself and the user's mail spool. Overrides the " +#~ "configuration." +#~ msgstr "" +#~ "Filer i användarens hemkatalog kommer INTE tas bort tillsammans med " +#~ "själva hemkatalogen och användarens brevlåda. Åsidosätter " +#~ "konfigurationen." + +#~ msgid "<option>-f</option>,<option>--force</option>" +#~ msgstr "<option>-f</option>,<option>--force</option>" + +#~ msgid "" +#~ "This option forces <command>sss_userdel</command> to remove the user's " +#~ "home directory and mail spool, even if they are not owned by the " +#~ "specified user." +#~ msgstr "" +#~ "Denna flagga tvingar <command>sss_userdel</command> att ta bort " +#~ "användarens hemkatalog och brevlåda, även om de inte ägs av den angivna " +#~ "användaren." + +#~ msgid "<option>-k</option>,<option>--kick</option>" +#~ msgstr "<option>-k</option>,<option>--kick</option>" + +#~ msgid "Before actually deleting the user, terminate all his processes." +#~ msgstr "Före användaren faktiskt tas bort, döda alla hans processer." + +#~ msgid "sss_groupdel" +#~ msgstr "sss_groupdel" + +#~ msgid "delete a group" +#~ msgstr "ta bort en grupp" + +#~ msgid "" +#~ "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>flaggor</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GRUPP</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_groupdel</command> deletes a group identified by its name " +#~ "<replaceable>GROUP</replaceable> from the system." +#~ msgstr "" +#~ "<command>sss_groupdel</command> tar bort en grupp identifierad av sitt " +#~ "namn <replaceable>GRUPP</replaceable> från systemet." + +#~ msgid "sss_groupshow" +#~ msgstr "sss_groupshow" + +#~ msgid "print properties of a group" +#~ msgstr "skriv ut egenskaperna hos en grupp" + +#~ msgid "" +#~ "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>flaggor</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GRUPP</replaceable></" +#~ "arg>" + +#~ msgid "" +#~ "<command>sss_groupshow</command> displays information about a group " +#~ "identified by its name <replaceable>GROUP</replaceable>. The information " +#~ "includes the group ID number, members of the group and the parent group." +#~ msgstr "" +#~ "<command>sss_groupshow</command> visar information om en grupp " +#~ "identifierad av sitt namn <replaceable>GRUPP</replaceable>. " +#~ "Informationen inkluderar grupp-ID-numret, medlemmar i gruppen och " +#~ "föräldragruppen." + +#~ msgid "<option>-R</option>,<option>--recursive</option>" +#~ msgstr "<option>-R</option>,<option>--recursive</option>" + +#~ msgid "" +#~ "Also print indirect group members in a tree-like hierarchy. Note that " +#~ "this also affects printing parent groups - without <option>R</option>, " +#~ "only the direct parent will be printed." +#~ msgstr "" +#~ "Skriv även ut indirekta gruppmedlemmar i en trädliknande hierarki. " +#~ "Observera att detta även påverkar utskriften av föräldragrupper – utan " +#~ "<option>R</option> kommer endast den direkta föräldern skrivas ut." + +#~ msgid "sss_usermod" +#~ msgstr "sss_usermod" + +#~ msgid "modify a user account" +#~ msgstr "ändra ett användarkonto" + +#~ msgid "" +#~ "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_usermod</command> <arg choice='opt'> <replaceable>flaggor</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>INLOGGNINGSNAMN</" +#~ "replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_usermod</command> modifies the account specified by " +#~ "<replaceable>LOGIN</replaceable> to reflect the changes that are " +#~ "specified on the command line." +#~ msgstr "" +#~ "<command>sss_usermod</command> ändrar kontot som anges av " +#~ "<replaceable>INLOGGNINGSNAMN</replaceable> till att avspegla ändringarna " +#~ "som anges på kommandoraden." + +#~ msgid "The home directory of the user account." +#~ msgstr "Användarkontots hemkatalog." + +#~ msgid "The user's login shell." +#~ msgstr "Användarens inloggningsskal." + +#~ msgid "" +#~ "Append this user to groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter " +#~ "is a comma separated list of group names." +#~ msgstr "" +#~ "Lägg till denna användare till grupperna som anges av parametern " +#~ "<replaceable>GRUPPER</replaceable>. Parametern <replaceable>GRUPPER</" +#~ "replaceable> är en kommaseparerad lista av gruppnamn." + +#~ msgid "" +#~ "Remove this user from groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter." +#~ msgstr "" +#~ "Ta bort denna användare från grupperna som anges av parametern " +#~ "<replaceable>GRUPPER</replaceable>." + +#~ msgid "<option>-l</option>,<option>--lock</option>" +#~ msgstr "<option>-l</option>,<option>--lock</option>" + +#~ msgid "Lock the user account. The user won't be able to log in." +#~ msgstr "Lås användarkontot. Användare kommer inte kunna logga in." + +#~ msgid "<option>-u</option>,<option>--unlock</option>" +#~ msgstr "<option>-u</option>,<option>--unlock</option>" + +#~ msgid "Unlock the user account." +#~ msgstr "Lås upp användarkontot." + +#~ msgid "The SELinux user for the user's login." +#~ msgstr "SELinux-användaren för användarens inloggning." + +#~ msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +#~ msgstr "" +#~ "<option>--addattr</option> <replaceable>ATTR_NAMN_VÄRDE</replaceable>" + +#~ msgid "Add an attribute/value pair. The format is attrname=value." +#~ msgstr "Lägg till ett attribut/värde-par. Formatet är attrnamn=värde." + +#~ msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +#~ msgstr "" +#~ "<option>--setattr</option> <replaceable>ATTR_NAMN_VÄRDE</replaceable>" + +#~ msgid "" +#~ "Set an attribute to a name/value pair. The format is attrname=value. For " +#~ "multi-valued attributes, the command replaces the values already present" +#~ msgstr "" +#~ "Sätt ett attribut till ett namn/värde-par. Formatet är attrnamn=värde. " +#~ "För flervärda attribut ersätter kommandot de värden som redan finns" + +#~ msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +#~ msgstr "" +#~ "<option>--delattr</option> <replaceable>ATTR_NAMN_VÄRDE</replaceable>" + +#~ msgid "Delete an attribute/value pair. The format is attrname=value." +#~ msgstr "Ta bort ett attribut/värde-par. Formatet är attrnamn=värde." + +#~ msgid "Default: /etc/krb5.keytab" +#~ msgstr "Standard: /etc/krb5.keytab" + +#~ msgid "(NSS Version) This option is ignored." +#~ msgstr "(NSS-version) Denna flagga ignoreras." + +#~ msgid "Default: sha256" +#~ msgstr "Standard: sha256" + +#~ msgid "" +#~ "(NSS Version) This option is ignored, because NSS uses sha1 " +#~ "unconditionally." +#~ msgstr "" +#~ "(NSS-version) Detta alternativ ignoreras, för NSS använder ovillkorligen " +#~ "sha1." + +#~ msgid "" +#~ "(NSS Version) This option must be used together with " +#~ "ocsp_default_responder_signing_cert." +#~ msgstr "" +#~ "(NSS-version) Detta alternativ måste användas tillsammans med " +#~ "ocsp_default_responder_signing_cert." + +#~ msgid "" +#~ "(NSS Version) The nickname of the cert to trust (expected) to sign the " +#~ "OCSP responses. The certificate with the given nickname must be " +#~ "available in the systems NSS database." +#~ msgstr "" +#~ "(NSS-version) Smeknamnet på certifikatet att lita på att (förväntas) " +#~ "signera OCSP-svaren. Certifikatet med det angivna smeknamnet måste vara " +#~ "tillgängligt i systemets NSS-databas." + +#~ msgid "This option must be used together with ocsp_default_responder." +#~ msgstr "" +#~ "Detta alternativ måste anges tillsammans med ocsp_default_responder." + +#~ msgid "" +#~ "(NSS Version) This option is ignored, please see <citerefentry> " +#~ "<refentrytitle>crlutil</refentrytitle> <manvolnum>1</manvolnum> </" +#~ "citerefentry> how to import a Certificate Revocation List (CRL) into a " +#~ "NSS database." +#~ msgstr "" +#~ "(NSS-version) Detta alternativ ignoreras, se <citerefentry> " +#~ "<refentrytitle>crlutil</refentrytitle> <manvolnum>1</manvolnum> </" +#~ "citerefentry> för hur man importerar en certifikatåterkallelselista " +#~ "(Certificate Revocation List, CRL) in i en NSS-databas." + +#~ msgid "This man page was generated for the NSS version." +#~ msgstr "Denna manualsida genererades för NSS-versionen." + +#~ msgid "This man page was generated for the OpenSSL version." +#~ msgstr "Denna manualsida genererades för OpenSSL-versionen." + +#~ msgid "" +#~ "The random offset can increment up to 30 seconds. After each " +#~ "unsuccessful attempt to go online, the new interval is recalculated by " +#~ "the following:" +#~ msgstr "" +#~ "Slumptillägget kan öka upp till 30 sekunder. Efter varje misslyckat " +#~ "försök att koppla upp kalkyleras det nya intervallet om enligt följande:" + +#~ msgid "new_interval = old_interval*2 + random_offset" +#~ msgstr "nytt_intervall = gammalt_intervall·2 + slumptillägg" + +#~ msgid "" +#~ "Note that the maximum length of each interval is currently limited to one " +#~ "hour. If the calculated length of new_interval is greater than an hour, " +#~ "it will be forced to one hour." +#~ msgstr "" +#~ "Observera att den maximala längden på varje intervall för närvarande är " +#~ "begränsat till en timma. Om den beräknade längden av nytt_intervall är " +#~ "större än en timma kommer det att tvingas tillbaka till en timma." + +#~ msgid "memcache_timeout (int)" +#~ msgstr "memcache_timeout (heltal)" + +#~ msgid "" +#~ "/etc/pki/nssdb (NSS version, path to a NSS database which contains the " +#~ "PKCS#11 modules to access the Smartcard and the trusted CA certificates)" +#~ msgstr "" +#~ "/etc/pki/nssdb (NSS-version, sökväg till en NSS-databas som innehåller " +#~ "PKCS#11-modulerna för att komma åt smartkorten och de betrodda CA-" +#~ "certifikaten)" + +#~ msgid "/etc/pki/nssdb (NSS version, path to a NSS database)" +#~ msgstr "/etc/pki/nssdb (NSS-version, sökväg till en NSS-databas)" + +#~ msgid "<option>-f</option>,<option>--debug-to-files</option>" +#~ msgstr "<option>-f</option>,<option>--debug-to-files</option>" + +#~ msgid "" +#~ "Send the debug output to files instead of stderr. By default, the log " +#~ "files are stored in <filename>/var/log/sssd</filename> and there are " +#~ "separate log files for every SSSD service and domain." +#~ msgstr "" +#~ "Skicka felutskrifter till filer istället för standard fel. Som standard " +#~ "sparas loggfilerna i <filename>/var/log/sssd</filename> och det finns " +#~ "separata loggfiler för varje SSSD-tjänst och domän." + +#~ msgid "" +#~ "This option is deprecated. It is replaced by <option>--logger=files</" +#~ "option>." +#~ msgstr "" +#~ "Denna flagga undanbedes. Den är ersatt av <option>--logger=files</" +#~ "option>." + +#~ msgid "" +#~ "Location where SSSD will send log messages. This option overrides the " +#~ "value of the deprecated option <option>--debug-to-files</option>. The " +#~ "deprecated option will still work if the <option>--logger</option> is not " +#~ "used." +#~ msgstr "" +#~ "Plats dit SSSD skall skicka loggmeddelanden. Denna flagga åsidosätter " +#~ "värdet på den undanbedda flaggan <option>--debug-to-files</option>. Den " +#~ "undanbedda flaggan kommer fortfarande fungera om <option>--logger</" +#~ "option> inte används." + +#~ msgid "<emphasis>Default</emphasis>: 0" +#~ msgstr "<emphasis>Standard</emphasis>: 0" diff --git a/src/man/po/tg.po b/src/man/po/tg.po new file mode 100644 index 0000000..e4dc18d --- /dev/null +++ b/src/man/po/tg.po @@ -0,0 +1,18237 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 2.3.0\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" +"PO-Revision-Date: 2014-12-15 12:10-0500\n" +"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" +"Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/" +"tg/)\n" +"Language: tg\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Zanata 4.6.2\n" + +#. type: Content of: <reference><title> +#: sssd.conf.5.xml:8 sssd-ldap.5.xml:5 pam_sss.8.xml:5 pam_sss_gss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5 +#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 +#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sssd-krb5.5.xml:5 +#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5 +#: sssd-files.5.xml:5 sssd-session-recording.5.xml:5 sssd-kcm.8.xml:5 +#: sssd-systemtap.5.xml:5 sssd-ldap-attributes.5.xml:5 +#: sssd_krb5_localauth_plugin.8.xml:5 +msgid "SSSD Manual pages" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:13 sssd.conf.5.xml:19 +msgid "sssd.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:14 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 +#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +#: sssd-files.5.xml:11 sssd-session-recording.5.xml:11 sssd-systemtap.5.xml:11 +#: sssd-ldap-attributes.5.xml:11 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:15 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 +#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +#: sssd-files.5.xml:12 sssd-session-recording.5.xml:12 sssd-kcm.8.xml:12 +#: sssd-systemtap.5.xml:12 sssd-ldap-attributes.5.xml:12 +msgid "File Formats and Conventions" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:20 +msgid "the configuration file for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:24 +msgid "FILE FORMAT" +msgstr "Формати файл" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:32 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:27 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:39 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:44 +msgid "" +"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:50 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:56 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:62 +msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:65 +msgid "" +"The configuration file <filename>sssd.conf</filename> will include " +"configuration snippets using the include directory <filename>conf.d</" +"filename>. This feature is available if SSSD was compiled with libini " +"version 1.3.0 or later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:72 +msgid "" +"Any file placed in <filename>conf.d</filename> that ends in " +"<quote><filename>.conf</filename></quote> and does not begin with a dot " +"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> " +"to configure SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:80 +msgid "" +"The configuration snippets from <filename>conf.d</filename> have higher " +"priority than <filename>sssd.conf</filename> and will override " +"<filename>sssd.conf</filename> when conflicts occur. If several snippets are " +"present in <filename>conf.d</filename>, then they are included in " +"alphabetical order (based on locale). Files included later have higher " +"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, " +"<filename>02_snippet.conf</filename> etc.) can help visualize the priority " +"(higher number means higher priority)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:94 +msgid "" +"The snippet files require the same owner and permissions as <filename>sssd." +"conf</filename>. Which are by default root:root and 0600." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:101 +msgid "GENERAL OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:103 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:107 +msgid "Options usable in all sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:111 +msgid "debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:115 +msgid "debug (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:118 +msgid "" +"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias " +"for <replaceable>debug_level</replaceable> as a convenience feature. If both " +"are specified, the value of <replaceable>debug_level</replaceable> will be " +"used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:128 +msgid "debug_timestamps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:131 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 +msgid "Default: true" +msgstr "Пешфарз: true" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:141 +msgid "debug_microseconds (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:144 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 +#: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 +#: include/krb5_options.xml:163 +msgid "Default: false" +msgstr "Пешфарз: false" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:154 +msgid "debug_backtrace_enabled (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:157 +msgid "Enable debug backtrace." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:160 +msgid "" +"In case SSSD is run with debug_level less than 9, everything is logged to a " +"ring buffer in memory and flushed to a log file on any error up to and " +"including `min(0x0040, debug_level)` (i.e. if debug_level is explicitly set " +"to 0 or 1 then only those error levels will trigger backtrace, otherwise up " +"to 2)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:169 +msgid "" +"Feature is only supported for `logger == files` (i.e. setting doesn't have " +"effect for other logger types)." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 +#: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 +#: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 +#: sssd-ldap-attributes.5.xml:890 sssd-ldap-attributes.5.xml:987 +#: sssd-ldap-attributes.5.xml:1045 sssd-ldap-attributes.5.xml:1203 +#: sssd-ldap-attributes.5.xml:1248 include/autofs_attributes.xml:1 +#: include/krb5_options.xml:1 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:182 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:186 +msgid "timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:189 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests. Note " +"that after three missed heartbeats the process will terminate itself." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +msgid "Default: 10" +msgstr "Пешфарз: 10" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:206 +msgid "SPECIAL SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:209 +msgid "The [sssd] section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><title> +#: sssd.conf.5.xml:218 +msgid "Section parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:220 +msgid "config_file_version (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:223 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:229 +msgid "services" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:232 +msgid "" +"Comma separated list of services that are started when sssd itself starts. " +"<phrase condition=\"have_systemd\"> The services' list is optional on " +"platforms where systemd is supported, as they will either be socket or D-Bus " +"activated when needed. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:241 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:249 +msgid "" +"<phrase condition=\"have_systemd\"> By default, all services are disabled " +"and the administrator must enable the ones allowed to be used by executing: " +"\"systemctl enable sssd-@service@.socket\". </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 +msgid "reconnection_retries (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 +#: include/failover.xml:100 +msgid "Default: 3" +msgstr "Пешфарз: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:271 +msgid "domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:274 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter describes the list of domains in the order you want " +"them to be queried. A domain name is recommended to contain only " +"alphanumeric ASCII characters, dashes, dots and underscores. '/' character " +"is forbidden." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 +msgid "re_expression (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:290 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:295 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN SECTIONS " +"for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 +msgid "full_name_format (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 +msgid "%1$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 +msgid "user name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 +msgid "%2$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 +msgid "domain name as specified in the SSSD config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 +msgid "%3$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:344 +msgid "" +"Each domain can have an individual format string configured. See DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:350 +msgid "monitor_resolv_conf (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:353 +msgid "" +"Controls if SSSD should monitor the state of resolv.conf to identify when it " +"needs to update its internal DNS resolver." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:363 +msgid "try_inotify (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:366 +msgid "" +"By default, SSSD will attempt to use inotify to monitor configuration files " +"changes and will fall back to polling every five seconds if inotify cannot " +"be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:378 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:382 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:389 +msgid "krb5_rcache_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:396 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:402 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:409 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:412 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user. Currently the only supported value is '&sssd_user_name;'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:419 +msgid "" +"This option does not work when running socket-activated services, as the " +"user set up to run the processes is set up during compilation time. The way " +"to override the systemd unit files is by creating the appropriate files in /" +"etc/systemd/system/. Keep in mind that any change in the socket user, group " +"or permissions may result in a non-usable SSSD. The same may occur in case " +"of changes of the user running the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:433 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:438 +msgid "default_domain_suffix (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:441 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:451 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False. <phrase condition=\"with_files_provider\"> One exception from " +"this rule are domains with <quote>id_provider=files</quote> that always try " +"to match the behaviour of nss_files and therefore their output is not " +"qualified even when the default_domain_suffix option is used. </phrase>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 +#: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 +#: include/krb5_options.xml:148 +msgid "Default: not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:473 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:476 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:485 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:498 +msgid "certificate_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:506 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:508 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:516 +msgid "soft_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:518 +msgid "" +"If a connection cannot be established to an OCSP responder the OCSP check is " +"skipped. This option should be used to allow authentication when the system " +"is offline and the OCSP responder cannot be reached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:528 +msgid "ocsp_dgst" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "" +"Digest (hash) function used to create the certificate ID for the OCSP " +"request. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:534 +msgid "sha1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:535 +msgid "sha256" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:536 +msgid "sha384" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:537 +msgid "sha512" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:540 +msgid "Default: sha1 (to allow compatibility with RFC5019-compliant responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:546 +msgid "no_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:548 +msgid "" +"Disables verification completely. This option should only be used for " +"testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "partial_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:556 +msgid "" +"Allow verification to succeed even if a <replaceable>complete</replaceable> " +"chain cannot be built to a self-signed trust-anchor, provided it is possible " +"to construct a chain to a trusted certificate that might not be self-signed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:565 +msgid "ocsp_default_responder=URL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:567 +msgid "" +"Sets the OCSP default responder which should be used instead of the one " +"mentioned in the certificate. URL must be replaced with the URL of the OCSP " +"default responder e.g. http://example.com:80/ocsp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:577 +msgid "ocsp_default_responder_signing_cert=NAME" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:579 +msgid "" +"This option is currently ignored. All needed certificates must be available " +"in the PEM file given by pam_cert_db_path." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:587 +msgid "crl_file=/PATH/TO/CRL/FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:589 +msgid "" +"Use the Certificate Revocation List (CRL) from the given file during the " +"verification of the certificate. The CRL must be given in PEM format, see " +"<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</" +"manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:602 +msgid "soft_crl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:605 +msgid "" +"If a Certificate Revocation List (CRL) is expired ignore the CRL checks for " +"the related certificates. This option should be used to allow authentication " +"when the system is offline and the CRL cannot be renewed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:616 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:619 +msgid "Default: not set, i.e. do not restrict certificate verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:625 +msgid "disable_netlink (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "" +"SSSD hooks into the netlink interface to monitor changes to routes, " +"addresses, links and trigger certain actions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:633 +msgid "" +"The SSSD state changes caused by netlink events may be undesirable and can " +"be disabled by setting this option to 'true'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:638 +msgid "Default: false (netlink changes are detected)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:643 +msgid "enable_files_domain (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:646 +msgid "" +"When this option is enabled, SSSD prepends an implicit domain with " +"<quote>id_provider=files</quote> before any explicitly configured domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:657 +msgid "domain_resolution_order" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:660 +msgid "" +"Comma separated list of domains and subdomains representing the lookup order " +"that will be followed. The list doesn't have to include all possible " +"domains as the missing domains will be looked up based on the order they're " +"presented in the <quote>domains</quote> configuration option. The " +"subdomains which are not listed as part of <quote>lookup_order</quote> will " +"be looked up in a random order for each parent domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:672 +msgid "" +"Please, note that when this option is set the output format of all commands " +"is always fully-qualified even when using short names for input <phrase " +"condition=\"with_files_provider\"> , for all users but the ones managed by " +"the files provider </phrase>. In case the administrator wants the output " +"not fully-qualified, the full_name_format option can be used as shown below: " +"<quote>full_name_format=%1$s</quote> However, keep in mind that during " +"login, login applications often canonicalize the username by calling " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> which, if a shortname is returned for a qualified " +"input (while trying to reach a user which exists in multiple domains) might " +"re-route the login attempt into the domain which uses shortnames, making " +"this workaround totally not recommended in cases where usernames may overlap " +"between domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 +#: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 +msgid "Default: Not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:705 +msgid "implicit_pac_responder (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:708 +msgid "" +"The PAC responder is enabled automatically for the IPA and AD provider to " +"evaluate and check the PAC. If it has to be disabled set this option to " +"'false'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:719 +msgid "core_dumpable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:722 +msgid "" +"This option can be used for general system hardening: setting it to 'false' " +"forbids core dumps for all SSSD processes to avoid leaking plain text " +"passwords. See man page prctl:PR_SET_DUMPABLE for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:734 +msgid "passkey_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "user_verification (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:744 +msgid "" +"Enable or disable the user verification (i.e. PIN, fingerprint) during " +"authentication. If enabled, the PIN will always be requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:750 +msgid "" +"The default is that the key settings decide what to do. In the IPA or " +"kerberos pre-authentication case, this value will be overwritten by the " +"server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "" +"With this parameter the passkey verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:211 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:769 +msgid "SERVICES SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:771 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:778 +msgid "General service configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:780 +msgid "These options can be used to configure any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:797 +msgid "fd_limit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:800 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:814 +msgid "client_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:817 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system. The timeout " +"can't be shorter than 10 seconds. If a lower value is configured, it will be " +"adjusted to 10 seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +#, fuzzy +#| msgid "Default: 5400" +msgid "Default: 60, KCM: 300" +msgstr "Пешфарз: 5400" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:831 +msgid "offline_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:834 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. By " +"default SSSD uses incremental behaviour to calculate delay in between " +"retries. So, the wait time for a given retry will be longer than the wait " +"time for the previous ones. After each unsuccessful attempt to go online, " +"the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 +msgid "" +"new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." +"offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:848 +msgid "" +"The offline_timeout default value is 60. The offline_timeout_max default " +"value is 3600. The offline_timeout_random_offset default value is 30. The " +"end result is amount of seconds before next retry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:854 +msgid "" +"Note that the maximum length of each interval is defined by " +"offline_timeout_max (apart of random part)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 +msgid "Default: 60" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:863 +msgid "offline_timeout_max (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:866 +msgid "" +"Controls by how much the time between attempts to go online can be " +"incremented following unsuccessful attempts to go online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:871 +msgid "A value of 0 disables the incrementing behaviour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:874 +msgid "" +"The value of this parameter should be set in correlation to offline_timeout " +"parameter value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "" +"With offline_timeout set to 60 (default value) there is no point in setting " +"offlinet_timeout_max to less than 120 as it will saturate instantly. General " +"rule here should be to set offline_timeout_max to at least 4 times " +"offline_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "" +"Although a value between 0 and offline_timeout may be specified, it has the " +"effect of overriding the offline_timeout value so is of little use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:889 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: 3600" +msgstr "Пешфарз: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:894 +msgid "offline_timeout_random_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:897 +msgid "" +"When SSSD is in offline mode it keeps probing backend servers in specified " +"time intervals:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:904 +msgid "" +"This parameter controls the value of the random offset used for the above " +"equation. Final random_offset value will be random number in range:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "[0 - offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:912 +msgid "A value of 0 disables the random offset addition." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:915 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: 30" +msgstr "Пешфарз: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:920 +msgid "responder_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:923 +msgid "" +"This option specifies the number of seconds that an SSSD responder process " +"can be up without being used. This value is limited in order to avoid " +"resource exhaustion on the system. The minimum acceptable value for this " +"option is 60 seconds. Setting this option to 0 (zero) means that no timeout " +"will be set up to the responder. This option only has effect when SSSD is " +"built with systemd support and when services are either socket or D-Bus " +"activated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 +msgid "Default: 300" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:942 +msgid "cache_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 +msgid "" +"This option specifies whether the responder should query all caches before " +"querying the Data Providers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:960 +msgid "NSS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:962 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:967 +msgid "enum_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:970 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:974 +msgid "Default: 120" +msgstr "Пешфарз: 120" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:979 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:982 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:988 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:998 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 +msgid "Default: 50" +msgstr "Пешфарз: 50" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1011 +msgid "entry_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 +msgid "Default: 15" +msgstr "Пешфарз: 15" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1025 +msgid "local_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1028 +msgid "" +"Specifies for how many seconds nss_sss should keep local users and groups in " +"negative cache before trying to look it up in the back end again. Setting " +"the option to 0 disables this feature." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "Default: 14400 (4 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1039 +msgid "filter_users, filter_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1042 +msgid "" +"Exclude certain users or groups from being fetched from the sss NSS " +"database. This is particularly useful for system accounts. This option can " +"also be set per-domain or include fully-qualified names to filter only users " +"from the particular domain or by a user principal name (UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1050 +msgid "" +"NOTE: The filter_groups option doesn't affect inheritance of nested group " +"members, since filtering happens after they are propagated for returning via " +"NSS. E.g. a group having a member group filtered out will still have the " +"member users of the latter listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1058 +msgid "Default: root" +msgstr "Пешфарз: root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1063 +msgid "filter_users_in_groups (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1066 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1077 +msgid "fallback_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1080 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1085 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1091 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1095 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1101 +msgid "override_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1104 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1116 +msgid "allowed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1119 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1122 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1126 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1131 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1136 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1139 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1146 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1149 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1153 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1158 +msgid "vetoed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1161 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1166 +msgid "shell_fallback (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1169 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1173 +msgid "Default: /bin/sh" +msgstr "Пешфарз: /bin/sh" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1178 +msgid "default_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1181 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1187 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 +msgid "get_domains_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1206 +msgid "memcache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1209 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid. Setting this option to zero will disable the in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1217 +msgid "" +"WARNING: Disabling the in-memory cache will have significant negative impact " +"on SSSD's performance and should only be used for testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1231 +msgid "memcache_size_passwd (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1234 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for passwd requests. Setting the size to 0 will disable the passwd in-" +"memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 +msgid "" +"WARNING: Disabled or too small in-memory cache can have significant negative " +"impact on SSSD's performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1256 +msgid "memcache_size_group (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1259 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for group requests. Setting the size to 0 will disable the group in-memory " +"cache." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 +#: include/krb5_options.xml:11 +msgid "Default: 6" +msgstr "Пешфарз: 6" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1281 +msgid "memcache_size_initgroups (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1284 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for initgroups requests. Setting the size to 0 will disable the initgroups " +"in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1306 +msgid "memcache_size_sid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1309 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for SID related requests. Only SID-by-ID and ID-by-SID requests are " +"currently cached in fast in-memory cache. Setting the size to 0 will " +"disable the SID in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1336 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1349 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1354 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1359 +msgid "pwfield (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1362 +msgid "" +"The value that NSS operations that return users or groups will return for " +"the <quote>password</quote> field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1367 +#, fuzzy +#| msgid "Default: true" +msgid "Default: <quote>*</quote>" +msgstr "Пешфарз: true" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1370 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[nss] section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1374 +msgid "" +"Default: <quote>not set</quote> (remote domains), <phrase " +"condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" +"phrase> <quote>x</quote> (proxy domain with nss_files and sssd-shadowutils " +"target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1386 +msgid "PAM configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1388 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1393 +msgid "offline_credentials_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1396 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 +msgid "Default: 0 (No limit)" +msgstr "Пешфарз: 0 (Номаҳдуд)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1407 +msgid "offline_failed_login_attempts (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1410 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1420 +msgid "offline_failed_login_delay (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1423 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1428 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 +msgid "Default: 5" +msgstr "Пешфарз: 5" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1440 +msgid "pam_verbosity (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1443 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1448 +msgid "Currently sssd supports the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1451 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1454 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1458 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1465 sssd.8.xml:63 +msgid "Default: 1" +msgstr "Пешфарз: 1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1471 +msgid "pam_response_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1474 +msgid "" +"A comma separated list of strings which allows to remove (filter) data sent " +"by the PAM responder to pam_sss PAM module. There are different kind of " +"responses sent to pam_sss e.g. messages displayed to the user or environment " +"variables which should be set by pam_sss." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1482 +msgid "" +"While messages already can be controlled with the help of the pam_verbosity " +"option this option allows to filter out other kind of responses as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1489 +msgid "ENV" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1490 +msgid "Do not send any environment variables to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1493 +msgid "ENV:var_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1494 +msgid "Do not send environment variable var_name to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1498 +msgid "ENV:var_name:service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1499 +msgid "Do not send environment variable var_name to service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1487 +msgid "" +"Currently the following filters are supported: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1506 +msgid "" +"The list of strings can either be the list of filters which would set this " +"list of filters and overwrite the defaults. Or each element of the list can " +"be prefixed by a '+' or '-' character which would add the filter to the " +"existing default or remove it from the defaults, respectively. Please note " +"that either all list elements must have a '+' or '-' prefix or none. It is " +"considered as an error to mix both styles." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1517 +msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1520 +msgid "" +"Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1527 +msgid "pam_id_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1530 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1536 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1550 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1556 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1567 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 +msgid "Default: 0" +msgstr "Пешфарз: 0" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1589 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1592 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to run PAM conversations against trusted domains. Users not " +"included in this list can only access domains marked as public with " +"<quote>pam_public_domains</quote>. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 +msgid "Default: All users are considered trusted by default" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1606 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1620 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1624 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1628 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 +msgid "Default: none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1637 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1640 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbosity is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1653 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1662 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1665 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1672 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1681 +msgid "pam_passkey_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 +msgid "Enable passkey device based authentication." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 +msgid "Default: False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1692 +msgid "passkey_debug_libfido2 (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1695 +msgid "Enable libfido2 library debug messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1703 +msgid "pam_cert_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1706 +msgid "" +"Enable certificate based Smartcard authentication. Since this requires " +"additional communication with the Smartcard which will delay the " +"authentication process this option is disabled by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1717 +msgid "pam_cert_db_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1720 +msgid "The path to the certificate database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 +msgid "Default:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 +msgid "" +"/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " +"certificates in PEM format)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1735 +msgid "pam_cert_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1738 +msgid "" +"With this parameter the PAM certificate verification can be tuned with a " +"comma separated list of options that override the " +"<quote>certificate_verification</quote> value in <quote>[sssd]</quote> " +"section. Supported options are the same of <quote>certificate_verification</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1749 +#, no-wrap +msgid "" +"pam_cert_verification = partial_chain\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1753 +msgid "" +"Default: not set, i.e. use default <quote>certificate_verification</quote> " +"option defined in <quote>[sssd]</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1760 +msgid "p11_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1763 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1772 +msgid "passkey_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1775 +msgid "" +"How many seconds will the PAM responder wait for passkey_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1784 +msgid "pam_app_services (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1787 +msgid "" +"Which PAM services are permitted to contact domains of type " +"<quote>application</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1796 +msgid "pam_p11_allowed_services (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1799 +msgid "" +"A comma-separated list of PAM service names for which it will be allowed to " +"use Smartcards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1814 +#, no-wrap +msgid "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1803 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in order " +"to replace a default PAM service name for authentication with Smartcards (e." +"g. <quote>login</quote>) with a custom PAM service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd-ad.5.xml:869 sssd-ad.5.xml:947 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1863 +msgid "gnome-screensaver" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1871 +msgid "p11_wait_for_card_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1874 +msgid "" +"If Smartcard authentication is required how many extra seconds in addition " +"to p11_child_timeout should the PAM responder wait until a Smartcard is " +"inserted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1885 +msgid "p11_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1888 +msgid "" +"PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " +"selection of devices used for Smartcard authentication. By default SSSD's " +"p11_child will search for a PKCS#11 slot (reader) where the 'removable' " +"flags is set and read the certificates from the inserted token from the " +"first slot found. If multiple readers are connected p11_uri can be used to " +"tell p11_child to use a specific reader." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1901 +#, no-wrap +msgid "" +"p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1905 +#, no-wrap +msgid "" +"p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1899 +msgid "" +"Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " +"type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " +"debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' " +"with e.g. the '--list-all' will show PKCS#11 URIs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1918 +msgid "pam_initgroups_scheme" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1926 +msgid "always" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1927 +msgid "" +"Always do an online lookup, please note that pam_id_timeout still applies" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1931 +msgid "no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1932 +msgid "" +"Only do an online lookup if there is no active session of the user, i.e. if " +"the user is currently not logged in" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1937 +msgid "never" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1938 +msgid "" +"Never force an online lookup, use the data from the cache as long as they " +"are not expired" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1921 +msgid "" +"The PAM responder can force an online lookup to get the current group " +"memberships of the user trying to log in. This option controls when this " +"should be done and the following values are allowed: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1945 +msgid "Default: no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 +msgid "pam_gssapi_services" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1953 +msgid "" +"Comma separated list of PAM services that are allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1958 +msgid "" +"To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[pam] section. It can also be set for trusted domain which overwrites the " +"value in the domain section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1970 +#, no-wrap +msgid "" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1974 +msgid "Default: - (GSSAPI authentication is disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 +msgid "pam_gssapi_check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1982 +msgid "" +"If True, SSSD will require that the Kerberos user principal that " +"successfully authenticated through GSSAPI can be associated with the user " +"who is being authenticated. Authentication will fail if the check fails." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1989 +msgid "" +"If False, every user that is able to obtained required service ticket will " +"be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 +#: sssd-files.5.xml:145 +msgid "Default: True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2004 +msgid "pam_gssapi_indicators_map" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2007 +msgid "" +"Comma separated list of authentication indicators required to be present in " +"a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2013 +msgid "" +"Each element of the list can be either an authentication indicator name or a " +"pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " +"service name will be required to access any PAM service configured to be " +"used with <option>pam_gssapi_services</option>. A resulting list of " +"indicators per PAM service is then checked against indicators in the " +"Kerberos ticket during authentication by pam_sss_gss.so. Any indicator from " +"the ticket that matches the resulting list of indicators for the PAM service " +"would grant access. If none of the indicators in the list match, access will " +"be denied. If the resulting list of indicators for the PAM service is empty, " +"the check will not prevent the access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"To disable GSSAPI authentication indicator check, set this option to <quote>-" +"</quote> (dash). To disable the check for a specific PAM service, add " +"<quote>service:-</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "" +"Following authentication indicators are supported by IPA Kerberos " +"deployments:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"pkinit -- pre-authentication using X.509 certificates -- whether stored in " +"files or on smart cards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2043 +msgid "" +"hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " +"FAST channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2046 +msgid "radius -- pre-authentication with the help of a RADIUS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2049 +msgid "" +"otp -- pre-authentication using integrated two-factor authentication (2FA or " +"one-time password, OTP) in IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2052 +msgid "idp -- pre-authentication using external identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:2062 +#, no-wrap +msgid "" +"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2057 +msgid "" +"Example: to require access to SUDO services only for users which obtained " +"their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " +"set <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2066 +msgid "Default: not set (use of authentication indicators is not required)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2074 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2076 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2093 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2096 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2108 +msgid "sudo_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2111 +msgid "" +"Maximum number of expired rules that can be refreshed at once. If number of " +"expired rules is below threshold, those rules are refreshed with " +"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a " +"<quote>full refresh</quote> of sudo rules is triggered instead. This " +"threshold number also applies to IPA sudo command and command group searches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2130 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2132 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2136 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2139 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2155 +msgid "SSH configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2157 +msgid "These options can be used to configure the SSH service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2161 +msgid "ssh_hash_known_hosts (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2164 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2173 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2176 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2180 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2185 +msgid "ssh_use_certificate_keys (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2188 +msgid "" +"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " +"keys derived from the public key of X.509 certificates stored in the user " +"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2203 +msgid "ssh_use_certificate_matching_rules (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2206 +msgid "" +"By default the ssh responder will use all available certificate matching " +"rules to filter the certificates so that ssh keys are only derived from the " +"matching ones. With this option the used rules can be restricted with a " +"comma separated list of mapping and matching rule names. All other rules " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2215 +msgid "" +"There are two special key words 'all_rules' and 'no_rules' which will enable " +"all or no rules, respectively. The latter means that no certificates will be " +"filtered out and ssh keys will be generated from all valid certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2222 +msgid "" +"If no rules are configured using 'all_rules' will enable a default rule " +"which enables all certificates suitable for client authentication. This is " +"the same behavior as for the PAM responder if certificate authentication is " +"enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2229 +msgid "" +"A non-existing rule name is considered an error. If as a result no rule is " +"selected all certificates will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2234 +msgid "" +"Default: not set, equivalent to 'all_rules', all found rules or the default " +"rule are used" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2240 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2243 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2263 +msgid "PAC responder configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2265 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. If " +"the PAC is decoded and evaluated some of the following operations are done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2274 +msgid "" +"If the remote user does not exist in the cache, it is created. The UID is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"GID will have the same value as the UID. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2282 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2288 +msgid "These options can be used to configure the PAC responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 +msgid "allowed_uids (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2295 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2301 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2305 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2314 +msgid "pac_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2317 +msgid "" +"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " +"data can be used to determine the group memberships of a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2327 +msgid "pac_check (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2330 +msgid "" +"Apply additional checks on the PAC of the Kerberos ticket which is available " +"in Active Directory and FreeIPA domains, if configured. Please note that " +"Kerberos ticket validation must be enabled to be able to check the PAC, i.e. " +"the krb5_validate option must be set to 'True' which is the default for the " +"IPA and AD provider. If krb5_validate is set to 'False' the PAC checks will " +"be skipped." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2344 +msgid "no_check" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2346 +msgid "" +"The PAC must not be present and even if it is present no additional checks " +"will be done." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2352 +msgid "pac_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2354 +msgid "" +"The PAC must be present in the service ticket which SSSD will request with " +"the help of the user's TGT. If the PAC is not available the authentication " +"will fail." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2362 +msgid "check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2364 +msgid "" +"If the PAC is present check if the user principal name (UPN) information is " +"consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2370 +msgid "check_upn_allow_missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2372 +msgid "" +"This option should be used together with 'check_upn' and handles the case " +"where a UPN is set on the server-side but is not read by SSSD. The typical " +"example is a FreeIPA domain where 'ldap_user_principal' is set to a not " +"existing attribute name. This was typically done to work-around issues in " +"the handling of enterprise principals. But this is fixed since quite some " +"time and FreeIPA can handle enterprise principals just fine and there is no " +"need anymore to set 'ldap_user_principal'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2384 +msgid "" +"Currently this option is set by default to avoid regressions in such " +"environments. A log message will be added to the system log and SSSD's debug " +"log in case a UPN is found in the PAC but not in SSSD's cache. To avoid this " +"log message it would be best to evaluate if the 'ldap_user_principal' option " +"can be removed. If this is not possible, removing 'check_upn' will skip the " +"test and avoid the log message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2398 +msgid "upn_dns_info_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2400 +msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2405 +msgid "check_upn_dns_info_ex" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2407 +msgid "" +"If the PAC is present and the extension to the UPN-DNS-INFO buffer is " +"available check if the information in the extension is consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2414 +msgid "upn_dns_info_ex_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2416 +msgid "" +"The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " +"'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2340 +msgid "" +"The following options can be used alone or in a comma-separated list: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2426 +msgid "" +"Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " +"check_upn_dns_info_ex')" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2435 +msgid "Session recording configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2437 +msgid "" +"Session recording works in conjunction with <citerefentry> " +"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>, a part of tlog package, to log what users see and type when " +"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-" +"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2450 +msgid "These options can be used to configure session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 +msgid "scope (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 +msgid "\"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 +msgid "No users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 +msgid "\"some\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 +msgid "" +"Users/groups specified by <replaceable>users</replaceable> and " +"<replaceable>groups</replaceable> options are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 +msgid "\"all\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 +msgid "All users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 +msgid "" +"One of the following strings specifying the scope of session recording: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 +msgid "Default: \"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 +msgid "users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 +msgid "" +"A comma-separated list of users which should have session recording enabled. " +"Matches user names as returned by NSS. I.e. after the possible space " +"replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 +msgid "Default: Empty. Matches no users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 +msgid "groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 +msgid "" +"A comma-separated list of groups, members of which should have session " +"recording enabled. Matches group names as returned by NSS. I.e. after the " +"possible space replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 +#: sssd-session-recording.5.xml:161 +msgid "" +"NOTE: using this option (having it set to anything) has a considerable " +"performance cost, because each uncached request for a user requires " +"retrieving and matching the groups the user is member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 +msgid "Default: Empty. Matches no groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 +msgid "exclude_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 +msgid "" +"A comma-separated list of users to be excluded from recording, only " +"applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 +msgid "Default: Empty. No users excluded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 +msgid "exclude_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 +msgid "" +"A comma-separated list of groups, members of which should be excluded from " +"recording. Only applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 +msgid "Default: Empty. No groups excluded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2568 +msgid "DOMAIN SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2575 +msgid "enabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2578 +msgid "" +"Explicitly enable or disable the domain. If <quote>true</quote>, the domain " +"is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " +"always <quote>disabled</quote>. If this option is not set, the domain is " +"enabled only if it is listed in the domains option in the <quote>[sssd]</" +"quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2590 +msgid "domain_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2593 +msgid "" +"Specifies whether the domain is meant to be used by POSIX-aware clients such " +"as the Name Service Switch or by applications that do not need POSIX data to " +"be present or generated. Only objects from POSIX domains are available to " +"the operating system interfaces and utilities." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2601 +msgid "" +"Allowed values for this option are <quote>posix</quote> and " +"<quote>application</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2605 +msgid "" +"POSIX domains are reachable by all services. Application domains are only " +"reachable from the InfoPipe responder (see <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>) and the PAM responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2613 +msgid "" +"NOTE: The application domains are currently well tested with " +"<quote>id_provider=ldap</quote> only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2617 +msgid "" +"For an easy way to configure a non-POSIX domains, please see the " +"<quote>Application domains</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2621 +msgid "Default: posix" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2627 +msgid "min_id,max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2630 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2635 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2642 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2646 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2652 +msgid "enumerate (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2655 +msgid "" +"Determines if a domain can be enumerated, that is, whether the domain can " +"list all the users and group it contains. Note that it is not required to " +"enable enumeration in order for secondary groups to be displayed. This " +"parameter can have one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2663 +msgid "TRUE = Users and groups are enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2666 +msgid "FALSE = No enumerations for this domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 +msgid "Default: FALSE" +msgstr "Пешфарз: FALSE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2672 +msgid "" +"Enumerating a domain requires SSSD to download and store ALL user and group " +"entries from the remote server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2677 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed. This can lead to the <quote>sssd_be</" +"quote> process becoming unresponsive or even restarted by the internal " +"watchdog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2692 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2697 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2705 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2713 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2720 +msgid "all" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2721 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2724 +msgid "none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2725 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2716 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2739 +msgid "entry_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2742 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2746 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2759 +msgid "Default: 5400" +msgstr "Пешфарз: 5400" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2765 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2768 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2778 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2781 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2791 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2794 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2804 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2807 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2817 +msgid "entry_cache_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2820 +msgid "" +"How many seconds should nss_sss consider hosts and networks entries valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2831 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2834 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2844 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2847 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2858 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2861 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2872 +msgid "entry_cache_computer_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2875 +msgid "" +"How many seconds to keep the local computer entry before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2885 +msgid "refresh_expired_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2888 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2893 +msgid "" +"The background refresh will process users, groups and netgroups in the " +"cache. For users who have performed the initgroups (get group membership for " +"user, typically ran at login) operation in the past, both the user entry " +"and the group membership are updated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2901 +msgid "This option is automatically inherited for all trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2905 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2909 +msgid "" +"Cache entry will be refreshed by background task when 2/3 of cache timeout " +"has already passed. If there are existing cached entries, the background " +"task will refer to their original cache timeout values instead of current " +"configuration value. This may lead to a situation in which background " +"refresh task appears to not be working. This is done by design to improve " +"offline mode operation and reuse of existing valid cache entries. To make " +"this change instant the user may want to manually invalidate existing cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 +#: sssd-ipa.5.xml:270 +msgid "Default: 0 (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2928 +msgid "cache_credentials (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2942 +msgid "" +"Take a note that while credentials are stored as a salted SHA512 hash, this " +"still potentially poses some security risk in case an attacker manages to " +"get access to a cache file (normally requires privileged access) and to " +"break a password using brute force attack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2956 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2959 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2966 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2977 +msgid "account_cache_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2980 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2987 +msgid "Default: 0 (unlimited)" +msgstr "Пешфарз: 0 (номаҳдуд)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2992 +msgid "pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3003 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3010 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3016 +msgid "id_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3019 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3023 +msgid "<quote>proxy</quote>: Support a legacy NSS provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3026 +msgid "" +"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" +"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on how to mirror local users and groups into SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3034 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3062 +msgid "use_fully_qualified_names (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3065 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3070 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3078 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3085 +msgid "" +"Default: FALSE (TRUE for trusted domain/sub-domains or if " +"default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3092 +msgid "ignore_group_members (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3095 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3098 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3116 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 +msgid "" +"This option can be also set per subdomain or inherited via " +"<emphasis>subdomain_inherit</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3132 +msgid "auth_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3135 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3146 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3170 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3173 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3176 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3182 +msgid "access_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3185 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3191 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3194 +msgid "<quote>deny</quote> always deny access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3221 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3228 +msgid "" +"<quote>krb5</quote>: .k5login based access control. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3235 +msgid "<quote>proxy</quote> for relaying access control to another PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3238 +msgid "Default: <quote>permit</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3243 +msgid "chpass_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3246 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3251 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3259 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3284 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3288 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3291 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3298 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3301 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3305 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3313 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3317 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3321 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3328 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3343 +msgid "" +"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " +"background unless the sudo provider is explicitly disabled. Set " +"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related " +"activity in SSSD if you do not want to use sudo with SSSD at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3353 +msgid "selinux_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3356 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3362 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3370 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3373 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3379 +msgid "subdomains_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3382 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3388 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3397 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3406 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3416 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3419 +msgid "" +"The provider which configures and manages user session related tasks. The " +"only user session task currently provided is the integration with Fleet " +"Commander, which works only with IPA. Supported session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3426 +msgid "<quote>ipa</quote> to allow performing user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3430 +msgid "" +"<quote>none</quote> does not perform any kind of user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3434 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can perform " +"session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3438 +msgid "" +"<emphasis>NOTE:</emphasis> In order to have this feature working as expected " +"SSSD must be running as \"root\" and not as the unprivileged user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3446 +msgid "autofs_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3449 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3453 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3460 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3468 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3477 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3487 +msgid "hostid_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3490 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3494 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3502 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3512 +msgid "resolver_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3515 +msgid "" +"The provider which should handle hosts and networks lookups. Supported " +"resolver providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3519 +msgid "" +"<quote>proxy</quote> to forward lookups to another NSS library. See " +"<quote>proxy_resolver_lib_name</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3523 +msgid "" +"<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3530 +msgid "" +"<quote>ad</quote> to fetch hosts and networks stored in AD. See " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring the AD " +"provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3538 +msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3551 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3560 +msgid "" +"Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" +"[^@]+))$</quote> which allows two different styles for user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 +msgid "username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 +msgid "username@domain.name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3573 +msgid "" +"Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" +"name>[^@\\\\]+)))$</quote> which allows three different styles for user " +"names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3585 +msgid "domain\\username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3588 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3593 +msgid "" +"The default re_expression uses the <quote>@</quote> character as a separator " +"between the name and the domain. As a result of this setting the default " +"does not accept the <quote>@</quote> character in short names (as it is " +"allowed in Windows group names). If a user wishes to use short names with " +"<quote>@</quote> they must create their own re_expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3645 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3651 +msgid "lookup_family_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3654 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3658 +msgid "Supported values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3661 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3664 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3667 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3670 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3673 +msgid "Default: ipv4_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3679 +msgid "dns_resolver_server_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3682 +msgid "" +"Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " +"server before trying next DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3687 +msgid "" +"The AD provider will use this option for the CLDAP ping timeouts as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 +msgid "" +"Please see the section <quote>FAILOVER</quote> for more information about " +"the service resolution." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 +msgid "Default: 1000" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3702 +msgid "dns_resolver_op_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3705 +msgid "" +"Defines the amount of time (in seconds) to wait to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or DNS discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3722 +msgid "dns_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3725 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the " +"internal fail over service before assuming that the service is unreachable. " +"If this timeout is reached, the domain will continue to operate in offline " +"mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3743 +msgid "dns_resolver_use_search_list (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3746 +msgid "" +"Normally, the DNS resolver searches the domain list defined in the " +"\"search\" directive from the resolv.conf file. This can lead to delays in " +"environments with improperly configured DNS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3752 +msgid "" +"If fully qualified domain names (or _srv_) are used in the SSSD " +"configuration, setting this option to FALSE can prevent unnecessary DNS " +"lookups in such environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3758 +msgid "Default: TRUE" +msgstr "Пешфарз: TRUE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3764 +msgid "dns_discovery_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3767 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3771 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3777 +msgid "override_gid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3780 +msgid "Override the primary GID value with the one specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3786 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3793 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3796 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3802 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3804 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3808 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3811 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3819 +msgid "" +"If you want to set this value for trusted domain with IPA provider, you need " +"to set it on both the client and SSSD on the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3789 +msgid "" +"Treat user and group names as case sensitive. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3834 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3840 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3843 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3849 +msgid "ldap_search_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3852 +msgid "ldap_network_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3855 +msgid "ldap_opt_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3858 +msgid "ldap_offline_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3861 +msgid "ldap_enumeration_refresh_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3864 +msgid "ldap_enumeration_refresh_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3867 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3870 +msgid "ldap_purge_cache_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3873 +msgid "" +"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " +"is not set explicitly)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3877 +msgid "ldap_krb5_ticket_lifetime" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3880 +msgid "ldap_enumeration_search_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3883 +msgid "ldap_connection_expire_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3886 +msgid "ldap_connection_expire_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3889 +msgid "ldap_connection_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 +msgid "ldap_use_tokengroups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3895 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3898 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3901 +msgid "auto_private_groups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3904 +msgid "case_sensitive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:3909 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3916 +msgid "Note: This option only works with the IPA and AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3923 +msgid "subdomain_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3934 +msgid "%F" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3935 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3926 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3940 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3944 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3949 +msgid "realmd_tags (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3952 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3958 +msgid "cached_auth_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3961 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode. If the credentials are incorrect, SSSD falls back to online " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3969 +msgid "" +"This option's value is inherited by all trusted domains. At the moment it is " +"not possible to set a different value per trusted domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3974 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3978 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3989 +msgid "local_auth_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: match" +msgstr "Пешфарз: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 +msgid "auto_private_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4050 +msgid "true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4053 +msgid "" +"Create user's private group unconditionally from user's UID number. The GID " +"number is ignored in this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4057 +msgid "" +"NOTE: Because the GID number and the user private group are inferred from " +"the UID number, it is not supported to have multiple entries with the same " +"UID or GID number with this option. In other words, enabling this option " +"enforces uniqueness across the ID space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4066 +msgid "false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4069 +msgid "" +"Always use the user's primary GID number. The GID number must refer to a " +"group object in the LDAP database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4075 +msgid "hybrid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4078 +msgid "" +"A primary group is autogenerated for user entries whose UID and GID numbers " +"have the same value and at the same time the GID number does not correspond " +"to a real group object in LDAP. If the values are the same, but the primary " +"GID in the user entry is also used by a group object, the primary GID of the " +"user resolves to that group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4091 +msgid "" +"If the UID and GID of a user are different, then the GID must correspond to " +"a group entry, otherwise the GID is simply not resolvable." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4098 +msgid "" +"This feature is useful for environments that wish to stop maintaining a " +"separate group objects for the user private groups, but also wish to retain " +"the existing user private groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4047 +msgid "" +"This option takes any of three available values: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4110 +msgid "" +"For subdomains, the default value is False for subdomains that use assigned " +"POSIX IDs and True for subdomains that use automatic ID-mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4118 +#, no-wrap +msgid "" +"[domain/forest.domain/sub.domain]\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4124 +#, no-wrap +msgid "" +"[domain/forest.domain]\n" +"subdomain_inherit = auto_private_groups\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4115 +msgid "" +"The value of auto_private_groups can either be set per subdomains in a " +"subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " +"globally for all subdomains in the main domain section using the " +"subdomain_inherit option: <placeholder type=\"programlisting\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2570 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4139 +msgid "proxy_pam_target (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4142 +msgid "The proxy target PAM proxies to." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4145 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4155 +msgid "proxy_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4158 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4168 +msgid "proxy_resolver_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4171 +msgid "" +"The name of the NSS library to use for hosts and networks lookups in proxy " +"domains. The NSS functions searched for in the library are in the form of " +"_nss_$(libName)_$(function), for example _nss_dns_gethostbyname2_r." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4182 +msgid "proxy_fast_alias (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4185 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4199 +msgid "proxy_max_children (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4202 +msgid "" +"This option specifies the number of pre-forked proxy children. It is useful " +"for high-load SSSD environments where sssd may run out of available child " +"slots, which would cause some issues due to the requests being queued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4135 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:4218 +msgid "Application domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4220 +msgid "" +"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " +"applications as a gateway to an LDAP directory where users and groups are " +"stored. However, contrary to the traditional SSSD deployment where all users " +"and groups either have POSIX attributes or those attributes can be inferred " +"from the Windows SIDs, in many cases the users and groups in the application " +"support scenario have no POSIX attributes. Instead of setting a " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the " +"administrator can set up an <quote>[application/<replaceable>NAME</" +"replaceable>]</quote> section that internally represents a domain with type " +"<quote>application</quote> optionally inherits settings from a tradition " +"SSSD domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4240 +msgid "" +"Please note that the application domain must still be explicitly enabled in " +"the <quote>domains</quote> parameter so that the lookup order between the " +"application domain and its POSIX sibling domain is set correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:4246 +msgid "Application domain parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4248 +msgid "inherit_from (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4251 +msgid "" +"The SSSD POSIX-type domain the application domain inherits all settings " +"from. The application domain can moreover add its own settings to the " +"application settings that augment or override the <quote>sibling</quote> " +"domain settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4265 +msgid "" +"The following example illustrates the use of an application domain. In this " +"setup, the POSIX domain is connected to an LDAP server and is used by the OS " +"through the NSS responder. In addition, the application domain also requests " +"the telephoneNumber attribute, stores it as the phone attribute in the cache " +"and makes the phone attribute reachable through the D-Bus interface." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> +#: sssd.conf.5.xml:4273 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = appdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +phone\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/appdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = phone:telephoneNumber\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4293 +msgid "TRUSTED DOMAIN SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4295 +msgid "" +"Some options used in the domain section can also be used in the trusted " +"domain section, that is, in a section called <quote>[domain/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</" +"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base " +"domain. Please refer to examples below for explanation. Currently supported " +"options in the trusted domain section are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4302 +msgid "ldap_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4303 +msgid "ldap_user_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4304 +msgid "ldap_group_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4305 +msgid "ldap_netgroup_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4306 +msgid "ldap_service_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4307 +msgid "ldap_sasl_mech," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4308 +msgid "ad_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4309 +msgid "ad_backup_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4310 +msgid "ad_site," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 +msgid "use_fully_qualified_names" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4315 +msgid "" +"For more details about these options see their individual description in the " +"manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4321 +msgid "CERTIFICATE MAPPING SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4323 +msgid "" +"To allow authentication with Smartcards and certificates SSSD must be able " +"to map certificates to users. This can be done by adding the full " +"certificate to the LDAP object of the user or to a local override. While " +"using the full certificate is required to use the Smartcard authentication " +"feature of SSH (see <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> for details) it " +"might be cumbersome or not even possible to do this for the general case " +"where local services use PAM for authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4337 +msgid "" +"To make the mapping more flexible mapping and matching rules were added to " +"SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4346 +msgid "" +"A mapping and matching rule can be added to the SSSD configuration in a " +"section on its own with a name like <quote>[certmap/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</" +"replaceable>]</quote>. In this section the following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4353 +msgid "matchrule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4356 +msgid "" +"Only certificates from the Smartcard which matches this rule will be " +"processed, all others are ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4360 +msgid "" +"Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " +"Extended Key Usage <quote>clientAuth</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4367 +msgid "maprule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4370 +msgid "Defines how the user is found for a given certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4376 +msgid "" +"LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " +"<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4382 +msgid "" +"The RULE_NAME for the <quote>files</quote> provider which tries to find a " +"user with the same name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4391 +msgid "domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4394 +msgid "" +"Comma separated list of domain names the rule should be applied. By default " +"a rule is only valid in the domain configured in sssd.conf. If the provider " +"supports subdomains this option can be used to add the rule to subdomains as " +"well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4401 +msgid "Default: the configured domain in sssd.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4406 +msgid "priority (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4409 +msgid "" +"Unsigned integer value defining the priority of the rule. The higher the " +"number the lower the priority. <quote>0</quote> stands for the highest " +"priority while <quote>4294967295</quote> is the lowest." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4415 +msgid "Default: the lowest priority" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4421 +msgid "" +"To make the configuration simple and reduce the amount of configuration " +"options the <quote>files</quote> provider has some special properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4427 +msgid "" +"if maprule is not set the RULE_NAME name is assumed to be the name of the " +"matching user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4433 +msgid "" +"if a maprule is used both a single user name or a template like " +"<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " +"<quote>(username)</quote> or <quote>({subject_rfc822_name.short_name})</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4442 +msgid "the <quote>domains</quote> option is ignored" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4450 +msgid "PROMPTING CONFIGURATION SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4452 +msgid "" +"If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" +"filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " +"which authentication methods are available for the user trying to log in. " +"Based on the results pam_sss will prompt the user for appropriate " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4460 +msgid "" +"With the growing number of authentication methods and the possibility that " +"there are multiple ones for a single user the heuristic used by pam_sss to " +"select the prompting might not be suitable for all use cases. The following " +"options should provide a better flexibility here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4472 +msgid "[prompting/password]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4475 +msgid "password_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4476 +msgid "to change the string of the password prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4474 +msgid "" +"to configure password prompting, allowed options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4484 +msgid "[prompting/2fa]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4488 +msgid "first_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4489 +msgid "to change the string of the prompt for the first factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4492 +msgid "second_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4493 +msgid "to change the string of the prompt for the second factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4496 +msgid "single_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4497 +msgid "" +"boolean value, if True there will be only a single prompt using the value of " +"first_prompt where it is expected that both factors are entered as a single " +"string. Please note that both factors have to be entered here, even if the " +"second factor is optional." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4486 +msgid "" +"to configure two-factor authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " +"optional and it should be possible to log in either only with the password " +"or with both factors two-step prompting has to be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4514 +msgid "[prompting/passkey]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4522 +msgid "" +"boolean value, if True prompt a message and wait before testing the presence " +"of a passkey device. Recommended if your device doesn’t have a tactile " +"trigger." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4530 +msgid "interactive_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4532 +msgid "to change the message of the interactive prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4537 +msgid "touch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4539 +msgid "" +"boolean value, if True prompt a message to remind the user to touch the " +"device." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4545 +msgid "touch_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4547 +msgid "to change the message of the touch prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4516 +msgid "" +"to configure passkey authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4467 +msgid "" +"Each supported authentication method has its own configuration subsection " +"under <quote>[prompting/...]</quote>. Currently there are: <placeholder " +"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/" +"> <placeholder type=\"variablelist\" id=\"2\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4558 +msgid "" +"It is possible to add a subsection for specific PAM services, e.g. " +"<quote>[prompting/password/sshd]</quote> to individual change the prompting " +"for this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +msgid "EXAMPLES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4571 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4567 +msgid "" +"1. The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4604 +#, no-wrap +msgid "" +"[domain/ipa.com/child.ad.com]\n" +"use_fully_qualified_names = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4598 +msgid "" +"2. The following example shows configuration of IPA AD trust where the AD " +"forest consists of two domains in a parent-child structure. Suppose IPA " +"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain " +"(child.ad.com). To enable shortnames in the child domain the following " +"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/" +">" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4615 +#, no-wrap +msgid "" +"[certmap/my.domain/rule_name]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +"maprule = (userCertificate;binary={cert!bin})\n" +"domains = my.domain, your.domain\n" +"priority = 10\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4609 +msgid "" +"3. The following example shows the configuration of a certificate mapping " +"rule. It is valid for the configured domain <quote>my.domain</quote> and " +"additionally for the subdomains <quote>your.domain</quote> and uses the full " +"certificate in the search filter. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:21 pam_sss.8.xml:63 pam_sss_gss.8.xml:30 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21 +#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 +#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sssd-krb5.5.xml:21 +#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 +#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 +#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30 +#: sssd-files.5.xml:21 sssd-session-recording.5.xml:21 sssd-kcm.8.xml:21 +#: sssd-systemtap.5.xml:21 sssd-ldap-attributes.5.xml:21 +#: sssd_krb5_localauth_plugin.8.xml:20 +msgid "DESCRIPTION" +msgstr "ШАРҲ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 +#: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 +msgid "CONFIGURATION OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:67 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:77 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:80 +msgid "ldap[s]://<host>[:port]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:83 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:86 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:92 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:102 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:106 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:112 +msgid "ldap_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:115 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:123 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 +msgid "Examples:" +msgstr "Намунаҳо:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:136 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:141 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:151 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:165 +msgid "ldap_schema (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:175 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:179 +msgid "rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:184 +msgid "rfc2307bis" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:189 +msgid "IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:194 +msgid "AD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:200 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:210 +msgid "Default: rfc2307" +msgstr "Пешфарз: rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:216 +msgid "ldap_pwmodify_mode (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:219 +msgid "Specify the operation that is used to modify user password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:223 +msgid "Two modes are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:227 +msgid "exop - Password Modify Extended Operation (RFC 3062)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:233 +msgid "ldap_modify - Direct modification of userPassword (not recommended)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:240 +msgid "" +"Note: First, a new connection is established to verify current password by " +"binding as the user that requested password change. If successful, this " +"connection is used to change the password therefore the user must have write " +"access to userPassword attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:248 +msgid "Default: exop" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:254 +msgid "ldap_default_bind_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:264 +msgid "ldap_default_authtok_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:267 +msgid "The type of the authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:271 +msgid "The two mechanisms currently supported are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:274 +msgid "password" +msgstr "парол" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:277 +msgid "obfuscated_password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:280 +msgid "Default: password" +msgstr "Пешфарз: парол" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "" +"See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:294 +msgid "ldap_default_authtok (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:297 +msgid "The authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:303 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:306 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:319 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:338 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:341 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:347 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:367 +msgid "ldap_group_nesting_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:370 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:395 +msgid "Default: 2" +msgstr "Пешфарз: 2" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:404 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:439 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:444 +msgid "ldap_iphost_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:449 +msgid "ldap_ipnetwork_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:454 +msgid "ldap_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:457 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:463 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:480 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:483 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:501 +msgid "ldap_network_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:532 +msgid "ldap_opt_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:535 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:555 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:558 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:566 +msgid "" +"If the connection is idle (not actively running an operation) within " +"<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " +"closed early to ensure that a new query cannot require the connection to " +"remain open past its expiration. This implies that connections will always " +"be closed immediately and will never be reused if " +"<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:578 +msgid "" +"This timeout can be extended of a random value specified by " +"<emphasis>ldap_connection_expire_offset</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_connection_expire_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"Random offset between 0 and configured value is added to " +"<emphasis>ldap_connection_expire_timeout</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:613 +msgid "ldap_connection_idle_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:616 +msgid "" +"Specifies a timeout (in seconds) that an idle connection to an LDAP server " +"will be maintained. If the connection is idle for more than this time then " +"the connection will be closed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:622 +msgid "You can disable this timeout by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:637 +msgid "ldap_page_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:640 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:651 +msgid "ldap_disable_paging (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:654 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:660 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:666 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:678 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:681 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:684 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:699 +msgid "ldap_sasl_minssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:702 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:715 +msgid "ldap_sasl_maxssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:718 +msgid "" +"When communicating with an LDAP server using SASL, specify the maximal " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:731 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:734 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:740 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0. " +"Please note that there are some codepaths in SSSD, like the IPA HBAC " +"provider, that are only implemented using the dereference call, so even with " +"dereference explicitly disabled, those parts will still use dereference if " +"the server supports it and advertises the dereference control in the rootDSE " +"object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:751 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:759 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:772 +msgid "ldap_ignore_unreadable_references (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:775 +msgid "" +"Ignore unreadable LDAP entries referenced in group's member attribute. If " +"this parameter is set to false an error will be returned and the operation " +"will fail instead of just ignoring the unreadable entry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:782 +msgid "" +"This parameter may be useful when using the AD provider and the computer " +"account that sssd uses to connect to AD does not have access to a particular " +"entry or LDAP sub-tree for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:795 +msgid "ldap_tls_reqcert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:798 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:808 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:815 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:821 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:827 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:831 +msgid "Default: hard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:837 +msgid "ldap_tls_cacert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:840 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:852 +msgid "ldap_tls_cacertdir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:855 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:870 +msgid "ldap_tls_cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:873 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:883 +msgid "ldap_tls_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:886 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:895 +msgid "ldap_tls_cipher_suite (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:898 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:914 +msgid "" +"Specifies that the id_provider connection must also use <systemitem " +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_id_mapping (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:934 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:944 +msgid "ldap_min_id, ldap_max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:947 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:959 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:965 +msgid "ldap_sasl_mech (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:968 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " +"tested and supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:972 +msgid "" +"If the backend supports sub-domains the value of ldap_sasl_mech is " +"automatically inherited to the sub-domains. If a different value is needed " +"for a sub-domain it can be overwritten by setting ldap_sasl_mech for this " +"sub-domain explicitly. Please see TRUSTED DOMAIN SECTION in " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:988 +msgid "ldap_sasl_authid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ldap.5.xml:1000 +#, no-wrap +msgid "" +"hostname@REALM\n" +"netbiosname$@REALM\n" +"host/hostname@REALM\n" +"*$@REALM\n" +"host/*@REALM\n" +"host/*\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:991 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " +"this represents the Kerberos principal used for authentication to the " +"directory. This option can either contain the full principal (for example " +"host/myhost@EXAMPLE.COM) or just the principal name (for example host/" +"myhost). By default, the value is not set and the following principals are " +"used: <placeholder type=\"programlisting\" id=\"0\"/> If none of them are " +"found, the first principal in keytab is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1011 +msgid "Default: host/hostname@REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1017 +msgid "ldap_sasl_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1026 +msgid "Default: the value of krb5_realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1032 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1035 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1040 +msgid "Default: false;" +msgstr "Пешфарз: false;" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1046 +msgid "ldap_krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1049 +msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1064 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1067 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI or GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1079 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 +msgid "Default: 86400 (24 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1100 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1129 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1133 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 +msgid "krb5_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1142 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1182 +msgid "ldap_pwd_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1185 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1190 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired. Please see option " +"\"ldap_chpass_update_last_change\" as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1203 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1212 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1220 +msgid "ldap_referrals (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1223 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1227 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1232 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement. Setting this option to " +"false is therefore recommended in case the SSSD LDAP provider is used " +"together with Microsoft Active Directory as a backend. Even if SSSD would be " +"able to follow the referral to a different AD DC no additional data would be " +"available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1251 +msgid "ldap_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1254 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1258 +msgid "Default: ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1264 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1267 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1278 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1281 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1287 +msgid "" +"It is recommend to set this option explicitly if \"ldap_pwd_policy = " +"shadow\" is used to let SSSD know if the LDAP server will update " +"shadowLastChange LDAP attribute automatically after a password change or if " +"SSSD has to update it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1301 +msgid "ldap_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1304 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1324 +msgid "Example:" +msgstr "Намуна:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1327 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1331 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1336 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 +msgid "Default: Empty" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1350 +msgid "ldap_account_expire_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1353 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1357 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1364 +msgid "The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1367 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1372 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1379 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1393 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1406 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1413 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1416 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1426 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1433 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1450 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 +msgid "" +"The difference between these options is the action taken if user password is " +"expired:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 +msgid "pwd_expire_policy_reject - user is denied to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 +msgid "pwd_expire_policy_warn - user is still able to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 +msgid "" +"pwd_expire_policy_renew - user is prompted to change their password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1489 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1499 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1503 +msgid "" +"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " +"remote host can access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "" +"Please note, rhost field in pam is set by application, it is better to check " +"what the application sends to pam, before enabling this access control option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1512 +msgid "Default: filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1515 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1522 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1525 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1533 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1536 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1542 +msgid "ldap_deref (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1545 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1550 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1559 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1564 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1569 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1577 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1580 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1584 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1595 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 +msgid "wildcard_limit (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1610 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1614 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1624 +msgid "ldap_library_debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1627 +msgid "" +"Switches on libldap debugging with the given level. The libldap debug " +"messages will be written independent of the general debug_level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1632 +msgid "" +"OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " +"enable full debug output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1637 +msgid "Default: 0 (libldap debugging disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:52 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. Note that SSSD " +"LDAP mapping attributes are described in the <citerefentry> " +"<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1647 +msgid "SUDO OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1649 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1660 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1663 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1668 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1673 +msgid "" +"You can disable full refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 +msgid "Default: 21600 (6 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest " +"server USN value that is currently known by SSSD)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1693 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1697 +msgid "" +"<emphasis>Note:</emphasis> the highest USN value can be updated by three " +"tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +"enumeration of users and groups (if enabled and updated users or groups are " +"found) and 3) by reconnecting to the server (by default every 15 minutes, " +"see <emphasis>ldap_connection_expire_timeout</emphasis>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1708 +msgid "" +"You can disable smart refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1719 +msgid "ldap_sudo_random_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1722 +msgid "" +"Random offset between 0 and configured value is added to smart and full " +"refresh periods each time the periodic task is scheduled. The value is in " +"seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Note that this random offset is also applied on the first SSSD start which " +"delays the first sudo rules refresh. This prolongs the time when the sudo " +"rules are not available for use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1734 +msgid "You can disable this offset by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1744 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1747 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1758 +msgid "ldap_sudo_hostnames (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1761 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1766 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 +msgid "Default: not specified" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1782 +msgid "ldap_sudo_ip (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1785 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1790 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1805 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1808 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1823 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1826 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +#: sssd-ldap.5.xml:1836 +msgid "" +"Using wildcard is an operation that is very costly to evaluate on the LDAP " +"server side!" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1848 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1858 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1866 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1869 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1872 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1883 +msgid "ADVANCED OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1890 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1895 +msgid "ldap_user_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1900 +msgid "ldap_group_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:1905 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no GID mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:1914 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1916 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1885 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder " +"type=\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 +msgid "EXAMPLE" +msgstr "НАМУНА" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1944 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 +#: include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1955 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1957 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1962 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "ЭЗОҲҲО" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1979 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:11 pam_sss.8.xml:16 +msgid "pam_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: pam_sss.8.xml:12 pam_sss_gss.8.xml:12 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11 +#: sssd_krb5_localauth_plugin.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:17 +msgid "PAM module for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:22 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg " +"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg " +"choice='opt'> <replaceable>prompt_always</replaceable> </arg> <arg " +"choice='opt'> <replaceable>try_cert_auth</replaceable> </arg> <arg " +"choice='opt'> <replaceable>require_cert_auth</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:64 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123 +#: sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "ИМКОНОТҲО" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:74 +msgid "<option>quiet</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:77 +msgid "Suppress log messages for unknown users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>forward_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:92 +msgid "<option>use_first_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:95 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>use_authtok</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:113 +msgid "<option>retry=N</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:116 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:118 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:130 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:137 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:141 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:148 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:152 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:158 +msgid "" +"NOTE: If this is used for a service not running as root user, e.g. a web-" +"server, it must be used in conjunction with the <quote>pam_trusted_users</" +"quote> and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:173 +msgid "<option>allow_missing_name</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:177 +msgid "" +"The main purpose of this option is to let SSSD determine the user name based " +"on additional information, e.g. the certificate from a Smartcard." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: pam_sss.8.xml:187 +#, no-wrap +msgid "" +"auth sufficient pam_sss.so allow_missing_name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:182 +msgid "" +"The current use case are login managers which can monitor a Smartcard reader " +"for card events. In case a Smartcard is inserted the login manager will call " +"a PAM stack which includes a line like <placeholder type=\"programlisting\" " +"id=\"0\"/> In this case SSSD will try to determine the user name based on " +"the content of the Smartcard, returns it to pam_sss which will finally put " +"it on the PAM stack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:197 +msgid "<option>prompt_always</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:201 +msgid "" +"Always prompt the user for credentials. With this option credentials " +"requested by other PAM modules, typically a password, will be ignored and " +"pam_sss will prompt for credentials again. Based on the pre-auth reply by " +"SSSD pam_sss might prompt for a password, a Smartcard PIN or other " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:212 +msgid "<option>try_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:216 +msgid "" +"Try to use certificate based authentication, i.e. authentication with a " +"Smartcard or similar devices. If a Smartcard is available and the service is " +"allowed for Smartcard authentication the user will be prompted for a PIN and " +"the certificate based authentication will continue" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:224 +msgid "" +"If no Smartcard is available or certificate based authentication is not " +"allowed for the current service PAM_AUTHINFO_UNAVAIL is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:232 +msgid "<option>require_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:236 +msgid "" +"Do certificate based authentication, i.e. authentication with a Smartcard " +"or similar devices. If a Smartcard is not available the user will be " +"prompted to insert one. SSSD will wait for a Smartcard until the timeout " +"defined by p11_wait_for_card_timeout passed, please see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:246 +msgid "" +"If no Smartcard is available after the timeout or certificate based " +"authentication is not allowed for the current service PAM_AUTHINFO_UNAVAIL " +"is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:256 pam_sss_gss.8.xml:103 +msgid "MODULE TYPES PROVIDED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:257 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:260 +msgid "" +"If SSSD's PAM responder is not running, e.g. if the PAM responder socket is " +"not available, pam_sss will return PAM_USER_UNKNOWN when called as " +"<option>account</option> module to avoid issues with users from other " +"sources during access control." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:267 pam_sss_gss.8.xml:108 +msgid "RETURN VALUES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:270 pam_sss_gss.8.xml:111 +msgid "PAM_SUCCESS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:273 pam_sss_gss.8.xml:114 +msgid "The PAM operation finished successfully." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:278 pam_sss_gss.8.xml:119 +msgid "PAM_USER_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:281 +msgid "" +"The user is not known to the authentication service or the SSSD's PAM " +"responder is not running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:287 pam_sss_gss.8.xml:128 +msgid "PAM_AUTH_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:290 +msgid "" +"Authentication failure. Also, could be returned when there is a problem with " +"getting the certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:296 +msgid "PAM_PERM_DENIED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:299 +msgid "" +"Permission denied. The SSSD log files may contain additional information " +"about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:305 +msgid "PAM_IGNORE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:308 +msgid "" +"See options <option>ignore_unknown_user</option> and " +"<option>ignore_authinfo_unavail</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:314 +msgid "PAM_AUTHTOK_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:317 +msgid "" +"Unable to obtain the new authentication token. Also, could be returned when " +"the user authenticates with certificates and multiple certificates are " +"available, but the installed version of GDM does not support selection from " +"multiple certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:325 pam_sss_gss.8.xml:136 +msgid "PAM_AUTHINFO_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:328 pam_sss_gss.8.xml:139 +msgid "" +"Unable to access the authentication information. This might be due to a " +"network or hardware failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:334 +msgid "PAM_BUF_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:337 +msgid "" +"A memory error occurred. Also, could be returned when options use_first_pass " +"or use_authtok were set, but no password was found from the previously " +"stacked PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:344 pam_sss_gss.8.xml:145 +msgid "PAM_SYSTEM_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:347 pam_sss_gss.8.xml:148 +msgid "" +"A system error occurred. The SSSD log files may contain additional " +"information about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:353 +msgid "PAM_CRED_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:356 +msgid "Unable to set the credentials of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:361 +msgid "PAM_CRED_INSUFFICIENT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:364 +msgid "" +"The application does not have sufficient credentials to authenticate the " +"user. For example, missing PIN during smartcard authentication or missing " +"factor during two-factor authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:372 +msgid "PAM_SERVICE_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:375 +msgid "Error in service module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:380 +msgid "PAM_NEW_AUTHTOK_REQD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:383 +msgid "The user's authentication token has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:388 +msgid "PAM_ACCT_EXPIRED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:391 +msgid "The user account has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:396 +msgid "PAM_SESSION_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:399 +msgid "Unable to fetch IPA Desktop Profile rules or user info." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:404 +msgid "PAM_CRED_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:407 +msgid "Unable to retrieve Kerberos user credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:412 +msgid "PAM_NO_MODULE_DATA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:415 +msgid "" +"No authentication method was found by Kerberos. This might happen if the " +"user has a Smartcard assigned but the pkint plugin is not available on the " +"client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:422 +msgid "PAM_CONV_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:425 +msgid "Conversation failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:430 +msgid "PAM_AUTHTOK_LOCK_BUSY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:433 +msgid "No KDC suitable for password change is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:438 +msgid "PAM_ABORT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:441 +msgid "Unknown PAM call." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:446 +msgid "PAM_MODULE_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:449 +msgid "Unsupported PAM task or command." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:454 +msgid "PAM_BAD_ITEM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:457 +msgid "The authentication module cannot handle Smartcard credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:465 +msgid "FILES" +msgstr "ФАЙЛҲО" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:466 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:471 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:481 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss_gss.8.xml:11 pam_sss_gss.8.xml:16 +msgid "pam_sss_gss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss_gss.8.xml:17 +msgid "PAM module for SSSD GSSAPI authentication" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss_gss.8.xml:22 +msgid "" +"<command>pam_sss_gss.so</command> <arg choice='opt'> <replaceable>debug</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:32 +msgid "" +"<command>pam_sss_gss.so</command> authenticates user over GSSAPI in " +"cooperation with SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:36 +msgid "" +"This module will try to authenticate the user using the GSSAPI hostbased " +"service name host@hostname which translates to host/hostname@REALM Kerberos " +"principal. The <emphasis>REALM</emphasis> part of the Kerberos principal " +"name is derived by Kerberos internal mechanisms and it can be set explicitly " +"in configuration of [domain_realm] section in /etc/krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:44 +msgid "" +"SSSD is used to provide desired service name and to validate the user's " +"credentials using GSSAPI calls. If the service ticket is already present in " +"the Kerberos credentials cache or if user's ticket granting ticket can be " +"used to get the correct service ticket then the user will be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:51 +msgid "" +"If <option>pam_gssapi_check_upn</option> is True (default) then SSSD " +"requires that the credentials used to obtain the service tickets can be " +"associated with the user. This means that the principal that owns the " +"Kerberos credentials must match with the user principal name as defined in " +"LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:58 +msgid "" +"To enable GSSAPI authentication in SSSD, set <option>pam_gssapi_services</" +"option> option in [pam] or domain section of sssd.conf. The service " +"credentials need to be stored in SSSD's keytab (it is already present if you " +"use ipa or ad provider). The keytab location can be set with " +"<option>krb5_keytab</option> option. See <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> and " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more details on these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:74 +msgid "" +"Some Kerberos deployments allow to associate authentication indicators with " +"a particular pre-authentication method used to obtain the ticket granting " +"ticket by the user. <command>pam_sss_gss.so</command> allows to enforce " +"presence of authentication indicators in the service tickets before a " +"particular PAM service can be accessed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:82 +msgid "" +"If <option>pam_gssapi_indicators_map</option> is set in the [pam] or domain " +"section of sssd.conf, then SSSD will perform a check of the presence of any " +"configured indicators in the service ticket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss_gss.8.xml:93 +msgid "<option>debug</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:96 +msgid "Print debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:104 +msgid "Only the <option>auth</option> module type is provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:122 +msgid "" +"The user is not known to the authentication service or the GSSAPI " +"authentication is not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:131 +msgid "Authentication failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:159 +msgid "" +"The main use case is to provide password-less authentication in sudo but " +"without the need to disable authentication completely. To achieve this, " +"first enable GSSAPI authentication for sudo in sssd.conf:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:165 +#, no-wrap +msgid "" +"[domain/MYDOMAIN]\n" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:169 +msgid "" +"And then enable the module in desired PAM stack (e.g. /etc/pam.d/sudo and /" +"etc/pam.d/sudo-i)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:173 +#, no-wrap +msgid "" +"...\n" +"auth sufficient pam_sss_gss.so\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss_gss.8.xml:180 +msgid "TROUBLESHOOTING" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:182 +msgid "" +"SSSD logs, pam_sss_gss debug output and syslog may contain helpful " +"information about the error. Here are some common issues:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:186 +msgid "" +"1. I have KRB5CCNAME environment variable set and the authentication does " +"not work: Depending on your sudo version, it is possible that sudo does not " +"pass this variable to the PAM environment. Try adding KRB5CCNAME to " +"<option>env_keep</option> in /etc/sudoers or in your LDAP sudo rules default " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:193 +msgid "" +"2. Authentication does not work and syslog contains \"Server not found in " +"Kerberos database\": Kerberos is probably not able to resolve correct realm " +"for the service ticket based on the hostname. Try adding the hostname " +"directly to <option>[domain_realm]</option> in /etc/krb5.conf like so:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:200 +msgid "" +"3. Authentication does not work and syslog contains \"No Kerberos " +"credentials available\": You don't have any credentials that can be used to " +"obtain the required service ticket. Use kinit or authenticate over SSSD to " +"acquire those credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:206 +msgid "" +"4. Authentication does not work and SSSD sssd-pam log contains \"User with " +"UPN [$UPN] was not found.\" or \"UPN [$UPN] does not match target user " +"[$username].\": You are using credentials that can not be mapped to the user " +"that is being authenticated. Try to use kswitch to select different " +"principal, make sure you authenticated with SSSD or consider disabling " +"<option>pam_gssapi_check_upn</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:214 +#, no-wrap +msgid "" +"[domain_realm]\n" +".myhostname = MYREALM\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by libkrb5 to find KDCs for a given Kerberos realm. SSSD provides such " +"a plugin to guide all Kerberos clients on a system to a single KDC. In " +"general it should not matter to which KDC a client process is talking to. " +"But there are cases, e.g. after a password change, where not all KDCs are in " +"the same state because the new data has to be replicated first. To avoid " +"unexpected authentication failures and maybe even account lockings it would " +"be good to talk to a single KDC as long as possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:34 +msgid "" +"libkrb5 will search the locator plugin in the libkrb5 sub-directory of the " +"Kerberos plugin directory, see plugin_base_dir in <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for details. The plugin can only be disabled by removing the " +"plugin file. There is no option in the Kerberos configuration to disable it. " +"But the SSSD_KRB5_LOCATOR_DISABLE environment variable can be used to " +"disable the plugin for individual commands. Alternatively the SSSD option " +"krb5_use_kdcinfo=False can be used to not generate the data needed by the " +"plugin. With this the plugin is still called but will provide no data to the " +"caller so that libkrb5 can fall back to other methods defined in krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:50 +msgid "" +"The plugin reads the information about the KDCs of a given realm from a file " +"called <filename>kdcinfo.REALM</filename>. The file should contain one or " +"more DNS names or IP addresses either in dotted-decimal IPv4 notation or the " +"hexadecimal IPv6 notation. An optional port number can be added to the end " +"separated with a colon, the IPv6 address has to be enclosed in squared " +"brackets in this case as usual. Valid entries are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:58 +msgid "kdc.example.com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:59 +msgid "kdc.example.com:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:60 +msgid "1.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:61 +msgid "5.6.7.8:99" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:62 +msgid "2001:db8:85a3::8a2e:370:7334" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "[2001:db8:85a3::8a2e:370:7334]:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:65 +msgid "" +"SSSD's krb5 auth-provider which is used by the IPA and AD providers as well " +"adds the address of the current KDC or domain controller SSSD is using to " +"this file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:70 +msgid "" +"In environments with read-only and read-write KDCs where clients are " +"expected to use the read-only instances for the general operations and only " +"the read-write KDC for config changes like password changes a " +"<filename>kpasswdinfo.REALM</filename> is used as well to identify read-" +"write KDCs. If this file exists for the given realm the content will be used " +"by the plugin to reply to requests for a kpasswd or kadmin server or for the " +"MIT Kerberos specific master KDC. If the address contains a port number the " +"default KDC port 88 will be used for the latter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:85 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:91 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:95 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value " +"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the " +"caller." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:100 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES is set to " +"any value plugin will try to resolve all DNS names in kdcinfo file. By " +"default plugin returns KRB5_PLUGIN_NO_HANDLE to the caller immediately on " +"first DNS resolving failure." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:83 sssd-ad.5.xml:131 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss-certmap.5.xml:10 sss-certmap.5.xml:16 +msgid "sss-certmap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss-certmap.5.xml:17 +msgid "SSSD Certificate Matching and Mapping Rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:23 +msgid "" +"The manual page describes the rules which can be used by SSSD and other " +"components to match X.509 certificates and map them to accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:28 +msgid "" +"Each rule has four components, a <quote>priority</quote>, a <quote>matching " +"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</" +"quote>. All components are optional. A missing <quote>priority</quote> will " +"add the rule with the lowest priority. The default <quote>matching rule</" +"quote> will match certificates with the digitalSignature key usage and " +"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty " +"the certificates will be searched in the userCertificate attribute as DER " +"encoded binary. If no domains are given only the local domain will be " +"searched." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:39 +msgid "" +"To allow extensions or completely different style of rule the " +"<quote>mapping</quote> and <quote>matching rules</quote> can contain a " +"prefix separated with a ':' from the main part of the rule. The prefix may " +"only contain upper-case ASCII letters and numbers. If the prefix is omitted " +"the default type will be used which is 'KRB5' for the matching rules and " +"'LDAP' for the mapping rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:48 +msgid "" +"The 'sssctl' utility provides the 'cert-eval-rule' command to check if a " +"given certificate matches a matching rules and how the output of a mapping " +"rule would look like." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss-certmap.5.xml:55 +msgid "RULE COMPONENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:57 +msgid "PRIORITY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:59 +msgid "" +"The rules are processed by priority while the number '0' (zero) indicates " +"the highest priority. The higher the number the lower is the priority. A " +"missing value indicates the lowest priority. The rules processing is stopped " +"when a matched rule is found and no further rules are checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:66 +msgid "" +"Internally the priority is treated as unsigned 32bit integer, using a " +"priority value larger than 4294967295 will cause an error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:70 +msgid "" +"If multiple rules have the same priority and only one of the related " +"matching rules applies, this rule will be chosen. If there are multiple " +"rules with the same priority which matches, one is chosen but which one is " +"undefined. To avoid this undefined behavior either use different priorities " +"or make the matching rules more specific e.g. by using distinct <" +"ISSUER> patterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:79 +msgid "MATCHING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:81 +msgid "" +"The matching rule is used to select a certificate to which the mapping rule " +"should be applied. It uses a system similar to the one used by " +"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a " +"keyword enclosed by '<' and '>' which identified a certain part of the " +"certificate and a pattern which should be found for the rule to match. " +"Multiple keyword pattern pairs can be either joined with '&&' (and) " +"or '||' (or)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:90 +msgid "" +"Given the similarity to MIT Kerberos the type prefix for this rule is " +"'KRB5'. But 'KRB5' will also be the default for <quote>matching rules</" +"quote> so that \"<SUBJECT>.*,DC=MY,DC=DOMAIN\" and \"KRB5:<" +"SUBJECT>.*,DC=MY,DC=DOMAIN\" are equivalent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:99 +msgid "<SUBJECT>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:102 +msgid "" +"With this a part or the whole subject name of the certificate can be " +"matched. For the matching POSIX Extended Regular Expression syntax is used, " +"see regex(7) for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:108 +msgid "" +"For the matching the subject name stored in the certificate in DER encoded " +"ASN.1 is converted into a string according to RFC 4514. This means the most " +"specific name component comes first. Please note that not all possible " +"attribute names are covered by RFC 4514. The names included are 'CN', 'L', " +"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might " +"be shown differently on different platform and by different tools. To avoid " +"confusion those attribute names are best not used or covered by a suitable " +"regular-expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:121 +msgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:124 +msgid "" +"Please note that the characters \"^.[$()|*+?{\\\" have a special meaning in " +"regular expressions and must be escaped with the help of the '\\' character " +"so that they are matched as ordinary characters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:130 +msgid "Example: <SUBJECT>^CN=.* \\(Admin\\),DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:135 +msgid "<ISSUER>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:138 +msgid "" +"With this a part or the whole issuer name of the certificate can be matched. " +"All comments for <SUBJECT> apply her as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:143 +msgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:148 +msgid "<KU>key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:151 +msgid "" +"This option can be used to specify which key usage values the certificate " +"should have. The following values can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:155 +msgid "digitalSignature" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:156 +msgid "nonRepudiation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:157 +msgid "keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:158 +msgid "dataEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:159 +msgid "keyAgreement" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:160 +msgid "keyCertSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:161 +msgid "cRLSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:162 +msgid "encipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:163 +msgid "decipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:167 +msgid "" +"A numerical value in the range of a 32bit unsigned integer can be used as " +"well to cover special use cases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:171 +msgid "Example: <KU>digitalSignature,keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:176 +msgid "<EKU>extended-key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:179 +msgid "" +"This option can be used to specify which extended key usage the certificate " +"should have. The following value can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:183 +msgid "serverAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:184 +msgid "clientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:185 +msgid "codeSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:186 +msgid "emailProtection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:187 +msgid "timeStamping" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:188 +msgid "OCSPSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:189 +msgid "KPClientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:190 +msgid "pkinit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:191 +msgid "msScLogin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:195 +msgid "" +"Extended key usages which are not listed above can be specified with their " +"OID in dotted-decimal notation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:199 +msgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:204 +msgid "<SAN>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:207 +msgid "" +"To be compatible with the usage of MIT Kerberos this option will match the " +"Kerberos principals in the PKINIT or AD NT Principal SAN as <SAN:" +"Principal> does." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:212 +msgid "Example: <SAN>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:217 +msgid "<SAN:Principal>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:220 +msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:224 +msgid "Example: <SAN:Principal>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:229 +msgid "<SAN:ntPrincipalName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:232 +msgid "Match the Kerberos principals from the AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:236 +msgid "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:241 +msgid "<SAN:pkinit>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:244 +msgid "Match the Kerberos principals from the PKINIT SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:247 +msgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:252 +msgid "<SAN:dotted-decimal-oid>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:255 +msgid "" +"Take the value of the otherName SAN component given by the OID in dotted-" +"decimal notation, interpret it as string and try to match it against the " +"regular expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:261 +msgid "Example: <SAN:1.2.3.4>test" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:266 +msgid "<SAN:otherName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:269 +msgid "" +"Do a binary match with the base64 encoded blob against all otherName SAN " +"components. With this option it is possible to match against custom " +"otherName components with special encodings which could not be treated as " +"strings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:276 +msgid "Example: <SAN:otherName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:281 +msgid "<SAN:rfc822Name>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:284 +msgid "Match the value of the rfc822Name SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:287 +msgid "Example: <SAN:rfc822Name>.*@email\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:292 +msgid "<SAN:dNSName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:295 +msgid "Match the value of the dNSName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:298 +msgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:303 +msgid "<SAN:x400Address>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:306 +msgid "Binary match the value of the x400Address SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:309 +msgid "Example: <SAN:x400Address>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:314 +msgid "<SAN:directoryName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:317 +msgid "" +"Match the value of the directoryName SAN. The same comments as given for <" +"ISSUER> and <SUBJECT> apply here as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:322 +msgid "Example: <SAN:directoryName>.*,DC=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:327 +msgid "<SAN:ediPartyName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:330 +msgid "Binary match the value of the ediPartyName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:333 +msgid "Example: <SAN:ediPartyName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:338 +msgid "<SAN:uniformResourceIdentifier>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:341 +msgid "Match the value of the uniformResourceIdentifier SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:344 +msgid "Example: <SAN:uniformResourceIdentifier>URN:.*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:349 +msgid "<SAN:iPAddress>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:352 +msgid "Match the value of the iPAddress SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:355 +msgid "Example: <SAN:iPAddress>192\\.168\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:360 +msgid "<SAN:registeredID>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:363 +msgid "Match the value of the registeredID SAN as dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:367 +msgid "Example: <SAN:registeredID>1\\.2\\.3\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:96 +msgid "" +"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:375 +msgid "MAPPING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:377 +msgid "" +"The mapping rule is used to associate a certificate with one or more " +"accounts. A Smartcard with the certificate and the matching private key can " +"then be used to authenticate as one of those accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:382 +msgid "" +"Currently SSSD basically only supports LDAP to lookup user information (the " +"exception is the proxy provider which is not of relevance here). Because of " +"this the mapping rule is based on LDAP search filter syntax with templates " +"to add certificate content to the filter. It is expected that the filter " +"will only contain the specific data needed for the mapping and that the " +"caller will embed it in another filter to do the actual search. Because of " +"this the filter string should start and stop with '(' and ')' respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:392 +msgid "" +"In general it is recommended to use attributes from the certificate and add " +"them to special attributes to the LDAP user object. E.g. the " +"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute " +"for IPA can be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:398 +msgid "" +"This should be preferred to read user specific data from the certificate " +"like e.g. an email address and search for it in the LDAP server. The reason " +"is that the user specific data in LDAP might change for various reasons " +"would break the mapping. On the other hand it would be hard to break the " +"mapping on purpose for a specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:406 +msgid "" +"The default <quote>mapping rule</quote> type is 'LDAP' which can be added as " +"a prefix to a rule like e.g. 'LDAP:(userCertificate;binary={cert!bin})'. " +"There is an extension called 'LDAPU1' which offer more templates for more " +"flexibility. To allow older versions of this library to ignore the extension " +"the prefix 'LDAPU1' must be used when using the new templates in a " +"<quote>mapping rule</quote> otherwise the old version of this library will " +"fail with a parsing error. The new templates are described in section <xref " +"linkend=\"map_ldapu1\"/>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:424 +msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:427 +msgid "" +"This template will add the full issuer DN converted to a string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:433 sss-certmap.5.xml:459 +msgid "" +"The conversion options starting with 'ad_' will use attribute names as used " +"by AD, e.g. 'S' instead of 'ST'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:437 sss-certmap.5.xml:463 +msgid "" +"The conversion options starting with 'nss_' will use attribute names as used " +"by NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:441 sss-certmap.5.xml:467 +msgid "" +"The default conversion option is 'nss', i.e. attribute names according to " +"NSS and LDAP/RFC 4514 ordering." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:445 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!" +"ad})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:450 +msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:453 +msgid "" +"This template will add the full subject DN converted to string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:471 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>" +"{subject_dn!nss_x500})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:476 +msgid "{cert[!(bin|base64)]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:479 +msgid "" +"This template will add the whole DER encoded certificate as a string to the " +"search filter. Depending on the conversion option the binary certificate is " +"either converted to an escaped hex sequence '\\xx' or base64. The escaped " +"hex sequence is the default and can e.g. be used with the LDAP attribute " +"'userCertificate;binary'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:487 +msgid "Example: (userCertificate;binary={cert!bin})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:492 +msgid "{subject_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:495 +msgid "" +"This template will add the Kerberos principal which is taken either from the " +"SAN used by pkinit or the one used by AD. The 'short_name' component " +"represents the first part of the principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:501 +msgid "" +"Example: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:506 +msgid "{subject_pkinit_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:509 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by pkinit. The 'short_name' component represents the first part of the " +"principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:515 +msgid "" +"Example: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:520 +msgid "{subject_nt_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:523 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by AD. The 'short_name' component represent the first part of the principal " +"before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:529 +msgid "" +"Example: (|(userPrincipalName={subject_nt_principal})" +"(samAccountName={subject_nt_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:534 +msgid "{subject_rfc822_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:537 +msgid "" +"This template will add the string which is stored in the rfc822Name " +"component of the SAN, typically an email address. The 'short_name' component " +"represents the first part of the address before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:543 +msgid "" +"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name." +"short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:548 +msgid "{subject_dns_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:551 +msgid "" +"This template will add the string which is stored in the dNSName component " +"of the SAN, typically a fully-qualified host name. The 'short_name' " +"component represents the first part of the name before the first '.' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:557 +msgid "" +"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:562 +msgid "{subject_uri}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:565 +msgid "" +"This template will add the string which is stored in the " +"uniformResourceIdentifier component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:569 +msgid "Example: (uri={subject_uri})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:574 +msgid "{subject_ip_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:577 +msgid "" +"This template will add the string which is stored in the iPAddress component " +"of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:581 +msgid "Example: (ip={subject_ip_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:586 +msgid "{subject_x400_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:589 +msgid "" +"This template will add the value which is stored in the x400Address " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:594 +msgid "Example: (attr:binary={subject_x400_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:599 +msgid "" +"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:602 +msgid "" +"This template will add the DN string of the value which is stored in the " +"directoryName component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:606 +msgid "Example: (orig_dn={subject_directory_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:611 +msgid "{subject_ediparty_name}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:614 +msgid "" +"This template will add the value which is stored in the ediPartyName " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:619 +msgid "Example: (attr:binary={subject_ediparty_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:624 +msgid "{subject_registered_id}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:627 +msgid "" +"This template will add the OID which is stored in the registeredID component " +"of the SAN as a dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:632 +msgid "Example: (oid={subject_registered_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:417 +msgid "" +"The templates to add certificate data to the search filter are based on " +"Python-style formatting strings. They consist of a keyword in curly braces " +"with an optional sub-component specifier separated by a '.' or an optional " +"conversion/formatting option separated by a '!'. Allowed values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><title> +#: sss-certmap.5.xml:639 +msgid "LDAPU1 extension" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para> +#: sss-certmap.5.xml:641 +msgid "The following template are available when using the 'LDAPU1' extension:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:647 +msgid "{serial_number[!(dec|hex[_ucr])]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:650 +msgid "" +"This template will add the serial number of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:655 +msgid "" +"With the formatting option '!dec' the number will be printed as decimal " +"string. The hexadecimal output can be printed with upper-case letters ('!" +"hex_u'), with a colon separating the hexadecimal bytes ('!hex_c') or with " +"the hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can " +"be combined so that e.g. '!hex_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:665 +msgid "Example: LDAPU1:(serial={serial_number})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:671 +msgid "{subject_key_id[!hex[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:674 +msgid "" +"This template will add the subject key id of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:679 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!hex_u'), " +"with a colon separating the hexadecimal bytes ('!hex_c') or with the " +"hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can be " +"combined so that e.g. '!hex_uc' will produce a colon-separated hexadecimal " +"string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:688 +msgid "Example: LDAPU1:(ski={subject_key_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:694 +msgid "{cert[!DIGEST[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:697 +msgid "" +"This template will add the hexadecimal digest/hash of the certificate where " +"DIGEST must be replaced with the name of a digest/hash function supported by " +"OpenSSL, e.g. 'sha512'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:703 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!sha512_u'), " +"with a colon separating the hexadecimal bytes ('!sha512_c') or with the " +"hexadecimal bytes in reverse order ('!sha512_r'). The postfix letters can be " +"combined so that e.g. '!sha512_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:712 +msgid "Example: LDAPU1:(dgst={cert!sha256})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:718 +msgid "{subject_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:721 +msgid "" +"This template will add an attribute value of a component of the subject DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:726 +msgid "" +"A different component can it either selected by attribute name, e.g. " +"{subject_dn_component.uid} or by position, e.g. {subject_dn_component.[2]} " +"where positive numbers start counting from the most specific component and " +"negative numbers start counting from the least specific component. Attribute " +"name and the position can be combined as e.g. {subject_dn_component.uid[2]} " +"which means that the name of the second component must be 'uid'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:737 +msgid "Example: LDAPU1:(uid={subject_dn_component.uid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:743 +msgid "{issuer_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:746 +msgid "" +"This template will add an attribute value of a component of the issuer DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:751 +msgid "" +"See 'subject_dn_component' for details about the attribute name and position " +"specifiers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:755 +msgid "" +"Example: LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component." +"dc[-1]})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:760 +msgid "{sid[.rid]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:763 +msgid "" +"This template will add the SID if the corresponding extension introduced by " +"Microsoft with the OID 1.3.6.1.4.1.311.25.2 is available. With the '.rid' " +"selector only the last component, i.e. the RID, will be added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:770 +msgid "Example: LDAPU1:(objectsid={sid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:779 +msgid "DOMAIN LIST" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:781 +msgid "" +"If the domain list is not empty users mapped to a given certificate are not " +"only searched in the local domain but in the listed domains as well as long " +"as they are know by SSSD. Domains not know to SSSD will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for IPA environments. The IPA provider accepts the same " +"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. " +"However, it is neither necessary nor recommended to set these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:57 +msgid "" +"The IPA provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"As an access provider, the IPA provider has a minimal configuration (see " +"<quote>ipa_access_order</quote>) as it mainly uses HBAC (host-based access " +"control) rules. Please refer to freeipa.org for more information about HBAC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:68 +msgid "" +"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ipa</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:74 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:90 +msgid "ipa_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:93 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:101 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:104 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:117 +msgid "ipa_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:120 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host. The " +"hostname must be fully qualified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:129 sssd-ad.5.xml:1181 +msgid "dyndns_update (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:132 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA with the IP address of this client. The update is secured " +"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the " +"updates, if it is not otherwise specified by using the <quote>dyndns_iface</" +"quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:141 sssd-ad.5.xml:1195 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:146 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:158 sssd-ad.5.xml:1206 +msgid "dyndns_ttl (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:161 sssd-ad.5.xml:1209 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:166 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:172 +msgid "Default: 1200 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:178 sssd-ad.5.xml:1220 +msgid "dyndns_iface (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 sssd-ad.5.xml:1223 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:188 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 sssd-ad.5.xml:1234 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 +msgid "dyndns_auth (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"updates with the DNS server, insecure updates can be sent by setting this " +"option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 +msgid "Default: GSS-TSIG" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 +msgid "dyndns_auth_ptr (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"PTR updates with the DNS server, insecure updates can be sent by setting " +"this option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 +msgid "Default: Same as dyndns_auth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:234 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:237 sssd-ad.5.xml:238 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example." +"com\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1240 +msgid "dyndns_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:263 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:276 sssd-ad.5.xml:1258 +msgid "dyndns_update_ptr (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:1261 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 +msgid "Default: False (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 +msgid "dyndns_force_tcp (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 +msgid "dyndns_update_per_family (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 +msgid "" +"DNS update is by default performed in two steps - IPv4 update and then IPv6 " +"update. In some cases it might be desirable to perform IPv4 and IPv6 update " +"in single step." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:353 +msgid "ipa_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:360 +msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:399 +msgid "" +"Please note that 'access_provider = ipa' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:406 +msgid "ipa_deskprofile_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:409 +msgid "" +"Optional. Use the given string as search base for Desktop Profile related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 +msgid "Default: Use base DN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:419 +msgid "ipa_subid_ranges_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"Optional. Use the given string as search base for subordinate ranges related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:426 +msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:433 +msgid "ipa_hbac_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:436 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 +msgid "Deprecated. Use ldap_host_search_base instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:455 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:458 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:474 +msgid "ipa_subdomains_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:477 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:486 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:493 +msgid "ipa_master_domain_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:496 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:505 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:524 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:534 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:538 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:564 +msgid "ipa_deskprofile_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:567 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server. This will reduce the latency and load on the IPA server if there " +"are many desktop profiles requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 +msgid "Default: 5 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:580 +msgid "ipa_deskprofile_request_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:583 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server in case the last request did not return any rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:588 +msgid "Default: 60 (minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:594 +msgid "ipa_hbac_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:597 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:610 +msgid "ipa_hbac_selinux (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:613 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:626 +msgid "ipa_server_mode (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "" +"This option will be set by the IPA installer (ipa-server-install) " +"automatically and denotes if SSSD is running on an IPA server or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:634 +msgid "" +"On an IPA server SSSD will lookup users and groups from trusted domains " +"directly while on a client it will ask an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:639 +msgid "" +"NOTE: There are currently some assumptions that must be met when SSSD is " +"running on an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "" +"The <quote>ipa_server</quote> option must be configured to point to the IPA " +"server itself. This is already the default set by the IPA installer, so no " +"manual change is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:653 +msgid "" +"The <quote>full_name_format</quote> option must not be tweaked to only print " +"short names for users from trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:668 +msgid "ipa_automount_location (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:671 +msgid "The automounter location this IPA client will be using" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:674 +msgid "Default: The location named \"default\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:682 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:691 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:694 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:697 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:703 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:706 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 +#: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 +#: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 +#: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 +msgid "Default: cn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:716 +msgid "ipa_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:719 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:722 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:728 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:731 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:735 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:741 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:744 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:749 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:752 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:755 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:758 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:761 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:764 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:767 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:770 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:775 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:781 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:784 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:789 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:792 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:795 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:800 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:684 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:812 +msgid "SUBDOMAINS PROVIDER" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:814 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:818 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:824 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:835 +msgid "TRUSTED DOMAINS CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:843 +#, no-wrap +msgid "" +"[domain/ipa.domain.com/ad.domain.com]\n" +"ad_server = dc.ad.domain.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:837 +msgid "" +"Some configuration options can also be set for a trusted domain. A trusted " +"domain configuration can be set using the trusted domain subsection as shown " +"in the example below. Alternatively, the <quote>subdomain_inherit</quote> " +"option can be used in the parent domain. <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:848 +msgid "" +"For more details, see the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:855 +msgid "" +"Different configuration options are tunable for a trusted domain depending " +"on whether you are configuring SSSD on an IPA server or an IPA client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:860 +msgid "OPTIONS TUNABLE ON IPA MASTERS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:862 +msgid "" +"The following options can be set in a subdomain section on an IPA master:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 +msgid "ad_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:869 +msgid "ad_backup_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 +msgid "ad_site" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:875 +msgid "ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:878 +msgid "ldap_user_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:881 +msgid "ldap_group_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:890 +msgid "OPTIONS TUNABLE ON IPA CLIENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:892 +msgid "" +"The following options can be set in a subdomain section on an IPA client:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:904 +msgid "" +"Note that if both options are set, only <quote>ad_server</quote> is " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:908 +msgid "" +"Since any request for a user or a group identity from a trusted domain " +"triggered from an IPA client is resolved by the IPA server, the " +"<quote>ad_server</quote> and <quote>ad_site</quote> options only affect " +"which AD DC will the authentication be performed against. In particular, the " +"addresses resolved from these lists will be written to <quote>kdcinfo</" +"quote> files read by the Kerberos locator plugin. Please refer to the " +"<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more details on the " +"Kerberos locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:932 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:939 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available. Back end communication occurs over a GSSAPI-encrypted " +"channel, SSL/TLS options should not be used with the AD provider and will be " +"superseded by Kerberos usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:44 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:48 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:54 +msgid "" +"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for Active Directory environments. The AD provider accepts the " +"same options used by the sssd-ldap and sssd-krb5 providers with some " +"exceptions. However, it is neither necessary nor recommended to set these " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"The AD provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:74 +msgid "" +"The AD provider can also be used as an access, chpass, sudo and autofs " +"provider. No configuration of the access provider is required on the client " +"side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:79 +msgid "" +"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ad</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:91 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:85 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should " +"be used, it is recommended for performance reasons that the attributes are " +"also replicated to the Global Catalog. If POSIX attributes are replicated, " +"SSSD will attempt to locate the domain of a requested numerical ID with the " +"help of the Global Catalog and only search that domain. In contrast, if " +"POSIX attributes are not replicated to the Global Catalog, SSSD must search " +"all the domains in the forest sequentially. Please note that the " +"<quote>cache_first</quote> option might be also helpful in speeding up " +"domainless searches. Note that if only a subset of POSIX attributes is " +"present in the Global Catalog, the non-replicated attributes are currently " +"not read from the LDAP port." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:108 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:113 +msgid "" +"SSSD only resolves Active Directory Security Groups. For more information " +"about AD group types see: <ulink url=\"https://docs.microsoft.com/en-us/" +"windows-server/identity/ad-ds/manage/understand-security-groups\"> Active " +"Directory security groups</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:120 +msgid "" +"SSSD filters out Domain Local groups from remote domains in the AD forest. " +"By default they are filtered out e.g. when following a nested group " +"hierarchy in remote domains because they are not valid in the local domain. " +"This is done to be in agreement with Active Directory's group-membership " +"assignment which can be seen in the PAC of the Kerberos ticket of a user " +"issued by Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:138 +msgid "ad_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:141 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:146 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:151 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:158 +msgid "ad_enabled_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:161 +msgid "" +"A comma-separated list of enabled Active Directory domains. If provided, " +"SSSD will ignore any domains not listed in this option. If left unset, all " +"discovered domains from the AD forest will be available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:168 +msgid "" +"During the discovery of the domains SSSD will filter out some domains where " +"flags or attributes indicate that they do not belong to the local forest or " +"are not trusted. If ad_enabled_domains is set, SSSD will try to enable all " +"listed domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:179 +#, no-wrap +msgid "" +"ad_enabled_domains = sales.example.com, eng.example.com\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:175 +msgid "" +"For proper operation, this option must be specified in all lower-case and as " +"the fully qualified domain name of the Active Directory domain. For example: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) will be " +"autodetected by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:193 +msgid "ad_server, ad_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:196 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:203 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:208 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:216 +msgid "ad_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:219 +msgid "" +"Optional. On machines where the hostname(5) does not reflect the fully " +"qualified name, sssd will try to expand the short name. If it is not " +"possible or the short name should be really used instead, set this parameter " +"explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:226 +msgid "" +"This field is used to determine the host principal in use in the keytab and " +"to perform dynamic DNS updates. It must match the hostname for which the " +"keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:235 +msgid "ad_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:258 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:261 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:269 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:277 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:285 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"Nested group membership must be searched for using a special OID " +"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain." +"example.org: syntax to ensure the parser does not attempt to interpret the " +"colon characters associated with the OID. If you do not use this OID then " +"nested group membership will not be resolved. See usage example below and " +"refer here for further information about the OID: <ulink url=\"https://msdn." +"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP " +"extensions</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:303 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:314 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +"\n" +"# apply filter for a member of a nested group in dom1:\n" +"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:333 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:347 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:350 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:358 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:372 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:384 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to the host. For more " +"information on the supported policy settings please refer to the " +"<quote>ad_gpo_map</quote> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:392 +msgid "" +"Please note that current version of SSSD does not support Active Directory's " +"built-in groups. Built-in groups (such as Administrators with SID " +"S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See " +"upstream issue tracker https://github.com/SSSD/sssd/issues/5063 ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:401 +msgid "" +"Before performing access control SSSD applies group policy security " +"filtering on the GPOs. For every single user login, the applicability of the " +"GPOs that are linked to the host is checked. In order for a GPO to apply to " +"a user, the user or at least one of the groups to which it belongs must have " +"following permissions on the GPO:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:411 +msgid "" +"Read: The user or one of its groups must have read access to the properties " +"of the GPO (RIGHT_DS_READ_PROPERTY)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:418 +msgid "" +"Apply Group Policy: The user or at least one of its groups must be allowed " +"to apply the GPO (RIGHT_DS_CONTROL_ACCESS)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:426 +msgid "" +"By default, the Authenticated Users group is present on a GPO and this group " +"has both Read and Apply Group Policy access rights. Since authentication of " +"a user must have been completed successfully before GPO security filtering " +"and access control are started, the Authenticated Users group permissions on " +"the GPO always apply also to the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:435 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing. For logging GPO-based access control debug level 'trace " +"functions' is required (see <citerefentry> <refentrytitle>sssctl</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:458 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:464 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:470 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:481 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:484 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:490 +msgid "ad_gpo_implicit_deny (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:493 +msgid "" +"Normally when no applicable GPOs are found the users are allowed access. " +"When this option is set to True users will be allowed access only when " +"explicitly allowed by a GPO rule. Otherwise users will be denied access. " +"This can be used to harden security but be careful when using this option " +"because it can deny access even to users in the built-in Administrators " +"group if no GPO rules apply to them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:509 +msgid "" +"The following 2 tables should illustrate when a user is allowed or rejected " +"based on the allow and deny login rights defined on the server-side and the " +"setting of ad_gpo_implicit_deny." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:521 +msgid "ad_gpo_implicit_deny = False (default)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "allow-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "deny-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:523 sssd-ad.5.xml:549 +msgid "results" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:526 sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:552 +#: sssd-ad.5.xml:555 sssd-ad.5.xml:558 +msgid "missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:527 +msgid "all users are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:535 sssd-ad.5.xml:555 +#: sssd-ad.5.xml:558 sssd-ad.5.xml:561 +msgid "present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:530 +msgid "only users not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:533 sssd-ad.5.xml:559 +msgid "only users in allow-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:536 sssd-ad.5.xml:562 +msgid "only users in allow-rules and not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:547 +msgid "ad_gpo_implicit_deny = True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:553 sssd-ad.5.xml:556 +msgid "no users are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:569 +msgid "ad_gpo_ignore_unreadable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:572 +msgid "" +"Normally when some group policy containers (AD object) of applicable group " +"policy objects are not readable by SSSD then users are denied access. This " +"option allows to ignore group policy containers and with them associated " +"policies if their attributes in group policy containers are not readable for " +"SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:589 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:605 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:608 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings. Only those GPOs are evaluated " +"for which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny interactive logon setting for the user or one of its groups, the user " +"is denied local access. If none of the evaluated GPOs has an interactive " +"logon right defined, the user is granted local access. If at least one " +"evaluated GPO contains interactive logon right settings, the user is granted " +"local access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:626 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:640 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:631 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:663 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:683 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:688 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:693 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:698 +msgid "unity" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:703 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:712 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:715 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings. Only those GPOs are " +"evaluated for which the user has Read and Apply Group Policy permission (see " +"option <quote>ad_gpo_access_control</quote>). If an evaluated GPO contains " +"the deny remote logon setting for the user or one of its groups, the user is " +"denied remote interactive access. If none of the evaluated GPOs has a " +"remote interactive logon right defined, the user is granted remote access. " +"If at least one evaluated GPO contains remote interactive logon right " +"settings, the user is granted remote access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:734 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:749 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:740 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:757 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:762 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:771 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny network logon setting for the user or one of its groups, the user is " +"denied network logon access. If none of the evaluated GPOs has a network " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains network logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:792 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:807 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:798 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:815 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:820 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:829 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:832 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings. Only those GPOs are evaluated for which the user has Read " +"and Apply Group Policy permission (see option <quote>ad_gpo_access_control</" +"quote>). If an evaluated GPO contains the deny batch logon setting for the " +"user or one of its groups, the user is denied batch logon access. If none " +"of the evaluated GPOs has a batch logon right defined, the user is granted " +"logon access. If at least one evaluated GPO contains batch logon right " +"settings, the user is granted logon access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:850 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:864 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:855 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:867 +msgid "" +"Note: Cron service name may differ depending on Linux distribution used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:873 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:882 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:885 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny service logon setting for the user or one of its groups, the user is " +"denied service logon access. If none of the evaluated GPOs has a service " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains service logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:903 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:916 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:908 sssd-ad.5.xml:983 +msgid "" +"It is possible to add a PAM service name to the default set by using " +"<quote>+service_name</quote>. Since the default set is empty, it is not " +"possible to remove a PAM service name from the default set. For example, in " +"order to add a custom pam service name (e.g. <quote>my_pam_service</quote>), " +"you would use the following configuration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:926 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:929 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:943 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:934 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:951 +msgid "polkit-1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:966 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:975 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:978 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:991 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1001 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1004 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1017 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1026 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1031 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1036 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1041 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1046 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1051 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1057 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1063 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1066 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1072 +msgid "Default: 30 days" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1078 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1081 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expects 2 integers separated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the initial timeout in seconds before the task is run for the " +"first time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1090 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1096 +msgid "ad_update_samba_machine_account_password (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1099 +msgid "" +"If enabled, when SSSD renews the machine account password, it will also be " +"updated in Samba's database. This prevents Samba's copy of the machine " +"account password from getting out of date when it is set up to use AD for " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1112 +msgid "ad_use_ldaps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1115 +msgid "" +"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " +"3628. If this option is set to True SSSD will use the LDAPS port 636 and " +"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " +"have multiple encryption layers on a single connection and we still want to " +"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " +"property maxssf is set to 0 (zero) for those connections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1132 +msgid "ad_allow_remote_domain_local_groups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1135 +msgid "" +"If this option is set to <quote>true</quote> SSSD will not filter out Domain " +"Local groups from remote domains in the AD forest. By default they are " +"filtered out e.g. when following a nested group hierarchy in remote domains " +"because they are not valid in the local domain. To be compatible with other " +"solutions which make AD users and groups available on Linux client this " +"option was added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1145 +msgid "" +"Please note that setting this option to <quote>true</quote> will be against " +"the intention of Domain Local group in Active Directory and <emphasis>SHOULD " +"ONLY BE USED TO FACILITATE MIGRATION FROM OTHER SOLUTIONS</emphasis>. " +"Although the group exists and user can be member of the group the intention " +"is that the group should be only used in the domain it is defined and in no " +"others. Since there is only one type of POSIX groups the only way to achieve " +"this on the Linux side is to ignore those groups. This is also done by " +"Active Directory as can be seen in the PAC of the Kerberos ticket for a " +"local service or in tokenGroups requests where remote Domain Local groups " +"are missing as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1161 +msgid "" +"Given the comments above, if this option is set to <quote>true</quote> the " +"tokenGroups request must be disabled by setting <quote>ldap_use_tokengroups</" +"quote> to <quote>false</quote> to get consistent group-memberships of a " +"users. Additionally the Global Catalog lookup should be skipped as well by " +"setting <quote>ad_enable_gc</quote> to <quote>false</quote>. Finally it " +"might be necessary to modify <quote>ldap_group_nesting_level</quote> if the " +"remote Domain Local groups can only be found with a deeper nesting level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1184 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1214 +msgid "Default: 3600 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1230 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1243 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true. Note that the " +"lowest possible value is 60 seconds in-case if value is provided less than " +"60, parameter will assume lowest value only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1393 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1400 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1420 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1416 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1426 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1434 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included in the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:98 +msgid "" +"<placeholder type=\"programlisting\" id=\"0\"/> <phrase " +"condition=\"have_systemd\"> It's important to note that on platforms where " +"systemd is supported there's no need to add the \"sudo\" provider to the " +"list of services, as it became optional. However, sssd-sudo.socket must be " +"enabled instead. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:118 +msgid "" +"When SSSD is configured to use IPA as the ID provider, the sudo provider is " +"automatically enabled. The sudo search base is configured to use the IPA " +"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in " +"sssd.conf, this value will be used instead. The compat tree (ou=sudoers," +"$SUFFIX) is no longer required for IPA sudo functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:128 +msgid "The SUDO rule caching mechanism" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:130 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:138 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:144 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:161 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:168 +msgid "keyword ALL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:173 +msgid "wildcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:178 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:183 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:188 +msgid "one of the IP addresses of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:193 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:199 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:213 +msgid "Tuning the performance" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:215 +msgid "" +"SSSD uses different kinds of mechanisms with more or less complex LDAP " +"filters to keep the cached sudo rules up to date. The default configuration " +"is set to values that should satisfy most of our users, but the following " +"paragraphs contain few tips on how to fine- tune the configuration to your " +"requirements." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:222 +msgid "" +"1. <emphasis>Index LDAP attributes</emphasis>. Make sure that following LDAP " +"attributes are indexed: objectClass, cn, entryUSN or modifyTimestamp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:227 +msgid "" +"2. <emphasis>Set ldap_sudo_search_base</emphasis>. Set the search base to " +"the container that holds the sudo rules to limit the scope of the lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:232 +msgid "" +"3. <emphasis>Set full and smart refresh interval</emphasis>. If your sudo " +"rules do not change often and you do not require quick update of cached " +"rules on your clients, you may consider increasing the " +"<emphasis>ldap_sudo_full_refresh_interval</emphasis> and " +"<emphasis>ldap_sudo_smart_refresh_interval</emphasis>. You may also consider " +"disabling the smart refresh by setting " +"<emphasis>ldap_sudo_smart_refresh_interval = 0</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:241 +msgid "" +"4. If you have large number of clients, you may consider increasing the " +"value of <emphasis>ldap_sudo_random_offset</emphasis> to distribute the load " +"on the server better." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>--logger=</option><replaceable>value</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "Location where SSSD will send log messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:92 +msgid "" +"<emphasis>stderr</emphasis>: Redirect debug messages to standard error " +"output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:96 +msgid "" +"<emphasis>files</emphasis>: Redirect debug messages to the log files. By " +"default, the log files are stored in <filename>/var/log/sssd</filename> and " +"there are separate log files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:102 +msgid "" +"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:106 +msgid "" +"Default: not set (fall back to journald if available, otherwise to stderr)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:113 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:117 +msgid "Become a daemon after starting up." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:123 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:127 +msgid "Run in the foreground, don't become a daemon." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:133 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:137 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "<option>-g</option>,<option>--genconf</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:154 +msgid "" +"Do not start the SSSD, but refresh the configuration database from the " +"contents of <filename>/etc/sssd/sssd.conf</filename> and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:162 +msgid "<option>-s</option>,<option>--genconf-section</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:166 +msgid "" +"Similar to <quote>--genconf</quote>, but only refresh a single section from " +"the configuration file. This option is useful mainly to be called from " +"systemd unit files to allow socket-activated responders to refresh their " +"configuration without requiring the administrator to restart the whole SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:178 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:182 +msgid "Print version number and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:190 +msgid "Signals" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:193 +msgid "SIGTERM/SIGINT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:196 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:202 +msgid "SIGHUP" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:205 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:213 +msgid "SIGUSR1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:216 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:225 +msgid "SIGUSR2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:228 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:240 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:244 +msgid "" +"If the environment variable SSS_LOCKFREE is set to \"NO\", requests from " +"multiple threads of a single application will be serialized." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:48 +msgid "" +"<emphasis>NOTE:</emphasis> The options provided in this man page only work " +"with <quote>ldap</quote> and <quote>AD</quote> <quote> id_provider</quote>. " +"IPA overrides can be managed centrally on the IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:56 sssctl.8.xml:41 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:58 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:65 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED " +"CERTIFICATE</optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:78 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:86 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:91 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:100 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:105 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:113 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:118 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:124 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:134 +msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:137 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:146 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:149 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:155 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:160 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:168 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:175 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:183 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:188 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:197 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:202 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:210 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:215 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:221 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:231 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:234 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:243 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:246 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:252 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:257 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:267 sssctl.8.xml:50 +msgid "COMMON OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:269 sssctl.8.xml:52 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:274 sssctl.8.xml:57 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "Номи логин" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 include/override_homedir.xml:42 +msgid "%h" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:124 +msgid "home directory" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:31 +msgid "%P" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:56 +msgid "%%" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:57 +msgid "a literal '%'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:253 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:256 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:261 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:274 +msgid "krb5_use_fast (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:277 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:282 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:286 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:291 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:296 +msgid "Default: not set, i.e. FAST is not used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:299 +msgid "NOTE: a keytab or support for anonymous PKINIT is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:303 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:312 +msgid "krb5_fast_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:315 +msgid "Specifies the server principal to use for FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:321 +msgid "krb5_fast_use_anonymous_pkinit (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:324 +msgid "" +"If set to true try to use anonymous PKINIT instead of a keytab to get the " +"required credential for FAST. The krb5_fast_principal options is ignored in " +"this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:364 +msgid "krb5_kdcinfo_lookahead (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:367 +msgid "" +"When krb5_use_kdcinfo is set to true, you can limit the amount of servers " +"handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. This might be " +"helpful when there are too many servers discovered using SRV record." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:377 +msgid "" +"The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. " +"The first number represents number of primary servers used and the second " +"number specifies the number of backup servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:383 +msgid "" +"For example <emphasis>10:0</emphasis> means that up to 10 primary servers " +"will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " +"servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:392 +msgid "Default: 3:1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:398 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:401 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:407 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:410 +msgid "" +"The IPA provider will set to option to 'true' if it detects that the server " +"is capable of handling enterprise principals and the option is not set " +"explicitly in the config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:419 +msgid "krb5_use_subdomain_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:422 +msgid "" +"Specifies to use subdomains realms for the authentication of users from " +"trusted domains. This option can be set to 'true' if enterprise principals " +"are used with upnSuffixes which are not known on the parent domain KDCs. If " +"the option is set to 'true' SSSD will try to send the request directly to a " +"KDC of the trusted domain the user is coming from." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:438 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:453 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:458 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:485 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:493 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online. Options that invalidate a single object only accept a " +"single provided argument." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:43 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:47 +msgid "Invalidate all cached entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:53 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:58 +msgid "Invalidate specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:64 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:68 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:75 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:80 +msgid "Invalidate specific group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:86 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:90 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:97 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:102 +msgid "Invalidate specific netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:108 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:112 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:119 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:124 +msgid "Invalidate specific service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:130 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:134 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:141 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:146 +msgid "Invalidate specific autofs maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:152 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:156 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:163 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:168 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:174 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:178 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:186 +msgid "" +"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:191 +msgid "Invalidate particular sudo rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:197 +msgid "<option>-R</option>,<option>--sudo-rules</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:201 +msgid "" +"Invalidate all cached sudo rules. This option overrides invalidation of " +"specific sudo rule if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:209 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:214 +msgid "Restrict invalidation process only to a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_cache.8.xml:224 +msgid "EFFECTS ON THE FAST MEMORY CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:226 +msgid "" +"<command>sss_cache</command> also invalidates the memory cache. Since the " +"memory cache is a file which is mapped into the memory of each process which " +"called SSSD to resolve users or groups the file cannot be truncated. A " +"special flag is set in the header of the file to indicate that the content " +"is invalid and then the file is unlinked by SSSD's NSS responder and a new " +"cache file is created. Whenever a process is now doing a new lookup for a " +"user or a group it will see the flag, close the old memory cache file and " +"map the new one into its memory. When all processes which had opened the old " +"memory cache file have closed it while looking up a user or a group the " +"kernel can release the occupied disk space and the old memory cache file is " +"finally removed completely." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:240 +msgid "" +"A special case is long running processes which are doing user or group " +"lookups only at startup, e.g. to determine the name of the user the process " +"is running as. For those lookups the memory cache file is mapped into the " +"memory of the process. But since there will be no further lookups this " +"process would never detect if the memory cache file was invalidated and " +"hence it will be kept in memory and will occupy disk space until the process " +"stops. As a result calling <command>sss_cache</command> might increase the " +"disk usage because old memory cache files cannot be removed from the disk " +"because they are still mapped by long running processes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:252 +msgid "" +"A possible work-around for long running processes which are looking up users " +"and groups only at startup or very rarely is to run them with the " +"environment variable SSS_NSS_USE_MEMCACHE set to \"NO\" so that they won't " +"use the memory cache at all and not map the memory cache file into the " +"memory. In general a better solution is to tune the cache timeout parameters " +"so that they meet the local expectations and calling <command>sss_cache</" +"command> is not needed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "[DEPRECATED] change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl " +"debug-level command. Please refer to the <command>sssctl</command> man page " +"for more information on sssctl usage." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ifp.5.xml:43 +msgid "FIND BY VALID CERTIFICATE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:45 +msgid "" +"The following options can be used to control how the certificates are " +"validated when using the FindByValidCertificate() API:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:48 sss_ssh_authorizedkeys.1.xml:92 +msgid "ca_db" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:49 sss_ssh_authorizedkeys.1.xml:93 +msgid "p11_child_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:50 sss_ssh_authorizedkeys.1.xml:94 +msgid "certificate_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:52 +msgid "" +"For more details about the options see <citerefentry><refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:62 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:69 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:75 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:79 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:93 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:108 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:115 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:116 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:119 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:120 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:123 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:127 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:128 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:97 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:141 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:133 +msgid "" +"It is possible to add another attribute to this set by using " +"<quote>+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:145 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:155 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:160 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:316 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the " +"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> man page for more details about this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:59 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:52 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_ssh_authorizedkeys.1.xml:65 +msgid "KEYS FROM CERTIFICATES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:67 +msgid "" +"In addition to the public SSH keys for user <replaceable>USER</replaceable> " +"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived " +"from the public key of a X.509 certificate as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:73 +msgid "" +"To enable this the <quote>ssh_use_certificate_keys</quote> option must be " +"set to true (default) in the [ssh] section of <filename>sssd.conf</" +"filename>. If the user entry contains certificates (see " +"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or " +"there is a certificate in an override entry for the user (see " +"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the " +"certificate is valid SSSD will extract the public key from the certificate " +"and convert it into the format expected by sshd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:90 +msgid "Besides <quote>ssh_use_certificate_keys</quote> the options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:96 +msgid "" +"can be used to control how the certificates are validated (see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:101 +msgid "" +"The validation is the benefit of using X.509 certificates instead of SSH " +"keys directly because e.g. it gives a better control of the lifetime of the " +"keys. When the ssh client is configured to use the private keys from a " +"Smartcard with the help of a PKCS#11 shared library (see " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> for details) it might be irritating that authentication is " +"still working even if the related X.509 certificate on the Smartcard is " +"already expired because neither <command>ssh</command> nor <command>sshd</" +"command> will look at the certificate at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:114 +msgid "" +"It has to be noted that the derived public SSH key can still be added to the " +"<filename>authorized_keys</filename> file of the user to bypass the " +"certificate validation if the <command>sshd</command> configuration permits " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:132 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:102 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:104 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and establishes the connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:89 +msgid "<option>-k</option>,<option>--pubkey</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:93 +msgid "" +"Print the host ssh public keys for host <replaceable>HOST</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: idmap_sss.8.xml:10 idmap_sss.8.xml:15 +msgid "idmap_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: idmap_sss.8.xml:16 +msgid "SSSD's idmap_sss Backend for Winbind" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:22 +msgid "" +"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. " +"No database is required in this case as the mapping is done by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: idmap_sss.8.xml:29 +msgid "IDMAP OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: idmap_sss.8.xml:33 +msgid "range = low - high" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: idmap_sss.8.xml:35 +msgid "" +"Defines the available matching UID and GID range for which the backend is " +"authoritative." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:45 +msgid "" +"This example shows how to configure idmap_sss as the default mapping module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: idmap_sss.8.xml:50 +#, no-wrap +msgid "" +"[global]\n" +"security = ads\n" +"workgroup = <AD-DOMAIN-SHORTNAME>\n" +"\n" +"idmap config <AD-DOMAIN-SHORTNAME> : backend = sss\n" +"idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647\n" +"\n" +"idmap config * : backend = tdb\n" +"idmap config * : range = 100000-199999\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:62 +msgid "" +"Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of " +"the AD domain. If multiple AD domains should be used each domain needs an " +"<literal>idmap config</literal> line with <literal>backend = sss</literal> " +"and a line with a suitable <literal>range</literal>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:69 +msgid "" +"Since Winbind requires a writeable default backend and idmap_sss is read-" +"only the example includes <literal>backend = tdb</literal> as default." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssctl.8.xml:10 sssctl.8.xml:15 +msgid "sssctl" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssctl.8.xml:16 +msgid "SSSD control and status utility" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssctl.8.xml:21 +msgid "" +"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:32 +msgid "" +"<command>sssctl</command> provides a simple and unified way to obtain " +"information about SSSD status, such as active server, auto-discovered " +"servers, domains and cached objects. In addition, it can manage SSSD data " +"files for troubleshooting in such a way that is safe to manipulate while " +"SSSD is running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:43 +msgid "" +"To list all available commands run <command>sssctl</command> without any " +"parameters. To print help for selected command run <command>sssctl COMMAND --" +"help</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-files.5.xml:10 sssd-files.5.xml:16 +msgid "sssd-files" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-files.5.xml:17 +msgid "SSSD files provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:23 +msgid "" +"This manual page describes the files provider for <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:36 +msgid "" +"The files provider mirrors the content of the <citerefentry> " +"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files " +"provider is to make the users and groups traditionally only accessible with " +"NSS interfaces also available through the SSSD interfaces such as " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:55 +msgid "" +"Another reason is to provide efficient caching of local users and groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:58 +msgid "" +"Please note that besides explicit domain definition the files provider can " +"be configured also implicitly using 'enable_files_domain' option. See " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:66 +msgid "" +"SSSD never handles resolution of user/group \"root\". Also resolution of UID/" +"GID 0 is not handled by SSSD. Such requests are passed to next NSS module " +"(usually files)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:71 +msgid "" +"When SSSD is not running or responding, nss_sss returns the UNAVAIL code " +"which causes the request to be passed to the next module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:95 +msgid "passwd_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:98 +msgid "" +"Comma-separated list of one or multiple password filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:104 +msgid "Default: /etc/passwd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:110 +msgid "group_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:113 +msgid "" +"Comma-separated list of one or multiple group filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:119 +msgid "Default: /etc/group" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:125 +msgid "fallback_to_nss (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:128 +msgid "" +"While updating the internal data SSSD will return an error and let the " +"client continue with the next NSS module. This helps to avoid delays when " +"using the default system files <filename>/etc/passwd</filename> and " +"<filename>/etc/group</filename> and the NSS configuration has 'sss' before " +"'files' for the 'passwd' and 'group' maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:138 +msgid "" +"If the files provider is configured to monitor other files it makes sense to " +"set this option to 'False' to avoid inconsistent behavior because in general " +"there would be no other NSS module which can be used as a fallback." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:79 +msgid "" +"In addition to the options listed below, generic SSSD domain options can be " +"set where applicable. Refer to the section <quote>DOMAIN SECTIONS</quote> " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for details on the configuration of " +"an SSSD domain. But the purpose of the files provider is to expose the same " +"data as the UNIX files, just through the SSSD interfaces. Therefore not all " +"generic domain options are supported. Likewise, some global options, such as " +"overriding the shell in the <quote>nss</quote> section for all domains has " +"no effect on the files domain unless explicitly specified per-domain. " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:157 +msgid "" +"The following example assumes that SSSD is correctly configured and files is " +"one of the domains in the <replaceable>[sssd]</replaceable> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:163 +#, no-wrap +msgid "" +"[domain/files]\n" +"id_provider = files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:168 +msgid "" +"To leverage caching of local users and groups by SSSD nss_sss module must be " +"listed before nss_files module in /etc/nsswitch.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:174 +#, no-wrap +msgid "" +"passwd: sss files\n" +"group: sss files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16 +msgid "sssd-session-recording" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-session-recording.5.xml:17 +msgid "Configuring session recording with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to " +"implement user session recording on text terminals. For a detailed " +"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> " +"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:41 +msgid "" +"SSSD can be set up to enable recording of everything specific users see or " +"type during their sessions on text terminals. E.g. when users log in on the " +"console, or via SSH. SSSD itself doesn't record anything, but makes sure " +"tlog-rec-session is started upon user login, so it can record according to " +"its configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:48 +msgid "" +"For users with session recording enabled, SSSD replaces the user shell with " +"tlog-rec-session in NSS responses, and adds a variable specifying the " +"original shell to the user environment, upon PAM session setup. This way " +"tlog-rec-session can be started in place of the user shell, and know which " +"actual shell to start, once it set up the recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:60 +msgid "These options can be used to configure the session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:178 +msgid "" +"The following snippet of sssd.conf enables session recording for users " +"\"contractor1\" and \"contractor2\", and group \"students\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-session-recording.5.xml:183 +#, no-wrap +msgid "" +"[session_recording]\n" +"scope = some\n" +"users = contractor1, contractor2\n" +"groups = students\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16 +msgid "sssd-kcm" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-kcm.8.xml:17 +msgid "SSSD Kerberos Cache Manager" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:23 +msgid "" +"This manual page describes the configuration of the SSSD Kerberos Cache " +"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos " +"credential caches. It originates in the Heimdal Kerberos project, although " +"the MIT Kerberos library also provides client side (more details on that " +"below) support for the KCM credential cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:31 +msgid "" +"In a setup where Kerberos caches are managed by KCM, the Kerberos library " +"(typically used through an application, like e.g., <citerefentry> " +"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </" +"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is " +"being referred to as a <quote>\"KCM server\"</quote>. The client and server " +"communicate over a UNIX socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:42 +msgid "" +"The KCM server keeps track of each credential caches's owner and performs " +"access check control based on the UID and GID of the KCM client. The root " +"user has access to all credential caches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:47 +msgid "The KCM credential cache has several interesting properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:51 +msgid "" +"since the process runs in userspace, it is subject to UID namespacing, " +"unlike the kernel keyring" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:56 +msgid "" +"unlike the kernel keyring-based cache, which is shared between all " +"containers, the KCM server is a separate process whose entry point is a UNIX " +"socket" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:61 +msgid "" +"the SSSD implementation stores the ccaches in a database, typically located " +"at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to " +"survive KCM server restarts or machine reboots." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:67 +msgid "" +"This allows the system to use a collection-aware credential cache, yet share " +"the credential cache between some or no containers by bind-mounting the " +"socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:72 +msgid "" +"The KCM default client idle timeout is 5 minutes, this allows more time for " +"user interaction with command line tools such as kinit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:78 +msgid "USING THE KCM CREDENTIAL CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:88 +#, no-wrap +msgid "" +"[libdefaults]\n" +" default_ccache_name = KCM:\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:80 +msgid "" +"In order to use KCM credential cache, it must be selected as the default " +"credential type in <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials " +"cache name must be only <quote>KCM:</quote> without any template " +"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:93 +msgid "" +"Next, make sure the Kerberos client libraries and the KCM server must agree " +"on the UNIX socket path. By default, both use the same path <replaceable>/" +"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos " +"library, change its <quote>kcm_socket</quote> option which is described in " +"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:115 +#, no-wrap +msgid "" +"systemctl start sssd-kcm.socket\n" +"systemctl enable sssd-kcm.socket\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:104 +msgid "" +"Finally, make sure the SSSD KCM server can be contacted. The KCM service is " +"typically socket-activated by <citerefentry> <refentrytitle>systemd</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD " +"services, it cannot be started by adding the <quote>kcm</quote> string to " +"the <quote>service</quote> directive. <placeholder type=\"programlisting\" " +"id=\"0\"/> Please note your distribution may already configure the units for " +"you." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:124 +msgid "THE CREDENTIAL CACHE STORAGE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:126 +msgid "" +"The credential caches are stored in a database, much like SSSD caches user " +"or group entries. The database is typically located at <quote>/var/lib/sss/" +"secrets</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:133 +msgid "OBTAINING DEBUG LOGS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:144 +#, no-wrap +msgid "" +"[kcm]\n" +"debug_level = 10\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:149 sssd-kcm.8.xml:211 +#, no-wrap +msgid "" +"systemctl restart sssd-kcm.service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:135 +msgid "" +"The sssd-kcm service is typically socket-activated <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry>. To generate debug logs, add the following either to the " +"<filename>/etc/sssd/sssd.conf</filename> file directly or as a configuration " +"snippet to <filename>/etc/sssd/conf.d/</filename> directory: <placeholder " +"type=\"programlisting\" id=\"0\"/> Then, restart the sssd-kcm service: " +"<placeholder type=\"programlisting\" id=\"1\"/> Finally, run whatever use-" +"case doesn't work for you. The KCM logs will be generated at <filename>/var/" +"log/sssd/sssd_kcm.log</filename>. It is recommended to disable the debug " +"logs when you no longer need the debugging to be enabled as the sssd-kcm " +"service can generate quite a large amount of debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:159 +msgid "" +"Please note that configuration snippets are, at the moment, only processed " +"if the main configuration file at <filename>/etc/sssd/sssd.conf</filename> " +"exists at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:166 +msgid "RENEWALS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:174 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"krb5_renew_interval = 60m\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:168 +msgid "" +"The sssd-kcm service can be configured to attempt TGT renewal for renewable " +"TGTs stored in the KCM ccache. Renewals are only attempted when half of the " +"ticket lifetime has been reached. KCM Renewals are configured when the " +"following options are set in the [kcm] section: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:179 +msgid "" +"SSSD can also inherit krb5 options for renewals from an existing domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: sssd-kcm.8.xml:183 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"tgt_renewal_inherit = domain-name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:191 +#, no-wrap +msgid "" +"krb5_renew_interval\n" +"krb5_renewable_lifetime\n" +"krb5_lifetime\n" +"krb5_validate\n" +"krb5_canonicalize\n" +"krb5_auth_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:187 +msgid "" +"The following krb5 options can be configured in the [kcm] section to control " +"renewal behavior, these options are described in detail below <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:204 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> section of the sssd." +"conf file. Please note that because the KCM service is typically socket-" +"activated, it is enough to just restart the <quote>sssd-kcm</quote> service " +"after changing options in the <quote>kcm</quote> section of sssd.conf: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:215 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> For a detailed " +"syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:223 +msgid "" +"The generic SSSD service options such as <quote>debug_level</quote> or " +"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for a complete list. In addition, " +"there are some KCM-specific options as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:234 +msgid "socket_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:237 +msgid "The socket the KCM service will listen on." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:240 +msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:243 +msgid "" +"<phrase condition=\"have_systemd\"> Note: on platforms where systemd is " +"supported, the socket path is overwritten by the one defined in the sssd-kcm." +"socket unit file. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:252 +msgid "max_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:255 +msgid "How many credential caches does the KCM database allow for all users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:259 +msgid "Default: 0 (unlimited, only the per-UID quota is enforced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:264 +msgid "max_uid_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:267 +msgid "" +"How many credential caches does the KCM database allow per UID. This is " +"equivalent to <quote>with how many principals you can kinit</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:272 +msgid "Default: 64" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:277 +msgid "max_ccache_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:280 +msgid "" +"How big can a credential cache be per ccache. Each service ticket accounts " +"into this quota." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:284 +msgid "Default: 65536" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:289 +msgid "tgt_renewal (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:292 +msgid "Enables TGT renewals functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:295 +msgid "Default: False (Automatic renewals disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:300 +msgid "tgt_renewal_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:303 +msgid "Domain to inherit krb5_* options from, for use with TGT renewals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:307 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: NULL" +msgstr "Пешфарз: 3" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:318 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>," +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16 +msgid "sssd-systemtap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-systemtap.5.xml:17 +msgid "SSSD systemtap information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:23 +msgid "" +"This manual page provides information about the systemtap functionality in " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:32 +msgid "" +"SystemTap Probe points have been added into various locations in SSSD code " +"to assist in troubleshooting and analyzing performance related issues." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:40 +msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:46 +msgid "" +"Probes and miscellaneous functions are defined in /usr/share/systemtap/" +"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp " +"respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:57 +msgid "PROBE POINTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:367 +msgid "" +"The information below lists the probe points and arguments available in the " +"following format:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:64 +msgid "probe $name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:67 +msgid "Description of probe point" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:70 +#, no-wrap +msgid "" +"variable1:datatype\n" +"variable2:datatype\n" +"variable3:datatype\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:80 +msgid "Database Transaction Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:84 +msgid "probe sssd_transaction_start" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:87 +msgid "" +"Start of a sysdb transaction, probes the sysdb_transaction_start() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118 +#: sssd-systemtap.5.xml:131 +#, no-wrap +msgid "" +"nesting:integer\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:97 +msgid "probe sssd_transaction_cancel" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:100 +msgid "" +"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() " +"function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:111 +msgid "probe sssd_transaction_commit_before" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:114 +msgid "Probes the sysdb_transaction_commit_before() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:124 +msgid "probe sssd_transaction_commit_after" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:127 +msgid "Probes the sysdb_transaction_commit_after() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:141 +msgid "LDAP Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:145 +msgid "probe sdap_search_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:148 +msgid "Probes the sdap_get_generic_ext_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:152 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"attrs:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:161 +msgid "probe sdap_search_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:164 +msgid "Probes the sdap_get_generic_ext_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:168 sssd-systemtap.5.xml:222 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:176 +msgid "probe sdap_parse_entry" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:179 +msgid "" +"Probes the sdap_parse_entry() function. It is called repeatedly with every " +"received attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:184 +#, no-wrap +msgid "" +"attr:string\n" +"value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:190 +msgid "probe sdap_parse_entry_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:193 +msgid "" +"Probes the sdap_parse_entry() function. It is called when parsing of " +"received object is finished." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:201 +msgid "probe sdap_deref_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:204 +msgid "Probes the sdap_deref_search_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:208 +#, no-wrap +msgid "" +"base_dn:string\n" +"deref_attr:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:215 +msgid "probe sdap_deref_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:218 +msgid "Probes the sdap_deref_search_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:234 +msgid "LDAP Account Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:238 +msgid "probe sdap_acct_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:241 +msgid "Probes the sdap_acct_req_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:245 sssd-systemtap.5.xml:260 +#, no-wrap +msgid "" +"entry_type:int\n" +"filter_type:int\n" +"filter_value:string\n" +"extra_value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:253 +msgid "probe sdap_acct_req_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:256 +msgid "Probes the sdap_acct_req_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:272 +msgid "LDAP User Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:276 +msgid "probe sdap_search_user_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:279 +msgid "Probes the sdap_search_user_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:283 sssd-systemtap.5.xml:295 sssd-systemtap.5.xml:307 +#: sssd-systemtap.5.xml:319 +#, no-wrap +msgid "" +"filter:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:288 +msgid "probe sdap_search_user_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:291 +msgid "Probes the sdap_search_user_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:300 +msgid "probe sdap_search_user_save_begin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:303 +msgid "Probes the sdap_search_user_save_begin() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:312 +msgid "probe sdap_search_user_save_end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:315 +msgid "Probes the sdap_search_user_save_end() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:328 +msgid "Data Provider Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:332 +msgid "probe dp_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:335 +msgid "A Data Provider request is submitted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:338 +#, no-wrap +msgid "" +"dp_req_domain:string\n" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:346 +msgid "probe dp_req_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:349 +msgid "A Data Provider request is completed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:352 +#, no-wrap +msgid "" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +"dp_ret:int\n" +"dp_errorstr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:365 +msgid "MISCELLANEOUS FUNCTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:372 +msgid "function acct_req_desc(entry_type)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:375 +msgid "Convert entry_type to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:380 +msgid "" +"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, " +"filter_value, extra_value)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:384 +msgid "Create probe string based on filter type" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:389 +msgid "function dp_target_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:392 +msgid "Convert target to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:397 +msgid "function dp_method_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:400 +msgid "Convert method to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:410 +msgid "SAMPLE SYSTEMTAP SCRIPTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:412 +msgid "" +"Start the SystemTap script (<command>stap /usr/share/sssd/systemtap/<" +"script_name>.stp</command>), then perform an identity operation and the " +"script will collect information from probes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:418 +msgid "Provided SystemTap scripts are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:422 +msgid "dp_request.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:425 +msgid "Monitoring of data provider request performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:430 +msgid "id_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:433 +msgid "Monitoring of <command>id</command> command performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:439 +msgid "ldap_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:442 +msgid "Monitoring of LDAP queries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:447 +msgid "nested_group_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:450 +msgid "Performance of nested groups resolving." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +msgid "sssd-ldap-attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap-attributes.5.xml:17 +msgid "SSSD LDAP Provider: Mapping Attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap-attributes.5.xml:23 +msgid "" +"This manual page describes the mapping attributes of SSSD LDAP provider " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. Refer to the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " +"for full details about SSSD LDAP provider configuration options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:38 +msgid "USER ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:42 +msgid "ldap_user_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:45 +msgid "The object class of a user entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:48 +msgid "Default: posixAccount" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:54 +msgid "ldap_user_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:57 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:61 +msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:68 +msgid "ldap_user_uid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:71 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:75 +msgid "Default: uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:81 +msgid "ldap_user_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:84 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:88 sssd-ldap-attributes.5.xml:698 +msgid "Default: gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:94 +msgid "ldap_user_primary_group (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:97 +msgid "" +"Active Directory primary group attribute for ID-mapping. Note that this " +"attribute should only be set manually if you are running the <quote>ldap</" +"quote> provider with ID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:103 +msgid "Default: unset (LDAP), primaryGroupID (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:109 +msgid "ldap_user_gecos (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:112 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:116 +msgid "Default: gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:122 +msgid "ldap_user_home_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:125 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:129 +msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:135 +msgid "ldap_user_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:138 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:142 +msgid "Default: loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:148 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:151 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:155 sssd-ldap-attributes.5.xml:724 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:162 +msgid "ldap_user_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:165 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:170 sssd-ldap-attributes.5.xml:739 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:177 +msgid "ldap_user_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:180 sssd-ldap-attributes.5.xml:749 +#: sssd-ldap-attributes.5.xml:872 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:184 sssd-ldap-attributes.5.xml:753 +#: sssd-ldap-attributes.5.xml:879 +msgid "Default: modifyTimestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:190 +msgid "ldap_user_shadow_last_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:193 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:203 +msgid "Default: shadowLastChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:209 +msgid "ldap_user_shadow_min (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:212 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:221 +msgid "Default: shadowMin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:227 +msgid "ldap_user_shadow_max (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:230 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:239 +msgid "Default: shadowMax" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:245 +msgid "ldap_user_shadow_warning (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:248 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:258 +msgid "Default: shadowWarning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:264 +msgid "ldap_user_shadow_inactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:267 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:277 +msgid "Default: shadowInactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:283 +msgid "ldap_user_shadow_expire (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:286 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:296 +msgid "Default: shadowExpire" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:302 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:305 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:311 +msgid "Default: krbLastPwdChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:317 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:320 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:326 +msgid "Default: krbPasswordExpiration" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:332 +msgid "ldap_user_ad_account_expires (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:335 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:340 +msgid "Default: accountExpires" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:346 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:349 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:354 +msgid "Default: userAccountControl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:360 +msgid "ldap_ns_account_lock (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:363 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:368 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:374 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:377 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:381 sssd-ldap-attributes.5.xml:395 +msgid "Default: loginDisabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:387 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:390 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:401 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:404 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:409 +msgid "Default: loginAllowedTimeMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:415 +msgid "ldap_user_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:418 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:422 +msgid "Default: krbPrincipalName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:428 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:431 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:436 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:446 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:456 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:459 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:463 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:466 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:476 +msgid "ldap_user_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:479 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:483 sssd-ldap-attributes.5.xml:963 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:489 +msgid "ldap_user_fullname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:492 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:502 +msgid "ldap_user_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:505 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:509 sssd-ldap-attributes.5.xml:950 +msgid "Default: memberOf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:515 +msgid "ldap_user_authorized_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:518 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:525 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:530 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:537 +msgid "" +"Some distributions (such as Fedora-29+ or RHEL-8) always include the " +"<quote>systemd-user</quote> PAM service as part of the login process. " +"Therefore when using service-based access control, the <quote>systemd-user</" +"quote> service might need to be added to the list of allowed services." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:545 +msgid "Default: authorizedService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:551 +msgid "ldap_user_authorized_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:554 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:560 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:565 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:572 +msgid "Default: host" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:578 +msgid "ldap_user_authorized_rhost (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:581 +msgid "" +"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the " +"presence of the rhost attribute in the user's LDAP entry to determine access " +"privilege. Similarly to host verification process." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:588 +msgid "" +"An explicit deny (!rhost) is resolved first. Second, SSSD searches for " +"explicit allow (rhost) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:593 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>rhost</quote> in order for the " +"ldap_user_authorized_rhost option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:600 +msgid "Default: rhost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:606 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:609 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:613 +msgid "Default: userCertificate;binary" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:619 +msgid "ldap_user_email (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:622 +msgid "Name of the LDAP attribute containing the email address of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:626 +msgid "" +"Note: If an email address of a user conflicts with an email address or fully " +"qualified name of another user, then SSSD will not be able to serve those " +"users properly. If for some reason several users need to share the same " +"email address then set this option to a nonexistent attribute name in order " +"to disable user lookup/login by email." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:635 +msgid "Default: mail" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:640 +msgid "ldap_user_passkey (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:643 +msgid "" +"Name of the LDAP attribute containing the passkey mapping data of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:647 +msgid "Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:657 +msgid "GROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:661 +msgid "ldap_group_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:664 +msgid "The object class of a group entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:667 +msgid "Default: posixGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:673 +msgid "ldap_group_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:676 +msgid "" +"The LDAP attribute that corresponds to the group name. In an environment " +"with nested groups, this value must be an LDAP attribute which has a unique " +"name for every group. This requirement includes non-POSIX groups in the tree " +"of nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:684 +msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:691 +msgid "ldap_group_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:694 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:704 +msgid "ldap_group_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:707 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:711 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:717 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:720 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:731 +msgid "ldap_group_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:734 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:746 +msgid "ldap_group_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:759 +msgid "ldap_group_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:762 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:767 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:773 +msgid "Default: groupType in the AD provider, otherwise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:780 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:783 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:789 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:799 +msgid "NETGROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:803 +msgid "ldap_netgroup_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:806 +msgid "The object class of a netgroup entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:809 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:813 +msgid "Default: nisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:819 +msgid "ldap_netgroup_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:822 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:826 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:836 +msgid "ldap_netgroup_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:839 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:843 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:847 +msgid "Default: memberNisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:853 +msgid "ldap_netgroup_triple (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:856 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:860 sssd-ldap-attributes.5.xml:876 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:863 +msgid "Default: nisNetgroupTriple" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:869 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:888 +msgid "HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:892 +msgid "ldap_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:895 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:898 sssd-ldap-attributes.5.xml:995 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:904 +msgid "ldap_host_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:907 sssd-ldap-attributes.5.xml:933 +msgid "The LDAP attribute that corresponds to the host's name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:917 +msgid "ldap_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:920 +msgid "" +"The LDAP attribute that corresponds to the host's fully-qualified domain " +"name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:924 +msgid "Default: fqdn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:930 +msgid "ldap_host_serverhostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:937 +msgid "Default: serverHostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:943 +msgid "ldap_host_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:946 +msgid "The LDAP attribute that lists the host's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:956 +msgid "ldap_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:959 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:969 +msgid "ldap_host_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:972 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:985 +msgid "SERVICE ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:989 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:992 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1001 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1004 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1014 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1017 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1021 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1027 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1030 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1034 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1043 +msgid "SUDO ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1047 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1050 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1053 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1059 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1062 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1072 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1075 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1079 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1085 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1088 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1093 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1099 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1102 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1106 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1112 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1115 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1119 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1125 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1128 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1132 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1138 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1141 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1145 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1151 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1154 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1158 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1164 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1167 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1172 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1178 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1181 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1185 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1194 +msgid "AUTOFS ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1201 +msgid "IP HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1205 +msgid "ldap_iphost_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1208 +msgid "The object class of an iphost entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1211 +msgid "Default: ipHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1217 +msgid "ldap_iphost_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1220 +msgid "" +"The LDAP attribute that contains the name of the IP host attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1230 +msgid "ldap_iphost_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1233 +msgid "The LDAP attribute that contains the IP host address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1237 +msgid "Default: ipHostNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1246 +msgid "IP NETWORK ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1250 +msgid "ldap_ipnetwork_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1253 +msgid "The object class of an ipnetwork entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1256 +msgid "Default: ipNetwork" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1262 +msgid "ldap_ipnetwork_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1265 +msgid "" +"The LDAP attribute that contains the name of the IP network attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1275 +msgid "ldap_ipnetwork_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1278 +msgid "The LDAP attribute that contains the IP network address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1282 +msgid "Default: ipNetworkNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_localauth_plugin.8.xml:10 sssd_krb5_localauth_plugin.8.xml:15 +msgid "sssd_krb5_localauth_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_localauth_plugin.8.xml:16 +msgid "Kerberos local authorization plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:22 +msgid "" +"The Kerberos local authorization plugin <command>sssd_krb5_localauth_plugin</" +"command> is used by libkrb5 to either find the local name for a given " +"Kerberos principal or to check if a given local name and a given Kerberos " +"principal relate to each other." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:29 +msgid "" +"SSSD handles the local names for users from a remote source and can read the " +"Kerberos user principal name from the remote source as well. With this " +"information SSSD can easily handle the mappings mentioned above even if the " +"local name and the Kerberos principal differ considerably." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:36 +msgid "" +"Additionally with the information read from the remote source SSSD can help " +"to prevent unexpected or unwanted mappings in case the user part of the " +"Kerberos principal accidentally corresponds to a local name of a different " +"user. By default libkrb5 might just strip the realm part of the Kerberos " +"principal to get the local name which would lead to wrong mappings in this " +"case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd_krb5_localauth_plugin.8.xml:46 +msgid "CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd_krb5_localauth_plugin.8.xml:56 +#, no-wrap +msgid "" +"[plugins]\n" +" localauth = {\n" +" module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so\n" +" }\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:48 +msgid "" +"The Kerberos local authorization plugin must be enabled explicitly in the " +"Kerberos configuration, see <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. SSSD will create a " +"config snippet with the content like e.g. <placeholder " +"type=\"programlisting\" id=\"0\"/> automatically in the SSSD's public " +"Kerberos configuration snippet directory. If this directory is included in " +"the local Kerberos configuration the plugin will be enabled automatically." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:3 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:6 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:9 +msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:16 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:19 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:22 +msgid "" +"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:29 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:32 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:37 +msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:44 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:47 include/autofs_attributes.xml:61 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:51 +msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:58 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:65 +msgid "" +"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise " +"automountInformation" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "Ҷӯрсозӣ" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" + +#. type: Content of: <refentryinfo> +#: include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - https://github." +"com/SSSD/sssd/</orgname>" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:53 +msgid "Failover time outs and tuning" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:55 +msgid "" +"Resolving a server to connect to can be as simple as running a single DNS " +"query or can involve several steps, such as finding the correct site or " +"trying out multiple host names in case some of the configured servers are " +"not reachable. The more complex scenarios can take some time and SSSD needs " +"to balance between providing enough time to finish the resolution process " +"but on the other hand, not trying for too long before falling back to " +"offline mode. If the SSSD debug logs show that the server resolution is " +"timing out before a live server is contacted, you can consider changing the " +"time outs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:76 +msgid "dns_resolver_server_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:80 +msgid "" +"Time in milliseconds that sets how long would SSSD talk to a single DNS " +"server before trying next one." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:90 +msgid "dns_resolver_op_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:94 +msgid "" +"Time in seconds to tell how long would SSSD try to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or discovery domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:106 +msgid "dns_resolver_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:110 +msgid "" +"How long would SSSD try to resolve a failover service. This service " +"resolution internally might include several steps, such as resolving DNS SRV " +"queries or locating the site." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:67 +msgid "" +"This section lists the available tunables. Please refer to their description " +"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:123 +msgid "" +"For LDAP-based providers, the resolve operation is performed as part of an " +"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout</" +"quote> timeout should be set to a larger value than " +"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger " +"value than <quote>dns_resolver_op_timeout</quote> which should be larger " +"than <quote>dns_resolver_server_timeout</quote>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 200,000 and going up to " +"2,000,200,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower (inclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:129 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:139 include/ldap_id_mapping.xml:197 +msgid "Default: 200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:144 +msgid "ldap_idmap_range_max (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:147 +msgid "" +"Specifies the upper (exclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"cannot be used for the mapping anymore, i.e. one larger than the last one " +"which can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:155 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:165 +msgid "Default: 2000200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:170 +msgid "ldap_idmap_range_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:185 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:192 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:202 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:205 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:216 +msgid "ldap_idmap_default_domain (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:219 +msgid "Specify the name of the default domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:227 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:230 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:235 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monotonically with each additional domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:240 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:255 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:258 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:262 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:279 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:287 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:290 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:291 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:292 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:293 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:294 +msgid "Mandatory Label Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:295 +msgid "Authentication Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:296 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:297 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:299 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:303 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote>LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, " +"<quote>MANDATORY LABEL AUTHORITY</quote>, <quote>AUTHENTICATION AUTHORITY</" +"quote>, <quote>NT AUTHORITY</quote> and <quote>BUILTIN</quote> should not be " +"used as domain names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10 +msgid "Currently supported debug levels:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill SSSD, but one that indicates that at least one major " +"feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x20000</emphasis>: Performance and " +"statistical data, please note that due to the way requests are processed " +"internally the logged execution time of a request might be longer than it " +"actually was." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:88 include/debug_levels_tools.xml:62 +msgid "" +"<emphasis>10</emphasis>, <emphasis>0x10000</emphasis>: Even more low-level " +"libldb tracing information. Almost never really required." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:93 include/debug_levels_tools.xml:67 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:97 include/debug_levels_tools.xml:71 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:101 include/debug_levels_tools.xml:75 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:106 include/debug_levels_tools.xml:80 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:110 include/debug_levels_tools.xml:84 +msgid "" +"<emphasis>Default</emphasis>: 0x0070 (i.e. fatal, critical and serious " +"failures; corresponds to setting 2 in decimal notation)" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ldap-attributes</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ad</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +"condition=\"with_files_provider\"> <citerefentry> <refentrytitle>sssd-files</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, </phrase> <phrase " +"condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +"<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> " +"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> </phrase>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "Рақами UID" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:27 +msgid "%l" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "The first letter of the login name." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:32 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:35 +msgid "%o" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:37 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:44 +msgid "" +"The original home directory retrieved from the identity provider, but in " +"lower case." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:49 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:51 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:63 +msgid "This option can also be set per-domain." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:68 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:72 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:76 +msgid "" +"Please note, the home directory from a specific override for the user, " +"either locally (see <citerefentry><refentrytitle>sss_override</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry>) or centrally managed " +"IPA id-overrides, has a higher precedence and will be used instead of the " +"value given by override_homedir." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2 +msgid "MODIFIED DEFAULT OPTIONS" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ad_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and AD provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9 +msgid "KRB5 Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13 +msgid "krb5_validate = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:18 +msgid "krb5_use_enterprise_principal = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:24 +msgid "LDAP Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:28 +msgid "ldap_schema = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38 +msgid "ldap_force_upper_case_realm = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:38 +msgid "ldap_id_mapping = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSS-SPNEGO" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:48 +msgid "ldap_referrals = false" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58 +msgid "ldap_use_tokengroups = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:63 +msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:66 +msgid "" +"The AD provider looks for a different principal than the LDAP provider by " +"default, because in an Active Directory environment the principals are " +"divided into two groups - User Principals and Service Principals. Only User " +"Principal can be used to obtain a TGT and by default, computer object's " +"principal is constructed from its sAMAccountName and the AD realm. The well-" +"known host/hostname@REALM principal is a Service Principal and thus cannot " +"be used to get a TGT with." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:80 +msgid "NSS configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:84 +msgid "fallback_homedir = /home/%d/%u" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:87 +msgid "" +"The AD provider automatically sets \"fallback_homedir = /home/%d/%u\" to " +"provide personal home directories for users without the homeDirectory " +"attribute. If your AD Domain is properly populated with Posix attributes, " +"and you want to avoid this fallback behavior, you can explicitly set " +"\"fallback_homedir = %o\"." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:96 +msgid "" +"Note that the system typically expects a home directory in /home/%u folder. " +"If you decide to use a different directory structure, some other parts of " +"your system may need adjustments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:102 +msgid "" +"For example automated creation of home directories in combination with " +"selinux requires selinux adjustment, otherwise the home directory will be " +"created with wrong selinux context." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ipa_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and IPA provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:18 +msgid "krb5_use_fast = try" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:23 +msgid "krb5_canonicalize = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:29 +msgid "LDAP Provider - General" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:33 +msgid "ldap_schema = ipa_v1" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSSAPI" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:48 +msgid "ldap_sasl_minssf = 56" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ipa" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:64 +msgid "LDAP Provider - User options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:68 +msgid "ldap_user_member_of = memberOf" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:73 +msgid "ldap_user_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:78 +msgid "ldap_user_ssh_public_key = ipaSshPubKey" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:83 +msgid "ldap_user_auth_type = ipaUserAuthType" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:89 +msgid "LDAP Provider - Group options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:93 +msgid "ldap_group_object_class = ipaUserGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:98 +msgid "ldap_group_object_class_alt = posixGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:103 +msgid "ldap_group_member = member" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:108 +msgid "ldap_group_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:113 +msgid "ldap_group_objectsid = ipaNTSecurityIdentifier" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:118 +msgid "ldap_group_external_member = ipaExternalMember" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:3 +msgid "krb5_auth_timeout (integer)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:6 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:17 +msgid "krb5_validate (boolean)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:20 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:29 +msgid "Default: false (IPA and AD provider: true)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:32 +msgid "" +"Please note that the ticket validation is the first step when checking the " +"PAC (see 'pac_check' in the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page for " +"details). If ticket validation is disabled the PAC checks will be skipped as " +"well." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:44 +msgid "krb5_renewable_lifetime (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:47 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:52 include/krb5_options.xml:86 +#: include/krb5_options.xml:123 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:55 include/krb5_options.xml:89 +#: include/krb5_options.xml:126 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:58 include/krb5_options.xml:92 +#: include/krb5_options.xml:129 +msgid "<emphasis>h</emphasis> for hours" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:61 include/krb5_options.xml:95 +#: include/krb5_options.xml:132 +msgid "<emphasis>d</emphasis> for days." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:64 include/krb5_options.xml:135 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:68 include/krb5_options.xml:139 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:73 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:79 +msgid "krb5_lifetime (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:82 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:98 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:102 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:107 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:114 +msgid "krb5_renew_interval (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:117 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:144 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:157 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" diff --git a/src/man/po/uk.po b/src/man/po/uk.po new file mode 100644 index 0000000..d771cc8 --- /dev/null +++ b/src/man/po/uk.po @@ -0,0 +1,24824 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# sgallagh <sgallagh@redhat.com>, 2011 +# Yuri Chornoivan <yurchor@ukr.net>, 2011-2014 +# Yuri Chornoivan <yurchor@ukr.net>, 2013 +# Yuri Chornoivan <yurchor@ukr.net>, 2015. #zanata +# Yuri Chornoivan <yurchor@ukr.net>, 2017. #zanata +# Yuri Chornoivan <yurchor@ukr.net>, 2018. #zanata +# Yuri Chornoivan <yurchor@ukr.net>, 2019. #zanata +# Yuri Chornoivan <yurchor@ukr.net>, 2020. #zanata +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 2.3.0\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" +"PO-Revision-Date: 2022-12-13 18:20+0000\n" +"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n" +"Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/sssd/" +"sssd-manpage-master/uk/>\n" +"Language: uk\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && " +"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" +"X-Generator: Weblate 4.14.2\n" + +#. type: Content of: <reference><title> +#: sssd.conf.5.xml:8 sssd-ldap.5.xml:5 pam_sss.8.xml:5 pam_sss_gss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5 +#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 +#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sssd-krb5.5.xml:5 +#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5 +#: sssd-files.5.xml:5 sssd-session-recording.5.xml:5 sssd-kcm.8.xml:5 +#: sssd-systemtap.5.xml:5 sssd-ldap-attributes.5.xml:5 +#: sssd_krb5_localauth_plugin.8.xml:5 +msgid "SSSD Manual pages" +msgstr "Сторінки підручника SSSD" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:13 sssd.conf.5.xml:19 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:14 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 +#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +#: sssd-files.5.xml:11 sssd-session-recording.5.xml:11 sssd-systemtap.5.xml:11 +#: sssd-ldap-attributes.5.xml:11 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:15 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 +#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +#: sssd-files.5.xml:12 sssd-session-recording.5.xml:12 sssd-kcm.8.xml:12 +#: sssd-systemtap.5.xml:12 sssd-ldap-attributes.5.xml:12 +msgid "File Formats and Conventions" +msgstr "Формати файлів та правила" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:20 +msgid "the configuration file for SSSD" +msgstr "файл налаштування SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:24 +msgid "FILE FORMAT" +msgstr "ФОРМАТ ФАЙЛА" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:32 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" +"<replaceable>[розділ]</replaceable>\n" +"<replaceable>ключ</replaceable> = <replaceable>значення</replaceable>\n" +"<replaceable>ключ2</replaceable> = <replaceable>значення2,значення3</replaceable>\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:27 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Файл складено з використанням синтаксичний конструкцій у стилі ini, він " +"складається з розділів і окремих записів параметрів. Розділ починається з " +"рядка назви розділу у квадратних дужках і продовжується до початку нового " +"розділу. Приклад розділу з параметрами, які мають єдине і декілька значень: " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:39 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" +"Типами даних є рядок (без символів лапок), ціле число і булеве значення " +"(можливі два значення — <quote>TRUE</quote> і <quote>FALSE</quote>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:44 +msgid "" +"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" +"Рядок коментаря починається з символу решітки (<quote>#</quote>) або крапки " +"з комою (<quote>;</quote>). Підтримки вбудованих коментарів не передбачено." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:50 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" +"Для всіх розділів передбачено додатковий параметр <replaceable>description</" +"replaceable>. Його призначено лише для позначення розділу." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:56 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" +"<filename>sssd.conf</filename> має бути звичайним файлом, власником якого є " +"користувач root. Права на читання та запис до цього файла повинен мати лише " +"користувач root." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:62 +msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY" +msgstr "ФРАГМЕНТИ НАЛАШТУВАНЬ З КАТАЛОГУ ВКЛЮЧЕННЯ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:65 +msgid "" +"The configuration file <filename>sssd.conf</filename> will include " +"configuration snippets using the include directory <filename>conf.d</" +"filename>. This feature is available if SSSD was compiled with libini " +"version 1.3.0 or later." +msgstr "" +"До файла налаштувань <filename>sssd.conf</filename> буде включено фрагменти " +"налаштувань з каталогу <filename>conf.d</filename>. Цією можливістю можна " +"буде скористатися, якщо SSSD було зібрано із бібліотекою libini версії 1.3.0 " +"або новішою." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:72 +msgid "" +"Any file placed in <filename>conf.d</filename> that ends in " +"<quote><filename>.conf</filename></quote> and does not begin with a dot " +"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> " +"to configure SSSD." +msgstr "" +"Будь-який файл, розташований у <filename>conf.d</filename>, назва якого " +"завершується на <quote><filename>.conf</filename></quote> і не починається з " +"крапки (<quote>.</quote>), буде використано разом із <filename>sssd.conf</" +"filename> для налаштовування SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:80 +msgid "" +"The configuration snippets from <filename>conf.d</filename> have higher " +"priority than <filename>sssd.conf</filename> and will override " +"<filename>sssd.conf</filename> when conflicts occur. If several snippets are " +"present in <filename>conf.d</filename>, then they are included in " +"alphabetical order (based on locale). Files included later have higher " +"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, " +"<filename>02_snippet.conf</filename> etc.) can help visualize the priority " +"(higher number means higher priority)." +msgstr "" +"Фрагменти налаштувань з <filename>conf.d</filename> мають вищий пріоритет за " +"<filename>sssd.conf</filename>, вони мають вищий пріоритет за <filename>sssd." +"conf</filename>, якщо виникне конфлікт. Якщо у <filename>conf.d</filename> " +"буде виявлено декілька фрагментів, їх буде включено за абеткою (на основі " +"параметрів локалі). Файли, які включаються пізніше, мають вищий пріоритет. " +"Числові префікси (<filename>01_фрагмент.conf</filename>, " +"<filename>02_фрагмент.conf</filename> тощо) можуть допомогти у візуалізації " +"пріоритетності (більше число означає вищу пріоритетність)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:94 +msgid "" +"The snippet files require the same owner and permissions as <filename>sssd." +"conf</filename>. Which are by default root:root and 0600." +msgstr "" +"Файли фрагментів мають належати одному користувачеві і мати однакові права " +"доступу із файлом <filename>sssd.conf</filename>. Типовим власником є root:" +"root, а типовими правами доступу — 0600." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:101 +msgid "GENERAL OPTIONS" +msgstr "ЗАГАЛЬНІ ПАРАМЕТРИ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:103 +msgid "Following options are usable in more than one configuration sections." +msgstr "" +"Нижче наведено параметри, які можна використовувати у декількох розділах " +"налаштувань." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:107 +msgid "Options usable in all sections" +msgstr "Параметри, які можна використовувати у всіх розділах" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:111 +msgid "debug_level (integer)" +msgstr "debug_level (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:115 +msgid "debug (integer)" +msgstr "debug (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:118 +msgid "" +"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias " +"for <replaceable>debug_level</replaceable> as a convenience feature. If both " +"are specified, the value of <replaceable>debug_level</replaceable> will be " +"used." +msgstr "" +"У SSSD 1.14 і новіших версіях з міркувань зручності також передбачено " +"альтернативний варіант <replaceable>debug</replaceable> для " +"<replaceable>debug_level</replaceable>. Якщо вказано одразу обидва варіанти, " +"буде використано варіант <replaceable>debug_level</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:128 +msgid "debug_timestamps (bool)" +msgstr "debug_timestamps (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:131 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" +"Додати часову позначку до діагностичних повідомлень. Якщо для запису " +"діагностичного журналу у SSSD увімкнено journald, цей параметр буде " +"проігноровано." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 +msgid "Default: true" +msgstr "Типове значення: true" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:141 +msgid "debug_microseconds (bool)" +msgstr "debug_microseconds (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:144 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" +"Додати значення мікросекунд до часової позначки у діагностичних " +"повідомлення. Якщо для запису діагностичного журналу у SSSD увімкнено " +"journald, цей параметр буде проігноровано." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 +#: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 +#: include/krb5_options.xml:163 +msgid "Default: false" +msgstr "Типове значення: false" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:154 +msgid "debug_backtrace_enabled (bool)" +msgstr "debug_backtrace_enabled (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:157 +msgid "Enable debug backtrace." +msgstr "Увімкнути діагностичне зворотне трасування." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:160 +msgid "" +"In case SSSD is run with debug_level less than 9, everything is logged to a " +"ring buffer in memory and flushed to a log file on any error up to and " +"including `min(0x0040, debug_level)` (i.e. if debug_level is explicitly set " +"to 0 or 1 then only those error levels will trigger backtrace, otherwise up " +"to 2)." +msgstr "" +"Якщо SSSD запущено із debug_level меншим за 9, увесь журнал роботи буде " +"записано у кільцевий буфер у пам'яті і скинуто до файла журналу при " +"виявленні будь-якої помилки до рівня `min(0x0040, debug_level)` включно " +"(тобто якщо debug_level явним чином встановлено у значення 0 або 1, лише " +"помилки відповідних рівнів вмикатимуть зворотне трасування, інакше кажучи, " +"помилки рівнів до 2)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:169 +msgid "" +"Feature is only supported for `logger == files` (i.e. setting doesn't have " +"effect for other logger types)." +msgstr "" +"Підтримку цієї можливості передбачено лише для `logger == files` (тобто, " +"встановлення цього значення не впливає на інші типи журналювання)." + +#. type: Content of: outside any tag (error?) +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 +#: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 +#: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 +#: sssd-ldap-attributes.5.xml:890 sssd-ldap-attributes.5.xml:987 +#: sssd-ldap-attributes.5.xml:1045 sssd-ldap-attributes.5.xml:1203 +#: sssd-ldap-attributes.5.xml:1248 include/autofs_attributes.xml:1 +#: include/krb5_options.xml:1 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:182 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "Параметри які можна використовувати у розділах SERVICE та DOMAIN" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:186 +msgid "timeout (integer)" +msgstr "timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:189 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests. Note " +"that after three missed heartbeats the process will terminate itself." +msgstr "" +"Проміжок у секундах між циклами роботи цієї служби. Використовується для " +"перевірки працездатності процесу та його змоги відповідати на запити. " +"Зауважте, що після трьох пропущених циклів процес перерве своє виконання " +"самостійно." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +msgid "Default: 10" +msgstr "Типове значення: 10" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:206 +msgid "SPECIAL SECTIONS" +msgstr "ОСОБЛИВІ РОЗДІЛИ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:209 +msgid "The [sssd] section" +msgstr "Розділ [sssd]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><title> +#: sssd.conf.5.xml:218 +msgid "Section parameters" +msgstr "Параметри розділу" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:220 +msgid "config_file_version (integer)" +msgstr "config_file_version (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:223 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" +"Визначає версію синтаксичних конструкцій файла налаштування. Для версій SSSD " +"0.6.0 та пізніших слід використовувати версію 2." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:229 +msgid "services" +msgstr "services" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:232 +msgid "" +"Comma separated list of services that are started when sssd itself starts. " +"<phrase condition=\"have_systemd\"> The services' list is optional on " +"platforms where systemd is supported, as they will either be socket or D-Bus " +"activated when needed. </phrase>" +msgstr "" +"Список служб, відокремлених комами, які запускаються разом із sssd. <phrase " +"condition=\"have_systemd\">Список служб є необов'язковим на платформах, де " +"передбачено підтримку systemd, оскільки там такі служби вмикаються за " +"допомогою сокетів або D-Bus.</phrase>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:241 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" +msgstr "" +"Підтримувані служби: nss, pam <phrase condition=\"with_sudo\">, sudo</" +"phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:249 +msgid "" +"<phrase condition=\"have_systemd\"> By default, all services are disabled " +"and the administrator must enable the ones allowed to be used by executing: " +"\"systemctl enable sssd-@service@.socket\". </phrase>" +msgstr "" +"<phrase condition=\"have_systemd\">Типово усі служби вимкнено. Адміністратор " +"має увімкнути дозволені до використання служби за допомогою такої команди: " +"\"systemctl enable sssd-@service@.socket\". </phrase>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 +msgid "reconnection_retries (integer)" +msgstr "reconnection_retries (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" +"Кількість повторних спроб встановлення зв’язку зі службами або їх " +"перезапуску у разі аварійного завершення роботи інструменту надання даних до " +"визнання подальших спроб безнадійними." + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 +#: include/failover.xml:100 +msgid "Default: 3" +msgstr "Типове значення: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:271 +msgid "domains" +msgstr "domains" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:274 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter describes the list of domains in the order you want " +"them to be queried. A domain name is recommended to contain only " +"alphanumeric ASCII characters, dashes, dots and underscores. '/' character " +"is forbidden." +msgstr "" +"Домен — це база даних, у якій містяться дані щодо користувачів. SSSD може " +"одночасно використовувати декілька доменів. Вам слід вказати принаймні один " +"домен, інакше SSSD просто не запуститься. За допомогою цього параметра можна " +"вказати список доменів, впорядкованих за пріоритетністю під час надсилання " +"до них запитів щодо даних. Рекомендовано використовувати у назві домену лише " +"літери і цифри ASCII, дефіси, крапки та знаки підкреслювання. Не можна " +"використовувати символ «/»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 +msgid "re_expression (string)" +msgstr "re_expression (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:290 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" +"Типовий формальний вираз, який описує спосіб поділу рядка з іменем " +"користувача і доменом на його частини." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:295 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN SECTIONS " +"for more info on these regular expressions." +msgstr "" +"Для кожного з доменів можна налаштувати окремий формальний вираз. Для деяких " +"з засобів надання ідентифікаторів передбачено типові формальні вирази. " +"Докладніше про ці формальні вирази можна дізнатися з довідки до РОЗДІЛІВ " +"ДОМЕНІВ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 +msgid "full_name_format (string)" +msgstr "full_name_format (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" +"Сумісний з <citerefentry> <refentrytitle>printf</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> формат, який описує спосіб " +"створення повного імені на основі імені користувача та компонентів назви " +"домену." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 +msgid "%1$s" +msgstr "%1$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 +msgid "user name" +msgstr "ім’я користувача" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 +msgid "%2$s" +msgstr "%2$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 +msgid "domain name as specified in the SSSD config file." +msgstr "назва домену у форматі, вказаному у файлі налаштувань SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 +msgid "%3$s" +msgstr "%3$s" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" +"проста назва домену. Здебільшого використовується для доменів Active " +"Directory, налаштованих та автоматично виявлених за зв’язками довіри IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"Передбачено використання таких замінників: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:344 +msgid "" +"Each domain can have an individual format string configured. See DOMAIN " +"SECTIONS for more info on this option." +msgstr "" +"Для кожного з доменів можна налаштувати окремий рядок формату. Докладніше " +"про ці рядки можна дізнатися з довідки до РОЗДІЛІВ ДОМЕНІВ." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:350 +msgid "monitor_resolv_conf (boolean)" +msgstr "monitor_resolv_conf (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:353 +msgid "" +"Controls if SSSD should monitor the state of resolv.conf to identify when it " +"needs to update its internal DNS resolver." +msgstr "" +"Керує тим, чи SSSD має спостерігати за станом resolv.conf для визначення " +"моменту, коли слід оновити дані вбудованого інструмента визначення DNS." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:363 +msgid "try_inotify (boolean)" +msgstr "try_inotify (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:366 +msgid "" +"By default, SSSD will attempt to use inotify to monitor configuration files " +"changes and will fall back to polling every five seconds if inotify cannot " +"be used." +msgstr "" +"Типово, з метою спостереження за змінами у файлах налаштувань SSSD " +"намагається використати inotify. Якщо використати inotify не вдається, " +"виконуватиметься опитування resolv.conf кожні п’ять секунд." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" +"Зрідка бажано не вдаватися навіть до спроб скористатися inotify. У цих " +"рідкісних випадках слід встановити для цього параметра значення «false»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:378 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" +"Типове значення: «true» на платформах, де підтримується inotify. «false» на " +"інших платформах." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:382 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" +"Зауваження: цей параметр ні на що не вплине на платформах, де inotify " +"недоступний. На цих платформах завжди використовуватиметься безпосереднє " +"опитування файла." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:389 +msgid "krb5_rcache_dir (string)" +msgstr "krb5_rcache_dir (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" +"Каталог у файловій системі, де SSSD має зберігати файли кешу відтворення " +"Kerberos." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:396 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" +"Цей параметр приймає особливе значення __LIBKRB5_DEFAULTS__, за допомогою " +"якого можна наказати SSSD надати змогу libkrb5 визначити відповідну адресу " +"для кешу відтворення." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:402 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" +"Типове значення: визначається дистрибутивом та вказується під час збирання. " +"(__LIBKRB5_DEFAULTS__, якщо не вказано)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:409 +msgid "user (string)" +msgstr "user (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:412 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user. Currently the only supported value is '&sssd_user_name;'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:419 +#, fuzzy +#| msgid "" +#| "The user to drop the privileges to where appropriate to avoid running as " +#| "the root user. <phrase condition=\"have_systemd\"> This option does not " +#| "work when running socket-activated services, as the user set up to run " +#| "the processes is set up during compilation time. The way to override the " +#| "systemd unit files is by creating the appropriate files in /etc/systemd/" +#| "system/. Keep in mind that any change in the socket user, group or " +#| "permissions may result in a non-usable SSSD. The same may occur in case " +#| "of changes of the user running the NSS responder. </phrase>" +msgid "" +"This option does not work when running socket-activated services, as the " +"user set up to run the processes is set up during compilation time. The way " +"to override the systemd unit files is by creating the appropriate files in /" +"etc/systemd/system/. Keep in mind that any change in the socket user, group " +"or permissions may result in a non-usable SSSD. The same may occur in case " +"of changes of the user running the NSS responder." +msgstr "" +"Користувач, до якого слід скинути права доступу, якщо це потрібно для " +"уникнення запуску від імені користувача root. <phrase " +"condition=\"have_systemd\"> Цей параметр не спрацює, якщо запущено служби, " +"які активуються сокетами, оскільки ім'я користувача для запуску " +"налаштовується під час збирання. Параметри файлів модулів systemd можна " +"перевизначити створенням відповідних файлів у /etc/systemd/system/. Слід " +"пам'ятати, щоб будь-які зміни у параметрах користувача, групи чи прав " +"доступу можуть призвести до непрацездатності SSSD. Те саме може статися, " +"якщо змінити користувача, від імені якого запущено відповідач NSS. </phrase>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:433 +msgid "Default: not set, process will run as root" +msgstr "Типове значення: не встановлено, процес буде запущено від імені root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:438 +msgid "default_domain_suffix (string)" +msgstr "default_domain_suffix (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:441 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" +"Цей рядок буде використано як типову назву домену для всіх назв без " +"компонента назви домену. Основним призначенням використання цього рядка є " +"середовища, де основний домен призначено для керування правилами вузлів та " +"всіма користувачами, розташованими на надійному (довіреному) домені. За " +"допомогою цього параметра користувачі можуть входити до системи за допомогою " +"лише імені користувача без додавання до нього назви домену." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:451 +#, fuzzy +#| msgid "" +#| "Please note that if this option is set all users from the primary domain " +#| "have to use their fully qualified name, e.g. user@domain.name, to log in. " +#| "Setting this option changes default of use_fully_qualified_names to True. " +#| "It is not allowed to use this option together with " +#| "use_fully_qualified_names set to False. One exception from this rule are " +#| "domains with <quote>id_provider=files</quote> that always try to match " +#| "the behaviour of nss_files and therefore their output is not qualified " +#| "even when the default_domain_suffix option is used." +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False. <phrase condition=\"with_files_provider\"> One exception from " +"this rule are domains with <quote>id_provider=files</quote> that always try " +"to match the behaviour of nss_files and therefore their output is not " +"qualified even when the default_domain_suffix option is used. </phrase>" +msgstr "" +"Будь ласка, зауважте, що якщо встановлено цей параметр, для входу до системи " +"усім користувачам із основного домену доведеться використовувати повне ім'я " +"користувача — користувач@назва.домену. Встановлення цього параметра змінює " +"типове значення параметра use_fully_qualified_names на True. Цей параметр не " +"можна використовувати у поєднанні із встановленням для параметра " +"use_fully_qualified_names значення False. Єдиним виключенням з цього правила " +"є домени із <quote>id_provider=files</quote>, для яких завжди виконується " +"спроба встановлення поведінки, як відповідає nss_files, а отже, виведені " +"імена для них не будуть повними, навіть якщо використано параметр " +"default_domain_suffix." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 +#: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 +#: include/krb5_options.xml:148 +msgid "Default: not set" +msgstr "Типове значення: not set" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:473 +msgid "override_space (string)" +msgstr "override_space (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:476 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" +"За допомогою цього параметра можна змінити пробіли у іменах користувачів та " +"назвах груп вказаним симовлом, наприклад _. Ім’я користувача «john doe» буде " +"перетворено на «john_doe». Цю можливість було додано для сумісності із " +"скриптами командної оболонки, у яких виникають проблеми із обробкою пробілів " +"через типовий роздільник полів у оболонці." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:485 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" +"Будь ласка, зауважте, що використання символу-замінника, який може бути " +"використано у іменах користувачів і назвах груп, є помилкою у налаштуваннях. " +"Якщо назва містить символ-замінник, SSSD спробує повернути незмінену назву, " +"але, загалом, результат пошуку буде невизначеним." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "Default: not set (spaces will not be replaced)" +msgstr "Типове значення: не встановлено (пробіли не замінятимуться)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:498 +msgid "certificate_verification (string)" +msgstr "certificate_verification (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:506 +msgid "no_ocsp" +msgstr "no_ocsp" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:508 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" +"Вимикає перевірки протоколу стану мережевої сертифікації (Online Certificate " +"Status Protocol або OCSP). Це може знадобитися, якщо сервери OCSP, визначені " +"у сертифікаті, є недоступними з клієнта." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:516 +msgid "soft_ocsp" +msgstr "soft_ocsp" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:518 +msgid "" +"If a connection cannot be established to an OCSP responder the OCSP check is " +"skipped. This option should be used to allow authentication when the system " +"is offline and the OCSP responder cannot be reached." +msgstr "" +"Якщо не вдасться встановити з'єднання із відповідачем OCSP, перевірку OCSP " +"буде пропущено. Цим параметром слід користуватися для того, щоб дозволити " +"розпізнавання тоді, коли система працює автономно, отже відповідач OCSP є " +"недоступним." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:528 +msgid "ocsp_dgst" +msgstr "ocsp_dgst" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "" +"Digest (hash) function used to create the certificate ID for the OCSP " +"request. Allowed values are:" +msgstr "" +"Функція обчислення контрольної суми (хешу), яку буде використано для " +"створення ідентифікатора сертифіката для запиту OCSP. Можливі значення:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:534 +msgid "sha1" +msgstr "sha1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:535 +msgid "sha256" +msgstr "sha256" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:536 +msgid "sha384" +msgstr "sha384" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:537 +msgid "sha512" +msgstr "sha512" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:540 +msgid "Default: sha1 (to allow compatibility with RFC5019-compliant responder)" +msgstr "" +"Типове значення: sha1 (для уможливлення сумісності із відповідачем, який є " +"сумісним із RFC5019)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:546 +msgid "no_verification" +msgstr "no_verification" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:548 +msgid "" +"Disables verification completely. This option should only be used for " +"testing." +msgstr "" +"Повністю вимикає перевірку. Цим варіантом слід користуватися лише для " +"тестування." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "partial_chain" +msgstr "partial_chain" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:556 +msgid "" +"Allow verification to succeed even if a <replaceable>complete</replaceable> " +"chain cannot be built to a self-signed trust-anchor, provided it is possible " +"to construct a chain to a trusted certificate that might not be self-signed." +msgstr "" +"Уможливити успішну перевірку, навіть якщо не вдасться побудувати " +"<replaceable>повний</replaceable> ланцюжок до самопідписаної прив'язки " +"довіри, якщо можна побудувати ланцюжок до довіреного сертифіката, який може " +"бути не самопідписаним." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:565 +msgid "ocsp_default_responder=URL" +msgstr "ocsp_default_responder=URL" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:567 +msgid "" +"Sets the OCSP default responder which should be used instead of the one " +"mentioned in the certificate. URL must be replaced with the URL of the OCSP " +"default responder e.g. http://example.com:80/ocsp." +msgstr "" +"Встановлює типовий відповідач OCSP, який слід використовувати замість " +"визначеного у сертифікаті. Адресу слід замінити адресою типового " +"відповідача, наприклад http://example.com:80/ocsp." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:577 +msgid "ocsp_default_responder_signing_cert=NAME" +msgstr "ocsp_default_responder_signing_cert=НАЗВА" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:579 +msgid "" +"This option is currently ignored. All needed certificates must be available " +"in the PEM file given by pam_cert_db_path." +msgstr "" +"У поточній версії програма ігнорує цей параметр. Усі потрібні сертифікати " +"мають бути у файлі PEM, який вказано параметром pam_cert_db_path." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:587 +msgid "crl_file=/PATH/TO/CRL/FILE" +msgstr "crl_file=/ШЛЯХ/ДО/ФАЙЛА/CRL" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:589 +msgid "" +"Use the Certificate Revocation List (CRL) from the given file during the " +"verification of the certificate. The CRL must be given in PEM format, see " +"<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</" +"manvolnum> </citerefentry> for details." +msgstr "" +"Використовувати список відкликання сертифікатів (CRL) з вказаного файла під " +"час перевірки сертифіката. CRL має бути вказано у форматі PEM, див. " +"<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</" +"manvolnum> </citerefentry>, щоб дізнатися більше." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:602 +msgid "soft_crl" +msgstr "soft_crl" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:605 +msgid "" +"If a Certificate Revocation List (CRL) is expired ignore the CRL checks for " +"the related certificates. This option should be used to allow authentication " +"when the system is offline and the CRL cannot be renewed." +msgstr "" +"Якщо строк дії списку відкликання сертифікатів (CRL) вичерпано, перевірки " +"CRL для відповідних сертифікатів буде проігноровано. Цим параметром слід " +"користуватися для уможливлення розпізнавання у системах, які працюють у " +"автономному режимі, коли оновлення CRL є неможливим." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"За допомогою цього параметра можна виконати тонке налаштовування перевірки " +"сертифікатів на основі списку параметрів, відокремлених комами. Підтримувані " +"параметри: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:616 +msgid "Unknown options are reported but ignored." +msgstr "" +"Обробник параметрів повідомлятиме про невідомі параметри і просто " +"ігноруватиме їх." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:619 +msgid "Default: not set, i.e. do not restrict certificate verification" +msgstr "" +"Типове значення: не встановлено, тобто перевірка сертифікатів нічим не " +"обмежуватиметься" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:625 +msgid "disable_netlink (boolean)" +msgstr "disable_netlink (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "" +"SSSD hooks into the netlink interface to monitor changes to routes, " +"addresses, links and trigger certain actions." +msgstr "" +"Перехоплювачі SSSD у інтерфейсі netlink для стеження за змінами у маршрутах, " +"адресах, посилання та виконання певних дій." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:633 +msgid "" +"The SSSD state changes caused by netlink events may be undesirable and can " +"be disabled by setting this option to 'true'" +msgstr "" +"Зміни стану SSSD, спричинені подіями netlink, можуть бути небажаними, їх " +"можна вимкнути встановленням для цього параметра значення «true»" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:638 +msgid "Default: false (netlink changes are detected)" +msgstr "Типове значення: false (виявлення змін у netlink)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:643 +msgid "enable_files_domain (boolean)" +msgstr "enable_files_domain (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:646 +msgid "" +"When this option is enabled, SSSD prepends an implicit domain with " +"<quote>id_provider=files</quote> before any explicitly configured domains." +msgstr "" +"Якщо цю можливість увімкнено, SSSD дописуватиме неявний домен із " +"<quote>id_provider=files</quote> до усіх явним чином налаштованих доменів." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:657 +msgid "domain_resolution_order" +msgstr "domain_resolution_order" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:660 +msgid "" +"Comma separated list of domains and subdomains representing the lookup order " +"that will be followed. The list doesn't have to include all possible " +"domains as the missing domains will be looked up based on the order they're " +"presented in the <quote>domains</quote> configuration option. The " +"subdomains which are not listed as part of <quote>lookup_order</quote> will " +"be looked up in a random order for each parent domain." +msgstr "" +"Список доменів і піддоменів, відокремлених комами, який визначає порядок " +"пошуку, який використовуватиметься. Список не обов'язково включатиме усі " +"можливі домени, оскільки пошук у пропущених доменах відбуватиметься у " +"порядку, у якому їх вказано у параметрі налаштування <quote>domains</quote>. " +"Пошук у піддоменах, яких немає у списку <quote>lookup_order</quote>, " +"відбуватиметься у випадковому порядку для кожного батьківського домену." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:672 +#, fuzzy +#| msgid "" +#| "Please, note that when this option is set the output format of all " +#| "commands is always fully-qualified even when using short names for input, " +#| "for all users but the ones managed by the files provider. In case the " +#| "administrator wants the output not fully-qualified, the full_name_format " +#| "option can be used as shown below: <quote>full_name_format=%1$s</quote> " +#| "However, keep in mind that during login, login applications often " +#| "canonicalize the username by calling <citerefentry> " +#| "<refentrytitle>getpwnam</refentrytitle> <manvolnum>3</manvolnum> </" +#| "citerefentry> which, if a shortname is returned for a qualified input " +#| "(while trying to reach a user which exists in multiple domains) might re-" +#| "route the login attempt into the domain which uses shortnames, making " +#| "this workaround totally not recommended in cases where usernames may " +#| "overlap between domains." +msgid "" +"Please, note that when this option is set the output format of all commands " +"is always fully-qualified even when using short names for input <phrase " +"condition=\"with_files_provider\"> , for all users but the ones managed by " +"the files provider </phrase>. In case the administrator wants the output " +"not fully-qualified, the full_name_format option can be used as shown below: " +"<quote>full_name_format=%1$s</quote> However, keep in mind that during " +"login, login applications often canonicalize the username by calling " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> which, if a shortname is returned for a qualified " +"input (while trying to reach a user which exists in multiple domains) might " +"re-route the login attempt into the domain which uses shortnames, making " +"this workaround totally not recommended in cases where usernames may overlap " +"between domains." +msgstr "" +"Будь ласка, зауважте, що якщо встановлено цей параметр, для виведення даних " +"усіма командами використовуватиметься повний формат, навіть якщо у вхідних " +"даних були скорочені назви для усіх користувачів, окрім тих, які керуються " +"засобом надання даних файлів. Якщо адміністратору потрібні скорочені дані у " +"виведенні, параметр full_name_format можна використати так: " +"<quote>full_name_format=%1$s</quote> Втім, слід пам'ятати, що під час входу " +"до облікового запису програми часто перетворюють ім'я користувача до " +"канонічної форми, викликаючи програму <citerefentry> " +"<refentrytitle>getpwnam</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>, яка, якщо повернуто скорочену назву для повних вхідних даних " +"(під час спроби обробки даних користувача, запис якого існує у декількох " +"доменах) може переспрямувати спробу входу до домену, де використовуються " +"скорочені назви, і знівелює цей обхідний маневр, якщо імена користувачів у " +"різних доменах можуть бути однаковими." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 +#: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 +msgid "Default: Not set" +msgstr "Типове значення: не встановлено" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:705 +msgid "implicit_pac_responder (boolean)" +msgstr "implicit_pac_responder (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:708 +msgid "" +"The PAC responder is enabled automatically for the IPA and AD provider to " +"evaluate and check the PAC. If it has to be disabled set this option to " +"'false'." +msgstr "" +"Відповідач PAC буде автоматично увімкнено для надавачів IPA і AD для " +"обчислення і перевірки PAC. Якщо відповідач слід вимкнути, встановіть для " +"цього параметра значення «false»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:719 +msgid "core_dumpable (boolean)" +msgstr "core_dumpable (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:722 +msgid "" +"This option can be used for general system hardening: setting it to 'false' " +"forbids core dumps for all SSSD processes to avoid leaking plain text " +"passwords. See man page prctl:PR_SET_DUMPABLE for details." +msgstr "" +"Цим параметром можна скористатися для загального забезпечення стійкості " +"системи: встановлення значення «false» забороняє дампи ядра для усіх " +"процесів SSSD з метою уникнення витоку паролів у форматі нешифрованого " +"тексту. Див. сторінку підручника щодо prctl:PR_SET_DUMPABLE, щоб дізнатися " +"більше." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:734 +#, fuzzy +#| msgid "pam_cert_verification (string)" +msgid "passkey_verification (string)" +msgstr "pam_cert_verification (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +#, fuzzy +#| msgid "pam_cert_verification (string)" +msgid "user_verification (boolean)" +msgstr "pam_cert_verification (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:744 +msgid "" +"Enable or disable the user verification (i.e. PIN, fingerprint) during " +"authentication. If enabled, the PIN will always be requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:750 +msgid "" +"The default is that the key settings decide what to do. In the IPA or " +"kerberos pre-authentication case, this value will be overwritten by the " +"server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +#, fuzzy +#| msgid "" +#| "With this parameter the certificate verification can be tuned with a " +#| "comma separated list of options. Supported options are: <placeholder " +#| "type=\"variablelist\" id=\"0\"/>" +msgid "" +"With this parameter the passkey verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"За допомогою цього параметра можна виконати тонке налаштовування перевірки " +"сертифікатів на основі списку параметрів, відокремлених комами. Підтримувані " +"параметри: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:211 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Окремі функції у SSSD виконуються особливими службами SSSD, які запускаються " +"і зупиняються разом SSSD. Ці служби керуються окремою службою, яку часто " +"називають «монітором». Розділ <quote>[sssd]</quote> використовується для " +"налаштування монітора та деяких інших важливих параметрів, зокрема доменів " +"профілів. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:769 +msgid "SERVICES SECTIONS" +msgstr "РОЗДІЛИ СЛУЖБ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:771 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" +"У цьому розділі описано параметри, якими можна скористатися для налаштування " +"різноманітних служб. Ці параметри має бути зібрано у розділах з назвами " +"[<replaceable>$NAME</replaceable>]. Наприклад, параметри служби NSS зібрано " +"у розділі <quote>[nss]</quote>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:778 +msgid "General service configuration options" +msgstr "Загальні параметри налаштування служб" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:780 +msgid "These options can be used to configure any service." +msgstr "Цими параметрами можна скористатися для налаштування будь-яких служб." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:797 +msgid "fd_limit" +msgstr "fd_limit" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:800 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" +"За допомогою цього параметра можна визначити максимальну кількість " +"дескрипторів файлів, які одночасно може бути відкрито цим процесом SSSD. У " +"системах, де SSSD надано можливості CAP_SYS_RESOURCE, цей параметр " +"використовуватиметься незалежно від інших параметрів системи. У системах без " +"цієї можливості, кількість дескрипторів визначатиметься найменшим зі значень " +"цього параметра і обмеженням \"hard\" у limits.conf." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "Типове значення: 8192 (або обмеження у limits.conf \"hard\")" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:814 +msgid "client_idle_timeout" +msgstr "client_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:817 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system. The timeout " +"can't be shorter than 10 seconds. If a lower value is configured, it will be " +"adjusted to 10 seconds." +msgstr "" +"За допомогою цього параметра можна визначити кількість секунд, протягом яких " +"клієнтська частина SSSD може утримувати дескриптор файла без здійснення за " +"його допомогою обміну даними. Таке обмеження потрібне для того, щоб уникнути " +"вичерпання ресурсів системи. Час очікування не може бути меншим за 10 " +"секунд. Якщо у налаштуваннях вказано менше значення, його буде скориговано " +"до 10 секунд." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +msgid "Default: 60, KCM: 300" +msgstr "Типове значення: 60, KCM: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:831 +msgid "offline_timeout (integer)" +msgstr "offline_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:834 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. By " +"default SSSD uses incremental behaviour to calculate delay in between " +"retries. So, the wait time for a given retry will be longer than the wait " +"time for the previous ones. After each unsuccessful attempt to go online, " +"the new interval is recalculated by the following:" +msgstr "" +"Коли SSSD перемикається на автономний режим роботи, час, який має минути, " +"перш ніж буде здійснено спробу повернутися до режиму у мережі, " +"збільшуватиметься, відповідно до часу, проведеного у режимі від’єднання. " +"Типово, SSSD використовує нарощувальну поведінку для обчислення затримки між " +"повторними спробами. Тому час очікування для повторної спроби буде довшим за " +"час очікування попередньої спроби. Після кожної невдалої спроби з'єднатися " +"із мережею нове значення обчислюється за такою формулою:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 +msgid "" +"new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." +"offline_timeout_random_offset]" +msgstr "" +"new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." +"offline_timeout_random_offset]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:848 +msgid "" +"The offline_timeout default value is 60. The offline_timeout_max default " +"value is 3600. The offline_timeout_random_offset default value is 30. The " +"end result is amount of seconds before next retry." +msgstr "" +"Типовим значенням offline_timeout є 60. Типовим значенням " +"offline_timeout_max є 3600. Типовим значенням offline_timeout_random_offset " +"є 30. Кінцевий результат є кількістю секунд до наступної повторної спроби." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:854 +msgid "" +"Note that the maximum length of each interval is defined by " +"offline_timeout_max (apart of random part)." +msgstr "" +"Зауважте, що максимальна тривалість кожного з інтервалів визначається " +"offline_timeout_max (окрім випадкової частини)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 +msgid "Default: 60" +msgstr "Типове значення: 60" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:863 +msgid "offline_timeout_max (integer)" +msgstr "offline_timeout_max (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:866 +msgid "" +"Controls by how much the time between attempts to go online can be " +"incremented following unsuccessful attempts to go online." +msgstr "" +"Керує тим, на скільки можна збільшувати проміжок часу між спробами відновити " +"з'єднання із мережею після неуспішних спроби відновити з'єднання." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:871 +msgid "A value of 0 disables the incrementing behaviour." +msgstr "Значення 0 вимикає збільшення проміжку часу." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:874 +msgid "" +"The value of this parameter should be set in correlation to offline_timeout " +"parameter value." +msgstr "" +"Значення цього параметра слід встановлювати у поєднанні зі значенням " +"параметра offline_timeout." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "" +"With offline_timeout set to 60 (default value) there is no point in setting " +"offlinet_timeout_max to less than 120 as it will saturate instantly. General " +"rule here should be to set offline_timeout_max to at least 4 times " +"offline_timeout." +msgstr "" +"Якщо для offline_timeout встановлено значення 60 (типове значення), немає " +"сенсу встановлювати для offlinet_timeout_max значення, яке є меншим за 120, " +"оскільки перший же крок збільшення призведе до перевищення максимального " +"значення. Загальним правилом у цьому випадку має бути встановлення значення " +"offline_timeout_max, яке є принаймні учетверо більшим за offline_timeout." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "" +"Although a value between 0 and offline_timeout may be specified, it has the " +"effect of overriding the offline_timeout value so is of little use." +msgstr "" +"Хоча можна вказати будь-яке значення від 0 до offline_timeout, результатом " +"стане перевизначення значення offline_timeout, тому не варто цього робити." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:889 +msgid "Default: 3600" +msgstr "Типове значення: 3600" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:894 +msgid "offline_timeout_random_offset (integer)" +msgstr "offline_timeout_random_offset (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:897 +msgid "" +"When SSSD is in offline mode it keeps probing backend servers in specified " +"time intervals:" +msgstr "" +"Якщо SSSD працює в автономному режимі, програма виконує зондування серверів-" +"обробників із вказаними інтервалами часу:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:904 +msgid "" +"This parameter controls the value of the random offset used for the above " +"equation. Final random_offset value will be random number in range:" +msgstr "" +"Цей параметр керує значенням випадкового зсуву, яке буде використано у " +"наведеному вище рівнянні. Остаточне значення random_offset буде випадковим " +"числом у такому діапазоні:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "[0 - offline_timeout_random_offset]" +msgstr "[0 - offline_timeout_random_offset]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:912 +msgid "A value of 0 disables the random offset addition." +msgstr "Значення 0 призводить до вимикання додавання випадкового зсуву." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:915 +msgid "Default: 30" +msgstr "Типове значення: 30" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:920 +msgid "responder_idle_timeout" +msgstr "responder_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:923 +msgid "" +"This option specifies the number of seconds that an SSSD responder process " +"can be up without being used. This value is limited in order to avoid " +"resource exhaustion on the system. The minimum acceptable value for this " +"option is 60 seconds. Setting this option to 0 (zero) means that no timeout " +"will be set up to the responder. This option only has effect when SSSD is " +"built with systemd support and when services are either socket or D-Bus " +"activated." +msgstr "" +"Цей параметр визначає кількість секунд, протягом яких процес відповідача " +"SSSD може працювати без використання. Це значення обмежено з метою уникнення " +"вичерпання ресурсів системи. Мінімальним прийнятним значенням для цього " +"параметра є 60 секунд. Встановлення для цього параметра значення 0 (нуль) " +"означає, що для відповідача не встановлюватиметься ніякого часу очікування. " +"Цей параметр враховуватиметься, лише якщо SSSD зібрано з підтримкою systemd " +"і якщо служби активуються за допомогою або сокетів або D-Bus." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 +msgid "Default: 300" +msgstr "Типове значення: 300" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:942 +msgid "cache_first" +msgstr "cache_first" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 +msgid "" +"This option specifies whether the responder should query all caches before " +"querying the Data Providers." +msgstr "" +"Цей параметр визначає, чи слід відповідачеві опитати усі кеші до надсилання " +"запису до модулів засобів надання даних." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:960 +msgid "NSS configuration options" +msgstr "Параметри налаштування NSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:962 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" +"Цими параметрами можна скористатися для налаштування служби Name Service " +"Switch (NSS або перемикання служби визначення назв)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:967 +msgid "enum_cache_timeout (integer)" +msgstr "enum_cache_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:970 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" +"Тривалість зберігання переліків (запитів щодо даних всіх користувачів) у " +"кеші nss_sss у секундах" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:974 +msgid "Default: 120" +msgstr "Типове значення: 120" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:979 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "entry_cache_nowait_percentage (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:982 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" +"Можна встановити кеш записів для автоматичного оновлення записів у фоновому " +"режимі, якщо запит щодо них надходить у визначений у відсотках від " +"entry_cache_timeout для домену період часу." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:988 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" +"Наприклад, якщо entry_cache_timeout домену встановлено у значення 30s, а " +"entry_cache_nowait_percentage — у значення 50 (у відсотках), записи, які " +"надійдуть за 15 секунд після останнього оновлення кешу, буде повернуто " +"одразу, але SSSD оновить власний кеш, отже наступні запити очікуватимуть на " +"розблокування після оновлення кешу." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:998 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" +"Коректними значеннями цього параметра є 0-99. Ці значення відповідають " +"відсоткам entry_cache_timeout для кожного з доменів. З міркувань покращення " +"швидкодії це відсоткове значення ніколи не зменшуватиме час очікування " +"nowait до значення, меншого за 10 секунд. Визначення значення 0 вимкне цю " +"можливість." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 +msgid "Default: 50" +msgstr "Типове значення: 50" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1011 +msgid "entry_negative_timeout (integer)" +msgstr "entry_negative_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"Визначає кількість секунд, протягом яких nss_sss має кешувати негативні " +"результати пошуку у кеші (тобто запити щодо некоректних записів у базі " +"даних, зокрема неіснуючих) перед повторним запитом до сервера обробки." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 +msgid "Default: 15" +msgstr "Типове значення: 15" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1025 +msgid "local_negative_timeout (integer)" +msgstr "local_negative_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1028 +msgid "" +"Specifies for how many seconds nss_sss should keep local users and groups in " +"negative cache before trying to look it up in the back end again. Setting " +"the option to 0 disables this feature." +msgstr "" +"Визначає кількість секунд, протягом яких nss_sss має зберігати негативні " +"результати пошуку у кеші користувачів і груп, перші ніж намагатися знову " +"шукати їх за допомогою модуля надання даних. Встановлення значення 0 вимикає " +"цю можливість." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "Default: 14400 (4 hours)" +msgstr "Типове значення: 14400 (4 години)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1039 +msgid "filter_users, filter_groups (string)" +msgstr "filter_users, filter_groups (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1042 +msgid "" +"Exclude certain users or groups from being fetched from the sss NSS " +"database. This is particularly useful for system accounts. This option can " +"also be set per-domain or include fully-qualified names to filter only users " +"from the particular domain or by a user principal name (UPN)." +msgstr "" +"Виключити певних користувачів або групи зі списку отримання даних з бази " +"даних NSS sss. Таке виключення може бути корисним для облікових записів " +"керування системою. Цей параметр також можна встановлювати для кожного з " +"доменів окремо або включити до нього імена користувачів повністю для " +"обмеження списку користувачами лише з певного домену або за назвою " +"реєстраційного запису користувача (UPN)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1050 +msgid "" +"NOTE: The filter_groups option doesn't affect inheritance of nested group " +"members, since filtering happens after they are propagated for returning via " +"NSS. E.g. a group having a member group filtered out will still have the " +"member users of the latter listed." +msgstr "" +"ЗАУВАЖЕННЯ: параметр filter_groups не впливає на успадкованість вкладених " +"записів групи, оскільки фільтрування відбувається після їх передавання для " +"повернення за допомогою NSS. Наприклад, у списку групи, що містить вкладену " +"групу, яку відфільтровано, залишатимуться записи користувачів " +"відфільтрованої групи." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1058 +msgid "Default: root" +msgstr "Типове значення: root" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1063 +msgid "filter_users_in_groups (bool)" +msgstr "filter_users_in_groups (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1066 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" +"Якщо ви хочете, щоб фільтровані користувачі залишалися учасниками груп, " +"встановіть для цього параметра значення «false»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1077 +msgid "fallback_homedir (string)" +msgstr "fallback_homedir (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1080 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" +"Встановити типовий шаблон назви домашнього каталогу користувача, якщо цей " +"каталог не вказано явним чином засобом надання даних домену." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1085 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" +"Можливі варіанти значень для цього параметра збігаються з варіантами значень " +"для параметра override_homedir." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1091 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" +"fallback_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "приклад: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1095 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" +"Типове значення: не встановлено (без замін для невстановлених домашніх " +"каталогів)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1101 +msgid "override_shell (string)" +msgstr "override_shell (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1104 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" +"Перевизначити командну оболонку входу до системи для усіх користувачів. Цей " +"параметр має пріоритет над будь-якими іншими параметрами визначення " +"командної оболонки, якщо він діє. Його можна встановити або у розділі [nss] " +"або для кожного з доменів окремо." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" +"Типове значення: не встановлено (SSSD використовуватиме значення, отримане " +"від LDAP)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1116 +msgid "allowed_shells (string)" +msgstr "allowed_shells (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1119 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" +"Обмежити перелік можливих командних оболонок користувачів вказаними. Порядок " +"визначення оболонки є таким:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1122 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" +"1. Якщо оболонку вказано у <quote>/etc/shells</quote>, її буде використано." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1126 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" +"2. Якщо оболонку вказано у списку allowed_shells, але її немає у списку " +"<quote>/etc/shells</quote>, буде використано значення параметра " +"shell_fallback." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1131 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" +"3. Якщо оболонку не вказано у списку allowed_shells і її немає у списку " +"<quote>/etc/shells</quote>, буде використано оболонку nologin." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1136 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" +"Для визначення будь-якої командної оболонки можна скористатися шаблоном " +"заміни (*)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1139 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" +"Значенням (*) варто користуватися, якщо ви хочете скористатися " +"shell_fallback, коли командної оболонки користувача немає у «/etc/shells», а " +"супровід списку усіх командних оболонок у allowed_shells є надто марудною " +"справою." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1146 +msgid "An empty string for shell is passed as-is to libc." +msgstr "Порожній рядок оболонки буде передано без обробки до libc." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1149 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" +"Читання <quote>/etc/shells</quote> виконується лише під час запуску SSSD, " +"тобто у разі встановлення нової оболонки слід перезапустити SSSD." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1153 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" +"Типове значення: не встановлено. Автоматично використовується оболонка " +"користувача." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1158 +msgid "vetoed_shells (string)" +msgstr "vetoed_shells (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1161 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "Замінити всі записи цих оболонок на shell_fallback" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1166 +msgid "shell_fallback (string)" +msgstr "shell_fallback (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1169 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" +"Типова оболонка, яку слід використовувати, якщо дозволеної оболонки у " +"системі не встановлено." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1173 +msgid "Default: /bin/sh" +msgstr "Типове значення: /bin/sh" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1178 +msgid "default_shell" +msgstr "default_shell" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1181 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" +"Типова командна оболонка, яку буде використано, якщо засобом надання даних " +"не було повернуто назви оболонки під час пошуку. Цей параметр можна вказати " +"або на загальному рівні у розділі [nss], або окремо для кожного з доменів." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1187 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" +"Типове значення: не встановлено (повернути NULL, якщо оболонку не " +"встановлено і покластися на libc у визначенні потрібного програмі значення, " +"зазвичай /bin/sh)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 +msgid "get_domains_timeout (int)" +msgstr "get_domains_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" +"Визначає час у секундах, протягом якого список піддоменів вважатиметься " +"чинним." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1206 +msgid "memcache_timeout (integer)" +msgstr "memcache_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1209 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid. Setting this option to zero will disable the in-memory cache." +msgstr "" +"Визначає час у секундах, протягом якого список піддоменів вважатиметься " +"чинним. Встановлення для цього параметра нульового значення вимикає кеш у " +"пам'яті." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1217 +msgid "" +"WARNING: Disabling the in-memory cache will have significant negative impact " +"on SSSD's performance and should only be used for testing." +msgstr "" +"Попередження: вимикання кешу у пам'яті значно погіршить швидкодію SSSD, ним " +"варто користуватися лише для тестування." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" +"ЗАУВАЖЕННЯ: якщо для змінної середовища SSS_NSS_USE_MEMCACHE встановлено " +"значення «NO», клієнтські програми не використовуватимуть fast у кеші у " +"пам’яті." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1231 +msgid "memcache_size_passwd (integer)" +msgstr "memcache_size_passwd (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1234 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for passwd requests. Setting the size to 0 will disable the passwd in-" +"memory cache." +msgstr "" +"Розмір (у мегабайтах) таблиці даних, розміщеної у швидкому кеші у пам'яті, " +"для запитів passwd. Встановлення розміру 0 вимкне кеш у пам'яті для passwd." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 +msgid "Default: 8" +msgstr "Типове значення: 8" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 +msgid "" +"WARNING: Disabled or too small in-memory cache can have significant negative " +"impact on SSSD's performance." +msgstr "" +"Попередження: вимикання кешу у пам'яті або дуже малий його розмір можуть " +"значно погіршити швидкодію SSSD." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1256 +msgid "memcache_size_group (integer)" +msgstr "memcache_size_group (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1259 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for group requests. Setting the size to 0 will disable the group in-memory " +"cache." +msgstr "" +"Розмір (у мегабайтах) таблиці даних, розміщеної у швидкому кеші у пам'яті, " +"для запитів group. Встановлення розміру 0 вимкне кеш у пам'яті для group." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 +#: include/krb5_options.xml:11 +msgid "Default: 6" +msgstr "Типове значення: 6" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1281 +msgid "memcache_size_initgroups (integer)" +msgstr "memcache_size_initgroups (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1284 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for initgroups requests. Setting the size to 0 will disable the initgroups " +"in-memory cache." +msgstr "" +"Розмір (у мегабайтах) таблиці даних, розміщеної у швидкому кеші у пам'яті, " +"для запитів initgroups. Встановлення розміру 0 вимкне кеш у пам'яті для " +"initgroups." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1306 +msgid "memcache_size_sid (integer)" +msgstr "memcache_size_sid (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1309 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for SID related requests. Only SID-by-ID and ID-by-SID requests are " +"currently cached in fast in-memory cache. Setting the size to 0 will " +"disable the SID in-memory cache." +msgstr "" +"Розмір (у мегабайтах) таблиці даних, розміщеної у швидкому кеші у пам'яті, " +"для пов'язаних із SID запитів. У поточній версії передбачено кешування у " +"швидкій пам'яті лише для запитів SID-за-ID і ID-за-SID. Встановлення розміру " +"0 вимкне кеш у пам'яті для SID." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 +msgid "user_attributes (string)" +msgstr "user_attributes (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1336 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" +"Деякі із додаткових запитів до відповідача NSS можуть повертати більшу " +"кількість атрибутів, ніж це визначено POSIX для інтерфейсу NSS. Списком " +"атрибутів можна керувати за допомогою цього параметра. Обробка виконується у " +"той самий спосіб, що і для параметра «user_attributes» відповідача InfoPipe " +"(див. <citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, щоб дізнатися більше), але без типових значень." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1349 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" +"Щоб полегшити налаштовування відповідач NSS перевірятиме параметр InfoPipe " +"на те, чи не встановлено його для відповідача NSS." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1354 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" +"Типове значення: не встановлено, резервне значення визначається за " +"параметром InfoPipe" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1359 +msgid "pwfield (string)" +msgstr "pwfield (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1362 +msgid "" +"The value that NSS operations that return users or groups will return for " +"the <quote>password</quote> field." +msgstr "" +"Значення, яке повертають операції NSS, які повертають записи користувачів чи " +"груп, для поля <quote>password</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1367 +msgid "Default: <quote>*</quote>" +msgstr "Типове значення: <quote>*</quote>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1370 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[nss] section." +msgstr "" +"Зауваження: значення цього параметра можна встановлювати для кожного з " +"доменів окремо. При цьому це значення матиме вищий пріоритет за значення у " +"розділі [nss]." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1374 +#, fuzzy +#| msgid "" +#| "Default: <quote>not set</quote> (remote domains), <quote>x</quote> (the " +#| "files domain), <quote>x</quote> (proxy domain with nss_files and sssd-" +#| "shadowutils target)" +msgid "" +"Default: <quote>not set</quote> (remote domains), <phrase " +"condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" +"phrase> <quote>x</quote> (proxy domain with nss_files and sssd-shadowutils " +"target)" +msgstr "" +"Типове значення: <quote>не встановлено</quote> (віддалені домени) або " +"<quote>x</quote> (файловий домен), <quote>x</quote> (проміжний домен із цілі " +"nss_files і sssd-shadowutils)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1386 +msgid "PAM configuration options" +msgstr "Параметри налаштування PAM" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1388 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" +"Цими параметрами можна скористатися для налаштування служби Pluggable " +"Authentication Module (PAM або блокового модуля розпізнавання)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1393 +msgid "offline_credentials_expiration (integer)" +msgstr "offline_credentials_expiration (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1396 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" +"У разі неможливості встановлення з’єднання з сервером розпізнавання визначає " +"тривалість зберігання кешованих входів (у днях з часу останнього успішного " +"входу до системи)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 +msgid "Default: 0 (No limit)" +msgstr "Типове значення: 0 (без обмежень)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1407 +msgid "offline_failed_login_attempts (integer)" +msgstr "offline_failed_login_attempts (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1410 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" +"У разі неможливості встановлення з’єднання з сервером розпізнавання визначає " +"дозволену кількість спроб входу з визначенням помилкового пароля." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1420 +msgid "offline_failed_login_delay (integer)" +msgstr "offline_failed_login_delay (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1423 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" +"Час у хвилинах, який має пройти між досягненням значення " +"offline_failed_login_attempts і повторним вмиканням можливості входу до " +"системи." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1428 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" +"Якщо встановлено значення 0, користувач не зможе пройти розпізнавання у " +"автономному режимі, якщо буде досягнуто значення " +"offline_failed_login_attempts. Лише успішне розпізнавання може знову " +"увімкнути можливість автономного розпізнавання." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 +msgid "Default: 5" +msgstr "Типове значення: 5" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1440 +msgid "pam_verbosity (integer)" +msgstr "pam_verbosity (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1443 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" +"Керує типами повідомлень, які буде показано користувачеві під час " +"розпізнавання. Чим більшим є значення, тим більше повідомлень буде показано." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1448 +msgid "Currently sssd supports the following values:" +msgstr "У поточній версії sssd передбачено підтримку таких значень:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1451 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "<emphasis>0</emphasis>: не показувати жодних повідомлень" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1454 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "<emphasis>1</emphasis>: показувати лише важливі повідомлення" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1458 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "<emphasis>2</emphasis>: показувати всі інформаційні повідомлення" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" +"<emphasis>3</emphasis>: показувати всі повідомлення та діагностичні дані" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1465 sssd.8.xml:63 +msgid "Default: 1" +msgstr "Типове значення: 1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1471 +msgid "pam_response_filter (string)" +msgstr "pam_response_filter (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1474 +msgid "" +"A comma separated list of strings which allows to remove (filter) data sent " +"by the PAM responder to pam_sss PAM module. There are different kind of " +"responses sent to pam_sss e.g. messages displayed to the user or environment " +"variables which should be set by pam_sss." +msgstr "" +"Список рядків, відокремлених комами, за допомогою якого можна вилучати " +"(фільтрувати) дані, які надсилаються відповідачем PAM до модуля PAM pam_sss. " +"Існують різні тип відповідей, які надсилаються до pam_sss, наприклад " +"повідомлення, які показуються користувачеві, або змінні середовища, які слід " +"встановлювати за допомогою pam_sss." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1482 +msgid "" +"While messages already can be controlled with the help of the pam_verbosity " +"option this option allows to filter out other kind of responses as well." +msgstr "" +"Хоча повідомленнями вже можна керувати за допомогою параметра pam_verbosity, " +"за допомогою цього параметра можна відфільтрувати також інші типи " +"повідомлень." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1489 +msgid "ENV" +msgstr "ENV" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1490 +msgid "Do not send any environment variables to any service." +msgstr "Не надсилати жодних змінних середовища до жодної служби." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1493 +msgid "ENV:var_name" +msgstr "ENV:назва_змінної" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1494 +msgid "Do not send environment variable var_name to any service." +msgstr "Не надсилати змінної середовища назва_змінної до жодної служби." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1498 +msgid "ENV:var_name:service" +msgstr "ENV:назва_змінної:служба" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1499 +msgid "Do not send environment variable var_name to service." +msgstr "Не надсилати змінної середовища назва_змінної до вказаної служби." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1487 +msgid "" +"Currently the following filters are supported: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"У поточній версії передбачено підтримку таких фільтрів: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1506 +msgid "" +"The list of strings can either be the list of filters which would set this " +"list of filters and overwrite the defaults. Or each element of the list can " +"be prefixed by a '+' or '-' character which would add the filter to the " +"existing default or remove it from the defaults, respectively. Please note " +"that either all list elements must have a '+' or '-' prefix or none. It is " +"considered as an error to mix both styles." +msgstr "" +"Список рядків може бути або списком фільтрів, які встановлюють список " +"фільтрування і перевизначають типові фільтри, або до кожного елемента списку " +"може бути додано префікс «+» або «-», який додасть фільтр до наявного " +"типового фільтрування або вилучить його з наявного типового фільтрування, " +"відповідно. Будь ласка, зауважте, або що усі елементи списку повинні мати " +"префікси «+» або «-», або усі елементи списку не повинні містити префіксів. " +"Змішування стилів вважається помилкою." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1517 +msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" +msgstr "Типове значення: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1520 +msgid "" +"Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" +msgstr "Приклад: -ENV:KRB5CCNAME:sudo-i вилучає фільтр зі списку типових" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1527 +msgid "pam_id_timeout (integer)" +msgstr "pam_id_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1530 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" +"Для кожного з запитів PAM під час роботи SSSD система SSSD зробить спробу " +"негайно оновити кешовані дані щодо профілю користувача з метою переконатися, " +"що розпізнавання виконується на основі найсвіжіших даних." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1536 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" +"Повний обмін даними сеансу PAM може включати декілька запитів PAM, зокрема " +"для керування обліковими записами та відкриття сеансів. За допомогою цього " +"параметра можна керувати (для окремих клієнтів-програм) тривалістю (у " +"секундах) кешування даних профілю з метою уникнути повторних викликів засобу " +"надання даних профілів." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1550 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "pam_pwd_expiration_warning (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 +msgid "Display a warning N days before the password expires." +msgstr "" +"Показати попередження за вказану кількість днів перед завершенням дії пароля." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1556 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" +"Будь ласка, зауважте, що сервер обробки має надати дані щодо часу завершення " +"дії пароля. Якщо ці дані не буде виявлено, sssd не зможе показати " +"попередження." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" +"Якщо встановлено нульове значення, цей фільтр не застосовуватиметься, тобто " +"якщо з сервера обробки надійде попередження щодо завершення строку дії, його " +"буде автоматично показано." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1567 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" +"Цей параметр може бути перевизначено встановленням параметра " +"<emphasis>pwd_expiration_warning</emphasis> для окремого домену." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 +msgid "Default: 0" +msgstr "Типове значення: 0" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1589 +msgid "pam_trusted_users (string)" +msgstr "pam_trusted_users (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1592 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to run PAM conversations against trusted domains. Users not " +"included in this list can only access domains marked as public with " +"<quote>pam_public_domains</quote>. User names are resolved to UIDs at " +"startup." +msgstr "" +"Визначає список відокремлених комами значень UID або імен користувачів, яким " +"дозволено виконувати обмін даними PAM із довіреними доменами. Користувачі, " +"яких не включено до цього списку, можуть отримувати доступ лише до доменів, " +"які позначено як загальнодоступні (public) за допомогою " +"<quote>pam_public_domains</quote>. Імена користувачів перетворюються на UID " +"під час запуску системи." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 +msgid "Default: All users are considered trusted by default" +msgstr "" +"Типове значення: типово усі користувачі вважаються надійними (довіреними)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1606 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" +"Будь ласка, зауважте, що користувачеві з UID 0 завжди мають доступ до " +"відповідача PAM, навіть якщо користувача немає у списку pam_trusted_users." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "pam_public_domains (string)" +msgstr "pam_public_domains (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" +"Визначає список назв доменів, відокремлених комами, доступ до яких можуть " +"отримувати навіть ненадійні користувачі." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1620 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "Визначено два спеціальних значення параметра pam_public_domains:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1624 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" +"all (Ненадійним користувачам відкрито доступ до усіх доменів у відповідачі " +"PAM.)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1628 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" +"none (Ненадійним користувачам заборонено доступ до усіх доменів PAM у " +"відповідачі.)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 +msgid "Default: none" +msgstr "Типове значення: none" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1637 +msgid "pam_account_expired_message (string)" +msgstr "pam_account_expired_message (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1640 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" +"Надає змогу встановити нетипове повідомлення щодо завершення строку дії, яке " +"замінити типове повідомлення «Доступ заборонено» («Permission denied»)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbosity is set to 3 (show all messages and debug information)." +msgstr "" +"Зауваження: будь ласка, зверніть увагу на те, що повідомлення буде виведено " +"для служби SSH, лише якщо pam_verbosity не встановлено у значення 3 " +"(показувати усі повідомлення і діагностичні дані)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1653 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1662 +msgid "pam_account_locked_message (string)" +msgstr "pam_account_locked_message (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1665 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" +"Надає змогу встановити нетипове повідомлення щодо блокування, яке замінити " +"типове повідомлення «Доступ заборонено» («Permission denied»)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1672 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1681 +#, fuzzy +#| msgid "pam_cert_auth (bool)" +msgid "pam_passkey_auth (bool)" +msgstr "pam_cert_auth (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 +msgid "Enable passkey device based authentication." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 +msgid "Default: False" +msgstr "Типове значення: False" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1692 +msgid "passkey_debug_libfido2 (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1695 +msgid "Enable libfido2 library debug messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1703 +msgid "pam_cert_auth (bool)" +msgstr "pam_cert_auth (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1706 +msgid "" +"Enable certificate based Smartcard authentication. Since this requires " +"additional communication with the Smartcard which will delay the " +"authentication process this option is disabled by default." +msgstr "" +"Увімкнути сертифікацію на основі розпізнавання за смарткартками. Оскільки це " +"потребує додаткового обміну даним із смарткарткою, що затримує процес " +"розпізнавання, типово таку сертифікацію вимкнено." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1717 +msgid "pam_cert_db_path (string)" +msgstr "pam_cert_db_path (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1720 +msgid "The path to the certificate database." +msgstr "Шлях до бази даних сертифікатів." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 +msgid "Default:" +msgstr "Типове значення:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 +msgid "" +"/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " +"certificates in PEM format)" +msgstr "" +"/etc/sssd/pki/sssd_auth_ca_db.pem (шлях до файла із довіреними сертифікатами " +"служб сертифікації у форматі PEM)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1735 +msgid "pam_cert_verification (string)" +msgstr "pam_cert_verification (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1738 +msgid "" +"With this parameter the PAM certificate verification can be tuned with a " +"comma separated list of options that override the " +"<quote>certificate_verification</quote> value in <quote>[sssd]</quote> " +"section. Supported options are the same of <quote>certificate_verification</" +"quote>." +msgstr "" +"За допомогою цього параметра можна виконати тонке налаштовування перевірки " +"сертифікатів PAM на основі списку параметрів, відокремлених комами. Ці " +"параметри перевизначають значення <quote>certificate_verification</quote> у " +"розділі <quote>[sssd]</quote>. Підтримуваними параметрами є ті самі, що і у " +"<quote>certificate_verification</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1749 +#, no-wrap +msgid "" +"pam_cert_verification = partial_chain\n" +" " +msgstr "" +"pam_cert_verification = partial_chain\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1753 +msgid "" +"Default: not set, i.e. use default <quote>certificate_verification</quote> " +"option defined in <quote>[sssd]</quote> section." +msgstr "" +"Типове значення: не встановлено, тобто слід використовувати типовий параметр " +"<quote>certificate_verification</quote>, який визначено у розділі " +"<quote>[sssd]</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1760 +msgid "p11_child_timeout (integer)" +msgstr "p11_child_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1763 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" +"Час у секундах, протягом якого pam_sss очікуватиме на завершення роботи " +"p11_child." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1772 +#, fuzzy +#| msgid "p11_child_timeout (integer)" +msgid "passkey_child_timeout (integer)" +msgstr "p11_child_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1775 +#, fuzzy +#| msgid "How many seconds will pam_sss wait for p11_child to finish." +msgid "" +"How many seconds will the PAM responder wait for passkey_child to finish." +msgstr "" +"Час у секундах, протягом якого pam_sss очікуватиме на завершення роботи " +"p11_child." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1784 +msgid "pam_app_services (string)" +msgstr "pam_app_services (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1787 +msgid "" +"Which PAM services are permitted to contact domains of type " +"<quote>application</quote>" +msgstr "" +"Визначає, яким службам PAM дозволено встановлювати з'єднання із доменами " +"типу <quote>application</quote>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1796 +msgid "pam_p11_allowed_services (integer)" +msgstr "pam_p11_allowed_services (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1799 +msgid "" +"A comma-separated list of PAM service names for which it will be allowed to " +"use Smartcards." +msgstr "" +"Список назв служб PAM, відокремлених комами, для яких буде дозволено " +"використання смарткарток." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1814 +#, no-wrap +msgid "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " +msgstr "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1803 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in order " +"to replace a default PAM service name for authentication with Smartcards (e." +"g. <quote>login</quote>) with a custom PAM service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Можна додати іншу назву служби PAM до типового набору за допомогою " +"конструкції «+назва_служби» або явним чином вилучити назву служби PAM з " +"типового набору за допомогою конструкції «-назва_служби». Наприклад, щоб " +"замінити типову назву служби PAM для розпізнавання за смарткарткою " +"(наприклад, «login») з нетиповою назвою служби PAM (наприклад, " +"«my_pam_service»), вам слід скористатися такими налаштуваннями: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd-ad.5.xml:869 sssd-ad.5.xml:947 +msgid "Default: the default set of PAM service names includes:" +msgstr "" +"Типове значення: типовий набір назв служб PAM складається з таких значень:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 +msgid "login" +msgstr "login" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 +msgid "su" +msgstr "su" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 +msgid "su-l" +msgstr "su-l" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 +msgid "gdm-smartcard" +msgstr "gdm-smartcard" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 +msgid "gdm-password" +msgstr "gdm-password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 +msgid "kdm" +msgstr "kdm" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 +msgid "sudo" +msgstr "sudo" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 +msgid "sudo-i" +msgstr "sudo-i" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1863 +msgid "gnome-screensaver" +msgstr "gnome-screensaver" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1871 +msgid "p11_wait_for_card_timeout (integer)" +msgstr "p11_wait_for_card_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1874 +msgid "" +"If Smartcard authentication is required how many extra seconds in addition " +"to p11_child_timeout should the PAM responder wait until a Smartcard is " +"inserted." +msgstr "" +"Якщо обов'язковим є розпізнавання за смарткарткою, кількість додаткових " +"секунд, які буде додано до p11_child_timeout, протягом яких відповідача PAM " +"має чекати на вставлення смарткартки." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1885 +msgid "p11_uri (string)" +msgstr "p11_uri (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1888 +msgid "" +"PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " +"selection of devices used for Smartcard authentication. By default SSSD's " +"p11_child will search for a PKCS#11 slot (reader) where the 'removable' " +"flags is set and read the certificates from the inserted token from the " +"first slot found. If multiple readers are connected p11_uri can be used to " +"tell p11_child to use a specific reader." +msgstr "" +"Адреса PKCS#11 (докладніший опис можна знайти у RFC-7512), якою можна " +"скористатися для обмеження переліку пристроїв, які використовуються для " +"розпізнавання за допомогою смарткартки. Типово, p11_child зі складу SSSD " +"виконуватиме пошук слоту PKCS#11 (зчитувача), для якого встановлено прапорці " +"«removable» («портативний») і читатиме сертифікати із першого знайденого " +"слоту вставленого ключа. Якщо з комп'ютером буде з'єднано декілька " +"зчитувачів, можна скористатися p11_uri для повідомлення p11_child про те, що " +"слід використовувати вказаний зчитувач." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1901 +#, no-wrap +msgid "" +"p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" +" " +msgstr "" +"p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1905 +#, no-wrap +msgid "" +"p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +" " +msgstr "" +"p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1899 +msgid "" +"Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " +"type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " +"debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' " +"with e.g. the '--list-all' will show PKCS#11 URIs as well." +msgstr "" +"Приклади: <placeholder type=\"programlisting\" id=\"0\"/> або <placeholder " +"type=\"programlisting\" id=\"1\"/> Для визначення відповідної адреси, " +"ознайомтеся із файлом діагностичних даних p11_child. Крім того, можна " +"скористатися програмою GnuTLS p11tool, наприклад, із параметром --list-all, " +"який покаже і адреси PKCS#11." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1918 +msgid "pam_initgroups_scheme" +msgstr "pam_initgroups_scheme" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1926 +msgid "always" +msgstr "always" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1927 +msgid "" +"Always do an online lookup, please note that pam_id_timeout still applies" +msgstr "" +"Завжди виконувати пошук у мережі. Будь ласка, зауважте, що pam_id_timeout " +"буде все одно застосовано" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1931 +msgid "no_session" +msgstr "no_session" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1932 +msgid "" +"Only do an online lookup if there is no active session of the user, i.e. if " +"the user is currently not logged in" +msgstr "" +"Виконувати пошук у мережі, лише якщо немає активного сеансу користувача, " +"тобто якщо користувач не працює у системі" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1937 +msgid "never" +msgstr "never" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1938 +msgid "" +"Never force an online lookup, use the data from the cache as long as they " +"are not expired" +msgstr "" +"Ніколи не виконувати пошук у мережі примусово, використовувати дані з кешу, " +"аж доки вони не застаріють" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1921 +msgid "" +"The PAM responder can force an online lookup to get the current group " +"memberships of the user trying to log in. This option controls when this " +"should be done and the following values are allowed: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Відповідач PAM може примусово застосувати пошук у мережі, щоб отримати " +"поточну групу членства користувача, який намагається увійти до системи. Цей " +"параметр керує тим, коли це слід робити. Передбачено можливість встановлення " +"таких значень: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1945 +msgid "Default: no_session" +msgstr "Типове значення: no_session" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 +msgid "pam_gssapi_services" +msgstr "pam_gssapi_services" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1953 +msgid "" +"Comma separated list of PAM services that are allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" +"Відокремлений комами список служб PAM, яким дозволено намагатися виконати " +"розпізнавання за GSSAPI за допомогою модуля pam_sss_gss.so." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1958 +msgid "" +"To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." +msgstr "" +"Щоб вимкнути розпізнавання за GSSAPI, встановіть для цього параметра " +"значення <quote>-</quote> (дефіс)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[pam] section. It can also be set for trusted domain which overwrites the " +"value in the domain section." +msgstr "" +"Зауваження: значення цього параметра можна встановлювати для кожного з " +"доменів окремо, при цьому перевизначивши значення у розділі [pam]. Його " +"також можна встановити для довіреного домену, при цьому значення матиме " +"вищий пріоритет за значення у розділі домену." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1970 +#, no-wrap +msgid "" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" +"pam_gssapi_services = sudo, sudo-i\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "Приклад: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1974 +msgid "Default: - (GSSAPI authentication is disabled)" +msgstr "Типове значення: - (розпізнавання за GSSAPI вимкнено)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 +msgid "pam_gssapi_check_upn" +msgstr "pam_gssapi_check_upn" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1982 +msgid "" +"If True, SSSD will require that the Kerberos user principal that " +"successfully authenticated through GSSAPI can be associated with the user " +"who is being authenticated. Authentication will fail if the check fails." +msgstr "" +"Якщо має значення True, SSSD потребуватиме можливості прив'язки " +"реєстраційних даних користувача Kerberos, якого успішно розпізнано за " +"допомогою GSSAPI, до користувача, якого розпізнано. Розпізнавання " +"вважатиметься неуспішним, якщо перевірку не буде пройдено." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1989 +msgid "" +"If False, every user that is able to obtained required service ticket will " +"be authenticated." +msgstr "" +"Якщо має значення False, розпізнаними вважатимуться усі користувачі, які " +"зможуть отримати бажаний квиток служби." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 +#: sssd-files.5.xml:145 +msgid "Default: True" +msgstr "Типове значення: True" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2004 +msgid "pam_gssapi_indicators_map" +msgstr "pam_gssapi_indicators_map" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2007 +msgid "" +"Comma separated list of authentication indicators required to be present in " +"a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" +"Для доступу до служби PAM, у якій можна спробувати розпізнавання GSSAPI з " +"використанням модуля pam_sss_gss.so, у квитку Kerberos має бути список " +"відокремлених комами індикаторів розпізнавання." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2013 +msgid "" +"Each element of the list can be either an authentication indicator name or a " +"pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " +"service name will be required to access any PAM service configured to be " +"used with <option>pam_gssapi_services</option>. A resulting list of " +"indicators per PAM service is then checked against indicators in the " +"Kerberos ticket during authentication by pam_sss_gss.so. Any indicator from " +"the ticket that matches the resulting list of indicators for the PAM service " +"would grant access. If none of the indicators in the list match, access will " +"be denied. If the resulting list of indicators for the PAM service is empty, " +"the check will not prevent the access." +msgstr "" +"Кожен з елементів списку може бути або назвою індикатора розпізнавання, або " +"парою <quote>служба:індикатор</quote>. Для доступу до будь-якої служби PAM, " +"яку налаштовано на використання з <option>pam_gssapi_services</option> " +"будуть потрібні індикатори без префіксів назв служб PAM. Список-результат " +"індикаторів для окремої служби PAM буде перевірено за індикаторами у квитку " +"Kerberos під час розпізнавання у pam_sss_gss.so. Буд-який індикатор з " +"квитка, який відповідає списку-результату індикаторів для служби PAM, " +"отримає доступ. Якщо відповідність не буде встановлено для жодного з " +"індикаторів, доступ буде заборонено. Якщо список-результат індикаторів для " +"служби PAM є порожнім, перевірка не закриватиме доступ для жодного запису." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"To disable GSSAPI authentication indicator check, set this option to <quote>-" +"</quote> (dash). To disable the check for a specific PAM service, add " +"<quote>service:-</quote>." +msgstr "" +"Щоб вимкнути перевірку за індикаторами для розпізнавання за GSSAPI, " +"встановіть для цього параметра значення <quote>-</quote> (дефіс). Щоб " +"вимкнути перевірку для певної служби PAM, додайте <quote>служба:-</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "" +"Following authentication indicators are supported by IPA Kerberos " +"deployments:" +msgstr "" +"У розгорнутих системах IPA з Kerberos передбачено підтримку таких " +"індикаторів розпізнавання:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"pkinit -- pre-authentication using X.509 certificates -- whether stored in " +"files or on smart cards." +msgstr "" +"pkinit — попереднє розпізнавання за допомогою сертифікатів X.509, які " +"зберігаються у файлах або на смарткартках." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2043 +msgid "" +"hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " +"FAST channel." +msgstr "" +"hardened — попереднє розпізнавання SPAKE або будь-яке попереднє " +"розпізнавання у обгортці каналу FAST." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2046 +msgid "radius -- pre-authentication with the help of a RADIUS server." +msgstr "radius — попереднє розпізнавання за допомогою сервера RADIUS." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2049 +msgid "" +"otp -- pre-authentication using integrated two-factor authentication (2FA or " +"one-time password, OTP) in IPA." +msgstr "" +"otp — попереднє розпізнавання за допомогою інтегрованого двофакторного " +"розпізнавання (2FA або одноразовий пароль, OTP) в IPA." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2052 +msgid "idp -- pre-authentication using external identity provider." +msgstr "" +"idp — попереднє розпізнавання за допомогою зовнішнього надавача даних " +"профілів." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:2062 +#, no-wrap +msgid "" +"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" +" " +msgstr "" +"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2057 +msgid "" +"Example: to require access to SUDO services only for users which obtained " +"their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " +"set <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Приклад: щоб встановити обов'язковість для доступу до служб SUDO отримання " +"користувачами їхніх квитків Kerberos із попереднім розпізнаванням за " +"сертифікатом X.509 (PKINIT), встановіть <placeholder type=\"programlisting\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2066 +msgid "Default: not set (use of authentication indicators is not required)" +msgstr "" +"Типове значення: не встановлено (немає потреби у використанні індикаторів " +"розпізнавання)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2074 +msgid "SUDO configuration options" +msgstr "Параметри налаштування SUDO" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2076 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Цими параметрами можна скористатися для налаштовування служби sudo. Докладні " +"настанови щодо налаштовування <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> на роботу з " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> можна знайти на сторінці довідника <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2093 +msgid "sudo_timed (bool)" +msgstr "sudo_timed (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2096 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" +"Визначає, чи слід обробляти атрибути sudoNotBefore і sudoNotAfter, " +"призначені для визначення часових обмежень для записів sudoers." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2108 +msgid "sudo_threshold (integer)" +msgstr "sudo_threshold (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2111 +msgid "" +"Maximum number of expired rules that can be refreshed at once. If number of " +"expired rules is below threshold, those rules are refreshed with " +"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a " +"<quote>full refresh</quote> of sudo rules is triggered instead. This " +"threshold number also applies to IPA sudo command and command group searches." +msgstr "" +"Максимальна кількість застарілих правил, які можна оновлювати за один крок. " +"Якщо кількість застарілих правил є нижчою за це порогове значення, правила " +"буде оновлено за допомогою механізму <quote>rules refresh</quote>. Якщо " +"порогове значення перевищено, замість нього буде використано <quote>full " +"refresh</quote> з правил sudo. Це порогове значення також стосується команди " +"sudo IPA та групових пошуків команд." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2130 +msgid "AUTOFS configuration options" +msgstr "Параметри налаштування AUTOFS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2132 +msgid "These options can be used to configure the autofs service." +msgstr "Цими параметрами можна скористатися для налаштування служби autofs." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2136 +msgid "autofs_negative_timeout (integer)" +msgstr "autofs_negative_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2139 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"Визначає кількість секунд, протягом яких відповідач autofs має кешувати " +"негативні результати пошуку у кеші (тобто запити щодо некоректних записів у " +"базі даних, зокрема неіснуючих) перед повторним запитом до сервера обробки." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2155 +msgid "SSH configuration options" +msgstr "Параметри налаштувань SSH" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2157 +msgid "These options can be used to configure the SSH service." +msgstr "Цими параметрами можна скористатися для налаштування служби SSH." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2161 +msgid "ssh_hash_known_hosts (bool)" +msgstr "ssh_hash_known_hosts (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2164 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" +"Чи слід хешувати назви та адреси вузлів у керованому файлі known_hosts." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2173 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "ssh_known_hosts_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2176 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" +"Кількість секунд, протягом яких запису вузла зберігатиметься у керованому " +"файлі known_hosts після надсилання запиту щодо ключів вузла." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2180 +msgid "Default: 180" +msgstr "Типове значення: 180" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2185 +msgid "ssh_use_certificate_keys (bool)" +msgstr "ssh_use_certificate_keys (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2188 +msgid "" +"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " +"keys derived from the public key of X.509 certificates stored in the user " +"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details." +msgstr "" +"Якщо встановлено значення true, <command>sss_ssh_authorizedkeys</command> " +"поверне ключі ssh, які походять від відкритого ключа сертифікатів X.509, які " +"також зберігаються у записі користувача. Докладніше про це на сторінці " +"підручника <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2203 +msgid "ssh_use_certificate_matching_rules (string)" +msgstr "ssh_use_certificate_matching_rules (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2206 +msgid "" +"By default the ssh responder will use all available certificate matching " +"rules to filter the certificates so that ssh keys are only derived from the " +"matching ones. With this option the used rules can be restricted with a " +"comma separated list of mapping and matching rule names. All other rules " +"will be ignored." +msgstr "" +"Типово, відповідач SSH буде використовувати усі доступні правила " +"встановлення відповідності сертифікатів для фільтрування сертифікатів, тому " +"ключі SSH будуть створюватися лише на основі відповідних правилам " +"сертифікатів. За допомогою цього параметра можна обмежити перелік " +"використаних правил на основі списку назв правил прив'язки і відповідності, " +"відокремлених комами. Усі інші правила буде проігноровано." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2215 +msgid "" +"There are two special key words 'all_rules' and 'no_rules' which will enable " +"all or no rules, respectively. The latter means that no certificates will be " +"filtered out and ssh keys will be generated from all valid certificates." +msgstr "" +"Передбачено два спеціальних ключових слова «all_rules» та «no_rules», які " +"вмикають або вимикають усі правила, відповідно. Останній випадок означає, що " +"сертифікати не фільтруватимуться, а ключі ssh буде створено з усіх коректних " +"сертифікатів." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2222 +msgid "" +"If no rules are configured using 'all_rules' will enable a default rule " +"which enables all certificates suitable for client authentication. This is " +"the same behavior as for the PAM responder if certificate authentication is " +"enabled." +msgstr "" +"Якщо не налаштовано жодного правила, «all_rules» увімкне типове правило, яке " +"дозволяє використання усіх сертифікатів, які придатні для розпізнавання " +"клієнта. Це та сама поведінка, що для відповідача PAM, якщо увімкнено " +"розпізнавання за сертифікатом." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2229 +msgid "" +"A non-existing rule name is considered an error. If as a result no rule is " +"selected all certificates will be ignored." +msgstr "" +"Визначення назви правила, якої не існує, вважатиметься помилкою. Якщо в " +"результаті не буде вибрано жодного правила, усі сертифікати буде " +"проігноровано." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2234 +msgid "" +"Default: not set, equivalent to 'all_rules', all found rules or the default " +"rule are used" +msgstr "" +"Типове значення: не встановлено, рівнозначне до «all_rules» — буде " +"використано усі знайдені правила або типове правило" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2240 +msgid "ca_db (string)" +msgstr "ca_db (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2243 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" +"Шлях до сховища довірених сертифікатів CA. Параметр використовується для " +"перевірки сертифікатів користувачів до отримання з них відкритих ключів ssh." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2263 +msgid "PAC responder configuration options" +msgstr "Параметри налаштування відповідача PAC" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2265 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. If " +"the PAC is decoded and evaluated some of the following operations are done:" +msgstr "" +"Відповідач PAC працює разом з додатком даних уповноваження для " +"sssd_pac_plugin.so зі складу MIT Kerberos та засобу надання даних " +"піддоменів. Цей додаток надсилає до відповідача PAC дані PAC під час " +"розпізнавання за допомогою GSSAPI. Засіб надання даних піддоменів збирає " +"дані щодо діапазонів SID і ID домену, до якого долучено клієнт, та " +"віддалених надійних доменів з локального контролера доменів. Якщо PAC " +"декодовано і визначено, виконуються деякі з таких дій:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2274 +msgid "" +"If the remote user does not exist in the cache, it is created. The UID is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"GID will have the same value as the UID. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" +"Якщо у кеші немає даних віддаленого користувача, запис цих даних буде " +"створено. UID буде визначено за допомогою SID, надійні домени матимуть UPG, " +"а gid матиме те саме значення, що і UID. Дані домашнього каталогу буде " +"засновано на значенні параметра subdomain_homedir. Типово, для командної " +"оболонки буде вибрано порожнє значення, тобто використовуватимуться типові " +"параметри системи. Значення для оболонки можна змінити за допомогою " +"параметра default_shell." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2282 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" +"Якщо існують SID груп з доменів, про які відомо SSSD, запис користувача буде " +"додано до цих груп." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2288 +msgid "These options can be used to configure the PAC responder." +msgstr "" +"Цими параметрами можна скористатися для налаштовування відповідача PAC." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 +msgid "allowed_uids (string)" +msgstr "allowed_uids (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2295 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" +"Визначає список значень UID або імен користувачів, відокремлених комами. " +"Користувачам з цього списку буде дозволено доступ до відповідача PAC. UID за " +"іменами користувачів визначатимуться під час запуску." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2301 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" +"Типове значення: 0 (доступ до відповідача PAC має лише адміністративний " +"користувач (root))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2305 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" +"Будь ласка, зауважте, що хоча типово використовується UID 0, значення UID " +"буде перевизначено на основі цього параметра. Якщо ви хочете надати " +"адміністративному користувачеві (root) доступ до відповідача PAC, що може " +"бути типовим варіантом, вам слід додати до списку UID з правами доступу " +"запис 0." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2314 +msgid "pac_lifetime (integer)" +msgstr "pac_lifetime (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2317 +msgid "" +"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " +"data can be used to determine the group memberships of a user." +msgstr "" +"Строк дії запису PAC у секундах. Якщо PAC є чинним, дані PAC можна " +"використовувати для визначення членства користувача у групі." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2327 +msgid "pac_check (string)" +msgstr "pac_check (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2330 +msgid "" +"Apply additional checks on the PAC of the Kerberos ticket which is available " +"in Active Directory and FreeIPA domains, if configured. Please note that " +"Kerberos ticket validation must be enabled to be able to check the PAC, i.e. " +"the krb5_validate option must be set to 'True' which is the default for the " +"IPA and AD provider. If krb5_validate is set to 'False' the PAC checks will " +"be skipped." +msgstr "" +"Застосувати додаткові перевірки до PAC квитка Kerberos, який доступний у " +"доменах Active Directory і FreeIPA, якщо це налаштовано. Будь ласка, " +"зауважте, що має бути увімкнено перевірку квитка Kerberos, щоб мати змогу " +"перевірити PAC, тобто для параметра krb5_validate має бути встановлено " +"значення «True», яке є типовим для надавачів даних IPA і AD. Якщо для " +"krb5_validate встановлено значення «False», перевірки PAC буде пропущено." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2344 +msgid "no_check" +msgstr "no_check" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2346 +msgid "" +"The PAC must not be present and even if it is present no additional checks " +"will be done." +msgstr "" +"PAC не повинно бути, і навіть якщо він є, ніяких додаткових перевірок " +"виконано не буде." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2352 +msgid "pac_present" +msgstr "pac_present" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2354 +msgid "" +"The PAC must be present in the service ticket which SSSD will request with " +"the help of the user's TGT. If the PAC is not available the authentication " +"will fail." +msgstr "" +"PAC має бути наявним у квитку служби, запит щодо якого SSSD надсилає за " +"допомогою TGT користувача. Якщо PAC є недоступним, спроба розпізнавання " +"зазнає невдачі." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2362 +msgid "check_upn" +msgstr "check_upn" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2364 +msgid "" +"If the PAC is present check if the user principal name (UPN) information is " +"consistent." +msgstr "" +"Якщо PAC є, перевірити, чи є узгодженими дані назви реєстраційного запису " +"користувача (UPN)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2370 +msgid "check_upn_allow_missing" +msgstr "check_upn_allow_missing" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2372 +msgid "" +"This option should be used together with 'check_upn' and handles the case " +"where a UPN is set on the server-side but is not read by SSSD. The typical " +"example is a FreeIPA domain where 'ldap_user_principal' is set to a not " +"existing attribute name. This was typically done to work-around issues in " +"the handling of enterprise principals. But this is fixed since quite some " +"time and FreeIPA can handle enterprise principals just fine and there is no " +"need anymore to set 'ldap_user_principal'." +msgstr "" +"Цей параметр слід використовувати разом і «check_upn» і обробляє випадок, " +"коли для UPN встановлено значення на боці сервера, але його не прочитано " +"SSSD. Типовим прикладом є домен FreeIPA, де для «ldap_user_principal» " +"встановлено назву атрибуту, якого не існує. Так типово роблять для того, щоб " +"обійти проблеми в обробці промислових реєстраційних записів. Втім, це " +"виправлено вже певний час, і FreeIPA може обробляти промислові реєстраційні " +"записи без проблем. У встановленні «ldap_user_principal» більше немає " +"потреби." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2384 +msgid "" +"Currently this option is set by default to avoid regressions in such " +"environments. A log message will be added to the system log and SSSD's debug " +"log in case a UPN is found in the PAC but not in SSSD's cache. To avoid this " +"log message it would be best to evaluate if the 'ldap_user_principal' option " +"can be removed. If this is not possible, removing 'check_upn' will skip the " +"test and avoid the log message." +msgstr "" +"У поточній версії цей параметр типово увімкнено, щоб уникнути регресій у " +"подібних середовищах. До системного журналу та діагностичного журналу SSSD " +"буде додано повідомлення у випадку виявлення UPN у PAC, але не у кеші SSSD. " +"Щоб уникнути появи такого повідомлення, слід перевірити, чи можна вилучити " +"параметр «ldap_user_principal». Якщо це неможливо, вилучення «check_upn» " +"призведе до пропускання перевірки, і повідомлення зникне з журналу." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2398 +msgid "upn_dns_info_present" +msgstr "upn_dns_info_present" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2400 +msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." +msgstr "" +"PAC має містити буфер UPN-DNS-INFO; неявним чином встановлює «check_upn»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2405 +msgid "check_upn_dns_info_ex" +msgstr "check_upn_dns_info_ex" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2407 +msgid "" +"If the PAC is present and the extension to the UPN-DNS-INFO buffer is " +"available check if the information in the extension is consistent." +msgstr "" +"Якщо є PAC і доступним є розширення буфера UPN-DNS-INFO, перевірити, чи є " +"узгодженими дані у розширенні." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2414 +msgid "upn_dns_info_ex_present" +msgstr "upn_dns_info_ex_present" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2416 +msgid "" +"The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " +"'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." +msgstr "" +"PAC має містити розширення буфера UPN-DNS-INFO; неявним чином встановлює " +"«check_upn_dns_info_ex», «upn_dns_info_present» і «check_upn»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2340 +msgid "" +"The following options can be used alone or in a comma-separated list: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Вказаними нижче параметрами можна скористатися окремо або у форматі списку " +"відокремлених комами значень: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2426 +msgid "" +"Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " +"check_upn_dns_info_ex')" +msgstr "" +"Типове значення: no_check (для надавачів AD та IPA — «check_upn, " +"check_upn_allow_missing, check_upn_dns_info_ex»)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2435 +msgid "Session recording configuration options" +msgstr "Параметри налаштовування запису сеансів" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2437 +msgid "" +"Session recording works in conjunction with <citerefentry> " +"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>, a part of tlog package, to log what users see and type when " +"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-" +"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Запис сеансів працює у зв'язці з <citerefentry> <refentrytitle>tlog-rec-" +"session</refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, частиною " +"пакунка tlog, для запису даних, які бачать і вводять користувачі після входу " +"до текстового термінала. Див. також <citerefentry> <refentrytitle>sssd-" +"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2450 +msgid "These options can be used to configure session recording." +msgstr "Цими параметрами можна скористатися для налаштовування запису сеансів." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 +msgid "scope (string)" +msgstr "scope (рядок)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 +msgid "\"none\"" +msgstr "\"none\"" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 +msgid "No users are recorded." +msgstr "Користувачі не записуються." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 +msgid "\"some\"" +msgstr "\"some\"" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 +msgid "" +"Users/groups specified by <replaceable>users</replaceable> and " +"<replaceable>groups</replaceable> options are recorded." +msgstr "" +"Запис вестиметься для користувачів і груп, вказаних параметрами " +"<replaceable>користувачі</replaceable> і <replaceable>групи</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 +msgid "\"all\"" +msgstr "\"all\"" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 +msgid "All users are recorded." +msgstr "Усі користувачі записуються." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 +msgid "" +"One of the following strings specifying the scope of session recording: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Один із вказаних нижче рядків, що визначають область запису сеансів: " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 +msgid "Default: \"none\"" +msgstr "Типове значення: none" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 +msgid "users (string)" +msgstr "users (рядок)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 +msgid "" +"A comma-separated list of users which should have session recording enabled. " +"Matches user names as returned by NSS. I.e. after the possible space " +"replacement, case changes, etc." +msgstr "" +"Список відокремлених комами записів користувачів, для яких увімкнено " +"записування сеансів. Належність до списку визначатиметься за іменами, " +"повернутими NSS, тобто після можливих замін пробілів, змін регістру символів " +"тощо." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 +msgid "Default: Empty. Matches no users." +msgstr "Типове значення: порожнє. Не відповідає жодному користувачу." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 +msgid "groups (string)" +msgstr "groups (рядок)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 +msgid "" +"A comma-separated list of groups, members of which should have session " +"recording enabled. Matches group names as returned by NSS. I.e. after the " +"possible space replacement, case changes, etc." +msgstr "" +"Список відокремлених комами записів груп, для користувачів яких буде " +"увімкнено записування сеансів. Належність до списку визначатиметься за " +"назвами, повернутими NSS, тобто після можливих замін пробілів, змін регістру " +"символів тощо." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 +#: sssd-session-recording.5.xml:161 +msgid "" +"NOTE: using this option (having it set to anything) has a considerable " +"performance cost, because each uncached request for a user requires " +"retrieving and matching the groups the user is member of." +msgstr "" +"Зауваження: використання цього параметра (встановлення для нього будь-якого " +"значення) значно впливає на швидкодію, оскільки некешований запит щодо " +"користувача потребує отримання і встановлення відповідності груп, до яких " +"належить користувач." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 +msgid "Default: Empty. Matches no groups." +msgstr "Типове значення: порожнє. Не відповідає жодній групі." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 +msgid "exclude_users (string)" +msgstr "exclude_users (рядок)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 +msgid "" +"A comma-separated list of users to be excluded from recording, only " +"applicable with 'scope=all'." +msgstr "" +"Список відокремлених комами записів користувачів, яких має бути виключено із " +"записування. Може бути застосовано лише разом із «scope=all»." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 +msgid "Default: Empty. No users excluded." +msgstr "Типове значення: порожнє. Не виключати жодного користувача." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 +msgid "exclude_groups (string)" +msgstr "exclude_groups (рядок)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 +msgid "" +"A comma-separated list of groups, members of which should be excluded from " +"recording. Only applicable with 'scope=all'." +msgstr "" +"Список відокремлених комами записів груп, учасників яких має бути виключено " +"із записування. Може бути застосовано лише разом із «scope=all»." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 +msgid "Default: Empty. No groups excluded." +msgstr "Типове значення: порожнє. Не виключати жодної групи." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2568 +msgid "DOMAIN SECTIONS" +msgstr "РОЗДІЛИ ДОМЕНІВ" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2575 +msgid "enabled" +msgstr "enabled" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2578 +msgid "" +"Explicitly enable or disable the domain. If <quote>true</quote>, the domain " +"is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " +"always <quote>disabled</quote>. If this option is not set, the domain is " +"enabled only if it is listed in the domains option in the <quote>[sssd]</" +"quote> section." +msgstr "" +"Явним чином увімкнути або вимкнути домен. Якщо має значення <quote>true</" +"quote>, домен завжди <quote>увімкнено</quote>. Якщо має значення " +"<quote>false</quote>, домен завжди <quote>вимкнено</quote>. Якщо значення " +"цього параметра не встановлено, домен увімкнено, лише якщо його вказано у " +"параметрі доменів у розділі <quote>[sssd]</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2590 +msgid "domain_type (string)" +msgstr "domain_type (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2593 +msgid "" +"Specifies whether the domain is meant to be used by POSIX-aware clients such " +"as the Name Service Switch or by applications that do not need POSIX data to " +"be present or generated. Only objects from POSIX domains are available to " +"the operating system interfaces and utilities." +msgstr "" +"Визначає, чи призначено домен для використання клієнтами у стандарті POSIX, " +"зокрема NSS, або програмами, які не потребують наявності або створення даних " +"POSIX. Інтерфейсам та інструментам операційних систем доступні лише об'єкти " +"з доменів POSIX." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2601 +msgid "" +"Allowed values for this option are <quote>posix</quote> and " +"<quote>application</quote>." +msgstr "" +"Дозволеними значеннями цього параметра є <quote>posix</quote> і " +"<quote>application</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2605 +msgid "" +"POSIX domains are reachable by all services. Application domains are only " +"reachable from the InfoPipe responder (see <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>) and the PAM responder." +msgstr "" +"Домени POSIX доступні для усіх служб. Домени програм доступні лише з " +"відповідача InfoPipe (див. <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) і відповідача PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2613 +msgid "" +"NOTE: The application domains are currently well tested with " +"<quote>id_provider=ldap</quote> only." +msgstr "" +"ЗАУВАЖЕННЯ: належне тестування у поточній версії виконано лише для доменів " +"application з <quote>id_provider=ldap</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2617 +msgid "" +"For an easy way to configure a non-POSIX domains, please see the " +"<quote>Application domains</quote> section." +msgstr "" +"Щоб ознайомитися із простим способом налаштовування не-POSIX доменів, будь " +"ласка, ознайомтеся із розділом <quote>Домени програм</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2621 +msgid "Default: posix" +msgstr "Типове значення: posix" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2627 +msgid "min_id,max_id (integer)" +msgstr "min_id,max_id (ціле значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2630 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" +"Обмеження UID і GID для домену. Якщо у домені міститься запис, що не " +"відповідає цим обмеженням, його буде проігноровано." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2635 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" +"Для користувачів зміна цього параметра вплине на основне обмеження GID. " +"Запис користувача не буде повернуто до NSS, якщо UID або основний GID не " +"належать вказаному діапазону. Записи користувачів, які не є учасниками " +"основної групи і належать діапазону, буде виведено у звичайному режимі." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2642 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" +"Ці обмеження на ідентифікатори стосуються і збереження записів до кешу, не " +"лише повернення записів за назвою або ідентифікатором." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2646 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "Типові значення: 1 для min_id, 0 (без обмежень) для max_id" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2652 +msgid "enumerate (bool)" +msgstr "enumerate (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2655 +msgid "" +"Determines if a domain can be enumerated, that is, whether the domain can " +"list all the users and group it contains. Note that it is not required to " +"enable enumeration in order for secondary groups to be displayed. This " +"parameter can have one of the following values:" +msgstr "" +"Визначає, чи можна нумерувати домен, тобто, чи може домен створити список " +"усіх користувачів і груп, які у ньому містяться. Зауважте, що вмикання " +"нумерування не є обов'язковим для показу вторинних груп. Цей параметр може " +"мати такі значення:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2663 +msgid "TRUE = Users and groups are enumerated" +msgstr "TRUE = користувачі і групи нумеруються" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2666 +msgid "FALSE = No enumerations for this domain" +msgstr "FALSE = не використовувати нумерацію для цього домену" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 +msgid "Default: FALSE" +msgstr "Типове значення: FALSE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2672 +msgid "" +"Enumerating a domain requires SSSD to download and store ALL user and group " +"entries from the remote server." +msgstr "" +"Нумерування домену потребує від SSSD отримання і зберігання усіх записів " +"користувачів і груп із віддаленого сервера." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2677 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed. This can lead to the <quote>sssd_be</" +"quote> process becoming unresponsive or even restarted by the internal " +"watchdog." +msgstr "" +"Зауваження: вмикання нумерації помірно знизить швидкодію SSSD на час " +"виконання нумерації. Нумерація може тривати до декількох хвилин після " +"запуску SSSD. Протягом виконання нумерації окремі запити щодо даних буде " +"надіслано безпосередньо до LDAP, хоча і з уповільненням через навантаження " +"системи виконанням нумерації. Збереження великої кількості записів до кешу " +"після завершення нумерації може також значно навантажити процесор, оскільки " +"повторне визначення параметрів участі також іноді є складним завданням. Це " +"може призвести до проблем із отриманням відповіді від процесу " +"<quote>sssd_be</quote> або навіть перезапуску усього засобу стеження." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2692 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" +"Під час першого виконання нумерації запити щодо повних списків користувачів " +"та груп можуть не повертати жодних результатів, аж доки нумерацію не буде " +"завершено." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2697 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" +"Крім того, вмикання нумерації може збільшити час, потрібний для виявлення " +"того, що мережеве з’єднання розірвано, оскільки потрібне буде збільшення " +"часу очікування для забезпечення успішного завершення пошуків нумерації. Щоб " +"отримати додаткову інформацію, зверніться до сторінок довідника (man) " +"відповідного використаного засобу обробки ідентифікаторів (id_provider)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2705 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" +"З вказаних вище причин не рекомендуємо вам вмикати нумерацію, особливо у " +"об’ємних середовищах." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2713 +msgid "subdomain_enumerate (string)" +msgstr "subdomain_enumerate (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2720 +msgid "all" +msgstr "all" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2721 +msgid "All discovered trusted domains will be enumerated" +msgstr "Усі виявлені надійні домени буде пронумеровано" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2724 +msgid "none" +msgstr "none" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2725 +msgid "No discovered trusted domains will be enumerated" +msgstr "Нумерація виявлених надійних доменів не виконуватиметься" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2716 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" +"Визначає, чи слід нумерувати усі автоматично виявлені надійні (довірені) " +"домени. Підтримувані значення: <placeholder type=\"variablelist\" id=\"0\"/> " +"Якщо потрібно, можна вказати список з однієї або декількох назв надійних " +"доменів, для яких буде увімкнено нумерацію." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2739 +msgid "entry_cache_timeout (integer)" +msgstr "entry_cache_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2742 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" +"Кількість секунд, протягом яких nss_sss вважатиме записи чинними, перш ніж " +"надсилати повторний запит до сервера" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2746 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" +"Дані щодо часових позначок завершення строку дії записів кешу зберігаються " +"як атрибути окремих об’єктів у кеші. Тому зміна часу очікування на дані у " +"кеші впливає лише на нові записи та записи, строк дії яких вичерпано. Для " +"примусового оновлення записів, які вже було кешовано, вам слід запустити " +"програму <citerefentry> <refentrytitle>sss_cache</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2759 +msgid "Default: 5400" +msgstr "Типове значення: 5400" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2765 +msgid "entry_cache_user_timeout (integer)" +msgstr "entry_cache_user_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2768 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" +"Кількість секунд, протягом яких nss_sss вважатиме записи користувачів " +"чинними, перш ніж надсилати повторний запит до сервера" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 +msgid "Default: entry_cache_timeout" +msgstr "Типове значення: entry_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2778 +msgid "entry_cache_group_timeout (integer)" +msgstr "entry_cache_group_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2781 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" +"Кількість секунд, протягом яких nss_sss вважатиме записи груп чинними, перш " +"ніж надсилати повторний запит до сервера" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2791 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "entry_cache_netgroup_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2794 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" +"Кількість секунд, протягом яких nss_sss вважатиме записи мережевих груп " +"чинними, перш ніж надсилати повторний запит до сервера" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2804 +msgid "entry_cache_service_timeout (integer)" +msgstr "entry_cache_service_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2807 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" +"Кількість секунд, протягом яких nss_sss вважатиме записи служб чинними, перш " +"ніж надсилати повторний запит до сервера" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2817 +msgid "entry_cache_resolver_timeout (integer)" +msgstr "entry_cache_resolver_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2820 +msgid "" +"How many seconds should nss_sss consider hosts and networks entries valid " +"before asking the backend again" +msgstr "" +"Кількість секунд, протягом яких nss_sss вважатиме записи вузлів і мереж " +"чинними, перш ніж надсилати повторний запит до сервера" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2831 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "entry_cache_sudo_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2834 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" +"Кількість секунд, протягом яких sudo вважатиме правила чинними, перш ніж " +"надсилати повторний запит до сервера" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2844 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "entry_cache_autofs_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2847 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" +"Кількість секунд, протягом яких служба autofs вважатиме карти автомонтування " +"чинними, перш ніж надсилати повторний запит до сервера" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2858 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "entry_cache_ssh_host_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2861 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" +"Кількість секунд, протягом яких слід зберігати ключ ssh вузла після " +"оновлення. Іншими словами, параметр визначає тривалість зберігання ключа " +"вузла у кеші." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2872 +msgid "entry_cache_computer_timeout (integer)" +msgstr "entry_cache_computer_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2875 +msgid "" +"How many seconds to keep the local computer entry before asking the backend " +"again" +msgstr "" +"Кількість секунд, протягом яких слід зберігати запис локального комп'ютера, " +"перш ніж надсилати запит до модуля обробки даних знову" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2885 +msgid "refresh_expired_interval (integer)" +msgstr "refresh_expired_interval (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2888 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" +"Визначає кількість секунд, протягом яких SSSD має очікувати до запуску " +"завдання з оновлення у фоновому режимі записів кешу, строк дії яких " +"вичерпано або майже вичерпано." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2893 +msgid "" +"The background refresh will process users, groups and netgroups in the " +"cache. For users who have performed the initgroups (get group membership for " +"user, typically ran at login) operation in the past, both the user entry " +"and the group membership are updated." +msgstr "" +"Під час фонового оновлення виконуватиметься обробка записів користувачів, " +"груп та мережевих груп у кеші. для записів користувачів, для яких " +"виконувалися дії з ініціювання груп (отримання даних щодо участі користувача " +"у групах, які типово виконуються під час входу до системи), буде оновлено і " +"запис користувача, і дані щодо участі у групах." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2901 +msgid "This option is automatically inherited for all trusted domains." +msgstr "Цей параметр автоматично успадковується для усіх довірених доменів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2905 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" +"Варто визначити для цього параметра значення 3/4 * entry_cache_timeout." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2909 +msgid "" +"Cache entry will be refreshed by background task when 2/3 of cache timeout " +"has already passed. If there are existing cached entries, the background " +"task will refer to their original cache timeout values instead of current " +"configuration value. This may lead to a situation in which background " +"refresh task appears to not be working. This is done by design to improve " +"offline mode operation and reuse of existing valid cache entries. To make " +"this change instant the user may want to manually invalidate existing cache." +msgstr "" +"Запис кешу буде оновлено фоновим завданням, якщо минуло 2/3 часу очікування " +"на застарівання кешу. Якщо у кеші вже є записи, фонове завдання звернеться " +"до значень часу очікування на застарівання початкових записів, а не " +"поточного значення у налаштуваннях. Це може призвести до ситуації, у якій " +"здаватиметься, що фонове завдання із оновлення записів не працює. Так " +"зроблено спеціально для удосконалення роботи в автономному режимі і " +"повторного використання наявних коректних записів у кеші. Щоб зробити " +"використання внесеної зміни постійним, користувачу варто вручну скасувати " +"чинність наявного кешу." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 +#: sssd-ipa.5.xml:270 +msgid "Default: 0 (disabled)" +msgstr "Типове значення: 0 (вимкнено)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2928 +msgid "cache_credentials (bool)" +msgstr "cache_credentials (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2942 +msgid "" +"Take a note that while credentials are stored as a salted SHA512 hash, this " +"still potentially poses some security risk in case an attacker manages to " +"get access to a cache file (normally requires privileged access) and to " +"break a password using brute force attack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2956 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "cache_credentials_minimal_first_factor_length (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2959 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" +"Якщо використано двофакторне розпізнавання (2FA) і реєстраційні дані мають " +"зберігатися, це значення визначає мінімальну довжину першого фактора " +"розпізнавання (довготривалого пароля), який має бути збережено у форматі " +"контрольної суми SHA512 у кеші." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2966 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" +"Таким чином забезпечується уникнення випадку, коли короткі PIN-коди " +"заснованої на PIN-кодах схеми 2FA зберігаються у кеші, що робить їх простою " +"мішенню атак із перебиранням паролів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2977 +msgid "account_cache_expiration (integer)" +msgstr "account_cache_expiration (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2980 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" +"Кількість днів, протягом яких записи залишатимуться у кеші після успішного " +"входу до системи до вилучення під час спорожнення кешу. 0 — не вилучати " +"записи. Значення цього параметра має бути більшим або рівним значенню " +"offline_credentials_expiration." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2987 +msgid "Default: 0 (unlimited)" +msgstr "Типове значення: 0 (без обмежень)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2992 +msgid "pwd_expiration_warning (integer)" +msgstr "pwd_expiration_warning (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3003 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" +"Будь ласка, зауважте, що сервер обробки має надати дані щодо часу завершення " +"дії пароля. Якщо ці дані не буде виявлено, sssd не зможе показати " +"попередження. Крім того для цього сервера може бути вказано службу надання " +"даних розпізнавання." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3010 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "Типове значення: 7 (Kerberos), 0 (LDAP)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3016 +msgid "id_provider (string)" +msgstr "id_provider (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3019 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" +"Засіб надання даних ідентифікації, який використовується для цього домену. " +"Серед підтримуваних засобів такі:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3023 +msgid "<quote>proxy</quote>: Support a legacy NSS provider." +msgstr "«proxy»: підтримка застарілого модуля надання даних NSS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3026 +msgid "" +"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" +"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on how to mirror local users and groups into SSSD." +msgstr "" +"<quote>files</quote>: засіб надання даних FILES. Докладніше про те, як " +"працює віддзеркалення локальних користувачів і груп у SSSD, можна дізнатися " +"зі сторінки підручника <citerefentry> <refentrytitle>sssd-files</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3034 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" +"<quote>ldap</quote>: засіб LDAP. Докладніше про налаштовування LDAP можна " +"дізнатися з довідки до <citerefentry> <refentrytitle>sssd-ldap</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +#| "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> for more information on " +#| "configuring FreeIPA." +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." +msgstr "" +"<quote>ipa</quote>: засіб FreeIPA та керування профілями Red Hat Enterprise. " +"Докладніші відомості щодо налаштовування IPA викладено у довіднику з " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum></" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" +"<quote>ad</quote>: засіб Active Directory. Докладніші відомості щодо " +"налаштовування Active Directory викладено у довіднику з <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3062 +msgid "use_fully_qualified_names (bool)" +msgstr "use_fully_qualified_names (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3065 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" +"Використовувати ім’я та домен повністю (у форматі, визначеному " +"full_name_format домену) як ім’я користувача у системі, що повідомляється " +"NSS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3070 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" +"Якщо встановлено значення TRUE, всі запити до цього домену мають " +"використовувати повні назви. Наприклад, якщо використано домен LOCAL, який " +"містить запис користувача «test» user, <command>getent passwd test</command> " +"не покаже користувача, а <command>getent passwd test@LOCAL</command> покаже." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3078 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" +"ЗАУВАЖЕННЯ: цей параметр не впливатиме на пошук у мережевих групах через " +"тенденцію до включення до таких груп вкладених мережевих груп. Для мережевих " +"груп, якщо задано неповну назву, буде виконано пошук у всіх доменах." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3085 +msgid "" +"Default: FALSE (TRUE for trusted domain/sub-domains or if " +"default_domain_suffix is used)" +msgstr "" +"Типове значення: FALSE (TRUE для довірених доменів і піддоменів або якщо " +"використано default_domain_suffix)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3092 +msgid "ignore_group_members (bool)" +msgstr "ignore_group_members (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3095 +msgid "Do not return group members for group lookups." +msgstr "Не повертати записи учасників груп для пошуків груп." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3098 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" +"Якщо встановлено значення TRUE, сервер LDAP не запитуватиме дані щодо " +"атрибутів участі у групах, а списки учасників груп не повертаються під час " +"обробки запитів щодо пошуку груп, зокрема <citerefentry> " +"<refentrytitle>getgrnam</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry> або <citerefentry> <refentrytitle>getgrgid</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry>. Отже, <quote>getent group " +"$groupname</quote> поверне запитану групу так, наче вона була порожня." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3116 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" +"Вмикання цього параметра може також значно пришвидшити перевірки засобу " +"надання доступу для участі у групі, особливо для груп, у яких багато " +"учасників." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 +msgid "" +"This option can be also set per subdomain or inherited via " +"<emphasis>subdomain_inherit</emphasis>." +msgstr "" +"Цей параметр також може бути встановлено для окремого піддомену або " +"успадковано за допомогою <emphasis>subdomain_inherit</emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3132 +msgid "auth_provider (string)" +msgstr "auth_provider (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3135 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" +"Служба розпізнавання, яку використано для цього домену. Серед підтримуваних " +"служб розпізнавання:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> — вбудоване розпізнавання LDAP. Докладніші відомості " +"щодо налаштовування LDAP викладено у довіднику з <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3146 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> — вбудоване розпізнавання Kerberos. Докладніші відомості " +"щодо налаштовування Kerberos викладено у довіднику з <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum></manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3170 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "<quote>proxy</quote> — трансльоване розпізнавання у іншій системі PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3173 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "<quote>none</quote> — вимкнути розпізнавання повністю." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3176 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" +"Типове значення: буде використано <quote>id_provider</quote>, якщо цей " +"спосіб встановлено і можлива обробка запитів щодо розпізнавання." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3182 +msgid "access_provider (string)" +msgstr "access_provider (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3185 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" +"Програма керування доступом для домену. Передбачено дві вбудованих програми " +"керування доступом (окрім всіх встановлених додаткових серверів). " +"Вбудованими програмами є:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3191 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" +"<quote>permit</quote> дозволяти доступ завжди. Єдиний дозволений засіб " +"доступу для локального домену." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3194 +msgid "<quote>deny</quote> always deny access." +msgstr "<quote>deny</quote> — завжди забороняти доступ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3221 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" +"<quote>simple</quote> — керування доступом на основі списків дозволу або " +"заборони. Докладніші відомості щодо налаштовування модуля доступу simple " +"можна знайти у довідці до <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3228 +msgid "" +"<quote>krb5</quote>: .k5login based access control. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> — керування доступом на основі .k5login. Докладніші " +"відомості щодо налаштовування Kerberos викладено у довіднику з " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum></" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3235 +msgid "<quote>proxy</quote> for relaying access control to another PAM module." +msgstr "" +"<quote>proxy</quote> — для трансляції керування доступом до іншого модуля " +"PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3238 +msgid "Default: <quote>permit</quote>" +msgstr "Типове значення: <quote>permit</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3243 +msgid "chpass_provider (string)" +msgstr "chpass_provider (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3246 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" +"Система, яка має обробляти дії зі зміни паролів для домену. Передбачено " +"підтримку таких систем зміни паролів:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3251 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> — змінити пароль, що зберігається на сервері LDAP. " +"Докладніші відомості щодо налаштовування LDAP викладено у довіднику з " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3259 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" +"<quote>krb5</quote> — змінити пароль Kerberos. Докладніші відомості щодо " +"налаштовування Kerberos викладено у довіднику з <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum></manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3284 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "<quote>proxy</quote> — трансльована зміна пароля у іншій системі PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3288 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "<quote>none</quote> — явно вимкнути можливість зміни пароля." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3291 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" +"Типове значення: використовується «auth_provider», якщо встановлено значення " +"цього параметра і якщо система здатна обробляти запити щодо паролів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3298 +msgid "sudo_provider (string)" +msgstr "sudo_provider (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3301 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" +"Служба SUDO, яку використано для цього домену. Серед підтримуваних служб " +"SUDO:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3305 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> для правил, що зберігаються у LDAP. Докладніше про " +"налаштовування LDAP можна дізнатися з довідки до <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3313 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" +"<quote>ipa</quote> — те саме, що і <quote>ldap</quote>, але з типовими " +"параметрами IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3317 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" +"<quote>ad</quote> — те саме, що і <quote>ldap</quote>, але з типовими " +"параметрами AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3321 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "<quote>none</quote> явним чином вимикає SUDO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" +"Типове значення: використовується значення <quote>id_provider</quote>, якщо " +"його встановлено." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3328 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"З докладними настановами щодо налаштовування sudo_provider можна " +"ознайомитися за допомогою сторінки підручника (man) <citerefentry> " +"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>. Передбачено доволі багато параметрів налаштовування, якими " +"можна скористатися для коригування поведінки програми. Докладніший опис " +"можна знайти у розділах щодо «ldap_sudo_*»\" у підручнику з <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3343 +msgid "" +"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " +"background unless the sudo provider is explicitly disabled. Set " +"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related " +"activity in SSSD if you do not want to use sudo with SSSD at all." +msgstr "" +"<emphasis>Зауваження:</emphasis> правила sudo періодично отримуються у " +"фоновому режимі, якщо постачальник даних sudo не вимкнено явним чином. " +"Встановіть значення <emphasis>sudo_provider = None</emphasis>, щоб вимкнути " +"усі дії, пов'язані із sudo у SSSD, якщо ви взагалі не хочете використовувати " +"sudo у SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3353 +msgid "selinux_provider (string)" +msgstr "selinux_provider (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3356 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" +"Засіб, який має відповідати за завантаження параметрів SELinux. Зауважте, що " +"цей засіб буде викликано одразу після завершення роботи служби надання " +"доступу. Передбачено підтримку таких засобів надання даних SELinux:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3362 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> для завантаження параметрів selinux з сервера IPA. " +"Докладніші відомості щодо налаштовування IPA викладено у довіднику з " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3370 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" +"<quote>none</quote> явним чином забороняє отримання даних щодо параметрів " +"SELinux." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3373 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" +"Типове значення: буде використано <quote>id_provider</quote>, якщо цей " +"спосіб встановлено і можлива обробка запитів щодо завантаження SELinux." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3379 +msgid "subdomains_provider (string)" +msgstr "subdomains_provider (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3382 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" +"Засіб надання даних, який має обробляти отримання даних піддоменів. Це " +"значення має завжди збігатися зі значенням id_provider. Передбачено " +"підтримку таких засобів надання даних піддоменів:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3388 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> для завантаження списку піддоменів з сервера IPA. " +"Докладніші відомості щодо налаштовування IPA викладено у довіднику з " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3397 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" +"«ad», з якої слід завантажувати список піддоменів з сервера Active " +"Directory. Див. <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися більше про " +"налаштовування засобу надання даних AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3406 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "<quote>none</quote> забороняє ячним чином отримання даних піддоменів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3416 +msgid "session_provider (string)" +msgstr "session_provider (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3419 +msgid "" +"The provider which configures and manages user session related tasks. The " +"only user session task currently provided is the integration with Fleet " +"Commander, which works only with IPA. Supported session providers are:" +msgstr "" +"Постачальник даних, який налаштовує завдання, пов'язані із сеансами " +"користувачів, і керує ними. Єдиним завданням сеансів користувача у поточній " +"версії є інтеграція із Fleet Commander, який працює лише з IPA. Підтримувані " +"постачальники даних сеансів:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3426 +msgid "<quote>ipa</quote> to allow performing user session related tasks." +msgstr "" +"<quote>ipa</quote>, щоб дозволити пов'язані із сеансами користувачів " +"завдання." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3430 +msgid "" +"<quote>none</quote> does not perform any kind of user session related tasks." +msgstr "" +"<quote>none</quote> — не виконувати жодних пов'язаних із сеансами " +"користувачів завдань." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3434 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can perform " +"session related tasks." +msgstr "" +"Типове значення: використовується значення <quote>id_provider</quote>, якщо " +"його встановлено і дозволено виконувати пов'язані із сеансами завдання." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3438 +msgid "" +"<emphasis>NOTE:</emphasis> In order to have this feature working as expected " +"SSSD must be running as \"root\" and not as the unprivileged user." +msgstr "" +"<emphasis>Зауваження:</emphasis> щоб ця можливість працювала як слід, SSSD " +"має бути запущено від імені користувача root, а не якогось іншого " +"непривілейованого користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3446 +msgid "autofs_provider (string)" +msgstr "autofs_provider (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3449 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" +"Служба autofs, яку використано для цього домену. Серед підтримуваних служб " +"autofs:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3453 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> — завантажити карти, що зберігаються у LDAP. Докладніше " +"про налаштовування LDAP можна дізнатися з довідки до <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3460 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> — завантажити карти, що зберігається на сервері IPA. " +"Докладніші відомості щодо налаштовування IPA викладено у довіднику з " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum></" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3468 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" +"<quote>ad</quote> — завантажити карти, що зберігаються на сервері AD. Див. " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, щоб дізнатися більше про налаштовування засобу " +"надання даних AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3477 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "<quote>none</quote> вимикає autofs повністю." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3487 +msgid "hostid_provider (string)" +msgstr "hostid_provider (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3490 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" +"Засіб надання даних, який використовується для отримання даних щодо профілю " +"вузла. Серед підтримуваних засобів надання hostid:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3494 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> — завантажити профіль системи, що зберігається на сервері " +"IPA. Докладніші відомості щодо налаштовування IPA викладено у довіднику з " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum></" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3502 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "<quote>none</quote> вимикає hostid повністю." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3512 +msgid "resolver_provider (string)" +msgstr "resolver_provider (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3515 +msgid "" +"The provider which should handle hosts and networks lookups. Supported " +"resolver providers are:" +msgstr "" +"Система, яка має обробляти дії зі пошуку вузлів та мереж. Передбачено " +"підтримку таких надавачів даних для визначення:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3519 +msgid "" +"<quote>proxy</quote> to forward lookups to another NSS library. See " +"<quote>proxy_resolver_lib_name</quote>" +msgstr "" +"<quote>proxy</quote> для переспрямовування пошуків до іншої бібліотеки NSS. " +"Див. <quote>proxy_resolver_lib_name</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3523 +msgid "" +"<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> — отримати записи вузлів і мереж, які зберігаються у " +"LDAP. Докладніше про налаштовування LDAP можна дізнатися з довідки до " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3530 +msgid "" +"<quote>ad</quote> to fetch hosts and networks stored in AD. See " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring the AD " +"provider." +msgstr "" +"<quote>ad</quote> — отримати записи вузлів і мереж, які зберігаються на " +"сервері AD. Див. <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися більше про " +"налаштовування засобу надання даних AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3538 +msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." +msgstr "" +"<quote>none</quote> забороняє ячним чином отримання даних вузлів і мереж." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3551 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" +"Формальний вираз для цього домену, який описує спосіб поділи рядка, що " +"містить ім’я користувача та назву домену на ці компоненти. «Домен» може " +"відповідати назві домену налаштувань SSSD або, у випадку піддоменів довіри " +"IPA та доменів Active Directory, простій назві (NetBIOS) домену." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3560 +#, fuzzy +#| msgid "" +#| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +#| "\\(?P<name>.+$))|((?P<name>.+)@(?P<domain>[^@]+$))|(^(?" +#| "P<name>[^@\\\\]+)$))</quote> which allows three different styles " +#| "for user names:" +msgid "" +"Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" +"[^@]+))$</quote> which allows two different styles for user names:" +msgstr "" +"Типовий для засобів надання AD і IPA: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>.+)@(?P<domain>[^@]+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> За його допомогою можна визначати три " +"різні стилі запису імен користувачів:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 +msgid "username" +msgstr "користувач" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 +msgid "username@domain.name" +msgstr "користувач@назва.домену" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3573 +#, fuzzy +#| msgid "" +#| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" +#| "\\(?P<name>.+$))|((?P<name>.+)@(?P<domain>[^@]+$))|(^(?" +#| "P<name>[^@\\\\]+)$))</quote> which allows three different styles " +#| "for user names:" +msgid "" +"Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" +"name>[^@\\\\]+)))$</quote> which allows three different styles for user " +"names:" +msgstr "" +"Типовий для засобів надання AD і IPA: <quote>(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+$))|((?P<name>.+)@(?P<domain>[^@]+$))|(^(?" +"P<name>[^@\\\\]+)$))</quote> За його допомогою можна визначати три " +"різні стилі запису імен користувачів:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3585 +msgid "domain\\username" +msgstr "домен\\користувач" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3588 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" +"Перші два стилі відповідають загальним типовим стилям, а третій введено для " +"того, щоб полегшити інтеграцію користувачів з доменів Windows." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3593 +msgid "" +"The default re_expression uses the <quote>@</quote> character as a separator " +"between the name and the domain. As a result of this setting the default " +"does not accept the <quote>@</quote> character in short names (as it is " +"allowed in Windows group names). If a user wishes to use short names with " +"<quote>@</quote> they must create their own re_expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3645 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "Типове значення: <quote>%1$s@%2$s</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3651 +msgid "lookup_family_order (string)" +msgstr "lookup_family_order (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3654 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" +"Надає можливість вибрати бажане сімейство адрес, яке слід використовувати " +"під час виконання пошуків у DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3658 +msgid "Supported values:" +msgstr "Передбачено підтримку таких значень:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3661 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" +"ipv4_first: спробувати визначити адресу у форматі IPv4, у разі невдачі " +"спробувати формат IPv6" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3664 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" +"ipv4_only: намагатися визначити назви вузлів лише у форматі адрес IPv4." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3667 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" +"ipv6_first: спробувати визначити адресу у форматі IPv6, у разі невдачі " +"спробувати формат IPv4" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3670 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" +"ipv6_only: намагатися визначити назви вузлів лише у форматі адрес IPv6." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3673 +msgid "Default: ipv4_first" +msgstr "Типове значення: ipv4_first" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3679 +msgid "dns_resolver_server_timeout (integer)" +msgstr "dns_resolver_server_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3682 +msgid "" +"Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " +"server before trying next DNS server." +msgstr "" +"Визначає проміжок часу (у мілісекундах), протягом якого SSSD намагатиметься " +"обмінятися даними із сервером DNS, перш ніж пробувати наступний сервер DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3687 +msgid "" +"The AD provider will use this option for the CLDAP ping timeouts as well." +msgstr "" +"Надавач даних AD використовуватиме цей параметр також для визначення часу " +"очікування на відгук на луна-імпульс CLDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 +msgid "" +"Please see the section <quote>FAILOVER</quote> for more information about " +"the service resolution." +msgstr "" +"Будь ласка, ознайомтеся із розділом <quote>РЕЗЕРВ</quote>, щоб дізнатися " +"більше про розв'язування питань, пов'язаних із службами." + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 +msgid "Default: 1000" +msgstr "Типове значення: 1000" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3702 +msgid "dns_resolver_op_timeout (integer)" +msgstr "dns_resolver_op_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3705 +msgid "" +"Defines the amount of time (in seconds) to wait to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or DNS discovery." +msgstr "" +"Визначає тривалість (у секундах) періоду, протягом якого програма чекатиме " +"на завершення виконання окремого запиту DNS (наприклад встановлення назви " +"вузла або запису SRV), перш ніж перейти до наступної назви вузла або пошуку " +"наступного DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3722 +msgid "dns_resolver_timeout (integer)" +msgstr "dns_resolver_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3725 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the " +"internal fail over service before assuming that the service is unreachable. " +"If this timeout is reached, the domain will continue to operate in offline " +"mode." +msgstr "" +"Визначає кількість часу (у секундах) очікування відповіді від внутрішньої " +"служби перемикання на резервний ресурс, перш ніж службу буде визначено " +"недоступним. Якщо час очікування буде перевищено, домен продовжуватиме " +"роботу у автономному режимі." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3743 +msgid "dns_resolver_use_search_list (bool)" +msgstr "dns_resolver_use_search_list (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3746 +msgid "" +"Normally, the DNS resolver searches the domain list defined in the " +"\"search\" directive from the resolv.conf file. This can lead to delays in " +"environments with improperly configured DNS." +msgstr "" +"Зазвичай, розв'язувач адрес DNS виконує пошук у списку доменів, який " +"визначено інструкцією «search» у файлі resolv.conf. Це може призвести до " +"затримок у середовищах, де DNS не налаштовано належним чином." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3752 +msgid "" +"If fully qualified domain names (or _srv_) are used in the SSSD " +"configuration, setting this option to FALSE can prevent unnecessary DNS " +"lookups in such environments." +msgstr "" +"Якщо у налаштуваннях SSSD використано повні назви доменів (або _srv_), " +"встановлення для цього параметра значення FALSE може запобігти непотрібним " +"пошукам DNS у таких середовищах." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3758 +msgid "Default: TRUE" +msgstr "Типове значення: TRUE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3764 +msgid "dns_discovery_domain (string)" +msgstr "dns_discovery_domain (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3767 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" +"Якщо у модулі обробки використовується визначення служб, вказує доменну " +"частину запиту визначення служб DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3771 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" +"Типова поведінка: використовувати назву домену з назви вузла комп’ютера." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3777 +msgid "override_gid (integer)" +msgstr "override_gid (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3780 +msgid "Override the primary GID value with the one specified." +msgstr "Замірити значення основного GID на вказане." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3786 +msgid "case_sensitive (string)" +msgstr "case_sensitive (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3793 +msgid "True" +msgstr "True" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3796 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" +"Враховується регістр. Це значення є некоректним для засобу надання даних AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3802 +msgid "False" +msgstr "False" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3804 +msgid "Case insensitive." +msgstr "Без врахування регістру." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3808 +msgid "Preserving" +msgstr "Preserving" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3811 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" +"Те саме, що і False (без врахування регістру символів), але без переведення " +"у нижній регістр імен у результатах дій NSS. Зауважте, що альтернативні " +"імена (у випадку служб також назви протоколів) у виведених даних все одно " +"буде переведено у нижній регістр." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3819 +msgid "" +"If you want to set this value for trusted domain with IPA provider, you need " +"to set it on both the client and SSSD on the server." +msgstr "" +"Якщо ви хочете встановити це значення для довіреного домену із надавачем " +"даних IPA, вам доведеться встановити його на боці клієнта і SSSD на сервері." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3789 +msgid "" +"Treat user and group names as case sensitive. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Зважати на регістр символів у назвах записів користувачів і груп. Можливі " +"значення: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3834 +msgid "Default: True (False for AD provider)" +msgstr "Типове значення: True (False для засобу надання даних AD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3840 +msgid "subdomain_inherit (string)" +msgstr "subdomain_inherit (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3843 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" +"Визначає список параметрів налаштування, які слід успадковувати для " +"піддомену. Будь ласка, зауважте, що успадковуватимуться лише вказані " +"параметри. У поточній версії передбачено можливість успадковування таких " +"параметрів:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3849 +msgid "ldap_search_timeout" +msgstr "ldap_search_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3852 +msgid "ldap_network_timeout" +msgstr "ldap_network_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3855 +msgid "ldap_opt_timeout" +msgstr "ldap_opt_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3858 +msgid "ldap_offline_timeout" +msgstr "ldap_offline_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3861 +msgid "ldap_enumeration_refresh_timeout" +msgstr "ldap_enumeration_refresh_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3864 +msgid "ldap_enumeration_refresh_offset" +msgstr "ldap_enumeration_refresh_offset" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3867 +msgid "ldap_purge_cache_timeout" +msgstr "ldap_purge_cache_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3870 +msgid "ldap_purge_cache_offset" +msgstr "ldap_purge_cache_offset" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3873 +msgid "" +"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " +"is not set explicitly)" +msgstr "" +"ldap_krb5_keytab (значення krb5_keytab буде використано, якщо " +"ldap_krb5_keytab не встановлено явним чином)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3877 +msgid "ldap_krb5_ticket_lifetime" +msgstr "ldap_krb5_ticket_lifetime" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3880 +msgid "ldap_enumeration_search_timeout" +msgstr "ldap_enumeration_search_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3883 +msgid "ldap_connection_expire_timeout" +msgstr "ldap_connection_expire_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3886 +msgid "ldap_connection_expire_offset" +msgstr "ldap_connection_expire_offset" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3889 +msgid "ldap_connection_idle_timeout" +msgstr "ldap_connection_idle_timeout" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 +msgid "ldap_use_tokengroups" +msgstr "ldap_use_tokengroups" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3895 +msgid "ldap_user_principal" +msgstr "ldap_user_principal" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3898 +msgid "ignore_group_members" +msgstr "ignore_group_members" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3901 +msgid "auto_private_groups" +msgstr "auto_private_groups" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3904 +msgid "case_sensitive" +msgstr "case_sensitive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:3909 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3916 +msgid "Note: This option only works with the IPA and AD provider." +msgstr "" +"Зауваження: цей параметр працює лише для засобів надання даних IPA і AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3923 +msgid "subdomain_homedir (string)" +msgstr "subdomain_homedir (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3934 +msgid "%F" +msgstr "%F" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3935 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "спрощена (NetBIOS) назва піддомену." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3926 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Використовувати вказаний домашній каталог як типовий для всіх піддоменів у " +"цьому домені у межах довіри AD IPA. Дані щодо можливих значень наведено у " +"описі параметра <emphasis>override_homedir</emphasis>. Крім того, " +"розгортання можна використовувати лише з <emphasis>subdomain_homedir</" +"emphasis>. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3940 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" +"Це значення може бути перевизначено параметром <emphasis>override_homedir</" +"emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3944 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "Типове значення: <filename>/home/%d/%u</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3949 +msgid "realmd_tags (string)" +msgstr "realmd_tags (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3952 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" +"Різноманітні теґи, що зберігаються службою налаштовування realmd для цього " +"домену." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3958 +msgid "cached_auth_timeout (int)" +msgstr "cached_auth_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3961 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode. If the credentials are incorrect, SSSD falls back to online " +"authentication." +msgstr "" +"Визначає час у секундах з моменту останнього успішного розпізнавання у " +"мережі, для якого користувача буде розпізнано за допомогою кешованих " +"реєстраційних даних, доки SSSD перебуває у режимі «у мережі». Якщо " +"реєстраційні дані є помилковими, SSSD повертається до інтерактивного " +"розпізнавання." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3969 +msgid "" +"This option's value is inherited by all trusted domains. At the moment it is " +"not possible to set a different value per trusted domain." +msgstr "" +"Значення цього параметра успадковується усіма довіреними доменами. У " +"поточній версії не передбачено можливості встановлювати окремі різні " +"значення для різних довірених доменів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3974 +msgid "Special value 0 implies that this feature is disabled." +msgstr "Спеціальне значення 0 означає, що цю можливість вимкнено." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3978 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" +"Будь ласка, зауважте, що якщо <quote>cached_auth_timeout</quote> має більше " +"значення за <quote>pam_id_timeout</quote>, модуль може бути викликано для " +"обробки <quote>initgroups</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "" +#| "The following example creates a container named 'mycontainer': " +#| "<placeholder type=\"programlisting\" id=\"0\"/>" +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"У наступному прикладі створюємо контейнер із назвою «mycontainer»: " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: mail" +msgid "Default: match" +msgstr "Типове значення: mail" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 +msgid "auto_private_groups (string)" +msgstr "auto_private_groups (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4050 +msgid "true" +msgstr "true" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4053 +msgid "" +"Create user's private group unconditionally from user's UID number. The GID " +"number is ignored in this case." +msgstr "" +"Безумовно створює приватну групу користувача на основі номера UID " +"користувача. У цьому випадку номер GID буде проігноровано." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4057 +msgid "" +"NOTE: Because the GID number and the user private group are inferred from " +"the UID number, it is not supported to have multiple entries with the same " +"UID or GID number with this option. In other words, enabling this option " +"enforces uniqueness across the ID space." +msgstr "" +"Зауваження: оскільки номер GID і приватна група користувача успадковуються з " +"номера UID, підтримки декількох записів із однаковим номером UID або GID у " +"цьому параметрі не передбачено. Іншими словами, вмикання цього параметра " +"примусово встановлює унікальність записів у просторі ідентифікаторів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4066 +msgid "false" +msgstr "false" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4069 +msgid "" +"Always use the user's primary GID number. The GID number must refer to a " +"group object in the LDAP database." +msgstr "" +"Завжди використовувати номер основної GID користувача. Номер GID має " +"вказувати на об'єкт групи у базі даних LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4075 +msgid "hybrid" +msgstr "hybrid" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4078 +msgid "" +"A primary group is autogenerated for user entries whose UID and GID numbers " +"have the same value and at the same time the GID number does not correspond " +"to a real group object in LDAP. If the values are the same, but the primary " +"GID in the user entry is also used by a group object, the primary GID of the " +"user resolves to that group object." +msgstr "" +"Основна група створюється автоматично для записів користувача, значення UID " +"і GID яких збігаються і, одночасно, номер GID не відповідає справжньому " +"об'єкту групи у LDAP. Якщо значення є однаковими, але основне значення GID у " +"записі користувача також використовується як об'єкт групи, основний GID " +"цього користувача визначатиме цей об'єкт групи." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4091 +msgid "" +"If the UID and GID of a user are different, then the GID must correspond to " +"a group entry, otherwise the GID is simply not resolvable." +msgstr "" +"Якщо UID і GID користувача є різними, значення GID має відповідати запису " +"групи, інакше надійне визначення GID буде просто неможливим." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4098 +msgid "" +"This feature is useful for environments that wish to stop maintaining a " +"separate group objects for the user private groups, but also wish to retain " +"the existing user private groups." +msgstr "" +"Ця можливість є корисною для середовищ, де бажаним є усування потреби у " +"супроводі окремих об'єктів груп для користувачів у приватних групах, але зі " +"збереженням наявних приватних груп для користувачів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4047 +msgid "" +"This option takes any of three available values: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Цей параметр приймає будь-яке з таких трьох доступних значень: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4110 +msgid "" +"For subdomains, the default value is False for subdomains that use assigned " +"POSIX IDs and True for subdomains that use automatic ID-mapping." +msgstr "" +"Для піддоменів типовим значенням є False для тих піддоменів, які пов'язано " +"із ідентифікаторами POSIX, і True для тих піддоменів, для яких " +"використовується автоматична прив'язка до ідентифікаторів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4118 +#, no-wrap +msgid "" +"[domain/forest.domain/sub.domain]\n" +"auto_private_groups = false\n" +msgstr "" +"[domain/forest.domain/sub.domain]\n" +"auto_private_groups = false\n" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4124 +#, no-wrap +msgid "" +"[domain/forest.domain]\n" +"subdomain_inherit = auto_private_groups\n" +"auto_private_groups = false\n" +msgstr "" +"[domain/forest.domain]\n" +"subdomain_inherit = auto_private_groups\n" +"auto_private_groups = false\n" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4115 +msgid "" +"The value of auto_private_groups can either be set per subdomains in a " +"subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " +"globally for all subdomains in the main domain section using the " +"subdomain_inherit option: <placeholder type=\"programlisting\" id=\"1\"/>" +msgstr "" +"Значення параметра auto_private_groups може встановлюватися або на рівні " +"окремих піддоменів у підрозділі, приклад: <placeholder " +"type=\"programlisting\" id=\"0\"/> або на загальному рівні для усіх " +"піддоменів у основному розділі домену за допомогою параметра " +"subdomain_inherit: <placeholder type=\"programlisting\" id=\"1\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2570 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Ці параметри налаштування може бути вказано у розділі налаштування домену, " +"тобто у розділі з назвою <quote>[domain/<replaceable>НАЗВА</replaceable>]</" +"quote> <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4139 +msgid "proxy_pam_target (string)" +msgstr "proxy_pam_target (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4142 +msgid "The proxy target PAM proxies to." +msgstr "Комп’ютер, для якого виконує проксі-сервер PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4145 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." +msgstr "" +"Типове значення: типово не встановлено, вам слід скористатися вже створеними " +"налаштуваннями pam або створити нові і тут додати назву служби." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4155 +msgid "proxy_lib_name (string)" +msgstr "proxy_lib_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4158 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" +"Назва бібліотеки NSS для використання у доменах з проксі-серверами. Функції " +"NSS шукаються у бібліотеці у форматі _nss_$(назва_бібліотеки)_$(функція), " +"наприклад _nss_files_getpwent." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4168 +msgid "proxy_resolver_lib_name (string)" +msgstr "proxy_resolver_lib_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4171 +msgid "" +"The name of the NSS library to use for hosts and networks lookups in proxy " +"domains. The NSS functions searched for in the library are in the form of " +"_nss_$(libName)_$(function), for example _nss_dns_gethostbyname2_r." +msgstr "" +"Назва бібліотеки NSS для використання для пошуку вузлів і мереж у доменах з " +"проксі-серверами. Функції NSS шукаються у бібліотеці у форматі " +"_nss_$(назва_бібліотеки)_$(функція), наприклад _nss_dns_gethostbyname2_r." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4182 +msgid "proxy_fast_alias (boolean)" +msgstr "proxy_fast_alias (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4185 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" +"Під час пошуку запису користувача чи групи за назвою у системі надання даних " +"переадресації виконується вторинний пошук за ідентифікатором з метою " +"визначення «канонічної» форми назви, якщо результат знайдено за " +"альтернативною назвою (псевдонімом). Встановлення для цього параметра " +"значення «true» призведе до того, що SSSD виконуватиме пошук ідентифікатора " +"у кеші, щоб пришвидшити надання результатів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4199 +msgid "proxy_max_children (integer)" +msgstr "proxy_max_children (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4202 +msgid "" +"This option specifies the number of pre-forked proxy children. It is useful " +"for high-load SSSD environments where sssd may run out of available child " +"slots, which would cause some issues due to the requests being queued." +msgstr "" +"Цей параметр визначає кількість попередньо розгалужених дочірніх проксі. Він " +"корисний для високонавантажених середовищ SSSD, де sssd може вичерпати " +"кількість доступних дочірніх слотів, що може спричинити деякі вади через " +"використання черги запитів." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4135 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"Параметри, які є чинними для доменів проксі. <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:4218 +msgid "Application domains" +msgstr "Домени програм (application)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4220 +msgid "" +"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " +"applications as a gateway to an LDAP directory where users and groups are " +"stored. However, contrary to the traditional SSSD deployment where all users " +"and groups either have POSIX attributes or those attributes can be inferred " +"from the Windows SIDs, in many cases the users and groups in the application " +"support scenario have no POSIX attributes. Instead of setting a " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the " +"administrator can set up an <quote>[application/<replaceable>NAME</" +"replaceable>]</quote> section that internally represents a domain with type " +"<quote>application</quote> optionally inherits settings from a tradition " +"SSSD domain." +msgstr "" +"SSSD, з його інтерфейсом D-Bus (див. <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) є привабливим для " +"програм як шлюз до каталогу LDAP, де зберігаються дані користувачів і груп. " +"Втім, на відміну від традиційного формату роботи SSSD, де усі користувачі і " +"групи або мають атрибути POSIX, або ці атрибути може бути успадковано з SID " +"Windows, у багатьох випадках користувачі і групи у сценарії підтримки роботи " +"програм не мають атрибутів POSIX. Замість визначення розділу <quote>[domain/" +"<replaceable>НАЗВА</replaceable>]</quote> адміністратор може визначити " +"розділ <quote>[application/<replaceable>НАЗВА</replaceable>]</quote>, який " +"на внутрішньому рівні представляє домен типу <quote>application</quote>, " +"який може успадковувати параметр з традиційного домену SSSD." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4240 +msgid "" +"Please note that the application domain must still be explicitly enabled in " +"the <quote>domains</quote> parameter so that the lookup order between the " +"application domain and its POSIX sibling domain is set correctly." +msgstr "" +"Будь ласка, зауважте, що домен програм має так само явним чином увімкнено у " +"параметрі <quote>domains</quote>, отже порядок пошуку між доменом програм і " +"його доменом-близнюком у POSIX має бути встановлено належним чином." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:4246 +msgid "Application domain parameters" +msgstr "Параметри доменів програм" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4248 +msgid "inherit_from (string)" +msgstr "inherit_from (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4251 +msgid "" +"The SSSD POSIX-type domain the application domain inherits all settings " +"from. The application domain can moreover add its own settings to the " +"application settings that augment or override the <quote>sibling</quote> " +"domain settings." +msgstr "" +"Домен типу POSIX SSSD, з якого домен програм успадковує усі параметри. Далі, " +"домен програм поже додавати власні параметри до параметрів програми, які " +"розширюють або перевизначають параметри домену-<quote>близнюка</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4265 +msgid "" +"The following example illustrates the use of an application domain. In this " +"setup, the POSIX domain is connected to an LDAP server and is used by the OS " +"through the NSS responder. In addition, the application domain also requests " +"the telephoneNumber attribute, stores it as the phone attribute in the cache " +"and makes the phone attribute reachable through the D-Bus interface." +msgstr "" +"У наведеному нижче прикладі проілюстровано використання домену програм. У " +"цій конфігурації домен POSIX з'єднано із сервером LDAP, він використовується " +"операційною системою через відповідач NSS. Крім того, домен програм також " +"надсилає запит щодо атрибута telephoneNumber, зберігає його як атрибут phone " +"у кеші і робить атрибут phone доступним через інтерфейс D-Bus." + +#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> +#: sssd.conf.5.xml:4273 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = appdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +phone\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/appdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = phone:telephoneNumber\n" +msgstr "" +"[sssd]\n" +"domains = appdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +phone\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/appdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = phone:telephoneNumber\n" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4293 +msgid "TRUSTED DOMAIN SECTION" +msgstr "РОЗДІЛ ДОВІРЕНИХ ДОМЕНІВ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4295 +msgid "" +"Some options used in the domain section can also be used in the trusted " +"domain section, that is, in a section called <quote>[domain/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</" +"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base " +"domain. Please refer to examples below for explanation. Currently supported " +"options in the trusted domain section are:" +msgstr "" +"Деякі параметри, які використовуються у розділі домену, можна також " +"використовувати у розділі довіреного домену, тобто у розділі, який " +"називається <quote>[domain/<replaceable>НАЗВА_ДОМЕНУ</replaceable>/" +"<replaceable>НАЗВА_ДОВІРЕНОГО_ДОМЕНУ</replaceable>]</quote>. Де НАЗВА_ДОМЕНУ " +"є справжнім базовим доменом для долучення. Приклади наведено нижче. У " +"поточній версії підтримуваними параметрами у розділі довіреного домену є " +"такі параметри:" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4302 +msgid "ldap_search_base," +msgstr "ldap_search_base," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4303 +msgid "ldap_user_search_base," +msgstr "ldap_user_search_base," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4304 +msgid "ldap_group_search_base," +msgstr "ldap_group_search_base," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4305 +msgid "ldap_netgroup_search_base," +msgstr "ldap_netgroup_search_base," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4306 +msgid "ldap_service_search_base," +msgstr "ldap_service_search_base," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4307 +msgid "ldap_sasl_mech," +msgstr "ldap_sasl_mech," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4308 +msgid "ad_server," +msgstr "ad_server," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4309 +msgid "ad_backup_server," +msgstr "ad_backup_server," + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4310 +msgid "ad_site," +msgstr "ad_site," + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 +msgid "use_fully_qualified_names" +msgstr "use_fully_qualified_names" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4315 +msgid "" +"For more details about these options see their individual description in the " +"manual page." +msgstr "" +"Докладніший опис цих параметрів можна знайти у окремих описах на сторінці " +"підручника." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4321 +msgid "CERTIFICATE MAPPING SECTION" +msgstr "РОЗДІЛ ПРИВ'ЯЗКИ СЕРТИФІКАТІВ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4323 +msgid "" +"To allow authentication with Smartcards and certificates SSSD must be able " +"to map certificates to users. This can be done by adding the full " +"certificate to the LDAP object of the user or to a local override. While " +"using the full certificate is required to use the Smartcard authentication " +"feature of SSH (see <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> for details) it " +"might be cumbersome or not even possible to do this for the general case " +"where local services use PAM for authentication." +msgstr "" +"Щоб уможливити розпізнавання за смарткартками та сертифікатами, SSSD повинна " +"мати можливість пов'язувати сертифікати із записами користувачів. " +"Забезпечити таку можливість можна додаванням повного сертифіката до об'єкта " +"LDAP користувача або локальним перевизначенням. Хоча використання повного " +"сертифіката є обов'язковим для використання можливості розпізнавання за " +"смарткарткою у (див. <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, щоб дізнатися " +"більше), додавання таких сертифікатів може бути марудною або навіть " +"неможливою справою для загального випадку, коли локальні служби " +"використовують для розпізнавання PAM." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4337 +msgid "" +"To make the mapping more flexible mapping and matching rules were added to " +"SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for details)." +msgstr "" +"Для додавання гнучкості прив'язкам у SSSD додано правила прив'язки і " +"встановлення відповідності (докладніше про це у розділі <citerefentry> " +"<refentrytitle>sss-certmap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4346 +msgid "" +"A mapping and matching rule can be added to the SSSD configuration in a " +"section on its own with a name like <quote>[certmap/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</" +"replaceable>]</quote>. In this section the following options are allowed:" +msgstr "" +"Правила пов'язування та відповідності можна додати до налаштувань SSSD у " +"окремий розділ із назвою, подібною до <quote>[certmap/" +"<replaceable>НАЗВА_ДОМЕНУ</replaceable>/<replaceable>НАЗВА_ПРАВИЛА</" +"replaceable>]</quote>. У цьому розділі можна використовувати такі параметри:" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4353 +msgid "matchrule (string)" +msgstr "matchrule (рядок)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4356 +msgid "" +"Only certificates from the Smartcard which matches this rule will be " +"processed, all others are ignored." +msgstr "" +"Буде виконано обробку лише тих сертифікатів зі смарткартки, які відповідають " +"цьому правилу. Усі інші сертифікати буде проігноровано." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4360 +msgid "" +"Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " +"Extended Key Usage <quote>clientAuth</quote>" +msgstr "" +"Типове значення: KRB5:<EKU>clientAuth, тобто лише сертифікати, у яких " +"Extended Key Usage (розширене використання ключа) дорівнює " +"<quote>clientAuth</quote>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4367 +msgid "maprule (string)" +msgstr "maprule (рядок)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4370 +msgid "Defines how the user is found for a given certificate." +msgstr "Визначає спосіб пошуку користувача для вказаного сертифіката." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4376 +msgid "" +"LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " +"<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." +msgstr "" +"LDAP:(userCertificate;binary={cert!bin}) для заснованих на LDAP надавачів " +"даних, зокрема <quote>ldap</quote>, <quote>AD</quote> та <quote>ipa</quote>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4382 +msgid "" +"The RULE_NAME for the <quote>files</quote> provider which tries to find a " +"user with the same name." +msgstr "" +"RULE_NAME для надавача даних <quote>files</quote>, який намагається знайти " +"запис користувача і такою самою назвою." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4391 +msgid "domains (string)" +msgstr "domains (рядок)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4394 +msgid "" +"Comma separated list of domain names the rule should be applied. By default " +"a rule is only valid in the domain configured in sssd.conf. If the provider " +"supports subdomains this option can be used to add the rule to subdomains as " +"well." +msgstr "" +"Список відокремлених комами назв доменів, до яких слід застосовувати " +"правило. Типово, правило стосуватиметься лише домену, який налаштовано у " +"sssd.conf. Якщо для надавача даних передбачено підтримку піддоменів, цей " +"параметр можна використати і для додавання правила до піддоменів." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4401 +msgid "Default: the configured domain in sssd.conf" +msgstr "Типове значення: домен, який налаштовано у sssd.conf" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4406 +msgid "priority (integer)" +msgstr "priority (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4409 +msgid "" +"Unsigned integer value defining the priority of the rule. The higher the " +"number the lower the priority. <quote>0</quote> stands for the highest " +"priority while <quote>4294967295</quote> is the lowest." +msgstr "" +"Ціле невід'ємне значення, яке визначає пріоритетність правила. Чим більшим є " +"значення, тим нижчою є пріоритетність. <quote>0</quote> — найвища " +"пріоритетність, а <quote>4294967295</quote> — найнижча." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4415 +msgid "Default: the lowest priority" +msgstr "Типове значення: найнижча пріоритетність" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4421 +msgid "" +"To make the configuration simple and reduce the amount of configuration " +"options the <quote>files</quote> provider has some special properties:" +msgstr "" +"Щоб спростити налаштовування із зменшити кількість параметрів " +"налаштовування, у надавачі даних <quote>files</quote> передбачено декілька " +"спеціальних властивостей:" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4427 +msgid "" +"if maprule is not set the RULE_NAME name is assumed to be the name of the " +"matching user" +msgstr "" +"якщо не встановлено maprule, припускається, що значенням RULE_NAME є назва " +"відповідного облікового запису користувача" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4433 +msgid "" +"if a maprule is used both a single user name or a template like " +"<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " +"<quote>(username)</quote> or <quote>({subject_rfc822_name.short_name})</" +"quote>" +msgstr "" +"якщо maprule використовує обидва, назву облікового запису окремого " +"користувача або шаблон, подібний до <quote>{назва_об'єкта_rfc822." +"коротка_назва}</quote>, слід брати у дужки, наприклад <quote>(користувач)</" +"quote> або <quote>({назва_об'єкта_rfc822.коротка_назва})</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4442 +msgid "the <quote>domains</quote> option is ignored" +msgstr "параметр <quote>domains</quote> буде проігноровано" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4450 +msgid "PROMPTING CONFIGURATION SECTION" +msgstr "РОЗДІЛ НАЛАШТОВУВАННЯ ЗАПИТІВ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4452 +msgid "" +"If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" +"filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " +"which authentication methods are available for the user trying to log in. " +"Based on the results pam_sss will prompt the user for appropriate " +"credentials." +msgstr "" +"Якщо існує спеціальний файл (<filename>/var/lib/sss/pubconf/" +"pam_preauth_available</filename>), модуль PAM SSSD pam_sss надсилатиме запит " +"до SSSD для визначення того, які методи розпізнавання доступні для " +"користувача, який намагається увійти до системи. На основі отриманих " +"результатів pam_sss надсилатиме запит до користувача щодо відповідних " +"реєстраційних даних." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4460 +msgid "" +"With the growing number of authentication methods and the possibility that " +"there are multiple ones for a single user the heuristic used by pam_sss to " +"select the prompting might not be suitable for all use cases. The following " +"options should provide a better flexibility here." +msgstr "" +"Зростання кількості способів розпізнавання та можливість того, що для " +"окремого користувача передбачено декілька способів, призводить до того, що " +"евристика, яка використовується pam_sss для вибору запиту може не " +"спрацьовувати в усіх можливих випадках. Підвищення гнучкості системи у таких " +"випадках мають забезпечити описані нижче параметри." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4472 +msgid "[prompting/password]" +msgstr "[prompting/password]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4475 +msgid "password_prompt" +msgstr "password_prompt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4476 +msgid "to change the string of the password prompt" +msgstr "для зміни рядка запиту пароля" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4474 +msgid "" +"to configure password prompting, allowed options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"для налаштовування запиту щодо пароля; дозволені параметри: <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4484 +msgid "[prompting/2fa]" +msgstr "[prompting/2fa]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4488 +msgid "first_prompt" +msgstr "first_prompt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4489 +msgid "to change the string of the prompt for the first factor" +msgstr "для зміни рядка запиту для першого фактора" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4492 +msgid "second_prompt" +msgstr "second_prompt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4493 +msgid "to change the string of the prompt for the second factor" +msgstr "для зміни рядка запиту для другого фактора" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4496 +msgid "single_prompt" +msgstr "single_prompt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4497 +msgid "" +"boolean value, if True there will be only a single prompt using the value of " +"first_prompt where it is expected that both factors are entered as a single " +"string. Please note that both factors have to be entered here, even if the " +"second factor is optional." +msgstr "" +"булеве значення. Якщо True, буде виконано лише один запит із використанням " +"значення first_prompt. Припускатиметься, що обидва фактори введено як один " +"рядок. Будь ласка, зауважте, що тут може бути введено обидва фактори, навіть " +"якщо другий фактор не є обов'язковим." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4486 +msgid "" +"to configure two-factor authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " +"optional and it should be possible to log in either only with the password " +"or with both factors two-step prompting has to be used." +msgstr "" +"для налаштовування запитів щодо двофакторного розпізнавання. Можливі " +"варіанти значень: <placeholder type=\"variablelist\" id=\"0\"/> Якщо другий " +"фактор є необов'язковим і має бути збережено можливість входу або лише за " +"паролем, або за двома факторами, має бути використано двокроковий запит." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4514 +#, fuzzy +#| msgid "[prompting/password]" +msgid "[prompting/passkey]" +msgstr "[prompting/password]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 +msgid "interactive" +msgstr "interactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4522 +msgid "" +"boolean value, if True prompt a message and wait before testing the presence " +"of a passkey device. Recommended if your device doesn’t have a tactile " +"trigger." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4530 +#, fuzzy +#| msgid "interactive" +msgid "interactive_prompt" +msgstr "interactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4532 +#, fuzzy +#| msgid "to change the string of the password prompt" +msgid "to change the message of the interactive prompt." +msgstr "для зміни рядка запиту пароля" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4537 +msgid "touch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4539 +msgid "" +"boolean value, if True prompt a message to remind the user to touch the " +"device." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4545 +#, fuzzy +#| msgid "first_prompt" +msgid "touch_prompt" +msgstr "first_prompt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4547 +#, fuzzy +#| msgid "to change the string of the password prompt" +msgid "to change the message of the touch prompt." +msgstr "для зміни рядка запиту пароля" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4516 +#, fuzzy +#| msgid "" +#| "to configure two-factor authentication prompting, allowed options are: " +#| "<placeholder type=\"variablelist\" id=\"0\"/>" +msgid "" +"to configure passkey authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"для налаштовування запиту щодо двофакторного розпізнавання; дозволені " +"параметри: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4467 +#, fuzzy +#| msgid "" +#| "Each supported authentication method has its own configuration subsection " +#| "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " +#| "type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" " +#| "id=\"1\"/>" +msgid "" +"Each supported authentication method has its own configuration subsection " +"under <quote>[prompting/...]</quote>. Currently there are: <placeholder " +"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/" +"> <placeholder type=\"variablelist\" id=\"2\"/>" +msgstr "" +"У кожного з підтримуваних способів розпізнавання є власний підрозділ " +"налаштувань у <quote>[prompting/...]</quote>. У поточній версії це: " +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder " +"type=\"variablelist\" id=\"1\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4558 +msgid "" +"It is possible to add a subsection for specific PAM services, e.g. " +"<quote>[prompting/password/sshd]</quote> to individual change the prompting " +"for this service." +msgstr "" +"Передбачено можливість додавання підрозділу для специфічних служб PAM, " +"наприклад <quote>[prompting/password/sshd]</quote>, для окремої зміни запиту " +"для цієї служби." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +msgid "EXAMPLES" +msgstr "ПРИКЛАДИ" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4571 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4567 +msgid "" +"1. The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" +"1. Нижче наведено приклад типових налаштувань SSSD. Налаштування самого " +"домену не наведено, — щоб дізнатися більше про неї, ознайомтеся з " +"документацією щодо налаштовування доменів. <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4604 +#, no-wrap +msgid "" +"[domain/ipa.com/child.ad.com]\n" +"use_fully_qualified_names = false\n" +msgstr "" +"[domain/ipa.com/child.ad.com]\n" +"use_fully_qualified_names = false\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4598 +msgid "" +"2. The following example shows configuration of IPA AD trust where the AD " +"forest consists of two domains in a parent-child structure. Suppose IPA " +"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain " +"(child.ad.com). To enable shortnames in the child domain the following " +"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/" +">" +msgstr "" +"2. У наведеному нижче прикладі показано налаштування довіри AD у IPA, де ліс " +"AD складається з двох доменів у структурі батьківський-дочірній. Нехай домен " +"IPA (ipa.com) має стосунки довіри з доменом AD (ad.com). ad.com має дочірній " +"домен (child.ad.com). Щоб увімкнути скорочені назви у дочірньому домені, " +"слід скористатися наведеними нижче налаштуваннями. <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4615 +#, fuzzy, no-wrap +#| msgid "" +#| "[certmap/my.domain/rule_name]\n" +#| "matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +#| "maprule = (userCertificate;binary={cert!bin})\n" +#| "domains = my.domain, your.domain\n" +#| "priority = 10\n" +#| "\n" +#| "[certmap/files/myname]\n" +#| "matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$<SUBJECT>^CN=User.Name,DC=MY,DC=DOMAIN$\n" +msgid "" +"[certmap/my.domain/rule_name]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +"maprule = (userCertificate;binary={cert!bin})\n" +"domains = my.domain, your.domain\n" +"priority = 10\n" +msgstr "" +"[certmap/my.domain/rule_name]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +"maprule = (userCertificate;binary={cert!bin})\n" +"domains = my.domain, your.domain\n" +"priority = 10\n" +"\n" +"[certmap/files/myname]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$<SUBJECT>^CN=User.Name,DC=MY,DC=DOMAIN$\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4609 +#, fuzzy +#| msgid "" +#| "3. The following example shows the configuration for two certificate " +#| "mapping rules. The first is valid for the configured domain <quote>my." +#| "domain</quote> and additionally for the subdomains <quote>your.domain</" +#| "quote> and uses the full certificate in the search filter. The second " +#| "example is valid for the domain <quote>files</quote> where it is assumed " +#| "the files provider is used for this domain and contains a matching rule " +#| "for the local user <quote>myname</quote>. <placeholder " +#| "type=\"programlisting\" id=\"0\"/>" +msgid "" +"3. The following example shows the configuration of a certificate mapping " +"rule. It is valid for the configured domain <quote>my.domain</quote> and " +"additionally for the subdomains <quote>your.domain</quote> and uses the full " +"certificate in the search filter. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" +"3. У наведеному нижче прикладі показано налаштування для двох правил " +"пов'язування сертифікатів. Перше є чинним для налаштованого домену <quote>my." +"domain</quote> і, додатково, для піддоменів <quote>your.domain</quote> і " +"використовує повний сертифікат у фільтрі пошуку. Другий приклад є чинним для " +"домену <quote>files</quote>, де припускається, що для цього домену " +"використовується засіб надання даних файлів, і містить правило відповідності " +"для локального користувача <quote>myname</quote>. <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "sssd-ldap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "Модуль надання даних LDAP SSSD" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:21 pam_sss.8.xml:63 pam_sss_gss.8.xml:30 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21 +#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 +#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sssd-krb5.5.xml:21 +#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 +#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 +#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30 +#: sssd-files.5.xml:21 sssd-session-recording.5.xml:21 sssd-kcm.8.xml:21 +#: sssd-systemtap.5.xml:21 sssd-ldap-attributes.5.xml:21 +#: sssd_krb5_localauth_plugin.8.xml:20 +msgid "DESCRIPTION" +msgstr "ОПИС" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" +"На цій сторінці довідника описано налаштування доменів LDAP для " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Щоб дізнатися більше про синтаксис налаштування, зверніться " +"до розділу «ФОРМАТ ФАЙЛА» сторінки довідника <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "Ви можете налаштувати SSSD на використання декількох доменів LDAP." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." +msgstr "" +"У основному модулі LDAP передбачено підтримку засобів надання ідентифікатора " +"(id), уповноважень (auth), доступу (access) та зміни паролів (chpass). Якщо " +"ви бажаєте виконувати розпізнавання на сервері LDAP, потрібен TLS/SSL або " +"LDAPS. У <command>sssd</command> <emphasis>не передбачено</emphasis> " +"підтримки розпізнавання за допомогою шифрованого каналу обміну даними. Якщо " +"сервер LDAP використовується лише для надання даних профілів, потреби у " +"шифруванні каналу обміну даними немає. Будь ласка, зверніться до опису " +"параметра налаштування <quote>ldap_access_filter</quote>, щоб дізнатися " +"більше про використання LDAP, як засобу керування доступом." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 +#: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 +msgid "CONFIGURATION OPTIONS" +msgstr "ПАРАМЕТРИ НАЛАШТУВАННЯ" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:67 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "ldap_uri, ldap_backup_uri (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"Визначає список адрес серверів LDAP, відокремлених комами, з якими SSSD має " +"встановлювати з’єднання у порядку пріоритету. Зверніться до розділу " +"«РЕЗЕРВ», щоб дізнатися більше про перемикання на резервні ресурси та " +"додаткові сервери. Якщо не вказано, буде використано автоматичне виявлення " +"служб. Докладніші відомості можна знайти у розділі «ПОШУК СЛУЖБ»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:77 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "Формат адреси має відповідати формату, що визначається RFC 2732:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:80 +msgid "ldap[s]://<host>[:port]" +msgstr "ldap[s]://<вузол>[:порт]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:83 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" +"У явних адресах IPv6 <вузол> має бути вказано у квадратних дужках, []" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:86 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "приклад: ldap://[fc00::126:25]:389" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:92 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" +"Визначає список адрес серверів LDAP, відокремлених комами, з якими SSSD має " +"встановлювати з’єднання у порядку пріоритету для зміни пароля користувача. " +"Зверніться до розділу «РЕЗЕРВ», щоб дізнатися більше про перемикання на " +"резервні ресурси та додаткові сервери." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:102 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" +"Для того, щоб уможливити визначення служб, слід встановити значення " +"параметра ldap_chpass_dns_service_name." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:106 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "Типове значення: порожнє, тобто використовується ldap_uri." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:112 +msgid "ldap_search_base (string)" +msgstr "ldap_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:115 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" +"Типова базова назва домену, яку слід використовувати для виконання дій від " +"імені користувача LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" +"Починаючи з SSSD 1.7.0, у SSSD передбачено підтримку визначення декількох " +"основ для пошуку за допомогою таких синтаксичних конструкцій:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:123 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "основа_пошуку[?діапазон?[фільтр][?основа_пошуку?діапазон?[фільтр]]*]" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" +"Діапазоном може бути одне зі значень, «base» (основа), «onelevel» (окремий " +"рівень) або «subtree» (піддерево)." + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" +"Фільтром має бути коректний запис фільтрування LDAP, відповідно до " +"специфікації http://www.ietf.org/rfc/rfc2254.txt" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 +msgid "Examples:" +msgstr "Приклади:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:136 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" +"ldap_search_base = dc=example,dc=com (еквівалентне до) ldap_search_base = " +"dc=example,dc=com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:141 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" +"Зауваження: підтримки визначення декількох основ пошуку з посиланням на " +"об’єкти з однаковими назвами (наприклад груп з однаковою назвою у двох " +"різних основах пошуку) не передбачено. Такі визначення можуть призвести до " +"непередбачуваних результатів на клієнтських комп’ютерах." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:151 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" +"Типове значення: якщо значення не встановлено, буде використано значення " +"атрибута defaultNamingContext або namingContexts з RootDSE сервера LDAP. " +"Якщо запису defaultNamingContext не існує або цей запис має порожнє " +"значення, буде використано namingContexts. Для роботи системи потрібно, щоб " +"атрибут namingContexts має єдине значення DN бази пошуку сервера LDAP. " +"Підтримки визначення декількох значень не передбачено." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:165 +msgid "ldap_schema (string)" +msgstr "ldap_schema (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" +"Визначає тип схеми, що використовується на сервері LDAP призначення. " +"Відповідно до вибраної схеми, типові назви атрибутів, отриманих з сервера, " +"можуть бути різними. Спосіб обробки атрибутів також може бути різним." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:175 +msgid "Four schema types are currently supported:" +msgstr "У поточній версії передбачено підтримку чотирьох типів схем:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:179 +msgid "rfc2307" +msgstr "rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:184 +msgid "rfc2307bis" +msgstr "rfc2307bis" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:189 +msgid "IPA" +msgstr "IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:194 +msgid "AD" +msgstr "AD" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:200 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" +"Основною відмінністю між цими типами схем є спосіб запису даних щодо участі " +"у групах на сервері. Відповідно до rfc2307, список учасників груп " +"впорядковується за користувачами у атрибуті <emphasis>memberUid</emphasis>. " +"Відповідно до rfc2307bis і IPA, список учасників груп впорядковується за " +"назвою домену (DN) і зберігається у атрибуті <emphasis>member</emphasis>. " +"Відповідно до типу схеми AD, встановлюється відповідність зі значеннями " +"Active Directory 2008r2." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:210 +msgid "Default: rfc2307" +msgstr "Типове значення: rfc2307" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:216 +msgid "ldap_pwmodify_mode (string)" +msgstr "ldap_pwmodify_mode (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:219 +msgid "Specify the operation that is used to modify user password." +msgstr "Визначає дію, яку буде здійснено для зміни пароля користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:223 +msgid "Two modes are currently supported:" +msgstr "У поточній версії передбачено два режими:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:227 +msgid "exop - Password Modify Extended Operation (RFC 3062)" +msgstr "exop — розширена дія зі зміни пароля (RFC 3062)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:233 +msgid "ldap_modify - Direct modification of userPassword (not recommended)." +msgstr "" +"ldap_modify — безпосереднє внесення змін до userPassword (не рекомендуємо)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:240 +msgid "" +"Note: First, a new connection is established to verify current password by " +"binding as the user that requested password change. If successful, this " +"connection is used to change the password therefore the user must have write " +"access to userPassword attribute." +msgstr "" +"Зауваження: спочатку буде встановлено нове з'єднання для перевірки поточного " +"пароля шляхом прив'язування до системи від імені користувача, від якого " +"надійшов запит щодо зміни пароля. Якщо з'єднання вдасться встановити, його " +"буде використано для зміни пароля, тому у користувача має бути доступ до " +"запису атрибута userPassword." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:248 +msgid "Default: exop" +msgstr "Типове значення: exop" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:254 +msgid "ldap_default_bind_dn (string)" +msgstr "ldap_default_bind_dn (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" +"Типова назва домену прив’язки, яку слід використовувати для виконання дій " +"LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:264 +msgid "ldap_default_authtok_type (string)" +msgstr "ldap_default_authtok_type (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:267 +msgid "The type of the authentication token of the default bind DN." +msgstr "Тип розпізнавання для типової назви сервера прив’язки." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:271 +msgid "The two mechanisms currently supported are:" +msgstr "У поточній версії передбачено підтримку двох механізмів:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:274 +msgid "password" +msgstr "password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:277 +msgid "obfuscated_password" +msgstr "obfuscated_password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:280 +msgid "Default: password" +msgstr "Типове значення: password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "" +"See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more information." +msgstr "" +"Щоб дізнатися більше, ознайомтеся зі сторінкою підручника щодо " +"<citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:294 +msgid "ldap_default_authtok (string)" +msgstr "ldap_default_authtok (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:297 +msgid "The authentication token of the default bind DN." +msgstr "Лексема розпізнавання типової назви сервера прив’язки." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:303 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "ldap_force_upper_case_realm (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:306 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" +"Деякі з серверів каталогів, наприклад Active Directory, можуть надавати " +"частину області адреси UPN лише малими літерами (літерами нижнього " +"регістру), що може призвести до невдалої спроби розпізнавання. Встановіть " +"ненульове значення цього параметра, якщо ви бажаєте використовувати назву " +"області у верхньому регістрі." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:319 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "ldap_enumeration_refresh_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" +"Визначає кількість секунд, протягом яких SSSD має очікувати до оновлення " +"свого кешу нумерованих записів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:338 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "ldap_purge_cache_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:341 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" +"Визначає частоту пошуків у кеші неактивних записів (зокрема груп без " +"учасників та користувачів, які ніколи не входили до системи) та вилучення " +"цих записів з метою економії місця." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:347 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" +"Встановлення нульового значення цього параметра вимикає дію з очищення кешу. " +"Будь ласка, зауважте, що якщо увімкнено нумерацію, дія з очищення є " +"необхідною з метою виявлення записів, вилучених із сервера, її не можна " +"вимикати. Типово, дія з очищення, якщо увімкнено нумерацію, виконується " +"кожні 3 години." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:367 +msgid "ldap_group_nesting_level (integer)" +msgstr "ldap_group_nesting_level (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:370 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" +"Якщо ldap_schema встановлено у значення формату схеми, у якому передбачено " +"підтримку вкладеності груп (наприклад RFC2307bis), цей параметр визначає " +"кількість рівнів вкладеності, які оброблятимуться SSSD. Значення цього " +"параметра буде проігноровано, якщо використано схему RFC2307." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" +"Зауваження: за допомогою цього параметра визначається гарантований рівень " +"вкладеності груп для обробки під час будь-якого пошуку. Втім, <emphasis>може " +"бути</emphasis> повернуто і групи із більшим рівнем вкладеності, якщо під " +"час попередніх пошуків відбувалася обробка вищих рівнів вкладеності. Крім " +"того, послідовні пошуки інших груп можуть розширити набір результатів " +"початкового пошуку, якщо запити щодо пошуку надходять повторно." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" +"Якщо значенням ldap_group_nesting_level є 0, вкладені групи взагалі не " +"оброблятимуться. Втім, якщо з’єднання встановлено з Active-Directory Server " +"2008 та новішими версіями з використанням <quote>id_provider=ad</quote>, " +"слід також вимкнути використання груп реєстраційних записів (Token-Groups) " +"встановленням для параметра ldap_use_tokengroups значення false з метою " +"обмеження вкладеності у групах." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:395 +msgid "Default: 2" +msgstr "Типове значення: 2" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:404 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" +"За допомогою цього параметра можна увімкнути або вимкнути використання " +"атрибута Token-Groups під час виконання initgroup для користувачів Active " +"Directory Server 2008 та новіших версій." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: True for AD and IPA otherwise False." +msgstr "Типове значення: True для AD і IPA, інакше False." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_host_search_base (string)" +msgstr "ldap_host_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" +"Необов’язковий. Використати вказаний рядок як основу пошуку об’єктів вузлів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" +"Ознайомтеся з розділом щодо «ldap_search_base», щоб дізнатися більше про " +"налаштування декількох основ пошуку." + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "Типове значення: значення <emphasis>ldap_search_base</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:439 +msgid "ldap_service_search_base (string)" +msgstr "ldap_service_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:444 +msgid "ldap_iphost_search_base (string)" +msgstr "ldap_iphost_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:449 +msgid "ldap_ipnetwork_search_base (string)" +msgstr "ldap_ipnetwork_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:454 +msgid "ldap_search_timeout (integer)" +msgstr "ldap_search_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:457 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" +"Визначає час очікування на дані (у секундах) для виконання пошуків ldap, " +"перш ніж пошук буде скасовано з поверненням кешованих даних (і переходом до " +"автономного режиму роботи)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:463 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" +"Зауваження: роботу цього параметра буде змінено у наступних версіях SSSD. " +"Ймовірно, його буде колись замінено на послідовність часів очікування для " +"окремих типів пошуків." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:480 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "ldap_enumeration_search_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:483 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" +"Визначає час очікування на дані (у секундах) для виконання пошуків номерів " +"користувачів та груп у ldap, перш ніж пошук буде скасовано з поверненням " +"кешованих даних (і переходом до автономного режиму роботи)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:501 +msgid "ldap_network_timeout (integer)" +msgstr "ldap_network_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" +"Визначає час очікування (у секундах), після завершення якого <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> з наступним <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> повертається до стану бездіяльності." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:532 +msgid "ldap_opt_timeout (integer)" +msgstr "ldap_opt_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:535 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" +"Визначає час очікування (у секундах), після завершення якого виклики до " +"синхронних програмних інтерфейсів LDAP буде перервано, якщо не буде отримано " +"відповіді. Також керує часом очікування під час обміну даними з KDC у " +"випадку прив’язки SASL, часом очікування на дію з прив’язування LDAP, " +"розширеної операції зі зміни пароля та дії StartTLS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:555 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "ldap_connection_expire_timeout (ціле значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:558 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" +"Визначає час очікування (у секундах), протягом якого підтримуватиметься " +"з’єднання з сервером LDAP. По завершенню цього часу буде зроблено спробу " +"повторно встановити з’єднання. У разі використання паралельно до SASL/GSSAPI " +"буде використано перше за часом значення (це значення або значення строку " +"дії TGT)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:566 +msgid "" +"If the connection is idle (not actively running an operation) within " +"<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " +"closed early to ensure that a new query cannot require the connection to " +"remain open past its expiration. This implies that connections will always " +"be closed immediately and will never be reused if " +"<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" +msgstr "" +"Якщо з'єднання є бездіяльним (жодна дія у ньому не виконується активно) " +"протягом <emphasis>ldap_opt_timeout</emphasis> секунд завершення строку дії, " +"його буде передчасно розірвано, щоб новий запит не міг потребувати, щоб " +"з'єднання лишалося відкритим після завершення його строку дії. Неявним " +"чином, це означає, що з'єднання завжди розриватимуться негайно і не " +"використовуватимуться повторно, якщо " +"<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:578 +msgid "" +"This timeout can be extended of a random value specified by " +"<emphasis>ldap_connection_expire_offset</emphasis>" +msgstr "" +"Цей час очікування може бути подовжено випадковим значенням, яке вказано " +"параметром <emphasis>ldap_connection_expire_offset</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 +msgid "Default: 900 (15 minutes)" +msgstr "Типове значення: 900 (15 хвилин)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_connection_expire_offset (integer)" +msgstr "ldap_connection_expire_offset (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"Random offset between 0 and configured value is added to " +"<emphasis>ldap_connection_expire_timeout</emphasis>." +msgstr "" +"Випадковий зсув від 0 до налаштованого значення, який буде додано до " +"<emphasis>ldap_connection_expire_timeout</emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:613 +msgid "ldap_connection_idle_timeout (integer)" +msgstr "ldap_connection_idle_timeout (ціле значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:616 +msgid "" +"Specifies a timeout (in seconds) that an idle connection to an LDAP server " +"will be maintained. If the connection is idle for more than this time then " +"the connection will be closed." +msgstr "" +"Визначає час очікування (у секундах), протягом якого підтримуватиметься " +"бездіяльне з’єднання з сервером LDAP. Якщо з'єднання лишатиметься " +"бездіяльним понад цей час, з'єднання буде розірвано." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:622 +msgid "You can disable this timeout by setting the value to 0." +msgstr "Ви можете вимкнути цей час очікування, встановивши значення 0." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:637 +msgid "ldap_page_size (integer)" +msgstr "ldap_page_size (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:640 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" +"Визначити кількість записів, які слід отримати з LDAP у відповідь на один " +"запит. На деяких серверах LDAP визначено обмеження максимальної кількості на " +"один запит." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:651 +msgid "ldap_disable_paging (boolean)" +msgstr "ldap_disable_paging (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:654 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" +"Вимикає контроль сторінок LDAP. Цим параметром слід скористатися, якщо " +"сервер LDAP повідомляє про підтримку контролю сторінок LDAP у своєму " +"RootDSE, але цю підтримку не увімкнено або вона не працює належним чином." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:660 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" +"Приклад: сервери OpenLDAP з модулем контролю сторінок, встановленим на " +"сервері, але не увімкненим, повідомляють про підтримку у RootDSE, але цією " +"підтримкою не можна скористатися." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:666 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" +"Приклад: 389 DS має ваду, пов’язану з тим, що здатен підтримувати лише один " +"процес контролю сторінок для одного з’єднання. У разі значного навантаження " +"це може призвести до відмови у виконанні запитів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:678 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "ldap_disable_range_retrieval (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:681 +msgid "Disable Active Directory range retrieval." +msgstr "Вимкнути отримання діапазону Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:684 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" +"У Active Directory за допомогою правила MaxValRange (типове значення 1500 " +"записів) обмежується кількість записів, які може бути отримано під час " +"пошуку. Якщо у певній групі міститься більше записів учасників, до відповіді " +"буде включено специфічне для AD розширення діапазону. За допомогою цього " +"параметра можна вимкнути обробку розширення діапазону, отже великі групи " +"буде представлено як такі, у яких немає учасників." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:699 +msgid "ldap_sasl_minssf (integer)" +msgstr "ldap_sasl_minssf (ціле значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:702 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" +"Під час обміну даними з сервером LDAP за допомогою SASL визначає мінімальний " +"рівень захисту, потрібний для встановлення з’єднання. Значення цього " +"параметра визначається OpenLDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" +"Типове значення: типове для системи значення (зазвичай, визначається у ldap." +"conf)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:715 +msgid "ldap_sasl_maxssf (integer)" +msgstr "ldap_sasl_maxssf (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:718 +msgid "" +"When communicating with an LDAP server using SASL, specify the maximal " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" +"Під час обміну даними з сервером LDAP за допомогою SASL визначає " +"максимальний рівень захисту, потрібний для встановлення з’єднання. Значення " +"цього параметра визначається OpenLDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:731 +msgid "ldap_deref_threshold (integer)" +msgstr "ldap_deref_threshold (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:734 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" +"Вказує кількість учасників групи, записів яких має не вистачати у " +"зовнішньому кеші для запуску загального пошуку з розіменуванням. Якщо " +"пропущених записів буде менше за вказану кількість, пошук для них " +"виконуватиметься окремо." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:740 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0. " +"Please note that there are some codepaths in SSSD, like the IPA HBAC " +"provider, that are only implemented using the dereference call, so even with " +"dereference explicitly disabled, those parts will still use dereference if " +"the server supports it and advertises the dereference control in the rootDSE " +"object." +msgstr "" +"Ви можете повністю вимкнути запити щодо розіменувань встановленням значення " +"0. Будь ласка, зауважте, що у коді SSSD, зокрема засобу надання даних HBAC " +"IPA, є інструкції, які реалізовано лише з використанням викликів щодо " +"розіменування, тому навіть явне вимикання розіменувань не призведе до " +"вимикання розіменувань у цих частинах коду, якщо на сервері передбачено " +"підтримку розіменувань і оголошено про керування розіменуваннями у об'єкті " +"rootDSE." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:751 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" +"Пошук з розіменуванням — це отримання всіх записів учасників групи за одним " +"викликом LDAP. У різних серверах LDAP може бути передбачено різні способи " +"розіменування. У поточній версії передбачено підтримку серверів 389/RHDS, " +"OpenLDAP та Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:759 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" +"<emphasis>Зауваження:</emphasis> якщо у одній з основ пошуку визначається " +"фільтр пошуку, покращення швидкодії фільтрів розіменування буде вимкнено, " +"незалежно від використання цього параметра." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:772 +msgid "ldap_ignore_unreadable_references (bool)" +msgstr "ldap_ignore_unreadable_references (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:775 +msgid "" +"Ignore unreadable LDAP entries referenced in group's member attribute. If " +"this parameter is set to false an error will be returned and the operation " +"will fail instead of just ignoring the unreadable entry." +msgstr "" +"Ігнорувати непридатні до читання записи LDAP, на які посилається атрибут " +"учасника групи. Якщо для цього параметра встановлено значення «false», буде " +"повернуто повідомлення про помилку, а дія завершиться помилкою, замість " +"простого ігнорування непридатного до читання запису." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:782 +msgid "" +"This parameter may be useful when using the AD provider and the computer " +"account that sssd uses to connect to AD does not have access to a particular " +"entry or LDAP sub-tree for security reasons." +msgstr "" +"Цей параметр може бути корисним, якщо використано надавач даних AD, і " +"обліковий запис комп'ютера, який sssd використовує для встановлення " +"з'єднання із AD, не має доступу до певного запису або піддерева LDAP з " +"міркувань безпеки." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:795 +msgid "ldap_tls_reqcert (string)" +msgstr "ldap_tls_reqcert (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:798 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" +"Визначає перелік перевірок, які слід виконати для сертифікатів серверів у " +"сеансі TLS, якщо такі перевірки слід виконувати. Може бути визначено одне з " +"таких значень:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" +"<emphasis>never</emphasis> = клієнт не надсилатиме запиту і не перевірятиме " +"жодних сертифікатів сервера." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:808 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" +"<emphasis>allow</emphasis> = надіслати запит щодо сертифіката сервера. Якщо " +"сертифікат не буде надано, продовжити сеанс у звичайному режимі. Якщо буде " +"надано помилковий сертифікат, ігнорувати і продовжити сеанс у звичайному " +"режимі." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:815 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" +"<emphasis>try</emphasis> = надіслати запит щодо сертифіката сервера. Якщо " +"сертифікат не буде надано, продовжити сеанс у звичайному режимі. Якщо буде " +"надано помилковий сертифікат, негайно перервати сеанс." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:821 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" +"<emphasis>demand</emphasis> = надіслати запит щодо сертифіката сервера. Якщо " +"сертифікат не буде надано або буде надано помилковий сертифікат, негайно " +"перервати сеанс." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:827 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "<emphasis>hard</emphasis> = те саме, що і <quote>demand</quote>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:831 +msgid "Default: hard" +msgstr "Типове значення: hard" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:837 +msgid "ldap_tls_cacert (string)" +msgstr "ldap_tls_cacert (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:840 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" +"Визначає файл, який містить сертифікати для всіх служб сертифікації, які " +"розпізнаються <command>sssd</command>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" +"Типове значення: використовувати типові параметри OpenLDAP, що зберігаються " +"у <filename>/etc/openldap/ldap.conf</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:852 +msgid "ldap_tls_cacertdir (string)" +msgstr "ldap_tls_cacertdir (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:855 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" +"Визначає шлях до каталогу, де у окремих файлах містяться сертифікати служб " +"сертифікації (CA). Типовими назвами файлів є хеші сертифікатів з додаванням " +"«.0». Для створення відповідних назв можна скористатися " +"<command>cacertdir_rehash</command>, якщо ця програма є доступною." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:870 +msgid "ldap_tls_cert (string)" +msgstr "ldap_tls_cert (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:873 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "Визначає файл, який містить сертифікат для ключа клієнта." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:883 +msgid "ldap_tls_key (string)" +msgstr "ldap_tls_key (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:886 +msgid "Specifies the file that contains the client's key." +msgstr "Визначає файл, у якому міститься ключ клієнта." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:895 +msgid "ldap_tls_cipher_suite (string)" +msgstr "ldap_tls_cipher_suite (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:898 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" +"Визначає прийнятні комплекти програм для шифрування. Записи у типовому " +"списку слід відокремлювати комами. З форматом можна ознайомитися на сторінці " +"довідника до <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "ldap_id_use_start_tls (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." +msgid "" +"Specifies that the id_provider connection must also use <systemitem " +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." +msgstr "" +"Визначає, що з’єднання id_provider має також використовувати <systemitem " +"class=\"protocol\">tls</systemitem> для захисту каналу." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_id_mapping (boolean)" +msgstr "ldap_id_mapping (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" +"Визначає, що SSSD має намагатися встановити відповідність ідентифікаторів " +"користувача і групи на основі атрибутів ldap_user_objectsid та " +"ldap_group_objectsid, замість атрибутів ldap_user_uid_number та " +"ldap_group_gid_number." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:934 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" +"У поточній версії у цій можливості передбачено підтримку лише встановлення " +"відповідності objectSID у ActiveDirectory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:944 +msgid "ldap_min_id, ldap_max_id (integer)" +msgstr "ldap_min_id, ldap_max_id (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:947 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" +"На відміну від прив’язування ідентифікаторів на основі SID, яке " +"використовується, якщо параметр ldap_id_mapping має значення true, діапазон " +"дозволених ідентифікаторів для ldap_user_uid_number і ldap_group_gid_number " +"є необмеженим. У конфігураціях з піддоменами та довіреними доменами це може " +"призвести до конфліктів ідентифікаторів. Щоб уникнути конфліктів, можна " +"встановити значення ldap_min_id і ldap_max_id для обмеження дозволеного " +"діапазону ідентифікаторів, які буде прочитано безпосередньо з сервера. Після " +"цього піддомени можуть вибирати інші діапазони для прив’язування " +"ідентифікаторів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:959 +msgid "Default: not set (both options are set to 0)" +msgstr "" +"Типове значення: не встановлено (обидва параметри встановлено у значення 0)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:965 +msgid "ldap_sasl_mech (string)" +msgstr "ldap_sasl_mech (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:968 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " +"tested and supported." +msgstr "" +"Визначає механізм SASL, який слід використовувати. У поточній версії " +"перевірено і передбачено підтримку лише механізмів GSSAPI та GSS-SPNEGO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:972 +msgid "" +"If the backend supports sub-domains the value of ldap_sasl_mech is " +"automatically inherited to the sub-domains. If a different value is needed " +"for a sub-domain it can be overwritten by setting ldap_sasl_mech for this " +"sub-domain explicitly. Please see TRUSTED DOMAIN SECTION in " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" +"Якщо у модулі обробки передбачено підтримку піддоменів, значення для " +"піддоменів ldap_sasl_mech буде автоматично успадковано від домену. Якщо для " +"якогось піддомену потрібне інше значення, його можна перезаписати " +"встановленням ldap_sasl_mech для цього піддомену окремо. Докладніший опис " +"можна знайти у розділі щодо довірених доменів у підручнику з " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:988 +msgid "ldap_sasl_authid (string)" +msgstr "ldap_sasl_authid (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ldap.5.xml:1000 +#, no-wrap +msgid "" +"hostname@REALM\n" +"netbiosname$@REALM\n" +"host/hostname@REALM\n" +"*$@REALM\n" +"host/*@REALM\n" +"host/*\n" +" " +msgstr "" +"hostname@REALM\n" +"netbiosname$@REALM\n" +"host/hostname@REALM\n" +"*$@REALM\n" +"host/*@REALM\n" +"host/*\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:991 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " +"this represents the Kerberos principal used for authentication to the " +"directory. This option can either contain the full principal (for example " +"host/myhost@EXAMPLE.COM) or just the principal name (for example host/" +"myhost). By default, the value is not set and the following principals are " +"used: <placeholder type=\"programlisting\" id=\"0\"/> If none of them are " +"found, the first principal in keytab is returned." +msgstr "" +"Визначає ідентифікатор уповноваження SASL, яким слід скористатися. Якщо " +"використовується GSSAPI/GSS-SPNEGO, цим ідентифікатором є реєстраційні дані " +"Kerberos, які використовуються для розпізнавання при доступі до каталогу. " +"Цей параметр може містити або повні реєстраційні дані (наприклад host/" +"myhost@EXAMPLE.COM) або просто назву реєстраційного запису (наприклад host/" +"myhost). Типово, значення не встановлено і використовуються такі " +"реєстраційні записи: <placeholder type=\"programlisting\" id=\"0\"/> Якщо " +"жоден з них не буде знайдено, буде повернуто перший реєстраційний запис у " +"таблиці ключів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1011 +msgid "Default: host/hostname@REALM" +msgstr "Типове значення: вузол/назва_вузла@ОБЛАСТЬ" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1017 +msgid "ldap_sasl_realm (string)" +msgstr "ldap_sasl_realm (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" +"Визначає область SASL, яку слід використовувати. Якщо не вказано значення, " +"типовим значенням цього параметра є значення krb5_realm. Якщо " +"ldap_sasl_authid також містить запис області, цей параметр буде " +"проігноровано." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1026 +msgid "Default: the value of krb5_realm." +msgstr "Типове значення: значення krb5_realm." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1032 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "ldap_sasl_canonicalize (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1035 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" +"Якщо встановлено значення true (1), бібліотека LDAP виконувати зворотній " +"пошук з метою переведення назв вузлів у канонічну форму під час прив’язки до " +"SASL." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1040 +msgid "Default: false;" +msgstr "Типове значення: false;" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1046 +msgid "ldap_krb5_keytab (string)" +msgstr "ldap_krb5_keytab (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1049 +msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." +msgstr "" +"Визначає таблицю ключів, яку слід використовувати разом з SASL/GSSAPI/GSS-" +"SPNEGO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" +"Типове значення: системна таблиця ключів, зазвичай <filename>/etc/krb5." +"keytab</filename>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1064 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "ldap_krb5_init_creds (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1067 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI or GSS-SPNEGO." +msgstr "" +"Визначає, що id_provider має ініціалізувати реєстраційні дані Kerberos " +"(TGT). Цю дію буде виконано, лише якщо використовується SASL і вибрано " +"механізм GSSAPI або GSS-SPNEGO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1079 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "ldap_krb5_ticket_lifetime (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." +msgstr "" +"Визначає строк дії (у секундах) TGT, якщо використовується GSSAPI або GSS-" +"SPNEGO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 +msgid "Default: 86400 (24 hours)" +msgstr "Типове значення: 86400 (24 години)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "krb5_server, krb5_backup_server (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1100 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" +"Визначає список IP-адрес або назв вузлів, відокремлених комами, серверів " +"Kerberos, з якими SSSD має встановлювати з’єднання. Список має бути " +"впорядковано за пріоритетом. Докладніше про резервування та додаткові " +"сервери можна дізнатися з розділу «РЕЗЕРВ». До адрес або назв вузлів може " +"бути додано номер порту (перед номером слід вписати двокрапку). Якщо " +"параметр матиме порожнє значення, буде увімкнено виявлення служб. Докладніше " +"про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" +"Під час використання виявлення служб для серверів KDC або kpasswd SSSD " +"спочатку намагається знайти записи DNS, у яких визначається протокол _udp. " +"Використання протоколу _tcp відбувається, лише якщо таких записів не " +"вдасться знайти." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" +"У попередніх випусках SSSD цей параметр мав назву «krb5_kdcip». У поточній " +"версії передбачено розпізнавання цієї застарілої назви, але користувачам " +"варто перейти на використання «krb5_server» у файлах налаштувань." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "krb5_realm (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1129 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." +msgstr "" +"Вказати область Kerberos (для розпізнавання за SASL/GSSAPI/GSS-SPNEGO)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1133 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" +"Типове значення: типове значення системи, див. <filename>/etc/krb5.conf</" +"filename>" + +#. type: Content of: <variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 +msgid "krb5_canonicalize (boolean)" +msgstr "krb5_canonicalize (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1142 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" +"Визначає, чи слід перетворювати реєстраційний запис вузла у канонічну форму " +"під час встановлення з’єднання з сервером LDAP. Цю можливість передбачено з " +"версії MIT Kerberos >= 1.7" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "krb5_use_kdcinfo (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" +"Визначає, чи слід SSSD вказувати бібліотекам Kerberos, яку область і які " +"значення KDC слід використовувати. Типово, дію параметра увімкнено. Якщо ви " +"вимкнете його, вам слід налаштувати бібліотеку Kerberos за допомогою файла " +"налаштувань <citerefentry> <refentrytitle>krb5.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" +"Див. сторінку підручника (man) <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, щоб дізнатися більше про додаток пошуку." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1182 +msgid "ldap_pwd_policy (string)" +msgstr "ldap_pwd_policy (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1185 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" +"Визначає правил оцінки строку дії пароля на боці клієнта. Можна " +"використовувати такі значення:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1190 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" +"<emphasis>none</emphasis> — не використовувати перевірки на боці клієнта. У " +"разі використання цього варіанта перевірку на боці сервера вимкнено не буде." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired. Please see option " +"\"ldap_chpass_update_last_change\" as well." +msgstr "" +"<emphasis>shadow</emphasis> — використовувати атрибути у стилі " +"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> для визначення того, чи чинним є пароль." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1203 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" +"<emphasis>mit_kerberos</emphasis> — використовувати атрибути MIT Kerberos " +"для визначення завершення строку дії пароля. У разі зміни пароля " +"скористайтеся chpass_provider=krb5 для оновлення цих атрибутів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1212 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" +"<emphasis>Зауваження</emphasis>: якщо правила поводження з паролями " +"налаштовано на боці сервера, ці правила мають пріоритет над правилами, " +"встановленими за допомогою цього параметра." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1220 +msgid "ldap_referrals (boolean)" +msgstr "ldap_referrals (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1223 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" +"Визначає, чи має бути увімкнено автоматичне визначення напрямків пошуку." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1227 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" +"Зауважте, що sssd підтримує визначення напрямків, лише якщо систему зібрано " +"з версією OpenLDAP 2.4.13 або новішою версією." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1232 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement. Setting this option to " +"false is therefore recommended in case the SSSD LDAP provider is used " +"together with Microsoft Active Directory as a backend. Even if SSSD would be " +"able to follow the referral to a different AD DC no additional data would be " +"available." +msgstr "" +"Перехід за спрямуваннями може призвести до значних втрат швидкодії у " +"середовищах, де такі спрямування використовуються широко. Прикладом такого " +"середовища може бути Microsoft Active Directory. Якщо у вашому середовищі " +"спрямування не є обов’язковими, встановлення для цього параметра значення " +"«false» може значно пришвидшити роботу. Отже, встановлення для цього " +"параметра значення false рекомендоване у випадку, коли надавач даних LDAP " +"SSSD використовується разом із модулем обробки Microsoft Active Directory. " +"Навіть якщо SSSD зможе переходити за посиланнями до іншого AD DC, додаткові " +"дані виявляться недоступними." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1251 +msgid "ldap_dns_service_name (string)" +msgstr "ldap_dns_service_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1254 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" +"Визначає назву служби, яку буде використано у разі вмикання визначення служб." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1258 +msgid "Default: ldap" +msgstr "Типове значення: ldap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1264 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "ldap_chpass_dns_service_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1267 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" +"Визначає назву служби, яку буде використано для пошуку сервера LDAP, який " +"уможливлює зміну паролів, у разі вмикання визначення служб." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1278 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "ldap_chpass_update_last_change (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1281 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" +"Визначає, чи слід оновлювати атрибут ldap_user_shadow_last_change даними " +"щодо кількості днів з часу виконання дії зі зміни пароля." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1287 +msgid "" +"It is recommend to set this option explicitly if \"ldap_pwd_policy = " +"shadow\" is used to let SSSD know if the LDAP server will update " +"shadowLastChange LDAP attribute automatically after a password change or if " +"SSSD has to update it." +msgstr "" +"Рекомендуємо встановити цей параметр явним чином, якщо використано " +"\"ldap_pwd_policy = shadow\", щоб дати SSSD знати, оновлюватиме LDAP атрибут " +"shadowLastChange автоматично після зміни пароля чи SSSD має зробити це " +"окремо." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1301 +msgid "ldap_access_filter (string)" +msgstr "ldap_access_filter (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1304 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" +"Якщо використовується access_provider = ldap та ldap_access_order = filter " +"(типова поведінка), цей параметр є обов’язковим. Він вказує критерії " +"фільтрування LDAP, яким має задовольняти запис користувача для надання " +"доступу до цього вузла. Якщо визначено access_provider = ldap та " +"ldap_access_order = filter, а цей параметр не встановлено, доступ буде " +"заборонено всім користувачам. Щоб змінити таку типову поведінку системи, " +"скористайтеся параметром access_provider = permit. Будь ласка, зауважте, що " +"цей фільтр застосовуватиметься лише до запису користувача LDAP, отже " +"фільтрування, засноване на вкладених групах може не працювати (наприклад, " +"атрибут memberOf для записів AD вказує лише на безпосередні батьківські " +"записи). Якщо вам потрібне фільтрування, засноване на вкладених групах, будь " +"ласка, скористайтеся параметром <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1324 +msgid "Example:" +msgstr "Приклад:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1327 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1331 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" +"У прикладі доступ до цього вузла обмежено користувачами, чий атрибут " +"employeeType встановлено у значення «admin»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1336 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice versa." +msgstr "" +"Автономне кешування для цієї можливості обмежено визначенням того, чи було " +"надано користувачеві під час попередньої спроби увійти до системи з мережі " +"права доступу. Якщо під час останньої спроби увійти такі права було надано, " +"система продовжуватиме надавати права доступу у автономному режимі. Якщо ж " +"таких прав не було надано, у автономному режимі їх також не буде надано." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 +msgid "Default: Empty" +msgstr "Типове значення: порожній рядок" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1350 +msgid "ldap_account_expire_policy (string)" +msgstr "ldap_account_expire_policy (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1353 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" +"За допомогою цього параметра може бути увімкнено визначення атрибутів " +"керування доступом на боці клієнта." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1357 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" +"Будь ласка, зауважте, що завжди варто використовувати керування доступом на " +"боці сервера, тобто сервер LDAP має відмовляти у запитах щодо прив’язування " +"з відповідним кодом помилки, навіть якщо вказано правильний пароль." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1364 +msgid "The following values are allowed:" +msgstr "Можна використовувати такі значення:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1367 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" +"<emphasis>shadow</emphasis>: це значення ldap_user_shadow_expire допомагає " +"визначити, чи завершено строк дії облікового запису." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1372 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" +"<emphasis>ad</emphasis>: скористатися значенням 32-бітового поля " +"ldap_user_ad_user_account_control і дозволити доступ, якщо другий біт має " +"нульове значення. Якщо атрибут не буде знайдено, доступ буде дозволено. " +"Також буде перевірено, чи не вичерпано строк дії облікового запису." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1379 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: використовувати для перевірки доступу значення " +"ldap_ns_account_lock." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" +"<emphasis>nds</emphasis>: для перевірки доступу використовувати значення " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled і " +"ldap_user_nds_login_expiration_time. Якщо не буде виявлено жодного з цих " +"атрибутів, надати доступ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1393 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" +"Будь ласка, зауважте, що параметр налаштування ldap_access_order " +"<emphasis>має</emphasis> включати <quote>expire</quote>, щоб можна було " +"користуватися параметром ldap_account_expire_policy." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1406 +msgid "ldap_access_order (string)" +msgstr "ldap_access_order (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" +"Список відокремлених комами параметрів керування доступом. Можливі значення " +"списку:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1413 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "<emphasis>filter</emphasis>: використовувати ldap_access_filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1416 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" +"<emphasis>lockout</emphasis>: використовувати блокування облікових записів. " +"Якщо встановлено, цей параметр забороняє доступ, якщо існує атрибут ldap " +"«pwdAccountLockedTime» і його значенням є «000001010000Z». Будь ласка, " +"ознайомтеся із документацією до параметра ldap_pwdlockout_dn. Зауважте, що " +"для працездатності цієї можливості слід встановити «access_provider = ldap»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1426 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" +"<emphasis> Будь ласка, зауважте, що цей параметр має нижчий пріоритет за " +"параметр «ppolicy», його може бути вилучено у наступних випусках. </" +"emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1433 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" +"<emphasis>ppolicy</emphasis>: використовувати блокування облікових записів. " +"Якщо встановлено, забороняє доступ у випадку наявності атрибута ldap " +"«pwdAccountLockedTime» рівного «000001010000Z» або такого, що відповідає " +"моменту часу у минулому. Значення атрибута «pwdAccountLockedTime» має " +"завершуватися на «Z», що позначає часовий пояс UTC. Підтримки інших часових " +"поясів у поточній версії не передбачено, їхнє використання призводитиме до " +"появи повідомлення про заборону доступу, коли користувачі намагатимуться " +"увійти до системи. Докладніший опис можна знайти у розділі щодо параметра " +"ldap_pwdlockout_dn. Будь ласка, зауважте, що для працездатності цього " +"параметра слід встановити значення «access_provider = ldap»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1450 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" +"<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> Ці параметри корисні, якщо користувачам " +"потрібні попередження щодо скорого завершення строку дії пароля, і у " +"випадках, коли розпізнавання засновано на відмінних від паролів методах, " +"наприклад на ключах SSH." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 +msgid "" +"The difference between these options is the action taken if user password is " +"expired:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 +msgid "pwd_expire_policy_reject - user is denied to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 +msgid "pwd_expire_policy_warn - user is still able to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 +msgid "" +"pwd_expire_policy_renew - user is prompted to change their password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1489 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" +"Будь ласка, зауважте, що для того, щоб цим можна було скористатися, слід " +"встановити «access_provider = ldap». Крім того, слід встановити для " +"параметра «ldap_pwd_policy» відповідні правила поводження із паролями." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" +"<emphasis>authorized_service</emphasis>: використовувати для визначення " +"можливості доступу атрибут authorizedService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1499 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" +"<emphasis>host</emphasis>: за допомогою цього атрибута вузла можна визначити " +"права доступу" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1503 +msgid "" +"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " +"remote host can access" +msgstr "" +"<emphasis>rhost</emphasis>: використовувати атрибут rhost для визначення " +"того, чи матиме віддалений вузол доступ" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "" +"Please note, rhost field in pam is set by application, it is better to check " +"what the application sends to pam, before enabling this access control option" +msgstr "" +"Будь ласка, зауважте, що значення поля rhost у pam встановлюється програмою. " +"Варто перевірити, що програма надсилає pam, перш ніж вмикати цей варіант " +"керування доступом." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1512 +msgid "Default: filter" +msgstr "Типове значення: filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1515 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" +"Зауважте, що програма повідомить про помилку, якщо одне значення було " +"використано декілька разів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1522 +msgid "ldap_pwdlockout_dn (string)" +msgstr "ldap_pwdlockout_dn (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1525 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" +"За допомогою цього параметра визначається DN запису правил поводження із " +"паролями на сервері LDAP. Будь ласка, зауважте, що те, що цього параметра не " +"буде у sssd.conf, у випадку увімкненого блокування облікових записів " +"призведе до заборони доступу, оскільки атрибути ppolicy на сервері LDAP не " +"можна буде перевірити належним чином." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1533 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "Приклад: cn=ppolicy,ou=policies,dc=example,dc=com" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1536 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "Типове значення: cn=ppolicy,ou=policies,$ldap_search_base" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1542 +msgid "ldap_deref (string)" +msgstr "ldap_deref (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1545 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" +"Визначає спосіб виконання розіменовування псевдонімів під час виконання " +"пошуку. Можливі такі варіанти:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1550 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" +"<emphasis>never</emphasis>: ніколи не виконувати розіменування псевдонімів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" +"<emphasis>searching</emphasis>: розіменування псевдонімів відбувається у " +"межах основного об’єкта, а не на основі визначення місця основного об’єкта " +"пошуку." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1559 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" +"<emphasis>finding</emphasis>: розіменування псевдонімів відбувається лише " +"під час визначення місця основного об’єкта пошуку." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1564 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" +"<emphasis>always</emphasis>: розіменування псевдонімів відбувається як під " +"час пошуку, так і під час визначення місця основного об’єкта пошуку." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1569 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" +"Типове значення: не встановлено (обробка бібліотеками LDAP клієнта за " +"сценарієм <emphasis>never</emphasis>)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1577 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "ldap_rfc2307_fallback_to_local_users (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1580 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" +"Надає змогу зберігати локальних користувачів як учасників групи LDAP для " +"серверів, у яких використовується схема RFC2307." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1584 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" +"У деяких середовищах, де використовується схема RFC2307, локальних " +"користувачів можна зробити учасниками груп LDAP додаванням імен цих " +"користувачів до атрибута memberUid. Узгодженість домену може бути " +"скомпрометовано, якщо буде виконано подібне додавання учасника, тому SSSD за " +"звичайних умов вилучає записи користувачів, яких «не вистачає», з кешованих " +"даних щодо участі у групах, щойно nsswitch спробує отримати дані щодо " +"користувачів за допомогою виклику getpw*() або initgroups()." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1595 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" +"У разі використання цього параметра програма повертається до перевірки " +"посилань на локальних користувачів і кешує їх так, що наступні виклики " +"initgroups() розширюватимуть список локальних користувачів додатковими " +"групами LDAP." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 +msgid "wildcard_limit (integer)" +msgstr "wildcard_limit (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1610 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" +"Визначає верхню межу для кількості записів, які отримуватимуться під час " +"пошуку з використанням символів-замінників." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1614 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" +"У поточній версії пошук із використанням символів-замінників передбачено " +"лише для відповідача InfoPipe." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "Default: 1000 (often the size of one page)" +msgstr "Типове значення: 1000 (часто розмір однієї сторінки)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1624 +msgid "ldap_library_debug_level (integer)" +msgstr "ldap_library_debug_level (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1627 +msgid "" +"Switches on libldap debugging with the given level. The libldap debug " +"messages will be written independent of the general debug_level." +msgstr "" +"Вмикає діагностику libldap із вказаним рівнем. Діагностичні повідомлення " +"libldap буде записано незалежно від загального debug_level." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1632 +msgid "" +"OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " +"enable full debug output." +msgstr "" +"OpenLDAP використовує бітову карту для вмикання діагностики для певних " +"компонентів, -1 увімкне повне виведення діагностичних даних." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1637 +msgid "Default: 0 (libldap debugging disabled)" +msgstr "Типове значення: 0 (діагностику libldap вимкнено)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:52 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. Note that SSSD " +"LDAP mapping attributes are described in the <citerefentry> " +"<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Всі загальні параметри налаштування, які стосуються доменів SSSD, також " +"стосуються і доменів LDAP. Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки " +"підручника <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися більше. Зауважте, що " +"атрибути прив'язки до LDAP SSSD описано на сторінці підручника щодо " +"<citerefentry> <refentrytitle>sssd-ldap-attributes</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. <placeholder type=\"variablelist\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1647 +msgid "SUDO OPTIONS" +msgstr "ПАРАМЕТРИ SUDO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1649 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Докладні настанов щодо налаштовування sudo_provider можна знайти на сторінці " +"довідника (man) <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1660 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "ldap_sudo_full_refresh_interval (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1663 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" +"Проміжок часу у секундах між послідовними повними оновленнями правил sudo " +"SSSD у автоматичному режимі. Під час таких оновлень буде отримано повний " +"набір правил, що зберігаються на сервері." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1668 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" +"Це значення має перевищувати значення " +"<emphasis>ldap_sudo_smart_refresh_interval </emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1673 +msgid "" +"You can disable full refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" +"Ви можете вимкнути повне оновлення встановленням для цього параметра " +"значення 0. Втім, обов'язково має бути увімкнено або кмітливе або повне " +"оновлення." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 +msgid "Default: 21600 (6 hours)" +msgstr "Типове значення: 21600 (6 годин)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "ldap_sudo_smart_refresh_interval (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest " +"server USN value that is currently known by SSSD)." +msgstr "" +"Проміжок часу у секундах між послідовними кмітливими оновленнями правил sudo " +"SSSD у автоматичному режимі. Під час таких оновлень буде отримано всі дані " +"правил, USN яких перевищує найбільше значення сервера USN, яке відоме SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1693 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" +"Якщо підтримки атрибутів USN на сервері не передбачено, буде використано " +"дані атрибута modifyTimestamp." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1697 +msgid "" +"<emphasis>Note:</emphasis> the highest USN value can be updated by three " +"tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +"enumeration of users and groups (if enabled and updated users or groups are " +"found) and 3) by reconnecting to the server (by default every 15 minutes, " +"see <emphasis>ldap_connection_expire_timeout</emphasis>)." +msgstr "" +"<emphasis>Зауваження:</emphasis> набільше значення USN можна оновити у три " +"способи: 1) повним і кмітливим оновленням sudo (якщо виявлено оновлені " +"правила), 2) нумеруванням користувачів і груп (якщо виявлено увімкнені і " +"оновлені записи користувачів або груп) і 3) повторним з'єднанням із сервером " +"(типово, кожні 15 хвилин, див. <emphasis>ldap_connection_expire_timeout</" +"emphasis>)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1708 +msgid "" +"You can disable smart refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" +"Ви можете вимкнути кмітливе оновлення встановленням для цього параметра " +"значення 0. Втім, обов'язково має бути увімкнено або кмітливе або повне " +"оновлення." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1719 +msgid "ldap_sudo_random_offset (integer)" +msgstr "ldap_sudo_random_offset (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1722 +msgid "" +"Random offset between 0 and configured value is added to smart and full " +"refresh periods each time the periodic task is scheduled. The value is in " +"seconds." +msgstr "" +"Випадковий зсув від 0 до налаштованого значення, який буде додано до " +"кмітливого і повного періодів оновлення кожного разу під час планування " +"регулярного завдання. Значення у секундах." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Note that this random offset is also applied on the first SSSD start which " +"delays the first sudo rules refresh. This prolongs the time when the sudo " +"rules are not available for use." +msgstr "" +"Зауважте, що цей випадковий зсув буде також застосовано під час першого " +"запуску SSSD, що затримає перше оновлення правил sudo. Затримка збільшує " +"час, протягом якого правила sudo є недоступними для використання." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1734 +msgid "You can disable this offset by setting the value to 0." +msgstr "Ви можете вимкнути цей зсув, встановивши значення 0." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1744 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "ldap_sudo_use_host_filter (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1747 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" +"Якщо визначено значення true, SSSD отримуватиме лише правила, що стосуються " +"цього комп’ютера (на основі адрес вузла або мережі у форматах IPv4 і IPv6 та " +"назв вузлів)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1758 +msgid "ldap_sudo_hostnames (string)" +msgstr "ldap_sudo_hostnames (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1761 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" +"Список назв вузлів або повних доменних назв, відокремлених пробілами, для " +"фільтрування списку правил." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1766 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" +"Якщо значення цього параметра є порожнім, SSSD намагатиметься визначити " +"назву вузла та повну назву комп’ютера у домені у автоматичному режимі." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" +"Якщо для <emphasis>ldap_sudo_use_host_filter</emphasis> встановлено значення " +"<emphasis>false</emphasis>, цей параметр ні на що не впливатиме." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 +msgid "Default: not specified" +msgstr "Типове значення: не вказано" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1782 +msgid "ldap_sudo_ip (string)" +msgstr "ldap_sudo_ip (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1785 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" +"Список адрес вузлів або мереж у форматах IPv4 і IPv6 для фільтрування списку " +"правил." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1790 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" +"Якщо значення цього параметра є порожнім, SSSD намагатиметься визначити " +"адресу у автоматичному режимі." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1805 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "ldap_sudo_include_netgroups (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1808 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" +"Якщо вказано значення true, SSSD отримуватиме всі правила, що містять " +"мережеву групу (netgroup) у атрибуті sudoHost." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1823 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "ldap_sudo_include_regexp (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1826 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" +"Якщо вказано значення true, SSSD отримуватиме всі правила, що містять шаблон " +"заміни у атрибуті sudoHost." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +#: sssd-ldap.5.xml:1836 +msgid "" +"Using wildcard is an operation that is very costly to evaluate on the LDAP " +"server side!" +msgstr "" +"Використання символів-замінників є дуже обчислювально вартісною операцією " +"для сервера LDAP!" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1848 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" +"На цій сторінці довідника наведено дані щодо відповідності назв атрибутів. " +"Докладний опис семантики атрибутів, пов’язаних з sudo, можна знайти у " +"довідці з <citerefentry> <refentrytitle>sudoers.ldap</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1858 +msgid "AUTOFS OPTIONS" +msgstr "ПАРАМЕТРИ AUTOFS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" +"Деякі типові значення параметрів, описаних нижче, залежать від бази даних " +"LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1866 +msgid "ldap_autofs_map_master_name (string)" +msgstr "ldap_autofs_map_master_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1869 +msgid "The name of the automount master map in LDAP." +msgstr "Назва основної карти автоматичного монтування у LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1872 +msgid "Default: auto.master" +msgstr "Типове значення: auto.master" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1883 +msgid "ADVANCED OPTIONS" +msgstr "ДОДАТКОВІ ПАРАМЕТРИ" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1890 +msgid "ldap_netgroup_search_base (string)" +msgstr "ldap_netgroup_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1895 +msgid "ldap_user_search_base (string)" +msgstr "ldap_user_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1900 +msgid "ldap_group_search_base (string)" +msgstr "ldap_group_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:1905 +msgid "<note>" +msgstr "<note>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no GID mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" +"Якщо увімкнено параметр <quote>ldap_use_tokengroups</quote>, пошуки в Active " +"Directory не буде обмежено — він повертатиме усі дані щодо участі у групах, " +"навіть без прив'язки до GID. Рекомендуємо вимкнути цю можливість, якщо назви " +"груп показуються неправильно." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:1914 +msgid "</note>" +msgstr "</note>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1916 +msgid "ldap_sudo_search_base (string)" +msgstr "ldap_sudo_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_autofs_search_base (string)" +msgstr "ldap_autofs_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1885 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder " +"type=\"variablelist\" id=\"1\"/>" +msgstr "" +"Підтримку цих параметрів передбачено доменами LDAP, але користуватися ними " +"слід обережно. Будь ласка, використовуйте їх у налаштуваннях, лише якщо вам " +"відомі наслідки ваших дій. <placeholder type=\"variablelist\" id=\"0\"/> " +"<placeholder type=\"variablelist\" id=\"1\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 +msgid "EXAMPLE" +msgstr "ПРИКЛАД" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" +"У наведеному нижче прикладі припускається, що SSSD налаштовано належним " +"чином, а LDAP встановлено на один з доменів з розділу " +"<replaceable>[domains]</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1944 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 +#: include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1955 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "ПРИКЛАД ФІЛЬТРА ДОСТУПУ LDAP" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1957 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" +"У наведеному нижче прикладі припускається, що SSSD налаштовано належним " +"чином і використано ldap_access_order=lockout." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1962 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "ЗАУВАЖЕННЯ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1979 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" +"Описи деяких з параметрів налаштування на цій сторінці підручника засновано " +"на даних сторінки підручника (man) <citerefentry> <refentrytitle>ldap.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> з пакунка OpenLDAP " +"2.4." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:11 pam_sss.8.xml:16 +msgid "pam_sss" +msgstr "pam_sss" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: pam_sss.8.xml:12 pam_sss_gss.8.xml:12 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11 +#: sssd_krb5_localauth_plugin.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:17 +msgid "PAM module for SSSD" +msgstr "модуль PAM для SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:22 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg " +"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg " +"choice='opt'> <replaceable>prompt_always</replaceable> </arg> <arg " +"choice='opt'> <replaceable>try_cert_auth</replaceable> </arg> <arg " +"choice='opt'> <replaceable>require_cert_auth</replaceable> </arg>" +msgstr "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg " +"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg " +"choice='opt'> <replaceable>prompt_always</replaceable> </arg> <arg " +"choice='opt'> <replaceable>try_cert_auth</replaceable> </arg> <arg " +"choice='opt'> <replaceable>require_cert_auth</replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:64 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" +"<command>pam_sss.so</command> — інтерфейс PAM до System Security Services " +"daemon (SSSD). Помилки та результати роботи записуються за допомогою " +"<command>syslog(3)</command> до запису LOG_AUTHPRIV." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123 +#: sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "ПАРАМЕТРИ" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:74 +msgid "<option>quiet</option>" +msgstr "<option>quiet</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:77 +msgid "Suppress log messages for unknown users." +msgstr "Не показувати у журналі повідомлень для невідомих користувачів." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>forward_pass</option>" +msgstr "<option>forward_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" +"Якщо встановлено значення <option>forward_pass</option>, введений пароль " +"буде збережено у стосі паролів для використання іншими модулями PAM." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:92 +msgid "<option>use_first_pass</option>" +msgstr "<option>use_first_pass</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:95 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" +"Використання аргументу use_first_pass примушує модуль до використання пароля " +"з модулів попереднього рівня. Ніяких запитів до користувача не " +"надсилатиметься, — якщо пароль не буде виявлено або пароль виявиться " +"непридатним, доступ користувачеві буде заборонено." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>use_authtok</option>" +msgstr "<option>use_authtok</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" +"Визначає ситуацію, коли зміна пароля примушує модуль встановлювати новий " +"пароль на основі пароля, наданого попереднім модулем обробки паролів зі " +"стосу модулів." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:113 +msgid "<option>retry=N</option>" +msgstr "<option>retry=N</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:116 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" +"Якщо вказано, користувача запитуватимуть про пароль ще N разів, якщо перший " +"раз розпізнавання зазнає невдачі. Типовим значенням є 0." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:118 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" +"Будь ласка, зауважте, що цей параметр може працювати не так, як очікується, " +"якщо програма, яка викликає PAM, має власний обробник діалогових вікон " +"взаємодії з користувачем. Типовим прикладом є <command>sshd</command> з " +"<option>PasswordAuthentication</option>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_unknown_user</option>" +msgstr "<option>ignore_unknown_user</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:130 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" +"Якщо вказано цей параметр і облікового запису не існує, модуль PAM поверне " +"PAM_IGNORE. Це призводить до ігнорування цього модуля оболонкою PAM." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:137 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "<option>ignore_authinfo_unavail</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:141 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" +"Визначає, що модуль PAM має повертати PAM_IGNORE, якщо не вдається " +"встановити зв’язок із фоновою службою SSSD. У результаті набір інструментів " +"PAM ігнорує цей модуль." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:148 +msgid "<option>domains</option>" +msgstr "<option>domains</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:152 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" +"Надає змогу адміністратору обмежити домен певною службою PAM, за допомогою " +"якої можна буде виконувати розпізнавання. Формат значення: список назв " +"доменів SSSD, відокремлених комами, так, як їх вказано у файлі sssd.conf." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:158 +msgid "" +"NOTE: If this is used for a service not running as root user, e.g. a web-" +"server, it must be used in conjunction with the <quote>pam_trusted_users</" +"quote> and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" +"Зауваження: Якщо використовується для служби, яку запущено не від імені " +"користувача root, наприклад вебсервера, слід використовувати разом із " +"параметрами «pam_trusted_users» і «pam_public_domains». Будь ласка, " +"ознайомтеся із сторінкою підручника <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися " +"більше про ці два параметри відповідача PAM." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:173 +msgid "<option>allow_missing_name</option>" +msgstr "<option>allow_missing_name</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:177 +msgid "" +"The main purpose of this option is to let SSSD determine the user name based " +"on additional information, e.g. the certificate from a Smartcard." +msgstr "" +"Основним призначенням цього параметра є надання SSSD змоги визначати ім'я " +"користувача на основі додаткових даних, наприклад сертифіката зі смарткартки." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: pam_sss.8.xml:187 +#, no-wrap +msgid "" +"auth sufficient pam_sss.so allow_missing_name\n" +" " +msgstr "" +"auth sufficient pam_sss.so allow_missing_name\n" +" " + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:182 +msgid "" +"The current use case are login managers which can monitor a Smartcard reader " +"for card events. In case a Smartcard is inserted the login manager will call " +"a PAM stack which includes a line like <placeholder type=\"programlisting\" " +"id=\"0\"/> In this case SSSD will try to determine the user name based on " +"the content of the Smartcard, returns it to pam_sss which will finally put " +"it on the PAM stack." +msgstr "" +"Поточним основним призначенням є засоби керування входом до системи, які " +"можуть спостерігати за подіями обробки карток на засобі читання смарткарток. " +"Щойно буде вставлено смарткартку, засіб керування входом до системи викличе " +"стос PAM, до якого включено рядок, подібний до <placeholder " +"type=\"programlisting\" id=\"0\"/> Якщо SSSD спробує визначити ім'я " +"користувача на основі вмісту смарткартки, повертає його до pam_sss, який, " +"нарешті, передасть його стосу PAM." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:197 +msgid "<option>prompt_always</option>" +msgstr "<option>prompt_always</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:201 +msgid "" +"Always prompt the user for credentials. With this option credentials " +"requested by other PAM modules, typically a password, will be ignored and " +"pam_sss will prompt for credentials again. Based on the pre-auth reply by " +"SSSD pam_sss might prompt for a password, a Smartcard PIN or other " +"credentials." +msgstr "" +"Завжди запитувати у користувача реєстраційні дані. Якщо використано цей " +"параметр, реєстраційні дані, запит на які надійшов від інших модулів PAM, " +"типово, пароль, буде проігноровано, а pam_sss надсилатиме запит щодо " +"реєстраційних даних знову. На основі відповіді на попереднє розпізнавання " +"від SSSD pam_sss може надіслати запит щодо пароля, пін-коду смарткартки або " +"інших реєстраційних даних." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:212 +msgid "<option>try_cert_auth</option>" +msgstr "<option>try_cert_auth</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:216 +msgid "" +"Try to use certificate based authentication, i.e. authentication with a " +"Smartcard or similar devices. If a Smartcard is available and the service is " +"allowed for Smartcard authentication the user will be prompted for a PIN and " +"the certificate based authentication will continue" +msgstr "" +"Спробувати скористатися розпізнаванням на основі сертифікатів, тобто " +"розпізнаванням за допомогою смарткартки або подібного пристрою. Якщо " +"доступною є смарткартка і уможливлено розпізнавання за смарткарткою для " +"служби, система надішле запит щодо пін-коду і буде продовжено процедуру " +"розпізнавання за сертифікатом." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:224 +msgid "" +"If no Smartcard is available or certificate based authentication is not " +"allowed for the current service PAM_AUTHINFO_UNAVAIL is returned." +msgstr "" +"Якщо смарткартка виявиться недоступною або розпізнавання за сертифікатом " +"буде заборонено для поточної служби, буде повернуто PAM_AUTHINFO_UNAVAIL." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:232 +msgid "<option>require_cert_auth</option>" +msgstr "<option>require_cert_auth</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:236 +msgid "" +"Do certificate based authentication, i.e. authentication with a Smartcard " +"or similar devices. If a Smartcard is not available the user will be " +"prompted to insert one. SSSD will wait for a Smartcard until the timeout " +"defined by p11_wait_for_card_timeout passed, please see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" +"Виконати розпізнавання на основі сертифікатів, тобто розпізнавання за " +"допомогою смарткартки або подібного пристрою. Якщо смарткартка виявиться " +"недоступною, система попросить користувача вставити її. SSSD чекатиме на " +"смарткартку, аж доки не завершиться час очікування, визначений переданим " +"значенням p11_wait_for_card_timeout. Див. <citerefentry><refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>, щоб дізнатися " +"більше." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:246 +msgid "" +"If no Smartcard is available after the timeout or certificate based " +"authentication is not allowed for the current service PAM_AUTHINFO_UNAVAIL " +"is returned." +msgstr "" +"Якщо смарткартка виявиться недоступною на момент завершення часу очікування " +"або розпізнавання за сертифікатом буде заборонено для поточної служби, буде " +"повернуто PAM_AUTHINFO_UNAVAIL." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:256 pam_sss_gss.8.xml:103 +msgid "MODULE TYPES PROVIDED" +msgstr "ПЕРЕДБАЧЕНІ ТИПИ МОДУЛІВ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:257 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" +"Передбачено всі типи модулів (<option>account</option>, <option>auth</" +"option>, <option>password</option> і <option>session</option>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:260 +msgid "" +"If SSSD's PAM responder is not running, e.g. if the PAM responder socket is " +"not available, pam_sss will return PAM_USER_UNKNOWN when called as " +"<option>account</option> module to avoid issues with users from other " +"sources during access control." +msgstr "" +"Якщо відповідач PAM SSSD не запущено, наприклад, якщо сокет відповідача PAM " +"є недоступним, pam_sss поверне PAM_USER_UNKNOWN при виклику з модуля " +"<option>account</option>, щоб уникнути проблем із записами користувачів із " +"інших джерел під час керування доступом." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:267 pam_sss_gss.8.xml:108 +msgid "RETURN VALUES" +msgstr "ПОВЕРНЕНІ ЗНАЧЕННЯ" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:270 pam_sss_gss.8.xml:111 +msgid "PAM_SUCCESS" +msgstr "PAM_SUCCESS" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:273 pam_sss_gss.8.xml:114 +msgid "The PAM operation finished successfully." +msgstr "Дію PAM завершено успішно." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:278 pam_sss_gss.8.xml:119 +msgid "PAM_USER_UNKNOWN" +msgstr "PAM_USER_UNKNOWN" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:281 +msgid "" +"The user is not known to the authentication service or the SSSD's PAM " +"responder is not running." +msgstr "" +"Користувач є невідомим службі розпізнавання або відповідач PAM SSSD не " +"запущено." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:287 pam_sss_gss.8.xml:128 +msgid "PAM_AUTH_ERR" +msgstr "PAM_AUTH_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:290 +msgid "" +"Authentication failure. Also, could be returned when there is a problem with " +"getting the certificate." +msgstr "" +"Помилка розпізнавання. Також може бути повернено, якщо виникла проблема із " +"отриманням сертифіката." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:296 +msgid "PAM_PERM_DENIED" +msgstr "PAM_PERM_DENIED" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:299 +msgid "" +"Permission denied. The SSSD log files may contain additional information " +"about the error." +msgstr "" +"Доступ заборонено. Додаткові відомості щодо помилки можуть міститися у " +"файлах журналів SSSD." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:305 +msgid "PAM_IGNORE" +msgstr "PAM_IGNORE" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:308 +msgid "" +"See options <option>ignore_unknown_user</option> and " +"<option>ignore_authinfo_unavail</option>." +msgstr "" +"Див. параметри <option>ignore_unknown_user</option> і " +"<option>ignore_authinfo_unavail</option>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:314 +msgid "PAM_AUTHTOK_ERR" +msgstr "PAM_AUTHTOK_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:317 +msgid "" +"Unable to obtain the new authentication token. Also, could be returned when " +"the user authenticates with certificates and multiple certificates are " +"available, but the installed version of GDM does not support selection from " +"multiple certificates." +msgstr "" +"Не вдалося отримати новий ключ розпізнавання. Крім того, може бути " +"повернуто, якщо користувач проходить розпізнавання за допомогою " +"сертифікатів, доступними є декілька сертифікатів, але у встановленій версії " +"GDM не передбачено можливості вибору одного з декількох сертифікатів." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:325 pam_sss_gss.8.xml:136 +msgid "PAM_AUTHINFO_UNAVAIL" +msgstr "PAM_AUTHINFO_UNAVAIL" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:328 pam_sss_gss.8.xml:139 +msgid "" +"Unable to access the authentication information. This might be due to a " +"network or hardware failure." +msgstr "" +"Не вдалося отримати доступ до даних щодо розпізнавання. Причиною може бути " +"помилка у роботі мережі або обладнання." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:334 +msgid "PAM_BUF_ERR" +msgstr "PAM_BUF_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:337 +msgid "" +"A memory error occurred. Also, could be returned when options use_first_pass " +"or use_authtok were set, but no password was found from the previously " +"stacked PAM module." +msgstr "" +"Сталася помилка при роботі з пам'яттю. Також може бути повернуто, якщо було " +"встановлено параметр use_first_pass або use_authtok, але не було знайдено " +"пароля у попередньому модулі PAM зі стосу обробки." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:344 pam_sss_gss.8.xml:145 +msgid "PAM_SYSTEM_ERR" +msgstr "PAM_SYSTEM_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:347 pam_sss_gss.8.xml:148 +msgid "" +"A system error occurred. The SSSD log files may contain additional " +"information about the error." +msgstr "" +"Сталася загальносистемна помилка. Додаткові відомості щодо помилки можуть " +"міститися у файлах журналів SSSD." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:353 +msgid "PAM_CRED_ERR" +msgstr "PAM_CRED_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:356 +msgid "Unable to set the credentials of the user." +msgstr "Не вдалося встановити реєстраційні дані користувача." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:361 +msgid "PAM_CRED_INSUFFICIENT" +msgstr "PAM_CRED_INSUFFICIENT" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:364 +msgid "" +"The application does not have sufficient credentials to authenticate the " +"user. For example, missing PIN during smartcard authentication or missing " +"factor during two-factor authentication." +msgstr "" +"У програми немає достатніх реєстраційних даних для розпізнавання " +"користувача. Наприклад, може не вистачати PIN-коду при розпізнаванні за " +"смарткарткою або якогось фактора при двофакторному розпізнаванні." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:372 +msgid "PAM_SERVICE_ERR" +msgstr "PAM_SERVICE_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:375 +msgid "Error in service module." +msgstr "Помилка у службовому модулі." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:380 +msgid "PAM_NEW_AUTHTOK_REQD" +msgstr "PAM_NEW_AUTHTOK_REQD" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:383 +msgid "The user's authentication token has expired." +msgstr "Строк дії ключа розпізнавання користувача вичерпано." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:388 +msgid "PAM_ACCT_EXPIRED" +msgstr "PAM_ACCT_EXPIRED" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:391 +msgid "The user account has expired." +msgstr "Строк дії облікового запису користувача вичерпано." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:396 +msgid "PAM_SESSION_ERR" +msgstr "PAM_SESSION_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:399 +msgid "Unable to fetch IPA Desktop Profile rules or user info." +msgstr "" +"Не вдалося отримати правила профілю стільниці IPA або дані користувача." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:404 +msgid "PAM_CRED_UNAVAIL" +msgstr "PAM_CRED_UNAVAIL" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:407 +msgid "Unable to retrieve Kerberos user credentials." +msgstr "Не вдалося отримати реєстраційні дані користувача Kerberos." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:412 +msgid "PAM_NO_MODULE_DATA" +msgstr "PAM_NO_MODULE_DATA" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:415 +msgid "" +"No authentication method was found by Kerberos. This might happen if the " +"user has a Smartcard assigned but the pkint plugin is not available on the " +"client." +msgstr "" +"Kerberos не вдалося знайти метод розпізнавання. Таке може трапитися, якщо із " +"записом користувача пов'язано смарткартку, але додаток pkint є недоступним " +"на клієнті." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:422 +msgid "PAM_CONV_ERR" +msgstr "PAM_CONV_ERR" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:425 +msgid "Conversation failure." +msgstr "Помилка обміну даними." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:430 +msgid "PAM_AUTHTOK_LOCK_BUSY" +msgstr "PAM_AUTHTOK_LOCK_BUSY" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:433 +msgid "No KDC suitable for password change is available." +msgstr "Немає доступних придатних KDC для зміни пароля." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:438 +msgid "PAM_ABORT" +msgstr "PAM_ABORT" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:441 +msgid "Unknown PAM call." +msgstr "Невідомий виклик PAM." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:446 +msgid "PAM_MODULE_UNKNOWN" +msgstr "PAM_MODULE_UNKNOWN" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:449 +msgid "Unsupported PAM task or command." +msgstr "Непідтримувана команда або завдання PAM." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:454 +msgid "PAM_BAD_ITEM" +msgstr "PAM_BAD_ITEM" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:457 +msgid "The authentication module cannot handle Smartcard credentials." +msgstr "" +"Модулю розпізнавання не вдалося обробити реєстраційні дані з смарткартки." + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:465 +msgid "FILES" +msgstr "ФАЙЛИ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:466 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" +"Якщо спроба скидання пароля від імені адміністративного користувача (root) " +"зазнає невдачі, оскільки у відповідному засобі обробки SSSD не передбачено " +"скидання паролів, може бути показано певне повідомлення. У цьому " +"повідомленні, наприклад, можуть міститися настанови щодо скидання пароля." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:471 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" +"Текст повідомлення буде прочитано з файла <filename>pam_sss_pw_reset_message." +"LOC</filename>, де «LOC» — рядок локалі у форматі, повернутому " +"<citerefentry> <refentrytitle>setlocale</refentrytitle><manvolnum>3</" +"manvolnum> </citerefentry>. Якщо відповідного файла знайдено не буде, буде " +"показано вміст файла <filename>pam_sss_pw_reset_message.txt</filename>. " +"Власником файлів має бути адміністративний користувач (root). Доступ до " +"запису файлів також повинен мати лише адміністративний користувач. Всім " +"іншим користувачам може бути надано лише право читання файлів." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:481 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" +"Пошук цих файлів виконуватиметься у каталозі <filename>/etc/sssd/customize/" +"НАЗВА_ДОМЕНУ/</filename>. Якщо відповідний файл не буде знайдено, буде " +"показано типове повідомлення." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss_gss.8.xml:11 pam_sss_gss.8.xml:16 +msgid "pam_sss_gss" +msgstr "pam_sss_gss" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss_gss.8.xml:17 +msgid "PAM module for SSSD GSSAPI authentication" +msgstr "модуль PAM для розпізнавання за GSSAPI у SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss_gss.8.xml:22 +msgid "" +"<command>pam_sss_gss.so</command> <arg choice='opt'> <replaceable>debug</" +"replaceable> </arg>" +msgstr "" +"<command>pam_sss_gss.so</command> <arg choice='opt'> <replaceable>debug</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:32 +msgid "" +"<command>pam_sss_gss.so</command> authenticates user over GSSAPI in " +"cooperation with SSSD." +msgstr "" +"<command>pam_sss_gss.so</command> розпізнає користувача за допомогою GSSAPI " +"у поєднанні із SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:36 +msgid "" +"This module will try to authenticate the user using the GSSAPI hostbased " +"service name host@hostname which translates to host/hostname@REALM Kerberos " +"principal. The <emphasis>REALM</emphasis> part of the Kerberos principal " +"name is derived by Kerberos internal mechanisms and it can be set explicitly " +"in configuration of [domain_realm] section in /etc/krb5.conf." +msgstr "" +"Цей модуль намагатиметься виконати розпізнавання користувача за допомогою " +"служби на основі вузла GSSAPI із назвою вузол@назва_вузла, яка транслюватиме " +"дані до реєстраційного запису Kerberos вузол/назва_вузла@ОБЛАСТЬ. Частину " +"<emphasis>ОБЛАСТЬ</emphasis> назви реєстраційного запису Kerberos буде " +"визначено за внутрішніми механізмами Kerberos. Її можна встановити явним " +"чином у налаштуваннях розділу [domain_realm] у /etc/krb5.conf." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:44 +msgid "" +"SSSD is used to provide desired service name and to validate the user's " +"credentials using GSSAPI calls. If the service ticket is already present in " +"the Kerberos credentials cache or if user's ticket granting ticket can be " +"used to get the correct service ticket then the user will be authenticated." +msgstr "" +"SSSD використовується для отримання бажаної назви служби і для перевірки " +"реєстраційних даних користувача за допомогою викликів GSSAPI. Якщо у кеші " +"реєстраційних даних Kerberos вже є квиток служби або якщо похідний квиток " +"квитка користувача можна використати для отримання належного квитка служби, " +"користувача буде розпізнано." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:51 +msgid "" +"If <option>pam_gssapi_check_upn</option> is True (default) then SSSD " +"requires that the credentials used to obtain the service tickets can be " +"associated with the user. This means that the principal that owns the " +"Kerberos credentials must match with the user principal name as defined in " +"LDAP." +msgstr "" +"Якщо <option>pam_gssapi_check_upn</option> матиме значення True (типове " +"значення), SSSD вимагатиме, щоб реєстраційні дані, які використовуватимуться " +"для отримання квитків служби, можна було пов'язати із користувачем. Це " +"означає, що реєстраційний запис, який є власником реєстраційних даних " +"Kerberos, має відповідати назві реєстраційного запису користувача, яку " +"визначено у LDAP." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:58 +msgid "" +"To enable GSSAPI authentication in SSSD, set <option>pam_gssapi_services</" +"option> option in [pam] or domain section of sssd.conf. The service " +"credentials need to be stored in SSSD's keytab (it is already present if you " +"use ipa or ad provider). The keytab location can be set with " +"<option>krb5_keytab</option> option. See <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> and " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more details on these options." +msgstr "" +"Щоб увімкнути розпізнавання GSSAPI у SSSD, встановіть значення " +"<option>pam_gssapi_services</option> у розділі [pam] або домену в sssd.conf. " +"Реєстраційні дані служби має бути збережено у сховищі ключів SSSD (його вже " +"збережено там, якщо ви користуєтеся надавачем даних ipa або ad). " +"Розташування сховища ключів можна встановити за допомогою параметра " +"<option>krb5_keytab</option>. Див. <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> і <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, щоб дізнатися більше про ці параметри." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:74 +msgid "" +"Some Kerberos deployments allow to associate authentication indicators with " +"a particular pre-authentication method used to obtain the ticket granting " +"ticket by the user. <command>pam_sss_gss.so</command> allows to enforce " +"presence of authentication indicators in the service tickets before a " +"particular PAM service can be accessed." +msgstr "" +"Деякі розгорнуті екземпляри Kerberos дозволяють пов'язувати індикатори " +"розпізнавання із певним методом попереднього розпізнавання, який " +"використовується для отримання квитка, який надає квиток користувача. " +"<command>pam_sss_gss.so</command> надає змогу примусово встановити потребу у " +"наявності індикаторів розпізнавання у квитках служби, перш ніж буде надано " +"доступ до певної служби PAM." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:82 +msgid "" +"If <option>pam_gssapi_indicators_map</option> is set in the [pam] or domain " +"section of sssd.conf, then SSSD will perform a check of the presence of any " +"configured indicators in the service ticket." +msgstr "" +"Якщо <option>pam_gssapi_indicators_map</option> встановлено у розділі [pam] " +"або домену sssd.conf, SSSD виконає перевірку наявності будь-яких " +"налаштованих індикаторів у квитку служби." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss_gss.8.xml:93 +msgid "<option>debug</option>" +msgstr "<option>debug</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:96 +msgid "Print debugging information." +msgstr "Вивести діагностичні дані." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:104 +msgid "Only the <option>auth</option> module type is provided." +msgstr "Передбачено лише тип модулів <option>auth</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:122 +msgid "" +"The user is not known to the authentication service or the GSSAPI " +"authentication is not supported." +msgstr "" +"Користувач є невідомим службі розпізнавання або підтримки розпізнавання за " +"GSSAPI не передбачено." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:131 +msgid "Authentication failure." +msgstr "Помилка під час спроби розпізнавання." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:159 +msgid "" +"The main use case is to provide password-less authentication in sudo but " +"without the need to disable authentication completely. To achieve this, " +"first enable GSSAPI authentication for sudo in sssd.conf:" +msgstr "" +"Основним випадком використання є забезпечення розпізнавання без пароля у " +"sudo, але без потреби у повному вимиканні розпізнавання. Для досягнення " +"потрібного результату спочатку увімкніть розпізнавання за GSSAPI для sudo в " +"sssd.conf:" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:165 +#, no-wrap +msgid "" +"[domain/MYDOMAIN]\n" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" +"[domain/MYDOMAIN]\n" +"pam_gssapi_services = sudo, sudo-i\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:169 +msgid "" +"And then enable the module in desired PAM stack (e.g. /etc/pam.d/sudo and /" +"etc/pam.d/sudo-i)." +msgstr "" +"Потім увімкніть модуль у бажаному стосі PAM (наприклад у /etc/pam.d/sudo і /" +"etc/pam.d/sudo-i)." + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:173 +#, no-wrap +msgid "" +"...\n" +"auth sufficient pam_sss_gss.so\n" +"...\n" +" " +msgstr "" +"...\n" +"auth sufficient pam_sss_gss.so\n" +"...\n" +" " + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss_gss.8.xml:180 +msgid "TROUBLESHOOTING" +msgstr "ДІАГНОСТИКА" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:182 +msgid "" +"SSSD logs, pam_sss_gss debug output and syslog may contain helpful " +"information about the error. Here are some common issues:" +msgstr "" +"У журналі SSSD, діагностичних повідомленнях pam_sss_gss та syslog можуть " +"міститися корисні дані щодо помилки. Ось деякі з типових проблем:" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:186 +msgid "" +"1. I have KRB5CCNAME environment variable set and the authentication does " +"not work: Depending on your sudo version, it is possible that sudo does not " +"pass this variable to the PAM environment. Try adding KRB5CCNAME to " +"<option>env_keep</option> in /etc/sudoers or in your LDAP sudo rules default " +"options." +msgstr "" +"1. Встановлено змінну середовища KRB5CCNAME, а розпізнавання не працює: " +"залежно від вашої версії sudo, можливо, sudo не передає цю змінну до " +"середовища PAM. Спробуйте додати KRB5CCNAME до <option>env_keep</option> в /" +"etc/sudoers або до типових параметрів у ваших правилах sudo для LDAP." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:193 +msgid "" +"2. Authentication does not work and syslog contains \"Server not found in " +"Kerberos database\": Kerberos is probably not able to resolve correct realm " +"for the service ticket based on the hostname. Try adding the hostname " +"directly to <option>[domain_realm]</option> in /etc/krb5.conf like so:" +msgstr "" +"2. Розпізнавання не працює, а у syslog міститься повідомлення «Server not " +"found in Kerberos database»: Kerberos, ймовірно, не може визначити належну " +"область для квитка служби на основі назви вузла. Спробуйте додати назву " +"вузла безпосередньо у розділ <option>[domain_realm]</option> в /etc/krb5." +"conf, ось так:" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:200 +msgid "" +"3. Authentication does not work and syslog contains \"No Kerberos " +"credentials available\": You don't have any credentials that can be used to " +"obtain the required service ticket. Use kinit or authenticate over SSSD to " +"acquire those credentials." +msgstr "" +"3. Розпізнавання не працює, а у syslog міститься повідомлення «No Kerberos " +"credentials available»: у вас немає реєстраційних даних, якими можна було б " +"скористатися для отримання потрібного квитка служби. Скористайтеся kinit або " +"пройдіть розпізнавання за допомогою SSSD, щоб отримати відповідні " +"реєстраційні дані." + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:206 +msgid "" +"4. Authentication does not work and SSSD sssd-pam log contains \"User with " +"UPN [$UPN] was not found.\" or \"UPN [$UPN] does not match target user " +"[$username].\": You are using credentials that can not be mapped to the user " +"that is being authenticated. Try to use kswitch to select different " +"principal, make sure you authenticated with SSSD or consider disabling " +"<option>pam_gssapi_check_upn</option>." +msgstr "" +"4. Розпізнавання не працює, а у журналі sssd-pam SSSD міститься повідомлення " +"«User with UPN [$UPN] was not found.» або «UPN [$UPN] does not match target " +"user [$username].»: ви використовуєте реєстраційні дані, які не можна " +"пов'язати із користувачем, розпізнавання якого відбувається. Спробуйте " +"скористатися kswitch для вибору іншого реєстраційного запису, переконайтеся, " +"що вас розпізнано за допомогою засобів SSSD або спробуйте вимкнути " +"<option>pam_gssapi_check_upn</option>." + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:214 +#, no-wrap +msgid "" +"[domain_realm]\n" +".myhostname = MYREALM\n" +" " +msgstr "" +"[domain_realm]\n" +".myhostname = MYREALM\n" +" " + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "sssd_krb5_locator_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "Додаток локатора Kerberos" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by libkrb5 to find KDCs for a given Kerberos realm. SSSD provides such " +"a plugin to guide all Kerberos clients on a system to a single KDC. In " +"general it should not matter to which KDC a client process is talking to. " +"But there are cases, e.g. after a password change, where not all KDCs are in " +"the same state because the new data has to be replicated first. To avoid " +"unexpected authentication failures and maybe even account lockings it would " +"be good to talk to a single KDC as long as possible." +msgstr "" +"Для пошуку KDC для вказаної області Kerberos libkrb5 використовує додаток " +"пошуку Kerberos <command>sssd_krb5_locator_plugin</command>. SSSD надає " +"такий додаток для спрямовування усіх клієнтів Kerberos у системі до єдиного " +"KDC. Загалом, немає значення, з яким KDC клієнт обмінюється даними. Втім, " +"бувають випадки, наприклад, після зміни пароля, коли не усі KDC перебувають " +"в одному стані, оскільки нові дані має бути спочатку відтворено на усіх " +"серверах. Щоб уникнути неочікуваних помилок під час розпізнавання або навіть " +"блокування облікових записів, варто примусово обмежувати обмін даними до " +"одного KDC якомога довше." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:34 +msgid "" +"libkrb5 will search the locator plugin in the libkrb5 sub-directory of the " +"Kerberos plugin directory, see plugin_base_dir in <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for details. The plugin can only be disabled by removing the " +"plugin file. There is no option in the Kerberos configuration to disable it. " +"But the SSSD_KRB5_LOCATOR_DISABLE environment variable can be used to " +"disable the plugin for individual commands. Alternatively the SSSD option " +"krb5_use_kdcinfo=False can be used to not generate the data needed by the " +"plugin. With this the plugin is still called but will provide no data to the " +"caller so that libkrb5 can fall back to other methods defined in krb5.conf." +msgstr "" +"libkrb5 шукатиме додаток пошуку у підкаталозі libkrb5 каталогу додатків " +"Kerberos, див. plugin_base_dir у <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися " +"більше. Додаток можна вимкнути лише вилученням файла додатка. У " +"налаштуваннях Kerberos не передбачено пунктів для його вимикання. Втім, для " +"вимикання додатка для окремих команд можна скористатися змінною середовища " +"SSSD_KRB5_LOCATOR_DISABLE. Крім того, можна скористатися параметром SSSD " +"krb5_use_kdcinfo=False з метою заборони створення даних, які потрібні для " +"роботи додатка. Якщо визначити цю змінну, додаток викликатиметься, але не " +"надаватиме дані функції виклику, отже libkrb5 зможе повернутися до інших " +"методів, які визначено у krb5.conf." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:50 +msgid "" +"The plugin reads the information about the KDCs of a given realm from a file " +"called <filename>kdcinfo.REALM</filename>. The file should contain one or " +"more DNS names or IP addresses either in dotted-decimal IPv4 notation or the " +"hexadecimal IPv6 notation. An optional port number can be added to the end " +"separated with a colon, the IPv6 address has to be enclosed in squared " +"brackets in this case as usual. Valid entries are:" +msgstr "" +"Додаток читає дані щодо KDC вказаної області з файла із назвою " +"<filename>kdcinfo.REALM</filename>. Цей файл має містити одну або декілька " +"назв DNS або IP-адрес або у форматі чисел, які відокремлено крапками, IPv4, " +"або у шістнадцятковому форматі IPv6. Можна додати необов'язковий номер порту " +"наприкінці, відокремивши його від решти запису двокрапкою. У цьому випадку, " +"як завжди, адресу IPv6 слід взяти у квадратні дужки. Коректними вважаються " +"такі записи:" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:58 +msgid "kdc.example.com" +msgstr "kdc.example.com" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:59 +msgid "kdc.example.com:321" +msgstr "kdc.example.com:321" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:60 +msgid "1.2.3.4" +msgstr "1.2.3.4" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:61 +msgid "5.6.7.8:99" +msgstr "5.6.7.8:99" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:62 +msgid "2001:db8:85a3::8a2e:370:7334" +msgstr "2001:db8:85a3::8a2e:370:7334" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "[2001:db8:85a3::8a2e:370:7334]:321" +msgstr "[2001:db8:85a3::8a2e:370:7334]:321" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:65 +msgid "" +"SSSD's krb5 auth-provider which is used by the IPA and AD providers as well " +"adds the address of the current KDC or domain controller SSSD is using to " +"this file." +msgstr "" +"Надавач даних розпізнавання krb5 SSSD, який використовується також " +"надавачами даних IPA та AD, додає до цього файла адресу поточного KDC або " +"контролера домену, який використовує SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:70 +msgid "" +"In environments with read-only and read-write KDCs where clients are " +"expected to use the read-only instances for the general operations and only " +"the read-write KDC for config changes like password changes a " +"<filename>kpasswdinfo.REALM</filename> is used as well to identify read-" +"write KDCs. If this file exists for the given realm the content will be used " +"by the plugin to reply to requests for a kpasswd or kadmin server or for the " +"MIT Kerberos specific master KDC. If the address contains a port number the " +"default KDC port 88 will be used for the latter." +msgstr "" +"У середовищах із придатними лише для читання або для читання запису KDC, де, " +"як очікується, клієнти використовуватимуть придатні лише для читання " +"екземпляри для виконання загальних завдань і користуватиметься призначеними " +"для запису KDC лише для внесення змін до налаштувань, зокрема зміни паролів, " +"<filename>kpasswdinfo.REALM</filename> також використовується для визначення " +"придатних до читання і запису KDC. Якщо цей файл існує для вказаної області, " +"його вміст буде використано додатком для надання відповідей на запити щодо " +"сервера kpasswd або kadmin чи щодо певного основного KDC MIT Kerberos. Якщо " +"адреса містить номер порту, для останньої мети використовуватиметься типовий " +"порт KDC 88." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:85 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" +"Підтримку використання додатків передбачено не у всіх реалізаціях Kerberos. " +"Якщо у вашій системі немає <command>sssd_krb5_locator_plugin</command>, вам " +"слід внести зміни до /etc/krb5.conf, які відповідатимуть вашій версії " +"Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:91 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" +"Якщо встановлено будь-яке значення змінної середовища " +"SSSD_KRB5_LOCATOR_DEBUG, діагностичні повідомлення надсилатимуться до stderr." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:95 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value " +"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the " +"caller." +msgstr "" +"Якщо встановлено будь-яке значення для змінної середовища " +"SSSD_KRB5_LOCATOR_DISABLE, додаток буде вимкнено і поверне функції виклику " +"лише KRB5_PLUGIN_NO_HANDLE." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:100 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES is set to " +"any value plugin will try to resolve all DNS names in kdcinfo file. By " +"default plugin returns KRB5_PLUGIN_NO_HANDLE to the caller immediately on " +"first DNS resolving failure." +msgstr "" +"Якщо встановлено будь-яке значення змінної середовища " +"SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES, додаток спробує визначити усі назви " +"DNS у файлі kdcinfo. Типово, додаток повертає функції виклику " +"KRB5_PLUGIN_NO_HANDLE негайно після першої ж невдалої спроби визначення DNS." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "sssd-simple" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "файл налаштувань інструмента керування доступом «simple» SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" +"На цій сторінці довідника описано налаштування простого засобу керування " +"доступом для <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис " +"налаштування, зверніться до розділу «ФОРМАТ ФАЙЛА» сторінки довідника " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" +"Простий засіб керування доступом надає або забороняє доступ на основі списку " +"допуску або заборони, складеного за назвами облікових записів користувачів " +"та групами. Використовуються такі правила:" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "Якщо всі списки є порожніми, доступ буде надано." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" +"Якщо вказано будь-який зі списків, обробка виконуватиметься за послідовністю " +"«допуск, потім заборона» (allow,deny). Це означає, що будь-яке з правил " +"заборони матиме пріоритет над будь-яким правилом допуску." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" +"Якщо буде вказано один або обидва списки допуску («allow»), всім " +"користувачам поза цими списками доступ буде заборонено." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" +"Якщо буде вказано лише списки заборони («deny»), всі користувачам поза цими " +"списками доступ буде надано." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "simple_allow_users (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" +"Відокремлений комами список користувачів, яким дозволено вхід до системи." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "simple_deny_users (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" +"Список користувачів, яким явно заборонено доступ; записи відокремлюються " +"комами." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "simple_allow_groups (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" +"Відокремлений комами список груп, користувачам яких дозволено вхід до " +"системи. Стосується лише груп у межах цього домену SSSD. Локальні групи не " +"обробляються." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "simple_deny_groups (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" +"Відокремлений комами список груп, користувачам яких явно заборонено доступ. " +"Стосується лише груп у межах цього домену SSSD. Локальні групи не " +"обробляються." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:83 sssd-ad.5.xml:131 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки довідника (man) " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, щоб дізнатися більше про налаштування домену " +"SSSD. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" +"Якщо не вказувати значень для жодного зі списків, вважатиметься, що параметр " +"не визначено. Пам’ятайте про це, якщо захочете створити параметри для " +"простого надавача автоматизованими скриптами." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" +"Будь ласка, зауважте, що визначення обох параметрів, simple_allow_users і " +"simple_deny_users, є помилкою у налаштуванні." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" +"У наведеному нижче прикладі припускаємо, що SSSD налаштовано належним чином, " +"а example.com є одним з доменів у розділі <replaceable>[sssd]</replaceable>. " +"У прикладі продемонстровано лише параметри, специфічні для простого засобу " +"доступу." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" +"Повна обробка ієрархії участі у групах виконується до перевірки прав " +"доступу, отже, до списку груп доступу може бути включено навіть вкладені " +"групи. Будь ласка, зауважте, що на результати може вплинути значення " +"параметра «ldap_group_nesting_level». Вам слід встановити для нього достатнє " +"значення. Див. <citerefentry> <refentrytitle>sssd-ldap</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss-certmap.5.xml:10 sss-certmap.5.xml:16 +msgid "sss-certmap" +msgstr "sss-certmap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss-certmap.5.xml:17 +msgid "SSSD Certificate Matching and Mapping Rules" +msgstr "Правила встановлення відповідності і прив'язування сертифікатів SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:23 +msgid "" +"The manual page describes the rules which can be used by SSSD and other " +"components to match X.509 certificates and map them to accounts." +msgstr "" +"На цій сторінці підручника описано правила, якими можна скористатися у SSSD " +"та інших компонентах для встановлення відповідності сертифікатів X.509 та " +"прив'язування їх до облікових записів." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:28 +msgid "" +"Each rule has four components, a <quote>priority</quote>, a <quote>matching " +"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</" +"quote>. All components are optional. A missing <quote>priority</quote> will " +"add the rule with the lowest priority. The default <quote>matching rule</" +"quote> will match certificates with the digitalSignature key usage and " +"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty " +"the certificates will be searched in the userCertificate attribute as DER " +"encoded binary. If no domains are given only the local domain will be " +"searched." +msgstr "" +"У кожного правила чотири компоненти — <quote>пріоритетність</quote>, " +"<quote>правило встановлення відповідності</quote>, <quote>правило прив'язки</" +"quote> і <quote>список доменів</quote>. Усі компоненти є необов'язковими. " +"Якщо не вказано <quote>пріоритетність</quote>, буде додано правило із " +"найнижчою пріоритетністю. Типове <quote>правило встановлення відповідності</" +"quote> встановлює відповідність сертифікатів із використанням ключів " +"digitalSignature і розширеним використанням ключів clientAuth. Якщо " +"<quote>правило прив'язки</quote> є порожнім, сертифікати шукатимуться у " +"атрибуті userCertificate у форматі закодованих двійкових даних DER. Якщо не " +"буде вказано доменів, пошук відбуватиметься у локальному домені." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:39 +msgid "" +"To allow extensions or completely different style of rule the " +"<quote>mapping</quote> and <quote>matching rules</quote> can contain a " +"prefix separated with a ':' from the main part of the rule. The prefix may " +"only contain upper-case ASCII letters and numbers. If the prefix is omitted " +"the default type will be used which is 'KRB5' for the matching rules and " +"'LDAP' for the mapping rules." +msgstr "" +"Щоб дозволити розширення або зовсім інший стиль правила, <quote>прив'язки</" +"quote> та <quote>правила відповідності</quote> можуть містити префікс " +"відокремлений символом «:» від основної частини правила. Префікс може " +"містити лише літери верхнього регістру ASCII і цифри. Якщо префікс " +"пропущено, буде використано стандартний тип, яким є «KRB5» для правил " +"відповідності і «LDAP» для правил прив'язки." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:48 +msgid "" +"The 'sssctl' utility provides the 'cert-eval-rule' command to check if a " +"given certificate matches a matching rules and how the output of a mapping " +"rule would look like." +msgstr "" +"Допоміжна програма «sssctl» надає доступ до команди «cert-eval-rule», яку " +"призначено для перевірки, чи відповідає вказаний сертифікат правилам " +"відповідності, і визначає, як виглядатиме виведення правила прив'язки." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss-certmap.5.xml:55 +msgid "RULE COMPONENTS" +msgstr "КОМПОНЕНТИ ПРАВИЛ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:57 +msgid "PRIORITY" +msgstr "ПРІОРИТЕТНІСТЬ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:59 +msgid "" +"The rules are processed by priority while the number '0' (zero) indicates " +"the highest priority. The higher the number the lower is the priority. A " +"missing value indicates the lowest priority. The rules processing is stopped " +"when a matched rule is found and no further rules are checked." +msgstr "" +"Правила оброблятимуться за пріоритетністю, номер «0» (нуль) відповідає " +"найвищому рівню пріоритетності. Чим більшим є значення, тим нижчою є " +"пріоритетність. Якщо значення не вказано, пріоритетність вважається " +"найнижчою. Обробку правил буде зупинено, якщо вдасться знайти відповідність " +"правилу, подальші правила не оброблятимуться." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:66 +msgid "" +"Internally the priority is treated as unsigned 32bit integer, using a " +"priority value larger than 4294967295 will cause an error." +msgstr "" +"На внутрішньому рівні пріоритетність визначається 32-бітовим цілим числом " +"без знаку. Використання значення пріоритетності, що перевищує 4294967295, " +"призводитиме до виведення повідомлення про помилку." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:70 +msgid "" +"If multiple rules have the same priority and only one of the related " +"matching rules applies, this rule will be chosen. If there are multiple " +"rules with the same priority which matches, one is chosen but which one is " +"undefined. To avoid this undefined behavior either use different priorities " +"or make the matching rules more specific e.g. by using distinct <" +"ISSUER> patterns." +msgstr "" +"Якщо однакову пріоритетність мають декілька правил, а застосовувати можна " +"лише одне із пов'язаних відповідних правил, буде вибрано це правило. Якщо " +"існує декілька відповідних правил із однаковою пріоритетністю, буде вибрано " +"одне, але яке само не визначено. Щоб уникнути цієї невизначеної поведінки " +"або використовуйте різні пріоритетності, або зробіть правила відповідності " +"специфічнішими, наприклад, скориставшись явними взірцями <ISSUER>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:79 +msgid "MATCHING RULE" +msgstr "ПРАВИЛО ВІДПОВІДНОСТІ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:81 +msgid "" +"The matching rule is used to select a certificate to which the mapping rule " +"should be applied. It uses a system similar to the one used by " +"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a " +"keyword enclosed by '<' and '>' which identified a certain part of the " +"certificate and a pattern which should be found for the rule to match. " +"Multiple keyword pattern pairs can be either joined with '&&' (and) " +"or '||' (or)." +msgstr "" +"Правило встановлення відповідності використовується для вибору сертифіката, " +"до якого слід застосовувати правило прив'язки. У цьому використовується " +"система, подібна до використаної у параметрі <quote>pkinit_cert_match</" +"quote> Kerberos MIT. Правило складається з ключового слова між символами " +"«<» і «>», яке визначає певну частину сертифіката, і взірцем, який має " +"бути знайдено, для встановлення відповідності правила. Декілька пар ключове " +"слово-взірець можна сполучати за допомогою логічних операторів «&" +"&» (та) або «||» (або)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:90 +msgid "" +"Given the similarity to MIT Kerberos the type prefix for this rule is " +"'KRB5'. But 'KRB5' will also be the default for <quote>matching rules</" +"quote> so that \"<SUBJECT>.*,DC=MY,DC=DOMAIN\" and \"KRB5:<" +"SUBJECT>.*,DC=MY,DC=DOMAIN\" are equivalent." +msgstr "" +"Якщо задано подібність до MIT Kerberos, префіксом для цього правила є " +"«KRB5». Втім, «KRB5» також буде типовим для <quote>правил відповідності</" +"quote>, тому «<SUBJECT>.*,DC=MY,DC=DOMAIN» і «KRB5:<SUBJECT>.*," +"DC=MY,DC=DOMAIN» є рівнозначними." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:99 +msgid "<SUBJECT>regular-expression" +msgstr "<SUBJECT>формальний-вираз" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:102 +msgid "" +"With this a part or the whole subject name of the certificate can be " +"matched. For the matching POSIX Extended Regular Expression syntax is used, " +"see regex(7) for details." +msgstr "" +"За допомогою цього компонент можна встановлювати відповідність частини або " +"усього запису призначення. Для встановлення відповідності використовується " +"синтаксис розширених формальних виразів POSIX. Докладніший опис синтаксису " +"можна знайти на сторінці підручника regex(7)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:108 +msgid "" +"For the matching the subject name stored in the certificate in DER encoded " +"ASN.1 is converted into a string according to RFC 4514. This means the most " +"specific name component comes first. Please note that not all possible " +"attribute names are covered by RFC 4514. The names included are 'CN', 'L', " +"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might " +"be shown differently on different platform and by different tools. To avoid " +"confusion those attribute names are best not used or covered by a suitable " +"regular-expression." +msgstr "" +"Для встановлення відповідності запис призначення, що зберігається у " +"сертифікаті у форматі кодованого DER ASN.1, буде перетворено на текстовий " +"рядок відповідно до RFC 4514. Це означає, що першою у рядку буде " +"найспецифічніша компонента. Будь ласка, зауважте, що у RFC 4514 описано не " +"усі можливі назви атрибутів. Включеними вважаються такі назви: «CN», «L», " +"«ST», «O», «OU», «C», «STREET», «DC» і «UID». Назви інших атрибутів може " +"бути показано у різний спосіб на різних платформах і у різних інструментах. " +"Щоб уникнути двозначностей, не варто використовувати ці атрибути і вживати " +"їх у відповідних формальних виразах." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:121 +msgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN" +msgstr "Приклад: <SUBJECT>.*,DC=MY,DC=DOMAIN" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:124 +msgid "" +"Please note that the characters \"^.[$()|*+?{\\\" have a special meaning in " +"regular expressions and must be escaped with the help of the '\\' character " +"so that they are matched as ordinary characters." +msgstr "" +"Будь ласка, зауважте, що символи «^.[$()|*+?{\\» мають спеціальне значення у " +"формальних виразах, тому їх має бути екрановано за допомогою символу «\\», " +"щоб програма сприймала їх як звичайні символи." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:130 +msgid "Example: <SUBJECT>^CN=.* \\(Admin\\),DC=MY,DC=DOMAIN$" +msgstr "Приклад: <SUBJECT>^CN=.* \\(Admin\\),DC=MY,DC=DOMAIN$" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:135 +msgid "<ISSUER>regular-expression" +msgstr "<ISSUER>формальний-вираз" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:138 +msgid "" +"With this a part or the whole issuer name of the certificate can be matched. " +"All comments for <SUBJECT> apply her as well." +msgstr "" +"За допомогою цього компонент можна встановлювати відповідність частини або " +"усього запису видавця. Цього запису стосуються усі коментарі щодо <" +"SUBJECT>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:143 +msgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$" +msgstr "Приклад: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:148 +msgid "<KU>key-usage" +msgstr "<KU>використання-ключа" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:151 +msgid "" +"This option can be used to specify which key usage values the certificate " +"should have. The following values can be used in a comma separated list:" +msgstr "" +"За допомогою цього параметра можна визначити значення використання ключа, " +"які повинен містити сертифікат. У списку значень, відокремлених комами, " +"можна використовувати такі значення:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:155 +msgid "digitalSignature" +msgstr "digitalSignature" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:156 +msgid "nonRepudiation" +msgstr "nonRepudiation" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:157 +msgid "keyEncipherment" +msgstr "keyEncipherment" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:158 +msgid "dataEncipherment" +msgstr "dataEncipherment" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:159 +msgid "keyAgreement" +msgstr "keyAgreement" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:160 +msgid "keyCertSign" +msgstr "keyCertSign" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:161 +msgid "cRLSign" +msgstr "cRLSign" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:162 +msgid "encipherOnly" +msgstr "encipherOnly" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:163 +msgid "decipherOnly" +msgstr "decipherOnly" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:167 +msgid "" +"A numerical value in the range of a 32bit unsigned integer can be used as " +"well to cover special use cases." +msgstr "" +"Для спеціальних випадків можна також використати числове значення у " +"діапазоні 32-бітових цілих чисел без знаку." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:171 +msgid "Example: <KU>digitalSignature,keyEncipherment" +msgstr "Приклад: <KU>digitalSignature,keyEncipherment" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:176 +msgid "<EKU>extended-key-usage" +msgstr "<EKU>розширене-використання-ключа" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:179 +msgid "" +"This option can be used to specify which extended key usage the certificate " +"should have. The following value can be used in a comma separated list:" +msgstr "" +"За допомогою цього параметра можна визначити значення розширеного " +"використання ключа, які повинен містити сертифікат. У списку значень, " +"відокремлених комами, можна використовувати такі значення:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:183 +msgid "serverAuth" +msgstr "serverAuth" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:184 +msgid "clientAuth" +msgstr "clientAuth" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:185 +msgid "codeSigning" +msgstr "codeSigning" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:186 +msgid "emailProtection" +msgstr "emailProtection" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:187 +msgid "timeStamping" +msgstr "timeStamping" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:188 +msgid "OCSPSigning" +msgstr "OCSPSigning" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:189 +msgid "KPClientAuth" +msgstr "KPClientAuth" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:190 +msgid "pkinit" +msgstr "pkinit" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:191 +msgid "msScLogin" +msgstr "msScLogin" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:195 +msgid "" +"Extended key usages which are not listed above can be specified with their " +"OID in dotted-decimal notation." +msgstr "" +"Розширені використання ключа, які не потрапили до вказаного вище списку, " +"можна визначити за допомогою їхнього OID у точково-десятковому позначенні." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:199 +msgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4" +msgstr "Приклад: <EKU>clientAuth,1.3.6.1.5.2.3.4" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:204 +msgid "<SAN>regular-expression" +msgstr "<SAN>формальний-вираз" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:207 +msgid "" +"To be compatible with the usage of MIT Kerberos this option will match the " +"Kerberos principals in the PKINIT or AD NT Principal SAN as <SAN:" +"Principal> does." +msgstr "" +"Для сумісності із використанням Kerberos MIT цей параметр встановлюватиме " +"відповідність реєстраційних даних Kerberos у PKINIT або AD NT Principal SAN " +"так, як це робить <SAN:Principal>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:212 +msgid "Example: <SAN>.*@MY\\.REALM" +msgstr "Приклад: <SAN>.*@MY\\.REALM" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:217 +msgid "<SAN:Principal>regular-expression" +msgstr "<SAN:Principal>формальний-вираз" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:220 +msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN." +msgstr "" +"Встановити відповідність реєстраційних даних Kerberos у PKINIT або AD NT " +"Principal SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:224 +msgid "Example: <SAN:Principal>.*@MY\\.REALM" +msgstr "Приклад: <SAN:Principal>.*@MY\\.REALM" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:229 +msgid "<SAN:ntPrincipalName>regular-expression" +msgstr "<SAN:ntPrincipalName>формальний-вираз" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:232 +msgid "Match the Kerberos principals from the AD NT Principal SAN." +msgstr "" +"Встановити відповідність реєстраційних даних Kerberos з AD NT Principal SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:236 +msgid "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM" +msgstr "Приклад: <SAN:ntPrincipalName>.*@MY.AD.REALM" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:241 +msgid "<SAN:pkinit>regular-expression" +msgstr "<SAN:pkinit>формальний-вираз" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:244 +msgid "Match the Kerberos principals from the PKINIT SAN." +msgstr "Встановити відповідність реєстраційних даних Kerberos з SAN PKINIT." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:247 +msgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM" +msgstr "Приклад: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:252 +msgid "<SAN:dotted-decimal-oid>regular-expression" +msgstr "<SAN:dotted-decimal-oid>формальний-вираз" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:255 +msgid "" +"Take the value of the otherName SAN component given by the OID in dotted-" +"decimal notation, interpret it as string and try to match it against the " +"regular expression." +msgstr "" +"Отримати значення компонента SAN otherName, яке задано OID у крапково-" +"десятковому позначенні, обробити його як рядок і спробувати встановити " +"відповідність формальному виразу." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:261 +msgid "Example: <SAN:1.2.3.4>test" +msgstr "Приклад: <SAN:1.2.3.4>test" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:266 +msgid "<SAN:otherName>base64-string" +msgstr "<SAN:otherName>base64-string" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:269 +msgid "" +"Do a binary match with the base64 encoded blob against all otherName SAN " +"components. With this option it is possible to match against custom " +"otherName components with special encodings which could not be treated as " +"strings." +msgstr "" +"Виконати спробу встановлення двійкової відповідності блоку у кодуванні " +"base64 із усіма компонентами SAN otherName. За допомогою цього параметра " +"можна встановлювати відповідність із нетиповими компонентами otherName із " +"особливими кодуваннями, які не можна обробляти як рядки." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:276 +msgid "Example: <SAN:otherName>MTIz" +msgstr "Приклад: <SAN:otherName>MTIz" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:281 +msgid "<SAN:rfc822Name>regular-expression" +msgstr "<SAN:rfc822Name>формальний-вираз" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:284 +msgid "Match the value of the rfc822Name SAN." +msgstr "Встановити відповідність значення SAN rfc822Name." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:287 +msgid "Example: <SAN:rfc822Name>.*@email\\.domain" +msgstr "Приклад: <SAN:rfc822Name>.*@email\\.domain" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:292 +msgid "<SAN:dNSName>regular-expression" +msgstr "<SAN:dNSName>формальний-вираз" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:295 +msgid "Match the value of the dNSName SAN." +msgstr "Встановити відповідність значення SAN dNSName." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:298 +msgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain" +msgstr "Приклад: <SAN:dNSName>.*\\.my\\.dns\\.domain" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:303 +msgid "<SAN:x400Address>base64-string" +msgstr "<SAN:x400Address>рядок-base64" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:306 +msgid "Binary match the value of the x400Address SAN." +msgstr "Встановити двійкову відповідність значення SAN x400Address." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:309 +msgid "Example: <SAN:x400Address>MTIz" +msgstr "Приклад: <SAN:x400Address>MTIz" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:314 +msgid "<SAN:directoryName>regular-expression" +msgstr "<SAN:directoryName>формальний-вираз" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:317 +msgid "" +"Match the value of the directoryName SAN. The same comments as given for <" +"ISSUER> and <SUBJECT> apply here as well." +msgstr "" +"Встановити відповідність значення SAN directoryName. Цього параметра " +"стосуються ті самі коментарі, які було вказано для параметрів <ISSUER> " +"та <SUBJECT>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:322 +msgid "Example: <SAN:directoryName>.*,DC=com" +msgstr "Приклад: <SAN:directoryName>.*,DC=com" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:327 +msgid "<SAN:ediPartyName>base64-string" +msgstr "<SAN:ediPartyName>рядок-base64" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:330 +msgid "Binary match the value of the ediPartyName SAN." +msgstr "Встановити двійкову відповідність значення SAN ediPartyName." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:333 +msgid "Example: <SAN:ediPartyName>MTIz" +msgstr "Приклад: <SAN:ediPartyName>MTIz" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:338 +msgid "<SAN:uniformResourceIdentifier>regular-expression" +msgstr "<SAN:uniformResourceIdentifier>формальний-вираз" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:341 +msgid "Match the value of the uniformResourceIdentifier SAN." +msgstr "Встановити відповідність значення SAN uniformResourceIdentifier." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:344 +msgid "Example: <SAN:uniformResourceIdentifier>URN:.*" +msgstr "Приклад: <SAN:uniformResourceIdentifier>URN:.*" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:349 +msgid "<SAN:iPAddress>regular-expression" +msgstr "<SAN:iPAddress>формальний-вираз" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:352 +msgid "Match the value of the iPAddress SAN." +msgstr "Встановити відповідність значення SAN iPAddress." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:355 +msgid "Example: <SAN:iPAddress>192\\.168\\..*" +msgstr "Приклад: <SAN:iPAddress>192\\.168\\..*" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:360 +msgid "<SAN:registeredID>regular-expression" +msgstr "<SAN:registeredID>формальний-вираз" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:363 +msgid "Match the value of the registeredID SAN as dotted-decimal string." +msgstr "" +"Встановити значення SAN registeredID у форматі точково-десяткового рядка." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:367 +msgid "Example: <SAN:registeredID>1\\.2\\.3\\..*" +msgstr "Приклад: <SAN:registeredID>1\\.2\\.3\\..*" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:96 +msgid "" +"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "Доступні варіанти: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:375 +msgid "MAPPING RULE" +msgstr "ПРАВИЛО ПРИВʼЯЗУВАННЯ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:377 +msgid "" +"The mapping rule is used to associate a certificate with one or more " +"accounts. A Smartcard with the certificate and the matching private key can " +"then be used to authenticate as one of those accounts." +msgstr "" +"Правило прив'язки використовується для пов'язування сертифіката із одним або " +"декількома обліковими записами. Далі, смарткарткою із сертифікатом та " +"відповідним закритим ключем можна скористатися для розпізнавання за одним з " +"цих облікових записів." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:382 +msgid "" +"Currently SSSD basically only supports LDAP to lookup user information (the " +"exception is the proxy provider which is not of relevance here). Because of " +"this the mapping rule is based on LDAP search filter syntax with templates " +"to add certificate content to the filter. It is expected that the filter " +"will only contain the specific data needed for the mapping and that the " +"caller will embed it in another filter to do the actual search. Because of " +"this the filter string should start and stop with '(' and ')' respectively." +msgstr "" +"У поточній версії SSSD на базовому рівні підтримує пошук даних користувачів " +"лише у LDAP (винятком є лише засіб надання проксі, який у цьому контексті є " +"недоречним). Через це правило прив'язки засновано на синтаксисі фільтрування " +"пошуку LDAP з шаблонами для додавання вмісту сертифікатів до фільтра. " +"Очікується, що цей фільтр міститиме лише специфічні дані, потрібні для " +"прив'язки, яку функція виклику вбудовуватиме до іншого фільтра для виконання " +"справжнього пошуку. Через це рядок фільтрування має починатися із " +"завершуватися «(» і «)», відповідно." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:392 +msgid "" +"In general it is recommended to use attributes from the certificate and add " +"them to special attributes to the LDAP user object. E.g. the " +"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute " +"for IPA can be used." +msgstr "" +"Загалом, рекомендується використовувати атрибути з сертифіката і додати їх " +"до спеціальних атрибутів об'єкта користувача LDAP. Наприклад, можна " +"скористатися атрибутом «altSecurityIdentities» у AD або атрибутом " +"«ipaCertMapData» для IPA." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:398 +msgid "" +"This should be preferred to read user specific data from the certificate " +"like e.g. an email address and search for it in the LDAP server. The reason " +"is that the user specific data in LDAP might change for various reasons " +"would break the mapping. On the other hand it would be hard to break the " +"mapping on purpose for a specific user." +msgstr "" +"Бажаним шляхом є читання із сертифіката специфічних для користувача даних, " +"наприклад адреси електронної пошти, і пошук цих даних на сервері LDAP. " +"Причиною є те, що специфічні для користувача дані у LDAP можу бути з різних " +"причин змінено, що розірве прив'язку. З іншого боку, якщо скористатися " +"бажаним шляхом, розірвати прив'язку буде важко." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:406 +msgid "" +"The default <quote>mapping rule</quote> type is 'LDAP' which can be added as " +"a prefix to a rule like e.g. 'LDAP:(userCertificate;binary={cert!bin})'. " +"There is an extension called 'LDAPU1' which offer more templates for more " +"flexibility. To allow older versions of this library to ignore the extension " +"the prefix 'LDAPU1' must be used when using the new templates in a " +"<quote>mapping rule</quote> otherwise the old version of this library will " +"fail with a parsing error. The new templates are described in section <xref " +"linkend=\"map_ldapu1\"/>." +msgstr "" +"Стандартним типом <quote>правила прив'язки</quote> є «LDAP». Цей запис може " +"бути додано як префікс до правила. Ось так, наприклад: «LDAP:" +"(userCertificate;binary={cert!bin})». Передбачено розширення, яке має назву " +"«LDAPU1», і яке надає додаткові шаблони для збільшення гнучкості. Щоб " +"дозволити застарілим версіям цієї бібліотеки ігнорувати розширення, при " +"використанні нових шаблонів у <quote>правилі прив'язки</quote> має бути " +"використано префікс «LDAPU1», інакше роботу застарілої версії цієї " +"бібліотеки буде завершено із повідомленням про помилку при обробці вхідних " +"даних. Нові шаблони описано у розділі <xref linkend=\"map_ldapu1\"/>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:424 +msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:427 +msgid "" +"This template will add the full issuer DN converted to a string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" +"Цей шаблон додасть повний DN видавця, перетворений на рядок відповідно до " +"RFC 4514. Якщо використано упорядковування X.500 (найспецифічніший RDN " +"стоїть останнім), буде використано параметр із префіксом «_x500»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:433 sss-certmap.5.xml:459 +msgid "" +"The conversion options starting with 'ad_' will use attribute names as used " +"by AD, e.g. 'S' instead of 'ST'." +msgstr "" +"У варіантах перетворення, назви яких починаються з «ad_», " +"використовуватимуться назви атрибутів, які використовуються AD, наприклад " +"«S», замість «ST»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:437 sss-certmap.5.xml:463 +msgid "" +"The conversion options starting with 'nss_' will use attribute names as used " +"by NSS." +msgstr "" +"У варіантах перетворення, назви яких починаються з «nss_», " +"використовуватимуться назви атрибутів, які використовуються NSS." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:441 sss-certmap.5.xml:467 +msgid "" +"The default conversion option is 'nss', i.e. attribute names according to " +"NSS and LDAP/RFC 4514 ordering." +msgstr "" +"Типовим варіантом перетворення є «nss», тобто назви атрибутів відповідно до " +"NSS і упорядковування за LDAP/RFC 4514." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:445 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!" +"ad})" +msgstr "" +"Приклад: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!" +"ad})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:450 +msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:453 +msgid "" +"This template will add the full subject DN converted to string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" +"Цей шаблон додасть повний DN призначення, перетворений на рядок відповідно " +"до RFC 4514. Якщо використано упорядковування X.500 (найспецифічніший RDN " +"стоїть останнім), буде використано параметр із префіксом «_x500»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:471 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>" +"{subject_dn!nss_x500})" +msgstr "" +"Приклад: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>" +"{subject_dn!nss_x500})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:476 +msgid "{cert[!(bin|base64)]}" +msgstr "{cert[!(bin|base64)]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:479 +msgid "" +"This template will add the whole DER encoded certificate as a string to the " +"search filter. Depending on the conversion option the binary certificate is " +"either converted to an escaped hex sequence '\\xx' or base64. The escaped " +"hex sequence is the default and can e.g. be used with the LDAP attribute " +"'userCertificate;binary'." +msgstr "" +"Цей шаблон додасть увесь сертифікат у кодуванні DER як рядок до фільтра " +"пошуку. Залежно від параметра перетворення, двійковий сертифікат або буде " +"преетворено на екрановану послідовність шістнадцяткових чисел у форматі " +"«\\xx», або на код base64. Типовим варіантом є екранована шістнадцяткова " +"послідовність, її може бути, наприклад, використано з атрибутом LDAP " +"«userCertificate;binary»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:487 +msgid "Example: (userCertificate;binary={cert!bin})" +msgstr "Приклад: (userCertificate;binary={cert!bin})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:492 +msgid "{subject_principal[.short_name]}" +msgstr "{subject_principal[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:495 +msgid "" +"This template will add the Kerberos principal which is taken either from the " +"SAN used by pkinit or the one used by AD. The 'short_name' component " +"represents the first part of the principal before the '@' sign." +msgstr "" +"Цей шаблон додасть реєстраційні дані Kerberos, які буде взято або з SAN, " +"який використовується pkinit, або з реєстраційних даних AD. Компонент " +"«short_name» відповідає першій частині реєстраційного запису до символу «@»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:501 +msgid "" +"Example: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" +msgstr "" +"Приклад: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:506 +msgid "{subject_pkinit_principal[.short_name]}" +msgstr "{subject_pkinit_principal[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:509 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by pkinit. The 'short_name' component represents the first part of the " +"principal before the '@' sign." +msgstr "" +"Цей шаблон додасть реєстраційні дані Kerberos, які буде передано SAN, що " +"використовується pkinit. Компонент «short_name» відповідає першій частині " +"реєстраційного запису до символу «@»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:515 +msgid "" +"Example: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" +msgstr "" +"Приклад: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:520 +msgid "{subject_nt_principal[.short_name]}" +msgstr "{subject_nt_principal[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:523 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by AD. The 'short_name' component represent the first part of the principal " +"before the '@' sign." +msgstr "" +"Цей шаблон додасть реєстраційні дані Kerberos, які буде передано SAN, що " +"використовується AD. Компонент «short_name» відповідає першій частині " +"реєстраційного запису до символу «@»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:529 +msgid "" +"Example: (|(userPrincipalName={subject_nt_principal})" +"(samAccountName={subject_nt_principal.short_name}))" +msgstr "" +"Приклад: (|(userPrincipalName={subject_nt_principal})" +"(samAccountName={subject_nt_principal.short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:534 +msgid "{subject_rfc822_name[.short_name]}" +msgstr "{subject_rfc822_name[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:537 +msgid "" +"This template will add the string which is stored in the rfc822Name " +"component of the SAN, typically an email address. The 'short_name' component " +"represents the first part of the address before the '@' sign." +msgstr "" +"Цей шаблон додасть рядок, який зберігається у компоненті rfc822Name SAN, " +"типово, адресу електронної пошти. Компонент «short_name» відповідає першій " +"частині адреси до символу «@»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:543 +msgid "" +"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name." +"short_name}))" +msgstr "" +"Приклад: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name." +"short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:548 +msgid "{subject_dns_name[.short_name]}" +msgstr "{subject_dns_name[.short_name]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:551 +msgid "" +"This template will add the string which is stored in the dNSName component " +"of the SAN, typically a fully-qualified host name. The 'short_name' " +"component represents the first part of the name before the first '.' sign." +msgstr "" +"Цей шаблон додасть рядок, який зберігається у компоненті dNSName SAN, " +"типово, повну назву вузла. Компонент «short_name» відповідає першій частині " +"назви до першого символу «.»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:557 +msgid "" +"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" +msgstr "" +"Приклад: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:562 +msgid "{subject_uri}" +msgstr "{subject_uri}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:565 +msgid "" +"This template will add the string which is stored in the " +"uniformResourceIdentifier component of the SAN." +msgstr "" +"Цей шаблон додає рядок, який зберігається у компоненті " +"uniformResourceIdentifier SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:569 +msgid "Example: (uri={subject_uri})" +msgstr "Приклад: (uri={subject_uri})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:574 +msgid "{subject_ip_address}" +msgstr "{subject_ip_address}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:577 +msgid "" +"This template will add the string which is stored in the iPAddress component " +"of the SAN." +msgstr "Цей шаблон додає рядок, який зберігається у компоненті iPAddress SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:581 +msgid "Example: (ip={subject_ip_address})" +msgstr "Приклад: (ip={subject_ip_address})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:586 +msgid "{subject_x400_address}" +msgstr "{subject_x400_address}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:589 +msgid "" +"This template will add the value which is stored in the x400Address " +"component of the SAN as escaped hex sequence." +msgstr "" +"Цей шаблон додає значення, яке зберігається у компоненті x400Address SAN як " +"послідовність екранованих шістнадцяткових чисел." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:594 +msgid "Example: (attr:binary={subject_x400_address})" +msgstr "Приклад: (attr:binary={subject_x400_address})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:599 +msgid "" +"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" +"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:602 +msgid "" +"This template will add the DN string of the value which is stored in the " +"directoryName component of the SAN." +msgstr "" +"Цей шаблон додасть рядок DN значення, яке зберігається у компоненті " +"directoryName SAN." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:606 +msgid "Example: (orig_dn={subject_directory_name})" +msgstr "Приклад: (orig_dn={subject_directory_name})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:611 +msgid "{subject_ediparty_name}" +msgstr "{subject_ediparty_name}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:614 +msgid "" +"This template will add the value which is stored in the ediPartyName " +"component of the SAN as escaped hex sequence." +msgstr "" +"Цей шаблон додає значення, яке зберігається у компоненті ediPartyName SAN як " +"послідовність екранованих шістнадцяткових чисел." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:619 +msgid "Example: (attr:binary={subject_ediparty_name})" +msgstr "Приклад: (attr:binary={subject_ediparty_name})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:624 +msgid "{subject_registered_id}" +msgstr "{subject_registered_id}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:627 +msgid "" +"This template will add the OID which is stored in the registeredID component " +"of the SAN as a dotted-decimal string." +msgstr "" +"Цей шаблон додає OID, який зберігається у компоненті registeredID SAN у " +"форматі точково-десяткового рядка." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:632 +msgid "Example: (oid={subject_registered_id})" +msgstr "Приклад: (oid={subject_registered_id})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:417 +msgid "" +"The templates to add certificate data to the search filter are based on " +"Python-style formatting strings. They consist of a keyword in curly braces " +"with an optional sub-component specifier separated by a '.' or an optional " +"conversion/formatting option separated by a '!'. Allowed values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Шаблони для додавання даних сертифікатів до фільтра пошуку засновано на " +"рядках форматування у стилі Python. Воли складаються з ключового слова у " +"фігурних дужках із додатковим підкомпонентом-специфікатором, відокремленим " +"«.», або додатковим параметром перетворення-форматування, відокремленим «!». " +"Дозволені значення: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><title> +#: sss-certmap.5.xml:639 +msgid "LDAPU1 extension" +msgstr "Розширення LDAPU1" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para> +#: sss-certmap.5.xml:641 +msgid "The following template are available when using the 'LDAPU1' extension:" +msgstr "" +"При використанні розширення LDAPU1 можна скористатися такими шаблонами:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:647 +msgid "{serial_number[!(dec|hex[_ucr])]}" +msgstr "{serial_number[!(dec|hex[_ucr])]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:650 +msgid "" +"This template will add the serial number of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" +"Цей шаблон додасть серійний номер сертифіката. Типово, його буде надруковано " +"як шістнадцяткове число літерами нижнього регістру." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:655 +msgid "" +"With the formatting option '!dec' the number will be printed as decimal " +"string. The hexadecimal output can be printed with upper-case letters ('!" +"hex_u'), with a colon separating the hexadecimal bytes ('!hex_c') or with " +"the hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can " +"be combined so that e.g. '!hex_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" +"Якщо використано параметр форматування «!dec», число буде виведено як " +"десятковий рядок. Виведені шістнадцяткові дані може бути показано за " +"допомогою літер верхнього регістру («!hex_u»), із двокрапкою, що відокремлює " +"шістнадцяткові байти («!hex_c»), або із шістнадцятковими байтами у " +"зворотному порядку («!hex_r»). Літер постфікса може бути поєднано, отже, " +"наприклад, «!hex_uc» призведе до виведення відокремленого двокрапками " +"шістнадцяткового рядка із літер верхнього регістру." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:665 +msgid "Example: LDAPU1:(serial={serial_number})" +msgstr "Приклад: LDAPU1:(serial={серійний_номер})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:671 +msgid "{subject_key_id[!hex[_ucr]]}" +msgstr "{subject_key_id[!hex[_ucr]]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:674 +msgid "" +"This template will add the subject key id of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" +"Цей шаблон додасть ідентифікатор ключа призначення сертифіката. Типово, його " +"буде надруковано як шістнадцяткове число літерами нижнього регістру." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:679 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!hex_u'), " +"with a colon separating the hexadecimal bytes ('!hex_c') or with the " +"hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can be " +"combined so that e.g. '!hex_uc' will produce a colon-separated hexadecimal " +"string with upper-case letters." +msgstr "" +"Виведені шістнадцяткові дані може бути показано за допомогою літер верхнього " +"регістру («!hex_u»), із двокрапкою, що відокремлює шістнадцяткові байти («!" +"hex_c»), або із шістнадцятковими байтами у зворотному порядку («!hex_r»). " +"Літер постфікса може бути поєднано, отже, наприклад, «!hex_uc» призведе до " +"виведення відокремленого двокрапками шістнадцяткового рядка із літер " +"верхнього регістру." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:688 +msgid "Example: LDAPU1:(ski={subject_key_id})" +msgstr "Приклад: LDAPU1:(ski={ідентифікатор_ключа_призначення})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:694 +msgid "{cert[!DIGEST[_ucr]]}" +msgstr "{cert[!DIGEST[_ucr]]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:697 +msgid "" +"This template will add the hexadecimal digest/hash of the certificate where " +"DIGEST must be replaced with the name of a digest/hash function supported by " +"OpenSSL, e.g. 'sha512'." +msgstr "" +"Цей шаблон додає шістнадцяткову контрольну суму або хеш до сертифіката. " +"Запис DIGEST має бути замінено назвою функції контрольної суми або хешу, " +"підтримку яких передбачено у OpenSSL, наприклад «sha512»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:703 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!sha512_u'), " +"with a colon separating the hexadecimal bytes ('!sha512_c') or with the " +"hexadecimal bytes in reverse order ('!sha512_r'). The postfix letters can be " +"combined so that e.g. '!sha512_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" +"Виведені шістнадцяткові дані може бути показано за допомогою літер верхнього " +"регістру («!sha512_u»), із двокрапкою, що відокремлює шістнадцяткові байти " +"(«!sha512_c»), або із шістнадцятковими байтами у зворотному порядку («!" +"sha512_r») Літер постфікса може бути поєднано, отже, наприклад, «!sha512_uc» " +"призведе до виведення відокремленого двокрапками шістнадцяткового рядка із " +"літер верхнього регістру." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:712 +msgid "Example: LDAPU1:(dgst={cert!sha256})" +msgstr "Приклад: LDAPU1:(dgst={cert!sha256})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:718 +msgid "{subject_dn_component[(.attr_name|[number]]}" +msgstr "{subject_dn_component[(.назва_атрибуту|[число]]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:721 +msgid "" +"This template will add an attribute value of a component of the subject DN, " +"by default the value of the most specific component." +msgstr "" +"Цей шаблон додасть значення атрибуту компонента DN призначення. Типовим " +"значенням є найспецифічніший компонент." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:726 +msgid "" +"A different component can it either selected by attribute name, e.g. " +"{subject_dn_component.uid} or by position, e.g. {subject_dn_component.[2]} " +"where positive numbers start counting from the most specific component and " +"negative numbers start counting from the least specific component. Attribute " +"name and the position can be combined as e.g. {subject_dn_component.uid[2]} " +"which means that the name of the second component must be 'uid'." +msgstr "" +"Можна вибрати інший компонент або за назвою атрибуту, наприклад, " +"{subject_dn_component.uid}, або за позицією, наприклад, " +"{subject_dn_component.[2]}, де додатні числа означають відлік від найбільш " +"специфічного компонента, а від'ємні числа — відлік від найменш специфічного " +"компонента. Назву атрибуту та позицію можна поєднувати. Приклад: " +"{subject_dn_component.uid[2]}, тобто назвою другого компонента має бути " +"«uid»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:737 +msgid "Example: LDAPU1:(uid={subject_dn_component.uid})" +msgstr "Приклад: LDAPU1:(uid={subject_dn_component.uid})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:743 +msgid "{issuer_dn_component[(.attr_name|[number]]}" +msgstr "{issuer_dn_component[(.назва_атрибуту|[число]]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:746 +msgid "" +"This template will add an attribute value of a component of the issuer DN, " +"by default the value of the most specific component." +msgstr "" +"Цей шаблон додасть значення атрибуту компонента DN видавця. Типовим " +"значенням є найспецифічніший компонент." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:751 +msgid "" +"See 'subject_dn_component' for details about the attribute name and position " +"specifiers." +msgstr "" +"Див. «subject_dn_component», щоб дізнатися більше про назви атрибутів та " +"специфікатори позиції." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:755 +msgid "" +"Example: LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component." +"dc[-1]})" +msgstr "" +"Приклад: LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component." +"dc[-1]})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:760 +msgid "{sid[.rid]}" +msgstr "{sid[.rid]}" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:763 +msgid "" +"This template will add the SID if the corresponding extension introduced by " +"Microsoft with the OID 1.3.6.1.4.1.311.25.2 is available. With the '.rid' " +"selector only the last component, i.e. the RID, will be added." +msgstr "" +"Цей шаблон додасть SID, якщо відповідне розширення впроваджено Microsoft із " +"доступним OID 1.3.6.1.4.1.311.25.2. Якщо вказано «.rid», буде додано лише " +"останній компонент, тобто RID." + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:770 +msgid "Example: LDAPU1:(objectsid={sid})" +msgstr "Приклад: LDAPU1:(objectsid={sid})" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:779 +msgid "DOMAIN LIST" +msgstr "СПИСОК ДОМЕНІВ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:781 +msgid "" +"If the domain list is not empty users mapped to a given certificate are not " +"only searched in the local domain but in the listed domains as well as long " +"as they are know by SSSD. Domains not know to SSSD will be ignored." +msgstr "" +"Якщо список доменів не є порожнім, записи користувачів, прив'язані до " +"заданого сертифіката, шукаються не лише у локальному домені, а і у доменах " +"зі списку, якщо вони відомі SSSD. Домени, які не відомі SSSD, буде " +"проігноровано." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "sssd-ipa" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "Модуль надання даних IPA SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"На цій сторінці довідника описано налаштування засобу керування доступом IPA " +"для <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис налаштування, " +"зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" +"Інструмент надання даних IPA — модуль, який використовується для " +"встановлення з’єднання з сервером IPA. (Інформацію щодо серверів IPA можна " +"знайти на сайті freeipa.org.) Цей інструмент надання доступу потребує " +"включення комп’ютера до домену IPA. Налаштування майже повністю " +"автоматизовано, дані для нього отримуються безпосередньо з сервера." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for IPA environments. The IPA provider accepts the same " +"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. " +"However, it is neither necessary nor recommended to set these options." +msgstr "" +"Засіб надання даних IPA уможливлює для SSSD використання засобу надання " +"даних профілів <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> та засобу надання даних " +"розпізнавання <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> з оптимізацією для середовищ IPA. " +"Засіб надання даних IPA приймає ті самі параметри, які використовуються " +"засобами надання даних sssd-ldap та sssd-krb5, із деякими виключеннями. " +"Втім, встановлювати ці параметри не обов'язково і не рекомендовано." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:57 +msgid "" +"The IPA provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" +"Засіб надання даних IPA в основному копіює типові параметри традиційних " +"засобів надання даних ldap і krb5 із деякими виключенням. Відмінності " +"наведено у розділі <quote>ЗМІНЕНІ ТИПОВІ ПАРАМЕТРИ</quote>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +#, fuzzy +#| msgid "" +#| "As an access provider, the IPA provider uses HBAC (host-based access " +#| "control) rules. Please refer to freeipa.org for more information about " +#| "HBAC. No configuration of access provider is required on the client side." +msgid "" +"As an access provider, the IPA provider has a minimal configuration (see " +"<quote>ipa_access_order</quote>) as it mainly uses HBAC (host-based access " +"control) rules. Please refer to freeipa.org for more information about HBAC." +msgstr "" +"Як інструмент надання доступу, інструмент надання даних IPA для керування " +"доступом використовує правила HBAC (host-based access control або керування " +"доступом на основі даних щодо вузлів). Докладнішу інформацію щодо HBAC можна " +"отримати на сайті freeipa.org. У налаштуванні керування доступом на боці " +"клієнта немає потреби." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:68 +msgid "" +"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ipa</" +"quote>." +msgstr "" +"Якщо у sssd.conf вказано <quote>auth_provider=ipa</quote> або " +"<quote>access_provider=ipa</quote>, для id_provider також має бути вказано " +"<quote>ipa</quote>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:74 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" +"Інструмент надання даних IPA використовуватиме відповідач PAC, якщо квитки " +"Kerberos користувачів з довірених областей містять PAC. Для полегшення " +"налаштовування відповідач PAC запускається автоматично, якщо налаштовано " +"інструмент надання даних ідентифікаторів IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:90 +msgid "ipa_domain (string)" +msgstr "ipa_domain (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:93 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" +"Визначає назву домену IPA. Є необов’язковим. Якщо не вказано, буде " +"використано назву домену з налаштувань." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:101 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "ipa_server, ipa_backup_server (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:104 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"Впорядкований за пріоритетом список IP-адрес або назв вузлів, відокремлених " +"комами, серверів IPA, з якими має встановити з’єднання SSSD. Докладніші " +"відомості щодо резервних серверів викладено у розділі «РЕЗЕРВ». Цей список є " +"необов’язковим, якщо увімкнено автоматичне виявлення служб. Докладніші " +"відомості щодо автоматичного виявлення служб наведено у розділі «ПОШУК " +"СЛУЖБ»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:117 +msgid "ipa_hostname (string)" +msgstr "ipa_hostname (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:120 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host. The " +"hostname must be fully qualified." +msgstr "" +"Необов’язковий. Може бути встановлено на комп’ютерах, де hostname(5) не " +"відповідає повній назві, що використовується доменом IPA для розпізнавання " +"цього вузла. Назву вузла слід вказувати повністю." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:129 sssd-ad.5.xml:1181 +msgid "dyndns_update (boolean)" +msgstr "dyndns_update (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:132 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA with the IP address of this client. The update is secured " +"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the " +"updates, if it is not otherwise specified by using the <quote>dyndns_iface</" +"quote> option." +msgstr "" +"Необов’язковий. За допомогою цього параметра можна наказати SSSD автоматично " +"оновити на сервері DNS, вбудованому до FreeIPA, IP-адресу клієнта. Захист " +"оновлення буде забезпечено за допомогою GSS-TSIG. Для оновлення буде " +"використано IP-адресу з’єднання LDAP IPA, якщо не вказано іншу адресу за " +"допомогою параметра «dyndns_iface»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:141 sssd-ad.5.xml:1195 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" +"ЗАУВАЖЕННЯ: на застарілих системах (зокрема RHEL 5) для надійної роботи у " +"цьому режимі типову область дії Kerberos має бути належним чином визначено " +"у /etc/krb5.conf" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:146 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" +"ЗАУВАЖЕННЯ: хоча можна використовувати і попередню назву параметра, " +"<emphasis>ipa_dyndns_update</emphasis>, користувачам слід переходити на нову " +"назву, <emphasis>dyndns_update</emphasis>, у файлі налаштувань." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:158 sssd-ad.5.xml:1206 +msgid "dyndns_ttl (integer)" +msgstr "dyndns_ttl (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:161 sssd-ad.5.xml:1209 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" +"TTL, до якого буде застосовано клієнтський запис DNS під час його оновлення. " +"Якщо dyndns_update має значення false, цей параметр буде проігноровано. " +"Перевизначає TTL на боці сервера, якщо встановлено адміністратором." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:166 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" +"ЗАУВАЖЕННЯ: хоча можна використовувати і попередню назву параметра, " +"<emphasis>ipa_dyndns_ttl</emphasis>, користувачам слід переходити на нову " +"назву, <emphasis>dyndns_ttl</emphasis>, у файлі налаштувань." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:172 +msgid "Default: 1200 (seconds)" +msgstr "Типове значення: 1200 (секунд)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:178 sssd-ad.5.xml:1220 +msgid "dyndns_iface (string)" +msgstr "dyndns_iface (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 sssd-ad.5.xml:1223 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" +"Необов'язковий. Застосовний, лише якщо dyndns_update має значення true. " +"Виберіть інтерфейс або список інтерфейсів, чиї IP-адреси має бути " +"використано для динамічних оновлень DNS. Спеціальне значення <quote>*</" +"quote> означає, що слід використовувати IP-адреси з усіх інтерфейсів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:188 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" +"ЗАУВАЖЕННЯ: хоча можна використовувати і попередню назву параметра, " +"<emphasis>ipa_dyndns_iface</emphasis>, користувачам слід переходити на нову " +"назву, <emphasis>dyndns_iface</emphasis>, у файлі налаштувань." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" +"Типове значення: використовувати IP-адреси інтерфейсу, який використовується " +"для з’єднання LDAP IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 sssd-ad.5.xml:1234 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "Приклад: dyndns_iface = em1, vnet1, vnet2" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 +msgid "dyndns_auth (string)" +msgstr "dyndns_auth (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"updates with the DNS server, insecure updates can be sent by setting this " +"option to 'none'." +msgstr "" +"Визначає, чи має використовувати допоміжний засіб nsupdate розпізнавання GSS-" +"TSIG для безпечних оновлень за допомогою сервера DNS, незахищені оновлення " +"можна надсилати встановленням для цього параметра значення «none»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 +msgid "Default: GSS-TSIG" +msgstr "Типове значення: GSS-TSIG" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 +msgid "dyndns_auth_ptr (string)" +msgstr "dyndns_auth_ptr (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"PTR updates with the DNS server, insecure updates can be sent by setting " +"this option to 'none'." +msgstr "" +"Визначає, чи має використовувати допоміжний засіб nsupdate розпізнавання GSS-" +"TSIG для безпечних оновлень PTR за допомогою сервера DNS, незахищені " +"оновлення можна надсилати встановленням для цього параметра значення «none»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 +msgid "Default: Same as dyndns_auth" +msgstr "Типове значення: те саме, що і dyndns_auth" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:234 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "ipa_enable_dns_sites (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:237 sssd-ad.5.xml:238 +msgid "Enables DNS sites - location based service discovery." +msgstr "Вмикає сайти DNS — визначення служб на основі адрес." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example." +"com\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" +"Якщо вказано значення true і увімкнено визначення служб (див. розділ щодо " +"пошуку служб у нижній частині сторінки підручника (man)), SSSD спочатку " +"спробує визначення на основі адрес за допомогою запиту, що містить " +"\"_location.hostname.example.com\", а потім повертається до традиційного " +"визначення SRV. Якщо визначення на основі адреси буде успішним, сервери IPA, " +"виявлені на основі визначення за адресою, вважатимуться основним серверами, " +"а сервери IPA, виявлені за допомогою традиційного визначення SRV, " +"вважатимуться резервними серверами." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1240 +msgid "dyndns_refresh_interval (integer)" +msgstr "dyndns_refresh_interval (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:263 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" +"Визначає, наскільки часто серверний модуль має виконувати періодичні " +"оновлення DNS на додачу до автоматичного оновлення, яке виконується під час " +"кожного встановлення з’єднання серверного модуля з мережею. Цей параметр не " +"є обов’язкоми, його застосовують, лише якщо dyndns_update має значення true." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:276 sssd-ad.5.xml:1258 +msgid "dyndns_update_ptr (bool)" +msgstr "dyndns_update_ptr (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:1261 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" +"Визначає, чи слід явним чином оновлювати запис PTR під час оновлення записів " +"DNS клієнта. Застосовується, лише якщо значенням dyndns_update буде true." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" +"Значенням цього параметра у більшості розгорнутих систем IPA має бути False, " +"оскільки сервер IPA створює записи PTR автоматично після зміни у записах " +"переспрямовування." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 +msgid "Default: False (disabled)" +msgstr "Типове значення: False (вимкнено)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 +msgid "dyndns_force_tcp (bool)" +msgstr "dyndns_force_tcp (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" +"Визначає, чи слід у програмі nsupdate типово використовувати TCP для обміну " +"даними з сервером DNS." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "Типове значення: False (надати змогу nsupdate вибирати протокол)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 +msgid "dyndns_server (string)" +msgstr "dyndns_server (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" +"Сервер DNS, який слід використовувати для виконання оновлення DNS. У " +"більшості конфігурацій рекомендуємо не встановлювати значення для цього " +"параметра." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" +"Встановлення значення для цього параметра потрібне для середовищ, де сервер " +"DNS відрізняється від сервера профілів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" +"Будь ласка, зауважте, що цей параметр буде використано лише для резервних " +"спроб, якщо попередні спроби із використанням автовиявлення завершаться " +"невдало." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 +msgid "Default: None (let nsupdate choose the server)" +msgstr "Типове значення: немає (надати nsupdate змогу вибирати сервер)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 +msgid "dyndns_update_per_family (boolean)" +msgstr "dyndns_update_per_family (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 +msgid "" +"DNS update is by default performed in two steps - IPv4 update and then IPv6 " +"update. In some cases it might be desirable to perform IPv4 and IPv6 update " +"in single step." +msgstr "" +"Оновлення DNS, типово, виконується у два кроки — оновлення IPv4, а потім " +"оновлення IPv6. Іноді бажаним є виконання оновлення IPv4 і IPv6 за один крок." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:353 +#, fuzzy +#| msgid "ldap_access_order (string)" +msgid "ipa_access_order (string)" +msgstr "ldap_access_order (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:360 +#, fuzzy +#| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." +msgstr "" +"<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:399 +#, fuzzy +#| msgid "" +#| "Please note that 'access_provider = ldap' must be set for this feature to " +#| "work. Also 'ldap_pwd_policy' must be set to an appropriate password " +#| "policy." +msgid "" +"Please note that 'access_provider = ipa' must be set for this feature to " +"work." +msgstr "" +"Будь ласка, зауважте, що для того, щоб цим можна було скористатися, слід " +"встановити «access_provider = ldap». Крім того, слід встановити для " +"параметра «ldap_pwd_policy» відповідні правила поводження із паролями." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:406 +msgid "ipa_deskprofile_search_base (string)" +msgstr "ipa_deskprofile_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:409 +msgid "" +"Optional. Use the given string as search base for Desktop Profile related " +"objects." +msgstr "" +"Необов’язковий. Використати вказаний рядок як основу пошуку пов’язаних з " +"профілями станції (Desktop Profile) об’єктів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 +msgid "Default: Use base DN" +msgstr "Типове значення: використання базової назви домену" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:419 +msgid "ipa_subid_ranges_search_base (string)" +msgstr "ipa_subid_ranges_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"Optional. Use the given string as search base for subordinate ranges related " +"objects." +msgstr "" +"Необов’язковий. Використати вказаний рядок як основу пошуку пов’язаних з " +"підлеглими діапазонами об’єктів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:426 +msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" +msgstr "Типове значення: значення <emphasis>cn=subids,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:433 +msgid "ipa_hbac_search_base (string)" +msgstr "ipa_hbac_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:436 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" +"Необов’язковий. Використати вказаний рядок як основу пошуку пов’язаних з " +"HBAC об’єктів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 +msgid "ipa_host_search_base (string)" +msgstr "ipa_host_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 +msgid "Deprecated. Use ldap_host_search_base instead." +msgstr "Застарілий. Скористайтеся замість нього ldap_host_search_base." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:455 +msgid "ipa_selinux_search_base (string)" +msgstr "ipa_selinux_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:458 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" +"Необов’язковий. Використати вказаний рядок як основу пошуку карт " +"користувачів SELinux." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:474 +msgid "ipa_subdomains_search_base (string)" +msgstr "ipa_subdomains_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:477 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" +"Необов’язковий. Використати вказаний рядок як основу пошуку надійних доменів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:486 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "Типове значення: значення <emphasis>cn=trusts,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:493 +msgid "ipa_master_domain_search_base (string)" +msgstr "ipa_master_domain_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:496 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" +"Необов’язковий. Використати вказаний рядок як основу пошуку основного " +"об’єкта домену." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:505 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" +"Типове значення: значення виразу <emphasis>cn=ad,cn=etc,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_views_search_base (string)" +msgstr "ipa_views_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" +"Необов’язковий. Використати вказаний рядок як основу пошуку контейнерів " +"перегляду." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:524 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" +"Типове значення: значення <emphasis>cn=views,cn=accounts,%basedn</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:534 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" +"Назва області дії Kerberos. Є необов’язковою, типовим значенням є значення " +"«ipa_domain»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:538 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" +"Назва області дії Kerberos має особливе значення у IPA: цю назву буде " +"перетворено у основний DN для виконання дій LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 +msgid "krb5_confd_path (string)" +msgstr "krb5_confd_path (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" +"Абсолютний шлях до каталогу, у якому SSSD має зберігати фрагменти " +"налаштувань Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" +"Щоб вимкнути створення фрагментів налаштувань, встановіть для параметра " +"значення «none»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" +"Типове значення: не встановлено (підкаталог krb5.include.d каталогу pubconf " +"SSSD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:564 +msgid "ipa_deskprofile_refresh (integer)" +msgstr "ipa_deskprofile_refresh (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:567 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server. This will reduce the latency and load on the IPA server if there " +"are many desktop profiles requests made in a short period." +msgstr "" +"Проміжок часу між послідовними пошуками правил профілів станції (Desktop " +"Profile) щодо сервера IPA. Зміна може зменшити час затримки та навантаження " +"на сервер IPA, якщо протягом короткого періоду часу надходить багато запитів " +"щодо профілів станції." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 +msgid "Default: 5 (seconds)" +msgstr "Типове значення: 5 (секунд)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:580 +msgid "ipa_deskprofile_request_interval (integer)" +msgstr "ipa_deskprofile_request_interval (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:583 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server in case the last request did not return any rule." +msgstr "" +"Час між пошуками у правилах профілів станцій на сервері IPA, якщо за " +"останнім запитом не повернуто жодного правила." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:588 +msgid "Default: 60 (minutes)" +msgstr "Типове значення: 60 (хвилин)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:594 +msgid "ipa_hbac_refresh (integer)" +msgstr "ipa_hbac_refresh (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:597 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" +"Проміжок часу між послідовними пошуками правил HBAC щодо сервера IPA. Зміна " +"може зменшити час затримки та навантаження на сервер IPA, якщо протягом " +"короткого періоду часу надходить багато запитів щодо керування доступом." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:610 +msgid "ipa_hbac_selinux (integer)" +msgstr "ipa_hbac_selinux (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:613 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" +"Проміжок часу між послідовними пошуками у картах SELinux щодо сервера IPA. " +"Зміна може зменшити час затримки та навантаження на сервер IPA, якщо " +"протягом короткого періоду часу надходить багато запитів щодо входу " +"користувача до системи." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:626 +msgid "ipa_server_mode (boolean)" +msgstr "ipa_server_mode (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "" +"This option will be set by the IPA installer (ipa-server-install) " +"automatically and denotes if SSSD is running on an IPA server or not." +msgstr "" +"Цей параметр буде встановлено засобом встановлення IPA (ipa-server-install) " +"автоматично, він визначає, чи запущено SSSD на сервері IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:634 +msgid "" +"On an IPA server SSSD will lookup users and groups from trusted domains " +"directly while on a client it will ask an IPA server." +msgstr "" +"На сервері IPA SSSD шукатиме записи користувачів і груп із довірених доменів " +"безпосередньо, хоча на клієнті SSSD надсилатиме запит на сервер IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:639 +msgid "" +"NOTE: There are currently some assumptions that must be met when SSSD is " +"running on an IPA server." +msgstr "" +"Зауваження: у поточній версії має бути виконано декілька умов, якщо SSSD " +"працює на сервері IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "" +"The <quote>ipa_server</quote> option must be configured to point to the IPA " +"server itself. This is already the default set by the IPA installer, so no " +"manual change is required." +msgstr "" +"Параметр <quote>ipa_server</quote> має бути налаштовано так, щоб він " +"вказував на сам сервер IPA. Це типово робить засіб встановлення IPA, тому " +"зміни вручну є зайвими." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:653 +msgid "" +"The <quote>full_name_format</quote> option must not be tweaked to only print " +"short names for users from trusted domains." +msgstr "" +"Не слід змінювати значення параметра <quote>full_name_format</quote> для " +"того, щоб лише виводити короткі імена користувачів з довірених доменів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:668 +msgid "ipa_automount_location (string)" +msgstr "ipa_automount_location (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:671 +msgid "The automounter location this IPA client will be using" +msgstr "" +"Адреса автоматичного монтування, яку буде використовувати цей клієнт IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:674 +msgid "Default: The location named \"default\"" +msgstr "Типове значення: адреса з назвою \"default\"" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:682 +msgid "VIEWS AND OVERRIDES" +msgstr "ПЕРЕГЛЯДИ і ПЕРЕВИЗНАЧЕННЯ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:691 +msgid "ipa_view_class (string)" +msgstr "ipa_view_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:694 +msgid "Objectclass of the view container." +msgstr "Клас об’єктів для контейнерів перегляду." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:697 +msgid "Default: nsContainer" +msgstr "Типове значення: nsContainer" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:703 +msgid "ipa_view_name (string)" +msgstr "ipa_view_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:706 +msgid "Name of the attribute holding the name of the view." +msgstr "Назва атрибута, у якому зберігається назва перегляду." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 +#: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 +#: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 +#: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 +msgid "Default: cn" +msgstr "Типове значення: cn" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:716 +msgid "ipa_override_object_class (string)" +msgstr "ipa_override_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:719 +msgid "Objectclass of the override objects." +msgstr "Клас об’єктів для об’єктів перевизначення" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:722 +msgid "Default: ipaOverrideAnchor" +msgstr "Типове значення: ipaOverrideAnchor" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:728 +msgid "ipa_anchor_uuid (string)" +msgstr "ipa_anchor_uuid (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:731 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" +"Назва атрибута, у якому зберігається посилання на початковий об’єкт на " +"віддаленому домені." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:735 +msgid "Default: ipaAnchorUUID" +msgstr "Типове значення: ipaAnchorUUID" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:741 +msgid "ipa_user_override_object_class (string)" +msgstr "ipa_user_override_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:744 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" +"Назва класу об’єктів для перевизначень користувачів. Використовується для " +"визначення того, чи знайдений об’єкт перевизначення пов’язано з користувачем " +"або групою." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:749 +msgid "User overrides can contain attributes given by" +msgstr "Перевизначення користувачів можуть містити атрибути, задані" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:752 +msgid "ldap_user_name" +msgstr "ldap_user_name" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:755 +msgid "ldap_user_uid_number" +msgstr "ldap_user_uid_number" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:758 +msgid "ldap_user_gid_number" +msgstr "ldap_user_gid_number" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:761 +msgid "ldap_user_gecos" +msgstr "ldap_user_gecos" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:764 +msgid "ldap_user_home_directory" +msgstr "ldap_user_home_directory" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:767 +msgid "ldap_user_shell" +msgstr "ldap_user_shell" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:770 +msgid "ldap_user_ssh_public_key" +msgstr "ldap_user_ssh_public_key" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:775 +msgid "Default: ipaUserOverride" +msgstr "Типове значення: ipaUserOverride" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:781 +msgid "ipa_group_override_object_class (string)" +msgstr "ipa_group_override_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:784 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" +"Назва класу об’єктів для перевизначень груп. Використовується для визначення " +"того, чи знайдений об’єкт перевизначення пов’язано з користувачем або групою." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:789 +msgid "Group overrides can contain attributes given by" +msgstr "Перевизначення груп можуть містити атрибути, задані" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:792 +msgid "ldap_group_name" +msgstr "ldap_group_name" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:795 +msgid "ldap_group_gid_number" +msgstr "ldap_group_gid_number" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:800 +msgid "Default: ipaGroupOverride" +msgstr "Типове значення: ipaGroupOverride" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:684 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" +"SSSD може обробляти перегляди та перевизначення, які пропонуються FreeIPA " +"4.1 та новішими версіями. Оскільки усі шляхи і класи об’єктів зафіксовано на " +"боці сервера, в основному, немає потреби у додатковому налаштовуванні. Для " +"повноти, усі відповідні параметри наведено у списку разом з їхніми типовими " +"значеннями. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:812 +msgid "SUBDOMAINS PROVIDER" +msgstr "СЛУЖБА ПІДДОМЕНІВ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:814 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" +"Поведінка інструмента надання даних піддоменів IPA залежить від того, у який " +"спосіб його налаштовано: явний чи неявний." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:818 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" +"Якщо у розділі домену sssd.conf буде знайдено запис параметра " +"«subdomains_provider = ipa», інструмент надання даних піддоменів IPA " +"налаштовано явно, отже всі запити піддоменів надсилатимуться серверу IPA, " +"якщо це потрібно." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:824 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" +"Якщо у розділі домену sssdconf не встановлено параметр " +"«subdomains_provider», але встановлено параметр «id_provider = ipa», " +"інструмент надання даних піддоменів IPA налаштовано неявним чином. У цьому " +"випадку спроба запиту щодо піддомену зазнає невдачі і вказуватиме на те, що " +"на сервері не передбачено піддоменів, тобто його не налаштовано на довіру, " +"отже інструмент надання даних піддоменів IPA вимкнено. Щойно мине година або " +"відкриється доступ до інструмента надання даних IPA, інструмент надання " +"даних піддоменів буде знову увімкнено." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:835 +msgid "TRUSTED DOMAINS CONFIGURATION" +msgstr "НАЛАШТОВУВАННЯ ДОВІРЕНИХ ДОМЕНІВ" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:843 +#, no-wrap +msgid "" +"[domain/ipa.domain.com/ad.domain.com]\n" +"ad_server = dc.ad.domain.com\n" +msgstr "" +"[domain/ipa.domain.com/ad.domain.com]\n" +"ad_server = dc.ad.domain.com\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:837 +msgid "" +"Some configuration options can also be set for a trusted domain. A trusted " +"domain configuration can be set using the trusted domain subsection as shown " +"in the example below. Alternatively, the <quote>subdomain_inherit</quote> " +"option can be used in the parent domain. <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Крім того, деякі параметри налаштування може бути встановлено для довіреного " +"домену. Налаштування довіреного домену можна встановити за допомогою " +"підрозділу довіреного домену, як це показано у наведеному нижче прикладі. " +"Крім того, можна скористатися параметром <quote>subdomain_inherit</quote> у " +"батьківському домені. <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:848 +msgid "" +"For more details, see the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Щоб дізнатися більше, ознайомтеся зі сторінкою підручника щодо " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:855 +msgid "" +"Different configuration options are tunable for a trusted domain depending " +"on whether you are configuring SSSD on an IPA server or an IPA client." +msgstr "" +"Перелік параметрів налаштовування для довіреного домену залежить від того, " +"як ви налаштували SSSD на сервері IPA або клієнт IPA." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:860 +msgid "OPTIONS TUNABLE ON IPA MASTERS" +msgstr "ПАРАМЕТРИ, ЯКІ МОЖНА НАЛАШТУВАТИ НА ОСНОВНИХ СЕРВЕРАХ IPA" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:862 +msgid "" +"The following options can be set in a subdomain section on an IPA master:" +msgstr "" +"У розділі піддомену на основному сервері IPA можна вказати такі параметри:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 +msgid "ad_server" +msgstr "ad_server" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:869 +msgid "ad_backup_server" +msgstr "ad_backup_server" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 +msgid "ad_site" +msgstr "ad_site" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:875 +msgid "ldap_search_base" +msgstr "ldap_search_base" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:878 +msgid "ldap_user_search_base" +msgstr "ldap_user_search_base" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:881 +msgid "ldap_group_search_base" +msgstr "ldap_group_search_base" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:890 +msgid "OPTIONS TUNABLE ON IPA CLIENTS" +msgstr "ПАРАМЕТРИ, ЯКІ МОЖНА НАЛАШТУВАТИ НА КЛІЄНТАХ IPA" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:892 +msgid "" +"The following options can be set in a subdomain section on an IPA client:" +msgstr "У розділі піддомену на клієнті IPA можна вказати такі параметри:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:904 +msgid "" +"Note that if both options are set, only <quote>ad_server</quote> is " +"evaluated." +msgstr "" +"Зауважте, що якщо встановлено обидва параметри, буде враховано лише " +"<quote>ad_server</quote>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:908 +msgid "" +"Since any request for a user or a group identity from a trusted domain " +"triggered from an IPA client is resolved by the IPA server, the " +"<quote>ad_server</quote> and <quote>ad_site</quote> options only affect " +"which AD DC will the authentication be performed against. In particular, the " +"addresses resolved from these lists will be written to <quote>kdcinfo</" +"quote> files read by the Kerberos locator plugin. Please refer to the " +"<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more details on the " +"Kerberos locator plugin." +msgstr "" +"Оскільки будь-який запит щодо ідентифікації користувача або групи від " +"довіреного домену, який започатковано клієнтом IPA, обробляється сервером " +"IPA, параметри <quote>ad_server</quote> і <quote>ad_site</quote> впливають " +"лише на те, який з DC AD виконуватиме процедуру розпізнавання. Зокрема, " +"адреси, які визначено за цими списками, буде записано до файлів " +"<quote>kdcinfo</quote>, читання яких виконуватиметься додатком пошуку " +"Kerberos. Будь ласка, зверніться до сторінки підручника щодо <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, щоб дізнатися більше про додаток пошуку Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:932 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" +"У наведеному нижче прикладі припускаємо, що SSSD налаштовано належним чином, " +"а example.com є одним з доменів у розділі <replaceable>[sssd]</replaceable>. " +"У прикладі продемонстровано лише параметри доступу, специфічні для засобу " +"ipa." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:939 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "sssd-ad" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "Модуль надання даних Active Directory SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"На цій сторінці довідника описано налаштування засобу керування доступом AD " +"для <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис налаштування, " +"зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available. Back end communication occurs over a GSSAPI-encrypted " +"channel, SSL/TLS options should not be used with the AD provider and will be " +"superseded by Kerberos usage." +msgstr "" +"Засіб надання даних AD є модулем, який використовується для встановлення " +"з'єднання із сервером Active Directory. Для роботи цього засобу надання " +"даних потрібно, щоб комп'ютер було долучено до домену AD і щоб було " +"доступним сховище ключів. Обмін даними із модулем відбувається за допомогою " +"каналу із шифруванням GSSAPI. Із засобом надання даних AD не слід " +"використовувати параметри SSL/TLS, оскільки їх перекриває використання " +"Kerberos." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:44 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" +"У засобі надання даних AD передбачено підтримку встановлення з’єднання з " +"Active Directory 2008 R2 або пізнішою версією. Робота з попередніми версіями " +"можлива, але не підтримується." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:48 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" +"Засобом надання даних AD можна скористатися для отримання даних щодо " +"користувачів і розпізнавання користувачів за допомогою довірених доменів. У " +"поточній версії передбачено підтримку використання лише довірених доменів з " +"того самого лісу. Крім того автоматично визначаються сервери із довірених " +"доменів." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:54 +msgid "" +"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for Active Directory environments. The AD provider accepts the " +"same options used by the sssd-ldap and sssd-krb5 providers with some " +"exceptions. However, it is neither necessary nor recommended to set these " +"options." +msgstr "" +"Засіб надання даних AD уможливлює для SSSD використання засобу надання даних " +"профілів <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> та засобу надання даних " +"розпізнавання <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> з оптимізацією для середовищ Active " +"Directory. Засіб надання даних AD приймає ті самі параметри, які " +"використовуються засобами надання даних sssd-ldap та sssd-krb5, із деякими " +"виключеннями. Втім, встановлювати ці параметри не обов'язково і не " +"рекомендовано." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"The AD provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" +"Засіб надання даних AD в основному копіює типові параметри традиційних " +"засобів надання даних ldap і krb5 із деякими виключенням. Відмінності " +"наведено у розділі <quote>ЗМІНЕНІ ТИПОВІ ПАРАМЕТРИ</quote>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:74 +msgid "" +"The AD provider can also be used as an access, chpass, sudo and autofs " +"provider. No configuration of the access provider is required on the client " +"side." +msgstr "" +"Інструментом надання даних AD також можна скористатися для доступу, зміни " +"паролів запуску від імені користувача (sudo) та використання autofs. У " +"налаштовуванні керування доступом на боці клієнта немає потреби." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:79 +msgid "" +"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ad</" +"quote>." +msgstr "" +"Якщо у sssdconf вказано <quote>auth_provider=ad</quote> або " +"<quote>access_provider=ad</quote>, для id_provider також має бути вказано " +"<quote>ad</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:91 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" +"ldap_id_mapping = False\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:85 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should " +"be used, it is recommended for performance reasons that the attributes are " +"also replicated to the Global Catalog. If POSIX attributes are replicated, " +"SSSD will attempt to locate the domain of a requested numerical ID with the " +"help of the Global Catalog and only search that domain. In contrast, if " +"POSIX attributes are not replicated to the Global Catalog, SSSD must search " +"all the domains in the forest sequentially. Please note that the " +"<quote>cache_first</quote> option might be also helpful in speeding up " +"domainless searches. Note that if only a subset of POSIX attributes is " +"present in the Global Catalog, the non-replicated attributes are currently " +"not read from the LDAP port." +msgstr "" +"Типово, модуль надання даних AD виконуватиме прив’язку до значень UID та GID " +"з параметра objectSID у Active Directory. Докладніший опис наведено у " +"розділі «ВСТАНОВЛЕННЯ ВІДПОВІДНОСТІ ІДЕНТИФІКАТОРІВ». Якщо вам потрібно " +"вимкнути встановлення відповідності ідентифікаторів і покладатися на " +"атрибути POSIX, визначені у Active Directory, вам слід встановити " +"<placeholder type=\"programlisting\" id=\"0\"/> Якщо має бути використано " +"атрибути POSIX, рекомендуємо з міркувань швидкодії виконувати також " +"реплікацію атрибутів до загального каталогу. Якщо виконується реплікація " +"атрибутів POSIX, SSSD намагатиметься знайти домен числового ідентифікатора " +"із запиту за допомогою загального каталогу і шукатиме лише цей домен. І " +"навпаки, якщо реплікація атрибутів POSIX до загального каталогу не " +"відбувається, SSSD доводиться шукати на усіх доменах у лісі послідовно. Будь " +"ласка, зауважте, що для пришвидшення пошуку без доменів також може бути " +"корисним використання параметра <quote>cache_first</quote>. Зауважте, що " +"якщо у загальному каталозі є лише підмножина атрибутів POSIX, у поточній " +"версії невідтворювані атрибути з порту LDAP не читатимуться." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:108 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" +"Дані щодо користувачів, груп та інших записів, які обслуговуються SSSD, у " +"модулі надання даних AD завжди обробляються із врахуванням регістру символів " +"для забезпечення сумісності з реалізацією Active Directory у LDAP." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:113 +msgid "" +"SSSD only resolves Active Directory Security Groups. For more information " +"about AD group types see: <ulink url=\"https://docs.microsoft.com/en-us/" +"windows-server/identity/ad-ds/manage/understand-security-groups\"> Active " +"Directory security groups</ulink>" +msgstr "" +"SSSD може встановлювати відповідність лише груп захисту Active Directory. " +"Щоб дізнатися більше про типи груп AD, ознайомтеся із <ulink url=\"https://" +"docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-" +"security-groups\"> підручником з груп захисту Active Directory</ulink>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:120 +msgid "" +"SSSD filters out Domain Local groups from remote domains in the AD forest. " +"By default they are filtered out e.g. when following a nested group " +"hierarchy in remote domains because they are not valid in the local domain. " +"This is done to be in agreement with Active Directory's group-membership " +"assignment which can be seen in the PAC of the Kerberos ticket of a user " +"issued by Active Directory." +msgstr "" +"SSSD відфільтровуватиме локальні для домену групи від віддалених доменів у " +"лісі AD. Типово, групи буде відфільтровано, наприклад при слідуванні за " +"вкладеною ієрархією груп у віддалених доменах, оскільки вони не є чинними у " +"локальних доменах. Так зроблено для забезпечення узгодженості з призначенням " +"груп і участі у них Active Directory, яку можна переглянути у PAC квитка " +"Kerberos користувача, який видано Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:138 +msgid "ad_domain (string)" +msgstr "ad_domain (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:141 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" +"Визначає назву домену Active Directory. Є необов’язковим. Якщо не вказано, " +"буде використано назву домену з налаштувань." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:146 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" +"Для забезпечення належної роботи цей параметр слід вказати у форматі запису " +"малими літерами повної версії назви домену Active Directory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:151 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" +"Скорочена назва домену (також відома як назва NetBIOS або проста назва) " +"автоматично визначається засобами SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:158 +msgid "ad_enabled_domains (string)" +msgstr "ad_enabled_domains (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:161 +#, fuzzy +#| msgid "" +#| "A comma-separated list of enabled Active Directory domains. If provided, " +#| "SSSD will ignore any domains not listed in this option. If left unset, " +#| "all domains from the AD forest will be available." +msgid "" +"A comma-separated list of enabled Active Directory domains. If provided, " +"SSSD will ignore any domains not listed in this option. If left unset, all " +"discovered domains from the AD forest will be available." +msgstr "" +"Список дозволених доменів Active Directory, відокремлених комами. Якщо " +"вказано, SSSD ігноруватиме будь-які домени, яких немає у списку цього " +"параметра. Якщо значення параметра не встановлено, доступними будуть усі " +"домени з лісу AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:168 +msgid "" +"During the discovery of the domains SSSD will filter out some domains where " +"flags or attributes indicate that they do not belong to the local forest or " +"are not trusted. If ad_enabled_domains is set, SSSD will try to enable all " +"listed domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:179 +#, no-wrap +msgid "" +"ad_enabled_domains = sales.example.com, eng.example.com\n" +" " +msgstr "" +"ad_enabled_domains = sales.example.com, eng.example.com\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:175 +msgid "" +"For proper operation, this option must be specified in all lower-case and as " +"the fully qualified domain name of the Active Directory domain. For example: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Для належного функціонування значення цього параметра має бути вказано " +"малими літерами у форматі повної назви домену Active Directory. Приклад: " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) will be " +"autodetected by SSSD." +msgstr "" +"Скорочена назва домену (також відома як назва NetBIOS або проста назва) " +"автоматично визначається засобами SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:193 +msgid "ad_server, ad_backup_server (string)" +msgstr "ad_server, ad_backup_server (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:196 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" +"Список назв тих вузлів серверів AD, відокремлених комами, з якими SSSD має " +"встановлювати з'єднання у порядку пріоритетності. Щоб дізнатися більше про " +"резервне використання серверів, ознайомтеся із розділом <quote>РЕЗЕРВ</" +"quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:203 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" +"Цей список є необов’язковим, якщо увімкнено автоматичне виявлення служб. " +"Докладніші відомості щодо автоматичного виявлення служб наведено у розділі " +"«ПОШУК СЛУЖБ»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:208 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" +"Зауваження: довірені домени завжди автоматично визначають сервери, навіть " +"якщо основний сервер явним чином визначено у параметрі ad_server." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:216 +msgid "ad_hostname (string)" +msgstr "ad_hostname (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:219 +msgid "" +"Optional. On machines where the hostname(5) does not reflect the fully " +"qualified name, sssd will try to expand the short name. If it is not " +"possible or the short name should be really used instead, set this parameter " +"explicitly." +msgstr "" +"Є необов'язковим. У системах, де hostname(5) не видає повноцінної назви, " +"sssd намагається розгорнути скорчену назву. Якщо це не вдасться зробити або " +"слід насправді використовувати скорочену назву, встановіть значення " +"параметра явним чином." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:226 +msgid "" +"This field is used to determine the host principal in use in the keytab and " +"to perform dynamic DNS updates. It must match the hostname for which the " +"keytab was issued." +msgstr "" +"Це поле використовується для визначення використаного реєстраційного запису " +"вузла у таблиці ключів та виконання динамічних оновлень DNS. Його вміст має " +"збігатися із назвою вузла, для якого випущено таблицю ключів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:235 +msgid "ad_enable_dns_sites (boolean)" +msgstr "ad_enable_dns_sites (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" +"Якщо вказано значення true і увімкнено визначення служб (див. розділ щодо " +"пошуку служб у нижній частині сторінки підручника (man)), SSSD спочатку " +"спробує визначити сервер Active Directory для встановлення з’єднання на " +"основі використання визначення сайтів Active Directory і повертається до " +"визначення за записами SRV DNS, якщо сайт AD не буде знайдено. Налаштування " +"SRV DNS, зокрема домен пошуку, використовуються також під час визначення " +"сайтів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:258 +msgid "ad_access_filter (string)" +msgstr "ad_access_filter (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:261 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" +"Цей параметр визначає фільтр керування доступом LDAP, якому має відповідати " +"запис користувача для того, щоб йому було надано доступ. Будь ласка, " +"зауважте, що слід явним чином встановити для параметра «access_provider» " +"значення «ad», щоб цей параметр почав діяти." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:269 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" +"У параметрі також передбачено підтримку визначення різних фільтрів для " +"окремих доменів або дерев. Цей розширений фільтр повинен мати такий формат: " +"«КЛЮЧОВЕ СЛОВО:НАЗВА:ФІЛЬТР». Набір підтримуваних ключових слів: «DOM», " +"«FOREST» або ключове слово слід пропустити." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:277 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" +"Якщо вказано ключове слово «DOM» або ключового слова не вказано, «НАЗВА» " +"визначає домен або піддомен, до якого застосовується фільтрування. Якщо " +"ключовим словом є «FOREST», фільтр застосовується до усіх доменів з лісу, " +"вказаного значенням «НАЗВА»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:285 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" +"Декілька фільтрів можна відокремити символом «?», подібно до способу " +"визначення фільтрів у базах для пошуку." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"Nested group membership must be searched for using a special OID " +"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain." +"example.org: syntax to ensure the parser does not attempt to interpret the " +"colon characters associated with the OID. If you do not use this OID then " +"nested group membership will not be resolved. See usage example below and " +"refer here for further information about the OID: <ulink url=\"https://msdn." +"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP " +"extensions</ulink>" +msgstr "" +"Визначення участі у вкладених групах має відбуватися із використанням " +"спеціалізованого OID <quote>:1.2.840.113556.1.4.1941:</quote>, окрім повних " +"синтаксичних конструкцій DOM:domain.example.org:, щоб засіб обробки не " +"намагався інтерпретувати символи двокрапки, пов'язані з OID. Якщо ви не " +"використовуєте цей OID, вкладена участь у групах не визначатиметься. " +"Ознайомтеся із прикладом використання, який наведено нижче, і цим " +"посиланням, щоб дізнатися більше про OID: <ulink url=\"https://msdn." +"microsoft.com/en-us/library/cc223367.aspx\">[MS-ADTS] Правила встановлення " +"відповідності у LDAP</ulink>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:303 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" +"Завжди використовується відповідник з найвищим рівнем відповідності. " +"Наприклад, якщо визначено фільтрування для домену, учасником якого є " +"користувач, і загальне фільтрування, буде використано фільтрування для " +"окремого домену. Якщо буде виявлено декілька відповідників з однаковою " +"специфікацією, використовуватиметься лише перший з них." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:314 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +"\n" +"# apply filter for a member of a nested group in dom1:\n" +"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" +"# застосувати фільтрування лише для домену з назвою dom1:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# застосувати фільтрування лише для домену з назвою dom2:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# застосувати фільтрування лише для лісу з назвою EXAMPLE.COM:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +"\n" +"# застосувати фільтрування до учасника вкладеної групи у dom1:\n" +"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:333 +msgid "ad_site (string)" +msgstr "ad_site (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" +"Визначає сайт AD, з яким має встановлювати з’єднання клієнт. Якщо не буде " +"вказано, виконуватиметься спроба автоматичного визначення сайта AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:347 +msgid "ad_enable_gc (boolean)" +msgstr "ad_enable_gc (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:350 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" +"Типово, SSSD для отримання даних користувачів з надійних (довірених) доменів " +"спочатку встановлює з’єднання із загальним каталогом (Global Catalog). Якщо " +"ж отримати дані не вдасться, система використовує порт LDAP для отримання " +"даних щодо участі у групах. Вимикання цього параметра призведе до того, що " +"SSSD встановлюватиме зв’язок лише з портом LDAP поточного сервера AD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:358 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" +"Будь ласка, зауважте, що вимикання підтримки загального каталогу (Global " +"Catalog) не призведе до вимикання спроб отримати дані користувачів з " +"надійних (довірених) доменів. Просто SSSD намагатиметься отримати ці ж дані " +"за допомогою порту LDAP надійних доменів. Втім, загальним каталогом (Global " +"Catalog) доведеться скористатися для визначення зв’язків даних щодо участі у " +"групах для різних доменів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:372 +msgid "ad_gpo_access_control (string)" +msgstr "ad_gpo_access_control (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" +"Цей параметр визначає режим роботи для функціональних можливостей керування " +"доступом на основі GPO: працюватиме система у вимкненому режимі, режимі " +"примушення чи дозвільному режимі. Будь ласка, зауважте, що для того, щоб цей " +"параметр запрацював, слід явним чином встановити для параметра " +"«access_provider» значення «ad»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:384 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to the host. For more " +"information on the supported policy settings please refer to the " +"<quote>ad_gpo_map</quote> options." +msgstr "" +"Функціональні можливості з керування доступом на основі GPO використовують " +"параметри правил GPO для визначення того, може чи не може той чи інший " +"користувач увійти до системи вузла мережі. Якщо вам потрібна докладніша " +"інформація щодо підтримуваних параметрів правил, зверніться до параметрів " +"<quote>ad_gpo_map</quote>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:392 +msgid "" +"Please note that current version of SSSD does not support Active Directory's " +"built-in groups. Built-in groups (such as Administrators with SID " +"S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See " +"upstream issue tracker https://github.com/SSSD/sssd/issues/5063 ." +msgstr "" +"Будь ласка, зверніть увагу на те, що у поточній версії SSSD не передбачено " +"підтримки вбудованих груп Active Directory Вбудовані групи до правил " +"керування доступом на основі GPO (зокрема Administrators із SID " +"S-1-5-32-544) SSSD просто ігноруватиме. Див. запис системи стеження за " +"вадами https://pagure.io/SSSD/sssd/issue/5063 ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:401 +msgid "" +"Before performing access control SSSD applies group policy security " +"filtering on the GPOs. For every single user login, the applicability of the " +"GPOs that are linked to the host is checked. In order for a GPO to apply to " +"a user, the user or at least one of the groups to which it belongs must have " +"following permissions on the GPO:" +msgstr "" +"Перед виконанням керування доступом SSSD застосовує захисне фільтрування на " +"основі правил груп до списку GPO. Для кожного входу користувача до системи " +"програма перевіряє застосовність GPO, які пов'язано із відповідним вузлом. " +"Щоб GPO можна було застосувати до користувача, користувач або принаймні одна " +"з груп, до яких він належить, повинен мати такі права доступу до GPO:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:411 +msgid "" +"Read: The user or one of its groups must have read access to the properties " +"of the GPO (RIGHT_DS_READ_PROPERTY)" +msgstr "" +"Read: користувач або одна з його груп повинна мати доступ до читання " +"властивостей GPO (RIGHT_DS_READ_PROPERTY)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:418 +msgid "" +"Apply Group Policy: The user or at least one of its groups must be allowed " +"to apply the GPO (RIGHT_DS_CONTROL_ACCESS)." +msgstr "" +"Apply Group Policy: користувач або принаймні одна з його груп повинна мати " +"доступ до застосування GPO (RIGHT_DS_CONTROL_ACCESS)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:426 +msgid "" +"By default, the Authenticated Users group is present on a GPO and this group " +"has both Read and Apply Group Policy access rights. Since authentication of " +"a user must have been completed successfully before GPO security filtering " +"and access control are started, the Authenticated Users group permissions on " +"the GPO always apply also to the user." +msgstr "" +"Типово, у GPO є група Authenticated Users, для якої встановлено одразу права " +"доступу Read та Apply Group Policy. Оскільки розпізнавання користувача має " +"бути успішно завершено до захисного фільтрування GPO і запуску керування " +"доступом, до облікового запису користувача завжди застосовуються права " +"доступу групи Authenticated Users щодо GPO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:435 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing. For logging GPO-based access control debug level 'trace " +"functions' is required (see <citerefentry> <refentrytitle>sssctl</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)." +msgstr "" +"ЗАУВАЖЕННЯ: якщо встановлено режим роботи «примусовий» (enforcing), можлива " +"ситуація, коли користувачі, які раніше мали доступ до входу, позбудуться " +"такого доступу (через використання параметрів правил GPO). З метою полегшити " +"перехід на нову систему для адміністраторів передбачено дозвільний режим " +"доступу (permissive), за якого правила керування доступом не " +"встановлюватимуться у примусовому порядку. Програма лише перевірятиме " +"відповідність цим правилам і виводитиме до системного журналу повідомлення, " +"якщо доступ було надано усупереч цим правилам. Вивчення журналу надасть " +"змогу адміністраторам внести відповідні зміни до встановлення примусового " +"режиму (enforcing). Для запису до журналу даних керування доступом на основі " +"GPO потрібен рівень діагностики «trace functions» (див. сторінку підручника " +"<citerefentry> <refentrytitle>sssctl</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "There are three supported values for this option:" +msgstr "У цього параметра є три підтримуваних значення:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:458 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" +"disabled: правила керування доступом, засновані на GPO, не обробляються і не " +"використовуються примусово." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:464 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" +"enforcing: правила керування доступом, засновані на GPO, обробляються і " +"використовуються примусово." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:470 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" +"permissive: виконати перевірку відповідності правилам керування доступом на " +"основі GPO, але не наполягати на їхньому виконанні. Якщо правила не " +"виконуються, вивести до системного журналу повідомлення про те, що " +"користувачеві було б заборонено доступ, якби використовувався режим " +"enforcing." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:481 +msgid "Default: permissive" +msgstr "Типове значення: permissive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:484 +msgid "Default: enforcing" +msgstr "Типове значення: enforcing" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:490 +msgid "ad_gpo_implicit_deny (boolean)" +msgstr "ad_gpo_implicit_deny (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:493 +msgid "" +"Normally when no applicable GPOs are found the users are allowed access. " +"When this option is set to True users will be allowed access only when " +"explicitly allowed by a GPO rule. Otherwise users will be denied access. " +"This can be used to harden security but be careful when using this option " +"because it can deny access even to users in the built-in Administrators " +"group if no GPO rules apply to them." +msgstr "" +"Зазвичай, якщо не буде знайдено відповідних GPO, користувачам буде надано " +"доступ. Якщо для цього параметра встановлено значення True, доступ " +"користувачам надаватиметься, лише якщо його явним чином дозволено правилом " +"GPO. Якщо ж такого дозвільного правила не буде виявлено, доступ буде " +"заборонено. Цим можна скористатися для підвищення рівня захисту, але слід " +"бути обережним із використанням цього параметра, оскільки за його допомогою " +"можна заборонити доступ навіть користувачам у вбудованій групі " +"Administrators, якщо немає правил GPO, якими надається такий доступ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:509 +msgid "" +"The following 2 tables should illustrate when a user is allowed or rejected " +"based on the allow and deny login rights defined on the server-side and the " +"setting of ad_gpo_implicit_deny." +msgstr "" +"У наведених нижче двох таблицях проілюстровано ситуації, у яких " +"користувачеві буде дозволено або відмовлено у доступі на основі прав дозволу " +"або заборони входу, які визначено на боці сервера, і встановленого значення " +"ad_gpo_implicit_deny." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:521 +msgid "ad_gpo_implicit_deny = False (default)" +msgstr "ad_gpo_implicit_deny = False (типове значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "allow-rules" +msgstr "allow-rules" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "deny-rules" +msgstr "deny-rules" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:523 sssd-ad.5.xml:549 +msgid "results" +msgstr "результати" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:526 sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:552 +#: sssd-ad.5.xml:555 sssd-ad.5.xml:558 +msgid "missing" +msgstr "missing" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:527 +msgid "all users are allowed" +msgstr "дозволені усі користувачі" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:535 sssd-ad.5.xml:555 +#: sssd-ad.5.xml:558 sssd-ad.5.xml:561 +msgid "present" +msgstr "present" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:530 +msgid "only users not in deny-rules are allowed" +msgstr "дозволені лише користувачі, яких немає у deny-rules" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:533 sssd-ad.5.xml:559 +msgid "only users in allow-rules are allowed" +msgstr "дозволені лише користувачі, які є у allow-rules" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:536 sssd-ad.5.xml:562 +msgid "only users in allow-rules and not in deny-rules are allowed" +msgstr "" +"дозволені лише користувачі, які є в allow-rules і яких немає у deny-rules" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:547 +msgid "ad_gpo_implicit_deny = True" +msgstr "ad_gpo_implicit_deny = True" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:553 sssd-ad.5.xml:556 +msgid "no users are allowed" +msgstr "заборонено усіх користувачів" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:569 +msgid "ad_gpo_ignore_unreadable (boolean)" +msgstr "ad_gpo_ignore_unreadable (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:572 +msgid "" +"Normally when some group policy containers (AD object) of applicable group " +"policy objects are not readable by SSSD then users are denied access. This " +"option allows to ignore group policy containers and with them associated " +"policies if their attributes in group policy containers are not readable for " +"SSSD." +msgstr "" +"Зазвичай, якщо певні контейнери правил групи (об'єкта AD) відповідних " +"об'єктів правил груп є непридатним до читання з SSSD, доступ користувачам " +"буде заборонено. За допомогою цього параметра можна проігнорувати контейнери " +"правил груп та пов'язані із ними правила, якщо їхні атрибути у контейнерах " +"правил груп є непридатним до читання з SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:589 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "ad_gpo_cache_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" +"Проміжок часу між послідовними пошуками файлів правил GPO щодо сервера AD. " +"Зміна може зменшити час затримки та навантаження на сервер AD, якщо протягом " +"короткого періоду часу надходить багато запитів щодо керування доступом." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:605 +msgid "ad_gpo_map_interactive (string)" +msgstr "ad_gpo_map_interactive (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:608 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings. Only those GPOs are evaluated " +"for which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny interactive logon setting for the user or one of its groups, the user " +"is denied local access. If none of the evaluated GPOs has an interactive " +"logon right defined, the user is granted local access. If at least one " +"evaluated GPO contains interactive logon right settings, the user is granted " +"local access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" +"Список назв служб PAM, відокремлених комами, для яких оцінки для керування " +"доступом на основі GPO виконуються на основі параметрів правил " +"InteractiveLogonRight і DenyInteractiveLogonRight. Виконуватиметься оцінка " +"лише тих GPO, до яких користувач має права доступу Read і Apply Group Policy " +"(див. параметр <quote>ad_gpo_access_control</quote>). Якщо у якомусь із " +"оброблених GPO міститься параметр заборони інтерактивного входу до системи " +"для користувача або однієї з його груп, користувачеві буде заборонено " +"локальний доступ. Якщо для жодного із оброблених GPO немає визначеного права " +"на інтерактивний вхід до системи, користувачеві буде надано локальний " +"доступ. Якщо хоча б одному зі оброблених GPO містяться параметри прав на " +"інтерактивний вхід до системи, користувачеві буде надано лише локальний " +"доступ, якщо він або принаймні одна з його груп є частиною параметрів " +"правила." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:626 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" +"Зауваження: у редакторі керування правилами для груп це значення має назву " +"«Дозволити локальний вхід» («Allow log on locally») та «Заборонити локальний " +"вхід» («Deny log on locally»)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:640 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:631 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Можна додати іншу назву служби PAM до типового набору за допомогою " +"конструкції «+назва_служби» або явним чином вилучити назву служби PAM з " +"типового набору за допомогою конструкції «-назва_служби». Наприклад, щоб " +"замінити типову назву служби PAM для цього входу (наприклад, «login») з " +"нетиповою назвою служби pam (наприклад, «my_pam_service»), вам слід " +"скористатися такими налаштуваннями: <placeholder type=\"programlisting\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:663 +msgid "gdm-fingerprint" +msgstr "gdm-fingerprint" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:683 +msgid "lightdm" +msgstr "lightdm" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:688 +msgid "lxdm" +msgstr "lxdm" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:693 +msgid "sddm" +msgstr "sddm" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:698 +msgid "unity" +msgstr "unity" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:703 +msgid "xdm" +msgstr "xdm" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:712 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "ad_gpo_map_remote_interactive (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:715 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings. Only those GPOs are " +"evaluated for which the user has Read and Apply Group Policy permission (see " +"option <quote>ad_gpo_access_control</quote>). If an evaluated GPO contains " +"the deny remote logon setting for the user or one of its groups, the user is " +"denied remote interactive access. If none of the evaluated GPOs has a " +"remote interactive logon right defined, the user is granted remote access. " +"If at least one evaluated GPO contains remote interactive logon right " +"settings, the user is granted remote access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" +"Список назв служб PAM, відокремлених комами, для яких оцінки для керування " +"доступом на основі GPO виконуються на основі параметрів правил " +"RemoteInteractiveLogonRight і DenyRemoteInteractiveLogonRight. " +"Виконуватиметься оцінка лише тих GPO, до яких користувач має права доступу " +"Read і Apply Group Policy (див. параметр <quote>ad_gpo_access_control</" +"quote>). Якщо у якомусь із оброблених GPO міститься параметр заборони " +"віддаленого входу до системи для користувача або однієї з його груп, " +"користувачеві буде заборонено віддалений інтерактивний доступ. Якщо для " +"жодного із оброблених GPO немає визначеного права на віддалений вхід до " +"системи, користувачеві буде надано віддалений доступ. Якщо хоча б одному зі " +"оброблених GPO містяться параметри прав на віддалений вхід до системи, " +"користувачеві буде надано лише віддалений доступ, якщо він або принаймні " +"одна з його груп є частиною параметрів правила." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:734 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" +"Зауваження: у редакторі керування правилами щодо груп це значення " +"називається «Дозволити вхід за допомогою служб віддаленої стільниці» («Allow " +"log on through Remote Desktop Services») та «Заборонити вхід за допомогою " +"служб віддаленої стільниці» («Deny log on through Remote Desktop Services»)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:749 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:740 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Можна додати іншу назву служби PAM до типового набору за допомогою " +"конструкції «+назва_служби» або явним чином вилучити назву служби PAM з " +"типового набору за допомогою конструкції «-назва_служби». Наприклад, щоб " +"замінити типову назву служби PAM для цього входу (наприклад, «sshd») з " +"нетиповою назвою служби pam (наприклад, «my_pam_service»), вам слід " +"скористатися такими налаштуваннями: <placeholder type=\"programlisting\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:757 +msgid "sshd" +msgstr "sshd" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:762 +msgid "cockpit" +msgstr "cockpit" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:771 +msgid "ad_gpo_map_network (string)" +msgstr "ad_gpo_map_network (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny network logon setting for the user or one of its groups, the user is " +"denied network logon access. If none of the evaluated GPOs has a network " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains network logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" +"Список назв служб PAM, відокремлених комами, для яких оцінки для керування " +"доступом на основі GPO виконуються на основі параметрів правил " +"NetworkLogonRight і DenyNetworkLogonRight. Виконуватиметься оцінка лише тих " +"GPO, до яких користувач має права доступу Read і Apply Group Policy (див. " +"параметр <quote>ad_gpo_access_control</quote>). Якщо у якомусь із оброблених " +"GPO міститься параметр заборони входу до системи за допомогою мережі для " +"користувача або однієї з його груп, користувачеві буде заборонено локальний " +"доступ. Якщо для жодного із оброблених GPO немає визначеного права на вхід " +"до системи за допомогою мережі, користувачеві буде надано доступ до входу. " +"Якщо хоча б одному зі оброблених GPO містяться параметри прав на вхід до " +"системи за допомогою мережі, користувачеві буде надано лише доступ до входу " +"до системи, якщо він або принаймні одна з його груп є частиною параметрів " +"правила." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:792 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" +"Зауваження: у редакторі керування правилами щодо груп це значення " +"називається «Відкрити доступ до цього комп’ютера із мережі» («Access this " +"computer from the network») і «Заборонити доступ до цього комп’ютера із " +"мережі» (Deny access to this computer from the network»)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:807 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:798 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Можна додати іншу назву служби PAM до типового набору за допомогою " +"конструкції «+назва_служби» або явним чином вилучити назву служби PAM з " +"типового набору за допомогою конструкції «-назва_служби». Наприклад, щоб " +"замінити типову назву служби PAM для цього входу (наприклад, «ftp») з " +"нетиповою назвою служби pam (наприклад, «my_pam_service»), вам слід " +"скористатися такими налаштуваннями: <placeholder type=\"programlisting\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:815 +msgid "ftp" +msgstr "ftp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:820 +msgid "samba" +msgstr "samba" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:829 +msgid "ad_gpo_map_batch (string)" +msgstr "ad_gpo_map_batch (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:832 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings. Only those GPOs are evaluated for which the user has Read " +"and Apply Group Policy permission (see option <quote>ad_gpo_access_control</" +"quote>). If an evaluated GPO contains the deny batch logon setting for the " +"user or one of its groups, the user is denied batch logon access. If none " +"of the evaluated GPOs has a batch logon right defined, the user is granted " +"logon access. If at least one evaluated GPO contains batch logon right " +"settings, the user is granted logon access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" +"Список назв служб PAM, відокремлених комами, для яких оцінки для керування " +"доступом на основі GPO виконуються на основі параметрів правил " +"BatchLogonRight і DenyBatchLogonRight. Виконуватиметься оцінка лише тих GPO, " +"до яких користувач має права доступу Read і Apply Group Policy (див. " +"параметр <quote>ad_gpo_access_control</quote>). Якщо у якомусь із оброблених " +"GPO міститься параметр заборони пакетного входу до системи для користувача " +"або однієї з його груп, користувачеві буде заборонено доступ до пакетного " +"входу до системи. Якщо для жодного із оброблених GPO немає визначеного права " +"на пакетний вхід до системи, користувачеві буде надано доступ до входу до " +"системи. Якщо хоча б одному зі оброблених GPO містяться параметри прав на " +"пакетний вхід до системи, користувачеві буде надано лише доступ до входу до " +"системи, якщо він або принаймні одна з його груп є частиною параметрів " +"правила." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:850 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" +"Зауваження: у редакторі керування правилами щодо груп це значення " +"називається «Дозволити вхід як пакетне завдання» («Allow log on as a batch " +"job») і «Заборонити вхід як пакетне завдання» («Deny log on as a batch job»)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:864 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:855 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Можна додати іншу назву служби PAM до типового набору за допомогою " +"конструкції «+назва_служби» або явним чином вилучити назву служби PAM з " +"типового набору за допомогою конструкції «-назва_служби». Наприклад, щоб " +"замінити типову назву служби PAM для цього входу (наприклад, «crond») з " +"нетиповою назвою служби pam (наприклад, «my_pam_service»), вам слід " +"скористатися такими налаштуваннями: <placeholder type=\"programlisting\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:867 +msgid "" +"Note: Cron service name may differ depending on Linux distribution used." +msgstr "" +"Зауваження: назва служби cron у різних дистрибутивах Linux може бути різною." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:873 +msgid "crond" +msgstr "crond" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:882 +msgid "ad_gpo_map_service (string)" +msgstr "ad_gpo_map_service (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:885 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny service logon setting for the user or one of its groups, the user is " +"denied service logon access. If none of the evaluated GPOs has a service " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains service logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" +"Список назв служб PAM, відокремлених комами, для яких оцінки для керування " +"доступом на основі GPO виконуються на основі параметрів правил " +"ServiceLogonRight і DenyServiceLogonRight. Виконуватиметься оцінка лише тих " +"GPO, до яких користувач має права доступу Read і Apply Group Policy (див. " +"параметр <quote>ad_gpo_access_control</quote>). Якщо у якомусь із оброблених " +"GPO міститься параметр заборони входу до системи за допомогою служб для " +"користувача або однієї з його груп, користувачеві буде заборонено вхід до " +"системи за допомогою служб. Якщо для жодного із оброблених GPO немає " +"визначеного права на вхід до системи за допомогою служб, користувачеві буде " +"надано доступ до входу до системи. Якщо хоча б одному зі оброблених GPO " +"містяться параметри прав на вхід до системи за допомогою служб, " +"користувачеві буде надано лише доступ до входу до системи, якщо він або " +"принаймні одна з його груп є частиною параметрів правила." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:903 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" +"Зауваження: у редакторі керування правилами щодо груп це значення " +"називається «Дозволити вхід як службу» («Allow log on as a service») і " +"«Заборонити вхід як службу» («Deny log on as a service»)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:916 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" +"ad_gpo_map_service = +my_pam_service\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:908 sssd-ad.5.xml:983 +msgid "" +"It is possible to add a PAM service name to the default set by using " +"<quote>+service_name</quote>. Since the default set is empty, it is not " +"possible to remove a PAM service name from the default set. For example, in " +"order to add a custom pam service name (e.g. <quote>my_pam_service</quote>), " +"you would use the following configuration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Можна додати іншу назву служби PAM до типового набору за допомогою " +"конструкції «+назва_служби». Оскільки типовий набір є порожнім, назви служби " +"з типового набору назв служб PAM вилучити неможливо. Наприклад, щоб додати " +"нетипову назву служби PAM (наприклад, «my_pam_service»), вам слід " +"скористатися такими налаштуваннями: <placeholder type=\"programlisting\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:926 +msgid "ad_gpo_map_permit (string)" +msgstr "ad_gpo_map_permit (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:929 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" +"Список назв служб PAM, відокремлених комами, яким завжди надається доступ на " +"основі GPO, незалежно від будь-яких прав входу GPO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:943 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:934 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Можна додати іншу назву служби PAM до типового набору за допомогою " +"конструкції «+назва_служби» або явним чином вилучити назву служби PAM з " +"типового набору за допомогою конструкції «-назва_служби». Наприклад, щоб " +"замінити типову назву служби PAM для безумовного дозволеного доступу " +"(наприклад, «sudo») з нетиповою назвою служби pam (наприклад, " +"«my_pam_service»), вам слід скористатися такими налаштуваннями: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:951 +msgid "polkit-1" +msgstr "polkit-1" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:966 +msgid "systemd-user" +msgstr "systemd-user" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:975 +msgid "ad_gpo_map_deny (string)" +msgstr "ad_gpo_map_deny (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:978 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" +"Список назв служб PAM, відокремлених комами, яким завжди заборонено доступ " +"на основі GPO, незалежно від будь-яких прав входу GPO." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:991 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" +"ad_gpo_map_deny = +my_pam_service\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1001 +msgid "ad_gpo_default_right (string)" +msgstr "ad_gpo_default_right (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1004 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" +"За допомогою цього параметра визначається спосіб керування доступом для назв " +"служб PAM, які не вказано явним чином у одному з параметрів ad_gpo_map_*. " +"Цей параметр може бути встановлено у два різних способи. По-перше, цей " +"параметр можна встановити так, що використовуватиметься типовий вхід. " +"Наприклад, якщо для цього параметра встановлено значення «interactive», " +"непов’язані назви служб PAM оброблятимуться на основі параметрів правил " +"InteractiveLogonRight і DenyInteractiveLogonRight. Крім того, для цього " +"параметра можна встановити таке значення, щоб система завжди дозволяла або " +"забороняла доступ для непов’язаних назв служб PAM." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1017 +msgid "Supported values for this option include:" +msgstr "Передбачені значення для цього параметра:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1026 +msgid "remote_interactive" +msgstr "remote_interactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1031 +msgid "network" +msgstr "network" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1036 +msgid "batch" +msgstr "batch" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1041 +msgid "service" +msgstr "service" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1046 +msgid "permit" +msgstr "permit" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1051 +msgid "deny" +msgstr "deny" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1057 +msgid "Default: deny" +msgstr "Типове значення: deny" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1063 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "ad_maximum_machine_account_password_age (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1066 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" +"SSSD перевірятиме раз на день, чи має пароль до облікового запису комп'ютера " +"вік, який перевищує заданий вік у днях, і намагатиметься оновити його. " +"Значення 0 вимкне спроби оновлення." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1072 +msgid "Default: 30 days" +msgstr "Типове значення: 30 днів" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1078 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "ad_machine_account_password_renewal_opts (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1081 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expects 2 integers separated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the initial timeout in seconds before the task is run for the " +"first time after startup." +msgstr "" +"Цей параметр має використовуватися лише для перевірки завдання із оновлення " +"облікових записів комп'ютерів. Параметру слід передати цілих числа, " +"відокремлених двокрапкою («:»). Перше ціле число визначає інтервал у " +"секундах між послідовними повторними виконаннями завдання з оновлення. Друге " +"— визначає початковий час очікування на перший запуск завдання." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1090 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "Типове значення: 86400:750 (24 годин і 15 хвилин)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1096 +msgid "ad_update_samba_machine_account_password (boolean)" +msgstr "ad_update_samba_machine_account_password (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1099 +msgid "" +"If enabled, when SSSD renews the machine account password, it will also be " +"updated in Samba's database. This prevents Samba's copy of the machine " +"account password from getting out of date when it is set up to use AD for " +"authentication." +msgstr "" +"Якщо увімкнено, при оновленні SSSD пароля до облікового запису комп'ютера " +"програма також оновить запис пароля у базі даних Samba. Таким чином буде " +"забезпечено актуальність копії пароля до облікового запису у Samba, якщо її " +"налаштовано на використання AD для розпізнавання." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1112 +msgid "ad_use_ldaps (bool)" +msgstr "ad_use_ldaps (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1115 +msgid "" +"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " +"3628. If this option is set to True SSSD will use the LDAPS port 636 and " +"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " +"have multiple encryption layers on a single connection and we still want to " +"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " +"property maxssf is set to 0 (zero) for those connections." +msgstr "" +"Типово, у SSSD використовується звичайний порт LDAP 389 і порт Global " +"Catalog 3628. Якщо для цього параметра встановлено значення True, SSSD " +"використовуватиме порт LDAPS 636 і порт Global Catalog 3629 із захистом " +"LDAPS. Оскільки AD забороняє використання декількох шарів шифрування для " +"одного з'єднання, і нам усе ще потрібне використання SASL/GSSAPI або SASL/" +"GSS-SPNEGO для розпізнавання, властивість захисту SASL maxssf для таких " +"з'єднань буде встановлено у значення 0 (нуль)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1132 +msgid "ad_allow_remote_domain_local_groups (boolean)" +msgstr "ad_allow_remote_domain_local_groups (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1135 +msgid "" +"If this option is set to <quote>true</quote> SSSD will not filter out Domain " +"Local groups from remote domains in the AD forest. By default they are " +"filtered out e.g. when following a nested group hierarchy in remote domains " +"because they are not valid in the local domain. To be compatible with other " +"solutions which make AD users and groups available on Linux client this " +"option was added." +msgstr "" +"Якщо для цього параметра встановлено значення <quote>true</quote>, SSSD не " +"відфільтровуватиме локальні для домену групи від віддалених доменів у лісі " +"AD. Типово, групи буде відфільтровано, наприклад при слідуванні за вкладеною " +"ієрархією груп у віддалених доменах, оскільки вони не є чинними у локальних " +"доменах. Цей параметр було додано для сумісності із іншими рішеннями, які " +"роблять користувачів і групи AD доступними у клієнті Linux." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1145 +msgid "" +"Please note that setting this option to <quote>true</quote> will be against " +"the intention of Domain Local group in Active Directory and <emphasis>SHOULD " +"ONLY BE USED TO FACILITATE MIGRATION FROM OTHER SOLUTIONS</emphasis>. " +"Although the group exists and user can be member of the group the intention " +"is that the group should be only used in the domain it is defined and in no " +"others. Since there is only one type of POSIX groups the only way to achieve " +"this on the Linux side is to ignore those groups. This is also done by " +"Active Directory as can be seen in the PAC of the Kerberos ticket for a " +"local service or in tokenGroups requests where remote Domain Local groups " +"are missing as well." +msgstr "" +"Будь ласка, зауважте, що встановлення для цього параметра значення " +"<quote>true</quote> суперечить призначенню локальної групи домену в Active " +"Directory, <emphasis>НИМ СЛІД КОРИСТУВАТИСЯ ЛИШЕ ДЛЯ ПОЛЕГШЕННЯ МІГРАЦІЇ З " +"ІНШИХ РІШЕНЬ</emphasis>. Хоча група існує і користувач може бути учасником " +"групи, їх призначено для використання лише у визначеному для неї домену, а " +"не в інших. Оскільки існує лише один тип груп POSIX, єдиним способом досягти " +"цього з боку Linux є ігнорування цих груп. Зробити це можна також у Active " +"Directory, як можна бачити у PAC квитка Kerberos для локальної служби, або у " +"запитах tokenGroups, де також немає віддалених груп локальних доменів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1161 +msgid "" +"Given the comments above, if this option is set to <quote>true</quote> the " +"tokenGroups request must be disabled by setting <quote>ldap_use_tokengroups</" +"quote> to <quote>false</quote> to get consistent group-memberships of a " +"users. Additionally the Global Catalog lookup should be skipped as well by " +"setting <quote>ad_enable_gc</quote> to <quote>false</quote>. Finally it " +"might be necessary to modify <quote>ldap_group_nesting_level</quote> if the " +"remote Domain Local groups can only be found with a deeper nesting level." +msgstr "" +"З огляду на наведені вище коментарі, якщо для цього параметра встановлено " +"значення <quote>true</quote>, запит tokenGroups має бути вимкнено " +"встановленням <quote>ldap_use_tokengroups</quote> у значення <quote>false</" +"quote> для отримання узгодженого членства користувачів у групах. Крім того, " +"пошук у загальному каталозі має бути пропущено встановленням для параметра " +"<quote>ad_enable_gc</quote> значення <quote>false</quote>. Нарешті, можливо, " +"слід внести зміни до <quote>ldap_group_nesting_level</quote>, якщо віддалені " +"локальні групи домену може бути знайдено лише на глибшому рівні вкладеності." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1184 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" +"Необов’язковий. За допомогою цього параметра можна наказати SSSD автоматично " +"оновити IP-адресу цього клієнта на сервері DNS Active Directory. Захист " +"оновлення буде забезпечено за допомогою GSS-TSIG. Як наслідок, " +"адміністраторові Active Directory достатньо буде дозволити оновлення безпеки " +"для зони DNS. Для оновлення буде використано IP-адресу з’єднання LDAP AD, " +"якщо цю адресу не було змінено за допомогою параметра «dyndns_iface»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1214 +msgid "Default: 3600 (seconds)" +msgstr "Типове значення: 3600 (секунд)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1230 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" +"Типове значення: використовувати IP-адреси інтерфейсу, який використовується " +"для з’єднання LDAP AD" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1243 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true. Note that the " +"lowest possible value is 60 seconds in-case if value is provided less than " +"60, parameter will assume lowest value only." +msgstr "" +"Визначає, наскільки часто серверний модуль має виконувати періодичні " +"оновлення DNS на додачу до автоматичного оновлення, яке виконується під час " +"кожного встановлення з’єднання серверного модуля з мережею. Цей параметр не " +"є обов’язкоми, його застосовують, лише якщо dyndns_update має значення true. " +"Зауважте, що найменшим можливим значенням є 60 секунд. Якщо буде вказано " +"значення, яке є меншим за 60, використовуватиметься найменше можливе " +"значення." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1393 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" +"У наведеному нижче прикладі припускаємо, що SSSD налаштовано належним чином, " +"а example.com є одним з доменів у розділі <replaceable>[sssd]</replaceable>. " +"У прикладі продемонстровано лише параметри доступу, специфічні для засобу AD." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1400 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1420 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1416 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Інструмент керування доступом AD перевіряє, чи не завершено строк дії " +"облікового запису. Дає той самий результат, що і ось таке налаштовування " +"інструмента надання даних LDAP: <placeholder type=\"programlisting\" " +"id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1426 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" +"Втім, якщо явно не налаштовано засіб надання доступу «ad», типовим засобом " +"надання доступу буде «permit». Будь ласка, зауважте, що якщо вами " +"налаштовано засіб надання доступу, відмінний від «ad», вам доведеться " +"встановлювати усі параметри з’єднання (зокрема адреси LDAP та параметри " +"шифрування) вручну." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1434 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included in the default Active Directory schema." +msgstr "" +"Якщо для засобу надання даних autofs встановлено значення <quote>ad</quote>, " +"використовується схема прив'язки атрибутів RFC2307 (nisMap, nisObject, ...), " +"оскільки ці атрибути включено до типової схеми Active Directory." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "sssd-sudo" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "Налаштовування sudo за допомогою модуля SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" +"На цій сторінці підручника описано способи налаштовування <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"на роботу у комплексі з <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> та способи кешування правил sudo у " +"SSSD." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "Налаштовування sudo на співпрацю з SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" +"Щоб увімкнути SSSD як джерело правил sudo, додайте <emphasis>sss</emphasis> " +"до запису <emphasis>sudoers</emphasis> у файлі <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" +"Наприклад, щоб налаштувати sudo на першочерговий пошук правил у стандартному " +"файлі <citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> (цей файл має містити правила, що стосуються " +"локальних користувачів), а потім у SSSD, у файлі nsswitch.conf слід вказати " +"такий рядок:" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "sudoers: files sss\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" +"Докладніші дані щодо налаштовування порядку пошуку у sudoers за допомогою " +"файла nsswitch.conf, а також дані щодо бази даних LDAP, у якій зберігаються " +"правила sudo каталогу, можна знайти на сторінці підручника <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" +"<emphasis>Зауваження</emphasis>: щоб у правилах sudo можна було " +"використовувати мережеві групи або групи вузлів IPA, вам слід належним чином " +"налаштувати <citerefentry> <refentrytitle>nisdomainname</refentrytitle> " +"<manvolnum>1</manvolnum> </citerefentry> на назву домену NIS (назва цього " +"домену збігається з назвою домену IPA, якщо використовуються групи вузлів " +"IPA)." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "Налаштовування SSSD на отримання правил sudo" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" +"На боці SSSD достатньо розширити список <emphasis>служб</emphasis> " +"дописуванням «sudo» до розділу [sssd] <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. Щоб " +"пришвидшити пошуку у LDAP, ви також можете налаштувати базу пошуку для " +"правил sudo за допомогою параметра <emphasis>ldap_sudo_search_base</" +"emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" +"У наведеному нижче прикладі показано, як налаштувати SSSD на отримання " +"правил sudo з сервера LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:98 +msgid "" +"<placeholder type=\"programlisting\" id=\"0\"/> <phrase " +"condition=\"have_systemd\"> It's important to note that on platforms where " +"systemd is supported there's no need to add the \"sudo\" provider to the " +"list of services, as it became optional. However, sssd-sudo.socket must be " +"enabled instead. </phrase>" +msgstr "" +"<placeholder type=\"programlisting\" id=\"0\"/> <phrase " +"condition=\"have_systemd\"> Важливо зауважити, що на платформах, де " +"передбачено підтримку systemd, немає потреби додавати засіб надання даних " +"«sudo» до списку служб, оскільки він стає необов'язковим. Втім, замість " +"нього слід увімкнути sssd-sudo.socket.</phrase>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:118 +msgid "" +"When SSSD is configured to use IPA as the ID provider, the sudo provider is " +"automatically enabled. The sudo search base is configured to use the IPA " +"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in " +"sssd.conf, this value will be used instead. The compat tree (ou=sudoers," +"$SUFFIX) is no longer required for IPA sudo functionality." +msgstr "" +"Якщо SSSD налаштовано на використання IPA як засобу надання даних ID, засіб " +"надання даних sudo буде увімкнено автоматично. Базу пошуку sudo буде " +"налаштовано на використання природного для IPA дерева LDAP (cn=sudo," +"$SUFFIX). Якщо у sssd.conf буде визначено будь-яку іншу базу пошуку, " +"використовуватиметься це значення. Для використання функціональних " +"можливостей sudo у IPA потреби у дереві compat (ou=sudoers,$SUFFIX) більше " +"немає." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:128 +msgid "The SUDO rule caching mechanism" +msgstr "Механізм кешування правил SUDO" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:130 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" +"Найбільшою складністю під час розробки підтримки sudo у SSSD було " +"забезпечення роботи sudo з SSSD так, щоб для користувача джерело даних " +"надавало дані у один спосіб та з тією самою швидкістю, що і sudo, надаючи " +"при цьому якомога свіжіший набір правил. Щоб виконати ці умови, SSSD " +"використовує оновлення трьох типів. Будемо називати ці тип повним " +"оновленням, інтелектуальним оновленням та оновленням правил." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:138 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" +"Використання типу <emphasis>інтелектуального оновлення</emphasis> полягає у " +"отриманні правил, які було додано або змінено з часу попереднього оновлення. " +"Основним призначенням оновлення такого типу є підтримання актуального стану " +"бази даних невеличкими порціями, які не спричиняють значного навантаження на " +"мережу." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:144 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" +"У разі використання <emphasis>повного оновлення</emphasis> всі правила sudo, " +"що зберігаються у кеші, буде вилучено і замінено на всі правила, які " +"зберігаються на сервері. Таким чином, кеш буде узгоджено шляхом вилучення " +"всіх правил, які було вилучено на сервері. Втім, повне оновлення може значно " +"навантажувати канал з’єднання, а отже його варто використовувати лише іноді. " +"Проміжок між сеансами повного оновлення має залежати від розміру і " +"стабільності правил sudo." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" +"У разі використання типу <emphasis>оновлення правил</emphasis> " +"забезпечується ненадання користувачам ширших дозволів, ніж це було визначено " +"на сервері. Оновлення цього типу виконується під час кожного запуску " +"користувачем sudo. Під час оновлення буде виявлено всі правила, які " +"стосуються користувача, перевірено, чи не завершено строк дії цих правил, і " +"повторно отримано правила, якщо строк дії правил завершено. Якщо якихось з " +"правил не буде виявлено на сервері, SSSD виконає позачергове повне " +"оновлення, оскільки може виявитися, що було вилучено набагато більше правил " +"(які стосуються інших користувачів)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:161 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" +"Якщо увімкнено, SSSD зберігатиме лише правила, які можна застосувати до " +"цього комп’ютера. Це означає, що зберігатимуться правила, що містять у " +"атрибуті <emphasis>sudoHost</emphasis> одне з таких значень:" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:168 +msgid "keyword ALL" +msgstr "ключове слово ALL" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:173 +msgid "wildcard" +msgstr "шаблон заміни" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:178 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "мережеву групу (у форматі «+мережева група»)" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:183 +msgid "hostname or fully qualified domain name of this machine" +msgstr "назву вузла або повну назву у домені цього комп’ютера" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:188 +msgid "one of the IP addresses of this machine" +msgstr "одну з IP-адрес цього комп’ютера" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:193 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "одну з IP-адрес мережі (у форматі «адреса/маска»)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:199 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" +"Для точного налаштовування поведінки передбачено доволі багато параметрів " +"Будь ласка, зверніться до розділу «ldap_sudo_*» у <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> та «sudo_*» у <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, щоб ознайомитися з " +"докладним описом." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:213 +msgid "Tuning the performance" +msgstr "Коригування швидкодії" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:215 +msgid "" +"SSSD uses different kinds of mechanisms with more or less complex LDAP " +"filters to keep the cached sudo rules up to date. The default configuration " +"is set to values that should satisfy most of our users, but the following " +"paragraphs contain few tips on how to fine- tune the configuration to your " +"requirements." +msgstr "" +"SSSD використовує різні типи механізмів із складнішими або простішими " +"фільтрами LDAP для підтримання актуальності кешованих правил sudo. У типових " +"налаштуваннях використано значення, які мають задовольнити потреби більшості " +"наших користувачів, але у наступних абзацах міститься декілька підказок щодо " +"того, як скоригувати налаштування до ваших потреб." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:222 +msgid "" +"1. <emphasis>Index LDAP attributes</emphasis>. Make sure that following LDAP " +"attributes are indexed: objectClass, cn, entryUSN or modifyTimestamp." +msgstr "" +"1. <emphasis>Індексуйте атрибути LDAP</emphasis>. Переконайтеся, що " +"індексуються такі атрибути LDAP: objectClass, cn, entryUSN та " +"modifyTimestamp." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:227 +msgid "" +"2. <emphasis>Set ldap_sudo_search_base</emphasis>. Set the search base to " +"the container that holds the sudo rules to limit the scope of the lookup." +msgstr "" +"2. <emphasis>Встановіть ldap_sudo_search_base</emphasis>. Встановіть основу " +"для пошуку так, щоб вона вказувала на контейнер, який містить правила sudo " +"для обмеження області пошуку." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:232 +msgid "" +"3. <emphasis>Set full and smart refresh interval</emphasis>. If your sudo " +"rules do not change often and you do not require quick update of cached " +"rules on your clients, you may consider increasing the " +"<emphasis>ldap_sudo_full_refresh_interval</emphasis> and " +"<emphasis>ldap_sudo_smart_refresh_interval</emphasis>. You may also consider " +"disabling the smart refresh by setting " +"<emphasis>ldap_sudo_smart_refresh_interval = 0</emphasis>." +msgstr "" +"3. <emphasis>Встановіть інтервал повного і кмітливого оновлення</emphasis>. " +"Якщо ваші правила sudo змінюються нечасто, і вам не потрібне швидке " +"оновлення кешованих правил на ваших клієнтах, ви можете збільшити значення " +"<emphasis>ldap_sudo_full_refresh_interval</emphasis> і " +"<emphasis>ldap_sudo_smart_refresh_interval</emphasis>. Крім того, варто " +"вимкнути кмітливе оновлення встановленням " +"<emphasis>ldap_sudo_smart_refresh_interval = 0</emphasis>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:241 +msgid "" +"4. If you have large number of clients, you may consider increasing the " +"value of <emphasis>ldap_sudo_random_offset</emphasis> to distribute the load " +"on the server better." +msgstr "" +"4. Якщо у вас багато клієнтів, вам варто збільшити значення " +"<emphasis>ldap_sudo_random_offset</emphasis>, щоб краще розподілити " +"навантаження на сервер." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "sssd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "Фонова служба безпеки системи" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sssd</command> <arg choice='opt'> <replaceable>параметри</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" +"У <command>SSSD</command> передбачено набір фонових служб для керування " +"доступом до віддалених каталогів та механізмами розпізнавання. " +"<command>SSSD</command> надає операційній системі інтерфейси NSS і PAM, а " +"також систему придатних для під’єднання модулів для встановлення з’єднання з " +"декількома різними джерелами даних щодо облікових записів та інтерфейс D-" +"Bus. <command>SSSD</command> також є основою для систем перевірки " +"клієнтських систем та служб обслуговування правил доступу для проєктів, " +"подібних до FreeIPA. <command>SSSD</command> надає стійкішу базу даних для " +"збереження записів локальних користувачів, а також додаткових даних щодо " +"користувачів." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>РІВЕНЬ</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-timestamps=</option><replaceable>режим</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" +"<emphasis>1</emphasis>: додати часову позначку до діагностичних повідомлень." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" +"<emphasis>0</emphasis>: вимкнути часову позначку у діагностичних " +"повідомленнях" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "<option>--debug-microseconds=</option><replaceable>режим</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" +"<emphasis>1</emphasis>: додати значення мікросекунд до часової позначки у " +"діагностичних повідомленнях" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" +"<emphasis>0</emphasis>: вимкнути додавання мікросекунд до часової позначки" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>--logger=</option><replaceable>value</replaceable>" +msgstr "<option>--logger=</option><replaceable>значення</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "Location where SSSD will send log messages." +msgstr "Місце, куди SSSD надсилатиме повідомлення журналу." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:92 +msgid "" +"<emphasis>stderr</emphasis>: Redirect debug messages to standard error " +"output." +msgstr "" +"<emphasis>stderr</emphasis>: переспрямувати діагностичні повідомлення до " +"стандартного виведення помилок." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:96 +msgid "" +"<emphasis>files</emphasis>: Redirect debug messages to the log files. By " +"default, the log files are stored in <filename>/var/log/sssd</filename> and " +"there are separate log files for every SSSD service and domain." +msgstr "" +"<emphasis>files</emphasis>: переспрямувати діагностичні повідомлення до " +"файлів журналу. Типово файли журналів зберігаються у <filename>/var/log/" +"sssd</filename>, передбачено також окремий журнал для кожної служби і домену " +"SSSD." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:102 +msgid "" +"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald" +msgstr "" +"<emphasis>journald</emphasis>: переспрямувати діагностичні повідомлення до " +"systemd-journald" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:106 +msgid "" +"Default: not set (fall back to journald if available, otherwise to stderr)" +msgstr "" +"Типове значення: не встановлено (резервною буде journald, якщо вона " +"доступна, інакше буде використано stderr)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:113 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "<option>-D</option>,<option>--daemon</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:117 +msgid "Become a daemon after starting up." +msgstr "Перейти у режим фонової служби після запуску." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:123 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "<option>-i</option>,<option>--interactive</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:127 +msgid "Run in the foreground, don't become a daemon." +msgstr "Запустити програму у звичайному режимі, не створювати фонової служби." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:133 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "<option>-c</option>,<option>--config</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:137 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"Визначити нетиповий файл налаштувань. Типовим файлом налаштувань є " +"<filename>/etc/sssd/sssd.conf</filename>. Довідку щодо синтаксису та " +"параметрів файла налаштувань можна знайти на сторінці довідника (man) " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "<option>-g</option>,<option>--genconf</option>" +msgstr "<option>-g</option>,<option>--genconf</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:154 +msgid "" +"Do not start the SSSD, but refresh the configuration database from the " +"contents of <filename>/etc/sssd/sssd.conf</filename> and exit." +msgstr "" +"Не запускати SSSD, а лише оновити базу даних налаштувань на основі вмісту " +"<filename>/etc/sssd/sssd.conf</filename> і завершити роботу." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:162 +msgid "<option>-s</option>,<option>--genconf-section</option>" +msgstr "<option>-s</option>,<option>--genconf-section</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:166 +msgid "" +"Similar to <quote>--genconf</quote>, but only refresh a single section from " +"the configuration file. This option is useful mainly to be called from " +"systemd unit files to allow socket-activated responders to refresh their " +"configuration without requiring the administrator to restart the whole SSSD." +msgstr "" +"Подібний до <quote>--genconf</quote>, але наказує програмі освіжити лише " +"окремий розділу на основі файла налаштувань. Цей параметр корисний, в " +"основному, для виклику з файлів модулів systemd з метою дозволити " +"відповідачам, які активуються з сокетів, освіжати налаштування без потреби у " +"перезапуску адміністратором усього SSSD." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:178 +msgid "<option>--version</option>" +msgstr "<option>--version</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:182 +msgid "Print version number and exit." +msgstr "Вивести номер версії і завершити роботу." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:190 +msgid "Signals" +msgstr "Сигнали" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:193 +msgid "SIGTERM/SIGINT" +msgstr "SIGTERM/SIGINT" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:196 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" +"Повідомляє SSSD, що слід поступово завершити роботу всіх дочірніх процесів, " +"а потім завершити роботу монітора." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:202 +msgid "SIGHUP" +msgstr "SIGHUP" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:205 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" +"Повідомляє SSSD, що слід припинити запис до файлів діагностичних даних з " +"поточними дескрипторами, закрити і повторно відкрити ці файли. Цей сигнал " +"призначено для полегшення процедури архівування журналів за допомогою " +"програм, подібних до logrotate." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:213 +msgid "SIGUSR1" +msgstr "SIGUSR1" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:216 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" +"Наказує SSSD імітувати автономну дію, тривалість якої визначається " +"параметром «offline_timeout». Найкориснішим застосуванням є тестування " +"служби. Сигнал може бути надіслано або процесу sssd, або процесу sssd_be " +"безпосередньо." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:225 +msgid "SIGUSR2" +msgstr "SIGUSR2" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:228 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" +"Наказує SSSD перейти у режим роботи у мережі негайно. Найкориснішим " +"застосуванням є тестування служби. Сигнал може бути надіслано або процесу " +"sssd, або процесу sssd_be безпосередньо." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:240 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in-memory cache." +msgstr "" +"Якщо для змінної середовища SSS_NSS_USE_MEMCACHE встановлено значення «NO», " +"клієнтські програми не використовуватимуть fast у кеші у пам’яті." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:244 +msgid "" +"If the environment variable SSS_LOCKFREE is set to \"NO\", requests from " +"multiple threads of a single application will be serialized." +msgstr "" +"Якщо для змінної середовища SSS_LOCKFREE встановлено значення «NO», " +"одночасні запити від декількох потоків обробки однієї програми буде " +"перетворено у послідовність запитів." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "sss_obfuscate" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "заплутування пароля у форматі звичайного тексту" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>параметри</" +"replaceable> </arg> <arg choice='plain'><replaceable>[ПАРОЛЬ]</replaceable></" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" +"<command>sss_obfuscate</command> перетворює вказаний пароль на пароль у " +"форматі зручному для читання і розташовує його у розділі відповідного домену " +"файла налаштувань SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" +"Пароль у форматі звичайного тексту буде прочитано зі стандартного джерела " +"вхідних даних або введено інтерактивно. Заплутану версію пароля буде " +"збережено у параметрі з назвою «ldap_default_authtok» вказаного домену SSSD, " +"параметру «ldap_default_authtok_type» буде надано значення " +"«obfuscated_password». Докладніший опис цих параметрів можна знайти на " +"сторінці підручника (man) <citerefentry> <refentrytitle>sssd-ldap</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" +"Будь ласка, зауважте, що заплутування паролів <emphasis>не є справжнім " +"захистом</emphasis>, оскільки зловмисник може визначити алгоритм " +"заплутування за кодом програми. <emphasis>Наполегливо</emphasis> радимо вам " +"скористатися кращими механізмами захисту даних розпізнавання, зокрема " +"клієнтськими сертифікатами або GSSAPI." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "<option>-s</option>,<option>--stdin</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" +"Пароль для заплутування буде прочитано зі стандартного джерела вхідних даних." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>ДОМЕН</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" +"Домен SSSD, для якого буде використано пароль. Типовою назвою є " +"<quote>default</quote>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" +"<option>-f</option>,<option>--file</option> <replaceable>ФАЙЛ</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "Прочитати дані з файла налаштувань, вказаного позиційним параметром." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "Типове значення: <filename>/etc/sssd/sssd.conf</filename>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "sss_override" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "створити локальні перевизначення атрибутів користувача і групи" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" +"<command>sss_override</command> <arg choice='plain'><replaceable>КОМАНДА</" +"replaceable></arg> <arg choice='opt'> <replaceable>параметри</replaceable> </" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" +"<command>sss_override</command> надає змогу створювати перегляди на боці " +"клієнта і змінювати вибрані значення для певного користувача і груп. Ці " +"зміни буде застосовано лише на локальному комп'ютері." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" +"Дані перевизначень зберігаються у кеші SSSD. Якщо кеш вилучено, усі локальні " +"перевизначення буде втрачено. Будь ласка, зауважте, що після першого " +"створення перевизначення за допомогою команди <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> або " +"<emphasis>group-import</emphasis> SSSD слід перезапустити, щоб зміни набули " +"чинності. Якщо потрібен перезапуск, <emphasis>sss_override</emphasis> виведе " +"відповідне повідомлення." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:48 +msgid "" +"<emphasis>NOTE:</emphasis> The options provided in this man page only work " +"with <quote>ldap</quote> and <quote>AD</quote> <quote> id_provider</quote>. " +"IPA overrides can be managed centrally on the IPA server." +msgstr "" +"<emphasis>Зауваження:</emphasis> параметри, які описано на цій сторінці " +"підручника працюють лише для значень <quote>ldap</quote> і <quote>AD</quote> " +"параметра <quote>id_provider</quote>. Перевизначеннями IPA можна керувати " +"централізовано на сервері IPA." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:56 sssctl.8.xml:41 +msgid "AVAILABLE COMMANDS" +msgstr "ДОСТУПНІ КОМАНДИ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:58 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" +"Аргумент <emphasis>НАЗВА</emphasis> в усіх командах є назвою початкового " +"об'єкта. Не можна перевизначити <emphasis>uid</emphasis> або <emphasis>gid</" +"emphasis> на 0." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:65 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED " +"CERTIFICATE</optional>" +msgstr "" +"<option>user-add</option> <emphasis>НАЗВА</emphasis> <optional><option>-n,--" +"name</option> НАЗВА</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> ДОМІВКА</optional> <optional><option>-" +"s,--shell</option> ОБОЛОНКА</optional> <optional><option>-c,--gecos</option> " +"GECOS</optional> <optional><option>-x,--certificate</option> СЕРТИФІКАТ У " +"КОДУВАННІ BASE64</optional>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:78 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" +"Перевизначити атрибути запису користувача. Будь ласка, зверніть увагу, що " +"виклик цієї команди замінить усі попередні перевизначення для вказаного за " +"назвою облікового запису користувача." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:86 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "<option>user-del</option> <emphasis>НАЗВА</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:91 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" +"Вилучити перевизначення користувача. Втім, слід мати на увазі, що " +"перевизначені атрибути може бути повернено з кешу у пам'яті. Будь ласка, " +"ознайомтеся із документацією до параметра SSSD <emphasis>memcache_timeout</" +"emphasis>, щоб дізнатися більше." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:100 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" +"<option>user-find</option> <optional><option>-d,--domain</option> ДОМЕН</" +"optional>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:105 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" +"Вивести список усіх користувачів, для яких встановлено перевизначення. Якщо " +"встановлено параметр <emphasis>ДОМЕН</emphasis>, буде показано лише " +"користувачів з відповідного домену." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:113 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "<option>user-show</option> <emphasis>НАЗВА</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:118 +msgid "Show user overrides." +msgstr "Показати перевизначення користувача." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:124 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "<option>user-import</option> <emphasis>ФАЙЛ</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" +"Імпортувати перевизначення користувачів з файла <emphasis>ФАЙЛ</emphasis>. " +"Формат даних у файлі має бути таким самим, як у стандартному файлі passwd. " +"Приклад:" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:134 +msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate" +msgstr "" +"початкова_назва:назва:uid:gid:gecos:домівка:оболонка:" +"сертифікат_у_кодуванні_base64" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:137 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" +"де «початкова_назва» — початкова назва запису користувача, чиї атрибути має " +"бути перевизначено. Решта полів відповідає новим значенням. Ви можете " +"пропустити значення, не заповнюючи відповідного поля." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:146 +msgid "ckent:superman::::::" +msgstr "ckent:superman::::::" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:149 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:" +msgstr "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:155 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "<option>user-export</option> <emphasis>ФАЙЛ</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:160 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" +"Експортувати усі перевизначені атрибути і зберегти їх у файлі " +"<emphasis>ФАЙЛ</emphasis>. Див. <emphasis>user-import</emphasis>, щоб " +"дізнатися більше про формат даних." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:168 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" +"<option>group-add</option> <emphasis>НАЗВА</emphasis> <optional><option>-n,--" +"name</option> НАЗВА</optional> <optional><option>-g,--gid</option> GID</" +"optional>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:175 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" +"Перевизначити атрибути запису групи. Будь ласка, зверніть увагу, що виклик " +"цієї команди замінить усі попередні перевизначення для вказаної за назвою " +"групи." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:183 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "<option>group-del</option> <emphasis>НАЗВА</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:188 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" +"Вилучити перевизначення групи. Втім, слід мати на увазі, що перевизначені " +"атрибути може бути повернено з кешу у пам'яті. Будь ласка, ознайомтеся із " +"документацією до параметра SSSD <emphasis>memcache_timeout</emphasis>, щоб " +"дізнатися більше." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:197 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" +"<option>group-find</option> <optional><option>-d,--domain</option> ДОМЕН</" +"optional>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:202 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" +"Вивести список усіх груп, для яких встановлено перевизначення. Якщо " +"встановлено параметр <emphasis>ДОМЕН</emphasis>, буде показано лише групи з " +"відповідного домену." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:210 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "<option>group-show</option> <emphasis>НАЗВА</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:215 +msgid "Show group overrides." +msgstr "Показати перевизначення групи." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:221 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "<option>group-import</option> <emphasis>ФАЙЛ</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" +"Імпортувати перевизначення груп з файла <emphasis>ФАЙЛ</emphasis>. Формат " +"даних у файлі має бути таким самим, як у стандартному файлі group. Приклад:" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:231 +msgid "original_name:name:gid" +msgstr "початкова_назва:назва:gid" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:234 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" +"де «початкова_назва» — початкова назва групи, чиї атрибути має бути " +"перевизначено. Решта полів відповідає новим значенням. Ви можете пропустити " +"значення, не заповнюючи відповідного поля." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:243 +msgid "admins:administrators:" +msgstr "admins:administrators:" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:246 +msgid "Domain Users:Users:501" +msgstr "Domain Users:Users:501" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:252 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "<option>group-export</option> <emphasis>ФАЙЛ</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:257 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" +"Експортувати усі перевизначені атрибути і зберегти їх у файлі " +"<emphasis>ФАЙЛ</emphasis>. Див. <emphasis>group-import</emphasis>, щоб " +"дізнатися більше про формат даних." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:267 sssctl.8.xml:50 +msgid "COMMON OPTIONS" +msgstr "ЗАГАЛЬНІ ПАРАМЕТРИ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:269 sssctl.8.xml:52 +msgid "Those options are available with all commands." +msgstr "Ці параметри можна використовувати з усіма командами." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:274 sssctl.8.xml:57 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "<option>--debug</option> <replaceable>РІВЕНЬ</replaceable>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "sssd-krb5" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "Модуль надання даних Kerberos SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" +"На цій сторінці довідника описано налаштування засобу розпізнавання Kerberos " +"5 для <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис налаштування, " +"зверніться до розділу «ФОРМАТ ФАЙЛА» сторінки довідника <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" +"Модуль розпізнавання Kerberos 5 містити засоби розпізнавання та зміни " +"паролів. З метою отримання належних результатів його слід використовувати " +"разом з інструментом обробки профілів (наприклад, id_provider = ldap). Деякі " +"з даних, потрібних для роботи модуля розпізнавання Kerberos 5, має бути " +"надано інструментом обробки профілів, серед цих даних Kerberos Principal " +"Name (UPN) або реєстраційне ім’я користувача. У налаштуваннях інструменту " +"обробки профілів має бути запис з визначенням UPN. Докладні настанови щодо " +"визначення такого UPN має бути викладено на сторінці довідника (man) " +"відповідного інструменту обробки профілів." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" +"У цьому інструменті керування даними також передбачено можливості керування " +"доступом, засновані на даних з файла k5login у домашньому каталозі " +"користувача. Докладніші відомості можна отримати з підручника до " +"<citerefentry> <refentrytitle>k5login</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>. Зауважте, що якщо файл .k5login виявиться " +"порожнім, доступ користувачеві буде заборонено. Щоб задіяти можливість " +"керування доступом, додайте рядок «access_provider = krb5» до ваших " +"налаштувань SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" +"У випадку, коли доступу до UPN у модулі профілів не передбачено, " +"<command>sssd</command> побудує UPN у форматі <replaceable>ім’я_користувача</" +"replaceable>@<replaceable>область_krb5</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" +"Визначає список IP-адрес або назв вузлів, відокремлених комами, серверів " +"Kerberos, з якими SSSD має встановлювати з’єднання. Список має бути " +"впорядковано за пріоритетом. Докладніше про резервування та додаткові " +"сервери можна дізнатися з розділу «РЕЗЕРВ». До адрес або назв вузлів може " +"бути додано номер порту (перед номером слід вписати двокрапку). Якщо " +"параметр матиме порожнє значення, буде увімкнено виявлення служб. Докладніше " +"про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" +"Назва області Kerberos. Цей параметр є обов’язковим, його неодмінно слід " +"вказати." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "krb5_kpasswd, krb5_backup_kpasswd (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" +"Якщо службу зміни паролів не запущено на KDC, тут можна визначити " +"альтернативні сервери. До адрес або назв вузлів можна додати номер порту " +"(перед яким слід вписати двокрапку)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" +"Додаткові відомості щодо резервних серверів можна знайти у розділі «РЕЗЕРВ». " +"Зауваження: навіть якщо список всіх серверів kpasswd буде вичерпано, модуль " +"не перемкнеться у автономний режим роботи, якщо розпізнавання за KDC " +"залишатиметься можливим." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "Типове значення: використання KDC" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "krb5_ccachedir (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" +"Каталог для зберігання кешу реєстраційних даних. Тут також можна " +"використовувати усі замінники з krb5_ccname_template, окрім %d та %P. " +"Каталог створюється як конфіденційний, власником є користувач, права доступу " +"— 0700." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "Типове значення: /tmp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "krb5_ccname_template (рядок)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "%u" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "ім'я користувача" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "%U" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "ідентифікатор користувача" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "%p" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "назва реєстраційного запису" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "%r" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "назва області" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 include/override_homedir.xml:42 +msgid "%h" +msgstr "%h" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:124 +msgid "home directory" +msgstr "домашній каталог" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "%d" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "значення krb5_ccachedir" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:31 +msgid "%P" +msgstr "%P" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "ідентифікатор процесу клієнтської частини SSSD" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:56 +msgid "%%" +msgstr "%%" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:57 +msgid "a literal '%'" +msgstr "символ відсотків («%»)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" +"Розташування кешу з реєстраційними даними користувача У поточній версії " +"передбачено підтримку трьох типів кешу реєстраційних даних: <quote>FILE</" +"quote>, <quote>DIR</quote> та <quote>KEYRING:persistent</quote>. Кеш може " +"бути вказано або у форматі <replaceable>ТИП:РЕШТА</replaceable>, або у " +"форматі абсолютного шляху (тоді вважається, що типом кешу є <quote>FILE</" +"quote>). У шаблоні передбачено можливість використання таких послідовностей-" +"замінників: <placeholder type=\"variablelist\" id=\"0\"/> Якщо шаблон " +"завершується послідовністю «XXXXXX», для безпечного створення назви файла " +"використовується mkstemp(3)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" +"Якщо використовуються типи KEYRING, єдиним підтримуваним механізмом є " +"«KEYRING:persistent:%U», тобто використання сховища ключів ядра Linux для " +"зберігання реєстраційних даних на основі поділу за UID. Цей варіант є " +"рекомендованим, оскільки це найбезпечніший та найпередбачуваніший спосіб." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" +"Типове значення назви кешу реєстраційних даних буде запозичено з " +"загальносистемного профілю, що зберігається у файлі налаштувань krb5.conf, " +"розділ [libdefaults]. Назва параметра — default_ccache_name. Див. розділ " +"щодо розгортання параметрів (PARAMETER EXPANSION) у довідці щодо krb5." +"conf(5), щоб отримати додаткові дані щодо формату розгортання, використаного " +"у krb5.conf." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" +"ЗАУВАЖЕННЯ: майте на увазі, що шаблон розширення ccache libkrb5 з " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> використовує інші послідовності розширення, що не " +"збігаються із використаними у SSSD." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "Типове значення: (з libkrb5)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_keytab (string)" +msgstr "krb5_keytab (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" +"Розташування таблиці ключів, якою слід скористатися під час перевірки " +"реєстраційних даних, отриманих від KDC." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:253 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "krb5_store_password_if_offline (булівське значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:256 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" +"Зберігати пароль користувача, якщо засіб перевірки перебуває поза мережею, і " +"використовувати його для запитів TGT після встановлення з’єднання з засобом " +"перевірки." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:261 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" +"Зауваження: ця можливість у поточній версії доступна лише на платформі " +"Linux. Паролі зберігатимуться у форматі звичайного тексту (без шифрування) у " +"сховищі ключів ядра, потенційно до них може отримати доступ адміністративний " +"користувач (root), але йому для цього слід буде подолати деякі перешкоди." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:274 +msgid "krb5_use_fast (string)" +msgstr "krb5_use_fast (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:277 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" +"Вмикає безпечне тунелювання для гнучкого розпізнавання (flexible " +"authentication secure tunneling або FAST) для попереднього розпізнавання у " +"Kerberos. Передбачено такі варіанти:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:282 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" +"<emphasis>never</emphasis> використовувати FAST, рівнозначний варіанту, за " +"якого значення цього параметра взагалі не задається." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:286 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" +"<emphasis>try</emphasis> — використовувати FAST. Якщо на сервері не " +"передбачено підтримки FAST, продовжити розпізнавання без FAST." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:291 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" +"<emphasis>demand</emphasis> — використовувати FAST. Якщо на сервері не " +"передбачено підтримки FAST, спроба розпізнавання зазнає невдачі." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:296 +msgid "Default: not set, i.e. FAST is not used." +msgstr "Типове значення: не встановлено, тобто FAST не використовується." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:299 +msgid "NOTE: a keytab or support for anonymous PKINIT is required to use FAST." +msgstr "" +"Зауваження: будь ласка, зауважте, що для використання FAST потрібна таблиця " +"ключів або підтримка анонімного PKINIT." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:303 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" +"Зауваження: у SSSD передбачено підтримку FAST лише у разі використання MIT " +"Kerberos версії 1.8 або новішої. Якщо SSSD буде використано зі старішою " +"версією MIT Kerberos і цим параметром, буде повідомлено про помилку у " +"налаштуваннях." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:312 +msgid "krb5_fast_principal (string)" +msgstr "krb5_fast_principal (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:315 +msgid "Specifies the server principal to use for FAST." +msgstr "" +"Визначає реєстраційний запис сервера, який слід використовувати для FAST." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:321 +msgid "krb5_fast_use_anonymous_pkinit (boolean)" +msgstr "krb5_fast_use_anonymous_pkinit (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:324 +msgid "" +"If set to true try to use anonymous PKINIT instead of a keytab to get the " +"required credential for FAST. The krb5_fast_principal options is ignored in " +"this case." +msgstr "" +"Якщо встановлено значення «true» намагатися скористатися анонімним PKINIT " +"замість таблиці ключів для отримання бажаних реєстраційних даних для FAST. У " +"цьому випадку параметри krb5_fast_principal буде проігноровано." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:364 +msgid "krb5_kdcinfo_lookahead (string)" +msgstr "krb5_kdcinfo_lookahead (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:367 +msgid "" +"When krb5_use_kdcinfo is set to true, you can limit the amount of servers " +"handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. This might be " +"helpful when there are too many servers discovered using SRV record." +msgstr "" +"Якщо для krb5_use_kdcinfo встановлено значення true, ви можете обмежити " +"кількість серверів, які буде передано <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>. Це може бути корисним, якщо за допомогою запису " +"SRV виявляється надто багато серверів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:377 +msgid "" +"The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. " +"The first number represents number of primary servers used and the second " +"number specifies the number of backup servers." +msgstr "" +"Параметр krb5_kdcinfo_lookahead містить два числа, які відокремлено " +"двокрапкою. Перше число визначає кількість основних серверів, а друге — " +"кількість резервних серверів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:383 +msgid "" +"For example <emphasis>10:0</emphasis> means that up to 10 primary servers " +"will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " +"servers." +msgstr "" +"Наприклад, <emphasis>10:0</emphasis> означає «буде передано до 10 основних " +"серверів до <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>», але не буде " +"передано резервні сервери" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:392 +msgid "Default: 3:1" +msgstr "Типове значення: 3:1" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:398 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "krb5_use_enterprise_principal (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:401 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" +"Визначає, чи слід вважати реєстраційні дані користувача даними промислового " +"рівня. Див. розділ 5 RFC 6806, щоб дізнатися більше про промислові " +"реєстраційні дані." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:407 +msgid "Default: false (AD provider: true)" +msgstr "Типове значення: false (надається AD: true)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:410 +msgid "" +"The IPA provider will set to option to 'true' if it detects that the server " +"is capable of handling enterprise principals and the option is not set " +"explicitly in the config file." +msgstr "" +"Засіб надання даних IPA встановить для цього параметра значення «true», якщо " +"виявить, що сервер здатен обробляти реєстраційні дані промислового класу, і " +"параметр на встановлено явним чином у файлі налаштувань." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:419 +msgid "krb5_use_subdomain_realm (boolean)" +msgstr "krb5_use_subdomain_realm (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:422 +msgid "" +"Specifies to use subdomains realms for the authentication of users from " +"trusted domains. This option can be set to 'true' if enterprise principals " +"are used with upnSuffixes which are not known on the parent domain KDCs. If " +"the option is set to 'true' SSSD will try to send the request directly to a " +"KDC of the trusted domain the user is coming from." +msgstr "" +"Визначає використання областей піддоменів для розпізнавання користувачів з " +"довірених доменів. Для цього параметра можна встановити значення «true», " +"якщо промислові реєстраційні записи використовуються із upnSuffixes, який не " +"є відомим KDC батьківського домену. Якщо для параметра встановлено значення " +"«true», SSSD спробує надіслати запит безпосередньо до KDC довіреного домену, " +"з якого прийшов користувач." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:438 +msgid "krb5_map_user (string)" +msgstr "krb5_map_user (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" +"Список прив’язок визначається як список пар «користувач:основа», де " +"«користувач» — ім’я користувача UNIX, а «основа» — частина щодо користувача " +"у реєстраційному записі kerberos. Ця прив’язка використовується, якщо " +"користувач проходить розпізнавання із використанням «auth_provider = krb5»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:453 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:458 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" +"<quote>joe</quote> і <quote>dick</quote> — імена користувачів UNIX, а " +"<quote>juser</quote> і <quote>richard</quote> основні частини реєстраційних " +"записів kerberos. Для користувачів <quote>joe</quote> та, відповідно, " +"<quote>dick</quote> SSSD намагатиметься виконати ініціалізацію kinit як " +"<quote>juser@REALM</quote> і, відповідно, <quote>richard@REALM</quote>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Якщо у домені SSSD використано auth-module krb5, має бути використано " +"вказані нижче параметри. Зверніться до сторінки довідника (man) " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, розділ «РОЗДІЛИ ДОМЕНІВ», щоб дізнатися більше " +"про налаштування домену SSSD. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:485 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" +"У наведеному нижче прикладі припускається, що SSSD налаштовано належним " +"чином, а FOO є одним з доменів у розділі <replaceable>[sssd]</replaceable>. " +"У прикладі продемонстровано лише налаштування розпізнавання аз допомогою " +"Kerberos, там не вказано інструменту обробки профілів." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:493 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "sss_cache" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "виконати спорожнення кешу" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>параметри</" +"replaceable> </arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online. Options that invalidate a single object only accept a " +"single provided argument." +msgstr "" +"<command>sss_cache</command> скасовує визначення записів у кеші SSSD. Дані " +"записів зі скасованими визначеннями буде перезавантажено з сервера у " +"примусовому порядку, щойно відповідний модуль SSSD отримає до них доступ. " +"Параметри, які скасовують визначення окремого об'єкта приймають лише один " +"аргумент." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:43 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "<option>-E</option>,<option>--everything</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:47 +msgid "Invalidate all cached entries." +msgstr "Скасувати чинність усіх кешованих записів." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:53 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" +"<option>-u</option>,<option>--user</option> <replaceable>реєстраційні дані</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:58 +msgid "Invalidate specific user." +msgstr "Скасувати визначення вказаного користувача." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:64 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "<option>-U</option>,<option>--users</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:68 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" +"Скасувати визначення всіх записів. Цей параметр має вищий пріоритет за " +"параметр скасування визначення для будь-якого користувача, якщо такий " +"параметр вказано." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:75 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" +"<option>-g</option>,<option>--group</option> <replaceable>група</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:80 +msgid "Invalidate specific group." +msgstr "Скасувати визначення вказаної групи." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:86 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "<option>-G</option>,<option>--groups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:90 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" +"Скасувати визначення записів для всіх груп. Цей параметр має вищий пріоритет " +"за параметр скасування визначення для будь-якої групи, якщо такий параметр " +"вказано." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:97 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>мережева група</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:102 +msgid "Invalidate specific netgroup." +msgstr "Скасувати визначення вказаної мережевої групи." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:108 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "<option>-N</option>,<option>--netgroups</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:112 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" +"Скасувати визначення всіх записів мережевих груп. Цей параметр має вищий " +"пріоритет за параметр скасування визначення для будь-якої мережевої групи, " +"якщо такий параметр вказано." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:119 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" +"<option>-s</option>,<option>--service</option> <replaceable>служба</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:124 +msgid "Invalidate specific service." +msgstr "Скасувати визначення вказаної служби." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:130 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "<option>-S</option>,<option>--services</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:134 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" +"Скасувати визначення всіх записів служб. Цей параметр має вищий пріоритет за " +"параметр скасування визначення для будь-якої служби, якщо такий параметр " +"вказано." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:141 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>карта autofs</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:146 +msgid "Invalidate specific autofs maps." +msgstr "Скасувати визначення певної карти autofs." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:152 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "<option>-A</option>,<option>--autofs-maps</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:156 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" +"Скасувати визначення всіх записів карт autofs. Цей параметр має вищий " +"пріоритет за параметр скасування визначення для будь-якої карти, якщо такий " +"параметр вказано." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:163 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>назва вузла</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:168 +msgid "Invalidate SSH public keys of a specific host." +msgstr "Скасувати чинність відкритих ключів SSH певного вузла." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:174 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "<option>-H</option>,<option>--ssh-hosts</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:178 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" +"Скасувати чинність усіх відкритих ключів SSH усіх вузлів. Цей параметр " +"перевизначає скасовування чинності ключів SSH певних вузлів, якщо для них " +"було використано таке скасовування." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:186 +msgid "" +"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</" +"replaceable>" +msgstr "" +"<option>-r</option>,<option>--sudo-rule</option> <replaceable>правило</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:191 +msgid "Invalidate particular sudo rule." +msgstr "Скасувати чинність певного правила sudo." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:197 +msgid "<option>-R</option>,<option>--sudo-rules</option>" +msgstr "<option>-R</option>,<option>--sudo-rules</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:201 +msgid "" +"Invalidate all cached sudo rules. This option overrides invalidation of " +"specific sudo rule if it was also set." +msgstr "" +"Скасувати визначення усіх кешованих правил sudo. Цей параметр має вищий " +"пріоритет за параметр скасування визначення для будь-якого правила sudo, " +"якщо такий параметр вказано." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:209 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" +"<option>-d</option>,<option>--domain</option> <replaceable>домен</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:214 +msgid "Restrict invalidation process only to a particular domain." +msgstr "Обмежити процедуру скасування визначення лише певним доменом." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_cache.8.xml:224 +msgid "EFFECTS ON THE FAST MEMORY CACHE" +msgstr "ВПЛИВ НА ШВИДКИЙ КЕШ У ПАМ'ЯТІ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:226 +msgid "" +"<command>sss_cache</command> also invalidates the memory cache. Since the " +"memory cache is a file which is mapped into the memory of each process which " +"called SSSD to resolve users or groups the file cannot be truncated. A " +"special flag is set in the header of the file to indicate that the content " +"is invalid and then the file is unlinked by SSSD's NSS responder and a new " +"cache file is created. Whenever a process is now doing a new lookup for a " +"user or a group it will see the flag, close the old memory cache file and " +"map the new one into its memory. When all processes which had opened the old " +"memory cache file have closed it while looking up a user or a group the " +"kernel can release the occupied disk space and the old memory cache file is " +"finally removed completely." +msgstr "" +"Крім того, <command>sss_cache</command> вимикає кеш у пам'яті. Оскільки кеш " +"у пам'яті є файлом, копію якого програма створює у пам'яті кожного процесу, " +"який викликає SSSD для визначення користувачів або груп, файл не може бути " +"обрізано. У заголовку файла встановлюють спеціальний прапорець для " +"позначення некоректності вмісту, а потім файл від'єднується відповідачем NSS " +"SSSD і створюється новий файл кешу. Після цього, кожного разу, коли процес " +"виконує новий пошук користувача або групи, він бачить цей прапорець, " +"закриває старий файл кешу у пам'яті і відтворює новий файл у своїй пам'яті. " +"Коли усі процеси, які відкривали старий файл кешу у пам'яті, закриють його " +"під час пошуку користувача або групи, ядро може звільнити зайняте ним місце " +"на диску і нарешті повністю вилучити застарілий файл кешу у пам'яті." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:240 +msgid "" +"A special case is long running processes which are doing user or group " +"lookups only at startup, e.g. to determine the name of the user the process " +"is running as. For those lookups the memory cache file is mapped into the " +"memory of the process. But since there will be no further lookups this " +"process would never detect if the memory cache file was invalidated and " +"hence it will be kept in memory and will occupy disk space until the process " +"stops. As a result calling <command>sss_cache</command> might increase the " +"disk usage because old memory cache files cannot be removed from the disk " +"because they are still mapped by long running processes." +msgstr "" +"Особливим випадком є процеси довготривалої дії, які виконують пошук " +"користувачів або груп лише під час запуску, наприклад, щоб визначити назву " +"облікового запису користувача, від імені якого запущено процес. Для таких " +"пошуків файл кешу у пам'яті відображається до пам'яті процесу. Але оскільки " +"подальших пошуків виконано не буде, цей процес ніколи не зможе визначити " +"втрату чинності файлом кешу у пам'яті, а отже, файл лишатиметься у пам'яті і " +"займатиме місце на диску аж до завершення процесом роботи. У результаті " +"виклик <command>sss_cache</command> може збільшити обсяг використаного " +"програмою місця на диску, оскільки вилучення застарілих файлів кешу у " +"пам'яті виявиться неможливим, оскільки їх буде пов'язано із процесами " +"довготривалої дії." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:252 +msgid "" +"A possible work-around for long running processes which are looking up users " +"and groups only at startup or very rarely is to run them with the " +"environment variable SSS_NSS_USE_MEMCACHE set to \"NO\" so that they won't " +"use the memory cache at all and not map the memory cache file into the " +"memory. In general a better solution is to tune the cache timeout parameters " +"so that they meet the local expectations and calling <command>sss_cache</" +"command> is not needed." +msgstr "" +"Можливим обхідним маневром у випадках процесів довготривалої дії, які " +"виконують пошук користувачів та груп лише під час запуску або дуже нечасто, " +"є запуск процесів із встановленим для змінної середовища " +"SSS_NSS_USE_MEMCACHE значенням «NO», щоб вони взагалі не використовували кеш " +"у пам'яті або не відображали файл кешу до своєї пам'яті. Загалом, кращим " +"варіантом є коригування параметрів часу очікування кешування так, щоб вони " +"відповідали конкретному випадку. Тоді виклик <command>sss_cache</command> " +"стане непотрібним." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "sss_debuglevel" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "[DEPRECATED] change debug level while SSSD is running" +msgstr "[ЗАСТАРІЛИЙ] змінити рівень діагностики протягом сеансу роботи з SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg " +"choice='plain'><replaceable>НОВИЙ_РІВЕНЬ_ДІАГНОСТИКИ</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl " +"debug-level command. Please refer to the <command>sssctl</command> man page " +"for more information on sssctl usage." +msgstr "" +"<command>sss_debuglevel</command> вважається застарілим, його замінено " +"командою debug-level sssctl. Будь ласка, зверніться до сторінки підручника " +"щодо <command>sssctl</command>, щоб дізнатися більше про використання sssctl." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "sss_seed" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "надсилає дані кешу SSSD щодо користувача" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>параметри</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>ДОМЕН</replaceable></" +"arg> <arg choice='plain'>-n <replaceable>КОРИСТУВАЧ</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" +"<command>sss_seed</command> розповсюджує кеш SSSD з записом користувача і " +"тимчасовим паролем. Якщо запис користувача вже є у кеші SSSD, запис буде " +"оновлено зі встановленням тимчасового пароля." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" +"<option>-D</option>,<option>--domain</option> <replaceable>ДОМЕН</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" +"Визначає назву домену, учасником якого є користувач. Домен використовується " +"для отримання даних щодо користувачів. Домен має бути налаштовано у sssd." +"conf. Має бути надано аргумент <replaceable>ДОМЕН</replaceable>. Дані, " +"отримані з домену, матимуть вищий пріоритет за дані, вказані за допомогою " +"параметрів." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" +"<option>-n</option>,<option>--username</option> <replaceable>КОРИСТУВАЧ</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" +"Ім’я користувача, запис якого слід створити або змінити у кеші. Має бути " +"вказано аргумент <replaceable>КОРИСТУВАЧ</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" +"<option>-u</option>,<option>--uid</option> <replaceable>ідентифікатор " +"користувача</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "Встановити UID користувача у значення <replaceable>UID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "Встановити GID користувача у значення <replaceable>GID</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" +"<option>-c</option>,<option>--gecos</option> <replaceable>КОМЕНТАР</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" +"Будь-який рядок тексту, що описує користувача. Часто використовується для " +"зберігання паспортного імені користувача." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" +"<option>-h</option>,<option>--home</option> <replaceable>ДОМАШНІЙ_КАТАЛОГ</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" +"Встановити домашній каталог користувача у значення " +"<replaceable>ДОМАШНІЙ_КАТАЛОГ</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" +"<option>-s</option>,<option>--shell</option> <replaceable>ОБОЛОНКА</" +"replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" +"Встановити оболонку реєстрації користувача у значення <replaceable>ОБОЛОНКА</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" +"Інтерактивний режим для введення даних користувача. У разі використання " +"цього параметра програма надсилатиме запит лише щодо даних, які не було " +"отримано з параметрів команди або домену." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" +"<option>-p</option>,<option>--password-file</option> " +"<replaceable>ФАЙЛ_ПАРОЛІВ</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" +"Вказати файл, звідки слід читати дані щодо паролів користувачів. Якщо пароль " +"не буде знайдено, програма надішле запит на його введення." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" +"Довжина пароля (або розмір файла, визначеного за допомогою параметра -p або " +"--password-file) має бути меншою або рівною PASS_MAX байтів (64 байти у " +"системах без визначеного на загальному рівні значення PASS_MAX)." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "sssd-ifp" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "Відповідач InfoPipe SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"На цій сторінці довідника описано налаштування засобу надання відповідей " +"InfoPipe для <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис " +"налаштування, зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" +"Відповідач InfoPipe забезпечує роботу відкритого інтерфейсу D-Bus над " +"системним каналом повідомлень. За допомогою цього інтерфейсу користувачі " +"можуть надсилати загальносистемним каналом повідомлень запити щодо " +"інформації про віддалених користувачів і групи." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ifp.5.xml:43 +msgid "FIND BY VALID CERTIFICATE" +msgstr "ПОШУК ЗА ЧИННИМ СЕРТИФІКАТОМ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:45 +msgid "" +"The following options can be used to control how the certificates are " +"validated when using the FindByValidCertificate() API:" +msgstr "" +"Для керування тим, як буде виконуватися перевірка, якщо використано " +"програмний інтерфейс FindByValidCertificate(), використовують такі параметри:" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:48 sss_ssh_authorizedkeys.1.xml:92 +msgid "ca_db" +msgstr "ca_db" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:49 sss_ssh_authorizedkeys.1.xml:93 +msgid "p11_child_timeout" +msgstr "p11_child_timeout" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:50 sss_ssh_authorizedkeys.1.xml:94 +msgid "certificate_verification" +msgstr "certificate_verification" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:52 +msgid "" +"For more details about the options see <citerefentry><refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." +msgstr "" +"Щоб дізнатися більше про параметри, ознайомтеся зі сторінкою підручника щодо " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:62 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" +"Цими параметрами можна скористатися для налаштовування відповідача InfoPipe." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:69 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" +"Визначає список значень UID або імен користувачів, відокремлених комами. " +"Користувачам з цього списку буде дозволено доступ до відповідача InfoPipe. " +"UID за іменами користувачів визначатимуться під час запуску." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:75 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" +"Типове значення: 0 (доступ до відповідача InfoPipe має лише адміністративний " +"користувач (root))" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:79 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" +"Будь ласка, зауважте, що хоча типово використовується UID 0, значення UID " +"буде перевизначено на основі цього параметра. Якщо ви хочете надати " +"адміністративному користувачеві (root) доступ до відповідача InfoPipe, що " +"може бути типовим варіантом, вам слід додати до списку UID з правами доступу " +"запис 0." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:93 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" +"Визначає список атрибутів з «білого» або «чорного» списків, відокремлених " +"комами." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "name" +msgstr "name" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:108 +msgid "user's login name" +msgstr "реєстраційне ім’я користувача" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "uidNumber" +msgstr "uidNumber" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user ID" +msgstr "ідентифікатор користувача" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:115 +msgid "gidNumber" +msgstr "gidNumber" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:116 +msgid "primary group ID" +msgstr "ідентифікатор основної групи" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:119 +msgid "gecos" +msgstr "gecos" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:120 +msgid "user information, typically full name" +msgstr "дані щодо користувача, типово ім’я повністю" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:123 +msgid "homeDirectory" +msgstr "homeDirectory" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:127 +msgid "loginShell" +msgstr "loginShell" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:128 +msgid "user shell" +msgstr "командна оболонка користувача" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:97 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"Типово, відповідач InfoPipe надає дані лише щодо типового набору атрибутів " +"POSIX. Цей набір є тим самим, який повертає програма <citerefentry> " +"<refentrytitle>getpwnam</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>, його елементи: <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:141 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:133 +msgid "" +"It is possible to add another attribute to this set by using " +"<quote>+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Ви можете додати інший атрибут до цього набору за допомогою параметра " +"«+назва_атрибута» або явним чином виключити атрибут за допомогою параметра «-" +"назва_атрибута». Наприклад, щоб дозволити «telephoneNumber», але заборонити " +"«loginShell», вам слід скористатися такими налаштуваннями: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:145 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" +"Типове значення: не встановлено. Дозволено лише типовий набір атрибутів " +"POSIX." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:155 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" +"Визначає верхню межу для кількості записів, які отримуватимуться під час " +"пошуку з використанням символів-замінників, які перевизначають обмеження, " +"яке накладається функцією виклику." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:160 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" +"Типове значення: 0 (дозволити встановлювати верхнє обмеження функції виклику)" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Розробник (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Розробник (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "sss_rpcidmapd" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "Директиви налаштовування додатка sss для rpc.idmapd" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "ФАЙЛ НАЛАШТУВАНЬ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" +"Файл налаштувань rpc.idmapd зазвичай зберігається тут: <emphasis>/etc/idmapd." +"conf</emphasis>. Див. підручник з <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися " +"більше." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "РОЗШИРЕННЯ НАЛАШТОВУВАННЯ SSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "Вмикання додатка SSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" +"У розділі «[Translation]» змініть або додайте атрибут «Method» із вмістом " +"<emphasis>sss</emphasis>." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "Розділ налаштовування [sss]" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" +"Якщо вам потрібно змінити типове значення одного з атрибутів налаштувань, " +"перелічених нижче, додатка <emphasis>sss</emphasis>, вам слід створити " +"розділ налаштувань для нього з назвою «[sss]»." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "Атрибути налаштувань" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "memcache (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "Визначає, чи слід використовувати методику оптимізації кешу у пам’яті." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "ІНТЕГРАЦІЯ З SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" +"Додаток sss потребує вмикання <emphasis>Відповідача NSS</emphasis> у sssd." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" +"Атрибут «use_fully_qualified_names» має бути увімкнено для усіх доменів " +"(клієнти NFSv4 очікують на те, що надсилається назва повністю)." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" +"[General]\n" +"Verbosity = 2\n" +"# домен має бути синхронізовано між сервером NFSv4 та клієнтами\n" +"# У Solaris/Illumos/AIX типово використовується \"локальний домен\"!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"У наведеному нижче прикладі показано мінімальний вигляд idmapd.conf, де " +"використовується додаток sss. <placeholder type=\"programlisting\" id=\"0\"/" +">" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:316 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "ТАКОЖ ПЕРЕГЛЯНЬТЕ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "sss_ssh_authorizedkeys" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "1" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "отримати уповноважені ключі OpenSSH" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>параметри</replaceable> </arg> <arg " +"choice='plain'><replaceable>КОРИСТУВАЧ</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" +"<command>sss_ssh_authorizedkeys</command> отримує відкриті ключі SSH для " +"користувача <replaceable>КОРИСТУВАЧ</replaceable> і виводить їх у форматі " +"authorized_keys OpenSSH (щоб дізнатися більше, див. розділ <quote>ФОРМАТ " +"ФАЙЛІВ AUTHORIZED_KEYS</quote> на сторінці підручника (man) з " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry>)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the " +"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> man page for more details about this option." +msgstr "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> можна налаштувати на використання " +"<command>sss_ssh_authorizedkeys</command> для розпізнавання користувачів за " +"відкритими ключами, якщо програму зібрано із підтримкою параметра " +"<quote>AuthorizedKeysCommand</quote>. Будь ласка, зверніться до сторінки " +"підручника <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>, щоб дізнатися більше про цей " +"параметр." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:59 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:52 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Якщо передбачено підтримку <quote>AuthorizedKeysCommand</quote>, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> можна налаштувати на використання ключів за допомогою таких " +"інструкцій у <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_ssh_authorizedkeys.1.xml:65 +msgid "KEYS FROM CERTIFICATES" +msgstr "КЛЮЧІ З СЕРТИФІКАТІВ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:67 +msgid "" +"In addition to the public SSH keys for user <replaceable>USER</replaceable> " +"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived " +"from the public key of a X.509 certificate as well." +msgstr "" +"Окрім відкрити ключів SSH для користувача <replaceable>КОРИСТУВАЧ</" +"replaceable>, <command>sss_ssh_authorizedkeys</command> може повертати ключі " +"SSH, які походять від відкритого ключа сертифіката X.509." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:73 +msgid "" +"To enable this the <quote>ssh_use_certificate_keys</quote> option must be " +"set to true (default) in the [ssh] section of <filename>sssd.conf</" +"filename>. If the user entry contains certificates (see " +"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or " +"there is a certificate in an override entry for the user (see " +"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the " +"certificate is valid SSSD will extract the public key from the certificate " +"and convert it into the format expected by sshd." +msgstr "" +"Щоб уможливити це, слід встановити для параметра " +"<quote>ssh_use_certificate_keys</quote> значення true (типове значення) у " +"розділі [ssh] файла <filename>sssd.conf</filename>. Якщо запис користувача " +"містить сертифікати (див <quote>ldap_user_certificate</quote> на сторінці " +"<citerefentry><refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>, щоб дізнатися більше) або існує сертифікат у " +"записі перевизначення для користувача (див. " +"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> або <citerefentry><refentrytitle>sssd-ipa</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry>, щоб дізнатися " +"більше), а сертифікат є чинним, SSSD видобуде відкритий ключі з сертифіката " +"і перетворить його до формату, який може використовувати sshd." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:90 +msgid "Besides <quote>ssh_use_certificate_keys</quote> the options" +msgstr "" +"Окрім <quote>ssh_use_certificate_keys</quote>, може бути використано " +"параметри" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:96 +msgid "" +"can be used to control how the certificates are validated (see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details)." +msgstr "" +"для керування способом встановлення чинності сертифікатів (докладніше див. " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry>)." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:101 +msgid "" +"The validation is the benefit of using X.509 certificates instead of SSH " +"keys directly because e.g. it gives a better control of the lifetime of the " +"keys. When the ssh client is configured to use the private keys from a " +"Smartcard with the help of a PKCS#11 shared library (see " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> for details) it might be irritating that authentication is " +"still working even if the related X.509 certificate on the Smartcard is " +"already expired because neither <command>ssh</command> nor <command>sshd</" +"command> will look at the certificate at all." +msgstr "" +"Перевірка чинності є перевагою використання сертифікатів X.509 замість " +"ключів SSH безпосередньо, оскільки, наприклад, це поліпшує можливості " +"керування часом придатності ключів. Якщо клієнт ssh налаштовано не " +"використання закритих ключів з смарткартки за допомогою бібліотеки PKCS#11 " +"спільного використання (див. <citerefentry><refentrytitle>ssh</" +"refentrytitle> <manvolnum>1</manvolnum></citerefentry>, щоб дізнатися " +"більше), може дратувати те, що розпізнавання залишається працездатним, " +"навіть якщо пов'язаний із ним сертифікат X.509 на смарткартці вже втратив " +"чинність, оскільки ні <command>ssh</command>, ні <command>sshd</command> не " +"братимуть сертифікат до уваги взагалі." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:114 +msgid "" +"It has to be noted that the derived public SSH key can still be added to the " +"<filename>authorized_keys</filename> file of the user to bypass the " +"certificate validation if the <command>sshd</command> configuration permits " +"this." +msgstr "" +"Слід зауважити, що похідний відкритий ключ SSH все одно можна додати до " +"файла <filename>authorized_keys</filename> користувача, щоб обійти перевірку " +"чинності сертифіката, якщо налаштування <command>sshd</command> надають " +"змогу це робити." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:132 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"Шукати відкриті ключі користувачів у домені SSSD <replaceable>ДОМЕН</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:102 +msgid "EXIT STATUS" +msgstr "СТАН ВИХОДУ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:104 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" +"У випадку успіху значення стану виходу дорівнює 0. У всіх інших випадках " +"програма повертає 1." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "sss_ssh_knownhostsproxy" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "отримати ключі вузла OpenSSH" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>параметри</replaceable> </arg> <arg " +"choice='plain'><replaceable>ВУЗОЛ</replaceable></arg> <arg " +"choice='opt'><replaceable>КОМАНДА_ПРОКСІ</replaceable></arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and establishes the connection to the host." +msgstr "" +"<command>sss_ssh_knownhostsproxy</command> отримує відкриті ключі вузла SSH " +"для вузла <replaceable>ВУЗОЛ</replaceable>, зберігає їх до нетипового файла " +"OpenSSH known_hosts (щоб дізнатися більше, ознайомтеся з розділом " +"<quote>ФОРМАТ ФАЙЛІВ SSH_KNOWN_HOSTS</quote> сторінки підручника (man) " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry>) за адресою <filename>/var/lib/sss/pubconf/known_hosts</" +"filename> і встановлює з’єднання з вузлом." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" +"Якщо вказано параметр <replaceable>КОМАНДА_ПРОКСІ</replaceable>, замість " +"відкриття сокета для створення з’єднання буде використано відповідну команду." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> можна налаштувати на використання " +"<command>sss_ssh_knownhostsproxy</command> для розпізнавання вузлів за " +"ключами за допомогою таких інструкцій у налаштуваннях " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" +"<option>-p</option>,<option>--port</option> <replaceable>ПОРТ</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" +"Використовувати для встановлення з’єднання з вузлом порт <replaceable>ПОРТ</" +"replaceable>. Типовим портом є порт 22." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" +"Шукати відкриті ключі вузлів у домені SSSD <replaceable>ДОМЕН</replaceable>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:89 +msgid "<option>-k</option>,<option>--pubkey</option>" +msgstr "<option>-k</option>,<option>--pubkey</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:93 +msgid "" +"Print the host ssh public keys for host <replaceable>HOST</replaceable>." +msgstr "Вивести відкриті ключі SSH для вузла <replaceable>HOST</replaceable>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: idmap_sss.8.xml:10 idmap_sss.8.xml:15 +msgid "idmap_sss" +msgstr "idmap_sss" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: idmap_sss.8.xml:16 +msgid "SSSD's idmap_sss Backend for Winbind" +msgstr "Модуль idmap_sss SSSD для Winbind" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:22 +msgid "" +"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. " +"No database is required in this case as the mapping is done by SSSD." +msgstr "" +"Модуль idmap_sss надає змогу викликати SSSD для прив'язки UID/GID і SID. У " +"цьому випадку база даних не потрібна, оскільки прив'язка виконується " +"засобами SSSD." + +#. type: Content of: <reference><refentry><refsect1><title> +#: idmap_sss.8.xml:29 +msgid "IDMAP OPTIONS" +msgstr "ПАРАМЕТРИ IDMAP" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: idmap_sss.8.xml:33 +msgid "range = low - high" +msgstr "діапазон = нижче - вище" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: idmap_sss.8.xml:35 +msgid "" +"Defines the available matching UID and GID range for which the backend is " +"authoritative." +msgstr "" +"Визначає доступний для обробки модулем діапазон відповідності UID і GID." + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:45 +msgid "" +"This example shows how to configure idmap_sss as the default mapping module." +msgstr "" +"У цьому прикладі продемонстровано налаштовування idmap_sss як типового " +"модуля прив'язки." + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: idmap_sss.8.xml:50 +#, no-wrap +msgid "" +"[global]\n" +"security = ads\n" +"workgroup = <AD-DOMAIN-SHORTNAME>\n" +"\n" +"idmap config <AD-DOMAIN-SHORTNAME> : backend = sss\n" +"idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647\n" +"\n" +"idmap config * : backend = tdb\n" +"idmap config * : range = 100000-199999\n" +" " +msgstr "" +"[global]\n" +"security = ads\n" +"workgroup = <AD-DOMAIN-SHORTNAME>\n" +"\n" +"idmap config <AD-DOMAIN-SHORTNAME> : backend = sss\n" +"idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647\n" +"\n" +"idmap config * : backend = tdb\n" +"idmap config * : range = 100000-199999\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:62 +msgid "" +"Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of " +"the AD domain. If multiple AD domains should be used each domain needs an " +"<literal>idmap config</literal> line with <literal>backend = sss</literal> " +"and a line with a suitable <literal>range</literal>." +msgstr "" +"Будь ласка, замініть <AD-DOMAIN-SHORTNAME> на назву домену у NetBIOS " +"домену AD. Якщо має бути використано декілька доменів AD, для кожного домену " +"потрібен рядок <literal>idmap config</literal> із <literal>backend = sss</" +"literal> і рядок із відповідним <literal>range</literal>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:69 +msgid "" +"Since Winbind requires a writeable default backend and idmap_sss is read-" +"only the example includes <literal>backend = tdb</literal> as default." +msgstr "" +"Оскільки для Winbind потрібен придатний до запису типовий модуль, а " +"idmap_sss є придатним лише для читання, до прикладу включено як типовий " +"модуль <literal>backend = tdb</literal>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssctl.8.xml:10 sssctl.8.xml:15 +msgid "sssctl" +msgstr "sssctl" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssctl.8.xml:16 +msgid "SSSD control and status utility" +msgstr "Засіб керування і визначення стану SSSD" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssctl.8.xml:21 +msgid "" +"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" +"<command>sssctl</command> <arg choice='plain'><replaceable>КОМАНДА</" +"replaceable></arg> <arg choice='opt'> <replaceable>параметри</replaceable> </" +"arg>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:32 +msgid "" +"<command>sssctl</command> provides a simple and unified way to obtain " +"information about SSSD status, such as active server, auto-discovered " +"servers, domains and cached objects. In addition, it can manage SSSD data " +"files for troubleshooting in such a way that is safe to manipulate while " +"SSSD is running." +msgstr "" +"<command>sssctl</command> є простим і уніфікованим засобом отримання даних " +"щодо стану SSSD, зокрема активного сервера, серверів автоматичного " +"визначення, доменів і кешованих об'єктів. Крім того, програма здатна " +"керувати файлами даних SSSD для усування вад у такий спосіб, щоб з ними " +"можна було безпечно працювати, доки працює SSSD." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:43 +msgid "" +"To list all available commands run <command>sssctl</command> without any " +"parameters. To print help for selected command run <command>sssctl COMMAND --" +"help</command>." +msgstr "" +"Щоб ознайомитися зі списком усіх доступних команд, віддайте команду " +"<command>sssctl</command> без параметрів. Щоб програма вивела довідкове " +"повідомлення щодо певної команди, віддайте команду <command>sssctl КОМАНДА --" +"help</command>." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-files.5.xml:10 sssd-files.5.xml:16 +msgid "sssd-files" +msgstr "sssd-files" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-files.5.xml:17 +msgid "SSSD files provider" +msgstr "Засіб надання файлів SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:23 +msgid "" +"This manual page describes the files provider for <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"На цій сторінці довідника описано налаштування засобу обробки файлів для " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Щоб дізнатися більше про синтаксис налаштування, зверніться " +"до розділу «ФОРМАТ ФАЙЛА» сторінки довідника <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:36 +msgid "" +"The files provider mirrors the content of the <citerefentry> " +"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files " +"provider is to make the users and groups traditionally only accessible with " +"NSS interfaces also available through the SSSD interfaces such as " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" +"Засіб надання даних файлів створює дзеркальну копію вмісту файлів " +"<citerefentry> <refentrytitle>passwd</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> і <citerefentry> <refentrytitle>group</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. Метою роботи засобу " +"надання даних файлів є забезпечення доступу до даних користувачів і груп, " +"які традиційно доступні за допомогою інтерфейсів NSS, також за допомогою " +"інтерфейсів SSSD, зокрема <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:55 +msgid "" +"Another reason is to provide efficient caching of local users and groups." +msgstr "" +"Іншою причиною може бути потреба у забезпеченні ефективного кешування даних " +"локальних користувачів і груп." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:58 +#, fuzzy +#| msgid "" +#| "Please note that some distributions enable the files domain " +#| "automatically, prepending the domain before any explicitly configured " +#| "domains. See enable_files_domain in <citerefentry> <refentrytitle>sssd." +#| "conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgid "" +"Please note that besides explicit domain definition the files provider can " +"be configured also implicitly using 'enable_files_domain' option. See " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details." +msgstr "" +"Будь ласка, зауважте, що у деяких дистрибутивах домен files увімкнено " +"автоматично, оскільки цей домен додано до будь-якого із явно визначених " +"доменів. Див. enable_files_domain у <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:66 +msgid "" +"SSSD never handles resolution of user/group \"root\". Also resolution of UID/" +"GID 0 is not handled by SSSD. Such requests are passed to next NSS module " +"(usually files)." +msgstr "" +"SSSD ніколи не виконує визначення для користувача або групи «root». Крім " +"того, SSSD не обробляє запити щодо визначення UID/GID 0. Такі запити " +"передаються наступному модулю NSS (зазвичай, files)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:71 +msgid "" +"When SSSD is not running or responding, nss_sss returns the UNAVAIL code " +"which causes the request to be passed to the next module." +msgstr "" +"Якщо SSSD не запущено або програма не відповідає, nss_sss повертає код " +"UNAVAIL, що спричиняє передавання запиту наступному модулю." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:95 +msgid "passwd_files (string)" +msgstr "passwd_files (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:98 +msgid "" +"Comma-separated list of one or multiple password filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" +"Список з однієї чи декількох відокремлених комами назв файлів паролів, які " +"слід прочитати і нумерувати засобу надання даних файлів. Для кожного " +"вказаного файла буде встановлено спостереження за допомогою inotify для " +"динамічного виявлення внесених до нього змін." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:104 +msgid "Default: /etc/passwd" +msgstr "Типове значення: /etc/passwd" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:110 +msgid "group_files (string)" +msgstr "group_files (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:113 +msgid "" +"Comma-separated list of one or multiple group filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" +"Список з однієї чи декількох відокремлених комами назв файлів груп, які слід " +"прочитати і нумерувати засобу надання даних файлів. Для кожного вказаного " +"файла буде встановлено спостереження за допомогою inotify для динамічного " +"виявлення внесених до нього змін." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:119 +msgid "Default: /etc/group" +msgstr "Типове значення: /etc/group" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:125 +msgid "fallback_to_nss (boolean)" +msgstr "fallback_to_nss (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:128 +msgid "" +"While updating the internal data SSSD will return an error and let the " +"client continue with the next NSS module. This helps to avoid delays when " +"using the default system files <filename>/etc/passwd</filename> and " +"<filename>/etc/group</filename> and the NSS configuration has 'sss' before " +"'files' for the 'passwd' and 'group' maps." +msgstr "" +"Під час оновлення внутрішніх даних SSSD поверне повідомлення про помилку і " +"надасть змогу клієнту продовжити роботу з наступним модулем NSS. Це " +"допомагає уникнути затримок при використанні типових файлів системи " +"<filename>/etc/passwd</filename> і <filename>/etc/group</filename>. " +"Налаштування NSS містять «sss» до «files» для прив'язок «passwd» і «group»." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:138 +msgid "" +"If the files provider is configured to monitor other files it makes sense to " +"set this option to 'False' to avoid inconsistent behavior because in general " +"there would be no other NSS module which can be used as a fallback." +msgstr "" +"Якщо надавача даних файлів налаштовано на спостереження за іншими файлами, " +"має сенс встановлення для цього параметра значення False для уникнення " +"несумісної поведінки, оскільки, загалом, не буде іншого модуля NSS, яким " +"можна буде скористатися як резервним." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:79 +msgid "" +"In addition to the options listed below, generic SSSD domain options can be " +"set where applicable. Refer to the section <quote>DOMAIN SECTIONS</quote> " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for details on the configuration of " +"an SSSD domain. But the purpose of the files provider is to expose the same " +"data as the UNIX files, just through the SSSD interfaces. Therefore not all " +"generic domain options are supported. Likewise, some global options, such as " +"overriding the shell in the <quote>nss</quote> section for all domains has " +"no effect on the files domain unless explicitly specified per-domain. " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Окрім параметрів із наведеного нижче списку, можна встановлювати, де це є " +"відповідним, загальні параметри домену SSSD. Зверніться до розділу " +"<quote>РОЗДІЛИ ДОМЕНІВ</quote> сторінки підручника <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, щоб дізнатися більше про налаштовування домені SSSD. Втім, " +"призначенням надавача даних files є надання тих самих даних, які " +"встановлюються для файлів UNIX, просто за допомогою інтерфейсів SSSD. Тому " +"передбачено підтримку не усіх загальних параметрів доменів. Так само, деякі " +"загальні параметри, зокрема перевизначення командної оболонки у розділі " +"<quote>nss</quote> для усіх доменів, ні на що не впливають у домені files, " +"якщо їх не вказано явним чином для окремих доменів. <placeholder " +"type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:157 +msgid "" +"The following example assumes that SSSD is correctly configured and files is " +"one of the domains in the <replaceable>[sssd]</replaceable> section." +msgstr "" +"У наведеному нижче прикладі припускається, що SSSD налаштовано належним " +"чином, а files встановлено на один з доменів з розділу <replaceable>[sssd]</" +"replaceable>." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:163 +#, no-wrap +msgid "" +"[domain/files]\n" +"id_provider = files\n" +msgstr "" +"[domain/files]\n" +"id_provider = files\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:168 +msgid "" +"To leverage caching of local users and groups by SSSD nss_sss module must be " +"listed before nss_files module in /etc/nsswitch.conf." +msgstr "" +"Для балансування кешування даних локальних користувачів та груп у SSSD " +"модуль nss_sss має перебувати у списку файла /etc/nsswitch.conf вище за " +"модуль nss_files." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:174 +#, no-wrap +msgid "" +"passwd: sss files\n" +"group: sss files\n" +msgstr "" +"passwd: sss files\n" +"group: sss files\n" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16 +msgid "sssd-session-recording" +msgstr "sssd-session-recording" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-session-recording.5.xml:17 +msgid "Configuring session recording with SSSD" +msgstr "Налаштовування записів сеансів за допомогою SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to " +"implement user session recording on text terminals. For a detailed " +"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> " +"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" +"На цій сторінці підручника описано налаштовування <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"на роботу з <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, частиною пакунка tlog, для " +"реалізації записування сеансів користувачів у текстових терміналах. " +"Докладний довідник щодо синтаксису налаштувань можна знайти у розділі " +"<quote>ФОРМАТ ФАЙЛА</quote> сторінки підручника з <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:41 +msgid "" +"SSSD can be set up to enable recording of everything specific users see or " +"type during their sessions on text terminals. E.g. when users log in on the " +"console, or via SSH. SSSD itself doesn't record anything, but makes sure " +"tlog-rec-session is started upon user login, so it can record according to " +"its configuration." +msgstr "" +"SSSD можна налаштувати так, щоб уможливити запис усіх даних, які бачать або " +"вводять протягом сеансу у текстових терміналах вказані користувачі. " +"Наприклад, можна записувати дані щодо входу користувачів за допомогою " +"консолі або SSH. Сама SSSD нічого не записує, а лише забезпечує запуск tlog-" +"rec-session під час входу до системи користувача, щоб можна було здійснювати " +"запис відповідно до налаштувань." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:48 +msgid "" +"For users with session recording enabled, SSSD replaces the user shell with " +"tlog-rec-session in NSS responses, and adds a variable specifying the " +"original shell to the user environment, upon PAM session setup. This way " +"tlog-rec-session can be started in place of the user shell, and know which " +"actual shell to start, once it set up the recording." +msgstr "" +"Для користувачів, для яких увімкнено запис сеансів, SSSD замінює командну " +"оболонку користувача на tlog-rec-session у відповідях NSS і додає змінну, " +"яка вказує на початкову командну оболонку до середовища користувача у " +"налаштування сеансу PAM. Таким чином забезпечується запуск tlog-rec-session " +"замість командної оболонки користувача і надання даних про те, яку командну " +"оболонку слід запустити, щойно розпочнеться записування." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:60 +msgid "These options can be used to configure the session recording." +msgstr "Цими параметрами можна скористатися для налаштовування запису сеансів." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:178 +msgid "" +"The following snippet of sssd.conf enables session recording for users " +"\"contractor1\" and \"contractor2\", and group \"students\"." +msgstr "" +"У наведеному нижче фрагменті файла sssd.conf увімкнено запис сеансів для " +"користувачів contractor1 і contractor2» та групи students." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-session-recording.5.xml:183 +#, no-wrap +msgid "" +"[session_recording]\n" +"scope = some\n" +"users = contractor1, contractor2\n" +"groups = students\n" +msgstr "" +"[session_recording]\n" +"scope = some\n" +"users = contractor1, contractor2\n" +"groups = students\n" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16 +msgid "sssd-kcm" +msgstr "sssd-kcm" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-kcm.8.xml:17 +msgid "SSSD Kerberos Cache Manager" +msgstr "Керування кешем Kerberos SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:23 +msgid "" +"This manual page describes the configuration of the SSSD Kerberos Cache " +"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos " +"credential caches. It originates in the Heimdal Kerberos project, although " +"the MIT Kerberos library also provides client side (more details on that " +"below) support for the KCM credential cache." +msgstr "" +"На цій сторінці підручника описано налаштування засобу керування кешем " +"Kerberos SSSD (Kerberos Cache Manager або KCM). KCM є процесом, який " +"зберігає, стежить і керує кешем реєстраційних даних Kerberos. Ідея створення " +"засобу походить із проєкту Heimdal Kerberos, хоча у бібліотеці Kerberos MIT " +"також надається підтримка з боку клієнта для кешу реєстраційних даних KCM " +"(докладніше про це нижче)." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:31 +msgid "" +"In a setup where Kerberos caches are managed by KCM, the Kerberos library " +"(typically used through an application, like e.g., <citerefentry> " +"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </" +"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is " +"being referred to as a <quote>\"KCM server\"</quote>. The client and server " +"communicate over a UNIX socket." +msgstr "" +"У конфігураціях, де кешем Kerberos керує KCM, бібліотека Kerberos (типово " +"використовується за допомогою якоїсь програми, наприклад <citerefentry> " +"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </" +"citerefentry>) є <quote>клієнтом KCM</quote>, а фонова служба KCM вважається " +"<quote>сервером KCM</quote>. Клієнт і сервер обмінюються даними за допомогою " +"сокета UNIX." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:42 +msgid "" +"The KCM server keeps track of each credential caches's owner and performs " +"access check control based on the UID and GID of the KCM client. The root " +"user has access to all credential caches." +msgstr "" +"Сервер KCM стежити за кожним власником кешу реєстраційних даних і виконує " +"перевірку прав доступу на основі UID і GID клієнта KCM. Користувач root має " +"доступ до усіх кешів реєстраційних даних." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:47 +msgid "The KCM credential cache has several interesting properties:" +msgstr "Кеш реєстраційних даних KCM має декілька цікавих властивостей:" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:51 +msgid "" +"since the process runs in userspace, it is subject to UID namespacing, " +"unlike the kernel keyring" +msgstr "" +"оскільки процес виконується у просторі користувача, він підлягає обмеженням " +"за простором назв UID, на відміну від набору ключів ядра" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:56 +msgid "" +"unlike the kernel keyring-based cache, which is shared between all " +"containers, the KCM server is a separate process whose entry point is a UNIX " +"socket" +msgstr "" +"на відміну від кешу на основі наборів ключів ядра, який є спільним для усіх " +"контейнерів, сервер KCM є окремим процесом, чия точка входу є сокетом UNIX" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:61 +msgid "" +"the SSSD implementation stores the ccaches in a database, typically located " +"at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to " +"survive KCM server restarts or machine reboots." +msgstr "" +"реалізація у SSSD зберігає дані ccache у базі даних, файл якої типово " +"називається <replaceable>/var/lib/sss/secrets</replaceable>. За допомогою " +"цього файла ccache зберігаються протягом періодів перезапуску сервера KCM " +"або перезавантаження комп'ютера." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:67 +msgid "" +"This allows the system to use a collection-aware credential cache, yet share " +"the credential cache between some or no containers by bind-mounting the " +"socket." +msgstr "" +"Це надає змогу системі використовувати кеш реєстраційних даних із " +"врахуванням збірок, одночасно надаючи спільний доступ до кешу реєстраційних " +"даних для декількох контейнерів або без контейнерів взагалі шляхом " +"прив'язування-монтування сокета." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:72 +msgid "" +"The KCM default client idle timeout is 5 minutes, this allows more time for " +"user interaction with command line tools such as kinit." +msgstr "" +"Час очікування на дії типового клієнта KCM дорівнює 5 хвилин, таке значення " +"надає більшу часу на взаємодію користувача із інструментами командного " +"рядка, зокрема kinit." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:78 +msgid "USING THE KCM CREDENTIAL CACHE" +msgstr "КОРИСТУВАННЯ КЕШЕМ РЕЄСТРАЦІЙНИХ ДАНИХ KCM" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:88 +#, no-wrap +msgid "" +"[libdefaults]\n" +" default_ccache_name = KCM:\n" +" " +msgstr "" +"[libdefaults]\n" +" default_ccache_name = KCM:\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:80 +msgid "" +"In order to use KCM credential cache, it must be selected as the default " +"credential type in <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials " +"cache name must be only <quote>KCM:</quote> without any template " +"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Для використання кешу реєстраційних даних KCM його слід вибрати стандартним " +"типом реєстраційних даних у <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>. Назвою кешу " +"реєстраційних даних має бути лише <quote>KCM:</quote> без будь-яких " +"розширень шаблонами. Приклад: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:93 +msgid "" +"Next, make sure the Kerberos client libraries and the KCM server must agree " +"on the UNIX socket path. By default, both use the same path <replaceable>/" +"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos " +"library, change its <quote>kcm_socket</quote> option which is described in " +"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" +"Далі, слід визначити однаковий шлях до сокета UNIX для клієнтських бібліотек " +"Kerberos і сервера KCM. Типово, у обох випадках використовується однаковий " +"шлях <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>. Для " +"налаштовування бібліотеки Kerberos змініть значення її параметра " +"<quote>kcm_socket</quote>, як це описано на сторінці підручника " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:115 +#, no-wrap +msgid "" +"systemctl start sssd-kcm.socket\n" +"systemctl enable sssd-kcm.socket\n" +" " +msgstr "" +"systemctl start sssd-kcm.socket\n" +"systemctl enable sssd-kcm.socket\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:104 +msgid "" +"Finally, make sure the SSSD KCM server can be contacted. The KCM service is " +"typically socket-activated by <citerefentry> <refentrytitle>systemd</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD " +"services, it cannot be started by adding the <quote>kcm</quote> string to " +"the <quote>service</quote> directive. <placeholder type=\"programlisting\" " +"id=\"0\"/> Please note your distribution may already configure the units for " +"you." +msgstr "" +"Нарешті, переконайтеся, що з сервером KCM SSSD можна встановити зв'язок. " +"Типово, служба KCM вмикається за допомогою сокета з <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry>. На відміну від інших служб SSSD, її не можна запустити " +"додаванням рядка <quote>kcm</quote> до інструкції <quote>service</quote>. " +"<placeholder type=\"programlisting\" id=\"0\"/> Будь ласка, зауважте, що " +"відповідні налаштування модулів вже могло бути виконано засобами вашого " +"дистрибутива." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:124 +msgid "THE CREDENTIAL CACHE STORAGE" +msgstr "СХОВИЩЕ КЕШУ РЕЄСТРАЦІЙНИХ ДАНИХ" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:126 +msgid "" +"The credential caches are stored in a database, much like SSSD caches user " +"or group entries. The database is typically located at <quote>/var/lib/sss/" +"secrets</quote>." +msgstr "" +"Кеші реєстраційних даних зберігаються у базі даних, дуже подібно до кешів " +"записів користувачів і груп SSSD. Типово, база даних зберігається у <quote>/" +"var/lib/sss/secrets</quote>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:133 +msgid "OBTAINING DEBUG LOGS" +msgstr "ОТРИМАННЯ ДІАГНОСТИЧНОГО ЖУРНАЛУ" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:144 +#, no-wrap +msgid "" +"[kcm]\n" +"debug_level = 10\n" +" " +msgstr "" +"[kcm]\n" +"debug_level = 10\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:149 sssd-kcm.8.xml:211 +#, no-wrap +msgid "" +"systemctl restart sssd-kcm.service\n" +" " +msgstr "" +"systemctl restart sssd-kcm.service\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:135 +msgid "" +"The sssd-kcm service is typically socket-activated <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry>. To generate debug logs, add the following either to the " +"<filename>/etc/sssd/sssd.conf</filename> file directly or as a configuration " +"snippet to <filename>/etc/sssd/conf.d/</filename> directory: <placeholder " +"type=\"programlisting\" id=\"0\"/> Then, restart the sssd-kcm service: " +"<placeholder type=\"programlisting\" id=\"1\"/> Finally, run whatever use-" +"case doesn't work for you. The KCM logs will be generated at <filename>/var/" +"log/sssd/sssd_kcm.log</filename>. It is recommended to disable the debug " +"logs when you no longer need the debugging to be enabled as the sssd-kcm " +"service can generate quite a large amount of debugging information." +msgstr "" +"Типово, служба sssd-kcm активує крізь сокет <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry>. Для створення діагностичних журналів додайте вказані нижче " +"рядки або безпосередньо до файла <filename>/etc/sssd/sssd.conf</filename>, " +"або як фрагмент налаштувань до каталогу <filename>/etc/sssd/conf.d/</" +"filename>: <placeholder type=\"programlisting\" id=\"0\"/> Далі, " +"перезапустіть службу sssd-kcm: <placeholder type=\"programlisting\" id=\"1\"/" +"> Нарешті, виконайте дії, які не призводять до бажаних для вас наслідків. " +"Журнал KCM буде записано до <filename>/var/log/sssd/sssd_kcm.log</filename>. " +"Рекомендуємо вимкнути ведення діагностичного журналу, якщо вам не потрібні " +"діагностичні дані, оскільки служба sssd-kcm може породжувати доволі великий " +"обсяг діагностичних даних." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:159 +msgid "" +"Please note that configuration snippets are, at the moment, only processed " +"if the main configuration file at <filename>/etc/sssd/sssd.conf</filename> " +"exists at all." +msgstr "" +"Будь ласка, зауважте, що у поточній версії фрагменти налаштувань буде " +"оброблено, лише якщо взагалі існує основний файл налаштувань <filename>/etc/" +"sssd/sssd.conf</filename>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:166 +msgid "RENEWALS" +msgstr "ПОНОВЛЕННЯ" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:174 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"krb5_renew_interval = 60m\n" +" " +msgstr "" +"tgt_renewal = true\n" +"krb5_renew_interval = 60m\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:168 +msgid "" +"The sssd-kcm service can be configured to attempt TGT renewal for renewable " +"TGTs stored in the KCM ccache. Renewals are only attempted when half of the " +"ticket lifetime has been reached. KCM Renewals are configured when the " +"following options are set in the [kcm] section: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Службу sssd-kcm можна налаштувати на спробу поновлення TGT для поновлюваних " +"TGT, які зберігаються у ccache KCM. Спроби поновлення виконуватимуться при " +"досягненні половини строку дії квитка. Поновлення KCM налаштовуються при " +"встановленні таких параметрів у розділі [kcm]: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:179 +msgid "" +"SSSD can also inherit krb5 options for renewals from an existing domain." +msgstr "" +"Крім того, SSSD може успадковувати параметри krb5 для поновлень з наявного " +"домену." + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: sssd-kcm.8.xml:183 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"tgt_renewal_inherit = domain-name\n" +" " +msgstr "" +"tgt_renewal = true\n" +"tgt_renewal_inherit = domain-name\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:191 +#, no-wrap +msgid "" +"krb5_renew_interval\n" +"krb5_renewable_lifetime\n" +"krb5_lifetime\n" +"krb5_validate\n" +"krb5_canonicalize\n" +"krb5_auth_timeout\n" +" " +msgstr "" +"krb5_renew_interval\n" +"krb5_renewable_lifetime\n" +"krb5_lifetime\n" +"krb5_validate\n" +"krb5_canonicalize\n" +"krb5_auth_timeout\n" +" " + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:187 +msgid "" +"The following krb5 options can be configured in the [kcm] section to control " +"renewal behavior, these options are described in detail below <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Вказані нижче параметри krb5 можна налаштувати у розділі [kcm] для керування " +"поведінкою під час поновлення. Ці параметри докладно описано нижче " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:204 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> section of the sssd." +"conf file. Please note that because the KCM service is typically socket-" +"activated, it is enough to just restart the <quote>sssd-kcm</quote> service " +"after changing options in the <quote>kcm</quote> section of sssd.conf: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Налаштовування служби KCM виконується за допомогою розділу <quote>kcm</" +"quote> файла sssd.conf. Будь ласка, зауважте, що оскільки активація служби " +"KCM, зазвичай, відбувається за допомогою сокетів, після внесення змін до " +"розділу <quote>kcm</quote> файла sssd.conf достатньо перезапустити службу " +"<quote>sssd-kcm</quote>: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:215 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> For a detailed " +"syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" +"Налаштування служби KCM виконують за допомогою <quote>kcm</quote>. Докладний " +"опис синтаксичних конструкцій налаштувань наведено у розділі <quote>ФОРМАТ " +"ФАЙЛА</quote> сторінки підручника щодо <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:223 +msgid "" +"The generic SSSD service options such as <quote>debug_level</quote> or " +"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for a complete list. In addition, " +"there are some KCM-specific options as well." +msgstr "" +"Службі kcm можна передавати типові параметри служби SSSD, зокрема " +"<quote>debug_level</quote> та <quote>fd_limit</quote> Із повним списком " +"параметрів можна ознайомитися на сторінці підручника <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>. Крім того, передбачено декілька специфічних для KCM " +"параметрів." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:234 +msgid "socket_path (string)" +msgstr "socket_path (рядок)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:237 +msgid "The socket the KCM service will listen on." +msgstr "Сокет, на якому очікуватиме на з'єднання служба KCM." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:240 +msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" +msgstr "" +"Типове значення: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:243 +msgid "" +"<phrase condition=\"have_systemd\"> Note: on platforms where systemd is " +"supported, the socket path is overwritten by the one defined in the sssd-kcm." +"socket unit file. </phrase>" +msgstr "" +"<phrase condition=\"have_systemd\"> Зауваження: на платформах, де " +"передбачено підтримку systemd, шлях до сокета буде перезаписано шляхом, який " +"визначено у файлі модуля sssd-kcm.socket. </phrase>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:252 +msgid "max_ccaches (integer)" +msgstr "max_ccaches (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:255 +msgid "How many credential caches does the KCM database allow for all users." +msgstr "" +"Скільки кешів реєстраційних може мати даних база даних KCM для усіх " +"користувачів." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:259 +msgid "Default: 0 (unlimited, only the per-UID quota is enforced)" +msgstr "" +"Типове значення: 0 (без обмежень, застосовується лише квота на кількість " +"кешів на UID)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:264 +msgid "max_uid_ccaches (integer)" +msgstr "max_uid_ccaches (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:267 +msgid "" +"How many credential caches does the KCM database allow per UID. This is " +"equivalent to <quote>with how many principals you can kinit</quote>." +msgstr "" +"Скільки кешів реєстраційних може мати даних база даних KCM для окремого UID. " +"Еквівалент значення <quote>кількість реєстраційних даних, які можна " +"ініціювати за допомогою kinit</quote>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:272 +msgid "Default: 64" +msgstr "Типове значення: 64" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:277 +msgid "max_ccache_size (integer)" +msgstr "max_ccache_size (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:280 +msgid "" +"How big can a credential cache be per ccache. Each service ticket accounts " +"into this quota." +msgstr "" +"Наскільки великим може бути кеш реєстраційних даних окремого ccache. Ця " +"квота обчислюється для усіх квитків служб разом." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:284 +msgid "Default: 65536" +msgstr "Типове значення: 65536" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:289 +msgid "tgt_renewal (bool)" +msgstr "tgt_renewal (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:292 +msgid "Enables TGT renewals functionality." +msgstr "Вмикає функціональні можливості поновлень TGT." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:295 +msgid "Default: False (Automatic renewals disabled)" +msgstr "Типове значення: False (автоматичні поновлення вимкнено)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:300 +msgid "tgt_renewal_inherit (string)" +msgstr "tgt_renewal_inherit (рядок)" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:303 +msgid "Domain to inherit krb5_* options from, for use with TGT renewals." +msgstr "" +"Домен, з якого слід успадковувати параметри krb5_*, для використання із " +"поновленнями TGT." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:307 +msgid "Default: NULL" +msgstr "Типове значення: NULL" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:318 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>," +msgstr "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>," + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16 +msgid "sssd-systemtap" +msgstr "sssd-systemtap" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-systemtap.5.xml:17 +msgid "SSSD systemtap information" +msgstr "Дані systemtap SSSD" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:23 +msgid "" +"This manual page provides information about the systemtap functionality in " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>." +msgstr "" +"Цю сторінку підручника присвячено функціональним можливостям systemtap у " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:32 +msgid "" +"SystemTap Probe points have been added into various locations in SSSD code " +"to assist in troubleshooting and analyzing performance related issues." +msgstr "" +"Точки зондування SystemTap додано до різноманітних частин коду SSSD, щоб " +"полегшити усування вад та аналіз пов'язаних зі швидкодією проблем." + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:40 +msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/" +msgstr "" +"Зразки скриптів SystemTap зберігаються у каталозі /usr/share/sssd/systemtap/" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:46 +msgid "" +"Probes and miscellaneous functions are defined in /usr/share/systemtap/" +"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp " +"respectively." +msgstr "" +"Зонди і різноманітні функції визначено у /usr/share/systemtap/tapset/sssd." +"stp і /usr/share/systemtap/tapset/sssd_functions.stp, відповідно." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:57 +msgid "PROBE POINTS" +msgstr "ТОЧКИ ЗОНДУВАННЯ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:367 +msgid "" +"The information below lists the probe points and arguments available in the " +"following format:" +msgstr "" +"Дані у наведених нижче списках точок зондування та аргументів записано у " +"такому форматі:" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:64 +msgid "probe $name" +msgstr "зонд $назва" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:67 +msgid "Description of probe point" +msgstr "Опис точки зондування" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:70 +#, no-wrap +msgid "" +"variable1:datatype\n" +"variable2:datatype\n" +"variable3:datatype\n" +"...\n" +" " +msgstr "" +"змінна1:тип даних\n" +"змінна2:тип даних\n" +"змінна3:тип даних\n" +"...\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:80 +msgid "Database Transaction Probes" +msgstr "Зонди операцій із базою даних" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:84 +msgid "probe sssd_transaction_start" +msgstr "зонд sssd_transaction_start" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:87 +msgid "" +"Start of a sysdb transaction, probes the sysdb_transaction_start() function." +msgstr "Розпочати операцію sysdb, зондує функцію sysdb_transaction_start()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118 +#: sssd-systemtap.5.xml:131 +#, no-wrap +msgid "" +"nesting:integer\n" +"probestr:string\n" +" " +msgstr "" +"nesting:ціле число\n" +"probestr:рядок\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:97 +msgid "probe sssd_transaction_cancel" +msgstr "зонд sssd_transaction_cancel" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:100 +msgid "" +"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() " +"function." +msgstr "" +"Скасовування операції sysdb, зондує функцію sysdb_transaction_cancel() ." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:111 +msgid "probe sssd_transaction_commit_before" +msgstr "зонд sssd_transaction_commit_before" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:114 +msgid "Probes the sysdb_transaction_commit_before() function." +msgstr "Зондує функцію sysdb_transaction_commit_before()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:124 +msgid "probe sssd_transaction_commit_after" +msgstr "зонд sssd_transaction_commit_after" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:127 +msgid "Probes the sysdb_transaction_commit_after() function." +msgstr "Зондує функцію sysdb_transaction_commit_after()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:141 +msgid "LDAP Search Probes" +msgstr "Зонди пошуку у LDAP" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:145 +msgid "probe sdap_search_send" +msgstr "зонд sdap_search_send" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:148 +msgid "Probes the sdap_get_generic_ext_send() function." +msgstr "Зондує функцію sdap_get_generic_ext_send()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:152 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"attrs:string\n" +"probestr:string\n" +" " +msgstr "" +"base:рядок\n" +"scope:ціле число\n" +"filter:рядок\n" +"attrs:рядок\n" +"probestr:рядок\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:161 +msgid "probe sdap_search_recv" +msgstr "зонд sdap_search_recv" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:164 +msgid "Probes the sdap_get_generic_ext_recv() function." +msgstr "Зондує функцію sdap_get_generic_ext_recv()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:168 sssd-systemtap.5.xml:222 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"probestr:string\n" +" " +msgstr "" +"base:рядок\n" +"scope:ціле число\n" +"filter:рядок\n" +"probestr:рядок\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:176 +msgid "probe sdap_parse_entry" +msgstr "зонд sdap_parse_entry" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:179 +msgid "" +"Probes the sdap_parse_entry() function. It is called repeatedly with every " +"received attribute." +msgstr "" +"Зондує функцію sdap_parse_entry(). Викликається повторно для кожного " +"отриманого атрибута." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:184 +#, no-wrap +msgid "" +"attr:string\n" +"value:string\n" +" " +msgstr "" +"attr:рядок\n" +"value:рядок\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:190 +msgid "probe sdap_parse_entry_done" +msgstr "probe sdap_parse_entry_done" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:193 +msgid "" +"Probes the sdap_parse_entry() function. It is called when parsing of " +"received object is finished." +msgstr "" +"Зондує функцію sdap_parse_entry(). Викликається після завершення обробки " +"отриманого об'єкта." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:201 +msgid "probe sdap_deref_send" +msgstr "зонд sdap_deref_send" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:204 +msgid "Probes the sdap_deref_search_send() function." +msgstr "Зондує функцію sdap_deref_search_send()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:208 +#, no-wrap +msgid "" +"base_dn:string\n" +"deref_attr:string\n" +"probestr:string\n" +" " +msgstr "" +"base_dn:рядок\n" +"deref_attr:рядок\n" +"probestr:рядок\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:215 +msgid "probe sdap_deref_recv" +msgstr "зонд sdap_deref_recv" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:218 +msgid "Probes the sdap_deref_search_recv() function." +msgstr "Зондує функцію sdap_deref_search_recv()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:234 +msgid "LDAP Account Request Probes" +msgstr "Зонди запитів щодо облікових записів у LDAP" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:238 +msgid "probe sdap_acct_req_send" +msgstr "зонд sdap_acct_req_send" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:241 +msgid "Probes the sdap_acct_req_send() function." +msgstr "Зондує функцію sdap_acct_req_send()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:245 sssd-systemtap.5.xml:260 +#, no-wrap +msgid "" +"entry_type:int\n" +"filter_type:int\n" +"filter_value:string\n" +"extra_value:string\n" +" " +msgstr "" +"entry_type:ціле число\n" +"filter_type:ціле число\n" +"filter_value:рядок\n" +"extra_value:рядок\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:253 +msgid "probe sdap_acct_req_recv" +msgstr "зонд sdap_acct_req_recv" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:256 +msgid "Probes the sdap_acct_req_recv() function." +msgstr "Зондує функцію sdap_acct_req_recv()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:272 +msgid "LDAP User Search Probes" +msgstr "Зонди пошуку користувачів у LDAP" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:276 +msgid "probe sdap_search_user_send" +msgstr "зонд sdap_search_user_send" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:279 +msgid "Probes the sdap_search_user_send() function." +msgstr "Зондує функцію sdap_search_user_send()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:283 sssd-systemtap.5.xml:295 sssd-systemtap.5.xml:307 +#: sssd-systemtap.5.xml:319 +#, no-wrap +msgid "" +"filter:string\n" +" " +msgstr "" +"filter:рядок\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:288 +msgid "probe sdap_search_user_recv" +msgstr "зонд sdap_search_user_recv" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:291 +msgid "Probes the sdap_search_user_recv() function." +msgstr "Зондує функцію sdap_search_user_recv()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:300 +msgid "probe sdap_search_user_save_begin" +msgstr "зонд sdap_search_user_save_begin" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:303 +msgid "Probes the sdap_search_user_save_begin() function." +msgstr "Зондує функцію sdap_search_user_save_begin()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:312 +msgid "probe sdap_search_user_save_end" +msgstr "зонд sdap_search_user_save_end" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:315 +msgid "Probes the sdap_search_user_save_end() function." +msgstr "Зондує функцію sdap_search_user_save_end()." + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:328 +msgid "Data Provider Request Probes" +msgstr "Зонди запитів до постачальника даних" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:332 +msgid "probe dp_req_send" +msgstr "зонд dp_req_send" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:335 +msgid "A Data Provider request is submitted." +msgstr "Подано запит до постачальника даних." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:338 +#, no-wrap +msgid "" +"dp_req_domain:string\n" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +" " +msgstr "" +"dp_req_domain:рядок\n" +"dp_req_name:рядок\n" +"dp_req_target:ціле число\n" +"dp_req_method:ціле число\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:346 +msgid "probe dp_req_done" +msgstr "зонд dp_req_done" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:349 +msgid "A Data Provider request is completed." +msgstr "Завершено виконання запиту до постачальника даних." + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:352 +#, no-wrap +msgid "" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +"dp_ret:int\n" +"dp_errorstr:string\n" +" " +msgstr "" +"dp_req_name:рядок\n" +"dp_req_target:ціле число\n" +"dp_req_method:ціле число\n" +"dp_ret:ціле число\n" +"dp_errorstr:рядок\n" +" " + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:365 +msgid "MISCELLANEOUS FUNCTIONS" +msgstr "РІЗНОМАНІТНІ ФУНКЦІЇ" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:372 +msgid "function acct_req_desc(entry_type)" +msgstr "функція acct_req_desc(entry_type)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:375 +msgid "Convert entry_type to string and return string" +msgstr "Перетворення entry_type на рядок і повернення рядка" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:380 +msgid "" +"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, " +"filter_value, extra_value)" +msgstr "" +"функція sssd_acct_req_probestr(fc_name, entry_type, filter_type, " +"filter_value, extra_value)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:384 +msgid "Create probe string based on filter type" +msgstr "Створення рядка зонду на основі типу фільтрування" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:389 +msgid "function dp_target_str(target)" +msgstr "функція dp_target_str(target)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:392 +msgid "Convert target to string and return string" +msgstr "Перетворення target на рядок і повернення рядка" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:397 +msgid "function dp_method_str(target)" +msgstr "функція dp_method_str(target)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:400 +msgid "Convert method to string and return string" +msgstr "Перетворення методу на рядок і повернення рядка" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:410 +msgid "SAMPLE SYSTEMTAP SCRIPTS" +msgstr "ЗРАЗКИ СКРИПТІВ SYSTEMTAP" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:412 +msgid "" +"Start the SystemTap script (<command>stap /usr/share/sssd/systemtap/<" +"script_name>.stp</command>), then perform an identity operation and the " +"script will collect information from probes." +msgstr "" +"Запустіть скрипт SystemTap (<command>stap /usr/share/sssd/systemtap/<" +"назва_скрипту>.stp</command>), потім виконайте дію із розпізнавання. " +"Скрипт збере дані за допомогою зондів." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:418 +msgid "Provided SystemTap scripts are:" +msgstr "Скриптами SystemTap з пакунка є:" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:422 +msgid "dp_request.stp" +msgstr "dp_request.stp" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:425 +msgid "Monitoring of data provider request performance." +msgstr "Спостереження за швидкодією обробки запитів засобом надання даних." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:430 +msgid "id_perf.stp" +msgstr "id_perf.stp" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:433 +msgid "Monitoring of <command>id</command> command performance." +msgstr "Спостереження за швидкодією виконання команди <command>id</command>." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:439 +msgid "ldap_perf.stp" +msgstr "ldap_perf.stp" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:442 +msgid "Monitoring of LDAP queries." +msgstr "Спостереження за запитами LDAP." + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:447 +msgid "nested_group_perf.stp" +msgstr "nested_group_perf.stp" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:450 +msgid "Performance of nested groups resolving." +msgstr "Швидкодія визначення назв для вкладених груп." + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +msgid "sssd-ldap-attributes" +msgstr "sssd-ldap-attributes" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap-attributes.5.xml:17 +msgid "SSSD LDAP Provider: Mapping Attributes" +msgstr "Засіб надання даних LDAP SSSD: атрибути прив'язування" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap-attributes.5.xml:23 +msgid "" +"This manual page describes the mapping attributes of SSSD LDAP provider " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. Refer to the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " +"for full details about SSSD LDAP provider configuration options." +msgstr "" +"Цю сторінку підручника присвячено опису атрибутів прив'язування засобу " +"надання даних LDAP SSSD <citerefentry> <refentrytitle>sssd-ldap</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. Повний опис " +"параметрів налаштовування засобу надання даних LDAP SSSD наведено на " +"сторінці підручника щодо <citerefentry> <refentrytitle>sssd-ldap</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:38 +msgid "USER ATTRIBUTES" +msgstr "АТРИБУТИ КОРИСТУВАЧА" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:42 +msgid "ldap_user_object_class (string)" +msgstr "ldap_user_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:45 +msgid "The object class of a user entry in LDAP." +msgstr "Клас об’єктів запису користувача у LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:48 +msgid "Default: posixAccount" +msgstr "Типове значення: posixAccount" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:54 +msgid "ldap_user_name (string)" +msgstr "ldap_user_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:57 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "Атрибут LDAP, що відповідає назві облікового запису користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:61 +msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "Типове значення: uid (rfc2307, rfc2307bis і IPA), sAMAccountName (AD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:68 +msgid "ldap_user_uid_number (string)" +msgstr "ldap_user_uid_number (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:71 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "Атрибут LDAP, що відповідає ідентифікатору користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:75 +msgid "Default: uidNumber" +msgstr "Типове значення: uidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:81 +msgid "ldap_user_gid_number (string)" +msgstr "ldap_user_gid_number (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:84 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "Атрибут LDAP, що відповідає ідентифікатору основної групи користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:88 sssd-ldap-attributes.5.xml:698 +msgid "Default: gidNumber" +msgstr "Типове значення: gidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:94 +msgid "ldap_user_primary_group (string)" +msgstr "ldap_user_primary_group (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:97 +msgid "" +"Active Directory primary group attribute for ID-mapping. Note that this " +"attribute should only be set manually if you are running the <quote>ldap</" +"quote> provider with ID mapping." +msgstr "" +"Атрибут основної групи Active Directory для встановлення відповідності " +"ідентифікатора. Зауважте, що цей атрибут слід встановлювати вручну, лише " +"якщо ви користуєтеся засобом надання даних <quote>ldap</quote> з прив'язкою " +"до ідентифікаторів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:103 +msgid "Default: unset (LDAP), primaryGroupID (AD)" +msgstr "Типове значення: unset (LDAP), primaryGroupID (AD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:109 +msgid "ldap_user_gecos (string)" +msgstr "ldap_user_gecos (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:112 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "Атрибут LDAP, що відповідає полю gecos користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:116 +msgid "Default: gecos" +msgstr "Типове значення: gecos" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:122 +msgid "ldap_user_home_directory (string)" +msgstr "ldap_user_home_directory (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:125 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "Атрибут LDAP, що містить назву домашнього каталогу користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:129 +msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)" +msgstr "Типове значення: homeDirectory (LDAP та IPA), unixHomeDirectory (AD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:135 +msgid "ldap_user_shell (string)" +msgstr "ldap_user_shell (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:138 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" +"Атрибут LDAP, що містить шлях до типової командної оболонки користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:142 +msgid "Default: loginShell" +msgstr "Типове значення: loginShell" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:148 +msgid "ldap_user_uuid (string)" +msgstr "ldap_user_uuid (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:151 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта користувача LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:155 sssd-ldap-attributes.5.xml:724 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" +"Типове значення: не встановлено у загальному випадку, objectGUID для AD і " +"ipaUniqueID для IPA" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:162 +msgid "ldap_user_objectsid (string)" +msgstr "ldap_user_objectsid (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:165 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"Атрибут LDAP, що містить objectSID об’єкта користувача LDAP. Зазвичай, " +"потрібен лише для серверів ActiveDirectory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:170 sssd-ldap-attributes.5.xml:739 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" +"Типове значення: objectSid для ActiveDirectory, не встановлено для інших " +"серверів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:177 +msgid "ldap_user_modify_timestamp (string)" +msgstr "ldap_user_modify_timestamp (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:180 sssd-ldap-attributes.5.xml:749 +#: sssd-ldap-attributes.5.xml:872 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" +"Атрибут LDAP, що містить часову позначку останньої зміни батьківського " +"об’єкта." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:184 sssd-ldap-attributes.5.xml:753 +#: sssd-ldap-attributes.5.xml:879 +msgid "Default: modifyTimestamp" +msgstr "Типове значення: modifyTimestamp" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:190 +msgid "ldap_user_shadow_last_change (string)" +msgstr "ldap_user_shadow_last_change (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:193 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" +"У разі використання ldap_pwd_policy=shadow цей параметр містить назву " +"атрибута LDAP, який є відповідником параметра <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (дати останньої зміни пароля)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:203 +msgid "Default: shadowLastChange" +msgstr "Типове значення: shadowLastChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:209 +msgid "ldap_user_shadow_min (string)" +msgstr "ldap_user_shadow_min (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:212 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" +"У разі використання ldap_pwd_policy=shadow цей параметр містить назву " +"атрибута LDAP, який є відповідником параметра <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (мінімального віку пароля)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:221 +msgid "Default: shadowMin" +msgstr "Типове значення: shadowMin" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:227 +msgid "ldap_user_shadow_max (string)" +msgstr "ldap_user_shadow_max (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:230 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" +"У разі використання ldap_pwd_policy=shadow цей параметр містить назву " +"атрибута LDAP, який є відповідником параметра <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (максимального віку пароля)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:239 +msgid "Default: shadowMax" +msgstr "Типове значення: shadowMax" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:245 +msgid "ldap_user_shadow_warning (string)" +msgstr "ldap_user_shadow_warning (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:248 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" +"У разі використання ldap_pwd_policy=shadow цей параметр містить назву " +"атрибута LDAP, який є відповідником параметра <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (проміжку попередження щодо пароля)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:258 +msgid "Default: shadowWarning" +msgstr "Типове значення: shadowWarning" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:264 +msgid "ldap_user_shadow_inactive (string)" +msgstr "ldap_user_shadow_inactive (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:267 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" +"У разі використання ldap_pwd_policy=shadow цей параметр містить назву " +"атрибута LDAP, який є відповідником параметра <citerefentry> " +"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> (тривалості періоду невикористання пароля)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:277 +msgid "Default: shadowInactive" +msgstr "Типове значення: shadowInactive" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:283 +msgid "ldap_user_shadow_expire (string)" +msgstr "ldap_user_shadow_expire (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:286 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" +"У разі використання ldap_pwd_policy=shadow або " +"ldap_account_expire_policy=shadow цей параметр містить назву атрибута LDAP, " +"який є відповідником параметра <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> (дати завершення " +"строку дії пароля)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:296 +msgid "Default: shadowExpire" +msgstr "Типове значення: shadowExpire" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:302 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "ldap_user_krb_last_pwd_change (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:305 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" +"Якщо використано значення ldap_pwd_policy=mit_kerberos, цей параметр містить " +"назву атрибута LDAP, у якому зберігається дата і час останньої зміни пароля " +"у kerberos." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:311 +msgid "Default: krbLastPwdChange" +msgstr "Типове значення: krbLastPwdChange" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:317 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "ldap_user_krb_password_expiration (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:320 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" +"Якщо використано значення ldap_pwd_policy=mit_kerberos, цей параметр містить " +"назву атрибута LDAP, у якому зберігається дата і час завершення строку дії " +"поточного пароля." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:326 +msgid "Default: krbPasswordExpiration" +msgstr "Типове значення: krbPasswordExpiration" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:332 +msgid "ldap_user_ad_account_expires (string)" +msgstr "ldap_user_ad_account_expires (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:335 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" +"Якщо вказано ldap_account_expire_policy=ad, цей параметр містить назву " +"атрибута LDAP, у якому зберігаються дані щодо строку завершення дії " +"облікового запису." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:340 +msgid "Default: accountExpires" +msgstr "Типове значення: accountExpires" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:346 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "ldap_user_ad_user_account_control (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:349 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" +"Якщо вказано ldap_account_expire_policy=ad, цей параметр містить назву " +"атрибута LDAP, у якому зберігаються дані щодо поля контрольного біта " +"облікового запису користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:354 +msgid "Default: userAccountControl" +msgstr "Типове значення: userAccountControl" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:360 +msgid "ldap_ns_account_lock (string)" +msgstr "ldap_ns_account_lock (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:363 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" +"Якщо вказано ldap_account_expire_policy=rhds або еквівалентне налаштування, " +"цей параметр визначає, заборонено чи дозволено доступ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:368 +msgid "Default: nsAccountLock" +msgstr "Типове значення: nsAccountLock" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:374 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "ldap_user_nds_login_disabled (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:377 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" +"Якщо вказано ldap_account_expire_policy=nds, цей атрибут визначає, дозволено " +"чи заборонено доступ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:381 sssd-ldap-attributes.5.xml:395 +msgid "Default: loginDisabled" +msgstr "Типове значення: loginDisabled" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:387 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "ldap_user_nds_login_expiration_time (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:390 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" +"Якщо вказано ldap_account_expire_policy=nds, цей атрибут визначає дату, до " +"якої надано доступ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:401 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "ldap_user_nds_login_allowed_time_map (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:404 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" +"Якщо вказано ldap_account_expire_policy=nds, цей атрибут визначає годити дня " +"тижня, коли надається доступ." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:409 +msgid "Default: loginAllowedTimeMap" +msgstr "Типове значення: loginAllowedTimeMap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:415 +msgid "ldap_user_principal (string)" +msgstr "ldap_user_principal (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:418 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" +"Атрибут LDAP, що містить Kerberos User Principal Name (UPN) користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:422 +msgid "Default: krbPrincipalName" +msgstr "Типове значення: krbPrincipalName" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:428 +msgid "ldap_user_extra_attrs (string)" +msgstr "ldap_user_extra_attrs (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:431 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" +"Відокремлений комами список атрибутів LDAP, які SSSD має отримувати разом зі " +"звичайним набором атрибутів запису користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:436 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" +"Список може або містити лише назви атрибутів LDAP, або відокремлені " +"двокрапками кортежі з назви атрибута кешу SSSD та назви атрибута LDAP. Якщо " +"вказано лише назву атрибута LDAP, атрибут зберігається до кешу буквально. " +"Використання нетипової назви атрибута SSSD може бути потрібним середовищам, " +"де налаштовано декілька доменів SSSD з різними схемами LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:446 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" +"Будь ласка, зауважте, що декілька назв атрибутів зарезервовано SSSD, зокрема " +"атрибут «name». SSSD повідомить про помилку, якщо будь-які із зарезервованих " +"назв атрибутів використано як назву додаткового атрибута." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:456 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "ldap_user_extra_attrs = telephoneNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:459 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" +"Зберегти атрибут «telephoneNumber» з LDAP як «telephoneNumber» до кешу." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:463 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "ldap_user_extra_attrs = phone:telephoneNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:466 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "Зберегти атрибут «telephoneNumber» з LDAP як «phone» до кешу." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:476 +msgid "ldap_user_ssh_public_key (string)" +msgstr "ldap_user_ssh_public_key (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:479 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "Атрибут LDAP, який містить відкриті ключі SSH користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:483 sssd-ldap-attributes.5.xml:963 +msgid "Default: sshPublicKey" +msgstr "Типове значення: sshPublicKey" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:489 +msgid "ldap_user_fullname (string)" +msgstr "ldap_user_fullname (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:492 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "Атрибут LDAP, що відповідає повному імені користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:502 +msgid "ldap_user_member_of (string)" +msgstr "ldap_user_member_of (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:505 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "Атрибут LDAP зі списком груп, у яких бере участь користувач." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:509 sssd-ldap-attributes.5.xml:950 +msgid "Default: memberOf" +msgstr "Типове значення: memberOf" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:515 +msgid "ldap_user_authorized_service (string)" +msgstr "ldap_user_authorized_service (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:518 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" +"Якщо access_provider=ldap і ldap_access_order=authorized_service, SSSD " +"використовуватиме наявність атрибута authorizedService у записі користувача " +"LDAP для визначення прав доступу." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:525 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" +"Спочатку визначаються явні заборони (!svc). Далі SSSD шукає явні дозволи " +"(svc) і нарешті загальні дозволи або allow_all (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:530 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" +"Будь ласка, зауважте, що параметр налаштування ldap_access_order " +"<emphasis>має</emphasis> включати <quote>authorized_service</quote>, щоб " +"система змогла скористатися параметром ldap_user_authorized_service." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:537 +msgid "" +"Some distributions (such as Fedora-29+ or RHEL-8) always include the " +"<quote>systemd-user</quote> PAM service as part of the login process. " +"Therefore when using service-based access control, the <quote>systemd-user</" +"quote> service might need to be added to the list of allowed services." +msgstr "" +"У деяких дистрибутивах (зокрема у Fedora-29+ або RHEL-8) службу PAM " +"<quote>systemd-user</quote> завжди включено до процедури входу до системи. " +"Тому при використанні керування доступом на основі даних служб варто " +"додавати службу <quote>systemd-user</quote> до списку дозволених служб." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:545 +msgid "Default: authorizedService" +msgstr "Типове значення: authorizedService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:551 +msgid "ldap_user_authorized_host (string)" +msgstr "ldap_user_authorized_host (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:554 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" +"Якщо access_provider=ldap і ldap_access_order=host, SSSD використовуватиме " +"наявність атрибута host у записі користувача LDAP для визначення прав " +"доступу." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:560 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" +"Спочатку визначаються явні заборони (!host). Далі SSSD шукає явні дозволи " +"(host) і нарешті загальні дозволи або allow_all (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:565 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" +"Будь ласка, зауважте, що параметр налаштування ldap_access_order " +"<emphasis>має</emphasis> включати <quote>host</quote>, щоб можна було " +"скористатися параметром ldap_user_authorized_host." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:572 +msgid "Default: host" +msgstr "Типове значення: host" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:578 +msgid "ldap_user_authorized_rhost (string)" +msgstr "ldap_user_authorized_rhost (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:581 +msgid "" +"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the " +"presence of the rhost attribute in the user's LDAP entry to determine access " +"privilege. Similarly to host verification process." +msgstr "" +"Якщо access_provider=ldap і ldap_access_order=rhost, SSSD використовуватиме " +"наявність атрибута rhost у записі користувача LDAP для визначення прав " +"доступу. Те саме стосується і процесу перевірки вузла." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:588 +msgid "" +"An explicit deny (!rhost) is resolved first. Second, SSSD searches for " +"explicit allow (rhost) and finally for allow_all (*)." +msgstr "" +"Спочатку визначаються явні заборони (!rhost). Далі SSSD шукає явні дозволи " +"(rhost) і нарешті загальні дозволи або allow_all (*)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:593 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>rhost</quote> in order for the " +"ldap_user_authorized_rhost option to work." +msgstr "" +"Будь ласка, зауважте, що параметр налаштування ldap_access_order " +"<emphasis>має</emphasis> включати <quote>rhost</quote>, щоб можна було " +"скористатися параметром ldap_user_authorized_rhost." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:600 +msgid "Default: rhost" +msgstr "Типове значення: rhost" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:606 +msgid "ldap_user_certificate (string)" +msgstr "ldap_user_certificate (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:609 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "Назва атрибута LDAP, що містить сертифікат X509 користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:613 +msgid "Default: userCertificate;binary" +msgstr "Типове значення: userCertificate;binary" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:619 +msgid "ldap_user_email (string)" +msgstr "ldap_user_email (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:622 +msgid "Name of the LDAP attribute containing the email address of the user." +msgstr "" +"Назва атрибута LDAP, який містить адресу електронної пошти користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:626 +msgid "" +"Note: If an email address of a user conflicts with an email address or fully " +"qualified name of another user, then SSSD will not be able to serve those " +"users properly. If for some reason several users need to share the same " +"email address then set this option to a nonexistent attribute name in order " +"to disable user lookup/login by email." +msgstr "" +"Зауваження: якщо адреса електронної пошти користувача конфліктує із адресою " +"електронної пошти або повним ім'ям іншого користувача, SSSD не зможе " +"обслуговувати належним чином записи таких користувачів. Якщо з якоїсь " +"причини у декількох користувачів має бути одна адреса електронної пошти, " +"встановіть для цього параметра довільну назву атрибута, щоб вимкнути пошук і " +"вхід до системи за адресою електронної пошти." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:635 +msgid "Default: mail" +msgstr "Типове значення: mail" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:640 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ldap_user_passkey (string)" +msgstr "ldap_user_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:643 +#, fuzzy +#| msgid "Name of the LDAP attribute containing the email address of the user." +msgid "" +"Name of the LDAP attribute containing the passkey mapping data of the user." +msgstr "" +"Назва атрибута LDAP, який містить адресу електронної пошти користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:647 +msgid "Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:657 +msgid "GROUP ATTRIBUTES" +msgstr "АТРИБУТИ ГРУПИ" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:661 +msgid "ldap_group_object_class (string)" +msgstr "ldap_group_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:664 +msgid "The object class of a group entry in LDAP." +msgstr "Клас об’єктів запису групи у LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:667 +msgid "Default: posixGroup" +msgstr "Типове значення: posixGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:673 +msgid "ldap_group_name (string)" +msgstr "ldap_group_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:676 +msgid "" +"The LDAP attribute that corresponds to the group name. In an environment " +"with nested groups, this value must be an LDAP attribute which has a unique " +"name for every group. This requirement includes non-POSIX groups in the tree " +"of nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:684 +msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "Типове значення: cn (rfc2307, rfc2307bis і IPA), sAMAccountName (AD)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:691 +msgid "ldap_group_gid_number (string)" +msgstr "ldap_group_gid_number (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:694 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "Атрибут LDAP, що відповідає ідентифікатору групи." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:704 +msgid "ldap_group_member (string)" +msgstr "ldap_group_member (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:707 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "Атрибут LDAP, у якому містяться імена учасників групи." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:711 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "Типове значення: memberuid (rfc2307) / member (rfc2307bis)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:717 +msgid "ldap_group_uuid (string)" +msgstr "ldap_group_uuid (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:720 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта групи LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:731 +msgid "ldap_group_objectsid (string)" +msgstr "ldap_group_objectsid (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:734 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" +"Атрибут LDAP, що містить objectSID об’єкта групи LDAP. Зазвичай, потрібен " +"лише для серверів ActiveDirectory." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:746 +msgid "ldap_group_modify_timestamp (string)" +msgstr "ldap_group_modify_timestamp (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:759 +msgid "ldap_group_type (string)" +msgstr "ldap_group_type (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:762 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" +"Атрибут LDAP, що містить ціле значення і позначає тип групи, а також, " +"можливо, інші прапорці." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:767 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" +"Цей атрибут у поточній версії використовується лише засобом надання даних AD " +"для визначення, чи є група локальною групою домену і чи має бути її " +"відфільтровано у списку надійних (довірених) доменів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:773 +msgid "Default: groupType in the AD provider, otherwise not set" +msgstr "" +"Типове значення: groupType у засобі надання даних AD, у інших засобах не " +"встановлено" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:780 +msgid "ldap_group_external_member (string)" +msgstr "ldap_group_external_member (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:783 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" +"Атрибут LDAP, який посилається на записи учасників групи, які визначено у " +"зовнішньому домені. У поточній версії передбачено підтримку лише зовнішніх " +"записів учасників IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:789 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" +"Типове значення: ipaExternalMember у засобі надання даних IPA, у інших " +"засобах не визначено." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:799 +msgid "NETGROUP ATTRIBUTES" +msgstr "АТРИБУТИ МЕРЕЖЕВОЇ ГРУПИ" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:803 +msgid "ldap_netgroup_object_class (string)" +msgstr "ldap_netgroup_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:806 +msgid "The object class of a netgroup entry in LDAP." +msgstr "Клас об’єктів запису мережевої групи (netgroup) у LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:809 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "У надавачі даних IPA має бути використано ipa_netgroup_object_class." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:813 +msgid "Default: nisNetgroup" +msgstr "Типове значення: nisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:819 +msgid "ldap_netgroup_name (string)" +msgstr "ldap_netgroup_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:822 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "Атрибут LDAP, що відповідає назві мережевої групи (netgroup)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:826 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "У надавачі даних IPA має бути використано ipa_netgroup_name." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:836 +msgid "ldap_netgroup_member (string)" +msgstr "ldap_netgroup_member (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:839 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" +"Атрибут LDAP, у якому містяться імена учасників мережевої групи (netgroup)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:843 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "У надавачі даних IPA має бути використано ipa_netgroup_member." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:847 +msgid "Default: memberNisNetgroup" +msgstr "Типове значення: memberNisNetgroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:853 +msgid "ldap_netgroup_triple (string)" +msgstr "ldap_netgroup_triple (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:856 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" +"Атрибут LDAP, що містить трійки мережевої групи (вузол, користувач, домен)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:860 sssd-ldap-attributes.5.xml:876 +msgid "This option is not available in IPA provider." +msgstr "Цим параметром не можна скористатися у надавачі даних IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:863 +msgid "Default: nisNetgroupTriple" +msgstr "Типове значення: nisNetgroupTriple" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:869 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "ldap_netgroup_modify_timestamp (рядок)" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:888 +msgid "HOST ATTRIBUTES" +msgstr "АТРИБУТИ ВУЗЛА" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:892 +msgid "ldap_host_object_class (string)" +msgstr "ldap_host_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:895 +msgid "The object class of a host entry in LDAP." +msgstr "Клас об’єктів запису вузла у LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:898 sssd-ldap-attributes.5.xml:995 +msgid "Default: ipService" +msgstr "Типове значення: ipService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:904 +msgid "ldap_host_name (string)" +msgstr "ldap_host_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:907 sssd-ldap-attributes.5.xml:933 +msgid "The LDAP attribute that corresponds to the host's name." +msgstr "Атрибут LDAP, що відповідає назві вузла." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:917 +msgid "ldap_host_fqdn (string)" +msgstr "ldap_host_fqdn (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:920 +msgid "" +"The LDAP attribute that corresponds to the host's fully-qualified domain " +"name." +msgstr "Атрибут LDAP, що відповідає повній назві вузла." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:924 +msgid "Default: fqdn" +msgstr "Типове значення: fqdn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:930 +msgid "ldap_host_serverhostname (string)" +msgstr "ldap_host_serverhostname (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:937 +msgid "Default: serverHostname" +msgstr "Типове значення: serverHostname" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:943 +msgid "ldap_host_member_of (string)" +msgstr "ldap_host_member_of (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:946 +msgid "The LDAP attribute that lists the host's group memberships." +msgstr "Атрибут LDAP зі списком груп, у яких бере участь вузол." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:956 +msgid "ldap_host_ssh_public_key (string)" +msgstr "ldap_host_ssh_public_key (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:959 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "Атрибут LDAP, який містить відкриті ключі SSH вузла." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:969 +msgid "ldap_host_uuid (string)" +msgstr "ldap_host_uuid (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:972 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object." +msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта вузла LDAP." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:985 +msgid "SERVICE ATTRIBUTES" +msgstr "АТРИБУТИ СЛУЖБИ" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:989 +msgid "ldap_service_object_class (string)" +msgstr "ldap_service_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:992 +msgid "The object class of a service entry in LDAP." +msgstr "Клас об’єктів запису служби у LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1001 +msgid "ldap_service_name (string)" +msgstr "ldap_service_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1004 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" +"Атрибут LDAP, що містить назву атрибутів служби та замінників цих атрибутів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1014 +msgid "ldap_service_port (string)" +msgstr "ldap_service_port (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1017 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "Атрибут LDAP, що містить номер порту, яким керує ця служба." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1021 +msgid "Default: ipServicePort" +msgstr "Типове значення: ipServicePort" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1027 +msgid "ldap_service_proto (string)" +msgstr "ldap_service_proto (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1030 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "Атрибут LDAP, що містить протоколи, за яким може працювати ця служба." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1034 +msgid "Default: ipServiceProtocol" +msgstr "Типове значення: ipServiceProtocol" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1043 +msgid "SUDO ATTRIBUTES" +msgstr "АТРИБУТИ SUDO" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1047 +msgid "ldap_sudorule_object_class (string)" +msgstr "ldap_sudorule_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1050 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "Клас об’єктів запису правила sudo у LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1053 +msgid "Default: sudoRole" +msgstr "Типове значення: sudoRole" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1059 +msgid "ldap_sudorule_name (string)" +msgstr "ldap_sudorule_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1062 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "Атрибут LDAP, що відповідає назві правила sudo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1072 +msgid "ldap_sudorule_command (string)" +msgstr "ldap_sudorule_command (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1075 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "Атрибут LDAP, що відповідає назві команди." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1079 +msgid "Default: sudoCommand" +msgstr "Типове значення: sudoCommand" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1085 +msgid "ldap_sudorule_host (string)" +msgstr "ldap_sudorule_host (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1088 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" +"Атрибут LDAP, який відповідає назві вузла (або IP-адресі вузла, IP-мережі " +"вузла, мережевій групі вузла)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1093 +msgid "Default: sudoHost" +msgstr "Типове значення: sudoHost" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1099 +msgid "ldap_sudorule_user (string)" +msgstr "ldap_sudorule_user (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1102 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" +"Атрибут LDAP, що відповідає назві імені користувача (або UID, назві групи " +"або назві мережевої групи користувача)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1106 +msgid "Default: sudoUser" +msgstr "Типове значення: sudoUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1112 +msgid "ldap_sudorule_option (string)" +msgstr "ldap_sudorule_option (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1115 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "Атрибут LDAP, що відповідає параметрам sudo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1119 +msgid "Default: sudoOption" +msgstr "Типове значення: sudoOption" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1125 +msgid "ldap_sudorule_runasuser (string)" +msgstr "ldap_sudorule_runasuser (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1128 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" +"Атрибут LDAP, що відповідає користувачеві, від імені якого можна виконувати " +"команди." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1132 +msgid "Default: sudoRunAsUser" +msgstr "Типове значення: sudoRunAsUser" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1138 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "ldap_sudorule_runasgroup (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1141 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" +"Атрибут LDAP, що відповідає назві групи або GID, від імені якої можна " +"виконувати команди." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1145 +msgid "Default: sudoRunAsGroup" +msgstr "Типове значення: sudoRunAsGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1151 +msgid "ldap_sudorule_notbefore (string)" +msgstr "ldap_sudorule_notbefore (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1154 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" +"Атрибут LDAP, що відповідає даті і часу набуття чинності правилом sudo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1158 +msgid "Default: sudoNotBefore" +msgstr "Типове значення: sudoNotBefore" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1164 +msgid "ldap_sudorule_notafter (string)" +msgstr "ldap_sudorule_notafter (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1167 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "Атрибут LDAP, що відповідає даті і часу втрати чинності правилом sudo." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1172 +msgid "Default: sudoNotAfter" +msgstr "Типове значення: sudoNotAfter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1178 +msgid "ldap_sudorule_order (string)" +msgstr "ldap_sudorule_order (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1181 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "Атрибут LDAP, що відповідає порядковому номеру правила." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1185 +msgid "Default: sudoOrder" +msgstr "Типове значення: sudoOrder" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1194 +msgid "AUTOFS ATTRIBUTES" +msgstr "АТРИБУТИ AUTOFS" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1201 +msgid "IP HOST ATTRIBUTES" +msgstr "АТРИБУТИ ВУЗЛА IP" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1205 +msgid "ldap_iphost_object_class (string)" +msgstr "ldap_iphost_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1208 +msgid "The object class of an iphost entry in LDAP." +msgstr "Клас об'єктів запису iphost у LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1211 +msgid "Default: ipHost" +msgstr "Типове значення: ipHost" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1217 +msgid "ldap_iphost_name (string)" +msgstr "ldap_iphost_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1220 +msgid "" +"The LDAP attribute that contains the name of the IP host attributes and " +"their aliases." +msgstr "" +"Атрибут LDAP, що містить назву атрибутів IP вузла та замінників цих " +"атрибутів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1230 +msgid "ldap_iphost_number (string)" +msgstr "ldap_iphost_number (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1233 +msgid "The LDAP attribute that contains the IP host address." +msgstr "Атрибут LDAP, який містить адресу IP вузла." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1237 +msgid "Default: ipHostNumber" +msgstr "Типове значення: ipHostNumber" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1246 +msgid "IP NETWORK ATTRIBUTES" +msgstr "АТРИБУТИ МЕРЕЖІ IP" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1250 +msgid "ldap_ipnetwork_object_class (string)" +msgstr "ldap_ipnetwork_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1253 +msgid "The object class of an ipnetwork entry in LDAP." +msgstr "Клас об'єктів запису ipnetwork у LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1256 +msgid "Default: ipNetwork" +msgstr "Типове значення: ipNetwork" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1262 +msgid "ldap_ipnetwork_name (string)" +msgstr "ldap_ipnetwork_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1265 +msgid "" +"The LDAP attribute that contains the name of the IP network attributes and " +"their aliases." +msgstr "" +"Атрибут LDAP, що містить назву атрибутів мережі IP та замінників цих " +"атрибутів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1275 +msgid "ldap_ipnetwork_number (string)" +msgstr "ldap_ipnetwork_number (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1278 +msgid "The LDAP attribute that contains the IP network address." +msgstr "Атрибут LDAP, який містить адресу мережі IP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1282 +msgid "Default: ipNetworkNumber" +msgstr "Типове значення: ipNetworkNumber" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_localauth_plugin.8.xml:10 sssd_krb5_localauth_plugin.8.xml:15 +msgid "sssd_krb5_localauth_plugin" +msgstr "sssd_krb5_localauth_plugin" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_localauth_plugin.8.xml:16 +msgid "Kerberos local authorization plugin" +msgstr "Додаток для локального уповноваження Kerberos" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:22 +msgid "" +"The Kerberos local authorization plugin <command>sssd_krb5_localauth_plugin</" +"command> is used by libkrb5 to either find the local name for a given " +"Kerberos principal or to check if a given local name and a given Kerberos " +"principal relate to each other." +msgstr "" +"Додаток локального уповноваження Kerberos " +"<command>sssd_krb5_localauth_plugin</command> використовує libkrb5 для того, " +"щоб або знайти локальну назву для заданого реєстраційного запису Kerberos, " +"або для перевірки того, чи задана локальна назва і заданий реєстраційний " +"запис Kerberos є пов'язаними між собою." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:29 +msgid "" +"SSSD handles the local names for users from a remote source and can read the " +"Kerberos user principal name from the remote source as well. With this " +"information SSSD can easily handle the mappings mentioned above even if the " +"local name and the Kerberos principal differ considerably." +msgstr "" +"SSSD обробляє локальні назви записів користувачів з віддаленого джерела і " +"може також читати назву реєстраційного запису користувача Kerberos з " +"віддаленого джерела. На основі цих даних SSSD може дуже просто обробити " +"згадані вище прив'язки, навіть якщо локальна назва і реєстраційний запис " +"Kerberos значно відрізняються." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:36 +msgid "" +"Additionally with the information read from the remote source SSSD can help " +"to prevent unexpected or unwanted mappings in case the user part of the " +"Kerberos principal accidentally corresponds to a local name of a different " +"user. By default libkrb5 might just strip the realm part of the Kerberos " +"principal to get the local name which would lead to wrong mappings in this " +"case." +msgstr "" +"Крім того, на основі даних, прочитаних з віддаленого джерела SSSD може " +"допомогти запобігти неочікуваним або небажаним прив'язкам у випадку, коли " +"назва запису користувача у реєстраційному записі Kerberos випадково " +"збігатиметься із локальною назвою запису іншого користувача. Типово, libkrb5 " +"може просто вилучити з реєстраційного запису Kerberos частину, яку пов'язано " +"із областю дії, для отримання локальної назви запису, що може призвести у " +"цьому випадку до помилкових прив'язок." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd_krb5_localauth_plugin.8.xml:46 +msgid "CONFIGURATION" +msgstr "НАЛАШТУВАННЯ" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd_krb5_localauth_plugin.8.xml:56 +#, no-wrap +msgid "" +"[plugins]\n" +" localauth = {\n" +" module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so\n" +" }\n" +msgstr "" +"[plugins]\n" +" localauth = {\n" +" module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so\n" +" }\n" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:48 +msgid "" +"The Kerberos local authorization plugin must be enabled explicitly in the " +"Kerberos configuration, see <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. SSSD will create a " +"config snippet with the content like e.g. <placeholder " +"type=\"programlisting\" id=\"0\"/> automatically in the SSSD's public " +"Kerberos configuration snippet directory. If this directory is included in " +"the local Kerberos configuration the plugin will be enabled automatically." +msgstr "" +"Додаток локального уповноваження Kerberos має бути явним чином увімкнено у " +"налаштуваннях Kerberos, див. <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. SSSD автоматично " +"створить фрагмент налаштувань із вмістом, подібним до такого: <placeholder " +"type=\"programlisting\" id=\"0\"/> у загальнодоступному каталозі фрагментів " +"налаштувань SSSD Kerberos. Якщо цей каталог включено до локальних " +"налаштувань Kerberos, додаток буде увімкнено автоматично." + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:3 +msgid "ldap_autofs_map_object_class (string)" +msgstr "ldap_autofs_map_object_class (рядок)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:6 +msgid "The object class of an automount map entry in LDAP." +msgstr "Клас об’єктів запису карти автоматичного монтування у LDAP." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:9 +msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap" +msgstr "" +"Типове значення: nisMap (rfc2307, autofs_provider=ad), у інших випадках " +"automountMap" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:16 +msgid "ldap_autofs_map_name (string)" +msgstr "ldap_autofs_map_name (рядок)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:19 +msgid "The name of an automount map entry in LDAP." +msgstr "Назва запису карти автоматичного монтування у LDAP." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:22 +msgid "" +"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName" +msgstr "" +"Типове значення: nisMapName (rfc2307, autofs_provider=ad), у інших випадках " +"automountMapName" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:29 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "ldap_autofs_entry_object_class (рядок)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:32 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" +"Клас об'єктів автоматичного монтування LDAP. Цей запис зазвичай відповідає " +"точні монтування." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:37 +msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount" +msgstr "" +"Типове значення: nisObject (rfc2307, autofs_provider=ad), у інших випадках " +"automount" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:44 +msgid "ldap_autofs_entry_key (string)" +msgstr "ldap_autofs_entry_key (рядок)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:47 include/autofs_attributes.xml:61 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" +"Ключ запису автоматичного монтування LDAP. Цей запис зазвичай відповідає " +"точні монтування." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:51 +msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey" +msgstr "" +"Типове значення: cn (rfc2307, autofs_provider=ad), у інших випадках " +"automountKey" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:58 +msgid "ldap_autofs_entry_value (string)" +msgstr "ldap_autofs_entry_value (рядок)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:65 +msgid "" +"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise " +"automountInformation" +msgstr "" +"Типове значення: nisMapEntry (rfc2307, autofs_provider=ad), у інших випадках " +"automountInformation" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "ПОШУК СЛУЖБ" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" +"За допомогою можливості виявлення служб основні модулі мають змогу " +"автоматично визначати відповідні сервери для встановлення з’єднання на " +"основі даних, отриманих у відповідь на спеціальний запит до DNS. Підтримки " +"цієї можливості для резервних серверів не передбачено." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "Налаштування" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" +"Якщо серверів не буде вказано, модуль автоматично використає визначення " +"служб для пошуку сервера. Крім того, користувач може використовувати і " +"фіксовані адреси серверів і виявлення служб. Для цього слід вставити " +"особливе ключове слово, «_srv_», до списку серверів. Пріоритет визначається " +"за вказаним порядком. Ця можливість є корисною, якщо, наприклад, користувач " +"надає перевагу використанню виявлення служб, якщо це можливо, з поверненням " +"до використання певного сервера, якщо за допомогою DNS не вдасться виявити " +"жодного сервера." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "Назва домену" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" +"З докладнішими відомостями щодо параметра «dns_discovery_domain» можна " +"ознайомитися на сторінці підручника (man) <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "Протокол" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" +"Запитами зазвичай визначається протокол _tcp. Виключення документовано у " +"описі відповідного параметра." + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "Також прочитайте" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" +"Докладніші відомості щодо механізмів визначення служб можна знайти у RFC " +"2782." + +#. type: Content of: <refentryinfo> +#: include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - https://github." +"com/SSSD/sssd/</orgname>" +msgstr "" +"<productname>SSSD</productname> <orgname>Основна гілка розробки SSSD — " +"https://pagure.io/SSSD/sssd/</orgname>" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "РЕЗЕРВ" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" +"Можливість резервування надає змогу модулям обробки автоматично перемикатися " +"на інші сервери, якщо спроба встановлення з’єднання з поточним сервером " +"зазнає невдачі." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "Синтаксичні конструкції визначення резервного сервера" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" +"Список записів серверів, відокремлених комами. Між комами можна " +"використовувати довільну кількість пробілів. Порядок у списку визначає " +"пріоритет. У списку може бути будь-яка кількість записів серверів." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" +"Для кожного з параметрів налаштування з увімкненим резервним отриманням " +"існує два варіанти: <emphasis>основний</emphasis> і <emphasis>резервний</" +"emphasis>. Ідея полягає у тому, що сервери з основного списку мають вищий " +"пріоритет за резервні сервери, пошук же на резервних серверах виконується, " +"лише якщо не вдасться з’єднатися з жодним з основних серверів. Якщо буде " +"вибрано резервний сервер, встановлюється час очікування у 31 секунду. Після " +"завершення часу очікування SSSD періодично намагатиметься повторно " +"встановити з’єднання з основними серверами. Якщо спроба буде успішною, " +"поточний активний резервний сервер буде замінено на основний." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "Механізм визначення резервного сервера" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" +"Механізмом резервного використання розрізняються окремі комп’ютери і служби. " +"Спочатку модуль намагається визначити назву вузла вказаного комп’ютера. Якщо " +"спроби визначення зазнають невдачі, комп’ютер вважатиметься від’єднаним від " +"мережі. Подальших спроб встановити з’єднання з цим комп’ютером для всіх " +"інших служб не виконуватиметься. Якщо вдасться виконати визначення, модуль " +"зробити спробу встановити з’єднання зі службою на визначеному комп’ютері. " +"Якщо спроба з’єднання зі службою не призведе до успіху, непрацездатною " +"вважатиметься лише служба, модуль автоматично перемкнеться на наступну " +"службу. Комп’ютер служби вважатиметься з’єднаним з мережею, можливі подальші " +"спроби використання інших служб." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" +"Подальші спроби встановлення з’єднання з комп’ютерами або службами, " +"позначеними як такі, що перебувають поза мережею, буде виконано за певний " +"проміжок часу. У поточній версії цей проміжок є незмінним і дорівнює 30 " +"секундам." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" +"Якщо список комп’ютерів буде вичерпано, основний модуль перейде у режим " +"автономної роботи і повторюватиме спроби з’єднання кожні 30 секунд." + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:53 +msgid "Failover time outs and tuning" +msgstr "" +"Час очікування на перемикання на резервний ресурс та точне налаштовування" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:55 +msgid "" +"Resolving a server to connect to can be as simple as running a single DNS " +"query or can involve several steps, such as finding the correct site or " +"trying out multiple host names in case some of the configured servers are " +"not reachable. The more complex scenarios can take some time and SSSD needs " +"to balance between providing enough time to finish the resolution process " +"but on the other hand, not trying for too long before falling back to " +"offline mode. If the SSSD debug logs show that the server resolution is " +"timing out before a live server is contacted, you can consider changing the " +"time outs." +msgstr "" +"Для визначення сервера для з'єднання достатньо одного запиту DNS або " +"декількох кроків, зокрема визначення відповідного сайта або спроба " +"використати декілька назв вузлів у випадку, якщо якісь із налаштованих " +"серверів недоступні. Складніші сценарії можуть потребувати додаткового часу, " +"а SSSD треба збалансувати надання достатнього часу для завершення процесу " +"визначення і використання притомного часу на виконання цього запиту перед " +"переходом до автономного режиму. Якщо діагностичний журнал SSSD показує, що " +"під час визначення сервера перевищено час очікування на з'єднання із " +"працездатним сервером, варто змінити значення параметрів часу очікування." + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:76 +msgid "dns_resolver_server_timeout" +msgstr "dns_resolver_server_timeout" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:80 +msgid "" +"Time in milliseconds that sets how long would SSSD talk to a single DNS " +"server before trying next one." +msgstr "" +"Час у мілісекундах, протягом якого SSSD має намагатися обмінятися даними із " +"окремим сервером DNS, перш ніж перейти до спроб зв'язатися із наступним." + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:90 +msgid "dns_resolver_op_timeout" +msgstr "dns_resolver_op_timeout" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:94 +msgid "" +"Time in seconds to tell how long would SSSD try to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or discovery domain." +msgstr "" +"Час у секундах, який визначає тривалість періоду, протягом якого SSSD " +"намагатиметься обробити окремий запит DNS (наприклад встановити назву вузла " +"або запис SRV), перш ніж перейти до наступної назви вузла або наступного " +"домену пошуку." + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:106 +msgid "dns_resolver_timeout" +msgstr "dns_resolver_timeout" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:110 +msgid "" +"How long would SSSD try to resolve a failover service. This service " +"resolution internally might include several steps, such as resolving DNS SRV " +"queries or locating the site." +msgstr "" +"Наскільки довго має чекати SSSD на визначення резервної служби надання " +"даних. На внутрішньому рівні визначення такої служби може включати декілька " +"кроків, зокрема визначення адрес запитів DNS SRV або пошук розташування " +"сайта." + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:67 +msgid "" +"This section lists the available tunables. Please refer to their description " +"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" +"У цьому розділі наведено списки доступних для коригування параметрів. Будь " +"ласка, ознайомтеся із їхніми описами за допомогою сторінки підручника " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>. <placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:123 +msgid "" +"For LDAP-based providers, the resolve operation is performed as part of an " +"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout</" +"quote> timeout should be set to a larger value than " +"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger " +"value than <quote>dns_resolver_op_timeout</quote> which should be larger " +"than <quote>dns_resolver_server_timeout</quote>." +msgstr "" +"Для заснованих на LDAP постачальників даних дія з визначення виконується як " +"частина дії зі встановлення з'єднання із LDAP. Тому слід також встановити " +"для часу очікування <quote>ldap_opt_timeout</quote> значення, яке " +"перевищуватиме значення <quote>dns_resolver_timeout</quote>, яке також має " +"перевищувати значення <quote>dns_resolver_op_timeout</quote>, яке має " +"перевищувати значення <quote>dns_resolver_server_timeout</quote>." + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "ВСТАНОВЛЕННЯ ВІДПОВІДНОСТІ ІДЕНТИФІКАТОРІВ" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" +"Можливість встановлення відповідності ідентифікаторів надає SSSD змогу " +"працювати у режимі клієнта Active Directory без потреби для адміністраторів " +"розширювати атрибути користувача з метою підтримки атрибутів POSIX для " +"ідентифікаторів користувачів та груп." + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" +"Зауваження: якщо увімкнено встановлення відповідності ідентифікаторів, " +"атрибути uidNumber та gidNumber буде проігноровано. Так зроблено з метою " +"уникання конфліктів між автоматично визначеними та визначеними вручну " +"значеннями. Якщо вам потрібно призначити певні значення вручну, вручну " +"доведеться призначати ВСІ значення." + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" +"Будь ласка, зауважте, що зміна параметрів налаштувань, пов’язаних із " +"встановленням відповідності ідентифікаторів, призведе до зміни " +"ідентифікаторів користувачів і груп. У поточній версії SSSD зміни " +"ідентифікаторів не передбачено, отже, вам доведеться вилучити базу даних " +"SSSD. Оскільки кешовані паролі також зберігаються у базі даних, вилучення " +"бази даних слід виконувати, лише якщо сервери розпізнавання є доступними, " +"інакше користувачі не зможуть отримати потрібного їм доступу. З метою " +"кешування паролів слід виконати сеанс розпізнавання. Для вилучення бази " +"даних недостатньо використання команди <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>, процедура має складатися з декількох кроків:" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "Переконуємося, що віддалені сервери є доступними." + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "Зупиняємо роботу служби SSSD" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "Вилучаємо базу даних" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "Запускаємо службу SSSD" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" +"Крім того, оскільки зміна ідентифікаторів може потребувати коригування інших " +"властивостей системи, зокрема прав власності на файли і каталоги, варто " +"спланувати усе наперед і ретельно перевірити налаштування встановлення " +"відповідності ідентифікаторів." + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "Алгоритм встановлення відповідності" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" +"Active Directory надає значення objectSID для всіх об’єктів користувачів і " +"груп у каталозі. Таке значення objectSID можна розбити на компоненти, які " +"відповідають профілю домену Active Directory та відносному ідентифікатору " +"(RID) об’єкта користувача або групи." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" +"Алгоритмом встановлення відповідності ідентифікаторів SSSD передбачено поділ " +"діапазону доступних UID на розділи однакових розмірів, які називаються " +"«зрізами». Кожен зріз відповідає простору, доступному певному домену Active " +"Directory." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" +"Коли SSSD вперше зустрічає запис користувача або групи певного домену, SSSD " +"віддає один з доступних зрізів під цей домен. З метою уможливлення " +"відтворення такого призначення зрізів на різних клієнтських системах, зріз " +"вибирається за таким алгоритмом:" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" +"Рядок SID передається алгоритмові murmurhash3 з метою перетворення його на " +"хешоване 32-бітове значення. Для вибору зрізу використовується ціла частина " +"від ділення цього значення на загальну кількість доступних зрізів." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" +"Зауваження: за такого алгоритму можливі збіги за хешем та відповідною цілою " +"частиною від ділення. У разі виявлення таких збігів буде вибрано наступний " +"доступних зріз, але це може призвести до неможливості відтворити точно такий " +"самий набір зрізів на інших комп’ютерах (оскільки в такому разі на вибір " +"зрізів може вплинути порядок, у якому виконується обробка даних). Якщо ви " +"зіткнулися з подібною ситуацією, рекомендуємо вам або перейти на " +"використання явних атрибутів POSIX у Active Directory (вимкнути встановлення " +"відповідності ідентифікаторів) або налаштувати типовий домен з метою " +"гарантування того, що принаймні цей домен матиме еталонні дані. Докладніше " +"про це у розділі «Налаштування»." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" +"Мінімальне налаштовування (у розділі <quote>[domain/НАЗВА_ДОМЕНУ]</quote>):" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 200,000 and going up to " +"2,000,200,000. This should be sufficient for most deployments." +msgstr "" +"За типових налаштувань буде створено 10000 зрізів, кожен з яких може містити " +"до 200000 ідентифікаторів, починаючи з 2000000 і аж до 2000200000. Цього має " +"вистачити для більшості розгорнутих середовищ." + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "Додаткові налаштування" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "ldap_idmap_range_min (ціле число)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower (inclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"can be used for the mapping." +msgstr "" +"Визначає нижню (включну) межу діапазону ідентифікаторів POSIX, які слід " +"використовувати для встановлення відповідності SID користувачів і груп " +"Active Directory. Це перший ідентифікатор POSIX, яким можна скористатися для " +"прив'язки." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:129 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" +"Зауваження: цей параметр відрізняється від <quote>min_id</quote> тим, що " +"<quote>min_id</quote> працює як фільтр відповідей на запити щодо цього " +"домену, а цей параметр керує діапазоном призначення ідентифікаторів. Ця " +"відмінність є мінімальною, але загалом варто визначати <quote>min_id</quote> " +"меншим або рівним <quote>ldap_idmap_range_min</quote>" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:139 include/ldap_id_mapping.xml:197 +msgid "Default: 200000" +msgstr "Типове значення: 200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:144 +msgid "ldap_idmap_range_max (integer)" +msgstr "ldap_idmap_range_max (ціле число)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:147 +msgid "" +"Specifies the upper (exclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"cannot be used for the mapping anymore, i.e. one larger than the last one " +"which can be used for the mapping." +msgstr "" +"Визначає верхню (виключну) межу діапазону ідентифікаторів POSIX, які слід " +"використовувати для встановлення відповідності SID користувачів і груп " +"Active Directory. Це перший ідентифікатор POSIX, яким не можна скористатися " +"для прив'язки, тобто ідентифікатор, який на одиницю більший за останній, " +"яким можна скористатися для прив'язки." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:155 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" +"Зауваження: цей параметр відрізняється від <quote>max_id</quote> тим, що " +"<quote>max_id</quote> працює як фільтр відповідей на запити щодо цього " +"домену, а цей параметр керує діапазоном призначення ідентифікаторів. Ця " +"відмінність є мінімальною, але загалом варто визначати <quote>max_id</quote> " +"більшим або рівним <quote>ldap_idmap_range_max</quote>" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:165 +msgid "Default: 2000200000" +msgstr "Типове значення: 2000200000" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:170 +msgid "ldap_idmap_range_size (integer)" +msgstr "ldap_idmap_range_size (ціле число)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" +"Визначає кількість ідентифікаторів доступних на кожному зі зрізів. Якщо " +"розмір діапазону не ділиться націло на мінімальне і максимальне значення, " +"буде створено якомога більше повних зрізів." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" +"ЗАУВАЖЕННЯ: значення цього параметра має бути не меншим за значення " +"максимального запланованого до використання RID на сервері Active Directory. " +"Пошук даних та вхід для будь-яких користувачів з RID, що перевищує це " +"значення, буде неможливим." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:185 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" +"Приклад: якщо найсвіжішим доданим користувачем Active Directory є користувач " +"з objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"«ldap_idmap_range_size» повинне мати значення, яке є не меншим за 1108, " +"оскільки розмір діапазону дорівнює максимальному SID мінус мінімальний SID " +"плюс 1. (Наприклад, 1108 = 1107 - 0 + 1)." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:192 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" +"Для майбутнього можливого розширення важливо все спланувати наперед, " +"оскільки зміна цього значення призведе до зміни усіх прив’язок " +"ідентифікаторів у системі, отже зміни попередніх локальних ідентифікаторів " +"користувачів." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:202 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "ldap_idmap_default_domain_sid (рядок)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:205 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" +"Визначає SID типового домену. За допомогою цього параметра можна гарантувати " +"те, що цей домен буде завжди призначено до нульового зрізу у карті " +"ідентифікаторів без використання алгоритму murmurhash описаного вище." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:216 +msgid "ldap_idmap_default_domain (string)" +msgstr "ldap_idmap_default_domain (рядок)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:219 +msgid "Specify the name of the default domain." +msgstr "Вказати назву типового домену." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:227 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "ldap_idmap_autorid_compat (булеве значення)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:230 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" +"Змінює поведінку алгоритму встановлення відповідності ідентифікаторів так, " +"щоб обчислення відбувалися за алгоритмом подібним до алгоритму " +"<quote>idmap_autorid</quote> winbind." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:235 +#, fuzzy +#| msgid "" +#| "When this option is configured, domains will be allocated starting with " +#| "slice zero and increasing monatomically with each additional domain." +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monotonically with each additional domain." +msgstr "" +"Якщо встановлено цей параметр, домени призначатимуться, починаючи з " +"нульового зрізу з поступовим зростанням номерів на кожен додатковий домен." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:240 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" +"Зауваження: цей алгоритм є недетерміністичним (залежить від порядку записів " +"користувачів та груп). Якщо з метою сумісності з системою, у якій запущено " +"winbind, буде використано цей алгоритм, варто також скористатися параметром " +"<quote>ldap_idmap_default_domain_sid</quote> з метою гарантування " +"послідовного призначення принаймні одного домену до нульового зрізу." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:255 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "ldap_idmap_helper_table_size (ціле число)" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:258 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" +"Максимальна кількість вторинних зрізів, яку можна використовувати під час " +"виконання прив'язки ідентифікатора UNIX до SID." + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:262 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" +"Зауваження: під час прив'язування SID до ідентифікатора UNIX може бути " +"створено додаткові вторинні зрізи, якщо частини RID SID перебувають поза " +"межами діапазону вже створених вторинних зрізів. Якщо значенням " +"ldap_idmap_helper_table_size буде 0, додаткові вторинні зрізи не " +"створюватимуться." + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:279 +msgid "Well-Known SIDs" +msgstr "Добре відомі SID" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" +"У SSSD передбачено підтримку пошуку назв за добре відомими (Well-Known) SID, " +"тобто SID із особливим запрограмованим призначенням. Оскільки типові " +"користувачі і групи, пов’язані із цими добре відомими SID не мають " +"еквівалентів у середовищі Linux/UNIX, ідентифікаторів POSIX для цих об’єктів " +"немає." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:287 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" +"Простір назв SID упорядковано службами сертифікації, які виглядають як інші " +"домени. Службами сертифікації для добре відомих (Well-Known) SID є" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:290 +msgid "Null Authority" +msgstr "Фіктивна служба сертифікації (Null Authority)" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:291 +msgid "World Authority" +msgstr "Загальна служба сертифікації (World Authority)" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:292 +msgid "Local Authority" +msgstr "Локальна служба сертифікації (Local Authority)" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:293 +msgid "Creator Authority" +msgstr "Авторська служба сертифікації (Creator Authority)" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:294 +msgid "Mandatory Label Authority" +msgstr "Обов'язкова служба сертифікації міток" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:295 +msgid "Authentication Authority" +msgstr "Служба розпізнавання" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:296 +msgid "NT Authority" +msgstr "Служба сертифікації NT (NT Authority)" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:297 +msgid "Built-in" +msgstr "Вбудована (Built-in)" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:299 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" +"Написані літерами верхнього регістру ці назви буде використано як назви " +"доменів для повернення повних назв добре відомих (Well-Known) SID." + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:303 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote>LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, " +"<quote>MANDATORY LABEL AUTHORITY</quote>, <quote>AUTHENTICATION AUTHORITY</" +"quote>, <quote>NT AUTHORITY</quote> and <quote>BUILTIN</quote> should not be " +"used as domain names in <filename>sssd.conf</filename>." +msgstr "" +"Оскільки деякі з програм надають змогу змінювати дані щодо керування " +"доступом на основі SID за допомогою назви, а не безпосереднього " +"використання, у SSSD передбачено підтримку пошуку SID за назвою. Щоб " +"уникнути конфліктів, для пошуку добре відомих (Well-Known) SID приймаються " +"лише повні назви. Отже, не можна використовувати як назви доменів у " +"<filename>sssd.conf</filename> такі назви: «NULL AUTHORITY», «WORLD " +"AUTHORITY», «LOCAL AUTHORITY», «CREATOR AUTHORITY», «MANDATORY LABEL " +"AUTHORITY», «AUTHENTICATION AUTHORITY», «NT AUTHORITY» та «BUILTIN»." + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "<option>-?</option>,<option>--help</option>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "Показати довідкове повідомлення і завершити роботу." + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "<option>-h</option>,<option>--help</option>" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" +"У SSSD передбачено два представлення для визначення рівня діагностики. " +"Найпростішим є визначення десяткового значення у діапазоні 0-9. Кожному " +"значенню відповідає вмикання відповідного рівня діагностики і усіх нижчих " +"рівнів. Точніше визначення вмикання або вимикання (якщо це потрібно) " +"специфічних рівнів можна встановити за допомогою шістнадцяткової бітової " +"маски." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" +"Будь ласка, зауважте, що кожна служба SSSD веде журнал у власному файлі. " +"Також зауважте, що вмикання <quote>debug_level</quote> у розділі " +"<quote>[sssd]</quote> вмикає діагностику лише для самого процесу sssd, а не " +"для процесів відповідача чи надавача даних. Для отримання діагностичних " +"повідомлень слід додати параметр «debug_level» до усіх розділів, для яких " +"слід створювати журнал діагностичних повідомлень." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" +"Окрім зміни рівня ведення журналу у файлі налаштувань за допомогою параметра " +"«debug_level», який не змінюється під час роботи, але зміна якого потребує " +"перезапуску SSSD, можна змінити режим діагностики без перезапуску за " +"допомогою програми <citerefentry> <refentrytitle>sss_debuglevel</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10 +msgid "Currently supported debug levels:" +msgstr "Рівні діагностики, передбачені у поточній версії:" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: критичні помилки з " +"аварійним завершенням роботи. Всі помилки, які не дають SSSD змоги розпочати " +"або продовжувати роботу." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill SSSD, but one that indicates that at least one major " +"feature is not going to work properly." +msgstr "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: критичні помилки. " +"Помилки, які не призводять до аварійного завершення роботи SSSD, але " +"означають, що одна з основних можливостей не працює належним чином." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: серйозні помилки. " +"Повідомлення про такі помилки означають, що не вдалося виконати певний запит " +"або дію." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: незначні помилки. Це " +"помилки які можуть призвести до помилок під час виконання дій." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: параметри налаштування." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: дані функцій." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: повідомлення трасування " +"для функцій дій." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: повідомлення трасування " +"для функцій внутрішнього трасування." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: вміст внутрішніх " +"змінних функцій, який може бути цікавим." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: дані трасування " +"найнижчого рівня." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x20000</emphasis>: Performance and " +"statistical data, please note that due to the way requests are processed " +"internally the logged execution time of a request might be longer than it " +"actually was." +msgstr "" +"<emphasis>9</emphasis>, <emphasis>0x20000</emphasis>: швидкодія і " +"статистичні дані; будь ласка, зауважте, що через спосіб, у яких програма " +"обробляє запити на внутрішньому рівні записаний до журналу час виконання " +"запиту може бути довшим за справжній." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:88 include/debug_levels_tools.xml:62 +msgid "" +"<emphasis>10</emphasis>, <emphasis>0x10000</emphasis>: Even more low-level " +"libldb tracing information. Almost never really required." +msgstr "" +"<emphasis>10</emphasis>, <emphasis>0x10000</emphasis>: ще докладніші дані " +"трасування libldb низького рівня. Навряд чи коли знадобляться." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:93 include/debug_levels_tools.xml:67 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" +"Щоб до журналу було записано дані потрібних бітових масок рівнів " +"діагностики, просто додайте відповідні числа, як це показано у наведених " +"нижче прикладах:" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:97 include/debug_levels_tools.xml:71 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" +"<emphasis>Example</emphasis>: щоб до журналу було записано дані щодо " +"критичних помилок з аварійним завершенням роботи, критичних помилок, " +"серйозних помилок та дані функцій, скористайтеся рівнем діагностики 0x0270." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:101 include/debug_levels_tools.xml:75 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" +"<emphasis>Приклад</emphasis>: щоб до журналу було записано критичні помилки " +"з аварійним завершенням роботи, параметри налаштування, дані функцій та " +"повідомлення трасування для функцій внутрішнього керування, скористайтеся " +"рівнем 0x1310." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:106 include/debug_levels_tools.xml:80 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" +"<emphasis>Зауваження</emphasis>: формат бітових масок для рівнів діагностики " +"впроваджено у версії 1.7.0." + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:110 include/debug_levels_tools.xml:84 +msgid "" +"<emphasis>Default</emphasis>: 0x0070 (i.e. fatal, critical and serious " +"failures; corresponds to setting 2 in decimal notation)" +msgstr "" +"<emphasis>Типове значення</emphasis>: 0x0070 (тобто фатальні, критичні та " +"серйозні помилки; відповідає встановленню значення 2 у десятковому записі)" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "ЛОКАЛЬНИЙ ДОМЕН" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" +"З метою забезпечення належної роботи слід створити домен з " +"<quote>id_provider=local</quote> та запустити SSSD." + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" +"Адміністратор може надати перевагу використанню локальних записів " +"користувачів SSSD замість традиційних записів користувачів UNIX, якщо для " +"роботи потрібна вкладеність груп (див. <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>). Використання локальних записів може також бути корисним для " +"тестування та розробки програмного забезпечення з підтримкою SSSD (у такому " +"разі не потрібно розгортати повноцінний віддалений сервер). Інструменти " +"<command>sss_user*</command> та <command>sss_group*</command> використовують " +"для зберігання записів користувачів і груп локальне сховище даних LDB." + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +#, fuzzy +#| msgid "" +#| "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</" +#| "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +#| "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +#| "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +#| "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +#| "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +#| "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +#| "citerefentry>, <citerefentry> <refentrytitle>sssd-files</" +#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +#| "condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +#| "<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +#| "<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +#| "citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +#| "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +#| "citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +#| "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +#| "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> " +#| "<citerefentry> <refentrytitle>sss_ssh_authorizedkeys</refentrytitle> " +#| "<manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +#| "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +#| "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +#| "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry>, </phrase> <citerefentry> " +#| "<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </" +#| "citerefentry>. <citerefentry> <refentrytitle>sss_rpcidmapd</" +#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> <phrase " +#| "condition=\"with_stap\"> <citerefentry> <refentrytitle>sssd-systemtap</" +#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> </phrase>" +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ldap-attributes</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ad</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +"condition=\"with_files_provider\"> <citerefentry> <refentrytitle>sssd-files</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, </phrase> <phrase " +"condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +"<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> " +"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> </phrase>" +msgstr "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-files</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +"condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +"<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> " +"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> </phrase>" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" +"Додатковий основний DN, область пошуку і фільтр LDAP для обмеження пошуків " +"LDAP цим типом атрибутів." + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "синтаксис: <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" +"Діапазоном може бути одне зі значень, «base» (основа), «onelevel» (окремий " +"рівень) або «subtree» (піддерево). Докладніший опис діапазонів наведено у " +"розділі 4.5.1.2 документа http://tools.ietf.org/html/rfc4511" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" +"Приклади використання цих синтаксичних конструкцій можна знайти у розділі " +"прикладів «ldap_search_base»." + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" +"Будь ласка, зауважте, що підтримки визначення області або фільтра для " +"пошуків на сервері Active Directory не передбачено. Це може призвести до " +"отримання значної кількості результатів і викликати реакцію з боку " +"розширення діапазону отримання (Range Retrieval)." + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" +"Будь ласка, зауважте, що засіб автоматичного монтування читає основну карту " +"лише під час запуску, отже якщо до ssd.conf внесено будь-які пов’язані з " +"autofs зміни, типово слід перезапустити фонову службу автоматичного " +"монтування після перезапуску SSSD." + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "override_homedir (рядок)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "номер UID" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "назва домену" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "%f" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "ім’я користувача повністю (користувач@домен)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:27 +msgid "%l" +msgstr "%l" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "The first letter of the login name." +msgstr "Перша літера назви облікового запису." + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:32 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "UPN - User Principal Name (ім’я@ОБЛАСТЬ)" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:35 +msgid "%o" +msgstr "%o" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:37 +msgid "The original home directory retrieved from the identity provider." +msgstr "Початкова домашня тека, отримана від служби профілів." + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:44 +msgid "" +"The original home directory retrieved from the identity provider, but in " +"lower case." +msgstr "" +"Початкова домашня тека, отримана від служби профілів, але літерами нижнього " +"регістру." + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:49 +msgid "%H" +msgstr "%H" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:51 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" +"Значення параметра налаштовування <emphasis>homedir_substring</emphasis>." + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" +"Перевизначити домашній каталог користувача. Ви можете вказати абсолютне " +"значення або шаблон. У шаблоні можна використовувати такі замінники: " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:63 +msgid "This option can also be set per-domain." +msgstr "" +"Значення цього параметра можна встановлювати для кожного з доменів окремо." + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:68 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" +"override_homedir = /home/%u\n" +" " + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:72 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" +"Типове значення: не встановлено (SSSD використовуватиме значення, отримане " +"від LDAP)" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:76 +msgid "" +"Please note, the home directory from a specific override for the user, " +"either locally (see <citerefentry><refentrytitle>sss_override</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry>) or centrally managed " +"IPA id-overrides, has a higher precedence and will be used instead of the " +"value given by override_homedir." +msgstr "" +"Будь ласка, зауважте, що домашній каталог для певного перевизначення для " +"користувача, локально (див. <citerefentry><refentrytitle>sss_override</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry>) або централізовано " +"керованих перевизначень ідентифікаторів IPA, має вищий пріоритет, і його " +"буде використано замість значення, вказаного в override_homedir." + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "homedir_substring (рядок)" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" +"Значення цього параметра буде використано під час розгортання параметра " +"<emphasis>override_homedir</emphasis>, якщо у шаблоні міститься рядок " +"форматування <emphasis>%H</emphasis>. Запис каталогу LDAP може безпосередньо " +"містити цей шаблон для розгортання шляху до домашнього каталогу на кожному з " +"клієнтських комп’ютерів (або у кожній з операційних систем). Значення " +"параметра можна вказати окремо для кожного з доменів або на загальному рівні " +"у розділі [nss]. Значення, вказане у розділі домену, має вищий пріоритет за " +"значення, встановлене за допомогою розділу [nss]." + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "Типове значення: /home" + +#. type: Content of: <refsect1><title> +#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2 +msgid "MODIFIED DEFAULT OPTIONS" +msgstr "ЗМІНЕНІ ТИПОВІ ПАРАМЕТРИ" + +#. type: Content of: <refsect1><para> +#: include/ad_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and AD provider-specific defaults are listed " +"below:" +msgstr "" +"Деякі типові значення параметрів не збігаються із типовими значеннями " +"параметрів засобу надання даних. Із назвами відповідних параметрів та " +"специфічні для засобу надання даних AD значення цих параметрів можна " +"ознайомитися за допомогою наведеного нижче списку:" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9 +msgid "KRB5 Provider" +msgstr "Модуль надання даних KRB5" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13 +msgid "krb5_validate = true" +msgstr "krb5_validate = true" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:18 +msgid "krb5_use_enterprise_principal = true" +msgstr "krb5_use_enterprise_principal = true" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:24 +msgid "LDAP Provider" +msgstr "Модуль надання даних LDAP" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:28 +msgid "ldap_schema = ad" +msgstr "ldap_schema = ad" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38 +msgid "ldap_force_upper_case_realm = true" +msgstr "ldap_force_upper_case_realm = true" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:38 +msgid "ldap_id_mapping = true" +msgstr "ldap_id_mapping = true" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSS-SPNEGO" +msgstr "ldap_sasl_mech = GSS-SPNEGO" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:48 +msgid "ldap_referrals = false" +msgstr "ldap_referrals = false" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ad" +msgstr "ldap_account_expire_policy = ad" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58 +msgid "ldap_use_tokengroups = true" +msgstr "ldap_use_tokengroups = true" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:63 +msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)" +msgstr "ldap_sasl_authid = sAMAccountName@ОБЛАСТЬ (типово SHORTNAME$@ОБЛАСТЬ)" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:66 +msgid "" +"The AD provider looks for a different principal than the LDAP provider by " +"default, because in an Active Directory environment the principals are " +"divided into two groups - User Principals and Service Principals. Only User " +"Principal can be used to obtain a TGT and by default, computer object's " +"principal is constructed from its sAMAccountName and the AD realm. The well-" +"known host/hostname@REALM principal is a Service Principal and thus cannot " +"be used to get a TGT with." +msgstr "" +"Засіб надання даних AD типово шукає інші реєстраційні записи, ніж засіб " +"надання даних LDAP, оскільки у середовищі Active Directory реєстраційні " +"записи поділено на дві групи — реєстраційні записи користувачів і " +"реєстраційні записи служб. Для отримання TGT типово може бути використано " +"лише реєстраційний запис користувача, реєстраційні записи об'єктів " +"комп'ютерів будуються на основі sAMAccountName та області AD. Широко відомий " +"реєстраційний запис host/hostname@REALM є реєстраційним записом служби, отже " +"не може бути використаний для отримання TGT." + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:80 +msgid "NSS configuration" +msgstr "Налаштування NSS" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:84 +msgid "fallback_homedir = /home/%d/%u" +msgstr "fallback_homedir = /home/%d/%u" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:87 +msgid "" +"The AD provider automatically sets \"fallback_homedir = /home/%d/%u\" to " +"provide personal home directories for users without the homeDirectory " +"attribute. If your AD Domain is properly populated with Posix attributes, " +"and you want to avoid this fallback behavior, you can explicitly set " +"\"fallback_homedir = %o\"." +msgstr "" +"Засіб надання даних AD автоматично встановлює «fallback_homedir = /home/%d/" +"%u» для надання особистих домашніх каталогів для записів користувачів без " +"атрибута homeDirectory. Якщо ваш домен AD належним чином заповнено щодо " +"атрибутів Posix і ви хочете уникнути такої резервної поведінки, ви можете " +"явним чином вказати «fallback_homedir = %o»." + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:96 +msgid "" +"Note that the system typically expects a home directory in /home/%u folder. " +"If you decide to use a different directory structure, some other parts of " +"your system may need adjustments." +msgstr "" +"Зауважте, що система типово очікує перебування домашнього каталогу у теці /" +"home/%u. Якщо ви вирішите скористатися іншою структурою каталогів, " +"коригування потребуватимуть деякі інші частини вашої системи." + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:102 +msgid "" +"For example automated creation of home directories in combination with " +"selinux requires selinux adjustment, otherwise the home directory will be " +"created with wrong selinux context." +msgstr "" +"Наприклад, автоматичне створення домашніх каталогів у поєднанні із selinux " +"потребує коригування параметрів selinux, інакше домашній каталог буде " +"створено у помилковому контексті selinux." + +#. type: Content of: <refsect1><para> +#: include/ipa_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and IPA provider-specific defaults are listed " +"below:" +msgstr "" +"Деякі типові значення параметрів не збігаються із типовими значеннями " +"параметрів засобу надання даних. Із назвами відповідних параметрів та " +"специфічні для засобу надання даних IPA значення цих параметрів можна " +"ознайомитися за допомогою наведеного нижче списку:" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:18 +msgid "krb5_use_fast = try" +msgstr "krb5_use_fast = try" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:23 +msgid "krb5_canonicalize = true" +msgstr "krb5_canonicalize = true" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:29 +msgid "LDAP Provider - General" +msgstr "Модуль надання даних LDAP — Загальне" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:33 +msgid "ldap_schema = ipa_v1" +msgstr "ldap_schema = ipa_v1" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSSAPI" +msgstr "ldap_sasl_mech = GSSAPI" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:48 +msgid "ldap_sasl_minssf = 56" +msgstr "ldap_sasl_minssf = 56" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ipa" +msgstr "ldap_account_expire_policy = ipa" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:64 +msgid "LDAP Provider - User options" +msgstr "Модуль надання даних LDAP — Параметри користувачів" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:68 +msgid "ldap_user_member_of = memberOf" +msgstr "ldap_user_member_of = memberOf" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:73 +msgid "ldap_user_uuid = ipaUniqueID" +msgstr "ldap_user_uuid = ipaUniqueID" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:78 +msgid "ldap_user_ssh_public_key = ipaSshPubKey" +msgstr "ldap_user_ssh_public_key = ipaSshPubKey" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:83 +msgid "ldap_user_auth_type = ipaUserAuthType" +msgstr "ldap_user_auth_type = ipaUserAuthType" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:89 +msgid "LDAP Provider - Group options" +msgstr "Модуль надання даних LDAP — Параметри груп" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:93 +msgid "ldap_group_object_class = ipaUserGroup" +msgstr "ldap_group_object_class = ipaUserGroup" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:98 +msgid "ldap_group_object_class_alt = posixGroup" +msgstr "ldap_group_object_class_alt = posixGroup" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:103 +msgid "ldap_group_member = member" +msgstr "ldap_group_member = member" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:108 +msgid "ldap_group_uuid = ipaUniqueID" +msgstr "ldap_group_uuid = ipaUniqueID" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:113 +msgid "ldap_group_objectsid = ipaNTSecurityIdentifier" +msgstr "ldap_group_objectsid = ipaNTSecurityIdentifier" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:118 +msgid "ldap_group_external_member = ipaExternalMember" +msgstr "ldap_group_external_member = ipaExternalMember" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:3 +msgid "krb5_auth_timeout (integer)" +msgstr "krb5_auth_timeout (ціле число)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:6 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" +"Час очікування, по завершенню якого буде перервано запит щодо розпізнавання " +"або зміни пароля у мережі. Якщо це можливо, обробку запиту щодо " +"розпізнавання буде продовжено у автономному режимі." + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:17 +msgid "krb5_validate (boolean)" +msgstr "krb5_validate (булеве значення)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:20 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" +"Перевірити за допомогою krb5_keytab, чи отриманий TGT не було підмінено. " +"Перевірка записів у таблиці ключів виконується послідовно. Для перевірки " +"використовується перший запис з відповідним значенням області. Якщо не буде " +"знайдено жодного відповідного області запису, буде використано останній " +"запис з таблиці ключів. Цим процесом можна скористатися для перевірки " +"середовищ за допомогою зв’язків довіри між записами областей: достатньо " +"розташувати відповідний запис таблиці ключів на останньому місці або зробити " +"його єдиним записом у файлі таблиці ключів." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:29 +msgid "Default: false (IPA and AD provider: true)" +msgstr "Типове значення: false (надається IPA та AD: true)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:32 +msgid "" +"Please note that the ticket validation is the first step when checking the " +"PAC (see 'pac_check' in the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page for " +"details). If ticket validation is disabled the PAC checks will be skipped as " +"well." +msgstr "" +"Будь ласка, зауважте, що перевірка квитка є першим кроком при перевірці PAC " +"(див. «pac_check» на сторінці підручника щодо <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, щоб дізнатися більше). Якщо перевірку квитків вимкнено, також " +"буде вимкнено і перевірки PAC." + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:44 +msgid "krb5_renewable_lifetime (string)" +msgstr "krb5_renewable_lifetime (рядок)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:47 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" +"Надіслати запит щодо поновлюваного квитка з загальним строком дії, вказаним " +"за допомогою цілого числа, за яким одразу вказано одиницю часу:" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:52 include/krb5_options.xml:86 +#: include/krb5_options.xml:123 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "<emphasis>s</emphasis> — секунди" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:55 include/krb5_options.xml:89 +#: include/krb5_options.xml:126 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "<emphasis>m</emphasis> — хвилини" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:58 include/krb5_options.xml:92 +#: include/krb5_options.xml:129 +msgid "<emphasis>h</emphasis> for hours" +msgstr "<emphasis>h</emphasis> — години" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:61 include/krb5_options.xml:95 +#: include/krb5_options.xml:132 +msgid "<emphasis>d</emphasis> for days." +msgstr "<emphasis>d</emphasis> — дні." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:64 include/krb5_options.xml:135 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" +"Якщо одиниці часу не буде вказано, вважатиметься, що використано одиницю " +"<emphasis>s</emphasis>." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:68 include/krb5_options.xml:139 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" +"Зауваження: не можна використовувати одразу декілька одиниць. Якщо вам " +"потрібно встановити строк дії у півтори години, слід вказати «90m», а не " +"«1h30m»." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:73 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "Типове значення: не встановлено, тобто TGT не є оновлюваним" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:79 +msgid "krb5_lifetime (string)" +msgstr "krb5_lifetime (рядок)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:82 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" +"Надіслати запит щодо квитка з загальним строком дії, вказаним за допомогою " +"цілого числа, за яким одразу вказано одиницю часу:" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:98 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" +"Якщо одиниці часу не буде вказано, вважатиметься, що використано одиницю " +"<emphasis>s</emphasis>." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:102 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" +"Зауваження: не можна використовувати одразу декілька одиниць. Якщо вам " +"потрібно встановити строк дії у півтори години, слід вказати «90m», а не " +"«1h30m»." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:107 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" +"Типове значення: не встановлено, тобто типовий строк дії квитка " +"визначатиметься у налаштуваннях KDC." + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:114 +msgid "krb5_renew_interval (string)" +msgstr "krb5_renew_interval (рядок)" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:117 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" +"Час у секундах між двома послідовними перевірками того, чи слід оновлювати " +"записи TGT. Записи TGT оновлюються після завершення приблизно половини " +"їхнього строку дії, що задається як ціле число з наступним позначенням " +"одиниці часу:" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:144 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" +"Якщо значення для цього параметра встановлено не буде або буде встановлено " +"значення 0, автоматичного оновлення не відбуватиметься." + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:157 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" +"Визначає, чи слід перетворювати реєстраційний запис вузла і користувача у " +"канонічну форму. Цю можливість передбачено з версії MIT Kerberos 1.7." + +#, fuzzy +#~| msgid "This option is not available in IPA provider." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "Цим параметром не можна скористатися у надавачі даних IPA." + +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "" +#~ "Визначає, чи слід також кешувати реєстраційні дані користувача у " +#~ "локальному кеші LDB" + +#~ msgid "User credentials are stored in a SHA512 hash, not in plaintext" +#~ msgstr "" +#~ "Реєстраційні дані користувача зберігаються у форматі хешу SHA512, а не у " +#~ "форматі звичайного тексту" + +#~ msgid "" +#~ "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " +#~ "which translates to \"the name is everything up to the <quote>@</quote> " +#~ "sign, the domain everything after that\"" +#~ msgstr "" +#~ "Типове значення: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</" +#~ "quote>, можна висловити так: іменем користувача є все до символу «@», " +#~ "назвою домену — все після цього символу." + +#~ msgid "" +#~ "The difference between these options is the action taken if user password " +#~ "is expired: pwd_expire_policy_reject - user is denied to log in, " +#~ "pwd_expire_policy_warn - user is still able to log in, " +#~ "pwd_expire_policy_renew - user is prompted to change his password " +#~ "immediately." +#~ msgstr "" +#~ "Відмінність між цими параметрами полягає у дії, яку буде виконано, якщо " +#~ "строк дії пароля вичерпано: pwd_expire_policy_reject — користувачеві буде " +#~ "заборонено вхід до системи, pwd_expire_policy_warn — користувач ще зможе " +#~ "увійти до системи, pwd_expire_policy_renew — система попросить " +#~ "користувача негайно змінити пароль." + +#~ msgid "" +#~ "Note If user password is expired no explicit message is prompted by SSSD." +#~ msgstr "" +#~ "Зауважте, що якщо строк дії пароля вичерпано, запит із явним " +#~ "повідомленням від SSSD не надходитиме." + +#~ msgid "The LDAP attribute that corresponds to the group name." +#~ msgstr "Атрибут LDAP, що відповідає назві групи." + +#~ msgid "" +#~ "<emphasis> This is an experimental feature, please use https://github.com/" +#~ "SSSD/sssd/ to report any issues. </emphasis>" +#~ msgstr "" +#~ "<emphasis> Цю можливість ще не перевірено достатнім чином Будь ласка, " +#~ "якщо помітите якісь вади, повідомте про них за допомогою настанов на " +#~ "сторінці https://pagure.io/SSSD/sssd/. </emphasis>" + +#~ msgid "" +#~ "Apply additional checks on the PAC of the Kerberos ticket which is " +#~ "available in Active Directory and FreeIPA domains, if configured. The " +#~ "following options can be used alone or in a comma-separated list: " +#~ "<placeholder type=\"variablelist\" id=\"0\"/>" +#~ msgstr "" +#~ "Застосувати додаткові перевірки щодо PAC квитка Kerberos, який доступний " +#~ "у доменах Active Directory і FreeIPA, якщо налаштовано. Вказані нижче " +#~ "параметри може бути застосовано окремо або у форматі списку відокремлених " +#~ "комами значень: <placeholder type=\"variablelist\" id=\"0\"/>" + +#~ msgid "" +#~ "Both a user name and a uid can be used but the user should be a local " +#~ "one, i.e. accessible via <quote>files</quote> service of " +#~ "<filename>nsswitch.conf</filename>." +#~ msgstr "" +#~ "Можна скористатися іменем користувача і UID, але користувач має бути " +#~ "локальним, тобто доступним для служби <quote>files</quote> " +#~ "<filename>nsswitch.conf</filename>." + +#~ msgid "" +#~ "Local user names are required, i.e. accessible via <quote>files</quote> " +#~ "service of <filename>nsswitch.conf</filename>." +#~ msgstr "" +#~ "Потрібні локальні імена користувачів, тобто імена, які доступні зі служби " +#~ "<quote>files</quote> <filename>nsswitch.conf</filename>." + +#~ msgid "" +#~ "NOTE: Some Active Directory groups, typically those used for MS Exchange " +#~ "contain an <quote>@</quote> sign in the name, which clashes with the " +#~ "default re_expression value for the AD and IPA providers. To support " +#~ "these groups, consider changing the re_expression value to: <quote>((?" +#~ "P<name>.+)@(?P<domain>[^@]+$))</quote>." +#~ msgstr "" +#~ "Зауваження: у деяких групах Active Directory, типово, тих, які " +#~ "використовуються для MS Exchange, назви містять символ <quote>@</quote>. " +#~ "Такі назви конфліктують із типовим значенням re_expression для надавачів " +#~ "даних AD та IPA. Щоб забезпечити підтримку таких груп, варто змінити " +#~ "значення re_expression на таке: <quote>((?P<name>.+)@(?P<" +#~ "domain>[^@]+$))</quote>." + +#~ msgid "" +#~ "Specifies the upper bound of the range of POSIX IDs to use for mapping " +#~ "Active Directory user and group SIDs." +#~ msgstr "" +#~ "Визначає верхню межу діапазону ідентифікаторів POSIX, які слід " +#~ "використовувати для встановлення відповідності SID користувачів і груп " +#~ "Active Directory." + +#~ msgid "sssd-secrets" +#~ msgstr "sssd-secrets" + +#~ msgid "SSSD Secrets responder" +#~ msgstr "Відповідач реєстраційних даних SSSD" + +#~ msgid "" +#~ "This manual page describes the configuration of the Secrets responder for " +#~ "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +#~ "manvolnum> </citerefentry>. For a detailed syntax reference, refer to " +#~ "the <quote>FILE FORMAT</quote> section of the <citerefentry> " +#~ "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +#~ "citerefentry> manual page." +#~ msgstr "" +#~ "На цій сторінці довідника описано налаштування засобу надання відповідей " +#~ "Secrets для <citerefentry> <refentrytitle>sssd</refentrytitle> " +#~ "<manvolnum>8</manvolnum> </citerefentry>. Щоб дізнатися більше про " +#~ "синтаксис налаштування, зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки " +#~ "довідника <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +#~ "<manvolnum>5</manvolnum> </citerefentry>." + +#~ msgid "" +#~ "Many system and user applications need to store private information such " +#~ "as passwords or service keys and have no good way to properly deal with " +#~ "them. The simple approach is to embed these <quote>secrets</quote> into " +#~ "configuration files potentially ending up exposing sensitive key material " +#~ "to backups, config management system and in general making it harder to " +#~ "secure data." +#~ msgstr "" +#~ "У багатьох програмах системи або користувача існує потреба у збереженні " +#~ "конфіденційних даних, зокрема паролів і ключів до служб, та зручній " +#~ "роботі з цими даними. Простим способом вирішення цієї проблеми є " +#~ "вбудовування цих <quote>реєстраційних даних</quote> до файлів " +#~ "налаштувань. Втім, це призводить до потенційного розширення доступу до " +#~ "конфіденційних даних через резервні копії, системи керування " +#~ "налаштуваннями, та загалом робить захист даних важчим." + +#~ msgid "" +#~ "The <ulink url=\"https://github.com/latchset/custodia\">custodia</ulink> " +#~ "project was born to deal with this problem in cloud like environments, " +#~ "but we found the idea compelling even at a single system level. As a " +#~ "security service, SSSD is ideal to host this capability while offering " +#~ "the same API via a UNIX Socket. This will make it possible to use local " +#~ "calls and have them transparently routed to a local or a remote key " +#~ "management store like IPA Vault for storage, escrow and recovery." +#~ msgstr "" +#~ "Проєкт <ulink url=\"https://github.com/latchset/custodia\">custodia</" +#~ "ulink> було створено для урегулювання цієї проблеми у хмароподібних " +#~ "середовищах, але нам ця ідея здалася вартою уваги навіть на рівні окремої " +#~ "ізольованої системи. Як служба захисту, SSSD є ідеальним місцем для " +#~ "реалізації такої можливості з доступом до відповідного програмного " +#~ "інтерфейсу через сокети UNIX. Така реалізація уможливлює використання " +#~ "локальних викликів і належну маршрутизацію до локального або віддаленого " +#~ "сховища ключів, зокрема сховища IPA, для зберігання, депонування і " +#~ "відновлення даних." + +#~ msgid "" +#~ "The secrets are simple key-value pairs. Each user's secrets are " +#~ "namespaced using their user ID, which means the secrets will never " +#~ "collide between users. Secrets can be stored inside <quote>containers</" +#~ "quote> which can be nested." +#~ msgstr "" +#~ "Записи реєстраційних даних є простими парами ключ-значення. Реєстраційні " +#~ "дані кожного з користувачів співвідносяться із його простором назв на " +#~ "основі ідентифікатора користувача. Це означає, що реєстраційні дані " +#~ "одного користувача ніколи не потраплять до іншого. Реєстраційні дані " +#~ "зберігаються у <quote>контейнерах</quote>, які можна вкладати один у " +#~ "одного." + +#~ msgid "secrets" +#~ msgstr "secrets" + +#~ msgid "secrets for general usage" +#~ msgstr "записи реєстраційних даних для загального використання" + +#~ msgid "kcm" +#~ msgstr "kcm" + +#~ msgid "" +#~ "used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> " +#~ "<manvolnum>8</manvolnum> </citerefentry> service." +#~ msgstr "" +#~ "використовується службою <citerefentry> <refentrytitle>sssd-kcm</" +#~ "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>." + +#~ msgid "" +#~ "Since the secrets responder can be used both externally to store general " +#~ "secrets, as described in the rest of this man page, but also internally " +#~ "by other SSSD components to store their secret material, some " +#~ "configuration options, like quotas can be configured per <quote>hive</" +#~ "quote> in a configuration subsection named after the hive. The currently " +#~ "supported hives are: <placeholder type=\"variablelist\" id=\"0\"/>" +#~ msgstr "" +#~ "Оскільки відповідач реєстраційних даних може використовуватися ззовні для " +#~ "зберігання загальних реєстраційних даних, як це описано у решті цієї " +#~ "сторінки підручника, і всередині іншими компонентами SSSD для зберігання " +#~ "власних реєстраційних даних, можна налаштувати деякі параметри, зокрема " +#~ "квоти для окремих записів <quote>hive</quote> у підрозділі налаштувань із " +#~ "назвою відповідного рою. Підтримувані у поточній версії рої: <placeholder " +#~ "type=\"variablelist\" id=\"0\"/>" + +#~ msgid "USING THE SECRETS RESPONDER" +#~ msgstr "КОРИСТУВАННЯ ВІДПОВІДАЧЕМ РЕЄСТРАЦІЙНИХ ДАНИХ" + +#~ msgid "" +#~ "The UNIX socket the SSSD responder listens on is located at <filename>/" +#~ "var/run/secrets.socket</filename>." +#~ msgstr "" +#~ "Сокет UNIX, на якому відповідач SSSD очікує на дані, розташовано у " +#~ "<filename>/var/run/secrets.socket</filename>." + +#, no-wrap +#~ msgid "" +#~ "systemctl start sssd-secrets.socket\n" +#~ "systemctl enable sssd-secrets.socket\n" +#~ "systemctl enable sssd-secrets.service\n" +#~ " " +#~ msgstr "" +#~ "systemctl start sssd-secrets.socket\n" +#~ "systemctl enable sssd-secrets.socket\n" +#~ "systemctl enable sssd-secrets.service\n" +#~ " " + +#~ msgid "" +#~ "The secrets responder is socket-activated by <citerefentry> " +#~ "<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +#~ "citerefentry>. Unlike other SSSD responders, it cannot be started by " +#~ "adding the <quote>secrets</quote> string to the <quote>service</quote> " +#~ "directive. The systemd socket unit is called <quote>sssd-secrets.socket</" +#~ "quote> and the corresponding service file is called <quote>sssd-secrets." +#~ "service</quote>. In order for the service to be socket-activated, make " +#~ "sure the socket is enabled and active and the service is enabled: " +#~ "<placeholder type=\"programlisting\" id=\"0\"/> Please note your " +#~ "distribution may already configure the units for you." +#~ msgstr "" +#~ "Відповідач для реєстраційних даних активується за допомогою сокетів " +#~ "<citerefentry> <refentrytitle>systemd</refentrytitle> <manvolnum>1</" +#~ "manvolnum> </citerefentry>. На відміну від інших відповідачів SSSD, його " +#~ "не можна запустити додаванням рядка <quote>secrets</quote> до інструкції " +#~ "<quote>service</quote>. Модуль сокета systemd називається <quote>sssd-" +#~ "secrets.socket</quote>, а відповідний файл служби має назву <quote>sssd-" +#~ "secrets.service</quote>. Щоб службу можна було активувати за допомогою " +#~ "сокета, слід увімкнути і задіяти сокет, а потім увімкнути службу: " +#~ "<placeholder type=\"programlisting\" id=\"0\"/> Будь ласка, зауважте, що " +#~ "відповідні налаштування модулів вже могло бути виконано засобами вашого " +#~ "дистрибутива." + +#~ msgid "" +#~ "The generic SSSD responder options such as <quote>debug_level</quote> or " +#~ "<quote>fd_limit</quote> are accepted by the secrets responder. Please " +#~ "refer to the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +#~ "<manvolnum>5</manvolnum> </citerefentry> manual page for a complete list. " +#~ "In addition, there are some secrets-specific options as well." +#~ msgstr "" +#~ "Відповідачу реєстраційних даних можна передавати типові параметри " +#~ "відповідача SSSD, зокрема <quote>debug_level</quote> та <quote>fd_limit</" +#~ "quote>. Із повним списком параметрів можна ознайомитися на сторінці " +#~ "підручника <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +#~ "<manvolnum>5</manvolnum> </citerefentry>. Крім того, передбачено декілька " +#~ "специфічних для реєстраційних даних параметрів." + +#~ msgid "" +#~ "The secrets responder is configured with a global <quote>[secrets]</" +#~ "quote> section and an optional per-user <quote>[secrets/users/$uid]</" +#~ "quote> section in <filename>sssd.conf</filename>. Please note that some " +#~ "options, notably as the provider type, can only be specified in the per-" +#~ "user subsections." +#~ msgstr "" +#~ "Відповідач реєстраційних даних налаштовується за допомогою загального " +#~ "розділу <quote>[secrets]</quote> і необов'язкових розділів " +#~ "<quote>[secrets/users/$uid]</quote> для окремих користувачів у " +#~ "<filename>sssd.conf</filename>. Будь ласка, зауважте, що деякі параметра, " +#~ "зокрема тип постачальника даних, можна вказати лише у підрозділах окремих " +#~ "користувачів." + +#~ msgid "provider (string)" +#~ msgstr "provider (рядок)" + +#~ msgid "local" +#~ msgstr "local" + +#~ msgid "" +#~ "The secrets are stored in a local database, encrypted at rest with a " +#~ "master key. The local provider does not have any additional config " +#~ "options at the moment." +#~ msgstr "" +#~ "Реєстраційні дані зберігаються у локальній базі даних, зашифровані, разом " +#~ "із іншими даними, за допомогою основного ключа. Для локального засобу " +#~ "надання даних у поточній версії не передбачено жодних додаткових " +#~ "параметрів." + +#~ msgid "proxy" +#~ msgstr "proxy" + +#~ msgid "" +#~ "The secrets responder forwards the requests to a Custodia server. The " +#~ "proxy provider supports several additional options (see below)." +#~ msgstr "" +#~ "Відповідач реєстраційних даних переспрямовує запити до сервера Custodia. " +#~ "Для засобу надання даних «proxy» передбачено декілька додаткових " +#~ "параметрів (див. нижче)." + +#~ msgid "" +#~ "This option specifies where should the secrets be stored. The secrets " +#~ "responder can configure a per-user subsections (e.g. <quote>[secrets/" +#~ "users/123]</quote> - see bottom of this manual page for a full example " +#~ "using Custodia for a particular user) that define which provider store " +#~ "the secrets for this particular user. The per-user subsections should " +#~ "contain all options for that user's provider. Please note that currently " +#~ "the global provider is always local, the proxy provider can only be " +#~ "specified in a per-user section. The following providers are supported: " +#~ "<placeholder type=\"variablelist\" id=\"0\"/>" +#~ msgstr "" +#~ "Цей параметр визначає, де слід зберігати реєстраційні дані. Відповідач " +#~ "реєстраційних даних може налаштувати підрозділи для окремих користувачів " +#~ "(наприклад, <quote>[secrets/users/123]</quote> — див. нижню частину цієї " +#~ "сторінки підручників, де наведено повний приклад використання Custodia " +#~ "для окремого користувача), які визначатимуть, яке сховище відповідача " +#~ "зберігатиме дані певного користувача. Підрозділи окремих користувачів " +#~ "мають містити усі параметри відповідного засобу надання даних " +#~ "користувача. Будь ласка, зауважте, що у поточній версії загальний " +#~ "постачальних даних з завжди локальним, а проміжного постачальника можна " +#~ "вказати лише для окремого користувача у відповідному розділі. Передбачено " +#~ "підтримку таких відповідачів: <placeholder type=\"variablelist\" id=\"0\"/" +#~ ">" + +#~ msgid "Default: local" +#~ msgstr "Типове значення: local" + +#~ msgid "" +#~ "The following options affect only the secrets <quote>hive</quote> and " +#~ "therefore should be set in a per-hive subsection. Setting the option to 0 " +#~ "means \"unlimited\"." +#~ msgstr "" +#~ "Наведені нижче параметри стосуються лише записів реєстраційних даних " +#~ "<quote>hive</quote> і тому їх слід встановлювати у підрозділах окремих " +#~ "роїв. Встановлення значення параметра 0 означає «без обмежень»." + +#~ msgid "containers_nest_level (integer)" +#~ msgstr "containers_nest_level (ціле значення)" + +#~ msgid "" +#~ "This option specifies the maximum allowed number of nested containers." +#~ msgstr "" +#~ "Цей параметр визначає максимальну дозволену кількість вкладених " +#~ "контейнерів." + +#~ msgid "Default: 4" +#~ msgstr "Типове значення: 4" + +#~ msgid "max_secrets (integer)" +#~ msgstr "max_secrets (ціле значення)" + +#~ msgid "" +#~ "This option specifies the maximum number of secrets that can be stored in " +#~ "the hive." +#~ msgstr "" +#~ "Цей параметр визначає максимальну кількість записів реєстраційних даних, " +#~ "які можна зберігати у рою." + +#~ msgid "Default: 1024 (secrets hive), 256 (kcm hive)" +#~ msgstr "Типове значення: 1024 (рій реєстраційних даних), 256 (рій kcm)" + +#~ msgid "max_uid_secrets (integer)" +#~ msgstr "max_uid_secrets (ціле число)" + +#~ msgid "" +#~ "This option specifies the maximum number of secrets that can be stored " +#~ "per-UID in the hive." +#~ msgstr "" +#~ "Цей параметр визначає максимальну кількість записів реєстраційних даних, " +#~ "які можна зберігати окремо для різних UID у рою." + +#~ msgid "Default: 256 (secrets hive), 64 (kcm hive)" +#~ msgstr "Типове значення: 256 (рій реєстраційних даних), 64 (рій kcm)" + +#~ msgid "max_payload_size (integer)" +#~ msgstr "max_payload_size (ціле значення)" + +#~ msgid "" +#~ "This option specifies the maximum payload size allowed for a secret " +#~ "payload in kilobytes." +#~ msgstr "" +#~ "Цей параметри визначає максимальний об'єм даних для реєстраційного запису " +#~ "у кілобайтах." + +#~ msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)" +#~ msgstr "" +#~ "Типове значення: 16 (рій реєстраційних даних), 65536 (64 МіБ) (рій kcm)" + +#, no-wrap +#~ msgid "" +#~ "[secrets/secrets]\n" +#~ "max_payload_size = 128\n" +#~ "\n" +#~ "[secrets/kcm]\n" +#~ "max_payload_size = 256\n" +#~ " " +#~ msgstr "" +#~ "[secrets/secrets]\n" +#~ "max_payload_size = 128\n" +#~ "\n" +#~ "[secrets/kcm]\n" +#~ "max_payload_size = 256\n" +#~ " " + +#~ msgid "" +#~ "For example, to adjust quotas differently for both the <quote>secrets</" +#~ "quote> and the <quote>kcm</quote> hives, configure the following: " +#~ "<placeholder type=\"programlisting\" id=\"0\"/>" +#~ msgstr "" +#~ "Наприклад, щоб встановити різні квоти для роїв <quote>secrets</quote> та " +#~ "<quote>kcm</quote>, скористайтеся такими рядками: <placeholder " +#~ "type=\"programlisting\" id=\"0\"/>" + +#~ msgid "" +#~ "The following options are only applicable for configurations that use the " +#~ "<quote>proxy</quote> provider." +#~ msgstr "" +#~ "Вказані нижче параметри стосуються лише конфігурацій, у яких " +#~ "використовується засіб надання даних <quote>proxy</quote>." + +#~ msgid "proxy_url (string)" +#~ msgstr "proxy_url (рядок)" + +#~ msgid "" +#~ "The URL the Custodia server is listening on. At the moment, http and " +#~ "https protocols are supported." +#~ msgstr "" +#~ "Адреса, за якою очікуватиме на дані сервер Custodia. У поточній версії " +#~ "передбачено підтримку протоколів http і https." + +#~ msgid "http[s]://<host>[:port]" +#~ msgstr "http[s]://<вузол>[:порт]" + +#~ msgid "Example: http://localhost:8080" +#~ msgstr "Приклад: http://localhost:8080" + +#~ msgid "auth_type (string)" +#~ msgstr "auth_type (рядок)" + +#~ msgid "" +#~ "The method to use when authenticating to a Custodia server. The following " +#~ "authentication methods are supported:" +#~ msgstr "" +#~ "Спосіб розпізнавання сервером Custodia. Передбачено підтримку таких " +#~ "способів розпізнавання:" + +#~ msgid "basic_auth" +#~ msgstr "basic_auth" + +#~ msgid "" +#~ "Authenticate with a username and a password as set in the " +#~ "<quote>username</quote> and <quote>password</quote> options." +#~ msgstr "" +#~ "Виконати розпізнавання на основі імені користувача і пароля, які " +#~ "визначено параметрами <quote>username</quote> і <quote>password</quote>." + +#~ msgid "header" +#~ msgstr "header" + +#~ msgid "" +#~ "Authenticate with HTTP header value as defined in the " +#~ "<quote>auth_header_name</quote> and <quote>auth_header_value</quote> " +#~ "configuration options." +#~ msgstr "" +#~ "Виконати розпізнавання за допомогою значення заголовка HTTP, як його " +#~ "визначено у параметрах налаштування <quote>auth_header_name</quote> і " +#~ "<quote>auth_header_value</quote>." + +#~ msgid "auth_header_name (string)" +#~ msgstr "auth_header_name (рядок)" + +#~ msgid "" +#~ "If set, the secrets responder would put a header with this name into the " +#~ "HTTP request with the value defined in the <quote>auth_header_value</" +#~ "quote> configuration option." +#~ msgstr "" +#~ "Якщо встановлено, відповідач реєстраційних даних додаватиме заголовок із " +#~ "цією назвою до запиту HTTP разом із значенням, яке визначається " +#~ "параметром налаштування <quote>auth_header_value</quote>." + +#~ msgid "Example: MYSECRETNAME" +#~ msgstr "Приклад: MYSECRETNAME" + +#~ msgid "auth_header_value (string)" +#~ msgstr "auth_header_value (рядок)" + +#~ msgid "" +#~ "The value sssd-secrets would use for the <quote>auth_header_name</quote>." +#~ msgstr "" +#~ "Значення, яке sssd-secrets має використовувати для " +#~ "<quote>auth_header_name</quote>." + +#~ msgid "Example: mysecret" +#~ msgstr "Приклад: mysecret" + +#~ msgid "forward_headers (list of strings)" +#~ msgstr "forward_headers (список рядків)" + +#~ msgid "" +#~ "The list of HTTP headers to forward to the Custodia server together with " +#~ "the request." +#~ msgstr "" +#~ "Список заголовків HTTP, які слід переспрямувати до сервера Custodia разом " +#~ "із запитом." + +#~ msgid "verify_peer (boolean)" +#~ msgstr "verify_peer (булеве значення)" + +#~ msgid "" +#~ "Whether peer's certificate should be verified and valid if HTTPS protocol " +#~ "is used with the proxy provider." +#~ msgstr "" +#~ "Визначає, чи слід перевіряти сертифікат вузла і чи слід вважати його " +#~ "чинним, якщо для засобу надання даних проксі використано протокол HTTPS." + +#~ msgid "verify_host (boolean)" +#~ msgstr "verify_host (булеве значення)" + +#~ msgid "" +#~ "Whether peer's hostname must match with hostname in its certificate if " +#~ "HTTPS protocol is used with the proxy provider." +#~ msgstr "" +#~ "Визначає, чи має назва вузла збігатися із назвою вузла у його " +#~ "сертифікаті, якщо для засобу надання даних проксі використано протокол " +#~ "HTTPS." + +#~ msgid "capath (string)" +#~ msgstr "capath (рядок)" + +#~ msgid "" +#~ "Path to directory containing stored certificate authority certificates. " +#~ "System default path is used if this option is not set." +#~ msgstr "" +#~ "Шлях до каталогу, у якому зберігаються сертифікати служб сертифікації. " +#~ "Якщо для цього параметра не встановлено значення, використовуватиметься " +#~ "загальносистемний типовий шлях." + +#~ msgid "cacert (string)" +#~ msgstr "cacert (рядок)" + +#~ msgid "" +#~ "Path to file containing server's certificate authority certificate. If " +#~ "this option is not set then the CA's certificate is looked up in " +#~ "<quote>capath</quote>." +#~ msgstr "" +#~ "Шлях до файла, у якому міститься сертифікат служби сертифікації сервера. " +#~ "Якщо для цього параметра не встановлено значення, програма шукатиме " +#~ "сертифікат CA у <quote>capath</quote>." + +#~ msgid "cert (string)" +#~ msgstr "cert (рядок)" + +#~ msgid "" +#~ "Path to file containing client's certificate if required by the server. " +#~ "This file may also contain private key or the private key may be in " +#~ "separate file set with <quote>key</quote>." +#~ msgstr "" +#~ "Шлях до файла, що містить клієнтський сертифікат, якщо такий потрібен для " +#~ "сервера. Цей файл може також містити закритий ключ. Закритий ключ можна " +#~ "також зберігати у файлі, назву якого встановлено за допомогою параметра " +#~ "<quote>key</quote>." + +#~ msgid "key (string)" +#~ msgstr "key (рядок)" + +#~ msgid "Path to file containing client's private key." +#~ msgstr "Шлях до файла, у якому міститься закритий ключ клієнта." + +#~ msgid "USING THE REST API" +#~ msgstr "КОРИСТУВАННЯ API REST" + +#~ msgid "" +#~ "This section lists the available commands and includes examples using the " +#~ "<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</" +#~ "manvolnum> </citerefentry> utility. All requests towards the proxy " +#~ "provider must set the Content Type header to <quote>application/json</" +#~ "quote>. In addition, the local provider also supports Content Type set to " +#~ "<quote>application/octet-stream</quote>. Secrets stored with requests " +#~ "that set the Content Type header to <quote>application/octet-stream</" +#~ "quote> are base64-encoded when stored and decoded when retrieved, so it's " +#~ "not possible to store a secret with one Content Type and retrieve with " +#~ "another. The secret URI must begin with <filename>/secrets/</filename>." +#~ msgstr "" +#~ "У цьому розділі наведено список доступних команд та приклади користування " +#~ "із використанням програми <citerefentry> <refentrytitle>curl</" +#~ "refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Усі запити до " +#~ "засобу надання даних проксі мають встановлювати для заголовка Content " +#~ "Type значення <quote>application/json</quote>. Крім того, для локального " +#~ "засобу надання даних передбачено підтримку встановлення для Content Type " +#~ "значення <quote>application/octet-stream</quote>. Реєстраційні дані, " +#~ "збережені із запитами, де встановлено значення заголовка Content Type " +#~ "<quote>application/octet-stream</quote>, є даними у кодуванні base64 у " +#~ "сховищі, які розшифровуються під час отримання, тому не можна зберігати " +#~ "реєстраційні дані із одним значенням Content Type і отримувати з іншим. " +#~ "Адреса реєстраційних даних має починатися з <filename>/secrets/</" +#~ "filename>." + +#~ msgid "Listing secrets" +#~ msgstr "Отримання списку реєстраційних даних" + +#~ msgid "" +#~ "To list the available secrets, send a HTTP GET request with a trailing " +#~ "slash appended to the container path." +#~ msgstr "" +#~ "Щоб отримати список доступних реєстраційних даних, надішліть запит HTTP " +#~ "GET із кінцевою навскісною рискою у шляху до контейнера." + +#, no-wrap +#~ msgid "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XGET http://localhost/secrets/\n" +#~ " " +#~ msgstr "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XGET http://localhost/secrets/\n" +#~ " " + +#~ msgid "Retrieving a secret" +#~ msgstr "Отримання реєстраційних даних" + +#~ msgid "" +#~ "To read a value of a single secret, send a HTTP GET request without a " +#~ "trailing slash. The last portion of the URI is the name of the secret." +#~ msgstr "" +#~ "Щоб прочитати значення окремого запису реєстраційних даних, надішліть " +#~ "запит HTTP GET без кінцевої навскісної риски. Остання частина адреси " +#~ "вважатиметься назвою запису реєстраційних даних." + +#, no-wrap +#~ msgid "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XGET http://localhost/secrets/foo\n" +#~ " " +#~ msgstr "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XGET http://localhost/secrets/foo\n" +#~ " " + +#, no-wrap +#~ msgid "" +#~ "curl -H \"Content-Type: application/octet-stream\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XGET http://localhost/secrets/bar\n" +#~ " " +#~ msgstr "" +#~ "curl -H \"Content-Type: application/octet-stream\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XGET http://localhost/secrets/bar\n" +#~ " " + +#~ msgid "" +#~ "Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder " +#~ "type=\"programlisting\" id=\"1\"/>" +#~ msgstr "" +#~ "Приклади: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder " +#~ "type=\"programlisting\" id=\"1\"/>" + +#~ msgid "Setting a secret" +#~ msgstr "Встановлення реєстраційних даних" + +#~ msgid "" +#~ "To set a secret using the <quote>application/json</quote> type, send a " +#~ "HTTP PUT request with a JSON payload that includes type and value. The " +#~ "type should be set to \"simple\" and the value should be set to the " +#~ "secret value. If a secret with that name already exists, the response is " +#~ "a 409 HTTP error." +#~ msgstr "" +#~ "Щоб встановити запис реєстраційних даних з використанням типу " +#~ "<quote>application/json</quote>, надішліть запит HTTP PUT із даними JSON, " +#~ "які включатимуть тип і значення. Тип (type) має бути встановлено у " +#~ "значення \"simple\", а значення (value) має містити дані реєстраційного " +#~ "запису. Якщо запис із вказаною назвою вже існує, відповіддю буде " +#~ "повідомлення про помилку 409 HTTP." + +#~ msgid "" +#~ "The <quote>application/json</quote> type just sends the secret as the " +#~ "message payload." +#~ msgstr "" +#~ "Тип <quote>application/json</quote> просто надсилає реєстраційний ключ як " +#~ "вміст повідомлення." + +#, no-wrap +#~ msgid "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XPUT http://localhost/secrets/foo \\\n" +#~ " -d'{\"type\":\"simple\",\"value\":\"foosecret\"}'\n" +#~ " " +#~ msgstr "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XPUT http://localhost/secrets/foo \\\n" +#~ " -d'{\"type\":\"simple\",\"value\":\"foosecret\"}'\n" +#~ " " + +#, no-wrap +#~ msgid "" +#~ "curl -H \"Content-Type: application/octet-stream\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XPUT http://localhost/secrets/bar \\\n" +#~ " -d'barsecret'\n" +#~ " " +#~ msgstr "" +#~ "curl -H \"Content-Type: application/octet-stream\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XPUT http://localhost/secrets/bar \\\n" +#~ " -d'barsecret'\n" +#~ " " + +#~ msgid "" +#~ "The following example sets a secret named 'foo' to a value of 'foosecret' " +#~ "and a secret named 'bar' to a value of 'barsecret' using a different " +#~ "Content Type. <placeholder type=\"programlisting\" id=\"0\"/> " +#~ "<placeholder type=\"programlisting\" id=\"1\"/>" +#~ msgstr "" +#~ "У наведеному нижче прикладі ми встановлюємо для реєстраційних даних із " +#~ "назвою «foo» значення «foosecret», а для реєстраційних даних із назвою " +#~ "«bar» — значення «barsecret», використовуючи різні значення Content " +#~ "Type. <placeholder type=\"programlisting\" id=\"0\"/> <placeholder " +#~ "type=\"programlisting\" id=\"1\"/>" + +#~ msgid "Creating a container" +#~ msgstr "Створення контейнера" + +#~ msgid "" +#~ "Containers provide an additional namespace for this user's secrets. To " +#~ "create a container, send a HTTP POST request, whose URI ends with the " +#~ "container name. Please note the URI must end with a trailing slash." +#~ msgstr "" +#~ "Контейнери надають додатковий простір назв для реєстраційних даних цього " +#~ "користувача. Для створення контейнера надішліть запит HTTP POST, чи я " +#~ "адреса завершуватиметься назвою контейнера. Будь ласка, зауважте, що " +#~ "адреса має завершуватися символом навскісної риски." + +#, no-wrap +#~ msgid "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XPOST http://localhost/secrets/mycontainer/\n" +#~ " " +#~ msgstr "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XPOST http://localhost/secrets/mycontainer/\n" +#~ " " + +#, no-wrap +#~ msgid "" +#~ "http://localhost/secrets/mycontainer/mysecret\n" +#~ " " +#~ msgstr "" +#~ "http://localhost/secrets/mycontainer/mysecret\n" +#~ " " + +#~ msgid "" +#~ "To manipulate secrets under this container, just nest the secrets " +#~ "underneath the container path: <placeholder type=\"programlisting\" " +#~ "id=\"0\"/>" +#~ msgstr "" +#~ "Щоб працювати із записами реєстраційних даних у цьому контейнері, просто " +#~ "вкладіть записи реєстраційних даних до шляху контейнера: <placeholder " +#~ "type=\"programlisting\" id=\"0\"/>" + +#~ msgid "Deleting a secret or a container" +#~ msgstr "Вилучення реєстраційних даних або контейнера" + +#~ msgid "" +#~ "To delete a secret or a container, send a HTTP DELETE request with a path " +#~ "to the secret or the container." +#~ msgstr "" +#~ "Щоб вилучити запис реєстраційних даних або контейнер, надішліть запит " +#~ "HTTP DELETE із шляхом до запису реєстраційних даних або до контейнера." + +#, no-wrap +#~ msgid "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XDELETE http://localhost/secrets/foo\n" +#~ " " +#~ msgstr "" +#~ "curl -H \"Content-Type: application/json\" \\\n" +#~ " --unix-socket /var/run/secrets.socket \\\n" +#~ " -XDELETE http://localhost/secrets/foo\n" +#~ " " + +#~ msgid "" +#~ "The following example deletes a secret named 'foo'. <placeholder " +#~ "type=\"programlisting\" id=\"0\"/>" +#~ msgstr "" +#~ "У наведеному нижче прикладі ми вилучимо реєстраційні дані для запису " +#~ "«foo». <placeholder type=\"programlisting\" id=\"0\"/>" + +#~ msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION" +#~ msgstr "ПРИКЛАД НАЛАШТОВУВАННЯ МОДУЛІВ НАДАННЯ ДАНИХ CUSTODIA І ПРОКСІ" + +#~ msgid "" +#~ "For testing the proxy provider, you need to set up a Custodia server to " +#~ "proxy requests to. Please always consult the Custodia documentation, the " +#~ "configuration directives might change with different Custodia versions." +#~ msgstr "" +#~ "Для тестування засобу надання даних «proxy» вам слід налаштувати проксі-" +#~ "передавання на сервер Custodia. Будь ласка, завжди користуйтеся " +#~ "документацією до Custodia, оскільки інструкції налаштовування у різних " +#~ "версіях Custodia можуть бути різними." + +#, no-wrap +#~ msgid "" +#~ "[global]\n" +#~ "server_version = \"Secret/0.0.7\"\n" +#~ "server_url = http://localhost:8080/\n" +#~ "auditlog = /var/log/custodia.log\n" +#~ "debug = True\n" +#~ "\n" +#~ "[store:simple]\n" +#~ "handler = custodia.store.sqlite.SqliteStore\n" +#~ "dburi = /var/lib/custodia.db\n" +#~ "table = secrets\n" +#~ "\n" +#~ "[auth:header]\n" +#~ "handler = custodia.httpd.authenticators.SimpleHeaderAuth\n" +#~ "header = MYSECRETNAME\n" +#~ "value = mysecretkey\n" +#~ "\n" +#~ "[authz:paths]\n" +#~ "handler = custodia.httpd.authorizers.SimplePathAuthz\n" +#~ "paths = /secrets\n" +#~ "\n" +#~ "[/]\n" +#~ "handler = custodia.root.Root\n" +#~ "store = simple\n" +#~ " " +#~ msgstr "" +#~ "[global]\n" +#~ "server_version = \"Secret/0.0.7\"\n" +#~ "server_url = http://localhost:8080/\n" +#~ "auditlog = /var/log/custodia.log\n" +#~ "debug = True\n" +#~ "\n" +#~ "[store:simple]\n" +#~ "handler = custodia.store.sqlite.SqliteStore\n" +#~ "dburi = /var/lib/custodia.db\n" +#~ "table = secrets\n" +#~ "\n" +#~ "[auth:header]\n" +#~ "handler = custodia.httpd.authenticators.SimpleHeaderAuth\n" +#~ "header = MYSECRETNAME\n" +#~ "value = mysecretkey\n" +#~ "\n" +#~ "[authz:paths]\n" +#~ "handler = custodia.httpd.authorizers.SimplePathAuthz\n" +#~ "paths = /secrets\n" +#~ "\n" +#~ "[/]\n" +#~ "handler = custodia.root.Root\n" +#~ "store = simple\n" +#~ " " + +#~ msgid "" +#~ "This configuration will set up a Custodia server listening on http://" +#~ "localhost:8080, allowing anyone with header named MYSECRETNAME set to " +#~ "mysecretkey to communicate with the Custodia server. Place the contents " +#~ "into a file (for example, <replaceable>custodia.conf</replaceable>): " +#~ "<placeholder type=\"programlisting\" id=\"0\"/>" +#~ msgstr "" +#~ "Ці налаштування визначають для сервера Custodia адресу очікування даних " +#~ "http://localhost:8080, дозволяють будь-кому із заголовком із назвою " +#~ "MYSECRETNAME, який встановлено у значення mysecretkey, обмін даними із " +#~ "сервером Custodia. Запишіть ці дані до файла (наприклад, " +#~ "<replaceable>custodia.conf</replaceable>): <placeholder " +#~ "type=\"programlisting\" id=\"0\"/>" + +#~ msgid "" +#~ "Then run the <replaceable>custodia</replaceable> command, pointing it at " +#~ "the config file as a command line argument." +#~ msgstr "" +#~ "Далі, віддайте команду <replaceable>custodia</replaceable>, вказавши файл " +#~ "налаштувань у параметрі командного рядка." + +#~ msgid "" +#~ "Please note that currently it's not possible to proxy all requests " +#~ "globally to a Custodia instance. Instead, per-user subsections for user " +#~ "IDs that should proxy requests to Custodia must be defined. The following " +#~ "example illustrates a configuration, where the user with UID 123 would " +#~ "proxy their requests to Custodia, but all other user's requests would be " +#~ "handled by a local provider." +#~ msgstr "" +#~ "Будь ласка, зверніть увагу на те, що у поточній версії неможливо на " +#~ "загальному рівні переспрямовувати усі запити до екземпляра Custodia. " +#~ "Замість цього слід визначати підрозділи для окремих ідентифікаторів " +#~ "користувачів, які переспрямовуватимуть запити до Custodia. У наведеному " +#~ "нижче прикладі проілюстровано конфігурацію, за якої запити користувача із " +#~ "UID 123 переспрямовуватимуться до Custodia, а запити усіх інших " +#~ "користувачів оброблятимуться локальним засобом надання даних." + +#, no-wrap +#~ msgid "" +#~ "[secrets]\n" +#~ "\n" +#~ "[secrets/users/123]\n" +#~ "provider = proxy\n" +#~ "proxy_url = http://localhost:8080/secrets/\n" +#~ "auth_type = header\n" +#~ "auth_header_name = MYSECRETNAME\n" +#~ "auth_header_value = mysecretkey\n" +#~ " " +#~ msgstr "" +#~ "[secrets]\n" +#~ "\n" +#~ "[secrets/users/123]\n" +#~ "provider = proxy\n" +#~ "proxy_url = http://localhost:8080/secrets/\n" +#~ "auth_type = header\n" +#~ "auth_header_name = MYSECRETNAME\n" +#~ "auth_header_value = mysecretkey\n" +#~ " " + +#~ msgid "sss_groupmod" +#~ msgstr "sss_groupmod" + +#~ msgid "modify a group" +#~ msgstr "зміна групи" + +#~ msgid "" +#~ "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupmod</command> <arg choice='opt'> " +#~ "<replaceable>параметри</replaceable> </arg> <arg " +#~ "choice='plain'><replaceable>ГРУПА</replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_groupmod</command> modifies the group to reflect the changes " +#~ "that are specified on the command line." +#~ msgstr "" +#~ "<command>sss_groupmod</command> змінює назву групи відповідно до змін, " +#~ "внесених за допомогою командного рядка." + +#~ msgid "" +#~ "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-a</option>,<option>--append-group</option> <replaceable>ГРУПИ</" +#~ "replaceable>" + +#~ msgid "" +#~ "Append this group to groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter " +#~ "is a comma separated list of group names." +#~ msgstr "" +#~ "Додати групу до груп, вказаних за допомогою параметра <replaceable>ГРУПИ</" +#~ "replaceable>. Параметр <replaceable>ГРУПИ</replaceable> є списком груп, " +#~ "відокремлених комами." + +#~ msgid "" +#~ "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-r</option>,<option>--remove-group</option> <replaceable>ГРУПИ</" +#~ "replaceable>" + +#~ msgid "" +#~ "Remove this group from groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter." +#~ msgstr "" +#~ "Вилучає групу з груп, вказаних за допомогою параметра <replaceable>ГРУПИ</" +#~ "replaceable>." + +#~ msgid "" +#~ "<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)." +#~ msgstr "" +#~ "<quote>local</quote>: вбудований засіб SSSD для локальних користувачів " +#~ "(ЗАСТАРІЛИЙ)." + +#~ msgid "<quote>local</quote>: SSSD internal provider for local users" +#~ msgstr "" +#~ "<quote>local</quote>: вбудований засіб SSSD для локальних користувачів" + +#~ msgid "" +#~ "Treat user and group names as case sensitive. <phrase " +#~ "condition=\"enable_local_provider\"> At the moment, this option is not " +#~ "supported in the local provider. </phrase> Possible option values are: " +#~ "<placeholder type=\"variablelist\" id=\"0\"/>" +#~ msgstr "" +#~ "Враховувати регістр записів імен користувачів та назв груп. <phrase " +#~ "condition=\"enable_local_provider\"> У поточній версії підтримку " +#~ "передбачено лише для локальних надавачів даних. </phrase> Можливі " +#~ "значення параметра: <placeholder type=\"variablelist\" id=\"0\"/>" + +#~ msgid "The local domain section" +#~ msgstr "Розділ локального домену" + +#~ msgid "" +#~ "This section contains settings for domain that stores users and groups in " +#~ "SSSD native database, that is, a domain that uses " +#~ "<replaceable>id_provider=local</replaceable>." +#~ msgstr "" +#~ "У цьому розділі містяться параметри для домену, який зберігає записи " +#~ "користувачів і груп у вбудованій базі даних SSSD, тобто домену, який " +#~ "використовує <replaceable>id_provider=local</replaceable>." + +#~ msgid "default_shell (string)" +#~ msgstr "default_shell (рядок)" + +#~ msgid "The default shell for users created with SSSD userspace tools." +#~ msgstr "" +#~ "Типова оболонка для записів користувачів, створених за допомогою " +#~ "інструментів простору користувачів SSSD." + +#~ msgid "Default: <filename>/bin/bash</filename>" +#~ msgstr "Типове значення: <filename>/bin/bash</filename>" + +#~ msgid "base_directory (string)" +#~ msgstr "base_directory (рядок)" + +#~ msgid "" +#~ "The tools append the login name to <replaceable>base_directory</" +#~ "replaceable> and use that as the home directory." +#~ msgstr "" +#~ "Інструменти додають ім’я користувача до <replaceable>base_directory</" +#~ "replaceable> і використовують отриману адресу як адресу домашнього " +#~ "каталогу." + +#~ msgid "Default: <filename>/home</filename>" +#~ msgstr "Типове значення: <filename>/home</filename>" + +#~ msgid "create_homedir (bool)" +#~ msgstr "create_homedir (булеве значення)" + +#~ msgid "" +#~ "Indicate if a home directory should be created by default for new users. " +#~ "Can be overridden on command line." +#~ msgstr "" +#~ "Визначає, чи слід типово створювати домашній каталог для нових " +#~ "користувачів. Може бути перевизначено з командного рядка." + +#~ msgid "remove_homedir (bool)" +#~ msgstr "remove_homedir (булівське значення)" + +#~ msgid "" +#~ "Indicate if a home directory should be removed by default for deleted " +#~ "users. Can be overridden on command line." +#~ msgstr "" +#~ "Визначає, чи слід вилучати домашній каталог для вилучених записів " +#~ "користувачів. Може бути перевизначено з командного рядка." + +#~ msgid "homedir_umask (integer)" +#~ msgstr "homedir_umask (ціле число)" + +#~ msgid "" +#~ "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +#~ "<manvolnum>8</manvolnum> </citerefentry> to specify the default " +#~ "permissions on a newly created home directory." +#~ msgstr "" +#~ "Використовується <citerefentry> <refentrytitle>sss_useradd</" +#~ "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> для визначення " +#~ "типових прав доступу до щойно створеного домашнього каталогу." + +#~ msgid "Default: 077" +#~ msgstr "Типове значення: 077" + +#~ msgid "skel_dir (string)" +#~ msgstr "skel_dir (рядок)" + +#~ msgid "" +#~ "The skeleton directory, which contains files and directories to be copied " +#~ "in the user's home directory, when the home directory is created by " +#~ "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +#~ "manvolnum> </citerefentry>" +#~ msgstr "" +#~ "Каркасний каталог, який містить файли і каталоги, які буде скопійовано до " +#~ "домашнього каталогу користувача, коли такий домашній каталог створюється " +#~ "командою <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +#~ "<manvolnum>8</manvolnum> </citerefentry>" + +#~ msgid "Default: <filename>/etc/skel</filename>" +#~ msgstr "Типове значення: <filename>/etc/skel</filename>" + +#~ msgid "mail_dir (string)" +#~ msgstr "mail_dir (рядок)" + +#~ msgid "" +#~ "The mail spool directory. This is needed to manipulate the mailbox when " +#~ "its corresponding user account is modified or deleted. If not specified, " +#~ "a default value is used." +#~ msgstr "" +#~ "Каталог буфера пошти. Цей каталог потрібен для обробки поштової скриньки, " +#~ "якщо відповідний обліковий запис користувача змінено або вилучено. Якщо " +#~ "каталог не вказано, буде використано типове значення." + +#~ msgid "Default: <filename>/var/mail</filename>" +#~ msgstr "Типове значення: <filename>/var/mail</filename>" + +#~ msgid "userdel_cmd (string)" +#~ msgstr "userdel_cmd (рядок)" + +#~ msgid "" +#~ "The command that is run after a user is removed. The command us passed " +#~ "the username of the user being removed as the first and only parameter. " +#~ "The return code of the command is not taken into account." +#~ msgstr "" +#~ "Команда, яку буде виконано після вилучення запису користувача. Команді, " +#~ "як перший і єдиний параметр, передається ім’я користувача, запис якого " +#~ "вилучається. Код виконання, повернутий програмою не обробляється." + +#~ msgid "Default: None, no command is run" +#~ msgstr "Типове значення: None, не виконувати жодних команд" + +#~ msgid "sss_useradd" +#~ msgstr "sss_useradd" + +#~ msgid "create a new user" +#~ msgstr "створення нового запису користувача" + +#~ msgid "" +#~ "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_useradd</command> <arg choice='opt'> <replaceable>параметри</" +#~ "replaceable> </arg> <arg " +#~ "choice='plain'><replaceable>НАЗВА_ОБЛІКОВОГО_ЗАПИСУ</replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_useradd</command> creates a new user account using the " +#~ "values specified on the command line plus the default values from the " +#~ "system." +#~ msgstr "" +#~ "<command>sss_useradd</command> створює обліковий запис користувача на " +#~ "основі значень, вказаних у командному рядку та типових значень системи." + +#~ msgid "" +#~ "Set the UID of the user to the value of <replaceable>UID</replaceable>. " +#~ "If not given, it is chosen automatically." +#~ msgstr "" +#~ "Встановити для параметра ідентифікатора користувача (UID) значення " +#~ "<replaceable>UID</replaceable>. Якщо таке значення не буде вказано, " +#~ "програма вибере його автоматично." + +#~ msgid "" +#~ "The home directory of the user account. The default is to append the " +#~ "<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and " +#~ "use that as the home directory. The base that is prepended before " +#~ "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" +#~ "baseDirectory</quote> setting in sssd.conf." +#~ msgstr "" +#~ "Домашній каталог облікового запису користувача. Типовою назвою такого " +#~ "каталогу є назва, що утворюється додаванням " +#~ "<replaceable>ІМЕНІ_КОРИСТУВАЧА</replaceable> до запису <filename>/home</" +#~ "filename>. Рядок, який буде додано перед <replaceable>ІМЕНЕМ_КОРИСТУВАЧА</" +#~ "replaceable>, можна визначити за допомогою параметра «user_defaults/" +#~ "baseDirectory» у sssd.conf." + +#~ msgid "" +#~ "The user's login shell. The default is currently <filename>/bin/bash</" +#~ "filename>. The default can be changed with <quote>user_defaults/" +#~ "defaultShell</quote> setting in sssd.conf." +#~ msgstr "" +#~ "Командна оболонка реєстрації користувача. У поточній версії типовою " +#~ "оболонкою є <filename>/bin/bash</filename>. Типову оболонку можна змінити " +#~ "за допомогою параметра «user_defaults/defaultShell» у sssd.conf." + +#~ msgid "" +#~ "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-G</option>,<option>--groups</option> <replaceable>ГРУПИ</" +#~ "replaceable>" + +#~ msgid "A list of existing groups this user is also a member of." +#~ msgstr "Список груп, учасником яких є користувач." + +#~ msgid "<option>-m</option>,<option>--create-home</option>" +#~ msgstr "<option>-m</option>,<option>--create-home</option>" + +#~ msgid "" +#~ "Create the user's home directory if it does not exist. The files and " +#~ "directories contained in the skeleton directory (which can be defined " +#~ "with the -k option or in the config file) will be copied to the home " +#~ "directory." +#~ msgstr "" +#~ "Створити домашній каталог користувача, якщо такого ще не існує. До такого " +#~ "домашнього каталогу буде скопійовано файли і каталоги з каркасного " +#~ "каталогу (який можна визначити за допомогою параметра -k або запису у " +#~ "файлі налаштувань)." + +#~ msgid "<option>-M</option>,<option>--no-create-home</option>" +#~ msgstr "<option>-M</option>,<option>--no-create-home</option>" + +#~ msgid "" +#~ "Do not create the user's home directory. Overrides configuration settings." +#~ msgstr "" +#~ "Не створювати домашнього каталогу користувача. Має пріоритет над іншими " +#~ "параметрами налаштування." + +#~ msgid "" +#~ "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-k</option>,<option>--skel</option> <replaceable>КАТАЛОГ_SKEL</" +#~ "replaceable>" + +#~ msgid "" +#~ "The skeleton directory, which contains files and directories to be copied " +#~ "in the user's home directory, when the home directory is created by " +#~ "<command>sss_useradd</command>." +#~ msgstr "" +#~ "Каркасний каталог, який містить файли і каталоги, які буде скопійовано до " +#~ "домашнього каталогу користувача, коли такий домашній каталог створюється " +#~ "командою <command>sss_useradd</command>." + +#~ msgid "" +#~ "Special files (block devices, character devices, named pipes and unix " +#~ "sockets) will not be copied." +#~ msgstr "" +#~ "Спеціальні файли (блокові пристрої, символьні пристрої, іменовані канали " +#~ "та сокети UNIX) скопійовано не буде." + +#~ msgid "" +#~ "This option is only valid if the <option>-m</option> (or <option>--create-" +#~ "home</option>) option is specified, or creation of home directories is " +#~ "set to TRUE in the configuration." +#~ msgstr "" +#~ "Цей параметр набуде чинності, лише якщо вказано параметр <option>-m</" +#~ "option> (або <option>--create-home</option>) або для створення домашніх " +#~ "каталогів вказано TRUE у налаштуваннях." + +#~ msgid "" +#~ "<option>-Z</option>,<option>--selinux-user</option> " +#~ "<replaceable>SELINUX_USER</replaceable>" +#~ msgstr "" +#~ "<option>-Z</option>,<option>--selinux-user</option> " +#~ "<replaceable>КОРИСТУВАЧ_SELINUX</replaceable>" + +#~ msgid "" +#~ "The SELinux user for the user's login. If not specified, the system " +#~ "default will be used." +#~ msgstr "" +#~ "Користувач SELinux, що відповідає користувачеві, який увійшов до системи. " +#~ "Якщо не вказано, буде використано типового користувача системи." + +#~ msgid "sss_groupadd" +#~ msgstr "sss_groupadd" + +#~ msgid "create a new group" +#~ msgstr "створення нової групи" + +#~ msgid "" +#~ "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupadd</command> <arg choice='opt'> " +#~ "<replaceable>параметри</replaceable> </arg> <arg " +#~ "choice='plain'><replaceable>ГРУПА</replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_groupadd</command> creates a new group. These groups are " +#~ "compatible with POSIX groups, with the additional feature that they can " +#~ "contain other groups as members." +#~ msgstr "" +#~ "<command>sss_groupadd</command> створює групу. Такі групи є сумісними з " +#~ "групами POSIX. Додатковою можливістю цих груп є те, що учасниками можуть " +#~ "бути інші групи." + +#~ msgid "" +#~ "Set the GID of the group to the value of <replaceable>GID</replaceable>. " +#~ "If not given, it is chosen automatically." +#~ msgstr "" +#~ "Встановити для параметра ідентифікатора групи (GID) значення " +#~ "<replaceable>GID</replaceable>. Якщо таке значення не буде вказано, " +#~ "програма вибере його автоматично." + +#~ msgid "sss_userdel" +#~ msgstr "sss_userdel" + +#~ msgid "delete a user account" +#~ msgstr "вилучення облікового запису користувача" + +#~ msgid "" +#~ "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_userdel</command> <arg choice='opt'> <replaceable>параметри</" +#~ "replaceable> </arg> <arg " +#~ "choice='plain'><replaceable>НАЗВА_ОБЛІКОВОГО_ЗАПИСУ</replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_userdel</command> deletes a user identified by login name " +#~ "<replaceable>LOGIN</replaceable> from the system." +#~ msgstr "" +#~ "<command>sss_userdel</command> вилучає обліковий запис користувача " +#~ "<replaceable>ІМ’Я_КОРИСТУВАЧА</replaceable> з системи." + +#~ msgid "<option>-r</option>,<option>--remove</option>" +#~ msgstr "<option>-r</option>,<option>--remove</option>" + +#~ msgid "" +#~ "Files in the user's home directory will be removed along with the home " +#~ "directory itself and the user's mail spool. Overrides the configuration." +#~ msgstr "" +#~ "Файли у домашньому каталозі користувача буде вилучено разом з самим " +#~ "домашнім каталогом та поштовим буфером користувача. Може бути " +#~ "перевизначено у налаштуваннях." + +#~ msgid "<option>-R</option>,<option>--no-remove</option>" +#~ msgstr "<option>-R</option>,<option>--no-remove</option>" + +#~ msgid "" +#~ "Files in the user's home directory will NOT be removed along with the " +#~ "home directory itself and the user's mail spool. Overrides the " +#~ "configuration." +#~ msgstr "" +#~ "Файли у домашньому каталозі користувача НЕ буде вилучено разом з самим " +#~ "домашнім каталогом та поштовим буфером користувача. Може бути " +#~ "перевизначено у налаштуваннях." + +#~ msgid "<option>-f</option>,<option>--force</option>" +#~ msgstr "<option>-f</option>,<option>--force</option>" + +#~ msgid "" +#~ "This option forces <command>sss_userdel</command> to remove the user's " +#~ "home directory and mail spool, even if they are not owned by the " +#~ "specified user." +#~ msgstr "" +#~ "За допомогою цього параметра можна примусити <command>sss_userdel</" +#~ "command> вилучати домашній каталог користувача та буфер пошти, навіть " +#~ "якщо їхнім власником не є вказаний користувач." + +#~ msgid "<option>-k</option>,<option>--kick</option>" +#~ msgstr "<option>-k</option>,<option>--kick</option>" + +#~ msgid "Before actually deleting the user, terminate all his processes." +#~ msgstr "" +#~ "До вилучення запису користувача завершити роботу всіх процесів, власником " +#~ "яких є цей користувач." + +#~ msgid "sss_groupdel" +#~ msgstr "sss_groupdel" + +#~ msgid "delete a group" +#~ msgstr "вилучення групи" + +#~ msgid "" +#~ "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupdel</command> <arg choice='opt'> " +#~ "<replaceable>параметри</replaceable> </arg> <arg " +#~ "choice='plain'><replaceable>ГРУПА</replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_groupdel</command> deletes a group identified by its name " +#~ "<replaceable>GROUP</replaceable> from the system." +#~ msgstr "" +#~ "<command>sss_groupdel</command> вилучає групу, вказану за допомогою " +#~ "аргументу <replaceable>ГРУПА</replaceable>, з системи." + +#~ msgid "sss_groupshow" +#~ msgstr "sss_groupshow" + +#~ msgid "print properties of a group" +#~ msgstr "показ параметрів групи" + +#~ msgid "" +#~ "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_groupshow</command> <arg choice='opt'> " +#~ "<replaceable>параметри</replaceable> </arg> <arg " +#~ "choice='plain'><replaceable>ГРУПА</replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_groupshow</command> displays information about a group " +#~ "identified by its name <replaceable>GROUP</replaceable>. The information " +#~ "includes the group ID number, members of the group and the parent group." +#~ msgstr "" +#~ "<command>sss_groupshow</command> показує дані щодо групи, вказаної за " +#~ "назвою, <replaceable>ГРУПА</replaceable>. Серед даних буде " +#~ "ідентифікаційний номер групи, кількість учасників групи та назва " +#~ "батьківської групи." + +#~ msgid "<option>-R</option>,<option>--recursive</option>" +#~ msgstr "<option>-R</option>,<option>--recursive</option>" + +#~ msgid "" +#~ "Also print indirect group members in a tree-like hierarchy. Note that " +#~ "this also affects printing parent groups - without <option>R</option>, " +#~ "only the direct parent will be printed." +#~ msgstr "" +#~ "Вивести також список непрямих учасників групи у форматі деревоподібної " +#~ "ієрархії. Зауважте, що використання параметра також вплине на виведення " +#~ "батьківських груп: без <option>R</option> буде виведено список лише " +#~ "безпосередніх батьківських груп." + +#~ msgid "sss_usermod" +#~ msgstr "sss_usermod" + +#~ msgid "modify a user account" +#~ msgstr "зміна облікового запису користувача" + +#~ msgid "" +#~ "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" +#~ "arg>" +#~ msgstr "" +#~ "<command>sss_usermod</command> <arg choice='opt'> <replaceable>параметри</" +#~ "replaceable> </arg> <arg choice='plain'><replaceable>ІМ’Я_КОРИСТУВАЧА</" +#~ "replaceable></arg>" + +#~ msgid "" +#~ "<command>sss_usermod</command> modifies the account specified by " +#~ "<replaceable>LOGIN</replaceable> to reflect the changes that are " +#~ "specified on the command line." +#~ msgstr "" +#~ "<command>sss_usermod</command> змінює параметри облікового запису " +#~ "<replaceable>ІМ’Я_КОРИСТУВАЧА</replaceable> відповідно до значень, " +#~ "вказаних у командному рядку." + +#~ msgid "The home directory of the user account." +#~ msgstr "Домашній каталог облікового запису користувача." + +#~ msgid "The user's login shell." +#~ msgstr "Оболонка для входу користувача до системи." + +#~ msgid "" +#~ "Append this user to groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter " +#~ "is a comma separated list of group names." +#~ msgstr "" +#~ "Додати запис користувача до груп, вказаних за допомогою параметра " +#~ "<replaceable>ГРУПИ</replaceable>. Параметр <replaceable>ГРУПИ</" +#~ "replaceable> є списком груп, відокремлених комами." + +#~ msgid "" +#~ "Remove this user from groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter." +#~ msgstr "" +#~ "Вилучає запис користувача з груп, вказаних за допомогою параметра " +#~ "<replaceable>ГРУПИ</replaceable>." + +#~ msgid "<option>-l</option>,<option>--lock</option>" +#~ msgstr "<option>-l</option>,<option>--lock</option>" + +#~ msgid "Lock the user account. The user won't be able to log in." +#~ msgstr "" +#~ "Заблокувати обліковий запис користувача. Заблокований користувач не зможе " +#~ "входити до системи." + +#~ msgid "<option>-u</option>,<option>--unlock</option>" +#~ msgstr "<option>-u</option>,<option>--unlock</option>" + +#~ msgid "Unlock the user account." +#~ msgstr "Розблокувати обліковий запис користувача." + +#~ msgid "The SELinux user for the user's login." +#~ msgstr "Ім’я користувача SELinux, що відповідає імені для входу до системи." + +#~ msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +#~ msgstr "" +#~ "<option>--addattr</option> <replaceable>ПАРА_АТРИБУТ-ЗНАЧЕННЯ</" +#~ "replaceable>" + +#~ msgid "Add an attribute/value pair. The format is attrname=value." +#~ msgstr "Додати пару атрибут-значення. Форматування: атрибут=значення." + +#~ msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +#~ msgstr "" +#~ "<option>--setattr</option> <replaceable>ПАРА_АТРИБУТ-ЗНАЧЕННЯ</" +#~ "replaceable>" + +#~ msgid "" +#~ "Set an attribute to a name/value pair. The format is attrname=value. For " +#~ "multi-valued attributes, the command replaces the values already present" +#~ msgstr "" +#~ "Встановити для вказаного за назвою атрибута значення. Форматування: " +#~ "атрибут=значення. Для атрибутів з декількома значеннями команда призведе " +#~ "до заміни поточних значень." + +#~ msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>" +#~ msgstr "" +#~ "<option>--delattr</option> <replaceable>ПАРА_АТРИБУТ-ЗНАЧЕННЯ</" +#~ "replaceable>" + +#~ msgid "Delete an attribute/value pair. The format is attrname=value." +#~ msgstr "Вилучити пару атрибут-значення. Форматування: атрибут=значення." + +#~ msgid "Default: /etc/krb5.keytab" +#~ msgstr "Типове значення: /etc/krb5.keytab" + +#~ msgid "(NSS Version) This option is ignored." +#~ msgstr "(Версія для NSS) Цей параметр буде проігноровано." + +#~ msgid "Default: sha256" +#~ msgstr "Типове значення: sha256" + +#~ msgid "" +#~ "(NSS Version) This option is ignored, because NSS uses sha1 " +#~ "unconditionally." +#~ msgstr "" +#~ "(Версія для NSS) Цей параметр буде проігноровано, оскільки у NSS завжди " +#~ "використовується sha1." + +#~ msgid "" +#~ "(NSS Version) This option must be used together with " +#~ "ocsp_default_responder_signing_cert." +#~ msgstr "" +#~ "(Версія з NSS) Цей параметр слід використовувати разом із параметром " +#~ "ocsp_default_responder_signing_cert." + +#~ msgid "" +#~ "(NSS Version) The nickname of the cert to trust (expected) to sign the " +#~ "OCSP responses. The certificate with the given nickname must be " +#~ "available in the systems NSS database." +#~ msgstr "" +#~ "(Версія з NSS) Альтернативна назва сертифіката, якому слід довіряти " +#~ "(очікувано) для підписування відповідей OCSP. Сертифікат із вказаною " +#~ "альтернативною назвою має зберігатися у базі даних NSS системи." + +#~ msgid "This option must be used together with ocsp_default_responder." +#~ msgstr "" +#~ "Цим параметром слід користуватися разом із параметром " +#~ "ocsp_default_responder." + +#~ msgid "" +#~ "(NSS Version) This option is ignored, please see <citerefentry> " +#~ "<refentrytitle>crlutil</refentrytitle> <manvolnum>1</manvolnum> </" +#~ "citerefentry> how to import a Certificate Revocation List (CRL) into a " +#~ "NSS database." +#~ msgstr "" +#~ "(Версія з NSS) Цей параметр буде проігноровано, будь ласка, див. " +#~ "<citerefentry> <refentrytitle>crlutil</refentrytitle> <manvolnum>1</" +#~ "manvolnum> </citerefentry>, щоб дізнатися про те, як імпортувати список " +#~ "відкликання сертифікатів (CRL) до бази даних NSS." + +#~ msgid "This man page was generated for the NSS version." +#~ msgstr "Цю сторінку підручника було створено для версії NSS." + +#~ msgid "This man page was generated for the OpenSSL version." +#~ msgstr "Цю сторінку підручника було створено для версії OpenSSL." + +#~ msgid "" +#~ "The random offset can increment up to 30 seconds. After each " +#~ "unsuccessful attempt to go online, the new interval is recalculated by " +#~ "the following:" +#~ msgstr "" +#~ "Випадковий зсув може збільшувати час на інтервал до 30 секунд. Після " +#~ "кожної невдалої спроби переходу до режиму у мережі новий інтервал часу " +#~ "обчислюється таким чином:" + +#~ msgid "new_interval = old_interval*2 + random_offset" +#~ msgstr "новий_інтервал = старий_інтервал*2 + випадковий_зсув" + +#~ msgid "" +#~ "Note that the maximum length of each interval is currently limited to one " +#~ "hour. If the calculated length of new_interval is greater than an hour, " +#~ "it will be forced to one hour." +#~ msgstr "" +#~ "Зауважте, що максимальна тривалість кожного з інтервалів у поточній " +#~ "версії обмежено однією годиною. Якщо обчислена тривалість нового " +#~ "інтервалу перевищує годину, буде встановлено інтервал у одну годину." + +#~ msgid "memcache_timeout (int)" +#~ msgstr "memcache_timeout (ціле число)" + +#~ msgid "" +#~ "/etc/pki/nssdb (NSS version, path to a NSS database which contains the " +#~ "PKCS#11 modules to access the Smartcard and the trusted CA certificates)" +#~ msgstr "" +#~ "/etc/pki/nssdb (версія NSS, шлях до бази даних NSS, які містить модулі " +#~ "PKCS#11 для доступу до смарткартки та довірених сертифікатів CA)" + +#~ msgid "/etc/pki/nssdb (NSS version, path to a NSS database)" +#~ msgstr "/etc/pki/nssdb (версія NSS, шлях до бази даних NSS)" + +#~ msgid "<option>-f</option>,<option>--debug-to-files</option>" +#~ msgstr "<option>-f</option>,<option>--debug-to-files</option>" + +#~ msgid "" +#~ "Send the debug output to files instead of stderr. By default, the log " +#~ "files are stored in <filename>/var/log/sssd</filename> and there are " +#~ "separate log files for every SSSD service and domain." +#~ msgstr "" +#~ "Надіслати діагностичні дані до файлів, а не до stderr. Типово файли " +#~ "журналів зберігаються у <filename>/var/log/sssd</filename>, передбачено " +#~ "також окремий журнал для кожної служби і домену SSSD." + +#~ msgid "" +#~ "This option is deprecated. It is replaced by <option>--logger=files</" +#~ "option>." +#~ msgstr "" +#~ "Цей параметр вважається застарілим. Його замінено параметром <option>--" +#~ "logger=files</option>." + +#~ msgid "" +#~ "Location where SSSD will send log messages. This option overrides the " +#~ "value of the deprecated option <option>--debug-to-files</option>. The " +#~ "deprecated option will still work if the <option>--logger</option> is not " +#~ "used." +#~ msgstr "" +#~ "Місце, куди SSSD надсилатиме повідомлення журналу. Значення цього " +#~ "параметра має вищий пріоритет за значення застарілого параметра <option>--" +#~ "debug-to-files</option>. Застарілий параметр працюватиме, якщо не " +#~ "використано параметр <option>--logger</option>." + +#~ msgid "<emphasis>Default</emphasis>: 0" +#~ msgstr "<emphasis>Типове значення</emphasis>: 0" diff --git a/src/man/po/zh_CN.po b/src/man/po/zh_CN.po new file mode 100644 index 0000000..f2ff320 --- /dev/null +++ b/src/man/po/zh_CN.po @@ -0,0 +1,18266 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Red Hat +# This file is distributed under the same license as the sssd-docs package. +# +# Translators: +# Christopher Meng <cickumqt@gmail.com>, 2012 +# Ludek Janda <ljanda@redhat.com>, 2020. #zanata +msgid "" +msgstr "" +"Project-Id-Version: sssd-docs 2.3.0\n" +"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" +"PO-Revision-Date: 2020-07-22 07:51-0400\n" +"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" +"Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/" +"language/zh_CN/)\n" +"Language: zh_CN\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: Zanata 4.6.2\n" + +#. type: Content of: <reference><title> +#: sssd.conf.5.xml:8 sssd-ldap.5.xml:5 pam_sss.8.xml:5 pam_sss_gss.8.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5 +#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 +#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sssd-krb5.5.xml:5 +#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 +#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5 +#: sssd-files.5.xml:5 sssd-session-recording.5.xml:5 sssd-kcm.8.xml:5 +#: sssd-systemtap.5.xml:5 sssd-ldap-attributes.5.xml:5 +#: sssd_krb5_localauth_plugin.8.xml:5 +msgid "SSSD Manual pages" +msgstr "SSSD 手册页面" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.conf.5.xml:13 sssd.conf.5.xml:19 +msgid "sssd.conf" +msgstr "sssd.conf" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sssd.conf.5.xml:14 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 +#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +#: sssd-files.5.xml:11 sssd-session-recording.5.xml:11 sssd-systemtap.5.xml:11 +#: sssd-ldap-attributes.5.xml:11 +msgid "5" +msgstr "5" + +#. type: Content of: <reference><refentry><refmeta><refmiscinfo> +#: sssd.conf.5.xml:15 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 +#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +#: sssd-files.5.xml:12 sssd-session-recording.5.xml:12 sssd-kcm.8.xml:12 +#: sssd-systemtap.5.xml:12 sssd-ldap-attributes.5.xml:12 +msgid "File Formats and Conventions" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.conf.5.xml:20 +msgid "the configuration file for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:24 +msgid "FILE FORMAT" +msgstr "文件格式" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:32 +#, no-wrap +msgid "" +"<replaceable>[section]</replaceable>\n" +"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n" +"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:27 +msgid "" +"The file has an ini-style syntax and consists of sections and parameters. A " +"section begins with the name of the section in square brackets and continues " +"until the next section begins. An example of section with single and multi-" +"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:39 +msgid "" +"The data types used are string (no quotes needed), integer and bool (with " +"values of <quote>TRUE/FALSE</quote>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:44 +msgid "" +"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon " +"(<quote>;</quote>). Inline comments are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:50 +msgid "" +"All sections can have an optional <replaceable>description</replaceable> " +"parameter. Its function is only as a label for the section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:56 +msgid "" +"<filename>sssd.conf</filename> must be a regular file, owned by root and " +"only root may read from or write to the file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:62 +msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:65 +msgid "" +"The configuration file <filename>sssd.conf</filename> will include " +"configuration snippets using the include directory <filename>conf.d</" +"filename>. This feature is available if SSSD was compiled with libini " +"version 1.3.0 or later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:72 +msgid "" +"Any file placed in <filename>conf.d</filename> that ends in " +"<quote><filename>.conf</filename></quote> and does not begin with a dot " +"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> " +"to configure SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:80 +msgid "" +"The configuration snippets from <filename>conf.d</filename> have higher " +"priority than <filename>sssd.conf</filename> and will override " +"<filename>sssd.conf</filename> when conflicts occur. If several snippets are " +"present in <filename>conf.d</filename>, then they are included in " +"alphabetical order (based on locale). Files included later have higher " +"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, " +"<filename>02_snippet.conf</filename> etc.) can help visualize the priority " +"(higher number means higher priority)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:94 +msgid "" +"The snippet files require the same owner and permissions as <filename>sssd." +"conf</filename>. Which are by default root:root and 0600." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:101 +msgid "GENERAL OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:103 +msgid "Following options are usable in more than one configuration sections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:107 +msgid "Options usable in all sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:111 +msgid "debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:115 +msgid "debug (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:118 +msgid "" +"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias " +"for <replaceable>debug_level</replaceable> as a convenience feature. If both " +"are specified, the value of <replaceable>debug_level</replaceable> will be " +"used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:128 +msgid "debug_timestamps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:131 +msgid "" +"Add a timestamp to the debug messages. If journald is enabled for SSSD " +"debug logging this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 +msgid "Default: true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:141 +msgid "debug_microseconds (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:144 +msgid "" +"Add microseconds to the timestamp in debug messages. If journald is enabled " +"for SSSD debug logging this option is ignored." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 +#: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 +#: include/krb5_options.xml:163 +msgid "Default: false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:154 +msgid "debug_backtrace_enabled (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:157 +msgid "Enable debug backtrace." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:160 +msgid "" +"In case SSSD is run with debug_level less than 9, everything is logged to a " +"ring buffer in memory and flushed to a log file on any error up to and " +"including `min(0x0040, debug_level)` (i.e. if debug_level is explicitly set " +"to 0 or 1 then only those error levels will trigger backtrace, otherwise up " +"to 2)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:169 +msgid "" +"Feature is only supported for `logger == files` (i.e. setting doesn't have " +"effect for other logger types)." +msgstr "" + +#. type: Content of: outside any tag (error?) +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 +#: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 +#: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 +#: sssd-ldap-attributes.5.xml:890 sssd-ldap-attributes.5.xml:987 +#: sssd-ldap-attributes.5.xml:1045 sssd-ldap-attributes.5.xml:1203 +#: sssd-ldap-attributes.5.xml:1248 include/autofs_attributes.xml:1 +#: include/krb5_options.xml:1 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:182 +msgid "Options usable in SERVICE and DOMAIN sections" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:186 +msgid "timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:189 +msgid "" +"Timeout in seconds between heartbeats for this service. This is used to " +"ensure that the process is alive and capable of answering requests. Note " +"that after three missed heartbeats the process will terminate itself." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +msgid "Default: 10" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:206 +msgid "SPECIAL SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:209 +msgid "The [sssd] section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><title> +#: sssd.conf.5.xml:218 +msgid "Section parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:220 +msgid "config_file_version (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:223 +msgid "" +"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " +"version 2." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:229 +msgid "services" +msgstr "服务" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:232 +msgid "" +"Comma separated list of services that are started when sssd itself starts. " +"<phrase condition=\"have_systemd\"> The services' list is optional on " +"platforms where systemd is supported, as they will either be socket or D-Bus " +"activated when needed. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:241 +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " +"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase " +"condition=\"with_ssh\">, ssh</phrase> <phrase " +"condition=\"with_pac_responder\">, pac</phrase> <phrase " +"condition=\"with_ifp\">, ifp</phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:249 +msgid "" +"<phrase condition=\"have_systemd\"> By default, all services are disabled " +"and the administrator must enable the ones allowed to be used by executing: " +"\"systemctl enable sssd-@service@.socket\". </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 +msgid "reconnection_retries (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 +msgid "" +"Number of times services should attempt to reconnect in the event of a Data " +"Provider crash or restart before they give up" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 +#: include/failover.xml:100 +msgid "Default: 3" +msgstr "默认: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:271 +msgid "domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:274 +msgid "" +"A domain is a database containing user information. SSSD can use more " +"domains at the same time, but at least one must be configured or SSSD won't " +"start. This parameter describes the list of domains in the order you want " +"them to be queried. A domain name is recommended to contain only " +"alphanumeric ASCII characters, dashes, dots and underscores. '/' character " +"is forbidden." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 +msgid "re_expression (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:290 +msgid "" +"Default regular expression that describes how to parse the string containing " +"user name and domain into these components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:295 +msgid "" +"Each domain can have an individual regular expression configured. For some " +"ID providers there are also default regular expressions. See DOMAIN SECTIONS " +"for more info on these regular expressions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 +msgid "full_name_format (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 +msgid "" +"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatible format that describes how to compose a " +"fully qualified name from user name and domain name components." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 +msgid "%1$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 +msgid "user name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 +msgid "%2$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 +msgid "domain name as specified in the SSSD config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 +msgid "%3$s" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 +msgid "" +"domain flat name. Mostly usable for Active Directory domains, both directly " +"configured or discovered via IPA trusts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 +msgid "" +"The following expansions are supported: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:344 +msgid "" +"Each domain can have an individual format string configured. See DOMAIN " +"SECTIONS for more info on this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:350 +msgid "monitor_resolv_conf (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:353 +msgid "" +"Controls if SSSD should monitor the state of resolv.conf to identify when it " +"needs to update its internal DNS resolver." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:363 +msgid "try_inotify (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:366 +msgid "" +"By default, SSSD will attempt to use inotify to monitor configuration files " +"changes and will fall back to polling every five seconds if inotify cannot " +"be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:372 +msgid "" +"There are some limited situations where it is preferred that we should skip " +"even trying to use inotify. In these rare cases, this option should be set " +"to 'false'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:378 +msgid "" +"Default: true on platforms where inotify is supported. False on other " +"platforms." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:382 +msgid "" +"Note: this option will have no effect on platforms where inotify is " +"unavailable. On these platforms, polling will always be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:389 +msgid "krb5_rcache_dir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:392 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:396 +msgid "" +"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " +"SSSD to let libkrb5 decide the appropriate location for the replay cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:402 +msgid "" +"Default: Distribution-specific and specified at build-time. " +"(__LIBKRB5_DEFAULTS__ if not configured)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:409 +msgid "user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:412 +msgid "" +"The user to drop the privileges to where appropriate to avoid running as the " +"root user. Currently the only supported value is '&sssd_user_name;'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:419 +msgid "" +"This option does not work when running socket-activated services, as the " +"user set up to run the processes is set up during compilation time. The way " +"to override the systemd unit files is by creating the appropriate files in /" +"etc/systemd/system/. Keep in mind that any change in the socket user, group " +"or permissions may result in a non-usable SSSD. The same may occur in case " +"of changes of the user running the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:433 +msgid "Default: not set, process will run as root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:438 +msgid "default_domain_suffix (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:441 +msgid "" +"This string will be used as a default domain name for all names without a " +"domain name component. The main use case is environments where the primary " +"domain is intended for managing host policies and all users are located in a " +"trusted domain. The option allows those users to log in just with their " +"user name without giving a domain name as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:451 +msgid "" +"Please note that if this option is set all users from the primary domain " +"have to use their fully qualified name, e.g. user@domain.name, to log in. " +"Setting this option changes default of use_fully_qualified_names to True. It " +"is not allowed to use this option together with use_fully_qualified_names " +"set to False. <phrase condition=\"with_files_provider\"> One exception from " +"this rule are domains with <quote>id_provider=files</quote> that always try " +"to match the behaviour of nss_files and therefore their output is not " +"qualified even when the default_domain_suffix option is used. </phrase>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 +#: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 +#: include/krb5_options.xml:148 +msgid "Default: not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:473 +msgid "override_space (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:476 +msgid "" +"This parameter will replace spaces (space bar) with the given character for " +"user and group names. e.g. (_). User name "john doe" will be " +""john_doe" This feature was added to help compatibility with shell " +"scripts that have difficulty handling spaces, due to the default field " +"separator in the shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:485 +msgid "" +"Please note it is a configuration error to use a replacement character that " +"might be used in user or group names. If a name contains the replacement " +"character SSSD tries to return the unmodified name but in general the result " +"of a lookup is undefined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:493 +msgid "Default: not set (spaces will not be replaced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:498 +msgid "certificate_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:506 +msgid "no_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:508 +msgid "" +"Disables Online Certificate Status Protocol (OCSP) checks. This might be " +"needed if the OCSP servers defined in the certificate are not reachable from " +"the client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:516 +msgid "soft_ocsp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:518 +msgid "" +"If a connection cannot be established to an OCSP responder the OCSP check is " +"skipped. This option should be used to allow authentication when the system " +"is offline and the OCSP responder cannot be reached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:528 +msgid "ocsp_dgst" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:530 +msgid "" +"Digest (hash) function used to create the certificate ID for the OCSP " +"request. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:534 +msgid "sha1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:535 +msgid "sha256" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:536 +msgid "sha384" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:537 +msgid "sha512" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:540 +msgid "Default: sha1 (to allow compatibility with RFC5019-compliant responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:546 +msgid "no_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:548 +msgid "" +"Disables verification completely. This option should only be used for " +"testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:554 +msgid "partial_chain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:556 +msgid "" +"Allow verification to succeed even if a <replaceable>complete</replaceable> " +"chain cannot be built to a self-signed trust-anchor, provided it is possible " +"to construct a chain to a trusted certificate that might not be self-signed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:565 +msgid "ocsp_default_responder=URL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:567 +msgid "" +"Sets the OCSP default responder which should be used instead of the one " +"mentioned in the certificate. URL must be replaced with the URL of the OCSP " +"default responder e.g. http://example.com:80/ocsp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:577 +msgid "ocsp_default_responder_signing_cert=NAME" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:579 +msgid "" +"This option is currently ignored. All needed certificates must be available " +"in the PEM file given by pam_cert_db_path." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:587 +msgid "crl_file=/PATH/TO/CRL/FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:589 +msgid "" +"Use the Certificate Revocation List (CRL) from the given file during the " +"verification of the certificate. The CRL must be given in PEM format, see " +"<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</" +"manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:602 +msgid "soft_crl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:605 +msgid "" +"If a Certificate Revocation List (CRL) is expired ignore the CRL checks for " +"the related certificates. This option should be used to allow authentication " +"when the system is offline and the CRL cannot be renewed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:501 +msgid "" +"With this parameter the certificate verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:616 +msgid "Unknown options are reported but ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:619 +msgid "Default: not set, i.e. do not restrict certificate verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:625 +msgid "disable_netlink (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "" +"SSSD hooks into the netlink interface to monitor changes to routes, " +"addresses, links and trigger certain actions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:633 +msgid "" +"The SSSD state changes caused by netlink events may be undesirable and can " +"be disabled by setting this option to 'true'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:638 +msgid "Default: false (netlink changes are detected)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:643 +msgid "enable_files_domain (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:646 +msgid "" +"When this option is enabled, SSSD prepends an implicit domain with " +"<quote>id_provider=files</quote> before any explicitly configured domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:657 +msgid "domain_resolution_order" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:660 +msgid "" +"Comma separated list of domains and subdomains representing the lookup order " +"that will be followed. The list doesn't have to include all possible " +"domains as the missing domains will be looked up based on the order they're " +"presented in the <quote>domains</quote> configuration option. The " +"subdomains which are not listed as part of <quote>lookup_order</quote> will " +"be looked up in a random order for each parent domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:672 +msgid "" +"Please, note that when this option is set the output format of all commands " +"is always fully-qualified even when using short names for input <phrase " +"condition=\"with_files_provider\"> , for all users but the ones managed by " +"the files provider </phrase>. In case the administrator wants the output " +"not fully-qualified, the full_name_format option can be used as shown below: " +"<quote>full_name_format=%1$s</quote> However, keep in mind that during " +"login, login applications often canonicalize the username by calling " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> which, if a shortname is returned for a qualified " +"input (while trying to reach a user which exists in multiple domains) might " +"re-route the login attempt into the domain which uses shortnames, making " +"this workaround totally not recommended in cases where usernames may overlap " +"between domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 +#: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 +msgid "Default: Not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:705 +msgid "implicit_pac_responder (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:708 +msgid "" +"The PAC responder is enabled automatically for the IPA and AD provider to " +"evaluate and check the PAC. If it has to be disabled set this option to " +"'false'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:719 +msgid "core_dumpable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:722 +msgid "" +"This option can be used for general system hardening: setting it to 'false' " +"forbids core dumps for all SSSD processes to avoid leaking plain text " +"passwords. See man page prctl:PR_SET_DUMPABLE for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:734 +msgid "passkey_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:742 +msgid "user_verification (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:744 +msgid "" +"Enable or disable the user verification (i.e. PIN, fingerprint) during " +"authentication. If enabled, the PIN will always be requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:750 +msgid "" +"The default is that the key settings decide what to do. In the IPA or " +"kerberos pre-authentication case, this value will be overwritten by the " +"server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:737 +msgid "" +"With this parameter the passkey verification can be tuned with a comma " +"separated list of options. Supported options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:211 +msgid "" +"Individual pieces of SSSD functionality are provided by special SSSD " +"services that are started and stopped together with SSSD. The services are " +"managed by a special service frequently called <quote>monitor</quote>. The " +"<quote>[sssd]</quote> section is used to configure the monitor as well as " +"some other important options like the identity domains. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:769 +msgid "SERVICES SECTIONS" +msgstr "服务部分" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:771 +msgid "" +"Settings that can be used to configure different services are described in " +"this section. They should reside in the [<replaceable>$NAME</replaceable>] " +"section, for example, for NSS service, the section would be <quote>[nss]</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:778 +msgid "General service configuration options" +msgstr "基本服务配置选项" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:780 +msgid "These options can be used to configure any service." +msgstr "这些选项可被用于配置任何服务。" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:797 +msgid "fd_limit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:800 +msgid "" +"This option specifies the maximum number of file descriptors that may be " +"opened at one time by this SSSD process. On systems where SSSD is granted " +"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " +"systems without this capability, the resulting value will be the lower value " +"of this or the limits.conf \"hard\" limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:809 +msgid "Default: 8192 (or limits.conf \"hard\" limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:814 +msgid "client_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:817 +msgid "" +"This option specifies the number of seconds that a client of an SSSD process " +"can hold onto a file descriptor without communicating on it. This value is " +"limited in order to avoid resource exhaustion on the system. The timeout " +"can't be shorter than 10 seconds. If a lower value is configured, it will be " +"adjusted to 10 seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:826 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: 60, KCM: 300" +msgstr "默认: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:831 +msgid "offline_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:834 +msgid "" +"When SSSD switches to offline mode the amount of time before it tries to go " +"back online will increase based upon the time spent disconnected. By " +"default SSSD uses incremental behaviour to calculate delay in between " +"retries. So, the wait time for a given retry will be longer than the wait " +"time for the previous ones. After each unsuccessful attempt to go online, " +"the new interval is recalculated by the following:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 +msgid "" +"new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." +"offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:848 +msgid "" +"The offline_timeout default value is 60. The offline_timeout_max default " +"value is 3600. The offline_timeout_random_offset default value is 30. The " +"end result is amount of seconds before next retry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:854 +msgid "" +"Note that the maximum length of each interval is defined by " +"offline_timeout_max (apart of random part)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 +msgid "Default: 60" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:863 +msgid "offline_timeout_max (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:866 +msgid "" +"Controls by how much the time between attempts to go online can be " +"incremented following unsuccessful attempts to go online." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:871 +msgid "A value of 0 disables the incrementing behaviour." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:874 +msgid "" +"The value of this parameter should be set in correlation to offline_timeout " +"parameter value." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:878 +msgid "" +"With offline_timeout set to 60 (default value) there is no point in setting " +"offlinet_timeout_max to less than 120 as it will saturate instantly. General " +"rule here should be to set offline_timeout_max to at least 4 times " +"offline_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:884 +msgid "" +"Although a value between 0 and offline_timeout may be specified, it has the " +"effect of overriding the offline_timeout value so is of little use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:889 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: 3600" +msgstr "默认: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:894 +msgid "offline_timeout_random_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:897 +msgid "" +"When SSSD is in offline mode it keeps probing backend servers in specified " +"time intervals:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:904 +msgid "" +"This parameter controls the value of the random offset used for the above " +"equation. Final random_offset value will be random number in range:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:909 +msgid "[0 - offline_timeout_random_offset]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:912 +msgid "A value of 0 disables the random offset addition." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:915 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: 30" +msgstr "默认: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:920 +msgid "responder_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:923 +msgid "" +"This option specifies the number of seconds that an SSSD responder process " +"can be up without being used. This value is limited in order to avoid " +"resource exhaustion on the system. The minimum acceptable value for this " +"option is 60 seconds. Setting this option to 0 (zero) means that no timeout " +"will be set up to the responder. This option only has effect when SSSD is " +"built with systemd support and when services are either socket or D-Bus " +"activated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 +msgid "Default: 300" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:942 +msgid "cache_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:945 +msgid "" +"This option specifies whether the responder should query all caches before " +"querying the Data Providers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:960 +msgid "NSS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:962 +msgid "" +"These options can be used to configure the Name Service Switch (NSS) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:967 +msgid "enum_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:970 +msgid "" +"How many seconds should nss_sss cache enumerations (requests for info about " +"all users)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:974 +msgid "Default: 120" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:979 +msgid "entry_cache_nowait_percentage (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:982 +msgid "" +"The entry cache can be set to automatically update entries in the background " +"if they are requested beyond a percentage of the entry_cache_timeout value " +"for the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:988 +msgid "" +"For example, if the domain's entry_cache_timeout is set to 30s and " +"entry_cache_nowait_percentage is set to 50 (percent), entries that come in " +"after 15 seconds past the last cache update will be returned immediately, " +"but the SSSD will go and update the cache on its own, so that future " +"requests will not need to block waiting for a cache update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:998 +msgid "" +"Valid values for this option are 0-99 and represent a percentage of the " +"entry_cache_timeout for each domain. For performance reasons, this " +"percentage will never reduce the nowait timeout to less than 10 seconds. (0 " +"disables this feature)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 +msgid "Default: 50" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1011 +msgid "entry_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"Specifies for how many seconds nss_sss should cache negative cache hits " +"(that is, queries for invalid database entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 +msgid "Default: 15" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1025 +msgid "local_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1028 +msgid "" +"Specifies for how many seconds nss_sss should keep local users and groups in " +"negative cache before trying to look it up in the back end again. Setting " +"the option to 0 disables this feature." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1034 +msgid "Default: 14400 (4 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1039 +msgid "filter_users, filter_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1042 +msgid "" +"Exclude certain users or groups from being fetched from the sss NSS " +"database. This is particularly useful for system accounts. This option can " +"also be set per-domain or include fully-qualified names to filter only users " +"from the particular domain or by a user principal name (UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1050 +msgid "" +"NOTE: The filter_groups option doesn't affect inheritance of nested group " +"members, since filtering happens after they are propagated for returning via " +"NSS. E.g. a group having a member group filtered out will still have the " +"member users of the latter listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1058 +msgid "Default: root" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1063 +msgid "filter_users_in_groups (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1066 +msgid "" +"If you want filtered user still be group members set this option to false." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1077 +msgid "fallback_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1080 +msgid "" +"Set a default template for a user's home directory if one is not specified " +"explicitly by the domain's data provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1085 +msgid "" +"The available values for this option are the same as for override_homedir." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1091 +#, no-wrap +msgid "" +"fallback_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1095 +msgid "Default: not set (no substitution for unset home directories)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1101 +msgid "override_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1104 +msgid "" +"Override the login shell for all users. This option supersedes any other " +"shell options if it takes effect and can be set either in the [nss] section " +"or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1110 +msgid "Default: not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1116 +msgid "allowed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1119 +msgid "" +"Restrict user shell to one of the listed values. The order of evaluation is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1122 +msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1126 +msgid "" +"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" +"quote>, use the value of the shell_fallback parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1131 +msgid "" +"3. If the shell is not in the allowed_shells list and not in <quote>/etc/" +"shells</quote>, a nologin shell is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1136 +msgid "The wildcard (*) can be used to allow any shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1139 +msgid "" +"The (*) is useful if you want to use shell_fallback in case that user's " +"shell is not in <quote>/etc/shells</quote> and maintaining list of all " +"allowed shells in allowed_shells would be to much overhead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1146 +msgid "An empty string for shell is passed as-is to libc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1149 +msgid "" +"The <quote>/etc/shells</quote> is only read on SSSD start up, which means " +"that a restart of the SSSD is required in case a new shell is installed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1153 +msgid "Default: Not set. The user shell is automatically used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1158 +msgid "vetoed_shells (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1161 +msgid "Replace any instance of these shells with the shell_fallback" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1166 +msgid "shell_fallback (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1169 +msgid "" +"The default shell to use if an allowed shell is not installed on the machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1173 +msgid "Default: /bin/sh" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1178 +msgid "default_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1181 +msgid "" +"The default shell to use if the provider does not return one during lookup. " +"This option can be specified globally in the [nss] section or per-domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1187 +msgid "" +"Default: not set (Return NULL if no shell is specified and rely on libc to " +"substitute something sensible when necessary, usually /bin/sh)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 +msgid "get_domains_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 +msgid "" +"Specifies time in seconds for which the list of subdomains will be " +"considered valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1206 +msgid "memcache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1209 +msgid "" +"Specifies time in seconds for which records in the in-memory cache will be " +"valid. Setting this option to zero will disable the in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1217 +msgid "" +"WARNING: Disabling the in-memory cache will have significant negative impact " +"on SSSD's performance and should only be used for testing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 +msgid "" +"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " +"client applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1231 +msgid "memcache_size_passwd (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1234 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for passwd requests. Setting the size to 0 will disable the passwd in-" +"memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 +msgid "Default: 8" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 +msgid "" +"WARNING: Disabled or too small in-memory cache can have significant negative " +"impact on SSSD's performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1256 +msgid "memcache_size_group (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1259 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for group requests. Setting the size to 0 will disable the group in-memory " +"cache." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 +#: include/krb5_options.xml:11 +msgid "Default: 6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1281 +msgid "memcache_size_initgroups (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1284 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for initgroups requests. Setting the size to 0 will disable the initgroups " +"in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1306 +msgid "memcache_size_sid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1309 +msgid "" +"Size (in megabytes) of the data table allocated inside fast in-memory cache " +"for SID related requests. Only SID-by-ID and ID-by-SID requests are " +"currently cached in fast in-memory cache. Setting the size to 0 will " +"disable the SID in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 +msgid "user_attributes (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1336 +msgid "" +"Some of the additional NSS responder requests can return more attributes " +"than just the POSIX ones defined by the NSS interface. The list of " +"attributes is controlled by this option. It is handled the same way as the " +"<quote>user_attributes</quote> option of the InfoPipe responder (see " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details) but with no default values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1349 +msgid "" +"To make configuration more easy the NSS responder will check the InfoPipe " +"option if it is not set for the NSS responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1354 +msgid "Default: not set, fallback to InfoPipe option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1359 +msgid "pwfield (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1362 +msgid "" +"The value that NSS operations that return users or groups will return for " +"the <quote>password</quote> field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1367 +msgid "Default: <quote>*</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1370 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[nss] section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1374 +msgid "" +"Default: <quote>not set</quote> (remote domains), <phrase " +"condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" +"phrase> <quote>x</quote> (proxy domain with nss_files and sssd-shadowutils " +"target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1386 +msgid "PAM configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1388 +msgid "" +"These options can be used to configure the Pluggable Authentication Module " +"(PAM) service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1393 +msgid "offline_credentials_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1396 +msgid "" +"If the authentication provider is offline, how long should we allow cached " +"logins (in days since the last successful online login)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 +msgid "Default: 0 (No limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1407 +msgid "offline_failed_login_attempts (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1410 +msgid "" +"If the authentication provider is offline, how many failed login attempts " +"are allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1420 +msgid "offline_failed_login_delay (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1423 +msgid "" +"The time in minutes which has to pass after offline_failed_login_attempts " +"has been reached before a new login attempt is possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1428 +msgid "" +"If set to 0 the user cannot authenticate offline if " +"offline_failed_login_attempts has been reached. Only a successful online " +"authentication can enable offline authentication again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 +msgid "Default: 5" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1440 +msgid "pam_verbosity (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1443 +msgid "" +"Controls what kind of messages are shown to the user during authentication. " +"The higher the number to more messages are displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1448 +msgid "Currently sssd supports the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1451 +msgid "<emphasis>0</emphasis>: do not show any message" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1454 +msgid "<emphasis>1</emphasis>: show only important messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1458 +msgid "<emphasis>2</emphasis>: show informational messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1461 +msgid "<emphasis>3</emphasis>: show all messages and debug information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1465 sssd.8.xml:63 +msgid "Default: 1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1471 +msgid "pam_response_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1474 +msgid "" +"A comma separated list of strings which allows to remove (filter) data sent " +"by the PAM responder to pam_sss PAM module. There are different kind of " +"responses sent to pam_sss e.g. messages displayed to the user or environment " +"variables which should be set by pam_sss." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1482 +msgid "" +"While messages already can be controlled with the help of the pam_verbosity " +"option this option allows to filter out other kind of responses as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1489 +msgid "ENV" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1490 +msgid "Do not send any environment variables to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1493 +msgid "ENV:var_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1494 +msgid "Do not send environment variable var_name to any service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1498 +msgid "ENV:var_name:service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1499 +msgid "Do not send environment variable var_name to service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1487 +msgid "" +"Currently the following filters are supported: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1506 +msgid "" +"The list of strings can either be the list of filters which would set this " +"list of filters and overwrite the defaults. Or each element of the list can " +"be prefixed by a '+' or '-' character which would add the filter to the " +"existing default or remove it from the defaults, respectively. Please note " +"that either all list elements must have a '+' or '-' prefix or none. It is " +"considered as an error to mix both styles." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1517 +msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1520 +msgid "" +"Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1527 +msgid "pam_id_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1530 +msgid "" +"For any PAM request while SSSD is online, the SSSD will attempt to " +"immediately update the cached identity information for the user in order to " +"ensure that authentication takes place with the latest information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1536 +msgid "" +"A complete PAM conversation may perform multiple PAM requests, such as " +"account management and session opening. This option controls (on a per-" +"client-application basis) how long (in seconds) we can cache the identity " +"information to avoid excessive round-trips to the identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1550 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1556 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 +msgid "" +"If zero is set, then this filter is not applied, i.e. if the expiration " +"warning was received from backend server, it will automatically be displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1567 +msgid "" +"This setting can be overridden by setting <emphasis>pwd_expiration_warning</" +"emphasis> for a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 +msgid "Default: 0" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1589 +msgid "pam_trusted_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1592 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to run PAM conversations against trusted domains. Users not " +"included in this list can only access domains marked as public with " +"<quote>pam_public_domains</quote>. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1602 +msgid "Default: All users are considered trusted by default" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1606 +msgid "" +"Please note that UID 0 is always allowed to access the PAM responder even in " +"case it is not in the pam_trusted_users list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 +msgid "pam_public_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 +msgid "" +"Specifies the comma-separated list of domain names that are accessible even " +"to untrusted users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1620 +msgid "Two special values for pam_public_domains option are defined:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1624 +msgid "" +"all (Untrusted users are allowed to access all domains in PAM responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1628 +msgid "" +"none (Untrusted users are not allowed to access any domains PAM in " +"responder.)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 +msgid "Default: none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1637 +msgid "pam_account_expired_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1640 +msgid "" +"Allows a custom expiration message to be set, replacing the default " +"'Permission denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 +msgid "" +"Note: Please be aware that message is only printed for the SSH service " +"unless pam_verbosity is set to 3 (show all messages and debug information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1653 +#, no-wrap +msgid "" +"pam_account_expired_message = Account expired, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1662 +msgid "pam_account_locked_message (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1665 +msgid "" +"Allows a custom lockout message to be set, replacing the default 'Permission " +"denied' message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1672 +#, no-wrap +msgid "" +"pam_account_locked_message = Account locked, please contact help desk.\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1681 +msgid "pam_passkey_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1684 +msgid "Enable passkey device based authentication." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 +msgid "Default: False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1692 +msgid "passkey_debug_libfido2 (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1695 +msgid "Enable libfido2 library debug messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1703 +msgid "pam_cert_auth (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1706 +msgid "" +"Enable certificate based Smartcard authentication. Since this requires " +"additional communication with the Smartcard which will delay the " +"authentication process this option is disabled by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1717 +msgid "pam_cert_db_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1720 +msgid "The path to the certificate database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 +msgid "Default:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 +msgid "" +"/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " +"certificates in PEM format)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1735 +msgid "pam_cert_verification (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1738 +msgid "" +"With this parameter the PAM certificate verification can be tuned with a " +"comma separated list of options that override the " +"<quote>certificate_verification</quote> value in <quote>[sssd]</quote> " +"section. Supported options are the same of <quote>certificate_verification</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1749 +#, no-wrap +msgid "" +"pam_cert_verification = partial_chain\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1753 +msgid "" +"Default: not set, i.e. use default <quote>certificate_verification</quote> " +"option defined in <quote>[sssd]</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1760 +msgid "p11_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1763 +msgid "How many seconds will pam_sss wait for p11_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1772 +msgid "passkey_child_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1775 +msgid "" +"How many seconds will the PAM responder wait for passkey_child to finish." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1784 +msgid "pam_app_services (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1787 +msgid "" +"Which PAM services are permitted to contact domains of type " +"<quote>application</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1796 +msgid "pam_p11_allowed_services (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1799 +msgid "" +"A comma-separated list of PAM service names for which it will be allowed to " +"use Smartcards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1814 +#, no-wrap +msgid "" +"pam_p11_allowed_services = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1803 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in order " +"to replace a default PAM service name for authentication with Smartcards (e." +"g. <quote>login</quote>) with a custom PAM service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd-ad.5.xml:869 sssd-ad.5.xml:947 +msgid "Default: the default set of PAM service names includes:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 +msgid "login" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 +msgid "su" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 +msgid "su-l" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 +msgid "gdm-smartcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 +msgid "gdm-password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 +msgid "kdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 +msgid "sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 +msgid "sudo-i" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:1863 +msgid "gnome-screensaver" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1871 +msgid "p11_wait_for_card_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1874 +msgid "" +"If Smartcard authentication is required how many extra seconds in addition " +"to p11_child_timeout should the PAM responder wait until a Smartcard is " +"inserted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1885 +msgid "p11_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1888 +msgid "" +"PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " +"selection of devices used for Smartcard authentication. By default SSSD's " +"p11_child will search for a PKCS#11 slot (reader) where the 'removable' " +"flags is set and read the certificates from the inserted token from the " +"first slot found. If multiple readers are connected p11_uri can be used to " +"tell p11_child to use a specific reader." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1901 +#, no-wrap +msgid "" +"p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1905 +#, no-wrap +msgid "" +"p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1899 +msgid "" +"Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " +"type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " +"debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' " +"with e.g. the '--list-all' will show PKCS#11 URIs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1918 +msgid "pam_initgroups_scheme" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1926 +msgid "always" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1927 +msgid "" +"Always do an online lookup, please note that pam_id_timeout still applies" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1931 +msgid "no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1932 +msgid "" +"Only do an online lookup if there is no active session of the user, i.e. if " +"the user is currently not logged in" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1937 +msgid "never" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1938 +msgid "" +"Never force an online lookup, use the data from the cache as long as they " +"are not expired" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1921 +msgid "" +"The PAM responder can force an online lookup to get the current group " +"memberships of the user trying to log in. This option controls when this " +"should be done and the following values are allowed: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1945 +msgid "Default: no_session" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 +msgid "pam_gssapi_services" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1953 +msgid "" +"Comma separated list of PAM services that are allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1958 +msgid "" +"To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 +msgid "" +"Note: This option can also be set per-domain which overwrites the value in " +"[pam] section. It can also be set for trusted domain which overwrites the " +"value in the domain section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:1970 +#, no-wrap +msgid "" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 +msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1974 +msgid "Default: - (GSSAPI authentication is disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 +msgid "pam_gssapi_check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1982 +msgid "" +"If True, SSSD will require that the Kerberos user principal that " +"successfully authenticated through GSSAPI can be associated with the user " +"who is being authenticated. Authentication will fail if the check fails." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1989 +msgid "" +"If False, every user that is able to obtained required service ticket will " +"be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 +#: sssd-files.5.xml:145 +msgid "Default: True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2004 +msgid "pam_gssapi_indicators_map" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2007 +msgid "" +"Comma separated list of authentication indicators required to be present in " +"a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " +"authentication using pam_sss_gss.so module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2013 +msgid "" +"Each element of the list can be either an authentication indicator name or a " +"pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " +"service name will be required to access any PAM service configured to be " +"used with <option>pam_gssapi_services</option>. A resulting list of " +"indicators per PAM service is then checked against indicators in the " +"Kerberos ticket during authentication by pam_sss_gss.so. Any indicator from " +"the ticket that matches the resulting list of indicators for the PAM service " +"would grant access. If none of the indicators in the list match, access will " +"be denied. If the resulting list of indicators for the PAM service is empty, " +"the check will not prevent the access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2026 +msgid "" +"To disable GSSAPI authentication indicator check, set this option to <quote>-" +"</quote> (dash). To disable the check for a specific PAM service, add " +"<quote>service:-</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2037 +msgid "" +"Following authentication indicators are supported by IPA Kerberos " +"deployments:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2040 +msgid "" +"pkinit -- pre-authentication using X.509 certificates -- whether stored in " +"files or on smart cards." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2043 +msgid "" +"hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " +"FAST channel." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2046 +msgid "radius -- pre-authentication with the help of a RADIUS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2049 +msgid "" +"otp -- pre-authentication using integrated two-factor authentication (2FA or " +"one-time password, OTP) in IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2052 +msgid "idp -- pre-authentication using external identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:2062 +#, no-wrap +msgid "" +"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2057 +msgid "" +"Example: to require access to SUDO services only for users which obtained " +"their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " +"set <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2066 +msgid "Default: not set (use of authentication indicators is not required)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2074 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2076 +msgid "" +"These options can be used to configure the sudo service. The detailed " +"instructions for configuration of <citerefentry> <refentrytitle>sudo</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-" +"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2093 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2096 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2108 +msgid "sudo_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2111 +msgid "" +"Maximum number of expired rules that can be refreshed at once. If number of " +"expired rules is below threshold, those rules are refreshed with " +"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a " +"<quote>full refresh</quote> of sudo rules is triggered instead. This " +"threshold number also applies to IPA sudo command and command group searches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2130 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2132 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2136 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2139 +msgid "" +"Specifies for how many seconds should the autofs responder negative cache " +"hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2155 +msgid "SSH configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2157 +msgid "These options can be used to configure the SSH service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2161 +msgid "ssh_hash_known_hosts (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2164 +msgid "" +"Whether or not to hash host names and addresses in the managed known_hosts " +"file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2173 +msgid "ssh_known_hosts_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2176 +msgid "" +"How many seconds to keep a host in the managed known_hosts file after its " +"host keys were requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2180 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2185 +msgid "ssh_use_certificate_keys (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2188 +msgid "" +"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " +"keys derived from the public key of X.509 certificates stored in the user " +"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2203 +msgid "ssh_use_certificate_matching_rules (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2206 +msgid "" +"By default the ssh responder will use all available certificate matching " +"rules to filter the certificates so that ssh keys are only derived from the " +"matching ones. With this option the used rules can be restricted with a " +"comma separated list of mapping and matching rule names. All other rules " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2215 +msgid "" +"There are two special key words 'all_rules' and 'no_rules' which will enable " +"all or no rules, respectively. The latter means that no certificates will be " +"filtered out and ssh keys will be generated from all valid certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2222 +msgid "" +"If no rules are configured using 'all_rules' will enable a default rule " +"which enables all certificates suitable for client authentication. This is " +"the same behavior as for the PAM responder if certificate authentication is " +"enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2229 +msgid "" +"A non-existing rule name is considered an error. If as a result no rule is " +"selected all certificates will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2234 +msgid "" +"Default: not set, equivalent to 'all_rules', all found rules or the default " +"rule are used" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2240 +msgid "ca_db (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2243 +msgid "" +"Path to a storage of trusted CA certificates. The option is used to validate " +"user certificates before deriving public ssh keys from them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2263 +msgid "PAC responder configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2265 +msgid "" +"The PAC responder works together with the authorization data plugin for MIT " +"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " +"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " +"provider collects domain SID and ID ranges of the domain the client is " +"joined to and of remote trusted domains from the local domain controller. If " +"the PAC is decoded and evaluated some of the following operations are done:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2274 +msgid "" +"If the remote user does not exist in the cache, it is created. The UID is " +"determined with the help of the SID, trusted domains will have UPGs and the " +"GID will have the same value as the UID. The home directory is set based on " +"the subdomain_homedir parameter. The shell will be empty by default, i.e. " +"the system defaults are used, but can be overwritten with the default_shell " +"parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:2282 +msgid "" +"If there are SIDs of groups from domains sssd knows about, the user will be " +"added to those groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2288 +msgid "These options can be used to configure the PAC responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 +msgid "allowed_uids (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2295 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the PAC responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2301 +msgid "Default: 0 (only the root user is allowed to access the PAC responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2305 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the PAC responder, which would be the typical case, you have to add 0 " +"to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2314 +msgid "pac_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2317 +msgid "" +"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " +"data can be used to determine the group memberships of a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2327 +msgid "pac_check (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2330 +msgid "" +"Apply additional checks on the PAC of the Kerberos ticket which is available " +"in Active Directory and FreeIPA domains, if configured. Please note that " +"Kerberos ticket validation must be enabled to be able to check the PAC, i.e. " +"the krb5_validate option must be set to 'True' which is the default for the " +"IPA and AD provider. If krb5_validate is set to 'False' the PAC checks will " +"be skipped." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2344 +msgid "no_check" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2346 +msgid "" +"The PAC must not be present and even if it is present no additional checks " +"will be done." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2352 +msgid "pac_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2354 +msgid "" +"The PAC must be present in the service ticket which SSSD will request with " +"the help of the user's TGT. If the PAC is not available the authentication " +"will fail." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2362 +msgid "check_upn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2364 +msgid "" +"If the PAC is present check if the user principal name (UPN) information is " +"consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2370 +msgid "check_upn_allow_missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2372 +msgid "" +"This option should be used together with 'check_upn' and handles the case " +"where a UPN is set on the server-side but is not read by SSSD. The typical " +"example is a FreeIPA domain where 'ldap_user_principal' is set to a not " +"existing attribute name. This was typically done to work-around issues in " +"the handling of enterprise principals. But this is fixed since quite some " +"time and FreeIPA can handle enterprise principals just fine and there is no " +"need anymore to set 'ldap_user_principal'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2384 +msgid "" +"Currently this option is set by default to avoid regressions in such " +"environments. A log message will be added to the system log and SSSD's debug " +"log in case a UPN is found in the PAC but not in SSSD's cache. To avoid this " +"log message it would be best to evaluate if the 'ldap_user_principal' option " +"can be removed. If this is not possible, removing 'check_upn' will skip the " +"test and avoid the log message." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2398 +msgid "upn_dns_info_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2400 +msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2405 +msgid "check_upn_dns_info_ex" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2407 +msgid "" +"If the PAC is present and the extension to the UPN-DNS-INFO buffer is " +"available check if the information in the extension is consistent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2414 +msgid "upn_dns_info_ex_present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2416 +msgid "" +"The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " +"'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2340 +msgid "" +"The following options can be used alone or in a comma-separated list: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2426 +msgid "" +"Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " +"check_upn_dns_info_ex')" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2435 +msgid "Session recording configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2437 +msgid "" +"Session recording works in conjunction with <citerefentry> " +"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>, a part of tlog package, to log what users see and type when " +"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-" +"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2450 +msgid "These options can be used to configure session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 +msgid "scope (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 +msgid "\"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 +msgid "No users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 +msgid "\"some\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 +msgid "" +"Users/groups specified by <replaceable>users</replaceable> and " +"<replaceable>groups</replaceable> options are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 +msgid "\"all\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 +msgid "All users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 +msgid "" +"One of the following strings specifying the scope of session recording: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 +msgid "Default: \"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 +msgid "users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 +msgid "" +"A comma-separated list of users which should have session recording enabled. " +"Matches user names as returned by NSS. I.e. after the possible space " +"replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 +msgid "Default: Empty. Matches no users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 +msgid "groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 +msgid "" +"A comma-separated list of groups, members of which should have session " +"recording enabled. Matches group names as returned by NSS. I.e. after the " +"possible space replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 +#: sssd-session-recording.5.xml:161 +msgid "" +"NOTE: using this option (having it set to anything) has a considerable " +"performance cost, because each uncached request for a user requires " +"retrieving and matching the groups the user is member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 +msgid "Default: Empty. Matches no groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 +msgid "exclude_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 +msgid "" +"A comma-separated list of users to be excluded from recording, only " +"applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 +msgid "Default: Empty. No users excluded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 +msgid "exclude_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 +msgid "" +"A comma-separated list of groups, members of which should be excluded from " +"recording. Only applicable with 'scope=all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 +msgid "Default: Empty. No groups excluded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:2568 +msgid "DOMAIN SECTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2575 +msgid "enabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2578 +msgid "" +"Explicitly enable or disable the domain. If <quote>true</quote>, the domain " +"is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " +"always <quote>disabled</quote>. If this option is not set, the domain is " +"enabled only if it is listed in the domains option in the <quote>[sssd]</" +"quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2590 +msgid "domain_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2593 +msgid "" +"Specifies whether the domain is meant to be used by POSIX-aware clients such " +"as the Name Service Switch or by applications that do not need POSIX data to " +"be present or generated. Only objects from POSIX domains are available to " +"the operating system interfaces and utilities." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2601 +msgid "" +"Allowed values for this option are <quote>posix</quote> and " +"<quote>application</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2605 +msgid "" +"POSIX domains are reachable by all services. Application domains are only " +"reachable from the InfoPipe responder (see <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>) and the PAM responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2613 +msgid "" +"NOTE: The application domains are currently well tested with " +"<quote>id_provider=ldap</quote> only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2617 +msgid "" +"For an easy way to configure a non-POSIX domains, please see the " +"<quote>Application domains</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2621 +msgid "Default: posix" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2627 +msgid "min_id,max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2630 +msgid "" +"UID and GID limits for the domain. If a domain contains an entry that is " +"outside these limits, it is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2635 +msgid "" +"For users, this affects the primary GID limit. The user will not be returned " +"to NSS if either the UID or the primary GID is outside the range. For non-" +"primary group memberships, those that are in range will be reported as " +"expected." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2642 +msgid "" +"These ID limits affect even saving entries to cache, not only returning them " +"by name or ID." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2646 +msgid "Default: 1 for min_id, 0 (no limit) for max_id" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2652 +msgid "enumerate (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2655 +msgid "" +"Determines if a domain can be enumerated, that is, whether the domain can " +"list all the users and group it contains. Note that it is not required to " +"enable enumeration in order for secondary groups to be displayed. This " +"parameter can have one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2663 +msgid "TRUE = Users and groups are enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2666 +msgid "FALSE = No enumerations for this domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 +msgid "Default: FALSE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2672 +msgid "" +"Enumerating a domain requires SSSD to download and store ALL user and group " +"entries from the remote server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2677 +msgid "" +"Note: Enabling enumeration has a moderate performance impact on SSSD while " +"enumeration is running. It may take up to several minutes after SSSD startup " +"to fully complete enumerations. During this time, individual requests for " +"information will go directly to LDAP, though it may be slow, due to the " +"heavy enumeration processing. Saving a large number of entries to cache " +"after the enumeration completes might also be CPU intensive as the " +"memberships have to be recomputed. This can lead to the <quote>sssd_be</" +"quote> process becoming unresponsive or even restarted by the internal " +"watchdog." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2692 +msgid "" +"While the first enumeration is running, requests for the complete user or " +"group lists may return no results until it completes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2697 +msgid "" +"Further, enabling enumeration may increase the time necessary to detect " +"network disconnection, as longer timeouts are required to ensure that " +"enumeration lookups are completed successfully. For more information, refer " +"to the man pages for the specific id_provider in use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2705 +msgid "" +"For the reasons cited above, enabling enumeration is not recommended, " +"especially in large environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2713 +msgid "subdomain_enumerate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2720 +msgid "all" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2721 +msgid "All discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2724 +msgid "none" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2725 +msgid "No discovered trusted domains will be enumerated" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2716 +msgid "" +"Whether any of autodetected trusted domains should be enumerated. The " +"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " +"Optionally, a list of one or more domain names can enable enumeration just " +"for these trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2739 +msgid "entry_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2742 +msgid "" +"How many seconds should nss_sss consider entries valid before asking the " +"backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2746 +msgid "" +"The cache expiration timestamps are stored as attributes of individual " +"objects in the cache. Therefore, changing the cache timeout only has effect " +"for newly added or expired entries. You should run the <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> tool in order to force refresh of entries that have already " +"been cached." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2759 +msgid "Default: 5400" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2765 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2768 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2778 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2781 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2791 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2794 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2804 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2807 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2817 +msgid "entry_cache_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2820 +msgid "" +"How many seconds should nss_sss consider hosts and networks entries valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2831 +msgid "entry_cache_sudo_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2834 +msgid "" +"How many seconds should sudo consider rules valid before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2844 +msgid "entry_cache_autofs_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2847 +msgid "" +"How many seconds should the autofs service consider automounter maps valid " +"before asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2858 +msgid "entry_cache_ssh_host_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2861 +msgid "" +"How many seconds to keep a host ssh key after refresh. IE how long to cache " +"the host key for." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2872 +msgid "entry_cache_computer_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2875 +msgid "" +"How many seconds to keep the local computer entry before asking the backend " +"again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2885 +msgid "refresh_expired_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2888 +msgid "" +"Specifies how many seconds SSSD has to wait before triggering a background " +"refresh task which will refresh all expired or nearly expired records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2893 +msgid "" +"The background refresh will process users, groups and netgroups in the " +"cache. For users who have performed the initgroups (get group membership for " +"user, typically ran at login) operation in the past, both the user entry " +"and the group membership are updated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2901 +msgid "This option is automatically inherited for all trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2905 +msgid "You can consider setting this value to 3/4 * entry_cache_timeout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2909 +msgid "" +"Cache entry will be refreshed by background task when 2/3 of cache timeout " +"has already passed. If there are existing cached entries, the background " +"task will refer to their original cache timeout values instead of current " +"configuration value. This may lead to a situation in which background " +"refresh task appears to not be working. This is done by design to improve " +"offline mode operation and reuse of existing valid cache entries. To make " +"this change instant the user may want to manually invalidate existing cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 +#: sssd-ipa.5.xml:270 +msgid "Default: 0 (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2928 +msgid "cache_credentials (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2942 +msgid "" +"Take a note that while credentials are stored as a salted SHA512 hash, this " +"still potentially poses some security risk in case an attacker manages to " +"get access to a cache file (normally requires privileged access) and to " +"break a password using brute force attack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2956 +msgid "cache_credentials_minimal_first_factor_length (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2959 +msgid "" +"If 2-Factor-Authentication (2FA) is used and credentials should be saved " +"this value determines the minimal length the first authentication factor " +"(long term password) must have to be saved as SHA512 hash into the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2966 +msgid "" +"This should avoid that the short PINs of a PIN based 2FA scheme are saved in " +"the cache which would make them easy targets for brute-force attacks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2977 +msgid "account_cache_expiration (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2980 +msgid "" +"Number of days entries are left in cache after last successful login before " +"being removed during a cleanup of the cache. 0 means keep forever. The " +"value of this parameter must be greater than or equal to " +"offline_credentials_expiration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2987 +msgid "Default: 0 (unlimited)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2992 +msgid "pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3003 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning. Also an auth provider has to be configured for the " +"backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3010 +msgid "Default: 7 (Kerberos), 0 (LDAP)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3016 +msgid "id_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3019 +msgid "" +"The identification provider used for the domain. Supported ID providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3023 +msgid "<quote>proxy</quote>: Support a legacy NSS provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3026 +msgid "" +"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" +"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on how to mirror local users and groups into SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3034 +msgid "" +"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " +"information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +msgid "" +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 +msgid "" +"<quote>ad</quote>: Active Directory provider. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3062 +msgid "use_fully_qualified_names (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3065 +msgid "" +"Use the full name and domain (as formatted by the domain's full_name_format) " +"as the user's login name reported to NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3070 +msgid "" +"If set to TRUE, all requests to this domain must use fully qualified names. " +"For example, if used in LOCAL domain that contains a \"test\" user, " +"<command>getent passwd test</command> wouldn't find the user while " +"<command>getent passwd test@LOCAL</command> would." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3078 +msgid "" +"NOTE: This option has no effect on netgroup lookups due to their tendency to " +"include nested netgroups without qualified names. For netgroups, all domains " +"will be searched when an unqualified name is requested." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3085 +msgid "" +"Default: FALSE (TRUE for trusted domain/sub-domains or if " +"default_domain_suffix is used)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3092 +msgid "ignore_group_members (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3095 +msgid "Do not return group members for group lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3098 +msgid "" +"If set to TRUE, the group membership attribute is not requested from the " +"ldap server, and group members are not returned when processing group lookup " +"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> " +"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> " +"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </" +"citerefentry>. As an effect, <quote>getent group $groupname</quote> would " +"return the requested group as if it was empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3116 +msgid "" +"Enabling this option can also make access provider checks for group " +"membership significantly faster, especially for groups containing many " +"members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 +msgid "" +"This option can be also set per subdomain or inherited via " +"<emphasis>subdomain_inherit</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3132 +msgid "auth_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3135 +msgid "" +"The authentication provider used for the domain. Supported auth providers " +"are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 +msgid "" +"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3146 +msgid "" +"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3170 +msgid "" +"<quote>proxy</quote> for relaying authentication to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3173 +msgid "<quote>none</quote> disables authentication explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3176 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"authentication requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3182 +msgid "access_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3185 +msgid "" +"The access control provider used for the domain. There are two built-in " +"access providers (in addition to any included in installed backends) " +"Internal special providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3191 +msgid "" +"<quote>permit</quote> always allow access. It's the only permitted access " +"provider for a local domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3194 +msgid "<quote>deny</quote> always deny access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3221 +msgid "" +"<quote>simple</quote> access control based on access or deny lists. See " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for more information on configuring the simple " +"access module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3228 +msgid "" +"<quote>krb5</quote>: .k5login based access control. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3235 +msgid "<quote>proxy</quote> for relaying access control to another PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3238 +msgid "Default: <quote>permit</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3243 +msgid "chpass_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3246 +msgid "" +"The provider which should handle change password operations for the domain. " +"Supported change password providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3251 +msgid "" +"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3259 +msgid "" +"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring Kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3284 +msgid "" +"<quote>proxy</quote> for relaying password changes to some other PAM target." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3288 +msgid "<quote>none</quote> disallows password changes explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3291 +msgid "" +"Default: <quote>auth_provider</quote> is used if it is set and can handle " +"change password requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3298 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3301 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3305 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3313 +msgid "" +"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3317 +msgid "" +"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3321 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3328 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration " +"options that can be used to adjust the behavior. Please refer to " +"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3343 +msgid "" +"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " +"background unless the sudo provider is explicitly disabled. Set " +"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related " +"activity in SSSD if you do not want to use sudo with SSSD at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3353 +msgid "selinux_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3356 +msgid "" +"The provider which should handle loading of selinux settings. Note that this " +"provider will be called right after access provider ends. Supported selinux " +"providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3362 +msgid "" +"<quote>ipa</quote> to load selinux settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3370 +msgid "<quote>none</quote> disallows fetching selinux settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3373 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"selinux loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3379 +msgid "subdomains_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3382 +msgid "" +"The provider which should handle fetching of subdomains. This value should " +"be always the same as id_provider. Supported subdomain providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3388 +msgid "" +"<quote>ipa</quote> to load a list of subdomains from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3397 +msgid "" +"<quote>ad</quote> to load a list of subdomains from an Active Directory " +"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3406 +msgid "<quote>none</quote> disallows fetching subdomains explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3416 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3419 +msgid "" +"The provider which configures and manages user session related tasks. The " +"only user session task currently provided is the integration with Fleet " +"Commander, which works only with IPA. Supported session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3426 +msgid "<quote>ipa</quote> to allow performing user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3430 +msgid "" +"<quote>none</quote> does not perform any kind of user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3434 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can perform " +"session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3438 +msgid "" +"<emphasis>NOTE:</emphasis> In order to have this feature working as expected " +"SSSD must be running as \"root\" and not as the unprivileged user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3446 +msgid "autofs_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3449 +msgid "" +"The autofs provider used for the domain. Supported autofs providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3453 +msgid "" +"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3460 +msgid "" +"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3468 +msgid "" +"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " +"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring the AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3477 +msgid "<quote>none</quote> disables autofs explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3487 +msgid "hostid_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3490 +msgid "" +"The provider used for retrieving host identity information. Supported " +"hostid providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3494 +msgid "" +"<quote>ipa</quote> to load host identity stored in an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3502 +msgid "<quote>none</quote> disables hostid explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3512 +msgid "resolver_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3515 +msgid "" +"The provider which should handle hosts and networks lookups. Supported " +"resolver providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3519 +msgid "" +"<quote>proxy</quote> to forward lookups to another NSS library. See " +"<quote>proxy_resolver_lib_name</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3523 +msgid "" +"<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3530 +msgid "" +"<quote>ad</quote> to fetch hosts and networks stored in AD. See " +"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring the AD " +"provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3538 +msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3551 +msgid "" +"Regular expression for this domain that describes how to parse the string " +"containing user name and domain into these components. The \"domain\" can " +"match either the SSSD configuration domain name, or, in the case of IPA " +"trust subdomains and Active Directory domains, the flat (NetBIOS) name of " +"the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3560 +msgid "" +"Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" +"[^@]+))$</quote> which allows two different styles for user names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 +msgid "username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 +msgid "username@domain.name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3573 +msgid "" +"Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" +"\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" +"name>[^@\\\\]+)))$</quote> which allows three different styles for user " +"names:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:3585 +msgid "domain\\username" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3588 +msgid "" +"While the first two correspond to the general default the third one is " +"introduced to allow easy integration of users from Windows domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3593 +msgid "" +"The default re_expression uses the <quote>@</quote> character as a separator " +"between the name and the domain. As a result of this setting the default " +"does not accept the <quote>@</quote> character in short names (as it is " +"allowed in Windows group names). If a user wishes to use short names with " +"<quote>@</quote> they must create their own re_expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3645 +msgid "Default: <quote>%1$s@%2$s</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3651 +msgid "lookup_family_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3654 +msgid "" +"Provides the ability to select preferred address family to use when " +"performing DNS lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3658 +msgid "Supported values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3661 +msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3664 +msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3667 +msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3670 +msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3673 +msgid "Default: ipv4_first" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3679 +msgid "dns_resolver_server_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3682 +msgid "" +"Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " +"server before trying next DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3687 +msgid "" +"The AD provider will use this option for the CLDAP ping timeouts as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 +msgid "" +"Please see the section <quote>FAILOVER</quote> for more information about " +"the service resolution." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 +msgid "Default: 1000" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3702 +msgid "dns_resolver_op_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3705 +msgid "" +"Defines the amount of time (in seconds) to wait to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or DNS discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3722 +msgid "dns_resolver_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3725 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the " +"internal fail over service before assuming that the service is unreachable. " +"If this timeout is reached, the domain will continue to operate in offline " +"mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3743 +msgid "dns_resolver_use_search_list (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3746 +msgid "" +"Normally, the DNS resolver searches the domain list defined in the " +"\"search\" directive from the resolv.conf file. This can lead to delays in " +"environments with improperly configured DNS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3752 +msgid "" +"If fully qualified domain names (or _srv_) are used in the SSSD " +"configuration, setting this option to FALSE can prevent unnecessary DNS " +"lookups in such environments." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3758 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: TRUE" +msgstr "默认: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3764 +msgid "dns_discovery_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3767 +msgid "" +"If service discovery is used in the back end, specifies the domain part of " +"the service discovery DNS query." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3771 +msgid "Default: Use the domain part of machine's hostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3777 +msgid "override_gid (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3780 +msgid "Override the primary GID value with the one specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3786 +msgid "case_sensitive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3793 +msgid "True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3796 +msgid "Case sensitive. This value is invalid for AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3802 +msgid "False" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3804 +msgid "Case insensitive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3808 +msgid "Preserving" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3811 +msgid "" +"Same as False (case insensitive), but does not lowercase names in the result " +"of NSS operations. Note that name aliases (and in case of services also " +"protocol names) are still lowercased in the output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3819 +msgid "" +"If you want to set this value for trusted domain with IPA provider, you need " +"to set it on both the client and SSSD on the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3789 +msgid "" +"Treat user and group names as case sensitive. Possible option values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3834 +msgid "Default: True (False for AD provider)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3840 +msgid "subdomain_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3843 +msgid "" +"Specifies a list of configuration parameters that should be inherited by a " +"subdomain. Please note that only selected parameters can be inherited. " +"Currently the following options can be inherited:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3849 +msgid "ldap_search_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3852 +msgid "ldap_network_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3855 +msgid "ldap_opt_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3858 +msgid "ldap_offline_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3861 +msgid "ldap_enumeration_refresh_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3864 +msgid "ldap_enumeration_refresh_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3867 +msgid "ldap_purge_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3870 +msgid "ldap_purge_cache_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3873 +msgid "" +"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " +"is not set explicitly)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3877 +msgid "ldap_krb5_ticket_lifetime" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3880 +msgid "ldap_enumeration_search_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3883 +msgid "ldap_connection_expire_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3886 +msgid "ldap_connection_expire_offset" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3889 +msgid "ldap_connection_idle_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 +msgid "ldap_use_tokengroups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3895 +msgid "ldap_user_principal" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3898 +msgid "ignore_group_members" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3901 +msgid "auto_private_groups" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3904 +msgid "case_sensitive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:3909 +#, no-wrap +msgid "" +"subdomain_inherit = ldap_purge_cache_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3916 +msgid "Note: This option only works with the IPA and AD provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3923 +msgid "subdomain_homedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3934 +msgid "%F" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3935 +msgid "flat (NetBIOS) name of a subdomain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3926 +msgid "" +"Use this homedir as default value for all subdomains within this domain in " +"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " +"possible values. In addition to those, the expansion below can only be used " +"with <emphasis>subdomain_homedir</emphasis>. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3940 +msgid "" +"The value can be overridden by <emphasis>override_homedir</emphasis> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3944 +msgid "Default: <filename>/home/%d/%u</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3949 +msgid "realmd_tags (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3952 +msgid "" +"Various tags stored by the realmd configuration service for this domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3958 +msgid "cached_auth_timeout (int)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3961 +msgid "" +"Specifies time in seconds since last successful online authentication for " +"which user will be authenticated using cached credentials while SSSD is in " +"the online mode. If the credentials are incorrect, SSSD falls back to online " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3969 +msgid "" +"This option's value is inherited by all trusted domains. At the moment it is " +"not possible to set a different value per trusted domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3974 +msgid "Special value 0 implies that this feature is disabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3978 +msgid "" +"Please note that if <quote>cached_auth_timeout</quote> is longer than " +"<quote>pam_id_timeout</quote> then the back end could be called to handle " +"<quote>initgroups.</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:3989 +msgid "local_auth_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: match" +msgstr "默认: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 +msgid "auto_private_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4050 +msgid "true" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4053 +msgid "" +"Create user's private group unconditionally from user's UID number. The GID " +"number is ignored in this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4057 +msgid "" +"NOTE: Because the GID number and the user private group are inferred from " +"the UID number, it is not supported to have multiple entries with the same " +"UID or GID number with this option. In other words, enabling this option " +"enforces uniqueness across the ID space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4066 +msgid "false" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4069 +msgid "" +"Always use the user's primary GID number. The GID number must refer to a " +"group object in the LDAP database." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4075 +msgid "hybrid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4078 +msgid "" +"A primary group is autogenerated for user entries whose UID and GID numbers " +"have the same value and at the same time the GID number does not correspond " +"to a real group object in LDAP. If the values are the same, but the primary " +"GID in the user entry is also used by a group object, the primary GID of the " +"user resolves to that group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4091 +msgid "" +"If the UID and GID of a user are different, then the GID must correspond to " +"a group entry, otherwise the GID is simply not resolvable." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4098 +msgid "" +"This feature is useful for environments that wish to stop maintaining a " +"separate group objects for the user private groups, but also wish to retain " +"the existing user private groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4047 +msgid "" +"This option takes any of three available values: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4110 +msgid "" +"For subdomains, the default value is False for subdomains that use assigned " +"POSIX IDs and True for subdomains that use automatic ID-mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4118 +#, no-wrap +msgid "" +"[domain/forest.domain/sub.domain]\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4124 +#, no-wrap +msgid "" +"[domain/forest.domain]\n" +"subdomain_inherit = auto_private_groups\n" +"auto_private_groups = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4115 +msgid "" +"The value of auto_private_groups can either be set per subdomains in a " +"subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " +"globally for all subdomains in the main domain section using the " +"subdomain_inherit option: <placeholder type=\"programlisting\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2570 +msgid "" +"These configuration options can be present in a domain configuration " +"section, that is, in a section called <quote>[domain/<replaceable>NAME</" +"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4139 +msgid "proxy_pam_target (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4142 +msgid "The proxy target PAM proxies to." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4145 +msgid "" +"Default: not set by default, you have to take an existing pam configuration " +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4155 +msgid "proxy_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4158 +msgid "" +"The name of the NSS library to use in proxy domains. The NSS functions " +"searched for in the library are in the form of _nss_$(libName)_$(function), " +"for example _nss_files_getpwent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4168 +msgid "proxy_resolver_lib_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4171 +msgid "" +"The name of the NSS library to use for hosts and networks lookups in proxy " +"domains. The NSS functions searched for in the library are in the form of " +"_nss_$(libName)_$(function), for example _nss_dns_gethostbyname2_r." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4182 +msgid "proxy_fast_alias (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4185 +msgid "" +"When a user or group is looked up by name in the proxy provider, a second " +"lookup by ID is performed to \"canonicalize\" the name in case the requested " +"name was an alias. Setting this option to true would cause the SSSD to " +"perform the ID lookup from cache for performance reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4199 +msgid "proxy_max_children (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4202 +msgid "" +"This option specifies the number of pre-forked proxy children. It is useful " +"for high-load SSSD environments where sssd may run out of available child " +"slots, which would cause some issues due to the requests being queued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4135 +msgid "" +"Options valid for proxy domains. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:4218 +msgid "Application domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4220 +msgid "" +"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " +"applications as a gateway to an LDAP directory where users and groups are " +"stored. However, contrary to the traditional SSSD deployment where all users " +"and groups either have POSIX attributes or those attributes can be inferred " +"from the Windows SIDs, in many cases the users and groups in the application " +"support scenario have no POSIX attributes. Instead of setting a " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the " +"administrator can set up an <quote>[application/<replaceable>NAME</" +"replaceable>]</quote> section that internally represents a domain with type " +"<quote>application</quote> optionally inherits settings from a tradition " +"SSSD domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4240 +msgid "" +"Please note that the application domain must still be explicitly enabled in " +"the <quote>domains</quote> parameter so that the lookup order between the " +"application domain and its POSIX sibling domain is set correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:4246 +msgid "Application domain parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4248 +msgid "inherit_from (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4251 +msgid "" +"The SSSD POSIX-type domain the application domain inherits all settings " +"from. The application domain can moreover add its own settings to the " +"application settings that augment or override the <quote>sibling</quote> " +"domain settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:4265 +msgid "" +"The following example illustrates the use of an application domain. In this " +"setup, the POSIX domain is connected to an LDAP server and is used by the OS " +"through the NSS responder. In addition, the application domain also requests " +"the telephoneNumber attribute, stores it as the phone attribute in the cache " +"and makes the phone attribute reachable through the D-Bus interface." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> +#: sssd.conf.5.xml:4273 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = appdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +phone\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/appdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = phone:telephoneNumber\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4293 +msgid "TRUSTED DOMAIN SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4295 +msgid "" +"Some options used in the domain section can also be used in the trusted " +"domain section, that is, in a section called <quote>[domain/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</" +"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base " +"domain. Please refer to examples below for explanation. Currently supported " +"options in the trusted domain section are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4302 +msgid "ldap_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4303 +msgid "ldap_user_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4304 +msgid "ldap_group_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4305 +msgid "ldap_netgroup_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4306 +msgid "ldap_service_search_base," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4307 +msgid "ldap_sasl_mech," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4308 +msgid "ad_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4309 +msgid "ad_backup_server," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4310 +msgid "ad_site," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 +msgid "use_fully_qualified_names" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4315 +msgid "" +"For more details about these options see their individual description in the " +"manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4321 +msgid "CERTIFICATE MAPPING SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4323 +msgid "" +"To allow authentication with Smartcards and certificates SSSD must be able " +"to map certificates to users. This can be done by adding the full " +"certificate to the LDAP object of the user or to a local override. While " +"using the full certificate is required to use the Smartcard authentication " +"feature of SSH (see <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> for details) it " +"might be cumbersome or not even possible to do this for the general case " +"where local services use PAM for authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4337 +msgid "" +"To make the mapping more flexible mapping and matching rules were added to " +"SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4346 +msgid "" +"A mapping and matching rule can be added to the SSSD configuration in a " +"section on its own with a name like <quote>[certmap/" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</" +"replaceable>]</quote>. In this section the following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4353 +msgid "matchrule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4356 +msgid "" +"Only certificates from the Smartcard which matches this rule will be " +"processed, all others are ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4360 +msgid "" +"Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " +"Extended Key Usage <quote>clientAuth</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4367 +msgid "maprule (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4370 +msgid "Defines how the user is found for a given certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4376 +msgid "" +"LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " +"<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4382 +msgid "" +"The RULE_NAME for the <quote>files</quote> provider which tries to find a " +"user with the same name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4391 +msgid "domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4394 +msgid "" +"Comma separated list of domain names the rule should be applied. By default " +"a rule is only valid in the domain configured in sssd.conf. If the provider " +"supports subdomains this option can be used to add the rule to subdomains as " +"well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4401 +msgid "Default: the configured domain in sssd.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4406 +msgid "priority (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4409 +msgid "" +"Unsigned integer value defining the priority of the rule. The higher the " +"number the lower the priority. <quote>0</quote> stands for the highest " +"priority while <quote>4294967295</quote> is the lowest." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4415 +msgid "Default: the lowest priority" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4421 +msgid "" +"To make the configuration simple and reduce the amount of configuration " +"options the <quote>files</quote> provider has some special properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4427 +msgid "" +"if maprule is not set the RULE_NAME name is assumed to be the name of the " +"matching user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4433 +msgid "" +"if a maprule is used both a single user name or a template like " +"<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " +"<quote>(username)</quote> or <quote>({subject_rfc822_name.short_name})</" +"quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4442 +msgid "the <quote>domains</quote> option is ignored" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4450 +msgid "PROMPTING CONFIGURATION SECTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4452 +msgid "" +"If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" +"filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " +"which authentication methods are available for the user trying to log in. " +"Based on the results pam_sss will prompt the user for appropriate " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4460 +msgid "" +"With the growing number of authentication methods and the possibility that " +"there are multiple ones for a single user the heuristic used by pam_sss to " +"select the prompting might not be suitable for all use cases. The following " +"options should provide a better flexibility here." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4472 +msgid "[prompting/password]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4475 +msgid "password_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4476 +msgid "to change the string of the password prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4474 +msgid "" +"to configure password prompting, allowed options are: <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4484 +msgid "[prompting/2fa]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4488 +msgid "first_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4489 +msgid "to change the string of the prompt for the first factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4492 +msgid "second_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4493 +msgid "to change the string of the prompt for the second factor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4496 +msgid "single_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4497 +msgid "" +"boolean value, if True there will be only a single prompt using the value of " +"first_prompt where it is expected that both factors are entered as a single " +"string. Please note that both factors have to be entered here, even if the " +"second factor is optional." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4486 +msgid "" +"to configure two-factor authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " +"optional and it should be possible to log in either only with the password " +"or with both factors two-step prompting has to be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4514 +msgid "[prompting/passkey]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 +msgid "interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4522 +msgid "" +"boolean value, if True prompt a message and wait before testing the presence " +"of a passkey device. Recommended if your device doesn’t have a tactile " +"trigger." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4530 +msgid "interactive_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4532 +msgid "to change the message of the interactive prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4537 +msgid "touch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4539 +msgid "" +"boolean value, if True prompt a message to remind the user to touch the " +"device." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4545 +msgid "touch_prompt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4547 +msgid "to change the message of the touch prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4516 +msgid "" +"to configure passkey authentication prompting, allowed options are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4467 +msgid "" +"Each supported authentication method has its own configuration subsection " +"under <quote>[prompting/...]</quote>. Currently there are: <placeholder " +"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/" +"> <placeholder type=\"variablelist\" id=\"2\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4558 +msgid "" +"It is possible to add a subsection for specific PAM services, e.g. " +"<quote>[prompting/password/sshd]</quote> to individual change the prompting " +"for this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +msgid "EXAMPLES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4571 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = LDAP\n" +"services = nss, pam\n" +"config_file_version = 2\n" +"\n" +"[nss]\n" +"filter_groups = root\n" +"filter_users = root\n" +"\n" +"[pam]\n" +"\n" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"auth_provider = krb5\n" +"krb5_server = kerberos.example.com\n" +"krb5_realm = EXAMPLE.COM\n" +"cache_credentials = true\n" +"\n" +"min_id = 10000\n" +"max_id = 20000\n" +"enumerate = False\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4567 +msgid "" +"1. The following example shows a typical SSSD config. It does not describe " +"configuration of the domains themselves - refer to documentation on " +"configuring domains for more details. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4604 +#, no-wrap +msgid "" +"[domain/ipa.com/child.ad.com]\n" +"use_fully_qualified_names = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4598 +msgid "" +"2. The following example shows configuration of IPA AD trust where the AD " +"forest consists of two domains in a parent-child structure. Suppose IPA " +"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain " +"(child.ad.com). To enable shortnames in the child domain the following " +"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/" +">" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:4615 +#, no-wrap +msgid "" +"[certmap/my.domain/rule_name]\n" +"matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$\n" +"maprule = (userCertificate;binary={cert!bin})\n" +"domains = my.domain, your.domain\n" +"priority = 10\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:4609 +msgid "" +"3. The following example shows the configuration of a certificate mapping " +"rule. It is valid for the configured domain <quote>my.domain</quote> and " +"additionally for the subdomains <quote>your.domain</quote> and uses the full " +"certificate in the search filter. <placeholder type=\"programlisting\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap.5.xml:17 +msgid "SSSD LDAP provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:21 pam_sss.8.xml:63 pam_sss_gss.8.xml:30 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21 +#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 +#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sssd-krb5.5.xml:21 +#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 +#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 +#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30 +#: sssd-files.5.xml:21 sssd-session-recording.5.xml:21 sssd-kcm.8.xml:21 +#: sssd-systemtap.5.xml:21 sssd-ldap-attributes.5.xml:21 +#: sssd_krb5_localauth_plugin.8.xml:20 +msgid "DESCRIPTION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:23 +msgid "" +"This manual page describes the configuration of LDAP domains for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for detailed syntax information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:35 +msgid "You can configure SSSD to use more than one LDAP domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:38 +msgid "" +"LDAP back end supports id, auth, access and chpass providers. If you want to " +"authenticate against an LDAP server either TLS/SSL or LDAPS is required. " +"<command>sssd</command> <emphasis>does not</emphasis> support authentication " +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 +#: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 +msgid "CONFIGURATION OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:67 +msgid "ldap_uri, ldap_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:70 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference. Refer to the <quote>FAILOVER</" +"quote> section for more information on failover and server redundancy. If " +"neither option is specified, service discovery is enabled. For more " +"information, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:77 +msgid "The format of the URI must match the format defined in RFC 2732:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:80 +msgid "ldap[s]://<host>[:port]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:83 +msgid "" +"For explicit IPv6 addresses, <host> must be enclosed in brackets []" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:86 +msgid "example: ldap://[fc00::126:25]:389" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:92 +msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:95 +msgid "" +"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " +"should connect in the order of preference to change the password of a user. " +"Refer to the <quote>FAILOVER</quote> section for more information on " +"failover and server redundancy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:102 +msgid "To enable service discovery ldap_chpass_dns_service_name must be set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:106 +msgid "Default: empty, i.e. ldap_uri is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:112 +msgid "ldap_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:115 +msgid "The default base DN to use for performing LDAP user operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:119 +msgid "" +"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " +"syntax:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:123 +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:126 +msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 +msgid "" +"The filter must be a valid LDAP search filter as specified by http://www." +"ietf.org/rfc/rfc2254.txt" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 +msgid "Examples:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:136 +msgid "" +"ldap_search_base = dc=example,dc=com (which is equivalent to) " +"ldap_search_base = dc=example,dc=com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:141 +msgid "" +"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" +"(host=thishost)?dc=example.com?subtree?" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:144 +msgid "" +"Note: It is unsupported to have multiple search bases which reference " +"identically-named objects (for example, groups with the same name in two " +"different search bases). This will lead to unpredictable behavior on client " +"machines." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:151 +msgid "" +"Default: If not set, the value of the defaultNamingContext or namingContexts " +"attribute from the RootDSE of the LDAP server is used. If " +"defaultNamingContext does not exist or has an empty value namingContexts is " +"used. The namingContexts attribute must have a single value with the DN of " +"the search base of the LDAP server to make this work. Multiple values are " +"are not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:165 +msgid "ldap_schema (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:168 +msgid "" +"Specifies the Schema Type in use on the target LDAP server. Depending on " +"the selected schema, the default attribute names retrieved from the servers " +"may vary. The way that some attributes are handled may also differ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:175 +msgid "Four schema types are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:179 +msgid "rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:184 +msgid "rfc2307bis" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:189 +msgid "IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:194 +msgid "AD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:200 +msgid "" +"The main difference between these schema types is how group memberships are " +"recorded in the server. With rfc2307, group members are listed by name in " +"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " +"group members are listed by DN and stored in the <emphasis>member</emphasis> " +"attribute. The AD schema type sets the attributes to correspond with Active " +"Directory 2008r2 values." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:210 +msgid "Default: rfc2307" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:216 +msgid "ldap_pwmodify_mode (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:219 +msgid "Specify the operation that is used to modify user password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:223 +msgid "Two modes are currently supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:227 +msgid "exop - Password Modify Extended Operation (RFC 3062)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:233 +msgid "ldap_modify - Direct modification of userPassword (not recommended)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:240 +msgid "" +"Note: First, a new connection is established to verify current password by " +"binding as the user that requested password change. If successful, this " +"connection is used to change the password therefore the user must have write " +"access to userPassword attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:248 +msgid "Default: exop" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:254 +msgid "ldap_default_bind_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:257 +msgid "The default bind DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:264 +msgid "ldap_default_authtok_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:267 +msgid "The type of the authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:271 +msgid "The two mechanisms currently supported are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:274 +msgid "password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:277 +msgid "obfuscated_password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:280 +msgid "Default: password" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:283 +msgid "" +"See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:294 +msgid "ldap_default_authtok (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:297 +msgid "The authentication token of the default bind DN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:303 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:306 +msgid "" +"Some directory servers, for example Active Directory, might deliver the " +"realm part of the UPN in lower case, which might cause the authentication to " +"fail. Set this option to a non-zero value if you want to use an upper-case " +"realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:319 +msgid "ldap_enumeration_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:322 +msgid "" +"Specifies how many seconds SSSD has to wait before refreshing its cache of " +"enumerated records." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:338 +msgid "ldap_purge_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:341 +msgid "" +"Determine how often to check the cache for inactive entries (such as groups " +"with no members and users who have never logged in) and remove them to save " +"space." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:347 +msgid "" +"Setting this option to zero will disable the cache cleanup operation. Please " +"note that if enumeration is enabled, the cleanup task is required in order " +"to detect entries removed from the server and can't be disabled. By default, " +"the cleanup task will run every 3 hours with enumeration enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:367 +msgid "ldap_group_nesting_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:370 +msgid "" +"If ldap_schema is set to a schema format that supports nested groups (e.g. " +"RFC2307bis), then this option controls how many levels of nesting SSSD will " +"follow. This option has no effect on the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:377 +msgid "" +"Note: This option specifies the guaranteed level of nested groups to be " +"processed for any lookup. However, nested groups beyond this limit " +"<emphasis>may be</emphasis> returned if previous lookups already resolved " +"the deeper nesting levels. Also, subsequent lookups for other groups may " +"enlarge the result set for original lookup if re-queried." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:386 +msgid "" +"If ldap_group_nesting_level is set to 0 then no nested groups are processed " +"at all. However, when connected to Active-Directory Server 2008 and later " +"using <quote>id_provider=ad</quote> it is furthermore required to disable " +"usage of Token-Groups by setting ldap_use_tokengroups to false in order to " +"restrict group nesting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:395 +msgid "Default: 2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:404 +msgid "" +"This options enables or disables use of Token-Groups attribute when " +"performing initgroup for users from Active Directory Server 2008 and later." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:414 +msgid "Default: True for AD and IPA otherwise False." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:420 +msgid "ldap_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:423 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <listitem><para> +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:439 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:444 +msgid "ldap_iphost_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:449 +msgid "ldap_ipnetwork_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:454 +msgid "ldap_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:457 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:463 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:480 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:483 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:501 +msgid "ldap_network_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:504 +msgid "" +"Specifies the timeout (in seconds) after which the <citerefentry> " +"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" +"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" +"manvolnum> </citerefentry> following a <citerefentry> " +"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" +"citerefentry> returns in case of no activity." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:532 +msgid "ldap_opt_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:535 +msgid "" +"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " +"will abort if no response is received. Also controls the timeout when " +"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind " +"operation, password change extended operation and the StartTLS operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:555 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:558 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:566 +msgid "" +"If the connection is idle (not actively running an operation) within " +"<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " +"closed early to ensure that a new query cannot require the connection to " +"remain open past its expiration. This implies that connections will always " +"be closed immediately and will never be reused if " +"<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:578 +msgid "" +"This timeout can be extended of a random value specified by " +"<emphasis>ldap_connection_expire_offset</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:594 +msgid "ldap_connection_expire_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:597 +msgid "" +"Random offset between 0 and configured value is added to " +"<emphasis>ldap_connection_expire_timeout</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:613 +msgid "ldap_connection_idle_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:616 +msgid "" +"Specifies a timeout (in seconds) that an idle connection to an LDAP server " +"will be maintained. If the connection is idle for more than this time then " +"the connection will be closed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:622 +msgid "You can disable this timeout by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:637 +msgid "ldap_page_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:640 +msgid "" +"Specify the number of records to retrieve from LDAP in a single request. " +"Some LDAP servers enforce a maximum limit per-request." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:651 +msgid "ldap_disable_paging (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:654 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:660 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:666 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:678 +msgid "ldap_disable_range_retrieval (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:681 +msgid "Disable Active Directory range retrieval." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:684 +msgid "" +"Active Directory limits the number of members to be retrieved in a single " +"lookup using the MaxValRange policy (which defaults to 1500 members). If a " +"group contains more members, the reply would include an AD-specific range " +"extension. This option disables parsing of the range extension, therefore " +"large groups will appear as having no members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:699 +msgid "ldap_sasl_minssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:702 +msgid "" +"When communicating with an LDAP server using SASL, specify the minimum " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 +msgid "Default: Use the system default (usually specified by ldap.conf)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:715 +msgid "ldap_sasl_maxssf (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:718 +msgid "" +"When communicating with an LDAP server using SASL, specify the maximal " +"security level necessary to establish the connection. The values of this " +"option are defined by OpenLDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:731 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:734 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:740 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0. " +"Please note that there are some codepaths in SSSD, like the IPA HBAC " +"provider, that are only implemented using the dereference call, so even with " +"dereference explicitly disabled, those parts will still use dereference if " +"the server supports it and advertises the dereference control in the rootDSE " +"object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:751 +msgid "" +"A dereference lookup is a means of fetching all group members in a single " +"LDAP call. Different LDAP servers may implement different dereference " +"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " +"Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:759 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:772 +msgid "ldap_ignore_unreadable_references (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:775 +msgid "" +"Ignore unreadable LDAP entries referenced in group's member attribute. If " +"this parameter is set to false an error will be returned and the operation " +"will fail instead of just ignoring the unreadable entry." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:782 +msgid "" +"This parameter may be useful when using the AD provider and the computer " +"account that sssd uses to connect to AD does not have access to a particular " +"entry or LDAP sub-tree for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:795 +msgid "ldap_tls_reqcert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:798 +msgid "" +"Specifies what checks to perform on server certificates in a TLS session, if " +"any. It can be specified as one of the following values:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:804 +msgid "" +"<emphasis>never</emphasis> = The client will not request or check any server " +"certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:808 +msgid "" +"<emphasis>allow</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, it will be ignored and the session proceeds normally." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:815 +msgid "" +"<emphasis>try</emphasis> = The server certificate is requested. If no " +"certificate is provided, the session proceeds normally. If a bad certificate " +"is provided, the session is immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:821 +msgid "" +"<emphasis>demand</emphasis> = The server certificate is requested. If no " +"certificate is provided, or a bad certificate is provided, the session is " +"immediately terminated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:827 +msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:831 +msgid "Default: hard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:837 +msgid "ldap_tls_cacert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:840 +msgid "" +"Specifies the file that contains certificates for all of the Certificate " +"Authorities that <command>sssd</command> will recognize." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 +msgid "" +"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." +"conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:852 +msgid "ldap_tls_cacertdir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:855 +msgid "" +"Specifies the path of a directory that contains Certificate Authority " +"certificates in separate individual files. Typically the file names need to " +"be the hash of the certificate followed by '.0'. If available, " +"<command>cacertdir_rehash</command> can be used to create the correct names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:870 +msgid "ldap_tls_cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:873 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:883 +msgid "ldap_tls_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:886 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:895 +msgid "ldap_tls_cipher_suite (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:898 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon separated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:911 +msgid "ldap_id_use_start_tls (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:914 +msgid "" +"Specifies that the id_provider connection must also use <systemitem " +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_id_mapping (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "" +"Specifies that SSSD should attempt to map user and group IDs from the " +"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " +"on ldap_user_uid_number and ldap_group_gid_number." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:934 +msgid "Currently this feature supports only ActiveDirectory objectSID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:944 +msgid "ldap_min_id, ldap_max_id (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:947 +msgid "" +"In contrast to the SID based ID mapping which is used if ldap_id_mapping is " +"set to true the allowed ID range for ldap_user_uid_number and " +"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " +"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " +"can be set to restrict the allowed range for the IDs which are read directly " +"from the server. Sub-domains can then pick other ranges to map IDs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:959 +msgid "Default: not set (both options are set to 0)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:965 +msgid "ldap_sasl_mech (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:968 +msgid "" +"Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " +"tested and supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:972 +msgid "" +"If the backend supports sub-domains the value of ldap_sasl_mech is " +"automatically inherited to the sub-domains. If a different value is needed " +"for a sub-domain it can be overwritten by setting ldap_sasl_mech for this " +"sub-domain explicitly. Please see TRUSTED DOMAIN SECTION in " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:988 +msgid "ldap_sasl_authid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ldap.5.xml:1000 +#, no-wrap +msgid "" +"hostname@REALM\n" +"netbiosname$@REALM\n" +"host/hostname@REALM\n" +"*$@REALM\n" +"host/*@REALM\n" +"host/*\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:991 +msgid "" +"Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " +"this represents the Kerberos principal used for authentication to the " +"directory. This option can either contain the full principal (for example " +"host/myhost@EXAMPLE.COM) or just the principal name (for example host/" +"myhost). By default, the value is not set and the following principals are " +"used: <placeholder type=\"programlisting\" id=\"0\"/> If none of them are " +"found, the first principal in keytab is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1011 +msgid "Default: host/hostname@REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1017 +msgid "ldap_sasl_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"Specify the SASL realm to use. When not specified, this option defaults to " +"the value of krb5_realm. If the ldap_sasl_authid contains the realm as " +"well, this option is ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1026 +msgid "Default: the value of krb5_realm." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1032 +msgid "ldap_sasl_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1035 +msgid "" +"If set to true, the LDAP library would perform a reverse lookup to " +"canonicalize the host name during a SASL bind." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1040 +msgid "Default: false;" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1046 +msgid "ldap_krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1049 +msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 +msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1064 +msgid "ldap_krb5_init_creds (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1067 +msgid "" +"Specifies that the id_provider should init Kerberos credentials (TGT). This " +"action is performed only if SASL is used and the mechanism selected is " +"GSSAPI or GSS-SPNEGO." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1079 +msgid "ldap_krb5_ticket_lifetime (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 +msgid "Default: 86400 (24 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 +msgid "krb5_server, krb5_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1100 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled - for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 +msgid "" +"When using service discovery for KDC or kpasswd servers, SSSD first searches " +"for DNS entries that specify _udp as the protocol and falls back to _tcp if " +"none are found." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 +msgid "" +"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " +"While the legacy name is recognized for the time being, users are advised to " +"migrate their config files to use <quote>krb5_server</quote> instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 +msgid "krb5_realm (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1129 +msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1133 +msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 +msgid "krb5_canonicalize (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1142 +msgid "" +"Specifies if the host principal should be canonicalized when connecting to " +"LDAP server. This feature is available with MIT Kerberos >= 1.7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 +msgid "krb5_use_kdcinfo (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 +msgid "" +"Specifies if the SSSD should instruct the Kerberos libraries what realm and " +"which KDCs to use. This option is on by default, if you disable it, you need " +"to configure the Kerberos library using the <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> configuration file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 +msgid "" +"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " +"information on the locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1182 +msgid "ldap_pwd_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1185 +msgid "" +"Select the policy to evaluate the password expiration on the client side. " +"The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1190 +msgid "" +"<emphasis>none</emphasis> - No evaluation on the client side. This option " +"cannot disable server-side password policies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1195 +msgid "" +"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " +"evaluate if the password has expired. Please see option " +"\"ldap_chpass_update_last_change\" as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1203 +msgid "" +"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " +"to determine if the password has expired. Use chpass_provider=krb5 to update " +"these attributes when the password is changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1212 +msgid "" +"<emphasis>Note</emphasis>: if a password policy is configured on server " +"side, it always takes precedence over policy set with this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1220 +msgid "ldap_referrals (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1223 +msgid "Specifies whether automatic referral chasing should be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1227 +msgid "" +"Please note that sssd only supports referral chasing when it is compiled " +"with OpenLDAP version 2.4.13 or higher." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1232 +msgid "" +"Chasing referrals may incur a performance penalty in environments that use " +"them heavily, a notable example is Microsoft Active Directory. If your setup " +"does not in fact require the use of referrals, setting this option to false " +"might bring a noticeable performance improvement. Setting this option to " +"false is therefore recommended in case the SSSD LDAP provider is used " +"together with Microsoft Active Directory as a backend. Even if SSSD would be " +"able to follow the referral to a different AD DC no additional data would be " +"available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1251 +msgid "ldap_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1254 +msgid "Specifies the service name to use when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1258 +msgid "Default: ldap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1264 +msgid "ldap_chpass_dns_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1267 +msgid "" +"Specifies the service name to use to find an LDAP server which allows " +"password changes when service discovery is enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1272 +msgid "Default: not set, i.e. service discovery is disabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1278 +msgid "ldap_chpass_update_last_change (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1281 +msgid "" +"Specifies whether to update the ldap_user_shadow_last_change attribute with " +"days since the Epoch after a password change operation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1287 +msgid "" +"It is recommend to set this option explicitly if \"ldap_pwd_policy = " +"shadow\" is used to let SSSD know if the LDAP server will update " +"shadowLastChange LDAP attribute automatically after a password change or if " +"SSSD has to update it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1301 +msgid "ldap_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1304 +msgid "" +"If using access_provider = ldap and ldap_access_order = filter (default), " +"this option is mandatory. It specifies an LDAP search filter criteria that " +"must be met for the user to be granted access on this host. If " +"access_provider = ldap, ldap_access_order = filter and this option is not " +"set, it will result in all users being denied access. Use access_provider = " +"permit to change this default behavior. Please note that this filter is " +"applied on the LDAP user entry only and thus filtering based on nested " +"groups may not work (e.g. memberOf attribute on AD entries points only to " +"direct parents). If filtering based on nested groups is required, please see " +"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1324 +msgid "Example:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ldap.5.xml:1327 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_filter = (employeeType=admin)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1331 +msgid "" +"This example means that access to this host is restricted to users whose " +"employeeType attribute is set to \"admin\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1336 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 +msgid "Default: Empty" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1350 +msgid "ldap_account_expire_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1353 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1357 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1364 +msgid "The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1367 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1372 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1379 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1385 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1393 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>expire</quote> in order for the " +"ldap_account_expire_policy option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1406 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1413 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1416 +msgid "" +"<emphasis>lockout</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. " +"Please note that 'access_provider = ldap' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1426 +msgid "" +"<emphasis> Please note that this option is superseded by the <quote>ppolicy</" +"quote> option and might be removed in a future release. </emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1433 +msgid "" +"<emphasis>ppolicy</emphasis>: use account locking. If set, this option " +"denies access in case that ldap attribute 'pwdAccountLockedTime' is present " +"and has value of '000001010000Z' or represents any time in the past. The " +"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which " +"denotes the UTC time zone. Other time zones are not currently supported and " +"will result in \"access-denied\" when users attempt to log in. Please see " +"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' " +"must be set for this feature to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1450 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 +msgid "" +"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " +"pwd_expire_policy_renew: </emphasis> These options are useful if users are " +"interested in being warned that password is about to expire and " +"authentication is based on using a different method than passwords - for " +"example SSH keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 +msgid "" +"The difference between these options is the action taken if user password is " +"expired:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 +msgid "pwd_expire_policy_reject - user is denied to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 +msgid "pwd_expire_policy_warn - user is still able to log in," +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 +msgid "" +"pwd_expire_policy_renew - user is prompted to change their password " +"immediately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1489 +msgid "" +"Please note that 'access_provider = ldap' must be set for this feature to " +"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1494 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1499 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1503 +msgid "" +"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " +"remote host can access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1507 +msgid "" +"Please note, rhost field in pam is set by application, it is better to check " +"what the application sends to pam, before enabling this access control option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1512 +msgid "Default: filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1515 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1522 +msgid "ldap_pwdlockout_dn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1525 +msgid "" +"This option specifies the DN of password policy entry on LDAP server. Please " +"note that absence of this option in sssd.conf in case of enabled account " +"lockout checking will yield access denied as ppolicy attributes on LDAP " +"server cannot be checked properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1533 +msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1536 +msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1542 +msgid "ldap_deref (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1545 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1550 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1554 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1559 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1564 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1569 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1577 +msgid "ldap_rfc2307_fallback_to_local_users (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1580 +msgid "" +"Allows to retain local users as members of an LDAP group for servers that " +"use the RFC2307 schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1584 +msgid "" +"In some environments where the RFC2307 schema is used, local users are made " +"members of LDAP groups by adding their names to the memberUid attribute. " +"The self-consistency of the domain is compromised when this is done, so SSSD " +"would normally remove the \"missing\" users from the cached group " +"memberships as soon as nsswitch tries to fetch information about the user " +"via getpw*() or initgroups() calls." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1595 +msgid "" +"This option falls back to checking if local users are referenced, and caches " +"them so that later initgroups() calls will augment the local users with the " +"additional LDAP groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 +msgid "wildcard_limit (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1610 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1614 +msgid "At the moment, only the InfoPipe responder supports wildcard lookups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "Default: 1000 (often the size of one page)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1624 +msgid "ldap_library_debug_level (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1627 +msgid "" +"Switches on libldap debugging with the given level. The libldap debug " +"messages will be written independent of the general debug_level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1632 +msgid "" +"OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " +"enable full debug output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1637 +msgid "Default: 0 (libldap debugging disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:52 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. Note that SSSD " +"LDAP mapping attributes are described in the <citerefentry> " +"<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1647 +msgid "SUDO OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1649 +msgid "" +"The detailed instructions for configuration of sudo_provider are in the " +"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1660 +msgid "ldap_sudo_full_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1663 +msgid "" +"How many seconds SSSD will wait between executing a full refresh of sudo " +"rules (which downloads all rules that are stored on the server)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1668 +msgid "" +"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" +"emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1673 +msgid "" +"You can disable full refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1678 +msgid "Default: 21600 (6 hours)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1684 +msgid "ldap_sudo_smart_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1687 +msgid "" +"How many seconds SSSD has to wait before executing a smart refresh of sudo " +"rules (which downloads all rules that have USN higher than the highest " +"server USN value that is currently known by SSSD)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1693 +msgid "" +"If USN attributes are not supported by the server, the modifyTimestamp " +"attribute is used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1697 +msgid "" +"<emphasis>Note:</emphasis> the highest USN value can be updated by three " +"tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " +"enumeration of users and groups (if enabled and updated users or groups are " +"found) and 3) by reconnecting to the server (by default every 15 minutes, " +"see <emphasis>ldap_connection_expire_timeout</emphasis>)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1708 +msgid "" +"You can disable smart refresh by setting this option to 0. However, either " +"smart or full refresh must be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1719 +msgid "ldap_sudo_random_offset (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1722 +msgid "" +"Random offset between 0 and configured value is added to smart and full " +"refresh periods each time the periodic task is scheduled. The value is in " +"seconds." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1728 +msgid "" +"Note that this random offset is also applied on the first SSSD start which " +"delays the first sudo rules refresh. This prolongs the time when the sudo " +"rules are not available for use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1734 +msgid "You can disable this offset by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1744 +msgid "ldap_sudo_use_host_filter (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1747 +msgid "" +"If true, SSSD will download only rules that are applicable to this machine " +"(using the IPv4 or IPv6 host/network addresses and hostnames)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1758 +msgid "ldap_sudo_hostnames (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1761 +msgid "" +"Space separated list of hostnames or fully qualified domain names that " +"should be used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1766 +msgid "" +"If this option is empty, SSSD will try to discover the hostname and the " +"fully qualified domain name automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 +msgid "" +"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" +"emphasis> then this option has no effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 +msgid "Default: not specified" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1782 +msgid "ldap_sudo_ip (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1785 +msgid "" +"Space separated list of IPv4 or IPv6 host/network addresses that should be " +"used to filter the rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1790 +msgid "" +"If this option is empty, SSSD will try to discover the addresses " +"automatically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1805 +msgid "ldap_sudo_include_netgroups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1808 +msgid "" +"If true then SSSD will download every rule that contains a netgroup in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1823 +msgid "ldap_sudo_include_regexp (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1826 +msgid "" +"If true then SSSD will download every rule that contains a wildcard in " +"sudoHost attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> +#: sssd-ldap.5.xml:1836 +msgid "" +"Using wildcard is an operation that is very costly to evaluate on the LDAP " +"server side!" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1848 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute semantics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1858 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1860 +msgid "" +"Some of the defaults for the parameters below are dependent on the LDAP " +"schema." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1866 +msgid "ldap_autofs_map_master_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1869 +msgid "The name of the automount master map in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1872 +msgid "Default: auto.master" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1883 +msgid "ADVANCED OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1890 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1895 +msgid "ldap_user_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1900 +msgid "ldap_group_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note> +#: sssd-ldap.5.xml:1905 +msgid "<note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> +#: sssd-ldap.5.xml:1907 +msgid "" +"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " +"against Active Directory will not be restricted and return all groups " +"memberships, even with no GID mapping. It is recommended to disable this " +"feature, if group names are not being displayed correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist> +#: sssd-ldap.5.xml:1914 +msgid "</note>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1916 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1921 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1885 +msgid "" +"These options are supported by LDAP domains, but they should be used with " +"caution. Please include them in your configuration only if you know what you " +"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder " +"type=\"variablelist\" id=\"1\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 +msgid "EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1938 +msgid "" +"The following example assumes that SSSD is correctly configured and LDAP is " +"set to one of the domains in the <replaceable>[domains]</replaceable> " +"section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1944 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 +#: include/ldap_id_mapping.xml:105 +msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1955 +msgid "LDAP ACCESS FILTER EXAMPLE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1957 +msgid "" +"The following example assumes that SSSD is correctly configured and to use " +"the ldap_access_order=lockout." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ldap.5.xml:1962 +#, no-wrap +msgid "" +"[domain/LDAP]\n" +"id_provider = ldap\n" +"auth_provider = ldap\n" +"access_provider = ldap\n" +"ldap_access_order = lockout\n" +"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n" +"ldap_uri = ldap://ldap.mydomain.org\n" +"ldap_search_base = dc=mydomain,dc=org\n" +"ldap_tls_reqcert = demand\n" +"cache_credentials = true\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 +msgid "NOTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1979 +msgid "" +"The descriptions of some of the configuration options in this manual page " +"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " +"distribution." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss.8.xml:11 pam_sss.8.xml:16 +msgid "pam_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: pam_sss.8.xml:12 pam_sss_gss.8.xml:12 sssd_krb5_locator_plugin.8.xml:11 +#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11 +#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 +#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11 +#: sssd_krb5_localauth_plugin.8.xml:11 +msgid "8" +msgstr "8" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss.8.xml:17 +msgid "PAM module for SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss.8.xml:22 +msgid "" +"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" +"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" +"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" +"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </" +"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </" +"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg " +"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg " +"choice='opt'> <replaceable>prompt_always</replaceable> </arg> <arg " +"choice='opt'> <replaceable>try_cert_auth</replaceable> </arg> <arg " +"choice='opt'> <replaceable>require_cert_auth</replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:64 +msgid "" +"<command>pam_sss.so</command> is the PAM interface to the System Security " +"Services daemon (SSSD). Errors and results are logged through " +"<command>syslog(3)</command> with the LOG_AUTHPRIV facility." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58 +#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123 +#: sss_ssh_knownhostsproxy.1.xml:62 +msgid "OPTIONS" +msgstr "选项" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:74 +msgid "<option>quiet</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:77 +msgid "Suppress log messages for unknown users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:82 +msgid "<option>forward_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:85 +msgid "" +"If <option>forward_pass</option> is set the entered password is put on the " +"stack for other PAM modules to use." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:92 +msgid "<option>use_first_pass</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:95 +msgid "" +"The argument use_first_pass forces the module to use a previous stacked " +"modules password and will never prompt the user - if no password is " +"available or the password is not appropriate, the user will be denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:103 +msgid "<option>use_authtok</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:106 +msgid "" +"When password changing enforce the module to set the new password to the one " +"provided by a previously stacked password module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:113 +msgid "<option>retry=N</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:116 +msgid "" +"If specified the user is asked another N times for a password if " +"authentication fails. Default is 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:118 +msgid "" +"Please note that this option might not work as expected if the application " +"calling PAM handles the user dialog on its own. A typical example is " +"<command>sshd</command> with <option>PasswordAuthentication</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:127 +msgid "<option>ignore_unknown_user</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:130 +msgid "" +"If this option is specified and the user does not exist, the PAM module will " +"return PAM_IGNORE. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:137 +msgid "<option>ignore_authinfo_unavail</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:141 +msgid "" +"Specifies that the PAM module should return PAM_IGNORE if it cannot contact " +"the SSSD daemon. This causes the PAM framework to ignore this module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:148 +msgid "<option>domains</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:152 +msgid "" +"Allows the administrator to restrict the domains a particular PAM service is " +"allowed to authenticate against. The format is a comma-separated list of " +"SSSD domain names, as specified in the sssd.conf file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:158 +msgid "" +"NOTE: If this is used for a service not running as root user, e.g. a web-" +"server, it must be used in conjunction with the <quote>pam_trusted_users</" +"quote> and <quote>pam_public_domains</quote> options. Please see the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more information on these two PAM " +"responder options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:173 +msgid "<option>allow_missing_name</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:177 +msgid "" +"The main purpose of this option is to let SSSD determine the user name based " +"on additional information, e.g. the certificate from a Smartcard." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: pam_sss.8.xml:187 +#, no-wrap +msgid "" +"auth sufficient pam_sss.so allow_missing_name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:182 +msgid "" +"The current use case are login managers which can monitor a Smartcard reader " +"for card events. In case a Smartcard is inserted the login manager will call " +"a PAM stack which includes a line like <placeholder type=\"programlisting\" " +"id=\"0\"/> In this case SSSD will try to determine the user name based on " +"the content of the Smartcard, returns it to pam_sss which will finally put " +"it on the PAM stack." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:197 +msgid "<option>prompt_always</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:201 +msgid "" +"Always prompt the user for credentials. With this option credentials " +"requested by other PAM modules, typically a password, will be ignored and " +"pam_sss will prompt for credentials again. Based on the pre-auth reply by " +"SSSD pam_sss might prompt for a password, a Smartcard PIN or other " +"credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:212 +msgid "<option>try_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:216 +msgid "" +"Try to use certificate based authentication, i.e. authentication with a " +"Smartcard or similar devices. If a Smartcard is available and the service is " +"allowed for Smartcard authentication the user will be prompted for a PIN and " +"the certificate based authentication will continue" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:224 +msgid "" +"If no Smartcard is available or certificate based authentication is not " +"allowed for the current service PAM_AUTHINFO_UNAVAIL is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:232 +msgid "<option>require_cert_auth</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:236 +msgid "" +"Do certificate based authentication, i.e. authentication with a Smartcard " +"or similar devices. If a Smartcard is not available the user will be " +"prompted to insert one. SSSD will wait for a Smartcard until the timeout " +"defined by p11_wait_for_card_timeout passed, please see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:246 +msgid "" +"If no Smartcard is available after the timeout or certificate based " +"authentication is not allowed for the current service PAM_AUTHINFO_UNAVAIL " +"is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:256 pam_sss_gss.8.xml:103 +msgid "MODULE TYPES PROVIDED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:257 +msgid "" +"All module types (<option>account</option>, <option>auth</option>, " +"<option>password</option> and <option>session</option>) are provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:260 +msgid "" +"If SSSD's PAM responder is not running, e.g. if the PAM responder socket is " +"not available, pam_sss will return PAM_USER_UNKNOWN when called as " +"<option>account</option> module to avoid issues with users from other " +"sources during access control." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:267 pam_sss_gss.8.xml:108 +msgid "RETURN VALUES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:270 pam_sss_gss.8.xml:111 +msgid "PAM_SUCCESS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:273 pam_sss_gss.8.xml:114 +msgid "The PAM operation finished successfully." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:278 pam_sss_gss.8.xml:119 +msgid "PAM_USER_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:281 +msgid "" +"The user is not known to the authentication service or the SSSD's PAM " +"responder is not running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:287 pam_sss_gss.8.xml:128 +msgid "PAM_AUTH_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:290 +msgid "" +"Authentication failure. Also, could be returned when there is a problem with " +"getting the certificate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:296 +msgid "PAM_PERM_DENIED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:299 +msgid "" +"Permission denied. The SSSD log files may contain additional information " +"about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:305 +msgid "PAM_IGNORE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:308 +msgid "" +"See options <option>ignore_unknown_user</option> and " +"<option>ignore_authinfo_unavail</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:314 +msgid "PAM_AUTHTOK_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:317 +msgid "" +"Unable to obtain the new authentication token. Also, could be returned when " +"the user authenticates with certificates and multiple certificates are " +"available, but the installed version of GDM does not support selection from " +"multiple certificates." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:325 pam_sss_gss.8.xml:136 +msgid "PAM_AUTHINFO_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:328 pam_sss_gss.8.xml:139 +msgid "" +"Unable to access the authentication information. This might be due to a " +"network or hardware failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:334 +msgid "PAM_BUF_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:337 +msgid "" +"A memory error occurred. Also, could be returned when options use_first_pass " +"or use_authtok were set, but no password was found from the previously " +"stacked PAM module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:344 pam_sss_gss.8.xml:145 +msgid "PAM_SYSTEM_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:347 pam_sss_gss.8.xml:148 +msgid "" +"A system error occurred. The SSSD log files may contain additional " +"information about the error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:353 +msgid "PAM_CRED_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:356 +msgid "Unable to set the credentials of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:361 +msgid "PAM_CRED_INSUFFICIENT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:364 +msgid "" +"The application does not have sufficient credentials to authenticate the " +"user. For example, missing PIN during smartcard authentication or missing " +"factor during two-factor authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:372 +msgid "PAM_SERVICE_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:375 +msgid "Error in service module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:380 +msgid "PAM_NEW_AUTHTOK_REQD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:383 +msgid "The user's authentication token has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:388 +msgid "PAM_ACCT_EXPIRED" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:391 +msgid "The user account has expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:396 +msgid "PAM_SESSION_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:399 +msgid "Unable to fetch IPA Desktop Profile rules or user info." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:404 +msgid "PAM_CRED_UNAVAIL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:407 +msgid "Unable to retrieve Kerberos user credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:412 +msgid "PAM_NO_MODULE_DATA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:415 +msgid "" +"No authentication method was found by Kerberos. This might happen if the " +"user has a Smartcard assigned but the pkint plugin is not available on the " +"client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:422 +msgid "PAM_CONV_ERR" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:425 +msgid "Conversation failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:430 +msgid "PAM_AUTHTOK_LOCK_BUSY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:433 +msgid "No KDC suitable for password change is available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:438 +msgid "PAM_ABORT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:441 +msgid "Unknown PAM call." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:446 +msgid "PAM_MODULE_UNKNOWN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:449 +msgid "Unsupported PAM task or command." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss.8.xml:454 +msgid "PAM_BAD_ITEM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss.8.xml:457 +msgid "The authentication module cannot handle Smartcard credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss.8.xml:465 +msgid "FILES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:466 +msgid "" +"If a password reset by root fails, because the corresponding SSSD provider " +"does not support password resets, an individual message can be displayed. " +"This message can e.g. contain instructions about how to reset a password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:471 +msgid "" +"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" +"filename> where LOC stands for a locale string returned by <citerefentry> " +"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" +"citerefentry>. If there is no matching file the content of " +"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " +"the owner of the files and only root may have read and write permissions " +"while all other users must have only read permissions." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss.8.xml:481 +msgid "" +"These files are searched in the directory <filename>/etc/sssd/customize/" +"DOMAIN_NAME/</filename>. If no matching file is present a generic message is " +"displayed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: pam_sss_gss.8.xml:11 pam_sss_gss.8.xml:16 +msgid "pam_sss_gss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: pam_sss_gss.8.xml:17 +msgid "PAM module for SSSD GSSAPI authentication" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: pam_sss_gss.8.xml:22 +msgid "" +"<command>pam_sss_gss.so</command> <arg choice='opt'> <replaceable>debug</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:32 +msgid "" +"<command>pam_sss_gss.so</command> authenticates user over GSSAPI in " +"cooperation with SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:36 +msgid "" +"This module will try to authenticate the user using the GSSAPI hostbased " +"service name host@hostname which translates to host/hostname@REALM Kerberos " +"principal. The <emphasis>REALM</emphasis> part of the Kerberos principal " +"name is derived by Kerberos internal mechanisms and it can be set explicitly " +"in configuration of [domain_realm] section in /etc/krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:44 +msgid "" +"SSSD is used to provide desired service name and to validate the user's " +"credentials using GSSAPI calls. If the service ticket is already present in " +"the Kerberos credentials cache or if user's ticket granting ticket can be " +"used to get the correct service ticket then the user will be authenticated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:51 +msgid "" +"If <option>pam_gssapi_check_upn</option> is True (default) then SSSD " +"requires that the credentials used to obtain the service tickets can be " +"associated with the user. This means that the principal that owns the " +"Kerberos credentials must match with the user principal name as defined in " +"LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:58 +msgid "" +"To enable GSSAPI authentication in SSSD, set <option>pam_gssapi_services</" +"option> option in [pam] or domain section of sssd.conf. The service " +"credentials need to be stored in SSSD's keytab (it is already present if you " +"use ipa or ad provider). The keytab location can be set with " +"<option>krb5_keytab</option> option. See <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> and " +"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more details on these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:74 +msgid "" +"Some Kerberos deployments allow to associate authentication indicators with " +"a particular pre-authentication method used to obtain the ticket granting " +"ticket by the user. <command>pam_sss_gss.so</command> allows to enforce " +"presence of authentication indicators in the service tickets before a " +"particular PAM service can be accessed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:82 +msgid "" +"If <option>pam_gssapi_indicators_map</option> is set in the [pam] or domain " +"section of sssd.conf, then SSSD will perform a check of the presence of any " +"configured indicators in the service ticket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: pam_sss_gss.8.xml:93 +msgid "<option>debug</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:96 +msgid "Print debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:104 +msgid "Only the <option>auth</option> module type is provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:122 +msgid "" +"The user is not known to the authentication service or the GSSAPI " +"authentication is not supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: pam_sss_gss.8.xml:131 +msgid "Authentication failure." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:159 +msgid "" +"The main use case is to provide password-less authentication in sudo but " +"without the need to disable authentication completely. To achieve this, " +"first enable GSSAPI authentication for sudo in sssd.conf:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:165 +#, no-wrap +msgid "" +"[domain/MYDOMAIN]\n" +"pam_gssapi_services = sudo, sudo-i\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:169 +msgid "" +"And then enable the module in desired PAM stack (e.g. /etc/pam.d/sudo and /" +"etc/pam.d/sudo-i)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:173 +#, no-wrap +msgid "" +"...\n" +"auth sufficient pam_sss_gss.so\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: pam_sss_gss.8.xml:180 +msgid "TROUBLESHOOTING" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:182 +msgid "" +"SSSD logs, pam_sss_gss debug output and syslog may contain helpful " +"information about the error. Here are some common issues:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:186 +msgid "" +"1. I have KRB5CCNAME environment variable set and the authentication does " +"not work: Depending on your sudo version, it is possible that sudo does not " +"pass this variable to the PAM environment. Try adding KRB5CCNAME to " +"<option>env_keep</option> in /etc/sudoers or in your LDAP sudo rules default " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:193 +msgid "" +"2. Authentication does not work and syslog contains \"Server not found in " +"Kerberos database\": Kerberos is probably not able to resolve correct realm " +"for the service ticket based on the hostname. Try adding the hostname " +"directly to <option>[domain_realm]</option> in /etc/krb5.conf like so:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:200 +msgid "" +"3. Authentication does not work and syslog contains \"No Kerberos " +"credentials available\": You don't have any credentials that can be used to " +"obtain the required service ticket. Use kinit or authenticate over SSSD to " +"acquire those credentials." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: pam_sss_gss.8.xml:206 +msgid "" +"4. Authentication does not work and SSSD sssd-pam log contains \"User with " +"UPN [$UPN] was not found.\" or \"UPN [$UPN] does not match target user " +"[$username].\": You are using credentials that can not be mapped to the user " +"that is being authenticated. Try to use kswitch to select different " +"principal, make sure you authenticated with SSSD or consider disabling " +"<option>pam_gssapi_check_upn</option>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: pam_sss_gss.8.xml:214 +#, no-wrap +msgid "" +"[domain_realm]\n" +".myhostname = MYREALM\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 +msgid "sssd_krb5_locator_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_locator_plugin.8.xml:16 +msgid "Kerberos locator plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:22 +msgid "" +"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " +"used by libkrb5 to find KDCs for a given Kerberos realm. SSSD provides such " +"a plugin to guide all Kerberos clients on a system to a single KDC. In " +"general it should not matter to which KDC a client process is talking to. " +"But there are cases, e.g. after a password change, where not all KDCs are in " +"the same state because the new data has to be replicated first. To avoid " +"unexpected authentication failures and maybe even account lockings it would " +"be good to talk to a single KDC as long as possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:34 +msgid "" +"libkrb5 will search the locator plugin in the libkrb5 sub-directory of the " +"Kerberos plugin directory, see plugin_base_dir in <citerefentry> " +"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for details. The plugin can only be disabled by removing the " +"plugin file. There is no option in the Kerberos configuration to disable it. " +"But the SSSD_KRB5_LOCATOR_DISABLE environment variable can be used to " +"disable the plugin for individual commands. Alternatively the SSSD option " +"krb5_use_kdcinfo=False can be used to not generate the data needed by the " +"plugin. With this the plugin is still called but will provide no data to the " +"caller so that libkrb5 can fall back to other methods defined in krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:50 +msgid "" +"The plugin reads the information about the KDCs of a given realm from a file " +"called <filename>kdcinfo.REALM</filename>. The file should contain one or " +"more DNS names or IP addresses either in dotted-decimal IPv4 notation or the " +"hexadecimal IPv6 notation. An optional port number can be added to the end " +"separated with a colon, the IPv6 address has to be enclosed in squared " +"brackets in this case as usual. Valid entries are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:58 +msgid "kdc.example.com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:59 +msgid "kdc.example.com:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:60 +msgid "1.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:61 +msgid "5.6.7.8:99" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:62 +msgid "2001:db8:85a3::8a2e:370:7334" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd_krb5_locator_plugin.8.xml:63 +msgid "[2001:db8:85a3::8a2e:370:7334]:321" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:65 +msgid "" +"SSSD's krb5 auth-provider which is used by the IPA and AD providers as well " +"adds the address of the current KDC or domain controller SSSD is using to " +"this file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:70 +msgid "" +"In environments with read-only and read-write KDCs where clients are " +"expected to use the read-only instances for the general operations and only " +"the read-write KDC for config changes like password changes a " +"<filename>kpasswdinfo.REALM</filename> is used as well to identify read-" +"write KDCs. If this file exists for the given realm the content will be used " +"by the plugin to reply to requests for a kpasswd or kadmin server or for the " +"MIT Kerberos specific master KDC. If the address contains a port number the " +"default KDC port 88 will be used for the latter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:85 +msgid "" +"Not all Kerberos implementations support the use of plugins. If " +"<command>sssd_krb5_locator_plugin</command> is not available on your system " +"you have to edit /etc/krb5.conf to reflect your Kerberos setup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:91 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " +"debug messages will be sent to stderr." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:95 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value " +"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the " +"caller." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:100 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES is set to " +"any value plugin will try to resolve all DNS names in kdcinfo file. By " +"default plugin returns KRB5_PLUGIN_NO_HANDLE to the caller immediately on " +"first DNS resolving failure." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-simple.5.xml:10 sssd-simple.5.xml:16 +msgid "sssd-simple" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-simple.5.xml:17 +msgid "the configuration file for SSSD's 'simple' access-control provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:24 +msgid "" +"This manual page describes the configuration of the simple access-control " +"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " +"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:38 +msgid "" +"The simple access provider grants or denies access based on an access or " +"deny list of user or group names. The following rules apply:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:43 +msgid "If all lists are empty, access is granted" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:47 +msgid "" +"If any list is provided, the order of evaluation is allow,deny. This means " +"that any matching deny rule will supersede any matched allow rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:54 +msgid "" +"If either or both \"allow\" lists are provided, all users are denied unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-simple.5.xml:60 +msgid "" +"If only \"deny\" lists are provided, all users are granted access unless " +"they appear in the list." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:78 +msgid "simple_allow_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:81 +msgid "Comma separated list of users who are allowed to log in." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:88 +msgid "simple_deny_users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:91 +msgid "Comma separated list of users who are explicitly denied access." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:97 +msgid "simple_allow_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:100 +msgid "" +"Comma separated list of groups that are allowed to log in. This applies only " +"to groups within this SSSD domain. Local groups are not evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-simple.5.xml:108 +msgid "simple_deny_groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-simple.5.xml:111 +msgid "" +"Comma separated list of groups that are explicitly denied access. This " +"applies only to groups within this SSSD domain. Local groups are not " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:83 sssd-ad.5.xml:131 +msgid "" +"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " +"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> manual page for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:120 +msgid "" +"Specifying no values for any of the lists is equivalent to skipping it " +"entirely. Beware of this while generating parameters for the simple provider " +"using automated scripts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:125 +msgid "" +"Please note that it is an configuration error if both, simple_allow_users " +"and simple_deny_users, are defined." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:133 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the simple access provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-simple.5.xml:140 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"access_provider = simple\n" +"simple_allow_users = user1, user2\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-simple.5.xml:150 +msgid "" +"The complete group membership hierarchy is resolved before the access check, " +"thus even nested groups can be included in the access lists. Please be " +"aware that the <quote>ldap_group_nesting_level</quote> option may impact the " +"results and should be set to a sufficient value. (<citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>) option." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss-certmap.5.xml:10 sss-certmap.5.xml:16 +msgid "sss-certmap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss-certmap.5.xml:17 +msgid "SSSD Certificate Matching and Mapping Rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:23 +msgid "" +"The manual page describes the rules which can be used by SSSD and other " +"components to match X.509 certificates and map them to accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:28 +msgid "" +"Each rule has four components, a <quote>priority</quote>, a <quote>matching " +"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</" +"quote>. All components are optional. A missing <quote>priority</quote> will " +"add the rule with the lowest priority. The default <quote>matching rule</" +"quote> will match certificates with the digitalSignature key usage and " +"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty " +"the certificates will be searched in the userCertificate attribute as DER " +"encoded binary. If no domains are given only the local domain will be " +"searched." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:39 +msgid "" +"To allow extensions or completely different style of rule the " +"<quote>mapping</quote> and <quote>matching rules</quote> can contain a " +"prefix separated with a ':' from the main part of the rule. The prefix may " +"only contain upper-case ASCII letters and numbers. If the prefix is omitted " +"the default type will be used which is 'KRB5' for the matching rules and " +"'LDAP' for the mapping rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:48 +msgid "" +"The 'sssctl' utility provides the 'cert-eval-rule' command to check if a " +"given certificate matches a matching rules and how the output of a mapping " +"rule would look like." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss-certmap.5.xml:55 +msgid "RULE COMPONENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:57 +msgid "PRIORITY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:59 +msgid "" +"The rules are processed by priority while the number '0' (zero) indicates " +"the highest priority. The higher the number the lower is the priority. A " +"missing value indicates the lowest priority. The rules processing is stopped " +"when a matched rule is found and no further rules are checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:66 +msgid "" +"Internally the priority is treated as unsigned 32bit integer, using a " +"priority value larger than 4294967295 will cause an error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:70 +msgid "" +"If multiple rules have the same priority and only one of the related " +"matching rules applies, this rule will be chosen. If there are multiple " +"rules with the same priority which matches, one is chosen but which one is " +"undefined. To avoid this undefined behavior either use different priorities " +"or make the matching rules more specific e.g. by using distinct <" +"ISSUER> patterns." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:79 +msgid "MATCHING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:81 +msgid "" +"The matching rule is used to select a certificate to which the mapping rule " +"should be applied. It uses a system similar to the one used by " +"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a " +"keyword enclosed by '<' and '>' which identified a certain part of the " +"certificate and a pattern which should be found for the rule to match. " +"Multiple keyword pattern pairs can be either joined with '&&' (and) " +"or '||' (or)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:90 +msgid "" +"Given the similarity to MIT Kerberos the type prefix for this rule is " +"'KRB5'. But 'KRB5' will also be the default for <quote>matching rules</" +"quote> so that \"<SUBJECT>.*,DC=MY,DC=DOMAIN\" and \"KRB5:<" +"SUBJECT>.*,DC=MY,DC=DOMAIN\" are equivalent." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:99 +msgid "<SUBJECT>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:102 +msgid "" +"With this a part or the whole subject name of the certificate can be " +"matched. For the matching POSIX Extended Regular Expression syntax is used, " +"see regex(7) for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:108 +msgid "" +"For the matching the subject name stored in the certificate in DER encoded " +"ASN.1 is converted into a string according to RFC 4514. This means the most " +"specific name component comes first. Please note that not all possible " +"attribute names are covered by RFC 4514. The names included are 'CN', 'L', " +"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might " +"be shown differently on different platform and by different tools. To avoid " +"confusion those attribute names are best not used or covered by a suitable " +"regular-expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:121 +msgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:124 +msgid "" +"Please note that the characters \"^.[$()|*+?{\\\" have a special meaning in " +"regular expressions and must be escaped with the help of the '\\' character " +"so that they are matched as ordinary characters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:130 +msgid "Example: <SUBJECT>^CN=.* \\(Admin\\),DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:135 +msgid "<ISSUER>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:138 +msgid "" +"With this a part or the whole issuer name of the certificate can be matched. " +"All comments for <SUBJECT> apply her as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:143 +msgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:148 +msgid "<KU>key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:151 +msgid "" +"This option can be used to specify which key usage values the certificate " +"should have. The following values can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:155 +msgid "digitalSignature" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:156 +msgid "nonRepudiation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:157 +msgid "keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:158 +msgid "dataEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:159 +msgid "keyAgreement" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:160 +msgid "keyCertSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:161 +msgid "cRLSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:162 +msgid "encipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:163 +msgid "decipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:167 +msgid "" +"A numerical value in the range of a 32bit unsigned integer can be used as " +"well to cover special use cases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:171 +msgid "Example: <KU>digitalSignature,keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:176 +msgid "<EKU>extended-key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:179 +msgid "" +"This option can be used to specify which extended key usage the certificate " +"should have. The following value can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:183 +msgid "serverAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:184 +msgid "clientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:185 +msgid "codeSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:186 +msgid "emailProtection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:187 +msgid "timeStamping" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:188 +msgid "OCSPSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:189 +msgid "KPClientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:190 +msgid "pkinit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:191 +msgid "msScLogin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:195 +msgid "" +"Extended key usages which are not listed above can be specified with their " +"OID in dotted-decimal notation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:199 +msgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:204 +msgid "<SAN>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:207 +msgid "" +"To be compatible with the usage of MIT Kerberos this option will match the " +"Kerberos principals in the PKINIT or AD NT Principal SAN as <SAN:" +"Principal> does." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:212 +msgid "Example: <SAN>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:217 +msgid "<SAN:Principal>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:220 +msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:224 +msgid "Example: <SAN:Principal>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:229 +msgid "<SAN:ntPrincipalName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:232 +msgid "Match the Kerberos principals from the AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:236 +msgid "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:241 +msgid "<SAN:pkinit>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:244 +msgid "Match the Kerberos principals from the PKINIT SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:247 +msgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:252 +msgid "<SAN:dotted-decimal-oid>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:255 +msgid "" +"Take the value of the otherName SAN component given by the OID in dotted-" +"decimal notation, interpret it as string and try to match it against the " +"regular expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:261 +msgid "Example: <SAN:1.2.3.4>test" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:266 +msgid "<SAN:otherName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:269 +msgid "" +"Do a binary match with the base64 encoded blob against all otherName SAN " +"components. With this option it is possible to match against custom " +"otherName components with special encodings which could not be treated as " +"strings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:276 +msgid "Example: <SAN:otherName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:281 +msgid "<SAN:rfc822Name>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:284 +msgid "Match the value of the rfc822Name SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:287 +msgid "Example: <SAN:rfc822Name>.*@email\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:292 +msgid "<SAN:dNSName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:295 +msgid "Match the value of the dNSName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:298 +msgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:303 +msgid "<SAN:x400Address>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:306 +msgid "Binary match the value of the x400Address SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:309 +msgid "Example: <SAN:x400Address>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:314 +msgid "<SAN:directoryName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:317 +msgid "" +"Match the value of the directoryName SAN. The same comments as given for <" +"ISSUER> and <SUBJECT> apply here as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:322 +msgid "Example: <SAN:directoryName>.*,DC=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:327 +msgid "<SAN:ediPartyName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:330 +msgid "Binary match the value of the ediPartyName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:333 +msgid "Example: <SAN:ediPartyName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:338 +msgid "<SAN:uniformResourceIdentifier>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:341 +msgid "Match the value of the uniformResourceIdentifier SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:344 +msgid "Example: <SAN:uniformResourceIdentifier>URN:.*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:349 +msgid "<SAN:iPAddress>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:352 +msgid "Match the value of the iPAddress SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:355 +msgid "Example: <SAN:iPAddress>192\\.168\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:360 +msgid "<SAN:registeredID>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:363 +msgid "Match the value of the registeredID SAN as dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:367 +msgid "Example: <SAN:registeredID>1\\.2\\.3\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:96 +msgid "" +"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:375 +msgid "MAPPING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:377 +msgid "" +"The mapping rule is used to associate a certificate with one or more " +"accounts. A Smartcard with the certificate and the matching private key can " +"then be used to authenticate as one of those accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:382 +msgid "" +"Currently SSSD basically only supports LDAP to lookup user information (the " +"exception is the proxy provider which is not of relevance here). Because of " +"this the mapping rule is based on LDAP search filter syntax with templates " +"to add certificate content to the filter. It is expected that the filter " +"will only contain the specific data needed for the mapping and that the " +"caller will embed it in another filter to do the actual search. Because of " +"this the filter string should start and stop with '(' and ')' respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:392 +msgid "" +"In general it is recommended to use attributes from the certificate and add " +"them to special attributes to the LDAP user object. E.g. the " +"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute " +"for IPA can be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:398 +msgid "" +"This should be preferred to read user specific data from the certificate " +"like e.g. an email address and search for it in the LDAP server. The reason " +"is that the user specific data in LDAP might change for various reasons " +"would break the mapping. On the other hand it would be hard to break the " +"mapping on purpose for a specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:406 +msgid "" +"The default <quote>mapping rule</quote> type is 'LDAP' which can be added as " +"a prefix to a rule like e.g. 'LDAP:(userCertificate;binary={cert!bin})'. " +"There is an extension called 'LDAPU1' which offer more templates for more " +"flexibility. To allow older versions of this library to ignore the extension " +"the prefix 'LDAPU1' must be used when using the new templates in a " +"<quote>mapping rule</quote> otherwise the old version of this library will " +"fail with a parsing error. The new templates are described in section <xref " +"linkend=\"map_ldapu1\"/>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:424 +msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:427 +msgid "" +"This template will add the full issuer DN converted to a string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:433 sss-certmap.5.xml:459 +msgid "" +"The conversion options starting with 'ad_' will use attribute names as used " +"by AD, e.g. 'S' instead of 'ST'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:437 sss-certmap.5.xml:463 +msgid "" +"The conversion options starting with 'nss_' will use attribute names as used " +"by NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:441 sss-certmap.5.xml:467 +msgid "" +"The default conversion option is 'nss', i.e. attribute names according to " +"NSS and LDAP/RFC 4514 ordering." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:445 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!" +"ad})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:450 +msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:453 +msgid "" +"This template will add the full subject DN converted to string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:471 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>" +"{subject_dn!nss_x500})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:476 +msgid "{cert[!(bin|base64)]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:479 +msgid "" +"This template will add the whole DER encoded certificate as a string to the " +"search filter. Depending on the conversion option the binary certificate is " +"either converted to an escaped hex sequence '\\xx' or base64. The escaped " +"hex sequence is the default and can e.g. be used with the LDAP attribute " +"'userCertificate;binary'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:487 +msgid "Example: (userCertificate;binary={cert!bin})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:492 +msgid "{subject_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:495 +msgid "" +"This template will add the Kerberos principal which is taken either from the " +"SAN used by pkinit or the one used by AD. The 'short_name' component " +"represents the first part of the principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:501 +msgid "" +"Example: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:506 +msgid "{subject_pkinit_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:509 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by pkinit. The 'short_name' component represents the first part of the " +"principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:515 +msgid "" +"Example: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:520 +msgid "{subject_nt_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:523 +msgid "" +"This template will add the Kerberos principal which is given by the SAN used " +"by AD. The 'short_name' component represent the first part of the principal " +"before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:529 +msgid "" +"Example: (|(userPrincipalName={subject_nt_principal})" +"(samAccountName={subject_nt_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:534 +msgid "{subject_rfc822_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:537 +msgid "" +"This template will add the string which is stored in the rfc822Name " +"component of the SAN, typically an email address. The 'short_name' component " +"represents the first part of the address before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:543 +msgid "" +"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name." +"short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:548 +msgid "{subject_dns_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:551 +msgid "" +"This template will add the string which is stored in the dNSName component " +"of the SAN, typically a fully-qualified host name. The 'short_name' " +"component represents the first part of the name before the first '.' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:557 +msgid "" +"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:562 +msgid "{subject_uri}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:565 +msgid "" +"This template will add the string which is stored in the " +"uniformResourceIdentifier component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:569 +msgid "Example: (uri={subject_uri})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:574 +msgid "{subject_ip_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:577 +msgid "" +"This template will add the string which is stored in the iPAddress component " +"of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:581 +msgid "Example: (ip={subject_ip_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:586 +msgid "{subject_x400_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:589 +msgid "" +"This template will add the value which is stored in the x400Address " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:594 +msgid "Example: (attr:binary={subject_x400_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:599 +msgid "" +"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:602 +msgid "" +"This template will add the DN string of the value which is stored in the " +"directoryName component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:606 +msgid "Example: (orig_dn={subject_directory_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:611 +msgid "{subject_ediparty_name}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:614 +msgid "" +"This template will add the value which is stored in the ediPartyName " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:619 +msgid "Example: (attr:binary={subject_ediparty_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:624 +msgid "{subject_registered_id}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:627 +msgid "" +"This template will add the OID which is stored in the registeredID component " +"of the SAN as a dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:632 +msgid "Example: (oid={subject_registered_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:417 +msgid "" +"The templates to add certificate data to the search filter are based on " +"Python-style formatting strings. They consist of a keyword in curly braces " +"with an optional sub-component specifier separated by a '.' or an optional " +"conversion/formatting option separated by a '!'. Allowed values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><title> +#: sss-certmap.5.xml:639 +msgid "LDAPU1 extension" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para> +#: sss-certmap.5.xml:641 +msgid "The following template are available when using the 'LDAPU1' extension:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:647 +msgid "{serial_number[!(dec|hex[_ucr])]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:650 +msgid "" +"This template will add the serial number of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:655 +msgid "" +"With the formatting option '!dec' the number will be printed as decimal " +"string. The hexadecimal output can be printed with upper-case letters ('!" +"hex_u'), with a colon separating the hexadecimal bytes ('!hex_c') or with " +"the hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can " +"be combined so that e.g. '!hex_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:665 +msgid "Example: LDAPU1:(serial={serial_number})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:671 +msgid "{subject_key_id[!hex[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:674 +msgid "" +"This template will add the subject key id of the certificate. By default it " +"will be printed as a hexadecimal number with lower-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:679 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!hex_u'), " +"with a colon separating the hexadecimal bytes ('!hex_c') or with the " +"hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can be " +"combined so that e.g. '!hex_uc' will produce a colon-separated hexadecimal " +"string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:688 +msgid "Example: LDAPU1:(ski={subject_key_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:694 +msgid "{cert[!DIGEST[_ucr]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:697 +msgid "" +"This template will add the hexadecimal digest/hash of the certificate where " +"DIGEST must be replaced with the name of a digest/hash function supported by " +"OpenSSL, e.g. 'sha512'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:703 +msgid "" +"The hexadecimal output can be printed with upper-case letters ('!sha512_u'), " +"with a colon separating the hexadecimal bytes ('!sha512_c') or with the " +"hexadecimal bytes in reverse order ('!sha512_r'). The postfix letters can be " +"combined so that e.g. '!sha512_uc' will produce a colon-separated " +"hexadecimal string with upper-case letters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:712 +msgid "Example: LDAPU1:(dgst={cert!sha256})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:718 +msgid "{subject_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:721 +msgid "" +"This template will add an attribute value of a component of the subject DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:726 +msgid "" +"A different component can it either selected by attribute name, e.g. " +"{subject_dn_component.uid} or by position, e.g. {subject_dn_component.[2]} " +"where positive numbers start counting from the most specific component and " +"negative numbers start counting from the least specific component. Attribute " +"name and the position can be combined as e.g. {subject_dn_component.uid[2]} " +"which means that the name of the second component must be 'uid'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:737 +msgid "Example: LDAPU1:(uid={subject_dn_component.uid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:743 +msgid "{issuer_dn_component[(.attr_name|[number]]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:746 +msgid "" +"This template will add an attribute value of a component of the issuer DN, " +"by default the value of the most specific component." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:751 +msgid "" +"See 'subject_dn_component' for details about the attribute name and position " +"specifiers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:755 +msgid "" +"Example: LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component." +"dc[-1]})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:760 +msgid "{sid[.rid]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:763 +msgid "" +"This template will add the SID if the corresponding extension introduced by " +"Microsoft with the OID 1.3.6.1.4.1.311.25.2 is available. With the '.rid' " +"selector only the last component, i.e. the RID, will be added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:770 +msgid "Example: LDAPU1:(objectsid={sid})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:779 +msgid "DOMAIN LIST" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:781 +msgid "" +"If the domain list is not empty users mapped to a given certificate are not " +"only searched in the local domain but in the listed domains as well as long " +"as they are know by SSSD. Domains not know to SSSD will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 +msgid "sssd-ipa" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ipa.5.xml:17 +msgid "SSSD IPA provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:23 +msgid "" +"This manual page describes the configuration of the IPA provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:36 +msgid "" +"The IPA provider is a back end used to connect to an IPA server. (Refer to " +"the freeipa.org web site for information about IPA servers.) This provider " +"requires that the machine be joined to the IPA domain; configuration is " +"almost entirely self-discovered and obtained directly from the server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:43 +msgid "" +"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for IPA environments. The IPA provider accepts the same " +"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. " +"However, it is neither necessary nor recommended to set these options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:57 +msgid "" +"The IPA provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:62 +msgid "" +"As an access provider, the IPA provider has a minimal configuration (see " +"<quote>ipa_access_order</quote>) as it mainly uses HBAC (host-based access " +"control) rules. Please refer to freeipa.org for more information about HBAC." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:68 +msgid "" +"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ipa</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:74 +msgid "" +"The IPA provider will use the PAC responder if the Kerberos tickets of users " +"from trusted realms contain a PAC. To make configuration easier the PAC " +"responder is started automatically if the IPA ID provider is configured." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:90 +msgid "ipa_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:93 +msgid "" +"Specifies the name of the IPA domain. This is optional. If not provided, " +"the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:101 +msgid "ipa_server, ipa_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:104 +msgid "" +"The comma-separated list of IP addresses or hostnames of the IPA servers to " +"which SSSD should connect in the order of preference. For more information " +"on failover and server redundancy, see the <quote>FAILOVER</quote> section. " +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:117 +msgid "ipa_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:120 +msgid "" +"Optional. May be set on machines where the hostname(5) does not reflect the " +"fully qualified name used in the IPA domain to identify this host. The " +"hostname must be fully qualified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:129 sssd-ad.5.xml:1181 +msgid "dyndns_update (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:132 +msgid "" +"Optional. This option tells SSSD to automatically update the DNS server " +"built into FreeIPA with the IP address of this client. The update is secured " +"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the " +"updates, if it is not otherwise specified by using the <quote>dyndns_iface</" +"quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:141 sssd-ad.5.xml:1195 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:146 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" +"emphasis> option, users should migrate to using <emphasis>dyndns_update</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:158 sssd-ad.5.xml:1206 +msgid "dyndns_ttl (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:161 sssd-ad.5.xml:1209 +msgid "" +"The TTL to apply to the client DNS record when updating it. If " +"dyndns_update is false this has no effect. This will override the TTL " +"serverside if set by an administrator." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:166 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" +"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:172 +msgid "Default: 1200 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:178 sssd-ad.5.xml:1220 +msgid "dyndns_iface (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:181 sssd-ad.5.xml:1223 +msgid "" +"Optional. Applicable only when dyndns_update is true. Choose the interface " +"or a list of interfaces whose IP addresses should be used for dynamic DNS " +"updates. Special value <quote>*</quote> implies that IPs from all interfaces " +"should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:188 +msgid "" +"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" +"emphasis> option, users should migrate to using <emphasis>dyndns_iface</" +"emphasis> in their config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:194 +msgid "" +"Default: Use the IP addresses of the interface which is used for IPA LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:198 sssd-ad.5.xml:1234 +msgid "Example: dyndns_iface = em1, vnet1, vnet2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 +msgid "dyndns_auth (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"updates with the DNS server, insecure updates can be sent by setting this " +"option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 +msgid "Default: GSS-TSIG" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 +msgid "dyndns_auth_ptr (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 +msgid "" +"Whether the nsupdate utility should use GSS-TSIG authentication for secure " +"PTR updates with the DNS server, insecure updates can be sent by setting " +"this option to 'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 +msgid "Default: Same as dyndns_auth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:234 +msgid "ipa_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:237 sssd-ad.5.xml:238 +msgid "Enables DNS sites - location based service discovery." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:241 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, then the SSSD will first attempt location " +"based discovery using a query that contains \"_location.hostname.example." +"com\" and then fall back to traditional SRV discovery. If the location based " +"discovery succeeds, the IPA servers located with the location based " +"discovery are treated as primary servers and the IPA servers located using " +"the traditional SRV discovery are used as back up servers" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1240 +msgid "dyndns_refresh_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:263 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:276 sssd-ad.5.xml:1258 +msgid "dyndns_update_ptr (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:279 sssd-ad.5.xml:1261 +msgid "" +"Whether the PTR record should also be explicitly updated when updating the " +"client's DNS records. Applicable only when dyndns_update is true." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:284 +msgid "" +"This option should be False in most IPA deployments as the IPA server " +"generates the PTR records automatically when forward records are changed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 +msgid "Default: False (disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 +msgid "dyndns_force_tcp (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 +msgid "" +"Whether the nsupdate utility should default to using TCP for communicating " +"with the DNS server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 +msgid "Default: False (let nsupdate choose the protocol)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 +msgid "dyndns_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +msgid "" +"The DNS server to use when performing a DNS update. In most setups, it's " +"recommended to leave this option unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +msgid "" +"Setting this option makes sense for environments where the DNS server is " +"different from the identity server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +msgid "" +"Please note that this option will be only used in fallback attempt when " +"previous attempt using autodetected settings failed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 +msgid "Default: None (let nsupdate choose the server)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 +msgid "dyndns_update_per_family (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 +msgid "" +"DNS update is by default performed in two steps - IPv4 update and then IPv6 " +"update. In some cases it might be desirable to perform IPv4 and IPv6 update " +"in single step." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:353 +msgid "ipa_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:360 +msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:399 +msgid "" +"Please note that 'access_provider = ipa' must be set for this feature to " +"work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:406 +msgid "ipa_deskprofile_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:409 +msgid "" +"Optional. Use the given string as search base for Desktop Profile related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 +msgid "Default: Use base DN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:419 +msgid "ipa_subid_ranges_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:422 +msgid "" +"Optional. Use the given string as search base for subordinate ranges related " +"objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:426 +msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:433 +msgid "ipa_hbac_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:436 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:446 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:449 +msgid "Deprecated. Use ldap_host_search_base instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:455 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:458 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:474 +msgid "ipa_subdomains_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:477 +msgid "Optional. Use the given string as search base for trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:486 +msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:493 +msgid "ipa_master_domain_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:496 +msgid "Optional. Use the given string as search base for master domain object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:505 +msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_views_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "Optional. Use the given string as search base for views containers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:524 +msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:534 +msgid "" +"The name of the Kerberos realm. This is optional and defaults to the value " +"of <quote>ipa_domain</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:538 +msgid "" +"The name of the Kerberos realm has a special meaning in IPA - it is " +"converted into the base DN to use for performing LDAP operations." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 +msgid "krb5_confd_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 +msgid "" +"Absolute path of a directory where SSSD should place Kerberos configuration " +"snippets." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 +msgid "" +"To disable the creation of the configuration snippets set the parameter to " +"'none'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 +msgid "" +"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:564 +msgid "ipa_deskprofile_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:567 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server. This will reduce the latency and load on the IPA server if there " +"are many desktop profiles requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 +msgid "Default: 5 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:580 +msgid "ipa_deskprofile_request_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:583 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server in case the last request did not return any rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:588 +msgid "Default: 60 (minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:594 +msgid "ipa_hbac_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:597 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:610 +msgid "ipa_hbac_selinux (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:613 +msgid "" +"The amount of time between lookups of the SELinux maps against the IPA " +"server. This will reduce the latency and load on the IPA server if there are " +"many user login requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:626 +msgid "ipa_server_mode (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:629 +msgid "" +"This option will be set by the IPA installer (ipa-server-install) " +"automatically and denotes if SSSD is running on an IPA server or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:634 +msgid "" +"On an IPA server SSSD will lookup users and groups from trusted domains " +"directly while on a client it will ask an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:639 +msgid "" +"NOTE: There are currently some assumptions that must be met when SSSD is " +"running on an IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:644 +msgid "" +"The <quote>ipa_server</quote> option must be configured to point to the IPA " +"server itself. This is already the default set by the IPA installer, so no " +"manual change is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:653 +msgid "" +"The <quote>full_name_format</quote> option must not be tweaked to only print " +"short names for users from trusted domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:668 +msgid "ipa_automount_location (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:671 +msgid "The automounter location this IPA client will be using" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:674 +msgid "Default: The location named \"default\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:682 +msgid "VIEWS AND OVERRIDES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:691 +msgid "ipa_view_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:694 +msgid "Objectclass of the view container." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:697 +msgid "Default: nsContainer" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:703 +msgid "ipa_view_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:706 +msgid "Name of the attribute holding the name of the view." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 +#: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 +#: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 +#: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 +msgid "Default: cn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:716 +msgid "ipa_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:719 +msgid "Objectclass of the override objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:722 +msgid "Default: ipaOverrideAnchor" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:728 +msgid "ipa_anchor_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:731 +msgid "" +"Name of the attribute containing the reference to the original object in a " +"remote domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:735 +msgid "Default: ipaAnchorUUID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:741 +msgid "ipa_user_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:744 +msgid "" +"Name of the objectclass for user overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:749 +msgid "User overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:752 +msgid "ldap_user_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:755 +msgid "ldap_user_uid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:758 +msgid "ldap_user_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:761 +msgid "ldap_user_gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:764 +msgid "ldap_user_home_directory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:767 +msgid "ldap_user_shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:770 +msgid "ldap_user_ssh_public_key" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:775 +msgid "Default: ipaUserOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:781 +msgid "ipa_group_override_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:784 +msgid "" +"Name of the objectclass for group overrides. It is used to determine if the " +"found override object is related to a user or a group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:789 +msgid "Group overrides can contain attributes given by" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:792 +msgid "ldap_group_name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:795 +msgid "ldap_group_gid_number" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:800 +msgid "Default: ipaGroupOverride" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:684 +msgid "" +"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " +"later version. Since all paths and objectclasses are fixed on the server " +"side there is basically no need to configure anything. For completeness the " +"related options are listed here with their default values. <placeholder " +"type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:812 +msgid "SUBDOMAINS PROVIDER" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:814 +msgid "" +"The IPA subdomains provider behaves slightly differently if it is configured " +"explicitly or implicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:818 +msgid "" +"If the option 'subdomains_provider = ipa' is found in the domain section of " +"sssd.conf, the IPA subdomains provider is configured explicitly, and all " +"subdomain requests are sent to the IPA server if necessary." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:824 +msgid "" +"If the option 'subdomains_provider' is not set in the domain section of sssd." +"conf but there is the option 'id_provider = ipa', the IPA subdomains " +"provider is configured implicitly. In this case, if a subdomain request " +"fails and indicates that the server does not support subdomains, i.e. is not " +"configured for trusts, the IPA subdomains provider is disabled. After an " +"hour or after the IPA provider goes online, the subdomains provider is " +"enabled again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ipa.5.xml:835 +msgid "TRUSTED DOMAINS CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:843 +#, no-wrap +msgid "" +"[domain/ipa.domain.com/ad.domain.com]\n" +"ad_server = dc.ad.domain.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:837 +msgid "" +"Some configuration options can also be set for a trusted domain. A trusted " +"domain configuration can be set using the trusted domain subsection as shown " +"in the example below. Alternatively, the <quote>subdomain_inherit</quote> " +"option can be used in the parent domain. <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:848 +msgid "" +"For more details, see the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:855 +msgid "" +"Different configuration options are tunable for a trusted domain depending " +"on whether you are configuring SSSD on an IPA server or an IPA client." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:860 +msgid "OPTIONS TUNABLE ON IPA MASTERS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:862 +msgid "" +"The following options can be set in a subdomain section on an IPA master:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 +msgid "ad_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:869 +msgid "ad_backup_server" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 +msgid "ad_site" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:875 +msgid "ldap_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:878 +msgid "ldap_user_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ipa.5.xml:881 +msgid "ldap_group_search_base" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ipa.5.xml:890 +msgid "OPTIONS TUNABLE ON IPA CLIENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:892 +msgid "" +"The following options can be set in a subdomain section on an IPA client:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:904 +msgid "" +"Note that if both options are set, only <quote>ad_server</quote> is " +"evaluated." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ipa.5.xml:908 +msgid "" +"Since any request for a user or a group identity from a trusted domain " +"triggered from an IPA client is resolved by the IPA server, the " +"<quote>ad_server</quote> and <quote>ad_site</quote> options only affect " +"which AD DC will the authentication be performed against. In particular, the " +"addresses resolved from these lists will be written to <quote>kdcinfo</" +"quote> files read by the Kerberos locator plugin. Please refer to the " +"<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> manual page for more details on the " +"Kerberos locator plugin." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:932 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This examples shows only the ipa provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ipa.5.xml:939 +#, no-wrap +msgid "" +"[domain/example.com]\n" +"id_provider = ipa\n" +"ipa_server = ipaserver.example.com\n" +"ipa_hostname = myhost.example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ad.5.xml:10 sssd-ad.5.xml:16 +msgid "sssd-ad" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ad.5.xml:17 +msgid "SSSD Active Directory provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:23 +msgid "" +"This manual page describes the configuration of the AD provider for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:36 +msgid "" +"The AD provider is a back end used to connect to an Active Directory server. " +"This provider requires that the machine be joined to the AD domain and a " +"keytab is available. Back end communication occurs over a GSSAPI-encrypted " +"channel, SSL/TLS options should not be used with the AD provider and will be " +"superseded by Kerberos usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:44 +msgid "" +"The AD provider supports connecting to Active Directory 2008 R2 or later. " +"Earlier versions may work, but are unsupported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:48 +msgid "" +"The AD provider can be used to get user information and authenticate users " +"from trusted domains. Currently only trusted domains in the same forest are " +"recognized. In addition servers from trusted domains are always auto-" +"discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:54 +msgid "" +"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " +"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> authentication provider with " +"optimizations for Active Directory environments. The AD provider accepts the " +"same options used by the sssd-ldap and sssd-krb5 providers with some " +"exceptions. However, it is neither necessary nor recommended to set these " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:69 +msgid "" +"The AD provider primarily copies the traditional ldap and krb5 provider " +"default options with some exceptions, the differences are listed in the " +"<quote>MODIFIED DEFAULT OPTIONS</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:74 +msgid "" +"The AD provider can also be used as an access, chpass, sudo and autofs " +"provider. No configuration of the access provider is required on the client " +"side." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:79 +msgid "" +"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is " +"configured in sssd.conf then the id_provider must also be set to <quote>ad</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:91 +#, no-wrap +msgid "" +"ldap_id_mapping = False\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:85 +msgid "" +"By default, the AD provider will map UID and GID values from the objectSID " +"parameter in Active Directory. For details on this, see the <quote>ID " +"MAPPING</quote> section below. If you want to disable ID mapping and instead " +"rely on POSIX attributes defined in Active Directory, you should set " +"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should " +"be used, it is recommended for performance reasons that the attributes are " +"also replicated to the Global Catalog. If POSIX attributes are replicated, " +"SSSD will attempt to locate the domain of a requested numerical ID with the " +"help of the Global Catalog and only search that domain. In contrast, if " +"POSIX attributes are not replicated to the Global Catalog, SSSD must search " +"all the domains in the forest sequentially. Please note that the " +"<quote>cache_first</quote> option might be also helpful in speeding up " +"domainless searches. Note that if only a subset of POSIX attributes is " +"present in the Global Catalog, the non-replicated attributes are currently " +"not read from the LDAP port." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:108 +msgid "" +"Users, groups and other entities served by SSSD are always treated as case-" +"insensitive in the AD provider for compatibility with Active Directory's " +"LDAP implementation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:113 +msgid "" +"SSSD only resolves Active Directory Security Groups. For more information " +"about AD group types see: <ulink url=\"https://docs.microsoft.com/en-us/" +"windows-server/identity/ad-ds/manage/understand-security-groups\"> Active " +"Directory security groups</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:120 +msgid "" +"SSSD filters out Domain Local groups from remote domains in the AD forest. " +"By default they are filtered out e.g. when following a nested group " +"hierarchy in remote domains because they are not valid in the local domain. " +"This is done to be in agreement with Active Directory's group-membership " +"assignment which can be seen in the PAC of the Kerberos ticket of a user " +"issued by Active Directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:138 +msgid "ad_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:141 +msgid "" +"Specifies the name of the Active Directory domain. This is optional. If not " +"provided, the configuration domain name is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:146 +msgid "" +"For proper operation, this option should be specified as the lower-case " +"version of the long version of the Active Directory domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:151 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) is " +"autodetected by the SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:158 +msgid "ad_enabled_domains (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:161 +msgid "" +"A comma-separated list of enabled Active Directory domains. If provided, " +"SSSD will ignore any domains not listed in this option. If left unset, all " +"discovered domains from the AD forest will be available." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:168 +msgid "" +"During the discovery of the domains SSSD will filter out some domains where " +"flags or attributes indicate that they do not belong to the local forest or " +"are not trusted. If ad_enabled_domains is set, SSSD will try to enable all " +"listed domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:179 +#, no-wrap +msgid "" +"ad_enabled_domains = sales.example.com, eng.example.com\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:175 +msgid "" +"For proper operation, this option must be specified in all lower-case and as " +"the fully qualified domain name of the Active Directory domain. For example: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:183 +msgid "" +"The short domain name (also known as the NetBIOS or the flat name) will be " +"autodetected by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:193 +msgid "ad_server, ad_backup_server (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:196 +msgid "" +"The comma-separated list of hostnames of the AD servers to which SSSD should " +"connect in order of preference. For more information on failover and server " +"redundancy, see the <quote>FAILOVER</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:203 +msgid "" +"This is optional if autodiscovery is enabled. For more information on " +"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:208 +msgid "" +"Note: Trusted domains will always auto-discover servers even if the primary " +"server is explicitly defined in the ad_server option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:216 +msgid "ad_hostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:219 +msgid "" +"Optional. On machines where the hostname(5) does not reflect the fully " +"qualified name, sssd will try to expand the short name. If it is not " +"possible or the short name should be really used instead, set this parameter " +"explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:226 +msgid "" +"This field is used to determine the host principal in use in the keytab and " +"to perform dynamic DNS updates. It must match the hostname for which the " +"keytab was issued." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:235 +msgid "ad_enable_dns_sites (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:242 +msgid "" +"If true and service discovery (see Service Discovery paragraph at the bottom " +"of the man page) is enabled, the SSSD will first attempt to discover the " +"Active Directory server to connect to using the Active Directory Site " +"Discovery and fall back to the DNS SRV records if no AD site is found. The " +"DNS SRV configuration, including the discovery domain, is used during site " +"discovery as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:258 +msgid "ad_access_filter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:261 +msgid "" +"This option specifies LDAP access control filter that the user must match in " +"order to be allowed access. Please note that the <quote>access_provider</" +"quote> option must be explicitly set to <quote>ad</quote> in order for this " +"option to have an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:269 +msgid "" +"The option also supports specifying different filters per domain or forest. " +"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " +"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " +"missing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:277 +msgid "" +"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" +"quote> specifies the domain or subdomain the filter applies to. If the " +"keyword equals to <quote>FOREST</quote>, then the filter equals to all " +"domains from the forest specified by <quote>NAME</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:285 +msgid "" +"Multiple filters can be separated with the <quote>?</quote> character, " +"similarly to how search bases work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:290 +msgid "" +"Nested group membership must be searched for using a special OID " +"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain." +"example.org: syntax to ensure the parser does not attempt to interpret the " +"colon characters associated with the OID. If you do not use this OID then " +"nested group membership will not be resolved. See usage example below and " +"refer here for further information about the OID: <ulink url=\"https://msdn." +"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP " +"extensions</ulink>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:303 +msgid "" +"The most specific match is always used. For example, if the option specified " +"filter for a domain the user is a member of and a global filter, the per-" +"domain filter would be applied. If there are more matches with the same " +"specification, the first one is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-ad.5.xml:314 +#, no-wrap +msgid "" +"# apply filter on domain called dom1 only:\n" +"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" +"\n" +"# apply filter on domain called dom2 only:\n" +"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" +"\n" +"# apply filter on forest called EXAMPLE.COM only:\n" +"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" +"\n" +"# apply filter for a member of a nested group in dom1:\n" +"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:333 +msgid "ad_site (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:336 +msgid "" +"Specify AD site to which client should try to connect. If this option is " +"not provided, the AD site will be auto-discovered." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:347 +msgid "ad_enable_gc (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:350 +msgid "" +"By default, the SSSD connects to the Global Catalog first to retrieve users " +"from trusted domains and uses the LDAP port to retrieve group memberships or " +"as a fallback. Disabling this option makes the SSSD only connect to the LDAP " +"port of the current AD server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:358 +msgid "" +"Please note that disabling Global Catalog support does not disable " +"retrieving users from trusted domains. The SSSD would connect to the LDAP " +"port of trusted domains instead. However, Global Catalog must be used in " +"order to resolve cross-domain group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:372 +msgid "ad_gpo_access_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:375 +msgid "" +"This option specifies the operation mode for GPO-based access control " +"functionality: whether it operates in disabled mode, enforcing mode, or " +"permissive mode. Please note that the <quote>access_provider</quote> option " +"must be explicitly set to <quote>ad</quote> in order for this option to have " +"an effect." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:384 +msgid "" +"GPO-based access control functionality uses GPO policy settings to determine " +"whether or not a particular user is allowed to logon to the host. For more " +"information on the supported policy settings please refer to the " +"<quote>ad_gpo_map</quote> options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:392 +msgid "" +"Please note that current version of SSSD does not support Active Directory's " +"built-in groups. Built-in groups (such as Administrators with SID " +"S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See " +"upstream issue tracker https://github.com/SSSD/sssd/issues/5063 ." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:401 +msgid "" +"Before performing access control SSSD applies group policy security " +"filtering on the GPOs. For every single user login, the applicability of the " +"GPOs that are linked to the host is checked. In order for a GPO to apply to " +"a user, the user or at least one of the groups to which it belongs must have " +"following permissions on the GPO:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:411 +msgid "" +"Read: The user or one of its groups must have read access to the properties " +"of the GPO (RIGHT_DS_READ_PROPERTY)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:418 +msgid "" +"Apply Group Policy: The user or at least one of its groups must be allowed " +"to apply the GPO (RIGHT_DS_CONTROL_ACCESS)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:426 +msgid "" +"By default, the Authenticated Users group is present on a GPO and this group " +"has both Read and Apply Group Policy access rights. Since authentication of " +"a user must have been completed successfully before GPO security filtering " +"and access control are started, the Authenticated Users group permissions on " +"the GPO always apply also to the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:435 +msgid "" +"NOTE: If the operation mode is set to enforcing, it is possible that users " +"that were previously allowed logon access will now be denied logon access " +"(as dictated by the GPO policy settings). In order to facilitate a smooth " +"transition for administrators, a permissive mode is available that will not " +"enforce the access control rules, but will evaluate them and will output a " +"syslog message if access would have been denied. By examining the logs, " +"administrators can then make the necessary changes before setting the mode " +"to enforcing. For logging GPO-based access control debug level 'trace " +"functions' is required (see <citerefentry> <refentrytitle>sssctl</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:454 +msgid "There are three supported values for this option:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:458 +msgid "" +"disabled: GPO-based access control rules are neither evaluated nor enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:464 +msgid "enforcing: GPO-based access control rules are evaluated and enforced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:470 +msgid "" +"permissive: GPO-based access control rules are evaluated, but not enforced. " +"Instead, a syslog message will be emitted indicating that the user would " +"have been denied access if this option's value were set to enforcing." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:481 +msgid "Default: permissive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:484 +msgid "Default: enforcing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:490 +msgid "ad_gpo_implicit_deny (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:493 +msgid "" +"Normally when no applicable GPOs are found the users are allowed access. " +"When this option is set to True users will be allowed access only when " +"explicitly allowed by a GPO rule. Otherwise users will be denied access. " +"This can be used to harden security but be careful when using this option " +"because it can deny access even to users in the built-in Administrators " +"group if no GPO rules apply to them." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:509 +msgid "" +"The following 2 tables should illustrate when a user is allowed or rejected " +"based on the allow and deny login rights defined on the server-side and the " +"setting of ad_gpo_implicit_deny." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:521 +msgid "ad_gpo_implicit_deny = False (default)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "allow-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:522 sssd-ad.5.xml:548 +msgid "deny-rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:523 sssd-ad.5.xml:549 +msgid "results" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:526 sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:552 +#: sssd-ad.5.xml:555 sssd-ad.5.xml:558 +msgid "missing" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:527 +msgid "all users are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry> +#: sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:535 sssd-ad.5.xml:555 +#: sssd-ad.5.xml:558 sssd-ad.5.xml:561 +msgid "present" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:530 +msgid "only users not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:533 sssd-ad.5.xml:559 +msgid "only users in allow-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:536 sssd-ad.5.xml:562 +msgid "only users in allow-rules and not in deny-rules are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry> +#: sssd-ad.5.xml:547 +msgid "ad_gpo_implicit_deny = True" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para> +#: sssd-ad.5.xml:553 sssd-ad.5.xml:556 +msgid "no users are allowed" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:569 +msgid "ad_gpo_ignore_unreadable (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:572 +msgid "" +"Normally when some group policy containers (AD object) of applicable group " +"policy objects are not readable by SSSD then users are denied access. This " +"option allows to ignore group policy containers and with them associated " +"policies if their attributes in group policy containers are not readable for " +"SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:589 +msgid "ad_gpo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:592 +msgid "" +"The amount of time between lookups of GPO policy files against the AD " +"server. This will reduce the latency and load on the AD server if there are " +"many access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:605 +msgid "ad_gpo_map_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:608 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the InteractiveLogonRight and " +"DenyInteractiveLogonRight policy settings. Only those GPOs are evaluated " +"for which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny interactive logon setting for the user or one of its groups, the user " +"is denied local access. If none of the evaluated GPOs has an interactive " +"logon right defined, the user is granted local access. If at least one " +"evaluated GPO contains interactive logon right settings, the user is granted " +"local access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:626 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on locally\" and \"Deny log on locally\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:640 +#, no-wrap +msgid "" +"ad_gpo_map_interactive = +my_pam_service, -login\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:631 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>login</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:663 +msgid "gdm-fingerprint" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:683 +msgid "lightdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:688 +msgid "lxdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:693 +msgid "sddm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:698 +msgid "unity" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:703 +msgid "xdm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:712 +msgid "ad_gpo_map_remote_interactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:715 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the RemoteInteractiveLogonRight and " +"DenyRemoteInteractiveLogonRight policy settings. Only those GPOs are " +"evaluated for which the user has Read and Apply Group Policy permission (see " +"option <quote>ad_gpo_access_control</quote>). If an evaluated GPO contains " +"the deny remote logon setting for the user or one of its groups, the user is " +"denied remote interactive access. If none of the evaluated GPOs has a " +"remote interactive logon right defined, the user is granted remote access. " +"If at least one evaluated GPO contains remote interactive logon right " +"settings, the user is granted remote access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:734 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on through Remote Desktop Services\" and \"Deny log on through Remote " +"Desktop Services\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:749 +#, no-wrap +msgid "" +"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:740 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>sshd</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:757 +msgid "sshd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:762 +msgid "cockpit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:771 +msgid "ad_gpo_map_network (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:774 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the NetworkLogonRight and " +"DenyNetworkLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny network logon setting for the user or one of its groups, the user is " +"denied network logon access. If none of the evaluated GPOs has a network " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains network logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:792 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Access " +"this computer from the network\" and \"Deny access to this computer from the " +"network\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:807 +#, no-wrap +msgid "" +"ad_gpo_map_network = +my_pam_service, -ftp\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:798 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>ftp</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:815 +msgid "ftp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:820 +msgid "samba" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:829 +msgid "ad_gpo_map_batch (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:832 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " +"policy settings. Only those GPOs are evaluated for which the user has Read " +"and Apply Group Policy permission (see option <quote>ad_gpo_access_control</" +"quote>). If an evaluated GPO contains the deny batch logon setting for the " +"user or one of its groups, the user is denied batch logon access. If none " +"of the evaluated GPOs has a batch logon right defined, the user is granted " +"logon access. If at least one evaluated GPO contains batch logon right " +"settings, the user is granted logon access only, if it or at least one of " +"its groups is part of the policy settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:850 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a batch job\" and \"Deny log on as a batch job\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:864 +#, no-wrap +msgid "" +"ad_gpo_map_batch = +my_pam_service, -crond\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:855 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for this logon right (e.g. " +"<quote>crond</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:867 +msgid "" +"Note: Cron service name may differ depending on Linux distribution used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:873 +msgid "crond" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:882 +msgid "ad_gpo_map_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:885 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access " +"control is evaluated based on the ServiceLogonRight and " +"DenyServiceLogonRight policy settings. Only those GPOs are evaluated for " +"which the user has Read and Apply Group Policy permission (see option " +"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the " +"deny service logon setting for the user or one of its groups, the user is " +"denied service logon access. If none of the evaluated GPOs has a service " +"logon right defined, the user is granted logon access. If at least one " +"evaluated GPO contains service logon right settings, the user is granted " +"logon access only, if it or at least one of its groups is part of the policy " +"settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:903 +msgid "" +"Note: Using the Group Policy Management Editor this value is called \"Allow " +"log on as a service\" and \"Deny log on as a service\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:916 +#, no-wrap +msgid "" +"ad_gpo_map_service = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:908 sssd-ad.5.xml:983 +msgid "" +"It is possible to add a PAM service name to the default set by using " +"<quote>+service_name</quote>. Since the default set is empty, it is not " +"possible to remove a PAM service name from the default set. For example, in " +"order to add a custom pam service name (e.g. <quote>my_pam_service</quote>), " +"you would use the following configuration: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:926 +msgid "ad_gpo_map_permit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:929 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always granted, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:943 +#, no-wrap +msgid "" +"ad_gpo_map_permit = +my_pam_service, -sudo\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:934 +msgid "" +"It is possible to add another PAM service name to the default set by using " +"<quote>+service_name</quote> or to explicitly remove a PAM service name from " +"the default set by using <quote>-service_name</quote>. For example, in " +"order to replace a default PAM service name for unconditionally permitted " +"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. " +"<quote>my_pam_service</quote>), you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:951 +msgid "polkit-1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:966 +msgid "systemd-user" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:975 +msgid "ad_gpo_map_deny (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:978 +msgid "" +"A comma-separated list of PAM service names for which GPO-based access is " +"always denied, regardless of any GPO Logon Rights." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ad.5.xml:991 +#, no-wrap +msgid "" +"ad_gpo_map_deny = +my_pam_service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1001 +msgid "ad_gpo_default_right (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1004 +msgid "" +"This option defines how access control is evaluated for PAM service names " +"that are not explicitly listed in one of the ad_gpo_map_* options. This " +"option can be set in two different manners. First, this option can be set to " +"use a default logon right. For example, if this option is set to " +"'interactive', it means that unmapped PAM service names will be processed " +"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy " +"settings. Alternatively, this option can be set to either always permit or " +"always deny access for unmapped PAM service names." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1017 +msgid "Supported values for this option include:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1026 +msgid "remote_interactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1031 +msgid "network" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1036 +msgid "batch" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1041 +msgid "service" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1046 +msgid "permit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sssd-ad.5.xml:1051 +msgid "deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1057 +msgid "Default: deny" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1063 +msgid "ad_maximum_machine_account_password_age (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1066 +msgid "" +"SSSD will check once a day if the machine account password is older than the " +"given age in days and try to renew it. A value of 0 will disable the renewal " +"attempt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1072 +msgid "Default: 30 days" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1078 +msgid "ad_machine_account_password_renewal_opts (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1081 +msgid "" +"This option should only be used to test the machine account renewal task. " +"The option expects 2 integers separated by a colon (':'). The first integer " +"defines the interval in seconds how often the task is run. The second " +"specifies the initial timeout in seconds before the task is run for the " +"first time after startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1090 +msgid "Default: 86400:750 (24h and 15m)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1096 +msgid "ad_update_samba_machine_account_password (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1099 +msgid "" +"If enabled, when SSSD renews the machine account password, it will also be " +"updated in Samba's database. This prevents Samba's copy of the machine " +"account password from getting out of date when it is set up to use AD for " +"authentication." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1112 +msgid "ad_use_ldaps (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1115 +msgid "" +"By default SSSD uses the plain LDAP port 389 and the Global Catalog port " +"3628. If this option is set to True SSSD will use the LDAPS port 636 and " +"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to " +"have multiple encryption layers on a single connection and we still want to " +"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security " +"property maxssf is set to 0 (zero) for those connections." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ad.5.xml:1132 +msgid "ad_allow_remote_domain_local_groups (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1135 +msgid "" +"If this option is set to <quote>true</quote> SSSD will not filter out Domain " +"Local groups from remote domains in the AD forest. By default they are " +"filtered out e.g. when following a nested group hierarchy in remote domains " +"because they are not valid in the local domain. To be compatible with other " +"solutions which make AD users and groups available on Linux client this " +"option was added." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1145 +msgid "" +"Please note that setting this option to <quote>true</quote> will be against " +"the intention of Domain Local group in Active Directory and <emphasis>SHOULD " +"ONLY BE USED TO FACILITATE MIGRATION FROM OTHER SOLUTIONS</emphasis>. " +"Although the group exists and user can be member of the group the intention " +"is that the group should be only used in the domain it is defined and in no " +"others. Since there is only one type of POSIX groups the only way to achieve " +"this on the Linux side is to ignore those groups. This is also done by " +"Active Directory as can be seen in the PAC of the Kerberos ticket for a " +"local service or in tokenGroups requests where remote Domain Local groups " +"are missing as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1161 +msgid "" +"Given the comments above, if this option is set to <quote>true</quote> the " +"tokenGroups request must be disabled by setting <quote>ldap_use_tokengroups</" +"quote> to <quote>false</quote> to get consistent group-memberships of a " +"users. Additionally the Global Catalog lookup should be skipped as well by " +"setting <quote>ad_enable_gc</quote> to <quote>false</quote>. Finally it " +"might be necessary to modify <quote>ldap_group_nesting_level</quote> if the " +"remote Domain Local groups can only be found with a deeper nesting level." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1184 +msgid "" +"Optional. This option tells SSSD to automatically update the Active " +"Directory DNS server with the IP address of this client. The update is " +"secured using GSS-TSIG. As a consequence, the Active Directory administrator " +"only needs to allow secure updates for the DNS zone. The IP address of the " +"AD LDAP connection is used for the updates, if it is not otherwise specified " +"by using the <quote>dyndns_iface</quote> option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1214 +msgid "Default: 3600 (seconds)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1230 +msgid "" +"Default: Use the IP addresses of the interface which is used for AD LDAP " +"connection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ad.5.xml:1243 +msgid "" +"How often should the back end perform periodic DNS update in addition to the " +"automatic update performed when the back end goes online. This option is " +"optional and applicable only when dyndns_update is true. Note that the " +"lowest possible value is 60 seconds in-case if value is provided less than " +"60, parameter will assume lowest value only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1393 +msgid "" +"The following example assumes that SSSD is correctly configured and example." +"com is one of the domains in the <replaceable>[sssd]</replaceable> section. " +"This example shows only the AD provider-specific options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1400 +#, no-wrap +msgid "" +"[domain/EXAMPLE]\n" +"id_provider = ad\n" +"auth_provider = ad\n" +"access_provider = ad\n" +"chpass_provider = ad\n" +"\n" +"ad_server = dc1.example.com\n" +"ad_hostname = client.example.com\n" +"ad_domain = example.com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-ad.5.xml:1420 +#, no-wrap +msgid "" +"access_provider = ldap\n" +"ldap_access_order = expire\n" +"ldap_account_expire_policy = ad\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1416 +msgid "" +"The AD access control provider checks if the account is expired. It has the " +"same effect as the following configuration of the LDAP provider: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1426 +msgid "" +"However, unless the <quote>ad</quote> access control provider is explicitly " +"configured, the default access provider is <quote>permit</quote>. Please " +"note that if you configure an access provider other than <quote>ad</quote>, " +"you need to set all the connection parameters (such as LDAP URIs and " +"encryption details) manually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ad.5.xml:1434 +msgid "" +"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " +"attribute mapping (nisMap, nisObject, ...) is used, because these attributes " +"are included in the default Active Directory schema." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +msgid "sssd-sudo" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-sudo.5.xml:17 +msgid "Configuring sudo with the SSSD back end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:36 +msgid "Configuring sudo to cooperate with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:38 +msgid "" +"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " +"the <emphasis>sudoers</emphasis> entry in <citerefentry> " +"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:47 +msgid "" +"For example, to configure sudo to first lookup rules in the standard " +"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> file (which should contain rules that apply to " +"local users) and then in SSSD, the nsswitch.conf file should contain the " +"following line:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:57 +#, no-wrap +msgid "sudoers: files sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:61 +msgid "" +"More information about configuring the sudoers search order from the " +"nsswitch.conf file as well as information about the LDAP schema that is used " +"to store sudo rules in the directory can be found in <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:70 +msgid "" +"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " +"sudo rules, you also need to correctly set <citerefentry> " +"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry> to your NIS domain name (which equals to IPA domain name when " +"using hostgroups)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:82 +msgid "Configuring SSSD to fetch sudo rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:84 +msgid "" +"All configuration that is needed on SSSD side is to extend the list of " +"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " +"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " +"option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:94 +msgid "" +"The following example shows how to configure SSSD to download sudo rules " +"from an LDAP server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-sudo.5.xml:99 +#, no-wrap +msgid "" +"[sssd]\n" +"config_file_version = 2\n" +"services = nss, pam, sudo\n" +"domains = EXAMPLE\n" +"\n" +"[domain/EXAMPLE]\n" +"id_provider = ldap\n" +"sudo_provider = ldap\n" +"ldap_uri = ldap://example.com\n" +"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:98 +msgid "" +"<placeholder type=\"programlisting\" id=\"0\"/> <phrase " +"condition=\"have_systemd\"> It's important to note that on platforms where " +"systemd is supported there's no need to add the \"sudo\" provider to the " +"list of services, as it became optional. However, sssd-sudo.socket must be " +"enabled instead. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:118 +msgid "" +"When SSSD is configured to use IPA as the ID provider, the sudo provider is " +"automatically enabled. The sudo search base is configured to use the IPA " +"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in " +"sssd.conf, this value will be used instead. The compat tree (ou=sudoers," +"$SUFFIX) is no longer required for IPA sudo functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:128 +msgid "The SUDO rule caching mechanism" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:130 +msgid "" +"The biggest challenge, when developing sudo support in SSSD, was to ensure " +"that running sudo with SSSD as the data source provides the same user " +"experience and is as fast as sudo but keeps providing the most current set " +"of rules as possible. To satisfy these requirements, SSSD uses three kinds " +"of updates. They are referred to as full refresh, smart refresh and rules " +"refresh." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:138 +msgid "" +"The <emphasis>smart refresh</emphasis> periodically downloads rules that are " +"new or were modified after the last update. Its primary goal is to keep the " +"database growing by fetching only small increments that do not generate " +"large amounts of network traffic." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:144 +msgid "" +"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " +"in the cache and replaces them with all rules that are stored on the server. " +"This is used to keep the cache consistent by removing every rule which was " +"deleted from the server. However, full refresh may produce a lot of traffic " +"and thus it should be run only occasionally depending on the size and " +"stability of the sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:152 +msgid "" +"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " +"more permission than defined. It is triggered each time the user runs sudo. " +"Rules refresh will find all rules that apply to this user, check their " +"expiration time and redownload them if expired. In the case that any of " +"these rules are missing on the server, the SSSD will do an out of band full " +"refresh because more rules (that apply to other users) may have been deleted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:161 +msgid "" +"If enabled, SSSD will store only rules that can be applied to this machine. " +"This means rules that contain one of the following values in " +"<emphasis>sudoHost</emphasis> attribute:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:168 +msgid "keyword ALL" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:173 +msgid "wildcard" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:178 +msgid "netgroup (in the form \"+netgroup\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:183 +msgid "hostname or fully qualified domain name of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:188 +msgid "one of the IP addresses of this machine" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> +#: sssd-sudo.5.xml:193 +msgid "one of the IP addresses of the network (in the form \"address/mask\")" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:199 +msgid "" +"There are many configuration options that can be used to adjust the " +"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-sudo.5.xml:213 +msgid "Tuning the performance" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:215 +msgid "" +"SSSD uses different kinds of mechanisms with more or less complex LDAP " +"filters to keep the cached sudo rules up to date. The default configuration " +"is set to values that should satisfy most of our users, but the following " +"paragraphs contain few tips on how to fine- tune the configuration to your " +"requirements." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:222 +msgid "" +"1. <emphasis>Index LDAP attributes</emphasis>. Make sure that following LDAP " +"attributes are indexed: objectClass, cn, entryUSN or modifyTimestamp." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:227 +msgid "" +"2. <emphasis>Set ldap_sudo_search_base</emphasis>. Set the search base to " +"the container that holds the sudo rules to limit the scope of the lookup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:232 +msgid "" +"3. <emphasis>Set full and smart refresh interval</emphasis>. If your sudo " +"rules do not change often and you do not require quick update of cached " +"rules on your clients, you may consider increasing the " +"<emphasis>ldap_sudo_full_refresh_interval</emphasis> and " +"<emphasis>ldap_sudo_smart_refresh_interval</emphasis>. You may also consider " +"disabling the smart refresh by setting " +"<emphasis>ldap_sudo_smart_refresh_interval = 0</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-sudo.5.xml:241 +msgid "" +"4. If you have large number of clients, you may consider increasing the " +"value of <emphasis>ldap_sudo_random_offset</emphasis> to distribute the load " +"on the server better." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd.8.xml:10 sssd.8.xml:15 +msgid "sssd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd.8.xml:16 +msgid "System Security Services Daemon" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssd.8.xml:21 +msgid "" +"<command>sssd</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:31 +msgid "" +"<command>SSSD</command> provides a set of daemons to manage access to remote " +"directories and authentication mechanisms. It provides an NSS and PAM " +"interface toward the system and a pluggable backend system to connect to " +"multiple different account sources as well as D-Bus interface. It is also " +"the basis to provide client auditing and policy services for projects like " +"FreeIPA. It provides a more robust database to store local users as well as " +"extended user data." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:46 +msgid "" +"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:53 +msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:57 +msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:60 +msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:69 +msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:73 +msgid "" +"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:76 +msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:85 +msgid "<option>--logger=</option><replaceable>value</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:89 +msgid "Location where SSSD will send log messages." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:92 +msgid "" +"<emphasis>stderr</emphasis>: Redirect debug messages to standard error " +"output." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:96 +msgid "" +"<emphasis>files</emphasis>: Redirect debug messages to the log files. By " +"default, the log files are stored in <filename>/var/log/sssd</filename> and " +"there are separate log files for every SSSD service and domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:102 +msgid "" +"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:106 +msgid "" +"Default: not set (fall back to journald if available, otherwise to stderr)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:113 +msgid "<option>-D</option>,<option>--daemon</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:117 +msgid "Become a daemon after starting up." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:123 sss_seed.8.xml:136 +msgid "<option>-i</option>,<option>--interactive</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:127 +msgid "Run in the foreground, don't become a daemon." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:133 +msgid "<option>-c</option>,<option>--config</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:137 +msgid "" +"Specify a non-default config file. The default is <filename>/etc/sssd/sssd." +"conf</filename>. For reference on the config file syntax and options, " +"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:150 +msgid "<option>-g</option>,<option>--genconf</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:154 +msgid "" +"Do not start the SSSD, but refresh the configuration database from the " +"contents of <filename>/etc/sssd/sssd.conf</filename> and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:162 +msgid "<option>-s</option>,<option>--genconf-section</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:166 +msgid "" +"Similar to <quote>--genconf</quote>, but only refresh a single section from " +"the configuration file. This option is useful mainly to be called from " +"systemd unit files to allow socket-activated responders to refresh their " +"configuration without requiring the administrator to restart the whole SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:178 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:182 +msgid "Print version number and exit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.8.xml:190 +msgid "Signals" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:193 +msgid "SIGTERM/SIGINT" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:196 +msgid "" +"Informs the SSSD to gracefully terminate all of its child processes and then " +"shut down the monitor." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:202 +msgid "SIGHUP" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:205 +msgid "" +"Tells the SSSD to stop writing to its current debug file descriptors and to " +"close and reopen them. This is meant to facilitate log rolling with programs " +"like logrotate." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:213 +msgid "SIGUSR1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:216 +msgid "" +"Tells the SSSD to simulate offline operation for the duration of the " +"<quote>offline_timeout</quote> parameter. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:225 +msgid "SIGUSR2" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:228 +msgid "" +"Tells the SSSD to go online immediately. This is useful for testing. The " +"signal can be sent to either the sssd process or any sssd_be process " +"directly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:240 +msgid "" +"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " +"applications will not use the fast in-memory cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.8.xml:244 +msgid "" +"If the environment variable SSS_LOCKFREE is set to \"NO\", requests from " +"multiple threads of a single application will be serialized." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 +msgid "sss_obfuscate" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_obfuscate.8.xml:16 +msgid "obfuscate a clear text password" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_obfuscate.8.xml:21 +msgid "" +"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:32 +msgid "" +"<command>sss_obfuscate</command> converts a given password into human-" +"unreadable format and places it into appropriate domain section of the SSSD " +"config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:37 +msgid "" +"The cleartext password is read from standard input or entered " +"interactively. The obfuscated password is put into " +"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " +"<quote>ldap_default_authtok_type</quote> parameter is set to " +"<quote>obfuscated_password</quote>. Refer to <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more details on these parameters." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_obfuscate.8.xml:49 +msgid "" +"Please note that obfuscating the password provides <emphasis>no real " +"security benefit</emphasis> as it is still possible for an attacker to " +"reverse-engineer the password back. Using better authentication mechanisms " +"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " +"advised." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:63 +msgid "<option>-s</option>,<option>--stdin</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:67 +msgid "The password to obfuscate will be read from standard input." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127 +#: sss_ssh_knownhostsproxy.1.xml:78 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:79 +msgid "" +"The SSSD domain to use the password in. The default name is <quote>default</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_obfuscate.8.xml:86 +msgid "" +"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:91 +msgid "Read the config file specified by the positional parameter." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_obfuscate.8.xml:95 +msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_override.8.xml:10 sss_override.8.xml:15 +msgid "sss_override" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_override.8.xml:16 +msgid "create local overrides of user and group attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_override.8.xml:21 +msgid "" +"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:32 +msgid "" +"<command>sss_override</command> enables to create a client-side view and " +"allows to change selected values of specific user and groups. This change " +"takes effect only on local machine." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:37 +msgid "" +"Overrides data are stored in the SSSD cache. If the cache is deleted, all " +"local overrides are lost. Please note that after the first override is " +"created using any of the following <emphasis>user-add</emphasis>, " +"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or " +"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to " +"take effect. <emphasis>sss_override</emphasis> prints message when a " +"restart is required." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:48 +msgid "" +"<emphasis>NOTE:</emphasis> The options provided in this man page only work " +"with <quote>ldap</quote> and <quote>AD</quote> <quote> id_provider</quote>. " +"IPA overrides can be managed centrally on the IPA server." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:56 sssctl.8.xml:41 +msgid "AVAILABLE COMMANDS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:58 +msgid "" +"Argument <emphasis>NAME</emphasis> is the name of original object in all " +"commands. It is not possible to override <emphasis>uid</emphasis> or " +"<emphasis>gid</emphasis> to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:65 +msgid "" +"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</" +"optional> <optional><option>-g,--gid</option> GID</optional> " +"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--" +"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</" +"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED " +"CERTIFICATE</optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:78 +msgid "" +"Override attributes of an user. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:86 +msgid "<option>user-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:91 +msgid "" +"Remove user overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:100 +msgid "" +"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:105 +msgid "" +"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter " +"is set, only users from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:113 +msgid "<option>user-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:118 +msgid "Show user overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:124 +msgid "<option>user-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:129 +msgid "" +"Import user overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard passwd file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:134 +msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:137 +msgid "" +"where original_name is original name of the user whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:146 +msgid "ckent:superman::::::" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:149 +msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:155 +msgid "<option>user-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:160 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>user-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:168 +msgid "" +"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--" +"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:175 +msgid "" +"Override attributes of a group. Please be aware that calling this command " +"will replace any previous override for the (NAMEd) group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:183 +msgid "<option>group-del</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:188 +msgid "" +"Remove group overrides. However be aware that overridden attributes might be " +"returned from memory cache. Please see SSSD option " +"<emphasis>memcache_timeout</emphasis> for more details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:197 +msgid "" +"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</" +"optional>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:202 +msgid "" +"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> " +"parameter is set, only groups from the domain are listed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:210 +msgid "<option>group-show</option> <emphasis>NAME</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:215 +msgid "Show group overrides." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:221 +msgid "<option>group-import</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:226 +msgid "" +"Import group overrides from <emphasis>FILE</emphasis>. Data format is " +"similar to standard group file. The format is:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:231 +msgid "original_name:name:gid" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:234 +msgid "" +"where original_name is original name of the group whose attributes should be " +"overridden. The rest of fields correspond to new values. You can omit a " +"value simply by leaving corresponding field empty." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:243 +msgid "admins:administrators:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:246 +msgid "Domain Users:Users:501" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:252 +msgid "<option>group-export</option> <emphasis>FILE</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_override.8.xml:257 +msgid "" +"Export all overridden attributes and store them in <emphasis>FILE</" +"emphasis>. See <emphasis>group-import</emphasis> for data format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_override.8.xml:267 sssctl.8.xml:50 +msgid "COMMON OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_override.8.xml:269 sssctl.8.xml:52 +msgid "Those options are available with all commands." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_override.8.xml:274 sssctl.8.xml:57 +msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 +msgid "sssd-krb5" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-krb5.5.xml:17 +msgid "SSSD Kerberos provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:23 +msgid "" +"This manual page describes the configuration of the Kerberos 5 " +"authentication backend for <citerefentry> <refentrytitle>sssd</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " +"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:36 +msgid "" +"The Kerberos 5 authentication backend contains auth and chpass providers. It " +"must be paired with an identity provider in order to function properly (for " +"example, id_provider = ldap). Some information required by the Kerberos 5 " +"authentication backend must be provided by the identity provider, such as " +"the user's Kerberos Principal Name (UPN). The configuration of the identity " +"provider should have an entry to specify the UPN. Please refer to the man " +"page for the applicable identity provider for details on how to configure " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:47 +msgid "" +"This backend also provides access control based on the .k5login file in the " +"home directory of the user. See <citerefentry> <refentrytitle>k5login</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " +"Please note that an empty .k5login file will deny all access to this user. " +"To activate this feature, use 'access_provider = krb5' in your SSSD " +"configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:55 +msgid "" +"In the case where the UPN is not available in the identity backend, " +"<command>sssd</command> will construct a UPN using the format " +"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:77 +msgid "" +"Specifies the comma-separated list of IP addresses or hostnames of the " +"Kerberos servers to which SSSD should connect, in the order of preference. " +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. An optional port number (preceded by a " +"colon) may be appended to the addresses or hostnames. If empty, service " +"discovery is enabled; for more information, refer to the <quote>SERVICE " +"DISCOVERY</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:106 +msgid "" +"The name of the Kerberos realm. This option is required and must be " +"specified." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:113 +msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:116 +msgid "" +"If the change password service is not running on the KDC, alternative " +"servers can be defined here. An optional port number (preceded by a colon) " +"may be appended to the addresses or hostnames." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:122 +msgid "" +"For more information on failover and server redundancy, see the " +"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " +"servers to try, the backend is not switched to operate offline if " +"authentication against the KDC is still possible." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:129 +msgid "Default: Use the KDC" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:135 +msgid "krb5_ccachedir (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:138 +msgid "" +"Directory to store credential caches. All the substitution sequences of " +"krb5_ccname_template can be used here, too, except %d and %P. The directory " +"is created as private and owned by the user, with permissions set to 0700." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:145 +msgid "Default: /tmp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:151 +msgid "krb5_ccname_template (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:165 include/override_homedir.xml:11 +msgid "%u" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:166 include/override_homedir.xml:12 +msgid "login name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:169 include/override_homedir.xml:15 +msgid "%U" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:170 +msgid "login UID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:173 +msgid "%p" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:174 +msgid "principal name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:178 +msgid "%r" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:179 +msgid "realm name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:182 include/override_homedir.xml:42 +msgid "%h" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:124 +msgid "home directory" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:187 include/override_homedir.xml:19 +msgid "%d" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:188 +msgid "value of krb5_ccachedir" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:193 include/override_homedir.xml:31 +msgid "%P" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:194 +msgid "the process ID of the SSSD client" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:199 include/override_homedir.xml:56 +msgid "%%" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:200 include/override_homedir.xml:57 +msgid "a literal '%'" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:154 +msgid "" +"Location of the user's credential cache. Three credential cache types are " +"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " +"<quote>KEYRING:persistent</quote>. The cache can be specified either as " +"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " +"implies the <quote>FILE</quote> type. In the template, the following " +"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " +"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " +"filename in a safe way." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:208 +msgid "" +"When using KEYRING types, the only supported mechanism is <quote>KEYRING:" +"persistent:%U</quote>, which uses the Linux kernel keyring to store " +"credentials on a per-UID basis. This is also the recommended choice, as it " +"is the most secure and predictable method." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:216 +msgid "" +"The default value for the credential cache name is sourced from the profile " +"stored in the system wide krb5.conf configuration file in the [libdefaults] " +"section. The option name is default_ccache_name. See krb5.conf(5)'s " +"PARAMETER EXPANSION paragraph for additional information on the expansion " +"format defined by krb5.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:225 +msgid "" +"NOTE: Please be aware that libkrb5 ccache expansion template from " +"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> uses different expansion sequences than SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:234 +msgid "Default: (from libkrb5)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:240 +msgid "krb5_keytab (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:243 +msgid "" +"The location of the keytab to use when validating credentials obtained from " +"KDCs." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:253 +msgid "krb5_store_password_if_offline (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:256 +msgid "" +"Store the password of the user if the provider is offline and use it to " +"request a TGT when the provider comes online again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:261 +msgid "" +"NOTE: this feature is only available on Linux. Passwords stored in this way " +"are kept in plaintext in the kernel keyring and are potentially accessible " +"by the root user (with difficulty)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:274 +msgid "krb5_use_fast (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:277 +msgid "" +"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" +"authentication. The following options are supported:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:282 +msgid "" +"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " +"option at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:286 +msgid "" +"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " +"continue the authentication without it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:291 +msgid "" +"<emphasis>demand</emphasis> to use FAST. The authentication fails if the " +"server does not require fast." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:296 +msgid "Default: not set, i.e. FAST is not used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:299 +msgid "NOTE: a keytab or support for anonymous PKINIT is required to use FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:303 +msgid "" +"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " +"SSSD is used with an older version of MIT Kerberos, using this option is a " +"configuration error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:312 +msgid "krb5_fast_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:315 +msgid "Specifies the server principal to use for FAST." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:321 +msgid "krb5_fast_use_anonymous_pkinit (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:324 +msgid "" +"If set to true try to use anonymous PKINIT instead of a keytab to get the " +"required credential for FAST. The krb5_fast_principal options is ignored in " +"this case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:364 +msgid "krb5_kdcinfo_lookahead (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:367 +msgid "" +"When krb5_use_kdcinfo is set to true, you can limit the amount of servers " +"handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. This might be " +"helpful when there are too many servers discovered using SRV record." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:377 +msgid "" +"The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. " +"The first number represents number of primary servers used and the second " +"number specifies the number of backup servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:383 +msgid "" +"For example <emphasis>10:0</emphasis> means that up to 10 primary servers " +"will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup " +"servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:392 +msgid "Default: 3:1" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:398 +msgid "krb5_use_enterprise_principal (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:401 +msgid "" +"Specifies if the user principal should be treated as enterprise principal. " +"See section 5 of RFC 6806 for more details about enterprise principals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:407 +msgid "Default: false (AD provider: true)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:410 +msgid "" +"The IPA provider will set to option to 'true' if it detects that the server " +"is capable of handling enterprise principals and the option is not set " +"explicitly in the config file." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:419 +msgid "krb5_use_subdomain_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:422 +msgid "" +"Specifies to use subdomains realms for the authentication of users from " +"trusted domains. This option can be set to 'true' if enterprise principals " +"are used with upnSuffixes which are not known on the parent domain KDCs. If " +"the option is set to 'true' SSSD will try to send the request directly to a " +"KDC of the trusted domain the user is coming from." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-krb5.5.xml:438 +msgid "krb5_map_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:441 +msgid "" +"The list of mappings is given as a comma-separated list of pairs " +"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user " +"name and <quote>primary</quote> is a user part of a kerberos principal. This " +"mapping is used when user is authenticating using <quote>auth_provider = " +"krb5</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-krb5.5.xml:453 +#, no-wrap +msgid "" +"krb5_realm = REALM\n" +"krb5_map_user = joe:juser,dick:richard\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-krb5.5.xml:458 +msgid "" +"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and " +"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos " +"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will " +"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:65 +msgid "" +"If the auth-module krb5 is used in an SSSD domain, the following options " +"must be used. See the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " +"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " +"domain. <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-krb5.5.xml:485 +msgid "" +"The following example assumes that SSSD is correctly configured and FOO is " +"one of the domains in the <replaceable>[sssd]</replaceable> section. This " +"example shows only configuration of Kerberos authentication; it does not " +"include any identity provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-krb5.5.xml:493 +#, no-wrap +msgid "" +"[domain/FOO]\n" +"auth_provider = krb5\n" +"krb5_server = 192.168.1.1\n" +"krb5_realm = EXAMPLE.COM\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_cache.8.xml:10 sss_cache.8.xml:15 +msgid "sss_cache" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_cache.8.xml:16 +msgid "perform cache cleanup" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_cache.8.xml:21 +msgid "" +"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:31 +msgid "" +"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " +"records are forced to be reloaded from server as soon as related SSSD " +"backend is online. Options that invalidate a single object only accept a " +"single provided argument." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:43 +msgid "<option>-E</option>,<option>--everything</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:47 +msgid "Invalidate all cached entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:53 +msgid "" +"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:58 +msgid "Invalidate specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:64 +msgid "<option>-U</option>,<option>--users</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:68 +msgid "" +"Invalidate all user records. This option overrides invalidation of specific " +"user if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:75 +msgid "" +"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:80 +msgid "Invalidate specific group." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:86 +msgid "<option>-G</option>,<option>--groups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:90 +msgid "" +"Invalidate all group records. This option overrides invalidation of specific " +"group if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:97 +msgid "" +"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:102 +msgid "Invalidate specific netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:108 +msgid "<option>-N</option>,<option>--netgroups</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:112 +msgid "" +"Invalidate all netgroup records. This option overrides invalidation of " +"specific netgroup if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:119 +msgid "" +"<option>-s</option>,<option>--service</option> <replaceable>service</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:124 +msgid "Invalidate specific service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:130 +msgid "<option>-S</option>,<option>--services</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:134 +msgid "" +"Invalidate all service records. This option overrides invalidation of " +"specific service if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:141 +msgid "" +"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:146 +msgid "Invalidate specific autofs maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:152 +msgid "<option>-A</option>,<option>--autofs-maps</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:156 +msgid "" +"Invalidate all autofs maps. This option overrides invalidation of specific " +"map if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:163 +msgid "" +"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:168 +msgid "Invalidate SSH public keys of a specific host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:174 +msgid "<option>-H</option>,<option>--ssh-hosts</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:178 +msgid "" +"Invalidate SSH public keys of all hosts. This option overrides invalidation " +"of SSH public keys of specific host if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:186 +msgid "" +"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:191 +msgid "Invalidate particular sudo rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:197 +msgid "<option>-R</option>,<option>--sudo-rules</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:201 +msgid "" +"Invalidate all cached sudo rules. This option overrides invalidation of " +"specific sudo rule if it was also set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_cache.8.xml:209 +msgid "" +"<option>-d</option>,<option>--domain</option> <replaceable>domain</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_cache.8.xml:214 +msgid "Restrict invalidation process only to a particular domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_cache.8.xml:224 +msgid "EFFECTS ON THE FAST MEMORY CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:226 +msgid "" +"<command>sss_cache</command> also invalidates the memory cache. Since the " +"memory cache is a file which is mapped into the memory of each process which " +"called SSSD to resolve users or groups the file cannot be truncated. A " +"special flag is set in the header of the file to indicate that the content " +"is invalid and then the file is unlinked by SSSD's NSS responder and a new " +"cache file is created. Whenever a process is now doing a new lookup for a " +"user or a group it will see the flag, close the old memory cache file and " +"map the new one into its memory. When all processes which had opened the old " +"memory cache file have closed it while looking up a user or a group the " +"kernel can release the occupied disk space and the old memory cache file is " +"finally removed completely." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:240 +msgid "" +"A special case is long running processes which are doing user or group " +"lookups only at startup, e.g. to determine the name of the user the process " +"is running as. For those lookups the memory cache file is mapped into the " +"memory of the process. But since there will be no further lookups this " +"process would never detect if the memory cache file was invalidated and " +"hence it will be kept in memory and will occupy disk space until the process " +"stops. As a result calling <command>sss_cache</command> might increase the " +"disk usage because old memory cache files cannot be removed from the disk " +"because they are still mapped by long running processes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_cache.8.xml:252 +msgid "" +"A possible work-around for long running processes which are looking up users " +"and groups only at startup or very rarely is to run them with the " +"environment variable SSS_NSS_USE_MEMCACHE set to \"NO\" so that they won't " +"use the memory cache at all and not map the memory cache file into the " +"memory. In general a better solution is to tune the cache timeout parameters " +"so that they meet the local expectations and calling <command>sss_cache</" +"command> is not needed." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 +msgid "sss_debuglevel" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_debuglevel.8.xml:16 +msgid "[DEPRECATED] change debug level while SSSD is running" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_debuglevel.8.xml:21 +msgid "" +"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" +"replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_debuglevel.8.xml:32 +msgid "" +"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl " +"debug-level command. Please refer to the <command>sssctl</command> man page " +"for more information on sssctl usage." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_seed.8.xml:10 sss_seed.8.xml:15 +msgid "sss_seed" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_seed.8.xml:16 +msgid "seed the SSSD cache with a user" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_seed.8.xml:21 +msgid "" +"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" +"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" +"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:33 +msgid "" +"<command>sss_seed</command> seeds the SSSD cache with a user entry and " +"temporary password. If a user entry is already present in the SSSD cache " +"then the entry is updated with the temporary password." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:46 +msgid "" +"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:51 +msgid "" +"Provide the name of the domain in which the user is a member of. The domain " +"is also used to retrieve user information. The domain must be configured in " +"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " +"Information retrieved from the domain overrides what is provided in the " +"options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:63 +msgid "" +"<option>-n</option>,<option>--username</option> <replaceable>USER</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:68 +msgid "" +"The username of the entry to be created or modified in the cache. The " +"<replaceable>USER</replaceable> option must be provided." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:76 +msgid "" +"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:81 +msgid "Set the UID of the user to <replaceable>UID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:88 +msgid "" +"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:93 +msgid "Set the GID of the user to <replaceable>GID</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:100 +msgid "" +"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:105 +msgid "" +"Any text string describing the user. Often used as the field for the user's " +"full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:112 +msgid "" +"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:117 +msgid "" +"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:124 +msgid "" +"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:129 +msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:140 +msgid "" +"Interactive mode for entering user information. This option will only prompt " +"for information not provided in the options or retrieved from the domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_seed.8.xml:148 +msgid "" +"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" +"replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_seed.8.xml:153 +msgid "" +"Specify file to read user's password from. (if not specified password is " +"prompted for)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_seed.8.xml:165 +msgid "" +"The length of the password (or the size of file specified with -p or --" +"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " +"on systems with no globally-defined PASS_MAX value)." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16 +msgid "sssd-ifp" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ifp.5.xml:17 +msgid "SSSD InfoPipe responder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:23 +msgid "" +"This manual page describes the configuration of the InfoPipe responder for " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:36 +msgid "" +"The InfoPipe responder provides a public D-Bus interface accessible over the " +"system bus. The interface allows the user to query information about remote " +"users and groups over the system bus." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-ifp.5.xml:43 +msgid "FIND BY VALID CERTIFICATE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:45 +msgid "" +"The following options can be used to control how the certificates are " +"validated when using the FindByValidCertificate() API:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:48 sss_ssh_authorizedkeys.1.xml:92 +msgid "ca_db" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:49 sss_ssh_authorizedkeys.1.xml:93 +msgid "p11_child_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> +#: sssd-ifp.5.xml:50 sss_ssh_authorizedkeys.1.xml:94 +msgid "certificate_verification" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-ifp.5.xml:52 +msgid "" +"For more details about the options see <citerefentry><refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ifp.5.xml:62 +msgid "These options can be used to configure the InfoPipe responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:69 +msgid "" +"Specifies the comma-separated list of UID values or user names that are " +"allowed to access the InfoPipe responder. User names are resolved to UIDs at " +"startup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:75 +msgid "" +"Default: 0 (only the root user is allowed to access the InfoPipe responder)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:79 +msgid "" +"Please note that although the UID 0 is used as the default it will be " +"overwritten with this option. If you still want to allow the root user to " +"access the InfoPipe responder, which would be the typical case, you have to " +"add 0 to the list of allowed UIDs as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:93 +msgid "Specifies the comma-separated list of white or blacklisted attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:107 +msgid "name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:108 +msgid "user's login name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:111 +msgid "uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:112 +msgid "user ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:115 +msgid "gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:116 +msgid "primary group ID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:119 +msgid "gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:120 +msgid "user information, typically full name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:123 +msgid "homeDirectory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd-ifp.5.xml:127 +msgid "loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:128 +msgid "user shell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:97 +msgid "" +"By default, the InfoPipe responder only allows the default set of POSIX " +"attributes to be requested. This set is the same as returned by " +"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> +#: sssd-ifp.5.xml:141 +#, no-wrap +msgid "" +"user_attributes = +telephoneNumber, -loginShell\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:133 +msgid "" +"It is possible to add another attribute to this set by using " +"<quote>+attr_name</quote> or explicitly remove an attribute using <quote>-" +"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but " +"deny <quote>loginShell</quote>, you would use the following configuration: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:145 +msgid "Default: not set. Only the default set of POSIX attributes is allowed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:155 +msgid "" +"Specifies an upper limit on the number of entries that are downloaded during " +"a wildcard lookup that overrides caller-supplied limit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-ifp.5.xml:160 +msgid "Default: 0 (let the caller set an upper limit)" +msgstr "" + +#. type: Content of: <reference><refentry><refentryinfo> +#: sss_rpcidmapd.5.xml:8 +msgid "" +"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</" +"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data " +"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </" +"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> " +"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </" +"author>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32 +msgid "sss_rpcidmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_rpcidmapd.5.xml:33 +msgid "sss plugin configuration directives for rpc.idmapd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:37 +msgid "CONFIGURATION FILE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:39 +msgid "" +"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd." +"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:49 +msgid "SSS CONFIGURATION EXTENSION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:51 +msgid "Enable SSS plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:53 +msgid "" +"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> " +"attribute to contain <emphasis>sss</emphasis>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_rpcidmapd.5.xml:59 +msgid "[sss] config section" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_rpcidmapd.5.xml:61 +msgid "" +"In order to change the default of one of the configuration attributes of the " +"<emphasis>sss</emphasis> plugin listed below you will need to create a " +"config section for it, named <quote>[sss]</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sss_rpcidmapd.5.xml:67 +msgid "Configuration attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sss_rpcidmapd.5.xml:69 +msgid "memcache (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sss_rpcidmapd.5.xml:72 +msgid "Indicates whether or not to use memcache optimisation technique." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_rpcidmapd.5.xml:85 +msgid "SSSD INTEGRATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:87 +msgid "" +"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled " +"in sssd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:91 +msgid "" +"The attribute <quote>use_fully_qualified_names</quote> must be enabled on " +"all domains (NFSv4 clients expect a fully qualified name to be sent on the " +"wire)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_rpcidmapd.5.xml:103 +#, no-wrap +msgid "" +"[General]\n" +"Verbosity = 2\n" +"# domain must be synced between NFSv4 server and clients\n" +"# Solaris/Illumos/AIX use \"localdomain\" as default!\n" +"Domain = default\n" +"\n" +"[Mapping]\n" +"Nobody-User = nfsnobody\n" +"Nobody-Group = nfsnobody\n" +"\n" +"[Translation]\n" +"Method = sss\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:100 +msgid "" +"The following example shows a minimal idmapd.conf which makes use of the sss " +"plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:316 include/seealso.xml:2 +msgid "SEE ALSO" +msgstr "另见" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_rpcidmapd.5.xml:122 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 +msgid "sss_ssh_authorizedkeys" +msgstr "" + +#. type: Content of: <reference><refentry><refmeta><manvolnum> +#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 +msgid "1" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_authorizedkeys.1.xml:16 +msgid "get OpenSSH authorized keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_authorizedkeys.1.xml:21 +msgid "" +"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>USER</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:32 +msgid "" +"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " +"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " +"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> for more information)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:41 +msgid "" +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" +"command> for public key user authentication if it is compiled with support " +"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the " +"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> man page for more details about this option." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_authorizedkeys.1.xml:59 +#, no-wrap +msgid "" +" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" +" AuthorizedKeysCommandUser nobody\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:52 +msgid "" +"If <quote>AuthorizedKeysCommand</quote> is supported, " +"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" +"citerefentry> can be configured to use it by putting the following " +"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss_ssh_authorizedkeys.1.xml:65 +msgid "KEYS FROM CERTIFICATES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:67 +msgid "" +"In addition to the public SSH keys for user <replaceable>USER</replaceable> " +"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived " +"from the public key of a X.509 certificate as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:73 +msgid "" +"To enable this the <quote>ssh_use_certificate_keys</quote> option must be " +"set to true (default) in the [ssh] section of <filename>sssd.conf</" +"filename>. If the user entry contains certificates (see " +"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or " +"there is a certificate in an override entry for the user (see " +"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</" +"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the " +"certificate is valid SSSD will extract the public key from the certificate " +"and convert it into the format expected by sshd." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:90 +msgid "Besides <quote>ssh_use_certificate_keys</quote> the options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:96 +msgid "" +"can be used to control how the certificates are validated (see " +"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> for details)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:101 +msgid "" +"The validation is the benefit of using X.509 certificates instead of SSH " +"keys directly because e.g. it gives a better control of the lifetime of the " +"keys. When the ssh client is configured to use the private keys from a " +"Smartcard with the help of a PKCS#11 shared library (see " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> for details) it might be irritating that authentication is " +"still working even if the related X.509 certificate on the Smartcard is " +"already expired because neither <command>ssh</command> nor <command>sshd</" +"command> will look at the certificate at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss_ssh_authorizedkeys.1.xml:114 +msgid "" +"It has to be noted that the derived public SSH key can still be added to the " +"<filename>authorized_keys</filename> file of the user to bypass the " +"certificate validation if the <command>sshd</command> configuration permits " +"this." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_authorizedkeys.1.xml:132 +msgid "" +"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:102 +msgid "EXIT STATUS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:104 +msgid "" +"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 +msgid "sss_ssh_knownhostsproxy" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss_ssh_knownhostsproxy.1.xml:16 +msgid "get OpenSSH host keys" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sss_ssh_knownhostsproxy.1.xml:21 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " +"<replaceable>options</replaceable> </arg> <arg " +"choice='plain'><replaceable>HOST</replaceable></arg> <arg " +"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:33 +msgid "" +"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " +"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " +"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " +"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" +"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" +"pubconf/known_hosts</filename> and establishes the connection to the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:43 +msgid "" +"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " +"create the connection to the host instead of opening a socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sss_ssh_knownhostsproxy.1.xml:55 +#, no-wrap +msgid "" +"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" +"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss_ssh_knownhostsproxy.1.xml:48 +msgid "" +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" +"command> for host key authentication by using the following directives for " +"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" +"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:66 +msgid "" +"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:71 +msgid "" +"Use port <replaceable>PORT</replaceable> to connect to the host. By " +"default, port 22 is used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:83 +msgid "" +"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sss_ssh_knownhostsproxy.1.xml:89 +msgid "<option>-k</option>,<option>--pubkey</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sss_ssh_knownhostsproxy.1.xml:93 +msgid "" +"Print the host ssh public keys for host <replaceable>HOST</replaceable>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: idmap_sss.8.xml:10 idmap_sss.8.xml:15 +msgid "idmap_sss" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: idmap_sss.8.xml:16 +msgid "SSSD's idmap_sss Backend for Winbind" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:22 +msgid "" +"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. " +"No database is required in this case as the mapping is done by SSSD." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: idmap_sss.8.xml:29 +msgid "IDMAP OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: idmap_sss.8.xml:33 +msgid "range = low - high" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: idmap_sss.8.xml:35 +msgid "" +"Defines the available matching UID and GID range for which the backend is " +"authoritative." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:45 +msgid "" +"This example shows how to configure idmap_sss as the default mapping module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: idmap_sss.8.xml:50 +#, no-wrap +msgid "" +"[global]\n" +"security = ads\n" +"workgroup = <AD-DOMAIN-SHORTNAME>\n" +"\n" +"idmap config <AD-DOMAIN-SHORTNAME> : backend = sss\n" +"idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647\n" +"\n" +"idmap config * : backend = tdb\n" +"idmap config * : range = 100000-199999\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:62 +msgid "" +"Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of " +"the AD domain. If multiple AD domains should be used each domain needs an " +"<literal>idmap config</literal> line with <literal>backend = sss</literal> " +"and a line with a suitable <literal>range</literal>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: idmap_sss.8.xml:69 +msgid "" +"Since Winbind requires a writeable default backend and idmap_sss is read-" +"only the example includes <literal>backend = tdb</literal> as default." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssctl.8.xml:10 sssctl.8.xml:15 +msgid "sssctl" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssctl.8.xml:16 +msgid "SSSD control and status utility" +msgstr "" + +#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> +#: sssctl.8.xml:21 +msgid "" +"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</" +"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </" +"arg>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:32 +msgid "" +"<command>sssctl</command> provides a simple and unified way to obtain " +"information about SSSD status, such as active server, auto-discovered " +"servers, domains and cached objects. In addition, it can manage SSSD data " +"files for troubleshooting in such a way that is safe to manipulate while " +"SSSD is running." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssctl.8.xml:43 +msgid "" +"To list all available commands run <command>sssctl</command> without any " +"parameters. To print help for selected command run <command>sssctl COMMAND --" +"help</command>." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-files.5.xml:10 sssd-files.5.xml:16 +msgid "sssd-files" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-files.5.xml:17 +msgid "SSSD files provider" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:23 +msgid "" +"This manual page describes the files provider for <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " +"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:36 +msgid "" +"The files provider mirrors the content of the <citerefentry> " +"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files " +"provider is to make the users and groups traditionally only accessible with " +"NSS interfaces also available through the SSSD interfaces such as " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:55 +msgid "" +"Another reason is to provide efficient caching of local users and groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:58 +msgid "" +"Please note that besides explicit domain definition the files provider can " +"be configured also implicitly using 'enable_files_domain' option. See " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:66 +msgid "" +"SSSD never handles resolution of user/group \"root\". Also resolution of UID/" +"GID 0 is not handled by SSSD. Such requests are passed to next NSS module " +"(usually files)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:71 +msgid "" +"When SSSD is not running or responding, nss_sss returns the UNAVAIL code " +"which causes the request to be passed to the next module." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:95 +msgid "passwd_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:98 +msgid "" +"Comma-separated list of one or multiple password filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:104 +msgid "Default: /etc/passwd" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:110 +msgid "group_files (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:113 +msgid "" +"Comma-separated list of one or multiple group filenames to be read and " +"enumerated by the files provider, inotify monitor watches will be set on " +"each file to detect changes dynamically." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:119 +msgid "Default: /etc/group" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-files.5.xml:125 +msgid "fallback_to_nss (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:128 +msgid "" +"While updating the internal data SSSD will return an error and let the " +"client continue with the next NSS module. This helps to avoid delays when " +"using the default system files <filename>/etc/passwd</filename> and " +"<filename>/etc/group</filename> and the NSS configuration has 'sss' before " +"'files' for the 'passwd' and 'group' maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-files.5.xml:138 +msgid "" +"If the files provider is configured to monitor other files it makes sense to " +"set this option to 'False' to avoid inconsistent behavior because in general " +"there would be no other NSS module which can be used as a fallback." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:79 +msgid "" +"In addition to the options listed below, generic SSSD domain options can be " +"set where applicable. Refer to the section <quote>DOMAIN SECTIONS</quote> " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for details on the configuration of " +"an SSSD domain. But the purpose of the files provider is to expose the same " +"data as the UNIX files, just through the SSSD interfaces. Therefore not all " +"generic domain options are supported. Likewise, some global options, such as " +"overriding the shell in the <quote>nss</quote> section for all domains has " +"no effect on the files domain unless explicitly specified per-domain. " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:157 +msgid "" +"The following example assumes that SSSD is correctly configured and files is " +"one of the domains in the <replaceable>[sssd]</replaceable> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:163 +#, no-wrap +msgid "" +"[domain/files]\n" +"id_provider = files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-files.5.xml:168 +msgid "" +"To leverage caching of local users and groups by SSSD nss_sss module must be " +"listed before nss_files module in /etc/nsswitch.conf." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-files.5.xml:174 +#, no-wrap +msgid "" +"passwd: sss files\n" +"group: sss files\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16 +msgid "sssd-session-recording" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-session-recording.5.xml:17 +msgid "Configuring session recording with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to " +"implement user session recording on text terminals. For a detailed " +"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> " +"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:41 +msgid "" +"SSSD can be set up to enable recording of everything specific users see or " +"type during their sessions on text terminals. E.g. when users log in on the " +"console, or via SSH. SSSD itself doesn't record anything, but makes sure " +"tlog-rec-session is started upon user login, so it can record according to " +"its configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:48 +msgid "" +"For users with session recording enabled, SSSD replaces the user shell with " +"tlog-rec-session in NSS responses, and adds a variable specifying the " +"original shell to the user environment, upon PAM session setup. This way " +"tlog-rec-session can be started in place of the user shell, and know which " +"actual shell to start, once it set up the recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:60 +msgid "These options can be used to configure the session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:178 +msgid "" +"The following snippet of sssd.conf enables session recording for users " +"\"contractor1\" and \"contractor2\", and group \"students\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-session-recording.5.xml:183 +#, no-wrap +msgid "" +"[session_recording]\n" +"scope = some\n" +"users = contractor1, contractor2\n" +"groups = students\n" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16 +msgid "sssd-kcm" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-kcm.8.xml:17 +msgid "SSSD Kerberos Cache Manager" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:23 +msgid "" +"This manual page describes the configuration of the SSSD Kerberos Cache " +"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos " +"credential caches. It originates in the Heimdal Kerberos project, although " +"the MIT Kerberos library also provides client side (more details on that " +"below) support for the KCM credential cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:31 +msgid "" +"In a setup where Kerberos caches are managed by KCM, the Kerberos library " +"(typically used through an application, like e.g., <citerefentry> " +"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </" +"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is " +"being referred to as a <quote>\"KCM server\"</quote>. The client and server " +"communicate over a UNIX socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:42 +msgid "" +"The KCM server keeps track of each credential caches's owner and performs " +"access check control based on the UID and GID of the KCM client. The root " +"user has access to all credential caches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:47 +msgid "The KCM credential cache has several interesting properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:51 +msgid "" +"since the process runs in userspace, it is subject to UID namespacing, " +"unlike the kernel keyring" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:56 +msgid "" +"unlike the kernel keyring-based cache, which is shared between all " +"containers, the KCM server is a separate process whose entry point is a UNIX " +"socket" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:61 +msgid "" +"the SSSD implementation stores the ccaches in a database, typically located " +"at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to " +"survive KCM server restarts or machine reboots." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:67 +msgid "" +"This allows the system to use a collection-aware credential cache, yet share " +"the credential cache between some or no containers by bind-mounting the " +"socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:72 +msgid "" +"The KCM default client idle timeout is 5 minutes, this allows more time for " +"user interaction with command line tools such as kinit." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:78 +msgid "USING THE KCM CREDENTIAL CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:88 +#, no-wrap +msgid "" +"[libdefaults]\n" +" default_ccache_name = KCM:\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:80 +msgid "" +"In order to use KCM credential cache, it must be selected as the default " +"credential type in <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials " +"cache name must be only <quote>KCM:</quote> without any template " +"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:93 +msgid "" +"Next, make sure the Kerberos client libraries and the KCM server must agree " +"on the UNIX socket path. By default, both use the same path <replaceable>/" +"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos " +"library, change its <quote>kcm_socket</quote> option which is described in " +"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:115 +#, no-wrap +msgid "" +"systemctl start sssd-kcm.socket\n" +"systemctl enable sssd-kcm.socket\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:104 +msgid "" +"Finally, make sure the SSSD KCM server can be contacted. The KCM service is " +"typically socket-activated by <citerefentry> <refentrytitle>systemd</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD " +"services, it cannot be started by adding the <quote>kcm</quote> string to " +"the <quote>service</quote> directive. <placeholder type=\"programlisting\" " +"id=\"0\"/> Please note your distribution may already configure the units for " +"you." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:124 +msgid "THE CREDENTIAL CACHE STORAGE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:126 +msgid "" +"The credential caches are stored in a database, much like SSSD caches user " +"or group entries. The database is typically located at <quote>/var/lib/sss/" +"secrets</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:133 +msgid "OBTAINING DEBUG LOGS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:144 +#, no-wrap +msgid "" +"[kcm]\n" +"debug_level = 10\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:149 sssd-kcm.8.xml:211 +#, no-wrap +msgid "" +"systemctl restart sssd-kcm.service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:135 +msgid "" +"The sssd-kcm service is typically socket-activated <citerefentry> " +"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" +"citerefentry>. To generate debug logs, add the following either to the " +"<filename>/etc/sssd/sssd.conf</filename> file directly or as a configuration " +"snippet to <filename>/etc/sssd/conf.d/</filename> directory: <placeholder " +"type=\"programlisting\" id=\"0\"/> Then, restart the sssd-kcm service: " +"<placeholder type=\"programlisting\" id=\"1\"/> Finally, run whatever use-" +"case doesn't work for you. The KCM logs will be generated at <filename>/var/" +"log/sssd/sssd_kcm.log</filename>. It is recommended to disable the debug " +"logs when you no longer need the debugging to be enabled as the sssd-kcm " +"service can generate quite a large amount of debugging information." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:159 +msgid "" +"Please note that configuration snippets are, at the moment, only processed " +"if the main configuration file at <filename>/etc/sssd/sssd.conf</filename> " +"exists at all." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:166 +msgid "RENEWALS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:174 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"krb5_renew_interval = 60m\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:168 +msgid "" +"The sssd-kcm service can be configured to attempt TGT renewal for renewable " +"TGTs stored in the KCM ccache. Renewals are only attempted when half of the " +"ticket lifetime has been reached. KCM Renewals are configured when the " +"following options are set in the [kcm] section: <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:179 +msgid "" +"SSSD can also inherit krb5 options for renewals from an existing domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><programlisting> +#: sssd-kcm.8.xml:183 +#, no-wrap +msgid "" +"tgt_renewal = true\n" +"tgt_renewal_inherit = domain-name\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:191 +#, no-wrap +msgid "" +"krb5_renew_interval\n" +"krb5_renewable_lifetime\n" +"krb5_lifetime\n" +"krb5_validate\n" +"krb5_canonicalize\n" +"krb5_auth_timeout\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:187 +msgid "" +"The following krb5 options can be configured in the [kcm] section to control " +"renewal behavior, these options are described in detail below <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:204 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> section of the sssd." +"conf file. Please note that because the KCM service is typically socket-" +"activated, it is enough to just restart the <quote>sssd-kcm</quote> service " +"after changing options in the <quote>kcm</quote> section of sssd.conf: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:215 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> For a detailed " +"syntax reference, refer to the <quote>FILE FORMAT</quote> section of the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:223 +msgid "" +"The generic SSSD service options such as <quote>debug_level</quote> or " +"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for a complete list. In addition, " +"there are some KCM-specific options as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:234 +msgid "socket_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:237 +msgid "The socket the KCM service will listen on." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:240 +msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:243 +msgid "" +"<phrase condition=\"have_systemd\"> Note: on platforms where systemd is " +"supported, the socket path is overwritten by the one defined in the sssd-kcm." +"socket unit file. </phrase>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:252 +msgid "max_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:255 +msgid "How many credential caches does the KCM database allow for all users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:259 +msgid "Default: 0 (unlimited, only the per-UID quota is enforced)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:264 +msgid "max_uid_ccaches (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:267 +msgid "" +"How many credential caches does the KCM database allow per UID. This is " +"equivalent to <quote>with how many principals you can kinit</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:272 +msgid "Default: 64" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:277 +msgid "max_ccache_size (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:280 +msgid "" +"How big can a credential cache be per ccache. Each service ticket accounts " +"into this quota." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:284 +msgid "Default: 65536" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:289 +msgid "tgt_renewal (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:292 +msgid "Enables TGT renewals functionality." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:295 +msgid "Default: False (Automatic renewals disabled)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:300 +msgid "tgt_renewal_inherit (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:303 +msgid "Domain to inherit krb5_* options from, for use with TGT renewals." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:307 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: NULL" +msgstr "默认: 3" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:318 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>," +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16 +msgid "sssd-systemtap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-systemtap.5.xml:17 +msgid "SSSD systemtap information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:23 +msgid "" +"This manual page provides information about the systemtap functionality in " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:32 +msgid "" +"SystemTap Probe points have been added into various locations in SSSD code " +"to assist in troubleshooting and analyzing performance related issues." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:40 +msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:46 +msgid "" +"Probes and miscellaneous functions are defined in /usr/share/systemtap/" +"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp " +"respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:57 +msgid "PROBE POINTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:367 +msgid "" +"The information below lists the probe points and arguments available in the " +"following format:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:64 +msgid "probe $name" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:67 +msgid "Description of probe point" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:70 +#, no-wrap +msgid "" +"variable1:datatype\n" +"variable2:datatype\n" +"variable3:datatype\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:80 +msgid "Database Transaction Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:84 +msgid "probe sssd_transaction_start" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:87 +msgid "" +"Start of a sysdb transaction, probes the sysdb_transaction_start() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118 +#: sssd-systemtap.5.xml:131 +#, no-wrap +msgid "" +"nesting:integer\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:97 +msgid "probe sssd_transaction_cancel" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:100 +msgid "" +"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() " +"function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:111 +msgid "probe sssd_transaction_commit_before" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:114 +msgid "Probes the sysdb_transaction_commit_before() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:124 +msgid "probe sssd_transaction_commit_after" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:127 +msgid "Probes the sysdb_transaction_commit_after() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:141 +msgid "LDAP Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:145 +msgid "probe sdap_search_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:148 +msgid "Probes the sdap_get_generic_ext_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:152 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"attrs:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:161 +msgid "probe sdap_search_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:164 +msgid "Probes the sdap_get_generic_ext_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:168 sssd-systemtap.5.xml:222 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:176 +msgid "probe sdap_parse_entry" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:179 +msgid "" +"Probes the sdap_parse_entry() function. It is called repeatedly with every " +"received attribute." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:184 +#, no-wrap +msgid "" +"attr:string\n" +"value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:190 +msgid "probe sdap_parse_entry_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:193 +msgid "" +"Probes the sdap_parse_entry() function. It is called when parsing of " +"received object is finished." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:201 +msgid "probe sdap_deref_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:204 +msgid "Probes the sdap_deref_search_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:208 +#, no-wrap +msgid "" +"base_dn:string\n" +"deref_attr:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:215 +msgid "probe sdap_deref_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:218 +msgid "Probes the sdap_deref_search_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:234 +msgid "LDAP Account Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:238 +msgid "probe sdap_acct_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:241 +msgid "Probes the sdap_acct_req_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:245 sssd-systemtap.5.xml:260 +#, no-wrap +msgid "" +"entry_type:int\n" +"filter_type:int\n" +"filter_value:string\n" +"extra_value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:253 +msgid "probe sdap_acct_req_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:256 +msgid "Probes the sdap_acct_req_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:272 +msgid "LDAP User Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:276 +msgid "probe sdap_search_user_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:279 +msgid "Probes the sdap_search_user_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:283 sssd-systemtap.5.xml:295 sssd-systemtap.5.xml:307 +#: sssd-systemtap.5.xml:319 +#, no-wrap +msgid "" +"filter:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:288 +msgid "probe sdap_search_user_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:291 +msgid "Probes the sdap_search_user_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:300 +msgid "probe sdap_search_user_save_begin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:303 +msgid "Probes the sdap_search_user_save_begin() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:312 +msgid "probe sdap_search_user_save_end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:315 +msgid "Probes the sdap_search_user_save_end() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:328 +msgid "Data Provider Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:332 +msgid "probe dp_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:335 +msgid "A Data Provider request is submitted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:338 +#, no-wrap +msgid "" +"dp_req_domain:string\n" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:346 +msgid "probe dp_req_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:349 +msgid "A Data Provider request is completed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:352 +#, no-wrap +msgid "" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +"dp_ret:int\n" +"dp_errorstr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:365 +msgid "MISCELLANEOUS FUNCTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:372 +msgid "function acct_req_desc(entry_type)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:375 +msgid "Convert entry_type to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:380 +msgid "" +"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, " +"filter_value, extra_value)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:384 +msgid "Create probe string based on filter type" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:389 +msgid "function dp_target_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:392 +msgid "Convert target to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:397 +msgid "function dp_method_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:400 +msgid "Convert method to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:410 +msgid "SAMPLE SYSTEMTAP SCRIPTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:412 +msgid "" +"Start the SystemTap script (<command>stap /usr/share/sssd/systemtap/<" +"script_name>.stp</command>), then perform an identity operation and the " +"script will collect information from probes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:418 +msgid "Provided SystemTap scripts are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:422 +msgid "dp_request.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:425 +msgid "Monitoring of data provider request performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:430 +msgid "id_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:433 +msgid "Monitoring of <command>id</command> command performance." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:439 +msgid "ldap_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:442 +msgid "Monitoring of LDAP queries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:447 +msgid "nested_group_perf.stp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:450 +msgid "Performance of nested groups resolving." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16 +msgid "sssd-ldap-attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-ldap-attributes.5.xml:17 +msgid "SSSD LDAP Provider: Mapping Attributes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap-attributes.5.xml:23 +msgid "" +"This manual page describes the mapping attributes of SSSD LDAP provider " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>. Refer to the <citerefentry> <refentrytitle>sssd-" +"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page " +"for full details about SSSD LDAP provider configuration options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:38 +msgid "USER ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:42 +msgid "ldap_user_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:45 +msgid "The object class of a user entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:48 +msgid "Default: posixAccount" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:54 +msgid "ldap_user_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:57 +msgid "The LDAP attribute that corresponds to the user's login name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:61 +msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:68 +msgid "ldap_user_uid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:71 +msgid "The LDAP attribute that corresponds to the user's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:75 +msgid "Default: uidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:81 +msgid "ldap_user_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:84 +msgid "The LDAP attribute that corresponds to the user's primary group id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:88 sssd-ldap-attributes.5.xml:698 +msgid "Default: gidNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:94 +msgid "ldap_user_primary_group (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:97 +msgid "" +"Active Directory primary group attribute for ID-mapping. Note that this " +"attribute should only be set manually if you are running the <quote>ldap</" +"quote> provider with ID mapping." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:103 +msgid "Default: unset (LDAP), primaryGroupID (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:109 +msgid "ldap_user_gecos (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:112 +msgid "The LDAP attribute that corresponds to the user's gecos field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:116 +msgid "Default: gecos" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:122 +msgid "ldap_user_home_directory (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:125 +msgid "The LDAP attribute that contains the name of the user's home directory." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:129 +msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:135 +msgid "ldap_user_shell (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:138 +msgid "The LDAP attribute that contains the path to the user's default shell." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:142 +msgid "Default: loginShell" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:148 +msgid "ldap_user_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:151 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:155 sssd-ldap-attributes.5.xml:724 +msgid "" +"Default: not set in the general case, objectGUID for AD and ipaUniqueID for " +"IPA" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:162 +msgid "ldap_user_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:165 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP user object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:170 sssd-ldap-attributes.5.xml:739 +msgid "Default: objectSid for ActiveDirectory, not set for other servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:177 +msgid "ldap_user_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:180 sssd-ldap-attributes.5.xml:749 +#: sssd-ldap-attributes.5.xml:872 +msgid "" +"The LDAP attribute that contains timestamp of the last modification of the " +"parent object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:184 sssd-ldap-attributes.5.xml:753 +#: sssd-ldap-attributes.5.xml:879 +msgid "Default: modifyTimestamp" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:190 +msgid "ldap_user_shadow_last_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:193 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " +"the last password change)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:203 +msgid "Default: shadowLastChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:209 +msgid "ldap_user_shadow_min (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:212 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:221 +msgid "Default: shadowMin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:227 +msgid "ldap_user_shadow_max (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:230 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " +"password age)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:239 +msgid "Default: shadowMax" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:245 +msgid "ldap_user_shadow_warning (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:248 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password warning period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:258 +msgid "Default: shadowWarning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:264 +msgid "ldap_user_shadow_inactive (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:267 +msgid "" +"When using ldap_pwd_policy=shadow, this parameter contains the name of an " +"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " +"(password inactivity period)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:277 +msgid "Default: shadowInactive" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:283 +msgid "ldap_user_shadow_expire (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:286 +msgid "" +"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " +"parameter contains the name of an LDAP attribute corresponding to its " +"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> counterpart (account expiration date)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:296 +msgid "Default: shadowExpire" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:302 +msgid "ldap_user_krb_last_pwd_change (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:305 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time of last password change in " +"kerberos." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:311 +msgid "Default: krbLastPwdChange" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:317 +msgid "ldap_user_krb_password_expiration (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:320 +msgid "" +"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " +"an LDAP attribute storing the date and time when current password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:326 +msgid "Default: krbPasswordExpiration" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:332 +msgid "ldap_user_ad_account_expires (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:335 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:340 +msgid "Default: accountExpires" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:346 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:349 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:354 +msgid "Default: userAccountControl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:360 +msgid "ldap_ns_account_lock (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:363 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:368 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:374 +msgid "ldap_user_nds_login_disabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:377 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines if " +"access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:381 sssd-ldap-attributes.5.xml:395 +msgid "Default: loginDisabled" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:387 +msgid "ldap_user_nds_login_expiration_time (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:390 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines until " +"which date access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:401 +msgid "ldap_user_nds_login_allowed_time_map (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:404 +msgid "" +"When using ldap_account_expire_policy=nds, this attribute determines the " +"hours of a day in a week when access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:409 +msgid "Default: loginAllowedTimeMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:415 +msgid "ldap_user_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:418 +msgid "" +"The LDAP attribute that contains the user's Kerberos User Principal Name " +"(UPN)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:422 +msgid "Default: krbPrincipalName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:428 +msgid "ldap_user_extra_attrs (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:431 +msgid "" +"Comma-separated list of LDAP attributes that SSSD would fetch along with the " +"usual set of user attributes." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:436 +msgid "" +"The list can either contain LDAP attribute names only, or colon-separated " +"tuples of SSSD cache attribute name and LDAP attribute name. In case only " +"LDAP attribute name is specified, the attribute is saved to the cache " +"verbatim. Using a custom SSSD attribute name might be required by " +"environments that configure several SSSD domains with different LDAP schemas." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:446 +msgid "" +"Please note that several attribute names are reserved by SSSD, notably the " +"<quote>name</quote> attribute. SSSD would report an error if any of the " +"reserved attribute names is used as an extra attribute name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:456 +msgid "ldap_user_extra_attrs = telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:459 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as " +"<quote>telephoneNumber</quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:463 +msgid "ldap_user_extra_attrs = phone:telephoneNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:466 +msgid "" +"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</" +"quote> to the cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:476 +msgid "ldap_user_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:479 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:483 sssd-ldap-attributes.5.xml:963 +msgid "Default: sshPublicKey" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:489 +msgid "ldap_user_fullname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:492 +msgid "The LDAP attribute that corresponds to the user's full name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:502 +msgid "ldap_user_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:505 +msgid "The LDAP attribute that lists the user's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:509 sssd-ldap-attributes.5.xml:950 +msgid "Default: memberOf" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:515 +msgid "ldap_user_authorized_service (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:518 +msgid "" +"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " +"use the presence of the authorizedService attribute in the user's LDAP entry " +"to determine access privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:525 +msgid "" +"An explicit deny (!svc) is resolved first. Second, SSSD searches for " +"explicit allow (svc) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:530 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>authorized_service</quote> in order for the " +"ldap_user_authorized_service option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:537 +msgid "" +"Some distributions (such as Fedora-29+ or RHEL-8) always include the " +"<quote>systemd-user</quote> PAM service as part of the login process. " +"Therefore when using service-based access control, the <quote>systemd-user</" +"quote> service might need to be added to the list of allowed services." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:545 +msgid "Default: authorizedService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:551 +msgid "ldap_user_authorized_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:554 +msgid "" +"If access_provider=ldap and ldap_access_order=host, SSSD will use the " +"presence of the host attribute in the user's LDAP entry to determine access " +"privilege." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:560 +msgid "" +"An explicit deny (!host) is resolved first. Second, SSSD searches for " +"explicit allow (host) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:565 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>host</quote> in order for the " +"ldap_user_authorized_host option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:572 +msgid "Default: host" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:578 +msgid "ldap_user_authorized_rhost (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:581 +msgid "" +"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the " +"presence of the rhost attribute in the user's LDAP entry to determine access " +"privilege. Similarly to host verification process." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:588 +msgid "" +"An explicit deny (!rhost) is resolved first. Second, SSSD searches for " +"explicit allow (rhost) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:593 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>rhost</quote> in order for the " +"ldap_user_authorized_rhost option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:600 +msgid "Default: rhost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:606 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:609 +msgid "Name of the LDAP attribute containing the X509 certificate of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:613 +msgid "Default: userCertificate;binary" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:619 +msgid "ldap_user_email (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:622 +msgid "Name of the LDAP attribute containing the email address of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:626 +msgid "" +"Note: If an email address of a user conflicts with an email address or fully " +"qualified name of another user, then SSSD will not be able to serve those " +"users properly. If for some reason several users need to share the same " +"email address then set this option to a nonexistent attribute name in order " +"to disable user lookup/login by email." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:635 +msgid "Default: mail" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:640 +msgid "ldap_user_passkey (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:643 +msgid "" +"Name of the LDAP attribute containing the passkey mapping data of the user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:647 +msgid "Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:657 +msgid "GROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:661 +msgid "ldap_group_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:664 +msgid "The object class of a group entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:667 +msgid "Default: posixGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:673 +msgid "ldap_group_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:676 +msgid "" +"The LDAP attribute that corresponds to the group name. In an environment " +"with nested groups, this value must be an LDAP attribute which has a unique " +"name for every group. This requirement includes non-POSIX groups in the tree " +"of nested groups." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:684 +msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:691 +msgid "ldap_group_gid_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:694 +msgid "The LDAP attribute that corresponds to the group's id." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:704 +msgid "ldap_group_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:707 +msgid "The LDAP attribute that contains the names of the group's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:711 +msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:717 +msgid "ldap_group_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:720 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:731 +msgid "ldap_group_objectsid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:734 +msgid "" +"The LDAP attribute that contains the objectSID of an LDAP group object. This " +"is usually only necessary for ActiveDirectory servers." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:746 +msgid "ldap_group_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:759 +msgid "ldap_group_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:762 +msgid "" +"The LDAP attribute that contains an integer value indicating the type of the " +"group and maybe other flags." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:767 +msgid "" +"This attribute is currently only used by the AD provider to determine if a " +"group is a domain local groups and has to be filtered out for trusted " +"domains." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:773 +msgid "Default: groupType in the AD provider, otherwise not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:780 +msgid "ldap_group_external_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:783 +msgid "" +"The LDAP attribute that references group members that are defined in an " +"external domain. At the moment, only IPA's external members are supported." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:789 +msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:799 +msgid "NETGROUP ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:803 +msgid "ldap_netgroup_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:806 +msgid "The object class of a netgroup entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:809 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:813 +msgid "Default: nisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:819 +msgid "ldap_netgroup_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:822 +msgid "The LDAP attribute that corresponds to the netgroup name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:826 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:836 +msgid "ldap_netgroup_member (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:839 +msgid "The LDAP attribute that contains the names of the netgroup's members." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:843 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:847 +msgid "Default: memberNisNetgroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:853 +msgid "ldap_netgroup_triple (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:856 +msgid "" +"The LDAP attribute that contains the (host, user, domain) netgroup triples." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:860 sssd-ldap-attributes.5.xml:876 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:863 +msgid "Default: nisNetgroupTriple" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:869 +msgid "ldap_netgroup_modify_timestamp (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:888 +msgid "HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:892 +msgid "ldap_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:895 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:898 sssd-ldap-attributes.5.xml:995 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:904 +msgid "ldap_host_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:907 sssd-ldap-attributes.5.xml:933 +msgid "The LDAP attribute that corresponds to the host's name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:917 +msgid "ldap_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:920 +msgid "" +"The LDAP attribute that corresponds to the host's fully-qualified domain " +"name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:924 +msgid "Default: fqdn" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:930 +msgid "ldap_host_serverhostname (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:937 +msgid "Default: serverHostname" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:943 +msgid "ldap_host_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:946 +msgid "The LDAP attribute that lists the host's group memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:956 +msgid "ldap_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:959 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:969 +msgid "ldap_host_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:972 +msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:985 +msgid "SERVICE ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:989 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:992 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1001 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1004 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1014 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1017 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1021 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1027 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1030 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1034 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1043 +msgid "SUDO ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1047 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1050 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1053 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1059 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1062 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1072 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1075 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1079 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1085 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1088 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1093 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1099 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1102 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1106 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1112 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1115 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1119 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1125 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1128 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1132 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1138 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1141 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1145 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1151 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1154 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1158 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1164 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1167 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1172 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1178 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1181 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1185 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1194 +msgid "AUTOFS ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1201 +msgid "IP HOST ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1205 +msgid "ldap_iphost_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1208 +msgid "The object class of an iphost entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1211 +msgid "Default: ipHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1217 +msgid "ldap_iphost_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1220 +msgid "" +"The LDAP attribute that contains the name of the IP host attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1230 +msgid "ldap_iphost_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1233 +msgid "The LDAP attribute that contains the IP host address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1237 +msgid "Default: ipHostNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap-attributes.5.xml:1246 +msgid "IP NETWORK ATTRIBUTES" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1250 +msgid "ldap_ipnetwork_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1253 +msgid "The object class of an ipnetwork entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1256 +msgid "Default: ipNetwork" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1262 +msgid "ldap_ipnetwork_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1265 +msgid "" +"The LDAP attribute that contains the name of the IP network attributes and " +"their aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap-attributes.5.xml:1275 +msgid "ldap_ipnetwork_number (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1278 +msgid "The LDAP attribute that contains the IP network address." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap-attributes.5.xml:1282 +msgid "Default: ipNetworkNumber" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd_krb5_localauth_plugin.8.xml:10 sssd_krb5_localauth_plugin.8.xml:15 +msgid "sssd_krb5_localauth_plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd_krb5_localauth_plugin.8.xml:16 +msgid "Kerberos local authorization plugin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:22 +msgid "" +"The Kerberos local authorization plugin <command>sssd_krb5_localauth_plugin</" +"command> is used by libkrb5 to either find the local name for a given " +"Kerberos principal or to check if a given local name and a given Kerberos " +"principal relate to each other." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:29 +msgid "" +"SSSD handles the local names for users from a remote source and can read the " +"Kerberos user principal name from the remote source as well. With this " +"information SSSD can easily handle the mappings mentioned above even if the " +"local name and the Kerberos principal differ considerably." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:36 +msgid "" +"Additionally with the information read from the remote source SSSD can help " +"to prevent unexpected or unwanted mappings in case the user part of the " +"Kerberos principal accidentally corresponds to a local name of a different " +"user. By default libkrb5 might just strip the realm part of the Kerberos " +"principal to get the local name which would lead to wrong mappings in this " +"case." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd_krb5_localauth_plugin.8.xml:46 +msgid "CONFIGURATION" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd_krb5_localauth_plugin.8.xml:56 +#, no-wrap +msgid "" +"[plugins]\n" +" localauth = {\n" +" module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so\n" +" }\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_localauth_plugin.8.xml:48 +msgid "" +"The Kerberos local authorization plugin must be enabled explicitly in the " +"Kerberos configuration, see <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. SSSD will create a " +"config snippet with the content like e.g. <placeholder " +"type=\"programlisting\" id=\"0\"/> automatically in the SSSD's public " +"Kerberos configuration snippet directory. If this directory is included in " +"the local Kerberos configuration the plugin will be enabled automatically." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:3 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:6 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:9 +msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:16 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:19 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:22 +msgid "" +"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:29 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:32 +msgid "" +"The object class of an automount entry in LDAP. The entry usually " +"corresponds to a mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:37 +msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:44 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:47 include/autofs_attributes.xml:61 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:51 +msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/autofs_attributes.xml:58 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/autofs_attributes.xml:65 +msgid "" +"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise " +"automountInformation" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/service_discovery.xml:2 +msgid "SERVICE DISCOVERY" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/service_discovery.xml:4 +msgid "" +"The service discovery feature allows back ends to automatically find the " +"appropriate servers to connect to using a special DNS query. This feature is " +"not supported for backup servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 +msgid "Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:11 +msgid "" +"If no servers are specified, the back end automatically uses service " +"discovery to try to find a server. Optionally, the user may choose to use " +"both fixed server addresses and service discovery by inserting a special " +"keyword, <quote>_srv_</quote>, in the list of servers. The order of " +"preference is maintained. This feature is useful if, for example, the user " +"prefers to use service discovery whenever possible, and fall back to a " +"specific server when no servers can be discovered using DNS." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:23 +msgid "The domain name" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:25 +msgid "" +"Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for more details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:35 +msgid "The protocol" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:37 +msgid "" +"The queries usually specify _tcp as the protocol. Exceptions are documented " +"in respective option description." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/service_discovery.xml:42 +msgid "See Also" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/service_discovery.xml:44 +msgid "" +"For more information on the service discovery mechanism, refer to RFC 2782." +msgstr "" + +#. type: Content of: <refentryinfo> +#: include/upstream.xml:2 +msgid "" +"<productname>SSSD</productname> <orgname>The SSSD upstream - https://github." +"com/SSSD/sssd/</orgname>" +msgstr "" + +#. type: Content of: outside any tag (error?) +#: include/upstream.xml:1 +msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/failover.xml:2 +msgid "FAILOVER" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/failover.xml:4 +msgid "" +"The failover feature allows back ends to automatically switch to a different " +"server if the current server fails." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:8 +msgid "Failover Syntax" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:10 +msgid "" +"The list of servers is given as a comma-separated list; any number of spaces " +"is allowed around the comma. The servers are listed in order of preference. " +"The list can contain any number of servers." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:16 +msgid "" +"For each failover-enabled config option, two variants exist: " +"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " +"that servers in the primary list are preferred and backup servers are only " +"searched if no primary servers can be reached. If a backup server is " +"selected, a timeout of 31 seconds is set. After this timeout SSSD will " +"periodically try to reconnect to one of the primary servers. If it succeeds, " +"it will replace the current active (backup) server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:27 +msgid "The Failover Mechanism" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:29 +msgid "" +"The failover mechanism distinguishes between a machine and a service. The " +"back end first tries to resolve the hostname of a given machine; if this " +"resolution attempt fails, the machine is considered offline. No further " +"attempts are made to connect to this machine for any other service. If the " +"resolution attempt succeeds, the back end tries to connect to a service on " +"this machine. If the service connection attempt fails, then only this " +"particular service is considered offline and the back end automatically " +"switches over to the next service. The machine is still considered online " +"and might still be tried for another service." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:42 +msgid "" +"Further connection attempts are made to machines or services marked as " +"offline after a specified period of time; this is currently hard coded to 30 " +"seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:47 +msgid "" +"If there are no more machines to try, the back end as a whole switches to " +"offline mode, and then attempts to reconnect every 30 seconds." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:53 +msgid "Failover time outs and tuning" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:55 +msgid "" +"Resolving a server to connect to can be as simple as running a single DNS " +"query or can involve several steps, such as finding the correct site or " +"trying out multiple host names in case some of the configured servers are " +"not reachable. The more complex scenarios can take some time and SSSD needs " +"to balance between providing enough time to finish the resolution process " +"but on the other hand, not trying for too long before falling back to " +"offline mode. If the SSSD debug logs show that the server resolution is " +"timing out before a live server is contacted, you can consider changing the " +"time outs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:76 +msgid "dns_resolver_server_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:80 +msgid "" +"Time in milliseconds that sets how long would SSSD talk to a single DNS " +"server before trying next one." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:90 +msgid "dns_resolver_op_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:94 +msgid "" +"Time in seconds to tell how long would SSSD try to resolve single DNS query " +"(e.g. resolution of a hostname or an SRV record) before trying the next " +"hostname or discovery domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:106 +msgid "dns_resolver_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:110 +msgid "" +"How long would SSSD try to resolve a failover service. This service " +"resolution internally might include several steps, such as resolving DNS SRV " +"queries or locating the site." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:67 +msgid "" +"This section lists the available tunables. Please refer to their description " +"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:123 +msgid "" +"For LDAP-based providers, the resolve operation is performed as part of an " +"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout</" +"quote> timeout should be set to a larger value than " +"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger " +"value than <quote>dns_resolver_op_timeout</quote> which should be larger " +"than <quote>dns_resolver_server_timeout</quote>." +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ldap_id_mapping.xml:2 +msgid "ID MAPPING" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:4 +msgid "" +"The ID-mapping feature allows SSSD to act as a client of Active Directory " +"without requiring administrators to extend user attributes to support POSIX " +"attributes for user and group identifiers." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:9 +msgid "" +"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " +"ignored. This is to avoid the possibility of conflicts between automatically-" +"assigned and manually-assigned values. If you need to use manually-assigned " +"values, ALL values must be manually-assigned." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:16 +msgid "" +"Please note that changing the ID mapping related configuration options will " +"cause user and group IDs to change. At the moment, SSSD does not support " +"changing IDs, so the SSSD database must be removed. Because cached passwords " +"are also stored in the database, removing the database should only be " +"performed while the authentication servers are reachable, otherwise users " +"might get locked out. In order to cache the password, an authentication must " +"be performed. It is not sufficient to use <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry> to remove the database, rather the process consists of:" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:33 +msgid "Making sure the remote servers are reachable" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:38 +msgid "Stopping the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:43 +msgid "Removing the database" +msgstr "" + +#. type: Content of: <refsect1><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:48 +msgid "Starting the SSSD service" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ldap_id_mapping.xml:52 +msgid "" +"Moreover, as the change of IDs might necessitate the adjustment of other " +"system properties such as file and directory ownership, it's advisable to " +"plan ahead and test the ID mapping configuration thoroughly." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:59 +msgid "Mapping Algorithm" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:61 +msgid "" +"Active Directory provides an objectSID for every user and group object in " +"the directory. This objectSID can be broken up into components that " +"represent the Active Directory domain identity and the relative identifier " +"(RID) of the user or group object." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:67 +msgid "" +"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " +"into equally-sized component sections - called \"slices\"-. Each slice " +"represents the space available to an Active Directory domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:73 +msgid "" +"When a user or group entry for a particular domain is encountered for the " +"first time, the SSSD allocates one of the available slices for that domain. " +"In order to make this slice-assignment repeatable on different client " +"machines, we select the slice based on the following algorithm:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:80 +msgid "" +"The SID string is passed through the murmurhash3 algorithm to convert it to " +"a 32-bit hashed value. We then take the modulus of this value with the total " +"number of available slices to pick the slice." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:86 +msgid "" +"NOTE: It is possible to encounter collisions in the hash and subsequent " +"modulus. In these situations, we will select the next available slice, but " +"it may not be possible to reproduce the same exact set of slices on other " +"machines (since the order that they are encountered will determine their " +"slice). In this situation, it is recommended to either switch to using " +"explicit POSIX attributes in Active Directory (disabling ID-mapping) or " +"configure a default domain to guarantee that at least one is always " +"consistent. See <quote>Configuration</quote> for details." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:101 +msgid "" +"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><programlisting> +#: include/ldap_id_mapping.xml:106 +#, no-wrap +msgid "" +"ldap_id_mapping = True\n" +"ldap_schema = ad\n" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:111 +msgid "" +"The default configuration results in configuring 10,000 slices, each capable " +"of holding up to 200,000 IDs, starting from 200,000 and going up to " +"2,000,200,000. This should be sufficient for most deployments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><title> +#: include/ldap_id_mapping.xml:117 +msgid "Advanced Configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:120 +msgid "ldap_idmap_range_min (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:123 +msgid "" +"Specifies the lower (inclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:129 +msgid "" +"NOTE: This option is different from <quote>min_id</quote> in that " +"<quote>min_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>min_id</" +"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:139 include/ldap_id_mapping.xml:197 +msgid "Default: 200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:144 +msgid "ldap_idmap_range_max (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:147 +msgid "" +"Specifies the upper (exclusive) bound of the range of POSIX IDs to use for " +"mapping Active Directory user and group SIDs. It is the first POSIX ID which " +"cannot be used for the mapping anymore, i.e. one larger than the last one " +"which can be used for the mapping." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:155 +msgid "" +"NOTE: This option is different from <quote>max_id</quote> in that " +"<quote>max_id</quote> acts to filter the output of requests to this domain, " +"whereas this option controls the range of ID assignment. This is a subtle " +"distinction, but the good general advice would be to have <quote>max_id</" +"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:165 +msgid "Default: 2000200000" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:170 +msgid "ldap_idmap_range_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:173 +msgid "" +"Specifies the number of IDs available for each slice. If the range size " +"does not divide evenly into the min and max values, it will create as many " +"complete slices as it can." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:179 +msgid "" +"NOTE: The value of this option must be at least as large as the highest user " +"RID planned for use on the Active Directory server. User lookups and login " +"will fail for any user whose RID is greater than this value." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:185 +msgid "" +"For example, if your most recently-added Active Directory user has " +"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, " +"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is " +"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:192 +msgid "" +"It is important to plan ahead for future expansion, as changing this value " +"will result in changing all of the ID mappings on the system, leading to " +"users with different local IDs than they previously had." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:202 +msgid "ldap_idmap_default_domain_sid (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:205 +msgid "" +"Specify the domain SID of the default domain. This will guarantee that this " +"domain will always be assigned to slice zero in the ID map, bypassing the " +"murmurhash algorithm described above." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:216 +msgid "ldap_idmap_default_domain (string)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:219 +msgid "Specify the name of the default domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:227 +msgid "ldap_idmap_autorid_compat (boolean)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:230 +msgid "" +"Changes the behavior of the ID-mapping algorithm to behave more similarly to " +"winbind's <quote>idmap_autorid</quote> algorithm." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:235 +msgid "" +"When this option is configured, domains will be allocated starting with " +"slice zero and increasing monotonically with each additional domain." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:240 +msgid "" +"NOTE: This algorithm is non-deterministic (it depends on the order that " +"users and groups are requested). If this mode is required for compatibility " +"with machines running winbind, it is recommended to also use the " +"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " +"least one domain is consistently allocated to slice zero." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> +#: include/ldap_id_mapping.xml:255 +msgid "ldap_idmap_helper_table_size (integer)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:258 +msgid "" +"Maximal number of secondary slices that is tried when performing mapping " +"from UNIX id to SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> +#: include/ldap_id_mapping.xml:262 +msgid "" +"Note: Additional secondary slices might be generated when SID is being " +"mapped to UNIX id and RID part of SID is out of range for secondary slices " +"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 " +"then no additional secondary slices are generated." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ldap_id_mapping.xml:279 +msgid "Well-Known SIDs" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:281 +msgid "" +"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a " +"special hardcoded meaning. Since the generic users and groups related to " +"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no " +"POSIX IDs are available for those objects." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:287 +msgid "" +"The SID name space is organized in authorities which can be seen as " +"different domains. The authorities for the Well-Known SIDs are" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:290 +msgid "Null Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:291 +msgid "World Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:292 +msgid "Local Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:293 +msgid "Creator Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:294 +msgid "Mandatory Label Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:295 +msgid "Authentication Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:296 +msgid "NT Authority" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para> +#: include/ldap_id_mapping.xml:297 +msgid "Built-in" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:299 +msgid "" +"The capitalized version of these names are used as domain names when " +"returning the fully qualified name of a Well-Known SID." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/ldap_id_mapping.xml:303 +msgid "" +"Since some utilities allow to modify SID based access control information " +"with the help of a name instead of using the SID directly SSSD supports to " +"look up the SID by the name as well. To avoid collisions only the fully " +"qualified names can be used to look up Well-Known SIDs. As a result the " +"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, " +"<quote>LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, " +"<quote>MANDATORY LABEL AUTHORITY</quote>, <quote>AUTHENTICATION AUTHORITY</" +"quote>, <quote>NT AUTHORITY</quote> and <quote>BUILTIN</quote> should not be " +"used as domain names in <filename>sssd.conf</filename>." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help.xml:3 +msgid "<option>-?</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/param_help.xml:7 include/param_help_py.xml:7 +msgid "Display help message and exit." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/param_help_py.xml:3 +msgid "<option>-h</option>,<option>--help</option>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3 +msgid "" +"SSSD supports two representations for specifying the debug level. The " +"simplest is to specify a decimal value from 0-9, which represents enabling " +"that level and all lower-level debug messages. The more comprehensive option " +"is to specify a hexadecimal bitmask to enable or disable specific levels " +"(such as if you wish to suppress a level)." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:10 +msgid "" +"Please note that each SSSD service logs into its own log file. Also please " +"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> " +"section only enables debugging just for the sssd process itself, not for the " +"responder or provider processes. The <quote>debug_level</quote> parameter " +"should be added to all sections that you wish to produce debug logs from." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:18 +msgid "" +"In addition to changing the log level in the config file using the " +"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD " +"restart, it is also possible to change the debug level on the fly using the " +"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry> tool." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10 +msgid "Currently supported debug levels:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13 +msgid "" +"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " +"Anything that would prevent SSSD from starting up or causes it to cease " +"running." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19 +msgid "" +"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " +"error that doesn't kill SSSD, but one that indicates that at least one major " +"feature is not going to work properly." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26 +msgid "" +"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " +"error announcing that a particular request or operation has failed." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31 +msgid "" +"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " +"are the errors that would percolate down to cause the operation failure of 2." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36 +msgid "" +"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40 +msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44 +msgid "" +"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " +"operation functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48 +msgid "" +"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " +"internal control functions." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53 +msgid "" +"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" +"internal variables that may be interesting." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " +"tracing information." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:81 +msgid "" +"<emphasis>9</emphasis>, <emphasis>0x20000</emphasis>: Performance and " +"statistical data, please note that due to the way requests are processed " +"internally the logged execution time of a request might be longer than it " +"actually was." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:88 include/debug_levels_tools.xml:62 +msgid "" +"<emphasis>10</emphasis>, <emphasis>0x10000</emphasis>: Even more low-level " +"libldb tracing information. Almost never really required." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:93 include/debug_levels_tools.xml:67 +msgid "" +"To log required bitmask debug levels, simply add their numbers together as " +"shown in following examples:" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:97 include/debug_levels_tools.xml:71 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, critical failures, " +"serious failures and function data use 0x0270." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:101 include/debug_levels_tools.xml:75 +msgid "" +"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " +"function data, trace messages for internal control functions use 0x1310." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:106 include/debug_levels_tools.xml:80 +msgid "" +"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " +"in 1.7.0." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/debug_levels.xml:110 include/debug_levels_tools.xml:84 +msgid "" +"<emphasis>Default</emphasis>: 0x0070 (i.e. fatal, critical and serious " +"failures; corresponds to setting 2 in decimal notation)" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/local.xml:2 +msgid "THE LOCAL DOMAIN" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:4 +msgid "" +"In order to function correctly, a domain with <quote>id_provider=local</" +"quote> must be created and the SSSD must be running." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/local.xml:9 +msgid "" +"The administrator might want to use the SSSD local users instead of " +"traditional UNIX users in cases where the group nesting (see <citerefentry> " +"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>) is needed. The local users are also useful for testing and " +"development of the SSSD without having to deploy a full remote server. The " +"<command>sss_user*</command> and <command>sss_group*</command> tools use a " +"local LDB storage to store users and groups." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/seealso.xml:4 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ldap-attributes</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-simple</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd-ipa</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd-ad</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase " +"condition=\"with_files_provider\"> <citerefentry> <refentrytitle>sssd-files</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, </phrase> <phrase " +"condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> " +"<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " +"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " +"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " +"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> " +"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> </phrase>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:3 +msgid "" +"An optional base DN, search scope and LDAP filter to restrict LDAP searches " +"for this attribute type." +msgstr "" + +#. type: Content of: <listitem><para><programlisting> +#: include/ldap_search_bases.xml:9 +#, no-wrap +msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:7 +msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:13 +msgid "" +"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope " +"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/" +"rfc4511" +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:23 +msgid "" +"For examples of this syntax, please refer to the <quote>ldap_search_base</" +"quote> examples section." +msgstr "" + +#. type: Content of: <listitem><para> +#: include/ldap_search_bases.xml:31 +msgid "" +"Please note that specifying scope or filter is not supported for searches " +"against an Active Directory Server that might yield a large number of " +"results and trigger the Range Retrieval extension in the response." +msgstr "" + +#. type: Content of: <para> +#: include/autofs_restart.xml:2 +msgid "" +"Please note that the automounter only reads the master map on startup, so if " +"any autofs-related changes are made to the sssd.conf, you typically also " +"need to restart the automounter daemon after restarting the SSSD." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/override_homedir.xml:2 +msgid "override_homedir (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:16 +msgid "UID number" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:20 +msgid "domain name" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:23 +msgid "%f" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:24 +msgid "fully qualified user name (user@domain)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:27 +msgid "%l" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:28 +msgid "The first letter of the login name." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:32 +msgid "UPN - User Principal Name (name@REALM)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:35 +msgid "%o" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:37 +msgid "The original home directory retrieved from the identity provider." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:44 +msgid "" +"The original home directory retrieved from the identity provider, but in " +"lower case." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> +#: include/override_homedir.xml:49 +msgid "%H" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: include/override_homedir.xml:51 +msgid "The value of configure option <emphasis>homedir_substring</emphasis>." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:5 +msgid "" +"Override the user's home directory. You can either provide an absolute value " +"or a template. In the template, the following sequences are substituted: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:63 +msgid "This option can also be set per-domain." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para><programlisting> +#: include/override_homedir.xml:68 +#, no-wrap +msgid "" +"override_homedir = /home/%u\n" +" " +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:72 +msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/override_homedir.xml:76 +msgid "" +"Please note, the home directory from a specific override for the user, " +"either locally (see <citerefentry><refentrytitle>sss_override</" +"refentrytitle> <manvolnum>8</manvolnum></citerefentry>) or centrally managed " +"IPA id-overrides, has a higher precedence and will be used instead of the " +"value given by override_homedir." +msgstr "" + +#. type: Content of: <varlistentry><term> +#: include/homedir_substring.xml:2 +msgid "homedir_substring (string)" +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:5 +msgid "" +"The value of this option will be used in the expansion of the " +"<emphasis>override_homedir</emphasis> option if the template contains the " +"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly " +"contain this template so that this option can be used to expand the home " +"directory path for each client machine (or operating system). It can be set " +"per-domain or globally in the [nss] section. A value specified in a domain " +"section will override one set in the [nss] section." +msgstr "" + +#. type: Content of: <varlistentry><listitem><para> +#: include/homedir_substring.xml:15 +msgid "Default: /home" +msgstr "" + +#. type: Content of: <refsect1><title> +#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2 +msgid "MODIFIED DEFAULT OPTIONS" +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ad_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and AD provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9 +msgid "KRB5 Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13 +msgid "krb5_validate = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:18 +msgid "krb5_use_enterprise_principal = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:24 +msgid "LDAP Provider" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:28 +msgid "ldap_schema = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38 +msgid "ldap_force_upper_case_realm = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:38 +msgid "ldap_id_mapping = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSS-SPNEGO" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:48 +msgid "ldap_referrals = false" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ad" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58 +msgid "ldap_use_tokengroups = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:63 +msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:66 +msgid "" +"The AD provider looks for a different principal than the LDAP provider by " +"default, because in an Active Directory environment the principals are " +"divided into two groups - User Principals and Service Principals. Only User " +"Principal can be used to obtain a TGT and by default, computer object's " +"principal is constructed from its sAMAccountName and the AD realm. The well-" +"known host/hostname@REALM principal is a Service Principal and thus cannot " +"be used to get a TGT with." +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ad_modified_defaults.xml:80 +msgid "NSS configuration" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:84 +msgid "fallback_homedir = /home/%d/%u" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:87 +msgid "" +"The AD provider automatically sets \"fallback_homedir = /home/%d/%u\" to " +"provide personal home directories for users without the homeDirectory " +"attribute. If your AD Domain is properly populated with Posix attributes, " +"and you want to avoid this fallback behavior, you can explicitly set " +"\"fallback_homedir = %o\"." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:96 +msgid "" +"Note that the system typically expects a home directory in /home/%u folder. " +"If you decide to use a different directory structure, some other parts of " +"your system may need adjustments." +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ad_modified_defaults.xml:102 +msgid "" +"For example automated creation of home directories in combination with " +"selinux requires selinux adjustment, otherwise the home directory will be " +"created with wrong selinux context." +msgstr "" + +#. type: Content of: <refsect1><para> +#: include/ipa_modified_defaults.xml:4 +msgid "" +"Certain option defaults do not match their respective backend provider " +"defaults, these option names and IPA provider-specific defaults are listed " +"below:" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:18 +msgid "krb5_use_fast = try" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:23 +msgid "krb5_canonicalize = true" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:29 +msgid "LDAP Provider - General" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:33 +msgid "ldap_schema = ipa_v1" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:43 +msgid "ldap_sasl_mech = GSSAPI" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:48 +msgid "ldap_sasl_minssf = 56" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:53 +msgid "ldap_account_expire_policy = ipa" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:64 +msgid "LDAP Provider - User options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:68 +msgid "ldap_user_member_of = memberOf" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:73 +msgid "ldap_user_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:78 +msgid "ldap_user_ssh_public_key = ipaSshPubKey" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:83 +msgid "ldap_user_auth_type = ipaUserAuthType" +msgstr "" + +#. type: Content of: <refsect1><refsect2><title> +#: include/ipa_modified_defaults.xml:89 +msgid "LDAP Provider - Group options" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:93 +msgid "ldap_group_object_class = ipaUserGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:98 +msgid "ldap_group_object_class_alt = posixGroup" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:103 +msgid "ldap_group_member = member" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:108 +msgid "ldap_group_uuid = ipaUniqueID" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:113 +msgid "ldap_group_objectsid = ipaNTSecurityIdentifier" +msgstr "" + +#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> +#: include/ipa_modified_defaults.xml:118 +msgid "ldap_group_external_member = ipaExternalMember" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:3 +msgid "krb5_auth_timeout (integer)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:6 +msgid "" +"Timeout in seconds after an online authentication request or change password " +"request is aborted. If possible, the authentication request is continued " +"offline." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:17 +msgid "krb5_validate (boolean)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:20 +msgid "" +"Verify with the help of krb5_keytab that the TGT obtained has not been " +"spoofed. The keytab is checked for entries sequentially, and the first entry " +"with a matching realm is used for validation. If no entry matches the realm, " +"the last entry in the keytab is used. This process can be used to validate " +"environments using cross-realm trust by placing the appropriate keytab entry " +"as the last entry or the only entry in the keytab file." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:29 +msgid "Default: false (IPA and AD provider: true)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:32 +msgid "" +"Please note that the ticket validation is the first step when checking the " +"PAC (see 'pac_check' in the <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page for " +"details). If ticket validation is disabled the PAC checks will be skipped as " +"well." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:44 +msgid "krb5_renewable_lifetime (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:47 +msgid "" +"Request a renewable ticket with a total lifetime, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:52 include/krb5_options.xml:86 +#: include/krb5_options.xml:123 +msgid "<emphasis>s</emphasis> for seconds" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:55 include/krb5_options.xml:89 +#: include/krb5_options.xml:126 +msgid "<emphasis>m</emphasis> for minutes" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:58 include/krb5_options.xml:92 +#: include/krb5_options.xml:129 +msgid "<emphasis>h</emphasis> for hours" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:61 include/krb5_options.xml:95 +#: include/krb5_options.xml:132 +msgid "<emphasis>d</emphasis> for days." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:64 include/krb5_options.xml:135 +msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:68 include/krb5_options.xml:139 +msgid "" +"NOTE: It is not possible to mix units. To set the renewable lifetime to one " +"and a half hours, use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:73 +msgid "Default: not set, i.e. the TGT is not renewable" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:79 +msgid "krb5_lifetime (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:82 +msgid "" +"Request ticket with a lifetime, given as an integer immediately followed by " +"a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:98 +msgid "If there is no unit given <emphasis>s</emphasis> is assumed." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:102 +msgid "" +"NOTE: It is not possible to mix units. To set the lifetime to one and a " +"half hours please use '90m' instead of '1h30m'." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:107 +msgid "" +"Default: not set, i.e. the default ticket lifetime configured on the KDC." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><term> +#: include/krb5_options.xml:114 +msgid "krb5_renew_interval (string)" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:117 +msgid "" +"The time in seconds between two checks if the TGT should be renewed. TGTs " +"are renewed if about half of their lifetime is exceeded, given as an integer " +"immediately followed by a time unit:" +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:144 +msgid "If this option is not set or is 0 the automatic renewal is disabled." +msgstr "" + +#. type: Content of: <variablelist><varlistentry><listitem><para> +#: include/krb5_options.xml:157 +msgid "" +"Specifies if the host and user principal should be canonicalized. This " +"feature is available with MIT Kerberos 1.7 and later versions." +msgstr "" + +#~ msgid "sss_groupmod" +#~ msgstr "sss_groupmod" + +#~ msgid "modify a group" +#~ msgstr "变更一个组" + +#~ msgid "" +#~ "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" +#~ "replaceable>" + +#~ msgid "" +#~ "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +#~ "replaceable>" +#~ msgstr "" +#~ "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" +#~ "replaceable>" + +#~ msgid "" +#~ "Remove this group from groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter." +#~ msgstr "" +#~ "Remove this group from groups specified by the <replaceable>GROUPS</" +#~ "replaceable> parameter." diff --git a/src/man/pt/include/ad_modified_defaults.xml b/src/man/pt/include/ad_modified_defaults.xml new file mode 100644 index 0000000..6ee0537 --- /dev/null +++ b/src/man/pt/include/ad_modified_defaults.xml @@ -0,0 +1,104 @@ +<refsect1 id='modified-default-options'> + <title>MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and AD provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_enterprise_principal = true + + + + + + LDAP Provider + + + + ldap_schema = ad + + + + + ldap_force_upper_case_realm = true + + + + + ldap_id_mapping = true + + + + + ldap_sasl_mech = GSS-SPNEGO + + + + + ldap_referrals = false + + + + + ldap_account_expire_policy = ad + + + + + ldap_use_tokengroups = true + + + + + ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM) + + + The AD provider looks for a different principal than the LDAP provider by +default, because in an Active Directory environment the principals are +divided into two groups - User Principals and Service Principals. Only User +Principal can be used to obtain a TGT and by default, computer object's +principal is constructed from its sAMAccountName and the AD realm. The +well-known host/hostname@REALM principal is a Service Principal and thus +cannot be used to get a TGT with. + + + + + + NSS configuration + + + + fallback_homedir = /home/%d/%u + + + The AD provider automatically sets "fallback_homedir = /home/%d/%u" to +provide personal home directories for users without the homeDirectory +attribute. If your AD Domain is properly populated with Posix attributes, +and you want to avoid this fallback behavior, you can explicitly set +"fallback_homedir = %o". + + + Note that the system typically expects a home directory in /home/%u +folder. If you decide to use a different directory structure, some other +parts of your system may need adjustments. + + + For example automated creation of home directories in combination with +selinux requires selinux adjustment, otherwise the home directory will be +created with wrong selinux context. + + + + + diff --git a/src/man/pt/include/autofs_attributes.xml b/src/man/pt/include/autofs_attributes.xml new file mode 100644 index 0000000..8016b31 --- /dev/null +++ b/src/man/pt/include/autofs_attributes.xml @@ -0,0 +1,66 @@ + + + ldap_autofs_map_object_class (string) + + + The object class of an automount map entry in LDAP. + + + Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap + + + + + + ldap_autofs_map_name (string) + + + The name of an automount map entry in LDAP. + + + Default: nisMapName (rfc2307, autofs_provider=ad), otherwise +automountMapName + + + + + + ldap_autofs_entry_object_class (string) + + + The object class of an automount entry in LDAP. The entry usually +corresponds to a mount point. + + + Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount + + + + + + ldap_autofs_entry_key (string) + + + The key of an automount entry in LDAP. The entry usually corresponds to a +mount point. + + + Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey + + + + + + ldap_autofs_entry_value (string) + + + The key of an automount entry in LDAP. The entry usually corresponds to a +mount point. + + + Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise +automountInformation + + + + diff --git a/src/man/pt/include/autofs_restart.xml b/src/man/pt/include/autofs_restart.xml new file mode 100644 index 0000000..f31efe5 --- /dev/null +++ b/src/man/pt/include/autofs_restart.xml @@ -0,0 +1,5 @@ + + Please note that the automounter only reads the master map on startup, so if +any autofs-related changes are made to the sssd.conf, you typically also +need to restart the automounter daemon after restarting the SSSD. + diff --git a/src/man/pt/include/debug_levels.xml b/src/man/pt/include/debug_levels.xml new file mode 100644 index 0000000..1f51573 --- /dev/null +++ b/src/man/pt/include/debug_levels.xml @@ -0,0 +1,97 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Please note that each SSSD service logs into its own log file. Also please +note that enabling debug_level in the [sssd] +section only enables debugging just for the sssd process itself, not for the +responder or provider processes. The debug_level parameter +should be added to all sections that you wish to produce debug logs from. + + + In addition to changing the log level in the config file using the +debug_level parameter, which is persistent, but requires SSSD +restart, it is also possible to change the debug level on the fly using the + sss_debuglevel +8 tool. + + + Currently supported debug levels: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 9, 0x20000: Performance and +statistical data, please note that due to the way requests are processed +internally the logged execution time of a request might be longer than it +actually was. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Example: To log fatal failures, critical failures, +serious failures and function data use 0x0270. + + + Example: To log fatal failures, configuration settings, +function data, trace messages for internal control functions use 0x1310. + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/pt/include/debug_levels_tools.xml b/src/man/pt/include/debug_levels_tools.xml new file mode 100644 index 0000000..23f2f89 --- /dev/null +++ b/src/man/pt/include/debug_levels_tools.xml @@ -0,0 +1,77 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Currently supported debug levels: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Example: To log fatal failures, critical failures, +serious failures and function data use 0x0270. + + + Example: To log fatal failures, configuration settings, +function data, trace messages for internal control functions use 0x1310. + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/pt/include/failover.xml b/src/man/pt/include/failover.xml new file mode 100644 index 0000000..0c67cf1 --- /dev/null +++ b/src/man/pt/include/failover.xml @@ -0,0 +1,120 @@ + + FAILOVER + + The failover feature allows back ends to automatically switch to a different +server if the current server fails. + + + Failover Syntax + + The list of servers is given as a comma-separated list; any number of spaces +is allowed around the comma. The servers are listed in order of +preference. The list can contain any number of servers. + + + For each failover-enabled config option, two variants exist: +primary and backup. The idea is +that servers in the primary list are preferred and backup servers are only +searched if no primary servers can be reached. If a backup server is +selected, a timeout of 31 seconds is set. After this timeout SSSD will +periodically try to reconnect to one of the primary servers. If it succeeds, +it will replace the current active (backup) server. + + + + The Failover Mechanism + + The failover mechanism distinguishes between a machine and a service. The +back end first tries to resolve the hostname of a given machine; if this +resolution attempt fails, the machine is considered offline. No further +attempts are made to connect to this machine for any other service. If the +resolution attempt succeeds, the back end tries to connect to a service on +this machine. If the service connection attempt fails, then only this +particular service is considered offline and the back end automatically +switches over to the next service. The machine is still considered online +and might still be tried for another service. + + + Further connection attempts are made to machines or services marked as +offline after a specified period of time; this is currently hard coded to 30 +seconds. + + + If there are no more machines to try, the back end as a whole switches to +offline mode, and then attempts to reconnect every 30 seconds. + + + + Failover time outs and tuning + + Resolving a server to connect to can be as simple as running a single DNS +query or can involve several steps, such as finding the correct site or +trying out multiple host names in case some of the configured servers are +not reachable. The more complex scenarios can take some time and SSSD needs +to balance between providing enough time to finish the resolution process +but on the other hand, not trying for too long before falling back to +offline mode. If the SSSD debug logs show that the server resolution is +timing out before a live server is contacted, you can consider changing the +time outs. + + + This section lists the available tunables. Please refer to their description +in the +sssd.conf5 +, manual page. + + + dns_resolver_server_timeout + + + + Time in milliseconds that sets how long would SSSD talk to a single DNS +server before trying next one. + + + Padrão: 1000 + + + + + + dns_resolver_op_timeout + + + + Time in seconds to tell how long would SSSD try to resolve single DNS query +(e.g. resolution of a hostname or an SRV record) before trying the next +hostname or discovery domain. + + + Padrão: 3 + + + + + + dns_resolver_timeout + + + + How long would SSSD try to resolve a failover service. This service +resolution internally might include several steps, such as resolving DNS SRV +queries or locating the site. + + + Padrão: 6 + + + + + + + For LDAP-based providers, the resolve operation is performed as part of an +LDAP connection operation. Therefore, also the +ldap_opt_timeout timeout should be set to a larger value than +dns_resolver_timeout which in turn should be set to a larger +value than dns_resolver_op_timeout which should be larger +than dns_resolver_server_timeout. + + + diff --git a/src/man/pt/include/homedir_substring.xml b/src/man/pt/include/homedir_substring.xml new file mode 100644 index 0000000..d7533de --- /dev/null +++ b/src/man/pt/include/homedir_substring.xml @@ -0,0 +1,17 @@ + + homedir_substring (string) + + + The value of this option will be used in the expansion of the +override_homedir option if the template contains the +format string %H. An LDAP directory entry can directly +contain this template so that this option can be used to expand the home +directory path for each client machine (or operating system). It can be set +per-domain or globally in the [nss] section. A value specified in a domain +section will override one set in the [nss] section. + + + Default: /home + + + diff --git a/src/man/pt/include/ipa_modified_defaults.xml b/src/man/pt/include/ipa_modified_defaults.xml new file mode 100644 index 0000000..4ad4b45 --- /dev/null +++ b/src/man/pt/include/ipa_modified_defaults.xml @@ -0,0 +1,123 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and IPA provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_fast = try + + + + + krb5_canonicalize = true + + + + + + LDAP Provider - General + + + + ldap_schema = ipa_v1 + + + + + ldap_force_upper_case_realm = true + + + + + ldap_sasl_mech = GSSAPI + + + + + ldap_sasl_minssf = 56 + + + + + ldap_account_expire_policy = ipa + + + + + ldap_use_tokengroups = true + + + + + + LDAP Provider - User options + + + + ldap_user_member_of = memberOf + + + + + ldap_user_uuid = ipaUniqueID + + + + + ldap_user_ssh_public_key = ipaSshPubKey + + + + + ldap_user_auth_type = ipaUserAuthType + + + + + + LDAP Provider - Group options + + + + ldap_group_object_class = ipaUserGroup + + + + + ldap_group_object_class_alt = posixGroup + + + + + ldap_group_member = member + + + + + ldap_group_uuid = ipaUniqueID + + + + + ldap_group_objectsid = ipaNTSecurityIdentifier + + + + + ldap_group_external_member = ipaExternalMember + + + + + diff --git a/src/man/pt/include/krb5_options.xml b/src/man/pt/include/krb5_options.xml new file mode 100644 index 0000000..547df6e --- /dev/null +++ b/src/man/pt/include/krb5_options.xml @@ -0,0 +1,153 @@ + + + krb5_auth_timeout (integer) + + + Timeout in seconds after an online authentication request or change password +request is aborted. If possible, the authentication request is continued +offline. + + + Padrão: 6 + + + + + + krb5_validate (boolean) + + + Verify with the help of krb5_keytab that the TGT obtained has not been +spoofed. The keytab is checked for entries sequentially, and the first entry +with a matching realm is used for validation. If no entry matches the realm, +the last entry in the keytab is used. This process can be used to validate +environments using cross-realm trust by placing the appropriate keytab entry +as the last entry or the only entry in the keytab file. + + + Default: false (IPA and AD provider: true) + + + Please note that the ticket validation is the first step when checking the +PAC (see 'pac_check' in the +sssd.conf 5 + manual page for details). If ticket validation is disabled +the PAC checks will be skipped as well. + + + + + + krb5_renewable_lifetime (string) + + + Request a renewable ticket with a total lifetime, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + Padrão: não definido, ou seja, o TGT não é renovável + + + + + + krb5_lifetime (string) + + + Request ticket with a lifetime, given as an integer immediately followed by +a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given s is assumed. + + + NOTE: It is not possible to mix units. To set the lifetime to one and a +half hours please use '90m' instead of '1h30m'. + + + Default: not set, i.e. the default ticket lifetime configured on the KDC. + + + + + + krb5_renew_interval (string) + + + The time in seconds between two checks if the TGT should be renewed. TGTs +are renewed if about half of their lifetime is exceeded, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + If this option is not set or is 0 the automatic renewal is disabled. + + + Default: not set + + + + + + krb5_canonicalize (boolean) + + + Specifies if the host and user principal should be canonicalized. This +feature is available with MIT Kerberos 1.7 and later versions. + + + + Padrão: false + + + + diff --git a/src/man/pt/include/ldap_id_mapping.xml b/src/man/pt/include/ldap_id_mapping.xml new file mode 100644 index 0000000..6173616 --- /dev/null +++ b/src/man/pt/include/ldap_id_mapping.xml @@ -0,0 +1,284 @@ + + ID MAPPING + + The ID-mapping feature allows SSSD to act as a client of Active Directory +without requiring administrators to extend user attributes to support POSIX +attributes for user and group identifiers. + + + NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are +ignored. This is to avoid the possibility of conflicts between +automatically-assigned and manually-assigned values. If you need to use +manually-assigned values, ALL values must be manually-assigned. + + + Please note that changing the ID mapping related configuration options will +cause user and group IDs to change. At the moment, SSSD does not support +changing IDs, so the SSSD database must be removed. Because cached passwords +are also stored in the database, removing the database should only be +performed while the authentication servers are reachable, otherwise users +might get locked out. In order to cache the password, an authentication must +be performed. It is not sufficient to use +sss_cache 8 + to remove the database, rather the process consists of: + + + + Making sure the remote servers are reachable + + + + + Stopping the SSSD service + + + + + Removing the database + + + + + Starting the SSSD service + + + + Moreover, as the change of IDs might necessitate the adjustment of other +system properties such as file and directory ownership, it's advisable to +plan ahead and test the ID mapping configuration thoroughly. + + + + Mapping Algorithm + + Active Directory provides an objectSID for every user and group object in +the directory. This objectSID can be broken up into components that +represent the Active Directory domain identity and the relative identifier +(RID) of the user or group object. + + + The SSSD ID-mapping algorithm takes a range of available UIDs and divides it +into equally-sized component sections - called "slices"-. Each slice +represents the space available to an Active Directory domain. + + + When a user or group entry for a particular domain is encountered for the +first time, the SSSD allocates one of the available slices for that +domain. In order to make this slice-assignment repeatable on different +client machines, we select the slice based on the following algorithm: + + + The SID string is passed through the murmurhash3 algorithm to convert it to +a 32-bit hashed value. We then take the modulus of this value with the total +number of available slices to pick the slice. + + + NOTE: It is possible to encounter collisions in the hash and subsequent +modulus. In these situations, we will select the next available slice, but +it may not be possible to reproduce the same exact set of slices on other +machines (since the order that they are encountered will determine their +slice). In this situation, it is recommended to either switch to using +explicit POSIX attributes in Active Directory (disabling ID-mapping) or +configure a default domain to guarantee that at least one is always +consistent. See Configuration for details. + + + + + Configuração + + Minimum configuration (in the [domain/DOMAINNAME] section): + + + +ldap_id_mapping = True +ldap_schema = ad + + + + The default configuration results in configuring 10,000 slices, each capable +of holding up to 200,000 IDs, starting from 200,000 and going up to +2,000,200,000. This should be sufficient for most deployments. + + + Advanced Configuration + + + ldap_idmap_range_min (integer) + + + Specifies the lower (inclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +can be used for the mapping. + + + NOTE: This option is different from min_id in that +min_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +min_id be less-than or equal to +ldap_idmap_range_min + + + Default: 200000 + + + + + ldap_idmap_range_max (integer) + + + Specifies the upper (exclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +cannot be used for the mapping anymore, i.e. one larger than the last one +which can be used for the mapping. + + + NOTE: This option is different from max_id in that +max_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +max_id be greater-than or equal to +ldap_idmap_range_max + + + Default: 2000200000 + + + + + ldap_idmap_range_size (integer) + + + Specifies the number of IDs available for each slice. If the range size +does not divide evenly into the min and max values, it will create as many +complete slices as it can. + + + NOTE: The value of this option must be at least as large as the highest user +RID planned for use on the Active Directory server. User lookups and login +will fail for any user whose RID is greater than this value. + + + For example, if your most recently-added Active Directory user has +objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, +ldap_idmap_range_size must be at least 1108 as range size is +equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1). + + + It is important to plan ahead for future expansion, as changing this value +will result in changing all of the ID mappings on the system, leading to +users with different local IDs than they previously had. + + + Default: 200000 + + + + + ldap_idmap_default_domain_sid (string) + + + Specify the domain SID of the default domain. This will guarantee that this +domain will always be assigned to slice zero in the ID map, bypassing the +murmurhash algorithm described above. + + + Default: not set + + + + + ldap_idmap_default_domain (string) + + + Specify the name of the default domain. + + + Default: not set + + + + + ldap_idmap_autorid_compat (boolean) + + + Changes the behavior of the ID-mapping algorithm to behave more similarly to +winbind's idmap_autorid algorithm. + + + When this option is configured, domains will be allocated starting with +slice zero and increasing monotonically with each additional domain. + + + NOTE: This algorithm is non-deterministic (it depends on the order that +users and groups are requested). If this mode is required for compatibility +with machines running winbind, it is recommended to also use the +ldap_idmap_default_domain_sid option to guarantee that at +least one domain is consistently allocated to slice zero. + + + Default: False + + + + + ldap_idmap_helper_table_size (integer) + + + Maximal number of secondary slices that is tried when performing mapping +from UNIX id to SID. + + + Note: Additional secondary slices might be generated when SID is being +mapped to UNIX id and RID part of SID is out of range for secondary slices +generated so far. If value of ldap_idmap_helper_table_size is equal to 0 +then no additional secondary slices are generated. + + + Padrão: 10 + + + + + + + + + Well-Known SIDs + + SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a +special hardcoded meaning. Since the generic users and groups related to +those Well-Known SIDs have no equivalent in a Linux/UNIX environment no +POSIX IDs are available for those objects. + + + The SID name space is organized in authorities which can be seen as +different domains. The authorities for the Well-Known SIDs are + + Null Authority + World Authority + Local Authority + Creator Authority + Mandatory Label Authority + Authentication Authority + NT Authority + Built-in + + The capitalized version of these names are used as domain names when +returning the fully qualified name of a Well-Known SID. + + + Since some utilities allow to modify SID based access control information +with the help of a name instead of using the SID directly SSSD supports to +look up the SID by the name as well. To avoid collisions only the fully +qualified names can be used to look up Well-Known SIDs. As a result the +domain names NULL AUTHORITY, WORLD AUTHORITY, +LOCAL AUTHORITY, CREATOR AUTHORITY, +MANDATORY LABEL AUTHORITY, AUTHENTICATION +AUTHORITY, NT AUTHORITY and BUILTIN +should not be used as domain names in sssd.conf. + + + + diff --git a/src/man/pt/include/ldap_search_bases.xml b/src/man/pt/include/ldap_search_bases.xml new file mode 100644 index 0000000..189f862 --- /dev/null +++ b/src/man/pt/include/ldap_search_bases.xml @@ -0,0 +1,31 @@ + + + An optional base DN, search scope and LDAP filter to restrict LDAP searches +for this attribute type. + + + syntax: +search_base[?scope?[filter][?search_base?scope?[filter]]*] + + + + The scope can be one of "base", "onelevel" or "subtree". The scope functions +as specified in section 4.5.1.2 of http://tools.ietf.org/html/rfc4511 + + + The filter must be a valid LDAP search filter as specified by +http://www.ietf.org/rfc/rfc2254.txt + + + For examples of this syntax, please refer to the +ldap_search_base examples section. + + + Default: the value of ldap_search_base + + + Please note that specifying scope or filter is not supported for searches +against an Active Directory Server that might yield a large number of +results and trigger the Range Retrieval extension in the response. + + diff --git a/src/man/pt/include/local.xml b/src/man/pt/include/local.xml new file mode 100644 index 0000000..ce849a3 --- /dev/null +++ b/src/man/pt/include/local.xml @@ -0,0 +1,17 @@ + + THE LOCAL DOMAIN + + In order to function correctly, a domain with +id_provider=local must be created and the SSSD must be +running. + + + The administrator might want to use the SSSD local users instead of +traditional UNIX users in cases where the group nesting (see +sss_groupadd 8 +) is needed. The local users are also useful for testing and +development of the SSSD without having to deploy a full remote server. The +sss_user* and sss_group* tools use a +local LDB storage to store users and groups. + + diff --git a/src/man/pt/include/override_homedir.xml b/src/man/pt/include/override_homedir.xml new file mode 100644 index 0000000..e963219 --- /dev/null +++ b/src/man/pt/include/override_homedir.xml @@ -0,0 +1,78 @@ + +override_homedir (string) + + + Override the user's home directory. You can either provide an absolute value +or a template. In the template, the following sequences are substituted: + + + %u + nome de login + + + %U + Número UID + + + %d + nome de domínio + + + %f + nome totalmente qualificado do utilizador (utilizador@domínio) + + + %l + The first letter of the login name. + + + %P + UPN - User Principal Name (name@REALM) + + + %o + + The original home directory retrieved from the identity provider. + + + + %h + + The original home directory retrieved from the identity provider, but in +lower case. + + + + %H + + The value of configure option homedir_substring. + + + + %% + um literal '%' + + + + + + This option can also be set per-domain. + + + example: +override_homedir = /home/%u + + + + Default: Not set (SSSD will use the value retrieved from LDAP) + + + Please note, the home directory from a specific override for the user, +either locally (see +sss_override +8) or centrally managed IPA +id-overrides, has a higher precedence and will be used instead of the value +given by override_homedir. + + + diff --git a/src/man/pt/include/param_help.xml b/src/man/pt/include/param_help.xml new file mode 100644 index 0000000..3fce9da --- /dev/null +++ b/src/man/pt/include/param_help.xml @@ -0,0 +1,10 @@ + + + , + + + + Exibe a mensagem de ajuda e sai. + + + diff --git a/src/man/pt/include/param_help_py.xml b/src/man/pt/include/param_help_py.xml new file mode 100644 index 0000000..37d99bd --- /dev/null +++ b/src/man/pt/include/param_help_py.xml @@ -0,0 +1,10 @@ + + + , + + + + Exibe a mensagem de ajuda e sai. + + + diff --git a/src/man/pt/include/seealso.xml b/src/man/pt/include/seealso.xml new file mode 100644 index 0000000..62a71f5 --- /dev/null +++ b/src/man/pt/include/seealso.xml @@ -0,0 +1,49 @@ + + VER TAMBÉM + + sssd8 +, +sssd.conf5 +, +sssd-ldap5 +, +sssd-ldap-attributes5 +, +sssd-krb55 +, +sssd-simple5 +, +sssd-ipa5 +, +sssd-ad5 +, +sssd-files5 +, +sssd-sudo 5 +, +sssd-session-recording +5 , +sss_cache8 +, +sss_debuglevel8 +, +sss_obfuscate8 +, +sss_seed8 +, +sssd_krb5_locator_plugin8 +, +sss_ssh_authorizedkeys +8 , +sss_ssh_knownhostsproxy +8 , sssd-ifp +5 , +pam_sss8 +. +sss_rpcidmapd 5 + +sssd-systemtap 5 + + + diff --git a/src/man/pt/include/service_discovery.xml b/src/man/pt/include/service_discovery.xml new file mode 100644 index 0000000..20ded77 --- /dev/null +++ b/src/man/pt/include/service_discovery.xml @@ -0,0 +1,41 @@ + + DESCOBERTA DE SERVIÇOS + + The service discovery feature allows back ends to automatically find the +appropriate servers to connect to using a special DNS query. This feature is +not supported for backup servers. + + + Configuração + + If no servers are specified, the back end automatically uses service +discovery to try to find a server. Optionally, the user may choose to use +both fixed server addresses and service discovery by inserting a special +keyword, _srv_, in the list of servers. The order of +preference is maintained. This feature is useful if, for example, the user +prefers to use service discovery whenever possible, and fall back to a +specific server when no servers can be discovered using DNS. + + + + O nome de domínio + + Please refer to the dns_discovery_domain parameter in the + sssd.conf +5 manual page for more details. + + + + O protocolo + + The queries usually specify _tcp as the protocol. Exceptions are documented +in respective option description. + + + + Ver também + + For more information on the service discovery mechanism, refer to RFC 2782. + + + diff --git a/src/man/pt/include/upstream.xml b/src/man/pt/include/upstream.xml new file mode 100644 index 0000000..2a4ad16 --- /dev/null +++ b/src/man/pt/include/upstream.xml @@ -0,0 +1,3 @@ + +SSSD The SSSD upstream - +https://github.com/SSSD/sssd/ diff --git a/src/man/pt_BR/include/ad_modified_defaults.xml b/src/man/pt_BR/include/ad_modified_defaults.xml new file mode 100644 index 0000000..6ee0537 --- /dev/null +++ b/src/man/pt_BR/include/ad_modified_defaults.xml @@ -0,0 +1,104 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and AD provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_enterprise_principal = true + + + + + + LDAP Provider + + + + ldap_schema = ad + + + + + ldap_force_upper_case_realm = true + + + + + ldap_id_mapping = true + + + + + ldap_sasl_mech = GSS-SPNEGO + + + + + ldap_referrals = false + + + + + ldap_account_expire_policy = ad + + + + + ldap_use_tokengroups = true + + + + + ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM) + + + The AD provider looks for a different principal than the LDAP provider by +default, because in an Active Directory environment the principals are +divided into two groups - User Principals and Service Principals. Only User +Principal can be used to obtain a TGT and by default, computer object's +principal is constructed from its sAMAccountName and the AD realm. The +well-known host/hostname@REALM principal is a Service Principal and thus +cannot be used to get a TGT with. + + + + + + NSS configuration + + + + fallback_homedir = /home/%d/%u + + + The AD provider automatically sets "fallback_homedir = /home/%d/%u" to +provide personal home directories for users without the homeDirectory +attribute. If your AD Domain is properly populated with Posix attributes, +and you want to avoid this fallback behavior, you can explicitly set +"fallback_homedir = %o". + + + Note that the system typically expects a home directory in /home/%u +folder. If you decide to use a different directory structure, some other +parts of your system may need adjustments. + + + For example automated creation of home directories in combination with +selinux requires selinux adjustment, otherwise the home directory will be +created with wrong selinux context. + + + + + diff --git a/src/man/pt_BR/include/autofs_attributes.xml b/src/man/pt_BR/include/autofs_attributes.xml new file mode 100644 index 0000000..8016b31 --- /dev/null +++ b/src/man/pt_BR/include/autofs_attributes.xml @@ -0,0 +1,66 @@ + + + ldap_autofs_map_object_class (string) + + + The object class of an automount map entry in LDAP. + + + Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap + + + + + + ldap_autofs_map_name (string) + + + The name of an automount map entry in LDAP. + + + Default: nisMapName (rfc2307, autofs_provider=ad), otherwise +automountMapName + + + + + + ldap_autofs_entry_object_class (string) + + + The object class of an automount entry in LDAP. The entry usually +corresponds to a mount point. + + + Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount + + + + + + ldap_autofs_entry_key (string) + + + The key of an automount entry in LDAP. The entry usually corresponds to a +mount point. + + + Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey + + + + + + ldap_autofs_entry_value (string) + + + The key of an automount entry in LDAP. The entry usually corresponds to a +mount point. + + + Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise +automountInformation + + + + diff --git a/src/man/pt_BR/include/autofs_restart.xml b/src/man/pt_BR/include/autofs_restart.xml new file mode 100644 index 0000000..f31efe5 --- /dev/null +++ b/src/man/pt_BR/include/autofs_restart.xml @@ -0,0 +1,5 @@ + + Please note that the automounter only reads the master map on startup, so if +any autofs-related changes are made to the sssd.conf, you typically also +need to restart the automounter daemon after restarting the SSSD. + diff --git a/src/man/pt_BR/include/debug_levels.xml b/src/man/pt_BR/include/debug_levels.xml new file mode 100644 index 0000000..1f51573 --- /dev/null +++ b/src/man/pt_BR/include/debug_levels.xml @@ -0,0 +1,97 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Please note that each SSSD service logs into its own log file. Also please +note that enabling debug_level in the [sssd] +section only enables debugging just for the sssd process itself, not for the +responder or provider processes. The debug_level parameter +should be added to all sections that you wish to produce debug logs from. + + + In addition to changing the log level in the config file using the +debug_level parameter, which is persistent, but requires SSSD +restart, it is also possible to change the debug level on the fly using the + sss_debuglevel +8 tool. + + + Currently supported debug levels: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 9, 0x20000: Performance and +statistical data, please note that due to the way requests are processed +internally the logged execution time of a request might be longer than it +actually was. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Example: To log fatal failures, critical failures, +serious failures and function data use 0x0270. + + + Example: To log fatal failures, configuration settings, +function data, trace messages for internal control functions use 0x1310. + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/pt_BR/include/debug_levels_tools.xml b/src/man/pt_BR/include/debug_levels_tools.xml new file mode 100644 index 0000000..23f2f89 --- /dev/null +++ b/src/man/pt_BR/include/debug_levels_tools.xml @@ -0,0 +1,77 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Currently supported debug levels: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Example: To log fatal failures, critical failures, +serious failures and function data use 0x0270. + + + Example: To log fatal failures, configuration settings, +function data, trace messages for internal control functions use 0x1310. + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/pt_BR/include/failover.xml b/src/man/pt_BR/include/failover.xml new file mode 100644 index 0000000..c1835eb --- /dev/null +++ b/src/man/pt_BR/include/failover.xml @@ -0,0 +1,120 @@ + + FAILOVER + + The failover feature allows back ends to automatically switch to a different +server if the current server fails. + + + Failover Syntax + + The list of servers is given as a comma-separated list; any number of spaces +is allowed around the comma. The servers are listed in order of +preference. The list can contain any number of servers. + + + For each failover-enabled config option, two variants exist: +primary and backup. The idea is +that servers in the primary list are preferred and backup servers are only +searched if no primary servers can be reached. If a backup server is +selected, a timeout of 31 seconds is set. After this timeout SSSD will +periodically try to reconnect to one of the primary servers. If it succeeds, +it will replace the current active (backup) server. + + + + The Failover Mechanism + + The failover mechanism distinguishes between a machine and a service. The +back end first tries to resolve the hostname of a given machine; if this +resolution attempt fails, the machine is considered offline. No further +attempts are made to connect to this machine for any other service. If the +resolution attempt succeeds, the back end tries to connect to a service on +this machine. If the service connection attempt fails, then only this +particular service is considered offline and the back end automatically +switches over to the next service. The machine is still considered online +and might still be tried for another service. + + + Further connection attempts are made to machines or services marked as +offline after a specified period of time; this is currently hard coded to 30 +seconds. + + + If there are no more machines to try, the back end as a whole switches to +offline mode, and then attempts to reconnect every 30 seconds. + + + + Failover time outs and tuning + + Resolving a server to connect to can be as simple as running a single DNS +query or can involve several steps, such as finding the correct site or +trying out multiple host names in case some of the configured servers are +not reachable. The more complex scenarios can take some time and SSSD needs +to balance between providing enough time to finish the resolution process +but on the other hand, not trying for too long before falling back to +offline mode. If the SSSD debug logs show that the server resolution is +timing out before a live server is contacted, you can consider changing the +time outs. + + + This section lists the available tunables. Please refer to their description +in the +sssd.conf5 +, manual page. + + + dns_resolver_server_timeout + + + + Time in milliseconds that sets how long would SSSD talk to a single DNS +server before trying next one. + + + Default: 1000 + + + + + + dns_resolver_op_timeout + + + + Time in seconds to tell how long would SSSD try to resolve single DNS query +(e.g. resolution of a hostname or an SRV record) before trying the next +hostname or discovery domain. + + + Default: 3 + + + + + + dns_resolver_timeout + + + + How long would SSSD try to resolve a failover service. This service +resolution internally might include several steps, such as resolving DNS SRV +queries or locating the site. + + + Default: 6 + + + + + + + For LDAP-based providers, the resolve operation is performed as part of an +LDAP connection operation. Therefore, also the +ldap_opt_timeout timeout should be set to a larger value than +dns_resolver_timeout which in turn should be set to a larger +value than dns_resolver_op_timeout which should be larger +than dns_resolver_server_timeout. + + + diff --git a/src/man/pt_BR/include/homedir_substring.xml b/src/man/pt_BR/include/homedir_substring.xml new file mode 100644 index 0000000..d7533de --- /dev/null +++ b/src/man/pt_BR/include/homedir_substring.xml @@ -0,0 +1,17 @@ + + homedir_substring (string) + + + The value of this option will be used in the expansion of the +override_homedir option if the template contains the +format string %H. An LDAP directory entry can directly +contain this template so that this option can be used to expand the home +directory path for each client machine (or operating system). It can be set +per-domain or globally in the [nss] section. A value specified in a domain +section will override one set in the [nss] section. + + + Default: /home + + + diff --git a/src/man/pt_BR/include/ipa_modified_defaults.xml b/src/man/pt_BR/include/ipa_modified_defaults.xml new file mode 100644 index 0000000..4ad4b45 --- /dev/null +++ b/src/man/pt_BR/include/ipa_modified_defaults.xml @@ -0,0 +1,123 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and IPA provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_fast = try + + + + + krb5_canonicalize = true + + + + + + LDAP Provider - General + + + + ldap_schema = ipa_v1 + + + + + ldap_force_upper_case_realm = true + + + + + ldap_sasl_mech = GSSAPI + + + + + ldap_sasl_minssf = 56 + + + + + ldap_account_expire_policy = ipa + + + + + ldap_use_tokengroups = true + + + + + + LDAP Provider - User options + + + + ldap_user_member_of = memberOf + + + + + ldap_user_uuid = ipaUniqueID + + + + + ldap_user_ssh_public_key = ipaSshPubKey + + + + + ldap_user_auth_type = ipaUserAuthType + + + + + + LDAP Provider - Group options + + + + ldap_group_object_class = ipaUserGroup + + + + + ldap_group_object_class_alt = posixGroup + + + + + ldap_group_member = member + + + + + ldap_group_uuid = ipaUniqueID + + + + + ldap_group_objectsid = ipaNTSecurityIdentifier + + + + + ldap_group_external_member = ipaExternalMember + + + + + diff --git a/src/man/pt_BR/include/krb5_options.xml b/src/man/pt_BR/include/krb5_options.xml new file mode 100644 index 0000000..e13ba89 --- /dev/null +++ b/src/man/pt_BR/include/krb5_options.xml @@ -0,0 +1,153 @@ + + + krb5_auth_timeout (integer) + + + Timeout in seconds after an online authentication request or change password +request is aborted. If possible, the authentication request is continued +offline. + + + Default: 6 + + + + + + krb5_validate (boolean) + + + Verify with the help of krb5_keytab that the TGT obtained has not been +spoofed. The keytab is checked for entries sequentially, and the first entry +with a matching realm is used for validation. If no entry matches the realm, +the last entry in the keytab is used. This process can be used to validate +environments using cross-realm trust by placing the appropriate keytab entry +as the last entry or the only entry in the keytab file. + + + Default: false (IPA and AD provider: true) + + + Please note that the ticket validation is the first step when checking the +PAC (see 'pac_check' in the +sssd.conf 5 + manual page for details). If ticket validation is disabled +the PAC checks will be skipped as well. + + + + + + krb5_renewable_lifetime (string) + + + Request a renewable ticket with a total lifetime, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + Default: not set, i.e. the TGT is not renewable + + + + + + krb5_lifetime (string) + + + Request ticket with a lifetime, given as an integer immediately followed by +a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given s is assumed. + + + NOTE: It is not possible to mix units. To set the lifetime to one and a +half hours please use '90m' instead of '1h30m'. + + + Default: not set, i.e. the default ticket lifetime configured on the KDC. + + + + + + krb5_renew_interval (string) + + + The time in seconds between two checks if the TGT should be renewed. TGTs +are renewed if about half of their lifetime is exceeded, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + If this option is not set or is 0 the automatic renewal is disabled. + + + Default: not set + + + + + + krb5_canonicalize (boolean) + + + Specifies if the host and user principal should be canonicalized. This +feature is available with MIT Kerberos 1.7 and later versions. + + + + Default: false + + + + diff --git a/src/man/pt_BR/include/ldap_id_mapping.xml b/src/man/pt_BR/include/ldap_id_mapping.xml new file mode 100644 index 0000000..f80be8d --- /dev/null +++ b/src/man/pt_BR/include/ldap_id_mapping.xml @@ -0,0 +1,284 @@ + + ID MAPPING + + The ID-mapping feature allows SSSD to act as a client of Active Directory +without requiring administrators to extend user attributes to support POSIX +attributes for user and group identifiers. + + + NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are +ignored. This is to avoid the possibility of conflicts between +automatically-assigned and manually-assigned values. If you need to use +manually-assigned values, ALL values must be manually-assigned. + + + Please note that changing the ID mapping related configuration options will +cause user and group IDs to change. At the moment, SSSD does not support +changing IDs, so the SSSD database must be removed. Because cached passwords +are also stored in the database, removing the database should only be +performed while the authentication servers are reachable, otherwise users +might get locked out. In order to cache the password, an authentication must +be performed. It is not sufficient to use +sss_cache 8 + to remove the database, rather the process consists of: + + + + Making sure the remote servers are reachable + + + + + Stopping the SSSD service + + + + + Removing the database + + + + + Starting the SSSD service + + + + Moreover, as the change of IDs might necessitate the adjustment of other +system properties such as file and directory ownership, it's advisable to +plan ahead and test the ID mapping configuration thoroughly. + + + + Mapping Algorithm + + Active Directory provides an objectSID for every user and group object in +the directory. This objectSID can be broken up into components that +represent the Active Directory domain identity and the relative identifier +(RID) of the user or group object. + + + The SSSD ID-mapping algorithm takes a range of available UIDs and divides it +into equally-sized component sections - called "slices"-. Each slice +represents the space available to an Active Directory domain. + + + When a user or group entry for a particular domain is encountered for the +first time, the SSSD allocates one of the available slices for that +domain. In order to make this slice-assignment repeatable on different +client machines, we select the slice based on the following algorithm: + + + The SID string is passed through the murmurhash3 algorithm to convert it to +a 32-bit hashed value. We then take the modulus of this value with the total +number of available slices to pick the slice. + + + NOTE: It is possible to encounter collisions in the hash and subsequent +modulus. In these situations, we will select the next available slice, but +it may not be possible to reproduce the same exact set of slices on other +machines (since the order that they are encountered will determine their +slice). In this situation, it is recommended to either switch to using +explicit POSIX attributes in Active Directory (disabling ID-mapping) or +configure a default domain to guarantee that at least one is always +consistent. See Configuration for details. + + + + + Configuration + + Minimum configuration (in the [domain/DOMAINNAME] section): + + + +ldap_id_mapping = True +ldap_schema = ad + + + + The default configuration results in configuring 10,000 slices, each capable +of holding up to 200,000 IDs, starting from 200,000 and going up to +2,000,200,000. This should be sufficient for most deployments. + + + Advanced Configuration + + + ldap_idmap_range_min (integer) + + + Specifies the lower (inclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +can be used for the mapping. + + + NOTE: This option is different from min_id in that +min_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +min_id be less-than or equal to +ldap_idmap_range_min + + + Default: 200000 + + + + + ldap_idmap_range_max (integer) + + + Specifies the upper (exclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +cannot be used for the mapping anymore, i.e. one larger than the last one +which can be used for the mapping. + + + NOTE: This option is different from max_id in that +max_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +max_id be greater-than or equal to +ldap_idmap_range_max + + + Default: 2000200000 + + + + + ldap_idmap_range_size (integer) + + + Specifies the number of IDs available for each slice. If the range size +does not divide evenly into the min and max values, it will create as many +complete slices as it can. + + + NOTE: The value of this option must be at least as large as the highest user +RID planned for use on the Active Directory server. User lookups and login +will fail for any user whose RID is greater than this value. + + + For example, if your most recently-added Active Directory user has +objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, +ldap_idmap_range_size must be at least 1108 as range size is +equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1). + + + It is important to plan ahead for future expansion, as changing this value +will result in changing all of the ID mappings on the system, leading to +users with different local IDs than they previously had. + + + Default: 200000 + + + + + ldap_idmap_default_domain_sid (string) + + + Specify the domain SID of the default domain. This will guarantee that this +domain will always be assigned to slice zero in the ID map, bypassing the +murmurhash algorithm described above. + + + Default: not set + + + + + ldap_idmap_default_domain (string) + + + Specify the name of the default domain. + + + Default: not set + + + + + ldap_idmap_autorid_compat (boolean) + + + Changes the behavior of the ID-mapping algorithm to behave more similarly to +winbind's idmap_autorid algorithm. + + + When this option is configured, domains will be allocated starting with +slice zero and increasing monotonically with each additional domain. + + + NOTE: This algorithm is non-deterministic (it depends on the order that +users and groups are requested). If this mode is required for compatibility +with machines running winbind, it is recommended to also use the +ldap_idmap_default_domain_sid option to guarantee that at +least one domain is consistently allocated to slice zero. + + + Default: False + + + + + ldap_idmap_helper_table_size (integer) + + + Maximal number of secondary slices that is tried when performing mapping +from UNIX id to SID. + + + Note: Additional secondary slices might be generated when SID is being +mapped to UNIX id and RID part of SID is out of range for secondary slices +generated so far. If value of ldap_idmap_helper_table_size is equal to 0 +then no additional secondary slices are generated. + + + Default: 10 + + + + + + + + + Well-Known SIDs + + SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a +special hardcoded meaning. Since the generic users and groups related to +those Well-Known SIDs have no equivalent in a Linux/UNIX environment no +POSIX IDs are available for those objects. + + + The SID name space is organized in authorities which can be seen as +different domains. The authorities for the Well-Known SIDs are + + Null Authority + World Authority + Local Authority + Creator Authority + Mandatory Label Authority + Authentication Authority + NT Authority + Built-in + + The capitalized version of these names are used as domain names when +returning the fully qualified name of a Well-Known SID. + + + Since some utilities allow to modify SID based access control information +with the help of a name instead of using the SID directly SSSD supports to +look up the SID by the name as well. To avoid collisions only the fully +qualified names can be used to look up Well-Known SIDs. As a result the +domain names NULL AUTHORITY, WORLD AUTHORITY, +LOCAL AUTHORITY, CREATOR AUTHORITY, +MANDATORY LABEL AUTHORITY, AUTHENTICATION +AUTHORITY, NT AUTHORITY and BUILTIN +should not be used as domain names in sssd.conf. + + + + diff --git a/src/man/pt_BR/include/ldap_search_bases.xml b/src/man/pt_BR/include/ldap_search_bases.xml new file mode 100644 index 0000000..189f862 --- /dev/null +++ b/src/man/pt_BR/include/ldap_search_bases.xml @@ -0,0 +1,31 @@ + + + An optional base DN, search scope and LDAP filter to restrict LDAP searches +for this attribute type. + + + syntax: +search_base[?scope?[filter][?search_base?scope?[filter]]*] + + + + The scope can be one of "base", "onelevel" or "subtree". The scope functions +as specified in section 4.5.1.2 of http://tools.ietf.org/html/rfc4511 + + + The filter must be a valid LDAP search filter as specified by +http://www.ietf.org/rfc/rfc2254.txt + + + For examples of this syntax, please refer to the +ldap_search_base examples section. + + + Default: the value of ldap_search_base + + + Please note that specifying scope or filter is not supported for searches +against an Active Directory Server that might yield a large number of +results and trigger the Range Retrieval extension in the response. + + diff --git a/src/man/pt_BR/include/local.xml b/src/man/pt_BR/include/local.xml new file mode 100644 index 0000000..ce849a3 --- /dev/null +++ b/src/man/pt_BR/include/local.xml @@ -0,0 +1,17 @@ + + THE LOCAL DOMAIN + + In order to function correctly, a domain with +id_provider=local must be created and the SSSD must be +running. + + + The administrator might want to use the SSSD local users instead of +traditional UNIX users in cases where the group nesting (see +sss_groupadd 8 +) is needed. The local users are also useful for testing and +development of the SSSD without having to deploy a full remote server. The +sss_user* and sss_group* tools use a +local LDB storage to store users and groups. + + diff --git a/src/man/pt_BR/include/override_homedir.xml b/src/man/pt_BR/include/override_homedir.xml new file mode 100644 index 0000000..68a1c5e --- /dev/null +++ b/src/man/pt_BR/include/override_homedir.xml @@ -0,0 +1,78 @@ + +override_homedir (string) + + + Override the user's home directory. You can either provide an absolute value +or a template. In the template, the following sequences are substituted: + + + %u + login name + + + %U + UID number + + + %d + domain name + + + %f + fully qualified user name (user@domain) + + + %l + The first letter of the login name. + + + %P + UPN - User Principal Name (name@REALM) + + + %o + + The original home directory retrieved from the identity provider. + + + + %h + + The original home directory retrieved from the identity provider, but in +lower case. + + + + %H + + The value of configure option homedir_substring. + + + + %% + a literal '%' + + + + + + This option can also be set per-domain. + + + example: +override_homedir = /home/%u + + + + Default: Not set (SSSD will use the value retrieved from LDAP) + + + Please note, the home directory from a specific override for the user, +either locally (see +sss_override +8) or centrally managed IPA +id-overrides, has a higher precedence and will be used instead of the value +given by override_homedir. + + + diff --git a/src/man/pt_BR/include/param_help.xml b/src/man/pt_BR/include/param_help.xml new file mode 100644 index 0000000..d28020b --- /dev/null +++ b/src/man/pt_BR/include/param_help.xml @@ -0,0 +1,10 @@ + + + , + + + + Display help message and exit. + + + diff --git a/src/man/pt_BR/include/param_help_py.xml b/src/man/pt_BR/include/param_help_py.xml new file mode 100644 index 0000000..a2478bf --- /dev/null +++ b/src/man/pt_BR/include/param_help_py.xml @@ -0,0 +1,10 @@ + + + , + + + + Display help message and exit. + + + diff --git a/src/man/pt_BR/include/seealso.xml b/src/man/pt_BR/include/seealso.xml new file mode 100644 index 0000000..1a8ed32 --- /dev/null +++ b/src/man/pt_BR/include/seealso.xml @@ -0,0 +1,49 @@ + + SEE ALSO + + sssd8 +, +sssd.conf5 +, +sssd-ldap5 +, +sssd-ldap-attributes5 +, +sssd-krb55 +, +sssd-simple5 +, +sssd-ipa5 +, +sssd-ad5 +, +sssd-files5 +, +sssd-sudo 5 +, +sssd-session-recording +5 , +sss_cache8 +, +sss_debuglevel8 +, +sss_obfuscate8 +, +sss_seed8 +, +sssd_krb5_locator_plugin8 +, +sss_ssh_authorizedkeys +8 , +sss_ssh_knownhostsproxy +8 , sssd-ifp +5 , +pam_sss8 +. +sss_rpcidmapd 5 + +sssd-systemtap 5 + + + diff --git a/src/man/pt_BR/include/service_discovery.xml b/src/man/pt_BR/include/service_discovery.xml new file mode 100644 index 0000000..2e417a9 --- /dev/null +++ b/src/man/pt_BR/include/service_discovery.xml @@ -0,0 +1,41 @@ + + SERVICE DISCOVERY + + The service discovery feature allows back ends to automatically find the +appropriate servers to connect to using a special DNS query. This feature is +not supported for backup servers. + + + Configuration + + If no servers are specified, the back end automatically uses service +discovery to try to find a server. Optionally, the user may choose to use +both fixed server addresses and service discovery by inserting a special +keyword, _srv_, in the list of servers. The order of +preference is maintained. This feature is useful if, for example, the user +prefers to use service discovery whenever possible, and fall back to a +specific server when no servers can be discovered using DNS. + + + + The domain name + + Please refer to the dns_discovery_domain parameter in the + sssd.conf +5 manual page for more details. + + + + The protocol + + The queries usually specify _tcp as the protocol. Exceptions are documented +in respective option description. + + + + See Also + + For more information on the service discovery mechanism, refer to RFC 2782. + + + diff --git a/src/man/pt_BR/include/upstream.xml b/src/man/pt_BR/include/upstream.xml new file mode 100644 index 0000000..2a4ad16 --- /dev/null +++ b/src/man/pt_BR/include/upstream.xml @@ -0,0 +1,3 @@ + +SSSD The SSSD upstream - +https://github.com/SSSD/sssd/ diff --git a/src/man/ru/idmap_sss.8.xml b/src/man/ru/idmap_sss.8.xml new file mode 100644 index 0000000..7808252 --- /dev/null +++ b/src/man/ru/idmap_sss.8.xml @@ -0,0 +1,77 @@ + + + +Справка по SSSD + + + + + idmap_sss + 8 + + + + idmap_sss + Внутренний сервер idmap_sss SSSD для Winbind + + + + ОПИСАНИЕ + + Модуль idmap_sss предоставляет способ вызова SSSD для сопоставления UID/GID +и SID. В этом случае не нужна база данных, потому что сопоставление +выполняет SSSD. + + + + + ПАРАМЕТРЫ IDMAP + + + + range = low - high + + Определяет доступный совпадающий диапазон UID и GID, для которого является +полномочным внутренний сервер. + + + + + + + ПРИМЕРЫ + + В этом примере показано, как настроить idmap_sss в качестве модуля +сопоставления по умолчанию. + + + +[global] +security = ads +workgroup = <AD-DOMAIN-SHORTNAME> + +idmap config <AD-DOMAIN-SHORTNAME> : backend = sss +idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647 + +idmap config * : backend = tdb +idmap config * : range = 100000-199999 + + + + Замените <AD-DOMAIN-SHORTNAME> на имя NetBIOS домена AD. Если следует +использовать несколько доменов AD, для каждого из них необходимо указать +строку idmap config с backend = sss и +строку с подходящим range. + + + Так как для Winbind требуется внутренний сервер по умолчанию, который +доступен для записи, а idmap_sss доступен только для чтения, в примере в +качестве значения по умолчанию указано backend = tdb. + + + + + + + diff --git a/src/man/ru/include/ad_modified_defaults.xml b/src/man/ru/include/ad_modified_defaults.xml new file mode 100644 index 0000000..be4decf --- /dev/null +++ b/src/man/ru/include/ad_modified_defaults.xml @@ -0,0 +1,106 @@ + + ИЗМЕНЁННЫЕ СТАНДАРТНЫЕ ПАРАМЕТРЫ + + Некоторые стандартные значения параметров не соответствуют стандартным +значениям параметров соответствующего внутреннего поставщика данных. Имена +этих параметров и специфичные для поставщика данных AD стандартные значения +параметров перечислены ниже: + + + Поставщик данных KRB5 + + + + krb5_validate = true + + + + + krb5_use_enterprise_principal = true + + + + + + Поставщик данных LDAP + + + + ldap_schema = ad + + + + + ldap_force_upper_case_realm = true + + + + + ldap_id_mapping = true + + + + + ldap_sasl_mech = GSS-SPNEGO + + + + + ldap_referrals = false + + + + + ldap_account_expire_policy = ad + + + + + ldap_use_tokengroups = true + + + + + ldap_sasl_authid = sAMAccountName@REALM (обычно SHORTNAME$@REALM) + + + Поставщик данных AD по умолчанию выполняет поиск других записей участников, +чем поставщик LDAP, потому что в окружении Active Directory участники +делятся на две группы: участники-пользователи и участники-службы. Для +получения TGT может использоваться только запись участника-пользователя, и +по умолчанию записи участников — объектов компьютеров создаются из их +sAMAccountName и области AD. Известный участник host/hostname@REALM является +участником-службой и, следовательно, не может использоваться для получения +TGT. + + + + + + Настройка NSS + + + + fallback_homedir = /home/%d/%u + + + Поставщик данных AD автоматически устанавливает «fallback_homedir = +/home/%d/%u», чтобы предоставить личные домашние каталоги для пользователей +без атрибута homeDirectory. Если домен AD надлежащим образом заполнен +атрибутами POSIX и требуется предотвратить такое поведение в качестве +резервного, можно явно указать «fallback_homedir = %o». + + + Обратите внимание: система обычно ожидает, что домашний каталог будет в +папке /home/%u. Если принято решение использовать другую структуру каталога, +может потребоваться настроить некоторые другие части системы. + + + Например, автоматическое создание домашних каталогов в сочетании с SELinux +потребует настройки параметров SELinux; в ином случае домашний каталог будет +создан с неверным контекстом SELinux. + + + + + diff --git a/src/man/ru/include/autofs_attributes.xml b/src/man/ru/include/autofs_attributes.xml new file mode 100644 index 0000000..e46246f --- /dev/null +++ b/src/man/ru/include/autofs_attributes.xml @@ -0,0 +1,68 @@ + + + ldap_autofs_map_object_class (строка) + + + Класс объектов записи карты автоматического монтирования в LDAP. + + + По умолчанию: nisMap (rfc2307, autofs_provider=ad), в ином случае — +automountMap + + + + + + ldap_autofs_map_name (строка) + + + Имя записи карты автоматического монтирования в LDAP. + + + По умолчанию: nisMapName (rfc2307, autofs_provider=ad), в ином случае — +automountMapName + + + + + + ldap_autofs_entry_object_class (строка) + + + Класс объектов записи автоматического монтирования в LDAP. Запись обычно +соответствует точке монтирования. + + + По умолчанию: nisObject (rfc2307, autofs_provider=ad), в ином случае — +automount + + + + + + ldap_autofs_entry_key (строка) + + + Ключ записи автоматического монтирования в LDAP. Запись обычно соответствует +точке монтирования. + + + По умолчанию: cn (rfc2307, autofs_provider=ad), в ином случае — automountKey + + + + + + ldap_autofs_entry_value (строка) + + + Ключ записи автоматического монтирования в LDAP. Запись обычно соответствует +точке монтирования. + + + По умолчанию: nisMapEntry (rfc2307, autofs_provider=ad), в ином случае — +automountInformation + + + + diff --git a/src/man/ru/include/autofs_restart.xml b/src/man/ru/include/autofs_restart.xml new file mode 100644 index 0000000..5530feb --- /dev/null +++ b/src/man/ru/include/autofs_restart.xml @@ -0,0 +1,7 @@ + + Следует учитывать, что средство автоматического монтирования выполняет +чтение основной карты только при запуске, поэтому в случае внесения +каких-либо изменений, связанных с autofs, в файл sssd.conf, обычно также +потребуется перезапустить внутреннюю службу автоматического монтирования +после перезапуска SSSD. + diff --git a/src/man/ru/include/debug_levels.xml b/src/man/ru/include/debug_levels.xml new file mode 100644 index 0000000..6450863 --- /dev/null +++ b/src/man/ru/include/debug_levels.xml @@ -0,0 +1,104 @@ + + + В SSSD предусмотрены два представления для указания уровня отладки. Более +простое представление позволяет указать десятичное значение в диапазоне от 0 +до 9, которое будет включать соответствующий уровень и все более низкие +уровни сообщений отладки. Более сложное представление позволяет указать +шестнадцатеричную битовую маску для включения или отключения (подавления) +отдельных уровней. + + + Обратите внимание, что каждая служба SSSD ведёт журнал в своём собственном +файле. Также следует учитывать, что включение параметра +debug_level в разделе [sssd] включает отладку +только для самого процесса sssd, а не для процессов ответчика или поставщика +данных. Параметр debug_level следует добавить во все разделы, +для которых требуется создать журналы отладки. + + + Уровень отладки можно изменить не только с помощью параметра +debug_level в файле конфигурации (этот параметр является +постоянным, но требует перезапуска SSSD), но и «на лету», с помощью +инструмента sss_debuglevel +8 . + + + В настоящее время поддерживаются следующие уровни отладки: + + + 0, 0x0010: фатальные ошибки. Всё, +что не позволяет выполнить запуск SSSD или вызывает прекращение работы +сервиса. + + + 1, 0x0020: критические +ошибки. Ошибка, которая не прекращает работу SSSD, но означает, что как +минимум одна важная функциональная возможность не будет работать надлежащим +образом. + + + 2, 0x0040: серьёзные +ошибки. Ошибка, которая сообщает о завершении неудачей определённого запроса +или действия. + + + 3, 0x0080: незначительные +ошибки. Это ошибки, которые могут стать причиной ошибок 2-го уровня (ошибок +при выполнении действий). + + + 4, 0x0100: параметры конфигурации. + + + 5, 0x0200: данные функций. + + + 6, 0x0400: сообщения трассировки +для функций действий. + + + 7, 0x1000: сообщения трассировки +для функций внутреннего управления. + + + 8, 0x2000: содержимое внутренних +переменных функций, которое может представлять интерес. + + + 9, 0x4000: информация трассировки +крайне низкого уровня. + + + 9, 0x20000: быстродействие и +статистические данные. Пожалуйста, обратите внимание, что из-за способа +обработки запросов на внутреннем уровне, записанное в журнал время +выполнения запроса может быть больше, чем оно было на самом деле. + + + 10, 0x10000: информация +трассировки libldb ещё более низкого уровня. Практически никогда не +требуется. + + + Чтобы выполнять ведение журнала для необходимых уровней отладки, указанных в +представлении битовых масок, просто сложите их номера, как показано в +следующих примерах: + + + Пример: используйте 0x0270, чтобы вести журнал данных +фатальных ошибок, критических ошибок, серьёзных ошибок и данных функций. + + + Пример: используйте 0x1310, чтобы вести журнал данных +фатальных ошибок, параметров конфигурации, данных функций, сообщений +трассировки для функций внутреннего управления. + + + Примечание: формат битовых масок уровней отладки был +введён в версии 1.7.0. + + + По умолчанию: 0x0070 (то есть фатальные, критические и +серьёзные ошибки; соответствует указанию значения «2» в десятичной записи) + + diff --git a/src/man/ru/include/debug_levels_tools.xml b/src/man/ru/include/debug_levels_tools.xml new file mode 100644 index 0000000..20957cc --- /dev/null +++ b/src/man/ru/include/debug_levels_tools.xml @@ -0,0 +1,83 @@ + + + В SSSD предусмотрены два представления для указания уровня отладки. Более +простое представление позволяет указать десятичное значение в диапазоне от 0 +до 9, которое будет включать соответствующий уровень и все более низкие +уровни сообщений отладки. Более сложное представление позволяет указать +шестнадцатеричную битовую маску для включения или отключения (подавления) +отдельных уровней. + + + В настоящее время поддерживаются следующие уровни отладки: + + + 0, 0x0010: фатальные ошибки. Всё, +что не позволяет выполнить запуск SSSD или вызывает прекращение работы +сервиса. + + + 1, 0x0020: критические +ошибки. Ошибка, которая не прекращает работу SSSD, но означает, что как +минимум одна важная функциональная возможность не будет работать надлежащим +образом. + + + 2, 0x0040: серьёзные +ошибки. Ошибка, которая сообщает о завершении неудачей определённого запроса +или действия. + + + 3, 0x0080: незначительные +ошибки. Это ошибки, которые могут стать причиной ошибок 2-го уровня (ошибок +при выполнении действий). + + + 4, 0x0100: параметры конфигурации. + + + 5, 0x0200: данные функций. + + + 6, 0x0400: сообщения трассировки +для функций действий. + + + 7, 0x1000: сообщения трассировки +для функций внутреннего управления. + + + 8, 0x2000: содержимое внутренних +переменных функций, которое может представлять интерес. + + + 9, 0x4000: информация трассировки +крайне низкого уровня. + + + 10, 0x10000: информация +трассировки libldb ещё более низкого уровня. Практически никогда не +требуется. + + + Чтобы выполнять ведение журнала для необходимых уровней отладки, указанных в +представлении битовых масок, просто сложите их номера, как показано в +следующих примерах: + + + Пример: используйте 0x0270, чтобы вести журнал данных +фатальных ошибок, критических ошибок, серьёзных ошибок и данных функций. + + + Пример: используйте 0x1310, чтобы вести журнал данных +фатальных ошибок, параметров конфигурации, данных функций, сообщений +трассировки для функций внутреннего управления. + + + Примечание: формат битовых масок уровней отладки был +введён в версии 1.7.0. + + + По умолчанию: 0x0070 (то есть фатальные, критические и +серьёзные ошибки; соответствует указанию значения «2» в десятичной записи) + + diff --git a/src/man/ru/include/failover.xml b/src/man/ru/include/failover.xml new file mode 100644 index 0000000..fe36c55 --- /dev/null +++ b/src/man/ru/include/failover.xml @@ -0,0 +1,124 @@ + + ОТРАБОТКА ОТКАЗА + + Функция обработки отказа позволяет внутренним серверам автоматически +переключаться на другой сервер в случае сбоя текущего сервера. + + + Синтаксис обработки отказа + + Список серверов разделяется запятыми; рядом с запятыми допускается любое +количество пробелов. Серверы перечислены в порядке приоритета. Список может +содержать любое количество серверов. + + + Для каждого параметра конфигурации с поддержкой отработки отказа существуют +два варианта: основной (primary) и +резервный (backup). Смысл в том, что приоритет получают +серверы из списка основных, а поиск резервных серверов выполняется только в +том случае, если не удалось связаться с основными серверами. Если выбран +резервный сервер, устанавливается 31-секундный тайм-аут. По его истечении +SSSD будет периодически пытаться восстановить подключение к одному из +основных серверов. Если попытка будет успешной, текущий активный (резервный) +сервер будет заменён на основной. + + + + Механизм отработки отказа + + Механизм отработки отказа различает компьютеры и службы. Внутренний сервер +сначала пытается разрешить имя узла указанного компьютера; если попытка +разрешения завершается неудачей, компьютер считается работающим в автономном +режиме. Дальнейшие попытки подключиться к этому компьютеру для доступа к +другим службам не выполняются. Если попытка разрешения успешна, внутренний +сервер пытается подключиться к службе на этом компьютере. Если попытка +подключения к службе завершается неудачей, работающей в автономном режиме +будет считаться только эта служба, и внутренний сервер автоматически +переключится на следующую службу. Компьютер продолжает считаться находящимся +в сети, возможны дальнейшие попытки подключения к другим службам на нём. + + + Дальнейшие попытки подключения к компьютерам или службам, обозначенным, как +работающие в автономном режиме, выполняются по истечении определённого +периода времени; в настоящее время это значения является жёстко заданным и +составляет 30 секунд. + + + Если список компьютеров исчерпан, внутренний сервер целиком переключается на +автономный режим и затем пытается восстановить подключение каждые 30 секунд. + + + + Тайм-ауты и тонкая настройка отработки отказа + + Разрешение имени сервера, к которому следует подключиться, может быть +выполнено как за один запрос DNS, так и за несколько шагов, например, при +поиске корректного сайта или переборе нескольких имён узлов, если некоторые +из настроенных серверов недоступны. Для более сложных сценариев требуется +больше времени, и SSSD требуется соблюсти баланс между предоставлением +достаточного количества времени для завершения процесса разрешения и не +слишком долгим ожиданием перед переходом в автономный режим. Если в журнале +отладки SSSD есть данные о том, что время на разрешение сервера истекло до +обращения к реальному серверу, рекомендуется изменить значения тайм-аутов. + + + В этом разделе перечислены доступные настраиваемые параметры. Их описание +содержится на справочной странице +sssd.conf5 +. + + + dns_resolver_server_timeout + + + + Время (в миллисекундах), в течение которого SSSD будет обращаться к одному +серверу DNS перед переходом к следующему. + + + По умолчанию: 1000 + + + + + + dns_resolver_op_timeout + + + + Время (в секундах), в течение которого SSSD будет пытаться разрешить один +запрос DNS (например, разрешение имени узла или записи SRV) перед переходом +к следующему имени узла или домену обнаружения. + + + По умолчанию: 3 + + + + + + dns_resolver_timeout + + + + Как долго SSSD будет пытаться разрешить резервную службу. Это разрешение +службы может включать несколько внутренних шагов, например, при разрешении +запросов SRV DNS или определении расположения сайта. + + + По умолчанию: 6 + + + + + + + Для поставщиков данных на основе LDAP операция разрешения выполняется как +часть операции установления LDAP-соединения. Следовательно, тайм-аут +ldap_opt_timeout также следует установить в большее значение, +чем dns_resolver_timeout, который, в свою очередь, следует +установить в большее значение, чем dns_resolver_op_timeout, +который должен быть больше dns_resolver_server_timeout. + + + diff --git a/src/man/ru/include/homedir_substring.xml b/src/man/ru/include/homedir_substring.xml new file mode 100644 index 0000000..2ddfae7 --- /dev/null +++ b/src/man/ru/include/homedir_substring.xml @@ -0,0 +1,18 @@ + + homedir_substring (строка) + + + Значение этого параметра будет использоваться в расширении параметра +override_homedir, если шаблон содержит строку формата +%H. Запись каталога LDAP может непосредственно +содержать этот шаблон, поэтому этот параметр можно использовать для +расширения пути домашнего каталога для каждого клиентского компьютера (или +операционной системы). Его можно задать для отдельного домена или глобально +в разделе [nss]. Значение, указанное в разделе домена, переопределит то +значение, которое задано в разделе [nss]. + + + По умолчанию: /home + + + diff --git a/src/man/ru/include/ipa_modified_defaults.xml b/src/man/ru/include/ipa_modified_defaults.xml new file mode 100644 index 0000000..a68afb7 --- /dev/null +++ b/src/man/ru/include/ipa_modified_defaults.xml @@ -0,0 +1,124 @@ + + ИЗМЕНЁННЫЕ СТАНДАРТНЫЕ ПАРАМЕТРЫ + + Некоторые стандартные значения параметров не соответствуют стандартным +значениям параметров соответствующего внутреннего поставщика данных. Имена +этих параметров и специфичные для поставщика данных IPA стандартные значения +параметров перечислены ниже: + + + Поставщик данных KRB5 + + + + krb5_validate = true + + + + + krb5_use_fast = try + + + + + krb5_canonicalize = true + + + + + + Поставщик данных LDAP — Общие параметры + + + + ldap_schema = ipa_v1 + + + + + ldap_force_upper_case_realm = true + + + + + ldap_sasl_mech = GSSAPI + + + + + ldap_sasl_minssf = 56 + + + + + ldap_account_expire_policy = ipa + + + + + ldap_use_tokengroups = true + + + + + + Поставщик данных LDAP — Параметры пользователей + + + + ldap_user_member_of = memberOf + + + + + ldap_user_uuid = ipaUniqueID + + + + + ldap_user_ssh_public_key = ipaSshPubKey + + + + + ldap_user_auth_type = ipaUserAuthType + + + + + + Поставщик данных LDAP — Параметры групп + + + + ldap_group_object_class = ipaUserGroup + + + + + ldap_group_object_class_alt = posixGroup + + + + + ldap_group_member = member + + + + + ldap_group_uuid = ipaUniqueID + + + + + ldap_group_objectsid = ipaNTSecurityIdentifier + + + + + ldap_group_external_member = ipaExternalMember + + + + + diff --git a/src/man/ru/include/krb5_options.xml b/src/man/ru/include/krb5_options.xml new file mode 100644 index 0000000..de7b3c8 --- /dev/null +++ b/src/man/ru/include/krb5_options.xml @@ -0,0 +1,162 @@ + + + krb5_auth_timeout (целое число) + + + Тайм-аут в секундах после прерывания запроса проверки подлинности или смены +пароля в сетевом режиме. Обработка запроса проверки подлинности будет +продолжена в автономном режиме, если это возможно. + + + По умолчанию: 6 + + + + + + krb5_validate (логическое значение) + + + Проверить с помощью krb5_keytab, что полученный TGT не был +подменён. Проверка записей в таблице ключей выполняется последовательно, для +проверки действительности используется первая запись с соответствующей +областью. Если области не соответствует ни одна из записей, используется +последняя запись в таблице ключей. Этот процесс можно использовать для +проверки сред, где используются межобластные отношения доверия, поместив +соответствующую запись таблицы ключей в качестве последней или единственной +записи в файле таблицы ключей. + + + По умолчанию: false (для поставщиков данных IPA и AD: true) + + + Обратите внимание, что проверка билета — это первый шаг при проверке PAC +(дополнительные сведения доступны в описании параметра «pac_check» на +справочной странице sssd.conf +5 ). Если проверка билета отключена, +проверки PAC также будут пропущены. + + + + + + krb5_renewable_lifetime (строка) + + + Запросить обновляемый билет с общим временем жизни, указанным как целое +число, сразу после которого следует единица измерения времени: + + + s для секунд + + + m для минут + + + h для часов + + + d для дней. + + + Если единица измерения не указана, предполагается, что используется значение +s. + + + ПРИМЕЧАНИЕ: единицы измерения нельзя смешивать. Чтобы установить обновляемое +время жизни равным полутора часам, укажите «90m», а не «1h30m». + + + По умолчанию: не задано, то есть TGT не является обновляемым + + + + + + krb5_lifetime (строка) + + + Запросить билет с временем жизни, указанным как целое число, сразу после +которого следует единица измерения времени: + + + s для секунд + + + m для минут + + + h для часов + + + d для дней. + + + Если единица измерения не указана, предполагается, что используется значение +s. + + + ПРИМЕЧАНИЕ: единицы измерения нельзя смешивать. Чтобы установить время жизни +равным полутора часам, укажите «90m», а не «1h30m». + + + По умолчанию: не задано, то есть стандартное время жизни билета, настроенное +в параметрах KDC. + + + + + + krb5_renew_interval (строка) + + + Время в секундах между двумя проверками того, следует ли обновить +TGT. Обновление TGT выполняется в том случае, если прошла примерно половина +времени жизни билета, указанного как целое число, сразу после которого +следует единица измерения времени: + + + s для секунд + + + m для минут + + + h для часов + + + d для дней. + + + Если единица измерения не указана, предполагается, что используется значение +s. + + + ПРИМЕЧАНИЕ: единицы измерения нельзя смешивать. Чтобы установить обновляемое +время жизни равным полутора часам, укажите «90m», а не «1h30m». + + + Если этот параметр не указан или установлен в значение «0», автоматическое +обновление отключено. + + + По умолчанию: не задано + + + + + + krb5_canonicalize (логическое значение) + + + Позволяет указать, следует ли приводить в каноническую форму имя +участника-узла и участника-пользователя. Эта возможность доступна в MIT +Kerberos 1.7 и выше. + + + + По умолчанию: false + + + + diff --git a/src/man/ru/include/ldap_id_mapping.xml b/src/man/ru/include/ldap_id_mapping.xml new file mode 100644 index 0000000..9c131d4 --- /dev/null +++ b/src/man/ru/include/ldap_id_mapping.xml @@ -0,0 +1,298 @@ + + СОПОСТАВЛЕНИЕ ИДЕНТИФИКАТОРОВ + + Возможность сопоставления идентификаторов позволяет SSSD выступать в роли +клиента Active Directory, при этом администраторам не требуется расширять +атрибуты пользователя с целью поддержки атрибутов POSIX для идентификаторов +пользователей и групп. + + + ПРИМЕЧАНИЕ: когда сопоставление идентификаторов включено, атрибуты uidNumber +и gidNumber игнорируются. Это позволяет избежать возможных конфликтов между +значениями, назначенными автоматически, и значениями, назначенными +вручную. Если требуется использовать значения, назначенные вручную, следует +назначить вручную ВСЕ значения. + + + Обратите внимание, что изменение параметров конфигурации, связанных с +сопоставлением идентификаторов, приведёт к изменению идентификаторов +пользователей и групп. В настоящее время SSSD не поддерживает изменение +идентификаторов, поэтому базу данных SSSD необходимо удалить. Так как +кэшированные пароли также хранятся в в этой базе данных, её удаление должно +выполняться только тогда, когда серверы проверки подлинности доступны; в +ином случае пользователи могут быть заблокированы. Для кэширования пароля +необходимо выполнить проверку подлинности. Для удаления базы данных +недостаточно использовать +sss_cache 8 +, на самом деле требуются следующие шаги: + + + + Проверка доступности удалённых серверов + + + + + Остановка службы SSSD + + + + + Удаление базы данных + + + + + Запуск службы SSSD + + + + Более того, поскольку смена идентификаторов может сделать необходимым +изменение других свойств системы, таких как параметры владения файлами и +каталогами, рекомендуется спланировать всё заранее и тщательно +протестировать конфигурацию сопоставления идентификаторов. + + + + Алгоритм сопоставления + + Active Directory предоставляет objectSID для всех объектов пользователей и +групп в каталоге. Этот objectSID можно разбить на компоненты, которые +соответствуют идентификатору домена Active Directory и относительному +идентификатору (RID) объекта пользователя или группы. + + + Алгоритм сопоставления идентификаторов SSSD берёт диапазон доступных UID и +делит его на разделы равного размера — «срезы». Каждый срез представляет +собой пространство, доступное домену Active Directory. + + + Когда запись пользователя или группы определённого домена встречается SSSD в +первый раз, SSSD выделяет один из доступных срезов для этого домена. Чтобы +такое назначение срезов воспроизводилось на разных клиентских компьютерах, +предусмотрен следующий алгоритм выбора среза: + + + Строка SID передаётся через алгоритм murmurhash3 для её преобразования в +32-битное хэшированное значение. Затем для выбора среза это значение с общим +количеством срезов берётся по модулю. + + + ПРИМЕЧАНИЕ: между хэшем и полученным далее модулем возможны конфликты. В +таких случаях будет выбран следующий доступный срез, но на других +компьютерах может быть невозможно воспроизвести точно такой же набор срезов +(так как порядок, в котором они встречаются, определяет срез). В такой +ситуации рекомендуется либо переключиться на использование явных атрибутов +POSIX в Active Directory (отключить сопоставление идентификаторов), либо +настроить стандартный домен, чтобы гарантировать согласованность хотя бы для +одного. См. Конфигурация. + + + + + Конфигурация + + Минимальная конфигурация (в разделе [domain/DOMAINNAME]): + + + +ldap_id_mapping = True +ldap_schema = ad + + + + При стандартной конфигурации настраивается 10000 срезов, каждый из которых +может содержать до 200000 идентификаторов, начиная от 200000 и до +2000200000. Этого должно быть достаточно для большинства вариантов +развёртывания. + + + Дополнительная конфигурация + + + ldap_idmap_range_min (целое число) + + + Указывает нижнюю (включительно) границу диапазона идентификаторов POSIX, +которые следует использовать для сопоставления SID пользователей и групп +Active Directory. Это первый идентификатор POSIX, который можно использовать +для сопоставления. + + + ПРИМЕЧАНИЕ: этот параметр отличается от min_id: +min_id работает как фильтр ответов на запросы к этому домену, +в то время как этот параметр управляет диапазоном назначения +идентификаторов. Это тонкое различие, но рекомендуется устанавливать +значение min_id меньшим или равным значению +ldap_idmap_range_min + + + По умолчанию: 200000 + + + + + ldap_idmap_range_max (целое число) + + + Указывает верхнюю (не включительно) границу диапазона идентификаторов POSIX, +которые следует использовать для сопоставления идентификаторов SID +пользователей и групп Active Directory. Это первый идентификатор POSIX, +который нельзя использовать для сопоставления, т.е. данный идентификатор на +единицу больше последнего, которым можно воспользоваться для сопоставления. + + + ПРИМЕЧАНИЕ: этот параметр отличается от max_id: +max_id работает как фильтр ответов на запросы к этому домену, +в то время как этот параметр управляет диапазоном назначения +идентификаторов. Это тонкое различие, но рекомендуется устанавливать +значение max_id большим или равным значению +ldap_idmap_range_max + + + По умолчанию: 2000200000 + + + + + ldap_idmap_range_size (целое число) + + + Указывает количество идентификаторов, доступных для каждого среза. Если +размер диапазона не делится нацело на минимальное и максимальное значения, +будет создано столько полных срезов, сколько возможно. + + + ПРИМЕЧАНИЕ: значение этого параметра должно быть не меньше значения +максимального RID пользователя, запланированного для использования на +сервере Active Directory. Поиск записи пользователя и вход завершатся +неудачей для всех пользователей, RID которых превышает значение этого +параметра. + + + Например, если у последнего добавленного пользователя Active Directory +objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, +значениеldap_idmap_range_size должно равняться минимум 1108, +так как размер диапазона рассчитывается как максимальный SID минус +минимальный SID плюс один (т.е. 1108 = 1107 - 0 + 1). + + + Для будущего расширения важно всё спланировать заранее,поскольку изменение +этого значения приведёт к изменению всех сопоставлений идентификаторов в +системе и, следовательно, изменению локальных идентификаторов пользователей. + + + По умолчанию: 200000 + + + + + ldap_idmap_default_domain_sid (строка) + + + Позволяет указать SID стандартного домена. Это гарантирует, что этот домен +всегда будет назначаться нулевому срезу в карте идентификаторов, в обход +описанного выше алгоритма murmurhash. + + + По умолчанию: не задано + + + + + ldap_idmap_default_domain (строка) + + + Позволяет указать имена домена по умолчанию. + + + По умолчанию: не задано + + + + + ldap_idmap_autorid_compat (логическое значение) + + + Изменяет поведения алгоритма сопоставления идентификаторов, делая его более +похожим на алгоритм idmap_autorid winbind. + + + When this option is configured, domains will be allocated starting with +slice zero and increasing monotonically with each additional domain. + + + ПРИМЕЧАНИЕ: этот алгоритм является недетерминированным (он зависит от +порядка, в котором запрашиваются пользователи и группы). Если этот режим +требуется для обеспечения совместимости с компьютерами, где работает +winbind, рекомендуется также использовать параметр +ldap_idmap_default_domain_sid, чтобы гарантировать постоянное +выделение хотя бы одного домена для нулевого среза. + + + По умолчанию: false + + + + + ldap_idmap_helper_table_size (целое число) + + + Максимальное количество вторичных срезов, которое можно использовать при +сопоставлении идентификатору UNIX номера SID. + + + Примечание: дополнительные вторичные срезы могут быть созданы, когда +выполняется сопоставление SID с идентификатором UNIX и часть RID SID +находится за пределами диапазона для уже созданных вторичных срезов. Если +значение параметра ldap_idmap_helper_table_size равно нулю, дополнительные +вторичные срезы не будут созданы. + + + По умолчанию: 10 + + + + + + + + + Известные SID + + SSSD поддерживает поиск имён известных SID, то есть SID со специальным +жёстко заданным значением. Так как типичные пользователи и группы, связанные +с этими известными SID, не имеют аналогов в среде Linux/UNIX, для этих +объектов недоступны идентификаторы POSIX. + + + Пространство имён SID организовано по центрам, которые можно рассматривать +как разные домены. Для известных SID используются следующие центры + + Null Authority + World Authority + Local Authority + Creator Authority + Mandatory Label Authority + Authentication Authority + NT Authority + Built-in + + Записанные прописными буквами варианты этих имён используются в качестве +имён доменов при возврате полных имён известных SID. + + + Так как некоторые утилиты позволяют изменять данные управления доступом на +основе SID с помощью имени, а не непосредственного использования SID, SSSD +также поддерживает поиск SID по имени. Чтобы избежать конфликтов, для поиска +известных SID разрешается использовать только полные имена. Следовательно, +нельзя использовать в качестве имён доменов в sssd.conf +следующие названия: NULL AUTHORITY, WORLD +AUTHORITY, LOCAL AUTHORITY, CREATOR +AUTHORITY, MANDATORY LABEL AUTHORITY, +AUTHENTICATION AUTHORITY, NT AUTHORITY и +BUILTIN. + + + + diff --git a/src/man/ru/include/ldap_search_bases.xml b/src/man/ru/include/ldap_search_bases.xml new file mode 100644 index 0000000..9516d92 --- /dev/null +++ b/src/man/ru/include/ldap_search_bases.xml @@ -0,0 +1,33 @@ + + + Необязательное base DN, область поиска и фильтр LDAP для ограничения поисков +LDAP для этого типа атрибутов. + + + синтаксис: +search_base[?scope?[filter][?search_base?scope?[filter]]*] + + + + Значением области может быть одно из следующих: «base», «onelevel» или +«subtree». Описание работы области доступно в разделе 4.5.1.2 +http://tools.ietf.org/html/rfc4511 + + + Фильтр должен являться корректным фильтром поиска LDAP согласно спецификации +http://www.ietf.org/rfc/rfc2254.txt + + + Примеры синтаксиса доступны в разделе примеров +ldap_search_base. + + + По умолчанию: значение ldap_search_base + + + Обратите внимание, что указание области или фильтра не поддерживается для +поиска на сервере Active Directory; он может привести к получению большого +количества результатов и активировать расширение получения диапазонов (Range +Retrieval) в ответе. + + diff --git a/src/man/ru/include/local.xml b/src/man/ru/include/local.xml new file mode 100644 index 0000000..0b845c9 --- /dev/null +++ b/src/man/ru/include/local.xml @@ -0,0 +1,18 @@ + + ЛОКАЛЬНЫЙ ДОМЕН + + Для корректной работы необходимо создать домен с +id_provider=local и запустить SSSD. + + + Администратор может отдать предпочтение использованию локальных записей +пользователей SSSD вместо традиционных записей пользователей UNIX, когда для +работы требуется вложенность групп (см. +sss_groupadd 8 +). Записи локальных пользователей также позволяют выполнить +тестирование и разработку SSSD без необходимости развёртывания полного +удалённого сервера. Инструменты sss_user* и +sss_group* используют локальное хранилище данных LDB для +хранения записей пользователей и групп. + + diff --git a/src/man/ru/include/override_homedir.xml b/src/man/ru/include/override_homedir.xml new file mode 100644 index 0000000..706bc7f --- /dev/null +++ b/src/man/ru/include/override_homedir.xml @@ -0,0 +1,79 @@ + +override_homedir (строка) + + + Переопределить домашний каталог пользователя. Можно указать либо абсолютное +значение, либо шаблон. В шаблоне заменяются следующие последовательности: + + + %u + имя для входа + + + %U + номер UID + + + %d + имя домена + + + %f + полное имя пользователя (user@domain) + + + %l + Первая буква имени для входа. + + + %P + UPN — имя участника-пользователя (name@REALM) + + + %o + + Исходный домашний каталог, полученный от поставщика данных идентификации. + + + + %h + + Исходный домашний каталог, полученный от поставщика данных идентификации, но +в нижнем регистре. + + + + %H + + Значение параметра конфигурации homedir_substring. + + + + %% + литерал «%» + + + + + + Этот параметр также можно задать для каждого домена отдельно. + + + пример: +override_homedir = /home/%u + + + + По умолчанию: не задано (SSSD будет использовать значение, полученное от +LDAP) + + + Обратите внимание, что домашний каталог из конкретного переопределения для +пользователя, локально +(см. sss_override +8) или централизованно управляемых +переопределений идентификаторов IPA, обладает более высоким приоритетом и +будет использоваться вместо значения, указанного с помощью override_homedir. + + + diff --git a/src/man/ru/include/param_help.xml b/src/man/ru/include/param_help.xml new file mode 100644 index 0000000..75ffa44 --- /dev/null +++ b/src/man/ru/include/param_help.xml @@ -0,0 +1,10 @@ + + + , + + + + Показать справочное сообщение и выйти. + + + diff --git a/src/man/ru/include/param_help_py.xml b/src/man/ru/include/param_help_py.xml new file mode 100644 index 0000000..1323751 --- /dev/null +++ b/src/man/ru/include/param_help_py.xml @@ -0,0 +1,10 @@ + + + , + + + + Показать справочное сообщение и выйти. + + + diff --git a/src/man/ru/include/seealso.xml b/src/man/ru/include/seealso.xml new file mode 100644 index 0000000..91b4efd --- /dev/null +++ b/src/man/ru/include/seealso.xml @@ -0,0 +1,49 @@ + + СМ. ТАКЖЕ + + sssd8 +, +sssd.conf5 +, +sssd-ldap5 +, +sssd-ldap-attributes5 +, +sssd-krb55 +, +sssd-simple5 +, +sssd-ipa5 +, +sssd-ad5 +, +sssd-files5 +, +sssd-sudo 5 +, +sssd-session-recording +5 , +sss_cache8 +, +sss_debuglevel8 +, +sss_obfuscate8 +, +sss_seed8 +, +sssd_krb5_locator_plugin8 +, +sss_ssh_authorizedkeys +8 , +sss_ssh_knownhostsproxy +8 , sssd-ifp +5 , +pam_sss8 +. +sss_rpcidmapd 5 + +sssd-systemtap 5 + + + diff --git a/src/man/ru/include/service_discovery.xml b/src/man/ru/include/service_discovery.xml new file mode 100644 index 0000000..d9cf15b --- /dev/null +++ b/src/man/ru/include/service_discovery.xml @@ -0,0 +1,44 @@ + + ОБНАРУЖЕНИЕ СЛУЖБ + + Функция обнаружения служб позволяет внутренним серверам автоматически +находить серверы, к которым следует подключиться, с помощью специального +запроса DNS. Эта возможность не поддерживается для резервных серверов. + + + Конфигурация + + Если серверы не указаны, внутренний сервер будет автоматически использовать +обнаружение служб, чтобы попытаться найти сервер. Пользователь может +(необязательно) задать использование сразу и фиксированных адресов серверов, +и обнаружения служб, вставив в список серверов специальное ключевое слово +_srv_. Обработка выполняется в порядке приоритета. Эта +возможность полезна, например, если пользователь предпочитает использовать +обнаружение служб всегда, когда это возможно, и подключаться к определённому +серверу только в тех случаях, когда серверы не удалось обнаружить с помощью +DNS. + + + + Имя домена + + Дополнительные сведения доступны в описании параметра +dns_discovery_domain на справочной странице +sssd.conf 5 +. + + + + Протокол + + В запросах обычно указан протокол _tcp. Исключения задокументированы в +описаниях соответствующих параметров. + + + + См. также + + Дополнительные сведения о механизме обнаружения служб доступны в RFC 2782. + + + diff --git a/src/man/ru/include/upstream.xml b/src/man/ru/include/upstream.xml new file mode 100644 index 0000000..ce213c8 --- /dev/null +++ b/src/man/ru/include/upstream.xml @@ -0,0 +1,3 @@ + +SSSD Восходящий источник («апстрим») +SSSD — https://github.com/SSSD/sssd/ diff --git a/src/man/ru/pam_sss.8.xml b/src/man/ru/pam_sss.8.xml new file mode 100644 index 0000000..e18e11d --- /dev/null +++ b/src/man/ru/pam_sss.8.xml @@ -0,0 +1,456 @@ + + + +Справка по SSSD + + + + + pam_sss + 8 + + + + pam_sss + модуль PAM для SSSD + + + + +pam_sss.so +quiet +forward_pass +use_first_pass +use_authtok +retry=N +ignore_unknown_user +ignore_authinfo_unavail +domains=X +allow_missing_name +prompt_always +try_cert_auth +require_cert_auth + + + + ОПИСАНИЕ + pam_sss.so — это интерфейс PAM к сервису SSSD. Ошибки и +результаты записываются в журнал посредством syslog(3) с +LOG_AUTHPRIV. + + + + ОПЦИИ + + + + + + + Подавлять сообщения журнала для неизвестных пользователей. + + + + + + + + Если параметр задан, введённый пароль будет +помещён в стек для использования другими модулями PAM. + + + + + + + + + Использование аргумента use_first_pass позволяет указать модулю +принудительно использовать пароль ранее добавленного в стек модуля и никогда +не запрашивать его у пользователя — если пароль недоступен или некорректен, +пользователю будет отказано в доступе. + + + + + + + + Если этот параметр задан, при смене пароля модуль установит в качестве +нового пароля тот пароль, который предоставлен ранее добавленным в стек +модулем обработки паролей. + + + + + + + + Если этот параметр задан, в случае неудачной проверки подлинности у +пользователя будет N раз запрашиваться пароль. Значение по умолчанию — 0. + Обратите внимание, что этот параметр может не работать ожидаемым образом, +если приложение, которое вызывает PAM, самостоятельно обрабатывает диалог с +пользователем. Типичный пример: sshd с +. + + + + + + + + Если этот параметр указан и пользователь не существует, модуль PAM вернёт +PAM_IGNORE. В результате платформа PAM игнорирует этот модуль. + + + + + + + + + Позволяет указать, что модуль PAM должен вернуть PAM_IGNORE, если ему не +удаётся связаться с сервисом SSSD. В результате платформа PAM игнорирует +этот модуль. + + + + + + + + + Позволяет администратору ограничить перечень доменов, в которых может +проходить проверку подлинности определённая служба PAM. Формат: разделённый +запятыми список имён доменов SSSD, в том виде, в котором они указаны в файле +sssd.conf. + + + ПРИМЕЧАНИЕ: при использовании для службы, которая запущена не от имени +пользователя root (например, для веб-сервера), этот параметр необходимо +использовать совместно с параметрами pam_trusted_users и +pam_public_domains. Дополнительные сведения об этих двух +параметрах ответчика PAM доступны на справочной странице +sssd.conf 5 +. + + + + + + + + + + Основная задача этого параметра — разрешить SSSD определять имя пользователя +на основе дополнительной информации (например, сертификата со смарт-карты). + + + В настоящее время используется диспетчерами входа, которые могут отслеживать +события карты на устройстве чтения смарт-карт. При вставке смарт-карты +диспетчер входа вызовет стек PAM, который включает строку наподобие + +auth sufficient pam_sss.so allow_missing_name + В этом случае SSSD попытается +определить имя пользователя на основе содержимого смарт-карты, потом вернёт +его pam_sss, который затем поместит его в стек PAM. + + + + + + + + + + Всегда запрашивать учётные данные у пользователя. Если этот параметр +включён, учётные данные, запрошенные другими модулями PAM (обычно это +пароль), будут игнорироваться и pam_sss будет запрашивать учётные данные +снова. В зависимости от ответа предварительной проверки подлинности, +полученного от SSSD, pam_sss может запросить пароль, PIN-код смарт-карты или +другие учётные данные. + + + + + + + + + + Пытаться применить проверку подлинности на основе сертификата, то есть +проверку подлинности с помощью смарт-карты или аналогичных устройств. Если +смарт-карта доступна и для службы разрешена проверка подлинности по +смарт-карте, у пользователя будет запрошен PIN-код, после чего проверка +подлинности на основе сертификата будет продолжена + + + Если смарт-карта недоступна или для текущей службы не разрешена проверка +подлинности на основе сертификата, возвращается PAM_AUTHINFO_UNAVAIL. + + + + + + + + + + Выполнять проверку подлинности на основе сертификата, то есть проверку +подлинности с помощью смарт-карты или аналогичных устройств. Если +смарт-карта недоступна, пользователю будет предложено вставить её. SSSD +будет ожидать вставки смарт-карты до истечения тайм-аута, определённого +параметром p11_wait_for_card_timeout, подробные сведения доступны на +справочной странице sssd.conf +5. + + + Если смарт-карта недоступна по истечении тайм-аута или для текущей службы не +разрешена проверка подлинности на основе сертификата, возвращается +PAM_AUTHINFO_UNAVAIL. + + + + + + + + ПРЕДОСТАВЛЯЕМЫЕ ТИПЫ МОДУЛЕЙ + Предоставляются все типы модулей (, +, и +). + + Если ответчик PAM SSSD не запущен (например, когда недоступен сокет +ответчика PAM), pam_sss вернёт PAM_USER_UNKNOWN при вызове в качестве модуля +, чтобы избежать проблем с пользователями из других +источников во время управления доступом. + + + + ВОЗВРАЩАЕМЫЕ ЗНАЧЕНИЯ + + + PAM_SUCCESS + + + Операция PAM успешно завершена. + + + + + PAM_USER_UNKNOWN + + + Пользователь неизвестен службе проверки подлинности или не запущен ответчик +PAM SSSD. + + + + + PAM_AUTH_ERR + + + Сбой при проверке подлинности. Кроме того, может быть возвращено в случае +проблемы с получением сертификата. + + + + + PAM_PERM_DENIED + + + Доступ запрещён. В журнале SSSD могут быть дополнительные сведения об этой +ошибке. + + + + + PAM_IGNORE + + + Смотрите описание параметров и +. + + + + + PAM_AUTHTOK_ERR + + + Не удалось получить новый маркер проверки подлинности. Кроме того, может +быть возвращено, когда пользователь проходит проверку подлинности с помощью +сертификатов и доступно несколько сертификатов, но установленная версия GDM +не поддерживает выбор из нескольких сертификатов. + + + + + PAM_AUTHINFO_UNAVAIL + + + Не удалось получить доступ к данным проверки подлинности. Это может быть +связано со сбоем сети или оборудования. + + + + + PAM_BUF_ERR + + + Произошла ошибка памяти. Кроме того, может быть возвращено в том случае, +если заданы параметры use_first_pass или use_authtok, но не был найден +пароль, предоставленный ранее добавленным в стек модулем PAM. + + + + + PAM_SYSTEM_ERR + + + Произошла системная ошибка. В журнале SSSD могут быть дополнительные +сведения об этой ошибке. + + + + + PAM_CRED_ERR + + + Не удалось задать учётные данные пользователя. + + + + + PAM_CRED_INSUFFICIENT + + + Приложение не располагает учётными данными, достаточными для проверки +подлинности пользователя. Например, отсутствует PIN-код при проверке +подлинности по смарт-карте или отсутствует фактор при двухфакторной проверке +подлинности. + + + + + PAM_SERVICE_ERR + + + Ошибка в модуле службы. + + + + + PAM_NEW_AUTHTOK_REQD + + + Срок действия маркера проверки подлинности пользователя истёк. + + + + + PAM_ACCT_EXPIRED + + + Срок действия учётной записи пользователя истёк. + + + + + PAM_SESSION_ERR + + + Не удалось получить правила профилей рабочего стола IPA или информацию о +пользователе. + + + + + PAM_CRED_UNAVAIL + + + Не удалось получить учётные данные пользователя Kerberos. + + + + + PAM_NO_MODULE_DATA + + + Kerberos не был найден способ проверки подлинности. Это могло произойти, +если для записи пользователя назначена смарт-карта, но на клиенте недоступен +модуль pkint. + + + + + PAM_CONV_ERR + + + Сбой обмена данными. + + + + + PAM_AUTHTOK_LOCK_BUSY + + + Нет доступных KDC, которые подходят для смены пароля. + + + + + PAM_ABORT + + + Неизвестный вызов PAM. + + + + + PAM_MODULE_UNKNOWN + + + Неподдерживаемое задание или команда PAM. + + + + + PAM_BAD_ITEM + + + Модулю проверки подлинности не удалось обработать учётные данные со +смарт-карты. + + + + + + + + ФАЙЛЫ + Когда не удаётся выполнить сброс пароля от имени пользователя root из-за +того, что соответствующий поставщик SSSD не поддерживает сброс пароля, может +быть показано отдельное сообщение. Это сообщение может, например, содержать +инструкции по сбросу пароля. + + Это сообщение читается из файла +pam_sss_pw_reset_message.LOC, где LOC обозначает строку +локали, возвращённую +setlocale3 +. Если такого файла нет, отображается содержимое +pam_sss_pw_reset_message.txt. Владельцем файлов должен +быть пользователь root, при этом права на чтение и запись могут быть только +у пользователя root, а у всех остальных пользователей должны быть права +только на чтение. + + Поиск этих файлов выполняется в каталоге +/etc/sssd/customize/DOMAIN_NAME/. Если соответствующего +файла нет, будет показано общее сообщение. + + + + + + diff --git a/src/man/ru/pam_sss_gss.8.xml b/src/man/ru/pam_sss_gss.8.xml new file mode 100644 index 0000000..3192e40 --- /dev/null +++ b/src/man/ru/pam_sss_gss.8.xml @@ -0,0 +1,218 @@ + + + +Справка по SSSD + + + + + pam_sss_gss + 8 + + + + pam_sss_gss + Модуль PAM для проверки подлинности с помощью GSSAPI в SSSD + + + + +pam_sss_gss.so +debug + + + + ОПИСАНИЕ + + pam_sss_gss.so выполняет проверку подлинности +пользователя с помощью GSSAPI совместно с SSSD. + + + Этот модуль пытается проверить подлинность пользователя с помощью имени +серверной службы GSSAPI host@hostname, при разрешении которого получается +участник Kerberos host/hostname@REALM. Часть REALM +имени участника Kerberos определяется с помощью внутренних механизмов +Kerberos. Её можно указать в явном виде в конфигурации раздела +[domain_realm] в /etc/krb5.conf. + + + SSSD используется для предоставления имени нужной службы и проверки учётных +данных пользователя с помощью вызовов GSSAPI. Если билет службы уже +присутствует в кэше учётных данных Kerberos или если билет пользователя на +получение билетов может быть использован для получения билета +соответствующей службы, проверка подлинности пользователя будет выполнена. + + + Если параметр установлен в значение +«True» (по умолчанию), SSSD будет требоваться возможность сопоставления +пользователю тех учётных данных, которые были использованы для получения +билетов службы. Это означает, что участник, который является владельцем +учётных данных Kerberos, должен соответствовать имени +участника-пользователя, определённому в LDAP. + + + Чтобы включить в SSSD проверку подлинности с помощью GSSAPI, задайте +параметр в разделе [pam] или домена +sssd.conf. Учётные данные службы должны храниться в таблице ключей SSSD (она +уже присутствует, если используется поставщик данных IPA или +AD). Расположение таблицы ключей можно указать с помощью параметра +. Подробные сведения об этих параметрах доступны +на справочных страницах +sssd.conf 5 + и sssd-krb5 +5 . + + + Некоторых развёрнутые системы Kerberos позволяют связывать индикаторы +проверки подлинности с определённым способом предварительной проверки +подлинности, используемым для получения пользователем билета на получение +билетов. pam_sss_gss.so позволяет принудительно +установить обязательность наличия индикаторов проверки подлинности в билетах +службы для получения возможности доступа к определённой службе PAM. + + + Если параметр задан в разделе +[pam] или домена sssd.conf, SSSD будет проверять билет службы на наличие +настроенных индикаторов. + + + + + ОПЦИИ + + + + + + + Вывести данные отладки. + + + + + + + ПРЕДОСТАВЛЯЕМЫЕ ТИПЫ МОДУЛЕЙ + Предоставляется только модуль типа . + + + + ВОЗВРАЩАЕМЫЕ ЗНАЧЕНИЯ + + + PAM_SUCCESS + + + Операция PAM успешно завершена. + + + + + PAM_USER_UNKNOWN + + + Пользователь неизвестен службе проверки подлинности или не поддерживается +проверка подлинности с помощью GSSAPI. + + + + + PAM_AUTH_ERR + + + Сбой при проверке подлинности. + + + + + PAM_AUTHINFO_UNAVAIL + + + Не удалось получить доступ к данным проверки подлинности. Это может быть +связано со сбоем сети или оборудования. + + + + + PAM_SYSTEM_ERR + + + Произошла системная ошибка. В журнале SSSD могут быть дополнительные +сведения об этой ошибке. + + + + + + + + ПРИМЕРЫ + + Основной вариант использования — обеспечить проверку подлинности без пароля +в sudo, но без необходимости отключать проверку подлинности полностью. Для +достижения такого результата следует сначала включить проверку подлинности с +помощью GSSAPI для sudo в sssd.conf: + + +[domain/MYDOMAIN] +pam_gssapi_services = sudo, sudo-i + + + А затем следует включить модуль в нужном стеке PAM (например, +/etc/pam.d/sudo и /etc/pam.d/sudo-i). + + +... +auth sufficient pam_sss_gss.so +... + + + + + УСТРАНЕНИЕ НЕПОЛАДОК + + Журнал SSSD, отладочный вывод pam_sss_gss и системный журнал могут содержать +полезные сведения об ошибке. Вот некоторые распространённые проблемы: + + + 1. Переменная среды KRB5CCNAME задана, и проверка подлинности не работает: в +зависимости от используемой версии sudo, возможно, что sudo не передаёт эту +переменную среде PAM. Попробуйте добавить KRB5CCNAME в раздел + в /etc/sudoers или в стандартные параметры правил +sudo для LDAP. + + + 2. Проверка подлинности не работает, и в системном журнале есть запись +«Server not found in Kerberos database»: вероятно, Kerberos не удалось +определить корректную область для билета службы на основе имени +узла. Попробуйте добавить имя узла непосредственно в раздел + в /etc/krb5.conf следующим образом: + + + 3. Проверка подлинности не работает, и в системном журнале есть запись «No +Kerberos credentials available»: отсутствуют учётные данные, которые можно +было бы использовать для получения необходимого билета службы. Используйте +kinit или пройдите проверку подлинности с помощью SSSD для получения этих +учётных данных. + + + 4. Проверка подлинности не работает, и в журнале sssd-pam SSSD есть запись +«User with UPN [$UPN] was not found.» или «UPN [$UPN] does not match target +user [$username].»: используются учётные данные, которые нельзя сопоставить +тому пользователю, проверка подлинности которого проводится. Попробуйте +использовать kswitch для выбора другого участника, убедитесь, что проверка +подлинности с помощью SSSD пройдена, или отключите +. + + +[domain_realm] +.myhostname = MYREALM + + + + + + + diff --git a/src/man/ru/sss-certmap.5.xml b/src/man/ru/sss-certmap.5.xml new file mode 100644 index 0000000..93e68a4 --- /dev/null +++ b/src/man/ru/sss-certmap.5.xml @@ -0,0 +1,771 @@ + + + +Справка по SSSD + + + + + sss-certmap + 5 + Форматы файлов и рекомендации + + + + sss-certmap + Правила установления соответствия и сопоставления сертификатов SSSD + + + + ОПИСАНИЕ + + На этой справочной странице приводится описание правил, которые могут +использоваться SSSD и другими компонентами для установления соответствия +сертификатов X.509 и их сопоставления с учётными записями. + + + Каждое правило содержит четыре компонента, приоритет, +правило установления соответствия, правило +сопоставления и список доменов. Все компоненты +являются необязательными. Если отсутствует приоритет, будет +добавлено правило с самым низким приоритетом. Стандартное правило +установления соответствия устанавливает соответствие сертификатов с +использованием ключа digitalSignature и расширенным использованием ключа +clientAuth. Если правило сопоставления не указано, в атрибуте +userCertificate будет выполняться поиск сертификатов как двоичных файлов в +кодировке DER. Если не указаны домены, поиск будет выполняться только в +локальном домене. + + + Чтобы разрешить расширения или совершенно другой стиль правила, +сопоставления и правила соответствия могут +содержать префикс, отделенный символом «:» от основной части +правила. Префикс может содержать только ASCII-буквы верхнего регистра и +цифры. Если префикс опущен, будет использоваться тип по умолчанию: «KRB5» +для правил соответствия и «LDAP» для правил сопоставления. + + + Утилита 'sssctl' предоставляет команду 'cert-eval-rule', предназначенную для +проверки, соответствует ли указанный сертификат правилам соответствия, и +определяет, как будет выглядеть вывод правила сопоставления. + + + + + КОМПОНЕНТЫ ПРАВИЛА + + ПРИОРИТЕТ + + Правила обрабатываются в порядке приоритета. Ноль «0» означает наивысший +приоритет. Чем больше число, тем выше приоритет. Отсутствие значения +означает самый низкий приоритет. Обработка правил останавливается при +обнаружении соответствующего условиям правила, и никакие другие правила уже +не проверяются. + + + На внутреннем уровне приоритет обрабатывается как беззнаковое 32-битное +целое. Использование значения приоритета, превышающего 4294967295, приведёт +к ошибке. + + + Если несколько правил имеют одинаковый приоритет, но только одно +соответствует связанным правилам установления соответствия, будет выбрано +это правило. Если имеется несколько правил с одинаковым приоритетом, которые +соответствуют, будет выбрано одно из них, но не будет определено, какое +именно. Чтобы предотвратить такое неопределённое поведение, следует либо +задать разный приоритет, либо сделать правила установления соответствия +более чёткими (например, с помощью разных шаблонов <ISSUER>). + + + + ПРАВИЛО УСТАНОВЛЕНИЯ СООТВЕТСТВИЯ + + Правило установления соответствия используется для выбора сертификата, к +которому следует применить правило сопоставления. В нём используется +система, похожую на ту, которая используется в параметре +pkinit_cert_match MIT Kerberos. Правило состоит из ключевого +слова, расположенного между «<» и «>», которое идентифицирует +определённую часть сертификата, и шаблона, который должен быть найден для +установления соответствия правила. Несколько пар «ключевое слово — шаблон» +можно соединить с помощью логического оператора «&&» (и) или +«||» (или). + + + Учитывая сходство с MIT Kerberos, префиксом для этого правила является +«KRB5». Но «KRB5» также будет использоваться по умолчанию для правил +установления соответствия, поэтому +«<SUBJECT>.*,DC=MY,DC=DOMAIN» и «KRB5:<SUBJECT>.*,DC= +MY,DC=DOMAIN» эквивалентны. + + + Доступные параметры: + + <SUBJECT>регулярное_выражение + + + Это правило позволяет установить соответствие части или всего имени субъекта +сертификата. Для установления соответствия используется синтаксис +расширенных регулярных выражений POSIX. Подробное описание синтаксиса +доступно на справочной странице regex(7). + + + Для установления соответствия имени субъекта, которое хранится в сертификате +в кодировке DER, ASN.1 преобразуется в строку в соответствии с RFC 4514. Это +означает, что сначала идёт наиболее специфичный компонент имени. Обратите +внимание, что в стандарте RFC 4514 перечислены не все возможные имени +атрибутов. В него включены имена «CN», «L», «ST», «O», «OU», «C», «STREET», +«DC» и «UID». Другие имена атрибутов могут отображаться по-разному на +различных платформах и с помощью различных инструментов. Чтобы избежать +путаницы, рекомендуется не использовать такие имена и не покрывать их +соответствующим регулярным выражением. + + + Пример: <SUBJECT>.*,DC=MY,DC=DOMAIN + + + Обратите внимание, что символы «^.[$()|*+?{\» имеют специальное значение в +регулярных выражениях, поэтому их необходимо экранировать с помощью символа +«\», чтобы программа воспринимала их как обычные символы. + + + Пример: <SUBJECT>^CN=.* \(Admin\),DC=MY,DC=DOMAIN$ + + + + + <ISSUER>регулярное_выражение + + + Это правило позволяет установить соответствие части или всего имени издателя +сертификата. Этого параметра касаются те же комментарии, которые были +указаны для <SUBJECT>. + + + Пример: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$ + + + + + <KU>использование_ключа + + + С помощью этого параметра можно указать, какие значения использования ключа +должен иметь сертификат. В разделённом запятыми списке можно указать +следующие значения: + + digitalSignature + nonRepudiation + keyEncipherment + dataEncipherment + keyAgreement + keyCertSign + cRLSign + encipherOnly + decipherOnly + + + + Для покрытия особых вариантов использования также можно использовать +значение в диапазоне 32-битного беззнакового целого. + + + Пример: <KU>digitalSignature,keyEncipherment + + + + + <EKU>расширенное_использование_ключа + + + С помощью этого параметра можно указать, какие значения расширенного +использования ключа должен иметь сертификат. В разделённом запятыми списке +можно указать следующие значения: + + serverAuth + clientAuth + codeSigning + emailProtection + timeStamping + OCSPSigning + KPClientAuth + pkinit + msScLogin + + + + Расширенные использования ключа, которые не входят в представленный выше +список, можно указать по их OID в десятичной записи. + + + Пример: <EKU>clientAuth,1.3.6.1.5.2.3.4 + + + + + <SAN>регулярное_выражение + + + Для обеспечения совместимости с использованием MIT Kerberos этот параметр +будет устанавливать соответствие участников Kerberos в SAN PKINIT или SAN AD +NT Principal так, как это делает <SAN:Principal>. + + + Пример: <SAN>.*@MY\.REALM + + + + + <SAN:Principal>регулярное_выражение + + + Установить соответствие участников Kerberos в SAN PKINIT или SAN AD NT +Principal. + + + Пример: <SAN:Principal>.*@MY\.REALM + + + + + <SAN:ntPrincipalName>регулярное_выражение + + + Установить соответствие участников Kerberos в SAN AD NT Principal. + + + Пример: <SAN:ntPrincipalName>.*@MY.AD.REALM + + + + + <SAN:pkinit>регулярное_выражение + + + Установить соответствие участников Kerberos в SAN PKINIT. + + + Пример: <SAN:ntPrincipalName>.*@MY\.PKINIT\.REALM + + + + + <SAN:dotted-decimal-oid>регулярное_выражение + + + Взять значение компонента otherName SAN, указанное с помощью OID в +десятичном формате, интерпретировать его как строку и попытаться установить +его соответствие регулярному выражению. + + + Пример: <SAN:1.2.3.4>test + + + + + <SAN:otherName>строка_base64 + + + Выполнить установление двоичного соответствия blob-объекта в кодировке +base64 всем компонентам otherName SAN. С помощью этого параметра возможно +устанавливать соответствие пользовательским компонентам otherName в особых +кодировках, которые не могут обрабатываться как строки. + + + Пример: <SAN:otherName>MTIz + + + + + <SAN:rfc822Name>регулярное_выражение + + + Установить соответствие значения SAN rfc822Name. + + + Пример: <SAN:rfc822Name>.*@email\.domain + + + + + <SAN:dNSName>регулярное_выражение + + + Установить соответствие значения SAN dNSName. + + + Пример: <SAN:dNSName>.*\.my\.dns\.domain + + + + + <SAN:x400Address>строка_base64 + + + Установить двоичное соответствие значения SAN x400Address. + + + Пример: <SAN:x400Address>MTIz + + + + + <SAN:directoryName>регулярное_выражение + + + Установить соответствие значения SAN directoryName. Этого параметра касаются +те же комментарии, которые были указаны для <ISSUER> и +<SUBJECT>. + + + Пример: <SAN:directoryName>.*,DC=com + + + + + <SAN:ediPartyName>строка_base64 + + + Установить двоичное соответствие значения SAN ediPartyName. + + + Пример: <SAN:ediPartyName>MTIz + + + + + <SAN:uniformResourceIdentifier>регулярное_выражение + + + Установить соответствие значения SAN uniformResourceIdentifier. + + + Пример: <SAN:uniformResourceIdentifier>URN:.* + + + + + <SAN:iPAddress>регулярное_выражение + + + Установить соответствие значения SAN iPAddress. + + + Пример: <SAN:iPAddress>192\.168\..* + + + + + <SAN:registeredID>регулярное_выражение + + + Установить соответствие значения SAN registeredID в виде десятичной строки. + + + Пример: <SAN:registeredID>1\.2\.3\..* + + + + + + + + ПРАВИЛО СОПОСТАВЛЕНИЯ + + Правило сопоставления используется для связывания сертификата с одной или +несколькими учётными записями. После этого для прохождения проверки +подлинности в качестве одной из этих учётных записей будет можно +использовать смарт-карту с сертификатом и соответствующим закрытым ключом. + + + В настоящее время SSSD поддерживает поиск данных пользователей в основном +только в LDAP (исключение — поставщик данных прокси, что несущественно в +данном контексте). Поэтому правило сопоставления основано на синтаксисе +фильтра поиска LDAP с шаблонами для добавления содержимого сертификата в +фильтр. Ожидается, что фильтр будет содержать только определённые данные, +необходимые для сопоставления, и что вызывающая сторона внедрит их в другой +фильтр для выполнения фактического поиска. Поэтому строка фильтра должна, +соответственно, начинаться символом «(» и заканчиваться символом «)». + + + В целом, рекомендуется использовать атрибуты из сертификата и добавлять их к +специальным атрибутам объекта пользователя LDAP. Например, можно +использовать атрибут «altSecurityIdentities» в AD или атрибут +«ipaCertMapData» для IPA. + + + Это предпочтительнее чтения относящихся к пользователю данных из сертификата +(например, адреса электронной почты) и поиска этих данных на сервере +LDAP. Дело в том, что относящиеся к пользователю данные в LDAP могут +меняться по ряду причин, и это приведёт к ошибке сопоставления. С другой +стороны, сложно специально вызвать ошибку сопоставления для определённого +пользователя. + + + Типом правила сопоставления по умолчанию является «LDAP», +который можно добавить в качестве префикса к правилу, +например. 'LDAP:(userCertificate;binary={cert!bin})'. Расширение «LDAPU1» +предоставляет дополнительные шаблоны для увеличения гибкости. Чтобы +разрешить устаревшим версиям этой библиотеки игнорировать расширения, при +использовании новых шаблонов в правиле сопоставления должен +быть использован префикс «LDAPU1», иначе работа устаревшей версии этой +библиотеки будет завершена с сообщением об ошибке при обработке входных +данных. Новые шаблоны описаны в разделе . + + + Шаблоны для добавления данных сертификата в фильтр поиска основаны на +строках форматирования в стиле Python. Они состоят из ключевого слова в +фигурных скобках с необязательным указателем подкомпонента, который отделён +знаком «.», или необязательным параметром преобразования/форматирования, +который отделён знаком «!». Допустимые значения: + + {issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]} + + + Этот шаблон добавит полное DN издателя, преобразованное в строку в +соответствии с RFC 4514. Для упорядочения X.500 (самое специфичное RDN в +конце) следует использовать параметр с префиксом «_x500». + + + Параметры преобразования, которые начинаются с «ad_», используют имена +атрибутов, используемые AD (например, «S» вместо «ST»). + + + Параметры преобразования, которые начинаются с «nss_», используют имена +атрибутов, используемые NSS. + + + Стандартным вариантом преобразования является «nss», то есть имена атрибутов +согласно NSS и упорядочение LDAP/RFC 4514. + + + Пример: +(ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!ad}) + + + + + {subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]} + + + Этот шаблон добавит полное DN субъекта, преобразованное в строку в +соответствии с RFC 4514. Для упорядочения X.500 (самое специфичное RDN в +конце) следует использовать параметр с префиксом «_x500». + + + Параметры преобразования, которые начинаются с «ad_», используют имена +атрибутов, используемые AD (например, «S» вместо «ST»). + + + Параметры преобразования, которые начинаются с «nss_», используют имена +атрибутов, используемые NSS. + + + Стандартным вариантом преобразования является «nss», то есть имена атрибутов +согласно NSS и упорядочение LDAP/RFC 4514. + + + Пример: +(ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>{subject_dn!nss_x500}) + + + + + {cert[!(bin|base64)]} + + + Этот шаблон добавит в фильтр поиска весь сертификат в кодировке DER как +строку. В зависимости от значения параметра преобразования двоичный +сертификат будет преобразован либо в экранированную шестнадцатеричную +последовательность «\xx», либо в код base64. Стандартным вариантом является +экранированная шестнадцатеричная последовательность. Она может +использоваться, например, с атрибутом LDAP «userCertificate;binary». + + + Пример: (userCertificate;binary={cert!bin}) + + + + + {subject_principal[.short_name]} + + + Этот шаблон добавит участника Kerberos, взятого либо из SAN, используемого +pkinit, либо из SAN, используемого AD. Компонент «short_name» представляет +первую часть записи участника, до знака «@». + + + Пример: +(|(userPrincipal={subject_principal})(samAccountName={subject_principal.short_name})) + + + + + {subject_pkinit_principal[.short_name]} + + + Этот шаблон добавит участника Kerberos, который указан в SAN, используемом +pkinit. Компонент «short_name» представляет первую часть записи участника, +до знака «@». + + + Пример: +(|(userPrincipal={subject_pkinit_principal})(uid={subject_pkinit_principal.short_name})) + + + + + {subject_nt_principal[.short_name]} + + + Этот шаблон добавит участника Kerberos, который указан в SAN, используемом +AD. Компонент «short_name» представляет первую часть записи участника, до +знака «@». + + + Пример: +(|(userPrincipalName={subject_nt_principal})(samAccountName={subject_nt_principal.short_name})) + + + + + {subject_rfc822_name[.short_name]} + + + Этот шаблон добавит строку, которая хранится в компоненте rfc822Name SAN +(обычно это адрес электронной почты). Компонент «short_name» представляет +первую часть записи адреса, до знака «@». + + + Пример: +(|(mail={subject_rfc822_name})(uid={subject_rfc822_name.short_name})) + + + + + {subject_dns_name[.short_name]} + + + Этот шаблон добавит строку, которая хранится в компоненте dNSName SAN +(обычно это полное имя узла) Компонент «short_name» представляет первую +часть записи имени, до первого знака «.». + + + Пример: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name})) + + + + + {subject_uri} + + + Этот шаблон добавит строку, которая хранится в компоненте +uniformResourceIdentifier SAN. + + + Пример: (uri={subject_uri}) + + + + + {subject_ip_address} + + + Этот шаблон добавит строку, которая хранится в компоненте iPAddress SAN. + + + Пример: (ip={subject_ip_address}) + + + + + {subject_x400_address} + + + Этот шаблон добавит значение, которое хранится в компоненте x400Address SAN +как экранированная шестнадцатеричная последовательность. + + + Пример: (attr:binary={subject_x400_address}) + + + + + {subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]} + + + Этот шаблон добавит строку DN значения, которое хранится в компоненте +directoryName SAN. + + + Пример: (orig_dn={subject_directory_name}) + + + + + {subject_ediparty_name} + + + Этот шаблон добавит значение, которое хранится в компоненте ediPartyName SAN +как экранированная шестнадцатеричная последовательность. + + + Пример: (attr:binary={subject_ediparty_name}) + + + + + {subject_registered_id} + + + Этот шаблон добавит OID, который хранится в компоненте registeredID SAN как +десятичная строка. + + + Пример: (oid={subject_registered_id}) + + + + + + + Расширение LDAPU1 + + При использовании расширения «LDAPU1» доступны следующие шаблоны: + + + + + {serial_number[!(dec|hex[_ucr])]} + + + Этот шаблон добавит серийный номер сертификата. По умолчанию он будет +напечатан как шестнадцатеричное число буквами нижнего регистра. + + + Если используется параметр форматирования «!dec», число будет выведено в +виде десятичной строки. Шестнадцатеричный вывод может быть показан буквами в +верхнем регистре («!hex_u»), с двоеточием, разделяющим шестнадцатеричные +байты («!hex_c»), или с шестнадцатеричными байтами в обратном порядке +(«!hex_r»). Буквы постфикса можно комбинировать, например, «!hex_uc» +приведет к выводу шестнадцатеричной строки, разделенной двоеточием, с +буквами в верхнем регистре. + + + Пример: LDAPU1:(serial={серийный_номер}) + + + + + + {subject_key_id[!hex[_ucr]]} + + + Этот шаблон добавит идентификатор ключа назначения сертификата. По умолчанию +он будет напечатан как шестнадцатеричное число буквами нижнего регистра. + + + Шестнадцатеричный вывод может быть показан буквами в верхнем регистре +(«!hex_u»), с двоеточием, разделяющим шестнадцатеричные байты («!hex_c»), +или с шестнадцатеричными байтами в обратном порядке («!hex_r»). Буквы +постфикса можно комбинировать, например, «!hex_uc» приведет к выводу +шестнадцатеричной строки, разделенной двоеточием, с буквами в верхнем +регистре. + + + Пример: LDAPU1:(ski={subject_key_id}) + + + + + + {cert[!DIGEST[_ucr]]} + + + Этот шаблон добавит шестнадцатеричную контрольную сумму или хэш к +сертификату. Запись DIGEST должна быть заменена названием функции +контрольной суммы или хэша, поддержка которых предусмотрена в OpenSSL, +например. «sha512». + + + Шестнадцатеричный вывод может быть показан буквами в верхнем регистре +(«!sha512_u»), с двоеточием, разделяющим шестнадцатеричные байты +(«!sha512_c»), или с шестнадцатеричными байтами в обратном порядке +(«!sha512_r»). Буквы постфикса можно комбинировать, например, «!sha512_uc» +приведет к выводу шестнадцатеричной строки, разделенной двоеточием, с +буквами в верхнем регистре. + + + Пример: LDAPU1:(dgst={cert!sha256}) + + + + + + {subject_dn_component[(.attr_name|[number]]} + + + Этот шаблон добавит значение атрибуту компонента DN субъекта, по умолчанию +значением является самый специфический компонент. + + + Другой компонент может быть выбран по имени атрибута, например, +{subject_dn_component.uid} или по позиции, например, +{subject_dn_component.[2]}, где положительные числа означают отсчет от +наиболее специфичного компонента, а отрицательные числа — от наименее +специфичного компонента. Название атрибута и позиция могут быть объединены, +например, {subject_dn_component.uid[2]} означает, что имя второго компонента +должно быть «uid». + + + Пример: LDAPU1:(uid={subject_dn_component.uid}) + + + + + + {issuer_dn_component[(.attr_name|[number]]} + + + Этот шаблон добавит значение атрибуту компонента DN издателя, по умолчанию +значением является самый специфический компонент. + + + См. раздел «subject_dn_component» для получения более подробной информации о +названиях атрибутов и спецификаторов позиции. + + + Пример: +LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component.dc[-1]}) + + + + + {sid[.rid]} + + + Этот шаблон добавит SID, если доступно соответствующее расширение, +представленное Microsoft с OID 1.3.6.1.4.1.311.25.2. С помощью селектора +«.rid» будет добавлен только последний компонент, то есть RID. + + + Пример: LDAPU1:(objectsid={sid}) + + + + + + + + + СПИСОК ДОМЕНОВ + + Когда список доменов не пуст, поиск пользователей, сопоставленных указанному +сертификату, будет выполняться не только в локальном домене, но также и в +перечисленных в списке доменах, если они известны SSSD. Домены, которые +неизвестны SSSD, будут игнорироваться. + + + + + diff --git a/src/man/ru/sss_cache.8.xml b/src/man/ru/sss_cache.8.xml new file mode 100644 index 0000000..6e1099d --- /dev/null +++ b/src/man/ru/sss_cache.8.xml @@ -0,0 +1,268 @@ + + + +Справка по SSSD + + + + + sss_cache + 8 + + + + sss_cache + выполнить очистку кэша + + + + +sss_cache +options + + + + ОПИСАНИЕ + + sss_cache объявляет недействительными записи в кэше +SSSD. Объявленные недействительными записи принудительно повторно +загружаются с сервера, как только соответствующий внутренний сервер SSSD +появляется в сети. Параметры, объявляющие недействительность одного объекта, +принимают только один предоставленный аргумент. + + + + + ОПЦИИ + + + + , + + + + Объявить недействительными все кэшированные записи. + + + + + + , login + + + + Объявить недействительным определённого пользователя. + + + + + + , + + + + Объявить недействительными все записи пользователей. Этот параметр имеет +приоритет над параметром, который объявляет недействительным определённого +пользователя, если он также был задан. + + + + + + , +group + + + + Объявить недействительной определённую группу. + + + + + + , + + + + Объявить недействительными все записи групп. Этот параметр имеет приоритет +над параметром, который объявляет недействительной определённую группу, если +он также был задан. + + + + + + , +netgroup + + + + Объявить недействительной определённую сетевую группу. + + + + + + , + + + + Объявить недействительными все записи сетевых групп. Этот параметр имеет +приоритет над параметром, который объявляет недействительной определённую +сетевую группу, если он также был задан. + + + + + + , +service + + + + Объявить недействительной определённую службу. + + + + + + , + + + + Объявить недействительными все записи служб. Этот параметр имеет приоритет +над параметром, который объявляет недействительной определённую службу, если +он также был задан. + + + + + + , +autofs-map + + + + Объявить недействительной определённую карту autofs. + + + + + + , + + + + Объявить недействительными все карты autofs. Этот параметр имеет приоритет +над параметром, который объявляет недействительной определённую карту +autofs, если он также был задан. + + + + + + , +hostname + + + + Объявить недействительными открытые ключи SSH определённого узла. + + + + + + , + + + + Объявить недействительными открытые ключи SSH всех узлов. Этот параметр +имеет приоритет над параметром, который объявляет недействительными открытые +ключи SSH определённого узла, если он также был задан. + + + + + + , +rule + + + + Объявить недействительным определённое правило sudo. + + + + + + , + + + + Объявить недействительными все кэшированные правила sudo. Этот параметр +имеет приоритет над параметром, который объявляет недействительным +определённое правило sudo, если он также был задан. + + + + + + , +domain + + + + Ограничить процесс объявления недействительности определённым доменом. + + + + + + + + + ВЛИЯНИЕ НА КЭШ В СВЕРХОПЕРАТИВНОЙ ПАМЯТИ + + sss_cache также объявляет недействительным кэш в +памяти. Так как кэш в памяти является файлом, который сопоставляется с +памятью каждого процесса, который вызывал SSSD для разрешения пользователей +или групп, этот файл не может быть усечён. В заголовке файла указывается +специальный флаг, который обозначает недействительность содержимого, и затем +ответчик NSS SSSD выполняет отмену связи этого файла, после чего создаётся +новый файл кэша. Теперь, когда процесс выполняет новый поиск пользователя +или группы, он видит флаг, закрывает старый файл кэша в памяти и +сопоставляет со своей памятью новый файл. Когда все процессы, которые +открывали старый файл кэша в памяти, закроют его при поиске пользователя или +группы, ядро сможет освободить занятое пространство на диске и старый файл +кэша в памяти будет полностью удалён. + + + Особый случай представляют длительно выполняемые процессы, которые +осуществляют поиск пользователей или групп только при запуске (например, +чтобы определить имя пользователя, от имени которого запущен процесс). Для +такого поиска файл кэша в памяти сопоставляется с памятью процесса. Но, так +как дальнейшего поиска не будет, этот процесс никогда не определит, был ли +объявлен недействительным файл кэша в памяти, и поэтому он будет оставлен в +памяти и будет занимать пространство на диске до тех пор, пока процесс не +остановится. Следовательно, вызов sss_cache может +увеличить использование места на диске, потому что старые файлы кэша в +памяти не могут быть удалены с диска, так как они всё ещё сопоставляются +длительно выполняемыми процессами. + + + Чтобы обойти эту проблему для длительно выполняемых процессов, которые +выполняют поиск пользователей и групп только при запуске или очень редко, +можно запускать их с переменной среды SSS_NSS_USE_MEMCACHE, установленной в +значение «NO»: в этом случае они вообще не будут использовать кэш в памяти и +не будут сопоставлять файл кэша в памяти с памятью. В целом, лучшим решением +проблемы будет настроить параметры тайм-аута кэша таким образом, чтобы они +соответствовали локальным ожиданиям и не требовался вызов +sss_cache. + + + + + + + diff --git a/src/man/ru/sss_debuglevel.8.xml b/src/man/ru/sss_debuglevel.8.xml new file mode 100644 index 0000000..3a49ea3 --- /dev/null +++ b/src/man/ru/sss_debuglevel.8.xml @@ -0,0 +1,38 @@ + + + +Справка по SSSD + + + + + sss_debuglevel + 8 + + + + sss_debuglevel + [НЕ РЕКОМЕНДУЕТСЯ] изменить уровень отладки во время работы SSSD + + + + +sss_debuglevel +параметры НОВЫЙ_УРОВЕНЬ_ОТЛАДКИ + + + + ОПИСАНИЕ + + sss_debuglevel устарела и заменена командой debug-level +sssctl. Дополнительные сведения об использовании sssctl доступны на +man-странице sssctl. + + + + + + + diff --git a/src/man/ru/sss_obfuscate.8.xml b/src/man/ru/sss_obfuscate.8.xml new file mode 100644 index 0000000..7d62fe7 --- /dev/null +++ b/src/man/ru/sss_obfuscate.8.xml @@ -0,0 +1,97 @@ + + + +Справка по SSSD + + + + + sss_obfuscate + 8 + + + + sss_obfuscate + скрыть открытый пароль + + + + +sss_obfuscate +параметры [ПАРОЛЬ] + + + + ОПИСАНИЕ + + sss_obfuscate преобразует указанный пароль в формат, +нечитаемый человеком, и помещает его в соответствующем разделе домена файла +конфигурации SSSD. + + + Открытый пароль читается из потока стандартного ввода или вводится в +интерактивном режиме. Скрытый пароль помещается в параметр +ldap_default_authtok указанного домена SSSD, и параметр +ldap_default_authtok_type устанавливается в значение +obfuscated_password. Дополнительные сведения об этих +параметрах доступны на справочной странице +sssd-ldap 5 +. + + + Обратите внимание, что скрытие пароля на самом деле не повышает +уровень безопасности, так как злоумышленник всё равно сможет +реконструировать пароль. Настоятельно рекомендуется +использовать более совершенные механизмы проверки подлинности (например, +сертификаты на стороне клиента или GSSAPI). + + + + + ОПЦИИ + + + + + , + + + + Пароль для скрытия будет прочитан из потока стандартного ввода. + + + + + + , +DOMAIN + + + + Домен SSSD, в котором используется пароль. Имя по умолчанию: +default. + + + + + + , FILE + + + + Прочитать файл конфигурации, указанный с помощью позиционного параметра. + + + По умолчанию: /etc/sssd/sssd.conf + + + + + + + + + + diff --git a/src/man/ru/sss_override.8.xml b/src/man/ru/sss_override.8.xml new file mode 100644 index 0000000..69a1d73 --- /dev/null +++ b/src/man/ru/sss_override.8.xml @@ -0,0 +1,266 @@ + + + +Справка по SSSD + + + + + sss_override + 8 + + + + sss_override + создать локальные переопределения атрибутов пользователя и группы + + + + +sss_override КОМАНДА +параметры + + + + ОПИСАНИЕ + + sss_override позволяет создать представление на стороне +клиента и изменить выбранные значения для определённых пользователей и +групп. Изменения будут применены только на локальном компьютере. + + + Данные переопределений хранятся в кэше SSSD. При удалении кэша все локальные +переопределения будут потеряны. Обратите внимание, что после создания +первого переопределения с помощью любой из следующих команд: +user-add, group-add, +user-import или group-import, +необходимо перезапустить SSSD для вступления изменений в силу. Когда +требуется перезапуск, sss_override отображает +соответствующее сообщение. + + + ПРИМЕЧАНИЕ: представленные на этой справочной странице +параметры работают только для значений ldap и +AD параметра id_provider. Переопределениями +IPA можно управлять централизованно на сервере IPA. + + + + + ДОСТУПНЫЕ КОМАНДЫ + + Аргумент NAME — это имя исходного объекта во всех +командах. Невозможно переопределить uid или +gid в значение «0». + + + + + NAME + NAME + UID + GID + HOME + SHELL + GECOS + BASE64 ENCODED +CERTIFICATE + + + + Переопределить атрибуты пользователя. Следует учитывать, что при вызове этой +команды для указанного по имени (NAME) пользователя будет заменено +предыдущее переопределение, если таковое имеется. + + + + + + NAME + + + + Удалить переопределения пользователя. Необходимо учитывать, что +переопределённые атрибуты могут быть возвращены из кэша в памяти. Подробные +сведения доступны в описании параметра SSSD +memcache_timeout. + + + + + + +DOMAIN + + + + Вывести список всех пользователей, для которых заданы переопределения. Если +параметр DOMAIN задан, будут показаны только +пользователи из указанного домена. + + + + + + NAME + + + + Показать переопределения пользователя. + + + + + + FILE + + + + Импортировать переопределения пользователя из +FILE. Формат данных аналогичен стандартному файлу +passwd. Формат: + + + original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate + + + где original_name — исходное имя пользователя, атрибуты которого следует +переопределить. Остальные поля соответствуют новым значениям. Чтобы не +указывать значение, просто оставьте соответствующее поле пустым. + + + Примеры: + + + ckent:superman:::::: + + + ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash: + + + + + + FILE + + + + Экспортировать все переопределённые атрибуты и сохранить их в +FILE. Сведения о формате данных доступны в описании +команды user-import. + + + + + + NAME + NAME + GID + + + + Переопределить атрибуты группы. Следует учитывать, что при вызове этой +команды для указанной по имени (NAME) группы будет заменено предыдущее +переопределение, если таковое имеется. + + + + + + NAME + + + + Удалить переопределения группы. Необходимо учитывать, что переопределённые +атрибуты могут быть возвращены из кэша в памяти. Подробные сведения доступны +в описании параметра SSSD memcache_timeout. + + + + + + +DOMAIN + + + + Вывести список всех групп, для которых заданы переопределения. Если параметр +DOMAIN задан, будут показаны только группы из +указанного домена. + + + + + + NAME + + + + Показать переопределения группы. + + + + + + FILE + + + + Импортировать переопределения группы из FILE. Формат +данных аналогичен стандартному файлу group. Формат: + + + original_name:name:gid + + + где original_name — исходное имя группы, атрибуты которой следует +переопределить. Остальные поля соответствуют новым значениям. Чтобы не +указывать значение, просто оставьте соответствующее поле пустым. + + + Примеры: + + + admins:administrators: + + + Domain Users:Users:501 + + + + + + FILE + + + + Экспортировать все переопределённые атрибуты и сохранить их в +FILE. Сведения о формате данных доступны в описании +команды group-import. + + + + + + + + ОБЩИЕ ПАРАМЕТРЫ + + Эти параметры доступны для всех команд. + + + + + LEVEL + + + + + + + + + + diff --git a/src/man/ru/sss_rpcidmapd.5.xml b/src/man/ru/sss_rpcidmapd.5.xml new file mode 100644 index 0000000..7c746e9 --- /dev/null +++ b/src/man/ru/sss_rpcidmapd.5.xml @@ -0,0 +1,112 @@ + + + +Справка по SSSD + + +Модуль SSS rpc.idmapd +Noam Meltzer +Primary Data Inc. Разработчик +(2013—2014) Noam +Meltzer Разработчик (2014—) +tsnoam@gmail.com + + + sss_rpcidmapd + 5 + Форматы файлов и рекомендации + + + + sss_rpcidmapd + инструкции по настройке модуля sss для rpc.idmapd + + + + ФАЙЛ КОНФИГУРАЦИИ + + Файл конфигурации rpc.idmapd обычно находится здесь: +/etc/idmapd.conf. Дополнительные сведения доступны на +справочной странице +idmapd.conf 5 +. + + + + + РАСШИРЕНИЕ КОНФИГУРАЦИИ SSS + + Включить модуль SSS + + В разделе [Translation] измените или укажите атрибут +Method, чтобы он содержал sss. + + + + Раздел конфигурации [sss] + + Чтобы изменить стандартное значение одного из указанных ниже атрибутов +конфигурации модуля sss, для него потребуется создать +соответствующий раздел конфигурации с именем [sss]. + + + Атрибуты конфигурации + + memcache (логическое значение) + + + Обозначает, следует ли использовать технику оптимизации memcache. + + + По умолчанию: true + + + + + + + + + ИНТЕГРАЦИЯ SSSD + + Для работы модуля SSS необходимо включить в SSSD ответчик +NSS. + + + Атрибут use_fully_qualified_names необходимо включить для +всех доменов (клиенты NFSv4 ожидают передачи полного имени «на лету»). + + + + + ПРИМЕР + + В следующем примере показан минимальный idmapd.conf, где используется модуль +sss. +[General] +Verbosity = 2 +# домен должен быть синхронизирован между сервером NFSv4 и клиентами +# в Solaris/Illumos/AIX по умолчанию используется «localdomain»! +Domain = default + +[Mapping] +Nobody-User = nfsnobody +Nobody-Group = nfsnobody + +[Translation] +Method = sss + + + + + + СМ. ТАКЖЕ + + sssd8 +, idmapd.conf +5 + + + + diff --git a/src/man/ru/sss_seed.8.xml b/src/man/ru/sss_seed.8.xml new file mode 100644 index 0000000..673e50d --- /dev/null +++ b/src/man/ru/sss_seed.8.xml @@ -0,0 +1,167 @@ + + + +Справка по SSSD + + + + + sss_seed + 8 + + + + sss_seed + пополнить кэш SSSD данными пользователя + + + + +sss_seed +options -D +DOMAIN -n +USER + + + + ОПИСАНИЕ + + sss_seed пополняет кэш SSSD записью пользователя и +временным паролем. Если запись пользователя уже присутствует в кэше SSSD, +она будет обновлена данными временного пароля. + + + + + + + ОПЦИИ + + + + , +DOMAIN + + + + Указать имя домена, участником которого является пользователь. Домен также +используется для получения данных пользователя. Домен необходимо настроить в +sssd.conf. Необходимо задать параметр DOMAIN. +Данные, полученные от домена, имеют приоритет над данными, указанными с +помощью параметров. + + + + + + , +USER + + + + Имя пользователя, запись которого следует создать или изменить в +кэше. Необходимо указать параметр ПОЛЬЗОВАТЕЛЬ. + + + + + + , UID + + + + Установить UID пользователя в значение UID. + + + + + + , GID + + + + Установить GID пользователя в значение GID. + + + + + + , +КОММЕНТАРИЙ + + + + Любая текстовая строка, описывающая пользователя. Часто используется в +качестве поля для полного имени пользователя. + + + + + + , +ДОМАШНИЙ_КАТАЛОГ + + + + Установить домашний каталог пользователя в значение +ДОМАШНИЙ_КАТАЛОГ. + + + + + + , +ОБОЛОЧКА + + + + Установить командную оболочку входа пользователя в значение +ОБОЛОЧКА. + + + + + + , + + + + Интерактивный режим ввода данных пользователя. При использовании этого +параметра программа отправляет запрос только тех данных, которые не были +получены из параметров команды или домена. + + + + + + , +ФАЙЛ_ПАРОЛЕЙ + + + + Позволяет указать файл, из которого следует прочитать пароль +пользователя. Если значение не указано, программа запросит пароль + + + + + + + + + ПРИМЕЧАНИЯ + + Длина пароля (или размер файла, указанного с помощью параметра -p или +--password-file) должна быть меньше или равна PASS_MAX байт (64 байт в +системах, где значение PASS_MAX не задано глобально). + + + + + + + + + + diff --git a/src/man/ru/sss_ssh_authorizedkeys.1.xml b/src/man/ru/sss_ssh_authorizedkeys.1.xml new file mode 100644 index 0000000..55a9e0d --- /dev/null +++ b/src/man/ru/sss_ssh_authorizedkeys.1.xml @@ -0,0 +1,145 @@ + + + +Справка по SSSD + + + + + sss_ssh_authorizedkeys + 1 + + + + sss_ssh_authorizedkeys + получить авторизованные ключи OpenSSH + + + + +sss_ssh_authorizedkeys +options USER + + + + ОПИСАНИЕ + + sss_ssh_authorizedkeys получает открытые ключи SSH для +пользователя USER и выводит их в формате +authorized_keys OpenSSH (дополнительные сведения доступны в разделе +ФОРМАТ ФАЙЛА AUTHORIZED_KEYS справочной страницы +sshd +8). + + + sshd +8 можно настроить на использование +sss_ssh_authorizedkeys для проверки подлинности +пользователей по открытым ключам, если программа собрана с поддержкой +параметра AuthorizedKeysCommand. Дополнительные сведения об +этом параметре доступны на справочной странице +sshd_config +5. + + + Если параметр AuthorizedKeysCommand поддерживается, +sshd +8 можно настроить на его +использование, поместив следующие инструкции в +sshd_config +5: + AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys + AuthorizedKeysCommandUser nobody + + + + + КЛЮЧИ ИЗ СЕРТИФИКАТОВ + + Помимо открытых ключей SSH для пользователя USER, +sss_ssh_authorizedkeys может также возвращать открытые +ключи SSH, производные от открытого ключа сертификата X.509. + + + Чтобы включить эту возможность, необходимо установить параметр +ssh_use_certificate_keys в значение «true» (по умолчанию) в +разделе [ssh] файла sssd.conf. Если запись пользователя +содержит сертификаты (подробные сведения доступны в описании параметра +ldap_user_certificate на справочной странице +sssd-ldap +5) или имеется сертификат в записи +переопределения для пользователя (подробные сведения доступны на справочной +страницеsss_override +8 или +sssd-ipa +5) и этот сертификат действителен, то +SSSD извлечёт открытый ключ из сертификата и преобразует его в формат, +ожидаемый sshd. + + + Помимо ssh_use_certificate_keys, параметры + + ca_db + p11_child_timeout + certificate_verification + + могут использоваться для управления способом проверки сертификатов +(подробные сведения доступны на справочной странице +sssd.conf +5). + + + Проверка действительности — то преимущество, которое даёт использование +сертификатов X.509 вместо непосредственно ключей SSH; это позволяет лучше +управлять временем жизни ключей. Когда клиент SSH настроен на использование +закрытых ключей со смарт-карты с помощью общей библиотеки PKCS#11 (подробные +сведения доступны на справочной странице +ssh +1), может раздражать то, что проверка +подлинности продолжает работать даже в случае истечения срока действия +соответствующего сертификата X.509 на смарт-карте, так как ни +ssh, ни sshd не принимают сертификат +во внимание. + + + Следует отметить, что производный открытый ключ SSH можно добавить в +файлauthorized_keys пользователя для обхода проверки +действительности сертификата, если это позволяет конфигурация +sshd. + + + + + + ОПЦИИ + + + + , +DOMAIN + + + + Искать открытые ключи пользователя в домене SSSD +DOMAIN. + + + + + + + + + СОСТОЯНИЕ ВЫХОДА + + В случае успеха возвращается значение состояния выхода «0». В ином случае +возвращается «1». + + + + + + + diff --git a/src/man/ru/sss_ssh_knownhostsproxy.1.xml b/src/man/ru/sss_ssh_knownhostsproxy.1.xml new file mode 100644 index 0000000..f7aa59b --- /dev/null +++ b/src/man/ru/sss_ssh_knownhostsproxy.1.xml @@ -0,0 +1,106 @@ + + + +Справка по SSSD + + + + + sss_ssh_knownhostsproxy + 1 + + + + sss_ssh_knownhostsproxy + получить ключи OpenSSH узла + + + + +sss_ssh_knownhostsproxy +options HOST PROXY_COMMAND + + + + ОПИСАНИЕ + + sss_ssh_knownhostsproxy получает открытые ключи SSH узла +для узла HOST, сохраняет их в пользовательском +файле known_hosts OpenSSH (подробные сведения доступны в разделе +ФОРМАТ ФАЙЛА SSH_KNOWN_HOSTS справочной страницы +sshd +8) +/var/lib/sss/pubconf/known_hosts и устанавливает +подключение к узлу. + + + Если указано значение PROXY_COMMAND, оно будет +использовано для создания подключения к узлу вместо открытия сокета. + + + ssh +1 можно настроить на использование +sss_ssh_knownhostsproxy для проверки подлинности ключа +узла с помощью следующих инструкций по настройке +ssh +1: +ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h +GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts + + + + + + ОПЦИИ + + + + , PORT + + + + Использовать порт PORT для подключения к узлу. По +умолчанию используется порт 22. + + + + + + , +DOMAIN + + + + Искать открытые ключи узла в домене SSSD DOMAIN. + + + + + + , + + + + Вывести открытые ключи SSH узла для узла HOST. + + + + + + + + + СОСТОЯНИЕ ВЫХОДА + + В случае успеха возвращается значение состояния выхода «0». В ином случае +возвращается «1». + + + + + + + diff --git a/src/man/ru/sssctl.8.xml b/src/man/ru/sssctl.8.xml new file mode 100644 index 0000000..362e56b --- /dev/null +++ b/src/man/ru/sssctl.8.xml @@ -0,0 +1,65 @@ + + + +Справка по SSSD + + + + + sssctl + 8 + + + + sssctl + утилита управления и состояния SSSD + + + + +sssctl КОМАНДА +параметры + + + + ОПИСАНИЕ + + sssctl предоставляет простой унифицированный способ +получения данных о состоянии SSSD (в частности, активного сервера, +автоматически обнаруженных серверов, доменов и кэшированных объектов). Кроме +того, программа позволяет управлять файлами данных SSSD для устранения +неполадок таким образом, что с ними можно безопасно работать, когда +выполняется SSSD. + + + + + ДОСТУПНЫЕ КОМАНДЫ + + Чтобы вывести все доступные команды, выполните sssctl без +каких-либо параметров. Чтобы вывести справку по выбранной команде, выполните +sssctl КОМАНДА --help. + + + + + ОБЩИЕ ПАРАМЕТРЫ + + Эти параметры доступны для всех команд. + + + + + LEVEL + + + + + + + + + + diff --git a/src/man/ru/sssd-ad.5.xml b/src/man/ru/sssd-ad.5.xml new file mode 100644 index 0000000..c03ef64 --- /dev/null +++ b/src/man/ru/sssd-ad.5.xml @@ -0,0 +1,1331 @@ + + + +Справка по SSSD + + + + + sssd-ad + 5 + Форматы файлов и рекомендации + + + + sssd-ad + Поставщик Active Directory SSSD + + + + ОПИСАНИЕ + + На этой справочной странице представлено описание настройки поставщика +данных AD для sssd +8 . Подробные сведения о синтаксисе +доступны в разделе ФОРМАТ ФАЙЛА справочной страницы + sssd.conf +5 . + + + Поставщик данных AD — это внутренний сервер, который используется для +подключения к серверу Active Directory. Для работы этого поставщика +необходимо, чтобы компьютер был присоединён к домену AD и чтобы была +доступна таблица ключей. Обмен данными с внутренним сервером выполняется по +каналу с шифрованием GSSAPI. С поставщиком данных AD не следует использовать +параметры SSL/TLS, поскольку использование Kerberos будет иметь приоритет +над ними. + + + Поставщик данных AD поддерживает подключение к Active Directory 2008 R2 или +выше. Работа с предшествующими версиями возможна, но не поддерживается. + + + Поставщик данных AD может использоваться для получения данных пользователей +и проверки подлинности пользователей из доверенных доменов. В настоящее +время распознаются только домены, находящиеся в одном и том же лесу. Кроме +того, серверы из доверенных доменов всегда обнаруживаются автоматически. + + + Поставщик данных AD позволяет SSSD использовать поставщика данных +идентификации sssd-ldap +5 и поставщика данных проверки +подлинности sssd-krb5 +5 с оптимизацией для сред Active +Directory. Поставщик данных AD принимает те же параметры, которые +используются поставщиками sssd-ldap и sssd-krb5 providers, за некоторыми +исключениями. Но установка этих параметров не является ни необходимой, ни +рекомендуемой. + + + Поставщик данных AD в основном копирует стандартные параметры традиционных +поставщиков данных ldap и krb5, за некоторыми исключениями. Список различий +доступен в разделе ИЗМЕНЁННЫЕ СТАНДАРТНЫЕ ПАРАМЕТРЫ. + + + Поставщик данных AD также может использоваться в качестве поставщика данных +управления доступом, chpass, sudo и autofs. Конфигурация поставщика доступа +на стороне клиента не требуется. + + + Если в sssd.conf указано auth_provider=ad или +access_provider=ad, параметр id_provider тоже необходимо +установить в значение ad. + + + По умолчанию поставщик данных AD сопоставляет значения UID и GID из +параметра objectSID в Active Directory. Подробные сведения об этом доступны +в разделе СОПОСТАВЛЕНИЕ ИДЕНТИФИКАТОРОВ ниже. Если требуется +отключить сопоставление идентификаторов и полагаться на атрибуты POSIX, +определённые в Active Directory, следует указать +ldap_id_mapping = False + Если должны быть использованы атрибуты POSIX, +в целях повышения производительности рекомендуется также реплицировать эти +атрибуты в глобальный каталог. Если атрибуты POSIX реплицируются, SSSD +попытается найти домен по числовому идентификатору из запроса с помощью +глобального каталога и выполнит поиск в этом домене. Если же атрибуты POSIX +не реплицируются в глобальный каталог, SSSD придётся последовательно +выполнить поиск во всех доменах в лесу. Обратите внимание, что для ускорения +поиска без доменов также может быть полезным использование параметра +cache_first. Учтите, что если в глобальном каталоге +присутствует только подмножество атрибутов POSIX, из порта LDAP не будет +выполняться чтение нереплицированных атрибутов. + + + Регистр записей пользователей, групп и других сущностей, обслуживаемых SSSD, +никогда не учитывается поставщиком данных AD в целях обеспечения +совместимости с реализацией LDAP Active Directory. + + + SSSD разрешает только группы безопасности Active Directory. Дополнительные +сведения о типах групп AD см. в разделе +Группы безопасности Active Directory + + + SSSD отфильтровывает локальные для домена группы от удалённых доменов в лесу +AD. По умолчанию группы будут отфильтрованы (например, при следовании по +иерархии вложенных групп в удалённых доменах), так не являются +действительными в локальном домене. Это сделано для обеспечения +согласованности с назначением групп и участия в них Active Directory, +которое можно увидеть в PAC билете Kerberos пользователя, выданного Active +Directory. + + + + + ПАРАМЕТРЫ КОНФИГУРАЦИИ + Сведения о конфигурации домена SSSD доступны в разделе РАЗДЕЛЫ +ДОМЕНА справочной страницы +sssd.conf 5 +. + + ad_domain (строка) + + + Позволяет указать имя домена Active Directory. Это необязательно. Если имя +не указано, используется имя домена в конфигурации. + + + Для корректной работы этот параметр следует указывать в формате записи +полной версии имени домена Active Directory в нижнем регистре. + + + Краткое имя домена (также называется именем NetBIOS или плоским именем) +автоматически определяется SSSD. + + + + + + ad_enabled_domains (строка) + + + A comma-separated list of enabled Active Directory domains. If provided, +SSSD will ignore any domains not listed in this option. If left unset, all +discovered domains from the AD forest will be available. + + + During the discovery of the domains SSSD will filter out some domains where +flags or attributes indicate that they do not belong to the local forest or +are not trusted. If ad_enabled_domains is set, SSSD will try to enable all +listed domains. + + + Для корректной работы этот параметр должен быть указан полностью в нижнем +регистре и как полное доменное имя домена Active Directory. Например: + +ad_enabled_domains = sales.example.com, eng.example.com + + + + Краткое имя домена (также называется именем NetBIOS или плоским именем) +будет автоматически определено SSSD. + + + По умолчанию: не задано + + + + + + ad_server, ad_backup_server (строка) + + + Разделённый запятыми список имён узлов серверов AD, к которым SSSD следует +подключаться в порядке приоритета. Дополнительные сведения об отработке +отказа и избыточности сервера доступны в разделе ОТРАБОТКА +ОТКАЗА. + + + Этот параметр является необязательным, если включено автоматическое +обнаружение служб. Дополнительные сведения об обнаружении служб доступны в +разделе ОБНАРУЖЕНИЕ СЛУЖБ. + + + Примечание: доверенные домены всегда автоматически обнаруживают серверы, +даже если в параметре ad_server явно определён основной сервер. + + + + + + ad_hostname (строка) + + + Необязательный параметр. На компьютерах, где hostname(5) не содержит полное +имя, sssd будет пытаться расширить краткое имя. Если это невозможно или если +следует использовать именно краткое имя, необходимо явно указать этот +параметр. + + + Это поле используется для определения используемого участника-узла в таблице +ключей и выполнения динамических обновлений DNS. Его значение должно +соответствовать имени узла, для которого была выпущена таблица ключей. + + + + + + ad_enable_dns_sites (логическое значение) + + + Включить сайты DNS — обнаружение служб по расположению. + + + Если этот параметр установлен в значение «true» и включено обнаружение служб +(смотрите абзац об обнаружении служб в нижней части справочной страницы), +SSSD сначала попытается обнаружить сервер Active Directory, к которому +следует подключиться, с помощью возможности обнаружения сайтов Active +Directory, а затем, если сайт AD не удастся найти, будет использовать записи +SRV DNS. Конфигурация SRV DNS, включая домен обнаружения, используется также +и при обнаружении сайтов. + + + По умолчанию: true + + + + + + ad_access_filter (строка) + + + Этот параметр позволяет указать фильтр управления доступом LDAP, условиям +которого должен соответствовать пользователь для получения доступа. Обратите +внимание, что этот параметр будет работать только в том случае, если +параметр access_provider явно установлен в значение +ad. + + + Этот параметр также поддерживает указание разных фильтров для отдельных +доменов или лесов. Такой расширенный фильтр имеет следующий формат: +KEYWORD:NAME:FILTER. Ключевым словом может быть +DOM или FOREST, а также оно может +отсутствовать. + + + Если в качестве ключевого слова используется DOM или если +ключевое слово не указано, NAME указывает домен или поддомен, +к которому применяется фильтр. Если в качестве ключевого слова используется +FOREST, фильтр применяется ко всем доменам из леса, +указанного значением NAME. + + + Несколько фильтров можно разделить с помощью символа ?, +аналогично работе баз поиска. + + + Поиск участия во вложенных группах выполняется с помощью специального OID +:1.2.840.113556.1.4.1941: в дополнение к полной +синтаксической конструкции DOM:domain.example.org:, чтобы средство обработки +не пыталось интерпретировать символы двоеточия, связанные с OID. Без +использования этого OID разрешение участия во вложенных группах не будет +выполняться. Пример использования приводится ниже, а дополнительные сведения +о OID доступны в разделе +технической спецификации Active Directory MS, посвящённом расширениям +LDAP + + + Всегда используется совпадение с наивысшим уровнем соответствия. Например, +если с помощью параметра задан фильтр для домена, участником которого +является пользователь, и глобальный фильтр, будет применяться фильтр для +домена. Если имеется несколько совпадений с одинаковым уровнем соответствия, +будет использоваться первое из них. + + + Примеры: + + +# применить фильтр только для домена с именем dom1: +dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com) + +# применить фильтр только для домена с именем dom2: +DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com) + +# применить фильтр только для леса с именем EXAMPLE.COM: +FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com) + +# применить фильтр для участника вложенной группы в dom1: +DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com) + + + По умолчанию: не задано + + + + + + ad_site (строка) + + + Позволяет указать сайт AD, к которому клиенту следует попытаться +подключиться. Если этот параметр не указан, обнаружение сайта AD будет +выполнено автоматически. + + + По умолчанию: не задано + + + + + + ad_enable_gc (логическое значение) + + + По умолчанию SSSD сначала подключается к глобальному каталогу для получения +данных пользователей из доверенных доменов, а порт LDAP используется для +получения данных об участии в группах или в качестве резервного +способа. Если этот параметр отключён, SSSD будет подключаться только к порту +LDAP текущего сервера AD. + + + Обратите внимание, что отключение глобального каталога не отключает +получение данных пользователей из доверенных доменов. SSSD просто будет +подключаться к порту LDAP доверенных доменов. Тем не менее, для разрешения +данных о междоменном участии в группах необходимо использовать глобальный +каталог. + + + По умолчанию: true + + + + + + ad_gpo_access_control (строка) + + + Этот параметр позволяет указать режим работы функциональной возможности +управления доступом на основе GPO: отключённый, принудительный или +разрешительный. Обратите внимание, что для работы этого параметра необходимо +явно установить параметр access_provider в значение +ad. + + + Функциональная возможность управления доступом на основе GPO использует +параметры политики GPO для определения того, разрешён ли конкретному +пользователю вход на узел. Дополнительные сведения о поддерживаемых +параметрах политики доступны в описании параметров +ad_gpo_map. + + + Обратите внимание, что текущая версия SSSD не поддерживает встроенные группы +Active Directory. Встроенные группы (например, Administrators с SID +S-1-5-32-544) в правилах управления доступом GPO будут проигнорированы +SSSD. Подробные сведения доступны в системе отслеживания ошибок: +https://github.com/SSSD/sssd/issues/5063 . + + + Перед осуществлением управления доступом SSSD применяет к GPO фильтр +безопасности групповой политики. Для входа каждого пользователя проверяется +применимость GPO, связанных с узлом. Чтобы GPO применялся к пользователю, +пользователь или хотя бы одна из групп, участником которых он является, +должна обладать следующими правами GPO: + + + + Read: пользователь или одна из его групп должна обладать правом чтения +свойств GPO (RIGHT_DS_READ_PROPERTY) + + + + + Apply Group Policy: пользователю или хотя бы одной из его групп должно быть +разрешено применять GPO (RIGHT_DS_CONTROL_ACCESS). + + + + + + По умолчанию в GPO присутствует группа Authenticated Users. Она обладает как +правом доступа Read, так и правом доступа Apply Group Policy. Так как +проверка подлинности пользователя должна успешно завершиться до того, как +будет применён фильтр безопасности и начато управление доступом на основе +GPO, этот пользователю всегда будет обладать правами группы Authenticated +Users GPO. + + + ПРИМЕЧАНИЕ: если в качестве режим работы выбран принудительный режим, +возможно, что пользователям, которым был ранее разрешён доступ для входа, +теперь будет отказано в доступе для входа (согласно параметрам политики +GPO). Чтобы облегчить переход на новую систему, для администраторов +предусмотрен разрешительный режим: правила управления доступом не +применяются в принудительном порядке. Программа просто проверяет +соответствие этим правилам и выводит в системный журнал сообщение в случае +отказа в доступе. Просмотрев этот журнал, администраторы смогут внести +необходимые изменения, а затем включить принудительный режим. Для ведения +журнала управления доступом на основе GPO необходимо включить уровень +отладки «трассировка функций» (см. справочную страницу +sssctl 8 +). + + + Для этого параметра поддерживаются три значения: + + + + disabled: не осуществляется ни проверка соответствия правилам управления +доступом на основе GPO, ни их принудительное применение. + + + + + enforcing: осуществляется проверка соответствия правилам управления доступом +на основе GPO и их принудительное применение. + + + + + permissive: осуществляется проверка соответствия правилам управления +доступом на основе GPO, но не их принудительное применение. Вместо этого +создаётся сообщение системного журнала, означающее, что пользователю было бы +отказано в доступе, если бы в качестве значения этого параметра был задан +принудительный режим. + + + + + + По умолчанию: permissive + + + По умолчанию: enforcing + + + + + + ad_gpo_implicit_deny (логическое значение) + + + Обычно пользователям разрешается доступ, если применимые GPO не +найдены. Когда этот параметр установлен в значение «True», пользователям +будет разрешён доступ только в том случае, если это явно разрешено правилом +GPO. В ином случае пользователям будет отказано в доступе. Это можно сделать +для усиления защиты, но следует использовать этот параметр с осторожностью: +возможен отказ в доступе даже тем пользователям, которые состоят во +встроенной группе Administrators, если к ним не применяются правила GPO. + + + + По умолчанию: false + + + + В следующих двух таблицах показано, когда пользователю будет разрешён или +запрещён доступ на основе прав разрешения или запрета входа, которые +определены на стороне сервера, и установленного значения +ad_gpo_implicit_deny. + + + + + + + + + ad_gpo_implicit_deny = False (по умолчанию) + правила разрешенияправила запрета + результат + + + отсутствуютотсутствуют + доступ разрешён всем пользователям + + отсутствуютприсутствуют + доступ разрешён только пользователям, отсутствующим в правилах запрета + присутствуютотсутствуют + доступ разрешён только пользователям, присутствующим в правилах разрешения + присутствуютприсутствуют + доступ разрешён только пользователям, присутствующим в правилах разрешения и +отсутствующим в правилах запрета + + + + + + + + + + ad_gpo_implicit_deny = True + правила разрешенияправила запрета + результат + + + отсутствуютотсутствуют + доступ запрещён всем пользователям + + отсутствуютприсутствуют + доступ запрещён всем пользователям + + присутствуютотсутствуют + доступ разрешён только пользователям, присутствующим в правилах разрешения + присутствуютприсутствуют + доступ разрешён только пользователям, присутствующим в правилах разрешения и +отсутствующим в правилах запрета + + + + + + ad_gpo_ignore_unreadable (логическое значение) + + + Обычно пользователям запрещён доступ, когда некоторые контейнеры групповой +политики (объекта AD) соответствующих объектов групповой политики недоступны +для чтения SSSD. Этот параметр позволяет игнорировать контейнеры групповой +политики, а также связанные с ними политики, если их атрибуты в контейнерах +групповой политики недоступны для чтения SSSD. + + + По умолчанию: false + + + + + + + + ad_gpo_cache_timeout (целое число) + + + Временной интервал между сеансами поиска файлов политики GPO на сервере +AD. Это сократит задержки и нагрузку на сервер AD, когда за короткое время +поступает много запросов на управление доступом. + + + По умолчанию: 5 (секунд) + + + + + + ad_gpo_map_interactive (строка) + + + Разделённый запятыми список имён служб PAM, для которых проверка +соответствия правилам управления доступом на основе GPO осуществляется на +основе параметров политики InteractiveLogonRight и +DenyInteractiveLogonRight. Обрабатываются только те GPO, на доступ к которым +у пользователя есть права Read и Apply Group Policy (смотрите описание +параметра ad_gpo_access_control). Если обработанный GPO +содержит параметр запрета интерактивного входа для пользователя или одной из +его групп, пользователю будет отказано в локальном доступе. Если ни в одном +из обработанных GPO нет определённого права интерактивного входа, +пользователю будет разрешён локальный доступ. Если хотя бы один обработанный +GPO содержит параметры права интерактивного входа, пользователю будет +разрешён только локальный доступ, если он или хотя бы одна из его групп +являются частью параметров политики. + + + Примечание: в редакторе управления групповыми политиками это значение +называется «Разрешить локальный вход» («Allow log on locally») и «Запретить +локальный вход» («Deny log on locally»). + + + Можно добавить имя ещё одной службы PAM в стандартный набор с помощью ++service_name. Также можно явно удалить имя службы PAM из +стандартного набора с помощью -service_name. Например, чтобы +заменить стандартное имя службы PAM для этого права входа (например, +login) на пользовательское имя службы PAM (например, +my_pam_service), необходимо использовать следующую +конфигурацию: +ad_gpo_map_interactive = +my_pam_service, -login + + + + По умолчанию: стандартный набор имён служб PAM включает: + + + + login + + + + + su + + + + + su-l + + + + + gdm-fingerprint + + + + + gdm-password + + + + + gdm-smartcard + + + + + kdm + + + + + lightdm + + + + + lxdm + + + + + sddm + + + + + unity + + + + + xdm + + + + + + + + + ad_gpo_map_remote_interactive (строка) + + + Разделённый запятыми список имён служб PAM, для которых проверка +соответствия правилам управления доступом на основе GPO осуществляется на +основе параметров политики RemoteInteractiveLogonRight и +DenyRemoteInteractiveLogonRight. Обрабатываются только те GPO, на доступ к +которым у пользователя есть права Read и Apply Group Policy (смотрите +описание параметра ad_gpo_access_control). Если обработанный +GPO содержит параметр запрета удалённого входа для пользователя или одной из +его групп, пользователю будет отказано в удалённом интерактивном +доступе. Если ни в одном из обработанных GPO нет определённого права +удалённого интерактивного входа, пользователю будет разрешён удалённый +доступ. Если хотя бы один обработанный GPO содержит параметры права +удалённого интерактивного входа, пользователю будет разрешён только +удалённый доступ, если он или хотя бы одна из его групп являются частью +параметров политики. + + + Примечание: в редакторе управления групповыми политиками это значение +называется «Разрешить вход через службы удалённых рабочих столов» («Allow +log on through Remote Desktop Services») и «Запретить вход через службы +удалённых рабочих столов» («Deny log on through Remote Desktop Services»). + + + Можно добавить имя ещё одной службы PAM в стандартный набор с помощью ++service_name. Также можно явно удалить имя службы PAM из +стандартного набора с помощью -service_name. Например, чтобы +заменить стандартное имя службы PAM для этого права входа (например, +sshd) на пользовательское имя службы PAM (например, +my_pam_service), необходимо использовать следующую +конфигурацию: +ad_gpo_map_remote_interactive = +my_pam_service, -sshd + + + + По умолчанию: стандартный набор имён служб PAM включает: + + + + sshd + + + + + cockpit + + + + + + + + + ad_gpo_map_network (строка) + + + Разделённый запятыми список имён служб PAM, для которых проверка +соответствия правилам управления доступом на основе GPO осуществляется на +основе параметров политики NetworkLogonRight и +DenyNetworkLogonRight. Обрабатываются только те GPO, на доступ к которым у +пользователя есть права Read и Apply Group Policy (смотрите описание +параметра ad_gpo_access_control). Если обработанный GPO +содержит параметр запрета входа в сеть для пользователя или одной из его +групп, пользователю будет отказано в доступе для входа в сеть. Если ни в +одном из обработанных GPO нет определённого права входа в сеть, пользователю +будет разрешён доступ для входа. Если хотя бы один обработанный GPO содержит +параметры права входа в сеть, пользователю будет разрешён только доступ для +входа, если он или хотя бы одна из его групп являются частью параметров +политики. + + + Примечание: в редакторе управления групповыми политиками это значение +называется «Разрешить доступ к компьютеру из сети» («Access this computer +from the network») и «Запретить доступ к компьютеру из сети» («Deny access +to this computer from the network»). + + + Можно добавить имя ещё одной службы PAM в стандартный набор с помощью ++service_name. Также можно явно удалить имя службы PAM из +стандартного набора с помощью -service_name. Например, чтобы +заменить стандартное имя службы PAM для этого права входа (например, +ftp) на пользовательское имя службы PAM (например, +my_pam_service), необходимо использовать следующую +конфигурацию: +ad_gpo_map_network = +my_pam_service, -ftp + + + + По умолчанию: стандартный набор имён служб PAM включает: + + + + ftp + + + + + samba + + + + + + + + + ad_gpo_map_batch (строка) + + + Разделённый запятыми список имён служб PAM, для которых проверка +соответствия правилам управления доступом на основе GPO осуществляется на +основе параметров политики BatchLogonRight и +DenyBatchLogonRight. Обрабатываются только те GPO, на доступ к которым у +пользователя есть права Read и Apply Group Policy (смотрите описание +параметра ad_gpo_access_control). Если обработанный GPO +содержит параметр запрета пакетного входа для пользователя или одной из его +групп, пользователю будет отказано в доступе для пакетного входа. Если ни в +одном из обработанных GPO нет определённого права пакетного входа, +пользователю будет разрешён доступ для входа. Если хотя бы один обработанный +GPO содержит параметры права пакетного входа, пользователю будет разрешён +только доступ для входа, если он или хотя бы одна из его групп являются +частью параметров политики. + + + Примечание: в редакторе управления групповыми политиками это значение +называется «Разрешить вход в качестве пакетного задания» («Allow log on as a +batch job») и «Запретить вход в качестве пакетного задания» («Deny log on as +a batch job»). + + + Можно добавить имя ещё одной службы PAM в стандартный набор с помощью ++service_name. Также можно явно удалить имя службы PAM из +стандартного набора с помощью -service_name. Например, чтобы +заменить стандартное имя службы PAM для этого права входа (например, +crond) на пользовательское имя службы PAM (например, +my_pam_service), необходимо использовать следующую +конфигурацию: +ad_gpo_map_batch = +my_pam_service, -crond + + + Примечание: имя службы cron может различаться в зависимости от используемого +дистрибутива Linux. + + По умолчанию: стандартный набор имён служб PAM включает: + + + + crond + + + + + + + + + ad_gpo_map_service (строка) + + + Разделённый запятыми список имён служб PAM, для которых проверка +соответствия правилам управления доступом на основе GPO осуществляется на +основе параметров политики ServiceLogonRight и +DenyServiceLogonRight. Обрабатываются только те GPO, на доступ к которым у +пользователя есть права Read и Apply Group Policy (смотрите описание +параметра ad_gpo_access_control). Если обработанный GPO +содержит параметр запрета входа службы для пользователя или одной из его +групп, пользователю будет отказано в доступе для входа службы. Если ни в +одном из обработанных GPO нет определённого права входа службы, пользователю +будет разрешён доступ для входа. Если хотя бы один обработанный GPO содержит +параметры права входа службы, пользователю будет разрешён только доступ для +входа, если он или хотя бы одна из его групп являются частью параметров +политики. + + + Примечание: в редакторе управления групповыми политиками это значение +называется «Разрешить вход в качестве службы» («Allow log on as a service») +и «Запретить вход в качестве службы» («Deny log on as a service»). + + + Можно добавить имя службы PAM в стандартный набор с помощью ++service_name. Так как стандартный набор является пустым, из +него невозможно удалить имя службы PAM. Например, чтобы добавить +пользовательское имя службы PAM (например, my_pam_service), +необходимо использовать следующую конфигурацию: +ad_gpo_map_service = +my_pam_service + + + + По умолчанию: не задано + + + + + + ad_gpo_map_permit (строка) + + + Разделённый запятыми список имён служб PAM, которым всегда предоставляется +доступ на основе GPO, независимо от прав входа GPO. + + + Можно добавить имя ещё одной службы PAM в стандартный набор с помощью ++service_name. Также можно явно удалить имя службы PAM из +стандартного набора с помощью -service_name. Например, чтобы +заменить стандартное имя службы PAM для безусловно разрешённого доступа +(например, sudo) на пользовательское имя службы PAM +(например, my_pam_service), необходимо использовать следующую +конфигурацию: +ad_gpo_map_permit = +my_pam_service, -sudo + + + + По умолчанию: стандартный набор имён служб PAM включает: + + + + polkit-1 + + + + + sudo + + + + + sudo-i + + + + + systemd-user + + + + + + + + + ad_gpo_map_deny (строка) + + + Разделённый запятыми список имён служб PAM, которым всегда запрещается +доступ на основе GPO, независимо от прав входа GPO. + + + Можно добавить имя службы PAM в стандартный набор с помощью ++service_name. Так как стандартный набор является пустым, из +него невозможно удалить имя службы PAM. Например, чтобы добавить +пользовательское имя службы PAM (например, my_pam_service), +необходимо использовать следующую конфигурацию: +ad_gpo_map_deny = +my_pam_service + + + + По умолчанию: не задано + + + + + + ad_gpo_default_right (строка) + + + Этот параметр определяет, как обрабатываются правила управления доступом для +имён служб PAM, которые явно не указаны в одном из параметров +ad_gpo_map_*. Этот параметр можно установить двумя разными +способами. Первый: с помощью этого параметра можно задать использование +стандартного права входа. Например, установка этого параметра в значение +«interactive» означает, что несопоставленные имена служб PAM будут +обрабатываться на основе параметров политики InteractiveLogonRight и +DenyInteractiveLogonRight. Второй: с помощью этого параметра можно указать +всегда разрешать или всегда запрещать доступ для несопоставленных имён служб +PAM. + + + Для этого параметра поддерживаются следующие значения: + + + + interactive + + + + + remote_interactive + + + + + network + + + + + batch + + + + + service + + + + + permit + + + + + deny + + + + + + По умолчанию: deny + + + + + + ad_maximum_machine_account_password_age (целое число) + + + SSSD будет раз в день проверять, не превышен ли указанный возраст (в днях) +пароля учётной записи компьютера, и в случае превышения попытается обновить +его. Значение «0» отключает попытку обновления. + + + По умолчанию: 30 дней + + + + + + ad_machine_account_password_renewal_opts (строка) + + + Этот параметр следует использовать только для тестирования задания по +обновлению пароля учётной записи компьютера. Параметр ожидает 2 целых числа, +разделённых двоеточием («:»). Первое целое число определяет интервал (в +секундах) между последовательными запусками задания. Второе целое число +указывает начальный тайм-аут (в секундах) перед первым запуском задания +после перезапуска. + + + По умолчанию: 86400:750 (24 часа и 15 минут) + + + + + + ad_update_samba_machine_account_password (логическое значение) + + + Если этот параметр включён, когда SSSD обновляет пароль учётной записи +компьютера, он обновляется также в базе данных Samba. Это позволяет +предотвратить устаревание копии пароля учётной записи компьютера в Samba, +когда программа настроена на использование AD для проверки подлинности. + + + По умолчанию: false + + + + + + ad_use_ldaps (логическое значение) + + + По умолчанию SSSD использует простой порт LDAP 389 и порт глобального +каталога 3628. Если этот параметр установлен в значение «True», SSSD будет +использовать порт LDAPS 636 и порт глобального каталога 3629 с защитой +LDAPS. Так как AD не разрешает использование нескольких слоёв шифрования для +одного подключения и всё ещё требуется использовать SASL/GSSAPI или +SASL/GSS-SPNEGO для проверки подлинности, свойство безопасности SASL maxssf +для таких подключений будет установлено в значение «0» (ноль). + + + По умолчанию: false + + + + + + ad_allow_remote_domain_local_groups (логическое значение) + + + Если этот параметр установлен в значение true, SSSD не будет +отфильтровывать группы, локальные в домене, в удалённых доменах в лесу +AD. По умолчанию они отфильтровываются (например, при следовании по иерархии +вложенных групп в удалённых доменах), так не являются действительными в +локальном домене. Этот параметр был добавлен для обеспечения совместимости с +другими решениями, которые делают пользователей и группы AD доступными на +клиенте Linux. + + + Обратите внимание, что установка этого параметра в значение +true идёт вразрез со смыслом локальной группы домена в Active +Directory и ДОЛЖНА ВЫПОЛНЯТЬСЯ ТОЛЬКО ДЛЯ ОБЛЕГЧЕНИЯ ПЕРЕХОДА С +ДРУГИХ РЕШЕНИЙ. Хотя эта группа существует и пользователь может +быть её участником, смысл состоит в том, что группа должна использоваться +только в том домене, где она определена, и ни в каких других. Так как +существует только один тип групп POSIX, единственный способ добиться этого +на стороне Linux — игнорировать эти группы. Active Directory делает то же +самое: в PAC билета Kerberos для локальной службы и в запросах tokenGroups +тоже отсутствуют удалённые группы, локальные в домене. + + + Учитывая вышесказанное, при установке этого параметра в значение +true необходимо отключить запрос tokenGroups путём установки +параметра ldap_use_tokengroups в значение +false для получения согласованных данных об участии +пользователей в группах. Кроме того, также следует отключить поиск в +глобальном каталоге путём установки параметра ad_enable_gc в +значение false. И, наконец, может потребоваться изменить +значение параметра ldap_group_nesting_level, если удалённые +группы, локальные в домене, могут быть найдены только на более глубоком +уровне вложенности. + + + По умолчанию: false + + + + + + dyndns_update (логическое значение) + + + Необязательный параметр. Этот параметр указывает SSSD автоматически +обновлять на сервере DNS Active Directory IP-адрес клиента. Защита +обновления обеспечивается с помощью GSS-TSIG. Соответственно, администратору +Active Directory требуется только разрешить защищённые обновления для зоны +DNS. Для обновления будет использован IP-адрес LDAP-соединения AD, если с +помощью параметра dyndns_iface не указано иное. + + + ПРИМЕЧАНИЕ: на устаревших системах (например, RHEL 5) для корректной работы +в этом режиме необходимо надлежащим образом задать стандартную область +Kerberos в /etc/krb5.conf + + + По умолчанию: true + + + + + + dyndns_ttl (целое число) + + + Значение TTL, которое применяется при обновлении записи DNS клиента. Если +параметр dyndns_update установлен в значение «false», этот параметр ни на +что не влияет. Если администратором установлено значение TTL на стороне +сервера, оно будет переопределено этим параметром. + + + По умолчанию: 3600 (секунд) + + + + + + dyndns_iface (строка) + + + Необязательный параметр. Применимо только тогда, когда параметр +dyndns_update установлен в значение «true». Выберите интерфейс или список +интерфейсов, IP-адреса которых должны использоваться для динамических +обновлений DNS. Специальное значение * подразумевает, что +следует использовать IP-адреса всех интерфейсов. + + + По умолчанию: использовать IP-адреса интерфейса, который используется для +подключения LDAP AD + + + Пример: dyndns_iface = em1, vnet1, vnet2 + + + + + + dyndns_refresh_interval (целое число) + + + Как часто внутреннему серверу следует выполнять периодическое обновление DNS +в дополнение к автоматическому обновлению, которое выполняется при переходе +внутреннего сервера в сетевой режим. Этот параметр является необязательным и +применяется только тогда, когда параметр dyndns_update установлен в значение +«true». Обратите внимание, что наименьшее допустимое значение составляет 60 +секунд: если будет указано меньшее значение, параметр примет наименьшее +допустимое значение (60 секунд). + + + По умолчанию: 86400 (24 часа) + + + + + + dyndns_update_ptr (логическое значение) + + + Следует ли также явно обновлять запись PTR при обновлении записей DNS +клиента. Применимо только тогда, когда параметр dyndns_update установлен в +значение «true». + + + Note that dyndns_update_per_family parameter does not +apply for PTR record updates. Those updates are always sent separately. + + + По умолчанию: true + + + + + + dyndns_force_tcp (логическое значение) + + + Должна ли утилита nsupdate по умолчанию использовать TCP для обмена данными +с сервером DNS. + + + По умолчанию: false (разрешить nsupdate выбрать протокол) + + + + + + dyndns_auth (строка) + + + Следует ли утилите nsupdate использовать проверку подлинности GSS-TSIG для +защищённых обновлений сервера DNS. Незащищённые отправления можно +отправлять, установив этот параметр в значение «none». + + + По умолчанию: GSS-TSIG + + + + + + dyndns_auth_ptr (строка) + + + Следует ли утилите nsupdate использовать проверку подлинности GSS-TSIG для +защищённых обновлений PTR сервера DNS. Незащищённые отправления можно +отправлять, установив этот параметр в значение «none». + + + По умолчанию: то же, что и dyndns_auth + + + + + + dyndns_server (строка) + + + Сервер DNS, который следует использовать для выполнения обновления DNS. В +большинстве конфигураций рекомендуется не устанавливать значение для этого +параметра. + + + Установка этого параметра имеет смысл для сред, в которых сервер DNS +отличается от сервера данных идентификации. + + + Обратите внимание, что этот параметр используется только для резервной +попытки, которая выполняется тогда, когда предыдущая попытка с +использованием автоматически определённых параметров завершилась неудачей. + + + По умолчанию: none (разрешить nsupdate выбрать сервер) + + + + + + dyndns_update_per_family (логическое значение) + + + По умолчанию обновление DNS выполняется за два шага: обновление IPv4, а +затем обновление IPv4. В некоторых случаях может быть желательно выполнить +обновление IPv4 и IPv6 за один шаг. + + + По умолчанию: true + + + + + + + + + krb5_confd_path (строка) + + + Абсолютный путь к каталогу, в котором SSSD следует размещать фрагменты +конфигурации Kerberos. + + + Чтобы отключить создание фрагментов конфигурации, установите этот параметр в +значение «none». + + + По умолчанию: не задано (подкаталог krb5.include.d каталога pubconf SSSD) + + + + + + + + + + + + + + + + + ПРИМЕР + + В следующем примере предполагается, что конфигурация SSSD корректна и что +example.com — один из доменов в разделе [sssd]. В +примере показаны только параметры, относящиеся к поставщику данных AD. + + + +[domain/EXAMPLE] +id_provider = ad +auth_provider = ad +access_provider = ad +chpass_provider = ad + +ad_server = dc1.example.com +ad_hostname = client.example.com +ad_domain = example.com + + + + + + ПРИМЕЧАНИЯ + + Поставщик данных управления доступом AD проверяет, не истёк ли срок действия +учётной записи. Работает так же, как и следующая конфигурация поставщика +данных LDAP: +access_provider = ldap +ldap_access_order = expire +ldap_account_expire_policy = ad + + + + Тем не менее, если поставщик данных управления доступом ad не +настроен явным образом, поставщиком доступа по умолчанию является +permit. Обратите внимание, что при настройке поставщика +доступа, отличного ad, потребуется вручную указать все +параметры подключения, такие как URI LDAP и параметры шифрования. + + + Когда поставщик данных autofs установлен в значение ad, +используется схема сопоставления атрибутов RFC2307 (nisMap, nisObject, ...), +так как эти атрибуты включены в стандартную схему Active Directory. + + + + + + + + + diff --git a/src/man/ru/sssd-files.5.xml b/src/man/ru/sssd-files.5.xml new file mode 100644 index 0000000..4ef6cc3 --- /dev/null +++ b/src/man/ru/sssd-files.5.xml @@ -0,0 +1,160 @@ + + + +Справка по SSSD + + + + + sssd-files + 5 + Форматы файлов и рекомендации + + + + sssd-files + поставщик данных файлов SSSD + + + + ОПИСАНИЕ + + На этой справочной странице представлено описание поставщика данных файлов +для sssd +8 . Подробные сведения о синтаксисе +доступны в разделе ФОРМАТ ФАЙЛА справочной страницы + sssd.conf +5 . + + + Поставщик данных файлов создаёт зеркальную копию содержимого файлов + passwd +5 и +group 5 +. Задача поставщика данных файлов — сделать пользователей и +группы, которые обычно доступны только с помощью интерфейсов NSS, также +доступными с помощью интерфейсов SSSD, например +sssd-ifp 5 +. + + + Ещё одна задача — предоставить возможность эффективного кэширования данных +локальных пользователей и групп. + + + Please note that besides explicit domain definition the files provider can +be configured also implicitly using 'enable_files_domain' option. See + sssd.conf +5 for details. + + + SSSD никогда не обрабатывает разрешение пользователя/группы «root». Кроме +того, SSSD не обрабатывает разрешение UID/GID 0. Такие запросы передаются +следующему модулю NSS (обычно это модуль файлов). + + + Если программа SSSD не запущена или не отвечает, nss_sss вернёт код UNAVAIL, +что приведёт к передаче запроса следующему модулю. + + + + + ПАРАМЕТРЫ КОНФИГУРАЦИИ + + В дополнение к перечисленным ниже параметрам также можно указать типовые +параметры домена SSSD, если это применимо. Сведения о конфигурации домена +SSSD доступны в разделе РАЗДЕЛЫ ДОМЕНА справочной страницы + sssd.conf +5 . Но задача поставщика данных файлов +— предоставить те же данные, что и файлы UNIX, просто с помощью интерфейсов +SSSD. Следовательно, поддерживаются не все типовые параметры +домена. Аналогичным образом, некоторые глобальные параметры, такие как +переопределение оболочки в разделе nss для всех доменов, не +влияют на домен файлов, если только не указаны явным образом для отдельных +доменов. + + passwd_files (строка) + + + Разделённый запятыми список из одного или нескольких имён файлов паролей, +которые будут прочитаны и перечислены поставщиком данных файлов. Для каждого +указанного файла будет выполняться динамическое обнаружение изменений с +помощью inotify. + + + По умолчанию: /etc/passwd + + + + + + group_files (строка) + + + Разделённый запятыми список из одного или нескольких имён файлов групп, +которые будут прочитаны и перечислены поставщиком данных файлов. Для каждого +указанного файла будет выполняться динамическое обнаружение изменений с +помощью inotify. + + + Default: /etc/group + + + + + + fallback_to_nss (логическое значение) + + + При обновлении внутренних данных SSSD вернёт ошибку и позволит клиенту +продолжить работу со следующим модулем NSS. Это позволяет избежать задержек, +когда используются стандартные системные файлы +/etc/passwd и /etc/group и в +конфигурации NSS есть «sss» перед «files» для карт «passwd» и «group». + + + Если поставщик данных файлов настроен на отслеживание других файлов, имеет +смысл установить этот параметр в значение «False», чтобы предотвратить +несогласованное поведение, потому что обычно нет другого модуля NSS, который +можно было бы использовать в качестве резервного. + + + По умолчанию: true + + + + + + + + + + ПРИМЕР + + В следующем примере предполагается, что конфигурация SSSD корректна и что +files — один из доменов в разделе [sssd]. + + + +[domain/files] +id_provider = files + + + + Чтобы воспользоваться преимуществами кэширования данных локальных +пользователей и групп с помощью SSSD, необходимо указать модуль nss_sss +перед модулем nss_files в /etc/nsswitch.conf. + + + +passwd: sss files +group: sss files + + + + + + + + diff --git a/src/man/ru/sssd-ifp.5.xml b/src/man/ru/sssd-ifp.5.xml new file mode 100644 index 0000000..1415b42 --- /dev/null +++ b/src/man/ru/sssd-ifp.5.xml @@ -0,0 +1,154 @@ + + + +Справка по SSSD + + + + + sssd-ifp + 5 + Форматы файлов и рекомендации + + + + sssd-ifp + Ответчик InfoPipe SSSD + + + + ОПИСАНИЕ + + На этой справочной странице представлено описание настройки ответчика +InfoPipe для sssd +8 . Подробные сведения о синтаксисе +доступны в разделе ФОРМАТ ФАЙЛА справочной страницы + sssd.conf +5 . + + + Ответчик InfoPipe предоставляет общедоступный интерфейс D-Bus, доступный по +системной шине. Этот интерфейс позволяет пользователю запрашивать данные об +удалённых пользователях и группах по системной шине. + + + + ПОИСК ПО ДЕЙСТВУЮЩЕМУ СЕРТИФИКАТУ + + Следующие параметры можно использовать для управления тем, как будут +проверяться сертификаты при использовании API FindByValidCertificate(): + + ca_db + p11_child_timeout + certificate_verification + + Подробнее об этих параметрах +см. sssd.conf +5. + + + + + + ПАРАМЕТРЫ КОНФИГУРАЦИИ + + Эти параметры можно использовать для настройки ответчика InfoPipe. + + + + allowed_uids (строка) + + + Разделённый запятыми список значений UID или имён пользователей, которым +разрешён доступ к ответчику InfoPipe. Имена пользователей разрешаются в UID +при запуске. + + + По умолчанию: 0 (доступ к ответчику InfoPipe разрешён только пользователю +root) + + + Обратите внимание: несмотря на то, что в качестве стандартного значения +используется UID 0, оно будет перезаписано этим параметром. Если всё равно +требуется разрешить пользователю root доступ к ответчику InfoPipe (типичный +случай), будет необходимо добавить запись «0» в список UID, которым разрешён +доступ. + + + + + + user_attributes (строка) + + + Разделённый запятыми список атрибутов из «белого» или «чёрного» списков. + + + По умолчанию ответчик InfoPipe позволяет запрашивать только стандартный +набор атрибутов POSIX. Этот тот же набор, который возвращает +программа getpwnam +3 , он содержит: + + name + имя пользователя для входа + + + uidNumber + идентификатор пользователя + + + gidNumber + идентификатор основной группы + + + gecos + данные о пользователе, обычно полное имя + + + homeDirectory + домашний каталог + + + loginShell + оболочка пользователя + + + + + В этот набор можно добавить другой атрибут с помощью ++attr_name или явно удалить атрибут с помощью +-attr_name. Например, чтобы разрешить +telephoneNumber и запретить loginShell, +следует использовать следующую конфигурацию: +user_attributes = +telephoneNumber, -loginShell + + + + По умолчанию: не задано. Разрешён только стандартный набор атрибутов POSIX. + + + + + + wildcard_limit (целое число) + + + Позволяет указать верхний предел количества записей, загружаемых во время +поиска с использованием подстановочных знаков. Переопределяет предел, +установленный вызывающей стороной. + + + По умолчанию: 0 (разрешить вызывающей стороне установить верхнее +ограничение) + + + + + + + + + + + diff --git a/src/man/ru/sssd-ipa.5.xml b/src/man/ru/sssd-ipa.5.xml new file mode 100644 index 0000000..84766e5 --- /dev/null +++ b/src/man/ru/sssd-ipa.5.xml @@ -0,0 +1,882 @@ + + + +Справка по SSSD + + + + + sssd-ipa + 5 + Форматы файлов и рекомендации + + + + sssd-ipa + Поставщик данных IPA SSSD + + + + ОПИСАНИЕ + + На этой справочной странице представлено описание настройки поставщика +данных IPA для sssd +8 . Подробные сведения о синтаксисе +доступны в разделе ФОРМАТ ФАЙЛА справочной страницы + sssd.conf +5 . + + + Поставщик данных IPA — это внутренний сервер, который используется для +подключения к серверу IPA. (Сведения о серверах IPA доступны на веб-сайте +freeipa.org.) Для работы этого поставщика требуется, чтобы компьютер был +присоединён к домену IPA; настройка почти полностью автоматизирована, +получение её данных выполняется непосредственно с сервера. + + + Поставщик данных IPA позволяет SSSD использовать поставщика данных +идентификации sssd-ldap +5 и поставщика данных проверки +подлинности sssd-krb5 +5 с оптимизацией для сред +IPA. Поставщик данных IPA принимает те же параметры, которые используются +поставщиками sssd-ldap и sssd-krb5 providers, за некоторыми исключениями. Но +установка этих параметров не является ни необходимой, ни рекомендуемой. + + + Поставщик данных IPA в основном копирует стандартные параметры традиционных +поставщиков данных ldap и krb5, за некоторыми исключениями. Список различий +доступен в разделе ИЗМЕНЁННЫЕ СТАНДАРТНЫЕ ПАРАМЕТРЫ. + + + As an access provider, the IPA provider has a minimal configuration (see +ipa_access_order) as it mainly uses HBAC (host-based access +control) rules. Please refer to freeipa.org for more information about HBAC. + + + Если в sssd.conf указано auth_provider=ipa или +access_provider=ipa, параметр id_provider тоже необходимо +установить в значение ipa. + + + Поставщик данных IPA будет использовать ответчик PAC, если билеты Kerberos +пользователей из доверенных областей содержат PAC. Для упрощения настройки +запуск ответчика PAC выполняется автоматически, если настроен поставщик +идентификаторов IPA. + + + + + ПАРАМЕТРЫ КОНФИГУРАЦИИ + Сведения о конфигурации домена SSSD доступны в разделе РАЗДЕЛЫ +ДОМЕНА справочной страницы +sssd.conf 5 +. + + ipa_domain (строка) + + + Позволяет указать имя домена IPA. Это необязательно. Если имя не указано, +используется имя домена в конфигурации. + + + + + + ipa_server, ipa_backup_server (строка) + + + Разделённый запятыми список IP-адресов или имён узлов серверов IPA, к +которым SSSD следует подключаться в порядке приоритета. Дополнительные +сведения об отработке отказа и избыточности сервера доступны в разделе +ОТРАБОТКА ОТКАЗА. Этот параметр является необязательным, если +включено автоматическое обнаружение служб. Дополнительные сведения об +обнаружении служб доступны в разделе ОБНАРУЖЕНИЕ СЛУЖБ. + + + + + + ipa_hostname (строка) + + + Необязательный параметр. Может быть указан на компьютерах, где hostname(5) +не содержит полное имя, которое используется для идентификации этого узла в +домене IPA. Имя узла должно быть полным. + + + + + + dyndns_update (логическое значение) + + + Необязательный параметр. Этот параметр указывает SSSD автоматически +обновлять на сервере DNS, встроенном во FreeIPA, IP-адрес клиента. Защита +обновления обеспечивается с помощью GSS-TSIG. Для обновления будет +использован IP-адрес LDAP-соединения IPA, если с помощью параметра +dyndns_iface не указано иное. + + + ПРИМЕЧАНИЕ: на устаревших системах (например, RHEL 5) для корректной работы +в этом режиме необходимо надлежащим образом задать стандартную область +Kerberos в /etc/krb5.conf + + + ПРИМЕЧАНИЕ: прежнее имя параметра, ipa_dyndns_update, +всё ещё можно использовать, но пользователям рекомендуется перейти на +использование нового имени, dyndns_update, в файле +конфигурации. + + + По умолчанию: false + + + + + + dyndns_ttl (целое число) + + + Значение TTL, которое применяется при обновлении записи DNS клиента. Если +параметр dyndns_update установлен в значение «false», этот параметр ни на +что не влияет. Если администратором установлено значение TTL на стороне +сервера, оно будет переопределено этим параметром. + + + ПРИМЕЧАНИЕ: прежнее имя параметра, ipa_dyndns_ttl, всё +ещё можно использовать, но пользователям рекомендуется перейти на +использование нового имени, dyndns_ttl, в файле +конфигурации. + + + По умолчанию: 1200 (секунд) + + + + + + dyndns_iface (строка) + + + Необязательный параметр. Применимо только тогда, когда параметр +dyndns_update установлен в значение «true». Выберите интерфейс или список +интерфейсов, IP-адреса которых должны использоваться для динамических +обновлений DNS. Специальное значение * подразумевает, что +следует использовать IP-адреса всех интерфейсов. + + + ПРИМЕЧАНИЕ: прежнее имя параметра, ipa_dyndns_iface, +всё ещё можно использовать, но пользователям рекомендуется перейти на +использование нового имени, dyndns_iface, в файле +конфигурации. + + + По умолчанию: использовать IP-адреса интерфейса, который используется для +подключения LDAP IPA + + + Пример: dyndns_iface = em1, vnet1, vnet2 + + + + + + dyndns_auth (строка) + + + Следует ли утилите nsupdate использовать проверку подлинности GSS-TSIG для +защищённых обновлений сервера DNS. Незащищённые отправления можно +отправлять, установив этот параметр в значение «none». + + + По умолчанию: GSS-TSIG + + + + + + dyndns_auth_ptr (строка) + + + Следует ли утилите nsupdate использовать проверку подлинности GSS-TSIG для +защищённых обновлений PTR сервера DNS. Незащищённые отправления можно +отправлять, установив этот параметр в значение «none». + + + По умолчанию: то же, что и dyndns_auth + + + + + + ipa_enable_dns_sites (логическое значение) + + + Включить сайты DNS — обнаружение служб по расположению. + + + Если параметр установлен в значение «true» и включено обнаружение служб +(смотрите абзац об обнаружении служб в нижней части справочной страницы), +SSSD сначала будет пробовать выполнить обнаружение на основе расположения с +помощью запроса, который содержит «_location.hostname.example.com», а затем +перейдёт к традиционному обнаружению SRV. Если обнаружение на основе +расположения будет выполнено успешно, серверы IPA, обнаруженные с помощью +обнаружения на основе расположения, будут считаться основными, а серверы +IPA, обнаруженные с помощью традиционного обнаружения SRV, будут +использоваться в качестве резервных + + + По умолчанию: false + + + + + + dyndns_refresh_interval (целое число) + + + Как часто внутреннему серверу следует выполнять периодическое обновление DNS +в дополнение к автоматическому обновлению, которое выполняется при переходе +внутреннего сервера в сетевой режим. Этот параметр является необязательным и +применяется только тогда, когда параметр dyndns_update установлен в значение +«true». + + + По умолчанию: 0 (отключено) + + + + + + dyndns_update_ptr (логическое значение) + + + Следует ли также явно обновлять запись PTR при обновлении записей DNS +клиента. Применимо только тогда, когда параметр dyndns_update установлен в +значение «true». + + + Этот параметр должен быть установлен в значение «False» в большинстве +развёрнутых систем IPA, так как сервер IPA генерирует записи PTR +автоматически при смене записей перенаправления. + + + Note that dyndns_update_per_family parameter does not +apply for PTR record updates. Those updates are always sent separately. + + + По умолчанию: false (отключено) + + + + + + dyndns_force_tcp (логическое значение) + + + Должна ли утилита nsupdate по умолчанию использовать TCP для обмена данными +с сервером DNS. + + + По умолчанию: false (разрешить nsupdate выбрать протокол) + + + + + + dyndns_server (строка) + + + Сервер DNS, который следует использовать для выполнения обновления DNS. В +большинстве конфигураций рекомендуется не устанавливать значение для этого +параметра. + + + Установка этого параметра имеет смысл для сред, в которых сервер DNS +отличается от сервера данных идентификации. + + + Обратите внимание, что этот параметр используется только для резервной +попытки, которая выполняется тогда, когда предыдущая попытка с +использованием автоматически определённых параметров завершилась неудачей. + + + По умолчанию: none (разрешить nsupdate выбрать сервер) + + + + + + dyndns_update_per_family (логическое значение) + + + По умолчанию обновление DNS выполняется за два шага: обновление IPv4, а +затем обновление IPv4. В некоторых случаях может быть желательно выполнить +обновление IPv4 и IPv6 за один шаг. + + + По умолчанию: true + + + + + + ipa_access_order (string) + + + Разделённый запятыми список параметров управления доступом. Допустимые +значения: + + + expire: use IPA's account expiration policy. + + + pwd_expire_policy_reject, pwd_expire_policy_warn, +pwd_expire_policy_renew: эти параметры полезны, если +пользователям нужно предупреждение о том, что срок действия пароля истекает, +и для проверки подлинности используются не пароли, а, например, ключи SSH. + + + The difference between these options is the action taken if user password is +expired: + + + + pwd_expire_policy_reject - user is denied to log in, + + + + + pwd_expire_policy_warn - user is still able to log in, + + + + + pwd_expire_policy_renew - user is prompted to change their password +immediately. + + + + + + Please note that 'access_provider = ipa' must be set for this feature to +work. + + + + + + ipa_deskprofile_search_base (строка) + + + Необязательный параметр. Использовать указанную строку как базу поиска +объектов, связанных с профилями рабочего стола. + + + По умолчанию: использовать base DN + + + + + + ipa_subid_ranges_search_base (строка) + + + Необязательный параметр. Использовать указанную строку как базу поиска +объектов, связанных с подчиненными диапазонами объектов. + + + По умолчанию: значение cn=subids,%basedn + + + + + + ipa_hbac_search_base (строка) + + + Необязательный параметр. Использовать указанную строку как базу поиска +объектов, связанных с HBAC. + + + По умолчанию: использовать base DN + + + + + + ipa_host_search_base (строка) + + + Не рекомендуется. Используйте ldap_host_search_base. + + + + + + ipa_selinux_search_base (строка) + + + Необязательный параметр. Использовать указанную строку как базу поиска карт +пользователей SELinux. + + + Сведения о настройке нескольких баз поиска доступны в описании параметра +ldap_search_base. + + + По умолчанию: значение ldap_search_base + + + + + + ipa_subdomains_search_base (строка) + + + Необязательный параметр. Использовать указанную строку как базу поиска +доверенных доменов. + + + Сведения о настройке нескольких баз поиска доступны в описании параметра +ldap_search_base. + + + По умолчанию: значение cn=trusts,%basedn + + + + + + ipa_master_domain_search_base (строка) + + + Необязательный параметр. Использовать указанную строку как базу поиска +объекта главного домена. + + + Сведения о настройке нескольких баз поиска доступны в описании параметра +ldap_search_base. + + + По умолчанию: значение cn=ad,cn=etc,%basedn + + + + + + ipa_views_search_base (строка) + + + Необязательный параметр. Использовать указанную строку как базу поиска +контейнеров просмотра. + + + Сведения о настройке нескольких баз поиска доступны в описании параметра +ldap_search_base. + + + По умолчанию: значение cn=views,cn=accounts,%basedn + + + + + + krb5_realm (строка) + + + Имя области Kerberos. Это необязательный параметр, по умолчанию он имеет +значение ipa_domain. + + + Имя области Kerberos имеет особое значение в IPA — оно преобразуется в base +DN, которое следует использовать для выполнения действий LDAP. + + + + + + krb5_confd_path (строка) + + + Абсолютный путь к каталогу, в котором SSSD следует размещать фрагменты +конфигурации Kerberos. + + + Чтобы отключить создание фрагментов конфигурации, установите этот параметр в +значение «none». + + + По умолчанию: не задано (подкаталог krb5.include.d каталога pubconf SSSD) + + + + + + ipa_deskprofile_refresh (целое число) + + + Временной интервал между сеансами поиска правил профилей рабочего стола на +сервере IPA. Это сократит задержки и нагрузку на сервер IPA, когда за +короткое время поступает много запросов на профили рабочего стола. + + + По умолчанию: 5 (секунд) + + + + + + ipa_deskprofile_request_interval (целое число) + + + Временной интервал между сеансами поиска правил профилей рабочего стола на +сервере IPA, если при последнем запросе не было возвращено ни одного +правила. + + + По умолчанию: 60 (минут) + + + + + + ipa_hbac_refresh (целое число) + + + Временной интервал между сеансами поиска правил HBAC на сервере IPA. Это +сократит задержки и нагрузку на сервер IPA, когда за короткое время +поступает много запросов на управление доступом. + + + По умолчанию: 5 (секунд) + + + + + + ipa_hbac_selinux (целое число) + + + Временной интервал между сеансами поиска карт SELinux на сервере IPA. Это +сократит задержки и нагрузку на сервер IPA, когда за короткое время +поступает много запросов на вход пользователей. + + + По умолчанию: 5 (секунд) + + + + + + ipa_server_mode (логическое значение) + + + Значение этого параметра будет задано автоматически установщиком IPA +(ipa-server-install). Оно определяет, работает SSSD на сервере IPA или нет. + + + На сервере IPA SSSD выполняет поиск пользователей и групп из доверенных +доменов напрямую, но на клиенте SSSD отправит запрос серверу IPA. + + + ПРИМЕЧАНИЕ: необходимо соблюсти несколько условий, если SSSD работает на +сервере IPA. + + + + Параметр ipa_server должен быть настроен так, чтобы он +указывал на сам сервер IPA. Такое стандартное значение уже задано +установщиком IPA, поэтому вносить изменения вручную не требуется. + + + + + Параметр full_name_format не должен быть настроен таким +образом, чтобы отображались только краткие имена пользователей из доверенных +доменов. + + + + + + По умолчанию: false + + + + + + ipa_automount_location (строка) + + + Расположение автоматического монтирования, которое будет использовать этот +клиент IPA + + + По умолчанию: расположение с именем «default» + + + + + + + + ПРЕДСТАВЛЕНИЯ И ПЕРЕОПРЕДЕЛЕНИЯ + + SSSD может обрабатывать представления и переопределения, которые +предоставляет FreeIPA версии 4.1 и выше. Так как все пути и классы объектов +зафиксированы на стороне сервера, в целом нет необходимости в дополнительной +настройке. Для полноты картины далее перечислены соответствующие параметры и +их стандартные значения. + + ipa_view_class (строка) + + + Класс объектов контейнера просмотра. + + + По умолчанию: nsContainer + + + + + + ipa_view_name (строка) + + + Имя атрибута, в котором хранится имя представления. + + + По умолчанию: cn + + + + + + ipa_override_object_class (строка) + + + Объектный класс переопределяемых объектов. + + + По умолчанию: ipaOverrideAnchor + + + + + + ipa_anchor_uuid (строка) + + + Имя атрибута, содержащего ссылку на исходный объект в удалённом домене. + + + По умолчанию: ipaAnchorUUID + + + + + + ipa_user_override_object_class (строка) + + + Имя класса объектов для переопределений пользователя. Используется для того, +чтобы определить, связан ли найденный объект переопределения с пользователем +или группой. + + + Переопределения пользователя могут содержать атрибуты, указанные с помощью + + + ldap_user_name + + + ldap_user_uid_number + + + ldap_user_gid_number + + + ldap_user_gecos + + + ldap_user_home_directory + + + ldap_user_shell + + + ldap_user_ssh_public_key + + + + + По умолчанию: ipaUserOverride + + + + + + ipa_group_override_object_class (строка) + + + Имя класса объектов для переопределений группы. Используется для того, чтобы +определить, связан ли найденный объект переопределения с пользователем или +группой. + + + Переопределения группы могут содержать атрибуты, указанные с помощью + + + ldap_group_name + + + ldap_group_gid_number + + + + + По умолчанию: ipaGroupOverride + + + + + + + + + + + + ПОСТАВЩИК ДАННЫХ ПОДДОМЕНОВ + + В зависимости от того, настроен ли поставщик данных поддоменов IPA явным или +неявным образом, его поведение будет немного отличаться. + + + Если в разделе домена sssd.conf найден параметр «subdomains_provider = ipa», +поставщик данных поддоменов IPA настроен в явном виде, и при необходимости +все запросы поддоменов отправляются серверу IPA. + + + Если в разделе домена sssd.conf не задан параметр «subdomains_provider», но +имеется параметр «id_provider = ipa», поставщик данных поддоменов IPA +настроен в неявном виде. В этом случае, если происходит ошибка запроса к +поддомену, которая указывает на то, что сервер не поддерживает поддомены, то +есть на нём не настроены отношения доверия, поставщик данных поддоменов IPA +будет отключён. Через час или после того, как поставщик данных IPA выходит в +сеть, поставщик данных поддоменов включается снова. + + + + + КОНФИГУРАЦИЯ ДОВЕРЕННЫХ ДОМЕНОВ + + Для доверенного домена также можно задать некоторые параметры +конфигурации. Настройку доверенного домена можно выполнить с помощью +подраздела доверенного домена, как показано в примере ниже. Либо можно +воспользоваться параметром subdomain_inherit в родительском +домене. +[domain/ipa.domain.com/ad.domain.com] +ad_server = dc.ad.domain.com + + + + Дополнительные сведения доступны на справочной странице +sssd.conf 5 +. + + + Для доверенного домена можно выполнить тонкую настройку различных параметров +конфигурации в соответствии с тем, где настраивается SSSD: на сервере IPA +или на клиенте IPA. + + + ПАРАМЕТРЫ, КОТОРЫЕ МОЖНО НАСТРОИТЬ НА ОСНОВНЫХ СЕРВЕРАХ IPA + + В разделе поддомена на основном сервере IPA можно настроить следующие +параметры: + + + ad_server + + + ad_backup_server + + + ad_site + + + ldap_search_base + + + ldap_user_search_base + + + ldap_group_search_base + + + use_fully_qualified_names + + + + + + ПАРАМЕТРЫ, КОТОРЫЕ МОЖНО НАСТРОИТЬ НА КЛИЕНТАХ IPA + + В разделе поддомена на клиенте IPA можно настроить следующие параметры: + + + ad_server + + + ad_site + + + + + Обратите внимание: если заданы оба параметра, учитывается только +ad_server. + + + Так как любой запрос идентификационных данных пользователя или группы из +доверенного домена, который активирован клиентом IPA, разрешается сервером +IPA, параметры ad_server и ad_site влияют +только на то, на каком контроллере домена AD DC будет выполняться проверка +подлинности. В частности, полученные из этих списков адреса будут записаны в +файлы kdcinfo, чтение которых выполняет модуль локатора +Kerberos. Дополнительные сведения о модуле локатора Kerberos доступны на +справочной странице +sssd_krb5_locator_plugin +8 . + + + + + + + + + + ПРИМЕР + + В следующем примере предполагается, что конфигурация SSSD корректна и что +example.com — один из доменов в разделе [sssd]. В +примере показаны только параметры, относящиеся к поставщику данных IPA. + + + +[domain/example.com] +id_provider = ipa +ipa_server = ipaserver.example.com +ipa_hostname = myhost.example.com + + + + + + + + diff --git a/src/man/ru/sssd-kcm.8.xml b/src/man/ru/sssd-kcm.8.xml new file mode 100644 index 0000000..0292061 --- /dev/null +++ b/src/man/ru/sssd-kcm.8.xml @@ -0,0 +1,305 @@ + + + +Справка по SSSD + + + + + sssd-kcm + 8 + Форматы файлов и рекомендации + + + + sssd-kcm + Диспетчер кэшей Kerberos SSSD + + + + ОПИСАНИЕ + + На этой справочной странице представлено описание настройки диспетчера кэшей +Kerberos SSSD (Kerberos Cache Manager или KCM). KCM — это процесс, который +хранит кэши учётных данных Kerberos, отслеживает эти кэши и управляет +ими. Он был создан на основе проекта Heimdal Kerberos, хотя библиотека MIT +Kerberos также предоставляет поддержку со стороны клиента (подробнее об этом +далее) для кэша учётных данных KCM. + + + В конфигурации, где кэшами Kerberos управляет KCM, библиотека Kerberos +(обычно используемая через приложение, например +kinit1 +) является клиентом KCM, а внутренняя служба +KCM называется сервером KCM. Клиент и сервер обмениваются +данными с помощью сокета UNIX. + + + Сервер KCM следит за всеми владельцами кэшей учётных данных и осуществляет +управление проверками прав доступа на основе UID и GID клиента +KCM. Пользователь root имеет доступ ко всем кэшам учётных данных. + + + Кэш учётных данных KCM обладает несколькими интересными свойствами: + + + + так как процесс выполняется в пространстве пользователей, он подлежит +ограничениям по пространству имён UID, в отличие от набора ключей ядра + + + + + в отличие от кэша на основе набора ключей ядра, который является общим для +всех контейнеров, сервер KCM представляет собой отдельный процесс, точкой +входа которого является сокет UNIX + + + + + реализация SSSD сохраняет данные ccache в базе данных (обычно она находится +по адресу /var/lib/sss/secrets), что позволяет не +терять эти данные при перезапусках сервера KCM или перезагрузках компьютера. + + + + Это позволяет системе использовать кэш учётных данных с учётом сбора, +одновременно делая кэш учётных данных общим для нескольких контейнеров (или +для никаких контейнеров вообще) путём привязки-монтирования сокета. + + + Тайм-аут простоя клиента KCM по умолчанию составляет 5 минут, что +предоставляет больше времени на взаимодействие пользователя с инструментами +командной строки, например kinit. + + + + + ИСПОЛЬЗОВАНИЕ КЭША УЧЁТНЫХ ДАННЫХ KCM + + Чтобы использовать кэш учётных данных KCM, необходимо выбрать его в качестве +стандартного типа учётных данных в +krb5.conf5 +. Именем кэша учётных данных может быть только +KCM:, без каких-либо расширений шаблонов. Например: + +[libdefaults] + default_ccache_name = KCM: + + + + Далее следует указать одинаковый путь к сокету UNIX для клиентских библиотек +Kerberos и сервера KCM. По умолчанию и для библиотек, и для сервера +используется путь +/var/run/.heim_org.h5l.kcm-socket. Чтобы +настроить библиотеку Kerberos, измените её параметр +kcm_socket, описание которого приводится на справочной +странице +krb5.conf5 +. + + + И наконец, следует убедиться, что с сервером KCM SSSD можно +связаться. Служба KCM обычно активируется +systemd 1 + с помощью сокета. В отличие от других служб SSSD, её нельзя +запустить, добавив строку kcm к инструкции +service. +systemctl start sssd-kcm.socket +systemctl enable sssd-kcm.socket + Обратите +внимание, что в дистрибутиве уже может быть выполнена соответствующая +настройка модулей. + + + + + ХРАНИЛИЩЕ КЭША УЧЁТНЫХ ДАННЫХ + + Кэши учётных данных хранятся в базе данных, что очень похоже на хранение +кэшей записей пользователей и групп SSSD. Обычно эта база данных находится +по адресу /var/lib/sss/secrets. + + + + + ПОЛУЧЕНИЕ ЖУРНАЛА ОТЛАДКИ + + Служба sssd-kcm обычно активируется на сокете +systemd 1 +. Для генерации журнала отладки добавьте следующее либо +непосредственно в файл /etc/sssd/sssd.conf, либо как +фрагмент конфигурации в каталог /etc/sssd/conf.d/: + +[kcm] +debug_level = 10 + Затем перезапустите службу +sssd-kcm: +systemctl restart sssd-kcm.service + И выполните те +действия, которые не приводят к желаемым результатам. Журнал KCM будет +записан в /var/log/sssd/sssd_kcm.log. Когда в работе +службы отладки больше не будет необходимости, рекомендуется отключить журнал +отладки, так как служба sssd-kcm может генерировать довольно большое +количество данных отладки. + + + Обратите внимание, что в настоящее время фрагменты конфигурации +обрабатываются только в том случае, если основной файл конфигурации по пути +/etc/sssd/sssd.conf существует. + + + + + ОБНОВЛЕНИЯ + + Службу sssd-kcm можно настроить на выполнение попыток обновления TGT для +обновляемых TGT, которые хранятся в ccache KCM. Попытка обновления +выполняется только в том случае, если прошла половина времени жизни +билета. Обновления KCM настраиваются при установке следующих параметров в +разделе [kcm]: +tgt_renewal = true +krb5_renew_interval = 60m + + + + SSSD также может наследовать параметры krb5 для обновлений из существующего +домена. + + +tgt_renewal = true +tgt_renewal_inherit = domain-name + + + Для управления поведением обновлений в разделе [kcm] можно настроить +следующие параметры krb5 (подробное описание этих параметров приводится +далее) +krb5_renew_interval +krb5_renewable_lifetime +krb5_lifetime +krb5_validate +krb5_canonicalize +krb5_auth_timeout + + + + + + ПАРАМЕТРЫ КОНФИГУРАЦИИ + + Служба KCM настраивается в разделе kcm файла +sssd.conf. Обратите внимание: так как служба KCM обычно активируется с +помощью сокета, достаточно просто перезапустить службу +sssd-kcm после изменения параметров в разделе +kcm sssd.conf: +systemctl restart sssd-kcm.service + + + + Настройки службы KCM выполняются с помощью kcm. Подробные +сведения о синтаксисе доступны в разделе ФОРМАТ ФАЙЛА +справочной страницы sssd.conf +5 . + + + Службе kcm можно передавать типовые параметры сервиса SSSD, такие как +debug_level илиfd_limit. Полный список +параметров доступен на справочной странице +sssd.conf 5 +. Кроме того, предусмотрено несколько специфичных для KCM +параметров. + + + + socket_path (строка) + + + Сокет, на котором будет ожидать передачи данных служба KCM. + + + По умолчанию: /var/run/.heim_org.h5l.kcm-socket + + + Примечание: на платформах, которые +поддерживают systemd, путь к сокету перезаписан путём, который определён в +файле модуля sssd-kcm.socket. + + + + + max_ccaches (целое число) + + + Сколько кэшей учётных данных может содержать база данных KCM для всех +пользователей. + + + По умолчанию: 0 (без ограничений, принудительно применяется только квота для +отдельного UID) + + + + + max_uid_ccaches (целое число) + + + Сколько кэшей учётных данных может содержать база данных KCM для одного +UID. Это эквивалентно количеству участников, инициализацию которых +можно выполнить с помощью kinit. + + + По умолчанию: 64 + + + + + max_ccache_size (целое число) + + + Максимальный размер кэша учётных данных для отдельного ccache. Эта квота +вычисляется сразу для всех билетов служб. + + + По умолчанию: 65536 + + + + + tgt_renewal (логическое значение) + + + Включает функциональную возможность обновлений TGT. + + + По умолчанию: False (автоматические обновления отключены) + + + + + tgt_renewal_inherit (строка) + + + Домен, от которого наследуются параметры krb5_*, для использования при +обновлении TGT. + + + По умолчанию: NULL + + + + + + + + + СМ. ТАКЖЕ + + sssd8 +, +sssd.conf5 +, + + + + diff --git a/src/man/ru/sssd-krb5.5.xml b/src/man/ru/sssd-krb5.5.xml new file mode 100644 index 0000000..0f3e9ca --- /dev/null +++ b/src/man/ru/sssd-krb5.5.xml @@ -0,0 +1,455 @@ + + + +Справка по SSSD + + + + + sssd-krb5 + 5 + Форматы файлов и рекомендации + + + + sssd-krb5 + Поставщик данных Kerberos SSSD + + + + ОПИСАНИЕ + + На этой справочной странице представлено описание настройки внутреннего +сервера проверки подлинности Kerberos 5 для +sssd 8 +. Подробные сведения о синтаксисе доступны в разделе +ФОРМАТ ФАЙЛА справочной страницы +sssd.conf 5 +. + + + Внутренний сервер проверки подлинности Kerberos 5 содержит поставщиков +данных для проверки подлинности (auth) и смены пароля (chpass). Для +корректной работы его необходимо использовать совместно с поставщиком данных +идентификации (например, id_provider = ldap). Некоторые данные, которые +требуются внутреннему серверу проверки подлинности Kerberos 5, должны +предоставляться поставщиком данных идентификации (например, имя участника +Kerberos пользователя (UPN)). В конфигурации поставщика данных идентификации +должна быть запись с указанием UPN. Сведения о том, как выполнить такую +настройку, доступны на справочной странице соответствующего поставщика +данных идентификации. + + + Этот внутренний сервер также предоставляет возможность управления доступом +на основе файла .k5login в домашнем каталоге пользователя. Дополнительные +сведения доступны на справочной странице +k5login5 +. Обратите внимание, что пользователю будет отказано в +доступе, если файл .k5login пуст. Чтобы активировать эту возможность, +укажите «access_provider = krb5» в конфигурации SSSD. + + + Если на внутреннем сервере идентификации недоступен UPN, +sssd создаст UPN в формате +username@krb5_realm. + + + + + + ПАРАМЕТРЫ КОНФИГУРАЦИИ + + Если в домене SSSD используется модуль проверки подлинности krb5, необходимо +использовать следующие параметры. Сведения о конфигурации домена SSSD +доступны на справочной странице +sssd.conf 5 +, в разделе РАЗДЕЛЫ ДОМЕНА. + + krb5_server, krb5_backup_server (строка) + + + Разделённый запятыми список IP-адресов или имён узлов серверов Kerberos, к +которым SSSD следует подключаться в порядке приоритета. Дополнительные +сведения об отработке отказа и избыточности сервера доступны в разделе +ОТРАБОТКА ОТКАЗА. После адресов или имён узлов можно +(необязательно) добавить номер порта (предварив его двоеточием). Если у +параметра пустое значение, будет включено обнаружение служб — дополнительные +сведения доступны в разделе ОБНАРУЖЕНИЕ СЛУЖБ. + + + При использовании обнаружения служб для серверов KDC или kpasswd SSSD +сначала выполняет поиск записей DNS, в которых в качестве протокола указан +_udp. Если такие записи не удаётся найти, SSSD выполняет поиск записей DNS, +в которых в качестве протокола указан _tcp. + + + В предыдущих версиях SSSD этот параметр назывался +krb5_kdcip. Это устаревшее имя всё ещё распознаётся, но +пользователям рекомендуется перейти на использование +krb5_server в файлах конфигурации. + + + + + + krb5_realm (строка) + + + Имя области Kerberos. Этот параметр является обязательным и должен быть +указан. + + + + + + krb5_kpasswd, krb5_backup_kpasswd (строка) + + + Если на KDC не запущена служба смены паролей, здесь можно задать +альтернативные серверы. После адресов или имён узлов можно добавить +необязательный номер порта (предварив его двоеточием). + + + Дополнительные сведения об отработке отказа и избыточности сервера доступны +в разделе ОТРАБОТКА ОТКАЗА. ПРИМЕЧАНИЕ: даже если список +серверов kpasswd будет исчерпан, внутренний сервер не перейдёт в автономный +режим работы, если всё ещё возможна проверка подлинности с помощью KDC. + + + По умолчанию: использовать KDC + + + + + + krb5_ccachedir (строка) + + + Каталог для хранения кэшей учётных данных. Здесь также можно использовать +все последовательности замещения krb5_ccname_template, за исключением %d и +%P. Каталог создаётся как закрытый, его владельцем является пользователь, +права доступа — 0700. + + + По умолчанию: /tmp + + + + + + krb5_ccname_template (строка) + + + Расположение кэша учётных данных пользователя. В настоящее время +поддерживаются три типа кэша учётных данных: FILE, +DIR и KEYRING:persistent. Кэш можно указать +либо как TYPE:RESIDUAL, либо как абсолютный путь, +что предполагает тип FILE. В шаблоне заменяются следующие +последовательности: + + %u + имя для входа + + + %U + UID для входа + + + %p + имя участника + + + + %r + имя области + + + %h + домашний каталог + + + + %d + значение krb5_ccachedir + + + + + %P + идентификатор процесса клиента SSSD + + + + %% + литерал «%» + + + Если шаблон +заканчивается на «XXXXXX», для безопасного создания уникального имени файла +используется mkstemp(3). + + + Если используются типы KEYRING, единственным поддерживаемым механизмом +является KEYRING:persistent:%U, то есть использование набора +ключей ядра Linux для хранения учётных данных на основе разделения по +UID. Этот вариант также является рекомендуемым, так как этот способ +обеспечивает наибольшую безопасность и предсказуемость. + + + Источником стандартного значения имени кэша учётных данных является профиль, +который хранится в общесистемном файле конфигурации krb5.conf в разделе +[libdefaults]. Имя параметра — default_ccache_name. Дополнительные сведения +о формате расширения, определённом krb5.conf, доступны в абзаце о расширении +параметров (PARAMETER EXPANSION) krb5.conf(5). + + + ПРИМЕЧАНИЕ: обратите внимание, что в шаблоне расширения ccache libkrb5 из + krb5.conf +5 используются другие +последовательности расширения, чем в SSSD. + + + По умолчанию: (из libkrb5) + + + + + + krb5_keytab (строка) + + + Расположение таблицы ключей, которую следует использовать при проверке +учётных данных, полученных от KDC. + + + По умолчанию: системная таблица ключей, обычно +/etc/krb5.keytab + + + + + + krb5_store_password_if_offline (логическое значение) + + + Сохранять пароль пользователя, если поставщик не в сети, и использовать его +для запроса TGT, когда поставщик снова появляется в сети. + + + ПРИМЕЧАНИЕ: эта возможность доступна только в Linux. Пароли, сохранённые +таким образом, хранятся как простой текст в наборе ключей ядра и +потенциально доступны пользователю root (потребуются некоторые усилия). + + + По умолчанию: false + + + + + + krb5_use_fast (строка) + + + Включает защищённое туннелирование гибкой проверки подлинности (FAST) для +предварительной проверки подлинности Kerberos. Поддерживаются следующие +параметры: + + + never — никогда не использовать FAST. Это равнозначно +тому варианту, когда значение этого параметра вообще не указано. + + + try — пытаться использовать FAST. Если сервер не +поддерживает FAST, проверка подлинности будет продолжена без него. + + + demand — требовать использования FAST. Проверка +подлинности будет неудачной, если сервер не требует использования FAST. + + + По умолчанию: не задано, то есть FAST не используется. + + + ПРИМЕЧАНИЕ: для использования FAST необходима таблица ключей или поддержка +анонимного PKINIT. + + + ПРИМЕЧАНИЕ: SSSD поддерживает FAST только для MIT Kerberos версии 1.8 и +выше. Если SSSD используется с более ранней версией MIT Kerberos, +использование этого параметра является ошибкой конфигурации. + + + + + + krb5_fast_principal (строка) + + + Указывает участник-сервер, который следует использовать для FAST. + + + + + + krb5_fast_use_anonymous_pkinit (логическое значение) + + + Если установлено значение «true», попытаться воспользоваться анонимным +PKINIT вместо таблицы ключей для получения необходимых учётных данных для +FAST. В этом случае параметры krb5_fast_principal игнорируются. + + + По умолчанию: false + + + + + + krb5_use_kdcinfo (логическое значение) + + + Позволяет указать, следует ли SSSD сообщать библиотекам, какую область и +какие KDC нужно использовать. Этот параметр включён по умолчанию. Если +отключить его, потребуется настроить библиотеку Kerberos с помощью файла +конфигурации krb5.conf +5 . + + + Дополнительные сведения о модуле локатора доступны на справочной странице + sssd_krb5_locator_plugin +8 . + + + По умолчанию: true + + + + + + krb5_kdcinfo_lookahead (строка) + + + Когда параметр krb5_use_kdcinfo установлен в значение «true», можно +ограничить количество серверов, которые передаются +sssd_krb5_locator_plugin +8 . Это может быть полезно, когда с +помощью записи SRV обнаруживается слишком много серверов. + + + Параметр krb5_kdcinfo_lookahead содержит два числа, разделённых +двоеточием. Первое число представляет количество используемых основных +серверов, а второе — количество резервных серверов. + + + Например, 10:0 означает, что +sssd_krb5_locator_plugin +8 будут переданы 10 основных +серверов, но ни одного резервного сервера. + + + По умолчанию: 3:1 + + + + + + krb5_use_enterprise_principal (логическое значение) + + + Позволяет указать, следует ли обрабатывать участника-пользователя как +участника-предприятие. Дополнительные сведения об участниках-предприятиях +доступны в разделе 5 RFC 6806. + + + + По умолчанию: false (поставщик данных AD: true) + + + Поставщик данных IPA установит этот параметр в значение «true», если +определит, что сервер может обрабатывать участников-предприятия, и если этот +параметр не задан в явном виде в файле конфигурации. + + + + + + krb5_use_subdomain_realm (логическое значение) + + + Указывает использовать области поддоменов для проверки подлинности +пользователей из доверенных доменов. Этот параметр можно установить в +значение «true», если участники-предприятия используются с upnSuffixes, +неизвестными KDC родительского домена. Если этот параметр установлен в +значение «true», SSSD будет пытаться отправить запрос напрямую KDC того +доверенного домена, из которого пришёл пользователь. + + + + По умолчанию: false + + + + + + krb5_map_user (строка) + + + Перечень сопоставлений указывается в виде разделённого запятыми списка пар +username:primary, где username — имя +пользователя UNIX, а primary — часть пользователя в записи +участника Kerberos. Это сопоставление задействуется, когда для проверки +подлинности пользователя используется auth_provider = krb5. + + + + пример: +krb5_realm = REALM +krb5_map_user = joe:juser,dick:richard + + + + joe и dick — имена пользователей UNIX, а +juser и richard — основные части участников +Kerberos. Для пользователей joe и dick SSSD +попытается выполнить kinit как, соответственно, juser@REALM и +richard@REALM. + + + + По умолчанию: не задано + + + + + + + + + + + + + + + ПРИМЕР + + В следующем примере предполагается, что конфигурация SSSD корректна и что +FOO — один из доменов в разделе [sssd]. В примере +показана только конфигурация проверки подлинности Kerberos; он не включает +какого-либо поставщика данных идентификации. + + + +[domain/FOO] +auth_provider = krb5 +krb5_server = 192.168.1.1 +krb5_realm = EXAMPLE.COM + + + + + + + + diff --git a/src/man/ru/sssd-ldap-attributes.5.xml b/src/man/ru/sssd-ldap-attributes.5.xml new file mode 100644 index 0000000..3f2aa2a --- /dev/null +++ b/src/man/ru/sssd-ldap-attributes.5.xml @@ -0,0 +1,1187 @@ + + + +Справка по SSSD + + + + + sssd-ldap-attributes + 5 + Форматы файлов и рекомендации + + + + sssd-ldap-attributes + Поставщик данных LDAP SSSD: атрибуты сопоставления + + + + ОПИСАНИЕ + + На этой справочной странице представлено описание атрибутов сопоставления +поставщика данных LDAP SSSD +sssd-ldap 5 +. Подробные сведения о параметрах настройки поставщика данных +LDAP SSSD доступны на справочной странице +sssd-ldap 5 +. + + + + + АТРИБУТЫ ПОЛЬЗОВАТЕЛЯ + + + + ldap_user_object_class (строка) + + + Класс объектов записи пользователя в LDAP. + + + По умолчанию: posixAccount + + + + + + ldap_user_name (строка) + + + Атрибут LDAP, соответствующий имени пользователя для входа. + + + По умолчанию: uid (rfc2307, rfc2307bis и IPA), sAMAccountName (AD) + + + + + + ldap_user_uid_number (строка) + + + Атрибут LDAP, соответствующий идентификатору пользователя. + + + По умолчанию: uidNumber + + + + + + ldap_user_gid_number (строка) + + + Атрибут LDAP, соответствующий идентификатору основной группы пользователя. + + + По умолчанию: gidNumber + + + + + + ldap_user_primary_group (строка) + + + Атрибут основной группы Active Directory для сопоставления ID. Обратите +внимание, что этот атрибут следует устанавливать только вручную, если +запущен поставщик ldap с сопоставлением ID. + + + По умолчанию: не задано (LDAP), primaryGroupID (AD) + + + + + + ldap_user_gecos (строка) + + + Атрибут LDAP, соответствующий полю gecos пользователя. + + + По умолчанию: gecos + + + + + + ldap_user_home_directory (строка) + + + Атрибут LDAP, который содержит имя домашнего каталога пользователя. + + + По умолчанию: homeDirectory (LDAP и IPA), unixHomeDirectory (AD) + + + + + + ldap_user_shell (строка) + + + Атрибут LDAP, который содержит путь к стандартной оболочке пользователя. + + + По умолчанию: loginShell + + + + + + ldap_user_uuid (строка) + + + Атрибут LDAP, который содержит UUID/GUID объекта пользователя LDAP. + + + По умолчанию: не задано в общем случае, objectGUID для AD и ipaUniqueID для +IPA + + + + + + ldap_user_objectsid (строка) + + + Атрибут LDAP, который содержит objectSID объекта пользователя LDAP. Обычно +требуется только для серверов Active Directory. + + + По умолчанию: objectSid для Active Directory, не задано для других серверов. + + + + + + ldap_user_modify_timestamp (строка) + + + Атрибут LDAP, который содержит отметку времени последнего изменения +родительского объекта. + + + По умолчанию: modifyTimestamp + + + + + + ldap_user_shadow_last_change (строка) + + + Если используется ldap_pwd_policy=shadow, этот параметр содержит имя +атрибута LDAP, соответствующего сопряжённому +shadow 5 + (дата последней смены пароля). + + + По умолчанию: shadowLastChange + + + + + + ldap_user_shadow_min (строка) + + + Если используется ldap_pwd_policy=shadow, этот параметр содержит имя +атрибута LDAP, соответствующего сопряжённому +shadow 5 + (минимальный срок действия пароля). + + + По умолчанию: shadowMin + + + + + + ldap_user_shadow_max (строка) + + + Если используется ldap_pwd_policy=shadow, этот параметр содержит имя +атрибута LDAP, соответствующего сопряжённому +shadow 5 + (максимальный срок действия пароля). + + + По умолчанию: shadowMax + + + + + + ldap_user_shadow_warning (строка) + + + Если используется ldap_pwd_policy=shadow, этот параметр содержит имя +атрибута LDAP, соответствующего сопряжённому +shadow 5 + (срок предупреждения о пароле). + + + По умолчанию: shadowWarning + + + + + + ldap_user_shadow_inactive (строка) + + + Если используется ldap_pwd_policy=shadow, этот параметр содержит имя +атрибута LDAP, соответствующего сопряжённому +shadow 5 + (срок неактивности пароля). + + + По умолчанию: shadowInactive + + + + + + ldap_user_shadow_expire (строка) + + + Если используется ldap_pwd_policy=shadow или +ldap_account_expire_policy=shadow, этот параметр содержит имя атрибута LDAP, +соответствующего сопряжённому +shadow 5 + (дата истечения срока действия учётной записи). + + + По умолчанию: shadowExpire + + + + + + ldap_user_krb_last_pwd_change (строка) + + + Если используется ldap_pwd_policy=mit_kerberos, этот параметр содержит имя +атрибута LDAP, хранящего дату и время последней смены пароля в kerberos. + + + По умолчанию: krbLastPwdChange + + + + + + ldap_user_krb_password_expiration (строка) + + + Если используется ldap_pwd_policy=mit_kerberos, этот параметр содержит имя +атрибута LDAP, хранящего дату и время истечения срока действия текущего +пароля. + + + По умолчанию: krbPasswordExpiration + + + + + + ldap_user_ad_account_expires (строка) + + + Если используется ldap_account_expire_policy=ad, этот параметр содержит имя +атрибута LDAP, хранящего время истечения срока действия учётной записи. + + + По умолчанию: accountExpires + + + + + + ldap_user_ad_user_account_control (строка) + + + Если используется ldap_account_expire_policy=ad, этот параметр содержит имя +атрибута LDAP, хранящего битовое поле управления учётной записью +пользователя. + + + По умолчанию: userAccountControl + + + + + + ldap_ns_account_lock (строка) + + + Если используется ldap_account_expire_policy=rhds или эквивалент, этот +параметр определяет, разрешён ли доступ. + + + По умолчанию: nsAccountLock + + + + + + ldap_user_nds_login_disabled (строка) + + + Если используется ldap_account_expire_policy=nds, этот атрибут определяет, +разрешён ли доступ. + + + По умолчанию: loginDisabled + + + + + + ldap_user_nds_login_expiration_time (строка) + + + Если используется ldap_account_expire_policy=nds, этот атрибут определяет, +до какой даты предоставляется доступ. + + + По умолчанию: loginDisabled + + + + + + ldap_user_nds_login_allowed_time_map (строка) + + + Если используется ldap_account_expire_policy=nds, этот атрибут определяет, в +какие часы дней недели предоставляется доступ. + + + По умолчанию: loginAllowedTimeMap + + + + + + ldap_user_principal (строка) + + + Атрибут LDAP, который содержит имя участника-пользователя Kerberos (UPN) +пользователя. + + + По умолчанию: krbPrincipalName + + + + + + ldap_user_extra_attrs (строка) + + + Разделённый запятыми список атрибутов LDAP, которые SSSD получит вместе с +обычным набором атрибутов пользователя. + + + Список может содержать либо только имена атрибутов LDAP, либо разделённые +двоеточиями кортежи с именем атрибута кэша SSSD и именем атрибута LDAP. Если +указано только имя атрибута LDAP, атрибут сохраняется в кэш буквально. В +средах, где настроено несколько доменов SSSD с разными схемами LDAP, может +быть необходимо использование пользовательского имени атрибута SSSD. + + + Обратите внимание, что несколько имён атрибутов зарезервировано SSSD (в +частности, атрибут name). SSSD сообщит об ошибке, если +какие-либо из них будут использованы в качестве имени дополнительного +атрибута. + + + Примеры: + + + ldap_user_extra_attrs = telephoneNumber + + + Сохранить атрибут telephoneNumber из LDAP в кэш как +telephoneNumber. + + + ldap_user_extra_attrs = phone:telephoneNumber + + + Сохранить атрибут telephoneNumber из LDAP в кэш как +phone. + + + По умолчанию: не задано + + + + + + ldap_user_ssh_public_key (строка) + + + Атрибут LDAP, который содержит открытые ключи SSH пользователя. + + + По умолчанию: sshPublicKey + + + + + + ldap_user_fullname (строка) + + + Атрибут LDAP, соответствующий полному имени пользователя. + + + По умолчанию: cn + + + + + + ldap_user_member_of (строка) + + + Атрибут LDAP со списком групп, участником которых является пользователь. + + + По умолчанию: memberOf + + + + + + ldap_user_authorized_service (строка) + + + Если access_provider=ldap и ldap_access_order=authorized_service, SSSD будет +использовать наличие атрибута authorizedService в записи пользователя LDAP +для определения привилегий доступа. + + + Сначала определяются явные запреты (!svc). Затем SSSD выполняет поиск явных +разрешений (svc), а после этого — поиск общих разрешений, allow_all (*). + + + Обратите внимание, что параметр конфигурации ldap_access_order +должен включать authorized_service, +чтобы можно было использовать параметр ldap_user_authorized_service. + + + В некоторых дистрибутивах (например, Fedora-29+ или RHEL-8) служба PAM +systemd-user всегда является частью процесса входа в +систему. Следовательно, когда используется управление доступом на основе +данных служб, следует добавить службу systemd-user в список +разрешённых служб. + + + По умолчанию: authorizedService + + + + + + ldap_user_authorized_host (строка) + + + Если access_provider=ldap и ldap_access_order=host, SSSD будет использовать +наличие атрибута host в записи пользователя LDAP для определения привилегий +доступа. + + + Сначала определяются явные запреты (!host). Затем SSSD выполняет поиск явных +разрешений (host), а после этого — поиск общих разрешений, allow_all (*). + + + Обратите внимание, что параметр конфигурации ldap_access_order +должен включать host, чтобы можно было +использовать параметр ldap_user_authorized_host. + + + По умолчанию: host + + + + + + ldap_user_authorized_rhost (строка) + + + Если access_provider=ldap и ldap_access_order=rhost, SSSD будет использовать +наличие атрибута rhost в записи пользователя LDAP для определения привилегий +доступа. Аналогично процессу проверки узла. + + + Сначала определяются явные запреты (!rhost). Затем SSSD выполняет поиск +явных разрешений (rhost), а после этого — поиск общих разрешений, allow_all +(*). + + + Обратите внимание, что параметр конфигурации ldap_access_order +должен включать rhost, чтобы можно было +использовать параметр ldap_user_authorized_rhost. + + + По умолчанию: rhost + + + + + + ldap_user_certificate (строка) + + + Имя атрибута LDAP, содержащего сертификат X509 пользователя. + + + По умолчанию: userCertificate;binary + + + + + + ldap_user_email (строка) + + + Имя атрибута LDAP, который содержит адрес электронной почты пользователя. + + + Примечание: если адрес электронной почты пользователя конфликтует с адресом +электронной почты или полным именем другого пользователя, SSSD не удастся +надлежащим образом обслужить этих пользователей. Если у нескольких +пользователей по какой-либо причине должен быть один и тот же адрес +электронной почты, задайте в качестве значения этого параметра +несуществующее имя атрибута, чтобы отключить поиск/вход пользователей по +электронной почте. + + + По умолчанию: mail + + + + + ldap_user_passkey (string) + + + Name of the LDAP attribute containing the passkey mapping data of the user. + + + Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD) + + + + + + + + + АТРИБУТЫ ГРУППЫ + + + + ldap_group_object_class (строка) + + + Класс объектов записи группы в LDAP. + + + По умолчанию: posixGroup + + + + + + ldap_group_name (строка) + + + The LDAP attribute that corresponds to the group name. In an environment +with nested groups, this value must be an LDAP attribute which has a unique +name for every group. This requirement includes non-POSIX groups in the tree +of nested groups. + + + По умолчанию: cn (rfc2307, rfc2307bis и IPA), sAMAccountName (AD) + + + + + + ldap_group_gid_number (строка) + + + Атрибут LDAP, соответствующий идентификатору группы. + + + По умолчанию: gidNumber + + + + + + ldap_group_member (строка) + + + Атрибут LDAP, который содержит имена участников группы. + + + По умолчанию: memberuid (rfc2307) / member (rfc2307bis) + + + + + + ldap_group_uuid (строка) + + + Атрибут LDAP, который содержит UUID/GUID объекта группы LDAP. + + + По умолчанию: не задано в общем случае, objectGUID для AD и ipaUniqueID для +IPA + + + + + + ldap_group_objectsid (строка) + + + Атрибут LDAP, который содержит objectSID объекта группы LDAP. Обычно +требуется только для серверов Active Directory. + + + По умолчанию: objectSid для Active Directory, не задано для других серверов. + + + + + + ldap_group_modify_timestamp (строка) + + + Атрибут LDAP, который содержит отметку времени последнего изменения +родительского объекта. + + + По умолчанию: modifyTimestamp + + + + + + ldap_group_type (строка) + + + Атрибут LDAP, который содержит целое значение, обозначающее тип группы, и, +возможно, другие флаги. + + + Этот атрибут в настоящее время используется только поставщиком данных AD для +определения того, является ли группа группой, локальной в домене, и должна +ли быть отфильтрована для доверенных доменов. + + + По умолчанию: groupType для поставщика данных AD, в ином случае не задано + + + + + + ldap_group_external_member (строка) + + + Атрибут LDAP, который ссылается на участников группы, которые определены во +внешнем домене. В настоящее время поддерживаются только внешние участники +IPA. + + + По умолчанию: ipaExternalMember для поставщика данных IPA, в ином случае не +задано. + + + + + + + + + АТРИБУТЫ СЕТЕВОЙ ГРУППЫ + + + + ldap_netgroup_object_class (строка) + + + Класс объектов записи сетевой группы в LDAP. + + + В поставщике данных IPA следует использовать ipa_netgroup_object_class. + + + По умолчанию: nisNetgroup + + + + + + ldap_netgroup_name (строка) + + + Атрибут LDAP, соответствующий имени сетевой группы. + + + В поставщике данных IPA следует использовать ipa_netgroup_name. + + + По умолчанию: cn + + + + + + ldap_netgroup_member (строка) + + + Атрибут LDAP, который содержит имена участников сетевой группы. + + + В поставщике данных IPA следует использовать ipa_netgroup_member. + + + По умолчанию: memberNisNetgroup + + + + + + ldap_netgroup_triple (строка) + + + Атрибут LDAP, который содержит тройки (узел, пользователь, домен) сетевых +групп. + + + Этот параметр недоступен в поставщике данных IPA. + + + По умолчанию: nisNetgroupTriple + + + + + + ldap_netgroup_modify_timestamp (строка) + + + Атрибут LDAP, который содержит отметку времени последнего изменения +родительского объекта. + + + Этот параметр недоступен в поставщике данных IPA. + + + По умолчанию: modifyTimestamp + + + + + + + + + АТРИБУТЫ УЗЛА + + + + ldap_host_object_class (строка) + + + Класс объектов записи узла в LDAP. + + + По умолчанию: ipService + + + + + + ldap_host_name (строка) + + + Атрибут LDAP, соответствующий имени узла. + + + По умолчанию: cn + + + + + + ldap_host_fqdn (строка) + + + Атрибут LDAP, соответствующий полному доменному имени узла. + + + По умолчанию: fqdn + + + + + + ldap_host_serverhostname (строка) + + + Атрибут LDAP, соответствующий имени узла. + + + По умолчанию: serverHostname + + + + + + ldap_host_member_of (строка) + + + Атрибут LDAP со списком групп, участником которых является узел. + + + По умолчанию: memberOf + + + + + + ldap_host_ssh_public_key (строка) + + + Атрибут LDAP, который содержит открытые ключи SSH узла. + + + По умолчанию: sshPublicKey + + + + + + ldap_host_uuid (строка) + + + Атрибут LDAP, который содержит UUID/GUID объекта узла LDAP. + + + По умолчанию: не задано + + + + + + + + + АТРИБУТЫ СЛУЖБЫ + + + + ldap_service_object_class (строка) + + + Класс объектов записи службы в LDAP. + + + По умолчанию: ipService + + + + + + ldap_service_name (строка) + + + Атрибут LDAP, который содержит имя атрибутов службы и их псевдонимы. + + + По умолчанию: cn + + + + + + ldap_service_port (строка) + + + Атрибут LDAP, который содержит порт, управляемый этой службой. + + + По умолчанию: ipServicePort + + + + + + ldap_service_proto (строка) + + + Атрибут LDAP, который содержит протоколы, поддерживаемые этой службой. + + + По умолчанию: ipServiceProtocol + + + + + + + + + АТРИБУТЫ SUDO + + + + ldap_sudorule_object_class (строка) + + + Класс объектов записи правила sudo в LDAP. + + + По умолчанию: sudoRole + + + + + + ldap_sudorule_name (строка) + + + Атрибут LDAP, соответствующий имени правила sudo. + + + По умолчанию: cn + + + + + + ldap_sudorule_command (строка) + + + Атрибут LDAP, соответствующий имени команды. + + + По умолчанию: sudoCommand + + + + + + ldap_sudorule_host (строка) + + + Атрибут LDAP, соответствующий имени узла (или IP-адресу узла, IP-сети узла +или сетевой группе узла) + + + По умолчанию: sudoHost + + + + + + ldap_sudorule_user (строка) + + + Атрибут LDAP, соответствующий имени пользователя (или UID, имени группы или +сетевой группе пользователя) + + + По умолчанию: sudoUser + + + + + + ldap_sudorule_option (строка) + + + Атрибут LDAP, соответствующий параметрам SUDO. + + + По умолчанию: sudoOption + + + + + + ldap_sudorule_runasuser (строка) + + + Атрибут LDAP, соответствующий имени пользователя, от имени которого могут +выполняться команды. + + + По умолчанию: sudoRunAsUser + + + + + + ldap_sudorule_runasgroup (строка) + + + Атрибут LDAP, соответствующий имени группы или GID группы, от имени которой +могут выполняться команды. + + + По умолчанию: sudoRunAsGroup + + + + + + ldap_sudorule_notbefore (строка) + + + Атрибут LDAP, соответствующий дате и времени начала действия правила SUDO. + + + По умолчанию: sudoNotBefore + + + + + + ldap_sudorule_notafter (строка) + + + Атрибут LDAP, соответствующий дате и времени истечения срока действия +правила sudo. + + + По умолчанию: sudoNotAfter + + + + + + ldap_sudorule_order (строка) + + + Атрибут LDAP, соответствующий порядковому номеру правила. + + + По умолчанию: sudoOrder + + + + + + + + + АТРИБУТЫ AUTOFS + + + + + + + АТРИБУТЫ IP-УЗЛА + + + + ldap_iphost_object_class (строка) + + + Класс объектов записи IP-узла в LDAP. + + + По умолчанию: ipHost + + + + + + ldap_iphost_name (строка) + + + Атрибут LDAP, который содержит имя атрибутов IP-узла и их псевдонимы. + + + По умолчанию: cn + + + + + + ldap_iphost_number (строка) + + + Атрибут LDAP, который содержит адрес IP-узла. + + + По умолчанию: ipHostNumber + + + + + + + + + АТРИБУТЫ IP-СЕТИ + + + + ldap_ipnetwork_object_class (строка) + + + Класс объектов записи IP-сети в LDAP. + + + По умолчанию: ipNetwork + + + + + + ldap_ipnetwork_name (строка) + + + Атрибут LDAP, который содержит имя атрибутов IP-сети и их псевдонимы. + + + По умолчанию: cn + + + + + + ldap_ipnetwork_number (строка) + + + Атрибут LDAP, который содержит адрес IP-сети. + + + По умолчанию: ipNetworkNumber + + + + + + + + + + + diff --git a/src/man/ru/sssd-ldap.5.xml b/src/man/ru/sssd-ldap.5.xml new file mode 100644 index 0000000..ebc3cca --- /dev/null +++ b/src/man/ru/sssd-ldap.5.xml @@ -0,0 +1,1805 @@ + + + +Справка по SSSD + + + + + sssd-ldap + 5 + Форматы файлов и рекомендации + + + + sssd-ldap + Поставщик данных LDAP SSSD + + + + ОПИСАНИЕ + + На этой справочной странице представлено описание настройки доменов LDAP для + sssd 8 +. Подробные сведения о синтаксисе доступны в разделе +ФОРМАТ ФАЙЛА справочной страницы +sssd.conf 5 +. + + Возможно настроить SSSD на использование нескольких доменов LDAP. + + + LDAP back end supports id, auth, access and chpass providers. If you want to +authenticate against an LDAP server either TLS/SSL or LDAPS is +required. sssd does not support +authentication over an unencrypted channel. Even if the LDAP server is used +only as an identity provider, an encrypted channel is strongly +recommended. Please refer to ldap_access_filter config option +for more information about using LDAP as an access provider. + + + + + ПАРАМЕТРЫ КОНФИГУРАЦИИ + + Все общие параметры конфигурации, которые применимы к доменам SSSD, также +применимы и к доменам LDAP. Подробные сведения доступны в разделе +РАЗДЕЛЫ ДОМЕНА справочной страницы +sssd.conf 5 +. Обратите внимание, что описание атрибутов сопоставления +LDAP SSSD LDAP приводится на справочной странице +sssd-ldap-attributes 5 +. + + ldap_uri, ldap_backup_uri (строка) + + + Разделённый запятыми список URI серверов LDAP, к которым SSSD следует +подключаться в порядке приоритета. Дополнительные сведения об отработке +отказа и избыточности сервера доступны в разделе ОТРАБОТКА +ОТКАЗА. Если не указан ни один из параметров, будет включено +обнаружение служб. Дополнительные сведения доступны в разделе +ОБНАРУЖЕНИЕ СЛУЖБ. + + + Формат URI должен соответствовать формату, определённому в RFC 2732: + + + ldap[s]://<host>[:port] + + + Для явного указания адресов IPv6 <host> необходимо заключать в скобки +[] + + + пример: ldap://[fc00::126:25]:389 + + + + + + ldap_chpass_uri, ldap_chpass_backup_uri (строка) + + + Разделённый запятыми список URI серверов LDAP, к которым SSSD следует +подключаться в порядке приоритета для смены пароля +пользователя. Дополнительные сведения об отработке отказа и избыточности +сервера доступны в разделе ОТРАБОТКА ОТКАЗА. + + + Для включения обнаружения служб необходимо установить значение параметра +ldap_chpass_dns_service_name. + + + По умолчанию: пусто, то есть используется ldap_uri. + + + + + + ldap_search_base (строка) + + + Стандартное base DN, которое следует использовать для выполнения действий от +имени пользователя LDAP. + + + Начиная с версии 1.7.0, SSSD поддерживает несколько баз поиска. Используется +следующий синтаксис: + + + search_base[?scope?[filter][?search_base?scope?[filter]]*] + + + Значением области может быть одно из следующих: «base», «onelevel» или +«subtree». + + + Фильтр должен являться корректным фильтром поиска LDAP согласно спецификации +http://www.ietf.org/rfc/rfc2254.txt + + + Примеры: + + + ldap_search_base = dc=example,dc=com (что эквивалентно) ldap_search_base = +dc=example,dc=com?subtree? + + + ldap_search_base = +cn=host_specific,dc=example,dc=com?subtree?(host=thishost)?dc=example.com?subtree? + + + Примечание: не поддерживается использование нескольких баз поиска, которые +ссылаются на объекты с одинаковыми именами (например, на группы с одинаковым +именем в двух разных базах поиска). Это приведёт к непредсказуемому +поведению программы на клиентских компьютерах. + + + По умолчанию: если не задано, используется значение атрибута +defaultNamingContext или namingContexts из RootDSE сервера LDAP. Если +атрибут defaultNamingContext не существует или имеет пустое значение, +используется значение namingContexts. Для работы этого параметра необходимо, +чтобы атрибут namingContexts имел одно значение с DN базы поиска сервера +LDAP. Использование нескольких значений не поддерживается. + + + + + + ldap_schema (строка) + + + Указывает тип схемы, который используется на сервере LDAP цели. Стандартные +имена атрибутов, получаемые с серверов, зависят от выбранной схемы. Также +может различаться и способ обработки некоторых атрибутов. + + + В настоящее время поддерживаются четыре типа схем: + + + + rfc2307 + + + + + rfc2307bis + + + + + IPA + + + + + AD + + + + + + Главное различие между этими типами схем заключается в способе записи +участия в группах на сервере. В схеме rfc2307 записи участников групп +упорядочиваются по имени в атрибуте memberUid. В схемах +rfc2307bis и IPA записи участников групп упорядочиваются по DN и хранятся в +атрибуте member. В схеме AD атрибуты будут +соответствовать значениям 2008r2 Active Directory. + + + По умолчанию: rfc2307 + + + + + + ldap_pwmodify_mode (строка) + + + Позволяет указать действие, которое выполняется для смены пароля +пользователя. + + + В настоящее время поддерживаются два режима: + + + + exop — расширенное действие по изменению пароля (RFC 3062) + + + + + ldap_modify — прямое изменение userPassword (не рекомендуется). + + + + + + Примечание: сначала устанавливается новое соединение для проверки текущего +пароля путём привязки от имени пользователя, запросившего смену пароля. В +случае успеха это соединение используется для смены пароля, следовательно, у +пользователя должны быть права на запись в атрибут userPassword. + + + По умолчанию: exop + + + + + + ldap_default_bind_dn (строка) + + + Стандартное DN привязки, которое следует использовать для выполнения +действий LDAP. + + + + + + ldap_default_authtok_type (строка) + + + Тип маркера проверки подлинности для bind DN по умолчанию. + + + В настоящее время поддерживаются два механизма: + + + password + + + obfuscated_password + + + По умолчанию: password + + + Дополнительные сведения доступны на справочной странице +sss_obfuscate 8 +. + + + + + + ldap_default_authtok (строка) + + + Маркер проверки подлинности стандартного DN привязки. + + + + + + ldap_force_upper_case_realm (логическое значение) + + + Некоторые серверы каталогов, например Active Directory, могут предоставлять +часть области UPN в нижнем регистре, что может привести к сбою проверки +подлинности. Установите этот параметр в значение, отличное от нуля, если +следует использовать название области в верхнем регистре. + + + По умолчанию: false + + + + + + ldap_enumeration_refresh_timeout (целое число) + + + Указывает время ожидания SSSD (в секундах) перед обновлением своего кэша +перечисленных записей. + + + Этот параметр также может быть задан для каждого поддомена отдельно или +унаследован с помощью subdomain_inherit. + + + По умолчанию: 300 + + + + + + ldap_purge_cache_timeout (целое число) + + + Позволяет определить, как часто следует проверять кэш на наличие неактивных +записей (таких, как группы без участников и пользователи, которые никогда не +выполняли вход) и удалять эти записи для экономии места. + + + Установка этого параметра в значение «0» отключит очистку кэша. Обратите +внимание: если перечисление включено, задание очистки должно выполняться для +определения записей, удалённых с сервера, и его нельзя отключить. По +умолчанию задание очистки выполняется раз в 3 часа, когда перечисление +включено. + + + Этот параметр также может быть задан для каждого поддомена отдельно или +унаследован с помощью subdomain_inherit. + + + По умолчанию: 0 (отключено) + + + + + + ldap_group_nesting_level (целое число) + + + Если в качестве значения ldap_schema выбран формат схемы, который +поддерживает вложенные группы (например, RFC2307bis), этот параметр +определяет количество уровней вложенности, которое будет обрабатываться +SSSD. Если используется схема RFC2307, этот параметр ни на что не влияет. + + + Примечание: этот параметр задаёт гарантированный уровень вложенности групп, +который будет обрабатываться при любом поиске. Тем не менее, в результатах +поиска могут присутствовать вложенные группы, уровень +вложенности которых превышает указанное значение, если при предыдущих +поисках выполнялась обработка более глубоких уровней вложенности. Кроме +того, последующие поиски других групп могут увеличить набор результатов +исходного поиска, когда он будет выполнен повторно. + + + Если параметр ldap_group_nesting_level установлен в значение «0», обработка +вложенных групп выполняться не будет. Тем не менее, если с помощью +id_provider=ad установлено соединение с Active Directory +Server 2008 и выше, также будет необходимо отключить использование групп +маркеров путём установки параметра ldap_use_tokengroups в значение «false» +для ограничения вложенности групп. + + + По умолчанию: 2 + + + + + + ldap_use_tokengroups + + + Этот параметр включает или отключает использование атрибута групп маркеров +при выполнении initgroup для пользователей Active Directory Server 2008 или +выше. + + + Этот параметр также может быть задан для каждого поддомена отдельно или +унаследован с помощью subdomain_inherit. + + + По умолчанию: True для AD и IPA, в ином случае — False. + + + + + + ldap_host_search_base (строка) + + + Необязательный параметр. Использовать указанную строку как базу поиска +объектов узлов. + + + Сведения о настройке нескольких баз поиска доступны в описании параметра +ldap_search_base. + + + По умолчанию: значение ldap_search_base + + + + + + ldap_service_search_base (строка) + + + + + ldap_iphost_search_base (строка) + + + + + ldap_ipnetwork_search_base (строка) + + + + + ldap_search_timeout (целое число) + + + Позволяет указать тайм-аут (в секундах) для выполнения поиска LDAP, по +истечении которого поиск будет отменён и будут возвращены кэшированные +результаты (и выполнен переход в автономный режим) + + + Примечание: этот параметр будет изменён в будущих версиях SSSD. Вероятно, +его заменит ряд тайм-аутов для отдельных типов поиска. + + + Этот параметр также может быть задан для каждого поддомена отдельно или +унаследован с помощью subdomain_inherit. + + + По умолчанию: 6 + + + + + + ldap_enumeration_search_timeout (целое число) + + + Позволяет указать тайм-аут (в секундах) для выполнения LDAP поиска +перечислений пользователей и групп, по истечении которого поиск будет +отменён и будут возвращены кэшированные результаты (и выполнен переход в +автономный режим) + + + Этот параметр также может быть задан для каждого поддомена отдельно или +унаследован с помощью subdomain_inherit. + + + По умолчанию: 60 + + + + + + ldap_network_timeout (целое число) + + + Позволяет указать тайм-аут (в секундах), по истечении которого в случае +отсутствия активности возвращается +poll 2 +/ select +2 после +connect 2 +. + + + Этот параметр также может быть задан для каждого поддомена отдельно или +унаследован с помощью subdomain_inherit. + + + По умолчанию: 6 + + + + + + ldap_opt_timeout (целое число) + + + Позволяет указать тайм-аут (в секундах), по истечении которого вызовы +синхронных программных интерфейсов LDAP будут прекращены, если не будет +получен ответ. Этот параметр также управляет тайм-аутом при обмене данными с +KDC в случае использования привязки SASL, тайм-аутом операции привязки LDAP, +расширенного действия по смене пароля и действия StartTLS. + + + Этот параметр также может быть задан для каждого поддомена отдельно или +унаследован с помощью subdomain_inherit. + + + По умолчанию: 8 + + + + + + ldap_connection_expire_timeout (целое число) + + + Позволяет указать тайм-аут (в секундах), в течение которого будет +поддерживаться соединение с сервером LDAP. По истечении этого времени будет +предпринята попытка повторного подключения. Если параллельно используется +SASL/GSSAPI, будет использоваться первое по времени наступления из этих двух +значений (значение этого параметра или значение времени жизни TGT). + + + Если соединение простаивает (активные операции не выполняются) в течение +ldap_opt_timeout секунд после истечения срока действия, +оно будет закрыто досрочно, чтобы гарантировать, что новый запрос не может +требовать, чтобы соединение оставалось открытым после истечения срока его +действия. Это означает, что соединения всегда будут закрываться немедленно, +и не будут использоваться повторно, если +ldap_connection_expire_timeout <= ldap_opt_timout + + + Этот тайм-аут может быть увеличен случайным значением, указанным с помощью +параметра ldap_connection_expire_offset + + + Этот параметр также может быть задан для каждого поддомена отдельно или +унаследован с помощью subdomain_inherit. + + + По умолчанию: 900 (15 минут) + + + + + + ldap_connection_expire_offset (целое число) + + + Случайная задержка от 0 до настроенного значения добавляется к +ldap_connection_expire_timeout. + + + Этот параметр также может быть задан для каждого поддомена отдельно или +унаследован с помощью subdomain_inherit. + + + По умолчанию: 0 + + + + + + ldap_connection_idle_timeout (целое число) + + + Позволяет указать тайм-аут (в секундах), в течение которого будет +поддерживаться неактивное соединение с сервером LDAP. Если соединение +бездействует дольше этого времени, соединение будет закрыто. + + + Можно отключить этот тайм-аут, установив значение «0». + + + Этот параметр также может быть задан для каждого поддомена отдельно или +унаследован с помощью subdomain_inherit. + + + По умолчанию: 900 (15 минут) + + + + + + ldap_page_size (целое число) + + + Позволяет указать количество записей для получения от LDAP в ответ на один +запрос. На некоторых серверах LDAP задано ограничение максимального +количества на один запрос. + + + По умолчанию: 1000 + + + + + + ldap_disable_paging (логическое значение) + + + Отключить управление переходами между страницами LDAP. Этот параметр следует +использовать, если сервер LDAP сообщает о том, что поддерживает управление +переходами между страницами LDAP в своём RootDSE, но оно не включено или не +работает надлежащим образом. + + + Пример: серверы OpenLDAP с модулем управлением переходами между страницами, +который установлен на сервере, но не включён, будут сообщать о нём в +RootDSE, но не смогут использовать его. + + + Пример: в 389 DS есть внутренняя ошибка, из-за которой для одного +подключения одновременно поддерживается только одно средство управления +переходами между страницами. Если поступает много запросов, это может +привести к отказам в выполнении некоторых из них. + + + По умолчанию: false + + + + + + ldap_disable_range_retrieval (логическое значение) + + + Отключить получение диапазонов Active Directory. + + + Active Directory ограничивает количество участников, которые могут быть +получены за один поиск, с помощью политики MaxValRange (значение по +умолчанию — 1500 участников). Если группа содержит большее количество +участников, ответ будет включать специфичное для AD расширение +диапазона. Этот параметр отключает обработку расширения диапазона, +следовательно, большие группы будут показаны как группы без участников. + + + По умолчанию: false + + + + + + ldap_sasl_minssf (целое число) + + + Позволяет указать минимальный уровень безопасности, необходимый для +установки соединения в случае обмена данными с сервером LDAP с помощью +SASL. Значение этого параметра определяется OpenLDAP. + + + По умолчанию: использовать стандартное системное значение (обычно +указывается в ldap.conf) + + + + + + ldap_sasl_maxssf (целое число) + + + Позволяет указать максимальный уровень безопасности, необходимый для +установки соединения в случае обмена данными с сервером LDAP с помощью +SASL. Значение этого параметра определяется OpenLDAP. + + + По умолчанию: использовать стандартное системное значение (обычно +указывается в ldap.conf) + + + + + + ldap_deref_threshold (целое число) + + + Позволяет указать количество записей участников групп, которые должны +отсутствовать во внутреннем кэше для активации поиска с разыменованием. Если +отсутствует меньшее количество записей участников, поиск будет выполняться +для каждого из них по отдельности. + + + Чтобы полностью отключить поиск с разыменованием, установите значение +«0». Обратите внимание, что в коде SSSD, например коде поставщика данных +HBAC IPA, имеются некоторые инструкции, которые реализуются только с +использованием вызова разыменования. Даже если разыменование явно отключено, +оно всё равно будет использоваться в этих частях кода, если сервер +поддерживает его и объявляет управление разыменованием в объекте rootDSE. + + + Поиск с разыменованием позволяет получить всех участников групп за один +вызов LDAP. На разных серверах LDAP могут быть реализованы разные методы +разыменования. В настоящее время поддерживаются следующие серверы: 389/RHDS, +OpenLDAP и Active Directory. + + + Примечание: если какая-либо из баз поиска задаёт фильтр +поиска, то улучшение быстродействия поиска с разыменованием будет +отключено,независимо от значения этого параметра. + + + По умолчанию: 10 + + + + + + ldap_ignore_unreadable_references (логическое значение) + + + Игнорировать нечитаемые записи LDAP, указанные в атрибуте участника +группы. Если для этого параметра установлено значение «false», будет +возвращено сообщение об ошибке, а действие завершится ошибкой вместо +простого игнорирования нечитаемой записи. + + + Этот параметр может быть полезен, если используется поставщик данных AD, а +учетная запись компьютера, используемая sssd для установления соединения с +AD, не имеет доступа к определенной записи или поддереву LDAP из соображений +безопасности. + + + По умолчанию: false + + + + + + ldap_tls_reqcert (строка) + + + Позволяет указать, какие проверки следует выполнять для сертификатов сервера +в сеансе TLS, если это требуется. Можно указать одно из следующих значений: + + + never = клиент не будет запрашивать или проверять +сертификаты сервера. + + + allow = будет запрашиваться сертификат сервера. Если +сертификат не предоставлен, сеанс продолжится в обычном режиме. Если +предоставлен ошибочный сертификат, он будет проигнорирован, и сеанс +продолжится в обычном режиме. + + + try = будет запрашиваться сертификат сервера. Если +сертификат не предоставлен, сеанс продолжится в обычном режиме. Если +предоставлен ошибочный сертификат, сеанс немедленно будет завершён. + + + demand = будет требоваться сертификат сервера. Если +сертификат не предоставлен или предоставлен ошибочный сертификат, сеанс +немедленно будет завершён. + + + hard = аналогично demand + + + По умолчанию: hard + + + + + + ldap_tls_cacert (строка) + + + Позволяет указать файл, который содержит сертификаты для всех центров +сертификации, которые распознаются sssd. + + + По умолчанию: использовать стандартные параметры OpenLDAP, которые обычно +хранятся в /etc/openldap/ldap.conf + + + + + + ldap_tls_cacertdir (строка) + + + Позволяет указать путь к каталогу, в котором хранятся сертификаты центра +сертификации, каждый в своём файле. Обычно имена файлов — это хэш +сертификата, за которым следует «.0». Для создания корректных имён можно +использовать команду cacertdir_rehash, если она доступна. + + + По умолчанию: использовать стандартные параметры OpenLDAP, которые обычно +хранятся в /etc/openldap/ldap.conf + + + + + + ldap_tls_cert (строка) + + + Позволяет указать файл, который содержит сертификат для ключа клиента. + + + По умолчанию: не задано + + + + + + ldap_tls_key (строка) + + + Позволяет указать файл, который содержит ключ клиента. + + + По умолчанию: не задано + + + + + + ldap_tls_cipher_suite (строка) + + + Позволяет указать допустимые комплекты шифров. Обычно представляет собой +список, разделённый двоеточиями. Описание формата доступно на справочной +странице ldap.conf +5. + + + По умолчанию: использовать стандартные параметры OpenLDAP, которые обычно +хранятся в /etc/openldap/ldap.conf + + + + + + ldap_id_use_start_tls (логическое значение) + + + Specifies that the id_provider connection must also use tls to protect the channel. +true is strongly recommended for security reasons. + + + По умолчанию: false + + + + + + ldap_id_mapping (логическое значение) + + + Позволяет указать, что SSSD следует пытаться сопоставить идентификаторы +пользователя и группы из атрибутов ldap_user_objectsid и +ldap_group_objectsid, а не полагаться на ldap_user_uid_number и +ldap_group_gid_number. + + + В настоящее время эта функциональная возможность поддерживает только +сопоставление objectSID Active Directory. + + + По умолчанию: false + + + + + + ldap_min_id, ldap_max_id (целое число) + + + В отличие от сопоставления идентификаторов на основе SID, которое +используется, если параметр ldap_id_mapping установлен в значение «true», +допустимый диапазон идентификаторов для ldap_user_uid_number и +ldap_group_gid_number является неограниченным. В конфигурациях с поддоменами +и доверенными доменами это может привести к конфликтам +идентификаторов. Чтобы избежать конфликтов, можно указать параметры +ldap_min_id и ldap_max_id для ограничения допустимого диапазона +идентификаторов, чтение которых выполняется непосредственно с сервера. После +этого поддомены могут выбрать другие диапазоны для сопоставления +идентификаторов. + + + По умолчанию: не задано (оба параметра установлены в значение 0) + + + + + + ldap_sasl_mech (строка) + + + Позволяет указать механизм SASL, который следует использовать. В настоящее +время протестированы и поддерживаются только GSSAPI и GSS-SPNEGO. + + + Если внутренний сервер поддерживает поддомены, значение ldap_sasl_mech +автоматически наследуется поддоменами. Если для поддомена требуется +использовать другое значение, это значение можно перезаписать, явно указав +ldap_sasl_mech для этого поддомена. Для получения подробных сведений +смотрите «РАЗДЕЛ ДОВЕРЕННЫХ ДОМЕНОВ» на справочной странице +sssd.conf +5. + + + По умолчанию: не задано + + + + + + ldap_sasl_authid (строка) + + + Позволяет указать идентификатор проверки подлинности SASL, который следует +использовать. Если используется GSSAPI/GSS-SPNEGO, он представляет собой +участника Kerberos, который используется для проверки подлинности при +доступе к каталогу. Этот параметр может содержать либо полное имя участника +(например, host/myhost@EXAMPLE.COM), либо просто имя участника (например, +host/myhost). По умолчанию это значение не задано, используются следующие +участники: +hostname@REALM +netbiosname$@REALM +host/hostname@REALM +*$@REALM +host/*@REALM +host/* + Если они не найдены, +возвращается первый участник из таблицы ключей. + + + По умолчанию: host/hostname@REALM + + + + + + ldap_sasl_realm (строка) + + + Позволяет указать область SASL, которую следует использовать. Если значение +не указано, по умолчанию будет использоваться значение krb5_realm. Если +ldap_sasl_authid также содержит область, этот параметр игнорируется. + + + По умолчанию: значение krb5_realm. + + + + + + ldap_sasl_canonicalize (логическое значение) + + + Если установлено в значение «true», библиотека LDAP будет выполнять обратный +просмотр для преобразования имени узла в каноническую форму во время +привязки SASL. + + + По умолчанию: false; + + + + + + ldap_krb5_keytab (строка) + + + Позволяет указать таблицу ключей, которую следует использовать при +использовании проверки подлинности с помощью SASL/GSSAPI/GSS-SPNEGO. + + + Этот параметр также может быть задан для каждого поддомена отдельно или +унаследован с помощью subdomain_inherit. + + + По умолчанию: системная таблица ключей, обычно +/etc/krb5.keytab + + + + + + ldap_krb5_init_creds (логическое значение) + + + Позволяет указать, что id_provider должен инициализировать учётные данные +Kerberos (TGT). Это действие выполняется только в том случае, если +используется SASL и выбран механизм GSSAPI или GSS-SPNEGO. + + + По умолчанию: true + + + + + + ldap_krb5_ticket_lifetime (целое число) + + + Позволяет указать время жизни TGT (в секундах), если используется GSSAPI или +GSS-SPNEGO. + + + Этот параметр также может быть задан для каждого поддомена отдельно или +унаследован с помощью subdomain_inherit. + + + По умолчанию: 86400 (24 часа) + + + + + + krb5_server, krb5_backup_server (строка) + + + Разделённый запятыми список IP-адресов или имён узлов серверов Kerberos, к +которым SSSD следует подключаться в порядке приоритета. Дополнительные +сведения об отработке отказа и избыточности сервера доступны в разделе +ОТРАБОТКА ОТКАЗА. После адресов или имён узлов можно +(необязательно) добавить номер порта (предварив его двоеточием). Если у +параметра пустое значение, будет включено обнаружение служб — дополнительные +сведения доступны в разделе ОБНАРУЖЕНИЕ СЛУЖБ. + + + При использовании обнаружения служб для серверов KDC или kpasswd SSSD +сначала выполняет поиск записей DNS, в которых в качестве протокола указан +_udp. Если такие записи не удаётся найти, SSSD выполняет поиск записей DNS, +в которых в качестве протокола указан _tcp. + + + В предыдущих версиях SSSD этот параметр назывался +krb5_kdcip. Это устаревшее имя всё ещё распознаётся, но +пользователям рекомендуется перейти на использование +krb5_server в файлах конфигурации. + + + + + + krb5_realm (строка) + + + Позволяет указать область Kerberos (для проверки подлинности с помощью +SASL/GSSAPI/GSS-SPNEGO). + + + По умолчанию: стандартные параметры системы, +см. /etc/krb5.conf + + + + + + krb5_canonicalize (логическое значение) + + + Позволяет указать, следует ли приводить в каноническую форму имя +участника-узла при подключении к серверу LDAP. Эта возможность доступна в +MIT Kerberos >= 1.7 + + + + По умолчанию: false + + + + + + krb5_use_kdcinfo (логическое значение) + + + Позволяет указать, следует ли SSSD сообщать библиотекам, какую область и +какие KDC нужно использовать. Этот параметр включён по умолчанию. Если +отключить его, потребуется настроить библиотеку Kerberos с помощью файла +конфигурации krb5.conf +5 . + + + Дополнительные сведения о модуле локатора доступны на справочной странице + sssd_krb5_locator_plugin +8 . + + + По умолчанию: true + + + + + + ldap_pwd_policy (строка) + + + Позволяет выбрать политику оценки истечения срока действия пароля на стороне +клиента. Допускаются следующие значения: + + + none — без оценки на стороне клиента. С помощью этого +параметра нельзя отключить политики паролей на стороне сервера. + + + shadow — использовать атрибуты в стиле +shadow +5 для проверки того, не истёк ли срок +действия пароля. См. также опцию «ldap_chpass_update_last_change». + + + mit_kerberos — использовать атрибуты, которые +используются MIT Kerberos, для определения того, не истёк ли срок действия +пароля. Чтобы обновить эти атрибуты в случае смены пароля, воспользуйтесь +chpass_provider=krb5. + + + По умолчанию: none + + + Примечание: если на стороне сервера настроена политика +паролей, она всегда будет иметь приоритет над политикой, заданной с помощью +этого параметра. + + + + + + ldap_referrals (логическое значение) + + + Позволяет указать, следует ли включить автоматическое прослеживание ссылок. + + + Обратите внимание, что sssd поддерживает прослеживание ссылок только в том +случае, если сервис собран с OpenLDAP версии 2.4.13 или выше. + + + Прослеживание ссылок может замедлять работу в средах, где оно широко +применяется. Яркий пример такой среды — Microsoft Active Directory. Если в +используемой среде нет реальной необходимости в прослеживании ссылок, можно +установить этот параметр в значение «false»; это позволит заметно повысить +производительность. Поэтому в том случае, когда поставщик данных LDAP SSSD +используется совместно с Microsoft Active Directory в качестве внутреннего +сервера, рекомендуется установить этот параметр в значение «false». Даже +если бы у SSSD была возможность перейти по ссылке к другому контроллеру +домена AD, это не позволило бы получить дополнительные данные. + + + По умолчанию: true + + + + + + ldap_dns_service_name (строка) + + + Позволяет указать имя службы, которое будет использоваться, когда включено +обнаружение служб. + + + По умолчанию: ldap + + + + + + ldap_chpass_dns_service_name (строка) + + + Позволяет указать имя службы для поиска сервера LDAP, который позволяет +менять пароль, когда включено обнаружение служб. + + + По умолчанию: не задано, то есть обнаружение служб отключено + + + + + + ldap_chpass_update_last_change (логическое значение) + + + Позволяет указать, следует ли обновлять атрибут ldap_user_shadow_last_change +данными о количестве дней с момента выполнения действия по смены пароля. + + + Рекомендуется установить этот параметр явно, если используется +«ldap_pwd_policy = shadow», чтобы сообщить SSSD, будет ли сервер LDAP +автоматически обновлять атрибут shadowLastChange LDAP после смены пароля или +SSSD должен обновить его. + + + По умолчанию: false + + + + + + ldap_access_filter (строка) + + + При использовании access_provider = ldap и ldap_access_order = filter (по +умолчанию) этот параметр является обязательным. Он задаёт условия фильтра +поиска LDAP, при условии соблюдения которых пользователю будет предоставлен +доступ к этому узлу. Если при использовании access_provider = ldap, +ldap_access_order = filter этот параметр не задан, всем пользователям будет +отказано в доступе. Чтобы изменить это стандартное поведение, используйте +access_provider = permit. Обратите внимание, что этот фильтр применяется +только к записи пользователя LDAP и, соответственно, может не работать +фильтрация на основе вложенных групп (например, атрибут memberOf в записях +AD указывает только на прямые родительские записи). Если фильтрацию на +основе вложенных групп необходимо выполнять, ознакомьтесь со справочной +страницей +sssd-simple5 +. + + + Пример: + + +access_provider = ldap +ldap_access_filter = (employeeType=admin) + + + В этом примере доступ к узлу представляется только тем пользователям, +атрибут employeeType которых установлен в значение «admin». + + + Автономное кэширование для этой возможности ограничивается определением +того, было ли предоставлено разрешение на доступ при последнем входе +пользователя в сетевом режиме. Если при последнем входе пользователю был +разрешён доступ, он также будет разрешён и в автономном режиме. Если же при +последнем входе пользователю был запрещён доступ, он также будет запрещён и +в автономном режиме. + + + По умолчанию: пусто + + + + + + ldap_account_expire_policy (строка) + + + С помощью этого параметра можно включить оценку атрибутов управления +доступом на стороне клиента. + + + Обратите внимание, что всегда рекомендуется использовать управление доступом +на стороне сервера, то есть сервер LDAP должен отклонять запрос привязки с +соответствующим кодом ошибки, даже если пароль верен. + + + Допускаются следующие значения: + + + shadow: использовать значение ldap_user_shadow_expire +для определения того, не истёк ли срок действия учётной записи. + + + ad: использовать значение 32-битного поля +ldap_user_ad_user_account_control и разрешать доступ, если второй бит не +задан. Если атрибут отсутствует, доступ предоставляется. Также проверяется, +не истёк ли срок действия учётной записи. + + + rhds, ipa, +389ds: использовать значение ldap_ns_account_lock, +чтобы проверить, разрешён ли доступ. + + + nds: использовать значения +ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled и +ldap_user_nds_login_expiration_time, чтобы проверить, разрешён ли +доступ. Если все атрибуты отсутствуют, доступ предоставляется. + + + Обратите внимание, что параметр конфигурации ldap_access_order +должен включать expire, чтобы можно было +использовать параметр ldap_account_expire_policy. + + + По умолчанию: пусто + + + + + + ldap_access_order (строка) + + + Разделённый запятыми список параметров управления доступом. Допустимые +значения: + + + filter: использовать ldap_access_filter + + + lockout: использовать блокировку учётных записей. Если +этот параметр установлен, он запрещает доступ, когда атрибут LDAP +«pwdAccountLockedTime» присутствует и имеет значение +«000001010000Z». Подробные сведения доступны в описании параметра +ldap_pwdlockout_dn. Обратите внимание, что для работы этой возможности +необходимо задать «access_provider = ldap». + + + Обратите внимание, что над этим параметром имеет приоритет +параметр ppolicy и этот параметр может быть удалён в +следующей версии. + + + ppolicy: использовать блокировку учётных записей. Если +этот параметр установлен, он запрещает доступ, когда атрибут LDAP +«pwdAccountLockedTime» присутствует и имеет значение «000001010000Z» или +представляет любое время в прошлом. Значение атрибута «pwdAccountLockedTime» +должно заканчиваться на «Z» (это означает часовой пояс UTC). В настоящее +время не поддерживается использование других часовых поясов; если они будут +заданы, при попытках пользователей войти в систему будет появляться +сообщение об отказе в доступе. Подробные сведения доступны в описании +параметра ldap_pwdlockout_dn. Обратите внимание, что для работы этой +возможности необходимо задать «access_provider = ldap». + + + + expire: использовать ldap_account_expire_policy + + + pwd_expire_policy_reject, pwd_expire_policy_warn, +pwd_expire_policy_renew: эти параметры полезны, если +пользователям нужно предупреждение о том, что срок действия пароля истекает, +и для проверки подлинности используются не пароли, а, например, ключи SSH. + + + The difference between these options is the action taken if user password is +expired: + + + + pwd_expire_policy_reject - user is denied to log in, + + + + + pwd_expire_policy_warn - user is still able to log in, + + + + + pwd_expire_policy_renew - user is prompted to change their password +immediately. + + + + + + Следует учитывать, что для работы этой возможности необходимо указать +«access_provider = ldap». Также необходимо указать соответствующую политику +паролей в качестве значения параметра «ldap_pwd_policy». + + + authorized_service: использовать атрибут +authorizedService для определения возможности доступа + + + host: использовать атрибут host для определения +возможности доступа + + + rhost: использовать атрибут rhost для определения +возможности доступа удалённого узла + + + Обратите внимание, что значение поля rhost в pam устанавливается +приложением; рекомендуется проверить, что приложение отправляет в pam, +прежде чем включать этот параметр управления доступом + + + По умолчанию: filter + + + Обратите внимание, что использование значения более одного раза является +ошибкой конфигурации. + + + + + + ldap_pwdlockout_dn (строка) + + + Этот параметр позволяет указать DN записи политики паролей на сервере +LDAP. Обратите внимание: если в sssd.conf не будет этого параметра, когда +используется блокировка учётных записей, в доступе будет отказано из-за +невозможности надлежащим образом проверить атрибуты ppolicy на сервере LDAP. + + + Пример: cn=ppolicy,ou=policies,dc=example,dc=com + + + По умолчанию: cn=ppolicy,ou=policies,$ldap_search_base + + + + + + ldap_deref (строка) + + + Позволяет указать, как осуществляется разыменование псевдонимов при +выполнении поиска. Допустимые варианты: + + + never: разыменование псевдонимов не выполняется. + + + searching: разыменование псевдонимов выполняется в +подчиненных базового объекта, но не при определении расположения базового +объекта поиска. + + + finding: разыменование псевдонимов выполняется только +при определении расположения базового объекта поиска. + + + always: разыменование псевдонимов выполняется как при +поиске, так и при определении расположения базового объекта поиска. + + + По умолчанию: пусто (обрабатывается как never +клиентскими библиотеками LDAP) + + + + + + ldap_rfc2307_fallback_to_local_users (логическое значение) + + + Разрешает сохранять локальных пользователей как участников группы LDAP для +серверов, которые используют схему RFC2307. + + + В некоторых средах, где используется схема RFC2307, локальных пользователей +можно сделать участниками групп LDAP путём добавления их имён в атрибут +memberUid. При этом нарушается внутренняя согласованность домена, поэтому +SSSD обычно удаляет записи «отсутствующих» пользователей из кэшированных +данных об участии в группах, как только nsswitch выполняет попытку получить +информацию о пользователе через вызовы getpw*() или initgroups(). + + + При использовании этого параметра программа возвращается к проверке наличия +ссылок на локальных пользователей и кэширует их записи, чтобы последующие +вызовы initgroups() расширяли список локальных пользователей дополнительными +группами LDAP. + + + По умолчанию: false + + + + + + wildcard_limit (целое число) + + + Позволяет указать верхний предел количества записей, загружаемых во время +поиска с использованием подстановочных знаков. + + + В настоящее время только ответчик InfoPipe поддерживает поиск с +использованием подстановочных знаков. + + + По умолчанию: 1000 (часто размер одной страницы) + + + + + + ldap_library_debug_level (целое число) + + + Включает отладку libldap на указанном уровне. Сообщения отладки libldap +записываются независимо от общего debug_level. + + + OpenLDAP использует битовую карту для включения отладки определённых +компонентов, -1 включает полный отладочный вывод. + + + По умолчанию: 0 (отладка libldap отключена) + + + + + + + + + + ПАРАМЕТРЫ SUDO + + Подробные инструкции по настройке sudo_provider доступны на справочной +странице sssd-sudo +5 . + + + + + + ldap_sudo_full_refresh_interval (целое число) + + + Интервал в секундах между полными обновлениями правил sudo SSSD (при которых +загружаются все правила, которые хранятся на сервере). + + + Это значение должно быть больше, чем +ldap_sudo_smart_refresh_interval + + + Полное обновление можно отключить, установив этот параметр в значение +«0». Но должно быть включено либо интеллектуальное, либо полное обновление. + + + По умолчанию: 21600 (6 часов) + + + + + + ldap_sudo_smart_refresh_interval (целое число) + + + Количество секунд, в течение которого SSSD ожидает перед выполнением +интеллектуального обновления правил sudo (при котором загружаются все +правила, USN которых больше самого высокого значения USN на сервере, которое +в настоящее время известно SSSD). + + + Если сервер не поддерживает атрибуты USN, используется атрибут +modifyTimestamp. + + + Примечание: самое высокое значение USN может быть +обновлено тремя заданиями: 1) полным и интеллектуальным обновлением sudo +(если найдены обновлённые правила), 2) перечислением пользователей и групп +(если оно включено и найдены обновлённые пользователи или группы) и 3) +повторным подключением к серверу (по умолчанию каждые 15 минут, +см. ldap_connection_expire_timeout). + + + Интеллектуальное обновление можно отключить, установив этот параметр в +значение «0». Но должно быть включено либо интеллектуальное, либо полное +обновление. + + + По умолчанию: 900 (15 минут) + + + + + + ldap_sudo_random_offset (целое число) + + + Случайная задержка от 0 до настроенного значения добавляется к периодам +интеллектуального и полного обновления каждый раз при планировании +периодического задания. Значение указывается в секундах. + + + Обратите внимание, что эта случайная задержка также применяется при первом +запуске SSSD, что откладывает первое обновление правил sudo. Это увеличивает +время, в течение которого правила sudo недоступны для использования. + + + Можно отключить эту задержку, установив значение «0». + + + По умолчанию: 0 (отключено) + + + + + + ldap_sudo_use_host_filter (логическое значение) + + + Если параметр установлен в значение «true», SSSD будет загружать только те +правила, которые применимы к этому компьютеру (на основе имён узлов и +адресов узлов/сетей в формате IPv4 или IPv6). + + + По умолчанию: true + + + + + + ldap_sudo_hostnames (строка) + + + Разделённый пробелами список имён узлов или полных доменных имён, которые +следует использовать для фильтрации правил. + + + Если этот параметр имеет пустое значение, SSSD будет пытаться автоматически +обнаружить имя узла и полное доменное имя. + + + Если значением ldap_sudo_use_host_filter является +false, этот параметр ни на что не влияет. + + + По умолчанию: не указано + + + + + + ldap_sudo_ip (строка) + + + Разделённый пробелами список адресов IPv4 или IPv6 узлов/сетей, которые +следует использовать для фильтрации правил. + + + Если этот параметр имеет пустое значение, SSSD будет пытаться автоматически +обнаружить адреса. + + + Если значением ldap_sudo_use_host_filter является +false, этот параметр ни на что не влияет. + + + По умолчанию: не указано + + + + + + ldap_sudo_include_netgroups (логическое значение) + + + Если параметр установлен в значение «true», SSSD будет загружать все +правила, которые содержат сетевую группу в атрибуте sudoHost. + + + Если значением ldap_sudo_use_host_filter является +false, этот параметр ни на что не влияет. + + + По умолчанию: true + + + + + + ldap_sudo_include_regexp (логическое значение) + + + Если параметр установлен в значение «true», SSSD будет загружать все +правила, которые содержат подстановочный знак в атрибуте sudoHost. + + + Если значением ldap_sudo_use_host_filter является +false, этот параметр ни на что не влияет. + + + + Использование подстановочного знака — крайне ресурсоёмкая вычислительная +операция на стороне сервера LDAP! + + + + По умолчанию: false + + + + + + + На этой справочной странице содержится только описание сопоставления имён +атрибутов. Подробные сведения о семантике атрибутов, связанных с sudo, +доступны на справочной странице +sudoers.ldap5 + + + + + + ПАРАМЕТРЫ AUTOFS + + Некоторые из стандартных значений приведённых ниже параметров зависят от +схемы LDAP. + + + + + ldap_autofs_map_master_name (строка) + + + Имя основной карты автоматического монтирования в LDAP. + + + По умолчанию: auto.master + + + + + + + + + + + ДОПОЛНИТЕЛЬНЫЕ ПАРАМЕТРЫ + + Эти параметры поддерживаются доменами LDAP, но их следует использовать с +осторожностью. Включайте их в конфигурацию, только если точно знаете, какой +эффект это произведёт. + + ldap_netgroup_search_base (строка) + + + + + ldap_user_search_base (строка) + + + + + ldap_group_search_base (строка) + + + + + + + Если параметр ldap_use_tokengroups включён, к поиску в Active +Directory не будут применяться какие-либо ограничения, он вернёт все данные +об участии в группах, даже без сопоставления GID. Рекомендуется отключить +эту возможность, если имена групп отображаются некорректно. + + + + ldap_sudo_search_base (строка) + + + + + ldap_autofs_search_base (строка) + + + + + + + + + + + + + + + ПРИМЕР + + В следующем примере предполагается, что конфигурация SSSD корректна и что +установка LDAP выполнена для одного из доменов в разделе +[domains]. + + + +[domain/LDAP] +id_provider = ldap +auth_provider = ldap +ldap_uri = ldap://ldap.mydomain.org +ldap_search_base = dc=mydomain,dc=org +ldap_tls_reqcert = demand +cache_credentials = true + + + + + ПРИМЕР ФИЛЬТРА ДОСТУПА LDAP + + В следующем примере предполагается, что конфигурация SSSD корректна и что +используется ldap_access_order=lockout. + + + +[domain/LDAP] +id_provider = ldap +auth_provider = ldap +access_provider = ldap +ldap_access_order = lockout +ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org +ldap_uri = ldap://ldap.mydomain.org +ldap_search_base = dc=mydomain,dc=org +ldap_tls_reqcert = demand +cache_credentials = true + + + + + + ПРИМЕЧАНИЯ + + Описания некоторых параметров конфигурации на этой справочной странице +основаны на справочной странице +ldap.conf 5 + из дистрибутива OpenLDAP 2.4. + + + + + + + diff --git a/src/man/ru/sssd-session-recording.5.xml b/src/man/ru/sssd-session-recording.5.xml new file mode 100644 index 0000000..38799d1 --- /dev/null +++ b/src/man/ru/sssd-session-recording.5.xml @@ -0,0 +1,179 @@ + + + +Справка по SSSD + + + + + sssd-session-recording + 5 + Форматы файлов и рекомендации + + + + sssd-session-recording + Настройка записи сеансов с помощью SSSD + + + + ОПИСАНИЕ + + На этой справочной странице представлено описание настройки +sssd 8 +для работы с tlog-rec-session +8 , частью пакета tlog, для реализации +записи сеансов пользователей на текстовых терминалах. Подробные сведения о +синтаксисе доступны в разделе ФОРМАТ ФАЙЛА справочной +страницы sssd.conf +5 . + + + SSSD можно настроить на включение записи всего, что определённые +пользователи видят или набирают во время сеансов работы на текстовых +терминалах. Например, можно записывать данные входа пользователей с помощью +терминала или SSH. Сам сервис SSSD ничего не записывает, но обеспечивает +запуск tlog-rec-session при входе пользователя, чтобы эта программа вела +запись согласно своим параметрам конфигурации. + + + Для пользователей, для которых включена запись сеансов, SSSD заменяет +оболочку пользователя на tlog-rec-session в ответах NSS и добавляет +переменную, которая указывает исходную оболочку для среды пользователя, при +настройке сеанса PAM. Таким образом обеспечивается запуск tlog-rec-session +вместо оболочки пользователя и предоставление данных о том, какую командную +оболочку следует запустить после настройки записи. + + + + + ПАРАМЕТРЫ КОНФИГУРАЦИИ + + Эти параметры можно использовать для настройки записи сеансов. + + + + scope (строка) + + + Одна из следующих строк, которые определяют область записи сеанса: + + + «none» + + + Пользователи не записываются. + + + + + «some» + + + Записываются пользователи и группы, указанные с помощью параметров +users и groups. + + + + + «all» + + + Записываются все пользователи. + + + + + + + По умолчанию: «none» + + + + + users (строка) + + + Разделённый запятыми список пользователей, для которых включена запись +сеансов. Соответствие списку устанавливается по именам пользователей, +возвращённым NSS, то есть после возможной замены пробелов, смены регистра и +так далее. + + + По умолчанию: пусто. Не соответствует ни одному пользователю. + + + + + groups (строка) + + + Разделённый запятыми список групп, для участников которых включена запись +сеансов. Соответствие списку устанавливается по именам групп, возвращённым +NSS, то есть после возможной замены пробелов, смены регистра и так далее. + + + ПРИМЕЧАНИЕ: использование этого параметра (его установка в одно из значений) +значительно сказывается на производительности, поскольку при каждом +некэшированном запросе данных пользователя требуется выполнить получение и +установление соответствия групп, участником которых он является. + + + По умолчанию: пусто. Не соответствует ни одной группе. + + + + + exclude_users (строка) + + + Разделённый запятыми список пользователей, которые исключаются из записи; +применимо только при «scope=all». + + + По умолчанию: пусто. Не исключается ни один пользователь. + + + + + exclude_groups (строка) + + + Разделённый запятыми список групп, участники которых исключаются из записи; +применимо только при «scope=all». + + + ПРИМЕЧАНИЕ: использование этого параметра (его установка в одно из значений) +значительно сказывается на производительности, поскольку при каждом +некэшированном запросе данных пользователя требуется выполнить получение и +установление соответствия групп, участником которых он является. + + + По умолчанию: пусто. Не исключается ни одна группа. + + + + + + + + ПРИМЕР + + Следующий фрагмент sssd.conf включает запись сеансов для пользователей +«contractor1» и «contractor2», а также группы «students». + + + +[session_recording] +scope = some +users = contractor1, contractor2 +groups = students + + + + + + + + diff --git a/src/man/ru/sssd-simple.5.xml b/src/man/ru/sssd-simple.5.xml new file mode 100644 index 0000000..e91ece8 --- /dev/null +++ b/src/man/ru/sssd-simple.5.xml @@ -0,0 +1,153 @@ + + + +Справка по SSSD + + + + + sssd-simple + 5 + Форматы файлов и рекомендации + + + + sssd-simple + файл конфигурации для «простого» поставщика управления доступом SSSD + + + + ОПИСАНИЕ + + На этой справочной странице представлено описание настройки простого +поставщика управления доступом для +sssd 8 +. Подробные сведения о синтаксисе доступны в разделе +ФОРМАТ ФАЙЛА справочной страницы +sssd.conf 5 +. + + + Простой поставщик доступа предоставляет или запрещает доступ на основании +разрешающего или запрещающего списка имён пользователей или +групп. Применяются следующие правила: + + + Если все списки пусты, доступ предоставляется + + + + Если предоставлен какой-либо список, используется порядок вычисления +«allow,deny». Это означает, что любое соответствующее заданным условиям +правило запрета будет превалировать над любым соответствующим заданным +условиям правилом допуска. + + + + + Если предоставлен один из или оба списка «allow», всем пользователям будет +предоставлен доступ только в том случае, если они присутствуют в списке. + + + + + Если предоставлены только списки «deny», всем пользователям будет +предоставлен доступ только в том случае, если они отсутствуют в списке. + + + + + + + + ПАРАМЕТРЫ КОНФИГУРАЦИИ + Сведения о конфигурации домена SSSD доступны в разделе РАЗДЕЛЫ +ДОМЕНА справочной страницы +sssd.conf 5 +. + + simple_allow_users (строка) + + + Разделённый запятыми список пользователей, которым разрешён вход. + + + + + + simple_deny_users (строка) + + + Разделённый запятыми список пользователей, которым явно запрещён вход. + + + + + simple_allow_groups (строка) + + + Разделённый запятыми список групп, пользователям которых разрешён +вход. Применимо только к группам внутри этого домена SSSD. Локальные группы +не обрабатываются. + + + + + + simple_deny_groups (строка) + + + Разделённый запятыми список групп, пользователям которых явно запрещён +доступ. Применимо только к группам внутри этого домена SSSD. Локальные +группы не обрабатываются. + + + + + + + Если не указывать никаких значений для какого-либо из списков, считается, +что параметр не определён. Помните об этом при создании параметров простого +поставщика с помощью автоматизированных сценариев. + + + Обратите внимание, что определение сразу и simple_allow_users, и +simple_deny_users является ошибкой конфигурации. + + + + + ПРИМЕР + + В следующем примере предполагается, что конфигурация SSSD корректна и что +example.com — один из доменов в разделе [sssd]. В +примере показаны только параметры, специфичные для простого поставщика +доступа. + + + +[domain/example.com] +access_provider = simple +simple_allow_users = user1, user2 + + + + + + ПРИМЕЧАНИЯ + + Перед проверкой прав доступа разрешается вся иерархия участия в группах, +следовательно, в списки доступа могут быть включены даже вложенные +группы. Обратите внимание, что параметр +ldap_group_nesting_level может повлиять на результаты, +поэтому следует установить для него достаточное значение. См. +sssd-ldap5 +. + + + + + + + diff --git a/src/man/ru/sssd-sudo.5.xml b/src/man/ru/sssd-sudo.5.xml new file mode 100644 index 0000000..9ebf50f --- /dev/null +++ b/src/man/ru/sssd-sudo.5.xml @@ -0,0 +1,229 @@ + + + +Справка по SSSD + + + + + sssd-sudo + 5 + Форматы файлов и рекомендации + + + + sssd-sudo + Настройка sudo с помощью внутреннего сервера SSSD + + + + ОПИСАНИЕ + + На этой справочной странице представлено описание настройки +sudo 8 +для работы с sssd +8 , а также кэширования правил sudo в +SSSD. + + + + + Настройка sudo для совместной работы с SSSD + + Чтобы включить SSSD как источник правил sudo, добавьте +sss в запись sudoers в файле + nsswitch.conf +5 . + + + Например, чтобы настроить sudo на поиск правил сначала в стандартном файле + sudoers +5 (который должен содержать правила, +которые применяются к локальным пользователям), а потом в SSSD, следует +добавить в файл nsswitch.conf следующую строку: + + + +sudoers: files sss + + + + Дополнительные сведения о настройке порядка поиска sudoers из файла +nsswitch.conf, а также информация о схеме LDAP, используемой для сохранения +правил sudo в каталоге, доступны на справочной странице +sudoers.ldap 5 +. + + + Примечание: чтобы использовать в правилах sudo сетевые +группы или группы узлов IPA, также потребуется корректно установить + nisdomainname +1 в значение имени домена NIS +(совпадает с именем домена IPA в случае использования групп узлов). + + + + + Настройка SSSD для получения правил sudo + + На стороне SSSD достаточно расширить список служб +добавлением «sudo» в раздел [sssd] +sssd.conf 5 +. Чтобы ускорить поиск LDAP, также можно указать базу поиска +для правил sudo с помощью параметра +ldap_sudo_search_base. + + + В следующем примере показано, как настроить SSSD на загрузку правил sudo с +сервера LDAP. + + + +[sssd] +config_file_version = 2 +services = nss, pam, sudo +domains = EXAMPLE + +[domain/EXAMPLE] +id_provider = ldap +sudo_provider = ldap +ldap_uri = ldap://example.com +ldap_sudo_search_base = ou=sudoers,dc=example,dc=com + Важно учитывать, что на платформах, где +поддерживается systemd, не требуется добавлять поставщика данных «sudo» в +список служб, так как он стал необязательным. Однако вместо этого следует +включить sssd-sudo.socket. + + + Когда программа SSSD настроена на использование IPA в качестве поставщика +ID, включение поставщика данных sudo выполняется автоматически. База поиска +sudo настроена на использование собственного дерева LDAP IPA +(cn=sudo,$SUFFIX). Если в sssd.conf определена какая-либо другая база +поиска, будет использоваться это значение. Дерево совместимости +(ou=sudoers,$SUFFIX) больше не является необходимым для работы sudo IPA. + + + + + Механизм кэширования правил SUDO + + При разработке поддержки sudo в SSSD сложнее всего было сделать так, чтобы +работа sudo c SSSD в качестве источника данных обеспечивала такие же +скорость и взаимодействие с пользователем, что и sudo, при этом предоставляя +настолько актуальный набор правил, насколько это возможно. Для этого в SSSD +используются три вида обновлений: полное обновление, интеллектуальное +обновление и обновление правил. + + + Интеллектуальное обновление периодически загружает +правила, которые являются новыми или были изменены после последнего +обновления. Основная задача — увеличивать базу данных путём получения +небольших порций данных, что не создаёт большой сетевой трафик. + + + Полное обновление просто удаляет все правила sudo, +которые хранятся в кэше, и заменяет их всеми правилами, которые хранятся на +сервере. Это позволяет поддерживать согласованность кэша: удаляются все те +правила, которые были удалены с сервера. Однако полное обновление может +генерировать большое количества трафика, поэтому его следует выполнять +только иногда (промежуток между обновлениями зависит от размера и +стабильности правил sudo). + + + Обновление правил обеспечивает, что пользователю не +будет предоставлено больше прав, чем определено. Это обновление выполняется +при каждом запуске sudo пользователем. Обновление правил находит все +правила, которые применяются к этому пользователю, проверяет срок их +действия и повторно загружает их, если этот срок истёк. Если на сервере +отсутствуют какие-либо из таких правил, SSSD выполнит общее полное +обновление, так как могло быть удалено гораздо больше правил (применяемых к +другим пользователям). + + + Если этот параметр включён, SSSD будет сохранять только правила, которые +могут быть применены к этому компьютеру. Это те правила, которые содержат в +атрибуте sudoHost одно из следующих значений: + + + + + ключевое слово ALL + + + + + подстановочный знак + + + + + сетевая группа (в виде «+netgroup») + + + + + имя узла или полное доменное имя компьютера + + + + + один из IP-адресов компьютера + + + + + один из IP-адресов сети (в виде «address/mask») + + + + + Предусмотрено много параметров, которыми можно воспользоваться для настройки +поведения программы. Подробное описание доступно в разделах «ldap_sudo_*» + sssd-ldap +5 и «sudo_*» +sssd.conf 5 +. + + + + + Тонкая настройка производительности + + SSSD использует различные типы механизмов со сложными и простыми фильтрами +LDAP для поддержания кэшированных правил sudo в актуальном состоянии. В +стандартной конфигурации заданы значения, которые должны подойти большинству +пользователей. Тем не менее, в последующих абзацах приводится несколько +советов по тонкой настройке конфигурации. + + + 1. Индексируйте атрибуты LDAP. Убедитесь, что +выполняется индексирование следующих атрибутов LDAP: objectClass, cn, +entryUSN и modifyTimestamp. + + + 2. Задайте ldap_sudo_search_base. Укажите в качестве +базы поиска контейнер, который содержит правила sudo, чтобы ограничить +область поиска. + + + 3. Задайте интервал полного и интеллектуального +обновления. Если правила sudo меняются редко и не требуется +быстро обновлять кэшированные правила на клиентах, можно увеличить значения +ldap_sudo_full_refresh_interval и +ldap_sudo_smart_refresh_interval. Также можно отключить +интеллектуальное обновление: ldap_sudo_smart_refresh_interval = +0. + + + 4. Если имеется большое количество клиентов, можно увеличить значение +ldap_sudo_random_offset для лучшего распределения +нагрузки на сервер. + + + + + + + diff --git a/src/man/ru/sssd-systemtap.5.xml b/src/man/ru/sssd-systemtap.5.xml new file mode 100644 index 0000000..7a26bb4 --- /dev/null +++ b/src/man/ru/sssd-systemtap.5.xml @@ -0,0 +1,434 @@ + + + +Справка по SSSD + + + + + sssd-systemtap + 5 + Форматы файлов и рекомендации + + + + sssd-systemtap + Информация о systemtap SSSD + + + + ОПИСАНИЕ + + На этой справочной странице представлена информация о функциональных +возможностях systemtap в sssd +8 . + + + В различные места кода SSSD были добавлены точки зондирования SystemTap для +упрощения анализа и устранения проблем с производительностью. + + + + + + Примеры сценариев SystemTap: /usr/share/sssd/systemtap/ + + + + + Зонды и прочие функции определены, соответственно, в +/usr/share/systemtap/tapset/sssd.stp и +/usr/share/systemtap/tapset/sssd_functions.stp. + + + + + + + + ТОЧКИ ЗОНДИРОВАНИЯ + + Далее приводится список точек зондирования и аргументов, которые доступны в +следующем формате: + + + + probe $name + + + Описание точки зондирования + + +variable1:datatype +variable2:datatype +variable3:datatype +... + + + + + + + Зонды транзакций базы данных + + + + probe sssd_transaction_start + + + Начало транзакции sysdb, зондирует функцию sysdb_transaction_start(). + + +nesting:целое число +probestr:строка + + + + + probe sssd_transaction_cancel + + + Отмена транзакции sysdb, зондирует функцию sysdb_transaction_cancel(). + + +nesting:целое число +probestr:строка + + + + + probe sssd_transaction_commit_before + + + Зондирует функцию sysdb_transaction_commit_before(). + + +nesting:целое число +probestr:строка + + + + + probe sssd_transaction_commit_after + + + Зондирует функцию sysdb_transaction_commit_after(). + + +nesting:целое число +probestr:строка + + + + + + + + + Зонды поиска LDAP + + + + probe sdap_search_send + + + Зондирует функцию sdap_get_generic_ext_send(). + + +base:строка +scope:целое число +filter:строка +attrs:строка +probestr:строка + + + + + probe sdap_search_recv + + + Зондирует функцию sdap_get_generic_ext_recv(). + + +base:строка +scope:целое число +filter:строка +probestr:строка + + + + + probe sdap_parse_entry + + + Зондирует функцию sdap_parse_entry(). Вызывается повторно для каждого +полученного атрибута. + + +attr:строка +value:строка + + + + + probe sdap_parse_entry_done + + + Зондирует функцию sdap_parse_entry(). Вызывается по завершении обработки +полученного объекта. + + + + + probe sdap_deref_send + + + Зондирует функцию sdap_deref_search_send(). + + +base_dn:строка +deref_attr:строка +probestr:строка + + + + + probe sdap_deref_recv + + + Зондирует функцию sdap_deref_search_recv(). + + +base:строка +scope:целое число +filter:строка +probestr:строка + + + + + + + + + Зонды запросов учётных записей LDAP + + + + probe sdap_acct_req_send + + + Зондирует функцию sdap_acct_req_send(). + + +entry_type:целое число +filter_type:целое число +filter_value:строка +extra_value:строка + + + + + probe sdap_acct_req_recv + + + Зондирует функцию sdap_acct_req_recv(). + + +entry_type:целое число +filter_type:целое число +filter_value:строка +extra_value:строка + + + + + + + + + Зонды поиска пользователей LDAP + + + + probe sdap_search_user_send + + + Зондирует функцию sdap_search_user_send(). + + +filter:строка + + + + + probe sdap_search_user_recv + + + Зондирует функцию sdap_search_user_recv(). + + +filter:строка + + + + + probe sdap_search_user_save_begin + + + Зондирует функцию sdap_search_user_save_begin(). + + +filter:строка + + + + + probe sdap_search_user_save_end + + + Зондирует функцию sdap_search_user_save_end(). + + +filter:строка + + + + + + + + + Зонды запросов поставщика данных + + + + probe dp_req_send + + + Запрос поставщика данных отправлен. + + +dp_req_domain:строка +dp_req_name:строка +dp_req_target:целое число +dp_req_method:целое число + + + + + probe dp_req_done + + + Запрос поставщика данных завершён. + + +dp_req_name:строка +dp_req_target:целое число +dp_req_method:целое число +dp_ret:целое число +dp_errorstr:строка + + + + + + + + + ПРОЧИЕ ФУНКЦИИ + + Далее приводится список точек зондирования и аргументов, которые доступны в +следующем формате: + + + + function acct_req_desc(entry_type) + + + Преобразовать entry_type в строку и вернуть строку + + + + + function sssd_acct_req_probestr(fc_name, entry_type, filter_type, +filter_value, extra_value) + + + Создать строку зондирования на основании типа фильтра + + + + + function dp_target_str(target) + + + Преобразовать цель в строку и вернуть строку + + + + + function dp_method_str(target) + + + Преобразовать метод в строку и вернуть строку + + + + + + + + + + ПРИМЕРЫ СЦЕНАРИЕВ SYSTEMTAP + + Запустите сценарий SystemTap (stap +/usr/share/sssd/systemtap/<script_name>.stp), затем +выполните операцию идентификации, и сценарий соберёт данные с помощью +зондов. + + + Предоставляемые пакетом сценарии SystemTap: + + + + dp_request.stp + + + Отслеживание скорости обработки запросов поставщиком данных. + + + + + id_perf.stp + + + Отслеживание скорости выполнения команды id. + + + + + ldap_perf.stp + + + Отслеживание запросов LDAP. + + + + + nested_group_perf.stp + + + Скорость разрешения вложенных групп. + + + + + + + + + + diff --git a/src/man/ru/sssd.8.xml b/src/man/ru/sssd.8.xml new file mode 100644 index 0000000..5bf5a96 --- /dev/null +++ b/src/man/ru/sssd.8.xml @@ -0,0 +1,246 @@ + + + +Справка по SSSD + + + + + sssd + 8 + + + + sssd + cервис SSSD + + + + +sssd +options + + + + ОПИСАНИЕ + + SSSD предоставляет набор внутренних служб для управления +доступом к удалённым каталогам и механизмам проверки подлинности. Этот +сервис предоставляет интерфейс NSS и PAM к операционной системе и систему +подключаемых внутренних серверов для установки соединения с несколькими +разными источниками учётных записей, а также интерфейс D-Bus. Также он +является основой сервисов аудита и политики доступа клиентов для таких +проектов, как FreeIPA. SSSD предоставляет более надёжную базу данных для +хранения локальных пользователей, а также расширенных пользовательских +данных. + + + + + ОПЦИИ + + + + , +LEVEL + + + + + + mode + + + + 1: добавить отметку времени к сообщениям отладки + + + 0: отключить отметку времени в сообщениях отладки + + + По умолчанию: 1 + + + + + + mode + + + + 1: добавить микросекунды в отметку времени в сообщениях +отладки + + + 0: отключить микросекунды в отметке времени + + + По умолчанию: 0 + + + + + + value + + + + Расположение, в которое SSSD будет отправлять сообщения журнала. + + + stderr: перенаправлять сообщения отладки в стандартный +поток ошибок. + + + files: перенаправлять сообщения отладки в файлы +журнала. По умолчанию файлы журнала хранятся в +/var/log/sssd и представляют собой отдельные файлы для +каждой службы и домена SSSD. + + + journald: перенаправлять сообщения отладки в +systemd-journald + + + По умолчанию: не задано (использовать journald, если это возможно, в ином +случае — stderr) + + + + + + , + + + + Запускаться в качестве службы. + + + + + + , + + + + Запускаться интерактивно, не в качестве службы. + + + + + + , + + + + Позволяет указать файл конфигурации, отличный от стандартного. Стандартным +является /etc/sssd/sssd.conf. Сведения о синтаксисе и +параметрах файла конфигурации доступны на справочной странице +sssd.conf 5 +. + + + + + + , + + + + Не запускать SSSD, но обновить базу данных конфигурации содержимым +/etc/sssd/sssd.conf и выйти. + + + + + + , + + + + Аналогично --genconf, но будет выполнено обновление только +одного раздела файла конфигурации. Этот параметр полезен главным образом при +вызове из файлов модулей systemd с целью позволить ответчикам, которые +активируются с помощью сокетов, обновлять свою конфигурацию без +необходимости в перезапуске всего сервиса SSSD администратором. + + + + + + + + + + + Вывести номер версии и выйти. + + + + + + + + Сигналы + + + SIGTERM/SIGINT + + + Сообщает SSSD, что следует постепенно завершить все дочерние процессы и +затем отключить монитор. + + + + + SIGHUP + + + Сообщает SSSD, что следует прекратить запись в текущие дескрипторы файлов +отладки, закрыть их и затем открыть снова. Это должно облегчить свёртывание +журнала с помощью таких программ, как logrotate. + + + + + SIGUSR1 + + + Сообщает SSSD, что следует имитировать работу в автономном режиме в течение +времени, заданного параметром offline_timeout. Это полезно +при тестировании. Сигнал можно отправить либо процессу sssd, либо напрямую +любому процессу sssd_be. + + + + + SIGUSR2 + + + Сообщает SSSD, что следует немедленно перейти в сетевой режим. Это полезно +при тестировании. Сигнал можно отправить либо процессу sssd, либо напрямую +любому процессу sssd_be. + + + + + + + + ПРИМЕЧАНИЯ + + Если переменная среды SSS_NSS_USE_MEMCACHE установлена в значение «NO», +клиентские приложения не будут использовать быстрый кэш в памяти. + + + Если переменная среды SSS_LOCKFREE установлена в значение «NO», +одновременные запросы от нескольких потоков одного приложения будут +преобразованы в последовательность запросов. + + + + + + + diff --git a/src/man/ru/sssd.conf.5.xml b/src/man/ru/sssd.conf.5.xml new file mode 100644 index 0000000..9911c1b --- /dev/null +++ b/src/man/ru/sssd.conf.5.xml @@ -0,0 +1,4160 @@ + + +]> + +Справка по SSSD + + + + + sssd.conf + 5 + Форматы файлов и рекомендации + + + + sssd.conf + файл конфигурации SSSD + + + + ФОРМАТ ФАЙЛА + + + В файле используются синтаксические конструкции в стиле ini, он состоит из +разделов и параметров. Раздел начинается с имени раздела в квадратных +скобках и продолжается до начала нового раздела. Пример раздела с +параметрами, которые имеют одно или несколько значений: +[section] +key = value +key2 = value2,value3 + + + + + Используемые типы данных: строка (кавычки не требуются), целое число и +логическое значение (возможны два значения: TRUE или +FALSE). + + + + Строка комментария начинается со знака «решётка» (#) или +точки с запятой (;). Поддержка встроенных комментариев не +предусмотрена. + + + + Для всех разделов предусмотрен необязательный параметр +description. Он предназначен только для +обозначения раздела. + + + + sssd.conf должен быть обычным файлом, владельцем +которого является пользователь root. Права на чтение этого файла или запись +в него должен иметь только пользователь root. + + + + + ФРАГМЕНТЫ КОНФИГУРАЦИИ ИЗ КАТАЛОГА ВКЛЮЧЕНИЯ + + + В файл конфигурации sssd.conf будут включены фрагменты +конфигурации из каталога conf.d. Эта возможность +доступна, если сборка SSSD была выполнена с библиотекой libini версии 1.3.0 +или более поздней. + + + + Любой находящийся в каталоге conf.d файл, имя которого +заканчивается расширением .conf и не +начинается с точки (.), будет использоваться для настройки +SSSD вместе с файлом sssd.conf. + + + + Фрагменты конфигурации из каталога conf.d имеют более +высокий приоритет, чем файл sssd.conf. В случае +возникновения конфликтов они переопределят параметры, заданные в файле +sssd.conf. Если в каталоге conf.d +присутствуют несколько фрагментов, их включение выполняется в алфавитном +порядке (на основе локали). Чем позже включён файл, тем выше его +приоритет. Числовые префиксы (01_snippet.conf, +02_snippet.conf и так далее) могут помочь +визуализировать приоритет (чем больше число, тем выше приоритет). + + + + Файлы фрагментов должны иметь того же владельца и те же права доступа, что и +файл sssd.conf. По умолчанию: root:root и 0600. + + + + + ОБЩИЕ ПАРАМЕТРЫ + + Следующие параметры используются в нескольких разделах конфигурации. + + + Параметры, используемые во всех разделах + + + + debug_level (целое число) + + + + debug (целое число) + + + В SSSD 1.14 и более поздних версиях для параметра +debug_level из соображений удобства предусмотрен +псевдоним debug. Если указаны оба параметра, +будет использовано значение debug_level. + + + + + debug_timestamps (логическое значение) + + + Добавить к сообщениям отладки отметку времени. Если для ведения журнала +отладки SSSD включена служба journald, этот параметр будет игнорироваться. + + + По умолчанию: true + + + + + debug_microseconds (логическое значение) + + + Добавить микросекунды в отметку времени в сообщениях отладки. Если для +ведения журнала отладки SSSD включена служба journald, этот параметр будет +игнорироваться. + + + По умолчанию: false + + + + + debug_backtrace_enabled (логическое значение) + + + Включить обратную трассировку отладки. + + + Если SSSD работает со значением debug_level, которое меньше 9, весь журнал +работы записывается в кольцевой буфер в памяти и сбрасывается в файл журнала +при возникновении любой ошибки до уровня `min(0x0040, debug_level)` +включительно (если для параметра debug_level явно указано значение 0 или 1, +только ошибки соответствующих уровней вызовут обратную трассировку; в ином +случае — до 2). + + + Возможность поддерживается только для `logger == files` (параметр не влияет +на другие типы журнала). + + + По умолчанию: true + + + + + + + + + Параметры, используемые в разделах SERVICE и DOMAIN + + + + timeout (целое число) + + + Тайм-аут в секундах между пакетами пульса этой службы. Используется, чтобы +убедиться в том, что процесс работает и может отвечать на запросы. Обратите +внимание: после трёх пропущенных пакетов пульса процесс самостоятельно +завершит свою работу. + + + По умолчанию: 10 + + + + + + + + + + ОСОБЫЕ РАЗДЕЛЫ + + + Раздел [sssd] + + Отдельные функциональные возможности SSSD обеспечиваются специальными +службами SSSD, которые запускаются и останавливаются вместе с SSSD. Эти +службы находятся под управлением специальной службы, которую часто называют +монитором. Настройка монитора и некоторых других важных +параметров (например, доменов идентификации) выполняется в разделе +[sssd]. + Параметры раздела + + config_file_version (целое число) + + + Обозначает версию синтаксических конструкций файла конфигурации. Для SSSD +0.6.0 и более поздних версий используется версия 2. + + + + + services + + + Разделённый запятыми список служб, которые запускаются вместе с +sssd. Список служб является необязательным +на платформах, которые поддерживают systemd, так как эти службы при +необходимости будут активированы с помощью сокета или D-Bus. + + + Поддерживаемые службы: nss, pam , +sudo , autofs , ssh , +pac , ifp + + + По умолчанию все службы +отключены. Администратор должен включить разрешённые для использования +службы с помощью следующей команды: «systemctl enable +sssd-@service@.socket». + + + + + reconnection_retries (целое число) + + + Количество попыток восстановления подключения службами в случае сбоя или +перезапуска поставщика данных + + + По умолчанию: 3 + + + + + domains + + + Домен — это база данных, содержащая сведения о пользователях. SSSD +поддерживает использование сразу нескольких доменов, но необходимо настроить +как минимум один — иначе запуск SSSD не будет выполнен. С помощью этого +параметра можно указать список доменов в том порядке, в котором к ним +следует отправлять запросы. Рекомендуется использовать в именах доменов +только буквенно-цифровые символы ASCII, дефисы, точки и знаки +подчёркивания. Символ «/» использовать нельзя. + + + + + re_expression (строка) + + + Регулярное выражение по умолчанию, которое задаёт способ обработки строки, +содержащей имя пользователя и домен, для выделения этих частей. + + + Для каждого домена можно настроить отдельное регулярное выражение. Для +некоторых поставщиков ID также предусмотрены регулярные выражения по +умолчанию. Более подробные сведения об этих регулярных выражениях доступны в +разделе справки «РАЗДЕЛЫ ДОМЕНА». + + + + + full_name_format (строка) + + + Совместимый с printf +3 формат, который описывает способ +создания полностью определённого имени из имени пользователя и имени домена. + + + Поддерживаются следующие расширения: + + %1$s + имя пользователя + + + %2$s + + + имя домена, указанное в файле конфигурации SSSD. + + + + + %3$s + + + плоское имя домена. Чаще всего используется для доменов Active Directory, +как непосредственно настроенных, так и обнаруженных с помощью отношений +доверия IPA. + + + + + + + Для каждого домена можно настроить отдельную строку формата. Более подробные +сведения об этом параметре доступны в разделе справки «РАЗДЕЛЫ ДОМЕНОВ». + + + + + monitor_resolv_conf (логическое значение) + + + Управляет тем, следует ли SSSD отслеживать состояние resolv.conf для +определения момента, когда требуется обновить данные встроенного +сопоставителя DNS. + + + По умолчанию: true + + + + + try_inotify (логическое значение) + + + По умолчанию SSSD будет пытаться использовать inotify для отслеживания +изменений файлов конфигурации. Если невозможно использовать inotify, вместо +этого снова будет выполняться опрос каждые пять секунд. + + + В некоторых редких ситуациях не следует даже пытаться использовать +inotify. В таких случаях в этот параметр следует установить значение «false» + + + По умолчанию: true на платформах, которые поддерживают inotify. False на +других платформах. + + + Примечание: этот параметр ни на что не влияет на тех платформах, где +недоступна подсистема inotify. На этих платформах всегда будет +использоваться опрос. + + + + + krb5_rcache_dir (строка) + + + Каталог файловой системы, в котором SSSD следует сохранять файлы кэша +повтора Kerberos. + + + Этот параметр принимает специальное значение __LIBKRB5_DEFAULTS__, которое +указывает SSSD разрешить libkrb5 выбрать подходящее расположение кэша +повтора. + + + По умолчанию: зависит от дистрибутива и указывается при +сборке. (__LIBKRB5_DEFAULTS__, если не настроено) + + + + + user (строка) + + + The user to drop the privileges to where appropriate to avoid running as the +root user. Currently the only supported value is '&sssd_user_name;'. + + + + This option does not work when running socket-activated services, as the +user set up to run the processes is set up during compilation time. The way +to override the systemd unit files is by creating the appropriate files in +/etc/systemd/system/. Keep in mind that any change in the socket user, +group or permissions may result in a non-usable SSSD. The same may occur in +case of changes of the user running the NSS responder. + + + + По умолчанию: не задано, процесс будет запущен от имени пользователя root + + + + + default_domain_suffix (строка) + + + Эта строка будет использоваться как стандартное имя домена для всех имён без +компонента имени домена. В основном, этот параметр применяется в средах, где +основной домен предназначен для управления политиками узлов и все +пользователи находятся в доверенном домене. Параметр позволяет этим +пользователям входить в систему, предоставляя только своё имя пользователя и +не указывая имя домена. + + + Please note that if this option is set all users from the primary domain +have to use their fully qualified name, e.g. user@domain.name, to log +in. Setting this option changes default of use_fully_qualified_names to +True. It is not allowed to use this option together with +use_fully_qualified_names set to False. One exception from this rule are domains +with id_provider=files that always try to match the behaviour +of nss_files and therefore their output is not qualified even when the +default_domain_suffix option is used. + + + По умолчанию: не задано + + + + + override_space (строка) + + + С помощью этого параметра пробелы (клавиша «пробел») в именах пользователей +и групп можно заменить указанным символом, например «_». Имя пользователя +"john doe" превратится в "john_doe". Эта возможность +была добавлена для обеспечения совместимости со сценариями оболочки, у +которых возникают проблемы при обработке пробелов из-за того, что в оболочке +пробел является стандартным разделителем полей. + + + Обратите внимание, что использование заменяющего символа, который может +использоваться в именах пользователей или групп, является ошибкой +конфигурации. Если имя содержит заменяющий символ, SSSD выполнит попытку +вернуть неизменённое имя, но в целом результат поиска будет не определён. + + + По умолчанию: не задано (пробелы не будут заменены) + + + + + certificate_verification (строка) + + + При установке этого параметра проверку сертификатов можно настроить с +помощью разделённого запятыми списка параметров. Поддерживаемые параметры: + + + no_ocsp + + Отключает проверки OCSP. Это может потребоваться, если указанные в +сертификате серверы OCSP недоступны со стороны клиента. + + + + soft_ocsp + + Если соединение с ответчиком OCSP невозможно установить, проверка OCSP будет +пропущена. Этот параметр следует использовать для того, чтобы разрешить +проверку подлинности, когда система находится в автономном режиме и нельзя +связаться с ответчиком OCSP. + + + + ocsp_dgst + + Функция вычисления контрольной суммы (хэша), используемая для создания ID +сертификата для запроса OCSP. Допустимые значения: + + sha1 + sha256 + sha384 + sha512 + + + По умолчанию: sha1 (для обеспечения совместимости с ответчиком, +соответствующим стандарту RFC5019) + + + + + no_verification + + Полностью отключает проверку. Этот параметр следует использовать только для +тестирования. + + + + partial_chain + + Разрешить признать проверку успешной даже в том случае, если не удаётся +построить полную цепочку до самоподписанного +якоря доверия, при условии, что возможно построить цепочку до доверенного +сертификата, который может быть не самоподписанным. + + + + ocsp_default_responder=URL + + Задаёт стандартный ответчик OCSP, который следует использовать вместо +ответчика, указанного в сертификате. URL необходимо заменить URL-адресом +стандартного ответчика OCSP, например: http://example.com:80/ocsp. + + + + + ocsp_default_responder_signing_cert=NAME + + В настоящее время этот параметр игнорируется. Все необходимые сертификаты +должны быть доступны в файле PEM, указанном параметром pam_cert_db_path. + + + + crl_file=/ПУТЬ/К/ФАЙЛУ/CRL + + Использовать список отзыва сертификатов (CRL) из указанного файла при +проверке этого сертификата. CRL должен быть указан в формате PEM. Подробнее: + crl +1ssl . + + + + soft_crl + + + Если срок действия списка отзыва сертификатов (CRL) истёк, игнорировать +проверки CRL для соответствующих сертификатов. Этот параметр следует +использовать, чтобы разрешить проверку подлинности, когда система находится +в автономном режиме и нельзя обновить CRL. + + + + + + Неизвестные параметры передаются, но игнорируются. + + + По умолчанию: не задано, то есть не ограничивать проверку сертификатов + + + + + disable_netlink (логическое значение) + + + SSSD подключается к интерфейсу netlink для отслеживания изменений в +маршрутах,адресах, ссылках и вызова определённых действий. + + + Изменения состояния SSSD, вызванные событиями netlink, могут быть +нежелательными. Чтобы их отключить, установите этот параметр в значение +«true» + + + По умолчанию: false (изменения netlink обнаруживаются) + + + + + enable_files_domain (логическое значение) + + + Когда этот параметр включён, SSSD добавляет перед всеми явно настроенными +доменами неявный домен сid_provider=files. + + + По умолчанию: false + + + + + domain_resolution_order + + + Разделённый запятыми список доменов и поддоменов, который указывает порядок +поиска. В список не требуется включать все возможные домены, так как поиск +отсутствующих доменов будет выполняться на основе порядка, в котором они +представлены в параметре конфигурации domains. Поиск +поддоменов, которые не указаны в параметре lookup_order, +будет выполняться в случайном порядке для каждого родительского домена. + + + Please, note that when this option is set the output format of all commands +is always fully-qualified even when using short names for input , for all users but the ones managed by the +files provider . In case the administrator wants the output not +fully-qualified, the full_name_format option can be used as shown below: +full_name_format=%1$s However, keep in mind that during +login, login applications often canonicalize the username by calling + getpwnam +3 which, if a shortname is returned +for a qualified input (while trying to reach a user which exists in multiple +domains) might re-route the login attempt into the domain which uses +shortnames, making this workaround totally not recommended in cases where +usernames may overlap between domains. + + + По умолчанию: не задано + + + + + implicit_pac_responder (логическое значение) + + + Ответчик PAC включается автоматически для поставщиков IPA и AD для оценки и +проверки PAC. Если его необходимо отключить, установите для этого параметра +значение «false». + + + По умолчанию: true + + + + + core_dumpable (логическое значение) + + + Этот параметр можно использовать для общей защиты системы: установка +значения «false» запрещает создание дампов памяти для всех процессов SSSD, +чтобы избежать утечки паролей в открытом виде. Дополнительные сведения +доступны на справочной странице prctl:PR_SET_DUMPABLE. + + + По умолчанию: true + + + + + passkey_verification (string) + + + With this parameter the passkey verification can be tuned with a comma +separated list of options. Supported options are: + + user_verification (boolean) + + Enable or disable the user verification (i.e. PIN, fingerprint) during +authentication. If enabled, the PIN will always be requested. + + + The default is that the key settings decide what to do. In the IPA or +kerberos pre-authentication case, this value will be overwritten by the +server. + + + + + + + + + + + + + + + РАЗДЕЛЫ СЛУЖБ + + В этом разделе приводится описание параметров, которые можно использовать +для настройки различных служб. Они должны находится в разделах с именами +[$NAME]. Например, для службы NSS это будет +раздел [nss] + + + + Общие параметры настройки служб + + Эти параметры можно использовать для настройки любых служб. + + + + reconnection_retries (целое число) + + + Количество попыток восстановления подключения службами в случае сбоя или +перезапуска поставщика данных + + + По умолчанию: 3 + + + + + fd_limit + + + Этот параметр задаёт максимальное количество файловых дескрипторов, которые +может одновременно открыть этот процесс SSSD. В системах, где у SSSD имеется +возможность CAP_SYS_RESOURCE, этот параметр будет использоваться независимо +от других параметров системы. В системах без такой возможности количество +дескрипторов будет определяться наименьшим значением этого параметра или +ограничением «hard» в limits.conf. + + + По умолчанию: 8192 (или ограничение «hard» в limits.conf) + + + + + client_idle_timeout + + + Этот параметр задаёт количество секунд, в течение которого клиент процесса +SSSD может удерживать файловый дескриптор без передачи данных. Это значение +ограничено в целях предотвращения исчерпания ресурсов системы. Оно не может +быть меньше 10 секунд. Если указано меньшее значение, оно будет исправлено +на 10 секунд. + + + По умолчанию: 60, KCM: 300 + + + + + offline_timeout (целое число) + + + Когда SSSD переключается в автономный режим, количество времени до +выполнения попытки вернуться в сеть будет увеличиваться в соответствии со +временем, проведённым без подключения. По умолчанию SSSD использует +приращение для расчёта задержки между повторными попытками. Поэтому время +ожидания для конкретной попытки будет больше, чем для предыдущих. После +каждой неудачной попытки вернуться в сеть интервал будет пересчитываться по +следующей формуле: + + + new_delay = Minimum(old_delay * 2, offline_timeout_max) + +random[0...offline_timeout_random_offset] + + + Стандартное значение offline_timeout составляет 60. Стандартное значение +offline_timeout_max — 3600. Стандартное значение +offline_timeout_random_offset — 30. Конечный результат представляет собой +количество секунд до следующей попытки. + + + Обратите внимание, что максимальная длительность каждого интервала задана +параметром offline_timeout_max (кроме случайной части). + + + По умолчанию: 60 + + + + + offline_timeout_max (целое число) + + + Управляет тем, насколько можно увеличить время между попытками вернуться в +сеть после неудачных попыток восстановления подключения. + + + Значение «0» отключает использование приращения. + + + Значение этого параметра следует устанавливать с учётом значения параметра +offline_timeout. + + + Если параметр offline_timeout установлен в значение «60» (значение по +умолчанию), нет смысла указывать для параметра offlinet_timeout_max значение +меньше 120, поскольку первый же шаг увеличения приведёт к его +превышению. Общее правило таково: значение offline_timeout_max должно по +крайней мере в 4 раза превышать значение offline_timeout. + + + Несмотря на то, что возможно указать значение от 0 до offline_timeout, +результатом этого станет переопределение значения offline_timeout, что не +имеет практического смысла. + + + По умолчанию: 3600 + + + + + offline_timeout_random_offset (целое число) + + + Когда сервис SSSD находится в автономном режиме, он продолжает обращаться к +внутренним серверам через заданные промежутки времени: + + + new_delay = Minimum(old_delay * 2, offline_timeout_max) + +random[0...offline_timeout_random_offset] + + + Этот параметр управляет значением случайной задержки, которое используется +для приведённого выше уравнения. Итоговым значением random_offset будет +случайное число, принадлежащее диапазону: + + + [0 - offline_timeout_random_offset] + + + Значение «0» отключает добавление случайной задержки. + + + По умолчанию: 30 + + + + + responder_idle_timeout + + + Этот параметр задаёт количество секунд, в течение которого процесс ответчика +SSSD может работать без использования. Это значение ограничено в целях +предотвращения исчерпания ресурсов системы. Минимально допустимое значение: +60 секунд. Установка этого параметра в значение «0» (ноль) означает, что для +ответчика не устанавливается тайм-аут. Этот параметр используется только в +том случае, если сервис SSSD собран с поддержкой systemd и если службы +активируются с помощью сокетов или D-Bus. + + + По умолчанию: 300 + + + + + cache_first + + + Этот параметр определяет, следует ли ответчику опрашивать все кэши перед +опросом поставщиков данных. + + + По умолчанию: false + + + По умолчанию: true + + + + + + + + Параметры настройки NSS + + Эти параметры можно использовать для настройки службы диспетчера службы имён +(NSS). + + + + enum_cache_timeout (целое число) + + + Длительность хранения перечислений (запросов информации обо всех +пользователях) в кэше nss_sss в секундах + + + По умолчанию: 120 + + + + + entry_cache_nowait_percentage (целое число) + + + Можно настроить кэш записей на автоматическое обновление записей в фоновом +режиме, если запрос о них поступает в срок, определённый в процентах от +значения entry_cache_timeout для домена. + + + Например, если параметр entry_cache_timeout домена установлен в значение +«30s» (секунд), а параметр entry_cache_nowait_percentage установлен в +значение «50» (процентов), записи, которые поступят через 15 секунд после +последнего обновления кэша, будут возвращены сразу, но SSSD выполнит +обновление кэша, поэтому будущим запросам не потребуется блокировка в +ожидании обновления кэша. + + + Корректные значения этого параметра находятся в диапазоне 0-99 и +представляют собой значение в процентах от entry_cache_timeout для каждого +домена. Чтобы сохранить производительность, это значение никогда не +уменьшает тайм-аут nowait так, что он становится меньше 10 секунд. Установка +значения «0» отключает эту возможность. + + + По умолчанию: 50 + + + + + entry_negative_timeout (целое число) + + + Означает количество секунд, в течение которого в кэше nss_sss будут +храниться неудачные обращения к кэшу (запросы некорректных записей базы +данных, например, несуществующих) перед повторным запросом к внутреннему +серверу. + + + По умолчанию: 15 + + + + + local_negative_timeout (целое число) + + + Означает количество секунд, в течение которого в негативном кэше nss_sss +будут храниться локальные пользователи и группы перед попыткой повторного +поиска на внутреннем сервере. Установка значения «0» отключает эту +возможность. + + + По умолчанию: 14400 (4 часа) + + + + + filter_users, filter_groups (строка) + + + Исключить определённых пользователей или группы из списка получения данных +из базы данных NSS sss. Эта возможность особенно полезна для системных +учётных записей. Этот параметр также можно задать для каждого домена +отдельно или включить в него полные имена, чтобы выполнить фильтрацию только +пользователей из конкретного домена или по именам участников-пользователей +(UPN). + + + ПРИМЕЧАНИЕ: параметр filter_groups не влияет на наследование участников +вложенных групп, так как фильтрация выполняется после их распространения для +возврата с помощью NSS. Например, в списке участников группы, вложенная +группа которой была отфильтрована, останутся пользователи из этой +отфильтрованной вложенной группы. + + + По умолчанию: root + + + + + filter_users_in_groups (логическое значение) + + + Если отфильтрованные пользователи должны оставаться участниками групп, +установите этот параметр в значение «false». + + + По умолчанию: true + + + + + + + fallback_homedir (строка) + + + Установить стандартный шаблон для домашнего каталога пользователя, если он +явно не указан поставщиком данных домена. + + + Допустимые значения этого параметра совпадают с допустимыми значениями +параметра override_homedir. + + + пример: +fallback_homedir = /home/%u + + + + По умолчанию: не задано (без замен для незаданных домашних каталогов) + + + + + override_shell (строка) + + + Переопределить командную оболочку входа для всех пользователей. Этот +параметр имеет приоритет над любыми другими параметрами оболочки, когда +действует. Его возможно установить либо в разделе [nss], либо для каждого +домена отдельно. + + + По умолчанию: не задано (SSSD будет использовать значение, полученное от +LDAP) + + + + + allowed_shells (строка) + + + Ограничить оболочку пользователя одним из указанных в списке +значений. Порядок вычисления: + + + 1. Если оболочка присутствует в файле /etc/shells, будет +использована она. + + + 2. Если оболочка присутствует в списке allowed_shells, но не в файле +/etc/shells, использовать значение параметра shell_fallback. + + + 3. Если оболочка отсутствует в списке allowed_shells и файле +/etc/shells, будет использована оболочка, которая не требует +входа. + + + Чтобы разрешить использование любой оболочки, можно использовать +подстановочный знак (*). + + + Знаком (*) можно воспользоваться, чтобы использовать shell_fallback, когда +оболочка пользователя отсутствует в файле /etc/shells, а +ведение списка всех разрешённых оболочек в allowed_shells было бы излишним. + + + Пустая строка оболочки передаётся libc «как есть». + + + Чтение файла /etc/shells выполняется только при запуске +SSSD. Следовательно, в случае установки новой оболочки потребуется +перезапуск SSSD. + + + По умолчанию: не задано. Автоматически используется оболочка пользователя. + + + + + vetoed_shells (строка) + + + Заменять все экземпляры этих оболочек на shell_fallback + + + + + shell_fallback (строка) + + + Оболочка по умолчанию, которую следует использовать, если разрешённая +оболочка не установлена на компьютере. + + + По умолчанию: /bin/sh + + + + + default_shell + + + Оболочка по умолчанию, которую следует использовать, если поставщик не +вернул оболочку при поиске. Этот параметр можно указать как глобальный в +разделе [nss] или для каждого домена отдельно. + + + По умолчанию: не задано (вернуть NULL, если оболочка не указана, и +положиться на libc в плане подстановки подходящего варианта, обычно /bin/sh) + + + + + get_domains_timeout (целое число) + + + Указывает время в секундах, в течение которого список поддоменов считается +действительным. + + + По умолчанию: 60 + + + + + memcache_timeout (целое число) + + + Указывает время в секундах, в течение которого записи кэша в памяти будут +оставаться действительными. Установка этого параметра в значение «0» +отключит кэш в памяти. + + + По умолчанию: 300 + + + ПРЕДУПРЕЖДЕНИЕ: отключение кэша в памяти окажет значительное негативное +воздействие на производительность SSSD. Этот параметр следует использовать +только для тестирования. + + + ПРИМЕЧАНИЕ: если переменная среды SSS_NSS_USE_MEMCACHE установлена в +значение «NO», клиентские приложения не будут использовать быстрый кэш в +памяти. + + + + + memcache_size_passwd (целое число) + + + Размер (в мегабайтах) таблицы данных, которая размещена в быстром кэше в +памяти для запросов passwd. Установка размера в значение «0» отключит кэш в +памяти для запросов passwd. + + + По умолчанию: 8 + + + ПРЕДУПРЕЖДЕНИЕ: отключение кэша в памяти или его слишком малый размер окажет +значительное негативное воздействие на производительность SSSD. + + + ПРИМЕЧАНИЕ: если переменная среды SSS_NSS_USE_MEMCACHE установлена в +значение «NO», клиентские приложения не будут использовать быстрый кэш в +памяти. + + + + + memcache_size_group (целое число) + + + Размер (в мегабайтах) таблицы данных, которая размещена в быстром кэше в +памяти для запросов group. Установка размера в значение «0» отключит кэш в +памяти для запросов group. + + + По умолчанию: 6 + + + ПРЕДУПРЕЖДЕНИЕ: отключение кэша в памяти или его слишком малый размер окажет +значительное негативное воздействие на производительность SSSD. + + + ПРИМЕЧАНИЕ: если переменная среды SSS_NSS_USE_MEMCACHE установлена в +значение «NO», клиентские приложения не будут использовать быстрый кэш в +памяти. + + + + + memcache_size_initgroups (целое число) + + + Размер (в мегабайтах) таблицы данных, которая размещена в быстром кэше в +памяти для запросов групп инициализации. Установка размера в значение «0» +отключит кэш в памяти для запросов групп инициализации. + + + По умолчанию: 10 + + + ПРЕДУПРЕЖДЕНИЕ: отключение кэша в памяти или его слишком малый размер окажет +значительное негативное воздействие на производительность SSSD. + + + ПРИМЕЧАНИЕ: если переменная среды SSS_NSS_USE_MEMCACHE установлена в +значение «NO», клиентские приложения не будут использовать быстрый кэш в +памяти. + + + + + memcache_size_sid (целое число) + + + Размер (в мегабайтах) таблицы данных, которая размещена в быстром кэше в +памяти для связанных с SID запросов. В настоящее время кэширование в быстрой +памяти предусмотрено только для запросов SID-по-ID и ID-по-SID. Установка +размера в значение «0» отключит кэш SID в памяти. + + + По умолчанию: 6 + + + ПРЕДУПРЕЖДЕНИЕ: отключение кэша в памяти или его слишком малый размер окажет +значительное негативное воздействие на производительность SSSD. + + + ПРИМЕЧАНИЕ: если переменная среды SSS_NSS_USE_MEMCACHE установлена в +значение «NO», клиентские приложения не будут использовать быстрый кэш в +памяти. + + + + + user_attributes (строка) + + + Некоторые из дополнительных запросов ответчика NSS могут возвращать больше +атрибутов, чем просто атрибуты POSIX, определённые интерфейсом NSS. Этот +параметр управляет списком атрибутов. Обработка выполняется тем же способом, +что и для параметра user_attributes ответчика InfoPipe +(см. sssd-ifp +5 ), но без стандартных значений. + + + Для упрощения настройки ответчик NSS проверит параметр InfoPipe на то, задан +ли он для ответчика NSS. + + + По умолчанию: не задано, использовать параметр InfoPipe + + + + + pwfield (строка) + + + Значение, которое операции NSS, возвращающие пользователей или группы, +вернут для поля password. + + + По умолчанию: * + + + Примечание: этот параметр также можно задать для каждого домена отдельно, +что будет иметь приоритет над значением в разделе [nss]. + + + Default: not set (remote domains), x (the files domain), + x (proxy domain with nss_files and sssd-shadowutils +target) + + + + + + + Параметры настройки PAM + + Эти параметры можно использовать для настройки службы подключаемых модулей +проверки подлинности (PAM). + + + + offline_credentials_expiration (целое число) + + + Определяет как долго следует разрешать вход по кэшированным данным, если +поставщик данных для аутентификации находится в автономном режиме (в днях с +момента последнего успешного входа). + + + По умолчанию: 0 (без ограничений) + + + + + + offline_failed_login_attempts (целое число) + + + Если поставщик данных для проверки подлинности находится в автономном +режиме, сколько следует допускать неудачных попыток входа. + + + По умолчанию: 0 (без ограничений) + + + + + + offline_failed_login_delay (целое число) + + + Время в минутах, которое должно пройти после достижения значения +offline_failed_login_attempts, прежде чем станет возможной новая попытка +входа. + + + Если задано значение «0», пользователь не сможет пройти проверку подлинности +в автономном режиме после достижения значения +offline_failed_login_attempts. Для того, чтобы проверка подлинности в +автономном режиме снова стала возможной, необходимо успешно пройти проверку +подлинности в сетевом режиме. + + + По умолчанию: 5 + + + + + + pam_verbosity (целое число) + + + Управляет тем, какие сообщения будут показаны пользователю во время проверки +подлинности. Чем больше число, тем больше сообщений будет показано. + + + В настоящее время sssd поддерживает следующие значения: + + + 0: не показывать никаких сообщений + + + 1: показывать только важные сообщения + + + 2: показывать информационные сообщения + + + 3: показывать все сообщения и отладочную информацию + + + По умолчанию: 1 + + + + + + pam_response_filter (строка) + + + Разделённый запятыми список строк, который позволяет удалять (фильтровать) +данные, отправленные ответчиком PAM модулю PAM pam_sss. Ответы, которые +отправляются pam_sss, могут быть разного вида (например, сообщения, которые +показываются пользователю, или переменные среды, которые должны быть +установлены pam_sss). + + + Сообщениями можно управлять с помощью параметра pam_verbosity, а этот +параметр позволяет отфильтровать также и другие типы ответов. + + + В настоящее время поддерживаются следующие фильтры: + ENV + Не отправлять никаким службам никакие переменные среды. + + ENV:var_name + Не отправлять переменную среды var_name никаким службам. + + ENV:var_name:service + Не отправлять переменную среды var_name указанной службе. + + + + + Список строк может представлять собой список фильтров, который установит эти +фильтры, перезаписав стандартные значения. Либо каждый элемент списка может +предваряться символом «+» или «-», что, соответственно, добавит этот фильтр +к существующим стандартным фильтрам или удалит его из стандартных +фильтров. Обратите внимание, что следует либо использовать префикс «+» или +«-» для всех элементов списка, либо не использовать его +вообще. Использование префикса только для части элементов списка считается +ошибкой. + + + По умолчанию: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i + + + Пример: -ENV:KRB5CCNAME:sudo-i удалит фильтр из списка стандартных + + + + + + pam_id_timeout (целое число) + + + При любом запросе PAM, поступающем во время работы SSSD в сети, SSSD +выполняет попытку незамедлительно обновить кэшированные данные идентификации +пользователя, чтобы при проверке подлинности использовались самые последние +данные. + + + Полный обмен данными PAM может включать несколько запросов PAM (в частности, +для управления учётными записями и открытия сеансов). Этот параметр +управляет (для каждого клиента-приложения отдельно) длительностью (в +секундах) кэширования данных идентификации, позволяющего избежать повторных +обменов данными с поставщиком данных идентификации. + + + По умолчанию: 5 + + + + + + pam_pwd_expiration_warning (целое число) + + + Показать предупреждение за N дней до истечения срока действия пароля. + + + Обратите внимание, что внутренний сервер должен предоставить информацию о +времени истечения срока действия пароля. Если она отсутствует, sssd не +сможет показать предупреждение. + + + Если указан ноль, этот фильтр не применяется: если от внутреннего сервера +было получено предупреждение об истечении строка действия, оно будет +показано автоматически. + + + Этот параметр можно переопределить, установив +pwd_expiration_warning для конкретного домена. + + + По умолчанию: 0 + + + + + get_domains_timeout (целое число) + + + Указывает время в секундах, в течение которого список поддоменов считается +действительным. + + + По умолчанию: 60 + + + + + pam_trusted_users (строка) + + + Разделённый запятыми список значений UID или имён пользователей, которым +разрешено выполнять обмен данными PAM с доверенными доменами. Пользователям, +которые отсутствуют в этом списке, разрешён доступ только к доменам, +отмеченным как общедоступные с помощью параметра +pam_public_domains. Имена пользователей разрешаются в UID при +запуске. + + + По умолчанию: все пользователи считаются доверенными по умолчанию + + + Обратите внимание, что UID 0 всегда разрешён доступ к ответчику PAM, даже +если этот идентификатор пользователя отсутствует в списке pam_trusted_users. + + + + + pam_public_domains (строка) + + + Разделённый запятыми список имён доменов, которые доступны даже для +недоверенных пользователей. + + + Для параметра pam_public_domains определены два специальных значения: + + + all (недоверенным пользователя разрешён доступ ко всем доменам в ответчике +PAM) + + + none (недоверенным пользователя запрещён доступ ко всем доменам в ответчике +PAM) + + + По умолчанию: none + + + + + pam_account_expired_message (строка) + + + Позволяет задать пользовательское сообщение об истечении срока действия, +которое заменит стандартное сообщение «Доступ запрещён». + + + Примечание: следует учитывать, что для службы SSH сообщение будет показано +только при условии, что параметр pam_verbosity установлен в значение «3» +(показывать все сообщения и отладочную информацию). + + + пример: +pam_account_expired_message = Срок действия учётной записи истёк, обратитесь в службу поддержки. + + + + По умолчанию: none + + + + + pam_account_locked_message (строка) + + + Позволяет задать пользовательское сообщение о блокировке, которое заменит +стандартное сообщение «Доступ запрещён». + + + пример: +pam_account_locked_message = Учётная запись заблокирована, обратитесь в службу поддержки. + + + + По умолчанию: none + + + + + pam_passkey_auth (bool) + + + Enable passkey device based authentication. + + + По умолчанию: false + + + + + passkey_debug_libfido2 (bool) + + + Enable libfido2 library debug messages. + + + По умолчанию: false + + + + + pam_cert_auth (логическое значение) + + + Включить проверку подлинности на основе сертификата или смарт-карты. Так как +для этого требуется дополнительный обмен данными со смарт-картой, который +задержит процесс проверки подлинности, по умолчанию этот параметр отключён. + + + По умолчанию: false + + + + + pam_cert_db_path (строка) + + + Путь к базе данных сертификатов. + + + По умолчанию: + + /etc/sssd/pki/sssd_auth_ca_db.pem (путь к файлу с доверенными сертификатами +CA в формате PEM) + + + + + + + + pam_cert_verification (строка) + + + Этот параметр позволяет выполнить тонкую настройку проверки сертификатов PAM +с помощью разделённого запятыми списка параметров. Эти параметры +переопределяют значение certificate_verification в разделе +[sssd]. Поддерживаются те же параметры, что и для +certificate_verification. + + + пример: +pam_cert_verification = partial_chain + + + + По умолчанию: не задано, то есть следует использовать стандартный параметр +certificate_verification, указанный в разделе +[sssd]. + + + + + p11_child_timeout (целое число) + + + Разрешённое количество секунд, в течение которого pam_sss ожидает завершения +работы p11_child. + + + По умолчанию: 10 + + + + + passkey_child_timeout (integer) + + + How many seconds will the PAM responder wait for passkey_child to finish. + + + По умолчанию: 15 + + + + + pam_app_services (строка) + + + Указывает, каким службам PAM разрешено устанавливать соединение с доменами +типа application + + + По умолчанию: не задано + + + + + pam_p11_allowed_services (целое число) + + + Разделённый запятыми список имён служб PAM, для которых будет разрешено +использовать смарт-карты. + + + Можно добавить имя ещё одной службы PAM в стандартный набор с помощью ++service_name. Также можно явно удалить имя службы PAM из +стандартного набора с помощью -service_name. Например, чтобы +заменить стандартное имя службы PAM для проверки подлинности с помощью +смарт-карт (например, login) на пользовательское имя службы +PAM (например, my_pam_service), необходимо использовать +следующую конфигурацию: +pam_p11_allowed_services = +my_pam_service, -login + + + + По умолчанию: стандартный набор имён служб PAM включает: + + + + login + + + + + su + + + + + su-l + + + + + gdm-smartcard + + + + + gdm-password + + + + + kdm + + + + + sudo + + + + + sudo-i + + + + + gnome-screensaver + + + + + + + + p11_wait_for_card_timeout (целое число) + + + Когда требуется проверка подлинности по смарт-карте, этот параметр +определяет, в течение какого количества секунд (в дополнение к значению +p11_child_timeout) ответчик PAM должен ожидать вставки смарт-карты. + + + По умолчанию: 60 + + + + + p11_uri (строка) + + + URI PKCS#11 (подробное описание доступно в RFC-7512) для ограничения перечня +устройств с проверкой подлинности по смарт-карте. По умолчанию p11_child +SSSD выполняет поиск слота PKCS#11 (устройства чтения) с установленным +флагом «removable» и затем чтение сертификатов со вставленного маркера из +первого найденного слота. Если подключено несколько устройств чтения, с +помощью p11_uri можно указать p11_child использовать конкретное устройство +чтения. + + + Пример: +p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader + или +p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2 + Чтобы найти подходящий URI, проверьте +отладочный вывод p11_child. Либо можно использовать утилиту «p11tool» +GnuTLS, например, с параметром «--list-all»: это тоже позволит просмотреть +URI PKCS#11. + + + По умолчанию: none + + + + + pam_initgroups_scheme + + + Ответчик PAM может принудительно запустить поиск в сети для получения данных +об участии в группах того пользователя, который пытается войти в +систему. Этот параметр управляет тем, когда это следует делать, и имеет +следующие допустимые значения: + always + Всегда выполнять поиск в сети (обратите внимание, что параметр +pam_id_timeout всё равно применяется) + + no_session + Выполнять поиск в сети только при отсутствии активного сеанса пользователя, +то есть тогда, когда пользователь не находится в системе + + never + Никогда не выполнять поиск в сети принудительно, использовать данные из кэша +до тех пор, пока они не устареют + + + + + По умолчанию: no_session + + + + + pam_gssapi_services + + + Разделённый запятыми список служб PAM, которым разрешено пытаться выполнить +проверку подлинности по GSSAPI с помощью модуля pam_sss_gss.so. + + + Чтобы отключить проверку подлинности с помощью GSSAPI, установите этот +параметр в значение - (дефис). + + + Примечание: этот параметр также можно задать для каждого домена отдельно, +что будет иметь приоритет над значением в разделе [pam]. Также этот параметр +можно задать для доверенного домена, что будет иметь приоритет над значением +в разделе домена. + + + Пример: +pam_gssapi_services = sudo, sudo-i + + + + По умолчанию: - (проверка подлинности с помощью GSSAPI отключена) + + + + + pam_gssapi_check_upn + + + Если значение «True», SSSD будет требоваться наличие привязки +участника-пользователя Kerberos, который успешно прошёл проверку подлинности +с помощью GSSAPI, к пользователю, проверка подлинности которого +выполняется. Если такой привязки нет, проверка подлинности завершится +ошибкой. + + + Если значение «False», проверка подлинности будет выполняться для всех +пользователей, получивших необходимый билет службы. + + + Примечание: этот параметр также можно задать для каждого домена отдельно, +что будет иметь приоритет над значением в разделе [pam]. Также этот параметр +можно задать для доверенного домена, что будет иметь приоритет над значением +в разделе домена. + + + По умолчанию: true + + + + + pam_gssapi_indicators_map + + + Разделённый запятыми список индикаторов проверки подлинности, которые должны +присутствовать в билете Kerberos для получения доступа к службе PAM, которой +разрешено пытаться выполнить проверку подлинности по GSSAPI с помощью модуля +pam_sss_gss.so. + + + Каждый элемент списка может быть либо именем индикатора проверки +подлинности, либо парой service:indicator. Индикаторы, +которые не предваряются именем службы PAM, будут требоваться для доступа к +любой службе PAM, настроенной на использование с +. Итоговый список индикаторов для +отдельной службы PAM затем проверяется на соответствие индикаторам в билете +Kerberos во время проверки подлинности с помощью pam_sss_gss.so. Доступ +будет предоставлен, если в билете будет найден индикатор, совпадающий с +индикатором из итогового списка индикаторов для соответствующей службы +PAM. Доступ будет запрещён, если в списке не обнаружатся совпадающие +индикаторы. Если итоговый список индикаторов для службы PAM пуст, проверка +не закроет доступ. + + + Чтобы отключить проверку индикаторов для проверки подлинности с помощью +GSSAPI, установите этот параметр в значение - (дефис). Чтобы +отключить проверку индикаторов для определённой службы PAM, добавьте +service:-. + + + Примечание: этот параметр также можно задать для каждого домена отдельно, +что будет иметь приоритет над значением в разделе [pam]. Также этот параметр +можно задать для доверенного домена, что будет иметь приоритет над значением +в разделе домена. + + + В развёрнутых системах IPA с Kerberos предусмотрена поддержка следующих +индикаторов проверки подлинности: + + + pkinit — предварительная проверка подлинности с помощью сертификатов X.509, +которые хранятся в файлах или на смарт-картах. + + + hardened — предварительная проверка подлинности SPAKE или любая +предварительная проверка подлинности, помещённая в канал FAST. + + + radius — предварительная проверка подлинности с помощью сервера RADIUS. + + + otp — предварительная проверка подлинности с помощью встроенной +двухфакторной аутентификации (2FA или одноразовый пароль, OTP) в IPA. + + + idp -- предварительная аутентификация с использованием внешнего поставщика +удостоверений. + + + + + Пример: чтобы доступ к службам SUDO предоставлялся только пользователям, +которые получили свои билеты Kerberos с предварительной проверкой +подлинности сертификата X.509 (PKINIT), укажите +pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit + + + + По умолчанию: не задано (использование индикаторов проверки подлинности не +требуется) + + + + + + + + Параметры настройки SUDO + + Эти параметры можно использовать для настройки службы sudo. Подробные +инструкции по настройке sudo +8 для работы с +sssd 8 +доступны на справочной странице +sssd-sudo 5 +. + + + + sudo_timed (логическое значение) + + + Следует ли обрабатывать атрибуты sudoNotBefore и sudoNotAfter, +предназначенные для определения временных ограничений для записей sudoers. + + + По умолчанию: false + + + + + + + sudo_threshold (целое число) + + + Максимальное количество устаревших правил, которые можно обновить за один +раз. Если количество устаревших правил меньше заданного порогового значения, +эти правила обновляются с помощью механизма обновления +правил. Если пороговое значение превышено, будет использоваться +механизм полного обновления. Это пороговое значение также +применяется к поискам команд и групп команд sudo IPA. + + + По умолчанию: 50 + + + + + + + + Параметры настройки AUTOFS + + Эти параметры можно использовать для настройки службы autofs. + + + + autofs_negative_timeout (целое число) + + + Означает количество секунд, в течение которого в кэше ответчика autofs будут +храниться неудачные обращения к кэшу (запросы некорректных записей карты, +например, несуществующих) перед повторным запросом к внутреннему серверу. + + + По умолчанию: 15 + + + + + + + + + Параметры настройки SSH + + Эти параметры можно использовать для настройки службы SSH. + + + + ssh_hash_known_hosts (логическое значение) + + + Следует ли хэшировать имена и адреса узлов в управляемом файле known_hosts. + + + По умолчанию: false + + + + + ssh_known_hosts_timeout (целое число) + + + Разрешённое количество секунд, в течение которого узел хранится в +управляемом файле known_hosts после запроса ключей этого узла. + + + По умолчанию: 180 + + + + + ssh_use_certificate_keys (логическое значение) + + + Если задано значение «true», команда +sss_ssh_authorizedkeys вернёт ключи SSH, производные от +открытого ключа сертификатов X.509, которые также хранятся в записи +пользователя. Подробнее: +sss_ssh_authorizedkeys +1 . + + + По умолчанию: true + + + + + ssh_use_certificate_matching_rules (строка) + + + По умолчанию ответчик SSH использует все доступные правила сопоставления +сертификатов для фильтрации сертификатов, поэтому ключи SSH будут +создаваться на основе только тех сертификатов, для которых было установлено +соответствие. Этот параметр позволяет ограничить используемые правила +разделённым запятыми списком имён правил привязки и сопоставления. Все +другие правила будут игнорироваться. + + + Два особых ключевых слова «all_rules» и «no_rules» позволяют, +соответственно, включить все правила или не включать их вообще. Последнее +означает, что фильтрация сертификатов не будет выполняться; следовательно, +ключи SSH будут создаваться на основе всех действительных сертификатов. + + + Если не настроено никаких правил, использование «all_rules» приведёт к +включению стандартного правила, которое разрешает использовать все +сертификаты, подходящие для проверки подлинности клиента. Это поведение +соответствует поведению ответчика PAM в том случае, когда включена проверка +подлинности сертификатов. + + + Несуществующее имя правила считается ошибкой. Если в результате не будет +выбрано ни одного правила, все сертификаты будут проигнорированы. + + + По умолчанию: не задано, равнозначно «all_rules», используются все найденные +правила или правило по умолчанию + + + + + ca_db (строка) + + + Путь к хранилищу доверенных сертификатов CA. Параметр используется для +проверки сертификатов пользователей перед получением из них открытых ключей +SSH. + + + По умолчанию: + + /etc/sssd/pki/sssd_auth_ca_db.pem (путь к файлу с доверенными сертификатами +CA в формате PEM) + + + + + + + + + + + Параметры настройки ответчика PAC + + Ответчик PAC работает совместно с модулем данных проверки подлинности +sssd_pac_plugin.so для MIT Kerberos и поставщиком данных поддоменов. Этот +модуль отправляет данные PAC ответчику PAC во время проверки подлинности с +помощью GSSAPI. Поставщик данных поддоменов собирает данные по диапазонам +SID и ID домена, к которому присоединён клиент, а также удалённых доверенных +доменов с локального контроллера доменов. Если PAC расшифровывается и +обрабатывается, выполняются некоторые из следующих операций: + + Если запись удалённого пользователя отсутствует в кэше, она будет +создана. UID определяется с помощью SID, у доверенных доменов будут UPG, а +GID будет иметь то же значение, что и UID. Домашний каталог устанавливается +на основе значения параметра subdomain_homedir. По умолчанию значение +оболочки будет пустым, то есть будут использованы стандартные параметры +системы, но их можно переопределить с помощью параметра default_shell. + + Если имеются SID групп из известных SSSD доменов, пользователь будет +добавлен в эти группы. + + + + + Эти параметры можно использовать для настройки ответчика PAC. + + + + allowed_uids (строка) + + + Разделённый запятыми список значений UID или имён пользователей, которым +разрешён доступ к ответчику PAC. Имена пользователей разрешаются в UID при +запуске. + + + По умолчанию: 0 (доступ к ответчику PAC разрешён только пользователю root) + + + Обратите внимание: несмотря на то, что в качестве стандартного значения +используется UID 0, оно будет перезаписано этим параметром. Если всё равно +требуется разрешить пользователю root доступ к ответчику PAC (типичный +случай), будет необходимо добавить запись «0» в список UID, которым разрешён +доступ. + + + + + pac_lifetime (целое число) + + + Время жизни записи PAC (в секундах). Пока запись PAC действительна, данные +PAC можно использовать для определения участия пользователя в группах. + + + По умолчанию: 300 + + + + + pac_check (строка) + + + Если настроено, применить дополнительные проверки к PAC билету Kerberos, +доступному в доменах Active Directory и FreeIPA. Обратите внимание, что для +проверки PAC должна быть включена проверка билетов Kerberos, то есть для +параметра krb5_validate должно быть установлено значение «True», которое +является значением по умолчанию для поставщиков данных IPA и AD. Если для +параметра krb5_validate установлено значение «False», проверка PAC будет +пропущена. + + + Следующие параметры можно использовать отдельно или в виде разделённого +запятыми списка: + + no_check + + PAC не должен присутствовать, и даже если он имеется, никакие дополнительные +проверки выполняться не будут. + + + + pac_present + + PAC должен присутствовать в билете службы, который SSSD запрашивает с +помощью TGT пользователя. Если PAC недоступен, аутентификация завершится +ошибкой. + + + + + check_upn + + Если PAC присутствует, проверить, что информация об основном имени +пользователя (UPN) верна. + + + + check_upn_allow_missing + + Этот параметр следует использовать вместе с 'check_upn' и он обрабатывает +случай, когда для UPN установлено значение на стороне сервера, но не +читается SSSD. Типичным примером является домен FreeIPA, в котором для +'ldap_user_principal' установлено название не существующего атрибута. Обычно +это делалось для обхода проблем при обработке корпоративных регистрационных +записей. Но это исправлено довольно давно, и FreeIPA может обрабатывать +корпоративные регистрационные записи, поэтому больше нет необходимости +устанавливать 'ldap_user_principal'. + В настоящее время этот параметр установлен по умолчанию, чтобы избежать +регрессии в подобных средах. В системный журнал и журнал отладки SSSD будет +добавлено сообщение в случае обнаружения UPN в PAC, но не в кэше SSSD. Чтобы +избежать появления такого сообщения, проверьте, можно ли удалить параметр +'ldap_user_principal'. Если это невозможно, удаление 'check_upn' приведет к +пропуску проверки и сообщение не появится в журнале. + + + + upn_dns_info_present + + PAC должен содержать буфер UPN-DNS-INFO, неявным образом устанавливает +'check_upn'. + + + + check_upn_dns_info_ex + + Если PAC присутствует и доступно расширение буфера UPN-DNS-INFO, проверить, +согласованы ли данные в расширении. + + + + upn_dns_info_ex_present + + PAC должен содержать расширение буфера UPN-DNS-INFO, неявным образом +устанавливает 'check_upn_dns_info_ex', 'upn_dns_info_present' и 'check_upn'. + + + + + + + По умолчанию: no_check (для поставщиков AD и IPA — 'check_upn, +check_upn_allow_missing, check_upn_dns_info_ex') + + + + + + + + Параметры настройки записи сеансов + + Запись сеансов работает совместно с +tlog-rec-session 8 +, частью пакета tlog, обеспечивая ведение журнала данных, +которые пользователи видят и вводят после входа на текстовый +терминал. См. также +sssd-session-recording +5 . + + + Эти параметры можно использовать для настройки записи сеансов. + + + + scope (строка) + + + Одна из следующих строк, которые определяют область записи сеанса: + + + «none» + + + Пользователи не записываются. + + + + + «some» + + + Записываются пользователи и группы, указанные с помощью параметров +users и groups. + + + + + «all» + + + Записываются все пользователи. + + + + + + + По умолчанию: «none» + + + + + users (строка) + + + Разделённый запятыми список пользователей, для которых включена запись +сеансов. Соответствие списку устанавливается по именам пользователей, +возвращённым NSS, то есть после возможной замены пробелов, смены регистра и +так далее. + + + По умолчанию: пусто. Не соответствует ни одному пользователю. + + + + + groups (строка) + + + Разделённый запятыми список групп, для участников которых включена запись +сеансов. Соответствие списку устанавливается по именам групп, возвращённым +NSS, то есть после возможной замены пробелов, смены регистра и так далее. + + + ПРИМЕЧАНИЕ: использование этого параметра (его установка в одно из значений) +значительно сказывается на производительности, поскольку при каждом +некэшированном запросе данных пользователя требуется выполнить получение и +установление соответствия групп, участником которых он является. + + + По умолчанию: пусто. Не соответствует ни одной группе. + + + + + exclude_users (строка) + + + Разделённый запятыми список пользователей, которые исключаются из записи; +применимо только при «scope=all». + + + По умолчанию: пусто. Не исключается ни один пользователь. + + + + + exclude_groups (строка) + + + Разделённый запятыми список групп, участники которых исключаются из записи; +применимо только при «scope=all». + + + ПРИМЕЧАНИЕ: использование этого параметра (его установка в одно из значений) +значительно сказывается на производительности, поскольку при каждом +некэшированном запросе данных пользователя требуется выполнить получение и +установление соответствия групп, участником которых он является. + + + По умолчанию: пусто. Не исключается ни одна группа. + + + + + + + + + + РАЗДЕЛЫ ДОМЕНА + + Эти параметры конфигурации могут присутствовать в разделе конфигурации +домена, то есть в разделе с именем +[domain/NAME] + + enabled + + + Явно включить или отключить домен. Если true, домен всегда +включён. Если false, домен всегда +отключён. Если значение параметра не задано, домен будет +включён только в том случае, если он находится в списке, указанном с помощью +параметра domains в разделе [sssd]. + + + + + + domain_type (строка) + + + Указывает, предназначен ли домен для использования клиентами, +поддерживающими POSIX (например, NSS), или приложениями, которым не +требуется наличие или создание данных POSIX. Интерфейсам и утилитам +операционной системы доступны только объекты из доменов POSIX. + + + Допустимые значение этого параметра: posix и +application. + + + Домены POSIX доступны для всех служб. Домены приложений доступны только для +ответчика InfoPipe (см. +sssd-ifp 5 +) и ответчика PAM. + + + ПРИМЕЧАНИЕ: в настоящее время тщательно тестируются только домены приложений +с id_provider=ldap. + + + Описание простого способа настройки доменов не-POSIX доступно в разделе +Домены приложений. + + + По умолчанию: posix + + + + + + min_id,max_id (целое число) + + + Пределы диапазона UID и GID для домена. Если домен содержит запись, +находящуюся вне указанного диапазона, она будет проигнорирована. + + + Что касается записей пользователей, этот параметр ограничивает диапазон +основного GID. Запись пользователя не будет возвращена в NSS, если UID или +основной GID находится за пределами диапазона. Находящиеся в пределах +диапазона записи пользователей, которые не являются участниками основной +группы, будут выведены в обычном режиме. + + + Эти пределы диапазона идентификаторов влияют даже на сохранение записей в +кэш, а не только на их возврат по имени или идентификатору. + + + По умолчанию: 1 для min_id, 0 (без ограничений) для max_id + + + + + + enumerate (логическое значение) + + + Определяет, можно ли выполнить перечисление для домена, то есть может ли +домен вывести перечень всех содержащихся в нём пользователей и +групп. Обратите внимание, что перечисление не требуется включать для +просмотра вторичных групп. Этот параметр может иметь одно из следующих +значений: + + + TRUE = пользователи и группы перечисляются + + + FALSE = для этого домена не выполняется перечисление + + + По умолчанию: FALSE + + + Чтобы выполнить перечисление для домена, SSSD потребуется загрузить и +сохранить ВСЕ записи пользователей и групп с удалённого сервера. + + + Примечание: если включить перечисление, во время его выполнения +производительность SSSD умеренно снижается. Перечисление может занять до +нескольких минут после запуска SSSD. В это время отдельные запросы +информации отправляются непосредственно в LDAP, хотя это может выполняться +медленно из-за ресурсоёмкой обработки перечисления. Сохранение большого +количества записей в кэш после завершения перечисления также может давать +интенсивную вычислительную нагрузку на центральный процессор, так как данные +об участии в группах требуется вычислить заново. Это может привести к тому, +что процесс sssd_be перестанет отвечать или даже будет +перезапущен внутренним сторожевым таймером. + + + Когда выполняется первое перечисление, запросы полных списков пользователей +или групп могут не вернуть результатов до момента завершения перечисления. + + + Более того, включение перечисления может увеличить время, необходимое для +обнаружения отсутствия подключения к сети, так как для успешного выполнения +поисков перечисления требуются более длительные тайм-ауты. Дополнительные +сведения доступны на man-страницах конкретного используемого поставщика +идентификаторов (id_provider). + + + По вышеуказанным причинам не рекомендуется включать перечисление, особенно в +средах большого размера. + + + + + + subdomain_enumerate (строка) + + + Следует ли выполнять перечисление для каких-либо автоматически обнаруженных +доверенных доменов. Поддерживаемые значения: + + all + Выполнить перечисление для всех обнаруженных доверенных доменов + + + none + Не выполнять перечисление для обнаруженных доверенных доменов + + При необходимости можно указать список из +одного или нескольких имён доверенных доменов, чтобы включить перечисление +только для них. + + + По умолчанию: none + + + + + + entry_cache_timeout (целое число) + + + Количество секунд, в течение которого nss_sss следует считать записи +действительными, прежде чем снова обратиться к внутреннему серверу + + + Отметки времени устаревания записей кэша хранятся как атрибуты отдельных +объектов в кэше. Следовательно, изменение тайм-аута кэша повлияет только на +новые добавленные или устаревшие записи. Следует запустить инструмент + sss_cache +8 для принудительного обновления +записей, которые уже были кэшированы. + + + По умолчанию: 5400 + + + + + + entry_cache_user_timeout (целое число) + + + Количество секунд, в течение которого nss_sss следует считать записи +пользователей действительными, прежде чем снова обратиться к внутреннему +серверу + + + По умолчанию: entry_cache_timeout + + + + + + entry_cache_group_timeout (целое число) + + + Количество секунд, в течение которого nss_sss следует считать записи групп +действительными, прежде чем снова обратиться к внутреннему серверу + + + По умолчанию: entry_cache_timeout + + + + + + entry_cache_netgroup_timeout (целое число) + + + Количество секунд, в течение которого nss_sss следует считать записи сетевых +групп действительными, прежде чем снова обратиться к внутреннему серверу + + + По умолчанию: entry_cache_timeout + + + + + + entry_cache_service_timeout (целое число) + + + Количество секунд, в течение которого nss_sss следует считать записи служб +действительными, прежде чем снова обратиться к внутреннему серверу + + + По умолчанию: entry_cache_timeout + + + + + + entry_cache_resolver_timeout (целое число) + + + Количество секунд, в течение которого nss_sss следует считать записи узлов и +сетей действительными, прежде чем снова обратиться к внутреннему серверу + + + По умолчанию: entry_cache_timeout + + + + + + entry_cache_sudo_timeout (целое число) + + + Количество секунд, в течение которого sudo следует считать правила +действительными, прежде чем снова обратиться к внутреннему серверу + + + По умолчанию: entry_cache_timeout + + + + + + entry_cache_autofs_timeout (целое число) + + + Количество секунд, в течение которого службе autofs следует считать карты +автоматического монтирования действительными, прежде чем снова обратиться к +внутреннему серверу + + + По умолчанию: entry_cache_timeout + + + + + + entry_cache_ssh_host_timeout (целое число) + + + Количество секунд, в течение которого ключ SSH узла хранится после +обновления. Иными словами, параметр определяет длительность хранения ключа +узла в кэше. + + + По умолчанию: entry_cache_timeout + + + + + + entry_cache_computer_timeout (целое число) + + + Количество секунд, в течение которого следует хранить запись локального +компьютера, прежде чем снова обратиться к внутреннему серверу + + + По умолчанию: entry_cache_timeout + + + + + + refresh_expired_interval (целое число) + + + Указывает время ожидания SSSD (в секундах) перед активацией задания фонового +обновления всех устаревших или почти устаревших записей. + + + При фоновом обновлении обрабатываются содержащиеся в кэше записи +пользователей, групп и сетевых групп. Обновление как записи пользователя, +так и участия в группах выполняется для тех пользователей, для которых ранее +выполнялись действия по инициализации групп (получение данных об участии +пользователя в группах, обычно выполняется при запуске). + + + Этот параметр автоматически наследуется для всех доверенных доменов. + + + Рекомендуется установить это значение равным 3/4 * entry_cache_timeout. + + + Запись кэша будет обновлена фоновым заданием, если прошло 2/3 времени +ожидания устаревания кэша. Если в кэше уже есть записи, фоновое задание +будет использовать значения времени ожидания устаревания исходных записей, а +не текущее значение конфигурации. Может возникнуть ситуация, в которой будет +казаться, что фоновое задание по обновлению записей не работает. Это сделано +специально для усовершенствования работы в автономном режиме и повторного +использования имеющихся корректных записей в кэше. Чтобы мгновенно выполнить +изменение, пользователю следует вручную объявить недействительность +существующего кэша. + + + По умолчанию: 0 (отключено) + + + + + + cache_credentials (логическое значение) + + + Determines if user credentials are also cached in the local LDB cache. The +cached credentials refer to passwords, which includes the first (long term) +factor of two-factor authentication, not other authentication +mechanisms. Passkey and Smartcard authentications are expected to work +offline as long as a successful online authentication is recorded in the +cache without additional configuration. + + + Take a note that while credentials are stored as a salted SHA512 hash, this +still potentially poses some security risk in case an attacker manages to +get access to a cache file (normally requires privileged access) and to +break a password using brute force attack. + + + По умолчанию: FALSE + + + + + + cache_credentials_minimal_first_factor_length (целое число) + + + Если используется двухфакторная проверка подлинности (2FA) и следует +сохранить учётные данные, это значение определяет минимальную длину первого +фактора проверки подлинности (долговременного пароля), который должен быть +сохранён в формате контрольной суммы SHA512 в кэше. + + + Таким образом удаётся предотвратить ситуацию, когда короткие PIN-коды +основанной на PIN-кодах схемы 2FA хранятся в кэше и становятся лёгкой +мишенью для атак методом подбора. + + + По умолчанию: 8 + + + + + + account_cache_expiration (целое число) + + + Количество дней, в течение которого записи хранятся в кэше после последнего +успешного входа, прежде чем будут удалены при очистке кэша. Значение «0» +означает, что записи будут храниться вечно. Значение этого параметра должно +быть больше или равно значению offline_credentials_expiration. + + + По умолчанию: 0 (без ограничений) + + + + + pwd_expiration_warning (целое число) + + + Показать предупреждение за N дней до истечения срока действия пароля. + + + Если указан ноль, этот фильтр не применяется: если от внутреннего сервера +было получено предупреждение об истечении строка действия, оно будет +показано автоматически. + + + Обратите внимание, что внутренний сервер должен предоставить информацию о +времени истечения срока действия пароля. Если она отсутствует, sssd не +сможет показать предупреждение. Кроме того, для этого сервера следует +настроить поставщика данных проверки подлинности. + + + По умолчанию: 7 (Kerberos), 0 (LDAP) + + + + + + id_provider (строка) + + + Поставщик данных идентификации, который используется для +домена. Поддерживаемые поставщики ID: + + + proxy: поддержка устаревшего поставщика NSS. + + + files: поставщик данных ФАЙЛОВ. Дополнительные сведения о +зеркалировании локальных пользователей и групп в SSSD: +sssd-files 5 +. + + + ldap: поставщик данных LDAP. Дополнительные сведения о +настройке LDAP: sssd-ldap +5 . + + + ipa: FreeIPA and Red Hat Identity Management provider. See + sssd-ipa +5 for more information on configuring +FreeIPA. + + + ad: поставщик данных Active Directory. Дополнительные +сведения о настройке Active Directory: +sssd-ad 5 +. + + + + + + use_fully_qualified_names (логическое значение) + + + Использовать полные имя и домен (в формате, заданном full_name_format +домена) в качестве имени для входа пользователя, которое сообщается NSS. + + + Если задано значение «TRUE», во всех запросах к домену должны использоваться +полные имена. Например, если этот параметр используется в домене LOCAL, +содержащем пользователя «test», с помощью команды getent passwd +test его не удастся найти, а с помощью команды getent +passwd test@LOCAL получится это сделать. + + + ПРИМЕЧАНИЕ: этот параметр не влияет на поиск сетевых групп, так как они +зачастую включают вложенные сетевые группы без полных имён. Для сетевых +групп выполняется поиск во всех доменах, когда запрашивается неполное имя. + + + По умолчанию: FALSE (TRUE для доверенных доменов/поддоменов или в случае +использования default_domain_suffix) + + + + + ignore_group_members (логическое значение) + + + Не возвращать участников групп для поиска групп. + + + Если установлено значение «TRUE», атрибут участия в группах не запрашивается +с сервера LDAP, а списки участников групп не возвращаются при обработке +вызовов поиска групп, таких как +getgrnam 3 + или getgrgid +3 . Как следствие, getent group +$groupname вернёт запрошенную группу так, как будто она пуста. + + + Включение этого параметра также может значительно ускорить проверки участия +в группах у поставщика доступа (особенно для групп, содержащих большое +количество участников). + + + Этот параметр также может быть задан для каждого поддомена отдельно или +унаследован с помощью subdomain_inherit. + + + По умолчанию: FALSE + + + + + auth_provider (строка) + + + Поставщик данных для проверки подлинности, который используется для +домена. Поддерживаемые поставщики данных для проверки подлинности: + + + ldap — использовать собственную проверку подлинности +LDAP. Дополнительные сведения о настройке LDAP: +sssd-ldap 5 +. + + + krb5 — использовать проверку подлинности +Kerberos. Дополнительные сведения о настройке Kerberos: +sssd-krb5 5 +. + + + ipa: FreeIPA and Red Hat Identity Management provider. See + sssd-ipa +5 for more information on configuring +FreeIPA. + + + ad: поставщик данных Active Directory. Дополнительные +сведения о настройке Active Directory: +sssd-ad 5 +. + + + proxy — передать проверку подлинности какой-либо другой цели +PAM. + + + none — явно отключить проверку подлинности. + + + По умолчанию: использовать id_provider, если этот параметр +задан и поддерживает обработку запросов проверки подлинности. + + + + + access_provider (строка) + + + Поставщик управления доступом, который используется для домена. Существуют +два встроенных поставщика доступа (в дополнение к тем поставщикам, которые +включены в установленные внутренние серверы). Внутренние особые поставщики: + + + permit — всегда разрешать доступ. Это единственный поставщик +разрешённого доступа для локального домена. + + + deny — всегда отказывать в доступе. + + + ldap — использовать собственную проверку подлинности +LDAP. Дополнительные сведения о настройке LDAP: +sssd-ldap 5 +. + + + ipa: FreeIPA and Red Hat Identity Management provider. See + sssd-ipa +5 for more information on configuring +FreeIPA. + + + ad: поставщик данных Active Directory. Дополнительные +сведения о настройке Active Directory: +sssd-ad 5 +. + + + simple — управление доступом на основе разрешающего или +запрещающего списка. Дополнительные сведения о настройке модуля доступа +simple: sssd-simple +5. + + + krb5 — управление доступом на основе .k5login. Дополнительные +сведения о настройке Kerberos: +sssd-krb5 5 +. + + + proxy — передать управление доступом другому модулю PAM. + + + По умолчанию: permit + + + + + chpass_provider (строка) + + + Поставщик данных, который должен обрабатывать операции смены пароля для +домена. Поддерживаемые поставщики данных смены пароля: + + + ldap — сменить пароль, который хранится на сервере +LDAP. Дополнительные сведения о настройке LDAP: +sssd-ldap 5 +. + + + krb5 — сменить пароль Kerberos. Дополнительные сведения о +настройке Kerberos: sssd-krb5 +5 . + + + ipa: FreeIPA and Red Hat Identity Management provider. See + sssd-ipa +5 for more information on configuring +FreeIPA. + + + ad: поставщик данных Active Directory. Дополнительные +сведения о настройке Active Directory: +sssd-ad 5 +. + + + proxy — передать смену пароля какой-либо другой цели PAM. + + + none — явно запретить смену пароля. + + + По умолчанию: использовать auth_provider, если этот параметр +задан и поддерживает обработку запросов смены пароля. + + + + + + sudo_provider (строка) + + + Поставщик данных SUDO, который используется для домена. Поддерживаемые +поставщики данных SUDO: + + + ldap — для правил, которые хранятся в LDAP. Дополнительные +сведения о настройке LDAP: +sssd-ldap 5 +. + + + ipa — то же, что и ldap, но со стандартными +параметрами IPA. + + + ad — то же, что и ldap, но со стандартными +параметрами AD. + + + none — явно отключить SUDO. + + + По умолчанию: использовать значение id_provider, если этот +параметр задан. + + + Подробные инструкции по настройке sudo_provider доступны на справочной +странице sssd-sudo +5 . Предусмотрено много параметров, +которыми можно воспользоваться для настройки поведения программы. Подробное +описание доступно в разделах «ldap_sudo_*» +sssd-ldap 5 +. + + + ПРИМЕЧАНИЕ: загрузка правил sudo периодически +выполняется в фоновом режиме (при условии, что поставщик данных SUDO не был +явно отключён). Укажите sudo_provider = None для +отключения в SSSD всей связанной с sudo активности, если в SSSD вообще не +планируется использовать sudo. + + + + + selinux_provider (строка) + + + Поставщик данных, который должен обрабатывать загрузку параметров +SELinux. Обратите внимание, что этот поставщик будет вызываться сразу после +окончания работы поставщика доступа. Поддерживаемые поставщики данных +SELinux: + + + ipa — загрузить параметры SELinux с сервера +IPA. Дополнительные сведения о настройке IPA: +sssd-ipa 5 +. + + + none — явно отключает получение параметров SELinux. + + + По умолчанию: использовать id_provider, если этот параметр +задан и поддерживает обработку запросов загрузки параметров SELinux. + + + + + subdomains_provider (строка) + + + Поставщик данных, который должен обрабатывать получение данных +поддоменов. Это значение всегда должно совпадать со значением +id_provider. Поддерживаемые поставщики данных поддоменов: + + + ipa — загрузить список поддоменов с сервера +IPA. Дополнительные сведения о настройке IPA: +sssd-ipa 5 +. + + + ad — загрузить список поддоменов с сервера Active +Directory. Дополнительные сведения о настройке поставщика данных AD: + sssd-ad +5 . + + + none — явно отключает получение данных поддоменов. + + + По умолчанию: использовать значение id_provider, если этот +параметр задан. + + + + + session_provider (строка) + + + Поставщик данных, который настраивает задания, связанные с сеансами +пользователей, и управляет ими. В настоящее время предоставляется только +одно задание, связанное с сеансами пользователей: интеграция с Fleet +Commander (работает только c IPA). Поддерживаемые поставщики данных сеансов: + + + ipa — разрешить выполнение заданий, связанных с сеансами +пользователей. + + + none — не выполнять никакие задания, связанные с сеансами +пользователей. + + + По умолчанию: использовать id_provider, если этот параметр +задан и поддерживает выполнение заданий, связанных с сеансами. + + + ПРИМЕЧАНИЕ: чтобы эта возможность работала должным +образом, SSSD необходимо запускать от имени пользователя root, а не от имени +пользователя без привилегий. + + + + + + autofs_provider (строка) + + + Поставщик данных autofs, который используется для домена. Поддерживаемые +поставщики данных autofs: + + + ldap — загрузить карты, которые хранятся в +LDAP. Дополнительные сведения о настройке LDAP: +sssd-ldap 5 +. + + + ipa — загрузить карты, которые хранятся на сервере +IPA. Дополнительные сведения о настройке IPA: +sssd-ipa 5 +. + + + ad — загрузить карты, которые хранятся на сервере +AD. Дополнительные сведения о настройке поставщика данных AD: +sssd-ad 5 +. + + + none — явно отключить autofs. + + + По умолчанию: использовать значение id_provider, если этот +параметр задан. + + + + + + hostid_provider (строка) + + + Поставщик данных, который используется для получения данных идентификации +узла. Поддерживаемые поставщики hostid: + + + ipa — загрузить данные идентификации узла, которые хранятся +на сервере IPA. Дополнительные сведения о настройке IPA: +sssd-ipa 5 +. + + + none — явно отключить hostid. + + + По умолчанию: использовать значение id_provider, если этот +параметр задан. + + + + + + resolver_provider (строка) + + + Поставщик данных, который должен обрабатывать поиск узлов и +сетей. Поддерживаемые поставщики данных сопоставления: + + + proxy — перенаправлять поисковые запросы другой библиотеке +NSS. См. proxy_resolver_lib_name + + + ldap — получить записи узлов и сетей, которые хранятся в +LDAP. Дополнительные сведения о настройке LDAP: +sssd-ldap 5 +. + + + ad — получить записи узлов и сетей, которые хранятся на +сервере AD. Дополнительные сведения о настройке поставщика данных AD: + sssd-ad +5 . + + + none — явно отключает получение записей узлов и сетей. + + + По умолчанию: использовать значение id_provider, если этот +параметр задан. + + + + + + re_expression (строка) + + + Регулярное выражение для этого домена, которое описывает, как получить из +строки, содержащей имя пользователя и домен, эти компоненты. «domain» может +соответствовать либо имени домена в конфигурации SSSD, либо (в случае +поддоменов доверия IPA и доменов Active Directory) плоскому (NetBIOS) имени +домена. + + + Default: +^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>[^@]+))$ +which allows two different styles for user names: + + + username + + + username@domain.name + + + + + Default for the AD and IPA provider: +^(((?P<domain>[^\\]+)\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<name>[^@\\]+)))$ +which allows three different styles for user names: + + + username + + + username@domain.name + + + domain\username + + + Первые два стиля соответствуют общим стандартным стилям, а третий введён для +обеспечения простой интеграции пользователей из доменов Windows. + + + The default re_expression uses the @ character as a separator +between the name and the domain. As a result of this setting the default +does not accept the @ character in short names (as it is +allowed in Windows group names). If a user wishes to use short names with +@ they must create their own re_expression. + + + + + full_name_format (строка) + + + Совместимый с printf +3 формат, который описывает способ +создания полностью определённого имени из имени пользователя и имени домена. + + + Поддерживаются следующие расширения: + + %1$s + имя пользователя + + + %2$s + + + имя домена, указанное в файле конфигурации SSSD. + + + + + %3$s + + + плоское имя домена. Чаще всего используется для доменов Active Directory, +как непосредственно настроенных, так и обнаруженных с помощью отношений +доверия IPA. + + + + + + + По умолчанию: %1$s@%2$s. + + + + + + lookup_family_order (строка) + + + Предоставляет возможность выбрать предпочитаемое семейство адресов, которое +следует использовать при выполнении запросов DNS. + + + Поддерживаемые значения: + + + ipv4_first: попытаться найти адрес IPv4, в случае неудачи попытаться найти +адрес IPv6 + + + ipv4_only: пытаться разрешать имена узлов только в адреса IPv4. + + + ipv6_first: попытаться найти адрес IPv6, в случае неудачи попытаться найти +адрес IPv4 + + + ipv6_only: пытаться разрешать имена узлов только в адреса IPv6. + + + По умолчанию: ipv4_first + + + + + + dns_resolver_server_timeout (целое число) + + + Определяет количество времени (в миллисекундах), в течение которого SSSD +будет пытаться обменяться данными с сервером DNS перед переходом к +следующему. + + + Поставщик данных AD также будет использовать этот параметр для ограничения +времени проверки связи CLDAP. + + + Более подробные сведения о разрешении служб доступны в разделе +ОБРАБОТКА ОТКАЗА. + + + По умолчанию: 1000 + + + + + + dns_resolver_op_timeout (целое число) + + + Определяет количество времени (в секундах), в течение которого будет +ожидаться разрешение одного запроса DNS (например, разрешение имени узла или +записи SRV) перед попыткой перехода к следующему имени узла или поиску +следующего DNS. + + + Более подробные сведения о разрешении служб доступны в разделе +ОБРАБОТКА ОТКАЗА. + + + По умолчанию: 3 + + + + + + dns_resolver_timeout (целое число) + + + Определяет количество времени (в секундах), в течение которого будет +ожидаться ответ от внутренней службы отказоустойчивости, прежде служба будет +считаться недоступной. Если это время ожидания истекло, домен продолжит +работу в автономном режиме. + + + Более подробные сведения о разрешении служб доступны в разделе +ОБРАБОТКА ОТКАЗА. + + + По умолчанию: 6 + + + + + + dns_resolver_use_search_list (логическое значение) + + + Обычно сопоставитель DNS выполняет поиск в списке доменов, указанных в +директиве «search» в файле resolv.conf. Это может привести к задержкам в +средах с неправильно настроенным DNS. + + + Если в конфигурации SSSD используются полные доменные имена (или _srv_), +установка для этого параметра значения FALSE может предотвратить ненужные +запросы DNS в таких средах. + + + По умолчанию: TRUE + + + + + + dns_discovery_domain (строка) + + + Если на внутреннем сервере используется обнаружение служб, указывает +доменную часть запроса обнаружения служб DNS. + + + По умолчанию: использовать доменную часть имени узла компьютера + + + + + + override_gid (целое число) + + + Переопределить значение основного GID указанным значением. + + + + + + case_sensitive (строка) + + + Учитывать регистр символов в именах пользователей и групп. Возможные +значения: + + True + + + С учётом регистра. Это значение не является корректным для поставщика данных +AD. + + + + + False + + Без учёта регистра. + + + + Preserving + + + То же, что «False» (без учёта регистра), но не переводит в нижний регистр +имена в результатах операций NSS. Обратите внимание, что псевдонимы (а в +случае служб также и имена протоколов) всё равно будут переведены в нижний +регистр в выведенных данных. + + + Если требуется установить это значение для доверенного домена с поставщиком +данных IPA, необходимо установить его как на стороне клиента, так и для SSSD +на сервере. + + + + + + + Этот параметр также может быть задан для каждого поддомена отдельно или +унаследован с помощью subdomain_inherit. + + + По умолчанию: True (False для поставщика данных AD) + + + + + + subdomain_inherit (строка) + + + Позволяет указать список параметров конфигурации, которые должны +наследоваться поддоменом. Обратите внимание, что наследоваться могут не все +параметры. В настоящее время поддерживается наследование следующих +параметров: + + + ldap_search_timeout + + + ldap_network_timeout + + + ldap_opt_timeout + + + ldap_offline_timeout + + + ldap_enumeration_refresh_timeout + + + ldap_enumeration_refresh_offset + + + ldap_purge_cache_timeout + + + ldap_purge_cache_offset + + + ldap_krb5_keytab (будет использоваться значение krb5_keytab, если параметр +ldap_krb5_keytab не задан явно) + + + ldap_krb5_ticket_lifetime + + + ldap_enumeration_search_timeout + + + ldap_connection_expire_timeout + + + ldap_connection_expire_offset + + + ldap_connection_idle_timeout + + + ldap_use_tokengroups + + + ldap_user_principal + + + ignore_group_members + + + auto_private_groups + + + case_sensitive + + + Пример: +subdomain_inherit = ldap_purge_cache_timeout + + + + По умолчанию: none + + + Примечание: этот параметр работает только для поставщиков данных IPA и AD. + + + + + + subdomain_homedir (строка) + + + Использовать этот домашний каталог как значение по умолчанию для всех +поддоменов в пределах доверия AD IPA. Сведения о возможных значениях +доступны в описании параметра override_homedir. В +дополнение к этому, приведённое ниже расширение можно использовать только с +subdomain_homedir. + + %F + плоское (NetBIOS) имя поддомена. + + + + + Это значение может быть переопределено параметром +override_homedir. + + + По умолчанию: /home/%d/%u + + + + + realmd_tags (строка) + + + Различные метки, сохранённые службой настройки realmd для этого домена. + + + + + cached_auth_timeout (целое число) + + + Указывает время в секундах с момента последней успешной проверки подлинности +в сетевом режиме, в течение которого пользователь будет распознан с помощью +кэшированных учётных данных, когда SSSD находится в сетевом режиме. Если +учётные данные некорректны, SSSD будет использовать проверку подлинности в +сетевом режиме. + + + Значение этого параметра наследуется всеми доверенными доменами. В настоящее +время невозможно устанавливать для отдельных доверенных доменов другие +значения. + + + Специальное значение «0» подразумевает, что эта возможность отключена. + + + Обратите внимание: если cached_auth_timeout превышает +pam_id_timeout, то может быть вызван внутренний сервер для +обработки initgroups. + + + По умолчанию: 0 + + + + + local_auth_policy (string) + + + Local authentication methods policy. Some backends (i.e. LDAP, proxy +provider) only support a password based authentication, while others can +handle PKINIT based Smartcard authentication (AD, IPA), two-factor +authentication (IPA), or other methods against a central instance. By +default in such cases authentication is only performed with the methods +supported by the backend. + + + There are three possible values for this option: match, only, +enable. match is used to match offline and online states for +Kerberos methods. only ignores the online methods and only +offer the local ones. enable allows explicitly defining the methods for +local authentication. As an example, enable:passkey, only +enables passkey for local authentication. Multiple enable values should be +comma-separated, such as enable:passkey, enable:smartcard + + + Please note that if local Smartcard authentication is enabled and a +Smartcard is present, Smartcard authentication will be preferred over the +authentication methods supported by the backend. I.e. there will be a PIN +prompt instead of e.g. a password prompt. + + + The following configuration example allows local users to authenticate +locally using any enabled method (i.e. smartcard, passkey). +[domain/shadowutils] +id_provider = proxy +proxy_lib_name = files +auth_provider = none +local_auth_policy = only + + + + It is expected that the files provider ignores the +local_auth_policy option and supports Smartcard authentication by default. + + + Default: match + + + + + auto_private_groups (строка) + + + Этот параметр принимает одно из трёх допустимых значений: + + true + + + Без проверки условий создавать закрытую группу пользователя на основе номера +UID пользователя. Номер GID в этом случае игнорируется. + + + ПРИМЕЧАНИЕ: так как номер GID и закрытая группа пользователя зависят от +номера UID, при использовании этого параметра не предусмотрена поддержка +нескольких записей с одинаковым номером UID или GID. Иными словами, +включение этого параметра принудительно устанавливает уникальность записей в +пространстве идентификаторов. + + + + + false + + + Всегда использовать основной номер GID пользователя. Номер GID должен +ссылаться на объект группы в базе данных LDAP. + + + + + hybrid + + + Основная группа автоматически генерируется для записей пользователей, номера +UID и GID которых имеют одно и то же значение, и при этом номер GID не +соответствует реальному объекту группы в LDAP. Если значения совпадают, но +основной GID в записи пользователя также используется объектом группы, +основной GID этого пользователя разрешается в этот объект группы. + + + Если UID и GID пользователя отличаются, GID должен соответствовать записи +группы; в ином случае GID просто будет невозможно разрешить. + + + Эта возможность полезна для сред, где требуется прекратить поддерживать +отдельные объекты групп для закрытых групп пользователей, но в то же время +сохранить существующие закрытые группы пользователей. + + + + + + + В случае поддоменов, «False» является значением по умолчанию для поддоменов, +которые используют назначенные идентификаторы POSIX, а «True» — для +поддоменов, которые используют автоматическое сопоставление идентификаторов. + + + Значение auto_private_groups можно установить либо на уровне отдельных +поддоменов в подразделе, например: +[domain/forest.domain/sub.domain] +auto_private_groups = false +, либо на глобальном уровне для всех поддоменов в разделе основного +домена с помощью параметра subdomain_inherit: +[domain/forest.domain] +subdomain_inherit = auto_private_groups +auto_private_groups = false + + + + + + + + + Параметры, которые являются действительными для доменов прокси. + + + proxy_pam_target (строка) + + + Цель, которой пересылает данные прокси PAM. + + + Default: not set by default, you have to take an existing pam configuration +or create a new one and add the service name here. As an alternative you can +enable local authentication with the local_auth_policy option. + + + + + + proxy_lib_name (строка) + + + Имя библиотеки NSS, которую следует использовать в доменах прокси. Функции +NSS, поиск которых выполняется в библиотеке, имеют вид +_nss_$(libName)_$(function), например: _nss_files_getpwent. + + + + + + proxy_resolver_lib_name (строка) + + + Имя библиотеки NSS, которую следует использовать для поиска узлов и сетей в +доменах прокси. Функции NSS, поиск которых выполняется в библиотеке, имеют +вид _nss_$(libName)_$(function), например: _nss_dns_gethostbyname2_r. + + + + + + proxy_fast_alias (логическое значение) + + + Когда на поставщике данных прокси выполняется поиск пользователя или группы +по имени, выполнять второй поиск по идентификатору для перевода имени в +каноническую форму в случае, если запрашиваемое имя было псевдонимом. При +установке этого параметра в значение «true» SSSD будет выполнять поиск +идентификатора в кэше в целях ускорения предоставления результатов. + + + По умолчанию: false + + + + + + proxy_max_children (целое число) + + + Этот параметр задаёт количество предварительно ответвлённых дочерних +прокси. Он полезен в средах SSSD с высокой нагрузкой, в которых у sssd могут +закончиться доступные дочерние слоты, что может вызывать проблемы из-за +постановки запросов в очередь. + + + По умолчанию: 10 + + + + + + + + + Домены приложений + + SSSD, с его интерфейсом D-Bus (см. +sssd-ifp 5 +), обращается к программам как шлюз в каталог LDAP, где +хранятся данные пользователей и групп. Впрочем, в отличие от традиционного +формата работы SSSD, где все пользователи и группы имеют либо атрибуты +POSIX, либо атрибуты, производные от SID Windows, во многих случаях +пользователи и группы в сценарии поддержки приложений не имеют атрибутов +POSIX. Вместо установки раздела +[domain/NAME] администратор может +установить раздел +[application/NAME], который на +внутреннем уровне представляет собой домен с типом +application, который может наследовать параметры +традиционного домена SSSD. + + + Обратите внимание: домен приложений всё равно должен быть явно включён с +помощью параметра domains; это позволит корректно задать +порядок поиска для домена приложений и его родственного домена POSIX. + + + Параметры доменов приложений + + inherit_from (строка) + + + Домен типа POSIX SSSD, от которого домен приложений наследует все +параметры. Домен приложений также может добавить свои собственные параметры +к параметрам приложений для расширения или переопределения параметров +родственного домена. + + + По умолчанию: не задано + + + + + + В следующем примере показано использование домена приложений. В этой +конфигурации домен POSIX подключён к серверу LDAP и используется ОС с +помощью ответчика NSS. Кроме того, домен приложений также запрашивает +атрибут telephoneNumber, сохраняет его как атрибут phone в кэше и делает +атрибут phone доступным через интерфейс D-Bus. + + +[sssd] +domains = appdom, posixdom + +[ifp] +user_attributes = +phone + +[domain/posixdom] +id_provider = ldap +ldap_uri = ldap://ldap.example.com +ldap_search_base = dc=example,dc=com + +[application/appdom] +inherit_from = posixdom +ldap_user_extra_attrs = phone:telephoneNumber + + + + + + + РАЗДЕЛ ДОВЕРЕННЫХ ДОМЕНОВ + + Некоторые параметры, которые используются в разделе домена, также могут +использоваться в разделе доверенного домена, то есть разделе с именем +[domain/DOMAIN_NAME/TRUSTED_DOMAIN_NAME]. +DOMAIN_NAME — это фактический базовый домен, к которому выполнено +присоединение. Объяснение приводится в примерах ниже. В настоящее время для +раздела доверенного домена поддерживаются следующие параметры: + + ldap_search_base, + ldap_user_search_base, + ldap_group_search_base, + ldap_netgroup_search_base, + ldap_service_search_base, + ldap_sasl_mech, + ad_server, + ad_backup_server, + ad_site, + use_fully_qualified_names + pam_gssapi_services + pam_gssapi_check_upn + + Дополнительные сведения об этих параметрах доступны в их описаниях на +справочной странице. + + + + + РАЗДЕЛ СОПОСТАВЛЕНИЯ СЕРТИФИКАТОВ + + Чтобы сделать возможной проверку подлинности по смарт-картам и сертификатам, +SSSD необходима возможность сопоставления сертификатов пользователям. Это +можно сделать путём добавления полного сертификата к объекту LDAP +пользователя или к локальному переопределению. В то время как использование +полного сертификата необходимо для использования функции проверки +подлинности по смарт-картам SSH (см. +sss_ssh_authorizedkeys +8 ), это может быть затруднительно или +даже невозможно в общем случае, когда локальные службы используют PAM для +проверки подлинности. + + + Чтобы сделать сопоставление более гибким, в SSSD были добавлены правила +привязки и сопоставления (см. +sss-certmap 5 +). + + + Правило привязки и сопоставления можно добавить в конфигурацию SSSD как +отдельный раздел с именем наподобие +[certmap/DOMAIN_NAME/RULE_NAME]. +В этом разделе допустимы следующие параметры: + + + + matchrule (строка) + + + Будут обрабатываться только те сертификаты со смарт-карты, которые +соответствуют этому правилу. Все остальные будут игнорироваться. + + + По умолчанию: KRB5:<EKU>clientAuth, то есть только те сертификаты, в +которых Extended Key Usage (расширенное использование ключа) равно +clientAuth + + + + + maprule (строка) + + + Определяет способ поиска пользователя для указанного сертификата. + + + По умолчанию: + + + LDAP:(userCertificate;binary={cert!bin}) для поставщиков данных на основе +LDAP, таких как ldap, AD или +ipa. + + + RULE_NAME для поставщика данных files, который пытается найти +пользователя с таким же именем. + + + + + + + domains (строка) + + + Разделённый запятыми список имён доменов, к которым должно применяться +правило. По умолчанию правило действительно только в домене, настроенном в +sssd.conf. Если поставщик данных поддерживает поддомены, с помощью этого +параметра можно добавить правило также и в поддомены. + + + По умолчанию: настроенный домен в sssd.conf + + + + + priority (целое число) + + + Беззнаковое целое значение, которое определяет приоритет правила. Чем больше +число, тем ниже приоритет. 0 означает самый высокий +приоритет, а 4294967295 — самый низкий. + + + По умолчанию: самый низкий приоритет + + + + + + Чтобы упростить настройку и уменьшить количество её параметров, для +поставщика данных files предусмотрены некоторые особые +свойства: + + + + Если значение maprule не задано, именем совпадающего пользователя считается +RULE_NAME + + + + + Если используется maprule, необходимо заключать в скобки как отдельное имя +пользователя, так и шаблон наподобие +{subject_rfc822_name.short_name}. Например: +(username) или +({subject_rfc822_name.short_name}) + + + + + параметр domains игнорируется + + + + + + + + РАЗДЕЛ НАСТРОЙКИ ЗАПРОСОВ + + Если специальный файл +(/var/lib/sss/pubconf/pam_preauth_available) +существует, модуль PAM SSSD pam_sss отправит SSSD запрос, чтобы узнать, +какие способы проверки подлинности доступны для пользователя, который +пытается выполнить вход. В зависимости от полученного ответа pam_sss +запросит у пользователя соответствующие учётные данные. + + + Так как количество способов проверки подлинности растёт и есть вероятность, +что для одного пользователя их имеется несколько, эвристика, которая +используется pam_sss для выбора запроса, подходит не для всех +случаев. Следующие параметры обеспечивают более гибкую настройку. + + + Each supported authentication method has its own configuration subsection +under [prompting/...]. Currently there are: + + [prompting/password] + + допустимые параметры настройки запроса пароля: password_prompt + изменить строку запроса пароля + + + + + + [prompting/2fa] + + допустимые параметры настройки запроса двухфакторной проверки подлинности: +first_prompt + изменить строку запроса первого фактора + + second_prompt + изменить строку запроса второго фактора + + single_prompt + логическое значение, если «True», будет выполнен только один запрос с +использованием значения first_prompt. Ожидается, что оба фактора будет +введены как одна строка. Обратите внимание, что здесь необходимо ввести оба +фактора, даже если второй фактор является необязательным. + + Если второй фактор является +необязательным и должно быть возможно выполнить вход, указав либо только +пароль, либо оба фактора, следует использовать двухэтапный запрос. + + + + + + + [prompting/passkey] + + to configure passkey authentication prompting, allowed options are: + + + interactive + + boolean value, if True prompt a message and wait before testing the presence +of a passkey device. Recommended if your device doesn’t have a tactile +trigger. + + + + + interactive_prompt + + to change the message of the interactive prompt. + + + + + touch + + boolean value, if True prompt a message to remind the user to touch the +device. + + + + + touch_prompt + + to change the message of the touch prompt. + + + + + + + + + + + Возможно добавить подраздел для определённых служб PAM, например +[prompting/password/sshd]; это позволяет изменить запрос +конкретно для этой службы. + + + + + ПРИМЕРЫ + + 1. В следующем примере показана типичная конфигурация SSSD. Описание +конфигурации самих доменов не приводится — оно доступно в соответствующей +документации. +[sssd] +domains = LDAP +services = nss, pam +config_file_version = 2 + +[nss] +filter_groups = root +filter_users = root + +[pam] + +[domain/LDAP] +id_provider = ldap +ldap_uri = ldap://ldap.example.com +ldap_search_base = dc=example,dc=com + +auth_provider = krb5 +krb5_server = kerberos.example.com +krb5_realm = EXAMPLE.COM +cache_credentials = true + +min_id = 10000 +max_id = 20000 +enumerate = False + + + + 2. В следующем примере показана конфигурация доверия AD IPA, где лес AD +состоит из двух доменов структуры «родитель — потомок». Предположим, что +домен IPA (ipa.com) имеет отношения доверия с доменом AD (ad.com). У ad.com +есть дочерний домен (child.ad.com). Чтобы включить краткие имена в дочернем +домене, следует использовать следующую конфигурацию. +[domain/ipa.com/child.ad.com] +use_fully_qualified_names = false + + + + 3. The following example shows the configuration of a certificate mapping +rule. It is valid for the configured domain my.domain and +additionally for the subdomains your.domain and uses the full +certificate in the search filter. +[certmap/my.domain/rule_name] +matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$ +maprule = (userCertificate;binary={cert!bin}) +domains = my.domain, your.domain +priority = 10 + + + + + + + + diff --git a/src/man/ru/sssd_krb5_localauth_plugin.8.xml b/src/man/ru/sssd_krb5_localauth_plugin.8.xml new file mode 100644 index 0000000..b119beb --- /dev/null +++ b/src/man/ru/sssd_krb5_localauth_plugin.8.xml @@ -0,0 +1,68 @@ + + + +Справка по SSSD + + + + + sssd_krb5_localauth_plugin + 8 + + + + sssd_krb5_localauth_plugin + Модуль локальной авторизации Kerberos + + + + ОПИСАНИЕ + + Подключаемый модуль локальной авторизации Kerberos +sssd_krb5_localauth_plugin используется libkrb5 либо для +поиска локального имени для данного принципала Kerberos, либо для проверки +того, связаны ли данное локальное имя и данный принципал Kerberos друг с +другом. + + + SSSD обрабатывает локальные имена пользователей из удаленного источника, а +также может считывать имя пользователя (UPN) Kerberos из удаленного +источника. С помощью этой информации SSSD может легко обрабатывать +сопоставления, упомянутые выше, даже если локальное имя и принципал Kerberos +значительно различаются. + + + Кроме того, благодаря информации, считанной с удаленного источника, SSSD +может предотвратить неожиданные или нежелательные привязки в случае, если +пользовательская часть принципала Kerberos случайно совпадает с локальным +именем другого пользователя. По умолчанию libkrb5 может просто удалить из +регистрационной записи Kerberos часть, связанную с областью действия, для +получения локального имени, что в этом случае может привести к ошибочным +привязкам. + + + + + КОНФИГУРАЦИЯ + + Подключаемый модуль локальной авторизации Kerberos должен быть явно включен +в конфигурации Kerberos, см. +krb5.conf 5 +. SSSD автоматически создаст фрагмент конфигурации, +например, с таким содержимым: +[plugins] + localauth = { + module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so + } + в +общедоступном каталоге фрагментов конфигурации SSSD Kerberos. Если этот +каталог включен в локальную конфигурацию Kerberos, подключаемый модуль будет +включен автоматически. + + + + + + + diff --git a/src/man/ru/sssd_krb5_locator_plugin.8.xml b/src/man/ru/sssd_krb5_locator_plugin.8.xml new file mode 100644 index 0000000..95daa59 --- /dev/null +++ b/src/man/ru/sssd_krb5_locator_plugin.8.xml @@ -0,0 +1,106 @@ + + + +Справка по SSSD + + + + + sssd_krb5_locator_plugin + 8 + + + + sssd_krb5_locator_plugin + Модуль локатора Kerberos + + + + ОПИСАНИЕ + + Модуль локатора Kerberos sssd_krb5_locator_plugin +используется libkrb5 для поиска KDC для указанной области Kerberos. SSSD +предоставляет этот модуль для направления всех клиентов Kerberos в системе в +один KDC. В целом, не имеет значения, с каким KDC обменивается данными +клиентский процесс. Но в некоторых случаях (например, после смены пароля) не +все KDC находятся в одинаковом состоянии, поскольку для этого сначала +необходимо выполнить репликацию новых данных. Чтобы избежать неожиданных +сбоев проверки подлинности и, возможно, даже блокировки учётных записей, +следует как можно дольше выполнять обмен данными с одним KDC. + + + libkrb5 выполнит поиск модуля локатора в подкаталоге libkrb5 каталога +модулей Kerberos (см. plugin_base_dir в +krb5.conf 5 +). Модуль можно отключить, только удалив соответствующий файл +модуля. В конфигурации Kerberos не предусмотрен параметр для его +отключения. Но для отдельных команд модуль можно отключить с помощью +переменной среды SSSD_KRB5_LOCATOR_DISABLE. Либо можно использовать параметр +SSSD krb5_use_kdcinfo=False, чтобы не создавать данные, которые требуются +для работы модуля. В этом случае модуль по-прежнему будет вызываться, но не +предоставит данные вызывающей стороне, поэтому libkrb5 перейдёт к +использованию других методов, определённых в krb5.conf. + + + Модуль выполняет чтение информации о KDC указанной области из файла +kdcinfo.REALM. Этот файл должен содержать одно или +несколько DNS-имён или IP-адресов (либо в десятичной записи IPv4, либо в +шестнадцатеричной записи IPv6). В конце можно (необязательно) добавить номер +порта, отделив его двоеточием; в этом случае адрес IPv6 необходимо, как и +обычно, заключить в квадратные скобки. Корректные записи: + + kdc.example.com + kdc.example.com:321 + 1.2.3.4 + 5.6.7.8:99 + 2001:db8:85a3::8a2e:370:7334 + [2001:db8:85a3::8a2e:370:7334]:321 + + Поставщик данных проверки подлинности krb5 SSSD, который также используется +поставщиками данных IPA и AD, добавляет в этот файл адрес текущего KDC или +контроллера домена, который используется SSSD. + + + В средах с доступными только для чтения и доступными для чтения и записи +KDC, где, как ожидается, клиенты будут использовать для общих операций +экземпляры, доступные только для чтения, а для изменений конфигурации, таких +как смена пароля, — только KDC, доступные для чтения и записи, также +используется файл kpasswdinfo.REALM для идентификации +доступных для чтения и записи KDC. Если этот файл существует для указанной +области, его содержимое будет использовано модулем для ответа на запросы по +серверу kpasswd или kadmin или определённому основному KDC MIT +Kerberos. Если адрес содержит номер порта, для последнего будет +использоваться стандартный порт KDC 88. + + + + + ПРИМЕЧАНИЯ + + Не все реализации Kerberos поддерживают использование модулей. Если в +системе нет sssd_krb5_locator_plugin, необходимо +отредактировать файл /etc/krb5.conf в соответствии с используемой версией +Kerberos. + + + Если переменная среды SSSD_KRB5_LOCATOR_DEBUG установлена в какое-либо +значение, сообщения отладки будут отправляться в stderr. + + + Если переменная среды SSSD_KRB5_LOCATOR_DISABLE установлена в какое-либо +значение, модуль отключён и просто вернёт вызывающей стороне +KRB5_PLUGIN_NO_HANDLE. + + + Если переменная среды SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES установлена в +какое-либо значение, модуль будет пытаться разрешить все DNS-имена в файле +kdcinfo. По умолчанию модуль возвращает вызывающей стороне +KRB5_PLUGIN_NO_HANDLE сразу после первой неудачи при разрешении DNS. + + + + + + + diff --git a/src/man/sss-certmap.5.xml b/src/man/sss-certmap.5.xml new file mode 100644 index 0000000..06fff4d --- /dev/null +++ b/src/man/sss-certmap.5.xml @@ -0,0 +1,789 @@ + + + +SSSD Manual pages + + + + + sss-certmap + 5 + File Formats and Conventions + + + + sss-certmap + SSSD Certificate Matching and Mapping Rules + + + + DESCRIPTION + + The manual page describes the rules which can be used by SSSD and + other components to match X.509 certificates and map them to + accounts. + + + Each rule has four components, a priority, a + matching rule, a mapping rule and a + domain list. All components are optional. A missing + priority will add the rule with the lowest priority. + The default matching rule will match certificates with + the digitalSignature key usage and clientAuth extended key usage. If + the mapping rule is empty the certificates will be + searched in the userCertificate attribute as DER encoded binary. If + no domains are given only the local domain will be searched. + + + To allow extensions or completely different style of rule the + mapping and matching rules can + contain a prefix separated with a ':' from the main part of the + rule. The prefix may only contain upper-case ASCII letters and + numbers. If the prefix is omitted the default type will be used + which is 'KRB5' for the matching rules and 'LDAP' for the mapping + rules. + + + The 'sssctl' utility provides the 'cert-eval-rule' command to check + if a given certificate matches a matching rules and how the output + of a mapping rule would look like. + + + + + RULE COMPONENTS + + PRIORITY + + The rules are processed by priority while the number '0' (zero) + indicates the highest priority. The higher the number the lower is + the priority. A missing value indicates the lowest priority. The + rules processing is stopped when a matched rule is found and no + further rules are checked. + + + Internally the priority is treated as unsigned 32bit integer, using + a priority value larger than 4294967295 will cause an error. + + + If multiple rules have the same priority and only one of the related + matching rules applies, this rule will be chosen. If there are + multiple rules with the same priority which matches, one is chosen + but which one is undefined. To avoid this undefined behavior either + use different priorities or make the matching rules more specific + e.g. by using distinct <ISSUER> patterns. + + + + MATCHING RULE + + The matching rule is used to select a certificate to which the + mapping rule should be applied. It uses a system similar to the one + used by pkinit_cert_match option of MIT Kerberos. It + consists of a keyword enclosed by '<' and '>' which identified + a certain part of the certificate and a pattern which should be + found for the rule to match. Multiple keyword pattern pairs can be + either joined with '&&' (and) or '||' (or). + + + Given the similarity to MIT Kerberos the type prefix for this rule + is 'KRB5'. But 'KRB5' will also be the default for matching + rules so that "<SUBJECT>.*,DC=MY,DC=DOMAIN" and + "KRB5:<SUBJECT>.*,DC=MY,DC=DOMAIN" are equivalent. + + + The available options are: + + + <SUBJECT>regular-expression + + + With this a part or the whole subject name of the + certificate can be matched. For the matching POSIX + Extended Regular Expression syntax is used, see regex(7) + for details. + + + For the matching the subject name stored in the + certificate in DER encoded ASN.1 is converted into a + string according to RFC 4514. This means the most + specific name component comes first. Please note that + not all possible attribute names are covered by RFC + 4514. The names included are 'CN', 'L', 'ST', 'O', + 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute + names might be shown differently on different platform + and by different tools. To avoid confusion those + attribute names are best not used or covered by a + suitable regular-expression. + + + Example: <SUBJECT>.*,DC=MY,DC=DOMAIN + + + Please note that the characters "^.[$()|*+?{\" have a + special meaning in regular expressions and must be + escaped with the help of the '\' character so that they + are matched as ordinary characters. + + + Example: <SUBJECT>^CN=.* \(Admin\),DC=MY,DC=DOMAIN$ + + + + + <ISSUER>regular-expression + + + With this a part or the whole issuer name of the + certificate can be matched. All comments for + <SUBJECT> apply her as well. + + + Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$ + + + + + <KU>key-usage + + + This option can be used to specify which key usage + values the certificate should have. The following values + can be used in a comma separated list: + + digitalSignature + nonRepudiation + keyEncipherment + dataEncipherment + keyAgreement + keyCertSign + cRLSign + encipherOnly + decipherOnly + + + + A numerical value in the range of a 32bit unsigned + integer can be used as well to cover special use cases. + + + Example: <KU>digitalSignature,keyEncipherment + + + + + <EKU>extended-key-usage + + + This option can be used to specify which extended key + usage the certificate should have. The following value + can be used in a comma separated list: + + serverAuth + clientAuth + codeSigning + emailProtection + timeStamping + OCSPSigning + KPClientAuth + pkinit + msScLogin + + + + Extended key usages which are not listed above can be + specified with their OID in dotted-decimal notation. + + + Example: <EKU>clientAuth,1.3.6.1.5.2.3.4 + + + + + <SAN>regular-expression + + + To be compatible with the usage of MIT Kerberos this + option will match the Kerberos principals in the PKINIT + or AD NT Principal SAN as <SAN:Principal> does. + + + Example: <SAN>.*@MY\.REALM + + + + + <SAN:Principal>regular-expression + + + Match the Kerberos principals in the PKINIT or AD NT + Principal SAN. + + + Example: <SAN:Principal>.*@MY\.REALM + + + + + <SAN:ntPrincipalName>regular-expression + + + Match the Kerberos principals from the AD NT Principal + SAN. + + + Example: <SAN:ntPrincipalName>.*@MY.AD.REALM + + + + + <SAN:pkinit>regular-expression + + + Match the Kerberos principals from the PKINIT SAN. + + + Example: <SAN:ntPrincipalName>.*@MY\.PKINIT\.REALM + + + + + <SAN:dotted-decimal-oid>regular-expression + + + Take the value of the otherName SAN component given by + the OID in dotted-decimal notation, interpret it as + string and try to match it against the regular + expression. + + + Example: <SAN:1.2.3.4>test + + + + + <SAN:otherName>base64-string + + + Do a binary match with the base64 encoded blob against + all otherName SAN components. With this option it is + possible to match against custom otherName components + with special encodings which could not be treated as + strings. + + + Example: <SAN:otherName>MTIz + + + + + <SAN:rfc822Name>regular-expression + + + Match the value of the rfc822Name SAN. + + + Example: <SAN:rfc822Name>.*@email\.domain + + + + + <SAN:dNSName>regular-expression + + + Match the value of the dNSName SAN. + + + Example: <SAN:dNSName>.*\.my\.dns\.domain + + + + + <SAN:x400Address>base64-string + + + Binary match the value of the x400Address SAN. + + + Example: <SAN:x400Address>MTIz + + + + + <SAN:directoryName>regular-expression + + + Match the value of the directoryName SAN. The same + comments as given for <ISSUER> and <SUBJECT> + apply here as well. + + + Example: <SAN:directoryName>.*,DC=com + + + + + <SAN:ediPartyName>base64-string + + + Binary match the value of the ediPartyName SAN. + + + Example: <SAN:ediPartyName>MTIz + + + + + <SAN:uniformResourceIdentifier>regular-expression + + + Match the value of the uniformResourceIdentifier SAN. + + + Example: <SAN:uniformResourceIdentifier>URN:.* + + + + + <SAN:iPAddress>regular-expression + + + Match the value of the iPAddress SAN. + + + Example: <SAN:iPAddress>192\.168\..* + + + + + <SAN:registeredID>regular-expression + + + Match the value of the registeredID SAN as + dotted-decimal string. + + + Example: <SAN:registeredID>1\.2\.3\..* + + + + + + + + MAPPING RULE + + The mapping rule is used to associate a certificate with one or more + accounts. A Smartcard with the certificate and the matching private + key can then be used to authenticate as one of those accounts. + + + Currently SSSD basically only supports LDAP to lookup user + information (the exception is the proxy provider which is not of + relevance here). Because of this the mapping rule is based on LDAP + search filter syntax with templates to add certificate content to + the filter. It is expected that the filter will only contain the + specific data needed for the mapping and that the caller will embed + it in another filter to do the actual search. Because of this the + filter string should start and stop with '(' and ')' respectively. + + + In general it is recommended to use attributes from the certificate + and add them to special attributes to the LDAP user object. E.g. the + 'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' + attribute for IPA can be used. + + + This should be preferred to read user specific data from the + certificate like e.g. an email address and search for it in the LDAP + server. The reason is that the user specific data in LDAP might + change for various reasons would break the mapping. On the + other hand it would be hard to break the mapping on purpose for a + specific user. + + + The default mapping rule type is 'LDAP' which can be + added as a prefix to a rule like e.g. + 'LDAP:(userCertificate;binary={cert!bin})'. There is an extension + called 'LDAPU1' which offer more templates for more flexibility. To + allow older versions of this library to ignore the extension the + prefix 'LDAPU1' must be used when using the new templates in a + mapping rule otherwise the old version of this + library will fail with a parsing error. The new templates are + described in section . + + + The templates to add certificate data to the search filter are based + on Python-style formatting strings. They consist of a keyword in + curly braces with an optional sub-component specifier separated by a + '.' or an optional conversion/formatting option separated by a '!'. + Allowed values are: + + + {issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]} + + + This template will add the full issuer DN converted to a + string according to RFC 4514. If X.500 ordering (most + specific RDN comes last) an option with the '_x500' + prefix should be used. + + + The conversion options starting with 'ad_' will use + attribute names as used by AD, e.g. 'S' instead of 'ST'. + + + The conversion options starting with 'nss_' will use + attribute names as used by NSS. + + + The default conversion option is 'nss', i.e. attribute + names according to NSS and LDAP/RFC 4514 ordering. + + + Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!ad}) + + + + + {subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]} + + + This template will add the full subject DN converted to + string according to RFC 4514. If X.500 ordering (most + specific RDN comes last) an option with the '_x500' + prefix should be used. + + + The conversion options starting with 'ad_' will use + attribute names as used by AD, e.g. 'S' instead of 'ST'. + + + The conversion options starting with 'nss_' will use + attribute names as used by NSS. + + + The default conversion option is 'nss', i.e. attribute + names according to NSS and LDAP/RFC 4514 ordering. + + + Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>{subject_dn!nss_x500}) + + + + + {cert[!(bin|base64)]} + + + This template will add the whole DER encoded certificate + as a string to the search filter. Depending on the + conversion option the binary certificate is either + converted to an escaped hex sequence '\xx' or base64. + The escaped hex sequence is the default and can e.g. be + used with the LDAP attribute 'userCertificate;binary'. + + + Example: (userCertificate;binary={cert!bin}) + + + + + {subject_principal[.short_name]} + + + This template will add the Kerberos principal which is + taken either from the SAN used by pkinit or the one used + by AD. The 'short_name' component represents the first + part of the principal before the '@' sign. + + + Example: (|(userPrincipal={subject_principal})(samAccountName={subject_principal.short_name})) + + + + + {subject_pkinit_principal[.short_name]} + + + This template will add the Kerberos principal which is + given by the SAN used by pkinit. The 'short_name' + component represents the first part of the principal + before the '@' sign. + + + Example: (|(userPrincipal={subject_pkinit_principal})(uid={subject_pkinit_principal.short_name})) + + + + + {subject_nt_principal[.short_name]} + + + This template will add the Kerberos principal which is + given by the SAN used by AD. The 'short_name' component + represent the first part of the principal before the '@' + sign. + + + Example: (|(userPrincipalName={subject_nt_principal})(samAccountName={subject_nt_principal.short_name})) + + + + + {subject_rfc822_name[.short_name]} + + + This template will add the string which is stored in the + rfc822Name component of the SAN, typically an email + address. The 'short_name' component represents the first + part of the address before the '@' sign. + + + Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name.short_name})) + + + + + {subject_dns_name[.short_name]} + + + This template will add the string which is stored in the + dNSName component of the SAN, typically a fully-qualified host name. + The 'short_name' component represents the first + part of the name before the first '.' sign. + + + Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name})) + + + + + {subject_uri} + + + This template will add the string which is stored in the + uniformResourceIdentifier component of the SAN. + + + Example: (uri={subject_uri}) + + + + + {subject_ip_address} + + + This template will add the string which is stored in the + iPAddress component of the SAN. + + + Example: (ip={subject_ip_address}) + + + + + {subject_x400_address} + + + This template will add the value which is stored in the + x400Address component of the SAN as escaped hex + sequence. + + + Example: (attr:binary={subject_x400_address}) + + + + + {subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]} + + + This template will add the DN string of the value which + is stored in the directoryName component of the SAN. + + + Example: (orig_dn={subject_directory_name}) + + + + + {subject_ediparty_name} + + + This template will add the value which is stored in the + ediPartyName component of the SAN as escaped hex + sequence. + + + Example: (attr:binary={subject_ediparty_name}) + + + + + {subject_registered_id} + + + This template will add the OID which is stored in the + registeredID component of the SAN as a dotted-decimal + string. + + + Example: (oid={subject_registered_id}) + + + + + + + LDAPU1 extension + + The following template are available when using the 'LDAPU1' + extension: + + + + + {serial_number[!(dec|hex[_ucr])]} + + + This template will add the serial number of the + certificate. By default it will be printed as a + hexadecimal number with lower-case letters. + + + With the formatting option '!dec' the number will be + printed as decimal string. The hexadecimal output can + be printed with upper-case letters ('!hex_u'), with a + colon separating the hexadecimal bytes ('!hex_c') or + with the hexadecimal bytes in reverse order ('!hex_r'). + The postfix letters can be combined so that e.g. + '!hex_uc' will produce a colon-separated hexadecimal + string with upper-case letters. + + + Example: LDAPU1:(serial={serial_number}) + + + + + + {subject_key_id[!hex[_ucr]]} + + + This template will add the subject key id of the + certificate. By default it will be printed as a + hexadecimal number with lower-case letters. + + + The hexadecimal output can + be printed with upper-case letters ('!hex_u'), with a + colon separating the hexadecimal bytes ('!hex_c') or + with the hexadecimal bytes in reverse order ('!hex_r'). + The postfix letters can be combined so that e.g. + '!hex_uc' will produce a colon-separated hexadecimal + string with upper-case letters. + + + Example: LDAPU1:(ski={subject_key_id}) + + + + + + {cert[!DIGEST[_ucr]]} + + + This template will add the hexadecimal digest/hash of + the certificate where DIGEST must be replaced with the + name of a digest/hash function supported by OpenSSL, + e.g. 'sha512'. + + + The hexadecimal output can + be printed with upper-case letters ('!sha512_u'), with a + colon separating the hexadecimal bytes ('!sha512_c') or + with the hexadecimal bytes in reverse order + ('!sha512_r'). The postfix letters can be combined so + that e.g. '!sha512_uc' will produce a colon-separated + hexadecimal string with upper-case letters. + + + Example: LDAPU1:(dgst={cert!sha256}) + + + + + + {subject_dn_component[(.attr_name|[number]]} + + + This template will add an attribute value of a component + of the subject DN, by default the value of the most + specific component. + + + A different component can it either selected by + attribute name, e.g. {subject_dn_component.uid} or by + position, e.g. {subject_dn_component.[2]} where + positive numbers start counting from the most specific + component and negative numbers start counting from the + least specific component. Attribute name and the + position can be combined as e.g. + {subject_dn_component.uid[2]} which means that the name + of the second component must be 'uid'. + + + Example: LDAPU1:(uid={subject_dn_component.uid}) + + + + + + {issuer_dn_component[(.attr_name|[number]]} + + + This template will add an attribute value of a component + of the issuer DN, by default the value of the most + specific component. + + + See 'subject_dn_component' for details about the + attribute name and position specifiers. + + + Example: LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component.dc[-1]}) + + + + + {sid[.rid]} + + + This template will add the SID if the corresponding + extension introduced by Microsoft with the OID + 1.3.6.1.4.1.311.25.2 is available. With the '.rid' + selector only the last component, i.e. the RID, will be + added. + + + Example: LDAPU1:(objectsid={sid}) + + + + + + + + + DOMAIN LIST + + If the domain list is not empty users mapped to a given certificate + are not only searched in the local domain but in the listed domains + as well as long as they are know by SSSD. Domains not know to SSSD + will be ignored. + + + + + diff --git a/src/man/sss_cache.8.xml b/src/man/sss_cache.8.xml new file mode 100644 index 0000000..9613ed8 --- /dev/null +++ b/src/man/sss_cache.8.xml @@ -0,0 +1,265 @@ + + + +SSSD Manual pages + + + + + sss_cache + 8 + + + + sss_cache + perform cache cleanup + + + + + sss_cache + + options + + + + + + DESCRIPTION + + sss_cache invalidates records in SSSD cache. + Invalidated records are forced to be reloaded from server as soon + as related SSSD backend is online. Options that invalidate a single + object only accept a single provided argument. + + + + + OPTIONS + + + + , + + + + Invalidate all cached entries. + + + + + + , + login + + + + Invalidate specific user. + + + + + + , + + + + Invalidate all user records. This option overrides + invalidation of specific user if it was also set. + + + + + + , + group + + + + Invalidate specific group. + + + + + + , + + + + Invalidate all group records. This option overrides + invalidation of specific group if it was also set. + + + + + + , + netgroup + + + + Invalidate specific netgroup. + + + + + + , + + + + Invalidate all netgroup records. This option overrides + invalidation of specific netgroup if it was also set. + + + + + + , + service + + + + Invalidate specific service. + + + + + + , + + + + Invalidate all service records. This option overrides + invalidation of specific service if it was also set. + + + + + + , + autofs-map + + + + Invalidate specific autofs maps. + + + + + + , + + + + Invalidate all autofs maps. This option overrides + invalidation of specific map if it was also set. + + + + + + , + hostname + + + + Invalidate SSH public keys of a specific host. + + + + + + , + + + + Invalidate SSH public keys of all hosts. This option + overrides invalidation of SSH public keys of specific + host if it was also set. + + + + + + , + rule + + + + Invalidate particular sudo rule. + + + + + + , + + + + Invalidate all cached sudo rules. This option + overrides invalidation of specific sudo rule + if it was also set. + + + + + + , + domain + + + + Restrict invalidation process only to a particular + domain. + + + + + + + + + EFFECTS ON THE FAST MEMORY CACHE + + sss_cache also invalidates the memory cache. + Since the memory cache is a file which is mapped into the memory of + each process which called SSSD to resolve users or groups the file + cannot be truncated. A special flag is set in the header of the file + to indicate that the content is invalid and then the file is + unlinked by SSSD's NSS responder and a new cache file is created. + Whenever a process is now doing a new lookup for a user or a group + it will see the flag, close the old memory cache file and map the + new one into its memory. When all processes which had opened the old + memory cache file have closed it while looking up a user or a group + the kernel can release the occupied disk space and the old memory + cache file is finally removed completely. + + + A special case is long running processes which are doing user or + group lookups only at startup, e.g. to determine the name of the + user the process is running as. For those lookups the memory cache + file is mapped into the memory of the process. But since there will + be no further lookups this process would never detect if the memory + cache file was invalidated and hence it will be kept in memory and + will occupy disk space until the process stops. As a result calling + sss_cache might increase the disk usage because + old memory cache files cannot be removed from the disk because they + are still mapped by long running processes. + + + A possible work-around for long running processes which are looking + up users and groups only at startup or very rarely is to run them + with the environment variable SSS_NSS_USE_MEMCACHE set to "NO" so + that they won't use the memory cache at all and not map the memory + cache file into the memory. In general a better solution is to tune + the cache timeout parameters so that they meet the local + expectations and calling sss_cache is not needed. + + + + + + + diff --git a/src/man/sss_debuglevel.8.xml b/src/man/sss_debuglevel.8.xml new file mode 100644 index 0000000..0538dc5 --- /dev/null +++ b/src/man/sss_debuglevel.8.xml @@ -0,0 +1,41 @@ + + + +SSSD Manual pages + + + + + sss_debuglevel + 8 + + + + sss_debuglevel + [DEPRECATED] change debug level while SSSD is running + + + + + sss_debuglevel + + options + + NEW_DEBUG_LEVEL + + + + + DESCRIPTION + + sss_debuglevel is deprecated and replaced + by the sssctl debug-level command. Please refer to the + sssctl man page for more information on sssctl usage. + + + + + + + diff --git a/src/man/sss_obfuscate.8.xml b/src/man/sss_obfuscate.8.xml new file mode 100644 index 0000000..eeea5fa --- /dev/null +++ b/src/man/sss_obfuscate.8.xml @@ -0,0 +1,105 @@ + + + +SSSD Manual pages + + + + + sss_obfuscate + 8 + + + + sss_obfuscate + obfuscate a clear text password + + + + + sss_obfuscate + + options + + [PASSWORD] + + + + + DESCRIPTION + + sss_obfuscate converts a given password into + human-unreadable format and places it into appropriate domain + section of the SSSD config file. + + + The cleartext password is read from standard input or entered interactively. + The obfuscated password is put into ldap_default_authtok + parameter of a given SSSD domain and the + ldap_default_authtok_type parameter is set to + obfuscated_password. Refer to + + sssd-ldap + 5 + + for more details on these parameters. + + + Please note that obfuscating the password provides no + real security benefit as it is still possible for an + attacker to reverse-engineer the password back. Using better + authentication mechanisms such as client side certificates or GSSAPI + is strongly advised. + + + + + OPTIONS + + + + + , + + + + The password to obfuscate will be read from standard + input. + + + + + + , + DOMAIN + + + + The SSSD domain to use the password in. The + default name is default. + + + + + + , + FILE + + + + Read the config file specified by the positional + parameter. + + + Default: /etc/sssd/sssd.conf + + + + + + + + + + diff --git a/src/man/sss_override.8.xml b/src/man/sss_override.8.xml new file mode 100644 index 0000000..22ff68d --- /dev/null +++ b/src/man/sss_override.8.xml @@ -0,0 +1,285 @@ + + + +SSSD Manual pages + + + + + sss_override + 8 + + + + sss_override + create local overrides of user and group attributes + + + + + sss_override + COMMAND + + options + + + + + + DESCRIPTION + + sss_override enables to create a client-side + view and allows to change selected values of specific user + and groups. This change takes effect only on local machine. + + + Overrides data are stored in the SSSD cache. If the cache is deleted, + all local overrides are lost. Please note that after the first + override is created using any of the following + user-add, group-add, + user-import or + group-import command. SSSD needs to be + restarted to take effect. + sss_override prints message when a restart is + required. + + + NOTE: The options provided in this man page + only work with ldap and AD + id_provider. IPA overrides can be managed centrally + on the IPA server. + + + + + AVAILABLE COMMANDS + + Argument NAME is the name of original object + in all commands. It is not possible to override + uid or gid to 0. + + + + + + NAME + NAME + UID + GID + HOME + SHELL + GECOS + + BASE64 ENCODED CERTIFICATE + + + + Override attributes of an user. Please be aware that + calling this command will replace any previous override + for the (NAMEd) user. + + + + + + + NAME + + + + Remove user overrides. However be aware that overridden + attributes might be returned from memory cache. Please + see SSSD option memcache_timeout + for more details. + + + + + + + DOMAIN + + + + List all users with set overrides. + If DOMAIN parameter is set, + only users from the domain are listed. + + + + + + + NAME + + + + Show user overrides. + + + + + + + FILE + + + + Import user overrides from FILE. + Data format is similar to standard passwd file. + The format is: + + + original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate + + + where original_name is original name of the user whose + attributes should be overridden. The rest of fields + correspond to new values. You can omit a value simply + by leaving corresponding field empty. + + + Examples: + + + ckent:superman:::::: + + + ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash: + + + + + + + FILE + + + + Export all overridden attributes and store them in + FILE. See + user-import for data format. + + + + + + + NAME + NAME + GID + + + + Override attributes of a group. Please be aware that + calling this command will replace any previous override + for the (NAMEd) group. + + + + + + + NAME + + + + Remove group overrides. However be aware that overridden + attributes might be returned from memory cache. Please + see SSSD option memcache_timeout + for more details. + + + + + + + DOMAIN + + + + List all groups with set overrides. + If DOMAIN parameter is set, + only groups from the domain are listed. + + + + + + + NAME + + + + Show group overrides. + + + + + + + FILE + + + + Import group overrides from FILE. + Data format is similar to standard group file. + The format is: + + + original_name:name:gid + + + where original_name is original name of the group whose + attributes should be overridden. The rest of fields + correspond to new values. You can omit a value simply + by leaving corresponding field empty. + + + Examples: + + + admins:administrators: + + + Domain Users:Users:501 + + + + + + + FILE + + + + Export all overridden attributes and store them in + FILE. See + group-import for data format. + + + + + + + + COMMON OPTIONS + + Those options are available with all commands. + + + + + + LEVEL + + + + + + + + + + diff --git a/src/man/sss_rpcidmapd.5.xml b/src/man/sss_rpcidmapd.5.xml new file mode 100644 index 0000000..e2d0fe9 --- /dev/null +++ b/src/man/sss_rpcidmapd.5.xml @@ -0,0 +1,132 @@ + + + +SSSD Manual pages + + + sss rpc.idmapd plugin + + Noam + Meltzer + + Primary Data Inc. + + Developer (2013-2014) + + + Noam + Meltzer + Developer (2014-) + tsnoam@gmail.com + + + + + sss_rpcidmapd + 5 + File Formats and Conventions + + + + sss_rpcidmapd + sss plugin configuration directives for rpc.idmapd + + + + CONFIGURATION FILE + + rpc.idmapd configuration file is usually found at + /etc/idmapd.conf. See + + idmapd.conf + 5 + for more information. + + + + + SSS CONFIGURATION EXTENSION + + Enable SSS plugin + + In section [Translation], modify/set + Method attribute to contain + sss. + + + + [sss] config section + + In order to change the default of one of the configuration + attributes of the sss plugin listed + below you will need to create a config section for it, named + [sss]. + + + Configuration attributes + + memcache (bool) + + + Indicates whether or not to use memcache + optimisation technique. + + + Default: True + + + + + + + + + SSSD INTEGRATION + + The sss plugin requires the NSS Responder + to be enabled in sssd. + + + The attribute use_fully_qualified_names must be + enabled on all domains (NFSv4 clients expect a fully qualified name + to be sent on the wire). + + + + + EXAMPLE + + The following example shows a minimal idmapd.conf which makes use of + the sss plugin. + +[General] +Verbosity = 2 +# domain must be synced between NFSv4 server and clients +# Solaris/Illumos/AIX use "localdomain" as default! +Domain = default + +[Mapping] +Nobody-User = nfsnobody +Nobody-Group = nfsnobody + +[Translation] +Method = sss + + + + + + SEE ALSO + + + sssd8 + , + + idmapd.conf + 5 + + + + + diff --git a/src/man/sss_seed.8.xml b/src/man/sss_seed.8.xml new file mode 100644 index 0000000..39f8c02 --- /dev/null +++ b/src/man/sss_seed.8.xml @@ -0,0 +1,177 @@ + + + +SSSD Manual pages + + + + + sss_seed + 8 + + + + sss_seed + seed the SSSD cache with a user + + + + + sss_seed + + options + + -D DOMAIN + -n USER + + + + + DESCRIPTION + + sss_seed seeds the SSSD cache with a user entry + and temporary password. If a user entry is already present in the + SSSD cache then the entry is updated with the temporary password. + + + + + + + OPTIONS + + + + , + DOMAIN + + + + Provide the name of the domain in which the + user is a member of. The domain is also used to + retrieve user information. The domain must be configured + in sssd.conf. The DOMAIN + option must be provided. + Information retrieved from the domain + overrides what is provided in the options. + + + + + + , + USER + + + + The username of the entry to be created or modified + in the cache. The USER option + must be provided. + + + + + + , + UID + + + + Set the UID of the user to + UID. + + + + + + , + GID + + + + Set the GID of the user to + GID. + + + + + + , + COMMENT + + + + Any text string describing the user. Often used as + the field for the user's full name. + + + + + + , + HOME_DIR + + + + Set the home directory of the user to + HOME_DIR. + + + + + + , + SHELL + + + + Set the login shell of the user to + SHELL. + + + + + + , + + + + Interactive mode for entering user information. This + option will only prompt for information not provided in + the options or retrieved from the domain. + + + + + + , + PASS_FILE + + + + Specify file to read user's password from. (if not + specified password is prompted for) + + + + + + + + + NOTES + + The length of the password (or the size of file specified with -p + or --password-file option) must be less than or equal to PASS_MAX + bytes (64 bytes on systems with no globally-defined PASS_MAX value). + + + + + + + + + + diff --git a/src/man/sss_ssh_authorizedkeys.1.xml b/src/man/sss_ssh_authorizedkeys.1.xml new file mode 100644 index 0000000..2f4756d --- /dev/null +++ b/src/man/sss_ssh_authorizedkeys.1.xml @@ -0,0 +1,151 @@ + + + +SSSD Manual pages + + + + + sss_ssh_authorizedkeys + 1 + + + + sss_ssh_authorizedkeys + get OpenSSH authorized keys + + + + + sss_ssh_authorizedkeys + + options + + USER + + + + + DESCRIPTION + + sss_ssh_authorizedkeys acquires SSH + public keys for user USER and + outputs them in OpenSSH authorized_keys format (see the + AUTHORIZED_KEYS FILE FORMAT section of + sshd + 8 for more + information). + + + sshd + 8 can be configured + to use sss_ssh_authorizedkeys for public + key user authentication if it is compiled with support for + AuthorizedKeysCommand option. Please refer + to the + sshd_config + 5 man page for more + details about this option. + + + If AuthorizedKeysCommand is supported, + sshd + 8 can be configured to + use it by putting the following directives in + sshd_config + 5: + + AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys + AuthorizedKeysCommandUser nobody + + + + + KEYS FROM CERTIFICATES + + In addition to the public SSH keys for user + USER + sss_ssh_authorizedkeys can return public SSH keys + derived from the public key of a X.509 certificate as well. + + + To enable this the ssh_use_certificate_keys option + must be set to true (default) in the [ssh] section of + sssd.conf. If the user entry contains + certificates (see ldap_user_certificate in + sssd-ldap + 5 + for details) or there is a certificate in an override entry for the + user (see + sss_override + 8 + or sssd-ipa + 5 + for details) and the certificate is valid SSSD will extract the + public key from the certificate and convert it into the format + expected by sshd. + + + Besides ssh_use_certificate_keys the options + + ca_db + p11_child_timeout + certificate_verification + + can be used to control how the certificates are validated (see + sssd.conf + 5 for details). + + + The validation is the benefit of using X.509 certificates instead of + SSH keys directly because e.g. it gives a better control of the + lifetime of the keys. When the ssh client is configured to use the + private keys from a Smartcard with the help of a PKCS#11 shared + library (see + ssh + 1 + for details) it might be irritating that authentication is still + working even if the related X.509 certificate on the Smartcard is + already expired because neither ssh nor + sshd will look at the certificate at all. + + + It has to be noted that the derived public SSH key can still be + added to the authorized_keys file of the user + to bypass the certificate validation if the sshd + configuration permits this. + + + + + + OPTIONS + + + + , + DOMAIN + + + + Search for user public keys in SSSD domain DOMAIN. + + + + + + + + + EXIT STATUS + + In case of success, an exit value of 0 is returned. Otherwise, + 1 is returned. + + + + + + + diff --git a/src/man/sss_ssh_knownhostsproxy.1.xml b/src/man/sss_ssh_knownhostsproxy.1.xml new file mode 100644 index 0000000..58aeb04 --- /dev/null +++ b/src/man/sss_ssh_knownhostsproxy.1.xml @@ -0,0 +1,112 @@ + + + +SSSD Manual pages + + + + + sss_ssh_knownhostsproxy + 1 + + + + sss_ssh_knownhostsproxy + get OpenSSH host keys + + + + + sss_ssh_knownhostsproxy + + options + + HOST + PROXY_COMMAND + + + + + DESCRIPTION + + sss_ssh_knownhostsproxy acquires SSH host + public keys for host HOST, stores + them in a custom OpenSSH known_hosts file (see the + SSH_KNOWN_HOSTS FILE FORMAT section of + sshd + 8 for more information) + /var/lib/sss/pubconf/known_hosts and + establishes the connection to the host. + + + If PROXY_COMMAND is specified, + it is used to create the connection to the host instead of + opening a socket. + + + ssh + 1 can be configured to + use sss_ssh_knownhostsproxy for host key + authentication by using the following directives for + ssh + 1 configuration: + +ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h +GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts + + + + + + OPTIONS + + + + , + PORT + + + + Use port PORT to connect to the host. + By default, port 22 is used. + + + + + + , + DOMAIN + + + + Search for host public keys in SSSD domain DOMAIN. + + + + + + , + + + + Print the host ssh public keys for host HOST. + + + + + + + + + EXIT STATUS + + In case of success, an exit value of 0 is returned. Otherwise, + 1 is returned. + + + + + + + diff --git a/src/man/sssctl.8.xml b/src/man/sssctl.8.xml new file mode 100644 index 0000000..7e19e00 --- /dev/null +++ b/src/man/sssctl.8.xml @@ -0,0 +1,68 @@ + + + +SSSD Manual pages + + + + + sssctl + 8 + + + + sssctl + SSSD control and status utility + + + + + sssctl + COMMAND + + options + + + + + + DESCRIPTION + + sssctl provides a simple and unified way + to obtain information about SSSD status, such as active server, + auto-discovered servers, domains and cached objects. In addition, + it can manage SSSD data files for troubleshooting in such a way + that is safe to manipulate while SSSD is running. + + + + + AVAILABLE COMMANDS + + To list all available commands run sssctl + without any parameters. To print help for selected command + run sssctl COMMAND --help. + + + + + COMMON OPTIONS + + Those options are available with all commands. + + + + + + LEVEL + + + + + + + + + + diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml new file mode 100644 index 0000000..082e97e --- /dev/null +++ b/src/man/sssd-ad.5.xml @@ -0,0 +1,1446 @@ + + + +SSSD Manual pages + + + + + sssd-ad + 5 + File Formats and Conventions + + + + sssd-ad + SSSD Active Directory provider + + + + DESCRIPTION + + This manual page describes the configuration of the AD provider + for + + sssd + 8 + . + For a detailed syntax reference, refer to the FILE FORMAT section of the + + sssd.conf + 5 + manual page. + + + The AD provider is a back end used to connect to an Active + Directory server. This provider requires that the machine be + joined to the AD domain and a keytab is available. Back end + communication occurs over a GSSAPI-encrypted channel, SSL/TLS + options should not be used with the AD provider and will be + superseded by Kerberos usage. + + + The AD provider supports connecting to Active Directory 2008 R2 + or later. Earlier versions may work, but are unsupported. + + + The AD provider can be used to get user information + and authenticate users from trusted domains. Currently + only trusted domains in the same forest are recognized. In + addition servers from trusted domains are always auto-discovered. + + + The AD provider enables SSSD to use the + + sssd-ldap + 5 + identity provider and the + + sssd-krb5 + 5 + authentication provider with optimizations for + Active Directory environments. The AD provider accepts the same + options used by the sssd-ldap and sssd-krb5 providers with some + exceptions. However, it is neither necessary nor recommended to + set these options. + + + The AD provider primarily copies the traditional ldap and krb5 + provider default options with some exceptions, the differences + are listed in the MODIFIED DEFAULT OPTIONS section. + + + The AD provider can also be used as an access, chpass, + sudo and autofs provider. No configuration of the access provider + is required on the client side. + + + If auth_provider=ad or + access_provider=ad is configured + in sssd.conf then the id_provider must also be set to + ad. + + + By default, the AD provider will map UID and GID values from the + objectSID parameter in Active Directory. For details on this, see + the ID MAPPING section below. If you want to + disable ID mapping and instead rely on POSIX attributes defined in + Active Directory, you should set + +ldap_id_mapping = False + + If POSIX attributes should be used, it is recommended for + performance reasons that the attributes are also replicated + to the Global Catalog. If POSIX attributes are replicated, + SSSD will attempt to locate the domain of a requested + numerical ID with the help of the Global Catalog and only + search that domain. In contrast, if POSIX attributes are not + replicated to the Global Catalog, SSSD must search all the + domains in the forest sequentially. Please note that the + cache_first option might be also helpful in + speeding up domainless searches. + Note that if only a subset of POSIX attributes is present in + the Global Catalog, the non-replicated attributes are currently + not read from the LDAP port. + + + Users, groups and other entities served by SSSD are always treated as + case-insensitive in the AD provider for compatibility with Active + Directory's LDAP implementation. + + + SSSD only resolves Active Directory Security Groups. For more + information about AD group types see: + + Active Directory security groups + + + SSSD filters out Domain Local groups from remote domains in the AD + forest. By default they are filtered out e.g. when following a + nested group hierarchy in remote domains because they are not valid + in the local domain. This is done to be in agreement with Active + Directory's group-membership assignment which can be seen in + the PAC of the Kerberos ticket of a user issued by Active Directory. + + + + + CONFIGURATION OPTIONS + Refer to the section DOMAIN SECTIONS of the + + sssd.conf + 5 + manual page for details on the configuration of an SSSD domain. + + + ad_domain (string) + + + Specifies the name of the Active Directory domain. + This is optional. If not provided, the + configuration domain name is used. + + + For proper operation, this option should be + specified as the lower-case version of the long + version of the Active Directory domain. + + + The short domain name (also known as the NetBIOS + or the flat name) is autodetected by the SSSD. + + + + + + ad_enabled_domains (string) + + + A comma-separated list of enabled Active Directory + domains. If provided, SSSD will ignore any domains + not listed in this option. If left unset, all + discovered domains from the AD forest will be + available. + + + During the discovery of the domains SSSD will + filter out some domains where flags or attributes + indicate that they do not belong to the local + forest or are not trusted. If ad_enabled_domains is + set, SSSD will try to enable all listed domains. + + + For proper operation, this option must be specified in all + lower-case and as the fully qualified domain name of the + Active Directory domain. For example: + +ad_enabled_domains = sales.example.com, eng.example.com + + + + The short domain name (also known as the NetBIOS or the flat + name) will be autodetected by SSSD. + + + Default: Not set + + + + + + ad_server, ad_backup_server (string) + + + The comma-separated list of + hostnames of the AD servers to which SSSD should + connect in order of preference. For more + information on failover and server redundancy, see + the FAILOVER section. + + + This is optional if autodiscovery is enabled. + For more information on service discovery, refer + to the SERVICE DISCOVERY section. + + + Note: Trusted domains will always auto-discover + servers even if the primary server is explicitly + defined in the ad_server option. + + + + + + ad_hostname (string) + + + Optional. On machines where the hostname(5) does + not reflect the fully qualified name, sssd will try + to expand the short name. If it is not possible or + the short name should be really used instead, set + this parameter explicitly. + + + This field is used to determine the host principal + in use in the keytab and to perform dynamic DNS + updates. It must match the hostname for which the + keytab was issued. + + + + + + ad_enable_dns_sites (boolean) + + + Enables DNS sites - location based + service discovery. + + + If true and service discovery (see Service + Discovery paragraph at the bottom of the man page) + is enabled, the SSSD will first attempt to discover + the Active Directory server to connect to using the + Active Directory Site Discovery and fall back to + the DNS SRV records if no AD site is found. The + DNS SRV configuration, including the discovery + domain, is used during site discovery as well. + + + Default: true + + + + + + ad_access_filter (string) + + + This option specifies LDAP access control + filter that the user must match in order + to be allowed access. Please note that the + access_provider option must be + explicitly set to ad in order + for this option to have an effect. + + + The option also supports specifying different + filters per domain or forest. This + extended filter would consist of: + KEYWORD:NAME:FILTER. + The keyword can be either DOM, + FOREST or missing. + + + If the keyword equals to DOM + or is missing, then NAME specifies + the domain or subdomain the filter applies to. + If the keyword equals to FOREST, + then the filter equals to all domains from the + forest specified by NAME. + + + Multiple filters can be separated with the + ? character, similarly to how + search bases work. + + + Nested group membership must be searched for using + a special OID :1.2.840.113556.1.4.1941: + in addition to the full DOM:domain.example.org: syntax + to ensure the parser does not attempt to interpret the + colon characters associated with the OID. If you do not + use this OID then nested group membership will not be + resolved. See usage example below and refer here + for further information about the OID: + + [MS-ADTS] section LDAP extensions + + + The most specific match is always used. For + example, if the option specified filter + for a domain the user is a member of and a + global filter, the per-domain filter would + be applied. If there are more matches with + the same specification, the first one is used. + + + Examples: + + +# apply filter on domain called dom1 only: +dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com) + +# apply filter on domain called dom2 only: +DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com) + +# apply filter on forest called EXAMPLE.COM only: +FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com) + +# apply filter for a member of a nested group in dom1: +DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com) + + + Default: Not set + + + + + + ad_site (string) + + + Specify AD site to which client should try to connect. + If this option is not provided, the AD site will be + auto-discovered. + + + Default: Not set + + + + + + ad_enable_gc (boolean) + + + By default, the SSSD connects to the Global + Catalog first to retrieve users from trusted + domains and uses the LDAP port to retrieve + group memberships or as a fallback. Disabling + this option makes the SSSD only connect to + the LDAP port of the current AD server. + + + Please note that disabling Global Catalog support + does not disable retrieving users from trusted + domains. The SSSD would connect to the LDAP port + of trusted domains instead. However, Global + Catalog must be used in order to resolve + cross-domain group memberships. + + + Default: true + + + + + + ad_gpo_access_control (string) + + + This option specifies the operation mode for + GPO-based access control functionality: + whether it operates in disabled mode, enforcing + mode, or permissive mode. Please note that the + access_provider option must be + explicitly set to ad in order for + this option to have an effect. + + + GPO-based access control functionality uses GPO + policy settings to determine whether or not a + particular user is allowed to logon to the host. + For more information on the supported policy + settings please refer to the + ad_gpo_map options. + + + Please note that current version of SSSD does + not support Active Directory's built-in groups. + Built-in groups (such as Administrators with + SID S-1-5-32-544) in GPO access control rules + will be ignored by SSSD. + See upstream issue tracker + https://github.com/SSSD/sssd/issues/5063 . + + + Before performing access control SSSD applies group + policy security filtering on the GPOs. For every + single user login, the applicability of the GPOs + that are linked to the host is checked. In order for + a GPO to apply to a user, the user or at least one + of the groups to which it belongs must have + following permissions on the GPO: + + + + Read: The user or one of its groups must + have read access to the properties of the + GPO (RIGHT_DS_READ_PROPERTY) + + + + + Apply Group Policy: The user or at least + one of its groups must be allowed to + apply the GPO (RIGHT_DS_CONTROL_ACCESS). + + + + + + By default, the Authenticated Users group is present + on a GPO and this group has both Read and Apply Group + Policy access rights. Since authentication of a user + must have been completed successfully before GPO + security filtering and access control are started, + the Authenticated Users group permissions on the GPO + always apply also to the user. + + + NOTE: If the operation mode is set to enforcing, it + is possible that users that were previously allowed + logon access will now be denied logon access (as + dictated by the GPO policy settings). In order to + facilitate a smooth transition for administrators, + a permissive mode is available that will not enforce + the access control rules, but will evaluate them and + will output a syslog message if access would have + been denied. By examining the logs, administrators + can then make the necessary changes before setting + the mode to enforcing. For logging GPO-based access + control debug level 'trace functions' is required (see + + sssctl + 8 + + manual page). + + + There are three supported values for this option: + + + + disabled: GPO-based access control rules + are neither evaluated nor enforced. + + + + + enforcing: GPO-based access control + rules are evaluated and enforced. + + + + + permissive: GPO-based access control + rules are evaluated, but not enforced. + Instead, a syslog message will be + emitted indicating that the user would + have been denied access if this option's + value were set to enforcing. + + + + + + Default: permissive + + + Default: enforcing + + + + + + ad_gpo_implicit_deny (boolean) + + + Normally when no applicable GPOs are found the + users are allowed access. When this option is set + to True users will be allowed access only when + explicitly allowed by a GPO rule. Otherwise users + will be denied access. This can be used to harden + security but be careful when using this option + because it can deny access even to users in the + built-in Administrators group if no GPO rules + apply to them. + + + + Default: False + + + + The following 2 tables should illustrate when a user + is allowed or rejected based on the allow and deny + login rights defined on the server-side and the + setting of ad_gpo_implicit_deny. + + + + + + + + + ad_gpo_implicit_deny = False (default) + allow-rulesdeny-rules + results + + + missingmissing + all users are allowed + + missingpresent + only users not in deny-rules are + allowed + presentmissing + only users in allow-rules are + allowed + presentpresent + only users in allow-rules and not in + deny-rules are allowed + + + + + + + + + + ad_gpo_implicit_deny = True + allow-rulesdeny-rules + results + + + missingmissing + no users are allowed + + missingpresent + no users are allowed + + presentmissing + only users in allow-rules are + allowed + presentpresent + only users in allow-rules and not in + deny-rules are allowed + + + + + + ad_gpo_ignore_unreadable (boolean) + + + Normally when some group policy containers (AD + object) of applicable group policy objects are + not readable by SSSD then users are denied access. + This option allows to ignore group policy + containers and with them associated policies + if their attributes in group policy containers + are not readable for SSSD. + + + Default: False + + + + + + + + ad_gpo_cache_timeout (integer) + + + The amount of time between lookups of GPO policy + files against the AD server. This will reduce the + latency and load on the AD server if there are + many access-control requests made in a short + period. + + + Default: 5 (seconds) + + + + + + ad_gpo_map_interactive (string) + + + A comma-separated list of PAM service names for + which GPO-based access control is evaluated based on + the InteractiveLogonRight and + DenyInteractiveLogonRight policy settings. + Only those GPOs are evaluated for which the user has + Read and Apply Group Policy permission (see option + ad_gpo_access_control). + If an evaluated GPO contains the deny interactive + logon setting for the user or one of its groups, the + user is denied local access. + If none of the evaluated GPOs has an interactive + logon right defined, the user is granted local + access. If at least one evaluated GPO contains + interactive logon right settings, the user is + granted local access only, if it or at least one of + its groups is part of the policy settings. + + + Note: Using the Group Policy Management Editor + this value is called "Allow log on locally" + and "Deny log on locally". + + + It is possible to add another PAM service name + to the default set by using +service_name + or to explicitly remove a PAM service name from + the default set by using -service_name. + For example, in order to replace a default PAM service + name for this logon right (e.g. login) + with a custom pam service name (e.g. my_pam_service), + you would use the following configuration: + +ad_gpo_map_interactive = +my_pam_service, -login + + + + Default: the default set of PAM service names includes: + + + + login + + + + + su + + + + + su-l + + + + + gdm-fingerprint + + + + + gdm-password + + + + + gdm-smartcard + + + + + kdm + + + + + lightdm + + + + + lxdm + + + + + sddm + + + + + unity + + + + + xdm + + + + + + + + + ad_gpo_map_remote_interactive (string) + + + A comma-separated list of PAM service names for + which GPO-based access control is evaluated based on + the RemoteInteractiveLogonRight and + DenyRemoteInteractiveLogonRight policy settings. + Only those GPOs are evaluated for which the user has + Read and Apply Group Policy permission (see option + ad_gpo_access_control). + If an evaluated GPO contains the deny remote + logon setting for the user or one of its groups, the + user is denied remote interactive access. + If none of the evaluated GPOs has a remote + interactive logon right defined, the user is granted + remote access. If at least one evaluated GPO + contains remote interactive logon right settings, + the user is granted remote access only, if it or at + least one of its groups is part of the policy + settings. + + + Note: Using the Group Policy Management Editor this + value is called "Allow log on through Remote Desktop + Services" and "Deny log on through Remote Desktop + Services". + + + It is possible to add another PAM service name + to the default set by using +service_name + or to explicitly remove a PAM service name from + the default set by using -service_name. + For example, in order to replace a default PAM service + name for this logon right (e.g. sshd) + with a custom pam service name (e.g. my_pam_service), + you would use the following configuration: + +ad_gpo_map_remote_interactive = +my_pam_service, -sshd + + + + Default: the default set of PAM service names includes: + + + + sshd + + + + + cockpit + + + + + + + + + ad_gpo_map_network (string) + + + A comma-separated list of PAM service names for + which GPO-based access control is evaluated based on + the NetworkLogonRight and DenyNetworkLogonRight + policy settings. + Only those GPOs are evaluated for which the user has + Read and Apply Group Policy permission (see option + ad_gpo_access_control). + If an evaluated GPO contains the deny network + logon setting for the user or one of its groups, the + user is denied network logon access. + If none of the evaluated GPOs has a network + logon right defined, the user is granted logon + access. If at least one evaluated GPO contains + network logon right settings, the user is + granted logon access only, if it or at least one of + its groups is part of the policy settings. + + + Note: Using the Group Policy Management Editor + this value is called "Access this computer + from the network" and "Deny access to this + computer from the network". + + + It is possible to add another PAM service name + to the default set by using +service_name + or to explicitly remove a PAM service name from + the default set by using -service_name. + For example, in order to replace a default PAM service + name for this logon right (e.g. ftp) + with a custom pam service name (e.g. my_pam_service), + you would use the following configuration: + +ad_gpo_map_network = +my_pam_service, -ftp + + + + Default: the default set of PAM service names includes: + + + + ftp + + + + + samba + + + + + + + + + ad_gpo_map_batch (string) + + + A comma-separated list of PAM service names for + which GPO-based access control is evaluated based on + the BatchLogonRight and DenyBatchLogonRight + policy settings. + Only those GPOs are evaluated for which the user has + Read and Apply Group Policy permission (see option + ad_gpo_access_control). + If an evaluated GPO contains the deny batch + logon setting for the user or one of its groups, the + user is denied batch logon access. + If none of the evaluated GPOs has a batch + logon right defined, the user is granted logon + access. If at least one evaluated GPO contains + batch logon right settings, the user is + granted logon access only, if it or at least one of + its groups is part of the policy settings. + + + Note: Using the Group Policy Management Editor + this value is called "Allow log on as a batch + job" and "Deny log on as a batch job". + + + It is possible to add another PAM service name + to the default set by using +service_name + or to explicitly remove a PAM service name from + the default set by using -service_name. + For example, in order to replace a default PAM service + name for this logon right (e.g. crond) + with a custom pam service name (e.g. my_pam_service), + you would use the following configuration: + +ad_gpo_map_batch = +my_pam_service, -crond + + + Note: Cron service name may differ depending on Linux distribution used. + + Default: the default set of PAM service names includes: + + + + crond + + + + + + + + + ad_gpo_map_service (string) + + + A comma-separated list of PAM service names for + which GPO-based access control is evaluated based on + the ServiceLogonRight and DenyServiceLogonRight + policy settings. + Only those GPOs are evaluated for which the user has + Read and Apply Group Policy permission (see option + ad_gpo_access_control). + If an evaluated GPO contains the deny service + logon setting for the user or one of its groups, the + user is denied service logon access. + If none of the evaluated GPOs has a service + logon right defined, the user is granted logon + access. If at least one evaluated GPO contains + service logon right settings, the user is + granted logon access only, if it or at least one of + its groups is part of the policy settings. + + + Note: Using the Group Policy Management Editor + this value is called "Allow log on as a service" + and "Deny log on as a service". + + + It is possible to add a PAM service name to the + default set by using +service_name. + Since the default set is empty, it is not possible + to remove a PAM service name from the default set. + For example, in order to add a custom pam service + name (e.g. my_pam_service), you + would use the following configuration: + +ad_gpo_map_service = +my_pam_service + + + + Default: not set + + + + + + ad_gpo_map_permit (string) + + + A comma-separated list of PAM service names for + which GPO-based access is always granted, regardless + of any GPO Logon Rights. + + + It is possible to add another PAM service name + to the default set by using +service_name + or to explicitly remove a PAM service name from + the default set by using -service_name. + For example, in order to replace a default PAM service + name for unconditionally permitted access (e.g. sudo) + with a custom pam service name (e.g. my_pam_service), + you would use the following configuration: + +ad_gpo_map_permit = +my_pam_service, -sudo + + + + Default: the default set of PAM service names includes: + + + + polkit-1 + + + + + sudo + + + + + sudo-i + + + + + systemd-user + + + + + + + + + ad_gpo_map_deny (string) + + + A comma-separated list of PAM service names for + which GPO-based access is always denied, regardless + of any GPO Logon Rights. + + + It is possible to add a PAM service name to the + default set by using +service_name. + Since the default set is empty, it is not possible + to remove a PAM service name from the default set. + For example, in order to add a custom pam service + name (e.g. my_pam_service), you + would use the following configuration: + +ad_gpo_map_deny = +my_pam_service + + + + Default: not set + + + + + + ad_gpo_default_right (string) + + + This option defines how access control is evaluated + for PAM service names that are not explicitly listed + in one of the ad_gpo_map_* options. This option can be + set in two different manners. First, this option can + be set to use a default logon right. For example, if + this option is set to 'interactive', it means that + unmapped PAM service names will be processed based on + the InteractiveLogonRight and DenyInteractiveLogonRight + policy settings. Alternatively, this option can be set + to either always permit or always deny access for + unmapped PAM service names. + + + Supported values for this option include: + + + + interactive + + + + + remote_interactive + + + + + network + + + + + batch + + + + + service + + + + + permit + + + + + deny + + + + + + Default: deny + + + + + + ad_maximum_machine_account_password_age (integer) + + + SSSD will check once a day if the machine account + password is older than the given age in days and try + to renew it. A value of 0 will disable the renewal + attempt. + + + Default: 30 days + + + + + + ad_machine_account_password_renewal_opts (string) + + + This option should only be used to test the machine + account renewal task. The option expects 2 integers + separated by a colon (':'). The first integer + defines the interval in seconds how often the task + is run. The second specifies the initial timeout in + seconds before the task is run for the first time + after startup. + + + Default: 86400:750 (24h and 15m) + + + + + + ad_update_samba_machine_account_password (boolean) + + + If enabled, when SSSD renews the machine account + password, it will also be updated in Samba's + database. This prevents Samba's copy of the machine + account password from getting out of date when it is + set up to use AD for authentication. + + + Default: false + + + + + + ad_use_ldaps (bool) + + + By default SSSD uses the plain LDAP port 389 and the + Global Catalog port 3628. If this option is set to + True SSSD will use the LDAPS port 636 and Global + Catalog port 3629 with LDAPS protection. Since AD + does not allow to have multiple encryption layers on + a single connection and we still want to use + SASL/GSSAPI or SASL/GSS-SPNEGO for authentication + the SASL security property maxssf is set to 0 (zero) + for those connections. + + + Default: False + + + + + + ad_allow_remote_domain_local_groups (boolean) + + + If this option is set to true SSSD + will not filter out Domain Local groups from remote + domains in the AD forest. By default they are + filtered out e.g. when following a nested group + hierarchy in remote domains because they are not + valid in the local domain. To be compatible with + other solutions which make AD users and groups + available on Linux client this option was added. + + + Please note that setting this option to + true will be against the intention of + Domain Local group in Active Directory and + SHOULD ONLY BE USED TO FACILITATE + MIGRATION FROM OTHER SOLUTIONS. Although + the group exists and user can be member of the group + the intention is that the group should be only used + in the domain it is defined and in no others. Since + there is only one type of POSIX groups the only way + to achieve this on the Linux side is to ignore those + groups. This is also done by Active Directory as can + be seen in the PAC of the Kerberos ticket for a + local service or in tokenGroups requests where + remote Domain Local groups are missing as well. + + + Given the comments above, if this option is set to + true the tokenGroups request must be + disabled by setting + ldap_use_tokengroups to + false to get consistent + group-memberships of a users. Additionally the + Global Catalog lookup should be skipped as well by + setting ad_enable_gc to + false. Finally it might be necessary + to modify ldap_group_nesting_level if + the remote Domain Local groups can only be found + with a deeper nesting level. + + + Default: False + + + + + + dyndns_update (boolean) + + + Optional. This option tells SSSD to automatically + update the Active Directory DNS server with + the IP address of this client. The update is + secured using GSS-TSIG. As a consequence, the + Active Directory administrator only needs to + allow secure updates for the DNS zone. The IP + address of the AD LDAP connection is used for + the updates, if it is not otherwise specified + by using the dyndns_iface option. + + + NOTE: On older systems (such as RHEL 5), for this + behavior to work reliably, the default Kerberos + realm must be set properly in /etc/krb5.conf + + + Default: true + + + + + + dyndns_ttl (integer) + + + The TTL to apply to the client DNS record when updating it. + If dyndns_update is false this has no effect. This will + override the TTL serverside if set by an administrator. + + + Default: 3600 (seconds) + + + + + + dyndns_iface (string) + + + Optional. Applicable only when dyndns_update + is true. Choose the interface or a list of interfaces + whose IP addresses should be used for dynamic DNS + updates. Special value * implies that + IPs from all interfaces should be used. + + + Default: Use the IP addresses of the interface which + is used for AD LDAP connection + + + Example: dyndns_iface = em1, vnet1, vnet2 + + + + + + dyndns_refresh_interval (integer) + + + How often should the back end perform periodic DNS update in + addition to the automatic update performed when the back end + goes online. + This option is optional and applicable only when dyndns_update + is true. Note that the lowest possible value is 60 seconds in-case + if value is provided less than 60, parameter will assume lowest + value only. + + + Default: 86400 (24 hours) + + + + + + dyndns_update_ptr (bool) + + + Whether the PTR record should also be explicitly + updated when updating the client's DNS records. + Applicable only when dyndns_update is true. + + + Note that dyndns_update_per_family + parameter does not apply for PTR record updates. + Those updates are always sent separately. + + + Default: True + + + + + + dyndns_force_tcp (bool) + + + Whether the nsupdate utility should default to using + TCP for communicating with the DNS server. + + + Default: False (let nsupdate choose the protocol) + + + + + + dyndns_auth (string) + + + Whether the nsupdate utility should use GSS-TSIG + authentication for secure updates with the DNS + server, insecure updates can be sent by setting + this option to 'none'. + + + Default: GSS-TSIG + + + + + + dyndns_auth_ptr (string) + + + Whether the nsupdate utility should use GSS-TSIG + authentication for secure PTR updates with the DNS + server, insecure updates can be sent by setting + this option to 'none'. + + + Default: Same as dyndns_auth + + + + + + dyndns_server (string) + + + The DNS server to use when performing a DNS + update. In most setups, it's recommended to leave + this option unset. + + + Setting this option makes sense for environments + where the DNS server is different from the identity + server. + + + Please note that this option will be only used in + fallback attempt when previous attempt using + autodetected settings failed. + + + Default: None (let nsupdate choose the server) + + + + + + dyndns_update_per_family (boolean) + + + DNS update is by default performed in two steps - + IPv4 update and then IPv6 update. In some cases + it might be desirable to perform IPv4 and IPv6 + update in single step. + + + Default: true + + + + + + + + + krb5_confd_path (string) + + + Absolute path of a directory where SSSD should place + Kerberos configuration snippets. + + + To disable the creation of the configuration + snippets set the parameter to 'none'. + + + Default: not set (krb5.include.d subdirectory of + SSSD's pubconf directory) + + + + + + + + + + + + + + + + + EXAMPLE + + The following example assumes that SSSD is correctly + configured and example.com is one of the domains in the + [sssd] section. This example shows only + the AD provider-specific options. + + + +[domain/EXAMPLE] +id_provider = ad +auth_provider = ad +access_provider = ad +chpass_provider = ad + +ad_server = dc1.example.com +ad_hostname = client.example.com +ad_domain = example.com + + + + + + NOTES + + The AD access control provider checks if the account is expired. + It has the same effect as the following configuration of the LDAP + provider: + +access_provider = ldap +ldap_access_order = expire +ldap_account_expire_policy = ad + + + + However, unless the ad access control provider + is explicitly configured, the default access provider is + permit. Please note that if you configure an + access provider other than ad, you need to set + all the connection parameters (such as LDAP URIs and encryption + details) manually. + + + When the autofs provider is set to ad, the RFC2307 + schema attribute mapping (nisMap, nisObject, ...) is used, + because these attributes are included in the default Active + Directory schema. + + + + + + + + + diff --git a/src/man/sssd-files.5.xml b/src/man/sssd-files.5.xml new file mode 100644 index 0000000..a9e5397 --- /dev/null +++ b/src/man/sssd-files.5.xml @@ -0,0 +1,183 @@ + + + +SSSD Manual pages + + + + + sssd-files + 5 + File Formats and Conventions + + + + sssd-files + SSSD files provider + + + + DESCRIPTION + + This manual page describes the files provider + for + + sssd + 8 + . + For a detailed syntax reference, refer to the FILE FORMAT section of the + + sssd.conf + 5 + manual page. + + + The files provider mirrors the content of the + + passwd + 5 + + and + + group + 5 + + files. The purpose of the files provider is to make the users + and groups traditionally only accessible with NSS interfaces + also available through the SSSD interfaces such as + + sssd-ifp + 5 + . + + + Another reason is to provide efficient caching of local users and groups. + + + Please note that besides explicit domain definition the files provider + can be configured also implicitly using 'enable_files_domain' option. See + + sssd.conf + 5 + for details. + + + SSSD never handles resolution of user/group "root". Also resolution of + UID/GID 0 is not handled by SSSD. Such requests are passed to next + NSS module (usually files). + + + When SSSD is not running or responding, nss_sss returns the UNAVAIL code + which causes the request to be passed to the next module. + + + + + CONFIGURATION OPTIONS + + In addition to the options listed below, generic SSSD domain options + can be set where applicable. + Refer to the section DOMAIN SECTIONS of the + + sssd.conf + 5 + manual page for details on the configuration + of an SSSD domain. But the purpose of the files provider is + to expose the same data as the UNIX files, just through the + SSSD interfaces. Therefore not all generic domain options are + supported. Likewise, some global options, such as overriding + the shell in the nss section for all domains + has no effect on the files domain unless explicitly specified + per-domain. + + + passwd_files (string) + + + Comma-separated list of one or multiple password + filenames to be read and enumerated by the files + provider, inotify monitor watches will be set on + each file to detect changes dynamically. + + + Default: /etc/passwd + + + + + + group_files (string) + + + Comma-separated list of one or multiple group + filenames to be read and enumerated by the files + provider, inotify monitor watches will be set on + each file to detect changes dynamically. + + + Default: /etc/group + + + + + + fallback_to_nss (boolean) + + + While updating the internal data SSSD will return an + error and let the client continue with the next NSS + module. This helps to avoid delays when using the + default system files + /etc/passwd and + /etc/group and the NSS + configuration has 'sss' before 'files' for the + 'passwd' and 'group' maps. + + + If the files provider is configured to monitor other + files it makes sense to set this option to 'False' + to avoid inconsistent behavior because in general + there would be no other NSS module which can be used + as a fallback. + + + Default: True + + + + + + + + + + EXAMPLE + + The following example assumes that SSSD is correctly + configured and files is one of the domains in the + [sssd] section. + + + +[domain/files] +id_provider = files + + + + To leverage caching of local users and groups by SSSD + nss_sss module must be listed before nss_files module + in /etc/nsswitch.conf. + + + +passwd: sss files +group: sss files + + + + + + + + diff --git a/src/man/sssd-ifp.5.xml b/src/man/sssd-ifp.5.xml new file mode 100644 index 0000000..1c35d58 --- /dev/null +++ b/src/man/sssd-ifp.5.xml @@ -0,0 +1,171 @@ + + + +SSSD Manual pages + + + + + sssd-ifp + 5 + File Formats and Conventions + + + + sssd-ifp + SSSD InfoPipe responder + + + + DESCRIPTION + + This manual page describes the configuration of the InfoPipe responder + for + + sssd + 8 + . + For a detailed syntax reference, refer to the FILE FORMAT section of the + + sssd.conf + 5 + manual page. + + + The InfoPipe responder provides a public D-Bus interface + accessible over the system bus. The interface allows the user + to query information about remote users and groups over the + system bus. + + + + FIND BY VALID CERTIFICATE + + The following options can be used to control how the certificates + are validated when using the FindByValidCertificate() API: + + ca_db + p11_child_timeout + certificate_verification + + For more details about the options see + sssd.conf + 5. + + + + + + CONFIGURATION OPTIONS + + These options can be used to configure the InfoPipe responder. + + + + allowed_uids (string) + + + Specifies the comma-separated list of UID values or + user names that are allowed to access the InfoPipe + responder. User names are resolved to UIDs at + startup. + + + Default: 0 (only the root user is allowed to access + the InfoPipe responder) + + + Please note that although the UID 0 is used as the + default it will be overwritten with this option. If + you still want to allow the root user to access the + InfoPipe responder, which would be the typical + case, you have to add 0 to the list of allowed UIDs + as well. + + + + + + user_attributes (string) + + + Specifies the comma-separated list of white + or blacklisted attributes. + + + By default, the InfoPipe responder only + allows the default set of POSIX attributes to + be requested. This set is the same as returned by + + getpwnam + 3 + + and includes: + + + name + user's login name + + + uidNumber + user ID + + + gidNumber + primary group ID + + + gecos + user information, typically full name + + + homeDirectory + home directory + + + loginShell + user shell + + + + + It is possible to add another attribute to + this set by using +attr_name + or explicitly remove an attribute using + -attr_name. For example, to + allow telephoneNumber but deny + loginShell, you would use the + following configuration: + +user_attributes = +telephoneNumber, -loginShell + + + + Default: not set. Only the default set of + POSIX attributes is allowed. + + + + + + wildcard_limit (integer) + + + Specifies an upper limit on the number of entries + that are downloaded during a wildcard lookup that + overrides caller-supplied limit. + + + Default: 0 (let the caller set an upper limit) + + + + + + + + + + + diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml new file mode 100644 index 0000000..4802ce8 --- /dev/null +++ b/src/man/sssd-ipa.5.xml @@ -0,0 +1,950 @@ + + + +SSSD Manual pages + + + + + sssd-ipa + 5 + File Formats and Conventions + + + + sssd-ipa + SSSD IPA provider + + + + DESCRIPTION + + This manual page describes the configuration of the IPA provider + for + + sssd + 8 + . + For a detailed syntax reference, refer to the FILE FORMAT section of the + + sssd.conf + 5 + manual page. + + + The IPA provider is a back end used to connect to an IPA server. + (Refer to the freeipa.org web site for information about IPA servers.) + This provider requires that the machine be joined to the IPA domain; + configuration is almost entirely self-discovered and obtained + directly from the server. + + + The IPA provider enables SSSD to use the + + sssd-ldap + 5 + identity provider and the + + sssd-krb5 + 5 + authentication provider with optimizations for IPA + environments. The IPA provider accepts the same options used by the + sssd-ldap and sssd-krb5 providers with some exceptions. However, it is + neither necessary nor recommended to set these options. + + + The IPA provider primarily copies the traditional ldap and krb5 provider + default options with some exceptions, the differences are listed in the + MODIFIED DEFAULT OPTIONS section. + + + As an access provider, the IPA provider has a minimal configuration + (see ipa_access_order) as it mainly uses HBAC + (host-based access control) rules. Please refer to freeipa.org for + more information about HBAC. + + + If auth_provider=ipa or + access_provider=ipa is configured + in sssd.conf then the id_provider must also be set to + ipa. + + + The IPA provider will use the PAC responder if the Kerberos tickets + of users from trusted realms contain a PAC. To make configuration + easier the PAC responder is started automatically if the IPA ID + provider is configured. + + + + + CONFIGURATION OPTIONS + Refer to the section DOMAIN SECTIONS of the + + sssd.conf + 5 + manual page for details on the configuration of an SSSD domain. + + + ipa_domain (string) + + + Specifies the name of the IPA domain. + This is optional. If not provided, the configuration + domain name is used. + + + + + + ipa_server, ipa_backup_server (string) + + + The comma-separated list of IP addresses or hostnames of the + IPA servers to which SSSD should connect in + the order of preference. For more information + on failover and server redundancy, see the + FAILOVER section. + This is optional if autodiscovery is enabled. + For more information on service discovery, refer + to the SERVICE DISCOVERY section. + + + + + + ipa_hostname (string) + + + Optional. May be set on machines where the + hostname(5) does not reflect the fully qualified + name used in the IPA domain to identify this host. + The hostname must be fully qualified. + + + + + + dyndns_update (boolean) + + + Optional. This option tells SSSD to automatically + update the DNS server built into FreeIPA with + the IP address of this client. The update is + secured using GSS-TSIG. The IP address of the IPA + LDAP connection is used for the updates, if it is + not otherwise specified by using the + dyndns_iface option. + + + NOTE: On older systems (such as RHEL 5), for this + behavior to work reliably, the default Kerberos + realm must be set properly in /etc/krb5.conf + + + NOTE: While it is still possible to use the old + ipa_dyndns_update option, users + should migrate to using dyndns_update + in their config file. + + + Default: false + + + + + + dyndns_ttl (integer) + + + The TTL to apply to the client DNS record when updating it. + If dyndns_update is false this has no effect. This will + override the TTL serverside if set by an administrator. + + + NOTE: While it is still possible to use the old + ipa_dyndns_ttl option, users + should migrate to using dyndns_ttl + in their config file. + + + Default: 1200 (seconds) + + + + + + dyndns_iface (string) + + + Optional. Applicable only when dyndns_update + is true. Choose the interface or a list of interfaces + whose IP addresses should be used for dynamic DNS + updates. Special value * implies that + IPs from all interfaces should be used. + + + NOTE: While it is still possible to use the old + ipa_dyndns_iface option, users + should migrate to using dyndns_iface + in their config file. + + + Default: Use the IP addresses of the interface which + is used for IPA LDAP connection + + + Example: dyndns_iface = em1, vnet1, vnet2 + + + + + + dyndns_auth (string) + + + Whether the nsupdate utility should use GSS-TSIG + authentication for secure updates with the DNS + server, insecure updates can be sent by setting + this option to 'none'. + + + Default: GSS-TSIG + + + + + + dyndns_auth_ptr (string) + + + Whether the nsupdate utility should use GSS-TSIG + authentication for secure PTR updates with the DNS + server, insecure updates can be sent by setting + this option to 'none'. + + + Default: Same as dyndns_auth + + + + + + ipa_enable_dns_sites (boolean) + + + Enables DNS sites - location based + service discovery. + + + If true and service discovery (see Service + Discovery paragraph at the bottom of the man page) + is enabled, then the SSSD will first attempt + location based discovery using a query that contains + "_location.hostname.example.com" and then fall back + to traditional SRV discovery. If the location based + discovery succeeds, the IPA servers located with + the location based discovery are treated as primary + servers and the IPA servers located using the + traditional SRV discovery are used as back up + servers + + + Default: false + + + + + + dyndns_refresh_interval (integer) + + + How often should the back end perform periodic DNS update in + addition to the automatic update performed when the back end + goes online. + This option is optional and applicable only when dyndns_update + is true. + + + Default: 0 (disabled) + + + + + + dyndns_update_ptr (bool) + + + Whether the PTR record should also be explicitly + updated when updating the client's DNS records. + Applicable only when dyndns_update is true. + + + This option should be False in most IPA + deployments as the IPA server generates the + PTR records automatically when forward records + are changed. + + + Note that dyndns_update_per_family + parameter does not apply for PTR record updates. + Those updates are always sent separately. + + + Default: False (disabled) + + + + + + dyndns_force_tcp (bool) + + + Whether the nsupdate utility should default to using + TCP for communicating with the DNS server. + + + Default: False (let nsupdate choose the protocol) + + + + + + dyndns_server (string) + + + The DNS server to use when performing a DNS + update. In most setups, it's recommended to leave + this option unset. + + + Setting this option makes sense for environments + where the DNS server is different from the identity + server. + + + Please note that this option will be only used in + fallback attempt when previous attempt using + autodetected settings failed. + + + Default: None (let nsupdate choose the server) + + + + + + dyndns_update_per_family (boolean) + + + DNS update is by default performed in two steps - + IPv4 update and then IPv6 update. In some cases + it might be desirable to perform IPv4 and IPv6 + update in single step. + + + Default: true + + + + + + ipa_access_order (string) + + + Comma separated list of access control options. + Allowed values are: + + + expire: use + IPA's account expiration policy. + + + pwd_expire_policy_reject, + pwd_expire_policy_warn, + pwd_expire_policy_renew: + + These options are useful if users are interested + in being warned that password is about to expire + and authentication is based on using a different + method than passwords - for example SSH keys. + + + The difference between these options is the action + taken if user password is expired: + + + + pwd_expire_policy_reject - + user is denied to log in, + + + + + pwd_expire_policy_warn - + user is still able to log in, + + + + + pwd_expire_policy_renew - + user is prompted to change their + password immediately. + + + + + + Please note that 'access_provider = ipa' must + be set for this feature to work. + + + + + + ipa_deskprofile_search_base (string) + + + Optional. Use the given string as search base for + Desktop Profile related objects. + + + Default: Use base DN + + + + + + ipa_subid_ranges_search_base (string) + + + Optional. Use the given string as search base for + subordinate ranges related objects. + + + Default: the value of + cn=subids,%basedn + + + + + + ipa_hbac_search_base (string) + + + Optional. Use the given string as search base for + HBAC related objects. + + + Default: Use base DN + + + + + + ipa_host_search_base (string) + + + Deprecated. Use ldap_host_search_base instead. + + + + + + ipa_selinux_search_base (string) + + + Optional. Use the given string as search base for + SELinux user maps. + + + See ldap_search_base for + information about configuring multiple search + bases. + + + Default: the value of + ldap_search_base + + + + + + ipa_subdomains_search_base (string) + + + Optional. Use the given string as search base for + trusted domains. + + + See ldap_search_base for + information about configuring multiple search + bases. + + + Default: the value of + cn=trusts,%basedn + + + + + + ipa_master_domain_search_base (string) + + + Optional. Use the given string as search base for + master domain object. + + + See ldap_search_base for + information about configuring multiple search + bases. + + + Default: the value of + cn=ad,cn=etc,%basedn + + + + + + ipa_views_search_base (string) + + + Optional. Use the given string as search base for + views containers. + + + See ldap_search_base for + information about configuring multiple search + bases. + + + Default: the value of + cn=views,cn=accounts,%basedn + + + + + + krb5_realm (string) + + + The name of the Kerberos realm. This is optional and + defaults to the value of ipa_domain. + + + The name of the Kerberos realm has a special + meaning in IPA - it is converted into the base + DN to use for performing LDAP operations. + + + + + + krb5_confd_path (string) + + + Absolute path of a directory where SSSD should place + Kerberos configuration snippets. + + + To disable the creation of the configuration + snippets set the parameter to 'none'. + + + Default: not set (krb5.include.d subdirectory of + SSSD's pubconf directory) + + + + + + ipa_deskprofile_refresh (integer) + + + The amount of time between lookups of the Desktop + Profile rules against the IPA server. This will + reduce the latency and load on the IPA server if + there are many desktop profiles requests made in a + short period. + + + Default: 5 (seconds) + + + + + + ipa_deskprofile_request_interval (integer) + + + The amount of time between lookups of the Desktop + Profile rules against the IPA server in case the + last request did not return any rule. + + + Default: 60 (minutes) + + + + + + ipa_hbac_refresh (integer) + + + The amount of time between lookups of the HBAC + rules against the IPA server. This will reduce the + latency and load on the IPA server if there are + many access-control requests made in a short + period. + + + Default: 5 (seconds) + + + + + + ipa_hbac_selinux (integer) + + + The amount of time between lookups of the SELinux + maps against the IPA server. This will reduce the + latency and load on the IPA server if there are + many user login requests made in a short + period. + + + Default: 5 (seconds) + + + + + + ipa_server_mode (boolean) + + + This option will be set by the IPA installer + (ipa-server-install) automatically and denotes + if SSSD is running on an IPA server or not. + + + On an IPA server SSSD will lookup users and groups + from trusted domains directly while on a client + it will ask an IPA server. + + + NOTE: There are currently some assumptions that + must be met when SSSD is running on an IPA server. + + + + The ipa_server option + must be configured to point to the + IPA server itself. This is already + the default set by the IPA installer, + so no manual change is required. + + + + + The full_name_format + option must not be tweaked to only + print short names for users from + trusted domains. + + + + + + Default: false + + + + + + ipa_automount_location (string) + + + The automounter location this IPA client will be using + + + Default: The location named "default" + + + + + + + + VIEWS AND OVERRIDES + + SSSD can handle views and overrides which are offered by + FreeIPA 4.1 and later version. Since all paths and objectclasses + are fixed on the server side there is basically no need to + configure anything. For completeness the related options are + listed here with their default values. + + + ipa_view_class (string) + + + Objectclass of the view container. + + + Default: nsContainer + + + + + + ipa_view_name (string) + + + Name of the attribute holding the name of the + view. + + + Default: cn + + + + + + ipa_override_object_class (string) + + + Objectclass of the override objects. + + + Default: ipaOverrideAnchor + + + + + + ipa_anchor_uuid (string) + + + Name of the attribute containing the reference + to the original object in a remote domain. + + + Default: ipaAnchorUUID + + + + + + ipa_user_override_object_class (string) + + + Name of the objectclass for user overrides. It + is used to determine if the found override + object is related to a user or a group. + + + User overrides can contain attributes given by + + + ldap_user_name + + + ldap_user_uid_number + + + ldap_user_gid_number + + + ldap_user_gecos + + + ldap_user_home_directory + + + ldap_user_shell + + + ldap_user_ssh_public_key + + + + + Default: ipaUserOverride + + + + + + ipa_group_override_object_class (string) + + + Name of the objectclass for group overrides. It + is used to determine if the found override + object is related to a user or a group. + + + Group overrides can contain attributes given by + + + ldap_group_name + + + ldap_group_gid_number + + + + + Default: ipaGroupOverride + + + + + + + + + + + + SUBDOMAINS PROVIDER + + The IPA subdomains provider behaves slightly differently + if it is configured explicitly or implicitly. + + + If the option 'subdomains_provider = ipa' is found in the + domain section of sssd.conf, the IPA subdomains provider is + configured explicitly, and all subdomain requests are sent to the + IPA server if necessary. + + + If the option 'subdomains_provider' is not set in the domain + section of sssd.conf but there is the option 'id_provider = ipa', + the IPA subdomains provider is configured implicitly. In this case, + if a subdomain request fails and indicates that the server does not + support subdomains, i.e. is not configured for trusts, the IPA + subdomains provider is disabled. After an hour or after the IPA + provider goes online, the subdomains provider is enabled again. + + + + + TRUSTED DOMAINS CONFIGURATION + + Some configuration options can also be set for a trusted domain. + A trusted domain configuration can be set using the trusted domain + subsection as shown in the example below. Alternatively, + the subdomain_inherit option can be used in the + parent domain. + +[domain/ipa.domain.com/ad.domain.com] +ad_server = dc.ad.domain.com + + + + For more details, see the + + sssd.conf + 5 + manual page. + + + Different configuration options are tunable for a trusted + domain depending on whether you are configuring SSSD on an + IPA server or an IPA client. + + + OPTIONS TUNABLE ON IPA MASTERS + + The following options can be set in a subdomain + section on an IPA master: + + + ad_server + + + ad_backup_server + + + ad_site + + + ldap_search_base + + + ldap_user_search_base + + + ldap_group_search_base + + + use_fully_qualified_names + + + + + + OPTIONS TUNABLE ON IPA CLIENTS + + The following options can be set in a subdomain + section on an IPA client: + + + ad_server + + + ad_site + + + + + Note that if both options are set, only + ad_server is evaluated. + + + Since any request for a user or a group identity from a + trusted domain triggered from an IPA client is resolved + by the IPA server, the ad_server and + ad_site options only affect which AD DC will + the authentication be performed against. In particular, + the addresses resolved from these lists will be written to + kdcinfo files read by the Kerberos locator + plugin. Please refer to the + + sssd_krb5_locator_plugin + 8 + manual page for more details on the Kerberos + locator plugin. + + + + + + + + + + EXAMPLE + + The following example assumes that SSSD is correctly + configured and example.com is one of the domains in the + [sssd] section. This examples shows only + the ipa provider-specific options. + + + +[domain/example.com] +id_provider = ipa +ipa_server = ipaserver.example.com +ipa_hostname = myhost.example.com + + + + + + + + diff --git a/src/man/sssd-kcm.8.xml b/src/man/sssd-kcm.8.xml new file mode 100644 index 0000000..846ae69 --- /dev/null +++ b/src/man/sssd-kcm.8.xml @@ -0,0 +1,327 @@ + + + +SSSD Manual pages + + + + + sssd-kcm + 8 + File Formats and Conventions + + + + sssd-kcm + SSSD Kerberos Cache Manager + + + + DESCRIPTION + + This manual page describes the configuration of the SSSD Kerberos + Cache Manager (KCM). KCM is a process that stores, tracks and + manages Kerberos credential caches. It originates in the Heimdal + Kerberos project, although the MIT Kerberos library also provides + client side (more details on that below) support for the KCM + credential cache. + + + In a setup where Kerberos caches are managed by KCM, the + Kerberos library (typically used through an application, like + e.g., + + kinit1 + , + is a "KCM client" and the KCM daemon + is being referred to as a "KCM server". The client + and server communicate over a UNIX socket. + + + The KCM server keeps track of each credential caches's owner and + performs access check control based on the UID and GID of the + KCM client. The root user has access to all credential caches. + + + The KCM credential cache has several interesting properties: + + + + since the process runs in userspace, it is subject to UID namespacing, unlike the kernel keyring + + + + + unlike the kernel keyring-based cache, which is shared between all containers, the KCM server is a separate process whose entry point is a UNIX socket + + + + + the SSSD implementation stores the ccaches in a database, + typically located at /var/lib/sss/secrets + allowing the ccaches to survive KCM server restarts or machine reboots. + + + + This allows the system to use a collection-aware credential + cache, yet share the credential cache between some or no + containers by bind-mounting the socket. + + + The KCM default client idle timeout is 5 minutes, this allows + more time for user interaction with command line tools such as kinit. + + + + + USING THE KCM CREDENTIAL CACHE + + In order to use KCM credential cache, it must be selected as the default + credential type in + + krb5.conf5 + , + The credentials cache name must be only KCM: + without any template expansions. For example: + +[libdefaults] + default_ccache_name = KCM: + + + + Next, make sure the Kerberos client libraries and the KCM server must agree + on the UNIX socket path. By default, both use the same path + /var/run/.heim_org.h5l.kcm-socket. To configure + the Kerberos library, change its kcm_socket option which + is described in the + + krb5.conf5 + + manual page. + + + Finally, make sure the SSSD KCM server can be contacted. + The KCM service is typically socket-activated by + + systemd + 1 + . + Unlike + other SSSD services, it cannot be started by adding the + kcm string to the service + directive. + +systemctl start sssd-kcm.socket +systemctl enable sssd-kcm.socket + + Please note your distribution may already configure the units + for you. + + + + + THE CREDENTIAL CACHE STORAGE + + The credential caches are stored in a database, much like SSSD + caches user or group entries. The database is typically + located at /var/lib/sss/secrets. + + + + + OBTAINING DEBUG LOGS + + The sssd-kcm service is typically socket-activated + + systemd + 1 + . To generate debug logs, add the following + either to the /etc/sssd/sssd.conf + file directly or as a configuration snippet to + /etc/sssd/conf.d/ directory: + +[kcm] +debug_level = 10 + + Then, restart the sssd-kcm service: + +systemctl restart sssd-kcm.service + + Finally, run whatever use-case doesn't work for you. The KCM + logs will be generated at + /var/log/sssd/sssd_kcm.log. It is + recommended to disable the debug logs when you no longer need + the debugging to be enabled as the sssd-kcm service can generate + quite a large amount of debugging information. + + + Please note that configuration snippets are, at the moment, + only processed if the main configuration file at + /etc/sssd/sssd.conf exists at all. + + + + + RENEWALS + + The sssd-kcm service can be configured to attempt TGT + renewal for renewable TGTs stored in the KCM ccache. + Renewals are only attempted when half of the ticket + lifetime has been reached. KCM Renewals are configured + when the following options are set in the [kcm] section: + +tgt_renewal = true +krb5_renew_interval = 60m + + + + SSSD can also inherit krb5 options for renewals from an existing + domain. + + +tgt_renewal = true +tgt_renewal_inherit = domain-name + + + The following krb5 options can be configured in the + [kcm] section to control renewal behavior, these + options are described in detail below + +krb5_renew_interval +krb5_renewable_lifetime +krb5_lifetime +krb5_validate +krb5_canonicalize +krb5_auth_timeout + + + + + + CONFIGURATION OPTIONS + + The KCM service is configured in the kcm + section of the sssd.conf file. Please note that because + the KCM service is typically socket-activated, it is + enough to just restart the sssd-kcm service + after changing options in the kcm section + of sssd.conf: + +systemctl restart sssd-kcm.service + + + + The KCM service is configured in the kcm + For a detailed syntax reference, refer to the FILE FORMAT section of the + + sssd.conf + 5 + manual page. + + + The generic SSSD service options such as + debug_level or fd_limit are + accepted by the kcm service. Please refer to the + + sssd.conf + 5 + manual page for a complete list. In addition, + there are some KCM-specific options as well. + + + + socket_path (string) + + + The socket the KCM service will listen on. + + + Default: /var/run/.heim_org.h5l.kcm-socket + + + + Note: on platforms where systemd is supported, the + socket path is overwritten by the one defined in + the sssd-kcm.socket unit file. + + + + + + max_ccaches (integer) + + + How many credential caches does the KCM database allow + for all users. + + + Default: 0 (unlimited, only the per-UID quota is enforced) + + + + + max_uid_ccaches (integer) + + + How many credential caches does the KCM database allow + per UID. This is equivalent to with how many + principals you can kinit. + + + Default: 64 + + + + + max_ccache_size (integer) + + + How big can a credential cache be per ccache. Each + service ticket accounts into this quota. + + + Default: 65536 + + + + + tgt_renewal (bool) + + + Enables TGT renewals functionality. + + + Default: False (Automatic renewals disabled) + + + + + tgt_renewal_inherit (string) + + + Domain to inherit krb5_* options from, for use with TGT + renewals. + + + Default: NULL + + + + + + + + + SEE ALSO + + + sssd8 + , + + sssd.conf5 + , + + + + diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml new file mode 100644 index 0000000..abf855f --- /dev/null +++ b/src/man/sssd-krb5.5.xml @@ -0,0 +1,504 @@ + + + +SSSD Manual pages + + + + + sssd-krb5 + 5 + File Formats and Conventions + + + + sssd-krb5 + SSSD Kerberos provider + + + + DESCRIPTION + + This manual page describes the configuration of the Kerberos + 5 authentication backend for + + sssd + 8 + . + For a detailed syntax reference, please refer to the FILE FORMAT section of the + + sssd.conf + 5 + manual page. + + + The Kerberos 5 authentication backend contains auth and chpass + providers. It must be paired with an identity provider in + order to function properly (for example, id_provider = ldap). Some + information required by the Kerberos 5 authentication backend must + be provided by the identity provider, such as the user's Kerberos + Principal Name (UPN). The configuration of the identity provider + should have an entry to specify the UPN. Please refer to the man + page for the applicable identity provider for details on how to + configure this. + + + This backend also provides access control based on the .k5login + file in the home directory of the user. See + k5login5 + for more details. Please note that an empty .k5login + file will deny all access to this user. To activate this feature, + use 'access_provider = krb5' in your SSSD configuration. + + + In the case where the UPN is not available in the identity backend, + sssd will construct a UPN using the format + username@krb5_realm. + + + + + + CONFIGURATION OPTIONS + + If the auth-module krb5 is used in an SSSD domain, the following + options must be used. See the + + sssd.conf + 5 + manual page, section DOMAIN SECTIONS, + for details on the configuration of an SSSD domain. + + + krb5_server, krb5_backup_server (string) + + + Specifies the comma-separated list of IP addresses or hostnames + of the Kerberos servers to which SSSD should + connect, in the order of preference. For more + information on failover and server redundancy, + see the FAILOVER section. An optional + port number (preceded by a colon) may be appended to + the addresses or hostnames. + If empty, service discovery is enabled; + for more information, refer to the + SERVICE DISCOVERY section. + + + When using service discovery for KDC or kpasswd servers, + SSSD first searches for DNS entries that specify _udp as + the protocol and falls back to _tcp if none are found. + + + This option was named krb5_kdcip in + earlier releases of SSSD. While the legacy name is recognized + for the time being, users are advised to migrate their config + files to use krb5_server instead. + + + + + + krb5_realm (string) + + + The name of the Kerberos realm. This option is required + and must be specified. + + + + + + krb5_kpasswd, krb5_backup_kpasswd (string) + + + If the change password service is not running on the + KDC, alternative servers can be defined here. An + optional port number (preceded by a colon) may be + appended to the addresses or hostnames. + + + For more information on failover and server + redundancy, see the FAILOVER section. + NOTE: Even if there are no more kpasswd + servers to try, the backend is not switched to operate offline + if authentication against the KDC is still possible. + + + Default: Use the KDC + + + + + + krb5_ccachedir (string) + + + Directory to store credential caches. All the + substitution sequences of krb5_ccname_template can + be used here, too, except %d and %P. + The directory is created as private and owned + by the user, with permissions set to 0700. + + + Default: /tmp + + + + + + krb5_ccname_template (string) + + + Location of the user's credential cache. Three + credential cache types are currently supported: + FILE, DIR and + KEYRING:persistent. The cache can + be specified either as + TYPE:RESIDUAL, or as an + absolute path, which implies the + FILE type. In the template, the + following sequences are substituted: + + + %u + login name + + + %U + login UID + + + %p + principal name + + + + %r + realm name + + + %h + home directory + + + + %d + value of krb5_ccachedir + + + + + %P + the process ID of the SSSD + client + + + + %% + a literal '%' + + + + If the template ends with 'XXXXXX' mkstemp(3) is + used to create a unique filename in a safe way. + + + When using KEYRING types, the only supported + mechanism is KEYRING:persistent:%U, + which uses the Linux kernel keyring to store + credentials on a per-UID basis. This is also the + recommended choice, as it is the most secure and + predictable method. + + + The default value for the credential cache name is + sourced from the profile stored in the system wide + krb5.conf configuration file in the [libdefaults] + section. The option name is default_ccache_name. + See krb5.conf(5)'s PARAMETER EXPANSION paragraph + for additional information on the expansion format + defined by krb5.conf. + + + NOTE: Please be aware that libkrb5 ccache expansion + template from + + krb5.conf + 5 + + uses different expansion sequences than SSSD. + + + Default: (from libkrb5) + + + + + + krb5_keytab (string) + + + The location of the keytab to use when validating + credentials obtained from KDCs. + + + Default: System keytab, normally /etc/krb5.keytab + + + + + + krb5_store_password_if_offline (boolean) + + + Store the password of the user if the provider is + offline and use it to request a TGT when the + provider comes online again. + + + NOTE: this feature is only available on Linux. + Passwords stored in this way are kept in + plaintext in the kernel keyring and are + potentially accessible by the root user + (with difficulty). + + + Default: false + + + + + + krb5_use_fast (string) + + + Enables flexible authentication secure tunneling + (FAST) for Kerberos pre-authentication. The + following options are supported: + + + never use FAST. This is + equivalent to not setting this option at all. + + + try to use FAST. If the server + does not support FAST, continue the + authentication without it. + + + demand to use FAST. The + authentication fails if the server does not + require fast. + + + Default: not set, i.e. FAST is not used. + + + NOTE: a keytab or support for anonymous PKINIT is + required to use FAST. + + + NOTE: SSSD supports FAST only with + MIT Kerberos version 1.8 and later. If SSSD is used + with an older version of MIT Kerberos, using this + option is a configuration error. + + + + + + krb5_fast_principal (string) + + + Specifies the server principal to use for FAST. + + + + + + krb5_fast_use_anonymous_pkinit (boolean) + + + If set to true try to use anonymous PKINIT + instead of a keytab to get the required + credential for FAST. The krb5_fast_principal + options is ignored in this case. + + + Default: false + + + + + + krb5_use_kdcinfo (boolean) + + + Specifies if the SSSD should instruct the Kerberos + libraries what realm and which KDCs to use. This option + is on by default, if you disable it, you need to configure + the Kerberos library using the + + krb5.conf + 5 + + configuration file. + + + See the + + sssd_krb5_locator_plugin + 8 + + manual page for more information on the locator plugin. + + + Default: true + + + + + + krb5_kdcinfo_lookahead (string) + + + When krb5_use_kdcinfo is set to true, you can limit the amount + of servers handed to + + sssd_krb5_locator_plugin + 8 + . + This might be helpful when there are too many servers + discovered using SRV record. + + + The krb5_kdcinfo_lookahead option contains two + numbers separated by a colon. The first number represents + number of primary servers used and the second number + specifies the number of backup servers. + + + For example 10:0 means that up to + 10 primary servers will be handed to + + sssd_krb5_locator_plugin + 8 + + but no backup servers. + + + Default: 3:1 + + + + + + krb5_use_enterprise_principal (boolean) + + + Specifies if the user principal should be treated + as enterprise principal. See section 5 of RFC 6806 + for more details about enterprise principals. + + + + Default: false (AD provider: true) + + + The IPA provider will set to option to 'true' if it + detects that the server is capable of handling + enterprise principals and the option is not set + explicitly in the config file. + + + + + + krb5_use_subdomain_realm (boolean) + + + Specifies to use subdomains realms for the + authentication of users from trusted domains. This + option can be set to 'true' if enterprise principals + are used with upnSuffixes which are not known on the + parent domain KDCs. If the option is set to 'true' + SSSD will try to send the request directly to a KDC + of the trusted domain the user is coming from. + + + + Default: false + + + + + + krb5_map_user (string) + + + The list of mappings is given as a comma-separated + list of pairs username:primary + where username is a UNIX user name + and primary is a user part of + a kerberos principal. This mapping is used when + user is authenticating using + auth_provider = krb5. + + + + example: + +krb5_realm = REALM +krb5_map_user = joe:juser,dick:richard + + + + joe and dick are + UNIX user names and juser and + richard are primaries of kerberos + principals. For user joe resp. + dick SSSD will try to kinit as + juser@REALM resp. + richard@REALM. + + + + Default: not set + + + + + + + + + + + + + + + EXAMPLE + + The following example assumes that SSSD is correctly + configured and FOO is one of the domains in the + [sssd] section. This example shows + only configuration of Kerberos authentication; it does not include + any identity provider. + + + +[domain/FOO] +auth_provider = krb5 +krb5_server = 192.168.1.1 +krb5_realm = EXAMPLE.COM + + + + + + + + diff --git a/src/man/sssd-ldap-attributes.5.xml b/src/man/sssd-ldap-attributes.5.xml new file mode 100644 index 0000000..5e0a32e --- /dev/null +++ b/src/man/sssd-ldap-attributes.5.xml @@ -0,0 +1,1293 @@ + + + +SSSD Manual pages + + + + + sssd-ldap-attributes + 5 + File Formats and Conventions + + + + sssd-ldap-attributes + SSSD LDAP Provider: Mapping Attributes + + + + DESCRIPTION + + This manual page describes the mapping attributes of + SSSD LDAP provider + + sssd-ldap + 5 + . Refer to the + + sssd-ldap + 5 + manual page for full details about SSSD LDAP provider + configuration options. + + + + + USER ATTRIBUTES + + + + ldap_user_object_class (string) + + + The object class of a user entry in LDAP. + + + Default: posixAccount + + + + + + ldap_user_name (string) + + + The LDAP attribute that corresponds to the + user's login name. + + + Default: uid (rfc2307, rfc2307bis and IPA), + sAMAccountName (AD) + + + + + + ldap_user_uid_number (string) + + + The LDAP attribute that corresponds to the + user's id. + + + Default: uidNumber + + + + + + ldap_user_gid_number (string) + + + The LDAP attribute that corresponds to the + user's primary group id. + + + Default: gidNumber + + + + + + ldap_user_primary_group (string) + + + Active Directory primary group attribute + for ID-mapping. Note that this attribute should + only be set manually if you are running the + ldap provider with ID mapping. + + + Default: unset (LDAP), primaryGroupID (AD) + + + + + + ldap_user_gecos (string) + + + The LDAP attribute that corresponds to the + user's gecos field. + + + Default: gecos + + + + + + ldap_user_home_directory (string) + + + The LDAP attribute that contains the name of the user's + home directory. + + + Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD) + + + + + + ldap_user_shell (string) + + + The LDAP attribute that contains the path to the + user's default shell. + + + Default: loginShell + + + + + + ldap_user_uuid (string) + + + The LDAP attribute that contains the UUID/GUID of + an LDAP user object. + + + Default: not set in the general case, objectGUID for + AD and ipaUniqueID for IPA + + + + + + ldap_user_objectsid (string) + + + The LDAP attribute that contains the objectSID of + an LDAP user object. This is usually only + necessary for ActiveDirectory servers. + + + Default: objectSid for ActiveDirectory, not set + for other servers. + + + + + + ldap_user_modify_timestamp (string) + + + The LDAP attribute that contains timestamp of the + last modification of the parent object. + + + Default: modifyTimestamp + + + + + + ldap_user_shadow_last_change (string) + + + When using ldap_pwd_policy=shadow, this parameter + contains the name of an LDAP attribute corresponding + to its + + shadow + 5 + counterpart (date of the last + password change). + + + Default: shadowLastChange + + + + + + ldap_user_shadow_min (string) + + + When using ldap_pwd_policy=shadow, this parameter + contains the name of an LDAP attribute corresponding + to its + + shadow + 5 + counterpart (minimum password age). + + + Default: shadowMin + + + + + + ldap_user_shadow_max (string) + + + When using ldap_pwd_policy=shadow, this parameter + contains the name of an LDAP attribute corresponding + to its + + shadow + 5 + counterpart (maximum password age). + + + Default: shadowMax + + + + + + ldap_user_shadow_warning (string) + + + When using ldap_pwd_policy=shadow, this parameter + contains the name of an LDAP attribute corresponding + to its + + shadow + 5 + counterpart (password warning + period). + + + Default: shadowWarning + + + + + + ldap_user_shadow_inactive (string) + + + When using ldap_pwd_policy=shadow, this parameter + contains the name of an LDAP attribute corresponding + to its + + shadow + 5 + counterpart (password inactivity + period). + + + Default: shadowInactive + + + + + + ldap_user_shadow_expire (string) + + + When using ldap_pwd_policy=shadow or + ldap_account_expire_policy=shadow, this parameter + contains the name of an LDAP attribute corresponding + to its + + shadow + 5 + counterpart (account expiration date). + + + Default: shadowExpire + + + + + + ldap_user_krb_last_pwd_change (string) + + + When using ldap_pwd_policy=mit_kerberos, this + parameter contains the name of an LDAP attribute + storing the date and time of last password change + in kerberos. + + + Default: krbLastPwdChange + + + + + + ldap_user_krb_password_expiration (string) + + + When using ldap_pwd_policy=mit_kerberos, this + parameter contains the name of an LDAP attribute + storing the date and time when current password + expires. + + + Default: krbPasswordExpiration + + + + + + ldap_user_ad_account_expires (string) + + + When using ldap_account_expire_policy=ad, this + parameter contains the name of an LDAP attribute + storing the expiration time of the account. + + + Default: accountExpires + + + + + + ldap_user_ad_user_account_control (string) + + + When using ldap_account_expire_policy=ad, this + parameter contains the name of an LDAP attribute + storing the user account control bit field. + + + Default: userAccountControl + + + + + + ldap_ns_account_lock (string) + + + When using ldap_account_expire_policy=rhds or + equivalent, this parameter determines if access is + allowed or not. + + + Default: nsAccountLock + + + + + + ldap_user_nds_login_disabled (string) + + + When using ldap_account_expire_policy=nds, this + attribute determines if access is allowed or not. + + + Default: loginDisabled + + + + + + ldap_user_nds_login_expiration_time (string) + + + When using ldap_account_expire_policy=nds, this + attribute determines until which date access is + granted. + + + Default: loginDisabled + + + + + + ldap_user_nds_login_allowed_time_map (string) + + + When using ldap_account_expire_policy=nds, this + attribute determines the hours of a day in a week + when access is granted. + + + Default: loginAllowedTimeMap + + + + + + ldap_user_principal (string) + + + The LDAP attribute that contains the user's Kerberos + User Principal Name (UPN). + + + Default: krbPrincipalName + + + + + + ldap_user_extra_attrs (string) + + + Comma-separated list of LDAP attributes that SSSD + would fetch along with the usual set of user + attributes. + + + The list can either contain LDAP attribute names + only, or colon-separated tuples of SSSD cache + attribute name and LDAP attribute name. In + case only LDAP attribute name is specified, + the attribute is saved to the cache verbatim. + Using a custom SSSD attribute name might be + required by environments that configure several + SSSD domains with different LDAP schemas. + + + Please note that several attribute names are + reserved by SSSD, notably the name + attribute. SSSD would report an error if any of + the reserved attribute names is used as an extra + attribute name. + + + Examples: + + + ldap_user_extra_attrs = telephoneNumber + + + Save the telephoneNumber attribute from LDAP + as telephoneNumber to the cache. + + + ldap_user_extra_attrs = phone:telephoneNumber + + + Save the telephoneNumber attribute from LDAP + as phone to the cache. + + + Default: not set + + + + + + ldap_user_ssh_public_key (string) + + + The LDAP attribute that contains the user's SSH + public keys. + + + Default: sshPublicKey + + + + + + ldap_user_fullname (string) + + + The LDAP attribute that corresponds to the + user's full name. + + + Default: cn + + + + + + ldap_user_member_of (string) + + + The LDAP attribute that lists the user's + group memberships. + + + Default: memberOf + + + + + + ldap_user_authorized_service (string) + + + If access_provider=ldap and + ldap_access_order=authorized_service, SSSD will + use the presence of the authorizedService + attribute in the user's LDAP entry to determine + access privilege. + + + An explicit deny (!svc) is resolved first. Second, + SSSD searches for explicit allow (svc) and finally + for allow_all (*). + + + Please note that the ldap_access_order + configuration option must include + authorized_service in order for the + ldap_user_authorized_service option + to work. + + + Some distributions (such as Fedora-29+ or RHEL-8) + always include the systemd-user PAM + service as part of the login process. Therefore when + using service-based access control, the + systemd-user service might need to be + added to the list of allowed services. + + + Default: authorizedService + + + + + + ldap_user_authorized_host (string) + + + If access_provider=ldap and + ldap_access_order=host, SSSD will use the presence + of the host attribute in the user's LDAP entry to + determine access privilege. + + + An explicit deny (!host) is resolved first. Second, + SSSD searches for explicit allow (host) and finally + for allow_all (*). + + + Please note that the ldap_access_order + configuration option must + include host in order for the + ldap_user_authorized_host option + to work. + + + Default: host + + + + + + ldap_user_authorized_rhost (string) + + + If access_provider=ldap and + ldap_access_order=rhost, SSSD will use the presence + of the rhost attribute in the user's LDAP entry to + determine access privilege. Similarly to host + verification process. + + + An explicit deny (!rhost) is resolved first. Second, + SSSD searches for explicit allow (rhost) and finally + for allow_all (*). + + + Please note that the ldap_access_order + configuration option must + include rhost in order for the + ldap_user_authorized_rhost option + to work. + + + Default: rhost + + + + + + ldap_user_certificate (string) + + + Name of the LDAP attribute containing the X509 + certificate of the user. + + + Default: userCertificate;binary + + + + + + ldap_user_email (string) + + + Name of the LDAP attribute containing the email + address of the user. + + + Note: If an email address of a user conflicts with + an email address or fully qualified name of another + user, then SSSD will not be able to serve those + users properly. If for some reason several users + need to share the same email address then set + this option to a nonexistent attribute name in + order to disable user lookup/login by email. + + + Default: mail + + + + + ldap_user_passkey (string) + + + Name of the LDAP attribute containing the passkey + mapping data of the user. + + + Default: passkey (LDAP), ipaPassKey (IPA), + altSecurityIdentities (AD) + + + + + + + + + GROUP ATTRIBUTES + + + + ldap_group_object_class (string) + + + The object class of a group entry in LDAP. + + + Default: posixGroup + + + + + + ldap_group_name (string) + + + The LDAP attribute that corresponds to + the group name. In an environment with nested + groups, this value must be an LDAP attribute + which has a unique name for every group. This + requirement includes non-POSIX groups in the + tree of nested groups. + + + Default: cn (rfc2307, rfc2307bis and IPA), + sAMAccountName (AD) + + + + + + ldap_group_gid_number (string) + + + The LDAP attribute that corresponds to the + group's id. + + + Default: gidNumber + + + + + + ldap_group_member (string) + + + The LDAP attribute that contains the names of + the group's members. + + + Default: memberuid (rfc2307) / member (rfc2307bis) + + + + + + ldap_group_uuid (string) + + + The LDAP attribute that contains the UUID/GUID of + an LDAP group object. + + + Default: not set in the general case, objectGUID for + AD and ipaUniqueID for IPA + + + + + + ldap_group_objectsid (string) + + + The LDAP attribute that contains the objectSID of + an LDAP group object. This is usually only + necessary for ActiveDirectory servers. + + + Default: objectSid for ActiveDirectory, not set + for other servers. + + + + + + ldap_group_modify_timestamp (string) + + + The LDAP attribute that contains timestamp of the + last modification of the parent object. + + + Default: modifyTimestamp + + + + + + ldap_group_type (string) + + + The LDAP attribute that contains an integer value + indicating the type of the group and maybe other + flags. + + + This attribute is currently only used by the AD + provider to determine if a group is a domain local + groups and has to be filtered out for trusted + domains. + + + Default: groupType in the AD provider, otherwise not + set + + + + + + ldap_group_external_member (string) + + + The LDAP attribute that references group + members that are defined in an external + domain. At the moment, only IPA's external + members are supported. + + + Default: ipaExternalMember in the IPA provider, + otherwise unset. + + + + + + + + + NETGROUP ATTRIBUTES + + + + ldap_netgroup_object_class (string) + + + The object class of a netgroup entry in LDAP. + + + In IPA provider, ipa_netgroup_object_class should + be used instead. + + + Default: nisNetgroup + + + + + + ldap_netgroup_name (string) + + + The LDAP attribute that corresponds to + the netgroup name. + + + In IPA provider, ipa_netgroup_name should + be used instead. + + + Default: cn + + + + + + ldap_netgroup_member (string) + + + The LDAP attribute that contains the names of + the netgroup's members. + + + In IPA provider, ipa_netgroup_member should + be used instead. + + + Default: memberNisNetgroup + + + + + + ldap_netgroup_triple (string) + + + The LDAP attribute that contains the (host, user, + domain) netgroup triples. + + + This option is not available in IPA provider. + + + Default: nisNetgroupTriple + + + + + + ldap_netgroup_modify_timestamp (string) + + + The LDAP attribute that contains timestamp of the + last modification of the parent object. + + + This option is not available in IPA provider. + + + Default: modifyTimestamp + + + + + + + + + HOST ATTRIBUTES + + + + ldap_host_object_class (string) + + + The object class of a host entry in LDAP. + + + Default: ipService + + + + + + ldap_host_name (string) + + + The LDAP attribute that corresponds to the host's + name. + + + Default: cn + + + + + + ldap_host_fqdn (string) + + + The LDAP attribute that corresponds to the host's + fully-qualified domain name. + + + Default: fqdn + + + + + + ldap_host_serverhostname (string) + + + The LDAP attribute that corresponds to the host's + name. + + + Default: serverHostname + + + + + + ldap_host_member_of (string) + + + The LDAP attribute that lists the host's group + memberships. + + + Default: memberOf + + + + + + ldap_host_ssh_public_key (string) + + + The LDAP attribute that contains the host's SSH + public keys. + + + Default: sshPublicKey + + + + + + ldap_host_uuid (string) + + + The LDAP attribute that contains the UUID/GUID of + an LDAP host object. + + + Default: not set + + + + + + + + + SERVICE ATTRIBUTES + + + + ldap_service_object_class (string) + + + The object class of a service entry in LDAP. + + + Default: ipService + + + + + + ldap_service_name (string) + + + The LDAP attribute that contains the name of + service attributes and their aliases. + + + Default: cn + + + + + + ldap_service_port (string) + + + The LDAP attribute that contains the port managed + by this service. + + + Default: ipServicePort + + + + + + ldap_service_proto (string) + + + The LDAP attribute that contains the protocols + understood by this service. + + + Default: ipServiceProtocol + + + + + + + + + SUDO ATTRIBUTES + + + + ldap_sudorule_object_class (string) + + + The object class of a sudo rule entry in LDAP. + + + Default: sudoRole + + + + + + ldap_sudorule_name (string) + + + The LDAP attribute that corresponds to + the sudo rule name. + + + Default: cn + + + + + + ldap_sudorule_command (string) + + + The LDAP attribute that corresponds to the + command name. + + + Default: sudoCommand + + + + + + ldap_sudorule_host (string) + + + The LDAP attribute that corresponds to the + host name (or host IP address, host IP network, + or host netgroup) + + + Default: sudoHost + + + + + + ldap_sudorule_user (string) + + + The LDAP attribute that corresponds to the + user name (or UID, group name or user's netgroup) + + + Default: sudoUser + + + + + + ldap_sudorule_option (string) + + + The LDAP attribute that corresponds to the + sudo options. + + + Default: sudoOption + + + + + + ldap_sudorule_runasuser (string) + + + The LDAP attribute that corresponds to the + user name that commands may be run as. + + + Default: sudoRunAsUser + + + + + + ldap_sudorule_runasgroup (string) + + + The LDAP attribute that corresponds to the group + name or group GID that commands may be run as. + + + Default: sudoRunAsGroup + + + + + + ldap_sudorule_notbefore (string) + + + The LDAP attribute that corresponds to the + start date/time for when the sudo rule is valid. + + + Default: sudoNotBefore + + + + + + ldap_sudorule_notafter (string) + + + The LDAP attribute that corresponds to the + expiration date/time, after which the sudo rule + will no longer be valid. + + + Default: sudoNotAfter + + + + + + ldap_sudorule_order (string) + + + The LDAP attribute that corresponds to the + ordering index of the rule. + + + Default: sudoOrder + + + + + + + + + AUTOFS ATTRIBUTES + + + + + + + IP HOST ATTRIBUTES + + + + ldap_iphost_object_class (string) + + + The object class of an iphost entry in LDAP. + + + Default: ipHost + + + + + + ldap_iphost_name (string) + + + The LDAP attribute that contains the name of the + IP host attributes and their aliases. + + + Default: cn + + + + + + ldap_iphost_number (string) + + + The LDAP attribute that contains the IP host + address. + + + Default: ipHostNumber + + + + + + + + + IP NETWORK ATTRIBUTES + + + + ldap_ipnetwork_object_class (string) + + + The object class of an ipnetwork entry in LDAP. + + + Default: ipNetwork + + + + + + ldap_ipnetwork_name (string) + + + The LDAP attribute that contains the name of the + IP network attributes and their aliases. + + + Default: cn + + + + + + ldap_ipnetwork_number (string) + + + The LDAP attribute that contains the IP network + address. + + + Default: ipNetworkNumber + + + + + + + + + + + diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml new file mode 100644 index 0000000..0a814ec --- /dev/null +++ b/src/man/sssd-ldap.5.xml @@ -0,0 +1,1990 @@ + + + +SSSD Manual pages + + + + + sssd-ldap + 5 + File Formats and Conventions + + + + sssd-ldap + SSSD LDAP provider + + + + DESCRIPTION + + This manual page describes the configuration of LDAP + domains for + + sssd + 8 + . + Refer to the FILE FORMAT section of the + + sssd.conf + 5 + manual page for detailed syntax information. + + You can configure SSSD to use more than one LDAP domain. + + + LDAP back end supports id, auth, access and chpass providers. If you want + to authenticate against an LDAP server either TLS/SSL or LDAPS + is required. sssd does + not support authentication over an unencrypted channel. + Even if the LDAP server is used only as an identity provider, an encrypted + channel is strongly recommended. Please refer to + ldap_access_filter config option for more information + about using LDAP as an access provider. + + + + + CONFIGURATION OPTIONS + + All of the common configuration options that apply to SSSD domains also apply + to LDAP domains. Refer to the DOMAIN SECTIONS section of the + + sssd.conf + 5 + manual page for full details. + + Note that SSSD LDAP mapping attributes are described in the + + sssd-ldap-attributes + 5 + manual page. + + + + ldap_uri, ldap_backup_uri (string) + + + Specifies the comma-separated list of URIs of the LDAP servers to which + SSSD should connect in the order of preference. Refer to the + FAILOVER section for more information on failover and server redundancy. + If neither option is specified, service discovery is enabled. For more information, + refer to the SERVICE DISCOVERY section. + + + The format of the URI must match the format defined in RFC 2732: + + + ldap[s]://<host>[:port] + + + For explicit IPv6 addresses, <host> must be enclosed in brackets [] + + + example: ldap://[fc00::126:25]:389 + + + + + + ldap_chpass_uri, ldap_chpass_backup_uri (string) + + + Specifies the comma-separated list of URIs of the LDAP servers to + which SSSD should connect in the order of preference + to change the password of a user. Refer to the + FAILOVER section for more information + on failover and server redundancy. + + + To enable service discovery + ldap_chpass_dns_service_name must be set. + + + Default: empty, i.e. ldap_uri is used. + + + + + + ldap_search_base (string) + + + The default base DN to use for + performing LDAP user operations. + + + Starting with SSSD 1.7.0, SSSD supports multiple + search bases using the syntax: + + + search_base[?scope?[filter][?search_base?scope?[filter]]*] + + + The scope can be one of "base", "onelevel" or "subtree". + + + The filter must be a valid LDAP search filter as + specified by http://www.ietf.org/rfc/rfc2254.txt + + + Examples: + + + ldap_search_base = dc=example,dc=com + (which is equivalent to) + ldap_search_base = dc=example,dc=com?subtree? + + + ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?(host=thishost)?dc=example.com?subtree? + + + Note: It is unsupported to have multiple search + bases which reference identically-named objects + (for example, groups with the same name in two + different search bases). This will lead to + unpredictable behavior on client machines. + + + Default: If not set, the value of the + defaultNamingContext or namingContexts attribute + from the RootDSE of the LDAP server is + used. If defaultNamingContext does not exist or + has an empty value namingContexts is used. + The namingContexts attribute must have a + single value with the DN of the search base of the + LDAP server to make this work. Multiple values are + are not supported. + + + + + + ldap_schema (string) + + + Specifies the Schema Type in use on the target LDAP + server. + Depending on the selected schema, the default + attribute names retrieved from the servers may vary. + The way that some attributes are handled may also differ. + + + Four schema types are currently supported: + + + + rfc2307 + + + + + rfc2307bis + + + + + IPA + + + + + AD + + + + + + The main difference between these schema types is + how group memberships are recorded in the server. + With rfc2307, group members are listed by name in the + memberUid attribute. + With rfc2307bis and IPA, group members are listed by DN + and stored in the member attribute. + The AD schema type sets the attributes to correspond with + Active Directory 2008r2 values. + + + Default: rfc2307 + + + + + + ldap_pwmodify_mode (string) + + + Specify the operation that is used to modify user + password. + + + Two modes are currently supported: + + + + exop - Password Modify Extended + Operation (RFC 3062) + + + + + ldap_modify - Direct modification of + userPassword (not recommended). + + + + + + Note: First, a new connection is established to + verify current password by binding as the user + that requested password change. If successful, + this connection is used to change the password + therefore the user must have write access to + userPassword attribute. + + + Default: exop + + + + + + ldap_default_bind_dn (string) + + + The default bind DN to use for + performing LDAP operations. + + + + + + ldap_default_authtok_type (string) + + + The type of the authentication token of the + default bind DN. + + + The two mechanisms currently supported are: + + + password + + + obfuscated_password + + + Default: password + + + See the + + sss_obfuscate + 8 + + manual page for more information. + + + + + + ldap_default_authtok (string) + + + The authentication token of the default bind DN. + + + + + + ldap_force_upper_case_realm (boolean) + + + Some directory servers, for example Active Directory, + might deliver the realm part of the UPN in lower case, + which might cause the authentication to fail. Set this + option to a non-zero value if you want to use an + upper-case realm. + + + Default: false + + + + + + ldap_enumeration_refresh_timeout (integer) + + + Specifies how many seconds SSSD has to wait + before refreshing its cache of enumerated + records. + + + This option can be also set per subdomain or + inherited via + subdomain_inherit. + + + Default: 300 + + + + + + ldap_purge_cache_timeout (integer) + + + Determine how often to check the cache for + inactive entries (such as groups with no + members and users who have never logged in) and + remove them to save space. + + + Setting this option to zero will disable the + cache cleanup operation. Please note that if + enumeration is enabled, the cleanup task is + required in order to detect entries removed from + the server and can't be disabled. By default, + the cleanup task will run every 3 hours with + enumeration enabled. + + + This option can be also set per subdomain or + inherited via + subdomain_inherit. + + + Default: 0 (disabled) + + + + + + ldap_group_nesting_level (integer) + + + If ldap_schema is set to a schema format that + supports nested groups (e.g. RFC2307bis), then + this option controls how many levels of nesting + SSSD will follow. This option has no effect on the + RFC2307 schema. + + + Note: This option specifies the guaranteed level of + nested groups to be processed for any lookup. However, + nested groups beyond this limit + may be returned if previous + lookups already resolved the deeper nesting levels. + Also, subsequent lookups for other groups may enlarge + the result set for original lookup if re-queried. + + + If ldap_group_nesting_level is set to 0 then no + nested groups are processed at all. However, when + connected to Active-Directory Server 2008 + and later using id_provider=ad + it is furthermore required to disable usage of + Token-Groups by setting ldap_use_tokengroups + to false in order to restrict group nesting. + + + Default: 2 + + + + + + ldap_use_tokengroups + + + This options enables or disables use of Token-Groups + attribute when performing initgroup for users from + Active Directory Server 2008 and later. + + + This option can be also set per subdomain or + inherited via + subdomain_inherit. + + + Default: True for AD and IPA otherwise False. + + + + + + ldap_host_search_base (string) + + + Optional. Use the given string as search base for + host objects. + + + See ldap_search_base for + information about configuring multiple search + bases. + + + Default: the value of + ldap_search_base + + + + + + ldap_service_search_base (string) + + + + + ldap_iphost_search_base (string) + + + + + ldap_ipnetwork_search_base (string) + + + + + ldap_search_timeout (integer) + + + Specifies the timeout (in seconds) that ldap + searches are allowed to run before they are + cancelled and cached results are returned (and + offline mode is entered) + + + Note: this option is subject to change in future + versions of the SSSD. It will likely be replaced at + some point by a series of timeouts for specific + lookup types. + + + This option can be also set per subdomain or + inherited via + subdomain_inherit. + + + Default: 6 + + + + + + ldap_enumeration_search_timeout (integer) + + + Specifies the timeout (in seconds) that ldap + searches for user and group enumerations + are allowed to run before they are cancelled and + cached results are returned (and offline mode is + entered) + + + This option can be also set per subdomain or + inherited via + subdomain_inherit. + + + Default: 60 + + + + + + ldap_network_timeout (integer) + + + Specifies the timeout (in seconds) after which + the + + poll + 2 + / + select + 2 + + following a + + connect + 2 + + returns in case of no activity. + + + This option can be also set per subdomain or + inherited via + subdomain_inherit. + + + Default: 6 + + + + + + ldap_opt_timeout (integer) + + + Specifies a timeout (in seconds) after which + calls to synchronous LDAP APIs will abort if no + response is received. Also controls the timeout + when communicating with the KDC in case of SASL + bind, the timeout of an LDAP bind operation, + password change extended operation and the + StartTLS operation. + + + This option can be also set per subdomain or + inherited via + subdomain_inherit. + + + Default: 8 + + + + + + ldap_connection_expire_timeout (integer) + + + Specifies a timeout (in seconds) that a connection + to an LDAP server will be maintained. After this + time, the connection will be re-established. If + used in parallel with SASL/GSSAPI, the sooner of + the two values (this value vs. the TGT lifetime) + will be used. + + + If the connection is idle (not actively running an + operation) within + ldap_opt_timeout seconds of + expiration, then it will be closed early to ensure + that a new query cannot require the connection to + remain open past its expiration. This implies that + connections will always be closed immediately and + will never be reused if + ldap_connection_expire_timeout <= + ldap_opt_timout + + + This timeout can be extended of a random + value specified by + ldap_connection_expire_offset + + + This option can be also set per subdomain or + inherited via + subdomain_inherit. + + + Default: 900 (15 minutes) + + + + + + ldap_connection_expire_offset (integer) + + + Random offset between 0 and configured value + is added to + ldap_connection_expire_timeout. + + + This option can be also set per subdomain or + inherited via + subdomain_inherit. + + + Default: 0 + + + + + + ldap_connection_idle_timeout (integer) + + + Specifies a timeout (in seconds) that an idle + connection to an LDAP server will be maintained. + If the connection is idle for more than this time + then the connection will be closed. + + + You can disable this timeout by setting the value to + 0. + + + This option can be also set per subdomain or + inherited via + subdomain_inherit. + + + Default: 900 (15 minutes) + + + + + + ldap_page_size (integer) + + + Specify the number of records to retrieve from + LDAP in a single request. Some LDAP servers + enforce a maximum limit per-request. + + + Default: 1000 + + + + + + ldap_disable_paging (boolean) + + + Disable the LDAP paging control. This option + should be used if the LDAP server reports that it + supports the LDAP paging control in its RootDSE + but it is not enabled or does not behave properly. + + + Example: OpenLDAP servers with the paging control + module installed on the server but not enabled + will report it in the RootDSE but be unable to use + it. + + + Example: 389 DS has a bug where it can only + support a one paging control at a time on a single + connection. On busy clients, this can result in + some requests being denied. + + + Default: False + + + + + + ldap_disable_range_retrieval (boolean) + + + Disable Active Directory range retrieval. + + + Active Directory limits the number of members to be + retrieved in a single lookup using the MaxValRange + policy (which defaults to 1500 members). If a group + contains more members, the reply would include an + AD-specific range extension. This option disables + parsing of the range extension, therefore large + groups will appear as having no members. + + + Default: False + + + + + + ldap_sasl_minssf (integer) + + + When communicating with an LDAP server using SASL, + specify the minimum security level necessary to + establish the connection. The values of this + option are defined by OpenLDAP. + + + Default: Use the system default (usually specified + by ldap.conf) + + + + + + ldap_sasl_maxssf (integer) + + + When communicating with an LDAP server using SASL, + specify the maximal security level necessary to + establish the connection. The values of this + option are defined by OpenLDAP. + + + Default: Use the system default (usually specified + by ldap.conf) + + + + + + ldap_deref_threshold (integer) + + + Specify the number of group members that must be + missing from the internal cache in order to trigger + a dereference lookup. If less members are missing, + they are looked up individually. + + + You can turn off dereference lookups completely + by setting the value to 0. Please note that + there are some codepaths in SSSD, like the IPA + HBAC provider, that are only implemented using + the dereference call, so even with dereference + explicitly disabled, those parts will still + use dereference if the server supports it + and advertises the dereference control in the + rootDSE object. + + + A dereference lookup is a means of fetching all + group members in a single LDAP call. + Different LDAP servers may implement different + dereference methods. The currently supported + servers are 389/RHDS, OpenLDAP and Active + Directory. + + + Note: + If any of the search bases specifies a search + filter, then the dereference lookup performance + enhancement will be disabled regardless of this + setting. + + + Default: 10 + + + + + + ldap_ignore_unreadable_references (bool) + + + Ignore unreadable LDAP entries referenced in + group's member attribute. If this parameter is set + to false an error will be returned and the + operation will fail instead of just ignoring the + unreadable entry. + + + This parameter may be useful when using the AD + provider and the computer account that sssd uses + to connect to AD does not have access to a + particular entry or LDAP sub-tree for security + reasons. + + + Default: False + + + + + + ldap_tls_reqcert (string) + + + Specifies what checks to perform on server + certificates in a TLS session, if any. It + can be specified as one of the following + values: + + + never = The client will + not request or check any server certificate. + + + allow = The server + certificate is requested. If no certificate is + provided, the session proceeds normally. If a + bad certificate is provided, it will be ignored + and the session proceeds normally. + + + try = The server certificate + is requested. If no certificate is provided, the + session proceeds normally. If a bad certificate + is provided, the session is immediately terminated. + + + demand = The server + certificate is requested. If no certificate + is provided, or a bad certificate is provided, + the session is immediately terminated. + + + hard = Same as + demand + + + Default: hard + + + + + + ldap_tls_cacert (string) + + + Specifies the file that contains certificates for + all of the Certificate Authorities that + sssd will recognize. + + + Default: use OpenLDAP defaults, typically in + /etc/openldap/ldap.conf + + + + + + ldap_tls_cacertdir (string) + + + Specifies the path of a directory that contains + Certificate Authority certificates in separate + individual files. Typically the file names need to + be the hash of the certificate followed by '.0'. + If available, cacertdir_rehash + can be used to create the correct names. + + + Default: use OpenLDAP defaults, typically in + /etc/openldap/ldap.conf + + + + + + ldap_tls_cert (string) + + + Specifies the file that contains the certificate + for the client's key. + + + Default: not set + + + + + + ldap_tls_key (string) + + + Specifies the file that contains the client's key. + + + Default: not set + + + + + + ldap_tls_cipher_suite (string) + + + Specifies acceptable cipher suites. Typically this + is a colon separated list. See + ldap.conf + 5 for format. + + + Default: use OpenLDAP defaults, typically in + /etc/openldap/ldap.conf + + + + + + ldap_id_use_start_tls (boolean) + + + Specifies that the id_provider connection must also + use tls to protect the channel. + true is strongly recommended for security reasons. + + + Default: false + + + + + + ldap_id_mapping (boolean) + + + Specifies that SSSD should attempt to map user and + group IDs from the ldap_user_objectsid and + ldap_group_objectsid attributes instead of relying + on ldap_user_uid_number and ldap_group_gid_number. + + + Currently this feature supports only + ActiveDirectory objectSID mapping. + + + Default: false + + + + + + ldap_min_id, ldap_max_id (integer) + + + In contrast to the SID based ID mapping which is + used if ldap_id_mapping is set to true the allowed + ID range for ldap_user_uid_number and + ldap_group_gid_number is unbound. In a setup with + sub/trusted-domains this might lead to ID + collisions. To avoid collisions ldap_min_id and + ldap_max_id can be set to restrict the allowed + range for the IDs which are read directly from the + server. Sub-domains can then pick other ranges to + map IDs. + + + Default: not set (both options are set to 0) + + + + + + ldap_sasl_mech (string) + + + Specify the SASL mechanism to use. Currently only + GSSAPI and GSS-SPNEGO are tested and supported. + + + If the backend supports sub-domains the value of + ldap_sasl_mech is automatically inherited to the + sub-domains. If a different value is needed for a + sub-domain it can be overwritten by setting + ldap_sasl_mech for this sub-domain explicitly. + Please see TRUSTED DOMAIN SECTION in + sssd.conf + 5 for details. + + + Default: not set + + + + + + ldap_sasl_authid (string) + + + Specify the SASL authorization id to use. When + GSSAPI/GSS-SPNEGO are used, this represents the + Kerberos principal used for authentication to the + directory. This option can either contain the full + principal (for example host/myhost@EXAMPLE.COM) or + just the principal name (for example host/myhost). + By default, the value is not set and the following + principals are used: + +hostname@REALM +netbiosname$@REALM +host/hostname@REALM +*$@REALM +host/*@REALM +host/* + + If none of them are found, the first principal in keytab is + returned. + + + Default: host/hostname@REALM + + + + + + ldap_sasl_realm (string) + + + Specify the SASL realm to use. When not specified, + this option defaults to the value of krb5_realm. + If the ldap_sasl_authid contains the realm as well, + this option is ignored. + + + Default: the value of krb5_realm. + + + + + + ldap_sasl_canonicalize (boolean) + + + If set to true, the LDAP library would perform + a reverse lookup to canonicalize the host name + during a SASL bind. + + + Default: false; + + + + + + ldap_krb5_keytab (string) + + + Specify the keytab to use when using + SASL/GSSAPI/GSS-SPNEGO. + + + This option can be also set per subdomain or + inherited via + subdomain_inherit. + + + Default: System keytab, normally /etc/krb5.keytab + + + + + + ldap_krb5_init_creds (boolean) + + + Specifies that the id_provider should init + Kerberos credentials (TGT). + This action is performed only if SASL is used and + the mechanism selected is GSSAPI or GSS-SPNEGO. + + + Default: true + + + + + + ldap_krb5_ticket_lifetime (integer) + + + Specifies the lifetime in seconds of the TGT if + GSSAPI or GSS-SPNEGO is used. + + + This option can be also set per subdomain or + inherited via + subdomain_inherit. + + + Default: 86400 (24 hours) + + + + + + krb5_server, krb5_backup_server (string) + + + Specifies the comma-separated list of IP addresses or hostnames + of the Kerberos servers to which SSSD should + connect in the order of preference. For more + information on failover and server redundancy, + see the FAILOVER section. An optional + port number (preceded by a colon) may be appended to + the addresses or hostnames. + If empty, service discovery is enabled - + for more information, refer to the + SERVICE DISCOVERY section. + + + When using service discovery for KDC or kpasswd servers, + SSSD first searches for DNS entries that specify _udp as + the protocol and falls back to _tcp if none are found. + + + This option was named krb5_kdcip in + earlier releases of SSSD. While the legacy name is recognized + for the time being, users are advised to migrate their config + files to use krb5_server instead. + + + + + + krb5_realm (string) + + + Specify the Kerberos REALM (for + SASL/GSSAPI/GSS-SPNEGO auth). + + + Default: System defaults, see /etc/krb5.conf + + + + + + krb5_canonicalize (boolean) + + + Specifies if the host principal should be canonicalized + when connecting to LDAP server. This feature is + available with MIT Kerberos >= 1.7 + + + + Default: false + + + + + + krb5_use_kdcinfo (boolean) + + + Specifies if the SSSD should instruct the Kerberos + libraries what realm and which KDCs to use. This option + is on by default, if you disable it, you need to configure + the Kerberos library using the + + krb5.conf + 5 + + configuration file. + + + See the + + sssd_krb5_locator_plugin + 8 + + manual page for more information on the locator plugin. + + + Default: true + + + + + + ldap_pwd_policy (string) + + + Select the policy to evaluate the password + expiration on the client side. The following values + are allowed: + + + none - No evaluation on the + client side. This option cannot disable server-side + password policies. + + + shadow - Use + shadow + 5 style + attributes to evaluate if the password has expired. + Please see option "ldap_chpass_update_last_change" + as well. + + + mit_kerberos - Use the attributes + used by MIT Kerberos to determine if the password has + expired. Use chpass_provider=krb5 to update these + attributes when the password is changed. + + + Default: none + + + Note: if a password policy + is configured on server side, it always takes + precedence over policy set with this option. + + + + + + ldap_referrals (boolean) + + + Specifies whether automatic referral chasing should + be enabled. + + + Please note that sssd only supports referral chasing + when it is compiled with OpenLDAP version 2.4.13 or + higher. + + + Chasing referrals may incur a performance penalty + in environments that use them heavily, a notable + example is Microsoft Active Directory. If + your setup does not in fact require the use + of referrals, setting this option to false + might bring a noticeable performance improvement. + Setting this option to false is therefore recommended + in case the SSSD LDAP provider is used together with + Microsoft Active Directory as a backend. Even if SSSD + would be able to follow the referral to a different AD + DC no additional data would be available. + + + Default: true + + + + + + ldap_dns_service_name (string) + + + Specifies the service name to use when service + discovery is enabled. + + + Default: ldap + + + + + + ldap_chpass_dns_service_name (string) + + + Specifies the service name to use to find an LDAP + server which allows password changes when service + discovery is enabled. + + + Default: not set, i.e. service discovery is disabled + + + + + + ldap_chpass_update_last_change (bool) + + + Specifies whether to update the + ldap_user_shadow_last_change attribute with + days since the Epoch after a password change + operation. + + + It is recommend to set this option explicitly if + "ldap_pwd_policy = shadow" is used to let SSSD + know if the LDAP server will update + shadowLastChange LDAP attribute automatically + after a password change or if SSSD has to update + it. + + + Default: False + + + + + + ldap_access_filter (string) + + + If using access_provider = ldap and + ldap_access_order = filter (default), this option is + mandatory. It specifies an LDAP search filter + criteria that must be met for the user to be + granted access on this host. If + access_provider = ldap, ldap_access_order = filter + and this option is not set, it will result in all + users being denied access. + Use access_provider = permit to change this default + behavior. Please note that this filter is applied on + the LDAP user entry only and thus filtering based + on nested groups may not work (e.g. memberOf + attribute on AD entries points only to direct + parents). If filtering based on nested groups + is required, please see + + sssd-simple5 + . + + + Example: + + +access_provider = ldap +ldap_access_filter = (employeeType=admin) + + + This example means that access to this host is + restricted to users whose employeeType + attribute is set to "admin". + + + Offline caching for this feature is limited to + determining whether the user's last online login + was granted access permission. If they were + granted access during their last login, they will + continue to be granted access while offline and + vice versa. + + + Default: Empty + + + + + + ldap_account_expire_policy (string) + + + With this option a client side evaluation of + access control attributes can be enabled. + + + Please note that it is always recommended to + use server side access control, i.e. the LDAP + server should deny the bind request with a + suitable error code even if the password is + correct. + + + The following values are allowed: + + + shadow: use the value of + ldap_user_shadow_expire to determine if the account + is expired. + + + ad: use the value of the 32bit + field ldap_user_ad_user_account_control and allow + access if the second bit is not set. If the + attribute is missing access is granted. Also the + expiration time of the account is checked. + + + rhds, ipa, + 389ds: + use the value of ldap_ns_account_lock to check if + access is allowed or not. + + + nds: the values of + ldap_user_nds_login_allowed_time_map, + ldap_user_nds_login_disabled and + ldap_user_nds_login_expiration_time are used to + check if access is allowed. If both attributes are + missing access is granted. + + + Please note that the ldap_access_order + configuration option must + include expire in order for the + ldap_account_expire_policy option + to work. + + + Default: Empty + + + + + + ldap_access_order (string) + + + Comma separated list of access control options. + Allowed values are: + + + filter: use ldap_access_filter + + + lockout: use account locking. + If set, this option denies access in case that ldap + attribute 'pwdAccountLockedTime' is present and has + value of '000001010000Z'. Please see the option + ldap_pwdlockout_dn. + + Please note that 'access_provider = ldap' must + be set for this feature to work. + + + + Please note that this option is superseded by + the ppolicy option and might be + removed in a future release. + + + + ppolicy: use account locking. + If set, this option denies access in case that ldap + attribute 'pwdAccountLockedTime' is present and has + value of '000001010000Z' or represents any time in the past. + + The value of the 'pwdAccountLockedTime' attribute + must end with 'Z', which denotes the UTC time zone. + Other time zones are not currently supported and + will result in "access-denied" when users attempt + to log in. + + Please see the option ldap_pwdlockout_dn. + Please note that 'access_provider = ldap' must + be set for this feature to work. + + + + expire: use + ldap_account_expire_policy + + + pwd_expire_policy_reject, + pwd_expire_policy_warn, + pwd_expire_policy_renew: + + These options are useful if users are interested + in being warned that password is about to expire + and authentication is based on using a different + method than passwords - for example SSH keys. + + + The difference between these options is the action + taken if user password is expired: + + + + pwd_expire_policy_reject - + user is denied to log in, + + + + + pwd_expire_policy_warn - + user is still able to log in, + + + + + pwd_expire_policy_renew - + user is prompted to change their + password immediately. + + + + + + Please note that 'access_provider = ldap' must + be set for this feature to work. Also 'ldap_pwd_policy' + must be set to an appropriate password policy. + + + authorized_service: use + the authorizedService attribute to determine + access + + + host: use the host attribute + to determine access + + + rhost: use the rhost attribute + to determine whether remote host can access + + + Please note, rhost field in pam is set by application, + it is better to check what the application sends to + pam, before enabling this access control option + + + Default: filter + + + Please note that it is a configuration error if a + value is used more than once. + + + + + + ldap_pwdlockout_dn (string) + + + This option specifies the DN of password policy entry + on LDAP server. Please note that absence of this + option in sssd.conf in case of enabled account + lockout checking will yield access denied as + ppolicy attributes on LDAP server cannot be checked + properly. + + + Example: cn=ppolicy,ou=policies,dc=example,dc=com + + + Default: cn=ppolicy,ou=policies,$ldap_search_base + + + + + + ldap_deref (string) + + + Specifies how alias dereferencing is done when + performing a search. The following options are + allowed: + + + never: Aliases are never + dereferenced. + + + searching: Aliases are + dereferenced in subordinates of the base object, + but not in locating the base object of the search. + + + finding: Aliases are only + dereferenced when locating the base object of the + search. + + + always: Aliases are + dereferenced both in searching and in locating the + base object of the search. + + + Default: Empty (this is handled as + never by the LDAP client + libraries) + + + + + + ldap_rfc2307_fallback_to_local_users (boolean) + + + Allows to retain local users as members of an LDAP + group for servers that use the RFC2307 schema. + + + In some environments where the RFC2307 schema is + used, local users are made members of LDAP groups + by adding their names to the memberUid attribute. + The self-consistency of the domain is compromised + when this is done, so SSSD would normally remove + the "missing" users from the cached group + memberships as soon as nsswitch tries to fetch + information about the user via getpw*() or + initgroups() calls. + + + This option falls back to checking if local users + are referenced, and caches them so that later + initgroups() calls will augment the local users + with the additional LDAP groups. + + + Default: false + + + + + + wildcard_limit (integer) + + + Specifies an upper limit on the number of entries + that are downloaded during a wildcard lookup. + + + At the moment, only the InfoPipe responder supports + wildcard lookups. + + + Default: 1000 (often the size of one page) + + + + + + ldap_library_debug_level (integer) + + + Switches on libldap debugging with the given level. + The libldap debug messages will be written + independent of the general debug_level. + + + OpenLDAP uses a bitmap to enable debugging for + specific components, -1 will enable full debug + output. + + + Default: 0 (libldap debugging disabled) + + + + + + + + + + SUDO OPTIONS + + The detailed instructions for configuration of sudo_provider + are in the manual page + + sssd-sudo + 5 + . + + + + + + ldap_sudo_full_refresh_interval (integer) + + + How many seconds SSSD will wait between executing + a full refresh of sudo rules (which downloads all + rules that are stored on the server). + + + The value must be greater than + ldap_sudo_smart_refresh_interval + + + + You can disable full refresh by setting this option + to 0. However, either smart or full refresh must + be enabled. + + + Default: 21600 (6 hours) + + + + + + ldap_sudo_smart_refresh_interval (integer) + + + How many seconds SSSD has to wait before executing + a smart refresh of sudo rules (which downloads all + rules that have USN higher than the highest server + USN value that is currently known by SSSD). + + + If USN attributes are not supported by the server, + the modifyTimestamp attribute is used instead. + + + Note: the highest USN value + can be updated by three tasks: + 1) By sudo full and smart refresh (if updated rules + are found), + 2) by enumeration of users and groups (if enabled + and updated users or groups are found) and + 3) by reconnecting to the server + (by default every 15 minutes, see + ldap_connection_expire_timeout). + + + You can disable smart refresh by setting this option + to 0. However, either smart or full refresh must + be enabled. + + + Default: 900 (15 minutes) + + + + + + ldap_sudo_random_offset (integer) + + + Random offset between 0 and configured value is + added to smart and full refresh periods each time + the periodic task is scheduled. The value is in + seconds. + + + Note that this random offset is also applied on the + first SSSD start which delays the first sudo rules + refresh. This prolongs the time when the sudo rules + are not available for use. + + + You can disable this offset by setting the value to + 0. + + + Default: 0 (disabled) + + + + + + ldap_sudo_use_host_filter (boolean) + + + If true, SSSD will download only rules that are + applicable to this machine (using the IPv4 or IPv6 + host/network addresses and hostnames). + + + Default: true + + + + + + ldap_sudo_hostnames (string) + + + Space separated list of hostnames or fully qualified + domain names that should be used to filter + the rules. + + + If this option is empty, SSSD will try to discover + the hostname and the fully qualified domain name + automatically. + + + If ldap_sudo_use_host_filter + is false then this option + has no effect. + + + Default: not specified + + + + + + ldap_sudo_ip (string) + + + Space separated list of IPv4 or IPv6 + host/network addresses that should be used to filter + the rules. + + + If this option is empty, SSSD will try to + discover the addresses automatically. + + + If ldap_sudo_use_host_filter + is false then this option + has no effect. + + + Default: not specified + + + + + + ldap_sudo_include_netgroups (boolean) + + + If true then SSSD will download every rule that + contains a netgroup in sudoHost attribute. + + + If ldap_sudo_use_host_filter + is false then this option + has no effect. + + + Default: true + + + + + + ldap_sudo_include_regexp (boolean) + + + If true then SSSD will download every rule that + contains a wildcard in sudoHost attribute. + + + If ldap_sudo_use_host_filter + is false then this option + has no effect. + + + + Using wildcard is an operation that is very + costly to evaluate on the LDAP server side! + + + + Default: false + + + + + + + This manual page only describes attribute name mapping. + For detailed explanation of sudo related attribute semantics, + see + + sudoers.ldap5 + + + + + + AUTOFS OPTIONS + + Some of the defaults for the parameters below are dependent on the + LDAP schema. + + + + + ldap_autofs_map_master_name (string) + + + The name of the automount master map in LDAP. + + + Default: auto.master + + + + + + + + + + + ADVANCED OPTIONS + + These options are supported by LDAP domains, but they should be used + with caution. Please include them in your configuration only if you + know what you are doing. + + + ldap_netgroup_search_base (string) + + + + + ldap_user_search_base (string) + + + + + ldap_group_search_base (string) + + + + + + + If the option ldap_use_tokengroups is + enabled, the searches against Active Directory will + not be restricted and return all groups memberships, + even with no GID mapping. It is recommended to disable + this feature, if group names are not being displayed + correctly. + + + + ldap_sudo_search_base (string) + + + + + ldap_autofs_search_base (string) + + + + + + + + + + + + + + + EXAMPLE + + The following example assumes that SSSD is correctly + configured and LDAP is set to one of the domains in the + [domains] section. + + + +[domain/LDAP] +id_provider = ldap +auth_provider = ldap +ldap_uri = ldap://ldap.mydomain.org +ldap_search_base = dc=mydomain,dc=org +ldap_tls_reqcert = demand +cache_credentials = true + + + + + LDAP ACCESS FILTER EXAMPLE + + The following example assumes that SSSD is correctly + configured and to use the ldap_access_order=lockout. + + + +[domain/LDAP] +id_provider = ldap +auth_provider = ldap +access_provider = ldap +ldap_access_order = lockout +ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org +ldap_uri = ldap://ldap.mydomain.org +ldap_search_base = dc=mydomain,dc=org +ldap_tls_reqcert = demand +cache_credentials = true + + + + + + NOTES + + The descriptions of some of the configuration options in this manual + page are based on the + ldap.conf + 5 + manual page from the OpenLDAP 2.4 distribution. + + + + + + + diff --git a/src/man/sssd-session-recording.5.xml b/src/man/sssd-session-recording.5.xml new file mode 100644 index 0000000..6eeebdd --- /dev/null +++ b/src/man/sssd-session-recording.5.xml @@ -0,0 +1,194 @@ + + + +SSSD Manual pages + + + + + sssd-session-recording + 5 + File Formats and Conventions + + + + sssd-session-recording + Configuring session recording with SSSD + + + + DESCRIPTION + + This manual page describes how to configure + + sssd + 8 + to work with + + tlog-rec-session + 8 + , a part of tlog package, to implement user session + recording on text terminals. + For a detailed configuration syntax reference, refer to the + FILE FORMAT section of the + + sssd.conf + 5 + manual page. + + + SSSD can be set up to enable recording of everything specific + users see or type during their sessions on text terminals. E.g. + when users log in on the console, or via SSH. SSSD itself doesn't + record anything, but makes sure tlog-rec-session is started upon + user login, so it can record according to its configuration. + + + For users with session recording enabled, SSSD replaces the user + shell with tlog-rec-session in NSS responses, and adds a variable + specifying the original shell to the user environment, upon PAM + session setup. This way tlog-rec-session can be started in place + of the user shell, and know which actual shell to start, once it + set up the recording. + + + + + CONFIGURATION OPTIONS + + These options can be used to configure the session recording. + + + + scope (string) + + + One of the following strings specifying the scope + of session recording: + + + "none" + + + No users are recorded. + + + + + "some" + + + Users/groups specified by + users + and + groups + options are recorded. + + + + + "all" + + + All users are recorded. + + + + + + + Default: "none" + + + + + users (string) + + + A comma-separated list of users which should have + session recording enabled. Matches user names as + returned by NSS. I.e. after the possible space + replacement, case changes, etc. + + + Default: Empty. Matches no users. + + + + + groups (string) + + + A comma-separated list of groups, members of which + should have session recording enabled. Matches + group names as returned by NSS. I.e. after the + possible space replacement, case changes, etc. + + + NOTE: using this option (having it set to + anything) has a considerable performance cost, + because each uncached request for a user requires + retrieving and matching the groups the user is + member of. + + + Default: Empty. Matches no groups. + + + + + exclude_users (string) + + + A comma-separated list of users to be excluded from + recording, only applicable with 'scope=all'. + + + Default: Empty. No users excluded. + + + + + exclude_groups (string) + + + A comma-separated list of groups, members of which + should be excluded from recording. Only applicable + with 'scope=all'. + + + NOTE: using this option (having it set to + anything) has a considerable performance cost, + because each uncached request for a user requires + retrieving and matching the groups the user is + member of. + + + Default: Empty. No groups excluded. + + + + + + + + EXAMPLE + + The following snippet of sssd.conf enables session recording for + users "contractor1" and "contractor2", and group "students". + + + +[session_recording] +scope = some +users = contractor1, contractor2 +groups = students + + + + + + + + diff --git a/src/man/sssd-simple.5.xml b/src/man/sssd-simple.5.xml new file mode 100644 index 0000000..c7ac179 --- /dev/null +++ b/src/man/sssd-simple.5.xml @@ -0,0 +1,164 @@ + + + +SSSD Manual pages + + + + + sssd-simple + 5 + File Formats and Conventions + + + + sssd-simple + the configuration file for SSSD's 'simple' access-control + provider + + + + DESCRIPTION + + This manual page describes the configuration of the simple + access-control provider for + + sssd + 8 + . + For a detailed syntax reference, refer to the + FILE FORMAT section of the + + sssd.conf + 5 + manual page. + + + The simple access provider grants or denies access based on an + access or deny list of user or group names. The following rules + apply: + + + If all lists are empty, access is granted + + + + If any list is provided, the order of evaluation is + allow,deny. This means that any matching deny rule + will supersede any matched allow rule. + + + + + If either or both "allow" lists are provided, all + users are denied unless they appear in the list. + + + + + If only "deny" lists are provided, all users are + granted access unless they appear in the list. + + + + + + + + CONFIGURATION OPTIONS + Refer to the section DOMAIN SECTIONS of the + + sssd.conf + 5 + manual page for details on the configuration of an + SSSD domain. + + + simple_allow_users (string) + + + Comma separated list of users who are allowed to + log in. + + + + + + simple_deny_users (string) + + + Comma separated list of users who are explicitly + denied access. + + + + + simple_allow_groups (string) + + + Comma separated list of groups that are allowed to + log in. This applies only to groups within this + SSSD domain. Local groups are not evaluated. + + + + + + simple_deny_groups (string) + + + Comma separated list of groups that are explicitly + denied access. This applies only to groups within + this SSSD domain. Local groups are not evaluated. + + + + + + + Specifying no values for any of the lists is equivalent + to skipping it entirely. Beware of this while generating + parameters for the simple provider using automated scripts. + + + Please note that it is an configuration error if both, + simple_allow_users and simple_deny_users, are defined. + + + + + EXAMPLE + + The following example assumes that SSSD is correctly + configured and example.com is one of the domains in the + [sssd] section. This examples shows only + the simple access provider-specific options. + + + +[domain/example.com] +access_provider = simple +simple_allow_users = user1, user2 + + + + + + NOTES + + The complete group membership hierarchy is resolved + before the access check, thus even nested groups can be + included in the access lists. Please be aware that the + ldap_group_nesting_level option may impact the + results and should be set to a sufficient value. + ( + sssd-ldap5 + ) option. + + + + + + + diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml new file mode 100644 index 0000000..8764520 --- /dev/null +++ b/src/man/sssd-sudo.5.xml @@ -0,0 +1,250 @@ + + + +SSSD Manual pages + + + + + sssd-sudo + 5 + File Formats and Conventions + + + + sssd-sudo + Configuring sudo with the SSSD back end + + + + DESCRIPTION + + This manual page describes how to configure + + sudo + 8 + to work with + + sssd + 8 + and how SSSD caches sudo rules. + + + + + Configuring sudo to cooperate with SSSD + + To enable SSSD as a source for sudo rules, add + sss to the sudoers entry + in + + nsswitch.conf + 5 + . + + + For example, to configure sudo to first lookup rules in the standard + + sudoers + 5 + file (which should contain rules that apply to + local users) and then in SSSD, the nsswitch.conf file should contain + the following line: + + + +sudoers: files sss + + + + More information about configuring the sudoers search order from the + nsswitch.conf file as well as information about the LDAP schema that + is used to store sudo rules in the directory can be found in + + sudoers.ldap + 5 + . + + + Note: in order to use netgroups or IPA + hostgroups in sudo rules, you also need to correctly set + + nisdomainname + 1 + + to your NIS domain name (which equals to IPA domain name when + using hostgroups). + + + + + Configuring SSSD to fetch sudo rules + + All configuration that is needed on SSSD side is to extend the list + of services with "sudo" in [sssd] section of + + sssd.conf + 5 + . To speed up the LDAP lookups, you can also set + search base for sudo rules using + ldap_sudo_search_base option. + + + The following example shows how to configure SSSD to download sudo + rules from an LDAP server. + + + +[sssd] +config_file_version = 2 +services = nss, pam, sudo +domains = EXAMPLE + +[domain/EXAMPLE] +id_provider = ldap +sudo_provider = ldap +ldap_uri = ldap://example.com +ldap_sudo_search_base = ou=sudoers,dc=example,dc=com + + + It's important to note that on platforms where systemd is supported + there's no need to add the "sudo" provider to the list of services, + as it became optional. However, sssd-sudo.socket must be enabled + instead. + + + + When SSSD is configured to use IPA as the ID provider, the + sudo provider is automatically enabled. The sudo search base is + configured to use the IPA native LDAP tree (cn=sudo,$SUFFIX). + If any other search base is defined in sssd.conf, this value will be + used instead. The compat tree (ou=sudoers,$SUFFIX) is no longer + required for IPA sudo functionality. + + + + + The SUDO rule caching mechanism + + The biggest challenge, when developing sudo support in SSSD, was to + ensure that running sudo with SSSD as the data source provides the + same user experience and is as fast as sudo but keeps providing + the most current set of rules as possible. To satisfy these + requirements, SSSD uses three kinds of updates. They are referred to + as full refresh, smart refresh and rules refresh. + + + The smart refresh periodically downloads rules + that are new or were modified after the last update. Its primary + goal is to keep the database growing by fetching only small + increments that do not generate large amounts of network traffic. + + + The full refresh simply deletes all sudo rules + stored in the cache and replaces them with all rules that are stored + on the server. This is used to keep the cache consistent by removing + every rule which was deleted from the server. However, full refresh + may produce a lot of traffic and thus it should be run only + occasionally depending on the size and stability of the sudo rules. + + + The rules refresh ensures that we do not grant + the user more permission than defined. It is triggered each time the + user runs sudo. Rules refresh will find all rules that apply to this + user, check their expiration time and redownload them if expired. + In the case that any of these rules are missing on the server, the + SSSD will do an out of band full refresh because more rules + (that apply to other users) may have been deleted. + + + If enabled, SSSD will store only rules that can be applied to this + machine. This means rules that contain one of the following values + in sudoHost attribute: + + + + + keyword ALL + + + + + wildcard + + + + + netgroup (in the form "+netgroup") + + + + + hostname or fully qualified domain name of this machine + + + + + one of the IP addresses of this machine + + + + + one of the IP addresses of the network + (in the form "address/mask") + + + + + There are many configuration options that can be used to adjust + the behavior. Please refer to "ldap_sudo_*" in + + sssd-ldap + 5 + and "sudo_*" in + + sssd.conf + 5 + . + + + + + Tuning the performance + + SSSD uses different kinds of mechanisms with more or less complex + LDAP filters to keep the cached sudo rules up to date. The default + configuration is set to values that should satisfy most of our + users, but the following paragraphs contain few tips on how to fine- + tune the configuration to your requirements. + + + 1. Index LDAP attributes. Make sure that + following LDAP attributes are indexed: objectClass, cn, entryUSN or + modifyTimestamp. + + + 2. Set ldap_sudo_search_base. Set the search + base to the container that holds the sudo rules to limit the scope + of the lookup. + + + 3. Set full and smart refresh interval. If your + sudo rules do not change often and you do not require quick update + of cached rules on your clients, you may consider increasing the + ldap_sudo_full_refresh_interval and + ldap_sudo_smart_refresh_interval. You may also + consider disabling the smart refresh by setting + ldap_sudo_smart_refresh_interval = 0. + + + 4. If you have large number of clients, you may consider increasing + the value of ldap_sudo_random_offset to + distribute the load on the server better. + + + + + + + diff --git a/src/man/sssd-systemtap.5.xml b/src/man/sssd-systemtap.5.xml new file mode 100644 index 0000000..785fdbb --- /dev/null +++ b/src/man/sssd-systemtap.5.xml @@ -0,0 +1,460 @@ + + + +SSSD Manual pages + + + + + sssd-systemtap + 5 + File Formats and Conventions + + + + sssd-systemtap + SSSD systemtap information + + + + DESCRIPTION + + This manual page provides information about + the systemtap functionality + in + + sssd + 8 + . + + + SystemTap Probe points have been added into various + locations in SSSD code to assist in troubleshooting + and analyzing performance related issues. + + + + + + Sample SystemTap scripts are + provided in /usr/share/sssd/systemtap/ + + + + + Probes and miscellaneous functions are + defined in /usr/share/systemtap/tapset/sssd.stp + and /usr/share/systemtap/tapset/sssd_functions.stp + respectively. + + + + + + + + PROBE POINTS + + The information below lists the probe points and arguments available + in the following format: + + + + probe $name + + + Description of probe point + + +variable1:datatype +variable2:datatype +variable3:datatype +... + + + + + + + Database Transaction Probes + + + + probe sssd_transaction_start + + + Start of a sysdb transaction, probes the + sysdb_transaction_start() function. + + +nesting:integer +probestr:string + + + + + probe sssd_transaction_cancel + + + Cancellation of a sysdb transaction, + probes the sysdb_transaction_cancel() + function. + + +nesting:integer +probestr:string + + + + + probe sssd_transaction_commit_before + + + Probes the sysdb_transaction_commit_before() + function. + + +nesting:integer +probestr:string + + + + + probe sssd_transaction_commit_after + + + Probes the sysdb_transaction_commit_after() + function. + + +nesting:integer +probestr:string + + + + + + + + + LDAP Search Probes + + + + probe sdap_search_send + + + Probes the sdap_get_generic_ext_send() + function. + + +base:string +scope:integer +filter:string +attrs:string +probestr:string + + + + + probe sdap_search_recv + + + Probes the sdap_get_generic_ext_recv() + function. + + +base:string +scope:integer +filter:string +probestr:string + + + + + probe sdap_parse_entry + + + Probes the sdap_parse_entry() + function. It is called repeatedly + with every received attribute. + + +attr:string +value:string + + + + + probe sdap_parse_entry_done + + + Probes the sdap_parse_entry() + function. It is called when + parsing of received object is + finished. + + + + + probe sdap_deref_send + + + Probes the sdap_deref_search_send() + function. + + +base_dn:string +deref_attr:string +probestr:string + + + + + probe sdap_deref_recv + + + Probes the sdap_deref_search_recv() + function. + + +base:string +scope:integer +filter:string +probestr:string + + + + + + + + + LDAP Account Request Probes + + + + probe sdap_acct_req_send + + + Probes the sdap_acct_req_send() + function. + + +entry_type:int +filter_type:int +filter_value:string +extra_value:string + + + + + probe sdap_acct_req_recv + + + Probes the sdap_acct_req_recv() + function. + + +entry_type:int +filter_type:int +filter_value:string +extra_value:string + + + + + + + + + LDAP User Search Probes + + + + probe sdap_search_user_send + + + Probes the sdap_search_user_send() + function. + + +filter:string + + + + + probe sdap_search_user_recv + + + Probes the sdap_search_user_recv() + function. + + +filter:string + + + + + probe sdap_search_user_save_begin + + + Probes the sdap_search_user_save_begin() + function. + + +filter:string + + + + + probe sdap_search_user_save_end + + + Probes the sdap_search_user_save_end() + function. + + +filter:string + + + + + + + + + Data Provider Request Probes + + + + probe dp_req_send + + + A Data Provider request is submitted. + + +dp_req_domain:string +dp_req_name:string +dp_req_target:int +dp_req_method:int + + + + + probe dp_req_done + + + A Data Provider request is completed. + + +dp_req_name:string +dp_req_target:int +dp_req_method:int +dp_ret:int +dp_errorstr:string + + + + + + + + + MISCELLANEOUS FUNCTIONS + + The information below lists the probe points and arguments available + in the following format: + + + + function acct_req_desc(entry_type) + + + Convert entry_type to string and return string + + + + + function sssd_acct_req_probestr(fc_name, entry_type, + filter_type, filter_value, extra_value) + + + Create probe string based on filter type + + + + + function dp_target_str(target) + + + Convert target to string and return string + + + + + function dp_method_str(target) + + + Convert method to string and return string + + + + + + + + + + SAMPLE SYSTEMTAP SCRIPTS + + Start the SystemTap script + (stap /usr/share/sssd/systemtap/<script_name>.stp), + then perform an identity operation and the script + will collect information from probes. + + + Provided SystemTap scripts are: + + + + dp_request.stp + + + Monitoring of data provider request performance. + + + + + id_perf.stp + + + Monitoring of id command + performance. + + + + + ldap_perf.stp + + + Monitoring of LDAP queries. + + + + + nested_group_perf.stp + + + Performance of nested groups resolving. + + + + + + + + + + diff --git a/src/man/sssd.8.xml b/src/man/sssd.8.xml new file mode 100644 index 0000000..5f507c6 --- /dev/null +++ b/src/man/sssd.8.xml @@ -0,0 +1,252 @@ + + + +SSSD Manual pages + + + + + sssd + 8 + + + + sssd + System Security Services Daemon + + + + + sssd + + options + + + + + + DESCRIPTION + + SSSD provides a set of daemons to manage access to remote + directories and authentication mechanisms. It provides an NSS and + PAM interface toward the system and a pluggable backend system to + connect to multiple different account sources as well as D-Bus + interface. It is also the basis to provide client auditing and + policy services for projects like FreeIPA. It provides a more robust database + to store local users as well as extended user data. + + + + + OPTIONS + + + + , + LEVEL + + + + + + mode + + + + 1: Add a timestamp to the debug messages + + + 0: Disable timestamp in the debug messages + + + Default: 1 + + + + + + mode + + + + 1: Add microseconds to the timestamp in debug messages + + + 0: Disable microseconds in timestamp + + + Default: 0 + + + + + + value + + + + Location where SSSD will send log messages. + + + stderr: Redirect debug messages to + standard error output. + + + files: Redirect debug messages to + the log files. By default, the log files are stored in + /var/log/sssd and there are + separate log files for every SSSD service and domain. + + + journald: Redirect debug messages + to systemd-journald + + + Default: not set (fall back to journald if available, + otherwise to stderr) + + + + + + , + + + + Become a daemon after starting up. + + + + + + , + + + + Run in the foreground, don't become a daemon. + + + + + + , + + + + Specify a non-default config file. The default is + /etc/sssd/sssd.conf. For reference + on the config file syntax and options, consult the + + sssd.conf + 5 + + manual page. + + + + + + , + + + + Do not start the SSSD, but refresh the configuration + database from the contents of + /etc/sssd/sssd.conf and exit. + + + + + + , + + + + Similar to --genconf, but only refresh + a single section from the configuration file. This + option is useful mainly to be called from systemd + unit files to allow socket-activated responders + to refresh their configuration without requiring + the administrator to restart the whole SSSD. + + + + + + + + + + + Print version number and exit. + + + + + + + + Signals + + + SIGTERM/SIGINT + + + Informs the SSSD to gracefully terminate all of its + child processes and then shut down the monitor. + + + + + SIGHUP + + + Tells the SSSD to stop writing to its current debug + file descriptors and to close and reopen them. This is + meant to facilitate log rolling with programs like + logrotate. + + + + + SIGUSR1 + + + Tells the SSSD to simulate offline operation for the + duration of the offline_timeout + parameter. This is useful for testing. The signal + can be sent to either the sssd process or any sssd_be + process directly. + + + + + SIGUSR2 + + + Tells the SSSD to go online immediately. This is + useful for testing. The signal can be sent to either + the sssd process or any sssd_be process directly. + + + + + + + + NOTES + + If the environment variable SSS_NSS_USE_MEMCACHE is set to "NO", + client applications will not use the fast in-memory cache. + + + If the environment variable SSS_LOCKFREE is set to "NO", requests + from multiple threads of a single application will be serialized. + + + + + + + diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml new file mode 100644 index 0000000..e7a8cbd --- /dev/null +++ b/src/man/sssd.conf.5.xml @@ -0,0 +1,4627 @@ + + +]> + +SSSD Manual pages + + + + + sssd.conf + 5 + File Formats and Conventions + + + + sssd.conf + the configuration file for SSSD + + + + FILE FORMAT + + + The file has an ini-style syntax and consists of sections and + parameters. A section begins with the name of the section in + square brackets and continues until the next section begins. An + example of section with single and multi-valued parameters: + +[section] +key = value +key2 = value2,value3 + + + + + The data types used are string (no quotes needed), integer + and bool (with values of TRUE/FALSE). + + + + A comment line starts with a hash sign (#) or a + semicolon (;). + Inline comments are not supported. + + + + All sections can have an optional + description parameter. Its function + is only as a label for the section. + + + + sssd.conf must be a regular file, owned by + root and only root may read from or write to the file. + + + + + CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY + + + The configuration file sssd.conf will + include configuration snippets using the include directory + conf.d. This feature is available if + SSSD was compiled with libini version 1.3.0 or later. + + + + Any file placed in conf.d + that ends in .conf + and does not begin with a dot (.) will + be used together with sssd.conf + to configure SSSD. + + + + The configuration snippets from conf.d + have higher priority than sssd.conf + and will override sssd.conf when + conflicts occur. If several snippets are present in + conf.d, then they are included in + alphabetical order (based on locale). + Files included later have higher priority. Numerical + prefixes (01_snippet.conf, + 02_snippet.conf etc.) can help + visualize the priority (higher number means higher + priority). + + + + The snippet files require the same owner and permissions + as sssd.conf. Which are by default + root:root and 0600. + + + + + GENERAL OPTIONS + + Following options are usable in more than one configuration + sections. + + + Options usable in all sections + + + + debug_level (integer) + + + + debug (integer) + + + SSSD 1.14 and later also includes the + debug alias for + debug_level as a + convenience feature. If both are specified, the + value of debug_level + will be used. + + + + + debug_timestamps (bool) + + + Add a timestamp to the debug messages. + If journald is enabled for SSSD debug logging this + option is ignored. + + + Default: true + + + + + debug_microseconds (bool) + + + Add microseconds to the timestamp in debug messages. + If journald is enabled for SSSD debug logging this + option is ignored. + + + Default: false + + + + + debug_backtrace_enabled (bool) + + + Enable debug backtrace. + + + In case SSSD is run with debug_level less than 9, + everything is logged to a ring buffer in memory and + flushed to a log file on any error up to + and including `min(0x0040, debug_level)` + (i.e. if debug_level is explicitly set to 0 or 1 then + only those error levels will trigger backtrace, + otherwise up to 2). + + + Feature is only supported for `logger == files` (i.e. + setting doesn't have effect for other logger types). + + + Default: true + + + + + + + + + Options usable in SERVICE and DOMAIN sections + + + + timeout (integer) + + + Timeout in seconds between heartbeats for this + service. This is used to ensure that the process + is alive and capable of answering requests. Note + that after three missed heartbeats the process + will terminate itself. + + + Default: 10 + + + + + + + + + + SPECIAL SECTIONS + + + The [sssd] section + + Individual pieces of SSSD functionality are provided by special + SSSD services that are started and stopped together with SSSD. + The services are managed by a special service frequently called + monitor. The [sssd] section is used + to configure the monitor as well as some other important options + like the identity domains. + + Section parameters + + config_file_version (integer) + + + Indicates what is the syntax of the config + file. SSSD 0.6.0 and later use version 2. + + + + + services + + + Comma separated list of services that are + started when sssd itself starts. + + The services' list is optional on platforms + where systemd is supported, as they will either + be socket or D-Bus activated when needed. + + + + Supported services: nss, pam + , sudo + , autofs + , ssh + , pac + , ifp + + + + By default, all services are disabled and the administrator + must enable the ones allowed to be used by executing: + "systemctl enable sssd-@service@.socket". + + + + + + reconnection_retries (integer) + + + Number of times services should attempt to + reconnect in the event of a Data Provider + crash or restart before they give up + + + Default: 3 + + + + + domains + + + A domain is a database containing user + information. SSSD can use more domains + at the same time, but at least one + must be configured or SSSD won't start. + This parameter describes the list of domains + in the order you want them to be queried. + A domain name is recommended to contain only + alphanumeric ASCII characters, dashes, dots + and underscores. '/' character is forbidden. + + + + + re_expression (string) + + + Default regular expression that describes how to + parse the string containing user name and domain + into these components. + + + Each domain can have an individual regular + expression configured. For some ID providers + there are also default regular expressions. See + DOMAIN SECTIONS for more info on these regular + expressions. + + + + + full_name_format (string) + + + A + printf + 3 + -compatible format that describes how to + compose a fully qualified name from user name + and domain name components. + + + The following expansions are supported: + + + %1$s + user name + + + %2$s + + + domain name as specified in the + SSSD config file. + + + + + %3$s + + + domain flat name. Mostly usable + for Active Directory domains, both + directly configured or discovered + via IPA trusts. + + + + + + + Each domain can have an individual format string configured. + See DOMAIN SECTIONS for more info on this option. + + + + + monitor_resolv_conf (boolean) + + + Controls if SSSD should monitor the state of + resolv.conf to identify when it needs to + update its internal DNS resolver. + + + Default: true + + + + + try_inotify (boolean) + + + By default, SSSD will attempt to use inotify + to monitor configuration files changes and + will fall back to polling every five seconds + if inotify cannot be used. + + + There are some limited situations where it is + preferred that we should skip even trying to + use inotify. In these rare cases, this option + should be set to 'false' + + + Default: true on platforms where inotify is + supported. False on other platforms. + + + Note: this option will have no effect on + platforms where inotify is unavailable. On + these platforms, polling will always be used. + + + + + krb5_rcache_dir (string) + + + Directory on the filesystem where SSSD should + store Kerberos replay cache files. + + + This option accepts a special value + __LIBKRB5_DEFAULTS__ that will instruct SSSD + to let libkrb5 decide the appropriate + location for the replay cache. + + + Default: Distribution-specific and specified + at build-time. (__LIBKRB5_DEFAULTS__ if not + configured) + + + + + user (string) + + + The user to drop the privileges to where + appropriate to avoid running as the + root user. + Currently the only supported value is '&sssd_user_name;'. + + + + This option does not work when running socket-activated + services, as the user set up to run the processes is + set up during compilation time. + + The way to override the systemd unit files is by creating + the appropriate files in /etc/systemd/system/. + + Keep in mind that any change in the socket user, group or + permissions may result in a non-usable SSSD. The same may + occur in case of changes of the user running the NSS + responder. + + + + Default: not set, process will run as root + + + + + default_domain_suffix (string) + + + This string will be used as a default domain + name for all names without a domain name + component. The main use case is environments + where the primary domain is intended for managing host + policies and all users are located in a trusted domain. + The option allows those users + to log in just with their user name without + giving a domain name as well. + + + Please note that if this option is set all + users from the primary domain have to use their + fully qualified name, e.g. user@domain.name, + to log in. Setting this option changes default + of use_fully_qualified_names to True. It is not + allowed to use this option together with + use_fully_qualified_names set to False. + + One exception from this rule are domains with + id_provider=files that always try + to match the behaviour of nss_files + and therefore their output is not + qualified even when the default_domain_suffix + option is used. + + + + Default: not set + + + + + override_space (string) + + + This parameter will replace spaces (space bar) + with the given character for user and group names. + e.g. (_). User name "john doe" will + be "john_doe" This feature was added to + help compatibility with shell scripts that have + difficulty handling spaces, due to the + default field separator in the shell. + + + Please note it is a configuration error to use + a replacement character that might be used in + user or group names. If a name contains the + replacement character SSSD tries to return the + unmodified name but in general the result of a + lookup is undefined. + + + Default: not set (spaces will not be replaced) + + + + + certificate_verification (string) + + + With this parameter the certificate verification + can be tuned with a comma separated list of + options. Supported options are: + + + no_ocsp + + Disables Online Certificate Status + Protocol (OCSP) checks. This might be + needed if the OCSP servers defined in + the certificate are not reachable from + the client. + + + + soft_ocsp + + If a connection + cannot be established to an OCSP + responder the OCSP check is skipped. + This option should be used to allow + authentication when the system is + offline and the OCSP responder cannot be + reached. + + + + ocsp_dgst + + Digest (hash) function used to + create the certificate ID for the OCSP + request. Allowed values are: + + sha1 + sha256 + sha384 + sha512 + + + Default: sha1 (to allow compatibility with + RFC5019-compliant responder) + + + + + no_verification + + Disables verification completely. + This option should only be used for + testing. + + + + partial_chain + + Allow verification to succeed even + if a complete + chain cannot be built to a self-signed + trust-anchor, provided it is possible to + construct a chain to a trusted certificate + that might not be self-signed. + + + + ocsp_default_responder=URL + + Sets the OCSP default responder + which should be used instead of the one + mentioned in the certificate. URL must + be replaced with the URL of the OCSP + default responder e.g. + http://example.com:80/ocsp. + + + + + ocsp_default_responder_signing_cert=NAME + + This option is + currently ignored. All needed + certificates must be available in the + PEM file given by + pam_cert_db_path. + + + + crl_file=/PATH/TO/CRL/FILE + + Use the + Certificate Revocation List (CRL) from + the given file during the verification + of the certificate. The CRL must be + given in PEM format, see + + crl + 1ssl + + for details. + + + + soft_crl + + + If a Certificate Revocation List (CRL) + is expired ignore the CRL checks for the + related certificates. This option should + be used to allow authentication when the + system is offline and the CRL cannot be + renewed. + + + + + + Unknown options are reported but ignored. + + + Default: not set, i.e. do not restrict + certificate verification + + + + + disable_netlink (boolean) + + + SSSD hooks into the netlink interface to + monitor changes to routes, addresses, links + and trigger certain actions. + + + The SSSD state changes caused by netlink + events may be undesirable and can be disabled + by setting this option to 'true' + + + Default: false (netlink changes are detected) + + + + + enable_files_domain (boolean) + + + When this option is enabled, SSSD + prepends an implicit domain with + id_provider=files before + any explicitly configured domains. + + + Default: false + + + + + domain_resolution_order + + + Comma separated list of domains and subdomains + representing the lookup order that will be + followed. + The list doesn't have to include all possible + domains as the missing domains will be looked + up based on the order they're presented in the + domains configuration option. + The subdomains which are not listed as part of + lookup_order will be looked up + in a random order for each parent domain. + + + Please, note that when this option is set the + output format of all commands is always + fully-qualified even when using short names + for input + + , for all users but the ones managed + by the files provider + . + In case the administrator wants the output not + fully-qualified, the full_name_format option + can be used as shown below: + full_name_format=%1$s + However, keep in mind that during login, login + applications often canonicalize the username by + calling + + getpwnam + 3 + + which, if a shortname is returned for a + qualified input (while trying to reach a user + which exists in multiple domains) might + re-route the login attempt into the domain + which uses shortnames, making this workaround + totally not recommended in cases where + usernames may overlap between domains. + + + Default: Not set + + + + + implicit_pac_responder (boolean) + + + The PAC responder is enabled automatically for + the IPA and AD provider to evaluate and check + the PAC. If it has to be disabled + set this option to 'false'. + + + Default: true + + + + + core_dumpable (boolean) + + + This option can be used for general system + hardening: setting it to 'false' forbids core + dumps for all SSSD processes to avoid + leaking plain text passwords. See man page + prctl:PR_SET_DUMPABLE for details. + + + Default: true + + + + + passkey_verification (string) + + + With this parameter the passkey verification + can be tuned with a comma separated list of + options. Supported options are: + + + user_verification (boolean) + + Enable or disable the user + verification (i.e. PIN, fingerprint) + during authentication. If enabled, the + PIN will always be requested. + + + The default is that the key settings + decide what to do. In the IPA or + kerberos pre-authentication case, + this value will be overwritten by the + server. + + + + + + + + + + + + + + + SERVICES SECTIONS + + Settings that can be used to configure different services + are described in this section. They should reside in the + [$NAME] section, for example, + for NSS service, the section would be [nss] + + + + General service configuration options + + These options can be used to configure any service. + + + + reconnection_retries (integer) + + + Number of times services should attempt to + reconnect in the event of a Data Provider + crash or restart before they give up + + + Default: 3 + + + + + fd_limit + + + This option specifies the maximum number of file + descriptors that may be opened at one time by this + SSSD process. On systems where SSSD is granted the + CAP_SYS_RESOURCE capability, this will be an + absolute setting. On systems without this + capability, the resulting value will be the lower + value of this or the limits.conf "hard" limit. + + + Default: 8192 (or limits.conf "hard" limit) + + + + + client_idle_timeout + + + This option specifies the number of seconds that + a client of an SSSD process can hold onto a file + descriptor without communicating on it. This value + is limited in order to avoid resource exhaustion + on the system. The timeout can't be shorter than + 10 seconds. If a lower value is configured, it + will be adjusted to 10 seconds. + + + Default: 60, KCM: 300 + + + + + offline_timeout (integer) + + + When SSSD switches to offline mode the amount of + time before it tries to go back online will + increase based upon the time spent disconnected. + By default SSSD uses incremental behaviour to + calculate delay in between retries. + So, the wait time for a given retry will be longer + than the wait time for the previous ones. + After each unsuccessful attempt to go online, + the new interval is recalculated by the following: + + + new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0...offline_timeout_random_offset] + + + The offline_timeout default value is 60. + The offline_timeout_max default value is 3600. + The offline_timeout_random_offset default value is 30. + The end result is amount of seconds before next retry. + + + Note that the maximum length of each interval + is defined by offline_timeout_max (apart of random part). + + + Default: 60 + + + + + offline_timeout_max (integer) + + + Controls by how much the time between attempts to go + online can be incremented following unsuccessful + attempts to go online. + + + A value of 0 disables the incrementing behaviour. + + + The value of this parameter should be set in correlation + to offline_timeout parameter value. + + + With offline_timeout set to 60 (default value) there is no point + in setting offlinet_timeout_max to less than 120 as it will + saturate instantly. General rule here should be to set + offline_timeout_max to at least 4 times offline_timeout. + + + Although a value between 0 and offline_timeout may be + specified, it has the effect of overriding the + offline_timeout value so is of little use. + + + Default: 3600 + + + + + offline_timeout_random_offset (integer) + + + When SSSD is in offline mode it keeps probing + backend servers in specified time intervals: + + + new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0...offline_timeout_random_offset] + + + This parameter controls the value of the random offset + used for the above equation. Final random_offset value + will be random number in range: + + + [0 - offline_timeout_random_offset] + + + A value of 0 disables the random offset addition. + + + Default: 30 + + + + + responder_idle_timeout + + + This option specifies the number of seconds that + an SSSD responder process can be up without being + used. This value is limited in order to avoid + resource exhaustion on the system. + The minimum acceptable value for this option is 60 + seconds. + Setting this option to 0 (zero) means that no + timeout will be set up to the responder. + + This option only has effect when SSSD is built with + systemd support and when services are either socket + or D-Bus activated. + + + Default: 300 + + + + + cache_first + + + This option specifies whether the responder should + query all caches before querying the Data Providers. + + + Default: false + + + Default: true + + + + + + + + NSS configuration options + + These options can be used to configure the + Name Service Switch (NSS) service. + + + + enum_cache_timeout (integer) + + + How many seconds should nss_sss cache enumerations + (requests for info about all users) + + + Default: 120 + + + + + entry_cache_nowait_percentage (integer) + + + The entry cache can be set to automatically update + entries in the background if they are requested + beyond a percentage of the entry_cache_timeout + value for the domain. + + + For example, if the domain's entry_cache_timeout + is set to 30s and entry_cache_nowait_percentage is + set to 50 (percent), entries that come in after 15 + seconds past the last cache update will be + returned immediately, but the SSSD will go and + update the cache on its own, so that future + requests will not need to block waiting for a + cache update. + + + Valid values for this option are 0-99 and + represent a percentage of the entry_cache_timeout + for each domain. For performance reasons, this + percentage will never reduce the nowait timeout to + less than 10 seconds. + (0 disables this feature) + + + Default: 50 + + + + + entry_negative_timeout (integer) + + + Specifies for how many seconds nss_sss should cache + negative cache hits (that is, queries for + invalid database entries, like nonexistent ones) + before asking the back end again. + + + Default: 15 + + + + + local_negative_timeout (integer) + + + Specifies for how many seconds nss_sss should keep + local users and groups in negative cache before + trying to look it up in the back end again. Setting + the option to 0 disables this feature. + + + Default: 14400 (4 hours) + + + + + filter_users, filter_groups (string) + + + Exclude certain users or groups from being fetched + from the sss NSS database. This is particularly + useful for system accounts. This option can also + be set per-domain or include fully-qualified names + to filter only users from the particular domain or + by a user principal name (UPN). + + + NOTE: The filter_groups option doesn't affect + inheritance of nested group members, since + filtering happens after they are propagated for + returning via NSS. E.g. a group having a member + group filtered out will still have the member + users of the latter listed. + + + Default: root + + + + + filter_users_in_groups (bool) + + + If you want filtered user still be group members + set this option to false. + + + Default: true + + + + + + + fallback_homedir (string) + + + Set a default template for a user's home directory + if one is not specified explicitly by the domain's + data provider. + + + The available values for this option are the same + as for override_homedir. + + + example: + +fallback_homedir = /home/%u + + + + Default: not set (no substitution for unset home + directories) + + + + + override_shell (string) + + + Override the login shell for all users. This + option supersedes any other shell options if + it takes effect and can be set either in the + [nss] section or per-domain. + + + Default: not set (SSSD will use the value + retrieved from LDAP) + + + + + allowed_shells (string) + + + Restrict user shell to one of the listed values. The order of evaluation is: + + + 1. If the shell is present in + /etc/shells, it is used. + + + 2. If the shell is in the allowed_shells list but + not in /etc/shells, use the + value of the shell_fallback parameter. + + + 3. If the shell is not in the allowed_shells list and + not in /etc/shells, a nologin shell + is used. + + + The wildcard (*) can be used to allow any shell. + + + The (*) is useful if you want to use + shell_fallback in case that user's shell is not + in /etc/shells and maintaining list + of all allowed shells in allowed_shells would be + to much overhead. + + + An empty string for shell is passed as-is to libc. + + + The /etc/shells is only read on SSSD start up, which means that + a restart of the SSSD is required in case a new shell is installed. + + + Default: Not set. The user shell is automatically used. + + + + + vetoed_shells (string) + + + Replace any instance of these shells with the shell_fallback + + + + + shell_fallback (string) + + + The default shell to use if an allowed shell is not + installed on the machine. + + + Default: /bin/sh + + + + + default_shell + + + The default shell to use if the provider does + not return one during lookup. This option can + be specified globally in the [nss] section + or per-domain. + + + Default: not set (Return NULL if no shell is + specified and rely on libc to substitute something + sensible when necessary, usually /bin/sh) + + + + + get_domains_timeout (int) + + + Specifies time in seconds for which the list of + subdomains will be considered valid. + + + Default: 60 + + + + + memcache_timeout (integer) + + + Specifies time in seconds for which records + in the in-memory cache will be valid. Setting this + option to zero will disable the in-memory cache. + + + Default: 300 + + + WARNING: Disabling the in-memory cache will + have significant negative impact on SSSD's + performance and should only be used for + testing. + + + NOTE: If the environment variable + SSS_NSS_USE_MEMCACHE is set to "NO", client + applications will not use the fast in-memory + cache. + + + + + memcache_size_passwd (integer) + + + Size (in megabytes) of the data table allocated inside + fast in-memory cache for passwd requests. + Setting the size to 0 will disable the passwd + in-memory cache. + + + Default: 8 + + + WARNING: Disabled or too small in-memory cache can + have significant negative impact on SSSD's + performance. + + + NOTE: If the environment variable + SSS_NSS_USE_MEMCACHE is set to "NO", client + applications will not use the fast in-memory + cache. + + + + + memcache_size_group (integer) + + + Size (in megabytes) of the data table allocated inside + fast in-memory cache for group requests. + Setting the size to 0 will disable the group + in-memory cache. + + + Default: 6 + + + WARNING: Disabled or too small in-memory cache can + have significant negative impact on SSSD's + performance. + + + NOTE: If the environment variable + SSS_NSS_USE_MEMCACHE is set to "NO", client + applications will not use the fast in-memory + cache. + + + + + memcache_size_initgroups (integer) + + + Size (in megabytes) of the data table allocated inside + fast in-memory cache for initgroups requests. + Setting the size to 0 will disable the initgroups + in-memory cache. + + + Default: 10 + + + WARNING: Disabled or too small in-memory cache can + have significant negative impact on SSSD's + performance. + + + NOTE: If the environment variable + SSS_NSS_USE_MEMCACHE is set to "NO", client + applications will not use the fast in-memory + cache. + + + + + memcache_size_sid (integer) + + + Size (in megabytes) of the data table allocated inside + fast in-memory cache for SID related requests. + Only SID-by-ID and ID-by-SID requests are currently + cached in fast in-memory cache. + Setting the size to 0 will disable the SID + in-memory cache. + + + Default: 6 + + + WARNING: Disabled or too small in-memory cache can + have significant negative impact on SSSD's + performance. + + + NOTE: If the environment variable + SSS_NSS_USE_MEMCACHE is set to "NO", client + applications will not use the fast in-memory + cache. + + + + + user_attributes (string) + + + Some of the additional NSS responder requests can + return more attributes than just the POSIX ones + defined by the NSS interface. The list of attributes + is controlled by this option. It is handled the same + way as the user_attributes option of + the InfoPipe responder (see + + sssd-ifp + 5 + + for details) but with no default values. + + + To make configuration more easy the NSS responder + will check the InfoPipe option if it is not set for + the NSS responder. + + + Default: not set, fallback to InfoPipe option + + + + + pwfield (string) + + + The value that NSS operations that return + users or groups will return for the + password field. + + + Default: * + + + Note: This option can also be set per-domain which + overwrites the value in [nss] section. + + + Default: not set (remote domains), + + x (the files domain), + + x (proxy domain with nss_files + and sssd-shadowutils target) + + + + + + + PAM configuration options + + These options can be used to configure the + Pluggable Authentication Module (PAM) service. + + + + offline_credentials_expiration (integer) + + + If the authentication provider is offline, how + long should we allow cached logins (in days since + the last successful online login). + + + Default: 0 (No limit) + + + + + + offline_failed_login_attempts (integer) + + + If the authentication provider is offline, how + many failed login attempts are allowed. + + + Default: 0 (No limit) + + + + + + offline_failed_login_delay (integer) + + + The time in minutes which has to pass after + offline_failed_login_attempts has been reached + before a new login attempt is possible. + + + If set to 0 the user cannot authenticate offline if + offline_failed_login_attempts has been reached. Only + a successful online authentication can enable + offline authentication again. + + + Default: 5 + + + + + + pam_verbosity (integer) + + + Controls what kind of messages are shown to the user + during authentication. The higher the number to more + messages are displayed. + + + Currently sssd supports the following values: + + + 0: do not show any message + + + 1: show only important + messages + + + 2: show informational messages + + + 3: show all messages and debug + information + + + Default: 1 + + + + + + pam_response_filter (string) + + + A comma separated list of strings which allows to + remove (filter) data sent by the PAM responder to + pam_sss PAM module. There are different kind of + responses sent to pam_sss e.g. messages displayed to + the user or environment variables which should be + set by pam_sss. + + + While messages already can be controlled with the + help of the pam_verbosity option this option allows + to filter out other kind of responses as well. + + + Currently the following filters are supported: + + ENV + Do not send any environment + variables to any service. + + ENV:var_name + Do not send environment + variable var_name to any + service. + + ENV:var_name:service + Do not send environment + variable var_name to + service. + + + + + The list of strings can either be the list of + filters which would set this list of filters and + overwrite the defaults. Or each element of the list + can be prefixed by a '+' or '-' character which + would add the filter to the existing default or + remove it from the defaults, respectively. Please + note that either all list elements must have a '+' + or '-' prefix or none. It is considered as an error + to mix both styles. + + + Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i + + + Example: -ENV:KRB5CCNAME:sudo-i will remove the + filter from the default list + + + + + + pam_id_timeout (integer) + + + For any PAM request while SSSD is online, the SSSD will + attempt to immediately update the cached identity + information for the user in order to ensure that + authentication takes place with the latest information. + + + A complete PAM conversation may perform multiple PAM + requests, such as account management and session + opening. This option controls (on a + per-client-application basis) how long (in seconds) we + can cache the identity information to avoid excessive + round-trips to the identity provider. + + + Default: 5 + + + + + + pam_pwd_expiration_warning (integer) + + + Display a warning N days before the password expires. + + + Please note that the backend server has to provide + information about the expiration time of the password. + If this information is missing, sssd cannot display a + warning. + + + If zero is set, then this filter is not applied, + i.e. if the expiration warning was received from + backend server, it will automatically be displayed. + + + This setting can be overridden by setting + pwd_expiration_warning + for a particular domain. + + + Default: 0 + + + + + get_domains_timeout (int) + + + Specifies time in seconds for which the list of + subdomains will be considered valid. + + + Default: 60 + + + + + pam_trusted_users (string) + + + Specifies the comma-separated list of UID + values or user names that are allowed to run + PAM conversations against trusted domains. + Users not included in this list can only access + domains marked as public with + pam_public_domains. + User names are resolved to UIDs at + startup. + + + Default: All users are considered trusted + by default + + + Please note that UID 0 is always allowed to access + the PAM responder even in case it is not in the + pam_trusted_users list. + + + + + pam_public_domains (string) + + + Specifies the comma-separated list of domain names + that are accessible even to untrusted users. + + + Two special values for pam_public_domains option + are defined: + + + all (Untrusted users are allowed to access + all domains in PAM responder.) + + + none (Untrusted users are not allowed to access + any domains PAM in responder.) + + + Default: none + + + + + pam_account_expired_message (string) + + + Allows a custom expiration message to be set, + replacing the default 'Permission denied' + message. + + + Note: Please be aware that message is only + printed for the SSH service unless pam_verbosity + is set to 3 (show all messages and debug + information). + + + example: + +pam_account_expired_message = Account expired, please contact help desk. + + + + Default: none + + + + + pam_account_locked_message (string) + + + Allows a custom lockout message to be set, + replacing the default 'Permission denied' + message. + + + example: + +pam_account_locked_message = Account locked, please contact help desk. + + + + Default: none + + + + + pam_passkey_auth (bool) + + + Enable passkey device based authentication. + + + Default: False + + + + + passkey_debug_libfido2 (bool) + + + Enable libfido2 library debug messages. + + + Default: False + + + + + pam_cert_auth (bool) + + + Enable certificate based Smartcard authentication. + Since this requires additional communication with + the Smartcard which will delay the authentication + process this option is disabled by default. + + + Default: False + + + + + pam_cert_db_path (string) + + + The path to the certificate database. + + + Default: + + /etc/sssd/pki/sssd_auth_ca_db.pem + (path to a file with trusted CA + certificates in PEM format) + + + + + + + + pam_cert_verification (string) + + + With this parameter the PAM certificate verification + can be tuned with a comma separated list of + options that override the + certificate_verification value in + [sssd] section. + Supported options are the same of + certificate_verification. + + + example: + +pam_cert_verification = partial_chain + + + + Default: not set, i.e. use default + certificate_verification option defined + in [sssd] section. + + + + + p11_child_timeout (integer) + + + How many seconds will pam_sss wait for + p11_child to finish. + + + Default: 10 + + + + + passkey_child_timeout (integer) + + + How many seconds will the PAM responder + wait for passkey_child to finish. + + + Default: 15 + + + + + pam_app_services (string) + + + Which PAM services are permitted to contact + domains of type application + + + Default: Not set + + + + + pam_p11_allowed_services (integer) + + + A comma-separated list of PAM service names for + which it will be allowed to use Smartcards. + + + It is possible to add another PAM service name to + the default set by using + +service_name or to explicitly + remove a PAM service name from the default set by + using -service_name. For example, + in order to replace a default PAM service name for + authentication with Smartcards + (e.g. login) with a custom PAM + service name (e.g. my_pam_service), + you would use the following configuration: + +pam_p11_allowed_services = +my_pam_service, -login + + + + Default: the default set of PAM service names + includes: + + + + login + + + + + su + + + + + su-l + + + + + gdm-smartcard + + + + + gdm-password + + + + + kdm + + + + + sudo + + + + + sudo-i + + + + + gnome-screensaver + + + + + + + + p11_wait_for_card_timeout (integer) + + + If Smartcard authentication is required how many + extra seconds in addition to p11_child_timeout + should the PAM responder wait until a Smartcard is + inserted. + + + Default: 60 + + + + + p11_uri (string) + + + PKCS#11 URI (see RFC-7512 for details) which can be + used to restrict the selection of devices used for + Smartcard authentication. By default SSSD's + p11_child will search for a PKCS#11 slot (reader) + where the 'removable' flags is set and read the + certificates from the inserted token from the first + slot found. If multiple readers are connected + p11_uri can be used to tell p11_child to use a + specific reader. + + + Example: + +p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader + + or + +p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2 + + To find suitable URI please check the debug output + of p11_child. As an alternative the GnuTLS utility + 'p11tool' with e.g. the '--list-all' will show + PKCS#11 URIs as well. + + + Default: none + + + + + pam_initgroups_scheme + + + The PAM responder can force an online lookup to get + the current group memberships of the user trying to + log in. This option controls when this should be + done and the following values are allowed: + + always + Always do an online lookup, + please note that pam_id_timeout still + applies + + no_session + Only do an online + lookup if there is no active session of the + user, i.e. if the user is currently not logged + in + + never + Never force an online lookup, + use the data from the cache as long as they are + not expired + + + + + Default: no_session + + + + + pam_gssapi_services + + + Comma separated list of PAM services that are + allowed to try GSSAPI authentication using + pam_sss_gss.so module. + + + To disable GSSAPI authentication, set this option + to - (dash). + + + Note: This option can also be set per-domain which + overwrites the value in [pam] section. It can also + be set for trusted domain which overwrites the value + in the domain section. + + + Example: + +pam_gssapi_services = sudo, sudo-i + + + + Default: - (GSSAPI authentication is disabled) + + + + + pam_gssapi_check_upn + + + If True, SSSD will require that the Kerberos user + principal that successfully authenticated through + GSSAPI can be associated with the user who is being + authenticated. Authentication will fail if the check + fails. + + + If False, every user that is able to obtained + required service ticket will be authenticated. + + + Note: This option can also be set per-domain which + overwrites the value in [pam] section. It can also + be set for trusted domain which overwrites the value + in the domain section. + + + Default: True + + + + + pam_gssapi_indicators_map + + + Comma separated list of authentication indicators required + to be present in a Kerberos ticket to access a PAM service + that is allowed to try GSSAPI authentication using + pam_sss_gss.so module. + + + Each element of the list can be either an authentication indicator + name or a pair service:indicator. Indicators not + prefixed with the PAM service name will be required to access any + PAM service configured to be used with + . A resulting list of indicators + per PAM service is then checked against indicators in the Kerberos + ticket during authentication by pam_sss_gss.so. Any indicator from the + ticket that matches the resulting list of indicators for the PAM service + would grant access. If none of the indicators in the list match, access + will be denied. If the resulting list of indicators for the PAM service + is empty, the check will not prevent the access. + + + To disable GSSAPI authentication indicator check, set this option + to - (dash). To disable the check for a specific PAM + service, add service:-. + + + Note: This option can also be set per-domain which + overwrites the value in [pam] section. It can also + be set for trusted domain which overwrites the value + in the domain section. + + + Following authentication indicators are supported by IPA Kerberos deployments: + + + pkinit -- pre-authentication using X.509 certificates -- whether stored in files or on smart cards. + + + hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a FAST channel. + + + radius -- pre-authentication with the help of a RADIUS server. + + + otp -- pre-authentication using integrated two-factor authentication (2FA or one-time password, OTP) in IPA. + + + idp -- pre-authentication using external identity provider. + + + + + Example: to require access to SUDO services only + for users which obtained their Kerberos tickets + with a X.509 certificate pre-authentication + (PKINIT), set + +pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit + + + + Default: not set (use of authentication indicators is not required) + + + + + + + + SUDO configuration options + + These options can be used to configure the sudo service. + The detailed instructions for configuration of + + sudo + 8 + to work with + + sssd + 8 + are in the manual page + + sssd-sudo + 5 + . + + + + sudo_timed (bool) + + + Whether or not to evaluate the sudoNotBefore + and sudoNotAfter attributes that implement + time-dependent sudoers entries. + + + Default: false + + + + + + + sudo_threshold (integer) + + + Maximum number of expired rules that can be + refreshed at once. If number of expired rules + is below threshold, those rules are refreshed + with rules refresh mechanism. If + the threshold is exceeded a + full refresh of sudo rules is + triggered instead. This threshold number also + applies to IPA sudo command and command group + searches. + + + Default: 50 + + + + + + + + AUTOFS configuration options + + These options can be used to configure the autofs service. + + + + autofs_negative_timeout (integer) + + + Specifies for how many seconds should the + autofs responder negative cache hits + (that is, queries for invalid map entries, + like nonexistent ones) before asking the back + end again. + + + Default: 15 + + + + + + + + + SSH configuration options + + These options can be used to configure the SSH service. + + + + ssh_hash_known_hosts (bool) + + + Whether or not to hash host names and addresses in + the managed known_hosts file. + + + Default: false + + + + + ssh_known_hosts_timeout (integer) + + + How many seconds to keep a host in the managed + known_hosts file after its host keys were requested. + + + Default: 180 + + + + + ssh_use_certificate_keys (bool) + + + If set to true the + sss_ssh_authorizedkeys will + return ssh keys derived from the public key of X.509 + certificates stored in the user entry as well. See + + sss_ssh_authorizedkeys + 1 + for details. + + + Default: true + + + + + ssh_use_certificate_matching_rules (string) + + + By default the ssh responder will use all available + certificate matching rules to filter the + certificates so that ssh keys are only derived from + the matching ones. With this option the used rules + can be restricted with a comma separated list of + mapping and matching rule names. All other rules + will be ignored. + + + There are two special key words 'all_rules' and + 'no_rules' which will enable all or no rules, + respectively. The latter means that no certificates + will be filtered out and ssh keys will be generated + from all valid certificates. + + + If no rules are configured using 'all_rules' will + enable a default rule which enables all + certificates suitable for client authentication. + This is the same behavior as for the PAM responder + if certificate authentication is enabled. + + + A non-existing rule name is considered an error. + If as a result no rule is selected all certificates + will be ignored. + + + Default: not set, equivalent to 'all_rules', + all found rules or the default rule are used + + + + + ca_db (string) + + + Path to a storage of trusted CA certificates. The + option is used to validate user certificates before + deriving public ssh keys from them. + + + Default: + + /etc/sssd/pki/sssd_auth_ca_db.pem + (path to a file with trusted CA + certificates in PEM format) + + + + + + + + + + + PAC responder configuration options + + The PAC responder works together with the authorization data + plugin for MIT Kerberos sssd_pac_plugin.so and a sub-domain + provider. The plugin sends the PAC data during a GSSAPI + authentication to the PAC responder. The sub-domain provider + collects domain SID and ID ranges of the domain the client is + joined to and of remote trusted domains from the local domain + controller. If the PAC is decoded and evaluated some of the + following operations are done: + + If the remote user does not exist in the + cache, it is created. The UID is determined with the help + of the SID, trusted domains will have UPGs and the GID + will have the same value as the UID. The home directory is + set based on the subdomain_homedir parameter. The shell will + be empty by default, i.e. the system defaults are used, but + can be overwritten with the default_shell parameter. + + If there are SIDs of groups from domains + sssd knows about, the user will be added to those groups. + + + + + These options can be used to configure the PAC responder. + + + + allowed_uids (string) + + + Specifies the comma-separated list of UID values or + user names that are allowed to access the PAC + responder. User names are resolved to UIDs at + startup. + + + Default: 0 (only the root user is allowed to access + the PAC responder) + + + Please note that although the UID 0 is used as the + default it will be overwritten with this option. If + you still want to allow the root user to access the + PAC responder, which would be the typical case, you + have to add 0 to the list of allowed UIDs as well. + + + + + pac_lifetime (integer) + + + Lifetime of the PAC entry in seconds. As long as the + PAC is valid the PAC data can be used to determine + the group memberships of a user. + + + Default: 300 + + + + + pac_check (string) + + + Apply additional checks on the PAC of the Kerberos + ticket which is available in Active Directory and + FreeIPA domains, if configured. Please note that + Kerberos ticket validation must be enabled to be + able to check the PAC, i.e. the krb5_validate option + must be set to 'True' which is the default for the + IPA and AD provider. If krb5_validate is set to + 'False' the PAC checks will be skipped. + + + The following options can be used alone or in a + comma-separated list: + + + no_check + + The PAC must not be present and even + if it is present no additional checks will be + done. + + + + pac_present + + The PAC must be present in the + service ticket which SSSD will request with + the help of the user's TGT. If the PAC is + not available the authentication will fail. + + + + + check_upn + + If the PAC is present check if the + user principal name (UPN) information is + consistent. + + + + check_upn_allow_missing + + This option should be used together + with 'check_upn' and handles the case where + a UPN is set on the server-side but is not + read by SSSD. The typical example is a + FreeIPA domain where 'ldap_user_principal' + is set to a not existing attribute name. + This was typically done to work-around + issues in the handling of enterprise + principals. But this is fixed since quite + some time and FreeIPA can handle enterprise + principals just fine and there is no need + anymore to set 'ldap_user_principal'. + Currently this option is set by + default to avoid regressions in such + environments. A log message will be added + to the system log and SSSD's debug log in + case a UPN is found in the PAC but not in + SSSD's cache. To avoid this log message it + would be best to evaluate if the + 'ldap_user_principal' option can be removed. + If this is not possible, removing + 'check_upn' will skip the test and avoid the + log message. + + + + upn_dns_info_present + + The PAC must contain the UPN-DNS-INFO + buffer, implies 'check_upn'. + + + + check_upn_dns_info_ex + + If the PAC is present and the + extension to the UPN-DNS-INFO buffer is + available check if the information in the + extension is consistent. + + + + upn_dns_info_ex_present + + The PAC must contain the extension of + the UPN-DNS-INFO buffer, implies + 'check_upn_dns_info_ex', + 'upn_dns_info_present' and 'check_upn'. + + + + + + + Default: no_check (AD and IPA provider + 'check_upn, check_upn_allow_missing, check_upn_dns_info_ex') + + + + + + + + Session recording configuration options + + Session recording works in conjunction with + + tlog-rec-session + 8 + , a part of tlog package, to log what users see + and type when they log in on a text terminal. + See also + + sssd-session-recording + 5 + . + + + These options can be used to configure session recording. + + + + scope (string) + + + One of the following strings specifying the scope + of session recording: + + + "none" + + + No users are recorded. + + + + + "some" + + + Users/groups specified by + users + and + groups + options are recorded. + + + + + "all" + + + All users are recorded. + + + + + + + Default: "none" + + + + + users (string) + + + A comma-separated list of users which should have + session recording enabled. Matches user names as + returned by NSS. I.e. after the possible space + replacement, case changes, etc. + + + Default: Empty. Matches no users. + + + + + groups (string) + + + A comma-separated list of groups, members of which + should have session recording enabled. Matches + group names as returned by NSS. I.e. after the + possible space replacement, case changes, etc. + + + NOTE: using this option (having it set to + anything) has a considerable performance cost, + because each uncached request for a user requires + retrieving and matching the groups the user is + member of. + + + Default: Empty. Matches no groups. + + + + + exclude_users (string) + + + A comma-separated list of users to be excluded from + recording, only applicable with 'scope=all'. + + + Default: Empty. No users excluded. + + + + + exclude_groups (string) + + + A comma-separated list of groups, members of which + should be excluded from recording. Only applicable + with 'scope=all'. + + + NOTE: using this option (having it set to + anything) has a considerable performance cost, + because each uncached request for a user requires + retrieving and matching the groups the user is + member of. + + + Default: Empty. No groups excluded. + + + + + + + + + + DOMAIN SECTIONS + + These configuration options can be present in a domain + configuration section, that is, in a section called + [domain/NAME] + + + enabled + + + Explicitly enable or disable the domain. If + true, the domain is always + enabled. If false, + the domain is always disabled. If + this option is not set, the domain is enabled only + if it is listed in the domains option in the + [sssd] section. + + + + + + domain_type (string) + + + Specifies whether the domain is meant to be used + by POSIX-aware clients such as the Name Service Switch + or by applications that do not need POSIX data to be + present or generated. Only objects from POSIX domains + are available to the operating system interfaces and + utilities. + + + Allowed values for this option are posix + and application. + + + POSIX domains are reachable by all services. Application + domains are only reachable from the InfoPipe responder (see + + sssd-ifp + 5 + ) and the PAM responder. + + + NOTE: The application domains are currently well tested with + id_provider=ldap only. + + + For an easy way to configure a non-POSIX domains, please + see the Application domains section. + + + Default: posix + + + + + + min_id,max_id (integer) + + + UID and GID limits for the domain. If a domain + contains an entry that is outside these limits, it + is ignored. + + + For users, this affects the primary GID limit. The + user will not be returned to NSS if either the + UID or the primary GID is outside the range. For + non-primary group memberships, those that are in + range will be reported as expected. + + + These ID limits affect even saving entries to + cache, not only returning them by name or ID. + + + Default: 1 for min_id, 0 (no limit) for max_id + + + + + + enumerate (bool) + + + Determines if a domain can be enumerated, + that is, whether the domain can list all the + users and group it contains. Note that it is + not required to enable enumeration in order + for secondary groups to be displayed. This + parameter can have one of the following values: + + + TRUE = Users and groups are enumerated + + + FALSE = No enumerations for this domain + + + Default: FALSE + + + Enumerating a domain requires SSSD to download + and store ALL user and group entries from the + remote server. + + + Note: Enabling enumeration has a moderate + performance impact on SSSD while enumeration + is running. It may take up to several minutes + after SSSD startup to fully complete enumerations. + During this time, individual requests for + information will go directly to LDAP, though it + may be slow, due to the heavy enumeration + processing. Saving a large number of entries + to cache after the enumeration completes might + also be CPU intensive as the memberships have + to be recomputed. This can lead to the + sssd_be process becoming unresponsive + or even restarted by the internal watchdog. + + + While the first enumeration is running, requests + for the complete user or group lists may return + no results until it completes. + + + Further, enabling enumeration may increase the time + necessary to detect network disconnection, as + longer timeouts are required to ensure that + enumeration lookups are completed successfully. + For more information, refer to the man pages for + the specific id_provider in use. + + + For the reasons cited above, enabling enumeration + is not recommended, especially in large + environments. + + + + + + subdomain_enumerate (string) + + + Whether any of autodetected trusted domains should + be enumerated. The supported values are: + + + all + All discovered trusted domains will be enumerated + + + none + No discovered trusted domains will be enumerated + + + Optionally, a list of one or more domain + names can enable enumeration just for these + trusted domains. + + + Default: none + + + + + + entry_cache_timeout (integer) + + + How many seconds should nss_sss consider + entries valid before asking the backend again + + + The cache expiration timestamps are stored + as attributes of individual objects in the + cache. Therefore, changing the cache timeout only + has effect for newly added or expired entries. + You should run the + + sss_cache + 8 + + tool in order to force refresh of entries that + have already been cached. + + + Default: 5400 + + + + + + entry_cache_user_timeout (integer) + + + How many seconds should nss_sss consider + user entries valid before asking the backend again + + + Default: entry_cache_timeout + + + + + + entry_cache_group_timeout (integer) + + + How many seconds should nss_sss consider + group entries valid before asking the backend again + + + Default: entry_cache_timeout + + + + + + entry_cache_netgroup_timeout (integer) + + + How many seconds should nss_sss consider + netgroup entries valid before asking the backend again + + + Default: entry_cache_timeout + + + + + + entry_cache_service_timeout (integer) + + + How many seconds should nss_sss consider + service entries valid before asking the backend again + + + Default: entry_cache_timeout + + + + + + entry_cache_resolver_timeout (integer) + + + How many seconds should nss_sss consider + hosts and networks entries valid before asking + the backend again + + + Default: entry_cache_timeout + + + + + + entry_cache_sudo_timeout (integer) + + + How many seconds should sudo consider + rules valid before asking the backend again + + + Default: entry_cache_timeout + + + + + + entry_cache_autofs_timeout (integer) + + + How many seconds should the autofs service + consider automounter maps valid before asking + the backend again + + + Default: entry_cache_timeout + + + + + + entry_cache_ssh_host_timeout (integer) + + + How many seconds to keep a host ssh key after + refresh. IE how long to cache the host key + for. + + + Default: entry_cache_timeout + + + + + + entry_cache_computer_timeout (integer) + + + How many seconds to keep the local computer + entry before asking the backend again + + + Default: entry_cache_timeout + + + + + + refresh_expired_interval (integer) + + + Specifies how many seconds SSSD has to wait before + triggering a background refresh task which will + refresh all expired or nearly expired records. + + + The background refresh will process users, + groups and netgroups in the cache. For users + who have performed the initgroups (get group + membership for user, typically ran at login) + operation in the past, both the user entry + and the group membership are updated. + + + This option is automatically inherited for all + trusted domains. + + + You can consider setting this value to + 3/4 * entry_cache_timeout. + + + Cache entry will be refreshed by background task + when 2/3 of cache timeout has already passed. + If there are existing cached entries, the background + task will refer to their original cache timeout + values instead of current configuration value. + This may lead to a situation in which background refresh + task appears to not be working. This is done + by design to improve offline mode operation and + reuse of existing valid cache entries. + To make this change instant the user may want to + manually invalidate existing cache. + + + Default: 0 (disabled) + + + + + + cache_credentials (bool) + + + Determines if user credentials are also cached + in the local LDB cache. The cached credentials + refer to passwords, which includes the first (long + term) factor of two-factor authentication, not + other authentication mechanisms. Passkey and + Smartcard authentications are expected to work + offline as long as a successful online + authentication is recorded in the cache without + additional configuration. + + + Take a note that while credentials are stored as + a salted SHA512 hash, this still potentially poses + some security risk in case an attacker manages to + get access to a cache file (normally requires + privileged access) and to break a password using + brute force attack. + + + Default: FALSE + + + + + + cache_credentials_minimal_first_factor_length (int) + + + If 2-Factor-Authentication (2FA) is used and + credentials should be saved this value determines + the minimal length the first authentication factor + (long term password) must have to be saved as SHA512 + hash into the cache. + + + This should avoid that the short PINs of a PIN based + 2FA scheme are saved in the cache which would make + them easy targets for brute-force attacks. + + + Default: 8 + + + + + + account_cache_expiration (integer) + + + Number of days entries are left in cache after + last successful login before being removed during + a cleanup of the cache. 0 means keep forever. + The value of this parameter must be greater than or + equal to offline_credentials_expiration. + + + Default: 0 (unlimited) + + + + + pwd_expiration_warning (integer) + + + Display a warning N days before the password expires. + + + If zero is set, then this filter is not applied, + i.e. if the expiration warning was received from + backend server, it will automatically be displayed. + + + Please note that the backend server has to provide + information about the expiration time of the password. + If this information is missing, sssd cannot display a + warning. Also an auth provider has to be configured for + the backend. + + + Default: 7 (Kerberos), 0 (LDAP) + + + + + + id_provider (string) + + + The identification provider used for the domain. + Supported ID providers are: + + + proxy: Support a legacy NSS provider. + + + files: FILES provider. See + + sssd-files + 5 + for more information on + how to mirror local users and groups into SSSD. + + + ldap: LDAP provider. See + + sssd-ldap + 5 + for more information on + configuring LDAP. + + + ipa: FreeIPA and Red Hat + Identity Management provider. See + + sssd-ipa + 5 + for more information on + configuring FreeIPA. + + + ad: Active Directory provider. See + + sssd-ad + 5 + for more information on + configuring Active Directory. + + + + + + use_fully_qualified_names (bool) + + + Use the full name and domain (as formatted by + the domain's full_name_format) as the user's login + name reported to NSS. + + + If set to TRUE, all requests to this domain + must use fully qualified names. For example, + if used in LOCAL domain that contains a "test" + user, getent passwd test + wouldn't find the user while getent + passwd test@LOCAL would. + + + NOTE: This option has no effect on netgroup + lookups due to their tendency to include nested + netgroups without qualified names. For netgroups, + all domains will be searched when an unqualified + name is requested. + + + Default: FALSE (TRUE for trusted + domain/sub-domains or if default_domain_suffix + is used) + + + + + ignore_group_members (bool) + + + Do not return group members for group lookups. + + + If set to TRUE, the group membership attribute + is not requested from the ldap server, and + group members are not returned when processing + group lookup calls, such as + + getgrnam + 3 + + or + + getgrgid + 3 + . + As an effect, getent group + $groupname would return the requested + group as if it was empty. + + + Enabling this option can also make access + provider checks for group membership + significantly faster, especially for groups + containing many members. + + + This option can be also set per subdomain or + inherited via + subdomain_inherit. + + + Default: FALSE + + + + + auth_provider (string) + + + The authentication provider used for the domain. + Supported auth providers are: + + + ldap for native LDAP authentication. See + + sssd-ldap + 5 + for more information on configuring LDAP. + + + krb5 for Kerberos authentication. See + + sssd-krb5 + 5 + for more information on configuring Kerberos. + + + ipa: FreeIPA and Red Hat + Identity Management provider. See + + sssd-ipa + 5 + for more information on + configuring FreeIPA. + + + ad: Active Directory provider. See + + sssd-ad + 5 + for more information on + configuring Active Directory. + + + proxy for relaying authentication to some other PAM target. + + + none disables authentication explicitly. + + + Default: id_provider is used if it + is set and can handle authentication requests. + + + + + access_provider (string) + + + The access control provider used for the domain. + There are two built-in access providers (in + addition to any included in installed backends) + Internal special providers are: + + + permit always allow access. It's the only permitted access provider for a local domain. + + + deny always deny access. + + + ldap for native LDAP authentication. See + + sssd-ldap + 5 + for more information on configuring LDAP. + + + ipa: FreeIPA and Red Hat + Identity Management provider. See + + sssd-ipa + 5 + for more information on + configuring FreeIPA. + + + ad: Active Directory provider. See + + sssd-ad + 5 + for more information on + configuring Active Directory. + + + simple access control based on access + or deny lists. See + sssd-simple + 5 for more + information on configuring the simple access module. + + + krb5: .k5login based access control. + See + sssd-krb5 + 5 for more + information on configuring Kerberos. + + + proxy for relaying access control to another PAM module. + + + Default: permit + + + + + chpass_provider (string) + + + The provider which should handle change password + operations for the domain. + Supported change password providers are: + + + ldap to change a password stored + in a LDAP server. See + + sssd-ldap + 5 + for more information on configuring LDAP. + + + krb5 to change the Kerberos + password. See + + sssd-krb5 + 5 + for more information on configuring Kerberos. + + + ipa: FreeIPA and Red Hat + Identity Management provider. See + + sssd-ipa + 5 + for more information on + configuring FreeIPA. + + + ad: Active Directory provider. See + + sssd-ad + 5 + for more information on + configuring Active Directory. + + + proxy for relaying password changes + to some other PAM target. + + + none disallows password changes explicitly. + + + Default: auth_provider is used if it + is set and can handle change password requests. + + + + + + sudo_provider (string) + + + The SUDO provider used for the domain. + Supported SUDO providers are: + + + ldap for rules stored in LDAP. See + + sssd-ldap + 5 + for more information on configuring + LDAP. + + + ipa the same as ldap + but with IPA default settings. + + + ad the same as ldap + but with AD default settings. + + + none disables SUDO explicitly. + + + Default: The value of id_provider is + used if it is set. + + + The detailed instructions for configuration of + sudo_provider are in the manual page + + sssd-sudo + 5 + . + There are many configuration options that can be + used to adjust the behavior. Please refer to + "ldap_sudo_*" in + + sssd-ldap + 5 + . + + + NOTE: Sudo rules are + periodically downloaded in the background unless + the sudo provider is explicitly disabled. Set + sudo_provider = None to + disable all sudo-related activity in SSSD if you do + not want to use sudo with SSSD at all. + + + + + selinux_provider (string) + + + The provider which should handle loading of selinux + settings. Note that this provider will be called right + after access provider ends. + Supported selinux providers are: + + + ipa to load selinux settings + from an IPA server. See + + sssd-ipa + 5 + for more information on configuring IPA. + + + none disallows fetching selinux settings explicitly. + + + Default: id_provider is used if it + is set and can handle selinux loading requests. + + + + + subdomains_provider (string) + + + The provider which should handle fetching of + subdomains. This value should be always the same as + id_provider. + Supported subdomain providers are: + + + ipa to load a list of subdomains + from an IPA server. See + + sssd-ipa + 5 + for more information on configuring + IPA. + + + ad to load a list of subdomains + from an Active Directory server. See + + sssd-ad + 5 + for more information on configuring + the AD provider. + + + none disallows fetching subdomains + explicitly. + + + Default: The value of id_provider is + used if it is set. + + + + + session_provider (string) + + + The provider which configures and manages user session + related tasks. The only user session task currently + provided is the integration with Fleet Commander, which + works only with IPA. + Supported session providers are: + + + ipa to allow performing user session + related tasks. + + + none does not perform any kind of user + session related tasks. + + + Default: id_provider is used if it + is set and can perform session related tasks. + + + NOTE: In order to have this feature + working as expected SSSD must be running as "root" and + not as the unprivileged user. + + + + + + autofs_provider (string) + + + The autofs provider used for the domain. + Supported autofs providers are: + + + ldap to load maps stored in LDAP. See + + sssd-ldap + 5 + for more information on configuring LDAP. + + + ipa to load maps stored in an IPA + server. See + + sssd-ipa + 5 + for more information on configuring IPA. + + + ad to load maps stored in an AD + server. See + + sssd-ad + 5 + for more information on configuring + the AD provider. + + + none disables autofs explicitly. + + + Default: The value of id_provider is used if it + is set. + + + + + + hostid_provider (string) + + + The provider used for retrieving host identity information. + Supported hostid providers are: + + + ipa to load host identity stored in an IPA + server. See + + sssd-ipa + 5 + for more information on configuring IPA. + + + none disables hostid explicitly. + + + Default: The value of id_provider is used if it + is set. + + + + + + resolver_provider (string) + + + The provider which should handle hosts and networks + lookups. Supported resolver providers are: + + + proxy to forward lookups to another + NSS library. See proxy_resolver_lib_name + + + ldap to fetch hosts and networks stored in LDAP. See + + sssd-ldap + 5 + for more information on configuring LDAP. + + + ad to fetch hosts and networks stored in AD. See + + sssd-ad + 5 + for more information on configuring + the AD provider. + + + none disallows fetching hosts and networks explicitly. + + + Default: The value of id_provider is used if it + is set. + + + + + + re_expression (string) + + + Regular expression for this domain that describes + how to parse the string containing user name and + domain into these components. + The "domain" can match either the SSSD + configuration domain name, or, in the case + of IPA trust subdomains and Active Directory + domains, the flat (NetBIOS) name of the domain. + + + Default: ^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>[^@]+))$ + + which allows two different styles for user names: + + + username + + + username@domain.name + + + + + Default for the AD and IPA provider: + ^(((?P<domain>[^\\]+)\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<name>[^@\\]+)))$ + + which allows three different styles for user names: + + + username + + + username@domain.name + + + domain\username + + + While the first two correspond to the general + default the third one is introduced to allow easy + integration of users from Windows domains. + + + The default re_expression uses the @ + character as a separator between the name and the + domain. As a result of this setting the default + does not accept the @ character in + short names (as it is allowed in Windows group + names). If a user wishes to use short names with + @ they must create their own + re_expression. + + + + + full_name_format (string) + + + A + printf + 3 + -compatible format that describes how to + compose a fully qualified name from user name + and domain name components. + + + The following expansions are supported: + + + %1$s + user name + + + %2$s + + + domain name as specified in the + SSSD config file. + + + + + %3$s + + + domain flat name. Mostly usable + for Active Directory domains, both + directly configured or discovered + via IPA trusts. + + + + + + + Default: %1$s@%2$s. + + + + + + lookup_family_order (string) + + + Provides the ability to select preferred address family + to use when performing DNS lookups. + + + Supported values: + + + ipv4_first: Try looking up IPv4 address, if that fails, try IPv6 + + + ipv4_only: Only attempt to resolve hostnames to IPv4 addresses. + + + ipv6_first: Try looking up IPv6 address, if that fails, try IPv4 + + + ipv6_only: Only attempt to resolve hostnames to IPv6 addresses. + + + Default: ipv4_first + + + + + + dns_resolver_server_timeout (integer) + + + Defines the amount of time (in milliseconds) + SSSD would try to talk to DNS server before + trying next DNS server. + + + The AD provider will use this option for the + CLDAP ping timeouts as well. + + + Please see the section FAILOVER + for more information about the service + resolution. + + + Default: 1000 + + + + + + dns_resolver_op_timeout (integer) + + + Defines the amount of time (in seconds) to + wait to resolve single DNS query + (e.g. resolution of a hostname or an SRV record) + before trying the next hostname or DNS discovery. + + + Please see the section FAILOVER + for more information about the service + resolution. + + + Default: 3 + + + + + + dns_resolver_timeout (integer) + + + Defines the amount of time (in seconds) to + wait for a reply from the internal fail over + service before assuming that the service is + unreachable. If this timeout is reached, the + domain will continue to operate in offline mode. + + + Please see the section FAILOVER + for more information about the service + resolution. + + + Default: 6 + + + + + + dns_resolver_use_search_list (bool) + + + Normally, the DNS resolver searches the domain + list defined in the "search" directive from the + resolv.conf file. This can lead to delays in + environments with improperly configured DNS. + + + If fully qualified domain names (or _srv_) are used + in the SSSD configuration, setting this option + to FALSE can prevent unnecessary DNS lookups in such + environments. + + + Default: TRUE + + + + + + dns_discovery_domain (string) + + + If service discovery is used in the back end, specifies + the domain part of the service discovery DNS query. + + + Default: Use the domain part of machine's hostname + + + + + + override_gid (integer) + + + Override the primary GID value with the one specified. + + + + + + case_sensitive (string) + + + Treat user and group names as case sensitive. + Possible option values are: + + + True + + + Case sensitive. This value is invalid + for AD provider. + + + + + False + + Case insensitive. + + + + Preserving + + + Same as False (case insensitive), but + does not lowercase names in the result + of NSS operations. Note that name + aliases (and in case of services also + protocol names) are still lowercased in + the output. + + + If you want to set this value for + trusted domain with IPA provider, you + need to set it on both the client and + SSSD on the server. + + + + + + + This option can be also set per subdomain or + inherited via + subdomain_inherit. + + + Default: True (False for AD provider) + + + + + + subdomain_inherit (string) + + + Specifies a list of configuration parameters that + should be inherited by a subdomain. Please note + that only selected parameters can be inherited. + Currently the following options can be inherited: + + + ldap_search_timeout + + + ldap_network_timeout + + + ldap_opt_timeout + + + ldap_offline_timeout + + + ldap_enumeration_refresh_timeout + + + ldap_enumeration_refresh_offset + + + ldap_purge_cache_timeout + + + ldap_purge_cache_offset + + + ldap_krb5_keytab (the value of krb5_keytab will be + used if ldap_krb5_keytab is not set explicitly) + + + ldap_krb5_ticket_lifetime + + + ldap_enumeration_search_timeout + + + ldap_connection_expire_timeout + + + ldap_connection_expire_offset + + + ldap_connection_idle_timeout + + + ldap_use_tokengroups + + + ldap_user_principal + + + ignore_group_members + + + auto_private_groups + + + case_sensitive + + + Example: + +subdomain_inherit = ldap_purge_cache_timeout + + + + Default: none + + + Note: This option only works with the IPA and + AD provider. + + + + + + subdomain_homedir (string) + + + Use this homedir as default value for all subdomains + within this domain in IPA AD trust. + See override_homedir + for info about possible values. In addition to those, the + expansion below can only be used with + subdomain_homedir. + + + %F + flat (NetBIOS) name of a subdomain. + + + + + The value can be overridden by + override_homedir option. + + + Default: /home/%d/%u + + + + + realmd_tags (string) + + + Various tags stored by the realmd configuration service + for this domain. + + + + + cached_auth_timeout (int) + + + Specifies time in seconds since last successful + online authentication for which user will be + authenticated using cached credentials while + SSSD is in the online mode. If the credentials + are incorrect, SSSD falls back to online + authentication. + + + This option's value is inherited by all trusted + domains. At the moment it is not possible to set + a different value per trusted domain. + + + Special value 0 implies that this feature is + disabled. + + + Please note that if cached_auth_timeout + is longer than pam_id_timeout then the + back end could be called to handle + initgroups. + + + Default: 0 + + + + + local_auth_policy (string) + + + Local authentication methods policy. Some backends + (i.e. LDAP, proxy provider) only support a password + based authentication, while others can handle PKINIT + based Smartcard authentication (AD, IPA), + two-factor authentication (IPA), or other methods + against a central instance. By default in such cases + authentication is only performed with the methods + supported by the backend. + + + There are three possible values for this option: + match, only, enable. match is + used to match offline and online states for Kerberos + methods. only ignores the online methods + and only offer the local ones. enable allows explicitly + defining the methods for local authentication. As an + example, enable:passkey, only enables + passkey for local authentication. Multiple enable values + should be comma-separated, such as + enable:passkey, enable:smartcard + + + Please note that if local Smartcard authentication + is enabled and a Smartcard is present, Smartcard + authentication will be preferred over the + authentication methods supported by the backend. + I.e. there will be a PIN prompt instead of e.g. a + password prompt. + + + The following configuration example allows local users + to authenticate locally using any enabled method + (i.e. smartcard, passkey). + +[domain/shadowutils] +id_provider = proxy +proxy_lib_name = files +auth_provider = none +local_auth_policy = only + + + + It is expected that the files + provider ignores the local_auth_policy option and + supports Smartcard authentication by default. + + + Default: match + + + + + auto_private_groups (string) + + + This option takes any of three available values: + + + true + + + Create user's private group unconditionally from user's UID number. + The GID number is ignored in this case. + + + NOTE: Because the GID number and the user private group + are inferred from the UID number, it is not supported + to have multiple entries with the same UID or GID number + with this option. In other words, enabling this option + enforces uniqueness across the ID space. + + + + + false + + + Always use the user's primary GID number. The GID number must refer + to a group object in the LDAP database. + + + + + hybrid + + + A primary group is autogenerated + for user entries whose UID + and GID numbers have the same + value and at the same time the + GID number does not correspond + to a real group object in LDAP. + If the values are the same, but + the primary GID in the user entry + is also used by a group object, + the primary GID of the user resolves + to that group object. + + + If the UID and GID of a user + are different, then the GID + must correspond to a group + entry, otherwise the GID is + simply not resolvable. + + + This feature is useful for + environments that wish to stop + maintaining a separate group + objects for the user private + groups, but also wish to retain + the existing user private groups. + + + + + + + For subdomains, the default value is False for + subdomains that use assigned POSIX IDs and True + for subdomains that use automatic ID-mapping. + + + The value of auto_private_groups can either be set per subdomains + in a subsection, for example: + +[domain/forest.domain/sub.domain] +auto_private_groups = false + + or globally for all subdomains in the main domain section + using the subdomain_inherit option: + +[domain/forest.domain] +subdomain_inherit = auto_private_groups +auto_private_groups = false + + + + + + + + + Options valid for proxy domains. + + + + proxy_pam_target (string) + + + The proxy target PAM proxies to. + + + Default: not set by default, you have to take an + existing pam configuration or create a new one and + add the service name here. As an alternative you + can enable local authentication with the + local_auth_policy option. + + + + + + proxy_lib_name (string) + + + The name of the NSS library to use in proxy + domains. The NSS functions searched for in the + library are in the form of + _nss_$(libName)_$(function), for example + _nss_files_getpwent. + + + + + + proxy_resolver_lib_name (string) + + + The name of the NSS library to use for hosts and + networks lookups in proxy domains. The NSS + functions searched for in the + library are in the form of + _nss_$(libName)_$(function), for example + _nss_dns_gethostbyname2_r. + + + + + + proxy_fast_alias (boolean) + + + When a user or group is looked up by name in + the proxy provider, a second lookup by ID is + performed to "canonicalize" the name in case + the requested name was an alias. Setting this + option to true would cause the SSSD to perform + the ID lookup from cache for performance reasons. + + + Default: false + + + + + + proxy_max_children (integer) + + + This option specifies the number of pre-forked + proxy children. It is useful for high-load SSSD + environments where sssd may run out of available + child slots, which would cause some issues due to + the requests being queued. + + + Default: 10 + + + + + + + + + Application domains + + SSSD, with its D-Bus interface (see + + sssd-ifp + 5 + ) is appealing to applications + as a gateway to an LDAP directory where users and groups + are stored. However, contrary to the traditional SSSD + deployment where all users and groups either have POSIX + attributes or those attributes can be inferred from the + Windows SIDs, in many cases the users and groups in the + application support scenario have no POSIX attributes. + Instead of setting a + [domain/NAME] + section, the administrator can set up an + [application/NAME] + section that internally represents a domain with type + application optionally inherits settings + from a tradition SSSD domain. + + + Please note that the application domain must still be + explicitly enabled in the domains parameter + so that the lookup order between the application domain + and its POSIX sibling domain is set correctly. + + + Application domain parameters + + inherit_from (string) + + + The SSSD POSIX-type domain the application + domain inherits all settings from. The + application domain can moreover add its own + settings to the application settings that augment + or override the sibling + domain settings. + + + Default: Not set + + + + + + The following example illustrates the use of an application + domain. In this setup, the POSIX domain is connected to an LDAP + server and is used by the OS through the NSS responder. In addition, + the application domain also requests the telephoneNumber attribute, + stores it as the phone attribute in the cache and makes the phone + attribute reachable through the D-Bus interface. + + +[sssd] +domains = appdom, posixdom + +[ifp] +user_attributes = +phone + +[domain/posixdom] +id_provider = ldap +ldap_uri = ldap://ldap.example.com +ldap_search_base = dc=example,dc=com + +[application/appdom] +inherit_from = posixdom +ldap_user_extra_attrs = phone:telephoneNumber + + + + + + + TRUSTED DOMAIN SECTION + + Some options used in the domain section can also be used in the + trusted domain section, that is, in a section called + [domain/DOMAIN_NAME/TRUSTED_DOMAIN_NAME]. + Where DOMAIN_NAME is the actual joined-to base domain. Please refer + to examples below for explanation. + Currently supported options in the trusted domain section are: + + ldap_search_base, + ldap_user_search_base, + ldap_group_search_base, + ldap_netgroup_search_base, + ldap_service_search_base, + ldap_sasl_mech, + ad_server, + ad_backup_server, + ad_site, + use_fully_qualified_names + pam_gssapi_services + pam_gssapi_check_upn + + For more details about these options see their individual description + in the manual page. + + + + + CERTIFICATE MAPPING SECTION + + To allow authentication with Smartcards and certificates SSSD must + be able to map certificates to users. This can be done by adding the + full certificate to the LDAP object of the user or to a local + override. While using the full certificate is required to use the + Smartcard authentication feature of SSH (see + + sss_ssh_authorizedkeys + 8 + + for details) it might be cumbersome or not even possible to do this + for the general case where local services use PAM for + authentication. + + + To make the mapping more flexible mapping and matching rules were + added to SSSD (see + + sss-certmap + 5 + + for details). + + + A mapping and matching rule can be added to the SSSD configuration + in a section on its own with a name like + [certmap/DOMAIN_NAME/RULE_NAME]. + In this section the following options are allowed: + + + + matchrule (string) + + + Only certificates from the Smartcard which matches this + rule will be processed, all others are ignored. + + + Default: KRB5:<EKU>clientAuth, i.e. only + certificates which have the Extended Key Usage + clientAuth + + + + + maprule (string) + + + Defines how the user is found for a given certificate. + + + Default: + + + LDAP:(userCertificate;binary={cert!bin}) + for LDAP based providers like + ldap, AD or + ipa. + + + The RULE_NAME for the files + provider which tries to find a user with the + same name. + + + + + + + domains (string) + + + Comma separated list of domain names the rule should be + applied. By default a rule is only valid in the domain + configured in sssd.conf. If the provider supports + subdomains this option can be used to add the rule to + subdomains as well. + + + Default: the configured domain in sssd.conf + + + + + priority (integer) + + + Unsigned integer value defining the priority of the + rule. The higher the number the lower the priority. + 0 stands for the highest priority while + 4294967295 is the lowest. + + + Default: the lowest priority + + + + + + To make the configuration simple and reduce the amount of + configuration options the files provider has some + special properties: + + + + if maprule is not set the RULE_NAME name is assumed to + be the name of the matching user + + + + + if a maprule is used both a single user name or a + template like + {subject_rfc822_name.short_name} must + be in braces like e.g. (username) or + ({subject_rfc822_name.short_name}) + + + + + the domains option is ignored + + + + + + + + PROMPTING CONFIGURATION SECTION + + If a special file + (/var/lib/sss/pubconf/pam_preauth_available) + exists SSSD's PAM module pam_sss will ask SSSD to figure out which + authentication methods are available for the user trying to log in. + Based on the results pam_sss will prompt the user for appropriate + credentials. + + + With the growing number of authentication methods and the + possibility that there are multiple ones for a single user the + heuristic used by pam_sss to select the prompting might not be + suitable for all use cases. The following options should provide a + better flexibility here. + + + Each supported authentication method has its own configuration + subsection under [prompting/...]. Currently there + are: + + + [prompting/password] + + to configure password prompting, allowed options are: + password_prompt + to change the string of the password + prompt + + + + + + + [prompting/2fa] + + to configure two-factor authentication prompting, + allowed options are: + first_prompt + to change the string of the prompt for + the first factor + + second_prompt + to change the string of the prompt for + the second factor + + single_prompt + boolean value, if True there will be + only a single prompt using the value of first_prompt + where it is expected that both factors are entered as a + single string. Please note that both factors have to be + entered here, even if the second factor is + optional. + + + If the second factor is optional and it should be possible + to log in either only with the password or with both factors + two-step prompting has to be used. + + + + + + + [prompting/passkey] + + to configure passkey authentication prompting, + allowed options are: + + + interactive + + boolean value, if True prompt a message and wait + before testing the presence of a passkey device. + Recommended if your device doesn’t have a + tactile trigger. + + + + + interactive_prompt + + to change the message of the interactive prompt. + + + + + touch + + boolean value, if True prompt a message to + remind the user to touch the device. + + + + + touch_prompt + + to change the message of the touch prompt. + + + + + + + + + + + It is possible to add a subsection for specific PAM services, + e.g. [prompting/password/sshd] to individual change + the prompting for this service. + + + + + EXAMPLES + + 1. The following example shows a typical SSSD config. It does + not describe configuration of the domains themselves - refer to + documentation on configuring domains for more details. + +[sssd] +domains = LDAP +services = nss, pam +config_file_version = 2 + +[nss] +filter_groups = root +filter_users = root + +[pam] + +[domain/LDAP] +id_provider = ldap +ldap_uri = ldap://ldap.example.com +ldap_search_base = dc=example,dc=com + +auth_provider = krb5 +krb5_server = kerberos.example.com +krb5_realm = EXAMPLE.COM +cache_credentials = true + +min_id = 10000 +max_id = 20000 +enumerate = False + + + + 2. The following example shows configuration of IPA AD trust where + the AD forest consists of two domains in a parent-child structure. + Suppose IPA domain (ipa.com) has trust with AD domain(ad.com). + ad.com has child domain (child.ad.com). To enable shortnames in + the child domain the following configuration should be used. + +[domain/ipa.com/child.ad.com] +use_fully_qualified_names = false + + + + 3. The following example shows the configuration of a certificate + mapping rule. It is valid for the configured domain + my.domain and additionally for the subdomains + your.domain and uses the full certificate in the + search filter. + +[certmap/my.domain/rule_name] +matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$ +maprule = (userCertificate;binary={cert!bin}) +domains = my.domain, your.domain +priority = 10 + + + + + + + + diff --git a/src/man/sssd_krb5_localauth_plugin.8.xml b/src/man/sssd_krb5_localauth_plugin.8.xml new file mode 100644 index 0000000..1fd9af3 --- /dev/null +++ b/src/man/sssd_krb5_localauth_plugin.8.xml @@ -0,0 +1,70 @@ + + + +SSSD Manual pages + + + + + sssd_krb5_localauth_plugin + 8 + + + + sssd_krb5_localauth_plugin + Kerberos local authorization plugin + + + + DESCRIPTION + + The Kerberos local authorization plugin + sssd_krb5_localauth_plugin is used by libkrb5 to + either find the local name for a given Kerberos principal or to + check if a given local name and a given Kerberos principal relate + to each other. + + + SSSD handles the local names for users from a remote source and can + read the Kerberos user principal name from the remote source as + well. With this information SSSD can easily handle the mappings + mentioned above even if the local name and the Kerberos principal + differ considerably. + + + Additionally with the information read from the remote source SSSD + can help to prevent unexpected or unwanted mappings in case the + user part of the Kerberos principal accidentally corresponds to a + local name of a different user. By default libkrb5 might just strip + the realm part of the Kerberos principal to get the local name + which would lead to wrong mappings in this case. + + + + + CONFIGURATION + + The Kerberos local authorization plugin must be enabled explicitly + in the Kerberos configuration, see + + krb5.conf + 5 + . + SSSD will create a config snippet with the content like e.g. + +[plugins] + localauth = { + module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so + } + + automatically in the SSSD's public Kerberos configuration snippet + directory. If this directory is included in the local Kerberos + configuration the plugin will be enabled automatically. + + + + + + + diff --git a/src/man/sssd_krb5_locator_plugin.8.xml b/src/man/sssd_krb5_locator_plugin.8.xml new file mode 100644 index 0000000..c438cda --- /dev/null +++ b/src/man/sssd_krb5_locator_plugin.8.xml @@ -0,0 +1,110 @@ + + + +SSSD Manual pages + + + + + sssd_krb5_locator_plugin + 8 + + + + sssd_krb5_locator_plugin + Kerberos locator plugin + + + + DESCRIPTION + + The Kerberos locator plugin + sssd_krb5_locator_plugin is used by libkrb5 to + find KDCs for a given Kerberos realm. SSSD provides such a plugin to + guide all Kerberos clients on a system to a single KDC. In general + it should not matter to which KDC a client process is talking to. + But there are cases, e.g. after a password change, where not all + KDCs are in the same state because the new data has to be replicated + first. To avoid unexpected authentication failures and maybe even + account lockings it would be good to talk to a single KDC as long as + possible. + + + libkrb5 will search the locator plugin in the libkrb5 sub-directory + of the Kerberos plugin directory, see plugin_base_dir in + + krb5.conf + 5 + + for details. The plugin can only be disabled by removing the plugin + file. There is no option in the Kerberos configuration to disable + it. But the SSSD_KRB5_LOCATOR_DISABLE environment variable can be + used to disable the plugin for individual commands. Alternatively + the SSSD option krb5_use_kdcinfo=False can be used to not generate + the data needed by the plugin. With this the plugin is still + called but will provide no data to the caller so that libkrb5 can + fall back to other methods defined in krb5.conf. + + + The plugin reads the information about the KDCs of a given realm + from a file called kdcinfo.REALM. The file + should contain one or more DNS names or IP addresses either in + dotted-decimal IPv4 notation or the hexadecimal IPv6 notation. + An optional port number can be added to the end separated with + a colon, the IPv6 address has to be enclosed in squared brackets + in this case as usual. Valid entries are: + + kdc.example.com + kdc.example.com:321 + 1.2.3.4 + 5.6.7.8:99 + 2001:db8:85a3::8a2e:370:7334 + [2001:db8:85a3::8a2e:370:7334]:321 + + SSSD's krb5 auth-provider which is used by the IPA and AD providers + as well adds the address of the current KDC or domain controller + SSSD is using to this file. + + + In environments with read-only and read-write KDCs where clients are + expected to use the read-only instances for the general operations + and only the read-write KDC for config changes like password changes + a kpasswdinfo.REALM is used as well to identify + read-write KDCs. If this file exists for the given realm the content + will be used by the plugin to reply to requests for a kpasswd or + kadmin server or for the MIT Kerberos specific master KDC. If the + address contains a port number the default KDC port 88 will be used + for the latter. + + + + + NOTES + + Not all Kerberos implementations support the use of plugins. If + sssd_krb5_locator_plugin is not available on + your system you have to edit /etc/krb5.conf to reflect your + Kerberos setup. + + + If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any + value debug messages will be sent to stderr. + + + If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any + value the plugin is disabled and will just return + KRB5_PLUGIN_NO_HANDLE to the caller. + + + If the environment variable SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES + is set to any value plugin will try to resolve all DNS names + in kdcinfo file. By default plugin returns KRB5_PLUGIN_NO_HANDLE + to the caller immediately on first DNS resolving failure. + + + + + + + diff --git a/src/man/sv/idmap_sss.8.xml b/src/man/sv/idmap_sss.8.xml new file mode 100644 index 0000000..ff69be5 --- /dev/null +++ b/src/man/sv/idmap_sss.8.xml @@ -0,0 +1,76 @@ + + + +SSSD manualsidor + + + + + idmap_sss + 8 + + + + idmap_sss + SSSD:s idmap_sss-bakände för Winbind + + + + BESKRIVNING + + Modulen idmap_sss tillhandahåller ett sätt att anropa SSSD för att översätta +AID:er/GID:er och SID:er. Ingen databas behövs i detta fall eftersom +översättningen görs av SSSD. + + + + + IDMAP-ALTERNATIV + + + + range = låg - hög + + Definierar de tillgängliga matchnings-UID- och GID-intervallen som bakänden +är auktoritativ för. + + + + + + + EXEMPEL + + Detta exempel visar hur man konfigurerar idmap_sss som +standardöversättningsmodulen. + + + +[global] +security = ads +workgroup = <AD-DOMÄNKORTNAMN> + +idmap config <AD-DOMÄNKORTNAMN> : backend = sss +idmap config <AD-DOMÄNKORTNAMN> : range = 200000-2147483647 + +idmap config * : backend = tdb +idmap config * : range = 100000-199999 + + + + Ersätt <AD-DOMÄNKORTNAMN> med NetBIOS-domännamnet för AD-domänen. Om +flera AD-domäner skall användas behöver varje domän en idmap +config-rad med backend = sss och en rad med ett +lämpligt range. + + + Eftersom Winbind kräver en skrivbar standardbakände och idmap_sss endast är +läsbar inkluderar exemplet backend = tdb som standard. + + + + + + + diff --git a/src/man/sv/include/ad_modified_defaults.xml b/src/man/sv/include/ad_modified_defaults.xml new file mode 100644 index 0000000..e6a2e15 --- /dev/null +++ b/src/man/sv/include/ad_modified_defaults.xml @@ -0,0 +1,104 @@ + + ÄNDRADE STANDARDALTERNATIV + + Vissa alternativs standardvärde stämmer inte med deras respektive bakändars +standardvärden, dessa alternativnamn och AD-leverantörspecifika +standardvärden är uppräknade nedan: + + + KRB5-leverantör + + + + krb5_validate = true + + + + + krb5_use_enterprise_principal = true + + + + + + LDAP-leverantör + + + + ldap_schema = ad + + + + + ldap_force_upper_case_realm = true + + + + + ldap_id_mapping = true + + + + + ldap_sasl_mech = GSS-SPNEGO + + + + + ldap_referrals = false + + + + + ldap_account_expire_policy = ad + + + + + ldap_use_tokengroups = true + + + + + ldap_sasl_authid = sAMAccountName@RIKE (typiskt KORTNAMN$@RIKE) + + + AD-leverantören letar efter en annan huvudman än LDAP-leverantören som +standard, eftersom huvudmännen i en Active Directory-miljö är uppdelade i +två grupper – användarhuvudmän och tjänstehuvudmän. Endast +användarhuvudmannen kan användas för att hämta en TGT och som standard är +datorobjekts huvudman konstruerade från dess sAMAccountName och AD-riket. +Den välkända huvudmannen för värd/värdnamn@RIKE är en tjänstehuvudman och +kan därmed inte användas för att hämta en TGT. + + + + + + NSS-konfiguration + + + + fallback_homedir = /home/%d/%u + + + AD-leverantören sätter automatiskt ”fallback_homedir = /home/%d/%u” för att +tillhandahålla personliga hemkataloger för användare utan attributet +homeDirectory. Om ens AD-domän är vederbörligen populerad med +Posix-attribut, och man vill undvika att falla tillbaka på detta beteende, +kan man uttryckligen sätta ”fallback_homedir = %o”. + + + Observera att systemet typiskt förväntar sig en hemkatalog i mappen +/home/%u. Om man bestämmer sig för att använda en annan katalogstruktur kan +några andra delar av ens system behöva justeras. + + + Till exempel kräver automatiserat skapande av hemkataloger i kombination med +selinux anpassningar av selinux, annars kommer hemkatalogen skapas med fel +selinux-kontext. + + + + + diff --git a/src/man/sv/include/autofs_attributes.xml b/src/man/sv/include/autofs_attributes.xml new file mode 100644 index 0000000..204303a --- /dev/null +++ b/src/man/sv/include/autofs_attributes.xml @@ -0,0 +1,65 @@ + + + ldap_autofs_map_object_class (sträng) + + + Objektklassen hos en automatmonteringskartepost i LDAP. + + + Standard: nisMap (rfc2307, autofs_provider=ad), annars automountMap + + + + + + ldap_autofs_map_name (sträng) + + + Namnet på en automatmonteringskartepost i LDAP. + + + Standard: nisMapName (rfc2307, autofs_provider=ad), annars automountMapName + + + + + + ldap_autofs_entry_object_class (sträng) + + + Objektklassen hos en automatmonteringspost i LDAP. Posten motsvarar +vanligen en monteringspunkt. + + + Standard: nisObject (rfc2307, autofs_provider=ad), annars automount + + + + + + ldap_autofs_entry_key (sträng) + + + Nyckeln till en automatmonteringspost i LDAP. Posten motsvarar vanligen en +monteringspunkt. + + + Standard: cn (rfc2307, autofs_provider=ad), annars automountKey + + + + + + ldap_autofs_entry_value (sträng) + + + Nyckeln till en automatmonteringspost i LDAP. Posten motsvarar vanligen en +monteringspunkt. + + + Standard: nisMapEntry (rfc2307, autofs_provider=ad), annars +automountInformation + + + + diff --git a/src/man/sv/include/autofs_restart.xml b/src/man/sv/include/autofs_restart.xml new file mode 100644 index 0000000..46437be --- /dev/null +++ b/src/man/sv/include/autofs_restart.xml @@ -0,0 +1,5 @@ + + Observera att automounter:n bara läser master-kartan vid uppstart, så om +några autofs-relaterade ändringar görs av sssd.conf behöver du normalt även +starta om automounter-demonen efter att ha startat om SSSD. + diff --git a/src/man/sv/include/debug_levels.xml b/src/man/sv/include/debug_levels.xml new file mode 100644 index 0000000..9c4c4dc --- /dev/null +++ b/src/man/sv/include/debug_levels.xml @@ -0,0 +1,99 @@ + + + SSSD stödjer två representationer för att ange felsökningsnivå. Det +enklaste är att ange ett decimalt värde från 0-9 som representerar +aktivering av den nivån och alla lägre nivåer av felsökningsmeddelanden. +Det mer fullständiga alternativet är att ange en hexadecimal bitmask för att +aktivera eller avaktivera specifika nivåer (såsom om du önskar undertrycka +en nivå). + + + Observera att varje SSSD-tjänst loggar till sin egen loggfil. Observera +också att aktivering av debug_level i avsnittet +[sssd] bara aktiverar felsökning just för själva +sssd-processen, inte för respondent- eller leverantörsprocesser. Parametern +debug_level skall läggas till i alla sektioner som man vill +producera felsökningsloggar ifrån. + + + Utöver att ändra loggnivån i konfigurationsfilen med parametern +debug_level, som är bestående, men kräver omstart av SSSD, är +det även möjligt att ändra felsökningsnivån i farten med verktyget + sss_debuglevel +8 . + + + Felsökningsnivåer som för närvarande stödjs: + + + 0, 0x0010: Ödesdigra fel. Allt +som skulle hindra SSSD från att starta upp eller får den att sluta köra. + + + 1, 0x0020: Kritiska fel. Ett fel +som inte dödar SSSD, men ett som indikerar att åtminstone en viktig funktion +inte kommer fungera korrekt. + + + 2, 0x0040: Allvarliga fel. Ett +fel som rapporterar att en viss begäran eller operation har misslyckats. + + + 3, 0x0080: Smärre fel. Detta är +fel som skulle kunna bubbla ner till att orsaka funktionsfelet 2. + + + 4, 0x0100: +Konfigurationsinställningar. + + + 5, 0x0200: Funktionsdata. + + + 6, 0x0400: Spårmeddelanden för +åtgärdsfunktioner. + + + 7, 0x1000: Spårmeddelanden för +interna styrfunktioner. + + + 8, 0x2000: Innehållet i interna +variabler som kan vara intressant. + + + 9, 0x4000: Spårningsinformation på +extremt låg nivå. + + + 9,0x20000: Prestanda och +statistiska data, observera att på grund av hur förfrågningar behandlas +internt kan den loggade exekveringstiden för en förfrågan vara längre än den +faktiskt var. + + + 10, 0x10000: Ännu mer lågnivå +spårningsinformation om libldb. Det behövs nästan aldrig. + + + För att logga begärda bitmaskfelsökningsnivåer, lägg helt enkelt ihop deras +tal som visas i följande exempel: + + + Exempel: För att logga ödesdigra fel, kritiska fel, +allvarliga fel och funktionsdata, använd 0x0270. + + + Exempel: För att logga ödesdigra fel, +konfigurationsinställningar, funktionsdata och spårmeddelanden för interna +styrfunktioner, använd 0x1310. + + + Observera: bitmaskformatet för felsökningsnivåer +introducerades i 1.7.0. + + + Standard: 0x0070 (d.v.s. ödesdigra, kritiska och +allvarliga fel; motsvarar inställningen 2 i decimal notation) + + diff --git a/src/man/sv/include/debug_levels_tools.xml b/src/man/sv/include/debug_levels_tools.xml new file mode 100644 index 0000000..1eae3fa --- /dev/null +++ b/src/man/sv/include/debug_levels_tools.xml @@ -0,0 +1,78 @@ + + + SSSD stödjer två representationer för att ange felsökningsnivå. Det +enklaste är att ange ett decimalt värde från 0-9 som representerar +aktivering av den nivån och alla lägre nivåer av felsökningsmeddelanden. +Det mer fullständiga alternativet är att ange en hexadecimal bitmask för att +aktivera eller avaktivera specifika nivåer (såsom om du önskar undertrycka +en nivå). + + + Felsökningsnivåer som för närvarande stödjs: + + + 0, 0x0010: Ödesdigra fel. Allt +som skulle hindra SSSD från att starta upp eller får den att sluta köra. + + + 1, 0x0020: Kritiska fel. Ett fel +som inte dödar SSSD, men ett som indikerar att åtminstone en viktig funktion +inte kommer fungera korrekt. + + + 2, 0x0040: Allvarliga fel. Ett +fel som rapporterar att en viss begäran eller operation har misslyckats. + + + 3, 0x0080: Smärre fel. Detta är +fel som skulle kunna bubbla ner till att orsaka funktionsfelet 2. + + + 4, 0x0100: +Konfigurationsinställningar. + + + 5, 0x0200: Funktionsdata. + + + 6, 0x0400: Spårmeddelanden för +åtgärdsfunktioner. + + + 7, 0x1000: Spårmeddelanden för +interna styrfunktioner. + + + 8, 0x2000: Innehållet i interna +variabler som kan vara intressant. + + + 9, 0x4000: Spårningsinformation på +extremt låg nivå. + + + 10, 0x10000: Ännu mer lågnivå +spårningsinformation om libldb. Det behövs nästan aldrig. + + + För att logga begärda bitmaskfelsökningsnivåer, lägg helt enkelt ihop deras +tal som visas i följande exempel: + + + Exempel: För att logga ödesdigra fel, kritiska fel, +allvarliga fel och funktionsdata, använd 0x0270. + + + Exempel: För att logga ödesdigra fel, +konfigurationsinställningar, funktionsdata och spårmeddelanden för interna +styrfunktioner, använd 0x1310. + + + Observera: bitmaskformatet för felsökningsnivåer +introducerades i 1.7.0. + + + Standard: 0x0070 (d.v.s. ödesdigra, kritiska och +allvarliga fel; motsvarar inställningen 2 i decimal notation) + + diff --git a/src/man/sv/include/failover.xml b/src/man/sv/include/failover.xml new file mode 100644 index 0000000..b77ae69 --- /dev/null +++ b/src/man/sv/include/failover.xml @@ -0,0 +1,120 @@ + + RESERVER + + Reservfunktionen gör att bakändar automatiskt kan byta till en annan server +om den nuvarande servern slutar fungera. + + + Reservsyntax + + Listan av servrar ges som en kommaseparerad lista; godtyckligt antal +mellanslag tillåts runt kommatecknet. Servrarna listas i preferensordning. +Listan kan innehålla obegränsat antal servrar. + + + För varje reservaktiverat konfigurationsalternativ finns det två varianter: +primary och backup. Tanken är att +servrar i den primära listan föredras och backup-servrar bara provas om inga +primära servrar kan nås. Om en backup-server väljs sätts en tidsgräns på 31 +sekunder. Efter denna tidsgräns kommer SSSD periodiskt att försöka +återansluta till en av de primära servrarna. Om det lyckas kommer den +ersätta den nu aktiva (backup-)servern. + + + + Reservmekanismen + + Reservmekanismen gör skillnad mellan en maskin och en tjänst. Bakänden +försöker först att slå upp värdnamnet för en given maskin; om denna +uppslagning misslyckas antas maskinen vara bortkopplad. Inga ytterligare +försök görs att ansluta till denna maskin för någon annan tjänst. Om +uppslagningsförsöket lyckas försöker bakänden ansluta till en tjänst på +denna maskin. Om tjänsteanslutningen misslyckas anses bara just denna +tjänst frånkopplad och bakänden byter automatiskt till nästa tjänst. +Maskinen betraktas fortfarande som uppkopplad och kan användas vid försök +att nå en annan tjänst. + + + Ytterligare försök att ansluta görs till maskiner eller tjänster som +markerats som frånkopplade efter en viss tidsperiod, detta är för närvarande +hårdkodat till 30 sekunder. + + + Om det inte finns några fler maskiner att prova byter bakänden i sin helhet +till frånkopplat läge, och försöker sedan återansluta var 30:e sekund. + + + + Tidsgränser och trimning av reservfunktioner + + Att slå upp en server att ansluta till kan vara så enkelt som att göra en +enstaka DNS-fråga eller kan innebära flera steg, såsom att hitta den rätta +sajten eller försöka med flera värdnamn ifall några av de konfigurerade +servrarna inte kan nås. De mer komplexa scenariona kan ta en stund och SSSD +behöver balansera mellan att tillhandahålla tillräckligt med tid för att +färdigställa upplösningsprocessen men å andra sidan inte försöka för länge +före den faller tillbaka på frånkopplat läge. Om SSSD:s felsökningsloggar +visar att serverns upplösning överskrider tidsgränsen före en aktiv server +nås kan du överväga att ändra tidsgränserna. + + + Detta avsnitt listar tillgängliga trimningsvariabler. Se deras beskrivning +i manualsidan +sssd.conf5 +. + + + dns_resolver_server_timeout + + + + Tid i millisekunder som anger hur länge SSSD skall tala med en viss +DNS-server före den provar nästa. + + + Standard: 1000 + + + + + + dns_resolver_op_timeout + + + + Tid i sekunder hur länge SSSD skall försöka slå upp en viss DNS-fråga +(t.ex. uppslagning av ett värdnamn eller en SRV-post) före den provar nästa +värdnamn eller upptäcktsdomän. + + + Standard: 3 + + + + + + dns_resolver_timeout + + + + Hur länge skall SSSD försöka slå upp en reservtjänst. Denna +tjänsteuppslagning kan internt bestå av flera steg, såsom att slå upp DNS +SRV-frågor och lokalisera sajten. + + + Standard: 6 + + + + + + + För LDAP-baserade leverantörer utförs uppslagningsoperationen som en del av +LDAP-anslutningsoperationen. Därför skall även tidsgränsen +ldap_opt_timeout sättas till ett större värde än +dns_resolver_timeout som i sin tur skall sättas till ett +större värde än dns_resolver_op_timeout som skall vara större +än dns_resolver_server_timeout. + + + diff --git a/src/man/sv/include/homedir_substring.xml b/src/man/sv/include/homedir_substring.xml new file mode 100644 index 0000000..a4951f4 --- /dev/null +++ b/src/man/sv/include/homedir_substring.xml @@ -0,0 +1,17 @@ + + homedir_substring (sträng) + + + Värdet på detta alternativ kommer användas i expansionen av alternativet +override_homedir om mallen innehåller formatsträngen +%H. En LDAP-katalogpost kan innehålla denna mall +direkt så att detta alternativ kan användas för att expandera sökvägen till +hemkatalogen för varje klientmaskin (eller operativsystem). Den kan sättas +per domän eller globalt i avsnittet [nss]. Ett värde som anges i ett +domänavsnitt kommer åsidosätta ett som är satt i avsnittet [nss]. + + + Standard: /home + + + diff --git a/src/man/sv/include/ipa_modified_defaults.xml b/src/man/sv/include/ipa_modified_defaults.xml new file mode 100644 index 0000000..7635d4d --- /dev/null +++ b/src/man/sv/include/ipa_modified_defaults.xml @@ -0,0 +1,123 @@ + + ÄNDRADE STANDARDALTERNATIV + + Vissa alternativs standardvärde stämmer inte med deras respektive bakändars +standardvärden, dessa alternativnamn och IPA-leverantörspecifika +standardvärden är uppräknade nedan: + + + KRB5-leverantör + + + + krb5_validate = true + + + + + krb5_use_fast = try + + + + + krb5_canonicalize = true + + + + + + LDAP-leverantör – allmänt + + + + ldap_schema = ipa_v1 + + + + + ldap_force_upper_case_realm = true + + + + + ldap_sasl_mech = GSSAPI + + + + + ldap_sasl_minssf = 56 + + + + + ldap_account_expire_policy = ipa + + + + + ldap_use_tokengroups = true + + + + + + LDAP-leverantör – användaralternativ + + + + ldap_user_member_of = memberOf + + + + + ldap_user_uuid = ipaUniqueID + + + + + ldap_user_ssh_public_key = ipaSshPubKey + + + + + ldap_user_auth_type = ipaUserAuthType + + + + + + LDAP-leverantör – gruppalternativ + + + + ldap_group_object_class = ipaUserGroup + + + + + ldap_group_object_class_alt = posixGroup + + + + + ldap_group_member = member + + + + + ldap_group_uuid = ipaUniqueID + + + + + ldap_group_objectsid = ipaNTSecurityIdentifier + + + + + ldap_group_external_member = ipaExternalMember + + + + + diff --git a/src/man/sv/include/krb5_options.xml b/src/man/sv/include/krb5_options.xml new file mode 100644 index 0000000..f14ce46 --- /dev/null +++ b/src/man/sv/include/krb5_options.xml @@ -0,0 +1,158 @@ + + + krb5_auth_timeout (heltal) + + + Tidsgräns i sekunder efter vilken en uppkopplad begäran om autentisering +eller begäran om lösenordsändring avbryts. Om möjligt fortsätts begäran om +autentisering frånkopplat. + + + Standard: 6 + + + + + + krb5_validate (boolean) + + + Verifiera med hjälp av krb5_keytab att den TGT om hämtats inte har +förfalskats. I keytab:en kontrolleras poster sekventiellt, och den första +posten med ett matchande rike används för validering. Om ingen post matchar +riket används den sista posten i keytab:en. Denna process kan användas för +att validera miljöer genom att använda förtroenden mellan riken genom att +placera den motsvarande keytab-posten som sista post eller den enda posten i +keytab-filen. + + + Standard: false (IPA- och AD-leverantör: true) + + + Observera att biljettvalideringen är första steget vid kontroll av PAC:n (se +”pac_check” i manualsidan +sssd.conf 5 + för detaljer). Om biljettvalideringen är avaktiverad kommer +PAC-kontrollerna också att hoppas över. + + + + + + krb5_renewable_lifetime (sträng) + + + Begär en förnybar biljett med en total livslängd, given som ett heltal +omedelbart följd av en tidsenhet: + + + s för sekunder + + + m för minuter + + + h för timmar + + + d för dagar. + + + Om ingen enhet anges antas s. + + + OBSERVERA: det är inte möjligt att blanda enheter. För att sätta den +förnybara livslängden till en och en halv timma, använd ”90m” istället för +”1h30m”. + + + Standard: inte satt, d.v.s. TGT:en är inte förnybar + + + + + + krb5_lifetime (sträng) + + + Begär en biljett med en livslängd, given som ett heltal omedelbart följd av +en tidsenhet: + + + s för sekunder + + + m för minuter + + + h för timmar + + + d för dagar. + + + Om ingen enhet anges antas s. + + + OBSERVERA: det är inte möjligt att blanda enheter. För att sätta +livslängden till en och en halv timma, använd ”90m” istället för ”1h30m”. + + + Standard: inte satt, d.v.s. biljettens standardlivslängd konfigurerad på +KDC:n. + + + + + + krb5_renew_interval (sträng) + + + Tiden i sekunder mellan två kontroller om TGT:en skall förnyas. TGT:er +förnyas om ungefär halva deras livstid har överskridits, givet som ett +heltal omedelbart följt av en tidsenhet: + + + s för sekunder + + + m för minuter + + + h för timmar + + + d för dagar. + + + Om ingen enhet anges antas s. + + + OBSERVERA: det är inte möjligt att blanda enheter. För att sätta den +förnybara livslängden till en och en halv timma, använd ”90m” istället för +”1h30m”. + + + Om detta alternativ inte är satt eller är 0 är den automatiska förnyelsen +avaktiverad. + + + Standard: inte satt + + + + + + krb5_canonicalize (boolean) + + + Anger om värdens och användarens huvudman skall göras kanonisk. Denna +funktion är tillgänglig med MIT Kerberos 1.7 och senare versioner. + + + + Standard: false + + + + diff --git a/src/man/sv/include/ldap_id_mapping.xml b/src/man/sv/include/ldap_id_mapping.xml new file mode 100644 index 0000000..3ae41ad --- /dev/null +++ b/src/man/sv/include/ldap_id_mapping.xml @@ -0,0 +1,292 @@ + + ID-MAPPNING + + ID-mappningsfunktionen låter SSSD fungera som en klient till Active +Directory utan att kräva att administratörer utökar användarattribut till +att stödja POSIX-attribut för användar- och gruppidentifierare. + + + OBSERVERA: När ID-mappning aktiveras ignoreras attributen uidNumber och +gidNumber. Detta är för att undvika möjligheten av konflikt mellan +automatiskt tilldelade och manuellt tilldelade värden. Om du behöver +använda manuellt tilldelade värden måste ALLA värden tilldelas manuellt. + + + Observera att byte av ID-mappnings relaterade konfigurationsalternativ +kommer få användar- och grupp-ID:n att ändras. För närvarande stödjer inte +SSSD byte av ID:n, så SSSD-databasen måste tas bort. Eftersom cachade +lösenord också lagras i databasen skall databasen bara tas bort när +autentiseringsservrarna kan nås, annars kan användare låsas ute. För att +cacha lösenordet måste en autentisering göras. Det är inte tillräckligt att +använda sss_cache +8 för att ta bort databasen, istället +består processen av: + + + + Se till att fjärrservrarna är nåbara + + + + + Stoppa tjänsten SSSD + + + + + Ta bort databasen + + + + + Starta tjänsten SSSD + + + + Dessutom, eftersom ändringen av ID:n kan göra det nödvändigt att justera +andra systemegenskaper såsom ägare av filer och kataloger, är det lämpligt +att planera i förväg och testa konfigurationen av ID-översättningar +noggrant. + + + + Översättningsalgoritm + + Active Directory tillhandahåller ett objectSID för varje användar- och +gruppobjekt i katalogen. Detta objectSID kan delas upp i komponenter som +representerar Active Directorys domänidentitet och den relativa +identifieraren (RID) till användar- eller gruppobjektet. + + + SSSD ID-översättningsalgoritmen tar ett intervall av tillgängliga AID:er och +delar upp det i lika stora komponentavsnitt – kallade ”skivor” (”slices”) +–. Varje skiva representerar utrymmet som är tillgängligt för en Active +Directory-domän. + + + När en användar- eller gruppost för en viss domän påträffas för första +gången allokerar SSSD en av de tillgängliga skivorna för den domänen. För +att göra denna skivtilldelning upprepbar på olika klientmaskiner väljer vi +skivan baserat på följande algoritm: + + + SID-strängen skickas genom algoritmen murmurhash3 för att konvertera den +till ett 32-bitars hash-värde. Vi tar sedan modulo på detta värde med det +totala antalet tillgängliga skivor och väljer den skivan. + + + OBSERVERA: Det är möjligt att träffa på kollisioner i hash:en och den +påföljande moduloberäkningen. I dessa situationer kommer vi välja nästa +tillgängliga skiva, men det är kanske inte möjligt att reproducera exakt +samma uppsättning av skivor på andra maskiner (eftersom ordningen som de +påträffas kommer avgöra deras skiva). I den här situationen rekommenderas +det att antingen byta till att använda explicita POSIX-attribut i Active +Directory (avaktivera ID-mappningen) eller konfigurera en standarddomän för +att garantera att åtminstone en alltid är konsistent. Se +Konfiguration för detaljer. + + + + + Konfiguration + + Minimikonfiguration (i avsnittet [domain/DOMÄNNAMN]): + + + +ldap_id_mapping = True +ldap_schema = ad + + + + Standardkonfigurationen resulterar i konfiguration av 10 000 skivor, som var +och en kan innehålla upp till 200 000 ID:n, med början på 200 000 och upp +till 2 000 200 000. Detta bör vara tillräckligt för de flesta +installationer. + + + Avancerad konfiguration + + + ldap_idmap_range_min (heltal) + + + Anger den lägre (inklusiva) gränsen för intervallet av POSIX ID:n att +använda för översättning av användar- och grupp-SID:n från Active +Directory. Det är det första POSIX-ID:t som kan användas för översättning. + + + OBSERVERA: Detta alternativ är inte detsamma som min_id +eftersom min_id fungerar som ett filter av utmatade +begäranden till denna domän, medan detta alternativ styr intervallet av +ID-tilldelningen. Detta är en subtil distinktion, men det allmänna goda +rådet skulle vara att ha min_id mindre än eller lika med +ldap_idmap_range_min + + + Standard: 200000 + + + + + ldap_idmap_range_max (heltal) + + + Anger den övre (exklusiva) gränsen för intervallet av POSIX ID:n att använda +för översättning av användar- och grupp-SID:n från Active Directory. Det är +det första POSIX-ID:t som inte kan användas för översättning längre, +d.v.s. ett mer än det sista som kan användas för översättningen. + + + OBSERVERA: Detta alternativ är inte detsamma som max_id +eftersom max_id fungerar som ett filter av utmatade +begäranden till denna domän, medan detta alternativ styr intervallet av +ID-tilldelningen. Detta är en subtil distinktion, men det allmänna goda +rådet skulle vara att ha max_id större än eller lika med +ldap_idmap_range_max + + + Standard: 2000200000 + + + + + ldap_idmap_range_size (heltal) + + + Anger antalet ID:n som är tillgängliga för varje skiva. Om storleken på +intervallet inte delas jämnt mellan min- och maxvärdena kommer den skapa så +många fullständiga skivor den kan. + + + OBSERVERA: Värdet på detta alternativ måste vara åtminstone så stort som den +högsta RID som planeras användas i Active Directory-servern. +Användaruppslagningar och inloggningar kommer misslyckas för eventuella +användare vars RID är större än detta värde. + + + Till exempel, om den senaste tillagda Active Directory-användaren har +objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, måste +ldap_idmap_range_size vara åtminstone 1108 eftersom +intervallstorleken är lika med maximal SID minus minimal SID plus ett +(t.ex. 1108 = 1107 - 0 + 1). + + + Det är viktigt att planera i förväg för framtida expansioner, eftersom +ändring av detta värde skulle resultera i att ändra alla ID-översättningar +på systemet, vilket skulle leda till användare med andra lokala ID:n än de +tidigare hade. + + + Standard: 200000 + + + + + ldap_idmap_default_domain_sid (sträng) + + + Ange domän-SID:n för standarddomänen. Detta kommer garantera att denna +domän alltid kommer tilldelas till skiva noll i ID-översättningen, och +undviker murmurhash-algoritmen som beskrivs ovan. + + + Standard: inte satt + + + + + ldap_idmap_default_domain (sträng) + + + Ange namnet på standarddomänen. + + + Standard: inte satt + + + + + ldap_idmap_autorid_compat (boolean) + + + Ändrar beteendet på ID-översättningsalgoritmen till att bete sig mer likt +winbind:s idmap_autorid-algoritm. + + + When this option is configured, domains will be allocated starting with +slice zero and increasing monotonically with each additional domain. + + + OBSERVERA: Denna algoritm är inte deterministisk (den beror på ordningen som +användare och grupper efterfrågas). Om detta läge krävs för kompatibilitet +med maskiner som kör winbind rekommenderas det att även använda alternativet +ldap_idmap_default_domain_sid för att garantera att +åtminstone en domän är konsekvent allokerat till skiva noll. + + + Standard: False + + + + + ldap_idmap_helper_table_size (heltal) + + + Maximalt antal sekundära skivor som provas när mappningen från UNIX id till +SID utförs. + + + Observera: ytterligare sekundära skivor kan genereras när en SID översätts +till UNIX-id och RID-delen av SID:n är utanför intervallet för sekundära +skivor som genererats hittills. Om värdet på ldap_idmap_helper_table_size +är lika med 0 genereras inga ytterligare sekundära skivor. + + + Standard: 10 + + + + + + + + + Välkända SID:er + + SSSD stödjer uppslagning av namnen på välkända SID:er, d.v.s. SID:er med en +speciell hårdkodad betydelse. Eftersom de allmänna användarna och grupperna +relaterade till dessa välkända SID:er inte har någon motsvarighet i en +Linux-/UNIX-miljö är inga POSIX-ID:n tillgängliga för dessa objekt. + + + SID-namnrymden är organiserad i auktoriteter som kan ses som olika domäner. +Auktoriteterna för välkända SID:er är + + Null-auktoritet + Världsauktoritet + Lokal auktoritet + Skaparauktoritet + Tvingande etikettsauktoritet + Autentiseringsauktoritet + NT-auktoritet + Inbyggd + + Den versala versionen av dessa namn används som domännamn när det +fullständigt kvalificerade namnet på en välkänd SID returneras. + + + Eftersom några verktyg tillåter att man ändrar SID-baserad +åtkomststyrningsinformation med hjälp av ett namn istället för att använda +SID:en direkt stödjer SSSD uppslagning av SID:en med detta namn också. För +att undvika kollisioner kan bara de fullständigt kvalificerade namnen +användas för att slå upp välkända SID:er. Som ett resultat skall domännamnen +NULL AUTHORITY, WORLD AUTHORITY, LOCAL +AUTHORITY, CREATOR AUTHORITY, MANDATORY LABEL +AUTHORITY, AUTHENTICATION AUTHORITY, NT +AUTHORITY och BUILTIN inte användas som domännamn i +sssd.conf. + + + + diff --git a/src/man/sv/include/ldap_search_bases.xml b/src/man/sv/include/ldap_search_bases.xml new file mode 100644 index 0000000..10404b5 --- /dev/null +++ b/src/man/sv/include/ldap_search_bases.xml @@ -0,0 +1,32 @@ + + + En valfri bas-DN, sökräckvidd och LDAP-filter för att begränsa +LDAP-sökningar för denna attributtyp. + + + syntax: +search_base[?räckvidd?[filter][?search_base?räckvidd?[filter]]*] + + + + Räckvidden kan vara en av ”base”, ”onelevel” eller ”subtree”. +Räckviddsfunktionerna beskrivs i avsnitt 4.5.1.2 av +http://tools.ietf.org/html/rfc4511 + + + Filtret måste vara ett korrekt LDAP-sökfilter som specificerat i +http://www.ietf.org/rfc/rfc2254.txt + + + För exempel på denna syntax, se exempelsektionen av +ldap_search_base. + + + Standard: värdet på ldap_search_base + + + Observera att angivelse av räckvidd eller filter inte stödjs för sökningar i +en Active Directory-server som kan resultera i ett stort antal resultat och +trigga utökningen Range Retrieval i svaret. + + diff --git a/src/man/sv/include/local.xml b/src/man/sv/include/local.xml new file mode 100644 index 0000000..ab13737 --- /dev/null +++ b/src/man/sv/include/local.xml @@ -0,0 +1,17 @@ + + DEN LOKALA DOMÄNEN + + För att fungera korrekt måste en domän med id_provider=local +skapas och SSSD måste köra. + + + Administratören kan vilja använda SSSD:s lokala användare istället för +traditionella UNIX-användare i fall när nästning av grupper (se + sss_groupadd +8 ) behövs. De lokala användarna är +också användbara för att testa och utveckla SSSD utan att behöva installera +en fullständig fjärrserver. Verktygen sss_user* och +sss_group* använder en lokal LDB-lagring för att lagra +användare och grupper. + + diff --git a/src/man/sv/include/override_homedir.xml b/src/man/sv/include/override_homedir.xml new file mode 100644 index 0000000..35d28f1 --- /dev/null +++ b/src/man/sv/include/override_homedir.xml @@ -0,0 +1,77 @@ + +override_homedir (sträng) + + + Åsidosätt användarens hemkatalog. Du kan antingen ge ett absolut värde +eller en mall. I mallen ersätts följande sekvenser: + + %u + inloggningsnamn + + + %U + AID-nummer + + + %d + domännamn + + + %f + fullständigt kvalificerat användarnamn (användare@domän) + + + %l + Första bokstaven i inloggningsnamnet. + + + %P + UPN – Användarens Huvudmansnamn (namn@RIKE) + + + %o + + Den ursprungliga hemkatalogen som hämtades från identitetsleverantören. + + + + %h + + Den ursprungliga hemkatalogen som hämtades från identitetsleverantören, men +i gemener. + + + + %H + + Värdet på konfigurationsalternativet homedir_substring. + + + + %% + ett bokstavligt ”%” + + + + + + Detta alternativ kan även sättas per domän. + + + exempel: +override_homedir = /home/%u + + + + Standard: Inte satt (SSSD kommer använda värdet som hämtas från LDAP) + + + Observera att hemkatalog från ett specifikt åsidosättande för användaren, +antingen lokalt (se +sss_override +8) eller centralt hanterat +IPA-id-åsidosättande, har en högre precedens och kommer användas istället +för värdet gom ges av override_homedir. + + + diff --git a/src/man/sv/include/param_help.xml b/src/man/sv/include/param_help.xml new file mode 100644 index 0000000..c6f0794 --- /dev/null +++ b/src/man/sv/include/param_help.xml @@ -0,0 +1,10 @@ + + + , + + + + Visa ett hjälpmeddelande och avsluta. + + + diff --git a/src/man/sv/include/param_help_py.xml b/src/man/sv/include/param_help_py.xml new file mode 100644 index 0000000..dea0987 --- /dev/null +++ b/src/man/sv/include/param_help_py.xml @@ -0,0 +1,10 @@ + + + , + + + + Visa ett hjälpmeddelande och avsluta. + + + diff --git a/src/man/sv/include/seealso.xml b/src/man/sv/include/seealso.xml new file mode 100644 index 0000000..122a80b --- /dev/null +++ b/src/man/sv/include/seealso.xml @@ -0,0 +1,49 @@ + + SE ÄVEN + + sssd8 +, +sssd.conf5 +, +sssd-ldap5 +, +sssd-ldap-attributes5 +, +sssd-krb55 +, +sssd-simple5 +, +sssd-ipa5 +, +sssd-ad5 +, +sssd-files5 +, +sssd-sudo 5 +, +sssd-session-recording +5 , +sss_cache8 +, +sss_debuglevel8 +, +sss_obfuscate8 +, +sss_seed8 +, +sssd_krb5_locator_plugin8 +, +sss_ssh_authorizedkeys +8 , +sss_ssh_knownhostsproxy +8 , sssd-ifp +5 , +pam_sss8 +. +sss_rpcidmapd 5 + +sssd-systemtap 5 + + + diff --git a/src/man/sv/include/service_discovery.xml b/src/man/sv/include/service_discovery.xml new file mode 100644 index 0000000..7b59f71 --- /dev/null +++ b/src/man/sv/include/service_discovery.xml @@ -0,0 +1,41 @@ + + TJÄNSTEUPPTÄCKT + + Tjänsteupptäcktsfunktionen gör att bakändar automatiskt kan hitta en lämplig +server att ansluta till med en speciell DNS-fråga. Denna funktion stödjs +inte för backup-servrar. + + + Konfiguration + + Om inga servrar anges använder bakänden automatiskt tjänsteupptäckt för att +försöka hitta en server. Användaren kan om så önskas välja att använda både +en bestämd serveradress och tjänsteupptäckt genom att infoga ett speciellt +nyckelord, _srv_, i listan av servrar. Preferensordningen +bibehålls. Denna funktion är användbar om, till exempel, användaren +föredrar att använda tjänsteupptäckt närhelst det är möjligt, och falla +tillbaka på en specifik server när inga servrar kan upptäckas med DNS. + + + + Domännamnet + + Se parametern dns_discovery_domain i manualsidan + sssd.conf +5 för fler detaljer. + + + + Protokollet + + Frågorna anger vanligen _tcp som protokoll. Undantag är dokumenterade i +respektive alternativs beskrivning. + + + + Se även + + För mer information om tjänsteupptäcktsmekanismen, se RFC 2782. + + + diff --git a/src/man/sv/include/upstream.xml b/src/man/sv/include/upstream.xml new file mode 100644 index 0000000..cb9ba38 --- /dev/null +++ b/src/man/sv/include/upstream.xml @@ -0,0 +1,3 @@ + +SSSD SSSD uppströms – +https://github.com/SSSD/sssd/ diff --git a/src/man/sv/pam_sss.8.xml b/src/man/sv/pam_sss.8.xml new file mode 100644 index 0000000..a81d292 --- /dev/null +++ b/src/man/sv/pam_sss.8.xml @@ -0,0 +1,444 @@ + + + +SSSD manualsidor + + + + + pam_sss + 8 + + + + pam_sss + PAM-modul för SSSD + + + + +pam_sss.so +quiet +forward_pass +use_first_pass +use_authtok +retry=N +ignore_unknown_user +ignore_authinfo_unavail +domains=X +allow_missing_name +prompt_always +try_cert_auth +require_cert_auth + + + + BESKRIVNING + pam_sss.so är PAM-gränssnittet till System Security +Services daemon (SSSD). Fel och resultat loggas via +syslog(3) med funktionen LOG_AUTHPRIV. + + + + FLAGGOR + + + + + + + Undertryck loggmeddelanden om okända användare. + + + + + + + + Om är satt läggs det inskrivna lösenordet på +stacken så att andra PAM-moduler kan använda det. + + + + + + + + + Argumentet use_first_pass tvingar modulen att använda tidigare stackade +modulers lösenord och kommer aldrig fråga användaren – om inget lösenord är +tillgängligt eller lösenordet inte stämmer kommer användaren nekas åtkomst. + + + + + + + + Vid lösenordsändring tvinga modulen till att sätta det nya lösenordet till +det som gavs av en tidigare stackad lösenordsmodul. + + + + + + + + Om angivet frågas användaren ytterligare N gånger om ett lösenord ifall +autentiseringen misslyckas. Standard är 0. + Observera att detta alternativ kanske inte fungerar som förväntat ifall +programmet som anropar PAM hanterar användardialogen själv. Ett typiskt +exempel är sshd med +. + + + + + + + + Om detta alternativ anges och användaren inte finns kommer PAM-modulen +returnera PAM_IGNORE. Detta får PAM-ramverket att ignorera denna modul. + + + + + + + + + Anger att PAM-modulen skall returnera PAM_IGNORE om det inte kan kontakta +SSSD-demonen. Detta får PAM-ramverket att ignorera denna modul. + + + + + + + + + Tillåter administratören att begränsa domänerna en viss PAM-tjänst tillåts +autentisera emot. Formatet är en kommaseparerad lista över SSSD-domännamn +som de specificeras i filen sssd.conf. + + + OBS: om detta används för en tjänst som inte kör som root-användaren, +t.ex. en webb-server, måste det användas tillsammans med flaggorna +pam_trusted_users och pam_public_domains. Se +manualsidan sssd.conf +5 för mer information om dessa två +PAM-respondentalternativ. + + + + + + + + + + Huvudsyftet med denna flagga är att låta SSSD avgöra användarnamnet baserat +på ytterligare information, t.ex. certifikatet från ett smartkort. + + + Det aktuella användningsfallet är inloggningshanterare som kan övervaka en +smartkortläsare om korthändelser. Ifall en smartkort sätts in kommer +inloggningshanteraren anropa en PAM-stack som innehåller en rad som + +auth sufficient pam_sss.so allow_missing_name + I detta fall kommer SSSD försöka +avgöra användarnamnet baserat på innehållet på smartkortet, returnerar det +till pam_sss som slutligen kommer lägga det på PAM-stacken. + + + + + + + + + + Fråga alltid användaren om kreditiv. Med denna flagga kommer kreditiv +begärda av andra PAM-moduler, typiskt ett lösenord, ignoreras och pam_sss +kommer fråga efter kreditiv igen. Baserat på förautentiseringssvaret från +SSSD kan pam_sss komma att fråga efter ett lösenord, ett smartkorts-PIN +eller andra kreditiv. + + + + + + + + + + Försök använda certifikatbaserad smartkortsautentisering, +d.v.s. autentisering med smartkort eller liknande enheter. Om ett smartkort +är tillgängligt och tjänsten tillåter smartkortsautentisering kommer +användaren frågas om ett PIN och certifikatbaserad autentisering kommer +fortsätta + + + Om inget smartkort är tillgängligt eller certifikatbaserad autentisering +inte är tillåten för den aktuella tjänsten returneras PAM_AUTHINFO_UNAVAIL. + + + + + + + + + + Använd certifikatbaserad autentisering, d.v.s. autentisering med smartkort +eller liknande enheter. Om ett smartkort inte är tillgängligt ombeds +användaren att sätta in ett. SSSD kommer att vänta på ett smartkort tills +tidsgränsen definierad av p11_wait_for_card_timeout har passerats, se +sssd.conf +5 för detaljer. + + + Om inget smartkort är tillgängligt efter att tidsgränsen passerats eller om +certifikatbaserad autentisering inte är tillåten för den aktuella tjänsten +returneras PAM_AUTHINFO_UNAVAIL. + + + + + + + + TILLHANDAHÅLLNA MODULTYPER + Alla modultyper (, , + och ) tillhandahålls. + + Om SSSD:s PAM-respondent inte kör, t.ex. om PAM-respondentens uttag (socket) +inte är tillgängligt kommer pam_sss returnera PAM_USER_UNKNOWN när det +anropas som modulen för att undvika problem med +användare från andra källor under åtkomstkontroll. + + + + RETURVÄRDEN + + + PAM_SUCCESS + + + PAM-åtgärden avslutades framgångsrikt. + + + + + PAM_USER_UNKNOWN + + + Användaren är inte känd av autentiseringstjänsten eller så kör inte SSSD:s +PAM-respondent. + + + + + PAM_AUTH_ERR + + + Misslyckad autentisering. Kan också returneras när det är problem med att +hämta certifikatet. + + + + + PAM_PERM_DENIED + + + Åtkomst nekas. SSSD-loggfilerna kan innehålla ytterligare information om +felet. + + + + + PAM_IGNORE + + + Se flaggorna och +. + + + + + PAM_AUTHTOK_ERR + + + Kan inte hämta det nya autentiseringstecknet. Kan också returneras när +användaren autentiserar med certifikat och flera certifikat är tillgängliga, +men den installerade versionen av GDM inte stödjer val bland flera +certifikat. + + + + + PAM_AUTHINFO_UNAVAIL + + + Kan inte komma åt autentiseringsinformationen. Detta kan bero på ett +nätverks- eller hårdvarufel. + + + + + PAM_BUF_ERR + + + Ett minnesfel uppstod. Kan också returneras när flagga use_first_pass eller +use_authtok är satt, men inget lösenord hittades från den tidigare stackade +PAM-modulen. + + + + + PAM_SYSTEM_ERR + + + Ett systemfel uppstod. SSSD-loggfilerna kan innehålla ytterligare +information om felet. + + + + + PAM_CRED_ERR + + + Kan inte sätta kreditiv för användaren. + + + + + PAM_CRED_INSUFFICIENT + + + Programmet har inte tillräckliga kreditiv för att autentisera +användaren. Till exempel saknas PIN under smartkortsautentisering eller en +saknad faktor under tvåfaktorautentisering. + + + + + PAM_SERVICE_ERR + + + Fel i tjänstemodul. + + + + + PAM_NEW_AUTHTOK_REQD + + + Användarens autentiseringstecken har gått ut. + + + + + PAM_ACCT_EXPIRED + + + Användarkontot har gått ut. + + + + + PAM_SESSION_ERR + + + Kan inte hämta IPA-skrivbordsprofilsregler eller -användarinformation. + + + + + PAM_CRED_UNAVAIL + + + Kan inte hämta Kerberos-användarkreditiv. + + + + + PAM_NO_MODULE_DATA + + + Ingen autentiseringsmetod hittades av Kerberos. Detta kan inträffa om +användaren har ett smartkort tilldelat men insticksmodulen pkint inte är +tillgänglig på klienten. + + + + + PAM_CONV_ERR + + + Konversationsfel. + + + + + PAM_AUTHTOK_LOCK_BUSY + + + Ingen KDC lämpad för lösenordsändringar finns tillgänglig. + + + + + PAM_ABORT + + + Okänt PAM-anrop. + + + + + PAM_MODULE_UNKNOWN + + + PAM-uppgift eller -kommando som inte stödjs. + + + + + PAM_BAD_ITEM + + + Autentiseringsmodulen kan inte hantera smartkortskreditiv. + + + + + + + + FILER + Om en återställning av lösenord av root misslyckas, för att motsvarande +SSSD-leverantör inte stödjer återställning av lösenord, kan ett individuellt +meddelande visas. Detta meddelande kan t.ex. innehålla instruktioner hur man +återställer ett lösenord. + + Meddelandet läses från filen +pam_sss_pw_reset_message.LOK där LOK står för en +lokalsträng som den returneras av +setlocale3 +. Om det inte finns någon matchande fil visas innehållet i +pam_sss_pw_reset_message.txt. Root måste vara ägaren av +filerna och endast root får ha läs- och skrivrättigheter medan alla andra +användare endast får ha läsrättigheter. + + Dessa filer söks efter i katalogen +/etc/sssd/customize/DOMÄNNAMN/. Om ingen matchande fil +finns visas ett allmänt meddelande. + + + + + + diff --git a/src/man/sv/pam_sss_gss.8.xml b/src/man/sv/pam_sss_gss.8.xml new file mode 100644 index 0000000..c439419 --- /dev/null +++ b/src/man/sv/pam_sss_gss.8.xml @@ -0,0 +1,212 @@ + + + +SSSD manualsidor + + + + + pam_sss_gss + 8 + + + + pam_sss_gss + PAM-modul för SSSD GSSAPI-autentisering + + + + +pam_sss_gss.so +felsökning + + + + BESKRIVNING + + pam_sss_gss.so autentiserar användaren över GSSAPI i +samarbete med SSSD. + + + Denna modul kommer försöka autentisera användaren med det värdbaserade +GSSAPI-tjänstenamnet värd@värdnamn vilket översätts till +Kerberos-huvudmannen värd/värdnamn@RIKE. Delen RIKE av +Kerberos-huvudmannanamnet härleds av Kerberos interna mekanismer och det kan +sättas uttryckligen i konfigurationen av sektionen [domain_realm] i +/etc/krb5.conf. + + + SSSD används för att tillhandahålla det önskade tjänstenamnet och för att +validera användarens kreditiv med GSSAPI-anrop. Om tjänstebiljetten redan är +tillgänglig i Kerberos kreditiv-cache eller om användarens +biljettgivarbiljett kan användas för att få det korrekta tjänstebiljetten, i +så fall kommer användaren autentiseras. + + + Om är sant (standard) kräver SSSD att +kreditiven som använts till att få denna tjänstebiljett kan associeras med +användaren. Detta betydera tt huvudmannen som äger Kerberos-kreditiven måste +stämma med användarens huvudmannanamn så som det definieras i LDAP. + + + För att aktivera GSSAPI-autentisering i SSSD, sätt alternativet + i [pam] eller domänsektionen i +sssd.conf. Tjänstekreditiven behöver lagras i SSSD:s keytab (de finns där +redan om man använder leverantören ipa eller ad). Keytab-platsen kan anges +med alternativet . Se +sssd.conf 5 + och sssd-krb5 +5 för fler detaljer om dessa +alternativ. + + + Några Kerberos-installationer tillåter associationen av +autentiseringsindikatorer med en viss förautentiseringsmetod använd för att +hämta biljettgivarbiljetten av användaren. pam_sss_gss.so +gör att man kan kräva närvaron av autentiseringsindikatorer i +tjänstebiljetten för en viss PAM-tjänst kan nås. + + + Om är satt i sektionen [pam] +eller domänsektionen i sssd.conf kommer SSSD utföra en kontroll av närvaron +av några konfigurerade indikatorer i tjänstebiljetten. + + + + + FLAGGOR + + + + + + + Skriv ut felsökningsinformation. + + + + + + + TILLHANDAHÅLLNA MODULTYPER + Endast modulen tillhandahålls. + + + + RETURVÄRDEN + + + PAM_SUCCESS + + + PAM-åtgärden avslutades framgångsrikt. + + + + + PAM_USER_UNKNOWN + + + Användaren är inte känd av autentiseringstjänsten eller så stödjs inte +autentisering med GSSAPI. + + + + + PAM_AUTH_ERR + + + Autentiseringsfel. + + + + + PAM_AUTHINFO_UNAVAIL + + + Kan inte komma åt autentiseringsinformationen. Detta kan bero på ett +nätverks- eller hårdvarufel. + + + + + PAM_SYSTEM_ERR + + + Ett systemfel uppstod. SSSD-loggfilerna kan innehålla ytterligare +information om felet. + + + + + + + + EXEMPEL + + Det huvudsakliga användningsfallet är att tillhandahålla lösenordsfri +autentisering i sudo men utan behovet av att avaktivera autentisering +helt. För att uppnå detta, aktivera först GSSAPI-autentisering av sudo i +sssd.conf: + + +[domain/MINDOMÄN] +pam_gssapi_services = sudo, sudo-i + + + Aktivera sedan modulen i den önskande PAM-stacken (t.ex. /etc/pam.d/sudo och +/etc/pam.d/sudo-i). + + +… +auth sufficient pam_sss_gss.so +… + + + + + FELSÖKNING + + SSSD-loggar, pam_sss_gss felsökningsutmatning och syslog kan innehålla +användbar information om felet. Här är några vanliga problem: + + + 1. Jag har miljövariabeln KRB5CCNAME satt och autentiseringen fungerar inte: +beroende på din sudo-versionär det möjligt att sudo inte skickar denna +variabel till PAM-miljön. Försök lägga till KRB5CCNAME till + i /etc/sudoers eller i dina LDAP-sudo-reglers +standardalternativ. + + + 2. Autentiseringen fungerar inte och syslog innehåller ”Server not found in +Kerberos database”: Kerberos kan förmodligen inte lösa upp det korrekta +riket för tjänstebiljetten baserat på värdnamnet. Försök att lägga till +värdnamnet direk till i /etc/krb5.conf så +här: + + + 3. Autentiseringen fungerar inte och syslog innehåller ”No Kerberos +credentials available”: du har inte några kreditiv som kan användas för att +få den önskade tjänstebiljetten. Använd kinit eller autentisera över SSSD +för att få dessa kreditiv. + + + 4. Autentisering fungerar inte och SSSD sssd-pam-loggen innehåller ”User +with UPN [$UPN] was not found.” eller ”UPN [$UPN] does not match target user +[$username].”: du använder kreditiv som inte kan kopplas till användaren som +autentiseras. Försök att använda kswitch för att välja en annan huvudman, se +till att du autentiserade med SSSD eller överväg att avaktivera +. + + +[domain_realm] +.myhostname = MITTRIKE + + + + + + + diff --git a/src/man/sv/sss-certmap.5.xml b/src/man/sv/sss-certmap.5.xml new file mode 100644 index 0000000..6e52350 --- /dev/null +++ b/src/man/sv/sss-certmap.5.xml @@ -0,0 +1,753 @@ + + + +SSSD manualsidor + + + + + sss-certmap + 5 + Filformat och konventioner + + + + sss-certmap + SSSD:s certifikatmatchnings- och -mappningsregler + + + + BESKRIVNING + + Manualsidan beskriver reglerna som kan användas av SSSD och andra +komponenter för att matcha X.509-certifikat och koppla dem till konton. + + + Varje regel har fyra komponenter, en prioritet, en +matchningsregel, en mappningsregel och en +domänlista. Alla komponenter är frivilliga. En saknad +prioritet kommer lägga till regeln med den lägsta +prioriteten. Standard-matchningsregeln kommer matcha +certifikat med digitalSignature-nyckelanvändning och +clientAuth-utökadnyckelanvändning. Om mappningsregeln är tom +kommer certifikaten sökas efter i attributet userCertificate som DER-kodade +binärer. Om inga domäner anges kommer endast den lokala domänen sökas. + + + För att tillåta utökningar eller helt annorluda regelstil kan +mapping och matching rules innehålla ett +prefix separerat med ett ”:” från huvuddelen av regeln. Prefixet får bara +innehålla versala ASCII-bokstäver och siffror. Om prefixet utelämnas kommer +standardtypen användas vilken är ”KRB5” för matchningsregler och ”LDAP” för +avbildningsregler. + + + Verktyget ”sssctl” tillhandahåller kommandot ”cert-eval-rule” för att +kontrollera om ett givet certifikat stämmer med en matchningsregel och hur +utdata från en avbildningsregel skulle se ut. + + + + + REGELKOMPONENTER + + PRIORITET + + Reglerna bearbetas i prioritetsordning där ”0” (noll) indikerar den högsta +prioriteten. Ju högre talet är desto lägre är prioriteten. Ett saknat +värde indikerar den lägsta prioriteten. Regelbearbetningen stoppas när en +regel som matchar hittas och inga ytterligare regler kontrolleras. + + + Internt behandlas prioriteten som teckenlösa 32-bitars heltal, att använda +ett prioritetsvärde större än 4294967295 kommer orsaka ett fel. + + + Om flera regler har samma prioritet och bara en av de relaterade +matchningsreglerna gäller kommer denna regel att väljas. Om det finns flera +regler med samma prioritet som matchar väljs en men vilken av den är +odefinierat. För att undvika detta beteende, använd antingen olika +prioriteter eller gör matchningsregeln mer specifik, t.ex. genom att använda +olika <ISSUER>-mönster. + + + + MATCHNINGSREGEL + + Matchningsregeln används för att välja ett certifikat som +översättningsregeln skall tillämpas på. Det använder ett system liknande det +som används av alternativet pkinit_cert_match i MIT +Kerberos. Det består av ett nyckelord omgivet av ”<” och ”>” som +identifierar en specifik del av certifikatet och ett mönster som skall +finnas för att regeln skall matcha. Flera nyckelord/mönster-par kan antingen +sammanfogas med ”&&” (och) eller ”||” (eller). + + + Givet likheten med MIT Kerberos är typprefixet för denna regel ”KRB5”. Men +”KRB5” kommer även vara standardvärdet för matching rules så +att ”<SUBJEKT>.*,DC=MIN,DC=DOMÄN” och +”KRB5:<SUBJEKT>.*,DC=MIN,DC=DOMÄN” är likvärdiga. + + + De tillgängliga alternativen är: + + <SUBJECT>reguljärt-uttryck + + + Med denna kan en del eller hela certifikatets subject-namn matchas. För +matchningen används POSIX syntax för utökade reguljära uttryck, se regex(7) +för detaljer. + + + För matchningen konverteras subject-namnet lagrat i certifikatet i DER-kodad +ASN.1 till en sträng i enlighet med RFC 4514. Detta betyder att den mest +specifika namnkomponenten kommer först. Observera att inte alla möjliga +attributnamn täcks av RFC 4514. De inkluderade namnen är ”CN”, ”L”, ”ST”, +”O”, ”OU”, ”C”, ”STREET”, ”DC” och ”UID”. Andra attributnamn kan visas olika +på olika plattformar och av olika verktyg. För att undvika förvirring är det +bäst att dessa attributnamn inte används eller täcks av ett lämpligt +reguljärt uttryck. + + + Exempel: <SUBJECT>.*,DC=MIN,DC=DOMÄN + + + Observera att tecknen ”^.[$()|*+?{\” har en särskild betydelse i reguljära +uttryck och måste skyddas med hjälp av tecknet ”\” så att de kan matchas som +vanliga tecken. + + + Exempel: <SUBJECT>^CN=.* \(Admin\),DC=MIN,DC=DOMÄN$ + + + + + <ISSUER>reguljärt-uttryck + + + Med denna kan en del eller hela certifikatets issuer-namn matchas. Alla +kommentarer för <SUBJECT> är tillämpliga här också. + + + Exempel: <ISSUER>^CN=Min-CA,DC=MIN,DC=DOMÄN$ + + + + + <KU>nyckelanvändning + + + Detta alternativ kan användas för att specificera vilka +nyckelanvändningsvärden certifikatet skall ha. Följande värden kan användas +i en kommaseparerad lista: + + digitalSignature + nonRepudiation + keyEncipherment + dataEncipherment + keyAgreement + keyCertSign + cRLSign + encipherOnly + decipherOnly + + + + Ett numeriskt värde i intervallet hos ett 32-bitars teckenlöst heltal kan +användas också för att täcka speciella användningsfall. + + + Exempel: <KU>digitalSignature,keyEncipherment + + + + + <EKU>utökad-nyckel-användning + + + Detta alternativ kan användas för att specificera vilka +utökade-nyckel-användningsvärden certifikatet skall ha. Följande värden kan +användas i en kommaseparerad lista: + + serverAuth + clientAuth + codeSigning + emailProtection + timeStamping + OCSPSigning + KPClientAuth + pkinit + msScLogin + + + + Användningar av utökade nycklar som inte listas ovanför kan specificeras med +sina OID:er i punktad decimal notation. + + + Exempel: <EKU>clientAuth,1.3.6.1.5.2.3.4 + + + + + <SAN>reguljärt-uttryck + + + För att vara kompatibel med användningen av MIT Kerberos kommer detta +alternativ matcha Kerberos-huvudmän i PKINIT eller AD NT-Principal SAN som +<SAN:Principal> gör. + + + Exempel: <SAN>.*@MITT\.RIKE + + + + + <SAN:Principal>reguljärt-uttryck + + + Matcha Kerberos-huvudmännen i PKINIT eller AD NT Principal SAN. + + + Exempel: <SAN:Principal>.*@MITT\.RIKE + + + + + <SAN:ntPrincipalName>reguljärt-uttryck + + + Matcha Kerberos-huvudmän från AD NT Principal SAN. + + + Exempel: <SAN:ntPrincipalName>.*@MITT.AD.RIKE + + + + + <SAN:pkinit>reguljärt-uttryck + + + Matcha Kerberos-huvudmän från PKINIT SAN. + + + Exempel: <SAN:ntPrincipalName>.*@MITT\.PKINIT\.RIKE + + + + + <SAN:dotted-decimal-oid>reguljärt-uttryck + + + Ta värdet från otherName SAN-komponenten som anges av OID:n i punktad +decimal notation, tolka den som en sträng och försök att matcha den mot det +reguljära uttrycket. + + + Exempel: <SAN:1.2.3.4>test + + + + + <SAN:otherName>base64-sträng + + + Gör en binär matchning med den base64-kodade klicken mot alla otherName +SAN-komponenter. Med detta alternativ är det möjligt att matcha mot +anpassade otherName-komponenter med speciella kodningar som inte kan +hanteras som strängar. + + + Exempel: <SAN:otherName>MTIz + + + + + <SAN:rfc822Name>reguljärt-uttryck + + + Matcha värdet på rfc822Name SAN. + + + Exempel: <SAN:rfc822Name>.*@epost\.domän + + + + + <SAN:dNSName>reguljärt-uttryck + + + Matcha värdet på dNSName SAN. + + + Exempel: <SAN:dNSName>.*\.min\.dns\.domän + + + + + <SAN:x400Address>base64-sträng + + + Matcha binärt värdet på x400Address SAN. + + + Exempel: <SAN:x400Address>MTIz + + + + + <SAN:directoryName>reguljärt-uttryck + + + Matcha värdet på directoryName SAN. Samma kommentarer som gavs för +<ISSUER> och <SUBJECT> gäller här också. + + + Exempel: <SAN:directoryName>.*,DC=com + + + + + <SAN:ediPartyName>base64-sträng + + + Matcha binärt värdet på ediPartyName SAN. + + + Exempel: <SAN:ediPartyName>MTIz + + + + + <SAN:uniformResourceIdentifier>reguljärt-uttryck + + + Matcha värdet på uniformResourceIdentifier SAN. + + + Exempel: <SAN:uniformResourceIdentifier>URN:.* + + + + + <SAN:iPAddress>reguljärt-uttryck + + + Matcha värdet på iPAddress SAN. + + + Exempel: <SAN:iPAddress>192\.168\..* + + + + + <SAN:registeredID>reguljärt-uttryck + + + Matcha värdet på registeredID SAN som punktad decimal sträng. + + + Exempel: <SAN:registeredID>1\.2\.3\..* + + + + + + + + MAPPNINGSREGEL + + Mappningsregeln används för att koppla ett certifikat med ett eller flera +konton. Ett smartkort med certifikat och den matchande privata nyckeln kan +då användas för autentisering som ett av dessa konton. + + + För närvarande stödjer SSSD egentligen bara LDAP för att slå upp +användarinformation (undantaget är proxy-leverantören som inte är relevant +här. På grund av detta är mappningsregeln baserad på syntaxen för +LDAP-sökfilter med mallar för att lägga till certifikatinnehåll till +filtret. Det antas att filtret endast kommer innehålla de specifika data +som behövs för mappningen och att anroparen kommer bädda in dem i ett annat +filter för att göra den egentliga sökningen. Därför skall filtersträngen +börja och sluta med ”(” respektive ”)”. + + + I allmänhet rekommenderas det att använda attribut från certifikatet och +lägga till dem till speciella attribut till LDAP-användarobjektet. +T.ex. kan attributet ”altSecurityIdentities” i AD eller attributet +”ipaCertMapData” i IPA användas. + + + Detta bör hellre användas än att läsa användarspecifik data från +certifikatet som t.ex. en e-postadress och söka efter den i LDAP-servern. +Anledningen är att användarspecifika data i LDAP kan ändras av olika +anledningar vilket skulle göra sönder mappningen. Å andra sidan skulle det +vara svårt att bryta mappningen avsiktligt för en specifik användare. + + + Standardtypen för mapping rule är ”LDAP” vilket kan läggas +till som ett prefix till en regel som +t.ex. ”LDAP:(userCertificate;binary={cert!bin})”. Det finns en utökning som +heter ”LDAPU1” som erbjuder fler mallar för mer flexibilitet. För att +tillåta äldre versioner av detta bibliotek att ignorera utökningen måste +prefixet ”LDAPU1” användas när de nya mallarna i en mapping +rule används annars kommer den gamla versionen av biblioteket +misslyckas med ett tolkningsfel. Den nya mallarna beskrivs i avsnittet . + + + Mallarna för att lägga till certifikatdata till sökfiltret baseras på +formateringssträngar i Python-stil. De består av ett nyckelord i +krullparenteser med en valfri underkomponentspecificerare separerad av en +”.” eller ett valfritt konverterings-/formateringsalternativ separerat av +ett ”!”. Tillåtna värden är: + + {issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]} + + + Mallen kommer lägga till den fullständiga utgivar-DN:en konverterad till en +sträng enligt RFC 4514. Om X.500-ordning (mest specifik RDN kommer sist) +skall ett alternativ med prefixet ”_x500” användas. + + + Konverteringsalternativen som börjar med ”ad_” kommer använda attribut som +de används av AD, t.ex. ”S” istället för ”ST”. + + + Konverteringsalternativen som börjar med ”nss_” kommer använda attributnamn +som de används av NSS. + + + Standard för konverteringsalternativ är ”nss”, d.v.s. attributnamn enligt +NSS och LDAP/RFC 4514-ordning. + + + Exempel: +(ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!ad}) + + + + + {subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]} + + + Mallen kommer lägga till den fullständiga subjekt-DN:en konverterad till en +sträng enligt RFC 4514. Om X.500-ordning (mest specifik RDN kommer sist) +skall ett alternativ med prefixet ”_x500” användas. + + + Konverteringsalternativen som börjar med ”ad_” kommer använda attribut som +de används av AD, t.ex. ”S” istället för ”ST”. + + + Konverteringsalternativen som börjar med ”nss_” kommer använda attributnamn +som de används av NSS. + + + Standard för konverteringsalternativ är ”nss”, d.v.s. attributnamn enligt +NSS och LDAP/RFC 4514-ordning. + + + Exempel: +(ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>{subject_dn!nss_x500}) + + + + + {cert[!(bin|base64)]} + + + Denna mall kommer lägga till hela det DER-kodade certifikatet som än sträng +till sökfiltret. Beroende på konverteringsalternativen konverteras antingen +certifikatet till en hex-sekvens med styrtecken ”\xx” eller till base64. +Hex-strängen med styrtecken är standard och kan t.ex. användas med +LDAP-attributet ”userCertificate;binary”. + + + Exempel: (userCertificate;binary={cert!bin}) + + + + + {subject_principal[.short_name]} + + + Denna mall kommer lägga till Kerberos-huvudmannen som hämtas antingen från +den SAN som används av pkinit eller den som används av AD. Komponenten +”short_name” representerar första delen av huvudmannen före tecknet ”@”. + + + Exempel: +(|(userPrincipal={subject_principal})(samAccountName={subject_principal.short_name})) + + + + + {subject_pkinit_principal[.short_name]} + + + Denna mall kommer lägga till Kerberos-huvudmannen som hämtas från den SAN +som används av pkinit. Komponenten ”short_name” representerar första delen +av huvudmannen före tecknet ”@”. + + + Exempel: +(|(userPrincipal={subject_pkinit_principal})(uid={subject_pkinit_principal.short_name})) + + + + + {subject_nt_principal[.short_name]} + + + Denna mall kommer lägga till Kerberos-huvudmannen som hämtas från den SAN +som används av AD. Komponenten ”short_name” representerar första delen av +huvudmannen före tecknet ”@”. + + + Exempel: +(|(userPrincipalName={subject_nt_principal})(samAccountName={subject_nt_principal.short_name})) + + + + + {subject_rfc822_name[.short_name]} + + + Denna mall kommer lägga till strängen som lagras i komponenten rfc822Name i +SAN:en, normalt en e-postadress. Komponenten ”short_name” representerar +första delen av huvudmannen före tecknet ”@”. + + + Exempel: +(|(mail={subject_rfc822_name})(uid={subject_rfc822_name.short_name})) + + + + + {subject_dns_name[.short_name]} + + + Denna mall kommer lägga till strängen som lagras i komponenten dNSName i +SAN:en, normalt ett fullständigt kvalificerat värdnamn. Komponenten +”short_name” representerar första delen av huvudmannen före det första +”.”-tecknet. + + + Exempel: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name})) + + + + + {subject_uri} + + + Denna mall kommer lägga till strängen som lagras i komponenten +uniformResourceIdentifier i SAN:en. + + + Exempel: (uri={subject_uri}) + + + + + {subject_ip_address} + + + Denna mall kommer lägga till strängen som lagras i komponenten iPAddress i +SAN:en. + + + Exempel: (ip={subject_ip_address}) + + + + + {subject_x400_address} + + + Denna mall kommer lägga till värdet som lagras i komponenten x400Address i +SAN:en som en hex-sekvens med styrtecken. + + + Exempel: (attr:binary={subject_x400_address}) + + + + + {subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]} + + + Denna mall kommer lägga till DN-strängen för värdet som lagras i komponenten +directoryName i SAN:en. + + + Exempel: (orig_dn={subject_directory_name}) + + + + + {subject_ediparty_name} + + + Denna mall kommer lägga till värdet som lagras i komponenten ediPartyName i +SAN:en som en hex-sekvens med styrtecken. + + + Exempel: (attr:binary={subject_ediparty_name}) + + + + + {subject_registered_id} + + + Denna mall kommer lägga till OID:n som lagras i komponenten registeredID i +SAN:en som en punktad decimal sträng. + + + Exempel: (oid={subject_registered_id}) + + + + + + + LDAPU1-utvidgningen + + Följande mall är tillgänglig när utökningen ”LDAPU1” används: + + + + + {serial_number[!(dec|hex[_ucr])]} + + + Denna mall kommer lägga till certifikatets serienummer. Som standard kommer +det skrivas som ett hexadecimalt tal med gemena bokstäver. + + + Med formateringsalternativet ”!dec” kommer numret skrivas som en decimal +sträng. Den exadecimala utdatan kan skrivas med versala bokstäver +(”!hex_u”), med ett kolon som separator mellan hexadecimala byte (”!hex_c”) +eller med de hexadecimala byten i omvänd ordning +(”!hex_r”). Postfixbokstäverna kan kombineras så att t.ex. ”!hex_uc" kommer +producera en kolonseparerad hexadecimal sträng med versaler. + + + Exempel: LDAPU1:(serial={serial_number}) + + + + + + {subject_key_id[!hex[_ucr]]} + + + Denna mall kommer lägga till certifikatets subjektnyckel-id. Som standard +kommer det skrivas som ett hexadecimalt tal med gemena bokstäver. + + + Den hexadecimala utdatan kan skrivas med versala bokstäver (”!hex_u”), med +ett kolon som separator mellan hexadecimala byte (”!hex_c”) eller med de +hexadecimala byten i omvänd ordning (”!hex_r”). Postfixbokstäverna kan +kombineras så att t.ex. ”!hex_uc" kommer producera en kolonseparerad +hexadecimal sträng med versaler. + + + Exempel: LDAPU1:(ski={subject_key_id}) + + + + + + {cert[!KONTROLLSUMMA[_ucr]]} + + + Denna mall kommer läga till certifikatets hexadecimala kontrollsumma/hash +där KONTROLLSUMMA måste ersättas med namnet på en +kontrollsumme-/hash-funktion som stödjs av OpenSSL, t.ex. ”sha512”. + + + Den hexadecimala utdatan kan skrivas med versala bokstäver (”!sha512_u”), +med ett kolon som separator mellan hexadecimala byte (”!sha512_c”) eller med +de hexadecimala byten i omvänd ordning (”!sha512_r”). Postfixbokstäverna kan +kombineras så att t.ex. ”!sha512_uc" kommer producera en kolonseparerad +hexadecimal sträng med versaler. + + + Exempel: LDAPU1:(dgst={cert!sha256}) + + + + + + {subject_dn_component[(.attr_name|[number]]} + + + Denna mall kommer lägga till ett av komponentens attributvärden från +subjekt-DN, som standard värdet på den mest specifika komponenten. + + + En annan komponent kan antingen väljas via attributnamnet, +t.ex. {subject_dn_component.uid} eller via position, +t.ex. {subject_dn_component.[2]} där positiva tal börjar räknas från den +mest specifika komponenten och negativa tal börjar räkna från den minst +specifika komponenten Attributnamn och positionen kan kombineras, +t.ex. {subject_dn_component.uid[2]} vilket betyder att namnet på den andra +komponenten måste vara ”uid”. + + + Exempel: LDAPU1:(uid={subject_dn_component.uid}) + + + + + + {issuer_dn_component[(.attr_namn|[tal]]} + + + Denna mall kommer lägga till ett av komponentens attributvärden från +utgivar-DN, som standard värdet på den mest specifika komponenten. + + + Se ”subject_dn_component” för detaljer om attributnamn och +positionsangivelser. + + + Exempel: +LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component.dc[-1]}) + + + + + {sid[.rid]} + + + Denna mall kommer lägga till SID:n om den motsvarande utökningen +introducerad av Microsoft med OID 1.3.6.1.4.1.311.25.2 är tillgänglig. Med +selektorn ”.rid” kommer endast den sista komponenten, d.v.s RID:n, att +läggas till. + + + Exempel: LDAPU1:(objectsid={sid}) + + + + + + + + + DOMÄNLISTA + + Om domänlistan inte är tom söks användare mappade till ett givet certifikat +inte bara i den lokala domänen utan i de listade domänerna också förutsatt +att de är kända av SSSD. Domäner som SSSD inte känner till kommer +ignoreras. + + + + + diff --git a/src/man/sv/sss_cache.8.xml b/src/man/sv/sss_cache.8.xml new file mode 100644 index 0000000..f6778ee --- /dev/null +++ b/src/man/sv/sss_cache.8.xml @@ -0,0 +1,259 @@ + + + +SSSD manualsidor + + + + + sss_cache + 8 + + + + sss_cache + utför cacherensning + + + + +sss_cache +flaggor + + + + BESKRIVNING + + sss_cache invaliderar poster i SSSD-cachen. Invaliderade +poster måste hämtas om från servern så fort den tillhörande SSSD-bakänden är +ansluten. Flaggor som invaliderar ett enstaka objekt tar bara ett ensamt +argument. + + + + + FLAGGOR + + + + , + + + + Invalidera alla cachade poster. + + + + + + , +inloggning + + + + Invalidera en viss användare. + + + + + + , + + + + Invalidera alla användarposter. Detta alternativ åsidosätter invalidering +av en viss användare om det också angavs. + + + + + + , +grupp + + + + Invalidera en viss grupp. + + + + + + , + + + + Invalidera alla grupposter. Detta alternativ åsidosätter invalidering av en +viss grupp om det också angavs. + + + + + + , +nätgrupp + + + + Invalidera en viss nätgrupp. + + + + + + , + + + + Invalidera alla nätgruppsposter. Detta alternativ åsidosätter invalidering +av en viss nätgrupp om det också angavs. + + + + + + , +tjänst + + + + Invalidera en viss tjänst. + + + + + + , + + + + Invalidera alla tjänsteposter. Detta alternativ åsidosätter invalidering av +en viss tjänst om det också angavs. + + + + + + , +autofs-översättning + + + + Invalidera specifika autofs-översättningar. + + + + + + , + + + + Invalidera alla autofs-översättningar. Detta alternativ åsidosätter +invalidering av en viss översättning om det också angavs. + + + + + + , +värdnamn + + + + Invalidera publika SSH-nycklar för en viss värd. + + + + + + , + + + + Invalidera publika SSH-nycklar för alla värdar. Detta alternativ +åsidosätter invalidering av SSH-nycklar för en viss värd om det också +angavs. + + + + + + , +regel + + + + Invalidera en viss sudo-regel. + + + + + + , + + + + Invalidera alla cachade sudo-regler. Detta alternativ åsidosätter +invalidering av en viss sudo-regel om det också angavs. + + + + + + , +domän + + + + Begränsa invalideringsprocessen till endast en viss domän. + + + + + + + + + EFFEKTER PÅ DEN SNABBA MINNESCACHEN + + sss_cache invaliderar även minnescachen. Eftersom +minnescachen är en fil som avbildas in i minnet för varje process som +anropar SSSD för att slå upp användare eller grupper kan filen inte huggas +av. En speciell flagga sätts i huvudet på filen för att indikera att +innehållet är ogiltigt och sedan tas länken bort av SSSD:s NSS-respondent +och en ny cache-fil skapas. När än en process nu gör en ny uppslagning av en +användare eller en grupp kommer den att se flaggan, stänga den gamla +minnescachfilen och avbilda in den ny in i sitt minne. När alla processer +som har öppnat den gamla minnescachefilen har stängt den under uppslagning +av en användare eller grupp kan kärnan släppa det använda diskutrymmet och +den gamla minnescachefilen är slutligen helt borttagen. + + + Ett särskilt fall är långlivade processer som gör användar- eller +gruppuppslagningar endast vid uppstart, t.ex. för att avgöra namnet på +användaren processen kör som. För dessa uppslagningar är minnescachfilen +avbildad in i processens minne. Men eftersom det inte kommer vara några +ytterligare uppslagningar skulle dessa processer aldrig upptäcka om +minnescachefilen invalideras och därmed kommer den hållas kvar i minnet och +kommer den att använda diskutrymme tills processen slutar. Som ett resultat +kan att anropa sss_cache öka diskanvändningen eftersom +gamla minnescachefiler inte kan tas bort från disken eftersom de fortfarande +är avbildade av långlivade processer. + + + Ett möjligt sätt att gå runt problemet för långlivade processer som slår upp +användare och grupper endast vid uppstart eller väldigt sällan är att köra +dem med miljövariabeln SSS_NSS_USE_MEMCACHE satt till ”NO” så att de inte +kommer använda minnescachen alls och inte avbilda minnescachefilen in i +minnet. I allmänhet är en bättre lösning att trimma parametrarna för cachens +tidsgräns så att de stämmer med lokala förväntningar och det inte är +nödvändigt att anropa sss_cache. + + + + + + + diff --git a/src/man/sv/sss_debuglevel.8.xml b/src/man/sv/sss_debuglevel.8.xml new file mode 100644 index 0000000..89856e9 --- /dev/null +++ b/src/man/sv/sss_debuglevel.8.xml @@ -0,0 +1,38 @@ + + + +SSSD manualsidor + + + + + sss_debuglevel + 8 + + + + sss_debuglevel + [FÖRÅLDRAD] ändra felsökningsnivå medan SSSD kör + + + + +sss_debuglevel +flaggor NY_FELSÖKNINGSNIVÅ + + + + BESKRIVNING + + sss_debuglevel är föråldrat och ersatt av kommandot +sssctl debug-level. Se manualsidan sssctl för mer +information om användning av sssctl. + + + + + + + diff --git a/src/man/sv/sss_obfuscate.8.xml b/src/man/sv/sss_obfuscate.8.xml new file mode 100644 index 0000000..c5f0af0 --- /dev/null +++ b/src/man/sv/sss_obfuscate.8.xml @@ -0,0 +1,96 @@ + + + +SSSD manualsidor + + + + + sss_obfuscate + 8 + + + + sss_obfuscate + fördunkla ett klartextlösenord + + + + +sss_obfuscate +flaggor [LÖSENORD] + + + + BESKRIVNING + + sss_obfuscate konverterar ett givet lösenord till ett +format oläsbart för människor och placerar det i det passande domänavsnittet +av SSSD-konfigurationsfilen. + + + Klartextlösenordet läses från standard in eller skrivs interaktivt. Det +fördunklade lösenordet läggs in i parametern +ldap_default_authtok av en given SSSD-domän och parametern +ldap_default_authtok_type sätts till +obfuscated_password. Se +sssd-ldap 5 + för fler detaljer om dessa parametrar. + + + Observera att fördunklandet av lösenord ger ingen riktigt +säkerhetsförbättring eftersom det fortfarande är möjligt för en +anfallare att återskapa lösenordet. Det rekommenderas +starkt att använda en bättre autentiseringsmekanism +såsom klientsidecertifikat eller GSSAPI. + + + + + FLAGGOR + + + + + , + + + + Lösenordet att fördunkla kommer läsas från standard in. + + + + + + , +DOMÄN + + + + SSSD-domäner att använda lösenordet i. Standardnamnet är +default. + + + + + + , FIL + + + + Läs konfigurationsfilen som anges av positionsparametern. + + + Standard: /etc/sssd/sssd.conf + + + + + + + + + + diff --git a/src/man/sv/sss_override.8.xml b/src/man/sv/sss_override.8.xml new file mode 100644 index 0000000..a6c08b5 --- /dev/null +++ b/src/man/sv/sss_override.8.xml @@ -0,0 +1,260 @@ + + + +SSSD manualsidor + + + + + sss_override + 8 + + + + sss_override + skapa lokala åsidosättanden av användar- och gruppattribut + + + + +sss_override KOMMANDO +flaggor + + + + BESKRIVNING + + sss_override gör det möjligt att skapa en klientsidevy +och tillåter att man ändrar valda värden på specifika användare och +grupper. Denna ändring gäller endast på den lokala maskinen. + + + Data om åsidosättanden lagras i SSSD-cachen. Om cachen raderas förloras +alla lokala åsidosättanden. Observera att efter det första åsidosättandet +har skapats med något av följande kommandon user-add, +group-add, user-import eller +group-import behöver SSSD startas om för att det skall +få effekt. sss_override skriver ett meddelande när en +omstart behövs. + + + OBSERVERA: alternativen som ges i denna manualsida +fungerar endast med id_provider ldap och +AD. IPA-åsidosättanden kan hanteras centralt på IPA-servern. + + + + + TILLGÄNGLIGA KOMMANDON + + Argumentet NAMN är namnet på originalobjektet i alla +kommandon. Det är inte möjligt att åsidosätta uid +eller gid till 0. + + + + + NAMN + NAMN + AID + GID + HEM + SKAL + GECOS + BASE64-KODAT +CERTIFIKAT + + + + Åsidosätt attribut på en användare. Var medveten om att anropa detta +kommando kommer ersätta eventuella tidigare åsidosättanden för (den +NAMNgivna) användaren. + + + + + + NAMN + + + + Ta bort användaråsidosättanden. Var dock medveten om att åsidosatta +attribut kan returneras från minnescachen. Se SSSD-alternativet +memcache_timeout för fler detaljer. + + + + + + +DOMÄN + + + + Lista alla användare med satta åsidosättanden. Om parametern +DOMÄN är satt listas endast användare från den domänen. + + + + + + NAMN + + + + Visa användaråsidosättanden. + + + + + + FIL + + + + Importera användaråsidosättanden från FIL. +Dataformatet liknar den vanliga passwd-filen. Formatet är: + + + ursprungligt_namn:namn:aid:gid:gecos:hem:skal:bas64-kodat_certifikat + + + där ursprungligt_namn är användarens originalnamn vars attribut skall +åsidosättas. Resten av fälten motsvarar nya värden. Man kan utelämna ett +värde helt enkelt genom att lämna motsvarande fält tomt. + + + Exempel: + + + kwalker:fantomen:::::: + + + kwalker@bangalla.com::501:501:Fantomen:/home/bangalla:/bin/bash: + + + + + + FIL + + + + Exportera alla åsidosatta attribut och spara dem i +FIL. Se user-import för +dataformatet. + + + + + + NAMN + NAMN + GID + + + + Åsidosätt attribut på en grupp. Var medveten om att anropa detta kommando +kommer ersätta eventuella tidigare åsidosättanden för (den NAMNgivna) +gruppen. + + + + + + NAMN + + + + Ta bort gruppåsidosättanden. Var dock medveten om att åsidosatta attribut +kan returneras från minnescachen. Se SSSD-alternativet +memcache_timeout för fler detaljer. + + + + + + +DOMÄN + + + + Lista alla grupper med satta åsidosättanden. Om parametern +DOMÄN är satt listas endast grupper från den domänen. + + + + + + NAMN + + + + Visa gruppåsidosättanden. + + + + + + FIL + + + + Importera gruppåsidosättanden från FIL. Dataformatet +liknar den vanliga group-filen. Formatet är: + + + ursprungligt_namn:namn:gid + + + där ursprungligt_namn är gruppens originalnamn vars attribut skall +åsidosättas. Resten av fälten motsvarar nya värden. Man kan utelämna ett +värde helt enkelt genom att lämna motsvarande fält tomt. + + + Exempel: + + + admin:administratorer: + + + Domain Users:Users:501 + + + + + + FIL + + + + Exportera alla åsidosatta attribut och spara dem i +FIL. Se group-import för +dataformatet. + + + + + + + + GEMENSAMMA FLAGGOR + + Dessa flaggor är tillgängliga med alla kommandon. + + + + + NIVÅ + + + + + + + + + + diff --git a/src/man/sv/sss_rpcidmapd.5.xml b/src/man/sv/sss_rpcidmapd.5.xml new file mode 100644 index 0000000..75378b3 --- /dev/null +++ b/src/man/sv/sss_rpcidmapd.5.xml @@ -0,0 +1,112 @@ + + + +SSSD manualsidor + + +sss rpc.idmapd plugin +Noam Meltzer +Primary Data Inc. Utvecklare +(2013-2014) Noam +Meltzer Utvecklare (2014-) +tsnoam@gmail.com + + + sss_rpcidmapd + 5 + Filformat och konventioner + + + + sss_rpcidmapd + sss insticksmoduls konfigurationsdirektiv för rpc.idmapd + + + + KONFIGURATIONSFIL + + rpc.idmapd konfigurationsfil finns vanligen som +/etc/idmapd.conf. Se +idmapd.conf 5 + för mer information. + + + + + SSS-KONFIGURATIONSUTVIDGNING + + Aktivera SSS-insticksmodul + + I avsnittet [Translation], ändra/sätt attributet +Method till att innehålla sss. + + + + [sss] konfigurationsavsnitt + + För att ändra standardvärdet på ett av konfigurationsattributen för +insticksmodulen sss som räknas upp nedan behöver man +skapa ett konfigurationsavsnitt för den, med namnet [sss]. + + + Konfigurationsattribut + + memcache (bool) + + + Indikerar huruvida optimeringstekniken memcache skall användas eller inte. + + + Standard: True + + + + + + + + + SSSD-INTEGRATION + + Insticksmodulen sss kräver att NSS-respondenten är +aktiverad i sssd. + + + Attributet use_fully_qualified_names måste aktiveras i alla +domäner (NFSv4-klienter förväntar sig att ett fullständigt kvalificerat namn +skickas över tråden). + + + + + EXEMPEL + + Följande exempel visar en minimal idmapd.conf som använder insticksmodulen +sss. +[General] +Verbosity = 2 +# domänen måste synkroniseras mellan NFSv4-servern och -klienter +# Solaris/Illumos/AIX använder "localdomain" som standard! +Domain = default + +[Mapping] +Nobody-User = nfsnobody +Nobody-Group = nfsnobody + +[Translation] +Method = sss + + + + + + SE ÄVEN + + sssd8 +, idmapd.conf +5 + + + + diff --git a/src/man/sv/sss_seed.8.xml b/src/man/sv/sss_seed.8.xml new file mode 100644 index 0000000..dbc77e9 --- /dev/null +++ b/src/man/sv/sss_seed.8.xml @@ -0,0 +1,163 @@ + + + +SSSD manualsidor + + + + + sss_seed + 8 + + + + sss_seed + initiera SSSD-cachen med en användare + + + + +sss_seed +flaggor -D +DOMÄN -n +ANVÄNDARE + + + + BESKRIVNING + + sss_seed initierar SSSD-cachen med en användarpost och +tillfälligt lösenord. Om en användarpost redan finns i SSSD-cachen +uppdateras den posten med det tillfälliga lösenordet. + + + + + + + FLAGGOR + + + + , +DOMÄN + + + + Ange namnet på domänen i vilken användaren är en medlem. Domänen används +också för att hämta användarinformation. Domänen måste vara konfigurerad i +sssd.conf. Alternativet DOMÄN måste anges. +Information som hämtas från domänen åsidosätter vad som anges i flaggorna. + + + + + + , +ANVÄNDARE + + + + Användarnamnet på posten som skall skapas eller ändras i cachen. Flaggan +ANVÄNDARE måste anges. + + + + + + , AID + + + + Sätt användarens UID till UID. + + + + + + , GID + + + + Sätt användarens GID till GID. + + + + + + , +KOMMENTAR + + + + Godtycklig textsträng som beskriver användaren. Ofta använt som ett fält +för användarens fullständiga namn. + + + + + + , +HEMKATALOG + + + + Sätt användarens hemkatalog till HEMKAT. + + + + + + , SKAL + + + + Sätt användarens inloggningsskal till SKAL. + + + + + + , + + + + Interaktivt läge för att ange användarinformation. Detta alternativ kommer +bara att fråga efter information som inte angavs med flaggor eller hämtades +från domänen. + + + + + + , +LÖSENFIL + + + + Ange filen att läsa användarnas lösenord ifrån. (om inte angivet +efterfrågas lösenord) + + + + + + + + + NOTER + + Längden på lösenordet (eller storleken på filen som anges med flaggan -p +eller --password-file) måste vara mindre eller lika med PASS_MAX byte (64 +byte på system utan något globalt definierat PASS_MAX-värde). + + + + + + + + + + diff --git a/src/man/sv/sss_ssh_authorizedkeys.1.xml b/src/man/sv/sss_ssh_authorizedkeys.1.xml new file mode 100644 index 0000000..86f9d36 --- /dev/null +++ b/src/man/sv/sss_ssh_authorizedkeys.1.xml @@ -0,0 +1,142 @@ + + + +SSSD manualsidor + + + + + sss_ssh_authorizedkeys + 1 + + + + sss_ssh_authorizedkeys + hämta auktoriserade OpenSSH-nycklar + + + + +sss_ssh_authorizedkeys +flaggor ANVÄNDARE + + + + BESKRIVNING + + sss_ssh_authorizedkeys hämtar publika SSH-nycklar för +användaren ANVÄNDARE och skriver ut dem i +formatet för OpenSSH authorized_keys (se avsnittet +AUTHORIZED_KEYS-FILFORMAT i +sshd +8 för mer information). + + + sshd +8 kan konfigureras till att använda +sss_ssh_authorizedkeys för autentisering med användares +publika nyckel om den är kompilerad med stöd för alternativet +AuthorizedKeysCommand. Se manualsidan +sshd_config +5 för mer detaljer om detta +alternativ. + + + Om AuthorizedKeysCommand stödjs kan +sshd +8 konfigureras för att använda den +genom att lägga in följande direktiv +sshd_config +5: + AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys + AuthorizedKeysCommandUser nobody + + + + + NYCKLAR FRÅN CERTIFIKAT + + Utöver de publika SSH-nycklarna för användaren +ANVÄNDARE kan +sss_ssh_authorizedkeys även returnera publika SSH-nycklar +härledda från den publika nyckeln i ett X.509-certifikat. + + + För att aktivera detta måste alternativet +ssh_use_certificate_keys sättas till true (standard) i +avsnittet [ssh] av sssd.conf. Om användarposten +innehåller certifikat (se ldap_user_certificate i +sssd-ldap +5 för detaljer) eller det finns ett +certifikat i en åsidosättande post för användaren (se +sss_override +8 eller +sssd-ipa +5 för detaljer) och certifikatet är +giltigt kommer SSSD extrahera den publika nyckeln från certifikatet och +konvertera den till formatet som sshd förväntar sig. + + + Vid sidan av ssh_use_certificate_keys kan alternativen + + ca_db + p11_child_timeout + certificate_verification + + användas för att styra hur certifikaten valideras (se +sssd.conf +5 för detaljer). + + + Valideringen är fördelen med att använda X.509-certifikat istället för att +använda SSH-nycklar direkt för att det t.ex. ger en bättre kontroll över +livslängden hos nycklarna. När ssh-klienten är konfigurerad att använda de +privata nycklarna från ett smartkort med hjälp av det delade +PKCS#11-biblioteket (se ssh +1 för detaljer) kan det vara +irriterande att autentiseringen fortfarande fungerar även om det tillhörande +X.509-certifikatet på smartkortet redan har gått ut eftersom varken +ssh eller sshd kommer titta på +certifikatet över huvud taget. + + + Det måste påpekas att den härledda publika SSH-nyckeln fortfarande kan +läggas till i användarens fil authorized_keys för att +gå runt certifikatvalideringen om konfigurationen av sshd +tillåter detta. + + + + + + FLAGGOR + + + + , +DOMÄN + + + + Sök efter användares publika nycklar i SSSD-domänen +DOMÄN. + + + + + + + + + SLUTSTATUS + + Om det lyckas returneras 0 som slutstatus. Annars returneras 1. + + + + + + + diff --git a/src/man/sv/sss_ssh_knownhostsproxy.1.xml b/src/man/sv/sss_ssh_knownhostsproxy.1.xml new file mode 100644 index 0000000..04f9eb7 --- /dev/null +++ b/src/man/sv/sss_ssh_knownhostsproxy.1.xml @@ -0,0 +1,107 @@ + + + +SSSD manualsidor + + + + + sss_ssh_knownhostsproxy + 1 + + + + sss_ssh_knownhostsproxy + hämta OpenSSH-värdnycklar + + + + +sss_ssh_knownhostsproxy +flaggor VÄRD PROXY-KOMMANDO + + + + BESKRIVNING + + sss_ssh_knownhostsproxy hämtar publika SSH-värdnycklar +för värden VÄRD, lagrar dem i en anpassad +OpenSSH-known_hosts-fil (se avsnittet +SSH_KNOWN_HOSTS-FILFORMAT i +sshd +8 för mer information) +/var/lib/sss/pubconf/known_hosts och upprättar +anslutningen till värden. + + + Om PROXY-KOMMANDO anges används det för att skapa +anslutningen till värden istället för att öppna ett uttag. + + + ssh +1 kan konfigureras till att använda +sss_ssh_knownhostsproxy för värdnyckelautentisering genom +att använda följande direktiv i konfigurationen av +ssh +1: +ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h +GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts + + + + + + FLAGGOR + + + + , PORT + + + + Använd porten PORT för att ansluta till värden. +Som standard används port 22. + + + + + + , +DOMÄN + + + + Sök efter värdars publika nycklar i SSSD-domänen +DOMÄN. + + + + + + , + + + + Skriv ut värdens publika ssh-nycklar för värden +VÄRD. + + + + + + + + + SLUTSTATUS + + Om det lyckas returneras 0 som slutstatus. Annars returneras 1. + + + + + + + diff --git a/src/man/sv/sssctl.8.xml b/src/man/sv/sssctl.8.xml new file mode 100644 index 0000000..30db1ed --- /dev/null +++ b/src/man/sv/sssctl.8.xml @@ -0,0 +1,64 @@ + + + +SSSD manualsidor + + + + + sssctl + 8 + + + + sssctl + SSSD kontroll- och statusverktyg + + + + +sssctl KOMMANDO +flaggor + + + + BESKRIVNING + + sssctl tillhandahåller ett enkelt och enhetligt sätt att +få information om SSSD:s status, såsom aktiv server, automatupptäckta +servrar, domäner och cachade objekt. Dessutom kan det hantera SSSD:s +datafiler för felsökning på ett sådant sätt att det är säkert att hantera +medan SSSD kör. + + + + + TILLGÄNGLIGA KOMMANDON + + För att lista alla tillgängliga kommandon, kör sssctl +utan några parametrar. För att skriva ut hjälp om ett valt kommando, kör +sssctl KOMMANDO --help. + + + + + GEMENSAMMA FLAGGOR + + Dessa flaggor är tillgängliga med alla kommandon. + + + + + NIVÅ + + + + + + + + + + diff --git a/src/man/sv/sssd-ad.5.xml b/src/man/sv/sssd-ad.5.xml new file mode 100644 index 0000000..3d69532 --- /dev/null +++ b/src/man/sv/sssd-ad.5.xml @@ -0,0 +1,1287 @@ + + + +SSSD manualsidor + + + + + sssd-ad + 5 + Filformat och konventioner + + + + sssd-ad + SSSD Active Directory-leverantör + + + + BESKRIVNING + + Denna manualsida beskriver konfigurationen av leverantören AD till + sssd 8 +. För en detaljerad referens om syntaxen, se avsnittet +FILFORMAT i manualsidan +sssd.conf 5 +. + + + Leverantören AD är en bakände som används för att ansluta till en Active +Directory-server. Leverantören kräver att maskinen läggs in i AD-domänen +och att en keytab är tillgänglig. Bakändekommunikationen sker över en +GSSAPI-krypterad kanal, SSL/TLS-alternativ skall inte användas tillsammans +med AD-leverantören och kommer ersättas av Kerberos-användning. + + + AD-leverantören stödjer anslutning till Active Directory 2008 R2 eller +senare. Tidigare versioner kan fungera, men stödjs inte. + + + AD-leverantören kan användas för att få användarinformation och autentisera +användare från betrodda domäner. För närvarande känns endast betrodda +domäner i samma skog igen. Dessutom automatupptäcks alltid servrar från +betrodda domäner. + + + AD-leverantören gör att SSSD kan använda identitetsleverantören + sssd-ldap +5 och autentiseringsleverantören + sssd-krb5 +5 med optimeringar för Active +Directory-miljöer. AD-leverantören tar samma alternativ som används av +leverantörerna sssd-ldap och sssd-krb5 med några undantag. Dock är det +varken nödvändigt eller lämpligt att sätta dessa alternativ. + + + AD-leverantören kopierar i huvudsak standardalternativen för de +traditionella leverantörerna ldap och krb5 med några undantag. Skillnaderna +listas i avsnittet ÄNDRADE STANDARDINSTÄLLNINGAR. + + + AD-leverantören kan även användas som en åtkomst-, chpass-, sudo- och +autofs-leverantör. Ingen konfiguration av åtkomstleverantören behövs på +klientsidan. + + + Om auth_provider=ad eller access_provider=ad +konfigureras i sssd.conf måste id-leverantören också sättas till +ad. + + + Som standard kommer AD-leverantören översätta AID- och GID-värden från +parametern objectSID i Active Directory. För detaljer om detta se avsnittet +ID-ÖVERSÄTTNING nedan. Om du vill avaktivera ID-översättning +och istället lita på POSIX-attribut definierade i Active Directory skall du +sätta +ldap_id_mapping = False + . Om POSIX-attribut skall +användas rekommenderas det av prestandaskäl att attributen även replikeras +till den globala katalogen. Om POSIX-attribut replikeras kommer SSSD +försöka att hitta domänen för den begärda numeriska ID:n med hjälp av den +globala katalogen och endast söka i den domänen. Om POSIX-attribut däremot +inte replikeras till den globala katalogen måste SSSD söka i alla domänerna +i skogen sekventiellt. Observera att alternativet +cache_first också kan vara till hjälp för att snabba upp +domänlösa sökningar. Observera att om endast en delmängd av +POSIX-attributen finns i den globala katalogen läses för närvarande inte de +attribut som inte replikeras från LDAP-porten. + + + Användare, grupper och andra enheter som servas av SSSD behandlas alltid som +skiftlägesokänsliga i AD-leverantören för kompatibilitet med Active +Directorys LDAP-implementation. + + + SSSD slår endast up Active Directory Security Groups. För mer information om +AD-grupptyper se: Active +Directory security grouips + + + SSSD filtrerar ut domänlokala grupper från fjärrdomäner i AD-skogen. Som +standard filtreras de ut t.ex. när man följer en nästad grupphierarki i +fjärrdomäner för att de inte är giltiga i den lokala domänen. Detta görs för +att stämma med Active Directorys gruppmedlemskapstilldelning vilken kan ses +i Kerberosbiljettens PAC för en användare utgiven av Active Directory. + + + + + KONFIGURATIONSALTERNATIV + Se DOMÄNSEKTIONER i manualsidan +sssd.conf 5 + för detaljer om konfigurationen av en SSSD-domän. + + + ad_domain (sträng) + + + Anger namnet på Active Directory-domänen. Detta är frivilligt. Om det inte +anges används namnet på den konfigurerade domänen. + + + För att fungera ordentligt skall detta alternativ anges som den gemena +versionen av den långa versionen av Active Directorys domän. + + + Det korta domännamnet (även känt som NetBIOS-namnet eller det platta namnet) +detekteras automatiskt av SSSD. + + + + + + ad_enabled_domains (sträng) + + + A comma-separated list of enabled Active Directory domains. If provided, +SSSD will ignore any domains not listed in this option. If left unset, all +discovered domains from the AD forest will be available. + + + During the discovery of the domains SSSD will filter out some domains where +flags or attributes indicate that they do not belong to the local forest or +are not trusted. If ad_enabled_domains is set, SSSD will try to enable all +listed domains. + + + För att fungera ordentligt bör detta alternativ anges helt i gemener och som +det fullständigt kvalificerade namnet på Active Directory-domänen. Till +exempel: +ad_enabled_domains = marknad.example.com, tekn.example.com + + + + Det korta domännamnet (även känt som NetBIOS-namnet eller det platta namnet) +kommer detekteras automatiskt av SSSD. + + + Standard: inte satt + + + + + + ad_server, ad_backup_server (sträng) + + + Den kommaseparerade listan av värdnamn till AD-servrar till vilka SSSD skall +ansluta i prioritetsordning. För mer information om reserver och +serverredundans se avsnittet RESERVER. + + + Detta är frivilligt om automatupptäckt är aktiverat. För mer information om +tjänsteupptäckt se avsnittet TJÄNSTEUPPTÄCKT. + + + Observera: betrodda domäner kommer alltid automatiskt upptäcka servrar även +om den primära servern definieras uttryckligen i alternativet ad_server. + + + + + + ad_hostname (sträng) + + + Valfri. På maskiner där hostname(5) inte avspeglar det fullständigt +kvalificerade namnet kommer sssd försöka expandera det korta namnet. Om det +inte är möjligt eller det korta namnet verkligen skall användas istället, +sätt då denna parameter uttryckligen. + + + Detta fält används för att avgöra värd-huvudmannen som används i keytab:en +och utföra dynamiska DNS-uppdateringar. Det måste stämma med värdnamnet som +keytab:en gavs ut för. + + + + + + ad_enable_dns_sites (boolean) + + + Aktiverar DNS-sajter – platsbaserat tjänsteupptäckt. + + + Om sant och tjänsteupptäckt (se stycket Tjänsteupptäckt i slutet av +manualsidan) är aktiverat kommer SSSD först att försöka hitta en Active +Directory-server att ansluta till med Active Directory Site Discovery och +sedan falla tillbaka på traditionell SRV-upptäckt om ingen AD-sajt hittas. +Konfigurationen av DNS SRV, inklusive upptäcktsdomänen, används också under +sajtupptäckten. + + + Standard: true + + + + + + ad_access_filter (sträng) + + + Detta alternativ anger LDAP:s åtkomstkontrollfilter som användaren måste +matcha för att tillåtas åtkomst. Observera att alternativet +access_provider måste vara uttryckligen satt till +ad för att detta alternativ skall ha någon effekt. + + + Alternativet stödjer också att ange olika filter per domän eller skog. +Detta utökade filter skulle bestå av: NYCKELORD:NAMN:FILTER. +Nyckelordet kan vara antingen DOM, FOREST +eller utelämnas. + + + Om nyckelordet är lika med DOM eller saknas anger +NAMN domänen eller underdomänen filtret gäller för. Om +nyckelordet är lika med FOREST är filtret lika för alla +domäner från skogen som anges av NAMN. + + + Flera filter kan avgränsas med tecknet ?, i likhet med hur +sökbaser fungerar. + + + Nästade gruppmedlemskap måste sökas efter med en speciell OID +:1.2.840.113556.1.4.1941: utöver den fullständiga syntaxen +DOM:domän.example.com: för att säkerställa att tolken inte försöker tolka +kolontecknen som hör till OID:n. Om man inte använder denna OID kommer +nästade gruppmedlemskap inte slås upp. Se användningsexempel nedan och se +här för ytterligare information om OID:n: [MS-ADTS] +avsnittet LDAP-utökningar + + + Den mest specifika matchningen används alltid. Till exempel, om +alternativet angav filter för en domän användaren är medlem i och ett +globalt filter skulle det domänspecifika filtret tillämpas. Om det finns +fler matchningar med samma specifikation används den första. + + + Exempel: + + +# tillämpa endast filtret på en domän som heter dom1: +dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com) + +# tillämpa endast filtret på en domän som heter dom2: +DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com) + +# tillämpa endast filtret på en skog som heter EXAMPLE.COM: +FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com) + +# tillämpa filtret på en medlem av en nästad grupp i dom1: +DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com) + + + Standard: inte satt + + + + + + ad_site (sträng) + + + Ange en AD-sajt som klienten skall försöka ansluta till. Om detta +alternativ inte anges kommer AD-sajten att automatupptäckas. + + + Standard: inte satt + + + + + + ad_enable_gc (boolean) + + + Som standard ansluter SSSD till den globala katalogen först för att hämta +användare från betrodda domäner och använder LDAP-porten för att hämta +gruppmedlemskap som en reserv. Att avaktivera detta alternativ gör att SSSD +endast ansluter till LDAP-porten på den aktuella AD-servern. + + + Observera att att avaktivera stöd för den globala katalogen inte avaktiverar +att hämta användare från betrodda domäner. SSSD skulle ansluta till +LDAP-porten på den betrodda domänen istället. Dock måste den globala +katalogen användas för att slå upp gruppmedlemskap över domäner. + + + Standard: true + + + + + + ad_gpo_access_control (sträng) + + + Detta alternativ anger arbetsläget för GPO-baserad +åtkomstkontrollsfunktionalitet: huruvida det arbetar i avaktiverat läge, +tvingande läge eller tillåtande läge. Observera att alternativet +access_provider måste vara uttryckligen satt till +ad för att detta alternativ skall ha någon effekt. + + + Funktionalitet för GPO-baserad åtkomststyrning använder +GPO-policyinställningar för att avgöra huruvida en viss användare tillåts +logga in på värden eller inte. För mer information om de stödda +policyinställningarna se flaggan ad_gpo_map. + + + Observera att den aktuella versionen av SSSD inte stöjder Active Directorys +inbyggda grupper. Inbyggda grupper (såsom administratörer med SID +S-1-5-32-544) i GPO-åtkomststyrningsregler kommer ignoreras av SSSD. Se +uppströms ärendehanterare https://github.com/SSSD/sssd/issues/5063 . + + + Före åtkomstkontroll utförs tillämpar SSSD säkerhetsfiltrering enligt +gruppolicy på GPO:erna. För varje enskild användares inloggning kontrolleras +tillämpligheten av GPO:erna som är länkade till värden. För att en GPO skall +vara tillämplig på en användare måste användaren eller åtminstone en av de +grupper den tillhör ha följande rättigheter på GPO:n: + + + + Läs: användaren eller en av dess grupper måste ha läsrättigheter till +egenskaperna hos GPO:n (RIGHT_DS_READ_PROPERTY) + + + + + Verkställ gruppolicy: användaren eller åtminstone en av dess grupper måste +ha tillåtelse att verkställa GPO:n (RIGHT_DS_CONTROL_ACCESS). + + + + + + Som standard fins en autentiserad användares grupp på en GPO och denna grupp +har både Läs- och Verkställ gruppolicy-åtkomsträttigheter. Eftersom +autentisering av en användare måste ha fullgjorts framgångsrikt före +GPO-säkerhetsfiltrering och åtkomstkontroll börjar gäller alltid även den +autentiserade användarens grupprättigheter på GPO:n för användaren. + + + OBS: Om åtgärdsläget är satt till tvingande är det möjligt att användarna +som tidigare var tillåtna inloggningsåtkomst nu kommer nekast +inloggningsåtkomst (som det dikteras av GPO-policyinställningar). För att +möjliggöra en smidig övergång för administratörer finns ett tillåtande läge +tillgängligt som inte kommer genomdriva åtkomststyrningsreglerna, utan +kommer beräkna deom och skriva ut ett syslog-meddelande om åtkomst skulle ha +nekats. Genom att granska loggarna kan administratörer sedan göra de +nödvändiga ändringarna före läget ställs in som tvingande. För att logga +felsökningsnivå av GPO-baserad åtkomstkontroll krävs ”trace functions” (se +manualsidan sssctl +8). + + + Det finns tre stödda värden för detta alternativ: + + + + disabled: GPO-baserade åtkomstkontrollsregler varken evalueras eller +påtvingas. + + + + + enforcing: GPO-baserade åtkomstkontrollregler evalueras och påtvingas. + + + + + permissive: GPO-baserade åtkomstkontrollregler evalueras men påtvingas +inte. Istället skickas ett syslog-meddelande ut som indikerar att +användaren skulle ha nekats åtkomst om detta alternativs värde vore satt +till enforcing. + + + + + + Standard: permissive + + + Standard: enforcing + + + + + + ad_gpo_implicit_deny (boolean) + + + Normalt när inga tillämpliga GPO:er finns tillåts användarna åtkomst. När +detta alternativ är satt till True kommer användare att tillåtas åtkomst +endast när det uttryckligen tillåts av en GPO-regel. Annars kommer +användare nekas åtkomst. Detta kan användas för att stärka säkerheten men +var försiktig när detta alternativ används för det kan neka åtkomst även +till användare i den inbyggda administratörsgruppen om inga GPO-regler är +tillämpliga på dem. + + + + Standard: False + + + + Följande 2 tabeller bör illustrera när en användare tillåts eller nekas +baserat på de tillåtande eller nekande inloggningsrättigheterna definierade +på serversidan och inställningen av ad_gpo_implicit_deny. + + + + + + + + + ad_gpo_implicit_deny = False (standard) + tillåtelsereglernekanderegler + resultat + + + saknassaknas + alla användare tillåts + + saknasfinns + endast användare som inte finns i nekanderegler tillåts + finnssaknas + endast användare i tillåtelseregler tillåts + finnsfinns + endast användare i tillåtelse och inte i nekanderegler tillåts + + + + + + + + + + ad_gpo_implicit_deny = True + tillåtelsereglernekanderegler + resultat + + + saknassaknas + inga användare tillåts + + saknasfinns + inga användare tillåts + + finnssaknas + endast användare i tillåtelseregler tillåts + finnsfinns + endast användare i tillåtelse och inte i nekanderegler tillåts + + + + + + ad_gpo_ignore_unreadable (boolean) + + + Normalt när några gruppolicybehållare (AD-objekt) av några tillämpliga +gruppolicyobjekt inte är läsbara av SSSD så nekas användare åtkomst. Detta +alternativ tillåter att man ignorerar gruppolicybehållare och med dem +tillhörande policyer om deras attribut i gruppolicybehållare inte är läsbara +för SSSD. + + + Standard: False + + + + + + + + ad_gpo_cache_timeout (heltal) + + + Tiden mellan uppslagningar av GPO-policyfiler mot AD-servern. Detta kommer +reducera tidsfördröjningen och lasten på AD-servern om det görs många +begäranden om åtkomstkontroll under en kort tid. + + + Standard: 5 (sekunder) + + + + + + ad_gpo_map_interactive (sträng) + + + En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad +åtkomstkontroll beräknas baserat på policyinställningarna +InteractiveLogonRight och DenyInteractiveLogonRight. Endast de GPO:er +beräknas för vilka användaren har Läs- eller Verkställ +gruppolicy-rättigheter (se flaggan ad_gpo_access_control). Om +en beräknad GPO innehåller inställningen neka interaktiv inloggning för +användaren eller en av dess grupper nekas användaren lokal åtkomst. Om ingen +av de evaluerade GPO:erna har en interaktiv inloggningsrättighet definierad +ges användaren lokal åtkomst. Om åtminstone en beräknad GPO innehåller +inställningen interaktiv inloggningsrättighet ges användaren lokal åtkomst +endast om denne eller åtminstone en av dess grupper är del av den +policyinställningen. + + + Obs: när man använder gruppolicyhanteringsredigeraren kallas detta värde +”Tillåt inloggning lokalt” och ”Neka inloggning lokalt”. + + + Det är möjligt att lägga till ett annat PAM-tjänstenamn till +standarduppsättningen genom att använda +tjänstenamn eller +att uttryckligen ta bort ett PAM-tjänstenamn från standarduppsättningen +genom att använda -tjänstenamn. Till exempel, för att byta +ut ett standard-PAM-tjänstenamn för denna inloggningsrätt +(t.ex. login) mot ett anpassat PAM-tjänstenamn +(t.ex. min_pam-tjänst) skulle man använda följande +konfiguration: +ad_gpo_map_interactive = +min_pam-tjänst, -login + + + + Standard: standarduppsättningen av PAM-tjänstenamn innefattar: + + + + login + + + + + su + + + + + su-l + + + + + gdm-fingerprint + + + + + gdm-password + + + + + gdm-smartcard + + + + + kdm + + + + + lightdm + + + + + lxdm + + + + + sddm + + + + + unity + + + + + xdm + + + + + + + + + ad_gpo_map_remote_interactive (sträng) + + + En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad +åtkomstkontroll beräknas baserat på policyinställningarna +RemoteInteractiveLogonRight och DenyRemoteInteractiveLogonRight. Endast de +GPO:er beräknas för vilka användaren har Läs- eller Verkställ +gruppolicy-rättigheter (se flaggan ad_gpo_access_control). Om +en beräknad GPO innehåller inställningen neka fjärrinloggning för användaren +eller en av dess grupper nekas användaren interaktiv fjärråtkomst. Om ingen +av de evaluerade GPO:erna har en interaktiv inloggningsrättighet definierad +ges användaren interaktiv fjärråtkomst. Om åtminstone en beräknad GPO +innehåller inställningen interaktiv fjärrinloggningsrättighet ges användaren +fjärråtkomst endast om denne eller åtminstone en av dess grupper är del av +den policyinställningen. + + + Obs: när man använder gruppolicyhanteringsredigeraren kallas detta värde +”Tillåt inloggning via fjärrskrivbordstjänster” och ”Neka inloggning via +fjärrinloggningstjänster”. + + + Det är möjligt att lägga till ett annat PAM-tjänstenamn till +standarduppsättningen genom att använda +tjänstenamn eller +att uttryckligen ta bort ett PAM-tjänstenamn från standarduppsättningen +genom att använda -tjänstenamn. Till exempel, för att byta +ut ett standard-PAM-tjänstenamn för denna inloggningsrätt +(t.ex. sshd) mot ett anpassat PAM-tjänstenamn +(t.ex. min_pam-tjänst) skulle man använda följande +konfiguration: +ad_gpo_map_remote_interactive = +min_pam-tjänst, -sshd + + + + Standard: standarduppsättningen av PAM-tjänstenamn innefattar: + + + + sshd + + + + + cockpit + + + + + + + + + ad_gpo_map_network (sträng) + + + En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad +åtkomstkontroll beräknas baserat på policyinställningarna NetworkLogonRight +och DenyNetworkLogonRight. Endast de GPO:er beräknas för vilka användaren +har Läs- eller Verkställ gruppolicy-rättigheter (se flaggan +ad_gpo_access_control). Om en beräknad GPO innehåller +inställningen neka nätverksinloggning för användaren eller en av dess +grupper nekas användaren nätverksåtkomst. Om ingen av de evaluerade GPO:erna +har en nätverksinloggningsrättighet definierad ges användaren +inloggningsåtkomst. Om åtminstone en beräknad GPO innehåller inställningen +nätverksinloggningsrättighet ges användaren inloggningsåtkomst endast om +denne eller åtminstone en av dess grupper är del av den policyinställningen. + + + Obs: när man använder gruppolicyhanteringsredigeraren kallas detta värde +”Kom åt denna dator från nätverket” och ”Neka åtkomst till denna dator från +nätverket”. + + + Det är möjligt att lägga till ett annat PAM-tjänstenamn till +standarduppsättningen genom att använda +tjänstenamn eller +att uttryckligen ta bort ett PAM-tjänstenamn från standarduppsättningen +genom att använda -tjänstenamn. Till exempel, för att byta +ut ett standard-PAM-tjänstenamn för denna inloggningsrätt +(t.ex. ftp) mot ett anpassat PAM-tjänstenamn +(t.ex. min_pam-tjänst) skulle man använda följande +konfiguration: +ad_gpo_map_network = +min_pam-tjänst, -ftp + + + + Standard: standarduppsättningen av PAM-tjänstenamn innefattar: + + + + ftp + + + + + samba + + + + + + + + + ad_gpo_map_batch (sträng) + + + En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad +åtkomstkontroll beräknas baserat på policyinställningarna BatchLogonRight +och DenyBatchLogonRight. Endast de GPO:er beräknas för vilka användaren har +Läs- eller Verkställ gruppolicy-rättigheter (se flaggan +ad_gpo_access_control). Om en beräknad GPO innehåller +inställningen neka satsvis inloggning för användaren eller en av dess +grupper nekas användaren satsvis inloggningsåtkomst. Om ingen av de +evaluerade GPO:erna har en satsvis inloggningsrättighet definierad ges +användaren inloggningsåtkomst. Om åtminstone en beräknad GPO innehåller +inställningen satsvis inloggningsrättighet ges användaren inloggningsåtkomst +endast om denne eller åtminstone en av dess grupper är del av den +policyinställningen. + + + Obs: när man använder gruppolicyhanteringsredigeraren kallas detta värde +”Tillåt inloggning som ett batch-jobb” och ”Neka inloggning som ett +batch-jobb”. + + + Det är möjligt att lägga till ett annat PAM-tjänstenamn till +standarduppsättningen genom att använda +tjänstenamn eller +att uttryckligen ta bort ett PAM-tjänstenamn från standarduppsättningen +genom att använda -tjänstenamn. Till exempel, för att byta +ut ett standard-PAM-tjänstenamn för denna inloggningsrätt +(t.ex. crond) mot ett anpassat PAM-tjänstenamn +(t.ex. min_pam-tjänst) skulle man använda följande +konfiguration: +ad_gpo_map_batch = +min_pam-tjänst, -crond + + + Obs: cron-tjänstenamn kan skilja beroende på vilken Linuxdistribution som +används. + + Standard: standarduppsättningen av PAM-tjänstenamn innefattar: + + + + crond + + + + + + + + + ad_gpo_map_service (sträng) + + + En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad +åtkomstkontroll beräknas baserat på policyinställningarna ServiceLogonRight +och DenyServiceLogonRight. Endast de GPO:er beräknas för vilka användaren +har Läs- eller Verkställ gruppolicy-rättigheter (se flaggan +ad_gpo_access_control). Om en beräknad GPO innehåller +inställningen neka tjänsteinloggning för användaren eller en av dess grupper +nekas användaren tjänsteinloggningsåtkomst. Om ingen av de evaluerade +GPO:erna har en tjänsteinloggningsrättighet definierad ges användaren +inloggningsåtkomst. Om åtminstone en beräknad GPO innehåller inställningen +tjänsteinloggningsrättighet ges användaren inloggningsåtkomst endast om +denne eller åtminstone en av dess grupper är del av den policyinställningen. + + + Obs: när man använder gruppolicyhanteringsredigeraren kallas detta värde +”Tillåt inloggning som en tjänst” och ”Neka inloggning som en tjänst”. + + + Det är möjligt att lägga till ett PAM-tjänstenamn till standarduppsättningen +genom att använda +tjänstenamn. Eftersom +standarduppsättningen är tom är det inte möjligt att ta bort ett +PAM-tjänstenamn från standarduppsättningen. Till exempel, för att lägga +till ett anpassat PAM-tjänstenamn (t.ex. min_pam-tjänst) +skulle man använda följande konfiguration: +ad_gpo_map_service = +min_pam-tjänst + + + + Standard: inte satt + + + + + + ad_gpo_map_permit (sträng) + + + En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad åtkomst +alltid tillåts, oavsett några andra GPO-inloggningsrättigheter. + + + Det är möjligt att lägga till ett annat PAM-tjänstenamn till +standarduppsättningen genom att använda +tjänstenamn eller +att uttryckligen ta bort ett PAM-tjänstenamn från standarduppsättningen +genom att använda -tjänstenamn. Till exempel, för att byta +ut ett standard-PAM-tjänstenamn för ovillkorligt tillåten åtkomst +(t.ex. sudo) mot ett anpassat PAM-tjänstenamn +(t.ex. min_pam-tjänst) skulle man använda följande +konfiguration: +ad_gpo_map_permit = +min_pam-tjänst, -sudo + + + + Standard: standarduppsättningen av PAM-tjänstenamn innefattar: + + + + polkit-1 + + + + + sudo + + + + + sudo-i + + + + + systemd-user + + + + + + + + + ad_gpo_map_deny (sträng) + + + En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad åtkomst +alltid nekas, oavsett några andra GPO-inloggningsrättigheter. + + + Det är möjligt att lägga till ett PAM-tjänstenamn till standarduppsättningen +genom att använda +tjänstenamn. Eftersom +standarduppsättningen är tom är det inte möjligt att ta bort ett +PAM-tjänstenamn från standarduppsättningen. Till exempel, för att lägga +till ett anpassat PAM-tjänstenamn (t.ex. min_pam-tjänst) +skulle man använda följande konfiguration: +ad_gpo_map_deny = +min_pam-tjänst + + + + Standard: inte satt + + + + + + ad_gpo_default_right (sträng) + + + Detta alternativ definierar hur åtkomstkontroll beräknas för PAM-tjänstenamn +som inte är uttryckligen listade i en av alternativen ad_gpo_map_*. Detta +alternativ kan anges på två olika sätt. Antingen kan detta alternativ +sättas till att ange standardinloggningsrättigheter. Till exempel, om detta +alternativ är satt till ”interactive” betyder det att omappade +PAM-tjänstenamn kommer bearbetas baserat på policyinställningarna +InteractiveLogonRight och DenyInteractiveLogonRight. Alternativt kan detta +alternativ sättas till att antingen alltid tillåta eller alltid neka åtkomst +för omappade PAM-tjänstenamn. + + + Värden som stödjs för detta alternativ inkluderar: + + + + interactive + + + + + remote_interactive + + + + + network + + + + + batch + + + + + service + + + + + permit + + + + + deny + + + + + + Standard: deny + + + + + + ad_maximum_machine_account_password_age (heltal) + + + SSSD kommer en gång om dagen kontrollera om maskinkontolösenordet är äldre +än den givna åldern i dagar och försöka förnya det. Ett värde på 0 kommer +förhindra förnyelseförsöket. + + + Standard: 30 dagar + + + + + + ad_machine_account_password_renewal_opts (sträng) + + + Detta alternativ skall endast användas för att testa +maskinkontoförnyelsefunktionen. Alternativet förväntar sig 2 heltal +separerade av ett kolon (”:”). Det första heltalet anger intervallet i +sekunder hur ofta funktionen körs. Det andra anger den initiala tidsgränsen +i sekunder före funktionen körs för första gången efter uppstart. + + + Standard: 86400:750 (24h och 15m) + + + + + + ad_update_samba_machine_account_password (boolean) + + + Om aktiverat kommer lösenordet i Sambas databas också uppdateras när SSSD +förnyar maskinkontolösenordet. Detta förhindrar Sambas exemplar av +maskinkontolösenordet från att bli inaktuellt när det är uppsatt att använda +AD för autentisering. + + + Standard: false + + + + + + ad_use_ldaps (bool) + + + Som standard använder SSSD den enkla LDAP-porten 389 porten 3628 för den +globala katalogen. Om denna flagga är satt till sant kommer SSSD använda +LDAPS-porten 636 och porten 3629 för den globala katalogen med +LDAPS-skydd. Eftersom AD inte tillåter att ha flera krypteringsnivåer på en +ensam förbindelse och vi fortfarande vill använda SASL/GSSAPI eller +SASL/GSS-SPNEGO till autentisering är SASL-säkerhetsegenskapen maxssf satt +till 0 (noll) för dessa förbindelser. + + + Standard: False + + + + + + ad_allow_remote_domain_local_groups (boolean) + + + Om detta alternativ är satt till sant kommer SSSD inte att +filtrera ut domänlokala grupper från fjärrdomäner i AD-skogen. Som standard +filtreras de ut t.ex. när man följer en nästad grupphierarki i fjärrdomäner +för att de inte är giltiga i den lokala domänen. För att vara kompatibel med +andra lösningar som gör AD-användare och -grupper tillgängliga i +Linuxklienter lades detta alternativ till. + + + Observera att sätta detta alternativ till sant kommer strida +mot avsikten med domänlokala grupper i Active Directory och SKALL +ENDAST ANVÄNDAS FÖR ATT MÖJLIGGÖRA MIGRERING FRÅN ANDRA +LÖSNINGAR. Även om grruppen finns och användaren kan vara medlem +av gruppen är avsikten att gruppen endast skall användas i domänen den är +definierad och inte i några andra. Eftersom det endast finns en typ av +POSIX-grupper är det enda sättet att uppnå detta på Linuxsidan att ignorera +dessa grupper. Detta görs också av Active Directory som kan ses i PAC:en i +Kerberosbiljetten för en lokal tjänst sller i tokenGroups-begäranden där +också de domänlokala fjärrgrupperna saknas. + + + Givet ovanstående kommentarer, om detta alternativ är satt till +sant måste tokenGroups-begäranden avaktiveras genom att sätta +ldap_use_tokengroups till falskt för att få +konsistenta gruppmedlemskap för en användare. Dessutom skall uppslagningar i +Global Catalog också hoppas över genom att sätta ad_enable_gc +till falskt. Slutligen kan det vara nödvändigt att ändra +ldap_group_nesting_level om de domänlokala fjärrgurpperna +endast finns med en djupare nästningsnivå. + + + Standard: False + + + + + + dyndns_update (boolean) + + + Valfritt. Detta alternativ säger till SSSD att automatiskt uppdatera +DNS-servern i Active Directory med IP-adressen för denna klient. +Uppdateringen säkras med GSS-TSIG. Som en konsekvens av det behöver Active +Directory-administratören bara tillåta säkra uppdateringar för DNS-zonen. +IP-adressen för AD-LDAP-förbindelsen används för uppdateringar, om det inte +specificeras på annat sätt med alternativet dyndns_iface. + + + OBS: på äldre system (såsom RHEL 5) måste standardriket för Kerberos sättas +i /etc/krb5.conf för att detta beteende skall fungera pålitligt + + + Standard: true + + + + + + dyndns_ttl (heltal) + + + TTL:en att använda för klientens DNS-post vid uppdatering. Om dyndns_update +är falsk har detta ingen effekt. Detta kommer åsidosätta TTL på serversidan +om det är satt av en administratör. + + + Standard: 3600 (sekunder) + + + + + + dyndns_iface (sträng) + + + Valfri. Endast tillämpligt när dyndns_update är sann. Välj gränssnittet +eller en lista av gränssnitt vars IP-adresser skall användas för dynamiska +DNS-uppdateringar. Specialvärdet * betyder att IP:n från +alla gränssnitt skall användas. + + + Standard: använd IP-adresser för gränssnittet som används för AD +LDAP-förbindelsen + + + Exempel: dyndns_iface = em1, vnet1, vnet2 + + + + + + dyndns_refresh_interval (heltal) + + + Hur ofta bakänden skall utföra periodiska DNS-uppdateringar utöver den +automatiska uppdateringen som utförs när bakänden kopplar upp. Detta +alternativ är valfritt och tillämpligt endast när dyndns_update är sann. +Observera att det lägsta möjliga värdet är 60 sekunder, ifall ett värde +mindre än 60 ges kommer parametern endast anta det lägsta värdet. + + + Standard: 86400 (24 timmar) + + + + + + dyndns_update_ptr (bool) + + + Huruvida PTR-posten också skall uppdateras explicit när klientens DNS-post +uppdateras. Tillämpligt endast när dyndns_update är sann. + + + Note that dyndns_update_per_family parameter does not +apply for PTR record updates. Those updates are always sent separately. + + + Standard: True + + + + + + dyndns_force_tcp (bool) + + + Huruvida nsupdate-verktyget som standard skall använda TCP för kommunikation +med DNS-servern. + + + Standard: False (låt nsupdate välja protokollet) + + + + + + dyndns_auth (sträng) + + + Huruvida verktyget nsupdate skall använda GSS-TSIG-autentisering för säkra +uppdateringar av DNS-servern, osäkra uppdateringar kan skickas genom att +sätta detta alternativ till ”none”. + + + Standard: GSS-TSIG + + + + + + dyndns_auth_ptr (sträng) + + + Huruvida verktyget nsupdate skall använda GSS-TSIG-autentisering för säkra +PTR-uppdateringar av DNS-servern, osäkra uppdateringar kan skickas genom att +sätta detta alternativ till ”none”. + + + Standard: samma som dyndns_auth + + + + + + dyndns_server (sträng) + + + DNS-servern som skall användas när en uppdatering av DNS utförs. I de +flesta uppsättningar rekommenderas det att låta detta alternativ vara osatt. + + + Att sätta detta alternativ är meningsfullt i miljöer där DNS-servern är +skild från identitetsservern. + + + Observera att detta alternativ bara kommer användas i försök att falla +tillbaka på när tidigare försök som använder automatiskt upptäckta +inställningar misslyckas. + + + Standard: Ingen (låt nsupdate välja servern) + + + + + + dyndns_update_per_family (boolean) + + + DNS-uppdateringar utförs som standard i två steg – IPv4-uppdatering och +sedan IPv6-uppdatering. I några fall kan det vara önskvärt att utföra IPv4- +och IPv6-uppdateringar i ett enda steg. + + + Standard: true + + + + + + + + + krb5_confd_path (sträng) + + + Absolut sökväg till en katalog där SSSD skall placera konfigurationsstycken +för Kerberos. + + + För att förhindra att konfigurationsstycken skapas, sätt parametern till +”none”. + + + Standard: inte satt (underkatalogen krb5.include.d till SSSD:s +pubconf-katalog) + + + + + + + + + + + + + + + + + EXEMPEL + + Följande exempel antar att SSSD är korrekt konfigurerat och att example.com +är en av domänerna i avsnittet [sssd]. Detta +exempel visar endast alternativ som är specifika för leverantören AD. + + + +[domain/EXEMPEL] +id_provider = ad +auth_provider = ad +access_provider = ad +chpass_provider = ad + +ad_server = dc1.example.com +ad_hostname = client.example.com +ad_domain = example.com + + + + + + NOTER + + Leverantören AD av åtkomstkontroll kontrollerar om kontot har gått ut. Det +har samma effekt som följande konfiguration av LDAP-leverantören: + +access_provider = ldap +ldap_access_order = expire +ldap_account_expire_policy = ad + + + + Dock, om inte åtkomstleverantören ad är konfigurerad explicit +är standardåtkomstleverantören permit. Observera att om man +konfigurerar en annan åtkomstleverantör än ad behöver man +sätta alla anslutningsparametrarna (såsom LDAP URI:er och +krypteringsdetaljer) manuellt. + + + När autofs-leverantören är satt till ad används +översättningen av schemaattribut enligt RFC2307 (nisMap, nisObject, …), för +att dessa attribut inkluderas i standardschemat för Active Directory. + + + + + + + + + diff --git a/src/man/sv/sssd-files.5.xml b/src/man/sv/sssd-files.5.xml new file mode 100644 index 0000000..c690768 --- /dev/null +++ b/src/man/sv/sssd-files.5.xml @@ -0,0 +1,156 @@ + + + +SSSD manualsidor + + + + + sssd-files + 5 + Filformat och konventioner + + + + sssd-files + SSSD:s filleverantör + + + + BESKRIVNING + + Denna manualsida beskriver filleverantören till +sssd 8 +. För en detaljerad referens om syntaxen, se avsnittet +FILFORMAT i manualsidan +sssd.conf 5 +. + + + Filleverantören speglar innehållet i filerna +passwd 5 + och group +5 . Syftet med filleverantören är att +göra användarna och grupperna som traditionellt bara är tillgängliga via +NSS-gränssnitt även tillgängliga via SSSD-gränssnitten såsom +sssd-ifp 5 +. + + + Ett annat skäl är att tillhandahålla effektiv cachning av lokala användare +och grupper. + + + Please note that besides explicit domain definition the files provider can +be configured also implicitly using 'enable_files_domain' option. See + sssd.conf +5 for details. + + + SSSD hanterar aldrig uppslagning av användaren/gruppen ”root”. +Uppslagningen av AID/GID 0 hanteras inte heller av SSSD. Sådana begäranden +skickas till nästa NSS-modul (vanligen filer). + + + När SSSD inte kör eller svarar returnerar nss_sss koden UNAVAIL som får +begäran att skickas vidare till nästa modul. + + + + + KONFIGURATIONSALTERNATIV + + Utöver de alternativ som räknas upp nedan kan generella SSSD-domänalternativ +sättas där de är tillämpliga. Se DOMÄNSEKTIONER i +manualsidan sssd.conf +5 för detaljer om konfigurationen av +en SSSD-domän. Men syftet med leverantören files är att exponera samma data +som UNIX-filerna, bara via gränssnitten för SSSD. Därför stödjs inte alla +generella domänalternativ. På samma sätt har några globala alternativ, +såsom att åsidosätta skalet i avsnittet nss för alla domäner +ingen effekt på domänen files om det inte anges uttryckligen per domän. + + + passwd_files (sträng) + + + Kommaseparerad lista av ett eller flera namn på lösenordsfiler att läsa och +räkna upp av filleverantören, inotify-övervakningsvakter kommer att sättas +på varje fil för att upptäcka ändringar dynamiskt. + + + Standard: /etc/passwd + + + + + + group_files (sträng) + + + Kommaseparerad lista av ett eller flera namn på gruppfiler att läsa och +räkna upp av filleverantören, inotify-övervakningsvakter kommer att sättas +på varje fil för att upptäcka ändringar dynamiskt. + + + Standard: /etc/group + + + + + + fallback_to_nss (boolean) + + + Under uppdatering av interna data kommer SSSD att returnera ett fel och låta +klienten fortsätta med nästa NSS-modul. Detta hjälper till att undvika +fördröjningar vid användning systemet standardfiler +/etc/passwd och /etc/group och när +NSS-konfigurationen har ”sss” före ”files” för avbildningarna ”passwd” och +”group”. + + + Om filleverantören är konfigurerad att övervaka andra filer är det vettigt +att sätta detta alternativ till ”False” för att undvika inkonsistent +beteende eftersom det i allmänhet inte skulle finnas någon annan NSS-modul +som kan användas att falla tillbaka på. + + + Standard: True + + + + + + + + + + EXEMPEL + + Följande exempel antar att SSSD är korrekt konfigurerat och att files är en +av domänerna i avsnittet [sssd]. + + + +[domain/files] +id_provider = files + + + + För att dra nytta av SSSD:s cachning av lokala användare och grupper måste +modulen nss_sss listas före modulen nss_files i /etc/nsswitch.conf. + + + +passwd: sss files +group: sss files + + + + + + + + diff --git a/src/man/sv/sssd-ifp.5.xml b/src/man/sv/sssd-ifp.5.xml new file mode 100644 index 0000000..dfdafce --- /dev/null +++ b/src/man/sv/sssd-ifp.5.xml @@ -0,0 +1,151 @@ + + + +SSSD manualsidor + + + + + sssd-ifp + 5 + Filformat och konventioner + + + + sssd-ifp + SSSD InfoPipe-respondent + + + + BESKRIVNING + + Denna manualsida beskriver konfigurationen av InfoPipe-respondenten till + sssd 8 +. För en detaljerad referens om syntaxen, se avsnittet +FILFORMAT i manualsidan +sssd.conf 5 +. + + + InfoPipe-respondenten tillhandahåller ett publikt D-Bus-gränssnitt åtkomligt +över systembussen. Gränssnittet låter användaren att fråga efter +information om fjärranvändare och -grupper över systembussen. + + + + HITTA MED GILTIGT CERTIFIKAT + + Följande alternativ kan användas för att styra hur certifikat valideras när +API:et FindByValidCertificate() används: + + ca_db + p11_child_timeout + certificate_verification + + För fler detaljer om alternativet, se +sssd.conf +5. + + + + + + KONFIGURATIONSALTERNATIV + + Dessa alternativ kan användas för att konfigurera InfoPipe-respondenten. + + + + allowed_uids (sträng) + + + Anger den kommaseparerade listan av AID-värden eller användarnamn som +tillåts använda InfoPipe-respondenten. Användarnamn slås upp till AID:er +vid uppstart. + + + Standard: 0 (endast root-användaren tillåts komma åt InfoPipe-respondenten) + + + Observera att även om AID 0 används som standard kommer det att skrivas över +av detta alternativ. Om du fortfarande vill tillåta root-användaren att +komma åt InfoPipe-respondenten, vilket man typiskt vill, måste du lägga till +även 0 i listan av tillåtna AID:er. + + + + + + user_attributes (sträng) + + + Anger den kommaseparerade listan över vit- eller svartlistade attribut. + + + Som standard tillåter bara InfoPipe-respondenten att standarduppsättningen +av POSIX-attribut begärs. Denna uppsättning är densamma som returneras av + getpwnam +3 och inkluderar: + + name + användarens inloggningsnamn + + + uidNumber + användar-ID + + + gidNumber + primär grupps ID + + + gecos + användarinformation, normalt fullständigt namn + + + homeDirectory + hemkatalog + + + loginShell + användarens skal + + + + + Det är möjligt att lägga till ett annat attribut till denna uppsättning +genom att använda +attrnamn eller uttryckligen ta bort ett +attribut genom att använda -attrnamn. Till exempel, för att +tillåta telephoneNumber men neka loginShell +skulle man använda följande konfiguration: +user_attributes = +telephoneNumber, -loginShell + + + + Standard: inte satt. Endast standarduppsättningen av POSIX-attribut är +tillåtna. + + + + + + wildcard_limit (heltal) + + + Anger en övre gräns på antalet poster som hämtas under en uppslagning med +jokertecken som åsidosätter gränsen anroparen tillhandahåller. + + + Standard: 0 (låt anroparen sätta en övre gräns) + + + + + + + + + + + diff --git a/src/man/sv/sssd-ipa.5.xml b/src/man/sv/sssd-ipa.5.xml new file mode 100644 index 0000000..3163110 --- /dev/null +++ b/src/man/sv/sssd-ipa.5.xml @@ -0,0 +1,860 @@ + + + +SSSD manualsidor + + + + + sssd-ipa + 5 + Filformat och konventioner + + + + sssd-ipa + SSSD IPA-leverantör + + + + BESKRIVNING + + Denna manualsida beskriver konfigurationen av leverantören IPA till + sssd 8 +. För en detaljerad referens om syntaxen, se avsnittet +FILFORMAT i manualsidan +sssd.conf 5 +. + + + IPA-leverantören är en bakände som används för att ansluta till en +IPA-server. (Se webbsidan freeipa.org för information om IPA-servrar.) +Leverantören förutsätter att maskinen är inlagt i IPA-domänen; +konfigurationen är nästan helt självupptäckande och hämtas direkt från +servern. + + + IPA-leverantören gör att SSSD kan använda identitetsleverantören + sssd-ldap +5 och autentiseringsleverantören + sssd-krb5 +5 med optimeringar för IPA-miljöer. +IPA-leverantören tar samma alternativ som används av leverantörerna +sssd-ldap och sssd-krb5 med några undantag. Dock är det varken nödvändigt +eller lämpligt att sätta dessa alternativ. + + + IPA-leverantören kopierar i huvudsak standardalternativen för de +traditionella leverantörerna ldap och krb5 med några undantag. Skillnaderna +listas i avsnittet ÄNDRADE STANDARDINSTÄLLNINGAR. + + + As an access provider, the IPA provider has a minimal configuration (see +ipa_access_order) as it mainly uses HBAC (host-based access +control) rules. Please refer to freeipa.org for more information about HBAC. + + + Om auth_provider=ipa eller access_provider=ipa +konfigureras i sssd.conf måste id-leverantören också sättas till +ipa. + + + IPA-leverantörer kommer använda PAC-respondenten om Kerberos-biljetter för +användare för betrodda riken innehåller en PAC. För att göra +konfigurationen enklare startas PAC-respondenten automatiskt om +ID-leverantören IPA är konfigurerad. + + + + + KONFIGURATIONSALTERNATIV + Se DOMÄNSEKTIONER i manualsidan +sssd.conf 5 + för detaljer om konfigurationen av en SSSD-domän. + + + ipa_domain (sträng) + + + Anger namnet på IPA-domänen. Detta är frivilligt. Om det inte anges +används namnet på den konfigurerade domänen. + + + + + + ipa_server, ipa_backup_server (sträng) + + + Den kommaseparerade listan av IP-adresser eller värdnamn till IPA-servrar +till vilka SSSD skall ansluta i prioritetsordning. För mer information om +reserver och serverredundans se avsnittet RESERVER. Detta är +frivilligt om automatupptäckt är aktiverat. För mer information om +tjänsteupptäckt, se avsnittet TJÄNSTEUPPTÄCKT. + + + + + + ipa_hostname (sträng) + + + Valfri. Kan sättas på maskiner där hostname(5) inte avspeglar det +fullständigt kvalificerade namnet som används i IPA-domänen för att +identifiera denna värd. Värdnamnet måste vara fullständigt kvalificerat. + + + + + + dyndns_update (boolean) + + + Valfritt. Detta alternativ säger till SSSD att automatiskt uppdatera +DNS-servern som är inbyggd i FreeIPA med IP-adressen för denna klient. +Uppdateringen säkras med GSS-TSIG. IP-adressen för IPA-LDAP-förbindelsen +används för uppdateringar, om det inte specificeras på annat sätt med +alternativet dyndns_iface. + + + OBS: på äldre system (såsom RHEL 5) måste standardriket för Kerberos sättas +i /etc/krb5.conf för att detta beteende skall fungera pålitligt + + + OBS: även om det fortfarande är möjligt att använda det gamla alternativet +ipa_dyndns_update bör användare migrera till att +använda dyndns_update i sin konfigurationsfil. + + + Standard: false + + + + + + dyndns_ttl (heltal) + + + TTL:en att använda för klientens DNS-post vid uppdatering. Om dyndns_update +är falsk har detta ingen effekt. Detta kommer åsidosätta TTL på serversidan +om det är satt av en administratör. + + + OBS: även om det fortfarande är möjligt att använda det gamla alternativet +ipa_dyndns_ttl bör användare migrera till att använda +dyndns_ttl i sin konfigurationsfil. + + + Standard: 1200 (sekunder) + + + + + + dyndns_iface (sträng) + + + Valfri. Endast tillämpligt när dyndns_update är sann. Välj gränssnittet +eller en lista av gränssnitt vars IP-adresser skall användas för dynamiska +DNS-uppdateringar. Specialvärdet * betyder att IP:n från +alla gränssnitt skall användas. + + + OBS: även om det fortfarande är möjligt att använda det gamla alternativet +ipa_dyndns_iface bör användare migrera till att använda +dyndns_iface i sin konfigurationsfil. + + + Standard: använd IP-adresser för gränssnittet som används för IPA +LDAP-förbindelsen + + + Exempel: dyndns_iface = em1, vnet1, vnet2 + + + + + + dyndns_auth (sträng) + + + Huruvida verktyget nsupdate skall använda GSS-TSIG-autentisering för säkra +uppdateringar av DNS-servern, osäkra uppdateringar kan skickas genom att +sätta detta alternativ till ”none”. + + + Standard: GSS-TSIG + + + + + + dyndns_auth_ptr (sträng) + + + Huruvida verktyget nsupdate skall använda GSS-TSIG-autentisering för säkra +PTR-uppdateringar av DNS-servern, osäkra uppdateringar kan skickas genom att +sätta detta alternativ till ”none”. + + + Standard: samma som dyndns_auth + + + + + + ipa_enable_dns_sites (boolean) + + + Aktiverar DNS-sajter – platsbaserat tjänsteupptäckt. + + + Om sant och tjänsteupptäckt (se stycket Tjänsteupptäckt i slutet av +manualsidan) är aktiverat kommer SSSD först att försöka med platsbaserad +upptäckt med en fråga som innehåller ”_location.hostname.example.com” och +sedan falla tillbaka på traditionell SRV-upptäckt. Om platsbaserad upptäckt +lyckas betraktas IPA-servrarna som lokaliserats med platsbaserad upptäckt +som primära servrar och IPA-servrarna som hittas med den traditionella +SRV-upptäckten används som backup-servrar + + + Standard: false + + + + + + dyndns_refresh_interval (heltal) + + + Hur ofta bakänden skall utföra periodiska DNS-uppdateringar utöver den +automatiska uppdateringen som utförs när bakänden kopplar upp. Detta +alternativ är valfritt och tillämpligt endast när dyndns_update är sann. + + + Standard: 0 (avaktiverat) + + + + + + dyndns_update_ptr (bool) + + + Huruvida PTR-posten också skall uppdateras explicit när klientens DNS-post +uppdateras. Tillämpligt endast när dyndns_update är sann. + + + Detta alternativ är False i de flesta IPA-installationer eftersom +IPA-servern genererar PTR-posterna automatiskt när framåtposterna ändras. + + + Note that dyndns_update_per_family parameter does not +apply for PTR record updates. Those updates are always sent separately. + + + Standard: False (avaktiverat) + + + + + + dyndns_force_tcp (bool) + + + Huruvida nsupdate-verktyget som standard skall använda TCP för kommunikation +med DNS-servern. + + + Standard: False (låt nsupdate välja protokollet) + + + + + + dyndns_server (sträng) + + + DNS-servern som skall användas när en uppdatering av DNS utförs. I de +flesta uppsättningar rekommenderas det att låta detta alternativ vara osatt. + + + Att sätta detta alternativ är meningsfullt i miljöer där DNS-servern är +skild från identitetsservern. + + + Observera att detta alternativ bara kommer användas i försök att falla +tillbaka på när tidigare försök som använder automatiskt upptäckta +inställningar misslyckas. + + + Standard: Ingen (låt nsupdate välja servern) + + + + + + dyndns_update_per_family (boolean) + + + DNS-uppdateringar utförs som standard i två steg – IPv4-uppdatering och +sedan IPv6-uppdatering. I några fall kan det vara önskvärt att utföra IPv4- +och IPv6-uppdateringar i ett enda steg. + + + Standard: true + + + + + + ipa_access_order (string) + + + Kommaseparerad lista över åtkomststyrningsalternativ. Tillåtna värden är: + + + expire: use IPA's account expiration policy. + + + pwd_expire_policy_reject, pwd_expire_policy_warn, +pwd_expire_policy_renew: Dessa alternativ är användbara om +användare vill bli varnade att lösenordet är på gång att gå ut och +autentisering är baserat på användning av en annan metod än lösenord – till +exempel SSH-nycklar. + + + The difference between these options is the action taken if user password is +expired: + + + + pwd_expire_policy_reject - user is denied to log in, + + + + + pwd_expire_policy_warn - user is still able to log in, + + + + + pwd_expire_policy_renew - user is prompted to change their password +immediately. + + + + + + Please note that 'access_provider = ipa' must be set for this feature to +work. + + + + + + ipa_deskprofile_search_base (sträng) + + + Frivillig. Använd den givna strängen som sökbas för +skrivbordsprofilrelaterade objekt. + + + Standard: använd bas-DN + + + + + + ipa_subid_ranges_search_base (sträng) + + + Frivillig. Använd den givna strängen som sökbas för +underordningsintervallsrelaterade objekt. + + + Standard: värdet på cn=subids,%basedn + + + + + + ipa_hbac_search_base (sträng) + + + Frivillig. Använd den givna strängen som sökbas för HBAC-relaterade objekt. + + + Standard: använd bas-DN + + + + + + ipa_host_search_base (sträng) + + + Undanbedes. Använd ldap_host_search_base istället. + + + + + + ipa_selinux_search_base (sträng) + + + Frivillig. Använd den givna strängen som en sökbas för +SELinux-användaröversättningar. + + + Se ldap_search_base för information om konfiguration av +multipla sökbaser. + + + Standard: värdet på ldap_search_base + + + + + + ipa_subdomains_search_base (sträng) + + + Frivillig. Använd den givna strängen som en sökbas för betrodda domäner. + + + Se ldap_search_base för information om konfiguration av +multipla sökbaser. + + + Standard: värdet på cn=trusts,%basedn + + + + + + ipa_master_domain_search_base (sträng) + + + Frivillig. Använd den givna strängen som en sökbas för huvuddomänobjekt. + + + Se ldap_search_base för information om konfiguration av +multipla sökbaser. + + + Standard: värdet av cn=ad,cn=etc,%basedn + + + + + + ipa_views_search_base (sträng) + + + Frivillig. Använd den givna strängen som en sökbas för vybehållare. + + + Se ldap_search_base för information om konfiguration av +multipla sökbaser. + + + Standard: värdet av cn=views,cn=accounts,%basedn + + + + + + krb5_realm (sträng) + + + Namnet på Kerberos-riket. Detta är frivilligt och som standard blir det +värdet av ipa_domain. + + + Namnet på Kerberos-riket har en speciell betydelse i IPA – det konverteras +till bas-DN:en för att användas när LDAP-operationer utförs. + + + + + + krb5_confd_path (sträng) + + + Absolut sökväg till en katalog där SSSD skall placera konfigurationsstycken +för Kerberos. + + + För att förhindra att konfigurationsstycken skapas, sätt parametern till +”none”. + + + Standard: inte satt (underkatalogen krb5.include.d till SSSD:s +pubconf-katalog) + + + + + + ipa_deskprofile_refresh (heltal) + + + Tiden mellan uppslagningar av skrivbordsprofilsregler mot IPA-servern. +Detta kommer reducera tidsfördröjningen och lasten på IPA-servern om det +görs många begäranden om skrivbordsprofiler under en kort tid. + + + Standard: 5 (sekunder) + + + + + + ipa_deskprofile_request_interval (heltal) + + + Tiden mellan uppslagningar av skrivbordsprofilsregler mot IPA-servern ifall +den senaste förfrågan inte returnerade någon regel. + + + Standard: 60 (minuter) + + + + + + ipa_hbac_refresh (heltal) + + + Tiden mellan uppslagningar av HBAC-regler mot IPA-servern. Detta kommer +reducera tidsfördröjningen och lasten på IPA-servern om det görs många +begäranden om åtkomstkontroll under en kort tid. + + + Standard: 5 (sekunder) + + + + + + ipa_hbac_selinux (heltal) + + + Tiden mellan uppslagningar av SELinux-översättningar mot IPA-servern. Detta +kommer reducera tidsfördröjningen och lasten på IPA-servern om det görs +många begäranden om användarinloggningar under en kort tid. + + + Standard: 5 (sekunder) + + + + + + ipa_server_mode (boolean) + + + Detta alternativ sätts automatiskt av IPA-installeraren (ipa-server-install) +och markerar om SSSD kör på en IPA-server eller inte. + + + På en IPA-server kommer SSSD slå upp användare och grupper från betrodda +domäner direkt medan på en klient kommer den att fråga en IPA-server. + + + OBS: det finns för närvarande några antaganden som måste uppfyllas när SSSD +kör på en IPA-server. + + + + Alternativet ipa_server måste konfigureras till att peka på +själva IPA-servern. Detta är redan standardvärdet som sätts av +IPA-installeraren, så det behövs inga manuella ändringar. + + + + + Alternativet full_name_format får inte ändras till att bara +skriva korta namn på användare från betrodda domäner. + + + + + + Standard: false + + + + + + ipa_automount_location (sträng) + + + Automonteringsplatsen denna IPA-klient kommer använda + + + Standard: platsen som heter ”default” + + + + + + + + VYER OCH ÅSIDOSÄTTANDEN + + SSSD kan hantera vyer och åsidosättanden som erbjuds av FreeIPA 4.1 och +senare versioner. Eftersom alla sökvägar och objektklasser är fasta på +serversidan finns det egentligen inget behov av att konfigurera något. För +fullständighets skull är de tillhörande alternativen listade här med sina +standardvärden. + + ipa_view_class (sträng) + + + Objektklass för vybehållaren. + + + Standard: nsContainer + + + + + + ipa_view_name (sträng) + + + Namn på attributet som har namnet på vyn. + + + Standard: cn + + + + + + ipa_override_object_class (sträng) + + + Objektklass för åsidosättande objekt. + + + Standard: ipaOverrideAnchor + + + + + + ipa_anchor_uuid (sträng) + + + Namn på attributet som innehåller referensen till originalobjektet i en +fjärrdomän. + + + Standard: ipaAnchorUUID + + + + + + ipa_user_override_object_class (sträng) + + + Namn på objektklassen för användaråsidosättanden. Det används för att +avgöra om det funna åsidosättande objektet är relaterat till en användare +eller en grupp. + + + Användaråsidosättanden kan innehålla attribut givna av + + + ldap_user_name + + + ldap_user_uid_number + + + ldap_user_gid_number + + + ldap_user_gecos + + + ldap_user_home_directory + + + ldap_user_shell + + + ldap_user_ssh_public_key + + + + + Standard: ipaUserOverride + + + + + + ipa_group_override_object_class (sträng) + + + Namn på objektklassen för gruppåsidosättanden. Det används för att avgöra +om det funna åsidosättandeobjektet är relaterat till en användare eller en +grupp. + + + Gruppåsidosättanden kan innehålla attribut givna av + + + ldap_group_name + + + ldap_group_gid_number + + + + + Standard: ipaGroupOverride + + + + + + + + + + + + UNDERDOMÄNSLEVERANTÖR + + IPA-underdomänsleverantören beter sig något annorlunda om den konfigureras +explicit eller implicit. + + + Om alternativet ”subdomains_provider = ipa” finns i domänavsnittet i +sssd.conf konfigureras IPA-underdomänsleverantören explicit, och alla +begäranden av underdomäner skickas till IPA-servern om nödvändigt. + + + Om alternativet ”subdomains_provider” inte är satt i domänavsnittet av +sssd.conf men alternativet ”id_provider = ipa” finns konfigureras +IPA-underdomänsleverantören implicit. I det fallet, om en +underdomänsbegäran misslyckas och indikerar att servern inte stödjer +underdomäner, d.v.s. den är inte konfigurerad för förtroenden, avaktiveras +IPA-underdomänsleverantören. Efter en timma eller efter att +IPA-leverantören blir uppkopplad aktiveras underdomänsleverantören igen. + + + + + KONFIGURATION AV BETRODDA DOMÄNER + + Några konfigurationflaggor kan även sättas för betrodda domäner. En betrodd +domämns konfiguration kan sättas med den betrodda domänens undersektion som +visas i exemplet nedan. Alternativt kan flaggan +subdomain_inherit användas i föräldradomänen. +[domain/ipa.domain.com/ad.domain.com] +ad_server = dc.ad.domain.com + + + + För fler detaljer, se manualsidan +sssd.conf 5 +. + + + Olika konfigurationsalternativ kan ställas in för en betrodd domän beroende +på huruvida man konfigurerar SSSD på en IPA-server eller en IPA-klient. + + + ALTERNATIV ATT STÄLLA IN PÅ IPA-MASTRAR + + Följande alternativ kan sättas i ett underdomänsavsnitt på en IPA-master: + + + ad_server + + + ad_backup_server + + + ad_site + + + ldap_search_base + + + ldap_user_search_base + + + ldap_group_search_base + + + use_fully_qualified_names + + + + + + ALTERNATIV ATT STÄLLA IN PÅ IPA-KLIENTER + + Följande alternativ kan sättas i ett underdomänsavsnitt på en IPA-klient: + + + ad_server + + + ad_site + + + + + Observera att om båda alternativen sätts evalueras endast +ad_server. + + + Eftersom alla begäranden om en användar- eller en gruppidentitet från en +betrodd domän startad från en IPA-klient löses upp av IPA-servern, påverkar +alternativen ad_server och ad_site bara vilken +AD DC autentiseringen kommer utföras emot. I synnerhet kommer adresserna +som löses upp från dessa listor att skrivas till +kdcinfo-filer som läses av +Kerberos-lokaliseringsinsticksmodulen. För fler detaljer om +Kerberos-lokaliseringsinsticksmodulen hänvisas till manualsidan + sssd_krb5_locator_plugin +8 . + + + + + + + + + + EXEMPEL + + Följande exempel antar att SSSD är korrekt konfigurerat och att example.com +är en av domänerna i avsnittet [sssd]. Dessa +exempel visar endast alternativ som är specifika för leverantören ipa. + + + +[domain/example.com] +id_provider = ipa +ipa_server = ipaserver.example.com +ipa_hostname = minvärd.example.com + + + + + + + + diff --git a/src/man/sv/sssd-kcm.8.xml b/src/man/sv/sssd-kcm.8.xml new file mode 100644 index 0000000..362b8ee --- /dev/null +++ b/src/man/sv/sssd-kcm.8.xml @@ -0,0 +1,290 @@ + + + +SSSD manualsidor + + + + + sssd-kcm + 8 + Filformat och konventioner + + + + sssd-kcm + SSSD Kerberos cache-hanterare + + + + BESKRIVNING + + Denna manualsida beskriver konfigurationen av SSSD:s Kerberos +cache-hanterare (KCM). KCM är en process som lagrar, spårar och hanterar +Kerberoskreditiv-cachar. Det kommer från projektet Heimdal Kerberos, fast +biblioteket MIT Kerberos tillhandahåller även stöd för klientsidan (mer +detaljer om det nedan) av KCM-kreditiv-cachen. + + + I en uppsättning där Kerberos cachar hanteras av KCM är Kerberosbiblioteket +(typiskt använt via ett program, som t.ex., +kinit1 +, en ”KCM-klient" och KCMdemonen refereras +till som en ”KCM-server". Klienten och servern kommunicerar +via ett UNIX-uttag. + + + KCM-servern håller reda på ägaren till varje kreditiv-cache och utför +åtkomstkontroller baserat på AID:t och GID:t på KCM-klienten. +Root-användaren har åtkomst till alla kreditiv-cachar. + + + KCM-kreditiv-cachen har flera intressanta egenskaper: + + + + eftersom processen kör i användarrymden är den föremål för AID-namnrymder, +till skillnad mot kärnans nyckelring + + + + + till skillnad mot kärnans nyckelringsbaserade cache, som delas mellan alla +behållare, är KCM-servern en separat process vars ingångspunkt är ett +UNIX-uttag + + + + + SSSD-implementationen sparar ccache:rna i en databas, vanligen placerad i +/var/lib/sss/secrets, vilket gör att ccache:rna +kan överleva att KCM-servern eller hela maskinen startas om. + + + + Detta gör att systemet kan använda en samlingsmedveten kreditiv-cache, och +ändå dela kreditivcachen mellan några eller inga behållare genom +bindmontering av uttaget. + + + KCM-standardklientens tidsgräns för inaktivitet är 5 minuter, detta ger mer +tid för användarinteraktion med kommandoradsverktyg såsom kinit. + + + + + ATT ANVÄNDA KCM-KREDITIV-CACHEN + + För att använda KCM-kreditiv-cachen måste den väljas som +standardkreditivtypen i +krb5.conf5 +. Kreditiv-cachens namn skall bara vara KCM: +utan några mallexpansioner. Till exempel: +[libdefaults] + default_ccache_name = KCM: + + + + Se därefter till att Kerberos-klientbiblioteken och KCM-servern är överens +om sökvägen till UNIX-uttaget. Som standard använder båda samma sökväg +/var/run/.heim_org.h5l.kcm-socket. För att +konfigurera Kerberos-biblioteket, ändra dess alternativ +kcm_socket som beskrivs i manualsidan +krb5.conf5 +. + + + Se slutligen till att SSSD KCM-servern kan kontaktas. KCM-tjänsten är +normalt uttagsaktiverad av +systemd 1 +. Till skillnad mot andra SSSD-tjänster kan den inte startas +genom att lägga till strängen kcm till direktivet +service. +systemctl start sssd-kcm.socket +systemctl enable sssd-kcm.socket + +Observera att din distribution kanske redan konfigurerar enheterna åt dig. + + + + + KREDITIV-CACHE-LAGRINGEN + + Kreditiv-cachen lagras i en databas, snarlikt hur SSSD cachar användar- +eller grupposter. Databasen finns normalt i +/var/lib/sss/secrets. + + + + + ATT FÅ TAG I FELSÖKNINGSLOGGAR + + Tjänsten sssd-kcm är normalt uttagsaktiverad av +systemd 1 +. För att skapa felsökningsloggar, lägg till följande +antingen direkt till filen /etc/sssd/sssd.conf eller +som en konfigurationssnutt till katalogen +/etc/sssd/conf.d/: +[kcm] +debug_level = 10 + Starta sedan om tjänsten sssd-kcm: +systemctl restart sssd-kcm.service + Kör slutligen det användningsfall som inte +fungerar. KCM-loggarna kommer skapas i +/var/log/sssd/sssd_kcm.log. Det rekommenderas att +avaktivera felsökningsloggarna när man inte längre behöver informationen +aktiverad eftersom tjänsten sssd-kcm kan skapa en ganska stor mängd +felsökningsinformation. + + + Observera att konfigurationssnuttar för närvarande endast behandlas om +huvudkonfigurationsfilen på /etc/sssd/sssd.conf över +huvud taget finns. + + + + + FÖRNYELSER + + Tjänsten sssd-kcm kan konfigureras till att försöka göra TGT-förnyelser med +förnybara TGT:er lagrade i KCM-ccachen. Förnyelseförsök görs bara när halva +biljettens livstid har uppnåtts. KCM-förnyelser konfigureras när följande +alternativ sätts i sektionen [kcm]: +tgt_renewal = true +krb5_renew_interval = 60m + + + + SSSD kan även ärva krb5-alternativ för förnyelser från en befintlig domän. + + +tgt_renewal = true +tgt_renewal_inherit = domännamn + + + Följande krb5-alternativ kan konfigureras i sektionen [kcm] för att styra +förnyelsebeteendet, dessa alternativ beskrivs i detalj nedan +krb5_renew_interval +krb5_renewable_lifetime +krb5_lifetime +krb5_validate +krb5_canonicalize +krb5_auth_timeout + + + + + + KONFIGURATIONSALTERNATIV + + Tjänsten KCM är konfigurerad i sektionen kcm av filen +sssd.conf. Observera att eftersom tjänsten KCM typiskt är uttagsaktiverad är +det tillräckligt att bara starta om tjänsten sssd-kcm efter +att ha ändrat flaggorna i sektionen kcm av sssd.conf: + +systemctl restart sssd-kcm.service + + + + Tjänsten KCM konfigureras i kcm För en detaljeras +syntaxreferens, se avsnittet FILFORMAT i manualsidan + sssd.conf +5 . + + + De allmänna alternativen för tjänsten SSSD såsom debug_level +eller fd_limit accepteras av tjänsten kcm. Se manualsidan + sssd.conf +5 för en fullständig lista. Dessutom +finns det några KCM-specifika alternativ också. + + + + socket_path (sträng) + + + Uttaget tjänsten KCM kommer lyssna på. + + + Standard: /var/run/.heim_org.h5l.kcm-socket + + + Observera: på plattformar där systemd +stödjs skrivs uttagssökvägen över av den som definieras i enhetsfilen +sssd-kcm.socket. + + + + + max_ccaches (heltal) + + + Hur många kreditivcacher KCM-databasen tillåter för alla användare. + + + Standard: 0 (obegränsad, endast kvot per AID upprätthålls) + + + + + max_uid_ccaches (heltal) + + + Hur många kreditiv-cachningar KCM-databasen tillåter per AID. Detta är +ekvivalent med med hur många huvudmän man kan kinit:a. + + + Standard: 64 + + + + + max_ccache_size (heltal) + + + Hor stor kan en kreditivcach vara per ccache. Varje tjänsteärende räknas in +i denna kvot. + + + Standard: 65536 + + + + + tgt_renewal (bool) + + + Aktiverar TGT-förnyelsefunktionalitet. + + + Standard: False (Automatiska förnyelser avaktiverade) + + + + + tgt_renewal_inherit (sträng) + + + Domän att ärva krb5_*-alternativ ifrån, att användas med TGT-förnyelser. + + + Standard: NULL + + + + + + + + + SE ÄVEN + + sssd8 +, +sssd.conf5 +, + + + + diff --git a/src/man/sv/sssd-krb5.5.xml b/src/man/sv/sssd-krb5.5.xml new file mode 100644 index 0000000..fbd3a4f --- /dev/null +++ b/src/man/sv/sssd-krb5.5.xml @@ -0,0 +1,446 @@ + + + +SSSD manualsidor + + + + + sssd-krb5 + 5 + Filformat och konventioner + + + + sssd-krb5 + SSSD:s Kerberos-leverantör + + + + BESKRIVNING + + Denna manualsida beskriver konfigurationen av bakänden för Kerberos +5-autentisering för sssd +8 . För en detaljerad syntaxreferens, +se avsnittet FILFORMAT i manualsidan +sssd.conf 5 +. + + + Kerberos 5-autentiseringsbakänden innehåller auth- och chpass-leverantörer. +Den måste paras ihop med en identitetsleverantör för att fungera korrekt +(till exempel, id_provider = ldap). En del information krävs av Kerberos +5-autentiseringsbakänden måste tillhandahållas av identitetsleverantören, +såsom användarens Kerberos huvudmannanamn (UPN). Konfigurationen av +identitetsleverantören skall ha en post för att ange UPN:en. Se manualsidan +för den tillämpliga identitetsleverantören för detaljer om hur man +konfigurerar detta. + + + Denna bakände tillhandahåller även åtkomstkontroll baserad på filen .k5login +i användarens hemkatalog Se +k5login5 + för mer detaljer. Observera att en tom .k5login-fil kommer +neka all åtkomst till denna användare. För att aktivera denna funktion, +använd ”access_provider = krb5” i din SSSD-konfiguration. + + + I situationer där UPN:en inte är tillgänglig i identitetsbakänden kommer +sssd konstruera en UPN genom att använda formatet +username@krb5_realm. + + + + + + KONFIGURATIONSALTERNATIV + + Om autentiseringsmodulen krb5 används i en SSSD-domän måste följande +alternativ användas. Se manualsidan +sssd.conf 5 +, avsnittet DOMÄNSEKTIONER för detaljer om +konfigurationen av en SSSD-domän. + + krb5_server, krb5_backup_server (sträng) + + + Anger en kommaseparerad lista av IP-adresser eller värdnamn till +Kerberosservrar till vilka SSSD skall ansluta, i prioritetsordning. För mer +information om reserver och serverredundans se avsnittet +RESERVER. Ett frivilligt portnummer (föregånget av ett +kolon) kan läggas till till adresserna eller värdnamnen. Om tomt aktiveras +tjänsteupptäckt; för mer information, se avsnittet +TJÄNSTEUPPTÄCKT. + + + När tjänsteupptäckt används för KDC eller kpasswd-servrar söker SSSD först +efter DNS-poster som anger _udp som protokoll och provar sedan _tcp om inget +hittas. + + + Detta alternativ hade namnet krb5_kdcip i tidigare utgåvor av +SSSD. Medan det äldre namnet känns igen tills vidare rekommenderas användare +att migrera sina konfigurationsfiler till att använda +krb5_server istället. + + + + + + krb5_realm (sträng) + + + Namnet på Kerberos-riket. Detta alternativ är nödvändigt och måste anges. + + + + + + krb5_kpasswd, krb5_backup_kpasswd (sträng) + + + Om tjänsten för att ändra lösenord inte kör på KDC:n kan alternativa servrar +definieras här. Ett frivilligt portnummer (föregått av ett kolon) kan +läggas till efter adresser eller värdnamn. + + + För mer information om reserver och serverredundans se avsnittet +RESERVER. OBSERVERA: även om det inte finns några fler +kpasswd-servrar att försöka med byter inte bakänden till att köra +frånkopplat om autentisering mot KDC:n fortfarande är möjligt. + + + Standard: använd KDC:n + + + + + + krb5_ccachedir (sträng) + + + Katalog att lagra kreditiv-cachar i. Alla substitutionssekvenserna i +krb5_ccname_template kan användas här också, utom %d och %P. Katalogen +skapas som privat och ägd av användaren, med rättigheterna satta till 0700. + + + Standard: /tmp + + + + + + krb5_ccname_template (sträng) + + + Platsen för användarens kreditiv-cache. Tre typer av kreditiv-cachar stödjs +för närvarande: FILE, DIR och +KEYRING:persistent. Cachen kan anges antingen som +TYP:ÅTERSTOD, eller som en absolut sökväg, vilket +implicerar typen FILE. I mallen ersätts följande sekvenser: + + + %u + inloggningsnamn + + + %U + inloggnings-AID + + + %p + huvudmannanamn + + + + %r + namn på rike + + + %h + hemkatalog + + + + %d + värdet på krb5_ccachedir + + + + + %P + process-ID:t på SSSD-klienten + + + + %% + ett bokstavligt ”%” + + + Om mallen slutar med ”XXXXXX” +används mkstemp(3) för att skapa ett unikt filnamn på ett säkert sätt. + + + När KEYRING-typer används är den enda mekanismen som stödjs +KEYRING:persistent:%U, vilket använder Linuxkärnans +nyckelring för att lagra kreditiv på per-AID-bas. Detta är också det +rekommenderade valet, eftersom det är den säkraste och mest förutsägbara +metoden. + + + Standardvärdet för namnet på kreditiv-cachen läses från profilen som fil +sparad i den systemtäckande konfigurationsfilen krb5.conf i avsnittet +[libdefaults]. Alternativnamnet är default_ccache_name. Se krb5.conf(5)s +avsnitt PARAMETEREXPANSION för mer information om expansionsformatet som +definieras av krb5.conf. + + + OBSERVERA: var medveten om att ccache-expansionsmallen för libkrb5 från + krb5.conf +5 använder andra expansionssekvenser +än SSSD. + + + Standard: (från libkrb5) + + + + + + krb5_keytab (sträng) + + + Platsen där keytab:en som skall användas för validering av kreditiv som tas +emot från KDC:er finns. + + + Standard: Systemets keytab, normalt /etc/krb5.keytab + + + + + + krb5_store_password_if_offline (boolean) + + + Spara lösenordet för användaren om leverantören är frånkopplad och använd +det för att begära en TGT när leverantören blir uppkopplad igen. + + + OBS: denna funktion är endast tillgänglig på Linux. Lösenord som lagras på +detta sätt hålls i klartext i kärnans nyckelring och är potentiellt +åtkomliga för root-användaren (med svårighet). + + + Standard: false + + + + + + krb5_use_fast (sträng) + + + Aktiverar flexibel autentisering via säker tunnling (flexible authentication +secure tunneling, FAST) för Kerberos förautentisering. Följande alternativ +stödjs: + + + never använd aldrig FAST. Detta är ekvivalent med att +inte ställa in detta alternativ alls. + + + try försök använda FAST. Om servern inte stödjer FAST, +fortsätt då autentiseringen utan den. + + + demand kräv användning av FAST. Autentiseringen +misslyckas om servern inte begär fast. + + + Standard: inte satt, d.v.s. FAST används inte. + + + OBSERVERA: en keytab eller stöd för anonym PKINIT krävs för att använda +FAST. + + + OBSERVERA: SSSD stödjer endast FAST med MIT Kerberos version 1.8 och +senare. Om SSSD används med en äldre version av MIT Kerberos är det ett +konfigurationsfel att använda detta alternativ. + + + + + + krb5_fast_principal (sträng) + + + Anger serverhuvudmannen att använda för FAST. + + + + + + krb5_fast_use_anonymous_pkinit (boolean) + + + Om satt till sant, försök använda anonym PKINIT istället för en keytab för +att få de begärda kreditiven för FAST. Alternativet krb5_fast_prinicpal +ignoreras i detta fall. + + + Standard: false + + + + + + krb5_use_kdcinfo (boolean) + + + Anger om SSSD skall instruera Kerberos-biblioteken om vilket rike och vilka +KDC:er som skall användas. Detta alternativ är på som standard, om du +avaktiverar det behöver du konfigurera Kerberos-biblioteket i +konfigurationsfilen krb5.conf +5 . + + + Se manualsidan +sssd_krb5_locator_plugin +8 för mer information om +lokaliseringsinsticksmodulen. + + + Standard: true + + + + + + krb5_kdcinfo_lookahead (sträng) + + + När krb5_use_kdcinfo är satt till true kan man begränsa mängden servrar som +skickas till +sssd_krb5_locator_plugin +8 . Detta kan vara användbart när det +finns för många servrar som upptäcks med hjälp av SRV-poster. + + + Alternativet krb5_kdcinfo_lookahead innehåller två tal separerade av ett +kolon. Det första talet representerar antalet primärservrar som används och +det andra talet anger antalet reservservrar. + + + Till exempel betyder 10:0 att upp till 10 primärservrar +kommer lämnas till +sssd_krb5_locator_plugin +8 men inga reservservrar. + + + Standard: 3:1 + + + + + + krb5_use_enterprise_principal (boolean) + + + Anger om användarens huvudman skall behandlas som företagshuvudman. Se +avsnitt 5 i RFC 6806 för mer detaljer om företagshuvudmän. + + + + Standard: false (AD-leverantör: true) + + + IPA-leverantören kommer sätta detta alternativ till ”true” om den upptäcker +att servern klarar av att hantera företagshuvudmän och alternativet inte är +uttryckligen satt i konfigurationsfilen. + + + + + + krb5_use_subdomain_realm (boolean) + + + Anger att använda underdomänriken för autentiseringen av användare från +betrodda domäner. Detta alternativ kan sättas till ”sant” om +företagshuvudmän används med upnSuffixes vilka inte är kända av +föräldradomänens KDC:er. Om alternativet sätts till ”sant” kommer SSSD +försöka skicka begäran direkt till en KDC för den betrodda domänen +användaren kommer ifrån. + + + + Standard: false + + + + + + krb5_map_user (sträng) + + + Listan av mappningar anges som en kommaseparerad lista av par +användarnamn:primär där användarnamn är ett +UNIX-användarnamn och primär är en användardel av en +kerberoshuvudman. Denna mappning används när användaren autentiserar med +auth_provider = krb5. + + + + exempel: +krb5_realm = RIKE +krb5_map_user = maria:manvnd,hasse:hans + + + + maria och hasse är UNIX-användarnamn och +manvnd och hans är primärer i +kerberoshuvudmän. För användaren maria resp. +hasse kommer SSSD försöka att göra kinit som +manvnd@RIKE resp. hans@RIKE. + + + + Standard: inte satt + + + + + + + + + + + + + + + EXEMPEL + + Följande exempel antar att SSSD är korrekt konfigurerad och att APA är en av +domänerna i avsnittet [sssd]. Detta exempel +visar endast konfigurationen av Kerberosautentisering; det inkluderar inte +någon identitetsleverantör. + + + +[domain/APA] +auth_provider = krb5 +krb5_server = 192.168.1.1 +krb5_realm = EXAMPLE.COM + + + + + + + + diff --git a/src/man/sv/sssd-ldap-attributes.5.xml b/src/man/sv/sssd-ldap-attributes.5.xml new file mode 100644 index 0000000..fe7d77e --- /dev/null +++ b/src/man/sv/sssd-ldap-attributes.5.xml @@ -0,0 +1,1179 @@ + + + +SSSD manualsidor + + + + + sssd-ldap-attributes + 5 + Filformat och konventioner + + + + sssd-ldap-attributes + SSSD LDAP-leverantör: Avbildningsattribut + + + + BESKRIVNING + + Denna manualsida beskriver avbildningsattributen till SSSD LDAP-leverantören + sssd-ldap +5 . Se manualsidan +sssd-ldap 5 + för fullständiga detaljer om SSSD LDAP-leverantörens +konfigurationsflaggor. + + + + + ANVÄNDARATTRIBUT + + + + ldap_user_object_class (sträng) + + + Objektklassen hos en användarpost i LDAP. + + + Standard: posixAccount + + + + + + ldap_user_name (sträng) + + + LDAP-attributet som motsvarar användarens inloggningsnamn. + + + Standard: uid (rfc2307, rfc2307bis och IPA), sAMAccountName (AD) + + + + + + ldap_user_uid_number (sträng) + + + LDAP-attributet som motsvarar användarens id. + + + Standard: uidNumber + + + + + + ldap_user_gid_number (sträng) + + + LDAP-attributet som motsvarar användarens primära grupp-id. + + + Standard: gidNumber + + + + + + ldap_user_primary_group (sträng) + + + Active Directorys primära gruppattribut för ID-mappning. Observera att +detta attribut skall bara sättas manuellt om du kör +ldap-leverantören med ID-mappning. + + + Standard: ej satt (LDAP), primaryGroupID (AD) + + + + + + ldap_user_gecos (sträng) + + + LDAP-attributet som motsvarar användarens gecos-fält. + + + Standard: gecos + + + + + + ldap_user_home_directory (sträng) + + + LDAP-attributet som innehåller namnet på användarens hemkatalog. + + + Standard: homeDirectory (LDAP och IPA), unixHomeDirectory (AD) + + + + + + ldap_user_shell (sträng) + + + LDAP-attributet som innehåller sökvägen till användarens standardskal. + + + Standard: loginShell + + + + + + ldap_user_uuid (sträng) + + + LDAP-attributet som innehåller UUID/GUID för ett LDAP-användarobjekt. + + + Standard: inte satt i det allmänna fallet, objectGUID för AD och ipaUniqueID +för IPA + + + + + + ldap_user_objectsid (sträng) + + + LDAP-attributet som innehåller objectSID för ett LDAP-användarobjekt. Detta +är normalt bara nödvändigt för Active Directory-servrar. + + + Standard: objectSid för Active Directory, inte satt för andra servrar. + + + + + + ldap_user_modify_timestamp (sträng) + + + LDAP-attributet som innehåller tidsstämpeln för den senaste ändringen av +föräldraobjektet. + + + Standard: modifyTimestamp + + + + + + ldap_user_shadow_last_change (sträng) + + + När ldap_pwd_policy=shadow används innehåller denna parameter namnet på ett +LDAP-attribut som utgör dess motsvarighet i +shadow 5 + (tidpunkt för senaste lösenordsändring). + + + Standard: shadowLastChange + + + + + + ldap_user_shadow_min (sträng) + + + När ldap_pwd_policy=shadow används innehåller denna parameter namnet på ett +LDAP-attribut som utgör dess motsvarighet i +shadow 5 + (minsta lösenordsålder). + + + Standard: shadowMin + + + + + + ldap_user_shadow_max (sträng) + + + När ldap_pwd_policy=shadow används innehåller denna parameter namnet på ett +LDAP-attribut som utgör dess motsvarighet i +shadow 5 + (största lösenordsålder). + + + Standard: shadowMax + + + + + + ldap_user_shadow_warning (sträng) + + + När ldap_pwd_policy=shadow används innehåller denna parameter namnet på ett +LDAP-attribut som utgör dess motsvarighet i +shadow 5 + (varningsperiod för lösenord). + + + Standard: shadowWarning + + + + + + ldap_user_shadow_inactive (sträng) + + + När ldap_pwd_policy=shadow används innehåller denna parameter namnet på ett +LDAP-attribut som utgör dess motsvarighet i +shadow 5 + (inaktivitetsperiod för lösenord). + + + Standard: shadowInactive + + + + + + ldap_user_shadow_expire (sträng) + + + När ldap_pwd_policy=shadow används innehåller denna parameter namnet på ett +LDAP-attribut som utgör dess motsvarighet i +shadow 5 + (tid då kontot går ut). + + + Standard: shadowExpire + + + + + + ldap_user_krb_last_pwd_change (sträng) + + + När ldap_pwd_policy=mit_kerberos används innehåller denna parameter namnet +på ett LDAP-attribut som lagrar dag och tid för senaste lösenordsändring i +kerberos. + + + Standard: krbLastPwdChange + + + + + + ldap_user_krb_password_expiration (sträng) + + + När ldap_pwd_policy=mit_kerberos används innehåller denna parameter namnet +på ett LDAP-attribut som lagrar dag och tid när det nuvarande lösenordet går +ut. + + + Standard: krbPasswordExpiration + + + + + + ldap_user_ad_account_expires (sträng) + + + När ldap_account_expire_policy=ad används innehåller denna parameter namnet +på ett LDAP-attribut som lagrar tidpunkten när kontot går ut. + + + Standard: accountExpires + + + + + + ldap_user_ad_user_account_control (sträng) + + + När ldap_account_expire_policy=ad används innehåller denna parameter namnet +på ett LDAP-attribut som lagrar användarkontots styrbitfält. + + + Standard: userAccountControl + + + + + + ldap_ns_account_lock (sträng) + + + När ldap_account_expire_policy=rhds eller likvärdigt används avgör denna +parameter om åtkomst skall tillåtas eller inte. + + + Standard: nsAccountLock + + + + + + ldap_user_nds_login_disabled (sträng) + + + När ldap_account_expire_policy=nds används avgör detta attribut om åtkomst +skall tillåtas eller inte. + + + Standard: loginDisabled + + + + + + ldap_user_nds_login_expiration_time (sträng) + + + När ldap_account_expire_policy=nds används avgör detta attribut till vilket +datum åtkomst tillåts. + + + Standard: loginDisabled + + + + + + ldap_user_nds_login_allowed_time_map (sträng) + + + När ldap_account_expire_policy=nds används avgör detta attribut vilka timmar +på dagen i en vecka åtkomst tillåts. + + + Standard: loginAllowedTimeMap + + + + + + ldap_user_principal (sträng) + + + LDAP-attributet som innehåller användarens användarhuvudmansnamn i Kerberos +(UPN). + + + Standard: krbPrincipalName + + + + + + ldap_user_extra_attrs (sträng) + + + Kommaseparerad lista av LDAP-attribut som SSSD skall hämta tillsammans med +den vanliga uppsättningen av användarattribut. + + + Listan kan antingen innehålla endast LDAP-attributnamn, eller +kolonseparerade tupler av SSSD-cacheattribut och LDAP-attributnamn. Ifall +endast LDAP-attributnamn anges sparas attributet i cachen ordagrant. Att +använda ett anpassat SSSD-attributnamn kan vara nödvändigt i miljöer som +konfigurerar flera SSSD-domäner med olika LDAP-scheman. + + + Observera att flera attributnamn är reserverade av SSSD, speciellt +attributet name. SSSD rapporterar ett fel om något av de +reserverade attributnamnen används som ett extra attributnamn. + + + Exempel: + + + ldap_user_extra_attrs = telephoneNumber + + + Spara attributet telephoneNumber från LDAP som +telephoneNumber i cachen. + + + ldap_user_extra_attrs = phone:telephoneNumber + + + Spara attributet telephoneNumber från LDAP som +phone i cachen. + + + Standard: inte satt + + + + + + ldap_user_ssh_public_key (sträng) + + + LDAP-attributet som innehåller användarens publika SSH-nycklar. + + + Standard: sshPublicKey + + + + + + ldap_user_fullname (sträng) + + + LDAP-attributet som motsvarar användarens fullständiga namn. + + + Standard: cn + + + + + + ldap_user_member_of (sträng) + + + LDAP-attributet som räknar upp användarens gruppmedlemskap. + + + Standard: memberOf + + + + + + ldap_user_authorized_service (sträng) + + + Om access_provider=ldap och ldap_access_order=authorized_service kommer SSSD +använda förekomsten av attributet authorizedService i användarens LDAP-post +för att avgöra åtkomstprivilegier. + + + Ett explicit nekande (!svc) avgörs först. Därefter söker SSSD efter +explicit tillåtelse (svc) och slutligen efter allow_all (*). + + + Observera att konfigurationsalternativet ldap_access_order +måste innehålla authorized_service för +att alternativet ldap_user_authorized_service skall fungera. + + + Några distributioner (såsom Fedora-29+ eller RHEL-8) inkluderar alltid +PAM-tjänsten systemd-user som en del av +inloggningsprocessen. Därför kan när tjänstebaserad åtkomstkontroll används +tjänsten systemd-user behöva läggas till till listan av +tillåtna tjänster. + + + Standard: authorizedService + + + + + + ldap_user_authorized_host (sträng) + + + Om access_provider=ldap och ldap_access_order=host kommer SSSD använda +förekomsten av attributet host i användarens LDAP-post för att avgöra +åtkomstprivilegier. + + + Ett explicit nekande (!host) avgörs först. Därefter söker SSSD efter +explicit tillåtelse (host) och slutligen efter allow_all (*). + + + Observera att konfigurationsalternativet ldap_access_order +måste innehålla host för att +alternativet ldap_user_authorized_host skall fungera. + + + Standard: host + + + + + + ldap_user_authorized_rhost (sträng) + + + Om access_provider=ldap och ldap_access_order=rhost kommer SSSD använda +förekomsten av attributet rhost i användarens LDAP-post för att avgöra +åtkomstprivilegier. Liknande värdverifieringsprocessen. + + + Ett explicit nekande (!rhost) avgörs först. Därefter söker SSSD efter +explicit tillåtelse (rhost) och slutligen efter allow_all (*). + + + Observera att konfigurationsalternativet ldap_access_order +måste innehålla rhost för att +alternativet ldap_user_authorized_rhost skall fungera. + + + Standard: rhost + + + + + + ldap_user_certificate (sträng) + + + Namnet på LDAP-attributet som innehåller användarens X509-certifikat. + + + Standard: userCertificate;binary + + + + + + ldap_user_email (sträng) + + + Namnet på LDAP-attributet som innehåller användarens e-postadress. + + + Observera: om en e-postadress för användaren står i konflikt med en +e-postadress eller fullt kvalificerat namn för en annan användare, då kommer +SSSD inte kunna serva dessa användare ordentligt. Om flera användare av +något skäl behöver dela samma e-postadress, sätt då detta attributnamn till +ett som inte finns för att avaktivera uppslagning/inloggning av användare +via e-post. + + + Standard: mail + + + + + ldap_user_passkey (string) + + + Name of the LDAP attribute containing the passkey mapping data of the user. + + + Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD) + + + + + + + + + GRUPPATTRIBUT + + + + ldap_group_object_class (sträng) + + + Objektklassen hos en gruppost i LDAP. + + + Standard: posixGroup + + + + + + ldap_group_name (sträng) + + + The LDAP attribute that corresponds to the group name. In an environment +with nested groups, this value must be an LDAP attribute which has a unique +name for every group. This requirement includes non-POSIX groups in the tree +of nested groups. + + + Standard: cn (rfc2307, rfc2307bis och IPA), sAMAccountName (AD) + + + + + + ldap_group_gid_number (sträng) + + + LDAP-attributet som motsvarar gruppens id. + + + Standard: gidNumber + + + + + + ldap_group_member (sträng) + + + LDAP-attributet som innehåller namnen på gruppens medlemmar. + + + Standard: memberuid (rfc2307) / member (rfc2307bis) + + + + + + ldap_group_uuid (sträng) + + + LDAP-attributet som innehåller UUID/GUID för ett LDAP-gruppobjekt. + + + Standard: inte satt i det allmänna fallet, objectGUID för AD och ipaUniqueID +för IPA + + + + + + ldap_group_objectsid (sträng) + + + LDAP-attributet som innehåller objectSID för ett LDAP-gruppobjekt. Detta är +normalt bara nödvändigt för Active Directory-servrar. + + + Standard: objectSid för Active Directory, inte satt för andra servrar. + + + + + + ldap_group_modify_timestamp (sträng) + + + LDAP-attributet som innehåller tidsstämpeln för den senaste ändringen av +föräldraobjektet. + + + Standard: modifyTimestamp + + + + + + ldap_group_type (sträng) + + + LDAP-attributet som innehåller ett heltalsvärde som indikerar grupptypen och +kanske andra flaggor. + + + Detta attribut används för närvarande bara av AD-leverantören för att avgöra +om en grupp är en domänlokal grupp och behöver filtreras bort för betrodda +domäner. + + + Standard: groupType i AD-leverantören, inte satt annars + + + + + + ldap_group_external_member (sträng) + + + LDAP-attributet som refererar gruppmedlemmar som är definierade i en extern +domän. För närvarande stödjs endast IPA:s externa medlemmar. + + + Standard: ipaExternalMember i IPA-leverantören, inte satt annars. + + + + + + + + + NÄTGRUPPSATTRIBUT + + + + ldap_netgroup_object_class (sträng) + + + Objektklassen hos en nätgruppspost i LDAP. + + + I IPA-leverantören skall ipa_netgroup_object_class användas istället. + + + Standard: nisNetgroup + + + + + + ldap_netgroup_name (sträng) + + + LDAP-attributet som motsvarar nätgruppnamnet. + + + I IPA-leverantören skall ipa_netgroup_name användas istället. + + + Standard: cn + + + + + + ldap_netgroup_member (sträng) + + + LDAP-attributet som innehåller namnen på nätgruppens medlemmar. + + + I IPA-leverantören skall ipa_netgroup_member användas istället. + + + Standard: memberNisNetgroup + + + + + + ldap_netgroup_triple (sträng) + + + LDAP-attributet som innehåller nätgrupptrippeln (värd, användare, domän). + + + Detta alternativ är inte tillgängligt i IPA-leverantören. + + + Standard: nisNetgroupTriple + + + + + + ldap_netgroup_modify_timestamp (sträng) + + + LDAP-attributet som innehåller tidsstämpeln för den senaste ändringen av +föräldraobjektet. + + + Detta alternativ är inte tillgängligt i IPA-leverantören. + + + Standard: modifyTimestamp + + + + + + + + + VÄRDATTRIBUT + + + + ldap_host_object_class (sträng) + + + Objektklassen hos en värdpost i LDAP. + + + Standard: ipService + + + + + + ldap_host_name (sträng) + + + LDAP-attributet som motsvarar värdens namn. + + + Standard: cn + + + + + + ldap_host_fqdn (sträng) + + + LDAP-attributet som motsvarar värdens fullständigt kvalificerade domännamn. + + + Standard: fqdn + + + + + + ldap_host_serverhostname (sträng) + + + LDAP-attributet som motsvarar värdens namn. + + + Standard: serverHostname + + + + + + ldap_host_member_of (sträng) + + + LDAP-attributet som räknar upp värdens gruppmedlemskap. + + + Standard: memberOf + + + + + + ldap_host_ssh_public_key (sträng) + + + LDAP-attributet som innehåller värdens publika SSH-nycklar. + + + Standard: sshPublicKey + + + + + + ldap_host_uuid (sträng) + + + LDAP-attributet som innehåller UUID/GUID för ett LDAP-värdobjekt. + + + Standard: inte satt + + + + + + + + + TJÄNSTEATTRIBUT + + + + ldap_service_object_class (sträng) + + + Objektklassen hos en servicepost i LDAP. + + + Standard: ipService + + + + + + ldap_service_name (sträng) + + + LDAP-attributet som innehåller namnet på tjänsteattribut och deras alias. + + + Standard: cn + + + + + + ldap_service_port (sträng) + + + LDAP-attributet som innehåller porten som hanteras av denna tjänst. + + + Standard: ipServicePort + + + + + + ldap_service_proto (sträng) + + + LDAP-attributet som innehåller protokollen som denna tjänst förstår. + + + Standard: ipServiceProtocol + + + + + + + + + SUDO-ATTRIBUT + + + + ldap_sudorule_object_class (sträng) + + + Objektklassen hos en sudo-regelpost i LDAP. + + + Standard: sudoRole + + + + + + ldap_sudorule_name (sträng) + + + LDAP-attributet som motsvarar sudo-regelnamnet. + + + Standard: cn + + + + + + ldap_sudorule_command (sträng) + + + LDAP-attributet som motsvarar kommandonamnet. + + + Standard: sudoCommand + + + + + + ldap_sudorule_host (sträng) + + + LDAP-attributet som motsvarar värdnamnet (eller värdens IP-adress, värdens +IP-nätverk eller värdens nätgrupp) + + + Standard: sudoHost + + + + + + ldap_sudorule_user (sträng) + + + LDAP-attributet som motsvarar användarnamnet (eller AID, gruppnamnet eller +användarens nätgrupp) + + + Standard: sudoUser + + + + + + ldap_sudorule_option (sträng) + + + LDAP-attributet som motsvarar sudo-alternativen. + + + Standard: sudoOption + + + + + + ldap_sudorule_runasuser (sträng) + + + LDAP-attributet som motsvarar användarnamnet som kommandon får köras som. + + + Standard: sudoRunAsUser + + + + + + ldap_sudorule_runasgroup (sträng) + + + LDAP-attributet som motsvarar gruppnamnet eller grupp-GID:t som kommandon +får köras som. + + + Standard: sudoRunAsGroup + + + + + + ldap_sudorule_notbefore (sträng) + + + LDAP-attributet som motsvarar startdagen/-tiden då sudo-regeln är giltig. + + + Standard: sudoNotBefore + + + + + + ldap_sudorule_notafter (sträng) + + + LDAP-attributet som motsvarar utgångsdagen/-tiden då sudo-regeln inte längre +är giltig. + + + Standard: sudoNotAfter + + + + + + ldap_sudorule_order (sträng) + + + LDAP-attributet som motsvarar ordningsindexet för regeln. + + + Standard: sudoOrder + + + + + + + + + AUTOFS-ATTRIBUT + + + + + + + IP-VÄRDATTRIBUT + + + + ldap_iphost_object_class (sträng) + + + Objektklassen för en iphost-post i LDAP. + + + Standard: ipHost + + + + + + ldap_iphost_name (sträng) + + + LDAP-attributet som innehåller namnet på IP-värdattributen och deras alias. + + + Standard: cn + + + + + + ldap_iphost_number (sträng) + + + LDAP-attributet som innehåller IP-värdadressen. + + + Standard: ipHostNumber + + + + + + + + + IP-NÄTVERKSATTRIBUT + + + + ldap_ipnetwork_object_class (sträng) + + + Objektklassen för en ipnetwork-post i LDAP. + + + Standard: ipNetwork + + + + + + ldap_ipnetwork_name (sträng) + + + LDAP-attributet som innehåller namnet på IP-nätverksattributen och deras +alias. + + + Standard: cn + + + + + + ldap_ipnetwork_number (sträng) + + + LDAP-attributet som innehåller IP-nätverksadressen. + + + Standard: ipNetworkNumber + + + + + + + + + + + diff --git a/src/man/sv/sssd-ldap.5.xml b/src/man/sv/sssd-ldap.5.xml new file mode 100644 index 0000000..c545327 --- /dev/null +++ b/src/man/sv/sssd-ldap.5.xml @@ -0,0 +1,1748 @@ + + + +SSSD manualsidor + + + + + sssd-ldap + 5 + Filformat och konventioner + + + + sssd-ldap + SSSD LDAP-leverantör + + + + BESKRIVNING + + Denna manualsida beskriver konfigurationen av LDAP-domäner för + sssd 8 +. Se avsnittet FILFORMAT av manualsidan + sssd.conf +5 för detaljerad syntaxinformation. + + Du kan konfigurera SSSD för att använda mer än en LDAP-domän. + + + LDAP back end supports id, auth, access and chpass providers. If you want to +authenticate against an LDAP server either TLS/SSL or LDAPS is +required. sssd does not support +authentication over an unencrypted channel. Even if the LDAP server is used +only as an identity provider, an encrypted channel is strongly +recommended. Please refer to ldap_access_filter config option +for more information about using LDAP as an access provider. + + + + + KONFIGURATIONSALTERNATIV + + Alla de vanliga konfigurationsflaggorna som gäller för SSSD-domäner gäller +även för LDAP-domäner. Se avsnittet DOMÄNSEKTIONER i +manualsidan sssd.conf +5 för fullständiga +detaljer. Observera att SSSD LDAP-avbildningsattribut beskrivs i manualsidan + sssd-ldap-attributes +5 . + + ldap_uri, ldap_backup_uri (sträng) + + + Anger en kommaseparerad lista av URI:er till LDAP-servrar till vilka SSSD +skall ansluta i prioritetsordning. Se avsnittet RESERVER för +mer information om reserver och serverredundans. Om ingendera alternativ är +angivet kommer tjänsteupptäckt användas. För mer information, se avsnittet +TJÄNSTEUPPTÄCKT. + + + Formatet på URI:n måste stämma med formatet som definieras i RFC 2732: + + + ldap[s]://<värd>[:port] + + + För explicita IPv6-adresser måste <host> vara omslutet av +hakparenteser [] + + + exempel: ldap://[fc00::126:25]:389 + + + + + + ldap_chpass_uri, ldap_chpass_backup_uri (sträng) + + + Anger en kommaseparerad lista av URI:er till LDAP-servrar till vilka SSSD +skall ansluta i prioritetsordning för att ändra lösenordet för en +användare. Se avsnittet RESERVER för mer information om +reserver och serverredundans. + + + För att aktivera tjänsteuppslagning måste ldap_chpass_dns_service_name vara +satt. + + + Standard: tomt, d.v.s. ldap_uri används. + + + + + + ldap_search_base (sträng) + + + Standard bas-DN att använda för att utföra LDAP-användaroperationer. + + + Med början med SSSD 1.7.0 stödjer SSSD flera sökbaser genom att använda +syntaxen: + + + sökbas[?räckvidd?[filter][?sökbas?räckvidd?[filter]]*] + + + Räckvidden kan vara en av ”base”, ”onelevel” eller ”subtree”. + + + Filtret måste vara ett korrekt LDAP-sökfilter som specificerat i +http://www.ietf.org/rfc/rfc2254.txt + + + Exempel: + + + ldap_search_base = dc=example,dc=com (vilket är ekvivalent med) +ldap_search_base = dc=example,dc=com?subtree? + + + ldap_search_base = +cn=host_specific,dc=example,dc=com?subtree?(host=thishost)?dc=example.com?subtree? + + + Observera: det stödjs inte att ha flera sökbaser som refererar identiskt +namngivna objekt (till exempel, grupper med samma namn i två olika +sökbaser). Detta kommer medföra oförutsägbart beteende på klientmaskinerna. + + + Standard: om inte satt används värdet från attributet defaultNamingContext +eller namingContexts från RootDSE:n hos LDAP-servern. Om +defaultNamingContext inte finns eller har ett tomt värde används +namingContexts. Attributet namingContexts måste ha ett ensamt värde med +DN:n hos sökbasen hos LDAP-servern för att detta skall fungera. Flera +värden stödjs inte. + + + + + + ldap_schema (sträng) + + + Anger schematypen som används på mål-LDAP-servern. Beroende på det valda +schemat kan standardattributnamnen som hämtas från servrarna variera. +Sättet som en del attribut hanteras kan också skilja. + + + Fyra schematyper stödjs för närvarande: + + + + rfc2307 + + + + + rfc2307bis + + + + + IPA + + + + + AD + + + + + + Den huvudsakliga skillnaden mellan dessa schematyper är hur gruppmedlemskap +lagras i servern. Med rfc2307 listas gruppmedlemskap med namn i attributet +memberUid. Med rfc2307bis och IPA listas +gruppmedlemskap av DN och lagras i attributet member. +AD-schematypen sätter attributen till att motsvara Active Directory +2008r2-värden. + + + Standard: rfc2307 + + + + + + ldap_pwmodify_mode (sträng) + + + Ange operationen som används för att ändra användarens lösenord. + + + Två lägen stödjs för närvarande: + + + + exop - Password Modify Extended Operation (RFC 3062) + + + + + ldap_modify - Direkt ändring av userPassword (rekommenderas inte). + + + + + + Obs: först etableras en ny förbindelse för att verifiera det aktuella +lösenordet genom att binda som användaren som begärde lösenordsändringen. Om +det lyckas används denna förbindelse för att ändra lösenordet och därför +måste användaren ha skrivrätt på attributet userPassword. + + + Standard: exop + + + + + + ldap_default_bind_dn (sträng) + + + Standardbindnings-DN att använda för att utföra LDAP-operationer. + + + + + + ldap_default_authtok_type (sträng) + + + Typen på autentiseringstecknet hos standardbindnings-DN. + + + De två mekanismerna som stödjs för närvarande är: + + + password + + + obfuscated_password + + + Standard: password + + + Se manualsidan sss_obvuscate +8 för mer information. + + + + + + ldap_default_authtok (sträng) + + + Autentiseringstecknet hos standardbindnings-DN. + + + + + + ldap_force_upper_case_realm (boolean) + + + Några katalogservrar, till exempel Active Directory, kan leverera delen rike +av UPN:en i gemener, vilket kan få autentiseringen att misslyckas. Sätt +detta alternativ till ett värde skilt från noll ifall du vill använda ett +rike i versaler. + + + Standard: false + + + + + + ldap_enumeration_refresh_timeout (heltal) + + + Anger hur många sekunder SSSD måste vänta före den uppdaterar sin cache av +uppräknade poster. + + + Detta alternativ kan även sättas per underdomän eller ärvt via +subdomain_inherit. + + + Standard: 300 + + + + + + ldap_purge_cache_timeout (heltal) + + + Bestäm hur ofta cachen skall kontrolleras för inaktiva poster (såsom grupper +utan medlemmar och användare som aldrig har loggat in) och ta bort dem för +att spara utrymme. + + + Att sätta detta alternativ till noll kommer avaktivera rensningsoperationen +för cachen. Observera att om uppräkning är aktiverat krävs rensningsjobbet +för att upptäcka poster som tas bort från servern och inte kan +avaktiveras. Som standard kör rensningsjobbet var 3:e timma när uppräkning +är aktiverat. + + + Detta alternativ kan även sättas per underdomän eller ärvt via +subdomain_inherit. + + + Standard: 0 (avaktiverat) + + + + + + ldap_group_nesting_level (heltal) + + + Om ldap_schema är satt till ett schemaformat som stödjer nästade grupper +(t.ex. RFC2307bis), då styr detta alternativ hur många nivåer av nästning +SSSD kommer följa. Detta alternativ har ingen effekt på schemat RFC2307. + + + Obs: detta alternativ anger den garanterade nivån av nästade grupper som +skall bearbetas för en godtycklig uppslagning. Dock +kan nästade grupper utöver denna gräns returneras om +tidigare uppslagningar redan har slagit upp de djupare nästningsnivåerna. +Följande uppslagningar för andra grupper kan också utöka resultatmängden för +den ursprungliga uppslagningen om den slås upp igen. + + + Om ldap_group_nesting_level sätts till 0 bearbetas inga nästade grupper +alls. Dock krävs det dessutom att användningen av Token-Groups avaktiveras +vid anslutning till Active-Directory Server 2008 och senare vid användning +av id_provider=ad genom att sätta ldap_use_tokengroups till +false för att begränsa gruppnästning. + + + Standard: 2 + + + + + + ldap_use_tokengroups + + + Detta alternativ aktiverar eller avaktiverar användningen av attributet +Token-Groups när initgroup utförs för användare från Active Directory Server +2008 och senare. + + + Detta alternativ kan även sättas per underdomän eller ärvt via +subdomain_inherit. + + + Standard: true för AD och IPA annars false. + + + + + + ldap_host_search_base (sträng) + + + Frivillig. Använd den givna strängen som en sökbas för värdobjekt. + + + Se ldap_search_base för information om konfiguration av +multipla sökbaser. + + + Standard: värdet på ldap_search_base + + + + + + ldap_service_search_base (sträng) + + + + + ldap_iphost_search_base (sträng) + + + + + ldap_ipnetwork_search_base (sträng) + + + + + ldap_search_timeout (heltal) + + + Anger tiden (i sekunder) som ldap-sökningar tillåts köra före de annulleras +och cachade resultat returneras (och går in i frånkopplat läge) + + + Obs: detta alternativ kan komma att ändras i framtida versioner av SSSD. Det +kommer sannolikt ersättas vid någon tidpunkt med en serie tidsgränser för +specifika uppslagningstyper. + + + Detta alternativ kan även sättas per underdomän eller ärvt via +subdomain_inherit. + + + Standard: 6 + + + + + + ldap_enumeration_search_timeout (heltal) + + + Anger tiden (i sekunder) som ldap-sökningar för användar- och +gruppuppräkningar tillåts köra före de annulleras och cachade resultat +returneras (och går in i frånkopplat läge) + + + Detta alternativ kan även sättas per underdomän eller ärvt via +subdomain_inherit. + + + Standard: 60 + + + + + + ldap_network_timeout (heltal) + + + Anger tidsgränsen (i sekunder) efter vilken +poll 2 +/ select +2 som följer efter en +connect 2 + returnerar om inget händer. + + + Detta alternativ kan även sättas per underdomän eller ärvt via +subdomain_inherit. + + + Standard: 6 + + + + + + ldap_opt_timeout (heltal) + + + Anger en tid (i sekunder) efter vilken anrop till synkrona LDAP API:er +kommer avbrytas om det inte kommer något svar. Styr även tidsgränsen vid +kommunikation med KDC:n i fallet SASL-bindningar, tidsgränsen för en +LDAP-bindningsoperation, utökad operation för lösenordsändring och +StartTLS-operationen. + + + Detta alternativ kan även sättas per underdomän eller ärvt via +subdomain_inherit. + + + Standard: 8 + + + + + + ldap_connection_expire_timeout (heltal) + + + Anger en tidsgräns (i sekunder) som en förbindelse med en LDAP-server kommer +underhållas. Efter den tiden kommer förbindelsen återetableras. Om den +används parallellt med SASL/GSSAPI kommer det tidigare av de två värdena +(detta värde eller TGT-livslängden) användas. + + + Om anslutningen är inaktiv (inte aktivt kör en åtgärd) under +ldap_opt_timeout sekunders utgångstid, då kommer den +att stängas i förväg för att säkerställa att en ny begäran inte kan kräva +att förbindelsen skall hållas öppen utöver dess utgångstid. Detta implicerar +att anslutningar alltid kommer stängas omedelbart och aldrig kommer +återanvändas om ldap_connection_expire_timoute ≤ +ldap_opt_timeout + + + Tidsgränsen kan utökas med ett slumpvärde angivet av +ldap_connection_expire_offset + + + Detta alternativ kan även sättas per underdomän eller ärvt via +subdomain_inherit. + + + Standard: 900 (15 minuter) + + + + + + ldap_connection_expire_offset (heltal) + + + En slumptillägg mellan 0 och ett konfigurerat värde läggs till +tillldap_connection_expire_timeout. + + + Detta alternativ kan även sättas per underdomän eller ärvt via +subdomain_inherit. + + + Standard: 0 + + + + + + ldap_connection_idle_timeout (heltal) + + + Anger en tidsgräns (i sekunder) som en inaktiv förbindelse med en +LDAP-server kommer underhållas. Om anslutningen är inaktiv längre än denna +tid kommer förbindelsen att stängas. + + + Man kan avaktivera denna tidsgräns genom att sätta värdet till 0. + + + Detta alternativ kan även sättas per underdomän eller ärvt via +subdomain_inherit. + + + Standard: 900 (15 minuter) + + + + + + ldap_page_size (heltal) + + + Ange antalet poster som skall hämtas från LDAP i en enskild begäran. Några +LDAP-servrar framtvingar en maximal gräns per begäran. + + + Standard: 1000 + + + + + + ldap_disable_paging (boolean) + + + Avaktivera flödesstyrningen (paging) av LDAP. Detta alternativ bör användas +om LDAP-servern rapporterar att den stödjer LDAP-flödesstyrning i sin +RootDSE men det inte är aktiverat eller inte fungerar som det skall. + + + Exempel: OpenLDAP-servrar med flödesstyrningsmodulen installerad på servern +men inte aktiverad kommer rapportera det i RootDSE:n men inte kunna använda +den. + + + Exempel: 389 DS har ett fel där den endast kan stödja en flödesstyrning åt +gången på en enskild förbindelse. På aktiva klienter kan detta resultera i +att några begäranden nekas. + + + Standard: False + + + + + + ldap_disable_range_retrieval (boolean) + + + Avaktivera Active Directory intervallhämtning. + + + Active Directory begränsar antalet medlemmar som kan hämtas i en enskild +uppslagning med policyn MaxValRange (vilket som standard är 1500 +medlemmar). Om en grupp innehåller fler medlemmar skulle svaret innehålla en +AD-specifik intervallutökning. Detta alternativ avaktiverar tolkning av +intervallutökningar, därför kommer stora grupper förefalla inte ha några +medlemmar. + + + Standard: False + + + + + + ldap_sasl_minssf (heltal) + + + Vid kommunikation med en LDAP-server med SASL, ange den minsta +säkerhetsnivån som är nödvändig för att etablera förbindelsen. Värdet på +detta alternativ är definierat av OpenLDAP. + + + Standard: använd systemstandard (vanligen angivet i ldap.conf) + + + + + + ldap_sasl_maxssf (heltal) + + + Vid kommunikation med en LDAP-server med SASL, ange den masimala +säkerhetsnivån som är nödvändig för att etablera förbindelsen. Värdet på +detta alternativ är definierat av OpenLDAP. + + + Standard: använd systemstandard (vanligen angivet i ldap.conf) + + + + + + ldap_deref_threshold (heltal) + + + Ange antalet gruppmedlemmar som måste saknas i den interna cachen för att +orsaka en derefereringsuppslagning. Om färre medlemmar saknas slås de upp +individuellt. + + + Du kan slå av derefereringsuppslagningar helt genom att sätta värdet till +0. Observera att det finns några kodvägar i SSSD, som IPA HBAC-leverantören, +som endast är implementerade med derefereringsanropet, så att även med +dereferens uttryckligen avaktiverat kommer dessa delar ändå använda +dereferenser om servern stödjer det och annonserar derefereringsstyrning i +rootDSE-objektet. + + + En derefereringsuppslagning är ett sätt att hämta alla gruppmedlemmar i ett +enda LDAP-anrop. Olika LDAP-servrar kan implementera olika +derefereringsmetoder. De servrar som stödjs för närvarande är 389/RHDS, +OpenLDAP och Active Directory. + + + Obs: om någon av sökbaserna anger ett sökfilter, då +kommer prestandaförbättringen med derefereringsuppslagningar avaktiveras +oavsett denna inställning. + + + Standard: 10 + + + + + + ldap_ignore_unreadable_references (bool) + + + Ignorera oläsbara LDAP-poster refererade i gruppens medlemsattribut. Om +denna parameter sätts till falskt kommer ett fel returneras och åtgärden +misslyckas istället för att den oläsbara posten bara ignoreras. + + + Denna parameter kan vara användbar när man använder AD-leverantören och +datorkontot som sssd använder för att ansluta till AD inte har tillgång till +en viss post eller ett visst LDAP-underträd av säkerhetsskäl. + + + Standard: False + + + + + + ldap_tls_reqcert (sträng) + + + Anger vilka kontroller som utförs av servercertifikat i en TLS-session, om +några. Det kan anges som ett av följande värden: + + + never = Klienten kommer inte begära eller kontrollera +några servercertifikat. + + + allow = Servercertifikatet begärs. Om inget certifikat +tillhandahålls fortsätter sessionen normalt. Om ett felaktigt certifikat +tillhandahålls kommer det ignoreras och sessionen fortsätta normalt. + + + try = Servercertifikatet begärs. Om inget certifikat +tillhandahålls fortsätter sessionen normalt. Om ett felaktigt certifikat +tillhandahålls avslutas sessionen omedelbart. + + + demand = Servercertifikatet begärs. Om inget certifikat +tillhandahålls eller ett felaktigt certifikat tillhandahålls avslutas +sessionen omedelbart. + + + hard = Samma som demand + + + Standard: hard + + + + + + ldap_tls_cacert (sträng) + + + Anger filen som innehåller certifikat för alla Certifikatauktoriteterna som +sssd kommer godkänna. + + + Standard: använd standardvärden för OpenLDAP, typiskt i +/etc/openldap/ldap.conf + + + + + + ldap_tls_cacertdir (sträng) + + + Anger sökvägen till en katalog som innehåller certifikat för +Certifikatauktoriteter i individuella filer. Typiskt måste filnamnen vara +kontrollsummor av certifikaten följda av ”.0”. Om det är tillgängligt kan +cacertdir_rehash användas för att skapa de korrekta +namnen. + + + Standard: använd standardvärden för OpenLDAP, typiskt i +/etc/openldap/ldap.conf + + + + + + ldap_tls_cert (sträng) + + + Anger filen som innehåller certifikatet för klientens nyckel. + + + Standard: inte satt + + + + + + ldap_tls_key (sträng) + + + Anger filen som innehåller klientens nyckel. + + + Standard: inte satt + + + + + + ldap_tls_cipher_suite (sträng) + + + Anger acceptabla chiffersviter. Typiskt är detta en kolonseparerad lista. +Se ldap.conf +5 för formatet. + + + Standard: använd standardvärden för OpenLDAP, typiskt i +/etc/openldap/ldap.conf + + + + + + ldap_id_use_start_tls (boolean) + + + Specifies that the id_provider connection must also use tls to protect the channel. +true is strongly recommended for security reasons. + + + Standard: false + + + + + + ldap_id_mapping (boolean) + + + Anger att SSSD skall försöka översätta användar- och grupp-ID:n från +attributen ldap_user_objectsid och ldap_group_objectsid istället för att +förlita sig på ldap_user_uid_number och ldap_group_gid_number. + + + För närvarande stödjer denna funktion endast ActiveDirectory objectSID. + + + Standard: false + + + + + + ldap_min_id, ldap_max_id (heltal) + + + I kontrast mot den SID-baserade ID-översättningen som används om +ldap_id_mapping är satt till sant är det tillåtna ID-intervallet för +ldap_user_uid_number och ldap_group_gid_number obegränsat. I en uppsättning +med underdomäner/betrodda domäner kan detta leda till ID-kollisioner. För +att undvika kollisioner kan ldap_min_id och ldap_max_id sättas till att +begränsa det tillåtna intervallet för ID:na som läses direkt från +servern. Underdomäner kan sedan välja andra intervall för att översätta +ID:n. + + + Standard: inte satt (båda alternativen är satta till 0) + + + + + + ldap_sasl_mech (sträng) + + + Ange SASL-mekanismen att använda. För närvarande testas och stödjs endast +GSSAPI och GSS-SPNEGO. + + + Om bakänden stödjer underdomäner ärvs automatiskt värdet av ldap_sasl_mech +till underdomänerna. Om ett annat värde behövs för en underdomän kan det +skrivas över genom att sätta ldap_sasl_mech för denna underdomän explicit. +Se avsnittet SEKTIONEN BETRODDA DOMÄNER i +sssd.conf +5 för detaljer. + + + Standard: inte satt + + + + + + ldap_sasl_authid (sträng) + + + Ange SASL-auktoriserings-id:t att använda. När GSSAPI/GSS-SPNEGO används +representerar detta Kerberos-huvudmannen som används för autentisering till +katalogen. Detta alternativ kan antingen innehålla den fullständiga +huvudmannen (till exempel host/minvärd@EXAMPLE.COM) eller bara +huvudmannanamnet (till exempel host/minvärd). Som standard är värdet inte +satt och följande huvudmän används: +värdnamn@RIKE +netbiosnamn$@RIKE +host/värdnamn@RIKE +*$@RIKE +host/*@RIKE +host/* + Om ingen av dem kan hittas returneras den första huvudmannen i +keytab. + + + Standard: host/värdnamn@RIKE + + + + + + ldap_sasl_realm (sträng) + + + Ange SASL-riket att använda. När det inte anges får detta alternativ +standardvärdet från krb5_realm. Om ldap_sasl_authid också innehåller riket +ignoreras detta alternativ. + + + Standard: värdet på krb5_realm. + + + + + + ldap_sasl_canonicalize (boolean) + + + Om satt till sant kommer LDAP-biblioteket utföra en omvänd uppslagning för +att ta fram värdnamnets kanoniska form under en SASL-bindning. + + + Standard: false; + + + + + + ldap_krb5_keytab (sträng) + + + Ange den keytab som skall användas vid användning av SASL/GSSAPI/GSS-SPNEGO. + + + Detta alternativ kan även sättas per underdomän eller ärvt via +subdomain_inherit. + + + Standard: Systemets keytab, normalt /etc/krb5.keytab + + + + + + ldap_krb5_init_creds (boolean) + + + Anger att id-leverantören skall initiera Kerberoskreditiv (TGT). Denna +åtgärd utförs endast om SASL används och den valda mekanismen är GSSAPI +eller GSS-SPNEGO. + + + Standard: true + + + + + + ldap_krb5_ticket_lifetime (heltal) + + + Anger livslängden i sekunder på TGT:n om GSSAPI eller GSS-SPNEGO används. + + + Detta alternativ kan även sättas per underdomän eller ärvt via +subdomain_inherit. + + + Standard: 86400 (24 timmar) + + + + + + krb5_server, krb5_backup_server (sträng) + + + Anger en kommaseparerad lista av IP-adresser eller värdnamn till +Kerberosservrar till vilka SSSD skall ansluta i prioritetsordning. För mer +information om reserver och serverredundans se avsnittet +RESERVER. Ett frivilligt portnummer (föregånget av ett +kolon) kan läggas till till adresserna eller värdnamnen. Om tomt aktiveras +tjänsteupptäckt – för mer information, se avsnittet +TJÄNSTEUPPTÄCKT. + + + När tjänsteupptäckt används för KDC eller kpasswd-servrar söker SSSD först +efter DNS-poster som anger _udp som protokoll och provar sedan _tcp om inget +hittas. + + + Detta alternativ hade namnet krb5_kdcip i tidigare utgåvor av +SSSD. Medan det äldre namnet känns igen tills vidare rekommenderas användare +att migrera sina konfigurationsfiler till att använda +krb5_server istället. + + + + + + krb5_realm (sträng) + + + Ange Kerberos-RIKE (för SASL/GSSAPI/GSS-SPNEGO aut). + + + Standard: Systemstandard, se /etc/krb5.conf + + + + + + krb5_canonicalize (boolean) + + + Anger om värdens huvudman skall göras kanonisk vid anslutning till +LDAP-servern. Denna funktion är tillgänglig med MIT Kerberos ≥ 1.7 + + + + Standard: false + + + + + + krb5_use_kdcinfo (boolean) + + + Anger om SSSD skall instruera Kerberos-biblioteken om vilket rike och vilka +KDC:er som skall användas. Detta alternativ är på som standard, om du +avaktiverar det behöver du konfigurera Kerberos-biblioteket i +konfigurationsfilen krb5.conf +5 . + + + Se manualsidan +sssd_krb5_locator_plugin +8 för mer information om +lokaliseringsinsticksmodulen. + + + Standard: true + + + + + + ldap_pwd_policy (sträng) + + + Välj policyn för att utvärdera utgång av lösenord på klientsidan. Följande +värden är tillåtna: + + + none – Ingen utvärdering på klientsidan. Detta +alternativ kan inte avaktivera lösenordspolicyer på serversidan. + + + shadow – Använd attribut i stilen +shadow +5 för att utvärdera om lösenordet har +gått ut. Se även alternativet ”ldap_chpass_update_last_change”. + + + mit_kerberos – Använd attributen som används av MIT +Kerberos för att avgöra om lösenordet har gått ut. Använd +chpass_provider=krb5 för att uppdatera dessa attribut när lösenordet ändras. + + + Standard: none + + + Obs: om en lösenordspolicy konfigureras på serversidan +kommer den alltid gå före framför policyn som sätts med detta alternativ. + + + + + + ldap_referrals (boolean) + + + Anger huruvida automatisk uppföljning av referenser skall aktiveras. + + + Observera att sssd endast stödjer uppföljning av referenser när den är +kompilerad med OpenLDAP version 2.4.13 eller senare. + + + Att följa upp referenser kan orsaka en prestandaförlust i miljöer som +använder dem mycket, ett notabelt exempel är Microsoft Active Directory. Om +din uppsättning inte faktiskt behöver använda referenser kan att sätta detta +alternativ till falskt medföra en märkbar prestandaförbättring. Att sätta +denna flagga till falskt rekommenderas därför ifall SSSD LDAP-leverantören +används tillsammans med Microsoft Active Directory som bakände. Även om SSSD +skulle kunna följa referensen till en annan AD DC skulle inga ytterligare +data vara tillgängliga. + + + Standard: true + + + + + + ldap_dns_service_name (sträng) + + + Anger tjänstenamnet som skall användas när tjänsteupptäckt är aktiverat. + + + Standard: ldap + + + + + + ldap_chpass_dns_service_name (sträng) + + + Anger tjänstenamnet att använda för att hitta en LDAP-server som tillåter +lösenordsändringar när tjänsteupptäckt är aktiverat. + + + Standard: inte satt, d.v.s. tjänsteupptäckt är avaktiverat + + + + + + ldap_chpass_update_last_change (boolean) + + + Anger huruvida attributet ldap_user_shadow_last_change skall uppdateras med +dagar sedan epoken efter en ändring av lösenord. + + + Det rekommenderas att explicit sätta detta alternativ om ”ldap_pwd_policy = +shadow” används för att låta SSSD veta om LDAP-servern kommer uppdatera +LDAP-attributet shadowLastChange automatiskt efter en lösenordsändring eller +om SSSD måste uppdatera det. + + + Standard: False + + + + + + ldap_access_filter (sträng) + + + Om man använder access_provider = ldap och ldap_access_order = filter +(standard) är detta alternativ nödvändigt. Det anger ett +LDAP-sökfilterkriterium som måste uppfyllas för att användaren skall ges +åtkomst till denna värd. Om access_provider = ldap, ldap_access_order = +filter och detta alternativ inte är satt kommer det resultera i att alla +användare nekas åtkomst. Använd access_provider = permit för att ändra +detta standardbeteende. Observera att detta filter endast tillämpas på +LDAP-användarposten och därmed filter baserade på nästade grupper kanske +inte fungerar (t.ex. attributet memberOf i AD-poster pekar endast på direkta +föräldrar). Om filtrering baserad på nästade grupper behövs, se + +sssd-simple5 +. + + + Exempel: + + +access_provider = ldap +ldap_access_filter = (employeeType=admin) + + + Detta exempel betyder att åtkomst till denna värd är begränsad till +användare vars attribut employeeType är satt till ”admin”. + + + Frånkopplad cachning för denna funktion är begränsad till att avgöra +huruvida användarens senaste uppkopplade inloggning tilläts +åtkomsträttigheter. Om de tilläts vid senaste inloggningen kommer de +fortsätta ges åtkomst under frånkoppling, och vice versa. + + + Standard: Empty + + + + + + ldap_account_expire_policy (sträng) + + + Med detta alternativ kan en utvärdering på klientsidan av +åtkomststyrningsattribut aktiveras. + + + Observera att det alltid är rekommenderat att använda åtkomstkontroll på +serversidan, d.v.s. LDAP-servern skall neka bindningsbegäran med en passande +felkod även om lösenordet är korrekt. + + + Följande värden är tillåtna: + + + shadow: använd värdet på ldap_user_shadow_expire för +att avgöra om kontot har gått ut. + + + ad: använd värdet på 32-bitarsfältet +ldap_user_ad_user_account_control och tillåt åtkomst om den andra biten inte +är satt. Om attributet saknas tillåts åtkomst. Utgångstiden för kontot +kontrolleras också. + + + rhds, ipa, +389ds: använd värdet på ldap_ns_account_lock för att +avgöra om åtkomst tillåts eller inte. + + + nds: värdena på ldap_user_nds_login_allowed_time_map, +ldap_user_nds_login_disabled och ldap_user_nds_login_expiration_time används +för att avgöra om åtkomst tillåts. Om båda attributen saknas tillåts +åtkomst. + + + Observera att konfigurationsalternativet ldap_access_order +måste innehålla expire för att +alternativet ldap_account_expire_policy skall fungera. + + + Standard: Empty + + + + + + ldap_access_order (sträng) + + + Kommaseparerad lista över åtkomststyrningsalternativ. Tillåtna värden är: + + + filter: använd ldap_access_filter + + + lockout: använd kontolåsning. Om satt nekar detta +alternativ åtkomst ifall ldap-attributet ”pwdAccountLockedTime” finns och +har värdet ”000001010000Z”. Se alternativet ldap_pwdlockout_dn. Observera +att ”access_provider = ldap” måste vara satt för att denna funktion skall +fungera. + + + Observera att detta alternativ ersätts av alternativet +ppolicy och kan komma att tas bort i en framtida +utgåva. + + + ppolicy: använd kontolåsning. Om satt nekar detta +alternativ åtkomst ifall ldap-attributet ”pwdAccountLockedTime” finns och +har värdet ”000001010000Z” eller representerar en tidpunkt i det förgångna. +Värdet på attributet ”pwdAccountLockedTime” måste sluta med ”Z”, som +markerar tidszonen UTC. Andra tidszoner stödjs för närvarande inte och +kommer resultera i ”access-denied” när användare försöker logga in. Se +alternativet ldap_pwdlockout_dn. Observera att ”access_provider = ldap” +måste vara satt för att denna funktion skall fungera. + + + + expire: använd ldap_account_expire_policy + + + pwd_expire_policy_reject, pwd_expire_policy_warn, +pwd_expire_policy_renew: Dessa alternativ är användbara om +användare vill bli varnade att lösenordet är på gång att gå ut och +autentisering är baserat på användning av en annan metod än lösenord – till +exempel SSH-nycklar. + + + The difference between these options is the action taken if user password is +expired: + + + + pwd_expire_policy_reject - user is denied to log in, + + + + + pwd_expire_policy_warn - user is still able to log in, + + + + + pwd_expire_policy_renew - user is prompted to change their password +immediately. + + + + + + Observera att ”access_provider = ldap” måste vara satt för att denna +funktion skall fungera. ”ldap_pwd_policy” måste också vara satt till en +lämplig lösenordspolicy. + + + authorized_service: använd attributet authorizedService +för att avgöra åtkomst + + + host: använd attributet host för att avgöra åtkomst + + + rhost: använd attributet rhost för att avgöra huruvida +fjärrvärdar kan få åtkomst + + + Observera, rhost-fältet i pam sätts av programmet, det är bättre att +kontrollera vad programmet skickar till pam, före detta alternativ för +åtkomstkontroll aktiveras + + + Standard: filter + + + Observera att det är ett konfigurationsfel om ett värde används mer än en +gång. + + + + + + ldap_pwdlockout_dn (sträng) + + + Detta alternativ anger DN för lösenordspolicyposten på LDAP-servern. Notera +att frånvaro av detta alternativ i sssd.conf när kontroll av kontolåsning är +aktiverat kommer att resultera i nekad åtkomst eftersom ppolicy-attribut på +LDAP-servern inte kan kontrolleras ordentligt. + + + Exempel: cn=ppolicy,ou=policies,dc=example,dc=com + + + Standard: cn=ppolicy,ou=policies,$ldap_search_base + + + + + + ldap_deref (sträng) + + + Anger hur dereferering av alias görs när sökningar utförs. Följande +alternativ är tillåtna: + + + never: Alias är aldrig derefererade. + + + searching: Alias derefereras i underordnade till +basobjektet, men inte vid lokalisering av basobjektet för sökningen. + + + finding: Alias derefereras endast vid lokalisering av +basobjektet för sökningen. + + + always: Alias derefereras både i sökning och i +lokalisering av basobjektet för sökningen. + + + Standard: Tomt (detta hanteras som never av +LDAP-klientbiblioteken) + + + + + + ldap_rfc2307_fallback_to_local_users (boolean) + + + Tillåter att behålla lokala användare som medlemmar i en LDAP-grupp för +servrar som använder schemat RFC2307. + + + I en del miljöer där schemat RFC2307 används görs lokala användare till +medlemmar i LDAP-grupper genom att lägga till deras namn till attributet +memberUid. Den interna konsistensen i domänen bryts när detta görs, så SSSD +skulle normalt ta bort de ”saknade” användarna från de cachade +gruppmedlemskapen så fort nsswitch försöker hämta information om användaren +via anrop av getpw*() eller initgroups(). + + + Detta alternativ faller tillbaka på att kontrollera om lokala användare är +refererade, och cachar dem så att senare anrop av initgroups() kommer utöka +de lokala användarna med de extra LDAP-grupperna. + + + Standard: false + + + + + + wildcard_limit (heltal) + + + Anger en övre gräns på antalet poster som hämtas under en uppslagning med +jokertecken. + + + För närvarande stödjer endast respondenten InfoPipe jokeruppslagningar. + + + Standard: 1000 (ofta storleken på en sida) + + + + + + ldap_library_debug_level (heltal) + + + Slår på libldap-felsökning med den angivna nivån. Libldap-felmeddelanden +kommer skrivas oberoende av den allmänna debug_level. + + + OpenLDAP använder en bitavbildning för att aktivera felsökning för specifika +komponenter, -1 kommer aktivera fullständig felsökningsutmatning. + + + Standard: 0 (libldap-felsökning avaktiverat) + + + + + + + + + + SUDOALTERNATIV + + De detaljerade instruktionerna för att konfigurera sudo-leverantören finns i +manualsidan sssd-sudo +5 . + + + + + + ldap_sudo_full_refresh_interval (heltal) + + + Hur många sekunder SSSD kommer vänta mellan körningar av fullständiga +uppdateringar av sudo-regler (som hämtar alla regler som är lagrade på +servern). + + + Värdet måste vara större än ldap_sudo_smart_refresh_interval + + + + Man kan avaktivera fullständig uppdatering genom att sätta denna flagga till +0. Dock måste antingen smart eller fullständig uppdatering aktiveras. + + + Standard: 21600 (6 timmar) + + + + + + ldap_sudo_smart_refresh_interval (heltal) + + + Hur många sekunder SSSD måste vänta mellan körningar av en smart uppdatering +av sudo-regler (som hämtar alla regler som har USN högre än serverns högsta +USN-värde som för närvarande är känt av SSSD). + + + Om USN-attribut inte stödjs av servern används attributet modifyTimestamp +istället. + + + Obs: det högsta USN-värdet kan uppdateras av tre +uppgifter: 1) Genom fullständig och smart sudo-uppdatering (om det finns +uppdaterade regler), 2) genom uppräkning av användare och grupper (om det +finns aktiverade och uppdaterade användare eller grupper) och 3) genom att +återansluta till servern (som standard var 15:e minut, se +ldap_connection_expire_timeout). + + + Man kan avaktivera smart uppdatering genom att sätta denna flagga till +0. Dock måste antingen smart eller fullständig uppdatering aktiveras. + + + Standard: 900 (15 minuter) + + + + + + ldap_sudo_random_offset (heltal) + + + En slumptillägg mellan 0 och ett konfigurerat värde läggs till till smart +och fullständig uppdateringsperioder varje gång den periodiska uppgiften +schemaläggs. Värdet är i sekunder. + + + Observera att detta slumpvisa tilläg även används på den första SSSD-starten +vilked fördröjer den första uppdateringen av sudo-regler. Detta förlänger +tiden under vilken sudo-reglerna inte är tillgängliga för användning. + + + Man kan avaktivera denna fördröjning genom att sätta värdet till 0. + + + Standard: 0 (avaktiverat) + + + + + + ldap_sudo_use_host_filter (boolean) + + + Om sann kommer SSSD hämta endast regler som är tillämpliga för denna maskin +(genom användning av IPv4- och IPv6-värd-/-nätverksadresser och värdnamn). + + + Standard: true + + + + + + ldap_sudo_hostnames (sträng) + + + Mellanrumsseparerad lista över värdnamn eller fullständigt kvalificerade +domännamn som skall användas för att filtrera reglerna. + + + Om detta alternativ är tomt kommer SSSD försöka upptäcka värdnamnet och det +fullständigt kvalificerade domännamnet automatiskt. + + + Om ldap_sudo_use_host_filter är +false har detta alternativ ingen effekt. + + + Standard: inte angivet + + + + + + ldap_sudo_ip (sträng) + + + Mellanrumsseparerad lista över IPv4- eller IPv6 värd-/nätverksadresser som +skall användas för att filtrera reglerna. + + + Om detta alternativ är tomt kommer SSSD försöka upptäcka adresser +automatiskt. + + + Om ldap_sudo_use_host_filter är +false har detta alternativ ingen effekt. + + + Standard: inte angivet + + + + + + ldap_sudo_include_netgroups (boolean) + + + Om sant kommer SSSD hämta varje regel som innehåller en nätgrupp i +attributet sudoHost. + + + Om ldap_sudo_use_host_filter är +false har detta alternativ ingen effekt. + + + Standard: true + + + + + + ldap_sudo_include_regexp (boolean) + + + Om sant kommer SSSD hämta varje regel som innehåller ett jokertecken i +attributet sudoHost. + + + Om ldap_sudo_use_host_filter är +false har detta alternativ ingen effekt. + + + + Att använda jokertecken är en operation som är väldigt dyr att evaluera på +LDAP-serversidan! + + + + Standard: false + + + + + + + Denna manualsida beskriver endast attributnamnsöversättningar. För +detaljerade beskrivningar av semantiken hos sudo-relaterade attribut, se + +sudoers.ldap5 + + + + + + AUTOFSALTERNATIV + + Några av standardvärdena för parametrar nedan är beroende på LDAP-schemat. + + + + + ldap_autofs_map_master_name (sträng) + + + Namnet på automount master-kartan i LDAP. + + + Standard: auto.master + + + + + + + + + + + AVANCERADE ALTERNATIV + + Dessa alternativ stödjs av LDAP-domäner, men de skall användas med +försiktighet. Inkludera dem endast i din konfiguration om du vet vad du +gör. + + ldap_netgroup_search_base (sträng) + + + + + ldap_user_search_base (sträng) + + + + + ldap_group_search_base (sträng) + + + + + + Om alternativet ldap_use_tokengroups är aktiverat kommer +sökningarna i Active Directory inte vara begränsade och returnera alla +gruppmedlemskap, även utan någon GID-översättning. Det rekommenderas att +avaktivera denna funktion om gruppnamn inte visas korrekt. + + + + ldap_sudo_search_base (sträng) + + + + + ldap_autofs_search_base (sträng) + + + + + + + + + + + + + + + EXEMPEL + + Följande exempel antar att SSSD är korrekt konfigurerat och att LDAP är satt +till en av domänerna i avsnittet [domains]. + + + +[domain/LDAP] +id_provider = ldap +auth_provider = ldap +ldap_uri = ldap://ldap.mindomän.se +ldap_search_base = dc=mindomän,dc=se +ldap_tls_reqcert = demand +cache_credentials = true + + + + + LDAP-ÅTKOMSTFILTEREXEMPEL + + Följande exempel antar att SSSD är korrekt konfigurerat och att +ldap_access_order=lockout används. + + + +[domain/LDAP] +id_provider = ldap +auth_provider = ldap +access_provider = ldap +ldap_access_order = lockout +ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mindomän,dc=se +ldap_uri = ldap://ldap.mindomän.se +ldap_search_base = dc=mindomän,dc=se +ldap_tls_reqcert = demand +cache_credentials = true + + + + + + NOTER + + Beskrivningarna av en del konfigurationsalternativ i denna manualsida är +baserade på manualsidan +ldap.conf 5 + från distributionen OpenLDAP 2.4. + + + + + + + diff --git a/src/man/sv/sssd-session-recording.5.xml b/src/man/sv/sssd-session-recording.5.xml new file mode 100644 index 0000000..51824f9 --- /dev/null +++ b/src/man/sv/sssd-session-recording.5.xml @@ -0,0 +1,178 @@ + + + +SSSD manualsidor + + + + + sssd-session-recording + 5 + Filformat och konventioner + + + + sssd-session-recording + Konfigurera sessionsinspelning med SSSD + + + + BESKRIVNING + + Denna manualsida beskriver hur man konfigurerar +sssd 8 +att fungera med +tlog-rec-session 8 +, en del av paketet tlog, för att implementera inspelning av +användarsessioner på en textterminal. För en detaljerad referens till +konfigurationssyntaxen, se avsnittet FILE FORMAT av +manualsidan sssd.conf +5 . + + + SSSD kan sättas upp för att möjliggöra inspelning av allting specifika +användare ser eller skriver under sina sessioner på en textterminal. T.ex., +när användare loggar in på konsolen, eller via SSH. SSSD själv spelar inte +in någonting, men ser till att tlog-rec-session startas när användaren +loggar in, så att den kan spela in enligt sin konfiguration. + + + För användare med sessionsinspelning aktiverad ersätter SSSD användarens +skal med tlog-rec-session i NSS-svar, och lägger till en variabel som anger +det ursprungliga skalet till användarens miljö när PAM sätter upp +sessionen. På detta sätt kan tlog-rec-session startas istället för +användarens skal, och veta vilket faktiskt skal som skall startas när den +satt upp inspelningen. + + + + + KONFIGURATIONSALTERNATIV + + Dessa alternativ kan användas för att konfigurera sessionsinspelning. + + + + scope (sträng) + + + En av följande strängar anger utsträckningen för inspelning av sessioner: + + + ”none” + + + Inga användare spelas in. + + + + + ”some” + + + Användare/grupper angivna i alternativen users +och groups spelas in. + + + + + ”all” + + + Alla användare spelas in. + + + + + + + Standard: ”none” + + + + + users (sträng) + + + En kommaseparerad lista över användare vilka skall ha inspelning av +sessioner aktiverat. Matchar användarnamn som de returneras av +NSS. D.v.s. efter eventuellt utbyte av mellanslag, ändring av skiftläge, +etc. + + + Standard: Tomt. Matchar inte några användare. + + + + + groups (sträng) + + + En kommaseparerad lista över gruppmedlemmar vilka skall ha inspelning av +sessioner aktiverat. Matchar gruppnamn som de returneras av +NSS. D.v.s. efter eventuellt utbyte av mellanslag, ändring av skiftläge, +etc. + + + OBSERVERA: att använda detta alternativ (ha det satt till något) har en +betydande prestandakostnad, ty varje begäran som inte cachas för en +användare måste hämtas och matchas mot grupperna användaren är en medlem i. + + + Standard: Tom. Matchar inga grupper. + + + + + exclude_users (sträng) + + + En kommaseparerad lista av användare att undanta från inspelning, endast +tillämpligt med ”scope=all”. + + + Standard: Tomt. Inga användare uteslutna. + + + + + exclude_groups (sträng) + + + En kommaseparerad lista av grupper vars medlemmar skall undantas från +inspelning. Endast tillämpligt med ”scope=all”. + + + OBSERVERA: att använda detta alternativ (ha det satt till något) har en +betydande prestandakostnad, ty varje begäran som inte cachas för en +användare måste hämtas och matchas mot grupperna användaren är en medlem i. + + + Standard: Tom. Inga grupper uteslutna. + + + + + + + + EXEMPEL + + Följande snutt från sssd.conf gör det möjligt att spela in sessioner för +användarna ”konsult1” och ”konsult2” och gruppen ”studenter”. + + + +[session_recording] +scope = some +users = konsult1,konsult2 +groups = studenter + + + + + + + + diff --git a/src/man/sv/sssd-simple.5.xml b/src/man/sv/sssd-simple.5.xml new file mode 100644 index 0000000..754929d --- /dev/null +++ b/src/man/sv/sssd-simple.5.xml @@ -0,0 +1,148 @@ + + + +SSSD manualsidor + + + + + sssd-simple + 5 + Filformat och konventioner + + + + sssd-simple + konfigurationsfilen för SSSD:s åtkomststyrningsleverantör ”simple” + + + + BESKRIVNING + + Denna manualsida beskriver konfigurationen av åtkomststyrningsleverantören +simple till sssd +8 . För en detaljerad referens om +syntaxen, se avsnittet FILFORMAT i manualsidan +sssd.conf 5 +. + + + Åtkomstleverantören simple tillåter eller nekar åtkomst baserat på en +åtkomst- eller nekandelista över användar- eller gruppnamn. Följande regler +är tillämpliga: + + + Om alla listor är tomma tillåts åtkomst + + + + Om någon lista tillhandahålls är evalueringsordningen allow,deny. Detta +betyder att en deny-regel som matchar kommer gå före en eventuell matchande +allow-regel. + + + + + Om antingen den ena eller båda ”tillåtelselistorna” tillhandahålls nekas +alla användare om de inte förekommer i listan. + + + + + Om endast ”nekandelistor” tillhandahålls tillåts alla användare åtkomst om +de inte förekommer i listan. + + + + + + + + KONFIGURATIONSALTERNATIV + Se DOMÄNSEKTIONER i manualsidan +sssd.conf 5 + för detaljer om konfigurationen av en SSSD-domän. + + + simple_allow_users (sträng) + + + Kommaseparerad lista över användare som tillåts att logga in. + + + + + + simple_deny_users (sträng) + + + Kommaseparerad lista över användare som explicit nekas åtkomst. + + + + + simple_allow_groups (sträng) + + + Kommaseparerad lista över grupper som tillåts logga in. Detta är endast +tillämpligt på grupper i denna SSSD-domän. Lokala grupper utvärderas inte. + + + + + + simple_deny_groups (sträng) + + + Kommaseparerad lista över grupper som nekas åtkomst. Detta är endast +tillämpligt på grupper i denna SSSD-domän. Lokala grupper utvärderas inte. + + + + + + + Att inte ange några värden för någon av listorna är likvärdigt med att hoppa +över det helt. Var medveten om detta när parametrar genereras för +leverantören simple med automatiserade skript. + + + Observera att det är ett konfigurationsfel om båda, simple_allow_users och +simple_deny_users, är definierade. + + + + + EXEMPEL + + Följande exempel antar att SSSD är korrekt konfigurerat och att example.com +är en av domänerna i avsnittet [sssd]. Dessa +exempel visar endast alternativ som är specifika för åtkomstleverantören +simple. + + + +[domain/example.com] +access_provider = simple +simple_allow_users = användare1, användare2 + + + + + + NOTER + + Den fullständiga gruppmedlemskapshierarkin löses upp före åtkomstkontrollen, +alltså kan även nästade grupper inkluderas i åtkomstlistorna. Var medveten +om att alternativet ldap_group_nesting_level kan påverka +resultaten och skall sättas till ett tillräckligt värde. ( +sssd-ldap5 +). + + + + + + + diff --git a/src/man/sv/sssd-sudo.5.xml b/src/man/sv/sssd-sudo.5.xml new file mode 100644 index 0000000..69e833c --- /dev/null +++ b/src/man/sv/sssd-sudo.5.xml @@ -0,0 +1,225 @@ + + + +SSSD manualsidor + + + + + sssd-sudo + 5 + Filformat och konventioner + + + + sssd-sudo + Konfigurera sudo med SSSD-bakänden + + + + BESKRIVNING + + Denna manualsida beskriver hur man konfigurerar +sudo 8 +till att fungera med sssd +8 och hur SSSD cachar sudo-regler. + + + + + Konfigurera sudo att samarbeta med SSSD + + För att aktivera SSSD som en källa för sudo-regler, lägg till +sss till posten sudoers i + nsswitch.conf +5 . + + + Till exempel, för att konfigurera sudo till att först slå upp regler i +standardfilen sudoers +5 (som bör innehålla regler som +gäller för lokala användare) och sedan i SSSD, skall filen nsswitch.conf +innehålla följande rad: + + + +sudoers: files sss + + + + Mer information om att konfigurera sökordningen för sudoers från filen +nsswitch.conf liksom information om LDAP-schemat som används för att spara +sudo-regler i katalogen finns i +sudoers.ldap 5 +. + + + Observera: för att använda nätgrupper eller +IPA-värdgrupper i sudo-regler behöver man även sätta +nisdomainname 1 + korrekt till sitt NIS-domännamn (som är samma som +IPA-domännamnet när värdgrupper används). + + + + + Konfigurera SSSD till att hämta sudo-regler + + All konfiguration som behövs på SSSD-sidan är att utöka listan över +tjänster med ”sudo” i avsnittet [sssd] i +sssd.conf 5 +. För att snabba upp LDAP-uppslagningarna kan man även sätta +sökbasen för sudo-regler med alternativet +ldap_sudo_search_base. + + + Följande exempel visar hur man konfigurerar SSSD att hämta sudo-regler från +en LDAP-server. + + + +[sssd] +config_file_version = 2 +services = nss, pam, sudo +domains = EXEMPEL + +[domain/EXEMPEL] +id_provider = ldap +sudo_provider = ldap +ldap_uri = ldap://example.com +ldap_sudo_search_base = ou=sudoers,dc=example,dc=com + Det är viktigt att observera att på plattformar +där systemd stödjs finns det inget behov av att lägga till +”sudo”-leverantören till listan av tjänster, eftersom det blev frivilligt. +Dock måste sssd-sudo.socket vara aktiverat istället. + + + När SSSD är konfigurerat till att använda IPA som ID-leverantör aktiveras +sudo-leverantören automatiskt. Sudo-sökbasen konfigureras till att använda +IPA:s egna LDAP-träd (cn=sudo,$SUFFIX). Om någon annan sökbas är definierad +i sssd.conf kommer detta värde användas istället. Kompatibilitetsträdet +(ou=sudoers,$SUFFIX) behövs inte längre för IPA-sudo-funktionalitet. + + + + + Cachnings-mekanismen för SUDO-regler + + Den största utmaningen vid utvecklingen av stöd för sudo i SSSD var att +säkerställa att köra sudo med SSSD som datakälla ger samma +användarupplevelse och är lika snabbt som sudo men tillhandahåller de +senaste reglerna så mycket som möjligt. För att uppfylla dessa krav +använder SSSD tre sorters uppdateringar. De refereras till som fullständig +uppdatering, smart uppdatering och regeluppdatering. + + + Den smarta uppdateringen hämtar periodiskt regler som +är nya eller ändrades efter den senaste uppdateringen. Dess primära mål är +att se till att databasen växer genom att bara hämta små inkrementella steg +som inte genererar stora mängder med nätverkstrafik. + + + Den fullständiga uppdateringen raderar helt enkelt alla +sudo-regler som är lagrade i cachen och ersätter dem med alla regler som är +sparade på servern. Detta används för att hålla cachen konsistent genom att +ta bort varje regel som var raderad från servern. Dock kan en fullständig +uppdatering skapa mycket trafik och den bör alltså bara köras ibland +beroende på storleken och stabiliteten hos sudo-reglerna. + + + Regeluppdateringen säkerställer att vi inte ger +användaren fler rättigheter än definierat. Den triggas varje gång +användaren kör sudo. Regeluppdateringen kommer hitta alla regler som är +tillämpliga på den användaren, kontrollera deras utgångstidpunkt och hämta +om dem om de gått ut. Ifall att någon av dessa regler saknas på servern +kommer SSSD göra en fullständig uppdatering vid sidan av för att fler regler +(som är tillämpliga på andra användare) kan ha raderats. + + + Om aktiverat kommer SSSD endast lagra regler som kan tillämpas på denna +maskin. Detta betyder att regler som innehåller ett av följande värden i +attributet sudoHost: + + + + + nyckelordet ALL + + + + + jokertecken (wildcard) + + + + + nätgrupp (i formen ”+nätgrupp”) + + + + + värdnamn eller fullständigt kvalificerat domännamn på denna maskin + + + + + en av IP-adresserna till denna maskin + + + + + en av IP-adresserna till nätverket (på formen ”adress/mask”) + + + + + Det finns många konfigurationsalternativ som kan användas för att justera +beteendet. Se ”ldap_sudo_*” i +sssd-ldap 5 + och ”sudo_*” i +sssd.conf 5 +. + + + + + Trimning av prestandan + + SSSD använder olika mekanismer med mer eller mindre komplexa LDAP-filter för +att hålla de cachade sudo-reglerna uppdaterade. Standardkonfigurationen är +satt till värden som skall passa de flesta av våra användare, men följande +stycken innehåller några tips om hur man kan finjustera konfigurationen för +sina behov. + + + 1. Indexera LDAP-attribut. Se till att följande +LDAP-attribut är indexerade: objectClass, cn, entryUSN eller +modifyTimestamp. + + + 2. Sätt ldap_sudo_search_base. Sätt sökbasen till den +behållare som innehåller sudo-reglerna för att begränsa räckvidden för +uppslagningen. + + + 3. Sätt fullt och smart uppdateringsintervall. Om ens +sudo-regler inte ändras ofta och man inte behöver snabba uppdateringar av +cachade regler på sina klienter kan man avsevärt öka +ldap_sudo_full_refresh_interval och +ldap_sudo_smart_refresh_interval. Man kan också +överväga att avaktivera den smarta uppdateringen genom att sätta +ldap_sudo_smart_refresh_interval = 0. + + + 4. Om man har ett stort antal klienter kan man överväga att öka värdet på +ldap_sudo_random_offset för att fördela lasten på +servern bättre. + + + + + + + diff --git a/src/man/sv/sssd-systemtap.5.xml b/src/man/sv/sssd-systemtap.5.xml new file mode 100644 index 0000000..0e1dc1d --- /dev/null +++ b/src/man/sv/sssd-systemtap.5.xml @@ -0,0 +1,435 @@ + + + +SSSD manualsidor + + + + + sssd-systemtap + 5 + Filformat och konventioner + + + + sssd-systemtap + SSSD systemtap-information + + + + BESKRIVNING + + Denna manualsida innehåller information om systemtap-funktionen i + sssd 8 +. + + + SystemTap-testpunkter har lagts till på diverse platser i SSSD-koden för att +hjälpa till i felsökning och analys av prestandarelaterade problem. + + + + + + Exempel på SystemTap-skript finns i /usr/share/sssd/systemtap/ + + + + + Testpunkter och diverse funktioner definieras i +/usr/share/systemtap/tapset/sssd.stp respektive +/usr/share/systemtap/tapset/sssd_functions.stp. + + + + + + + + TESTPUNKTER + + Informationen nedan räknar upp testpunkterna och argumenten som är +tillgängliga i följande format: + + + + probe $name + + + Beskrivning av testpunkten + + +variabel1:datatyp +variabel2:datatyp +variabel3:datatyp +… + + + + + + + Databastransaktionstestpunkter + + + + probe sssd_transaction_start + + + Start av en sysdb-transaktion, känner av funktionen +sysdb_transaction_start(). + + +nesting:heltal +probestr:sträng + + + + + probe sssd_transaction_cancel + + + Annullering av en sysdb-transaktion, känner av funktionen +sysdb_transaction_cancel(). + + +nesting:heltal +probestr:sträng + + + + + probe sssd_transaction_commit_before + + + Känner av funktionen sysdb_transaction_commit_before(). + + +nesting:heltal +probestr:sträng + + + + + probe sssd_transaction_commit_after + + + Känner av funktionen sysdb_transaction_commit_after(). + + +nesting:heltal +probestr:sträng + + + + + + + + + LDAP-sökningstestpunkter + + + + probe sdap_search_send + + + Känner av funktionen sdap_get_generic_ext_send(). + + +base:sträng +scope:heltal +filter:sträng +attrs:sträng +probestr:sträng + + + + + probe sdap_search_recv + + + Känner av funktionen sdap_get_generic_ext_recv(). + + +base:sträng +scope:heltal +filter:sträng +probestr:sträng + + + + + probe sdap_parse_entry + + + Känner av funktionen sdap_parse_entry(). Den anropas upprepat för varje +mottaget attribut. + + +attr:sträng +value:sträng + + + + + probe sdap_parse_entry_done + + + Känner av funktionen sdap_parse_entry(). Den anropas när tolkning av +mottagna objekt är klar. + + + + + probe sdap_deref_send + + + Känner av funktionen sdap_deref_search_send(). + + +base_dn:sträng +deref_attr:sträng +probestr:sträng + + + + + probe sdap_deref_recv + + + Känner av funktionen sdap_deref_search_recv(). + + +base:sträng +scope:heltal +filter:sträng +probestr:sträng + + + + + + + + + Testpunkter av LDAP-kontobegäranden + + + + probe sdap_acct_req_send + + + Känner av funktionen sdap_acct_req_send(). + + +entry_type:heltal +filter_type:heltal +filter_value:sträng +extra_value:sträng + + + + + probe sdap_acct_req_recv + + + Känner av funktionen sdap_acct_req_recv(). + + +entry_type:heltal +filter_type:heltal +filter_value:sträng +extra_value:sträng + + + + + + + + + Testpunkter av LDAP-användarsökningar + + + + probe sdap_search_user_send + + + Känner av funktionen sdap_search_user_send(). + + +filter:sträng + + + + + probe sdap_search_user_recv + + + Känner av funktionen sdap_search_user_recv(). + + +filter:sträng + + + + + probe sdap_search_user_save_begin + + + Känner av funktionen sdap_search_user_save_begin(). + + +filter:sträng + + + + + probe sdap_search_user_save_end + + + Känner av funktionen sdap_search_user_save_end(). + + +filter:sträng + + + + + + + + + Testpunkter av dataleverantörsbegäranden + + + + probe dp_req_send + + + En dataleverantörsbegäran skickas. + + +dp_req_domain:sträng +dp_req_name:sträng +dp_req_target:heltal +dp_req_method:heltal + + + + + probe dp_req_done + + + En dataleverantörsbegäran avslutas. + + +dp_req_name:sträng +dp_req_target:heltal +dp_req_method:heltal +dp_ret:heltal +dp_errorstr:sträng + + + + + + + + + DIVERSE FUNKTIONER + + Informationen nedan räknar upp testpunkterna och argumenten som är +tillgängliga i följande format: + + + + funktionen acct_req_desc(posttyp) + + + Konvertera posttyp till en sträng och returnera strängen + + + + + function sssd_acct_req_probestr(fc_namn, posttyp, filtertyp, filtervärde, +extravärde) + + + Skapa testpunktsträng baserad på filtertyp + + + + + funktionen dp_target_str(mål) + + + Konvertera målet till en sträng och returnera strängen + + + + + funktionen dp_method_str(mål) + + + Konvertera metoden till en sträng och returnera strängen + + + + + + + + + + PROV PÅ SYSTEMTAP-SKRIPT + + Starta SystemTap-skriptet (stap +/usr/share/sssd/systemtap/<skriptnamn>.stp), utför sedan en +identitetsåtgärd och skriptet kommer samla information från sonder. + + + Levererade SystemTap-skript är: + + + + dp_request.stp + + + Övervakning av prestanda hos dataleverantörbegäranden. + + + + + id_perf.stp + + + Övervakning av prestanda hos kommandot id. + + + + + ldap_perf.stp + + + Övervakning av LDAP-begäranden. + + + + + nested_group_perf.stp + + + Prestanda vid uppslagning av nästade grupper. + + + + + + + + + + diff --git a/src/man/sv/sssd.8.xml b/src/man/sv/sssd.8.xml new file mode 100644 index 0000000..9ecb452 --- /dev/null +++ b/src/man/sv/sssd.8.xml @@ -0,0 +1,245 @@ + + + +SSSD manualsidor + + + + + sssd + 8 + + + + sssd + Demonen för systemsäkerhetstjänster + + + + +sssd +flaggor + + + + BESKRIVNING + + SSSD tillhandahåller en uppsättning demoner för att +hantera åtkomst till fjärrkataloger och autentiseringsmekanismer. Det +tillhandahåller ett NSS- och PAM-gränssnitt mot systemet och ett system med +insticksmoduler till bakänden för att ansluta till flera olika kontokällor, +såväl som ett D-Bus-gränssnitt. Det är också basen för att tillhandahålla +klientgranskning och policytjänster för projekt som FreeIPA. Det +tillhandahåller en mer robust databas att spara lokala användare såväl som +utökade användardata. + + + + + FLAGGOR + + + + , +NIVÅ + + + + + + läge + + + + 1: Lägg till en tidsstämpel till +felsökningsmeddelandena + + + 0: Avaktivera tidsstämpeln i felsökningsmeddelanden + + + Standard: 1 + + + + + + läge + + + + 1: Lägg till mikrosekunder till tidsstämpeln i +felsökningsmeddelanden + + + 0: Avaktivera mikrosekunder i tidsstämpeln + + + Standard: 0 + + + + + + värde + + + + Platsen dit SSSD kommer skicka loggmeddelanden. + + + stderr: Omdirigera felmeddelanden till standard +fel-utmatning. + + + files: Omdirigera felsökningsmeddelanden till +loggfilerna. Som standard lagras loggfilerna i +/var/log/sssd och det finns separata loggfiler för +varje SSSD-tjänst och domän. + + + journald: Omdirigera felsökningsmeddelanden till +systemd-journald + + + Standard: inte satt (fall tillbaka på journald om den är tillgänglig, annars +standard fel) + + + + + + , + + + + Bli en demon efter att ha startat upp. + + + + + + , + + + + Kör i förgrunden, bli inte en demon. + + + + + + , + + + + Ange en annan konfigurationsfil än standard. Standard är +/etc/sssd/sssd.conf. För referens till +konfigurationsfilsyntaxen och -alternativ, konsultera manualsidan + sssd.conf +5 . + + + + + + , + + + + Starta inte SSSD, men uppdatera konfigurationsdatabasen från innehållet i +/etc/sssd/sssd.conf och avsluta sedan. + + + + + + , + + + + Liknande --genconf, men uppdatera endast ett enskilt avsnitt +av konfigurationsfilen. Detta alternativt är huvudsakligen användbart för +att anropas från systemd:s unit-filer för att låta uttagsaktiverade +respondenter att uppdatera sina konfigurationer utan att kräva att +administratören startar om hela SSSD. + + + + + + + + + + + Skriv ut versionsnumret och avsluta. + + + + + + + + Signaler + + + SIGTERM/SIGINT + + + Säger till SSSD att snyggt avsluta alla dess barnprocesser och sedan stänga +av monitorn. + + + + + SIGHUP + + + Säger till SSSD att sluta skriva till dess aktuella felsökningsfilbeskrivare +och stänga och öppna om dem. Detta är tänkt att möjliggöra loggrullning med +program som logrotate. + + + + + SIGUSR1 + + + Säger till SSSD att simulera frånkopplad funktion under tiden hos parametern +offline_timeout. Detta är användbart för att testa. +Signalen kan skickas antingen till sssd-processen eller direkt till någon +sssd_be-process. + + + + + SIGUSR2 + + + Säger till SSSD att gå till uppkopplat läge omedelbart. Detta är användbart +för att testa. Signalen kan skickas antingen till sssd-processen eller +direkt till någon sssd_be-process. + + + + + + + + NOTER + + Om miljövariabeln SSS_NSS_USE_MEMCACHE är satt till ”NO” kommer +klientprogram inte använda den snabba cachen i minnet. + + + Om miljövariabeln SSS_LOCKFREE är satt till ”NO” kommer begäranden från +multipla trådar i ett enskilt program att seriaaliseras. + + + + + + + diff --git a/src/man/sv/sssd.conf.5.xml b/src/man/sv/sssd.conf.5.xml new file mode 100644 index 0000000..b8aded6 --- /dev/null +++ b/src/man/sv/sssd.conf.5.xml @@ -0,0 +1,4039 @@ + + +]> + +SSSD manualsidor + + + + + sssd.conf + 5 + Filformat och konventioner + + + + sssd.conf + konfigurationsfilen för SSSD + + + + FILFORMAT + + + Filen har en syntax i ini-stil och består av sektioner och parametrar. En +sektion börjar med namnet på sektionen i hakparenteser och fortsätter tills +nästa sektion börjar. Ett exempel på en sektion med enkla och flervärda +parametrar: +[sektion] +nyckel = värde +nyckel2 = värde2,värde3 + + + + + Datatyperna som används är sträng (inga citationstecken behövs), heltal och +bool (med värdena TRUE/FALSE). + + + + En kommentarsrad börjar med ett nummertecken (#) eller ett +semikolon (;). Kommentarer inom raden stödjs inte. + + + + Alla sektioner kan valfritt ha en parameter +description. Dess funktion är endast som en +etikett för sektionen. + + + + sssd.conf måste vara en normal fil, ägd av root och +endast root får läsa från eller skriva till filen. + + + + + KONFIGURATIONSSNUTTAR FRÅN EN INCLUDE-KATALOG + + + Konfigurationsfilen sssd.conf kommer inkludera +konfigurationssnuttar från include-katalogen +conf.d. Denna funktion är tillgänglig om SSSD +kompilerades med version 1.3.0 eller senare av libini. + + + + Filer lagda i conf.d som slutar med +.conf och inte börjar med en punkt +(.) kommer användas tillsammans med +sssd.conf för att konfigurera SSSD. + + + + Konfigurationssnuttarna från conf.d har högre prioritet +än sssd.conf och kommer åsidosätta +sssd.conf när konflikter uppstår. Om flera snuttar +finns i conf.d inkluderas de i alfabetisk ordning +(baserat på lokalen). Filer som inkluderas senare har högre prioritet. +Numeriska prefix (01_snutt.conf, +02_snutt.conf etc.) kan hjälpa till att visualisera +prioriteten (högre tals betyder högre prioritet). + + + + Snuttfilerna behöver samma ägare och rättigheter som +sssd.conf. Vilket som standard är root:root och 0600. + + + + + ALLMÄNNA FLAGGOR + + Följande flaggor är användbara i mer än en konfigurationssektion. + + + Flaggor användbara i alla sektioner + + + + debug_level (heltal) + + + + debug (heltal) + + + SSSD 1.14 och senare inkluderar också aliaset +debug för debug_level +som en bekvämlighetsfiness. Om båda anges kommer värdet +pådebug_level användas. + + + + + debug_timestamps (bool) + + + Lägg till en tidsstämpel till felsökningsmeddelanden. Om journald är +aktiverat för SSSD-felsökningsloggning ignoreras denna flagga. + + + Standard: true + + + + + debug_microseconds (bool) + + + Lägg till mikrosekunder till tidsstämpeln till felsökningsmeddelanden. Om +journald är aktiverat för SSSD-felsökningsloggning ignoreras denna flagga. + + + Standard: false + + + + + debug_backtrace_enabled (bool) + + + Aktivera felsökningsspårning. + + + Ifall SSSD körs med debug_level mindre än 9 loggas allting till en +ringbuffert i minnet och skrivs till en loggfil när nägot fel upp till och +inklusive ”min(0x0040, debug_level)” (d.v.s. om debug_level uttryckligen är +satt till 0 eller 1 kommer endast dessa felnivåer att orsaka en spårning, +annars upp till 2). + + + Funktionen stödjs endast för ”logger == files” (d.v.s. att sätta denna har +ingen effekt för andra loggningstyper). + + + Standard: true + + + + + + + + + Flaggor användbara i sektionerna SERVICE och DOMAIN + + + + timeout (heltal) + + + Tidsgräns i sekunder mellan hjärtslag för denna tjänst. Detta används för +att säkerställa att processen lever och kan svara på begäranden. Observera +att efter tre missade hjärtslag kommer processen avsluta sig själv. + + + Standard: 10 + + + + + + + + + + SPECIALSEKTIONER + + + Sektionen [sssd] + + Enskilda delar av SSSD-funktionalitet tillhandahålls av speciella +SSSD-tjänster som startas och stoppas tillsammans med SSSD. Tjänsterna +hanteras av en speciell tjänst som ofta kallas monitor. +Sektionen [sssd] används för att konfigurera övervakaren +såväl som andra viktiga alternativ som identitetsdomänerna. + Sektionsparametrar + + config_file_version (heltal) + + + Indikerar vilken syntaxen är i konfigurationsfilen. SSSD 0.6.0 och senare +använder version 2. + + + + + services + + + Kommaseparerad lista av tjänster som startas när sssd själv startas. + Tjänstelistan är frivillig på plattformar +där systemd stödjs, eftersom de antingen kommer vara uttags- eller +D-Bus-aktiverade vid behov. + + + Tjänster som stödjs: nss, pam , sudo +, autofs , ssh , +pac , ifp + + + Som standard är alla tjänster avaktiverade +och administratören måste aktivera de tillåtna genom att köra: ”systemctl +enable sssd-@service@.socket". + + + + + reconnection_retries (heltal) + + + Antal gånger som tjänster skall försöka återansluta i händelse av en +dataleverantörskrasch eller -omstart innan de ger upp + + + Standard: 3 + + + + + domains + + + En domän är en databas som innehåller användarinformation. SSSD kan använda +flera domäner på samma gång, men åtminstone en måste vara konfigurerad, +annars kommer inte SSSD starta. Denna parameter beskriver listan av domäner +i den ordning du vill att de skall tillfrågas. Ett domännamn rekommenderas +endast att bestå av alfanumeriska ASCII-tecken, bindestreck, punkter och +understrykningstecken. Tecknet ”/” är förbjudet. + + + + + re_expression (sträng) + + + Reguljärt standarduttryck som beskriver hur man skall tolka strängen som +innehåller användarnamnet och domänen in i dessa komponenter. + + + Varje domän kan ha ett eget reguljärt uttryck konfigurerat. För några +ID-leverantörer finns det också reguljära standarduttryck. Se DOMÄNSEKTIONER +för mer information om dessa reguljära uttryck. + + + + + full_name_format (sträng) + + + Ett printf +3 -kompatibelt format som beskriver +hur man sätter samman ett fullständigt kvalificerat namn från namn- och +domänkomponenter. + + + Följande utvidgningar stödjs: + + %1$s + användarnamn + + + %2$s + + + domännamn som det anges i SSSD-konfigurationsfilen. + + + + + %3$s + + + platt domännamn. Huvudsakligen användbart för Active Directory-domäner, både +direkt konfigurerade eller hittade via IPA-förtroenden. + + + + + + + Varje domän kan ha en egen formatsträng konfigurerad. Se DOMÄNSEKTIONER för +mer information om detta alternativ. + + + + + monitor_resolv_conf (boolean) + + + Styr om SSSD skall övervaka tillståndet för resolv.conf för att identifiera +när den behöver uppdatera sin interna DNS-uppslagare. + + + Standard: true + + + + + try_inotify (boolean) + + + Som standard kommer SSSD försöka använda inotify för att övervaka ändringar +av konfigurationsfiler och kommer gå tillbaka till att polla var femte +sekund om inotify inte kan användas. + + + Det finns vissa situationer när det är att föredra att vi skall hoppa över +att ens försöka att använda inotify. I dessa sällsynta fall skall detta +alternativ sättas till ”false” + + + Standard: true på plattformar där inotify stödjs. False på andra +plattformar. + + + Obs: detta alternativ kommer inte ha någon effekt på plattformar där inotify +inte är tillgängligt. På dessa plattformar kommer pollning alltid användas. + + + + + krb5_rcache_dir (sträng) + + + Katalog i filsystemet där SSSD skall spara Kerberos-cachefiler för +återuppspelning. + + + Detta alternativ godtar ett specialvärde __LIBKRB5_DEFAULTS__ som kommer +instruera SSSD att låta libkrb5 bestämma den lämpliga platsen för +cachefilerna för återuppspelning. + + + Standard: distributionsspecifikt och anges vid +byggtillfället. (__LIBKRB5_DEFAULTS__ om inte konfigurerat) + + + + + user (sträng) + + + The user to drop the privileges to where appropriate to avoid running as the +root user. Currently the only supported value is '&sssd_user_name;'. + + + + This option does not work when running socket-activated services, as the +user set up to run the processes is set up during compilation time. The way +to override the systemd unit files is by creating the appropriate files in +/etc/systemd/system/. Keep in mind that any change in the socket user, +group or permissions may result in a non-usable SSSD. The same may occur in +case of changes of the user running the NSS responder. + + + + Standard: inte angivet, processer kommer köra som root + + + + + default_domain_suffix (sträng) + + + Strängen kommer användas som ett standardnamn för domänen för alla namn utan +en domännamnsdel. Det huvudsakliga användningsfallet är miljöer där +primärdomänen är avsedd för hantering av värdpolicyer och alla användare är +placerade i en betrodd domän. Alternativet låter dessa användare att logga +in med bara sitt användarnamn utan att dessutom ange ett domännamn. + + + Please note that if this option is set all users from the primary domain +have to use their fully qualified name, e.g. user@domain.name, to log +in. Setting this option changes default of use_fully_qualified_names to +True. It is not allowed to use this option together with +use_fully_qualified_names set to False. One exception from this rule are domains +with id_provider=files that always try to match the behaviour +of nss_files and therefore their output is not qualified even when the +default_domain_suffix option is used. + + + Standard: inte satt + + + + + override_space (sträng) + + + Denna parameter kommer ersätta blanksteg (mellanslag) med det angivna +tecknet i användar- och gruppnamn, t.ex. (_). Användarnamnet "sven +svensson" blir "sven_svensson" Denna funktion lades till för +att hjälpa till med kompatibiliteten med skalskript som har svårigheter att +hantera blanka, på grund av att det är standardfältseparatorn i skalet. + + + Observera att det är ett konfigurationsfel att använda ett ersättningstecken +som kan användas i användar- eller gruppnamn. Om ett namn innehåller +ersättningstecknet försöker SSSD att returnera det omodifierade namnet men i +allmänhet är resultatet av en uppslagning odefinierat. + + + Standard: inte satt (blanka kommer inte ersättas) + + + + + certificate_verification (sträng) + + + Med denna parameter kan verifieringen av certifikatet justeras med en +kommaseparerad lista av alternativ. Alternativ som stödjs är + + no_ocsp + + Avaktiverar kontroller enligt Online Certificate Status Protocol +(OCSP). Detta kan behövas om OCSP-servrarna som definieras i certifikatet +inte är nåbara från klienten. + + + + soft_ocsp + + Om en anslutning inte kan etableras till en OCSP-respondent hoppas +OCSP-kontrollen över. Denna flagga skall användas för att tillåta +autentisering när systemet är frånkopplat och OCSP-respondenten inte kan +nås. + + + + ocsp_dgst + + Kontrollsumme- (hash-)funktion som används för att skapa certifikats-ID för +OCSP-begäran. Tillåtna värden är: + + sha1 + sha256 + sha384 + sha512 + + + Standard: sha1 (för att tillåta kompatibilitet med respondenter som följer +RFC5019) + + + + + no_verification + + Avaktiverar helt verifiering. Detta alternativ skall endast användas för +testning. + + + + partial_chain + + Tillåt verifikationen att lyckas även om en +fullständig kedja inte kan byggas till ett +självsignerat förtroendeankare, förutsatt att det är möjligt att konstruera +en kedja till ett betrott certifikat som inte behöver vara självsignerat. + + + + ocsp_default_responder=URL + + Anger standard-OCSP-respondent som skall användas istället för den som nämns +i certifikatet. URL:en måste ersättas med URL:en till +standard-OCSP-respondenten t.ex. http://example.com:80/ocsp. + + + + + ocsp_default_responder_signing_cert=NAMN + + Detta alternativ ignoreras för närvarande. Alla nödvändiga certifikat måste +vara tillgängliga i PEM-filen som anges av pam_cert_db_path. + + + + crl_file=/SÖKVÄG/TILL/CRL/FIL + + Använd certifikatåterkallelselistan (Certificate Revocation List, CRL) från +den givna filen under verifikationen av certifikatet. CRL:en måste ges i +PEM-format, se crl +1ssl för detaljer. + + + + soft_crl + + + Om en certifikatåterkalleleselista (CRL) gått ut, ignorera CRL-kontroller +för de relaterade certifikaten. Denna flagga skall användas för att tillåta +autentisering när systemet är frånkopplat och CRL:en inte kan förnyas. + + + + + + Okända alternativ rapporteras men ignoreras. + + + Standard: inte satt, d.v.s begränsa inte certifikatverifieringen + + + + + disable_netlink (boolean) + + + SSSD-hakar in i netlink-gränssnittet för att övervaka förändringar av +rutter, adresser, länkar och utlösa vissa åtgärder. + + + Förändringar av SSSD-tillståndet från netlink-händelser kan vara opålitliga +och kan avaktiveras genom att sätta detta alternativ till ”true” + + + Standard: false (netlink-förändringar detekteras) + + + + + enable_files_domain (boolean) + + + När detta alternativ är aktiverat skjuter SSSD in en implicit domän med +id_provider=files före några explicit konfigurerade domäner. + + + Standard: false + + + + + domain_resolution_order + + + Kommaseparerad lista av domäner och underdomäner som representerar ordningen +av uppslagningar skall följa. Listan behöver inte innehålla alla möjliga +domäner eftersom de saknade domänerna kommer slås upp baserat på ordningen +de presenteras i konfigurationsalternativet domains. +Underdomäner som inte är listade som en del av lookup_order +kommer slås upp i en slumpvis ordning för varje föräldradomän. + + + Please, note that when this option is set the output format of all commands +is always fully-qualified even when using short names for input , for all users but the ones managed by the +files provider . In case the administrator wants the output not +fully-qualified, the full_name_format option can be used as shown below: +full_name_format=%1$s However, keep in mind that during +login, login applications often canonicalize the username by calling + getpwnam +3 which, if a shortname is returned +for a qualified input (while trying to reach a user which exists in multiple +domains) might re-route the login attempt into the domain which uses +shortnames, making this workaround totally not recommended in cases where +usernames may overlap between domains. + + + Standard: inte satt + + + + + implicit_pac_responder (boolean) + + + PAC-respondenten aktiveras automatiskt för IPA- och AD-leverantörerna för +att utvärdera och kontrollera PAC:en. Om den måste avaktiveras sätt detta +alternativ till ”false”. + + + Standard: true + + + + + core_dumpable (boolean) + + + Detta alternativ kan användas för allmän förstärkning: att sätta det till +”false” förbjuder kärndumpar för alla SSSD-processer för att undvika att +klartextlösenord läcker. Se manualsidan prctl:PR_SET_DUMPABLE för detaljer. + + + Standard: true + + + + + passkey_verification (string) + + + With this parameter the passkey verification can be tuned with a comma +separated list of options. Supported options are: + + user_verification (boolean) + + Enable or disable the user verification (i.e. PIN, fingerprint) during +authentication. If enabled, the PIN will always be requested. + + + The default is that the key settings decide what to do. In the IPA or +kerberos pre-authentication case, this value will be overwritten by the +server. + + + + + + + + + + + + + + + TJÄNSTESEKTIONER + + Inställningar som kan användas för att konfigurera olika tjänster beskrivs i +detta avsnitt. De skall ligga i sektionen +[$NAME], till exempel, för tjänsten NSS skulle +sektionen vara [nss] + + + + Allmänna alternativ för tjänstekonfiguration + + Dessa alternativ kan användas för att konfigurera alla tjänster. + + + + reconnection_retries (heltal) + + + Antal gånger som tjänster skall försöka återansluta i händelse av en +dataleverantörskrasch eller -omstart innan de ger upp + + + Standard: 3 + + + + + fd_limit + + + Detta alternativ anger det maximala antalet filbeskrivare som kan öppnas på +en gång av denna SSSD-process. På system där SSSD ges förmågan +CAP_SYS_RESOURCE kommer detta vara en absolut inställning. På system utan +denna förmåga kommer det resulterande värdet vara det lägre av detta värde +och den ”hårda” gränsen i limits.conf. + + + Standard: 8192 (eller den ”hårda” gränsen i limits.conf) + + + + + client_idle_timeout + + + Detta alternativ anger antalet sekunder som en klient till en SSSD-process +kan hålla fast i en filbeskrivare utan att kommunicera över den. Detta värde +är begränsat för att undvika att resurserna på systemet tar +slut. Tidsgränsen kan inte vara kortare än 10 sekunder. Om ett lägre värde +konfigureras kommer det att justeras till 10 sekunder. + + + Standard: 60, KCM: 300 + + + + + offline_timeout (heltal) + + + När SSSD byter till frånkopplat läge, kommer tiden före den försöker gå +tillbaka till uppkopplat läge öka baserat på tiden tillbringad frånkopplad. +Som standard använder SSSD ett inkrementellt beteende för att beräkna +fördröjningen mellan återförsök. Så, väntetiden för ett givet återförsök +kommer vara längre än väntetiden för det föregående. Efter varje misslyckat +försök att bli uppkopplat beräknas det nya intervallet om enligt följande: + + + ny_fördröjning = Minimum(gammal_fördröjning * 2, offline_timeout_max) + +slumpvärde[0…offline_timeout_random_offset] + + + Standardvärdet för offline_timeout är 60. Standardvärdet på +offline_timeout_max är 3600. Standardvärdet på offline_timeout_random_offset +är 30. Slutresultatet är antalet sekunder före nästa omförsök. + + + Observera att den maximala längde på varje intervall definieras av +offline_timeout_max (förutom slumpdelen). + + + Standard: 60 + + + + + offline_timeout_max (heltal) + + + Styr med hur mycket tiden mellan försök att ansluta kan ökas efter ett +misslyckat försök att koppla upp. + + + Ett värde på 0 avaktiverar det ökande beteendet. + + + Värdet på denna parameter skall sättas i korrelation med parametervärdet +offline_timeout. + + + Med offline_timout satt till 60 (standardvärdet) är det ingen poäng i att +sätta ofline_timeout_max till mindre än 120 eftersom det kommer mättas +omedelbart. En allmän regel här bör vara att sätta offline_timeout_max till +åtminstone 4 gånger offline_timeout. + + + Även om ett värde mellan 0 och offline_timeout kan anges har det effekten +att åsidosätta värdet offline_timeout så det är inte så användbart. + + + Standard: 3600 + + + + + offline_timeout_random_offset (heltal) + + + När SSSD är i frånkopplat läge fortsätter den att prova bakändesservrar med +angivna tidsintervall: + + + ny_fördröjning = Minimum(gammal_fördröjning * 2, offline_timeout_max) + +slumpvärde[0…offline_timeout_random_offset] + + + Denna parameter styr värdet på den slumpvisa förskjutningen som används i +ovanstående ekvation. Det slutliga random_offset-värdet kommer vara ett +slumptal i intervallet: + + + [0 – offline_timeout_random_offset] + + + Ett värde på 0 avaktiverar tillägget av en slumpfördröjning. + + + Standard: 30 + + + + + responder_idle_timeout + + + Detta alternativ anger antalet sekunder som en SSSD-respondentprocess kan +vara uppe utan att användas. Detta värde är begränsat för att undvika att +resurserna på systemet tar slut. Det minsta acceptabla värdet för detta +alternativ är 60 sekunder. Att sätta detta alternativ till 0 (noll) betyder +att ingen tidsgräns kommer att sättas av respondenten. Detta alternativ har +bara effekt när SSSD är byggt med stöd för systemd och när tjänster är +antingen uttags- eller D-Bus-aktiverade. + + + Standard: 300 + + + + + cache_first + + + Detta alternativ anger huruvida respondenten skall fråga alla cachar före +den frågar dataleverantörerna. + + + Standard: false + + + Standard: true + + + + + + + + NSS-konfigurationsalternativ + + Dessa alternativ kan användas för att konfigurera tjänsten Name Service +Switch (NSS). + + + + enum_cache_timeout (heltal) + + + Hur många sekunder skall nss_sss cacha uppräkningar (begäranden för +information om alla användare) + + + Standard: 120 + + + + + entry_cache_nowait_percentage (heltal) + + + Cachen över poster kan ställas in att automatiskt uppdatera poster i +bakgrunden om de begärs utöver en procentsats av värdet entry_cache_timeout +för domänen. + + + Till exempel, om domänens entry_cache_timeout är satt till 30 s och +entry_cache_nowait_percentage är satt till 50 (procent) kommer poster som +kommer in 15 sekunder efter den sista cacheuppdateringen returneras +omedelbart, men SSSD kommer att ta och uppdatera cachen på egen hand, så att +framtida begäranden kommer behöva blockera i väntan på en cacheuppdatering. + + + Giltiga värden för detta alternativ är 0-99 och representerar en procentsats +av entry_cache_timeout för varje domän. Av prestandaskäl kommer denna +procentsats aldrig reducera nowait-tidsgränser till mindre än 10 sekunder. +(0 avaktiverar denna funktion) + + + Standard: 50 + + + + + entry_negative_timeout (heltal) + + + Anger hur många sekunder nss_sss cachar negativa cacheträffar (det vill +säga, frågor om ogiltiga databasposter, som sådana som inte finns) innan +bakänden tillfrågas igen. + + + Standard: 15 + + + + + local_negative_timeout (heltal) + + + Anger hur många sekunder nss_sss skall hålla lokala användare och grupper i +en negativ cache före den försöker slå upp dem i bakänden igen. Att ställa +in alternativet till 0 avaktiverar denna funktion. + + + Standard: 14400 (4 timmar) + + + + + filter_users, filter_groups (sträng) + + + Uteslut vissa användare eller grupper från att hämtas från sss +NSS-databasen. Detta är särskilt användbart för systemkonton. Detta +alternativ kan också anges per domän eller inkludera fullständigt +kvalificerade namn för att filtrera endast användare från den angivna +domänen eller efter ett användarhuvudmansnamn (UPN). + + + OBS: alternativet filter_groups påverkar inte arvet av nästade +gruppmedlemmar, eftersom filtrering sker efter att de propagerats för att +returnera via NSS. T.ex. en grupp som har en medlemsgrupp bortfiltrerad +kommer fortfarande ha medlemsanvändarna i den senare listade. + + + Standard: root + + + + + filter_users_in_groups (bool) + + + Om du vill att filtrerade användare fortfarande skall vara gruppmedlemmar +sätt då detta alternativ till false. + + + Standard: true + + + + + + + fallback_homedir (sträng) + + + Ange en standardmall för en användares hemkatalog om ingen uttryckligen +anges av domänens dataleverantör. + + + De tillgängliga värdena för detta alternativ är samma som för +override_homedir. + + + exempel: +fallback_homedir = /home/%u + + + + Standard: inte satt (ingen ersättning för ej angivna hemkataloger) + + + + + override_shell (sträng) + + + Åsidosätt inloggningsskalet för alla användare. Detta alternativ går före +alla andra skalalternativ om det har effekt och kan sättas antingen i +sektionen [nss] eller per domän. + + + Standard: inte angivet (SSSD kommer använda värdet som hämtats från LDAP) + + + + + allowed_shells (sträng) + + + Begränsa användarskal till ett av de listade värdena. Beräkningsordningen +är: + + + 1. Om skalet finns i /etc/shells används det. + + + 2. Om skalet finns i listan allowed_shells men inte i +/etc/shells, använd värdet på parametern shell_fallback. + + + 3. Om skalet inte finns i listan allowed_shells och inte i +/etc/shells används ett nologin-skal. + + + Jokertecknet (*) kan användas för att tillåta godtyckligt skal. + + + (*) är användbart om du vill använda shell_fallback ifall den användarens +skal inte finns i /etc/shells och att underhålla listan över +alla skal i allowed_shells skulle vara för mycket overhead. + + + En tom sträng som skal skickas som den är till libc. + + + /etc/shells läses bara vid uppstart av SSSD, vilket betyder +att en omstart av SSSD behövs ifall ett nytt skal installeras. + + + Standard: inte satt. Användarens skal används automatiskt. + + + + + vetoed_shells (sträng) + + + Ersätt alla instanser av dessa skal med shell_fallback + + + + + shell_fallback (sträng) + + + Standardskalet att använda om ett tillåtet skal inte är installerat på +maskinen. + + + Standard: /bin/sh + + + + + default_shell + + + Standardskalet att använda om leverantören inte returnerar något under +uppslagningen. Detta alternativ kan anges globalt i sektionen [nss] eller +per domän. + + + Standard: inte satt (Returnera NULL om inget skal är angivet och lita på att +libc ersätter med något rimligt när nödvändigt, vanligen /bin/sh) + + + + + get_domains_timeout (heltal) + + + Anger tiden i sekunder under vilken listan av underdomäner kommer betraktas +som giltiga. + + + Standard: 60 + + + + + memcache_timeout (heltal) + + + Anger tiden i sekunder under vilken poster i minnescachen kommer vara +giltiga. Att sätta detta alternativ till noll kommer avaktivera cachen i +minnet. + + + Standard: 300 + + + VARNING: att avaktivera cachen i minnet kommer ha signifikant negativ +påverkan på SSSD:s prestanda och skall bara användas för testning. + + + OBS: om miljövariabeln SSS_NSS_USE_MEMCACHE är satt till ”NO” kommer +klientprogram inte använda den snabba cachen i minnet. + + + + + memcache_size_passwd (heltal) + + + Storlek (i megabyte) på datatabellen som allokeras inuti en snabb +i-minnes-cache för lösenordsbegäranden. Att sätta storleken till 0 kommer +avaktivera lösenords-cachen i minnet. + + + Standard: 8 + + + VARNING: en avaktiverad eller för liten cache i minnet kan ha signifikant +negativ påverkan på SSSD:s prestanda. + + + OBS: om miljövariabeln SSS_NSS_USE_MEMCACHE är satt till ”NO” kommer +klientprogram inte använda den snabba cachen i minnet. + + + + + memcache_size_group (heltal) + + + Storlek (i megabyte) på datatabellen som allokeras inuti en snabb +i-minnes-cache för gruppbegäranden. Att sätta storleken till 0 kommer +avaktivera grupp-cachen i minnet. + + + Standard: 6 + + + VARNING: en avaktiverad eller för liten cache i minnet kan ha signifikant +negativ påverkan på SSSD:s prestanda. + + + OBS: om miljövariabeln SSS_NSS_USE_MEMCACHE är satt till ”NO” kommer +klientprogram inte använda den snabba cachen i minnet. + + + + + memcache_size_initgroups (heltal) + + + Storlek (i megabyte) på datatabellen som allokeras inuti en snabb +i-minnes-cache för initgruppbegäranden. Att sätta storleken till 0 kommer +avaktivera initgrupp-cachen i minnet. + + + Standard: 10 + + + VARNING: en avaktiverad eller för liten cache i minnet kan ha signifikant +negativ påverkan på SSSD:s prestanda. + + + OBS: om miljövariabeln SSS_NSS_USE_MEMCACHE är satt till ”NO” kommer +klientprogram inte använda den snabba cachen i minnet. + + + + + memcache_size_sid (integer) + + + Storlek (i megabyte) på datatabellen som allokeras inuti en snabb +i-minnes-cache för SID-realterade begäranden. Endast SID-via-ID- och +ID-via-SID-begäranden sparas för närvarande i den snabba cachen i +minnet. Att sätta storleken till 0 kommer avaktivera SID-cachen i minnet. + + + Standard: 6 + + + VARNING: en avaktiverad eller för liten cache i minnet kan ha signifikant +negativ påverkan på SSSD:s prestanda. + + + OBS: om miljövariabeln SSS_NSS_USE_MEMCACHE är satt till ”NO” kommer +klientprogram inte använda den snabba cachen i minnet. + + + + + user_attributes (sträng) + + + Några av de ytterligare NSS-respondentbegäranden kan returnera fler attribut +än bara de som definieras av POSIX via NSS-gränssnittet. Listan av attribut +styrs av detta alternativ. Det hanteras på samma sätt som alternativet +user_attributes för InfoPipe-respondenten (se +sssd-ifp 5 + för detaljer) men utan standardvärden. + + + För att förenkla konfigurationen kommer NSS-respondenten kontrollera +InfoPipe-alternativet om det inte är satt för NSS-respondenten. + + + Standard: inte satt, gå tillbaka till InfoPipe-alternativet + + + + + pwfield (sträng) + + + Värdet som NSS-operationer som returnerar användare eller grupper kommer att +returnera i fältet password. + + + Standard: * + + + Observera: detta alternativ kan även sättas per domän vilket åsidosätter +värdet i [nss]-sektionen. + + + Default: not set (remote domains), x (the files domain), + x (proxy domain with nss_files and sssd-shadowutils +target) + + + + + + + PAM-konfigurationsalternativ + + Dessa alternativ kan användas för att konfigurera tjänsten Pluggable +Authentication Module (PAM). + + + + offline_credentials_expiration (heltal) + + + Om autentiseringsleverantören inte är ansluten, hur länge skall vi tillåta +cachade inloggningar (i dagar efter den senaste lyckade uppkopplade +inloggningen). + + + Standard: 0 (ingen gräns) + + + + + + offline_failed_login_attempts (heltal) + + + Om autentiseringsleverantören inte är ansluten, hur många misslyckade +inloggningsförsök är tillåtna. + + + Standard: 0 (ingen gräns) + + + + + + offline_failed_login_delay (heltal) + + + Tiden i minuter som måste förflyta efter att offline_failed_login_attempts +har nåtts före ett nytt inloggningsförsök är möjligt. + + + Om satt till 0 kan inte användaren autentisera om +offline_failed_login_attempts har uppnåtts. Endast en lyckad uppkopplad +autentisering kan aktivera autentisering utan uppkoppling igen. + + + Standard: 5 + + + + + + pam_verbosity (heltal) + + + Styr vilken sorts meddelanden som visas för användaren under +autentisering. Ju högre tal desto fler meddelanden visas. + + + För närvarande stödjs följande värden: + + + 0: visa inte några meddelanden + + + 1: visa endast viktiga meddelanden + + + 2: visa informationsmeddelanden + + + 3: visa alla meddelanden och felsökningsinformation + + + Standard: 1 + + + + + + pam_response_filter (sträng) + + + En kommaseparerad lista av strängar som möjliggör att ta bort (filtrera) +data skickat av PAM-respondenten till pam_sss-PAM-modulen. Det finns olika +sorters svar skickade till pam_sss, t.ex. meddelanden som visas för +användaren eller miljövariabler som skall sättas av pam_sss. + + + Medan meddelanden redan kan styras med hjälp av alternativet pam_verbosity +gör detta alternativ att man kan filtrera ut andra sorters svar dessutom. + + + För närvarande stödjs följande filter: + ENV + Skicka inte några miljövariabler till någon tjänst. + + ENV:varnamn + Skicka inte miljövariabeln varnamn till någon tjänst. + + ENV:varnamn:tjänst + Skicka inte miljövariabeln varnamn till tjänst. + + + + + Listan av strängar kan antingen vara listan av filter vilka skulle sätta +denna lista av filter och åsidosätta standardvärdet. Eller så kan varje +element i listan ha ett tecken ”+” eller ”-” som prefix vilket skulle lägga +till filtret till det befintliga standardvärdet respektive ta bort det från +standardvärdet. Observera att antingen måste alla listelement ha ett ”+” +eller ”-” eller inget av dem. Det ses som ett fel att blanda båda sätten. + + + Standard: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i + + + Exempel: -ENV:KRB5CCNAME:sudo-i kommer ta bort det filtret från +standardlistan + + + + + + pam_id_timeout (heltal) + + + För alla PAM-begäranden när SSSD är uppkopplat kommer SSSD försöka att +omedelbart uppdatera cachad identitetsinformation för användaren för att se +till att autentisering sker med den senaste informationen. + + + En fullständig PAM-konversation kan utföra flera PAM-begäranden såsom +hantering av konto och öppning av en session. Detta alternativ styr (på +per-klientprogrambasis) hur länge (i sekunder) vi kan cacha +identitetsinformationen för att undvika överdrivna rundturer till +identitetsleverantören. + + + Standard: 5 + + + + + + pam_pwd_expiration_warning (heltal) + + + Visa en varning N dagar före lösenordet går ut. + + + Observera att bakändeservern måste leverera information om utgångstiden för +lösenordet. Om denna information saknas kan sssd inte visa någon varning. + + + Om noll anges tillämpas inte detta filter, d.v.s. om utgångsvarningen +mottogs från bakändeserver kommer den automatiskt visas. + + + Denna inställning kan åsidosättas genom att sätta +pwd_expiration_warning för en viss domän. + + + Standard: 0 + + + + + get_domains_timeout (heltal) + + + Anger tiden i sekunder under vilken listan av underdomäner kommer betraktas +som giltiga. + + + Standard: 60 + + + + + pam_trusted_users (sträng) + + + Anger den kommaseparerade listan av AID-värden eller användarnamn som +tillåts köra PAM-konverteringar mot betrodda domäner. Användare som inte är +inkluderade i denna lista kan endast komma åt domäner som är markerade som +publika med pam_public_domains. Användarnamn slås upp till +UID vid uppstart. + + + Standard: alla användare betraktas som betrodda som standard + + + Observera att AID 0 alltid tillåts komma åt PAM-respondenten även ifall den +inte är i listan pam_trusted_users. + + + + + pam_public_domains (sträng) + + + Anger den kommaseparerade listan över domännamn som är åtkomliga även för ej +betrodda användare. + + + Två speciella värden för alternativet pam_public_domains är definierade: + + + all (Ej betrodda användare tillåts komma åt alla domäner i +PAM-respondenten.) + + + none (Ej betrodda användare tillåts inte att komma åt några domäner i +PAM-respondenten.) + + + Standard: none + + + + + pam_account_expired_message (sträng) + + + Gör att det går att ange ett anpassat utgångsmeddelande som ersätter +standardmeddelandet ”åtkomst nekas”. + + + Observera: var medveten om att meddelandet endast skrivs för tjänsten SSH om +inte pam_verbosity är satt till 3 (visa alla meddelanden och +felsökningsinformation). + + + exempel: +pam_account_expired_message = Kontot är utgånget, kontakta kundtjänsten. + + + + Standard: none + + + + + pam_account_locked_message (sträng) + + + Gör att det går att ange ett anpassat utlåsningsmeddelande som ersätter +standardmeddelandet ”åtkomst nekas”. + + + exempel: +pam_account_locked_message = Kontot är låst, kontakta kundtjänsten. + + + + Standard: none + + + + + pam_passkey_auth (bool) + + + Enable passkey device based authentication. + + + Standard: False + + + + + passkey_debug_libfido2 (bool) + + + Enable libfido2 library debug messages. + + + Standard: False + + + + + pam_cert_auth (bool) + + + Aktivera certifikatbaserad smartkortsautentisering. Eftersom detta +förutsätter ytterligare kommunikation med smartkortet vilket kommer fördröja +autentiseringsprocessen är detta alternativ avaktiverat som standard. + + + Standard: False + + + + + pam_cert_db_path (sträng) + + + Sökvägen till certifikatdatabasen. + + + Standard: + + /etc/sssd/pki/sssd_auth_ca_db.pem (sökväg till en fil med betrodda +CA-certifikat i PEM-format) + + + + + + + + pam_cert_verification (sträng) + + + Med denna parameter kan verifieringen av PAM-certifikatet justeras med en +kommaseparerad lista av alternativ som åsidosätter värdet på +certificate_verification i sektionen +[sssd]. Flaggor som stödjs är samma som för +certificate_verification. + + + exempel: +pam_cert_verification = partial_chain + + + + Standard: inte satt, d.v.s. använd standardvärdet +certificate_verification definierat i sektionen +[sssd]. + + + + + p11_child_timeout (heltal) + + + Hur många sekunder pam_sss kommer vänta på p11_child att avsluta. + + + Standard: 10 + + + + + passkey_child_timeout (integer) + + + How many seconds will the PAM responder wait for passkey_child to finish. + + + Standard: 15 + + + + + pam_app_services (sträng) + + + Vilken PAM-tjänster tillåts att kontakta domäner av typen +application + + + Standard: inte satt + + + + + pam_p11_allowed_services (heltal) + + + En kommaseparerad lista av PAM-tjänstenamn för vilka det kommer vara +tillåtet att använda smarta kort. + + + Det är möjligt att lägga till ett annat PAM-tjänstenamn till +standarduppsättningen genom att använda +tjänstenamn eller +att uttryckligen ta bort ett PAM-tjänstenamn från standarduppsättningen +genom att använda -tjänstenamn. Till exempel, för att byta ut +ett standard-PAM-tjänstenamn för autentisering med smarta kort +(t.ex. login) mot ett anpassat PAM-tjänstenamn +(t.ex. min_pam-tjänst) skulle man använda följande +konfiguration: +pam_p11_allowed_services = +min_pam-tjänst, -login + + + + Standard: standarduppsättningen av PAM-tjänstenamn innefattar: + + + + login + + + + + su + + + + + su-l + + + + + gdm-smartcard + + + + + gdm-password + + + + + kdm + + + + + sudo + + + + + sudo-i + + + + + gnome-screensaver + + + + + + + + p11_wait_for_card_timeout (heltal) + + + Om smartkortsautentisering krävs hur många extra sekunder utöver +p11_child_timeout PAM-respondenten skall vänta på att ett smartkort sätts +in. + + + Standard: 60 + + + + + p11_uri (sträng) + + + PKCS#11 URI (se RFC-7512 för detaljer) som kan användas för att begränsa +urvalet av enheter som används för smartkortsautentisering. Som standard +kommer SSSD:s p11_child söka efter ett PKCS#11-fack (läsare) där flaggan +”removable” är satt och läsa certifikaten från det insatta elementet från +det första facket som hittas. Om flera läsare är anslutna kan p11_uri +användas för att säga till p11_child att använda en specifik läsare. + + + Exempel: +p11_uri = pkcs11:slot-description=Min%20smartkortsläsare + eller +p11_uri = pkcs11:library-description=OpenSC%20smartkortsramverk;slot-id=2 + För att hitta en lämplig URI, kontrollera +felsökningsutdata från p11_child. Som ett alternativ kommer GnuTLS-verktyget +”p11tool” med t.ex. ”--list-all” visa även PKCS#11 URI:er. + + + Standard: none + + + + + pam_initgroups_scheme + + + PAM-respondenten kan framtvinga en uppkopplad uppslagning för att ta fram de +aktuella gruppmedlemskapen för användaren som försöker logga in. Denna +flagga styr när detta skall göras och följande värden är tillåtna: + + always + Gör alltid en uppkopplad uppslagning, observera att pam_id_timeout +fortfarande gäller + + no_session + Gör bara en uppkopplad uppslagning om det inte finns någon aktiv session för +användaren, d.v.s. om användaren inte är inloggad för närvarande + + never + Gör aldrig uppkopplade uppslagningar, använd data från cachen så länge de +inte har gått ut + + + + + Standard: no_session + + + + + pam_gssapi_services + + + Kommaseparerad lista över PAM-tjänster som tillåts att försöka med +GSSAPI-autentisering med modulen pam_sss_gss.so. + + + För att avaktivera GSSAPI-autentisering, sätt denna lista till +- (streck). + + + Observera: denna flagga kan även sättas per domän vilket skriver över värdet +i sektionen [pam]. Det kan också sättas för betrodda domäner vilket skriver +över värdet i domänsektionen. + + + Exempel: +pam_gssapi_services = sudo, sudo-i + + + + Standard: - (GSSAPI-autentisering är avaktiverat) + + + + + pam_gssapi_check_upn + + + Om sant kommer SSSD kräva att det Kerberos användarhuvudmansnamn som lyckats +autentisera via GSSAPI kan associeras med användaren som +autentiseras. Autentisering kommer misslyckas om kontrollen misslyckas. + + + Om falskt kommer varje användare som kan få den begärda biljetten att +autentiseras. + + + Observera: denna flagga kan även sättas per domän vilket skriver över värdet +i sektionen [pam]. Det kan också sättas för betrodda domäner vilket skriver +över värdet i domänsektionen. + + + Standard: True + + + + + pam_gssapi_indicators_map + + + Kommaseparerad lista över autentiseringsindikatorer som måste finnas i en +Kerberos-biljett för att komma åt en PAM-tjänst som får prova +GSSAPI-autentisering med modulen pam_sss_gss.so. + + + Varje element i listan kan antingen vara ett autentiseringsindikatornamn +eller ett par tjänst:indikator. Indikatorer som inte har +PAM-tjänsten som prefix kommer krävas för att komma åt någon PAM-tjänst alls +som är konfigurerad att användas med +. En resulterande lista över indikatorer +per PAM-tjänst kontrolleras sedan mot indikatorer i Kerberos-biljetten under +autentisering via pam_sss_gss.so. Om någon indikator från biljetten matchar +den resulterande listan av indikatorer för PAM-tjänsten så ges åtkomst. Om +ingen av indikatorerna i listan matchar, kommer åtkomst nekas. Om den +resulterande listan av indikatorer för PAM-tjänsten är tom kommer kontrollen +inte att förhindra åtkomsten. + + + För att avaktivera indikatorkontrollen med GSSAPI-autentisering, sätt denna +flagga till - (streck). För att avaktivera kontrollen för en +specifik PAM-tjänst, lägg till tjänst:-. + + + Observera: denna flagga kan även sättas per domän vilket skriver över värdet +i sektionen [pam]. Det kan också sättas för betrodda domäner vilket skriver +över värdet i domänsektionen. + + + Följande autentiseringsindikatorer stödjs av IPA-Kerberosinstallationer: + + + pkinit — förautentisering med X.509-certifikat — oavsett om de lagrats i +filer eller på smarta kort. + + + hardened — SPAKE-förautentisering eller godtycklig förautentisering inslagen +i en FAST-kanal. + + + radius — förautentisering med hjälp av en RADIUS-server. + + + otp — förautentisering med användning av integrerad tvåfaktorautentisering +(2FA eller engångslösenord, OTP) i IPA. + + + idp — förautentisering med extern identitetsleverantör. + + + + + Exempel: för att begära åtkomst till SUDO-tjänster endast för användare som +fick sina Kerberos-biljetter med förautentisering med ett X.509-certifikat +(PKINIT), sätt +pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit + + + + Standard: inte satt (användning av autentiseringsindikatorer krävs inte) + + + + + + + + SUDO-konfigurationsalternativ + + Dessa alternativ kan användas för att konfigurera tjänsten sudo. De +detaljerade instruktionerna för konfiguration av +sudo 8 +för att fungera med sssd +8 finns i manualsidan +sssd-sudo 5 +. + + + + sudo_timed (bool) + + + Huruvida attributen sudoNotBefore och sudoNotAfter som implementerar +tidsberoende sudoers-poster skall evalueras eller inte. + + + Standard: false + + + + + + + sudo_threshold (heltal) + + + Maximalt antal utgångna regler som kan uppdateras på en gång. Om antalet +utgångna regler är under gränsen uppdateras dessa regler med mekanismen +regeluppdatering. Om gränsen överskrids triggas en +fullständig uppdatering av sudo-regler istället. Detta +gränsvärde gäller även IPA-sudo-kommandon och kommandogruppsökningar. + + + Standard: 50 + + + + + + + + AUTOFS-konfigurationsalternativ + + Dessa alternativ kan användas för att konfigurera tjänsten autofs. + + + + autofs_negative_timeout (heltal) + + + Anger hur många sekunder autofs-respondenten cachar negativa cacheträffar +(det vill säga, frågor om ogiltiga mappningsposter, som sådana som inte +finns) innan bakänden tillfrågas igen. + + + Standard: 15 + + + + + + + + + SSH-konfigurationsalternativ + + Dessa alternativ kan användas för att konfigurera tjänsten SSH. + + + + ssh_hash_known_hosts (bool) + + + Huruvida värdnamn och adresser i den hanterade filen known_hosts skall göras +till kontrollsummor eller inte. + + + Standard: false + + + + + ssh_known_hosts_timeout (heltal) + + + Hur många sekunder en värd behålls i den hanterade filen known_hosts efter +att dess värdnycklar begärdes. + + + Standard: 180 + + + + + ssh_use_certificate_keys (bool) + + + Om satt till true kommer sss_ssh_authorizedkeys returnera +ssh-nycklar härledda från den publika nyckeln i X.509-certifikat även +lagrade i användarposten. Se +sss_ssh_authorizedkeys +1 för detaljer. + + + Standard: true + + + + + ssh_use_certificate_matching_rules (sträng) + + + Som standard kommer ssh-respondenten använda alla tillgängliga +certifikatmatchningsregler för att filtrera certifikaten så att ssh-nycklar +bara härleds från de matchande. Med denna flagga kan de använda reglerna +begränsas med en kommaseparerad lista av avbildningar och matchande +regelnamn. Alla andra regler kommer ignoreras. + + + Det finns två speciella nyckelord ”all_rules” och ”no_rules” som kommer +aktivera alla respektive inga regler. Det senare betyder att inga certifikat +kommer filtreras ut och att ssh-nycklar kommer genereras från alla giltiga +certifikat. + + + Om inga regler är konfigurerade kommer att använda ”all_rules” aktivera en +standardregel som aktiverar alla certifikat som passar +klientautentiseringen. Detta är samma beteende som för PAM-respondenten om +certifikatautentisering är aktiverat. + + + Ett namn på en regel som inte finns anses som ett fel. Om som ett resultat +ingen regel blir vald kommer alla certifikat ignoreras. + + + Standard: inte satt, likvärdigt med ”all_rules”, alla regler som finns eller +standardregeln används + + + + + ca_db (sträng) + + + Sökväg till lagring av betrodda CA-certifikat. Alternativet används för att +validera användarcertifikat före publika ssh-nycklar härleds från dem. + + + Standard: + + /etc/sssd/pki/sssd_auth_ca_db.pem (sökväg till en fil med betrodda +CA-certifikat i PEM-format) + + + + + + + + + + + PAC-respondentskonfigurationsalternativ + + PAC-respondenten fungerar tillsammans med insticksmodulen för +auktoriseringsdata för MIT Kerberos sssd_pac_plugin.so och en +underdomänsleverantör. Insticksmodulen skickar PAC-data under en +GSSAPI-autentisering till PAC-respondenten. Underdomänsleverantören samlar +domän-SID och ID-intervall för domänen klienten går med i och från betrodda +domäner från den lokala domänhanteraren. Om PAC:en är avkodad och beräknad +kommer några av följande operationer att göras: + + Om fjärranvändaren inte finns i cachen skapas den. AID:t avgörs med hjälp av +SID:t, betrodda domäner kommer ha UPG:er och GID:t kommer ha samma värde som +AID:t. Hemkatalogen är satt baserat på parametern subdomain_homedir. Skalet +kommer vara tomt som standard, d.v.s. systemstandarden används, men kan +skrivas över med parametern default_shell. + + Om det finns SID:er av grupper från domäner sssd känner till kommer +användaren läggas till i dessa grupper. + + + + + Dessa alternativ kan användas för att konfigurera PAC-respondenten. + + + + allowed_uids (sträng) + + + Anger den kommaseparerade listan av AID-värden eller användarnamn som +tillåts använda PAC-respondenten. Användarnamn slås upp till AID:er vid +uppstart. + + + Standard: 0 (endast root-användaren tillåts komma åt PAC-respondenten) + + + Observera att även om AID 0 används som standard kommer det att skrivas över +av detta alternativ. Om du fortfarande vill tillåta root-användaren att +komma åt PAC-respondenten, vilket man typiskt vill, måste du lägga till även +0 i listan av tillåtna AID:er. + + + + + pac_lifetime (heltal) + + + Livslängd på PAC-posterna i sekunder. Så länge som PAC:en är giltig kan +PAC-datan användas för att avgöra gruppmedlemskap för en användare. + + + Standard: 300 + + + + + pac_check (sträng) + + + Använd ytterligare kontroller på PAC:en i Kerberosbiljetten som är +tillgängliga i Active Directory och FreeIPA-domäner, om +konfigurerat. Observera att validering av Kerberosbiljetten måste aktiveras +för att kunna kontrollera PAC:en, d.v.s. alternativet krb5_validate måste +vara satt till ”True” vilket är standardvärdet för leverantörerna IPA och +AD. Om krb5_validate är satt till ”False” kommer PAC-kontrollerna hoppas +över. + + + Följande alternativ kan användas ensamma eller i en kommaseparerad lista: + + + no_check + + PAC:en får inte finnas och även om den finns kommer inga ytterligare +kontroller att göras. + + + + pac_present + + PAC:en måste finnas i tjänstebiljetten som SSSD kommer begära med hjälp av +användarens TGT. Om PAC:en inte är tillgänglig kommer autentiseringen att +misslyckas. + + + + + check_upn + + Om PAC:en finns kontrollera om informationen om användarens huvudmannanamn +(UPN) är konsistent. + + + + check_upn_allow_missing + + Detta alternativ skall användas tillsammans med ”check_upn” och haterar +fallet då en UPN är satt på serversidan men inte läses av SSSD. Det typiska +exemplet är en FreeIPA-domän där ”ldap_user_principal” är satt till ett +attributnamn som inte finns. Detta gjordes typiskt för att gå runt problem i +hanteringen av företagshuvudmän. Men detta är rättat sedan ganska lång tid +tillbaka och FreeIPA kan hantera företagshuvudmän utan problem och det finns +inte längre någon anledning att sätta ”ldap_user_principal”. + För närvarande är detta alternativ satt som standard för att undvika +regressioner i sådana miljöer. Ett loggmeddelande kommer läggas till i +systemloggen och SSSD:s felsökningslogg ifall en UPN finns i PAC:en men +inte i SSSD:s cache. För att undvika detta loggmeddelande vore det bäst att +avgöra om alternativet ”ldap_user_principal” kan tas bort. Om detta inte är +möjligt kommer att ta bort ”check_upn” hoppa över testen och undvika +loggmeddelandet. + + + + upn_dns_info_present + + PAC:en måste innehålla bufferten UPN-DNS-INFO, implicerar ”check_upn”. + + + + check_upn_dns_info_ex + + Om PAC:en finns och utökningen till bufferten UPN-DNS-INFO är tillgänglig +kontrollera om informationen i utökningen är konsistent. + + + + upn_dns_info_ex_present + + PAC:en måste innehålla utökningen av bufferten UPN-DNS-INFO, implicerar +”check_upn_dns_info_ex”, ”upn_dns_info_present” och ”check_upn”. + + + + + + + Standard: no_check (AD- och IPA-leverantörerna ”check_upn, +check_upn_allow_missing, check_upn_dns_info_ex”) + + + + + + + + Konfigurationsalternativ för inspelning av sessioner + + Inspelning av sessioner fungerar tillsammans med +tlog-rec-session 8 +, en del av paketet tlog, för att logga vad användaren ser +och skriver när de är inloggade på en textterminal. Se även +sssd-session-recording +5 . + + + Dessa alternativ kan användas för att konfigurera inspelning av sessioner. + + + + scope (sträng) + + + En av följande strängar anger utsträckningen för inspelning av sessioner: + + + ”none” + + + Inga användare spelas in. + + + + + ”some” + + + Användare/grupper angivna i alternativen users +och groups spelas in. + + + + + ”all” + + + Alla användare spelas in. + + + + + + + Standard: ”none” + + + + + users (sträng) + + + En kommaseparerad lista över användare vilka skall ha inspelning av +sessioner aktiverat. Matchar användarnamn som de returneras av +NSS. D.v.s. efter eventuellt utbyte av mellanslag, ändring av skiftläge, +etc. + + + Standard: Tomt. Matchar inte några användare. + + + + + groups (sträng) + + + En kommaseparerad lista över gruppmedlemmar vilka skall ha inspelning av +sessioner aktiverat. Matchar gruppnamn som de returneras av +NSS. D.v.s. efter eventuellt utbyte av mellanslag, ändring av skiftläge, +etc. + + + OBSERVERA: att använda detta alternativ (ha det satt till något) har en +betydande prestandakostnad, ty varje begäran som inte cachas för en +användare måste hämtas och matchas mot grupperna användaren är en medlem i. + + + Standard: Tom. Matchar inga grupper. + + + + + exclude_users (sträng) + + + En kommaseparerad lista av användare att undanta från inspelning, endast +tillämpligt med ”scope=all”. + + + Standard: Tomt. Inga användare uteslutna. + + + + + exclude_groups (sträng) + + + En kommaseparerad lista av grupper vars medlemmar skall undantas från +inspelning. Endast tillämpligt med ”scope=all”. + + + OBSERVERA: att använda detta alternativ (ha det satt till något) har en +betydande prestandakostnad, ty varje begäran som inte cachas för en +användare måste hämtas och matchas mot grupperna användaren är en medlem i. + + + Standard: Tom. Inga grupper uteslutna. + + + + + + + + + + DOMÄNSEKTIONER + + Dessa konfigurationsalternativ kan finnas i en domänkonfigurationssektion, +det vill säga en sektion som heter +[domain/NAMN] + + aktiverat + + + Aktivera eller avaktivera uttryckligen domänen. Om true är +domänen alltid aktiverad. Om false är domänen +alltid avaktiverad. Om denna flagga inte är satt är domänen +aktiverad endast om den är listad i domänflaggan i sektionen +[sssd]. + + + + + + domain_type (sträng) + + + Anger huruvida domänen är avsedd att användas av POSIX-kunniga klienter +såsom Name Service Switch eller av program som inte behöver att POSIX-data +finns eller genereras. Endast objekt från POSIX-domäner är tillgängliga för +operativsystemets gränssnitt och verktyg. + + + Tillåtna värden på detta alternativ är posix och +application. + + + POSIX-domäner kan nås av alla tjänster. Programdomäner kan endast nås från +InfoPipe-respondenten (se +sssd-ifp 5 +) och PAM-respondenten. + + + OBSERVERA: Programdomänerna är för närvarande bara vältestade med +id_provider=ldap. + + + För ett lätt sätt att konfigurera en icke-POSIX-DOMÄN, se avsnittet +Programdomäner. + + + Standard: posix + + + + + + min_id,max_id (heltal) + + + AID- och GID-gränser för domänen. Om en domän innehåller en post som ligger +utanför dessa gränser ignoreras den. + + + För användare påverkar detta gränsen för det primära GID:t. Användaren +kommer inte returneras till NSS om antingen AID:t eller det primära GID:t +ligger utanför intervallet. För icke primära gruppmedlemskap kommer de som +ligger i intervallet rapporteras som förväntat. + + + Dessa ID-gränser påverkar även när poster sparas till cachen, inte endast +när de returneras via namn eller ID. + + + Standard: 1 för min_id, 0 (ingen gräns) för max_id + + + + + + enumerate (bool) + + + Bestämmer om en domän kan räknas upp, det vill säga, huruvida domänen kan +lista alla användare och grupper den innehåller. Observera att det inte är +nödvändigt att aktivera uppräkning för att sekundära grupper skall +visas. Denna parameter kan ha ett av följande värden: + + + TRUE = Användare och grupper räknas upp + + + FALSE = Inga uppräkningar för denna domän + + + Standard: FALSE + + + Att räkna upp en domän tvingar SSSD att hämta och lagra ALLA användar- och +grupposter från fjärrservern. + + + Obs: att aktivera uppräkning har en måttlig påverkan på prestandan hos SSSD +medan uppräkningen pågår. Det kan ta upp till flera minuter efter att SSSD +startat upp för att helt fullborda uppräkningar. Under denna tid kommer +enskilda begäranden om information att gå direkt till LDAP, fast det kan +vara långsamt på grund av den tunga bearbetningen av uppräkningen. Att +spara ett stort antal poster i cachen efter att uppräkningen är klar kan +också vara CPU-intensivt eftersom medlemskap måste beräknas om. Detta kan +leda till att processen sssd_be blir oåtkomlig eller till och +med startas om av den interna vakthunden. + + + Medan den första uppräkningen körs kan begäranden om den fullständiga +användar- eller grupplistan returnera utan resultat tills den är färdig. + + + Vidare, att aktivera uppräkning kan öka tiden som behövs för att upptäcka +urkoppling av nätverk, eftersom längre tidsgränser behövs för att +säkerställa att uppräkningsuppslagningarna blir klara som de skall. För mer +information, se manualsidorna för den specifika id-leverantören som används. + + + Av ovan nämnda skäl rekommenderas inte att aktivera uppräkning, särskilt i +stora miljöer. + + + + + + subdomain_enumerate (sträng) + + + Huruvida några av de automatiskt upptäckta betrodda domänerna skall räknas +upp. De värden som stödjs är + + all + Alla upptäckta betrodda domäner kommer räknas upp + + + none + Inga upptäckta betrodda domäner kommer räknas upp + + Om så +önskas kan en lista med en eller flera domännamn aktivera uppräkning bara +för dessa betrodda domäner. + + + Standard: none + + + + + + entry_cache_timeout (heltal) + + + Hur många sekunder nss_sss skall anse poster giltiga före den frågar +bakänden igen + + + Tidsstämplarna för när cachen går ut lagras som attribut på de enskilda +objekten i cachen. Därför har ändringar av tidsgränsen för cachen endast +effekt för nyligen tillagda eller utgångna poster. Du skall köra verktyget + sss_cache +8 för att tvinga fram en uppdatering +av poster som redan har cachats. + + + Standard: 5400 + + + + + + entry_cache_user_timeout (heltal) + + + Hur många sekunder nss_sss skall anse användarposter giltiga före den frågar +bakänden igen + + + Standard: entry_cache_timeout + + + + + + entry_cache_group_timeout (heltal) + + + Hur många sekunder nss_sss skall anse grupposter giltiga före den frågar +bakänden igen + + + Standard: entry_cache_timeout + + + + + + entry_cache_netgroup_timeout (heltal) + + + Hur många sekunder nss_sss skall anse nätgruppsposter giltiga före den +frågar bakänden igen + + + Standard: entry_cache_timeout + + + + + + entry_cache_service_timeout (heltal) + + + Hur många sekunder nss_sss skall anse tjänsteposter giltiga före den frågar +bakänden igen + + + Standard: entry_cache_timeout + + + + + + entry_cache_resolver_timeout (heltal) + + + Hur många sekunder nss_sss skall anse värd- och nätgruppsposter giltiga före +den frågar bakänden igen + + + Standard: entry_cache_timeout + + + + + + entry_cache_sudo_timeout (heltal) + + + Hur många sekunder sudo skall anse regler giltiga före den frågar bakänden +igen + + + Standard: entry_cache_timeout + + + + + + entry_cache_autofs_timeout (heltal) + + + Hur många sekunder tjänsten autofs skall anse automatmonteringskartor +giltiga före den frågar bakänden igen + + + Standard: entry_cache_timeout + + + + + + entry_cache_ssh_host_timeout (heltal) + + + Hur många sekunder en värds ssh-nyckel behålls efter en +uppdatering. D.v.s. hur länge värdnyckeln skall cachas. + + + Standard: entry_cache_timeout + + + + + + entry_cache_computer_timeout (heltal) + + + Hur många sekunder som den lokala datorns post sparas före bakänden frågas +igen + + + Standard: entry_cache_timeout + + + + + + refresh_expired_interval (heltal) + + + Anger hur många sekunder SSSD måste vänta före en uppdateringsuppgift +startas i bakgrunden som kommer uppdatera alla utgångna eller nästan +utgångna poster. + + + Bakgrundsuppdateringen kommer behandla användare, grupper och nätgrupper i +cachen. För användare som har utfört operationen initgroups (hämta +gruppmedlemskap för en användare, normalt kört vid inloggning) tidigare +uppdateras både användarposten och gruppmedlemskapet. + + + Denna flagga ärvs automatiskt för alla betrodda domäner. + + + Du kan överväga att sätta detta värde till ¾ · entry_cache_timeout. + + + Cacheposter kommer uppdateras av ett bakgrundsjobb när ⅔ av cachetidsgränsen +redan har gått. Om det finns cachade poster kommer bakgrundsjobbet referera +till deras urpsprungliga cachetidsgränsvärden istället för det aktuella +konfiguartionsvärdet. Detta kan leda till en situation där +bakgrundsuppdateringsjobbet förefaller inte fungera. Detta är gjort med +avsikt för att förbättra funktionen i frånkopplat läge och återanvändning av +giltiga cacheposter. För att göra denna ändring omedelbart kan användaren +vilja manuellt invalidera den befintliga cachen. + + + Standard: 0 (avaktiverat) + + + + + + cache_credentials (bool) + + + Determines if user credentials are also cached in the local LDB cache. The +cached credentials refer to passwords, which includes the first (long term) +factor of two-factor authentication, not other authentication +mechanisms. Passkey and Smartcard authentications are expected to work +offline as long as a successful online authentication is recorded in the +cache without additional configuration. + + + Take a note that while credentials are stored as a salted SHA512 hash, this +still potentially poses some security risk in case an attacker manages to +get access to a cache file (normally requires privileged access) and to +break a password using brute force attack. + + + Standard: FALSE + + + + + + cache_credentials_minimal_first_factor_length (heltal) + + + Om 2-faktorautentisering (2FA) används och kreditiv skall sparas avgör detta +värde den minsta längden den första autentiseringsfaktorn (långvarigt +lösenord) måste ha för att sparas som en SHA512-kontrollsumma i cachen. + + + Detta skall undvika att de korta PIN:arna i ett PIN-baserat 2FA-arrangemang +sparas i cachen vilket skulle gjort dem till lätta mål för uttömmande +attacker. + + + Standard: 8 + + + + + + account_cache_expiration (heltal) + + + Antal dagar poster sparas i cachen efter den senaste lyckade inloggningen +före de tas bort under en rensning av cachen. 0 betyder behåll för alltid. +Värdet på denna parameter måste vara större än eller lika med +offline_credentials_expiration. + + + Standard: 0 (obegränsat) + + + + + pwd_expiration_warning (heltal) + + + Visa en varning N dagar före lösenordet går ut. + + + Om noll anges tillämpas inte detta filter, d.v.s. om utgångsvarningen +mottogs från bakändeserver kommer den automatiskt visas. + + + Observera att bakändeservern måste leverera information om utgångstiden för +lösenordet. Om denna information saknas kan sssd inte visa någon varning. +Dessutom måste en autentiseringsleverantör ha konfigurerats för bakänden. + + + Standard: 7 (Kerberos), 0 (LDAP) + + + + + + id_provider (sträng) + + + Identifikationsleverantören som används för domänen. ID-leverantörer som +stödjs är: + + + proxy: Stöd en tidigare NSS-leverantör. + + + files: FIL-leverantör. Se +sssd-files 5 + för mer information om hur lokala användare och grupper kan +speglas in i SSSD. + + + ldap: LDAP-leverantör. Se +sssd-ldap 5 + för mer information om att konfigurera LDAP. + + + ipa: FreeIPA and Red Hat Identity Management provider. See + sssd-ipa +5 for more information on configuring +FreeIPA. + + + ad: Active Directory-leverantör. Se +sssd-ad 5 + för mer information om att konfigurera Active Directory. + + + + + + use_fully_qualified_names (bool) + + + Använd det fullständiga namnet och domänen (formaterat med domänens +full_name_format) som användarens inloggningsnamn rapporterat till NSS. + + + Om satt till TRUE måste alla begäranden till denna domän använda +fullständigt kvalificerade namn. Till exempel, om använt i en domän LOKAL +som innehåller en användare ”test”, skulle getent passwd +test inte hitta användaren medan getent passwd +test@LOKAL skulle det. + + + OBSERVERA: Detta alternativ har ingen effekt på nätgruppsuppslagningar på +grund av deras tendens att innehålla nästade nätgrupper utan kvalificerade +namn. För nätgrupper kommer alla domäner sökas igenom när ett okvalificerat +namn begärs. + + + Standard: FALSE (TRUE för betrodda domäner/underdomäner eller om +default_domain_suffix används) + + + + + ignore_group_members (bool) + + + Returnera inte gruppmedlemmar för gruppuppslagningar. + + + Om satt till TRUE begärs inte attributet gruppmedlemskap från ldap-servern, +och gruppmedlemmar returneras inte vid behandling av gruppuppslagningsanrop, +såsom getgrnam +3 eller +getgrgid 3 +. Som en effekt skulle getent group +$groupname returnera den begärda gruppen som om den vore tom. + + + Att aktivera detta alternativ kan även göra kontroller av gruppmedlemskap +hos åtkomstleverantören väsentligt snabbare, särskilt för grupper som +innehåller många medlemmar. + + + Detta alternativ kan även sättas per underdomän eller ärvt via +subdomain_inherit. + + + Standard: FALSE + + + + + auth_provider (sträng) + + + Autentiseringsleverantören som används för domänen. Leverantörer som stödjs +är: + + + ldap för inbyggd LDAP-autentisering. Se +sssd-ldap 5 + för mer information om att konfigurera LDAP. + + + krb5 för Kerberosautentisering. Se +sssd-krb5 5 + för mer information om att konfigurera Kerberos. + + + ipa: FreeIPA and Red Hat Identity Management provider. See + sssd-ipa +5 for more information on configuring +FreeIPA. + + + ad: Active Directory-leverantör. Se +sssd-ad 5 + för mer information om att konfigurera Active Directory. + + + proxy för att skicka vidare autentiseringen till något annat +PAM-mål. + + + none avaktiverar explicit autentisering. + + + Standard: id_provider används om det är satt och kan hantera +autentiseringsbegäranden. + + + + + access_provider (sträng) + + + Leverantören av åtkomstkontroll för domänen. Det finns två inbyggda +åtkomstleverantörer (utöver alla inkluderade i installerade bakändar). +Interna specialleverantörer är: + + + permit tillåt alltid åtkomst. Det är den enda tillåtna +åtkomstleverantören för en lokal domän. + + + deny neka alltid åtkomst. + + + ldap för inbyggd LDAP-autentisering. Se +sssd-ldap 5 + för mer information om att konfigurera LDAP. + + + ipa: FreeIPA and Red Hat Identity Management provider. See + sssd-ipa +5 for more information on configuring +FreeIPA. + + + ad: Active Directory-leverantör. Se +sssd-ad 5 + för mer information om att konfigurera Active Directory. + + + simple åtkomstkontroll baserat på åtkomst- eller +nekandelistor. Se sssd-simple +5 för mer information om att +konfigurera åtkomstmodulen simple. + + + krb5: .k5login-baserad åtkomstkontroll. Se +sssd-krb5 5 + för mer information om att konfigurera Kerberos. + + + proxy för att skicka vidare åtkomstkontroll till någon annan +PAM-modul. + + + Standard: permit + + + + + chpass_provider (sträng) + + + Leverantören som skall hantera lösenordsändringar för domänen. Leverantörer +av lösenordsändring som stödjs är: + + + ldap för att ändra lösenord lagrade i en LDAP-server. Se + sssd-ldap +5 för mer information om att +konfigurera LDAP. + + + krb5 för att ändra Kerberoslösenordet. Se +sssd-krb5 5 + för mer information om att konfigurera Kerberos. + + + ipa: FreeIPA and Red Hat Identity Management provider. See + sssd-ipa +5 for more information on configuring +FreeIPA. + + + ad: Active Directory-leverantör. Se +sssd-ad 5 + för mer information om att konfigurera Active Directory. + + + proxy för att skicka vidare lösenordsändringar till något +annat PAM-mål. + + + none tillåter uttryckligen inte lösenordsändringar. + + + Standard: auth_provider används om det är satt och kan +hantera begäranden om ändring av lösenord. + + + + + + sudo_provider (sträng) + + + SUDO-leverantören som används för domänen. SUDO-leverantörer som stödjs är: + + + ldap för regler lagrade i LDAP. Se +sssd-ldap 5 + för mer information om att konfigurera LDAP. + + + ipa samma som ldap men med +standardsinställningar för IPA. + + + ad samma som ldap men med +standardsinställningar för AD. + + + none avaktiverar explicit SUDO. + + + Standard: värdet på id_provider används om det är satt. + + + De detaljerade instruktionerna för att konfigurera sudo_provider finns i +manualsidan sssd-sudo +5 . Det finns många +konfigurationsalternativ som kan användas för att justera beteendet. Se +”ldap_sudo_*” i sssd-ldap +5 . + + + OBSERVERA: Sudo-regler hämtas periodiskt i bakgrunden +om inte sudo-leverantören uttryckligen avaktiverats. Ange +sudo_provider = None för att avaktivera all +sudo-relaterad aktivitet i SSSD om du inte vill använda sudo med SSSD alls. + + + + + selinux_provider (sträng) + + + Leverantören som skall hantera inläsning av selinux-inställningar. +Observera att denna leverantör kommer anropas direkt efter att +åtkomstleverantören avslutar. Selinux-leverantörer som stödjs är: + + + ipa för att läsa in selinux-inställningar från en +IPA-server. Se sssd-ipa +5 för mer information om att +konfigurera IPA. + + + none tillåter uttryckligen inte att hämta +selinux-inställningar. + + + Standard: id_provider används om det är satt och kan hantera +begäranden om inläsning av selinux. + + + + + subdomains_provider (sträng) + + + Leverantören som skall hantera hämtandet av underdomäner. Detta värde skall +alltid vara samma som id_provider. Underdomänsleverantörer som stödjs är: + + + ipa för att läsa in en lista av underdomäner från en +IPA-server. Se sssd-ipa +5 för mer information om att +konfigurera IPA. + + + ad för att läsa in en lista av underdomäner från en Active +Directory-server. Se sssd-ad +5 för mer information om att +konfigurera AD-leverantören. + + + none tillåter uttryckligen inte att hämta underdomäner. + + + Standard: värdet på id_provider används om det är satt. + + + + + session_provider (sträng) + + + Leverantören som konfigurerar och hanterar uppgifter relaterade till +användarsessioner. De enda användarsessionsuppgifter som för närvarande +tillhandahålls är integration med Fleet Commander, vilket fungerar endast +med IPA. Sessionsleverantörer som stödjs är: + + + ipa för att utföra uppgifter relaterade till +användarsessioner. + + + none utför inte någon sorts uppgifter relaterade till +användarsessioner. + + + Standard: id_provider används om det är satt och kan utföra +sessionsrelaterade uppgifter. + + + OBSERVERA: För att denna funktion skall fungera som +förväntat måste SSSD köra som ”root” och inte som den oprivilegierade +användaren. + + + + + + autofs_provider (sträng) + + + Autofs-leverantören som används för domänen. Autofs-leverantörer som stödjs +är: + + + ldap för att läsa mappar lagrade i LDAP. Se +sssd-ldap 5 + för mer information om att konfigurera LDAP. + + + ipa för att läsa mappar lagrade i en IPA-server. Se + sssd-ipa +5 för mer information om att +konfigurera IPA. + + + ad för att läsa mappar lagrade i en AD-server. Se + sssd-ad +5 för mer information om att +konfigurera AD-leverantören. + + + none avaktiverar explicit autofs. + + + Standard: värdet på id_provider används om det är satt. + + + + + + hostid_provider (sträng) + + + Leverantören som används för att hämta värdidentitetsinformation. +Värd-id-leverantörer som stödjs är: + + + ipa för att läsa värdidentiteter lagrade i en IPA-server. Se + sssd-ipa +5 för mer information om att +konfigurera IPA. + + + none avaktiverar explicit värd-id:n. + + + Standard: värdet på id_provider används om det är satt. + + + + + + resolver_provider (sträng) + + + Leverantören som skall hantera värd- och +nätverksuppslagningar. Uppslagsleverantörer som stödjs är: + + + proxy för att vidarebefordra uppslagningar till ett annat +NSS-bibliotek. Se proxy_resolver_lib_name + + + ldap för att hämta värdar och nätverk lagrade i LDAP. Se + sssd-ldap +5 för mer information om att +konfigurera LDAP. + + + ldap för att hämta värdar och nätverk lagrade i AD. Se + sssd-ad +5 för mer information om att +konfigurera AD-leverantören. + + + none tillåter uttryckligen inte att hämta värdar och nätverk. + + + Standard: värdet på id_provider används om det är satt. + + + + + + re_expression (sträng) + + + Reguljärt uttryck för denna domän som beskriver hur man skall tolka strängen +som innehåller användarnamnet och domänen in i dessa komponenter. Domänen +kan matcha antingen domännamnet i SSSD-konfigurationen eller, i fallet med +betrodda underdomäner i IPA och Active Directory-domäner, det platta +(NetBIOS) namnet på domänen. + + + Default: +^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>[^@]+))$ +which allows two different styles for user names: + + + användarnamn + + + användarnamn@domän.namn + + + + + Default for the AD and IPA provider: +^(((?P<domain>[^\\]+)\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<name>[^@\\]+)))$ +which allows three different styles for user names: + + + användarnamn + + + användarnamn@domän.namn + + + domän\användarnamn + + + Medan de första två motsvarar det allmänna standardfallet introduceras den +tredje för att tillåta enkel integration av användare från Windows-domäner. + + + The default re_expression uses the @ character as a separator +between the name and the domain. As a result of this setting the default +does not accept the @ character in short names (as it is +allowed in Windows group names). If a user wishes to use short names with +@ they must create their own re_expression. + + + + + full_name_format (sträng) + + + Ett printf +3 -kompatibelt format som beskriver +hur man sätter samman ett fullständigt kvalificerat namn från namn- och +domänkomponenter. + + + Följande utvidgningar stödjs: + + %1$s + användarnamn + + + %2$s + + + domännamn som det anges i SSSD-konfigurationsfilen. + + + + + %3$s + + + platt domännamn. Huvudsakligen användbart för Active Directory-domäner, både +direkt konfigurerade eller hittade via IPA-förtroenden. + + + + + + + Standard: %1$s@%2$s. + + + + + + lookup_family_order (sträng) + + + Ger möjligheten att välja föredragen adressfamilj att använda vid +DNS-uppslagningar. + + + Värden som stödjs: + + + ipv4_first: Försök slå upp IPv4-adresser, om det misslyckas, prova IPv6 + + + ipv4_only: Försök endast slå upp värdnamn som IPv4-adresser. + + + ipv6_first: Försök slå upp IPv6-adresser, om det misslyckas, prova IPv4 + + + ipv6_only: Försök endast slå upp värdnamn som IPv6-adresser. + + + Standard: ipv4_first + + + + + + dns_resolver_server_timeout (heltal) + + + Definierar mängden tid (i millisekunder) SSSD skall försöka att tala med en +DNS-server före den provar nästa DNS-server. + + + AD-leverantören kommer även att använda detta alternativ för +CLDAP-pingtidsgränsen. + + + Se avsnittet RESERVER för mer information om tjänstevalet. + + + Standard: 1000 + + + + + + dns_resolver_op_timeout (heltal) + + + Definierar mängden tid (i sekunder) att vänta på att slå upp en viss +DNS-fråga (t.ex. uppslagning av ett värdnamn eller en SRV-post) före den +provar nästa värdnamn eller DNS-upptäckt. + + + Se avsnittet RESERVER för mer information om tjänstevalet. + + + Standard: 3 + + + + + + dns_resolver_timeout (heltal) + + + Definierar tiden (i sekunder) att vänta på ett svar från den interna +reservtjänsten före man antar att tjänsten inte kan nås. Om denna tidsgräns +nås kommer domänen fortsätta att fungera i frånkopplat läge. + + + Se avsnittet RESERVER för mer information om tjänstevalet. + + + Standard: 6 + + + + + + dns_resolver_use_search_list (bool) + + + Normalt söker DNS-uppslagaren domänlistan som är definierad i direktivet +”search” från filen resolv.conf. Detta kan leda till fördröjningar i miljöer +med felaktigt konfigurerad DNS. + + + Om fullständigt kvalificerade domännamn (eller _srv_) används i +SSSD-konfigurationen kan att sätta detta alternativ till FALSE förhindra +onödiga DNS-uppslagningar i sådana miljöer. + + + Standard: TRUE + + + + + + dns_discovery_domain (sträng) + + + Om tjänsteupptäckt används i bakänden anger domändelen av tjänstens +DNS-fråga om tjänsteupptäckt. + + + Standard: använd domändelen av maskinens värdnamn + + + + + + override_gid (heltal) + + + Ersätt det primära GID-värdet med det angivna. + + + + + + case_sensitive (sträng) + + + Behandla användar- och gruppnamn som skiftlägeskänsliga. De tillgängliga +värdena på alternativen är: + + True + + + Skiftlägeskänsligt. Detta värde är inte giltigt för AD-leverantörer. + + + + + False + + Skiftlägesokänsligt. + + + + Preserving + + + Samma som False (skiftlägesokänsligt), men skiftar inte ner namn i +resultaten från NSS-operationer. Observera att namnalias (och i fallet med +tjänster även protokollnamn) fortfarande skiftas ner i utdata. + + + Om du vill sätta detta värde för en betrodd domän med IPA-leverantör behöver +du sätta det på både klienten och SSSD på servern. + + + + + + + Detta alternativ kan även sättas per underdomän eller ärvt via +subdomain_inherit. + + + Standard: True (False för AD-leverantören) + + + + + + subdomain_inherit (sträng) + + + Anger en lista av konfigurationsparametrar som skall ärvas av underdomänen. +Observera att endast valda parametrar kan ärvas. För närvarande kan +följande alternativ ärvas: + + + ldap_search_timeout + + + ldap_network_timeout + + + ldap_opt_timeout + + + ldap_offline_timeout + + + ldap_enumeration_refresh_timeout + + + ldap_enumeration_refresh_offset + + + ldap_purge_cache_timeout + + + ldap_purge_cache_offset + + + ldap_krb5_keytab (värdet på krb5_keytab kommer användas om inte +ldap_krb5_keytab sätts särskilt) + + + ldap_krb5_ticket_lifetime + + + ldap_enumeration_search_timeout + + + ldap_connection_expire_timeout + + + ldap_connection_expire_offset + + + ldap_connection_idle_timeout + + + ldap_use_tokengroups + + + ldap_user_principal + + + ignore_group_members + + + auto_private_groups + + + case_sensitive + + + Exempel: +subdomain_inherit = ldap_purge_cache_timeout + + + + Standard: none + + + Observera: detta alternativ fungerar endast med leverantörerna IPA och AD. + + + + + + subdomain_homedir (sträng) + + + Använd denna hemkatalog som standardvärde för alla underdomäner inom denna +domän i IPA AD-förtroende. Se override_homedir för +information om möjliga värden. Utöver dessa kan expansionen nedan endast +användas med subdomain_homedir. + + %F + platt (NetBIOS) namn på en underdomän. + + + + + Värdet kan åsidosättas av alternativet +override_homedir. + + + Standard: /home/%d/%u + + + + + realmd_tags (sträng) + + + Diverse taggar lagrade av realmd-konfigurationstjänsten för denna domän. + + + + + cached_auth_timeout (heltal) + + + Anger tiden i sekunder sedan senaste lyckade uppkopplade autentisering under +vilka användaren kommer autentiseras med cachade kreditiv medan SSSD är i +uppkopplat läge. Om kreditiven är felaktiga faller SSSD tillbaka till +uppkopplad autentisering. + + + Detta alternativs värde ärvs av alla betrodda domäner. För närvarande är det +inte möjligt att ange olika värden för varje betrodd domän. + + + Specialvärdet 0 betyder att denna funktion är avaktiverad. + + + Observera att om cached_auth_timeout är längre än +pam_id_timeout kan bakänden anropas för att hantera +initgroups. + + + Standard: 0 + + + + + local_auth_policy (string) + + + Local authentication methods policy. Some backends (i.e. LDAP, proxy +provider) only support a password based authentication, while others can +handle PKINIT based Smartcard authentication (AD, IPA), two-factor +authentication (IPA), or other methods against a central instance. By +default in such cases authentication is only performed with the methods +supported by the backend. + + + There are three possible values for this option: match, only, +enable. match is used to match offline and online states for +Kerberos methods. only ignores the online methods and only +offer the local ones. enable allows explicitly defining the methods for +local authentication. As an example, enable:passkey, only +enables passkey for local authentication. Multiple enable values should be +comma-separated, such as enable:passkey, enable:smartcard + + + Please note that if local Smartcard authentication is enabled and a +Smartcard is present, Smartcard authentication will be preferred over the +authentication methods supported by the backend. I.e. there will be a PIN +prompt instead of e.g. a password prompt. + + + The following configuration example allows local users to authenticate +locally using any enabled method (i.e. smartcard, passkey). +[domain/shadowutils] +id_provider = proxy +proxy_lib_name = files +auth_provider = none +local_auth_policy = only + + + + It is expected that the files provider ignores the +local_auth_policy option and supports Smartcard authentication by default. + + + Default: match + + + + + auto_private_groups (sträng) + + + Detta alternativ tar något av tre tillgängliga värden: + + true + + + Skapa användares privata grupp ovillkorligt från användarens AID-nummer. +GID-numret ignoreras i detta läge. + + + OBSERVERA: Eftersom GID-numret och användarens privata grupp härleds från +AID-numret stödjs det inte att ha flera poster med samma AID- eller +GID-nummer med detta alternativ. Med andra ord, att aktivera detta +alternativ framtvingar unika nummer över hela ID-rymden. + + + + + false + + + Använd alltid användarens primära GID-nummer. GID-numret måste referera till +ett gruppobjekt i LDAP-databasen. + + + + + hybrid + + + En primär grupp autogenereras för användarposter vars AID- och GID-nummer +har samma värde och GID-numret på samma gång inte motsvarar ett verkligt +gruppobjekt i LDAP. Om värdena är samma, men det primära GID:t i +användarposten även används av ett gruppobjekt slås användarens primära GID +upp till det gruppobjektet. + + + Om användarens AID och GID är olika måste GID:t motsvara en gruppost, annars +kan GID:t helt enkelt inte slås upp. + + + Denna funktion är användbar i miljöer som vill sluta underhålla separata +gruppobjekt för användares privata grupper, men även vill behålla de +befintliga användarnas privata grupper. + + + + + + + För underdomäner är standardvärdet False för underdomäner som använder +tilldelade POSIX ID:n och True för underdomäner som använder automatisk +ID-översättning. + + + Värdet på auto_private_groups kan antingen anges per underdomän i en +undersektion, till exempel: +[domain/forest.domain/sub.domain] +auto_private_groups = false + +eller globalt för alla underdomäner i huvuddomänavsnittet genom att använda +alternativet subdomain_inherit: +[domain/forest.domain] +subdomain_inherit = auto_private_groups +auto_private_groups = false + + + + + + + + + Giltiga alternativ för proxy-domäner. + + proxy_pam_target (sträng) + + + Proxymålet PAM är en proxy för. + + + Default: not set by default, you have to take an existing pam configuration +or create a new one and add the service name here. As an alternative you can +enable local authentication with the local_auth_policy option. + + + + + + proxy_lib_name (sträng) + + + Namnet på NSS-biblioteket att använda i proxy-domäner. NSS-funktioner som +letas efter i biblioteket har formen _nss_$(libName)_$(function), till +exempel _nss_files_getpwent. + + + + + + proxy_resolver_lib_name (sträng) + + + Namnet på NSS-biblioteket att använda för uppslagning av värdar och nätverk +i proxy-domäner. NSS-funktioner som letas efter i biblioteket har formen +_nss_$(libName)_$(function), till exempel _nss_dns_gethostbyname2_r. + + + + + + proxy_fast_alias (boolean) + + + När en användare eller grupp slås upp efter namn i proxy-leverantören görs +en andra uppslagning efter ID för att "kanonisera" namnet i händelse det +begärda namnet var ett alias. Att sätta detta alternativ till sant skulle få +SSSD att utföra ID-uppslagningen från cachen av prestandaskäl. + + + Standard: false + + + + + + proxy_max_children (heltal) + + + Detta alternativ anger antalet i förhand avgrenade proxy-barn. Det är +användbart för SSSD-miljöer med hög last där sssd kan få slut på +tillgängliga barnfack, vilket skulle orsaka problem på grund av att +begäranden skulle köas upp. + + + Standard: 10 + + + + + + + + + Programdomäner + + SSSD, med sitt D-Bus-gränssnitt (se +sssd-ifp 5 +) är tilltalande för program som en portgång till en +LDAP-katalog där användare och grupper lagras. Dock, tvärtemot den +traditionella SSSD-installationen där alla användare och grupper antingen +har POSIX-attribut eller så kan dessa attribut härledas Windows-SID:arna, +har i många fall användarna och grupperna i programstödsscenariot inga +POSIX-attribut. Istället för att göra en sektion +[domain/NAMN] kan administratören +skapa en sektion +[application/NAMN] som internt +representerar en domän med typen application och eventuellt +ärver inställningar från en traditionell SSSD-domän. + + + Observera att programdomänen fortfarande uttryckligen måste aktiveras i +parametern domains så att uppslagningsordningen mellan +programdomänen och dess POSIX-syskondomän sätts korrekt. + + + Programdomänparametrar + + inherit_from (sträng) + + + Den SSSD-domän av POSIX-typ som programdomänen ärver alla inställningar +ifrån. Programdomänen kan dessutom lägga till sina egna inställningar till +programinställningarna som kompletterar eller åsidosätter +syskondomänens inställningar. + + + Standard: inte satt + + + + + + Följande exempel illustrerar användningen av en programdomän. I denna +uppsättning är POSIX-domänen kopplad till en LDAP-server och används av +OS:et via NSS-respondenten. Dessutom begär programdomänen attributet +telephoneNumber, lagrar det som attributet telefon i cachen och gör +attributet telefon nåbart via D-Bus-gränssnittet. + + +[sssd] +domains = progdom, posixdom + +[ifp] +user_attributes = +telefon + +[domain/posixdom] +id_provider = ldap +ldap_uri = ldap://ldap.example.com +ldap_search_base = dc=example,dc=com + +[application/progdom] +inherit_from = posixdom +ldap_user_extra_attrs = telefon:telephoneNumber + + + + + + + SEKTIONEN BETRODDA DOMÄNER + + Några alternativ som används i domänsektionen kan även användas i sektionen +för betrodda domäner, det vill säga, i en sektion som heter +[domain/DOMÄNNAMN/NAMN_PÅ_BETRODD_DOMÄN]. +Där DOMÄNNAMN är den aktuella basdomänen som anslutits till. Se exempel +nedan för förklaring. För närvarande stödda alternativ i sektionen för +betrodda domäner är: + + ldap_search_base, + ldap_user_search_base, + ldap_group_search_base, + ldap_netgroup_search_base, + ldap_service_search_base, + ldap_sasl_mech, + ad_server, + ad_backup_server, + ad_site, + use_fully_qualified_names + pam_gssapi_services + pam_gssapi_check_upn + + För fler detaljer om dessa alternativ se deras individuella beskrivningar i +manualsidan. + + + + + CERTIFIKATSMAPPNINGSSEKTION + + För att tillåta autentisering med smartkort och certifikat måste SSSD kunna +översätta certifikat till användare. Detta kan göras genom att lägga till +det fullständiga certifikatet till användarens LDAP-objekt eller till en +lokal ersättning. Medan det krävs att man använder det fullständiga +certifikatet för att använda funktionen smartkortsautentisering i SSH (se + sss_ssh_authorizedkeys +8 för detaljer) kan det vara +besvärligt eller kanske inte ens möjligt att använda detta i det allmänna +fallet när lokala tjänster använder PAM för autentisering. + + + För att göra översättningen mer flexibel lades översättnings- och +matchningsregler till till SSSD (se +sss-certmap 5 + för detaljer). + + + En översättnings- och matchningsregel kan läggas till till +SSSD-konfigurationen i en egen sektion för sig själv med ett namn som +[certmap/DOMÄNNAMN/REGELNAMN]. +I denna sektion är följande alternativ tillåtna: + + + + matchrule (sträng) + + + Endast certifikat från smartkort som matchar denna regel kommer bearbetas, +alla andra ignoreras. + + + Standard: KRB5:<EKU>clientAuth, d.v.s. endast certifikat som har +Extended Key Usage clientAuth + + + + + maprule (sträng) + + + Definierar hur användaren hittas för ett givet certifikat. + + + Standard: + + + LDAP:(userCertificate;binary={cert!bin}) för LDAP-baserade leverantörer som +ldap, AD eller ipa. + + + REGELNAMNet för leverantören files som försöker hitta en +användare med samma namn. + + + + + + + domains (sträng) + + + Kommaseparerad lista av domännamn regeln skall användas på. Som standard är +endast en regel giltig i domänen där den är konfigurerad i sssd.conf. Om +leverantören stödjer underdomäner kan detta alternativ användas för att +lägga till regeln till underdomäner också. + + + Standard: den konfigurerade domänen i sssd.conf + + + + + priority (heltal) + + + Teckenlöst heltalsvärde som definierar prioriteten för regeln. Ju högre +talet är desto lägre är prioriteten. 0 står för den högsta +prioriteten medan 4294967295 är den lägsta. + + + Standard: den lägsta prioriteten + + + + + + För att göra konfigurationen enkel och reducera mängden +konfigurationsalternativ har leverantören files några +speciella egenskaper: + + + + om maprule inte är satt antas namnet REGELNAMN vara namnet på den matchande +användaren + + + + + om en maprule används måste både ett ensamt användarnamn eller en mall som +{subject_rfc822_name.short_name} vara i krullparenteser som +t.ex. (username) eller +({subject_rfc822_name.short_name}) + + + + + alternativet domains ignoreras + + + + + + + + SEKTIONEN FÖR FRÅGEKONFIGURATION + + Om en särskild fil +(/var/lib/sss/pubconf/pam_preauth_available) finns +kommer SSSD:s PAM-modul pam_sss be SSSD att ta reda på vilka +autentiseringsmetoder som är tillgängliga för användaren som försöker logga +in. Baserat på resultatet kommer pam_sss fråga användaren efter tillämpliga +kreditiv. + + + Med det växande antalet autentiseringsmetoder och möjligheten att det finns +flera olika för en enskild användare kan det hända att heuristiken som +används av pam_sss för att välja fråga inte är lämplig för alla +användarfall. Följande alternativ bör ge en bättre flexibilitet här. + + + Each supported authentication method has its own configuration subsection +under [prompting/...]. Currently there are: + + [prompting/password] + + för att konfigurera lösenordsfråga är de tillåtna alternativen: password_prompt + för att ändra strängen i lösenordsfrågan + + + + + + [prompting/2fa] + + för att konfigurera efterfrågan av tvåfaktorautentisering är de tillåtna +flaggorna: first_prompt + för att ändra strängen som frågar efter den första faktorn + + second_prompt + för att ändra strängen som frågar efter den andra faktorn + + single_prompt + booleskt värde, om True kommer det bara vara en fråga som använder värdet på +first_prompt där det förväntas att båda faktorerna matas in som en enda +sträng. Observera att båda faktorerna måste anges här, även om den andra +faktorn är frivillig. + + Om den andra faktorn är +frivillig och det skall vara möjligt att logga in antingen edast med +lösenordet eller med båda faktorerna måste tvåstegsförfrågan användas. + + + + + + + [prompting/passkey] + + to configure passkey authentication prompting, allowed options are: + + + interactive + + boolean value, if True prompt a message and wait before testing the presence +of a passkey device. Recommended if your device doesn’t have a tactile +trigger. + + + + + interactive_prompt + + to change the message of the interactive prompt. + + + + + touch + + boolean value, if True prompt a message to remind the user to touch the +device. + + + + + touch_prompt + + to change the message of the touch prompt. + + + + + + + + + + + Det är möjligt att lägga till en undersektion för specifika PAM-tjänster som +t.ex. [prompting/password/sshd] för att ändra frågorna +enskilt för denna tjänst. + + + + + EXEMPEL + + 1. Följande exempel visar en typisk SSSD-konfiguration. Den beskriver inte +konfigurationen av själva domänerna – se dokumentationen om att konfigurera +domäner för fler detaljer. +[sssd] +domains = LDAP +services = nss, pam +config_file_version = 2 + +[nss] +filter_groups = root +filter_users = root + +[pam] + +[domain/LDAP] +id_provider = ldap +ldap_uri = ldap://ldap.example.com +ldap_search_base = dc=example,dc=com + +auth_provider = krb5 +krb5_server = kerberos.example.com +krb5_realm = EXAMPLE.COM +cache_credentials = true + +min_id = 10000 +max_id = 20000 +enumerate = False + + + + 2. Följande exempel visar konfigurationen av IPA AD-förtroende i en +förälder-barn-struktur. Anta att IPA-domänen (ipa.se) har förtroende för +AD-domänen (ad.se). ad.se har en barndomän (barn.ad.se). För att aktivera +kortnamn i barndomänen skall följande konfiguration användas. +[domain/ipa.se/barn.ad.se] +use_fully_qualified_names = false + + + + 3. The following example shows the configuration of a certificate mapping +rule. It is valid for the configured domain my.domain and +additionally for the subdomains your.domain and uses the full +certificate in the search filter. +[certmap/my.domain/rule_name] +matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$ +maprule = (userCertificate;binary={cert!bin}) +domains = my.domain, your.domain +priority = 10 + + + + + + + + diff --git a/src/man/sv/sssd_krb5_localauth_plugin.8.xml b/src/man/sv/sssd_krb5_localauth_plugin.8.xml new file mode 100644 index 0000000..9d93108 --- /dev/null +++ b/src/man/sv/sssd_krb5_localauth_plugin.8.xml @@ -0,0 +1,66 @@ + + + +SSSD manualsidor + + + + + sssd_krb5_localauth_plugin + 8 + + + + sssd_krb5_localauth_plugin + Kerberos lokala auktoriseringsinsticksmodul + + + + BESKRIVNING + + Kerberos lokala auktoriseringsinsticksmodul +sssd_krb5_localauth_plugin används av libkrb5 för att +antingen hitta det lokala namnet för en given Kerberoshuvudman eller för att +kontrollera om ett givet lokalt namn och en given Kerberoshuvudman relaterar +till varandra. + + + SSSD hanterar de lokala namnen för användare från fjärrkällor och kan även +läsa från Kerberos användarhuvudmannanamn från fjärrkällor. Med denna +information kan SSSD enkelt hantera avbildningarna nämnda ovan även om det +lokala namnet och Kerberoshuvudmannen skiljer avsevärt. + + + Dessutom kan SSSD med informationen som lästs från fjärrkällor hjälpa till +att förhindra oväntade eller oönskade avbildningar ifall användardelen av +Kerberoshuvudmannen oavsiktligt motsvarar ett lokalt namn på en annan +användare. Som standard kan libkrb5 bara plocka bort delen rike från +Kerberoshuvudmannen för att få det lokala namnet vilket skulle leda till +felaktiga avbildningar i detta fall. + + + + + KONFIGURATION + + Kerberos lokala auktoriseringsinsticksmodul måste aktiveras explicit i +Kerberoskonfigurationen, se +krb5.conf 5 +. SSSD kommer automatiskt skapa en konfigurationssnutt med +innehållet som t.ex. +[plugins] + localauth = { + module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so + } + i SSSD:s +publika katalog med Kerberoskonfigurationssnuttar. Om denna katalog är +inkluderad i den lokala Kerberoskonfigurationen kommer insticksmodulen +automatiskt aktiveras. + + + + + + + diff --git a/src/man/sv/sssd_krb5_locator_plugin.8.xml b/src/man/sv/sssd_krb5_locator_plugin.8.xml new file mode 100644 index 0000000..32a68dc --- /dev/null +++ b/src/man/sv/sssd_krb5_locator_plugin.8.xml @@ -0,0 +1,109 @@ + + + +SSSD manualsidor + + + + + sssd_krb5_locator_plugin + 8 + + + + sssd_krb5_locator_plugin + Kerberos lokaliseringsinsticksmodul + + + + BESKRIVNING + + Kerberos lokaliseringsinsticksmodul +sssd_krb5_locator_plugin används av libkrb5 för att hitta +KDC:er för ett givet Kerberos-rike. SSSD tillhandahåller en sådan +insticksmodul för att styra alla Kerberos-klienter på ett system till en +ensam KDC. I allmänhet skall det inte ha någon betydelse vilken KDC en +klientprocess pratar med. Men det finns fall, t.ex. efter en +lösenordsändring, då inte alla KDC:er är i samma tillstånd för att den nya +datan måste spridas först. För att undvika oväntade autentiseringsfel och +kanske även kontolåsningar kan det vara bra att prata med en enskild KDC så +länge som möjligt. + + + libkrb5 kommer söka efter lokaliseringsinsticksmodulen i underkatalogen +libkrb5 till Kerberos katalog för insticksmoduler, se plugin_base_dir i + krb5.conf +5 för detaljer. Insticksmodulen kan +endast avaktiveras genom att ta bort filen med insticksmodulen. Det finns +ingen möjlighet att avaktivera den i Kerberos konfiguration. Men +miljövariabeln SSSD_KRB5_LOCATOR_DISABLE kan användas för att avaktivera +insticksmodulen för individuella kommandon. Alternativt kan +SSSD-alternativet krb5_use_kdcinfo=False användas för att inte generera de +data som behövs av insticksmodulen. Med denna anropas fortfarande +insticksmodulen men den tillhandahåller inga data till anroparen så att +libkrb5 kan falla tillbaka på andra metoder som är definierade i krb5.conf. + + + Insticksmodulen läser information om KDC:erna för ett givet rike från en fil +som heter kdcinfo.RIKE. Filen skall innehålla ett +eller flera DNS-namn eller IP-adresser antingen i punktad decimal +IPv4-notation eller den hexadecimala IPv6-notationen. Ett frivilligt +portnummer kan läggas till på slutet separerat av ett kolon, IPv6-adressen +måste inneslutas i hakparenteser i detta fall som vanligt. Giltiga poster +är: + + kdc.example.com + kdc.example.com:321 + 1.2.3.4 + 5.6.7.8:99 + 2001:db8:85a3::8a2e:370:7334 + [2001:db8:85a3::8a2e:370:7334]:321 + + SSSD:s krb5-autentiseringsleverantör som också används av IPA- och +AD-leverantörerna lägger till adresser till den aktuella KDC- eller +domänkontrollern SSSD använder till denna fil. + + + I miljöer med KDC:er som endast är för läsning och för läsning och skrivning +där klienter förväntas använda instanser endast för läsning för allmänna +operationer och endast KDC:n för läsning och skrivning för +konfigurationsändringar som lösenordsändringar används även en +kpasswdinfo.RIKE för att identifiera KDC:er för läsning +och skrivning. Om denna fil finns för det givna riket kommer innehållet +användas av insticksmodulen för att svara på begäranden om en kpasswd- eller +kadmin-server eller om huvud-KDC:n specifik för MIT Kerberos. Om adressen +innehåller ett portnummer kommer standard-KDC-porten 88 användas för det +senare. + + + + + NOTER + + Inte alla Kerberosimplementationer stödjer användningen av +insticksmoduler. Om sssd_krb5_locator_plugin inte är +tillgänglig på ditt system måste du redigera /etc/krb5.conf för att avspegla +din Kerberosuppsättning. + + + Om miljövariabeln SSSD_KRB5_LOCATOR_DEBUG är satt till något värde kommer +felsökningsmeddelanden skrivas till standard fel. + + + Om miljövariabeln SSSD_KRB5_LOCATOR_DISABLE är satt till något värde +avaktiveras insticksmodulen och kommer bara returnera KRB5_PLUGIN_NO_HANDLE +till anroparen. + + + Om miljövariabeln SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES är satt till något +värde kommer insticksmodulen försöka slå upp alla DNS-namn i filen +kdcinfo. Som standard returneras KRB5_PLUGIN_NO_HANDLE till anroparen +omedelbart vid den första misslyckade DNS-uppslagningen. + + + + + + + diff --git a/src/man/tg/include/ad_modified_defaults.xml b/src/man/tg/include/ad_modified_defaults.xml new file mode 100644 index 0000000..6ee0537 --- /dev/null +++ b/src/man/tg/include/ad_modified_defaults.xml @@ -0,0 +1,104 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and AD provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_enterprise_principal = true + + + + + + LDAP Provider + + + + ldap_schema = ad + + + + + ldap_force_upper_case_realm = true + + + + + ldap_id_mapping = true + + + + + ldap_sasl_mech = GSS-SPNEGO + + + + + ldap_referrals = false + + + + + ldap_account_expire_policy = ad + + + + + ldap_use_tokengroups = true + + + + + ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM) + + + The AD provider looks for a different principal than the LDAP provider by +default, because in an Active Directory environment the principals are +divided into two groups - User Principals and Service Principals. Only User +Principal can be used to obtain a TGT and by default, computer object's +principal is constructed from its sAMAccountName and the AD realm. The +well-known host/hostname@REALM principal is a Service Principal and thus +cannot be used to get a TGT with. + + + + + + NSS configuration + + + + fallback_homedir = /home/%d/%u + + + The AD provider automatically sets "fallback_homedir = /home/%d/%u" to +provide personal home directories for users without the homeDirectory +attribute. If your AD Domain is properly populated with Posix attributes, +and you want to avoid this fallback behavior, you can explicitly set +"fallback_homedir = %o". + + + Note that the system typically expects a home directory in /home/%u +folder. If you decide to use a different directory structure, some other +parts of your system may need adjustments. + + + For example automated creation of home directories in combination with +selinux requires selinux adjustment, otherwise the home directory will be +created with wrong selinux context. + + + + + diff --git a/src/man/tg/include/autofs_attributes.xml b/src/man/tg/include/autofs_attributes.xml new file mode 100644 index 0000000..8016b31 --- /dev/null +++ b/src/man/tg/include/autofs_attributes.xml @@ -0,0 +1,66 @@ + + + ldap_autofs_map_object_class (string) + + + The object class of an automount map entry in LDAP. + + + Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap + + + + + + ldap_autofs_map_name (string) + + + The name of an automount map entry in LDAP. + + + Default: nisMapName (rfc2307, autofs_provider=ad), otherwise +automountMapName + + + + + + ldap_autofs_entry_object_class (string) + + + The object class of an automount entry in LDAP. The entry usually +corresponds to a mount point. + + + Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount + + + + + + ldap_autofs_entry_key (string) + + + The key of an automount entry in LDAP. The entry usually corresponds to a +mount point. + + + Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey + + + + + + ldap_autofs_entry_value (string) + + + The key of an automount entry in LDAP. The entry usually corresponds to a +mount point. + + + Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise +automountInformation + + + + diff --git a/src/man/tg/include/autofs_restart.xml b/src/man/tg/include/autofs_restart.xml new file mode 100644 index 0000000..f31efe5 --- /dev/null +++ b/src/man/tg/include/autofs_restart.xml @@ -0,0 +1,5 @@ + + Please note that the automounter only reads the master map on startup, so if +any autofs-related changes are made to the sssd.conf, you typically also +need to restart the automounter daemon after restarting the SSSD. + diff --git a/src/man/tg/include/debug_levels.xml b/src/man/tg/include/debug_levels.xml new file mode 100644 index 0000000..1f51573 --- /dev/null +++ b/src/man/tg/include/debug_levels.xml @@ -0,0 +1,97 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Please note that each SSSD service logs into its own log file. Also please +note that enabling debug_level in the [sssd] +section only enables debugging just for the sssd process itself, not for the +responder or provider processes. The debug_level parameter +should be added to all sections that you wish to produce debug logs from. + + + In addition to changing the log level in the config file using the +debug_level parameter, which is persistent, but requires SSSD +restart, it is also possible to change the debug level on the fly using the + sss_debuglevel +8 tool. + + + Currently supported debug levels: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 9, 0x20000: Performance and +statistical data, please note that due to the way requests are processed +internally the logged execution time of a request might be longer than it +actually was. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Example: To log fatal failures, critical failures, +serious failures and function data use 0x0270. + + + Example: To log fatal failures, configuration settings, +function data, trace messages for internal control functions use 0x1310. + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/tg/include/debug_levels_tools.xml b/src/man/tg/include/debug_levels_tools.xml new file mode 100644 index 0000000..23f2f89 --- /dev/null +++ b/src/man/tg/include/debug_levels_tools.xml @@ -0,0 +1,77 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Currently supported debug levels: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Example: To log fatal failures, critical failures, +serious failures and function data use 0x0270. + + + Example: To log fatal failures, configuration settings, +function data, trace messages for internal control functions use 0x1310. + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/tg/include/failover.xml b/src/man/tg/include/failover.xml new file mode 100644 index 0000000..2df65cc --- /dev/null +++ b/src/man/tg/include/failover.xml @@ -0,0 +1,120 @@ + + FAILOVER + + The failover feature allows back ends to automatically switch to a different +server if the current server fails. + + + Failover Syntax + + The list of servers is given as a comma-separated list; any number of spaces +is allowed around the comma. The servers are listed in order of +preference. The list can contain any number of servers. + + + For each failover-enabled config option, two variants exist: +primary and backup. The idea is +that servers in the primary list are preferred and backup servers are only +searched if no primary servers can be reached. If a backup server is +selected, a timeout of 31 seconds is set. After this timeout SSSD will +periodically try to reconnect to one of the primary servers. If it succeeds, +it will replace the current active (backup) server. + + + + The Failover Mechanism + + The failover mechanism distinguishes between a machine and a service. The +back end first tries to resolve the hostname of a given machine; if this +resolution attempt fails, the machine is considered offline. No further +attempts are made to connect to this machine for any other service. If the +resolution attempt succeeds, the back end tries to connect to a service on +this machine. If the service connection attempt fails, then only this +particular service is considered offline and the back end automatically +switches over to the next service. The machine is still considered online +and might still be tried for another service. + + + Further connection attempts are made to machines or services marked as +offline after a specified period of time; this is currently hard coded to 30 +seconds. + + + If there are no more machines to try, the back end as a whole switches to +offline mode, and then attempts to reconnect every 30 seconds. + + + + Failover time outs and tuning + + Resolving a server to connect to can be as simple as running a single DNS +query or can involve several steps, such as finding the correct site or +trying out multiple host names in case some of the configured servers are +not reachable. The more complex scenarios can take some time and SSSD needs +to balance between providing enough time to finish the resolution process +but on the other hand, not trying for too long before falling back to +offline mode. If the SSSD debug logs show that the server resolution is +timing out before a live server is contacted, you can consider changing the +time outs. + + + This section lists the available tunables. Please refer to their description +in the +sssd.conf5 +, manual page. + + + dns_resolver_server_timeout + + + + Time in milliseconds that sets how long would SSSD talk to a single DNS +server before trying next one. + + + Default: 1000 + + + + + + dns_resolver_op_timeout + + + + Time in seconds to tell how long would SSSD try to resolve single DNS query +(e.g. resolution of a hostname or an SRV record) before trying the next +hostname or discovery domain. + + + Пешфарз: 3 + + + + + + dns_resolver_timeout + + + + How long would SSSD try to resolve a failover service. This service +resolution internally might include several steps, such as resolving DNS SRV +queries or locating the site. + + + Пешфарз: 6 + + + + + + + For LDAP-based providers, the resolve operation is performed as part of an +LDAP connection operation. Therefore, also the +ldap_opt_timeout timeout should be set to a larger value than +dns_resolver_timeout which in turn should be set to a larger +value than dns_resolver_op_timeout which should be larger +than dns_resolver_server_timeout. + + + diff --git a/src/man/tg/include/homedir_substring.xml b/src/man/tg/include/homedir_substring.xml new file mode 100644 index 0000000..d7533de --- /dev/null +++ b/src/man/tg/include/homedir_substring.xml @@ -0,0 +1,17 @@ + + homedir_substring (string) + + + The value of this option will be used in the expansion of the +override_homedir option if the template contains the +format string %H. An LDAP directory entry can directly +contain this template so that this option can be used to expand the home +directory path for each client machine (or operating system). It can be set +per-domain or globally in the [nss] section. A value specified in a domain +section will override one set in the [nss] section. + + + Default: /home + + + diff --git a/src/man/tg/include/ipa_modified_defaults.xml b/src/man/tg/include/ipa_modified_defaults.xml new file mode 100644 index 0000000..4ad4b45 --- /dev/null +++ b/src/man/tg/include/ipa_modified_defaults.xml @@ -0,0 +1,123 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and IPA provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_fast = try + + + + + krb5_canonicalize = true + + + + + + LDAP Provider - General + + + + ldap_schema = ipa_v1 + + + + + ldap_force_upper_case_realm = true + + + + + ldap_sasl_mech = GSSAPI + + + + + ldap_sasl_minssf = 56 + + + + + ldap_account_expire_policy = ipa + + + + + ldap_use_tokengroups = true + + + + + + LDAP Provider - User options + + + + ldap_user_member_of = memberOf + + + + + ldap_user_uuid = ipaUniqueID + + + + + ldap_user_ssh_public_key = ipaSshPubKey + + + + + ldap_user_auth_type = ipaUserAuthType + + + + + + LDAP Provider - Group options + + + + ldap_group_object_class = ipaUserGroup + + + + + ldap_group_object_class_alt = posixGroup + + + + + ldap_group_member = member + + + + + ldap_group_uuid = ipaUniqueID + + + + + ldap_group_objectsid = ipaNTSecurityIdentifier + + + + + ldap_group_external_member = ipaExternalMember + + + + + diff --git a/src/man/tg/include/krb5_options.xml b/src/man/tg/include/krb5_options.xml new file mode 100644 index 0000000..b25e2f7 --- /dev/null +++ b/src/man/tg/include/krb5_options.xml @@ -0,0 +1,153 @@ + + + krb5_auth_timeout (integer) + + + Timeout in seconds after an online authentication request or change password +request is aborted. If possible, the authentication request is continued +offline. + + + Пешфарз: 6 + + + + + + krb5_validate (boolean) + + + Verify with the help of krb5_keytab that the TGT obtained has not been +spoofed. The keytab is checked for entries sequentially, and the first entry +with a matching realm is used for validation. If no entry matches the realm, +the last entry in the keytab is used. This process can be used to validate +environments using cross-realm trust by placing the appropriate keytab entry +as the last entry or the only entry in the keytab file. + + + Default: false (IPA and AD provider: true) + + + Please note that the ticket validation is the first step when checking the +PAC (see 'pac_check' in the +sssd.conf 5 + manual page for details). If ticket validation is disabled +the PAC checks will be skipped as well. + + + + + + krb5_renewable_lifetime (string) + + + Request a renewable ticket with a total lifetime, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + Default: not set, i.e. the TGT is not renewable + + + + + + krb5_lifetime (string) + + + Request ticket with a lifetime, given as an integer immediately followed by +a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given s is assumed. + + + NOTE: It is not possible to mix units. To set the lifetime to one and a +half hours please use '90m' instead of '1h30m'. + + + Default: not set, i.e. the default ticket lifetime configured on the KDC. + + + + + + krb5_renew_interval (string) + + + The time in seconds between two checks if the TGT should be renewed. TGTs +are renewed if about half of their lifetime is exceeded, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + If this option is not set or is 0 the automatic renewal is disabled. + + + Default: not set + + + + + + krb5_canonicalize (boolean) + + + Specifies if the host and user principal should be canonicalized. This +feature is available with MIT Kerberos 1.7 and later versions. + + + + Пешфарз: false + + + + diff --git a/src/man/tg/include/ldap_id_mapping.xml b/src/man/tg/include/ldap_id_mapping.xml new file mode 100644 index 0000000..72aac20 --- /dev/null +++ b/src/man/tg/include/ldap_id_mapping.xml @@ -0,0 +1,284 @@ + + ID MAPPING + + The ID-mapping feature allows SSSD to act as a client of Active Directory +without requiring administrators to extend user attributes to support POSIX +attributes for user and group identifiers. + + + NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are +ignored. This is to avoid the possibility of conflicts between +automatically-assigned and manually-assigned values. If you need to use +manually-assigned values, ALL values must be manually-assigned. + + + Please note that changing the ID mapping related configuration options will +cause user and group IDs to change. At the moment, SSSD does not support +changing IDs, so the SSSD database must be removed. Because cached passwords +are also stored in the database, removing the database should only be +performed while the authentication servers are reachable, otherwise users +might get locked out. In order to cache the password, an authentication must +be performed. It is not sufficient to use +sss_cache 8 + to remove the database, rather the process consists of: + + + + Making sure the remote servers are reachable + + + + + Stopping the SSSD service + + + + + Removing the database + + + + + Starting the SSSD service + + + + Moreover, as the change of IDs might necessitate the adjustment of other +system properties such as file and directory ownership, it's advisable to +plan ahead and test the ID mapping configuration thoroughly. + + + + Mapping Algorithm + + Active Directory provides an objectSID for every user and group object in +the directory. This objectSID can be broken up into components that +represent the Active Directory domain identity and the relative identifier +(RID) of the user or group object. + + + The SSSD ID-mapping algorithm takes a range of available UIDs and divides it +into equally-sized component sections - called "slices"-. Each slice +represents the space available to an Active Directory domain. + + + When a user or group entry for a particular domain is encountered for the +first time, the SSSD allocates one of the available slices for that +domain. In order to make this slice-assignment repeatable on different +client machines, we select the slice based on the following algorithm: + + + The SID string is passed through the murmurhash3 algorithm to convert it to +a 32-bit hashed value. We then take the modulus of this value with the total +number of available slices to pick the slice. + + + NOTE: It is possible to encounter collisions in the hash and subsequent +modulus. In these situations, we will select the next available slice, but +it may not be possible to reproduce the same exact set of slices on other +machines (since the order that they are encountered will determine their +slice). In this situation, it is recommended to either switch to using +explicit POSIX attributes in Active Directory (disabling ID-mapping) or +configure a default domain to guarantee that at least one is always +consistent. See Configuration for details. + + + + + Ҷӯрсозӣ + + Minimum configuration (in the [domain/DOMAINNAME] section): + + + +ldap_id_mapping = True +ldap_schema = ad + + + + The default configuration results in configuring 10,000 slices, each capable +of holding up to 200,000 IDs, starting from 200,000 and going up to +2,000,200,000. This should be sufficient for most deployments. + + + Advanced Configuration + + + ldap_idmap_range_min (integer) + + + Specifies the lower (inclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +can be used for the mapping. + + + NOTE: This option is different from min_id in that +min_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +min_id be less-than or equal to +ldap_idmap_range_min + + + Default: 200000 + + + + + ldap_idmap_range_max (integer) + + + Specifies the upper (exclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +cannot be used for the mapping anymore, i.e. one larger than the last one +which can be used for the mapping. + + + NOTE: This option is different from max_id in that +max_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +max_id be greater-than or equal to +ldap_idmap_range_max + + + Default: 2000200000 + + + + + ldap_idmap_range_size (integer) + + + Specifies the number of IDs available for each slice. If the range size +does not divide evenly into the min and max values, it will create as many +complete slices as it can. + + + NOTE: The value of this option must be at least as large as the highest user +RID planned for use on the Active Directory server. User lookups and login +will fail for any user whose RID is greater than this value. + + + For example, if your most recently-added Active Directory user has +objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, +ldap_idmap_range_size must be at least 1108 as range size is +equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1). + + + It is important to plan ahead for future expansion, as changing this value +will result in changing all of the ID mappings on the system, leading to +users with different local IDs than they previously had. + + + Default: 200000 + + + + + ldap_idmap_default_domain_sid (string) + + + Specify the domain SID of the default domain. This will guarantee that this +domain will always be assigned to slice zero in the ID map, bypassing the +murmurhash algorithm described above. + + + Default: not set + + + + + ldap_idmap_default_domain (string) + + + Specify the name of the default domain. + + + Default: not set + + + + + ldap_idmap_autorid_compat (boolean) + + + Changes the behavior of the ID-mapping algorithm to behave more similarly to +winbind's idmap_autorid algorithm. + + + When this option is configured, domains will be allocated starting with +slice zero and increasing monotonically with each additional domain. + + + NOTE: This algorithm is non-deterministic (it depends on the order that +users and groups are requested). If this mode is required for compatibility +with machines running winbind, it is recommended to also use the +ldap_idmap_default_domain_sid option to guarantee that at +least one domain is consistently allocated to slice zero. + + + Default: False + + + + + ldap_idmap_helper_table_size (integer) + + + Maximal number of secondary slices that is tried when performing mapping +from UNIX id to SID. + + + Note: Additional secondary slices might be generated when SID is being +mapped to UNIX id and RID part of SID is out of range for secondary slices +generated so far. If value of ldap_idmap_helper_table_size is equal to 0 +then no additional secondary slices are generated. + + + Пешфарз: 10 + + + + + + + + + Well-Known SIDs + + SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a +special hardcoded meaning. Since the generic users and groups related to +those Well-Known SIDs have no equivalent in a Linux/UNIX environment no +POSIX IDs are available for those objects. + + + The SID name space is organized in authorities which can be seen as +different domains. The authorities for the Well-Known SIDs are + + Null Authority + World Authority + Local Authority + Creator Authority + Mandatory Label Authority + Authentication Authority + NT Authority + Built-in + + The capitalized version of these names are used as domain names when +returning the fully qualified name of a Well-Known SID. + + + Since some utilities allow to modify SID based access control information +with the help of a name instead of using the SID directly SSSD supports to +look up the SID by the name as well. To avoid collisions only the fully +qualified names can be used to look up Well-Known SIDs. As a result the +domain names NULL AUTHORITY, WORLD AUTHORITY, +LOCAL AUTHORITY, CREATOR AUTHORITY, +MANDATORY LABEL AUTHORITY, AUTHENTICATION +AUTHORITY, NT AUTHORITY and BUILTIN +should not be used as domain names in sssd.conf. + + + + diff --git a/src/man/tg/include/ldap_search_bases.xml b/src/man/tg/include/ldap_search_bases.xml new file mode 100644 index 0000000..189f862 --- /dev/null +++ b/src/man/tg/include/ldap_search_bases.xml @@ -0,0 +1,31 @@ + + + An optional base DN, search scope and LDAP filter to restrict LDAP searches +for this attribute type. + + + syntax: +search_base[?scope?[filter][?search_base?scope?[filter]]*] + + + + The scope can be one of "base", "onelevel" or "subtree". The scope functions +as specified in section 4.5.1.2 of http://tools.ietf.org/html/rfc4511 + + + The filter must be a valid LDAP search filter as specified by +http://www.ietf.org/rfc/rfc2254.txt + + + For examples of this syntax, please refer to the +ldap_search_base examples section. + + + Default: the value of ldap_search_base + + + Please note that specifying scope or filter is not supported for searches +against an Active Directory Server that might yield a large number of +results and trigger the Range Retrieval extension in the response. + + diff --git a/src/man/tg/include/local.xml b/src/man/tg/include/local.xml new file mode 100644 index 0000000..ce849a3 --- /dev/null +++ b/src/man/tg/include/local.xml @@ -0,0 +1,17 @@ + + THE LOCAL DOMAIN + + In order to function correctly, a domain with +id_provider=local must be created and the SSSD must be +running. + + + The administrator might want to use the SSSD local users instead of +traditional UNIX users in cases where the group nesting (see +sss_groupadd 8 +) is needed. The local users are also useful for testing and +development of the SSSD without having to deploy a full remote server. The +sss_user* and sss_group* tools use a +local LDB storage to store users and groups. + + diff --git a/src/man/tg/include/override_homedir.xml b/src/man/tg/include/override_homedir.xml new file mode 100644 index 0000000..a5d31c8 --- /dev/null +++ b/src/man/tg/include/override_homedir.xml @@ -0,0 +1,78 @@ + +override_homedir (string) + + + Override the user's home directory. You can either provide an absolute value +or a template. In the template, the following sequences are substituted: + + + %u + Номи логин + + + %U + Рақами UID + + + %d + domain name + + + %f + fully qualified user name (user@domain) + + + %l + The first letter of the login name. + + + %P + UPN - User Principal Name (name@REALM) + + + %o + + The original home directory retrieved from the identity provider. + + + + %h + + The original home directory retrieved from the identity provider, but in +lower case. + + + + %H + + The value of configure option homedir_substring. + + + + %% + a literal '%' + + + + + + This option can also be set per-domain. + + + example: +override_homedir = /home/%u + + + + Default: Not set (SSSD will use the value retrieved from LDAP) + + + Please note, the home directory from a specific override for the user, +either locally (see +sss_override +8) or centrally managed IPA +id-overrides, has a higher precedence and will be used instead of the value +given by override_homedir. + + + diff --git a/src/man/tg/include/param_help.xml b/src/man/tg/include/param_help.xml new file mode 100644 index 0000000..d28020b --- /dev/null +++ b/src/man/tg/include/param_help.xml @@ -0,0 +1,10 @@ + + + , + + + + Display help message and exit. + + + diff --git a/src/man/tg/include/param_help_py.xml b/src/man/tg/include/param_help_py.xml new file mode 100644 index 0000000..a2478bf --- /dev/null +++ b/src/man/tg/include/param_help_py.xml @@ -0,0 +1,10 @@ + + + , + + + + Display help message and exit. + + + diff --git a/src/man/tg/include/seealso.xml b/src/man/tg/include/seealso.xml new file mode 100644 index 0000000..1a8ed32 --- /dev/null +++ b/src/man/tg/include/seealso.xml @@ -0,0 +1,49 @@ + + SEE ALSO + + sssd8 +, +sssd.conf5 +, +sssd-ldap5 +, +sssd-ldap-attributes5 +, +sssd-krb55 +, +sssd-simple5 +, +sssd-ipa5 +, +sssd-ad5 +, +sssd-files5 +, +sssd-sudo 5 +, +sssd-session-recording +5 , +sss_cache8 +, +sss_debuglevel8 +, +sss_obfuscate8 +, +sss_seed8 +, +sssd_krb5_locator_plugin8 +, +sss_ssh_authorizedkeys +8 , +sss_ssh_knownhostsproxy +8 , sssd-ifp +5 , +pam_sss8 +. +sss_rpcidmapd 5 + +sssd-systemtap 5 + + + diff --git a/src/man/tg/include/service_discovery.xml b/src/man/tg/include/service_discovery.xml new file mode 100644 index 0000000..e7f811b --- /dev/null +++ b/src/man/tg/include/service_discovery.xml @@ -0,0 +1,41 @@ + + SERVICE DISCOVERY + + The service discovery feature allows back ends to automatically find the +appropriate servers to connect to using a special DNS query. This feature is +not supported for backup servers. + + + Ҷӯрсозӣ + + If no servers are specified, the back end automatically uses service +discovery to try to find a server. Optionally, the user may choose to use +both fixed server addresses and service discovery by inserting a special +keyword, _srv_, in the list of servers. The order of +preference is maintained. This feature is useful if, for example, the user +prefers to use service discovery whenever possible, and fall back to a +specific server when no servers can be discovered using DNS. + + + + The domain name + + Please refer to the dns_discovery_domain parameter in the + sssd.conf +5 manual page for more details. + + + + The protocol + + The queries usually specify _tcp as the protocol. Exceptions are documented +in respective option description. + + + + See Also + + For more information on the service discovery mechanism, refer to RFC 2782. + + + diff --git a/src/man/tg/include/upstream.xml b/src/man/tg/include/upstream.xml new file mode 100644 index 0000000..2a4ad16 --- /dev/null +++ b/src/man/tg/include/upstream.xml @@ -0,0 +1,3 @@ + +SSSD The SSSD upstream - +https://github.com/SSSD/sssd/ diff --git a/src/man/uk/idmap_sss.8.xml b/src/man/uk/idmap_sss.8.xml new file mode 100644 index 0000000..19933e7 --- /dev/null +++ b/src/man/uk/idmap_sss.8.xml @@ -0,0 +1,76 @@ + + + +Сторінки підручника SSSD + + + + + idmap_sss + 8 + + + + idmap_sss + Модуль idmap_sss SSSD для Winbind + + + + ОПИС + + Модуль idmap_sss надає змогу викликати SSSD для прив'язки UID/GID і SID. У +цьому випадку база даних не потрібна, оскільки прив'язка виконується +засобами SSSD. + + + + + ПАРАМЕТРИ IDMAP + + + + діапазон = нижче - вище + + Визначає доступний для обробки модулем діапазон відповідності UID і GID. + + + + + + + ПРИКЛАДИ + + У цьому прикладі продемонстровано налаштовування idmap_sss як типового +модуля прив'язки. + + + +[global] +security = ads +workgroup = <AD-DOMAIN-SHORTNAME> + +idmap config <AD-DOMAIN-SHORTNAME> : backend = sss +idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647 + +idmap config * : backend = tdb +idmap config * : range = 100000-199999 + + + + Будь ласка, замініть <AD-DOMAIN-SHORTNAME> на назву домену у NetBIOS +домену AD. Якщо має бути використано декілька доменів AD, для кожного домену +потрібен рядок idmap config із backend = +sss і рядок із відповідним range. + + + Оскільки для Winbind потрібен придатний до запису типовий модуль, а +idmap_sss є придатним лише для читання, до прикладу включено як типовий +модуль backend = tdb. + + + + + + + diff --git a/src/man/uk/include/ad_modified_defaults.xml b/src/man/uk/include/ad_modified_defaults.xml new file mode 100644 index 0000000..de1745d --- /dev/null +++ b/src/man/uk/include/ad_modified_defaults.xml @@ -0,0 +1,106 @@ + + ЗМІНЕНІ ТИПОВІ ПАРАМЕТРИ + + Деякі типові значення параметрів не збігаються із типовими значеннями +параметрів засобу надання даних. Із назвами відповідних параметрів та +специфічні для засобу надання даних AD значення цих параметрів можна +ознайомитися за допомогою наведеного нижче списку: + + + Модуль надання даних KRB5 + + + + krb5_validate = true + + + + + krb5_use_enterprise_principal = true + + + + + + Модуль надання даних LDAP + + + + ldap_schema = ad + + + + + ldap_force_upper_case_realm = true + + + + + ldap_id_mapping = true + + + + + ldap_sasl_mech = GSS-SPNEGO + + + + + ldap_referrals = false + + + + + ldap_account_expire_policy = ad + + + + + ldap_use_tokengroups = true + + + + + ldap_sasl_authid = sAMAccountName@ОБЛАСТЬ (типово SHORTNAME$@ОБЛАСТЬ) + + + Засіб надання даних AD типово шукає інші реєстраційні записи, ніж засіб +надання даних LDAP, оскільки у середовищі Active Directory реєстраційні +записи поділено на дві групи — реєстраційні записи користувачів і +реєстраційні записи служб. Для отримання TGT типово може бути використано +лише реєстраційний запис користувача, реєстраційні записи об'єктів +комп'ютерів будуються на основі sAMAccountName та області AD. Широко відомий +реєстраційний запис host/hostname@REALM є реєстраційним записом служби, отже +не може бути використаний для отримання TGT. + + + + + + Налаштування NSS + + + + fallback_homedir = /home/%d/%u + + + Засіб надання даних AD автоматично встановлює «fallback_homedir = +/home/%d/%u» для надання особистих домашніх каталогів для записів +користувачів без атрибута homeDirectory. Якщо ваш домен AD належним чином +заповнено щодо атрибутів Posix і ви хочете уникнути такої резервної +поведінки, ви можете явним чином вказати «fallback_homedir = %o». + + + Зауважте, що система типово очікує перебування домашнього каталогу у теці +/home/%u. Якщо ви вирішите скористатися іншою структурою каталогів, +коригування потребуватимуть деякі інші частини вашої системи. + + + Наприклад, автоматичне створення домашніх каталогів у поєднанні із selinux +потребує коригування параметрів selinux, інакше домашній каталог буде +створено у помилковому контексті selinux. + + + + + diff --git a/src/man/uk/include/autofs_attributes.xml b/src/man/uk/include/autofs_attributes.xml new file mode 100644 index 0000000..cc6cc33 --- /dev/null +++ b/src/man/uk/include/autofs_attributes.xml @@ -0,0 +1,69 @@ + + + ldap_autofs_map_object_class (рядок) + + + Клас об’єктів запису карти автоматичного монтування у LDAP. + + + Типове значення: nisMap (rfc2307, autofs_provider=ad), у інших випадках +automountMap + + + + + + ldap_autofs_map_name (рядок) + + + Назва запису карти автоматичного монтування у LDAP. + + + Типове значення: nisMapName (rfc2307, autofs_provider=ad), у інших випадках +automountMapName + + + + + + ldap_autofs_entry_object_class (рядок) + + + Клас об'єктів автоматичного монтування LDAP. Цей запис зазвичай відповідає +точні монтування. + + + Типове значення: nisObject (rfc2307, autofs_provider=ad), у інших випадках +automount + + + + + + ldap_autofs_entry_key (рядок) + + + Ключ запису автоматичного монтування LDAP. Цей запис зазвичай відповідає +точні монтування. + + + Типове значення: cn (rfc2307, autofs_provider=ad), у інших випадках +automountKey + + + + + + ldap_autofs_entry_value (рядок) + + + Ключ запису автоматичного монтування LDAP. Цей запис зазвичай відповідає +точні монтування. + + + Типове значення: nisMapEntry (rfc2307, autofs_provider=ad), у інших випадках +automountInformation + + + + diff --git a/src/man/uk/include/autofs_restart.xml b/src/man/uk/include/autofs_restart.xml new file mode 100644 index 0000000..e941c4b --- /dev/null +++ b/src/man/uk/include/autofs_restart.xml @@ -0,0 +1,6 @@ + + Будь ласка, зауважте, що засіб автоматичного монтування читає основну карту +лише під час запуску, отже якщо до ssd.conf внесено будь-які пов’язані з +autofs зміни, типово слід перезапустити фонову службу автоматичного +монтування після перезапуску SSSD. + diff --git a/src/man/uk/include/debug_levels.xml b/src/man/uk/include/debug_levels.xml new file mode 100644 index 0000000..26264f6 --- /dev/null +++ b/src/man/uk/include/debug_levels.xml @@ -0,0 +1,104 @@ + + + У SSSD передбачено два представлення для визначення рівня +діагностики. Найпростішим є визначення десяткового значення у діапазоні +0-9. Кожному значенню відповідає вмикання відповідного рівня діагностики і +усіх нижчих рівнів. Точніше визначення вмикання або вимикання (якщо це +потрібно) специфічних рівнів можна встановити за допомогою шістнадцяткової +бітової маски. + + + Будь ласка, зауважте, що кожна служба SSSD веде журнал у власному +файлі. Також зауважте, що вмикання debug_level у розділі +[sssd] вмикає діагностику лише для самого процесу sssd, а не +для процесів відповідача чи надавача даних. Для отримання діагностичних +повідомлень слід додати параметр «debug_level» до усіх розділів, для яких +слід створювати журнал діагностичних повідомлень. + + + Окрім зміни рівня ведення журналу у файлі налаштувань за допомогою параметра +«debug_level», який не змінюється під час роботи, але зміна якого потребує +перезапуску SSSD, можна змінити режим діагностики без перезапуску за +допомогою програми +sss_debuglevel 8 +. + + + Рівні діагностики, передбачені у поточній версії: + + + 0, 0x0010: критичні помилки з +аварійним завершенням роботи. Всі помилки, які не дають SSSD змоги розпочати +або продовжувати роботу. + + + 1, 0x0020: критичні +помилки. Помилки, які не призводять до аварійного завершення роботи SSSD, +але означають, що одна з основних можливостей не працює належним чином. + + + 2, 0x0040: серйозні +помилки. Повідомлення про такі помилки означають, що не вдалося виконати +певний запит або дію. + + + 3, 0x0080: незначні помилки. Це +помилки які можуть призвести до помилок під час виконання дій. + + + 4, 0x0100: параметри налаштування. + + + 5, 0x0200: дані функцій. + + + 6, 0x0400: повідомлення трасування +для функцій дій. + + + 7, 0x1000: повідомлення трасування +для функцій внутрішнього трасування. + + + 8, 0x2000: вміст внутрішніх +змінних функцій, який може бути цікавим. + + + 9, 0x4000: дані трасування +найнижчого рівня. + + + 9, 0x20000: швидкодія і +статистичні дані; будь ласка, зауважте, що через спосіб, у яких програма +обробляє запити на внутрішньому рівні записаний до журналу час виконання +запиту може бути довшим за справжній. + + + 10, 0x10000: ще докладніші дані +трасування libldb низького рівня. Навряд чи коли знадобляться. + + + Щоб до журналу було записано дані потрібних бітових масок рівнів +діагностики, просто додайте відповідні числа, як це показано у наведених +нижче прикладах: + + + Example: щоб до журналу було записано дані щодо +критичних помилок з аварійним завершенням роботи, критичних помилок, +серйозних помилок та дані функцій, скористайтеся рівнем діагностики 0x0270. + + + Приклад: щоб до журналу було записано критичні помилки +з аварійним завершенням роботи, параметри налаштування, дані функцій та +повідомлення трасування для функцій внутрішнього керування, скористайтеся +рівнем 0x1310. + + + Зауваження: формат бітових масок для рівнів діагностики +впроваджено у версії 1.7.0. + + + Типове значення: 0x0070 (тобто фатальні, критичні та +серйозні помилки; відповідає встановленню значення 2 у десятковому записі) + + diff --git a/src/man/uk/include/debug_levels_tools.xml b/src/man/uk/include/debug_levels_tools.xml new file mode 100644 index 0000000..296615b --- /dev/null +++ b/src/man/uk/include/debug_levels_tools.xml @@ -0,0 +1,82 @@ + + + У SSSD передбачено два представлення для визначення рівня +діагностики. Найпростішим є визначення десяткового значення у діапазоні +0-9. Кожному значенню відповідає вмикання відповідного рівня діагностики і +усіх нижчих рівнів. Точніше визначення вмикання або вимикання (якщо це +потрібно) специфічних рівнів можна встановити за допомогою шістнадцяткової +бітової маски. + + + Рівні діагностики, передбачені у поточній версії: + + + 0, 0x0010: критичні помилки з +аварійним завершенням роботи. Всі помилки, які не дають SSSD змоги розпочати +або продовжувати роботу. + + + 1, 0x0020: критичні +помилки. Помилки, які не призводять до аварійного завершення роботи SSSD, +але означають, що одна з основних можливостей не працює належним чином. + + + 2, 0x0040: серйозні +помилки. Повідомлення про такі помилки означають, що не вдалося виконати +певний запит або дію. + + + 3, 0x0080: незначні помилки. Це +помилки які можуть призвести до помилок під час виконання дій. + + + 4, 0x0100: параметри налаштування. + + + 5, 0x0200: дані функцій. + + + 6, 0x0400: повідомлення трасування +для функцій дій. + + + 7, 0x1000: повідомлення трасування +для функцій внутрішнього трасування. + + + 8, 0x2000: вміст внутрішніх +змінних функцій, який може бути цікавим. + + + 9, 0x4000: дані трасування +найнижчого рівня. + + + 10, 0x10000: ще докладніші дані +трасування libldb низького рівня. Навряд чи коли знадобляться. + + + Щоб до журналу було записано дані потрібних бітових масок рівнів +діагностики, просто додайте відповідні числа, як це показано у наведених +нижче прикладах: + + + Example: щоб до журналу було записано дані щодо +критичних помилок з аварійним завершенням роботи, критичних помилок, +серйозних помилок та дані функцій, скористайтеся рівнем діагностики 0x0270. + + + Приклад: щоб до журналу було записано критичні помилки +з аварійним завершенням роботи, параметри налаштування, дані функцій та +повідомлення трасування для функцій внутрішнього керування, скористайтеся +рівнем 0x1310. + + + Зауваження: формат бітових масок для рівнів діагностики +впроваджено у версії 1.7.0. + + + Типове значення: 0x0070 (тобто фатальні, критичні та +серйозні помилки; відповідає встановленню значення 2 у десятковому записі) + + diff --git a/src/man/uk/include/failover.xml b/src/man/uk/include/failover.xml new file mode 100644 index 0000000..fa2bab5 --- /dev/null +++ b/src/man/uk/include/failover.xml @@ -0,0 +1,129 @@ + + РЕЗЕРВ + + Можливість резервування надає змогу модулям обробки автоматично перемикатися +на інші сервери, якщо спроба встановлення з’єднання з поточним сервером +зазнає невдачі. + + + Синтаксичні конструкції визначення резервного сервера + + Список записів серверів, відокремлених комами. Між комами можна +використовувати довільну кількість пробілів. Порядок у списку визначає +пріоритет. У списку може бути будь-яка кількість записів серверів. + + + Для кожного з параметрів налаштування з увімкненим резервним отриманням +існує два варіанти: основний і +резервний. Ідея полягає у тому, що сервери з основного +списку мають вищий пріоритет за резервні сервери, пошук же на резервних +серверах виконується, лише якщо не вдасться з’єднатися з жодним з основних +серверів. Якщо буде вибрано резервний сервер, встановлюється час очікування +у 31 секунду. Після завершення часу очікування SSSD періодично +намагатиметься повторно встановити з’єднання з основними серверами. Якщо +спроба буде успішною, поточний активний резервний сервер буде замінено на +основний. + + + + Механізм визначення резервного сервера + + Механізмом резервного використання розрізняються окремі комп’ютери і +служби. Спочатку модуль намагається визначити назву вузла вказаного +комп’ютера. Якщо спроби визначення зазнають невдачі, комп’ютер вважатиметься +від’єднаним від мережі. Подальших спроб встановити з’єднання з цим +комп’ютером для всіх інших служб не виконуватиметься. Якщо вдасться виконати +визначення, модуль зробити спробу встановити з’єднання зі службою на +визначеному комп’ютері. Якщо спроба з’єднання зі службою не призведе до +успіху, непрацездатною вважатиметься лише служба, модуль автоматично +перемкнеться на наступну службу. Комп’ютер служби вважатиметься з’єднаним з +мережею, можливі подальші спроби використання інших служб. + + + Подальші спроби встановлення з’єднання з комп’ютерами або службами, +позначеними як такі, що перебувають поза мережею, буде виконано за певний +проміжок часу. У поточній версії цей проміжок є незмінним і дорівнює 30 +секундам. + + + Якщо список комп’ютерів буде вичерпано, основний модуль перейде у режим +автономної роботи і повторюватиме спроби з’єднання кожні 30 секунд. + + + + Час очікування на перемикання на резервний ресурс та точне налаштовування + + Для визначення сервера для з'єднання достатньо одного запиту DNS або +декількох кроків, зокрема визначення відповідного сайта або спроба +використати декілька назв вузлів у випадку, якщо якісь із налаштованих +серверів недоступні. Складніші сценарії можуть потребувати додаткового часу, +а SSSD треба збалансувати надання достатнього часу для завершення процесу +визначення і використання притомного часу на виконання цього запиту перед +переходом до автономного режиму. Якщо діагностичний журнал SSSD показує, що +під час визначення сервера перевищено час очікування на з'єднання із +працездатним сервером, варто змінити значення параметрів часу очікування. + + + У цьому розділі наведено списки доступних для коригування параметрів. Будь +ласка, ознайомтеся із їхніми описами за допомогою сторінки підручника + +sssd.conf5 +. + + + dns_resolver_server_timeout + + + + Час у мілісекундах, протягом якого SSSD має намагатися обмінятися даними із +окремим сервером DNS, перш ніж перейти до спроб зв'язатися із наступним. + + + Типове значення: 1000 + + + + + + dns_resolver_op_timeout + + + + Час у секундах, який визначає тривалість періоду, протягом якого SSSD +намагатиметься обробити окремий запит DNS (наприклад встановити назву вузла +або запис SRV), перш ніж перейти до наступної назви вузла або наступного +домену пошуку. + + + Типове значення: 3 + + + + + + dns_resolver_timeout + + + + Наскільки довго має чекати SSSD на визначення резервної служби надання +даних. На внутрішньому рівні визначення такої служби може включати декілька +кроків, зокрема визначення адрес запитів DNS SRV або пошук розташування +сайта. + + + Типове значення: 6 + + + + + + + Для заснованих на LDAP постачальників даних дія з визначення виконується як +частина дії зі встановлення з'єднання із LDAP. Тому слід також встановити +для часу очікування ldap_opt_timeout значення, яке +перевищуватиме значення dns_resolver_timeout, яке також має +перевищувати значення dns_resolver_op_timeout, яке має +перевищувати значення dns_resolver_server_timeout. + + + diff --git a/src/man/uk/include/homedir_substring.xml b/src/man/uk/include/homedir_substring.xml new file mode 100644 index 0000000..d8238bc --- /dev/null +++ b/src/man/uk/include/homedir_substring.xml @@ -0,0 +1,18 @@ + + homedir_substring (рядок) + + + Значення цього параметра буде використано під час розгортання параметра +override_homedir, якщо у шаблоні міститься рядок +форматування %H. Запис каталогу LDAP може безпосередньо +містити цей шаблон для розгортання шляху до домашнього каталогу на кожному з +клієнтських комп’ютерів (або у кожній з операційних систем). Значення +параметра можна вказати окремо для кожного з доменів або на загальному рівні +у розділі [nss]. Значення, вказане у розділі домену, має вищий пріоритет за +значення, встановлене за допомогою розділу [nss]. + + + Типове значення: /home + + + diff --git a/src/man/uk/include/ipa_modified_defaults.xml b/src/man/uk/include/ipa_modified_defaults.xml new file mode 100644 index 0000000..8f8f904 --- /dev/null +++ b/src/man/uk/include/ipa_modified_defaults.xml @@ -0,0 +1,124 @@ + + ЗМІНЕНІ ТИПОВІ ПАРАМЕТРИ + + Деякі типові значення параметрів не збігаються із типовими значеннями +параметрів засобу надання даних. Із назвами відповідних параметрів та +специфічні для засобу надання даних IPA значення цих параметрів можна +ознайомитися за допомогою наведеного нижче списку: + + + Модуль надання даних KRB5 + + + + krb5_validate = true + + + + + krb5_use_fast = try + + + + + krb5_canonicalize = true + + + + + + Модуль надання даних LDAP — Загальне + + + + ldap_schema = ipa_v1 + + + + + ldap_force_upper_case_realm = true + + + + + ldap_sasl_mech = GSSAPI + + + + + ldap_sasl_minssf = 56 + + + + + ldap_account_expire_policy = ipa + + + + + ldap_use_tokengroups = true + + + + + + Модуль надання даних LDAP — Параметри користувачів + + + + ldap_user_member_of = memberOf + + + + + ldap_user_uuid = ipaUniqueID + + + + + ldap_user_ssh_public_key = ipaSshPubKey + + + + + ldap_user_auth_type = ipaUserAuthType + + + + + + Модуль надання даних LDAP — Параметри груп + + + + ldap_group_object_class = ipaUserGroup + + + + + ldap_group_object_class_alt = posixGroup + + + + + ldap_group_member = member + + + + + ldap_group_uuid = ipaUniqueID + + + + + ldap_group_objectsid = ipaNTSecurityIdentifier + + + + + ldap_group_external_member = ipaExternalMember + + + + + diff --git a/src/man/uk/include/krb5_options.xml b/src/man/uk/include/krb5_options.xml new file mode 100644 index 0000000..0075582 --- /dev/null +++ b/src/man/uk/include/krb5_options.xml @@ -0,0 +1,164 @@ + + + krb5_auth_timeout (ціле число) + + + Час очікування, по завершенню якого буде перервано запит щодо розпізнавання +або зміни пароля у мережі. Якщо це можливо, обробку запиту щодо +розпізнавання буде продовжено у автономному режимі. + + + Типове значення: 6 + + + + + + krb5_validate (булеве значення) + + + Перевірити за допомогою krb5_keytab, чи отриманий TGT не було +підмінено. Перевірка записів у таблиці ключів виконується послідовно. Для +перевірки використовується перший запис з відповідним значенням +області. Якщо не буде знайдено жодного відповідного області запису, буде +використано останній запис з таблиці ключів. Цим процесом можна скористатися +для перевірки середовищ за допомогою зв’язків довіри між записами областей: +достатньо розташувати відповідний запис таблиці ключів на останньому місці +або зробити його єдиним записом у файлі таблиці ключів. + + + Типове значення: false (надається IPA та AD: true) + + + Будь ласка, зауважте, що перевірка квитка є першим кроком при перевірці PAC +(див. «pac_check» на сторінці підручника щодо +sssd.conf 5 +, щоб дізнатися більше). Якщо перевірку квитків вимкнено, +також буде вимкнено і перевірки PAC. + + + + + + krb5_renewable_lifetime (рядок) + + + Надіслати запит щодо поновлюваного квитка з загальним строком дії, вказаним +за допомогою цілого числа, за яким одразу вказано одиницю часу: + + + s — секунди + + + m — хвилини + + + h — години + + + d — дні. + + + Якщо одиниці часу не буде вказано, вважатиметься, що використано одиницю +s. + + + Зауваження: не можна використовувати одразу декілька одиниць. Якщо вам +потрібно встановити строк дії у півтори години, слід вказати «90m», а не +«1h30m». + + + Типове значення: не встановлено, тобто TGT не є оновлюваним + + + + + + krb5_lifetime (рядок) + + + Надіслати запит щодо квитка з загальним строком дії, вказаним за допомогою +цілого числа, за яким одразу вказано одиницю часу: + + + s — секунди + + + m — хвилини + + + h — години + + + d — дні. + + + Якщо одиниці часу не буде вказано, вважатиметься, що використано одиницю +s. + + + Зауваження: не можна використовувати одразу декілька одиниць. Якщо вам +потрібно встановити строк дії у півтори години, слід вказати «90m», а не +«1h30m». + + + Типове значення: не встановлено, тобто типовий строк дії квитка +визначатиметься у налаштуваннях KDC. + + + + + + krb5_renew_interval (рядок) + + + Час у секундах між двома послідовними перевірками того, чи слід оновлювати +записи TGT. Записи TGT оновлюються після завершення приблизно половини +їхнього строку дії, що задається як ціле число з наступним позначенням +одиниці часу: + + + s — секунди + + + m — хвилини + + + h — години + + + d — дні. + + + Якщо одиниці часу не буде вказано, вважатиметься, що використано одиницю +s. + + + Зауваження: не можна використовувати одразу декілька одиниць. Якщо вам +потрібно встановити строк дії у півтори години, слід вказати «90m», а не +«1h30m». + + + Якщо значення для цього параметра встановлено не буде або буде встановлено +значення 0, автоматичного оновлення не відбуватиметься. + + + Типове значення: not set + + + + + + krb5_canonicalize (булеве значення) + + + Визначає, чи слід перетворювати реєстраційний запис вузла і користувача у +канонічну форму. Цю можливість передбачено з версії MIT Kerberos 1.7. + + + + Типове значення: false + + + + diff --git a/src/man/uk/include/ldap_id_mapping.xml b/src/man/uk/include/ldap_id_mapping.xml new file mode 100644 index 0000000..5fb3523 --- /dev/null +++ b/src/man/uk/include/ldap_id_mapping.xml @@ -0,0 +1,297 @@ + + ВСТАНОВЛЕННЯ ВІДПОВІДНОСТІ ІДЕНТИФІКАТОРІВ + + Можливість встановлення відповідності ідентифікаторів надає SSSD змогу +працювати у режимі клієнта Active Directory без потреби для адміністраторів +розширювати атрибути користувача з метою підтримки атрибутів POSIX для +ідентифікаторів користувачів та груп. + + + Зауваження: якщо увімкнено встановлення відповідності ідентифікаторів, +атрибути uidNumber та gidNumber буде проігноровано. Так зроблено з метою +уникання конфліктів між автоматично визначеними та визначеними вручну +значеннями. Якщо вам потрібно призначити певні значення вручну, вручну +доведеться призначати ВСІ значення. + + + Будь ласка, зауважте, що зміна параметрів налаштувань, пов’язаних із +встановленням відповідності ідентифікаторів, призведе до зміни +ідентифікаторів користувачів і груп. У поточній версії SSSD зміни +ідентифікаторів не передбачено, отже, вам доведеться вилучити базу даних +SSSD. Оскільки кешовані паролі також зберігаються у базі даних, вилучення +бази даних слід виконувати, лише якщо сервери розпізнавання є доступними, +інакше користувачі не зможуть отримати потрібного їм доступу. З метою +кешування паролів слід виконати сеанс розпізнавання. Для вилучення бази +даних недостатньо використання команди +sss_cache 8 +, процедура має складатися з декількох кроків: + + + + Переконуємося, що віддалені сервери є доступними. + + + + + Зупиняємо роботу служби SSSD + + + + + Вилучаємо базу даних + + + + + Запускаємо службу SSSD + + + + Крім того, оскільки зміна ідентифікаторів може потребувати коригування інших +властивостей системи, зокрема прав власності на файли і каталоги, варто +спланувати усе наперед і ретельно перевірити налаштування встановлення +відповідності ідентифікаторів. + + + + Алгоритм встановлення відповідності + + Active Directory надає значення objectSID для всіх об’єктів користувачів і +груп у каталозі. Таке значення objectSID можна розбити на компоненти, які +відповідають профілю домену Active Directory та відносному ідентифікатору +(RID) об’єкта користувача або групи. + + + Алгоритмом встановлення відповідності ідентифікаторів SSSD передбачено поділ +діапазону доступних UID на розділи однакових розмірів, які називаються +«зрізами». Кожен зріз відповідає простору, доступному певному домену Active +Directory. + + + Коли SSSD вперше зустрічає запис користувача або групи певного домену, SSSD +віддає один з доступних зрізів під цей домен. З метою уможливлення +відтворення такого призначення зрізів на різних клієнтських системах, зріз +вибирається за таким алгоритмом: + + + Рядок SID передається алгоритмові murmurhash3 з метою перетворення його на +хешоване 32-бітове значення. Для вибору зрізу використовується ціла частина +від ділення цього значення на загальну кількість доступних зрізів. + + + Зауваження: за такого алгоритму можливі збіги за хешем та відповідною цілою +частиною від ділення. У разі виявлення таких збігів буде вибрано наступний +доступних зріз, але це може призвести до неможливості відтворити точно такий +самий набір зрізів на інших комп’ютерах (оскільки в такому разі на вибір +зрізів може вплинути порядок, у якому виконується обробка даних). Якщо ви +зіткнулися з подібною ситуацією, рекомендуємо вам або перейти на +використання явних атрибутів POSIX у Active Directory (вимкнути встановлення +відповідності ідентифікаторів) або налаштувати типовий домен з метою +гарантування того, що принаймні цей домен матиме еталонні дані. Докладніше +про це у розділі «Налаштування». + + + + + Налаштування + + Мінімальне налаштовування (у розділі [domain/НАЗВА_ДОМЕНУ]): + + + +ldap_id_mapping = True +ldap_schema = ad + + + + За типових налаштувань буде створено 10000 зрізів, кожен з яких може містити +до 200000 ідентифікаторів, починаючи з 2000000 і аж до 2000200000. Цього має +вистачити для більшості розгорнутих середовищ. + + + Додаткові налаштування + + + ldap_idmap_range_min (ціле число) + + + Визначає нижню (включну) межу діапазону ідентифікаторів POSIX, які слід +використовувати для встановлення відповідності SID користувачів і груп +Active Directory. Це перший ідентифікатор POSIX, яким можна скористатися для +прив'язки. + + + Зауваження: цей параметр відрізняється від min_id тим, що +min_id працює як фільтр відповідей на запити щодо цього +домену, а цей параметр керує діапазоном призначення ідентифікаторів. Ця +відмінність є мінімальною, але загалом варто визначати min_id +меншим або рівним ldap_idmap_range_min + + + Типове значення: 200000 + + + + + ldap_idmap_range_max (ціле число) + + + Визначає верхню (виключну) межу діапазону ідентифікаторів POSIX, які слід +використовувати для встановлення відповідності SID користувачів і груп +Active Directory. Це перший ідентифікатор POSIX, яким не можна скористатися +для прив'язки, тобто ідентифікатор, який на одиницю більший за останній, +яким можна скористатися для прив'язки. + + + Зауваження: цей параметр відрізняється від max_id тим, що +max_id працює як фільтр відповідей на запити щодо цього +домену, а цей параметр керує діапазоном призначення ідентифікаторів. Ця +відмінність є мінімальною, але загалом варто визначати max_id +більшим або рівним ldap_idmap_range_max + + + Типове значення: 2000200000 + + + + + ldap_idmap_range_size (ціле число) + + + Визначає кількість ідентифікаторів доступних на кожному зі зрізів. Якщо +розмір діапазону не ділиться націло на мінімальне і максимальне значення, +буде створено якомога більше повних зрізів. + + + ЗАУВАЖЕННЯ: значення цього параметра має бути не меншим за значення +максимального запланованого до використання RID на сервері Active +Directory. Пошук даних та вхід для будь-яких користувачів з RID, що +перевищує це значення, буде неможливим. + + + Приклад: якщо найсвіжішим доданим користувачем Active Directory є користувач +з objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, +«ldap_idmap_range_size» повинне мати значення, яке є не меншим за 1108, +оскільки розмір діапазону дорівнює максимальному SID мінус мінімальний SID +плюс 1. (Наприклад, 1108 = 1107 - 0 + 1). + + + Для майбутнього можливого розширення важливо все спланувати наперед, +оскільки зміна цього значення призведе до зміни усіх прив’язок +ідентифікаторів у системі, отже зміни попередніх локальних ідентифікаторів +користувачів. + + + Типове значення: 200000 + + + + + ldap_idmap_default_domain_sid (рядок) + + + Визначає SID типового домену. За допомогою цього параметра можна гарантувати +те, що цей домен буде завжди призначено до нульового зрізу у карті +ідентифікаторів без використання алгоритму murmurhash описаного вище. + + + Типове значення: not set + + + + + ldap_idmap_default_domain (рядок) + + + Вказати назву типового домену. + + + Типове значення: not set + + + + + ldap_idmap_autorid_compat (булеве значення) + + + Змінює поведінку алгоритму встановлення відповідності ідентифікаторів так, +щоб обчислення відбувалися за алгоритмом подібним до алгоритму +idmap_autorid winbind. + + + When this option is configured, domains will be allocated starting with +slice zero and increasing monotonically with each additional domain. + + + Зауваження: цей алгоритм є недетерміністичним (залежить від порядку записів +користувачів та груп). Якщо з метою сумісності з системою, у якій запущено +winbind, буде використано цей алгоритм, варто також скористатися параметром +ldap_idmap_default_domain_sid з метою гарантування +послідовного призначення принаймні одного домену до нульового зрізу. + + + Типове значення: False + + + + + ldap_idmap_helper_table_size (ціле число) + + + Максимальна кількість вторинних зрізів, яку можна використовувати під час +виконання прив'язки ідентифікатора UNIX до SID. + + + Зауваження: під час прив'язування SID до ідентифікатора UNIX може бути +створено додаткові вторинні зрізи, якщо частини RID SID перебувають поза +межами діапазону вже створених вторинних зрізів. Якщо значенням +ldap_idmap_helper_table_size буде 0, додаткові вторинні зрізи не +створюватимуться. + + + Типове значення: 10 + + + + + + + + + Добре відомі SID + + У SSSD передбачено підтримку пошуку назв за добре відомими (Well-Known) SID, +тобто SID із особливим запрограмованим призначенням. Оскільки типові +користувачі і групи, пов’язані із цими добре відомими SID не мають +еквівалентів у середовищі Linux/UNIX, ідентифікаторів POSIX для цих об’єктів +немає. + + + Простір назв SID упорядковано службами сертифікації, які виглядають як інші +домени. Службами сертифікації для добре відомих (Well-Known) SID є + + Фіктивна служба сертифікації (Null Authority) + Загальна служба сертифікації (World Authority) + Локальна служба сертифікації (Local Authority) + Авторська служба сертифікації (Creator Authority) + Обов'язкова служба сертифікації міток + Служба розпізнавання + Служба сертифікації NT (NT Authority) + Вбудована (Built-in) + + Написані літерами верхнього регістру ці назви буде використано як назви +доменів для повернення повних назв добре відомих (Well-Known) SID. + + + Оскільки деякі з програм надають змогу змінювати дані щодо керування +доступом на основі SID за допомогою назви, а не безпосереднього +використання, у SSSD передбачено підтримку пошуку SID за назвою. Щоб +уникнути конфліктів, для пошуку добре відомих (Well-Known) SID приймаються +лише повні назви. Отже, не можна використовувати як назви доменів у +sssd.conf такі назви: «NULL AUTHORITY», «WORLD +AUTHORITY», «LOCAL AUTHORITY», «CREATOR AUTHORITY», «MANDATORY LABEL +AUTHORITY», «AUTHENTICATION AUTHORITY», «NT AUTHORITY» та «BUILTIN». + + + + diff --git a/src/man/uk/include/ldap_search_bases.xml b/src/man/uk/include/ldap_search_bases.xml new file mode 100644 index 0000000..7261348 --- /dev/null +++ b/src/man/uk/include/ldap_search_bases.xml @@ -0,0 +1,33 @@ + + + Додатковий основний DN, область пошуку і фільтр LDAP для обмеження пошуків +LDAP цим типом атрибутів. + + + синтаксис: +search_base[?scope?[filter][?search_base?scope?[filter]]*] + + + + Діапазоном може бути одне зі значень, «base» (основа), «onelevel» (окремий +рівень) або «subtree» (піддерево). Докладніший опис діапазонів наведено у +розділі 4.5.1.2 документа http://tools.ietf.org/html/rfc4511 + + + Фільтром має бути коректний запис фільтрування LDAP, відповідно до +специфікації http://www.ietf.org/rfc/rfc2254.txt + + + Приклади використання цих синтаксичних конструкцій можна знайти у розділі +прикладів «ldap_search_base». + + + Типове значення: значення ldap_search_base + + + Будь ласка, зауважте, що підтримки визначення області або фільтра для +пошуків на сервері Active Directory не передбачено. Це може призвести до +отримання значної кількості результатів і викликати реакцію з боку +розширення діапазону отримання (Range Retrieval). + + diff --git a/src/man/uk/include/local.xml b/src/man/uk/include/local.xml new file mode 100644 index 0000000..d26290f --- /dev/null +++ b/src/man/uk/include/local.xml @@ -0,0 +1,19 @@ + + ЛОКАЛЬНИЙ ДОМЕН + + З метою забезпечення належної роботи слід створити домен з +id_provider=local та запустити SSSD. + + + Адміністратор може надати перевагу використанню локальних записів +користувачів SSSD замість традиційних записів користувачів UNIX, якщо для +роботи потрібна вкладеність груп (див. +sss_groupadd 8 +). Використання локальних записів може також бути корисним +для тестування та розробки програмного забезпечення з підтримкою SSSD (у +такому разі не потрібно розгортати повноцінний віддалений +сервер). Інструменти sss_user* та +sss_group* використовують для зберігання записів +користувачів і груп локальне сховище даних LDB. + + diff --git a/src/man/uk/include/override_homedir.xml b/src/man/uk/include/override_homedir.xml new file mode 100644 index 0000000..6407471 --- /dev/null +++ b/src/man/uk/include/override_homedir.xml @@ -0,0 +1,79 @@ + +override_homedir (рядок) + + + Перевизначити домашній каталог користувача. Ви можете вказати абсолютне +значення або шаблон. У шаблоні можна використовувати такі замінники: + + + %u + ім'я користувача + + + %U + номер UID + + + %d + назва домену + + + %f + ім’я користувача повністю (користувач@домен) + + + %l + Перша літера назви облікового запису. + + + %P + UPN - User Principal Name (ім’я@ОБЛАСТЬ) + + + %o + + Початкова домашня тека, отримана від служби профілів. + + + + %h + + Початкова домашня тека, отримана від служби профілів, але літерами нижнього +регістру. + + + + %H + + Значення параметра налаштовування homedir_substring. + + + + %% + символ відсотків («%») + + + + + + Значення цього параметра можна встановлювати для кожного з доменів окремо. + + + приклад: +override_homedir = /home/%u + + + + Типове значення: не встановлено (SSSD використовуватиме значення, отримане +від LDAP) + + + Будь ласка, зауважте, що домашній каталог для певного перевизначення для +користувача, локально +(див. sss_override +8) або централізовано керованих +перевизначень ідентифікаторів IPA, має вищий пріоритет, і його буде +використано замість значення, вказаного в override_homedir. + + + diff --git a/src/man/uk/include/param_help.xml b/src/man/uk/include/param_help.xml new file mode 100644 index 0000000..2905109 --- /dev/null +++ b/src/man/uk/include/param_help.xml @@ -0,0 +1,10 @@ + + + , + + + + Показати довідкове повідомлення і завершити роботу. + + + diff --git a/src/man/uk/include/param_help_py.xml b/src/man/uk/include/param_help_py.xml new file mode 100644 index 0000000..8870e8f --- /dev/null +++ b/src/man/uk/include/param_help_py.xml @@ -0,0 +1,10 @@ + + + , + + + + Показати довідкове повідомлення і завершити роботу. + + + diff --git a/src/man/uk/include/seealso.xml b/src/man/uk/include/seealso.xml new file mode 100644 index 0000000..cd6383c --- /dev/null +++ b/src/man/uk/include/seealso.xml @@ -0,0 +1,49 @@ + + ТАКОЖ ПЕРЕГЛЯНЬТЕ + + sssd8 +, +sssd.conf5 +, +sssd-ldap5 +, +sssd-ldap-attributes5 +, +sssd-krb55 +, +sssd-simple5 +, +sssd-ipa5 +, +sssd-ad5 +, +sssd-files5 +, +sssd-sudo 5 +, +sssd-session-recording +5 , +sss_cache8 +, +sss_debuglevel8 +, +sss_obfuscate8 +, +sss_seed8 +, +sssd_krb5_locator_plugin8 +, +sss_ssh_authorizedkeys +8 , +sss_ssh_knownhostsproxy +8 , sssd-ifp +5 , +pam_sss8 +. +sss_rpcidmapd 5 + +sssd-systemtap 5 + + + diff --git a/src/man/uk/include/service_discovery.xml b/src/man/uk/include/service_discovery.xml new file mode 100644 index 0000000..8452639 --- /dev/null +++ b/src/man/uk/include/service_discovery.xml @@ -0,0 +1,45 @@ + + ПОШУК СЛУЖБ + + За допомогою можливості виявлення служб основні модулі мають змогу +автоматично визначати відповідні сервери для встановлення з’єднання на +основі даних, отриманих у відповідь на спеціальний запит до DNS. Підтримки +цієї можливості для резервних серверів не передбачено. + + + Налаштування + + Якщо серверів не буде вказано, модуль автоматично використає визначення +служб для пошуку сервера. Крім того, користувач може використовувати і +фіксовані адреси серверів і виявлення служб. Для цього слід вставити +особливе ключове слово, «_srv_», до списку серверів. Пріоритет визначається +за вказаним порядком. Ця можливість є корисною, якщо, наприклад, користувач +надає перевагу використанню виявлення служб, якщо це можливо, з поверненням +до використання певного сервера, якщо за допомогою DNS не вдасться виявити +жодного сервера. + + + + Назва домену + + З докладнішими відомостями щодо параметра «dns_discovery_domain» можна +ознайомитися на сторінці підручника (man) +sssd.conf 5 +. + + + + Протокол + + Запитами зазвичай визначається протокол _tcp. Виключення документовано у +описі відповідного параметра. + + + + Також прочитайте + + Докладніші відомості щодо механізмів визначення служб можна знайти у RFC +2782. + + + diff --git a/src/man/uk/include/upstream.xml b/src/man/uk/include/upstream.xml new file mode 100644 index 0000000..4b0c243 --- /dev/null +++ b/src/man/uk/include/upstream.xml @@ -0,0 +1,3 @@ + +SSSD Основна гілка розробки SSSD — +https://pagure.io/SSSD/sssd/ diff --git a/src/man/uk/pam_sss.8.xml b/src/man/uk/pam_sss.8.xml new file mode 100644 index 0000000..49dcf5a --- /dev/null +++ b/src/man/uk/pam_sss.8.xml @@ -0,0 +1,453 @@ + + + +Сторінки підручника SSSD + + + + + pam_sss + 8 + + + + pam_sss + модуль PAM для SSSD + + + + +pam_sss.so +quiet +forward_pass +use_first_pass +use_authtok +retry=N +ignore_unknown_user +ignore_authinfo_unavail +domains=X +allow_missing_name +prompt_always +try_cert_auth +require_cert_auth + + + + ОПИС + pam_sss.so — інтерфейс PAM до System Security Services +daemon (SSSD). Помилки та результати роботи записуються за допомогою +syslog(3) до запису LOG_AUTHPRIV. + + + + ПАРАМЕТРИ + + + + + + + Не показувати у журналі повідомлень для невідомих користувачів. + + + + + + + + Якщо встановлено значення , введений пароль +буде збережено у стосі паролів для використання іншими модулями PAM. + + + + + + + + + Використання аргументу use_first_pass примушує модуль до використання пароля +з модулів попереднього рівня. Ніяких запитів до користувача не +надсилатиметься, — якщо пароль не буде виявлено або пароль виявиться +непридатним, доступ користувачеві буде заборонено. + + + + + + + + Визначає ситуацію, коли зміна пароля примушує модуль встановлювати новий +пароль на основі пароля, наданого попереднім модулем обробки паролів зі +стосу модулів. + + + + + + + + Якщо вказано, користувача запитуватимуть про пароль ще N разів, якщо перший +раз розпізнавання зазнає невдачі. Типовим значенням є 0. + Будь ласка, зауважте, що цей параметр може працювати не так, як очікується, +якщо програма, яка викликає PAM, має власний обробник діалогових вікон +взаємодії з користувачем. Типовим прикладом є sshd з +. + + + + + + + + Якщо вказано цей параметр і облікового запису не існує, модуль PAM поверне +PAM_IGNORE. Це призводить до ігнорування цього модуля оболонкою PAM. + + + + + + + + + Визначає, що модуль PAM має повертати PAM_IGNORE, якщо не вдається +встановити зв’язок із фоновою службою SSSD. У результаті набір інструментів +PAM ігнорує цей модуль. + + + + + + + + + Надає змогу адміністратору обмежити домен певною службою PAM, за допомогою +якої можна буде виконувати розпізнавання. Формат значення: список назв +доменів SSSD, відокремлених комами, так, як їх вказано у файлі sssd.conf. + + + Зауваження: Якщо використовується для служби, яку запущено не від імені +користувача root, наприклад вебсервера, слід використовувати разом із +параметрами «pam_trusted_users» і «pam_public_domains». Будь ласка, +ознайомтеся із сторінкою підручника +sssd.conf 5 +, щоб дізнатися більше про ці два параметри відповідача PAM. + + + + + + + + + + Основним призначенням цього параметра є надання SSSD змоги визначати ім'я +користувача на основі додаткових даних, наприклад сертифіката зі +смарткартки. + + + Поточним основним призначенням є засоби керування входом до системи, які +можуть спостерігати за подіями обробки карток на засобі читання +смарткарток. Щойно буде вставлено смарткартку, засіб керування входом до +системи викличе стос PAM, до якого включено рядок, подібний до +auth sufficient pam_sss.so allow_missing_name + Якщо SSSD спробує визначити ім'я користувача +на основі вмісту смарткартки, повертає його до pam_sss, який, нарешті, +передасть його стосу PAM. + + + + + + + + + + Завжди запитувати у користувача реєстраційні дані. Якщо використано цей +параметр, реєстраційні дані, запит на які надійшов від інших модулів PAM, +типово, пароль, буде проігноровано, а pam_sss надсилатиме запит щодо +реєстраційних даних знову. На основі відповіді на попереднє розпізнавання +від SSSD pam_sss може надіслати запит щодо пароля, пін-коду смарткартки або +інших реєстраційних даних. + + + + + + + + + + Спробувати скористатися розпізнаванням на основі сертифікатів, тобто +розпізнаванням за допомогою смарткартки або подібного пристрою. Якщо +доступною є смарткартка і уможливлено розпізнавання за смарткарткою для +служби, система надішле запит щодо пін-коду і буде продовжено процедуру +розпізнавання за сертифікатом. + + + Якщо смарткартка виявиться недоступною або розпізнавання за сертифікатом +буде заборонено для поточної служби, буде повернуто PAM_AUTHINFO_UNAVAIL. + + + + + + + + + + Виконати розпізнавання на основі сертифікатів, тобто розпізнавання за +допомогою смарткартки або подібного пристрою. Якщо смарткартка виявиться +недоступною, система попросить користувача вставити її. SSSD чекатиме на +смарткартку, аж доки не завершиться час очікування, визначений переданим +значенням +p11_wait_for_card_timeout. +Див. sssd.conf +5, щоб дізнатися більше. + + + Якщо смарткартка виявиться недоступною на момент завершення часу очікування +або розпізнавання за сертифікатом буде заборонено для поточної служби, буде +повернуто PAM_AUTHINFO_UNAVAIL. + + + + + + + + ПЕРЕДБАЧЕНІ ТИПИ МОДУЛІВ + Передбачено всі типи модулів (, +, і +). + + Якщо відповідач PAM SSSD не запущено, наприклад, якщо сокет відповідача PAM +є недоступним, pam_sss поверне PAM_USER_UNKNOWN при виклику з модуля +, щоб уникнути проблем із записами користувачів із +інших джерел під час керування доступом. + + + + ПОВЕРНЕНІ ЗНАЧЕННЯ + + + PAM_SUCCESS + + + Дію PAM завершено успішно. + + + + + PAM_USER_UNKNOWN + + + Користувач є невідомим службі розпізнавання або відповідач PAM SSSD не +запущено. + + + + + PAM_AUTH_ERR + + + Помилка розпізнавання. Також може бути повернено, якщо виникла проблема із +отриманням сертифіката. + + + + + PAM_PERM_DENIED + + + Доступ заборонено. Додаткові відомості щодо помилки можуть міститися у +файлах журналів SSSD. + + + + + PAM_IGNORE + + + Див. параметри і +. + + + + + PAM_AUTHTOK_ERR + + + Не вдалося отримати новий ключ розпізнавання. Крім того, може бути +повернуто, якщо користувач проходить розпізнавання за допомогою +сертифікатів, доступними є декілька сертифікатів, але у встановленій версії +GDM не передбачено можливості вибору одного з декількох сертифікатів. + + + + + PAM_AUTHINFO_UNAVAIL + + + Не вдалося отримати доступ до даних щодо розпізнавання. Причиною може бути +помилка у роботі мережі або обладнання. + + + + + PAM_BUF_ERR + + + Сталася помилка при роботі з пам'яттю. Також може бути повернуто, якщо було +встановлено параметр use_first_pass або use_authtok, але не було знайдено +пароля у попередньому модулі PAM зі стосу обробки. + + + + + PAM_SYSTEM_ERR + + + Сталася загальносистемна помилка. Додаткові відомості щодо помилки можуть +міститися у файлах журналів SSSD. + + + + + PAM_CRED_ERR + + + Не вдалося встановити реєстраційні дані користувача. + + + + + PAM_CRED_INSUFFICIENT + + + У програми немає достатніх реєстраційних даних для розпізнавання +користувача. Наприклад, може не вистачати PIN-коду при розпізнаванні за +смарткарткою або якогось фактора при двофакторному розпізнаванні. + + + + + PAM_SERVICE_ERR + + + Помилка у службовому модулі. + + + + + PAM_NEW_AUTHTOK_REQD + + + Строк дії ключа розпізнавання користувача вичерпано. + + + + + PAM_ACCT_EXPIRED + + + Строк дії облікового запису користувача вичерпано. + + + + + PAM_SESSION_ERR + + + Не вдалося отримати правила профілю стільниці IPA або дані користувача. + + + + + PAM_CRED_UNAVAIL + + + Не вдалося отримати реєстраційні дані користувача Kerberos. + + + + + PAM_NO_MODULE_DATA + + + Kerberos не вдалося знайти метод розпізнавання. Таке може трапитися, якщо із +записом користувача пов'язано смарткартку, але додаток pkint є недоступним +на клієнті. + + + + + PAM_CONV_ERR + + + Помилка обміну даними. + + + + + PAM_AUTHTOK_LOCK_BUSY + + + Немає доступних придатних KDC для зміни пароля. + + + + + PAM_ABORT + + + Невідомий виклик PAM. + + + + + PAM_MODULE_UNKNOWN + + + Непідтримувана команда або завдання PAM. + + + + + PAM_BAD_ITEM + + + Модулю розпізнавання не вдалося обробити реєстраційні дані з смарткартки. + + + + + + + + ФАЙЛИ + Якщо спроба скидання пароля від імені адміністративного користувача (root) +зазнає невдачі, оскільки у відповідному засобі обробки SSSD не передбачено +скидання паролів, може бути показано певне повідомлення. У цьому +повідомленні, наприклад, можуть міститися настанови щодо скидання пароля. + + Текст повідомлення буде прочитано з файла +pam_sss_pw_reset_message.LOC, де «LOC» — рядок локалі у +форматі, повернутому +setlocale3 +. Якщо відповідного файла знайдено не буде, буде показано +вміст файла pam_sss_pw_reset_message.txt. Власником +файлів має бути адміністративний користувач (root). Доступ до запису файлів +також повинен мати лише адміністративний користувач. Всім іншим користувачам +може бути надано лише право читання файлів. + + Пошук цих файлів виконуватиметься у каталозі +/etc/sssd/customize/НАЗВА_ДОМЕНУ/. Якщо відповідний +файл не буде знайдено, буде показано типове повідомлення. + + + + + + diff --git a/src/man/uk/pam_sss_gss.8.xml b/src/man/uk/pam_sss_gss.8.xml new file mode 100644 index 0000000..9f07372 --- /dev/null +++ b/src/man/uk/pam_sss_gss.8.xml @@ -0,0 +1,217 @@ + + + +Сторінки підручника SSSD + + + + + pam_sss_gss + 8 + + + + pam_sss_gss + модуль PAM для розпізнавання за GSSAPI у SSSD + + + + +pam_sss_gss.so +debug + + + + ОПИС + + pam_sss_gss.so розпізнає користувача за допомогою GSSAPI +у поєднанні із SSSD. + + + Цей модуль намагатиметься виконати розпізнавання користувача за допомогою +служби на основі вузла GSSAPI із назвою вузол@назва_вузла, яка транслюватиме +дані до реєстраційного запису Kerberos вузол/назва_вузла@ОБЛАСТЬ. Частину +ОБЛАСТЬ назви реєстраційного запису Kerberos буде +визначено за внутрішніми механізмами Kerberos. Її можна встановити явним +чином у налаштуваннях розділу [domain_realm] у /etc/krb5.conf. + + + SSSD використовується для отримання бажаної назви служби і для перевірки +реєстраційних даних користувача за допомогою викликів GSSAPI. Якщо у кеші +реєстраційних даних Kerberos вже є квиток служби або якщо похідний квиток +квитка користувача можна використати для отримання належного квитка служби, +користувача буде розпізнано. + + + Якщо матиме значення True (типове +значення), SSSD вимагатиме, щоб реєстраційні дані, які використовуватимуться +для отримання квитків служби, можна було пов'язати із користувачем. Це +означає, що реєстраційний запис, який є власником реєстраційних даних +Kerberos, має відповідати назві реєстраційного запису користувача, яку +визначено у LDAP. + + + Щоб увімкнути розпізнавання GSSAPI у SSSD, встановіть значення + у розділі [pam] або домену в +sssd.conf. Реєстраційні дані служби має бути збережено у сховищі ключів SSSD +(його вже збережено там, якщо ви користуєтеся надавачем даних ipa або +ad). Розташування сховища ключів можна встановити за допомогою параметра +. Див. +sssd.conf 5 + і sssd-krb5 +5 , щоб дізнатися більше про ці +параметри. + + + Деякі розгорнуті екземпляри Kerberos дозволяють пов'язувати індикатори +розпізнавання із певним методом попереднього розпізнавання, який +використовується для отримання квитка, який надає квиток користувача. +pam_sss_gss.so надає змогу примусово встановити потребу у +наявності індикаторів розпізнавання у квитках служби, перш ніж буде надано +доступ до певної служби PAM. + + + Якщо встановлено у розділі [pam] +або домену sssd.conf, SSSD виконає перевірку наявності будь-яких +налаштованих індикаторів у квитку служби. + + + + + ПАРАМЕТРИ + + + + + + + Вивести діагностичні дані. + + + + + + + ПЕРЕДБАЧЕНІ ТИПИ МОДУЛІВ + Передбачено лише тип модулів + + + + ПОВЕРНЕНІ ЗНАЧЕННЯ + + + PAM_SUCCESS + + + Дію PAM завершено успішно. + + + + + PAM_USER_UNKNOWN + + + Користувач є невідомим службі розпізнавання або підтримки розпізнавання за +GSSAPI не передбачено. + + + + + PAM_AUTH_ERR + + + Помилка під час спроби розпізнавання. + + + + + PAM_AUTHINFO_UNAVAIL + + + Не вдалося отримати доступ до даних щодо розпізнавання. Причиною може бути +помилка у роботі мережі або обладнання. + + + + + PAM_SYSTEM_ERR + + + Сталася загальносистемна помилка. Додаткові відомості щодо помилки можуть +міститися у файлах журналів SSSD. + + + + + + + + ПРИКЛАДИ + + Основним випадком використання є забезпечення розпізнавання без пароля у +sudo, але без потреби у повному вимиканні розпізнавання. Для досягнення +потрібного результату спочатку увімкніть розпізнавання за GSSAPI для sudo в +sssd.conf: + + +[domain/MYDOMAIN] +pam_gssapi_services = sudo, sudo-i + + + Потім увімкніть модуль у бажаному стосі PAM (наприклад у /etc/pam.d/sudo і +/etc/pam.d/sudo-i). + + +... +auth sufficient pam_sss_gss.so +... + + + + + ДІАГНОСТИКА + + У журналі SSSD, діагностичних повідомленнях pam_sss_gss та syslog можуть +міститися корисні дані щодо помилки. Ось деякі з типових проблем: + + + 1. Встановлено змінну середовища KRB5CCNAME, а розпізнавання не працює: +залежно від вашої версії sudo, можливо, sudo не передає цю змінну до +середовища PAM. Спробуйте додати KRB5CCNAME до в +/etc/sudoers або до типових параметрів у ваших правилах sudo для LDAP. + + + 2. Розпізнавання не працює, а у syslog міститься повідомлення «Server not +found in Kerberos database»: Kerberos, ймовірно, не може визначити належну +область для квитка служби на основі назви вузла. Спробуйте додати назву +вузла безпосередньо у розділ в +/etc/krb5.conf, ось так: + + + 3. Розпізнавання не працює, а у syslog міститься повідомлення «No Kerberos +credentials available»: у вас немає реєстраційних даних, якими можна було б +скористатися для отримання потрібного квитка служби. Скористайтеся kinit або +пройдіть розпізнавання за допомогою SSSD, щоб отримати відповідні +реєстраційні дані. + + + 4. Розпізнавання не працює, а у журналі sssd-pam SSSD міститься повідомлення +«User with UPN [$UPN] was not found.» або «UPN [$UPN] does not match target +user [$username].»: ви використовуєте реєстраційні дані, які не можна +пов'язати із користувачем, розпізнавання якого відбувається. Спробуйте +скористатися kswitch для вибору іншого реєстраційного запису, переконайтеся, +що вас розпізнано за допомогою засобів SSSD або спробуйте вимкнути +. + + +[domain_realm] +.myhostname = MYREALM + + + + + + + diff --git a/src/man/uk/sss-certmap.5.xml b/src/man/uk/sss-certmap.5.xml new file mode 100644 index 0000000..c9807bf --- /dev/null +++ b/src/man/uk/sss-certmap.5.xml @@ -0,0 +1,767 @@ + + + +Сторінки підручника SSSD + + + + + sss-certmap + 5 + Формати файлів та правила + + + + sss-certmap + Правила встановлення відповідності і прив'язування сертифікатів SSSD + + + + ОПИС + + На цій сторінці підручника описано правила, якими можна скористатися у SSSD +та інших компонентах для встановлення відповідності сертифікатів X.509 та +прив'язування їх до облікових записів. + + + У кожного правила чотири компоненти — пріоритетність, +правило встановлення відповідності, правило +прив'язки і список доменів. Усі компоненти є +необов'язковими. Якщо не вказано пріоритетність, буде додано +правило із найнижчою пріоритетністю. Типове правило встановлення +відповідності встановлює відповідність сертифікатів із використанням +ключів digitalSignature і розширеним використанням ключів clientAuth. Якщо +правило прив'язки є порожнім, сертифікати шукатимуться у +атрибуті userCertificate у форматі закодованих двійкових даних DER. Якщо не +буде вказано доменів, пошук відбуватиметься у локальному домені. + + + Щоб дозволити розширення або зовсім інший стиль правила, +прив'язки та правила відповідності можуть +містити префікс відокремлений символом «:» від основної частини +правила. Префікс може містити лише літери верхнього регістру ASCII і +цифри. Якщо префікс пропущено, буде використано стандартний тип, яким є +«KRB5» для правил відповідності і «LDAP» для правил прив'язки. + + + Допоміжна програма «sssctl» надає доступ до команди «cert-eval-rule», яку +призначено для перевірки, чи відповідає вказаний сертифікат правилам +відповідності, і визначає, як виглядатиме виведення правила прив'язки. + + + + + КОМПОНЕНТИ ПРАВИЛ + + ПРІОРИТЕТНІСТЬ + + Правила оброблятимуться за пріоритетністю, номер «0» (нуль) відповідає +найвищому рівню пріоритетності. Чим більшим є значення, тим нижчою є +пріоритетність. Якщо значення не вказано, пріоритетність вважається +найнижчою. Обробку правил буде зупинено, якщо вдасться знайти відповідність +правилу, подальші правила не оброблятимуться. + + + На внутрішньому рівні пріоритетність визначається 32-бітовим цілим числом +без знаку. Використання значення пріоритетності, що перевищує 4294967295, +призводитиме до виведення повідомлення про помилку. + + + Якщо однакову пріоритетність мають декілька правил, а застосовувати можна +лише одне із пов'язаних відповідних правил, буде вибрано це правило. Якщо +існує декілька відповідних правил із однаковою пріоритетністю, буде вибрано +одне, але яке само не визначено. Щоб уникнути цієї невизначеної поведінки +або використовуйте різні пріоритетності, або зробіть правила відповідності +специфічнішими, наприклад, скориставшись явними взірцями <ISSUER>. + + + + ПРАВИЛО ВІДПОВІДНОСТІ + + Правило встановлення відповідності використовується для вибору сертифіката, +до якого слід застосовувати правило прив'язки. У цьому використовується +система, подібна до використаної у параметрі +pkinit_cert_match Kerberos MIT. Правило складається з +ключового слова між символами «<» і «>», яке визначає певну частину +сертифіката, і взірцем, який має бути знайдено, для встановлення +відповідності правила. Декілька пар ключове слово-взірець можна сполучати за +допомогою логічних операторів «&&» (та) або «||» (або). + + + Якщо задано подібність до MIT Kerberos, префіксом для цього правила є +«KRB5». Втім, «KRB5» також буде типовим для правил +відповідності, тому «<SUBJECT>.*,DC=MY,DC=DOMAIN» і +«KRB5:<SUBJECT>.*,DC=MY,DC=DOMAIN» є рівнозначними. + + + Доступні варіанти: + + <SUBJECT>формальний-вираз + + + За допомогою цього компонент можна встановлювати відповідність частини або +усього запису призначення. Для встановлення відповідності використовується +синтаксис розширених формальних виразів POSIX. Докладніший опис синтаксису +можна знайти на сторінці підручника regex(7). + + + Для встановлення відповідності запис призначення, що зберігається у +сертифікаті у форматі кодованого DER ASN.1, буде перетворено на текстовий +рядок відповідно до RFC 4514. Це означає, що першою у рядку буде +найспецифічніша компонента. Будь ласка, зауважте, що у RFC 4514 описано не +усі можливі назви атрибутів. Включеними вважаються такі назви: «CN», «L», +«ST», «O», «OU», «C», «STREET», «DC» і «UID». Назви інших атрибутів може +бути показано у різний спосіб на різних платформах і у різних +інструментах. Щоб уникнути двозначностей, не варто використовувати ці +атрибути і вживати їх у відповідних формальних виразах. + + + Приклад: <SUBJECT>.*,DC=MY,DC=DOMAIN + + + Будь ласка, зауважте, що символи «^.[$()|*+?{\» мають спеціальне значення у +формальних виразах, тому їх має бути екрановано за допомогою символу «\», +щоб програма сприймала їх як звичайні символи. + + + Приклад: <SUBJECT>^CN=.* \(Admin\),DC=MY,DC=DOMAIN$ + + + + + <ISSUER>формальний-вираз + + + За допомогою цього компонент можна встановлювати відповідність частини або +усього запису видавця. Цього запису стосуються усі коментарі щодо +<SUBJECT>. + + + Приклад: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$ + + + + + <KU>використання-ключа + + + За допомогою цього параметра можна визначити значення використання ключа, +які повинен містити сертифікат. У списку значень, відокремлених комами, +можна використовувати такі значення: + + digitalSignature + nonRepudiation + keyEncipherment + dataEncipherment + keyAgreement + keyCertSign + cRLSign + encipherOnly + decipherOnly + + + + Для спеціальних випадків можна також використати числове значення у +діапазоні 32-бітових цілих чисел без знаку. + + + Приклад: <KU>digitalSignature,keyEncipherment + + + + + <EKU>розширене-використання-ключа + + + За допомогою цього параметра можна визначити значення розширеного +використання ключа, які повинен містити сертифікат. У списку значень, +відокремлених комами, можна використовувати такі значення: + + serverAuth + clientAuth + codeSigning + emailProtection + timeStamping + OCSPSigning + KPClientAuth + pkinit + msScLogin + + + + Розширені використання ключа, які не потрапили до вказаного вище списку, +можна визначити за допомогою їхнього OID у точково-десятковому позначенні. + + + Приклад: <EKU>clientAuth,1.3.6.1.5.2.3.4 + + + + + <SAN>формальний-вираз + + + Для сумісності із використанням Kerberos MIT цей параметр встановлюватиме +відповідність реєстраційних даних Kerberos у PKINIT або AD NT Principal SAN +так, як це робить <SAN:Principal>. + + + Приклад: <SAN>.*@MY\.REALM + + + + + <SAN:Principal>формальний-вираз + + + Встановити відповідність реєстраційних даних Kerberos у PKINIT або AD NT +Principal SAN. + + + Приклад: <SAN:Principal>.*@MY\.REALM + + + + + <SAN:ntPrincipalName>формальний-вираз + + + Встановити відповідність реєстраційних даних Kerberos з AD NT Principal SAN. + + + Приклад: <SAN:ntPrincipalName>.*@MY.AD.REALM + + + + + <SAN:pkinit>формальний-вираз + + + Встановити відповідність реєстраційних даних Kerberos з SAN PKINIT. + + + Приклад: <SAN:ntPrincipalName>.*@MY\.PKINIT\.REALM + + + + + <SAN:dotted-decimal-oid>формальний-вираз + + + Отримати значення компонента SAN otherName, яке задано OID у +крапково-десятковому позначенні, обробити його як рядок і спробувати +встановити відповідність формальному виразу. + + + Приклад: <SAN:1.2.3.4>test + + + + + <SAN:otherName>base64-string + + + Виконати спробу встановлення двійкової відповідності блоку у кодуванні +base64 із усіма компонентами SAN otherName. За допомогою цього параметра +можна встановлювати відповідність із нетиповими компонентами otherName із +особливими кодуваннями, які не можна обробляти як рядки. + + + Приклад: <SAN:otherName>MTIz + + + + + <SAN:rfc822Name>формальний-вираз + + + Встановити відповідність значення SAN rfc822Name. + + + Приклад: <SAN:rfc822Name>.*@email\.domain + + + + + <SAN:dNSName>формальний-вираз + + + Встановити відповідність значення SAN dNSName. + + + Приклад: <SAN:dNSName>.*\.my\.dns\.domain + + + + + <SAN:x400Address>рядок-base64 + + + Встановити двійкову відповідність значення SAN x400Address. + + + Приклад: <SAN:x400Address>MTIz + + + + + <SAN:directoryName>формальний-вираз + + + Встановити відповідність значення SAN directoryName. Цього параметра +стосуються ті самі коментарі, які було вказано для параметрів <ISSUER> +та <SUBJECT>. + + + Приклад: <SAN:directoryName>.*,DC=com + + + + + <SAN:ediPartyName>рядок-base64 + + + Встановити двійкову відповідність значення SAN ediPartyName. + + + Приклад: <SAN:ediPartyName>MTIz + + + + + <SAN:uniformResourceIdentifier>формальний-вираз + + + Встановити відповідність значення SAN uniformResourceIdentifier. + + + Приклад: <SAN:uniformResourceIdentifier>URN:.* + + + + + <SAN:iPAddress>формальний-вираз + + + Встановити відповідність значення SAN iPAddress. + + + Приклад: <SAN:iPAddress>192\.168\..* + + + + + <SAN:registeredID>формальний-вираз + + + Встановити значення SAN registeredID у форматі точково-десяткового рядка. + + + Приклад: <SAN:registeredID>1\.2\.3\..* + + + + + + + + ПРАВИЛО ПРИВʼЯЗУВАННЯ + + Правило прив'язки використовується для пов'язування сертифіката із одним або +декількома обліковими записами. Далі, смарткарткою із сертифікатом та +відповідним закритим ключем можна скористатися для розпізнавання за одним з +цих облікових записів. + + + У поточній версії SSSD на базовому рівні підтримує пошук даних користувачів +лише у LDAP (винятком є лише засіб надання проксі, який у цьому контексті є +недоречним). Через це правило прив'язки засновано на синтаксисі фільтрування +пошуку LDAP з шаблонами для додавання вмісту сертифікатів до +фільтра. Очікується, що цей фільтр міститиме лише специфічні дані, потрібні +для прив'язки, яку функція виклику вбудовуватиме до іншого фільтра для +виконання справжнього пошуку. Через це рядок фільтрування має починатися із +завершуватися «(» і «)», відповідно. + + + Загалом, рекомендується використовувати атрибути з сертифіката і додати їх +до спеціальних атрибутів об'єкта користувача LDAP. Наприклад, можна +скористатися атрибутом «altSecurityIdentities» у AD або атрибутом +«ipaCertMapData» для IPA. + + + Бажаним шляхом є читання із сертифіката специфічних для користувача даних, +наприклад адреси електронної пошти, і пошук цих даних на сервері +LDAP. Причиною є те, що специфічні для користувача дані у LDAP можу бути з +різних причин змінено, що розірве прив'язку. З іншого боку, якщо +скористатися бажаним шляхом, розірвати прив'язку буде важко. + + + Стандартним типом правила прив'язки є «LDAP». Цей запис може +бути додано як префікс до правила. Ось так, наприклад: +«LDAP:(userCertificate;binary={cert!bin})». Передбачено розширення, яке має +назву «LDAPU1», і яке надає додаткові шаблони для збільшення гнучкості. Щоб +дозволити застарілим версіям цієї бібліотеки ігнорувати розширення, при +використанні нових шаблонів у правилі прив'язки має бути +використано префікс «LDAPU1», інакше роботу застарілої версії цієї +бібліотеки буде завершено із повідомленням про помилку при обробці вхідних +даних. Нові шаблони описано у розділі . + + + Шаблони для додавання даних сертифікатів до фільтра пошуку засновано на +рядках форматування у стилі Python. Воли складаються з ключового слова у +фігурних дужках із додатковим підкомпонентом-специфікатором, відокремленим +«.», або додатковим параметром перетворення-форматування, відокремленим +«!». Дозволені значення: + + {issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]} + + + Цей шаблон додасть повний DN видавця, перетворений на рядок відповідно до +RFC 4514. Якщо використано упорядковування X.500 (найспецифічніший RDN +стоїть останнім), буде використано параметр із префіксом «_x500». + + + У варіантах перетворення, назви яких починаються з «ad_», +використовуватимуться назви атрибутів, які використовуються AD, наприклад +«S», замість «ST». + + + У варіантах перетворення, назви яких починаються з «nss_», +використовуватимуться назви атрибутів, які використовуються NSS. + + + Типовим варіантом перетворення є «nss», тобто назви атрибутів відповідно до +NSS і упорядковування за LDAP/RFC 4514. + + + Приклад: +(ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!ad}) + + + + + {subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]} + + + Цей шаблон додасть повний DN призначення, перетворений на рядок відповідно +до RFC 4514. Якщо використано упорядковування X.500 (найспецифічніший RDN +стоїть останнім), буде використано параметр із префіксом «_x500». + + + У варіантах перетворення, назви яких починаються з «ad_», +використовуватимуться назви атрибутів, які використовуються AD, наприклад +«S», замість «ST». + + + У варіантах перетворення, назви яких починаються з «nss_», +використовуватимуться назви атрибутів, які використовуються NSS. + + + Типовим варіантом перетворення є «nss», тобто назви атрибутів відповідно до +NSS і упорядковування за LDAP/RFC 4514. + + + Приклад: +(ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>{subject_dn!nss_x500}) + + + + + {cert[!(bin|base64)]} + + + Цей шаблон додасть увесь сертифікат у кодуванні DER як рядок до фільтра +пошуку. Залежно від параметра перетворення, двійковий сертифікат або буде +преетворено на екрановану послідовність шістнадцяткових чисел у форматі +«\xx», або на код base64. Типовим варіантом є екранована шістнадцяткова +послідовність, її може бути, наприклад, використано з атрибутом LDAP +«userCertificate;binary». + + + Приклад: (userCertificate;binary={cert!bin}) + + + + + {subject_principal[.short_name]} + + + Цей шаблон додасть реєстраційні дані Kerberos, які буде взято або з SAN, +який використовується pkinit, або з реєстраційних даних AD. Компонент +«short_name» відповідає першій частині реєстраційного запису до символу «@». + + + Приклад: +(|(userPrincipal={subject_principal})(samAccountName={subject_principal.short_name})) + + + + + {subject_pkinit_principal[.short_name]} + + + Цей шаблон додасть реєстраційні дані Kerberos, які буде передано SAN, що +використовується pkinit. Компонент «short_name» відповідає першій частині +реєстраційного запису до символу «@». + + + Приклад: +(|(userPrincipal={subject_pkinit_principal})(uid={subject_pkinit_principal.short_name})) + + + + + {subject_nt_principal[.short_name]} + + + Цей шаблон додасть реєстраційні дані Kerberos, які буде передано SAN, що +використовується AD. Компонент «short_name» відповідає першій частині +реєстраційного запису до символу «@». + + + Приклад: +(|(userPrincipalName={subject_nt_principal})(samAccountName={subject_nt_principal.short_name})) + + + + + {subject_rfc822_name[.short_name]} + + + Цей шаблон додасть рядок, який зберігається у компоненті rfc822Name SAN, +типово, адресу електронної пошти. Компонент «short_name» відповідає першій +частині адреси до символу «@». + + + Приклад: +(|(mail={subject_rfc822_name})(uid={subject_rfc822_name.short_name})) + + + + + {subject_dns_name[.short_name]} + + + Цей шаблон додасть рядок, який зберігається у компоненті dNSName SAN, +типово, повну назву вузла. Компонент «short_name» відповідає першій частині +назви до першого символу «.». + + + Приклад: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name})) + + + + + {subject_uri} + + + Цей шаблон додає рядок, який зберігається у компоненті +uniformResourceIdentifier SAN. + + + Приклад: (uri={subject_uri}) + + + + + {subject_ip_address} + + + Цей шаблон додає рядок, який зберігається у компоненті iPAddress SAN. + + + Приклад: (ip={subject_ip_address}) + + + + + {subject_x400_address} + + + Цей шаблон додає значення, яке зберігається у компоненті x400Address SAN як +послідовність екранованих шістнадцяткових чисел. + + + Приклад: (attr:binary={subject_x400_address}) + + + + + {subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]} + + + Цей шаблон додасть рядок DN значення, яке зберігається у компоненті +directoryName SAN. + + + Приклад: (orig_dn={subject_directory_name}) + + + + + {subject_ediparty_name} + + + Цей шаблон додає значення, яке зберігається у компоненті ediPartyName SAN як +послідовність екранованих шістнадцяткових чисел. + + + Приклад: (attr:binary={subject_ediparty_name}) + + + + + {subject_registered_id} + + + Цей шаблон додає OID, який зберігається у компоненті registeredID SAN у +форматі точково-десяткового рядка. + + + Приклад: (oid={subject_registered_id}) + + + + + + + Розширення LDAPU1 + + При використанні розширення LDAPU1 можна скористатися такими шаблонами: + + + + + {serial_number[!(dec|hex[_ucr])]} + + + Цей шаблон додасть серійний номер сертифіката. Типово, його буде надруковано +як шістнадцяткове число літерами нижнього регістру. + + + Якщо використано параметр форматування «!dec», число буде виведено як +десятковий рядок. Виведені шістнадцяткові дані може бути показано за +допомогою літер верхнього регістру («!hex_u»), із двокрапкою, що відокремлює +шістнадцяткові байти («!hex_c»), або із шістнадцятковими байтами у +зворотному порядку («!hex_r»). Літер постфікса може бути поєднано, отже, +наприклад, «!hex_uc» призведе до виведення відокремленого двокрапками +шістнадцяткового рядка із літер верхнього регістру. + + + Приклад: LDAPU1:(serial={серійний_номер}) + + + + + + {subject_key_id[!hex[_ucr]]} + + + Цей шаблон додасть ідентифікатор ключа призначення сертифіката. Типово, його +буде надруковано як шістнадцяткове число літерами нижнього регістру. + + + Виведені шістнадцяткові дані може бути показано за допомогою літер верхнього +регістру («!hex_u»), із двокрапкою, що відокремлює шістнадцяткові байти +(«!hex_c»), або із шістнадцятковими байтами у зворотному порядку +(«!hex_r»). Літер постфікса може бути поєднано, отже, наприклад, «!hex_uc» +призведе до виведення відокремленого двокрапками шістнадцяткового рядка із +літер верхнього регістру. + + + Приклад: LDAPU1:(ski={ідентифікатор_ключа_призначення}) + + + + + + {cert[!DIGEST[_ucr]]} + + + Цей шаблон додає шістнадцяткову контрольну суму або хеш до +сертифіката. Запис DIGEST має бути замінено назвою функції контрольної суми +або хешу, підтримку яких передбачено у OpenSSL, наприклад «sha512». + + + Виведені шістнадцяткові дані може бути показано за допомогою літер верхнього +регістру («!sha512_u»), із двокрапкою, що відокремлює шістнадцяткові байти +(«!sha512_c»), або із шістнадцятковими байтами у зворотному порядку +(«!sha512_r») Літер постфікса може бути поєднано, отже, наприклад, +«!sha512_uc» призведе до виведення відокремленого двокрапками +шістнадцяткового рядка із літер верхнього регістру. + + + Приклад: LDAPU1:(dgst={cert!sha256}) + + + + + + {subject_dn_component[(.назва_атрибуту|[число]]} + + + Цей шаблон додасть значення атрибуту компонента DN призначення. Типовим +значенням є найспецифічніший компонент. + + + Можна вибрати інший компонент або за назвою атрибуту, наприклад, +{subject_dn_component.uid}, або за позицією, наприклад, +{subject_dn_component.[2]}, де додатні числа означають відлік від найбільш +специфічного компонента, а від'ємні числа — відлік від найменш специфічного +компонента. Назву атрибуту та позицію можна поєднувати. Приклад: +{subject_dn_component.uid[2]}, тобто назвою другого компонента має бути +«uid». + + + Приклад: LDAPU1:(uid={subject_dn_component.uid}) + + + + + + {issuer_dn_component[(.назва_атрибуту|[число]]} + + + Цей шаблон додасть значення атрибуту компонента DN видавця. Типовим +значенням є найспецифічніший компонент. + + + Див. «subject_dn_component», щоб дізнатися більше про назви атрибутів та +специфікатори позиції. + + + Приклад: +LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component.dc[-1]}) + + + + + {sid[.rid]} + + + Цей шаблон додасть SID, якщо відповідне розширення впроваджено Microsoft із +доступним OID 1.3.6.1.4.1.311.25.2. Якщо вказано «.rid», буде додано лише +останній компонент, тобто RID. + + + Приклад: LDAPU1:(objectsid={sid}) + + + + + + + + + СПИСОК ДОМЕНІВ + + Якщо список доменів не є порожнім, записи користувачів, прив'язані до +заданого сертифіката, шукаються не лише у локальному домені, а і у доменах +зі списку, якщо вони відомі SSSD. Домени, які не відомі SSSD, буде +проігноровано. + + + + + diff --git a/src/man/uk/sss_cache.8.xml b/src/man/uk/sss_cache.8.xml new file mode 100644 index 0000000..31d7fbf --- /dev/null +++ b/src/man/uk/sss_cache.8.xml @@ -0,0 +1,269 @@ + + + +Сторінки підручника SSSD + + + + + sss_cache + 8 + + + + sss_cache + виконати спорожнення кешу + + + + +sss_cache +параметри + + + + ОПИС + + sss_cache скасовує визначення записів у кеші SSSD. Дані +записів зі скасованими визначеннями буде перезавантажено з сервера у +примусовому порядку, щойно відповідний модуль SSSD отримає до них +доступ. Параметри, які скасовують визначення окремого об'єкта приймають лише +один аргумент. + + + + + ПАРАМЕТРИ + + + + , + + + + Скасувати чинність усіх кешованих записів. + + + + + + , реєстраційні +дані + + + + Скасувати визначення вказаного користувача. + + + + + + , + + + + Скасувати визначення всіх записів. Цей параметр має вищий пріоритет за +параметр скасування визначення для будь-якого користувача, якщо такий +параметр вказано. + + + + + + , +група + + + + Скасувати визначення вказаної групи. + + + + + + , + + + + Скасувати визначення записів для всіх груп. Цей параметр має вищий пріоритет +за параметр скасування визначення для будь-якої групи, якщо такий параметр +вказано. + + + + + + , мережева +група + + + + Скасувати визначення вказаної мережевої групи. + + + + + + , + + + + Скасувати визначення всіх записів мережевих груп. Цей параметр має вищий +пріоритет за параметр скасування визначення для будь-якої мережевої групи, +якщо такий параметр вказано. + + + + + + , +служба + + + + Скасувати визначення вказаної служби. + + + + + + , + + + + Скасувати визначення всіх записів служб. Цей параметр має вищий пріоритет за +параметр скасування визначення для будь-якої служби, якщо такий параметр +вказано. + + + + + + , карта +autofs + + + + Скасувати визначення певної карти autofs. + + + + + + , + + + + Скасувати визначення всіх записів карт autofs. Цей параметр має вищий +пріоритет за параметр скасування визначення для будь-якої карти, якщо такий +параметр вказано. + + + + + + , назва +вузла + + + + Скасувати чинність відкритих ключів SSH певного вузла. + + + + + + , + + + + Скасувати чинність усіх відкритих ключів SSH усіх вузлів. Цей параметр +перевизначає скасовування чинності ключів SSH певних вузлів, якщо для них +було використано таке скасовування. + + + + + + , +правило + + + + Скасувати чинність певного правила sudo. + + + + + + , + + + + Скасувати визначення усіх кешованих правил sudo. Цей параметр має вищий +пріоритет за параметр скасування визначення для будь-якого правила sudo, +якщо такий параметр вказано. + + + + + + , +домен + + + + Обмежити процедуру скасування визначення лише певним доменом. + + + + + + + + + ВПЛИВ НА ШВИДКИЙ КЕШ У ПАМ'ЯТІ + + Крім того, sss_cache вимикає кеш у пам'яті. Оскільки кеш +у пам'яті є файлом, копію якого програма створює у пам'яті кожного процесу, +який викликає SSSD для визначення користувачів або груп, файл не може бути +обрізано. У заголовку файла встановлюють спеціальний прапорець для +позначення некоректності вмісту, а потім файл від'єднується відповідачем NSS +SSSD і створюється новий файл кешу. Після цього, кожного разу, коли процес +виконує новий пошук користувача або групи, він бачить цей прапорець, +закриває старий файл кешу у пам'яті і відтворює новий файл у своїй +пам'яті. Коли усі процеси, які відкривали старий файл кешу у пам'яті, +закриють його під час пошуку користувача або групи, ядро може звільнити +зайняте ним місце на диску і нарешті повністю вилучити застарілий файл кешу +у пам'яті. + + + Особливим випадком є процеси довготривалої дії, які виконують пошук +користувачів або груп лише під час запуску, наприклад, щоб визначити назву +облікового запису користувача, від імені якого запущено процес. Для таких +пошуків файл кешу у пам'яті відображається до пам'яті процесу. Але оскільки +подальших пошуків виконано не буде, цей процес ніколи не зможе визначити +втрату чинності файлом кешу у пам'яті, а отже, файл лишатиметься у пам'яті і +займатиме місце на диску аж до завершення процесом роботи. У результаті +виклик sss_cache може збільшити обсяг використаного +програмою місця на диску, оскільки вилучення застарілих файлів кешу у +пам'яті виявиться неможливим, оскільки їх буде пов'язано із процесами +довготривалої дії. + + + Можливим обхідним маневром у випадках процесів довготривалої дії, які +виконують пошук користувачів та груп лише під час запуску або дуже нечасто, +є запуск процесів із встановленим для змінної середовища +SSS_NSS_USE_MEMCACHE значенням «NO», щоб вони взагалі не використовували кеш +у пам'яті або не відображали файл кешу до своєї пам'яті. Загалом, кращим +варіантом є коригування параметрів часу очікування кешування так, щоб вони +відповідали конкретному випадку. Тоді виклик sss_cache +стане непотрібним. + + + + + + + diff --git a/src/man/uk/sss_debuglevel.8.xml b/src/man/uk/sss_debuglevel.8.xml new file mode 100644 index 0000000..b7b4df8 --- /dev/null +++ b/src/man/uk/sss_debuglevel.8.xml @@ -0,0 +1,39 @@ + + + +Сторінки підручника SSSD + + + + + sss_debuglevel + 8 + + + + sss_debuglevel + [ЗАСТАРІЛИЙ] змінити рівень діагностики протягом сеансу роботи з SSSD + + + + +sss_debuglevel +options НОВИЙ_РІВЕНЬ_ДІАГНОСТИКИ + + + + ОПИС + + sss_debuglevel вважається застарілим, його замінено +командою debug-level sssctl. Будь ласка, зверніться до сторінки підручника +щодо sssctl, щоб дізнатися більше про використання +sssctl. + + + + + + + diff --git a/src/man/uk/sss_obfuscate.8.xml b/src/man/uk/sss_obfuscate.8.xml new file mode 100644 index 0000000..8686367 --- /dev/null +++ b/src/man/uk/sss_obfuscate.8.xml @@ -0,0 +1,98 @@ + + + +Сторінки підручника SSSD + + + + + sss_obfuscate + 8 + + + + sss_obfuscate + заплутування пароля у форматі звичайного тексту + + + + +sss_obfuscate +параметри [ПАРОЛЬ] + + + + ОПИС + + sss_obfuscate перетворює вказаний пароль на пароль у +форматі зручному для читання і розташовує його у розділі відповідного домену +файла налаштувань SSSD. + + + Пароль у форматі звичайного тексту буде прочитано зі стандартного джерела +вхідних даних або введено інтерактивно. Заплутану версію пароля буде +збережено у параметрі з назвою «ldap_default_authtok» вказаного домену SSSD, +параметру «ldap_default_authtok_type» буде надано значення +«obfuscated_password». Докладніший опис цих параметрів можна знайти на +сторінці підручника (man) +sssd-ldap 5 +. + + + Будь ласка, зауважте, що заплутування паролів не є справжнім +захистом, оскільки зловмисник може визначити алгоритм +заплутування за кодом програми. Наполегливо радимо вам +скористатися кращими механізмами захисту даних розпізнавання, зокрема +клієнтськими сертифікатами або GSSAPI. + + + + + ПАРАМЕТРИ + + + + + , + + + + Пароль для заплутування буде прочитано зі стандартного джерела вхідних +даних. + + + + + + , +ДОМЕН + + + + Домен SSSD, для якого буде використано пароль. Типовою назвою є +default. + + + + + + , ФАЙЛ + + + + Прочитати дані з файла налаштувань, вказаного позиційним параметром. + + + Типове значення: /etc/sssd/sssd.conf + + + + + + + + + + diff --git a/src/man/uk/sss_override.8.xml b/src/man/uk/sss_override.8.xml new file mode 100644 index 0000000..cb015f6 --- /dev/null +++ b/src/man/uk/sss_override.8.xml @@ -0,0 +1,266 @@ + + + +Сторінки підручника SSSD + + + + + sss_override + 8 + + + + sss_override + створити локальні перевизначення атрибутів користувача і групи + + + + +sss_override КОМАНДА +параметри + + + + ОПИС + + sss_override надає змогу створювати перегляди на боці +клієнта і змінювати вибрані значення для певного користувача і груп. Ці +зміни буде застосовано лише на локальному комп'ютері. + + + Дані перевизначень зберігаються у кеші SSSD. Якщо кеш вилучено, усі локальні +перевизначення буде втрачено. Будь ласка, зауважте, що після першого +створення перевизначення за допомогою команди user-add, +group-add, user-import або +group-import SSSD слід перезапустити, щоб зміни набули +чинності. Якщо потрібен перезапуск, sss_override виведе +відповідне повідомлення. + + + Зауваження: параметри, які описано на цій сторінці +підручника працюють лише для значень ldap і AD +параметра id_provider. Перевизначеннями IPA можна керувати +централізовано на сервері IPA. + + + + + ДОСТУПНІ КОМАНДИ + + Аргумент НАЗВА в усіх командах є назвою початкового +об'єкта. Не можна перевизначити uid або +gid на 0. + + + + + НАЗВА + НАЗВА + UID + GID + ДОМІВКА + ОБОЛОНКА + GECOS + СЕРТИФІКАТ У КОДУВАННІ +BASE64 + + + + Перевизначити атрибути запису користувача. Будь ласка, зверніть увагу, що +виклик цієї команди замінить усі попередні перевизначення для вказаного за +назвою облікового запису користувача. + + + + + + НАЗВА + + + + Вилучити перевизначення користувача. Втім, слід мати на увазі, що +перевизначені атрибути може бути повернено з кешу у пам'яті. Будь ласка, +ознайомтеся із документацією до параметра SSSD +memcache_timeout, щоб дізнатися більше. + + + + + + +ДОМЕН + + + + Вивести список усіх користувачів, для яких встановлено перевизначення. Якщо +встановлено параметр ДОМЕН, буде показано лише +користувачів з відповідного домену. + + + + + + НАЗВА + + + + Показати перевизначення користувача. + + + + + + ФАЙЛ + + + + Імпортувати перевизначення користувачів з файла +ФАЙЛ. Формат даних у файлі має бути таким самим, як у +стандартному файлі passwd. Приклад: + + + початкова_назва:назва:uid:gid:gecos:домівка:оболонка:сертифікат_у_кодуванні_base64 + + + де «початкова_назва» — початкова назва запису користувача, чиї атрибути має +бути перевизначено. Решта полів відповідає новим значенням. Ви можете +пропустити значення, не заповнюючи відповідного поля. + + + Приклади: + + + ckent:superman:::::: + + + ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash: + + + + + + ФАЙЛ + + + + Експортувати усі перевизначені атрибути і зберегти їх у файлі +ФАЙЛ. Див. user-import, щоб +дізнатися більше про формат даних. + + + + + + НАЗВА + НАЗВА + GID + + + + Перевизначити атрибути запису групи. Будь ласка, зверніть увагу, що виклик +цієї команди замінить усі попередні перевизначення для вказаної за назвою +групи. + + + + + + НАЗВА + + + + Вилучити перевизначення групи. Втім, слід мати на увазі, що перевизначені +атрибути може бути повернено з кешу у пам'яті. Будь ласка, ознайомтеся із +документацією до параметра SSSD memcache_timeout, щоб +дізнатися більше. + + + + + + +ДОМЕН + + + + Вивести список усіх груп, для яких встановлено перевизначення. Якщо +встановлено параметр ДОМЕН, буде показано лише групи з +відповідного домену. + + + + + + НАЗВА + + + + Показати перевизначення групи. + + + + + + ФАЙЛ + + + + Імпортувати перевизначення груп з файла ФАЙЛ. Формат +даних у файлі має бути таким самим, як у стандартному файлі group. Приклад: + + + початкова_назва:назва:gid + + + де «початкова_назва» — початкова назва групи, чиї атрибути має бути +перевизначено. Решта полів відповідає новим значенням. Ви можете пропустити +значення, не заповнюючи відповідного поля. + + + Приклади: + + + admins:administrators: + + + Domain Users:Users:501 + + + + + + ФАЙЛ + + + + Експортувати усі перевизначені атрибути і зберегти їх у файлі +ФАЙЛ. Див. group-import, щоб +дізнатися більше про формат даних. + + + + + + + + ЗАГАЛЬНІ ПАРАМЕТРИ + + Ці параметри можна використовувати з усіма командами. + + + + + РІВЕНЬ + + + + + + + + + + diff --git a/src/man/uk/sss_rpcidmapd.5.xml b/src/man/uk/sss_rpcidmapd.5.xml new file mode 100644 index 0000000..9ca9b7b --- /dev/null +++ b/src/man/uk/sss_rpcidmapd.5.xml @@ -0,0 +1,110 @@ + + + +Сторінки підручника SSSD + + +sss rpc.idmapd plugin +Noam Meltzer +Primary Data Inc. Розробник +(2013-2014) Noam +Meltzer Розробник (2014-) +tsnoam@gmail.com + + + sss_rpcidmapd + 5 + Формати файлів та правила + + + + sss_rpcidmapd + Директиви налаштовування додатка sss для rpc.idmapd + + + + ФАЙЛ НАЛАШТУВАНЬ + + Файл налаштувань rpc.idmapd зазвичай зберігається тут: +/etc/idmapd.conf. Див. підручник з +idmapd.conf 5 +, щоб дізнатися більше. + + + + + РОЗШИРЕННЯ НАЛАШТОВУВАННЯ SSS + + Вмикання додатка SSS + + У розділі «[Translation]» змініть або додайте атрибут «Method» із вмістом +sss. + + + + Розділ налаштовування [sss] + + Якщо вам потрібно змінити типове значення одного з атрибутів налаштувань, +перелічених нижче, додатка sss, вам слід створити +розділ налаштувань для нього з назвою «[sss]». + + + Атрибути налаштувань + + memcache (булеве значення) + + + Визначає, чи слід використовувати методику оптимізації кешу у пам’яті. + + + Типове значення: True + + + + + + + + + ІНТЕГРАЦІЯ З SSSD + + Додаток sss потребує вмикання Відповідача NSS у sssd. + + + Атрибут «use_fully_qualified_names» має бути увімкнено для усіх доменів +(клієнти NFSv4 очікують на те, що надсилається назва повністю). + + + + + ПРИКЛАД + + У наведеному нижче прикладі показано мінімальний вигляд idmapd.conf, де +використовується додаток sss. +[General] +Verbosity = 2 +# домен має бути синхронізовано між сервером NFSv4 та клієнтами +# У Solaris/Illumos/AIX типово використовується "локальний домен"! +Domain = default + +[Mapping] +Nobody-User = nfsnobody +Nobody-Group = nfsnobody + +[Translation] +Method = sss + + + + + + ТАКОЖ ПЕРЕГЛЯНЬТЕ + + sssd8 +, idmapd.conf +5 + + + + diff --git a/src/man/uk/sss_seed.8.xml b/src/man/uk/sss_seed.8.xml new file mode 100644 index 0000000..d45a440 --- /dev/null +++ b/src/man/uk/sss_seed.8.xml @@ -0,0 +1,168 @@ + + + +Сторінки підручника SSSD + + + + + sss_seed + 8 + + + + sss_seed + надсилає дані кешу SSSD щодо користувача + + + + +sss_seed +параметри -D +ДОМЕН -n +КОРИСТУВАЧ + + + + ОПИС + + sss_seed розповсюджує кеш SSSD з записом користувача і +тимчасовим паролем. Якщо запис користувача вже є у кеші SSSD, запис буде +оновлено зі встановленням тимчасового пароля. + + + + + + + ПАРАМЕТРИ + + + + , +ДОМЕН + + + + Визначає назву домену, учасником якого є користувач. Домен використовується +для отримання даних щодо користувачів. Домен має бути налаштовано у +sssd.conf. Має бути надано аргумент ДОМЕН. Дані, +отримані з домену, матимуть вищий пріоритет за дані, вказані за допомогою +параметрів. + + + + + + , +КОРИСТУВАЧ + + + + Ім’я користувача, запис якого слід створити або змінити у кеші. Має бути +вказано аргумент КОРИСТУВАЧ. + + + + + + , ідентифікатор +користувача + + + + Встановити UID користувача у значення UID. + + + + + + , GID + + + + Встановити GID користувача у значення GID. + + + + + + , +КОМЕНТАР + + + + Будь-який рядок тексту, що описує користувача. Часто використовується для +зберігання паспортного імені користувача. + + + + + + , +ДОМАШНІЙ_КАТАЛОГ + + + + Встановити домашній каталог користувача у значення +ДОМАШНІЙ_КАТАЛОГ. + + + + + + , +ОБОЛОНКА + + + + Встановити оболонку реєстрації користувача у значення +ОБОЛОНКА. + + + + + + , + + + + Інтерактивний режим для введення даних користувача. У разі використання +цього параметра програма надсилатиме запит лише щодо даних, які не було +отримано з параметрів команди або домену. + + + + + + , +ФАЙЛ_ПАРОЛІВ + + + + Вказати файл, звідки слід читати дані щодо паролів користувачів. Якщо пароль +не буде знайдено, програма надішле запит на його введення. + + + + + + + + + ЗАУВАЖЕННЯ + + Довжина пароля (або розмір файла, визначеного за допомогою параметра -p або +--password-file) має бути меншою або рівною PASS_MAX байтів (64 байти у +системах без визначеного на загальному рівні значення PASS_MAX). + + + + + + + + + + diff --git a/src/man/uk/sss_ssh_authorizedkeys.1.xml b/src/man/uk/sss_ssh_authorizedkeys.1.xml new file mode 100644 index 0000000..93529f1 --- /dev/null +++ b/src/man/uk/sss_ssh_authorizedkeys.1.xml @@ -0,0 +1,145 @@ + + + +Сторінки підручника SSSD + + + + + sss_ssh_authorizedkeys + 1 + + + + sss_ssh_authorizedkeys + отримати уповноважені ключі OpenSSH + + + + +sss_ssh_authorizedkeys +параметри КОРИСТУВАЧ + + + + ОПИС + + sss_ssh_authorizedkeys отримує відкриті ключі SSH для +користувача КОРИСТУВАЧ і виводить їх у форматі +authorized_keys OpenSSH (щоб дізнатися більше, див. розділ ФОРМАТ +ФАЙЛІВ AUTHORIZED_KEYS на сторінці підручника (man) з +sshd +8). + + + sshd +8 можна налаштувати на використання +sss_ssh_authorizedkeys для розпізнавання користувачів за +відкритими ключами, якщо програму зібрано із підтримкою параметра +AuthorizedKeysCommand. Будь ласка, зверніться до сторінки +підручника sshd_config +5, щоб дізнатися більше про цей +параметр. + + + Якщо передбачено підтримку AuthorizedKeysCommand, +sshd +8 можна налаштувати на використання +ключів за допомогою таких інструкцій у +sshd_config +5: + AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys + AuthorizedKeysCommandUser nobody + + + + + КЛЮЧІ З СЕРТИФІКАТІВ + + Окрім відкрити ключів SSH для користувача +КОРИСТУВАЧ, +sss_ssh_authorizedkeys може повертати ключі SSH, які +походять від відкритого ключа сертифіката X.509. + + + Щоб уможливити це, слід встановити для параметра +ssh_use_certificate_keys значення true (типове значення) у +розділі [ssh] файла sssd.conf. Якщо запис користувача +містить сертифікати (див ldap_user_certificate на сторінці +sssd-ldap +5, щоб дізнатися більше) або існує +сертифікат у записі перевизначення для користувача +(див. sss_override +8 або +sssd-ipa +5, щоб дізнатися більше), а сертифікат +є чинним, SSSD видобуде відкритий ключі з сертифіката і перетворить його до +формату, який може використовувати sshd. + + + Окрім ssh_use_certificate_keys, може бути використано +параметри + + ca_db + p11_child_timeout + certificate_verification + + для керування способом встановлення чинності сертифікатів (докладніше +див. sssd.conf +5). + + + Перевірка чинності є перевагою використання сертифікатів X.509 замість +ключів SSH безпосередньо, оскільки, наприклад, це поліпшує можливості +керування часом придатності ключів. Якщо клієнт ssh налаштовано не +використання закритих ключів з смарткартки за допомогою бібліотеки PKCS#11 +спільного використання +(див. ssh +1, щоб дізнатися більше), може +дратувати те, що розпізнавання залишається працездатним, навіть якщо +пов'язаний із ним сертифікат X.509 на смарткартці вже втратив чинність, +оскільки ні ssh, ні sshd не братимуть +сертифікат до уваги взагалі. + + + Слід зауважити, що похідний відкритий ключ SSH все одно можна додати до +файла authorized_keys користувача, щоб обійти перевірку +чинності сертифіката, якщо налаштування sshd надають +змогу це робити. + + + + + + ПАРАМЕТРИ + + + + , +ДОМЕН + + + + Шукати відкриті ключі користувачів у домені SSSD +ДОМЕН. + + + + + + + + + СТАН ВИХОДУ + + У випадку успіху значення стану виходу дорівнює 0. У всіх інших випадках +програма повертає 1. + + + + + + + diff --git a/src/man/uk/sss_ssh_knownhostsproxy.1.xml b/src/man/uk/sss_ssh_knownhostsproxy.1.xml new file mode 100644 index 0000000..d3365ed --- /dev/null +++ b/src/man/uk/sss_ssh_knownhostsproxy.1.xml @@ -0,0 +1,107 @@ + + + +Сторінки підручника SSSD + + + + + sss_ssh_knownhostsproxy + 1 + + + + sss_ssh_knownhostsproxy + отримати ключі вузла OpenSSH + + + + +sss_ssh_knownhostsproxy +параметри ВУЗОЛ КОМАНДА_ПРОКСІ + + + + ОПИС + + sss_ssh_knownhostsproxy отримує відкриті ключі вузла SSH +для вузла ВУЗОЛ, зберігає їх до нетипового файла +OpenSSH known_hosts (щоб дізнатися більше, ознайомтеся з розділом +ФОРМАТ ФАЙЛІВ SSH_KNOWN_HOSTS сторінки підручника (man) +sshd +8) за адресою +/var/lib/sss/pubconf/known_hosts і встановлює з’єднання +з вузлом. + + + Якщо вказано параметр КОМАНДА_ПРОКСІ, замість +відкриття сокета для створення з’єднання буде використано відповідну +команду. + + + ssh +1 можна налаштувати на використання +sss_ssh_knownhostsproxy для розпізнавання вузлів за +ключами за допомогою таких інструкцій у налаштуваннях +ssh +1: +ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h +GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts + + + + + + ПАРАМЕТРИ + + + + , ПОРТ + + + + Використовувати для встановлення з’єднання з вузлом порт +ПОРТ. Типовим портом є порт 22. + + + + + + , +ДОМЕН + + + + Шукати відкриті ключі вузлів у домені SSSD ДОМЕН. + + + + + + , + + + + Вивести відкриті ключі SSH для вузла HOST. + + + + + + + + + СТАН ВИХОДУ + + У випадку успіху значення стану виходу дорівнює 0. У всіх інших випадках +програма повертає 1. + + + + + + + diff --git a/src/man/uk/sssctl.8.xml b/src/man/uk/sssctl.8.xml new file mode 100644 index 0000000..745197b --- /dev/null +++ b/src/man/uk/sssctl.8.xml @@ -0,0 +1,65 @@ + + + +Сторінки підручника SSSD + + + + + sssctl + 8 + + + + sssctl + Засіб керування і визначення стану SSSD + + + + +sssctl КОМАНДА +параметри + + + + ОПИС + + sssctl є простим і уніфікованим засобом отримання даних +щодо стану SSSD, зокрема активного сервера, серверів автоматичного +визначення, доменів і кешованих об'єктів. Крім того, програма здатна +керувати файлами даних SSSD для усування вад у такий спосіб, щоб з ними +можна було безпечно працювати, доки працює SSSD. + + + + + ДОСТУПНІ КОМАНДИ + + Щоб ознайомитися зі списком усіх доступних команд, віддайте команду +sssctl без параметрів. Щоб програма вивела довідкове +повідомлення щодо певної команди, віддайте команду sssctl КОМАНДА +--help. + + + + + ЗАГАЛЬНІ ПАРАМЕТРИ + + Ці параметри можна використовувати з усіма командами. + + + + + РІВЕНЬ + + + + + + + + + + diff --git a/src/man/uk/sssd-ad.5.xml b/src/man/uk/sssd-ad.5.xml new file mode 100644 index 0000000..cbf0ba3 --- /dev/null +++ b/src/man/uk/sssd-ad.5.xml @@ -0,0 +1,1320 @@ + + + +Сторінки підручника SSSD + + + + + sssd-ad + 5 + Формати файлів та правила + + + + sssd-ad + Модуль надання даних Active Directory SSSD + + + + ОПИС + + На цій сторінці довідника описано налаштування засобу керування доступом AD +для sssd +8 . Щоб дізнатися більше про синтаксис +налаштування, зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника + sssd.conf +5 . + + + Засіб надання даних AD є модулем, який використовується для встановлення +з'єднання із сервером Active Directory. Для роботи цього засобу надання +даних потрібно, щоб комп'ютер було долучено до домену AD і щоб було +доступним сховище ключів. Обмін даними із модулем відбувається за допомогою +каналу із шифруванням GSSAPI. Із засобом надання даних AD не слід +використовувати параметри SSL/TLS, оскільки їх перекриває використання +Kerberos. + + + У засобі надання даних AD передбачено підтримку встановлення з’єднання з +Active Directory 2008 R2 або пізнішою версією. Робота з попередніми версіями +можлива, але не підтримується. + + + Засобом надання даних AD можна скористатися для отримання даних щодо +користувачів і розпізнавання користувачів за допомогою довірених доменів. У +поточній версії передбачено підтримку використання лише довірених доменів з +того самого лісу. Крім того автоматично визначаються сервери із довірених +доменів. + + + Засіб надання даних AD уможливлює для SSSD використання засобу надання даних +профілів sssd-ldap +5 та засобу надання даних +розпізнавання sssd-krb5 +5 з оптимізацією для середовищ Active +Directory. Засіб надання даних AD приймає ті самі параметри, які +використовуються засобами надання даних sssd-ldap та sssd-krb5, із деякими +виключеннями. Втім, встановлювати ці параметри не обов'язково і не +рекомендовано. + + + Засіб надання даних AD в основному копіює типові параметри традиційних +засобів надання даних ldap і krb5 із деякими виключенням. Відмінності +наведено у розділі ЗМІНЕНІ ТИПОВІ ПАРАМЕТРИ. + + + Інструментом надання даних AD також можна скористатися для доступу, зміни +паролів запуску від імені користувача (sudo) та використання autofs. У +налаштовуванні керування доступом на боці клієнта немає потреби. + + + Якщо у sssdconf вказано auth_provider=ad або +access_provider=ad, для id_provider також має бути вказано +ad. + + + Типово, модуль надання даних AD виконуватиме прив’язку до значень UID та GID +з параметра objectSID у Active Directory. Докладніший опис наведено у +розділі «ВСТАНОВЛЕННЯ ВІДПОВІДНОСТІ ІДЕНТИФІКАТОРІВ». Якщо вам потрібно +вимкнути встановлення відповідності ідентифікаторів і покладатися на +атрибути POSIX, визначені у Active Directory, вам слід встановити + +ldap_id_mapping = False + Якщо має бути використано +атрибути POSIX, рекомендуємо з міркувань швидкодії виконувати також +реплікацію атрибутів до загального каталогу. Якщо виконується реплікація +атрибутів POSIX, SSSD намагатиметься знайти домен числового ідентифікатора +із запиту за допомогою загального каталогу і шукатиме лише цей домен. І +навпаки, якщо реплікація атрибутів POSIX до загального каталогу не +відбувається, SSSD доводиться шукати на усіх доменах у лісі послідовно. Будь +ласка, зауважте, що для пришвидшення пошуку без доменів також може бути +корисним використання параметра cache_first. Зауважте, що +якщо у загальному каталозі є лише підмножина атрибутів POSIX, у поточній +версії невідтворювані атрибути з порту LDAP не читатимуться. + + + Дані щодо користувачів, груп та інших записів, які обслуговуються SSSD, у +модулі надання даних AD завжди обробляються із врахуванням регістру символів +для забезпечення сумісності з реалізацією Active Directory у LDAP. + + + SSSD може встановлювати відповідність лише груп захисту Active +Directory. Щоб дізнатися більше про типи груп AD, ознайомтеся із +підручником з груп захисту Active Directory + + + SSSD відфільтровуватиме локальні для домену групи від віддалених доменів у +лісі AD. Типово, групи буде відфільтровано, наприклад при слідуванні за +вкладеною ієрархією груп у віддалених доменах, оскільки вони не є чинними у +локальних доменах. Так зроблено для забезпечення узгодженості з призначенням +груп і участі у них Active Directory, яку можна переглянути у PAC квитка +Kerberos користувача, який видано Active Directory. + + + + + ПАРАМЕТРИ НАЛАШТУВАННЯ + Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки довідника (man) + sssd.conf +5 , щоб дізнатися більше про +налаштування домену SSSD. + + ad_domain (рядок) + + + Визначає назву домену Active Directory. Є необов’язковим. Якщо не вказано, +буде використано назву домену з налаштувань. + + + Для забезпечення належної роботи цей параметр слід вказати у форматі запису +малими літерами повної версії назви домену Active Directory. + + + Скорочена назва домену (також відома як назва NetBIOS або проста назва) +автоматично визначається засобами SSSD. + + + + + + ad_enabled_domains (рядок) + + + A comma-separated list of enabled Active Directory domains. If provided, +SSSD will ignore any domains not listed in this option. If left unset, all +discovered domains from the AD forest will be available. + + + During the discovery of the domains SSSD will filter out some domains where +flags or attributes indicate that they do not belong to the local forest or +are not trusted. If ad_enabled_domains is set, SSSD will try to enable all +listed domains. + + + Для належного функціонування значення цього параметра має бути вказано +малими літерами у форматі повної назви домену Active Directory. Приклад: + +ad_enabled_domains = sales.example.com, eng.example.com + + + + Скорочена назва домену (також відома як назва NetBIOS або проста назва) +автоматично визначається засобами SSSD. + + + Типове значення: не встановлено + + + + + + ad_server, ad_backup_server (рядок) + + + Список назв тих вузлів серверів AD, відокремлених комами, з якими SSSD має +встановлювати з'єднання у порядку пріоритетності. Щоб дізнатися більше про +резервне використання серверів, ознайомтеся із розділом +РЕЗЕРВ. + + + Цей список є необов’язковим, якщо увімкнено автоматичне виявлення +служб. Докладніші відомості щодо автоматичного виявлення служб наведено у +розділі «ПОШУК СЛУЖБ». + + + Зауваження: довірені домени завжди автоматично визначають сервери, навіть +якщо основний сервер явним чином визначено у параметрі ad_server. + + + + + + ad_hostname (рядок) + + + Є необов'язковим. У системах, де hostname(5) не видає повноцінної назви, +sssd намагається розгорнути скорчену назву. Якщо це не вдасться зробити або +слід насправді використовувати скорочену назву, встановіть значення +параметра явним чином. + + + Це поле використовується для визначення використаного реєстраційного запису +вузла у таблиці ключів та виконання динамічних оновлень DNS. Його вміст має +збігатися із назвою вузла, для якого випущено таблицю ключів. + + + + + + ad_enable_dns_sites (булеве значення) + + + Вмикає сайти DNS — визначення служб на основі адрес. + + + Якщо вказано значення true і увімкнено визначення служб (див. розділ щодо +пошуку служб у нижній частині сторінки підручника (man)), SSSD спочатку +спробує визначити сервер Active Directory для встановлення з’єднання на +основі використання визначення сайтів Active Directory і повертається до +визначення за записами SRV DNS, якщо сайт AD не буде знайдено. Налаштування +SRV DNS, зокрема домен пошуку, використовуються також під час визначення +сайтів. + + + Типове значення: true + + + + + + ad_access_filter (рядок) + + + Цей параметр визначає фільтр керування доступом LDAP, якому має відповідати +запис користувача для того, щоб йому було надано доступ. Будь ласка, +зауважте, що слід явним чином встановити для параметра «access_provider» +значення «ad», щоб цей параметр почав діяти. + + + У параметрі також передбачено підтримку визначення різних фільтрів для +окремих доменів або дерев. Цей розширений фільтр повинен мати такий формат: +«КЛЮЧОВЕ СЛОВО:НАЗВА:ФІЛЬТР». Набір підтримуваних ключових слів: «DOM», +«FOREST» або ключове слово слід пропустити. + + + Якщо вказано ключове слово «DOM» або ключового слова не вказано, «НАЗВА» +визначає домен або піддомен, до якого застосовується фільтрування. Якщо +ключовим словом є «FOREST», фільтр застосовується до усіх доменів з лісу, +вказаного значенням «НАЗВА». + + + Декілька фільтрів можна відокремити символом «?», подібно до способу +визначення фільтрів у базах для пошуку. + + + Визначення участі у вкладених групах має відбуватися із використанням +спеціалізованого OID :1.2.840.113556.1.4.1941:, окрім повних +синтаксичних конструкцій DOM:domain.example.org:, щоб засіб обробки не +намагався інтерпретувати символи двокрапки, пов'язані з OID. Якщо ви не +використовуєте цей OID, вкладена участь у групах не +визначатиметься. Ознайомтеся із прикладом використання, який наведено нижче, +і цим посиланням, щоб дізнатися більше про OID: [MS-ADTS] +Правила встановлення відповідності у LDAP + + + Завжди використовується відповідник з найвищим рівнем +відповідності. Наприклад, якщо визначено фільтрування для домену, учасником +якого є користувач, і загальне фільтрування, буде використано фільтрування +для окремого домену. Якщо буде виявлено декілька відповідників з однаковою +специфікацією, використовуватиметься лише перший з них. + + + Приклади: + + +# застосувати фільтрування лише для домену з назвою dom1: +dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com) + +# застосувати фільтрування лише для домену з назвою dom2: +DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com) + +# застосувати фільтрування лише для лісу з назвою EXAMPLE.COM: +FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com) + +# застосувати фільтрування до учасника вкладеної групи у dom1: +DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com) + + + Типове значення: не встановлено + + + + + + ad_site (рядок) + + + Визначає сайт AD, з яким має встановлювати з’єднання клієнт. Якщо не буде +вказано, виконуватиметься спроба автоматичного визначення сайта AD. + + + Типове значення: не встановлено + + + + + + ad_enable_gc (булеве значення) + + + Типово, SSSD для отримання даних користувачів з надійних (довірених) доменів +спочатку встановлює з’єднання із загальним каталогом (Global Catalog). Якщо +ж отримати дані не вдасться, система використовує порт LDAP для отримання +даних щодо участі у групах. Вимикання цього параметра призведе до того, що +SSSD встановлюватиме зв’язок лише з портом LDAP поточного сервера AD. + + + Будь ласка, зауважте, що вимикання підтримки загального каталогу (Global +Catalog) не призведе до вимикання спроб отримати дані користувачів з +надійних (довірених) доменів. Просто SSSD намагатиметься отримати ці ж дані +за допомогою порту LDAP надійних доменів. Втім, загальним каталогом (Global +Catalog) доведеться скористатися для визначення зв’язків даних щодо участі у +групах для різних доменів. + + + Типове значення: true + + + + + + ad_gpo_access_control (рядок) + + + Цей параметр визначає режим роботи для функціональних можливостей керування +доступом на основі GPO: працюватиме система у вимкненому режимі, режимі +примушення чи дозвільному режимі. Будь ласка, зауважте, що для того, щоб цей +параметр запрацював, слід явним чином встановити для параметра +«access_provider» значення «ad». + + + Функціональні можливості з керування доступом на основі GPO використовують +параметри правил GPO для визначення того, може чи не може той чи інший +користувач увійти до системи вузла мережі. Якщо вам потрібна докладніша +інформація щодо підтримуваних параметрів правил, зверніться до параметрів +ad_gpo_map. + + + Будь ласка, зверніть увагу на те, що у поточній версії SSSD не передбачено +підтримки вбудованих груп Active Directory Вбудовані групи до правил +керування доступом на основі GPO (зокрема Administrators із SID +S-1-5-32-544) SSSD просто ігноруватиме. Див. запис системи стеження за +вадами https://pagure.io/SSSD/sssd/issue/5063 . + + + Перед виконанням керування доступом SSSD застосовує захисне фільтрування на +основі правил груп до списку GPO. Для кожного входу користувача до системи +програма перевіряє застосовність GPO, які пов'язано із відповідним +вузлом. Щоб GPO можна було застосувати до користувача, користувач або +принаймні одна з груп, до яких він належить, повинен мати такі права доступу +до GPO: + + + + Read: користувач або одна з його груп повинна мати доступ до читання +властивостей GPO (RIGHT_DS_READ_PROPERTY) + + + + + Apply Group Policy: користувач або принаймні одна з його груп повинна мати +доступ до застосування GPO (RIGHT_DS_CONTROL_ACCESS). + + + + + + Типово, у GPO є група Authenticated Users, для якої встановлено одразу права +доступу Read та Apply Group Policy. Оскільки розпізнавання користувача має +бути успішно завершено до захисного фільтрування GPO і запуску керування +доступом, до облікового запису користувача завжди застосовуються права +доступу групи Authenticated Users щодо GPO. + + + ЗАУВАЖЕННЯ: якщо встановлено режим роботи «примусовий» (enforcing), можлива +ситуація, коли користувачі, які раніше мали доступ до входу, позбудуться +такого доступу (через використання параметрів правил GPO). З метою полегшити +перехід на нову систему для адміністраторів передбачено дозвільний режим +доступу (permissive), за якого правила керування доступом не +встановлюватимуться у примусовому порядку. Програма лише перевірятиме +відповідність цим правилам і виводитиме до системного журналу повідомлення, +якщо доступ було надано усупереч цим правилам. Вивчення журналу надасть +змогу адміністраторам внести відповідні зміни до встановлення примусового +режиму (enforcing). Для запису до журналу даних керування доступом на основі +GPO потрібен рівень діагностики «trace functions» (див. сторінку підручника + sssctl +8 ). + + + У цього параметра є три підтримуваних значення: + + + + disabled: правила керування доступом, засновані на GPO, не обробляються і не +використовуються примусово. + + + + + enforcing: правила керування доступом, засновані на GPO, обробляються і +використовуються примусово. + + + + + permissive: виконати перевірку відповідності правилам керування доступом на +основі GPO, але не наполягати на їхньому виконанні. Якщо правила не +виконуються, вивести до системного журналу повідомлення про те, що +користувачеві було б заборонено доступ, якби використовувався режим +enforcing. + + + + + + Типове значення: permissive + + + Типове значення: enforcing + + + + + + ad_gpo_implicit_deny (булеве значення) + + + Зазвичай, якщо не буде знайдено відповідних GPO, користувачам буде надано +доступ. Якщо для цього параметра встановлено значення True, доступ +користувачам надаватиметься, лише якщо його явним чином дозволено правилом +GPO. Якщо ж такого дозвільного правила не буде виявлено, доступ буде +заборонено. Цим можна скористатися для підвищення рівня захисту, але слід +бути обережним із використанням цього параметра, оскільки за його допомогою +можна заборонити доступ навіть користувачам у вбудованій групі +Administrators, якщо немає правил GPO, якими надається такий доступ. + + + + Типове значення: False + + + + У наведених нижче двох таблицях проілюстровано ситуації, у яких +користувачеві буде дозволено або відмовлено у доступі на основі прав дозволу +або заборони входу, які визначено на боці сервера, і встановленого значення +ad_gpo_implicit_deny. + + + + + + + + + ad_gpo_implicit_deny = False (типове значення) + allow-rulesdeny-rules + результати + + + missingmissing + дозволені усі користувачі + + missingpresent + дозволені лише користувачі, яких немає у deny-rules + presentmissing + дозволені лише користувачі, які є у allow-rules + presentpresent + дозволені лише користувачі, які є в allow-rules і яких немає у deny-rules + + + + + + + + + + ad_gpo_implicit_deny = True + allow-rulesdeny-rules + результати + + + missingmissing + заборонено усіх користувачів + + missingpresent + заборонено усіх користувачів + + presentmissing + дозволені лише користувачі, які є у allow-rules + presentpresent + дозволені лише користувачі, які є в allow-rules і яких немає у deny-rules + + + + + + ad_gpo_ignore_unreadable (булеве значення) + + + Зазвичай, якщо певні контейнери правил групи (об'єкта AD) відповідних +об'єктів правил груп є непридатним до читання з SSSD, доступ користувачам +буде заборонено. За допомогою цього параметра можна проігнорувати контейнери +правил груп та пов'язані із ними правила, якщо їхні атрибути у контейнерах +правил груп є непридатним до читання з SSSD. + + + Типове значення: False + + + + + + + + ad_gpo_cache_timeout (ціле число) + + + Проміжок часу між послідовними пошуками файлів правил GPO щодо сервера +AD. Зміна може зменшити час затримки та навантаження на сервер AD, якщо +протягом короткого періоду часу надходить багато запитів щодо керування +доступом. + + + Типове значення: 5 (секунд) + + + + + + ad_gpo_map_interactive (рядок) + + + Список назв служб PAM, відокремлених комами, для яких оцінки для керування +доступом на основі GPO виконуються на основі параметрів правил +InteractiveLogonRight і DenyInteractiveLogonRight. Виконуватиметься оцінка +лише тих GPO, до яких користувач має права доступу Read і Apply Group Policy +(див. параметр ad_gpo_access_control). Якщо у якомусь із +оброблених GPO міститься параметр заборони інтерактивного входу до системи +для користувача або однієї з його груп, користувачеві буде заборонено +локальний доступ. Якщо для жодного із оброблених GPO немає визначеного права +на інтерактивний вхід до системи, користувачеві буде надано локальний +доступ. Якщо хоча б одному зі оброблених GPO містяться параметри прав на +інтерактивний вхід до системи, користувачеві буде надано лише локальний +доступ, якщо він або принаймні одна з його груп є частиною параметрів +правила. + + + Зауваження: у редакторі керування правилами для груп це значення має назву +«Дозволити локальний вхід» («Allow log on locally») та «Заборонити локальний +вхід» («Deny log on locally»). + + + Можна додати іншу назву служби PAM до типового набору за допомогою +конструкції «+назва_служби» або явним чином вилучити назву служби PAM з +типового набору за допомогою конструкції «-назва_служби». Наприклад, щоб +замінити типову назву служби PAM для цього входу (наприклад, «login») з +нетиповою назвою служби pam (наприклад, «my_pam_service»), вам слід +скористатися такими налаштуваннями: +ad_gpo_map_interactive = +my_pam_service, -login + + + + Типове значення: типовий набір назв служб PAM складається з таких значень: + + + + login + + + + + su + + + + + su-l + + + + + gdm-fingerprint + + + + + gdm-password + + + + + gdm-smartcard + + + + + kdm + + + + + lightdm + + + + + lxdm + + + + + sddm + + + + + unity + + + + + xdm + + + + + + + + + ad_gpo_map_remote_interactive (рядок) + + + Список назв служб PAM, відокремлених комами, для яких оцінки для керування +доступом на основі GPO виконуються на основі параметрів правил +RemoteInteractiveLogonRight і +DenyRemoteInteractiveLogonRight. Виконуватиметься оцінка лише тих GPO, до +яких користувач має права доступу Read і Apply Group Policy (див. параметр +ad_gpo_access_control). Якщо у якомусь із оброблених GPO +міститься параметр заборони віддаленого входу до системи для користувача або +однієї з його груп, користувачеві буде заборонено віддалений інтерактивний +доступ. Якщо для жодного із оброблених GPO немає визначеного права на +віддалений вхід до системи, користувачеві буде надано віддалений +доступ. Якщо хоча б одному зі оброблених GPO містяться параметри прав на +віддалений вхід до системи, користувачеві буде надано лише віддалений +доступ, якщо він або принаймні одна з його груп є частиною параметрів +правила. + + + Зауваження: у редакторі керування правилами щодо груп це значення +називається «Дозволити вхід за допомогою служб віддаленої стільниці» («Allow +log on through Remote Desktop Services») та «Заборонити вхід за допомогою +служб віддаленої стільниці» («Deny log on through Remote Desktop Services»). + + + Можна додати іншу назву служби PAM до типового набору за допомогою +конструкції «+назва_служби» або явним чином вилучити назву служби PAM з +типового набору за допомогою конструкції «-назва_служби». Наприклад, щоб +замінити типову назву служби PAM для цього входу (наприклад, «sshd») з +нетиповою назвою служби pam (наприклад, «my_pam_service»), вам слід +скористатися такими налаштуваннями: +ad_gpo_map_remote_interactive = +my_pam_service, -sshd + + + + Типове значення: типовий набір назв служб PAM складається з таких значень: + + + + sshd + + + + + cockpit + + + + + + + + + ad_gpo_map_network (рядок) + + + Список назв служб PAM, відокремлених комами, для яких оцінки для керування +доступом на основі GPO виконуються на основі параметрів правил +NetworkLogonRight і DenyNetworkLogonRight. Виконуватиметься оцінка лише тих +GPO, до яких користувач має права доступу Read і Apply Group Policy +(див. параметр ad_gpo_access_control). Якщо у якомусь із +оброблених GPO міститься параметр заборони входу до системи за допомогою +мережі для користувача або однієї з його груп, користувачеві буде заборонено +локальний доступ. Якщо для жодного із оброблених GPO немає визначеного права +на вхід до системи за допомогою мережі, користувачеві буде надано доступ до +входу. Якщо хоча б одному зі оброблених GPO містяться параметри прав на вхід +до системи за допомогою мережі, користувачеві буде надано лише доступ до +входу до системи, якщо він або принаймні одна з його груп є частиною +параметрів правила. + + + Зауваження: у редакторі керування правилами щодо груп це значення +називається «Відкрити доступ до цього комп’ютера із мережі» («Access this +computer from the network») і «Заборонити доступ до цього комп’ютера із +мережі» (Deny access to this computer from the network»). + + + Можна додати іншу назву служби PAM до типового набору за допомогою +конструкції «+назва_служби» або явним чином вилучити назву служби PAM з +типового набору за допомогою конструкції «-назва_служби». Наприклад, щоб +замінити типову назву служби PAM для цього входу (наприклад, «ftp») з +нетиповою назвою служби pam (наприклад, «my_pam_service»), вам слід +скористатися такими налаштуваннями: +ad_gpo_map_network = +my_pam_service, -ftp + + + + Типове значення: типовий набір назв служб PAM складається з таких значень: + + + + ftp + + + + + samba + + + + + + + + + ad_gpo_map_batch (рядок) + + + Список назв служб PAM, відокремлених комами, для яких оцінки для керування +доступом на основі GPO виконуються на основі параметрів правил +BatchLogonRight і DenyBatchLogonRight. Виконуватиметься оцінка лише тих GPO, +до яких користувач має права доступу Read і Apply Group Policy +(див. параметр ad_gpo_access_control). Якщо у якомусь із +оброблених GPO міститься параметр заборони пакетного входу до системи для +користувача або однієї з його груп, користувачеві буде заборонено доступ до +пакетного входу до системи. Якщо для жодного із оброблених GPO немає +визначеного права на пакетний вхід до системи, користувачеві буде надано +доступ до входу до системи. Якщо хоча б одному зі оброблених GPO містяться +параметри прав на пакетний вхід до системи, користувачеві буде надано лише +доступ до входу до системи, якщо він або принаймні одна з його груп є +частиною параметрів правила. + + + Зауваження: у редакторі керування правилами щодо груп це значення +називається «Дозволити вхід як пакетне завдання» («Allow log on as a batch +job») і «Заборонити вхід як пакетне завдання» («Deny log on as a batch +job»). + + + Можна додати іншу назву служби PAM до типового набору за допомогою +конструкції «+назва_служби» або явним чином вилучити назву служби PAM з +типового набору за допомогою конструкції «-назва_служби». Наприклад, щоб +замінити типову назву служби PAM для цього входу (наприклад, «crond») з +нетиповою назвою служби pam (наприклад, «my_pam_service»), вам слід +скористатися такими налаштуваннями: +ad_gpo_map_batch = +my_pam_service, -crond + + + Зауваження: назва служби cron у різних дистрибутивах Linux може бути різною. + + Типове значення: типовий набір назв служб PAM складається з таких значень: + + + + crond + + + + + + + + + ad_gpo_map_service (рядок) + + + Список назв служб PAM, відокремлених комами, для яких оцінки для керування +доступом на основі GPO виконуються на основі параметрів правил +ServiceLogonRight і DenyServiceLogonRight. Виконуватиметься оцінка лише тих +GPO, до яких користувач має права доступу Read і Apply Group Policy +(див. параметр ad_gpo_access_control). Якщо у якомусь із +оброблених GPO міститься параметр заборони входу до системи за допомогою +служб для користувача або однієї з його груп, користувачеві буде заборонено +вхід до системи за допомогою служб. Якщо для жодного із оброблених GPO немає +визначеного права на вхід до системи за допомогою служб, користувачеві буде +надано доступ до входу до системи. Якщо хоча б одному зі оброблених GPO +містяться параметри прав на вхід до системи за допомогою служб, +користувачеві буде надано лише доступ до входу до системи, якщо він або +принаймні одна з його груп є частиною параметрів правила. + + + Зауваження: у редакторі керування правилами щодо груп це значення +називається «Дозволити вхід як службу» («Allow log on as a service») і +«Заборонити вхід як службу» («Deny log on as a service»). + + + Можна додати іншу назву служби PAM до типового набору за допомогою +конструкції «+назва_служби». Оскільки типовий набір є порожнім, назви служби +з типового набору назв служб PAM вилучити неможливо. Наприклад, щоб додати +нетипову назву служби PAM (наприклад, «my_pam_service»), вам слід +скористатися такими налаштуваннями: +ad_gpo_map_service = +my_pam_service + + + + Типове значення: not set + + + + + + ad_gpo_map_permit (рядок) + + + Список назв служб PAM, відокремлених комами, яким завжди надається доступ на +основі GPO, незалежно від будь-яких прав входу GPO. + + + Можна додати іншу назву служби PAM до типового набору за допомогою +конструкції «+назва_служби» або явним чином вилучити назву служби PAM з +типового набору за допомогою конструкції «-назва_служби». Наприклад, щоб +замінити типову назву служби PAM для безумовного дозволеного доступу +(наприклад, «sudo») з нетиповою назвою служби pam (наприклад, +«my_pam_service»), вам слід скористатися такими налаштуваннями: +ad_gpo_map_permit = +my_pam_service, -sudo + + + + Типове значення: типовий набір назв служб PAM складається з таких значень: + + + + polkit-1 + + + + + sudo + + + + + sudo-i + + + + + systemd-user + + + + + + + + + ad_gpo_map_deny (рядок) + + + Список назв служб PAM, відокремлених комами, яким завжди заборонено доступ +на основі GPO, незалежно від будь-яких прав входу GPO. + + + Можна додати іншу назву служби PAM до типового набору за допомогою +конструкції «+назва_служби». Оскільки типовий набір є порожнім, назви служби +з типового набору назв служб PAM вилучити неможливо. Наприклад, щоб додати +нетипову назву служби PAM (наприклад, «my_pam_service»), вам слід +скористатися такими налаштуваннями: +ad_gpo_map_deny = +my_pam_service + + + + Типове значення: not set + + + + + + ad_gpo_default_right (рядок) + + + За допомогою цього параметра визначається спосіб керування доступом для назв +служб PAM, які не вказано явним чином у одному з параметрів +ad_gpo_map_*. Цей параметр може бути встановлено у два різних +способи. По-перше, цей параметр можна встановити так, що +використовуватиметься типовий вхід. Наприклад, якщо для цього параметра +встановлено значення «interactive», непов’язані назви служб PAM +оброблятимуться на основі параметрів правил InteractiveLogonRight і +DenyInteractiveLogonRight. Крім того, для цього параметра можна встановити +таке значення, щоб система завжди дозволяла або забороняла доступ для +непов’язаних назв служб PAM. + + + Передбачені значення для цього параметра: + + + + interactive + + + + + remote_interactive + + + + + network + + + + + batch + + + + + service + + + + + permit + + + + + deny + + + + + + Типове значення: deny + + + + + + ad_maximum_machine_account_password_age (ціле число) + + + SSSD перевірятиме раз на день, чи має пароль до облікового запису комп'ютера +вік, який перевищує заданий вік у днях, і намагатиметься оновити +його. Значення 0 вимкне спроби оновлення. + + + Типове значення: 30 днів + + + + + + ad_machine_account_password_renewal_opts (рядок) + + + Цей параметр має використовуватися лише для перевірки завдання із оновлення +облікових записів комп'ютерів. Параметру слід передати цілих числа, +відокремлених двокрапкою («:»). Перше ціле число визначає інтервал у +секундах між послідовними повторними виконаннями завдання з оновлення. Друге +— визначає початковий час очікування на перший запуск завдання. + + + Типове значення: 86400:750 (24 годин і 15 хвилин) + + + + + + ad_update_samba_machine_account_password (булеве значення) + + + Якщо увімкнено, при оновленні SSSD пароля до облікового запису комп'ютера +програма також оновить запис пароля у базі даних Samba. Таким чином буде +забезпечено актуальність копії пароля до облікового запису у Samba, якщо її +налаштовано на використання AD для розпізнавання. + + + Типове значення: false + + + + + + ad_use_ldaps (булеве значення) + + + Типово, у SSSD використовується звичайний порт LDAP 389 і порт Global +Catalog 3628. Якщо для цього параметра встановлено значення True, SSSD +використовуватиме порт LDAPS 636 і порт Global Catalog 3629 із захистом +LDAPS. Оскільки AD забороняє використання декількох шарів шифрування для +одного з'єднання, і нам усе ще потрібне використання SASL/GSSAPI або +SASL/GSS-SPNEGO для розпізнавання, властивість захисту SASL maxssf для таких +з'єднань буде встановлено у значення 0 (нуль). + + + Типове значення: False + + + + + + ad_allow_remote_domain_local_groups (булеве значення) + + + Якщо для цього параметра встановлено значення true, SSSD не +відфільтровуватиме локальні для домену групи від віддалених доменів у лісі +AD. Типово, групи буде відфільтровано, наприклад при слідуванні за вкладеною +ієрархією груп у віддалених доменах, оскільки вони не є чинними у локальних +доменах. Цей параметр було додано для сумісності із іншими рішеннями, які +роблять користувачів і групи AD доступними у клієнті Linux. + + + Будь ласка, зауважте, що встановлення для цього параметра значення +true суперечить призначенню локальної групи домену в Active +Directory, НИМ СЛІД КОРИСТУВАТИСЯ ЛИШЕ ДЛЯ ПОЛЕГШЕННЯ МІГРАЦІЇ З +ІНШИХ РІШЕНЬ. Хоча група існує і користувач може бути учасником +групи, їх призначено для використання лише у визначеному для неї домену, а +не в інших. Оскільки існує лише один тип груп POSIX, єдиним способом досягти +цього з боку Linux є ігнорування цих груп. Зробити це можна також у Active +Directory, як можна бачити у PAC квитка Kerberos для локальної служби, або у +запитах tokenGroups, де також немає віддалених груп локальних доменів. + + + З огляду на наведені вище коментарі, якщо для цього параметра встановлено +значення true, запит tokenGroups має бути вимкнено +встановленням ldap_use_tokengroups у значення +false для отримання узгодженого членства користувачів у +групах. Крім того, пошук у загальному каталозі має бути пропущено +встановленням для параметра ad_enable_gc значення +false. Нарешті, можливо, слід внести зміни до +ldap_group_nesting_level, якщо віддалені локальні групи +домену може бути знайдено лише на глибшому рівні вкладеності. + + + Типове значення: False + + + + + + dyndns_update (булеве значення) + + + Необов’язковий. За допомогою цього параметра можна наказати SSSD автоматично +оновити IP-адресу цього клієнта на сервері DNS Active Directory. Захист +оновлення буде забезпечено за допомогою GSS-TSIG. Як наслідок, +адміністраторові Active Directory достатньо буде дозволити оновлення безпеки +для зони DNS. Для оновлення буде використано IP-адресу з’єднання LDAP AD, +якщо цю адресу не було змінено за допомогою параметра «dyndns_iface». + + + ЗАУВАЖЕННЯ: на застарілих системах (зокрема RHEL 5) для надійної роботи у +цьому режимі типову область дії Kerberos має бути належним чином визначено у +/etc/krb5.conf + + + Типове значення: true + + + + + + dyndns_ttl (ціле число) + + + TTL, до якого буде застосовано клієнтський запис DNS під час його +оновлення. Якщо dyndns_update має значення false, цей параметр буде +проігноровано. Перевизначає TTL на боці сервера, якщо встановлено +адміністратором. + + + Типове значення: 3600 (секунд) + + + + + + dyndns_iface (рядок) + + + Необов'язковий. Застосовний, лише якщо dyndns_update має значення +true. Виберіть інтерфейс або список інтерфейсів, чиї IP-адреси має бути +використано для динамічних оновлень DNS. Спеціальне значення +* означає, що слід використовувати IP-адреси з усіх +інтерфейсів. + + + Типове значення: використовувати IP-адреси інтерфейсу, який використовується +для з’єднання LDAP AD + + + Приклад: dyndns_iface = em1, vnet1, vnet2 + + + + + + dyndns_refresh_interval (ціле число) + + + Визначає, наскільки часто серверний модуль має виконувати періодичні +оновлення DNS на додачу до автоматичного оновлення, яке виконується під час +кожного встановлення з’єднання серверного модуля з мережею. Цей параметр не +є обов’язкоми, його застосовують, лише якщо dyndns_update має значення +true. Зауважте, що найменшим можливим значенням є 60 секунд. Якщо буде +вказано значення, яке є меншим за 60, використовуватиметься найменше можливе +значення. + + + Типове значення: 86400 (24 години) + + + + + + dyndns_update_ptr (булеве значення) + + + Визначає, чи слід явним чином оновлювати запис PTR під час оновлення записів +DNS клієнта. Застосовується, лише якщо значенням dyndns_update буде true. + + + Note that dyndns_update_per_family parameter does not +apply for PTR record updates. Those updates are always sent separately. + + + Типове значення: True + + + + + + dyndns_force_tcp (булеве значення) + + + Визначає, чи слід у програмі nsupdate типово використовувати TCP для обміну +даними з сервером DNS. + + + Типове значення: False (надати змогу nsupdate вибирати протокол) + + + + + + dyndns_auth (рядок) + + + Визначає, чи має використовувати допоміжний засіб nsupdate розпізнавання +GSS-TSIG для безпечних оновлень за допомогою сервера DNS, незахищені +оновлення можна надсилати встановленням для цього параметра значення «none». + + + Типове значення: GSS-TSIG + + + + + + dyndns_auth_ptr (рядок) + + + Визначає, чи має використовувати допоміжний засіб nsupdate розпізнавання +GSS-TSIG для безпечних оновлень PTR за допомогою сервера DNS, незахищені +оновлення можна надсилати встановленням для цього параметра значення «none». + + + Типове значення: те саме, що і dyndns_auth + + + + + + dyndns_server (рядок) + + + Сервер DNS, який слід використовувати для виконання оновлення DNS. У +більшості конфігурацій рекомендуємо не встановлювати значення для цього +параметра. + + + Встановлення значення для цього параметра потрібне для середовищ, де сервер +DNS відрізняється від сервера профілів. + + + Будь ласка, зауважте, що цей параметр буде використано лише для резервних +спроб, якщо попередні спроби із використанням автовиявлення завершаться +невдало. + + + Типове значення: немає (надати nsupdate змогу вибирати сервер) + + + + + + dyndns_update_per_family (булеве значення) + + + Оновлення DNS, типово, виконується у два кроки — оновлення IPv4, а потім +оновлення IPv6. Іноді бажаним є виконання оновлення IPv4 і IPv6 за один +крок. + + + Типове значення: true + + + + + + + + + krb5_confd_path (рядок) + + + Абсолютний шлях до каталогу, у якому SSSD має зберігати фрагменти +налаштувань Kerberos. + + + Щоб вимкнути створення фрагментів налаштувань, встановіть для параметра +значення «none». + + + Типове значення: не встановлено (підкаталог krb5.include.d каталогу pubconf +SSSD) + + + + + + + + + + + + + + + + + ПРИКЛАД + + У наведеному нижче прикладі припускаємо, що SSSD налаштовано належним чином, +а example.com є одним з доменів у розділі +[sssd]. У прикладі продемонстровано лише +параметри доступу, специфічні для засобу AD. + + + +[domain/EXAMPLE] +id_provider = ad +auth_provider = ad +access_provider = ad +chpass_provider = ad + +ad_server = dc1.example.com +ad_hostname = client.example.com +ad_domain = example.com + + + + + + ЗАУВАЖЕННЯ + + Інструмент керування доступом AD перевіряє, чи не завершено строк дії +облікового запису. Дає той самий результат, що і ось таке налаштовування +інструмента надання даних LDAP: +access_provider = ldap +ldap_access_order = expire +ldap_account_expire_policy = ad + + + + Втім, якщо явно не налаштовано засіб надання доступу «ad», типовим засобом +надання доступу буде «permit». Будь ласка, зауважте, що якщо вами +налаштовано засіб надання доступу, відмінний від «ad», вам доведеться +встановлювати усі параметри з’єднання (зокрема адреси LDAP та параметри +шифрування) вручну. + + + Якщо для засобу надання даних autofs встановлено значення ad, +використовується схема прив'язки атрибутів RFC2307 (nisMap, nisObject, ...), +оскільки ці атрибути включено до типової схеми Active Directory. + + + + + + + + + diff --git a/src/man/uk/sssd-files.5.xml b/src/man/uk/sssd-files.5.xml new file mode 100644 index 0000000..de2c786 --- /dev/null +++ b/src/man/uk/sssd-files.5.xml @@ -0,0 +1,162 @@ + + + +Сторінки підручника SSSD + + + + + sssd-files + 5 + Формати файлів та правила + + + + sssd-files + Засіб надання файлів SSSD + + + + ОПИС + + На цій сторінці довідника описано налаштування засобу обробки файлів для + sssd 8 +. Щоб дізнатися більше про синтаксис налаштування, зверніться +до розділу «ФОРМАТ ФАЙЛА» сторінки довідника +sssd.conf 5 +. + + + Засіб надання даних файлів створює дзеркальну копію вмісту файлів + passwd +5 і +group 5 +. Метою роботи засобу надання даних файлів є забезпечення +доступу до даних користувачів і груп, які традиційно доступні за допомогою +інтерфейсів NSS, також за допомогою інтерфейсів SSSD, зокрема +sssd-ifp 5 +. + + + Іншою причиною може бути потреба у забезпеченні ефективного кешування даних +локальних користувачів і груп. + + + Please note that besides explicit domain definition the files provider can +be configured also implicitly using 'enable_files_domain' option. See + sssd.conf +5 for details. + + + SSSD ніколи не виконує визначення для користувача або групи «root». Крім +того, SSSD не обробляє запити щодо визначення UID/GID 0. Такі запити +передаються наступному модулю NSS (зазвичай, files). + + + Якщо SSSD не запущено або програма не відповідає, nss_sss повертає код +UNAVAIL, що спричиняє передавання запиту наступному модулю. + + + + + ПАРАМЕТРИ НАЛАШТУВАННЯ + + Окрім параметрів із наведеного нижче списку, можна встановлювати, де це є +відповідним, загальні параметри домену SSSD. Зверніться до розділу +РОЗДІЛИ ДОМЕНІВ сторінки підручника +sssd.conf 5 +, щоб дізнатися більше про налаштовування домені SSSD. Втім, +призначенням надавача даних files є надання тих самих даних, які +встановлюються для файлів UNIX, просто за допомогою інтерфейсів SSSD. Тому +передбачено підтримку не усіх загальних параметрів доменів. Так само, деякі +загальні параметри, зокрема перевизначення командної оболонки у розділі +nss для усіх доменів, ні на що не впливають у домені files, +якщо їх не вказано явним чином для окремих доменів. + + passwd_files (рядок) + + + Список з однієї чи декількох відокремлених комами назв файлів паролів, які +слід прочитати і нумерувати засобу надання даних файлів. Для кожного +вказаного файла буде встановлено спостереження за допомогою inotify для +динамічного виявлення внесених до нього змін. + + + Типове значення: /etc/passwd + + + + + + group_files (рядок) + + + Список з однієї чи декількох відокремлених комами назв файлів груп, які слід +прочитати і нумерувати засобу надання даних файлів. Для кожного вказаного +файла буде встановлено спостереження за допомогою inotify для динамічного +виявлення внесених до нього змін. + + + Типове значення: /etc/group + + + + + + fallback_to_nss (булеве значення) + + + Під час оновлення внутрішніх даних SSSD поверне повідомлення про помилку і +надасть змогу клієнту продовжити роботу з наступним модулем NSS. Це +допомагає уникнути затримок при використанні типових файлів системи +/etc/passwd і +/etc/group. Налаштування NSS містять «sss» до «files» +для прив'язок «passwd» і «group». + + + Якщо надавача даних файлів налаштовано на спостереження за іншими файлами, +має сенс встановлення для цього параметра значення False для уникнення +несумісної поведінки, оскільки, загалом, не буде іншого модуля NSS, яким +можна буде скористатися як резервним. + + + Типове значення: True + + + + + + + + + + ПРИКЛАД + + У наведеному нижче прикладі припускається, що SSSD налаштовано належним +чином, а files встановлено на один з доменів з розділу +[sssd]. + + + +[domain/files] +id_provider = files + + + + Для балансування кешування даних локальних користувачів та груп у SSSD +модуль nss_sss має перебувати у списку файла /etc/nsswitch.conf вище за +модуль nss_files. + + + +passwd: sss files +group: sss files + + + + + + + + diff --git a/src/man/uk/sssd-ifp.5.xml b/src/man/uk/sssd-ifp.5.xml new file mode 100644 index 0000000..96a2bee --- /dev/null +++ b/src/man/uk/sssd-ifp.5.xml @@ -0,0 +1,158 @@ + + + +Сторінки підручника SSSD + + + + + sssd-ifp + 5 + Формати файлів та правила + + + + sssd-ifp + Відповідач InfoPipe SSSD + + + + ОПИС + + На цій сторінці довідника описано налаштування засобу надання відповідей +InfoPipe для sssd +8 . Щоб дізнатися більше про синтаксис +налаштування, зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника + sssd.conf +5 . + + + Відповідач InfoPipe забезпечує роботу відкритого інтерфейсу D-Bus над +системним каналом повідомлень. За допомогою цього інтерфейсу користувачі +можуть надсилати загальносистемним каналом повідомлень запити щодо +інформації про віддалених користувачів і групи. + + + + ПОШУК ЗА ЧИННИМ СЕРТИФІКАТОМ + + Для керування тим, як буде виконуватися перевірка, якщо використано +програмний інтерфейс FindByValidCertificate(), використовують такі +параметри: + + ca_db + p11_child_timeout + certificate_verification + + Щоб дізнатися більше про параметри, ознайомтеся зі сторінкою підручника щодо + sssd.conf +5 . + + + + + + ПАРАМЕТРИ НАЛАШТУВАННЯ + + Цими параметрами можна скористатися для налаштовування відповідача InfoPipe. + + + + allowed_uids (рядок) + + + Визначає список значень UID або імен користувачів, відокремлених +комами. Користувачам з цього списку буде дозволено доступ до відповідача +InfoPipe. UID за іменами користувачів визначатимуться під час запуску. + + + Типове значення: 0 (доступ до відповідача InfoPipe має лише адміністративний +користувач (root)) + + + Будь ласка, зауважте, що хоча типово використовується UID 0, значення UID +буде перевизначено на основі цього параметра. Якщо ви хочете надати +адміністративному користувачеві (root) доступ до відповідача InfoPipe, що +може бути типовим варіантом, вам слід додати до списку UID з правами доступу +запис 0. + + + + + + user_attributes (рядок) + + + Визначає список атрибутів з «білого» або «чорного» списків, відокремлених +комами. + + + Типово, відповідач InfoPipe надає дані лише щодо типового набору атрибутів +POSIX. Цей набір є тим самим, який повертає програма +getpwnam 3 +, його елементи: + + name + реєстраційне ім’я користувача + + + uidNumber + ідентифікатор користувача + + + gidNumber + ідентифікатор основної групи + + + gecos + дані щодо користувача, типово ім’я повністю + + + homeDirectory + домашній каталог + + + loginShell + командна оболонка користувача + + + + + Ви можете додати інший атрибут до цього набору за допомогою параметра +«+назва_атрибута» або явним чином виключити атрибут за допомогою параметра +«-назва_атрибута». Наприклад, щоб дозволити «telephoneNumber», але +заборонити «loginShell», вам слід скористатися такими налаштуваннями: + +user_attributes = +telephoneNumber, -loginShell + + + + Типове значення: не встановлено. Дозволено лише типовий набір атрибутів +POSIX. + + + + + + wildcard_limit (ціле число) + + + Визначає верхню межу для кількості записів, які отримуватимуться під час +пошуку з використанням символів-замінників, які перевизначають обмеження, +яке накладається функцією виклику. + + + Типове значення: 0 (дозволити встановлювати верхнє обмеження функції +виклику) + + + + + + + + + + + diff --git a/src/man/uk/sssd-ipa.5.xml b/src/man/uk/sssd-ipa.5.xml new file mode 100644 index 0000000..80963b6 --- /dev/null +++ b/src/man/uk/sssd-ipa.5.xml @@ -0,0 +1,880 @@ + + + +Сторінки підручника SSSD + + + + + sssd-ipa + 5 + Формати файлів та правила + + + + sssd-ipa + Модуль надання даних IPA SSSD + + + + ОПИС + + На цій сторінці довідника описано налаштування засобу керування доступом IPA +для sssd +8 . Щоб дізнатися більше про синтаксис +налаштування, зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника + sssd.conf +5 . + + + Інструмент надання даних IPA — модуль, який використовується для +встановлення з’єднання з сервером IPA. (Інформацію щодо серверів IPA можна +знайти на сайті freeipa.org.) Цей інструмент надання доступу потребує +включення комп’ютера до домену IPA. Налаштування майже повністю +автоматизовано, дані для нього отримуються безпосередньо з сервера. + + + Засіб надання даних IPA уможливлює для SSSD використання засобу надання +даних профілів sssd-ldap +5 та засобу надання даних +розпізнавання sssd-krb5 +5 з оптимізацією для середовищ +IPA. Засіб надання даних IPA приймає ті самі параметри, які використовуються +засобами надання даних sssd-ldap та sssd-krb5, із деякими +виключеннями. Втім, встановлювати ці параметри не обов'язково і не +рекомендовано. + + + Засіб надання даних IPA в основному копіює типові параметри традиційних +засобів надання даних ldap і krb5 із деякими виключенням. Відмінності +наведено у розділі ЗМІНЕНІ ТИПОВІ ПАРАМЕТРИ. + + + As an access provider, the IPA provider has a minimal configuration (see +ipa_access_order) as it mainly uses HBAC (host-based access +control) rules. Please refer to freeipa.org for more information about HBAC. + + + Якщо у sssd.conf вказано auth_provider=ipa або +access_provider=ipa, для id_provider також має бути вказано +ipa. + + + Інструмент надання даних IPA використовуватиме відповідач PAC, якщо квитки +Kerberos користувачів з довірених областей містять PAC. Для полегшення +налаштовування відповідач PAC запускається автоматично, якщо налаштовано +інструмент надання даних ідентифікаторів IPA. + + + + + ПАРАМЕТРИ НАЛАШТУВАННЯ + Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки довідника (man) + sssd.conf +5 , щоб дізнатися більше про +налаштування домену SSSD. + + ipa_domain (рядок) + + + Визначає назву домену IPA. Є необов’язковим. Якщо не вказано, буде +використано назву домену з налаштувань. + + + + + + ipa_server, ipa_backup_server (рядок) + + + Впорядкований за пріоритетом список IP-адрес або назв вузлів, відокремлених +комами, серверів IPA, з якими має встановити з’єднання SSSD. Докладніші +відомості щодо резервних серверів викладено у розділі «РЕЗЕРВ». Цей список є +необов’язковим, якщо увімкнено автоматичне виявлення служб. Докладніші +відомості щодо автоматичного виявлення служб наведено у розділі «ПОШУК +СЛУЖБ». + + + + + + ipa_hostname (рядок) + + + Необов’язковий. Може бути встановлено на комп’ютерах, де hostname(5) не +відповідає повній назві, що використовується доменом IPA для розпізнавання +цього вузла. Назву вузла слід вказувати повністю. + + + + + + dyndns_update (булеве значення) + + + Необов’язковий. За допомогою цього параметра можна наказати SSSD автоматично +оновити на сервері DNS, вбудованому до FreeIPA, IP-адресу клієнта. Захист +оновлення буде забезпечено за допомогою GSS-TSIG. Для оновлення буде +використано IP-адресу з’єднання LDAP IPA, якщо не вказано іншу адресу за +допомогою параметра «dyndns_iface». + + + ЗАУВАЖЕННЯ: на застарілих системах (зокрема RHEL 5) для надійної роботи у +цьому режимі типову область дії Kerberos має бути належним чином визначено у +/etc/krb5.conf + + + ЗАУВАЖЕННЯ: хоча можна використовувати і попередню назву параметра, +ipa_dyndns_update, користувачам слід переходити на нову +назву, dyndns_update, у файлі налаштувань. + + + Типове значення: false + + + + + + dyndns_ttl (ціле число) + + + TTL, до якого буде застосовано клієнтський запис DNS під час його +оновлення. Якщо dyndns_update має значення false, цей параметр буде +проігноровано. Перевизначає TTL на боці сервера, якщо встановлено +адміністратором. + + + ЗАУВАЖЕННЯ: хоча можна використовувати і попередню назву параметра, +ipa_dyndns_ttl, користувачам слід переходити на нову +назву, dyndns_ttl, у файлі налаштувань. + + + Типове значення: 1200 (секунд) + + + + + + dyndns_iface (рядок) + + + Необов'язковий. Застосовний, лише якщо dyndns_update має значення +true. Виберіть інтерфейс або список інтерфейсів, чиї IP-адреси має бути +використано для динамічних оновлень DNS. Спеціальне значення +* означає, що слід використовувати IP-адреси з усіх +інтерфейсів. + + + ЗАУВАЖЕННЯ: хоча можна використовувати і попередню назву параметра, +ipa_dyndns_iface, користувачам слід переходити на нову +назву, dyndns_iface, у файлі налаштувань. + + + Типове значення: використовувати IP-адреси інтерфейсу, який використовується +для з’єднання LDAP IPA + + + Приклад: dyndns_iface = em1, vnet1, vnet2 + + + + + + dyndns_auth (рядок) + + + Визначає, чи має використовувати допоміжний засіб nsupdate розпізнавання +GSS-TSIG для безпечних оновлень за допомогою сервера DNS, незахищені +оновлення можна надсилати встановленням для цього параметра значення «none». + + + Типове значення: GSS-TSIG + + + + + + dyndns_auth_ptr (рядок) + + + Визначає, чи має використовувати допоміжний засіб nsupdate розпізнавання +GSS-TSIG для безпечних оновлень PTR за допомогою сервера DNS, незахищені +оновлення можна надсилати встановленням для цього параметра значення «none». + + + Типове значення: те саме, що і dyndns_auth + + + + + + ipa_enable_dns_sites (булеве значення) + + + Вмикає сайти DNS — визначення служб на основі адрес. + + + Якщо вказано значення true і увімкнено визначення служб (див. розділ щодо +пошуку служб у нижній частині сторінки підручника (man)), SSSD спочатку +спробує визначення на основі адрес за допомогою запиту, що містить +"_location.hostname.example.com", а потім повертається до традиційного +визначення SRV. Якщо визначення на основі адреси буде успішним, сервери IPA, +виявлені на основі визначення за адресою, вважатимуться основним серверами, +а сервери IPA, виявлені за допомогою традиційного визначення SRV, +вважатимуться резервними серверами. + + + Типове значення: false + + + + + + dyndns_refresh_interval (ціле число) + + + Визначає, наскільки часто серверний модуль має виконувати періодичні +оновлення DNS на додачу до автоматичного оновлення, яке виконується під час +кожного встановлення з’єднання серверного модуля з мережею. Цей параметр не +є обов’язкоми, його застосовують, лише якщо dyndns_update має значення true. + + + Типове значення: 0 (вимкнено) + + + + + + dyndns_update_ptr (булеве значення) + + + Визначає, чи слід явним чином оновлювати запис PTR під час оновлення записів +DNS клієнта. Застосовується, лише якщо значенням dyndns_update буде true. + + + Значенням цього параметра у більшості розгорнутих систем IPA має бути False, +оскільки сервер IPA створює записи PTR автоматично після зміни у записах +переспрямовування. + + + Note that dyndns_update_per_family parameter does not +apply for PTR record updates. Those updates are always sent separately. + + + Типове значення: False (вимкнено) + + + + + + dyndns_force_tcp (булеве значення) + + + Визначає, чи слід у програмі nsupdate типово використовувати TCP для обміну +даними з сервером DNS. + + + Типове значення: False (надати змогу nsupdate вибирати протокол) + + + + + + dyndns_server (рядок) + + + Сервер DNS, який слід використовувати для виконання оновлення DNS. У +більшості конфігурацій рекомендуємо не встановлювати значення для цього +параметра. + + + Встановлення значення для цього параметра потрібне для середовищ, де сервер +DNS відрізняється від сервера профілів. + + + Будь ласка, зауважте, що цей параметр буде використано лише для резервних +спроб, якщо попередні спроби із використанням автовиявлення завершаться +невдало. + + + Типове значення: немає (надати nsupdate змогу вибирати сервер) + + + + + + dyndns_update_per_family (булеве значення) + + + Оновлення DNS, типово, виконується у два кроки — оновлення IPv4, а потім +оновлення IPv6. Іноді бажаним є виконання оновлення IPv4 і IPv6 за один +крок. + + + Типове значення: true + + + + + + ipa_access_order (string) + + + Список відокремлених комами параметрів керування доступом. Можливі значення +списку: + + + expire: use IPA's account expiration policy. + + + pwd_expire_policy_reject, pwd_expire_policy_warn, +pwd_expire_policy_renew: Ці параметри корисні, якщо користувачам +потрібні попередження щодо скорого завершення строку дії пароля, і у +випадках, коли розпізнавання засновано на відмінних від паролів методах, +наприклад на ключах SSH. + + + The difference between these options is the action taken if user password is +expired: + + + + pwd_expire_policy_reject - user is denied to log in, + + + + + pwd_expire_policy_warn - user is still able to log in, + + + + + pwd_expire_policy_renew - user is prompted to change their password +immediately. + + + + + + Please note that 'access_provider = ipa' must be set for this feature to +work. + + + + + + ipa_deskprofile_search_base (рядок) + + + Необов’язковий. Використати вказаний рядок як основу пошуку пов’язаних з +профілями станції (Desktop Profile) об’єктів. + + + Типове значення: використання базової назви домену + + + + + + ipa_subid_ranges_search_base (рядок) + + + Необов’язковий. Використати вказаний рядок як основу пошуку пов’язаних з +підлеглими діапазонами об’єктів. + + + Типове значення: значення cn=subids,%basedn + + + + + + ipa_hbac_search_base (рядок) + + + Необов’язковий. Використати вказаний рядок як основу пошуку пов’язаних з +HBAC об’єктів. + + + Типове значення: використання базової назви домену + + + + + + ipa_host_search_base (рядок) + + + Застарілий. Скористайтеся замість нього ldap_host_search_base. + + + + + + ipa_selinux_search_base (рядок) + + + Необов’язковий. Використати вказаний рядок як основу пошуку карт +користувачів SELinux. + + + Ознайомтеся з розділом щодо «ldap_search_base», щоб дізнатися більше про +налаштування декількох основ пошуку. + + + Типове значення: значення ldap_search_base + + + + + + ipa_subdomains_search_base (рядок) + + + Необов’язковий. Використати вказаний рядок як основу пошуку надійних +доменів. + + + Ознайомтеся з розділом щодо «ldap_search_base», щоб дізнатися більше про +налаштування декількох основ пошуку. + + + Типове значення: значення cn=trusts,%basedn + + + + + + ipa_master_domain_search_base (рядок) + + + Необов’язковий. Використати вказаний рядок як основу пошуку основного +об’єкта домену. + + + Ознайомтеся з розділом щодо «ldap_search_base», щоб дізнатися більше про +налаштування декількох основ пошуку. + + + Типове значення: значення виразу cn=ad,cn=etc,%basedn + + + + + + ipa_views_search_base (рядок) + + + Необов’язковий. Використати вказаний рядок як основу пошуку контейнерів +перегляду. + + + Ознайомтеся з розділом щодо «ldap_search_base», щоб дізнатися більше про +налаштування декількох основ пошуку. + + + Типове значення: значення cn=views,cn=accounts,%basedn + + + + + + krb5_realm (рядок) + + + Назва області дії Kerberos. Є необов’язковою, типовим значенням є значення +«ipa_domain». + + + Назва області дії Kerberos має особливе значення у IPA: цю назву буде +перетворено у основний DN для виконання дій LDAP. + + + + + + krb5_confd_path (рядок) + + + Абсолютний шлях до каталогу, у якому SSSD має зберігати фрагменти +налаштувань Kerberos. + + + Щоб вимкнути створення фрагментів налаштувань, встановіть для параметра +значення «none». + + + Типове значення: не встановлено (підкаталог krb5.include.d каталогу pubconf +SSSD) + + + + + + ipa_deskprofile_refresh (ціле число) + + + Проміжок часу між послідовними пошуками правил профілів станції (Desktop +Profile) щодо сервера IPA. Зміна може зменшити час затримки та навантаження +на сервер IPA, якщо протягом короткого періоду часу надходить багато запитів +щодо профілів станції. + + + Типове значення: 5 (секунд) + + + + + + ipa_deskprofile_request_interval (ціле число) + + + Час між пошуками у правилах профілів станцій на сервері IPA, якщо за +останнім запитом не повернуто жодного правила. + + + Типове значення: 60 (хвилин) + + + + + + ipa_hbac_refresh (ціле число) + + + Проміжок часу між послідовними пошуками правил HBAC щодо сервера IPA. Зміна +може зменшити час затримки та навантаження на сервер IPA, якщо протягом +короткого періоду часу надходить багато запитів щодо керування доступом. + + + Типове значення: 5 (секунд) + + + + + + ipa_hbac_selinux (ціле число) + + + Проміжок часу між послідовними пошуками у картах SELinux щодо сервера +IPA. Зміна може зменшити час затримки та навантаження на сервер IPA, якщо +протягом короткого періоду часу надходить багато запитів щодо входу +користувача до системи. + + + Типове значення: 5 (секунд) + + + + + + ipa_server_mode (булеве значення) + + + Цей параметр буде встановлено засобом встановлення IPA (ipa-server-install) +автоматично, він визначає, чи запущено SSSD на сервері IPA. + + + На сервері IPA SSSD шукатиме записи користувачів і груп із довірених доменів +безпосередньо, хоча на клієнті SSSD надсилатиме запит на сервер IPA. + + + Зауваження: у поточній версії має бути виконано декілька умов, якщо SSSD +працює на сервері IPA. + + + + Параметр ipa_server має бути налаштовано так, щоб він +вказував на сам сервер IPA. Це типово робить засіб встановлення IPA, тому +зміни вручну є зайвими. + + + + + Не слід змінювати значення параметра full_name_format для +того, щоб лише виводити короткі імена користувачів з довірених доменів. + + + + + + Типове значення: false + + + + + + ipa_automount_location (рядок) + + + Адреса автоматичного монтування, яку буде використовувати цей клієнт IPA + + + Типове значення: адреса з назвою "default" + + + + + + + + ПЕРЕГЛЯДИ і ПЕРЕВИЗНАЧЕННЯ + + SSSD може обробляти перегляди та перевизначення, які пропонуються FreeIPA +4.1 та новішими версіями. Оскільки усі шляхи і класи об’єктів зафіксовано на +боці сервера, в основному, немає потреби у додатковому налаштовуванні. Для +повноти, усі відповідні параметри наведено у списку разом з їхніми типовими +значеннями. + + ipa_view_class (рядок) + + + Клас об’єктів для контейнерів перегляду. + + + Типове значення: nsContainer + + + + + + ipa_view_name (рядок) + + + Назва атрибута, у якому зберігається назва перегляду. + + + Типове значення: cn + + + + + + ipa_override_object_class (рядок) + + + Клас об’єктів для об’єктів перевизначення + + + Типове значення: ipaOverrideAnchor + + + + + + ipa_anchor_uuid (рядок) + + + Назва атрибута, у якому зберігається посилання на початковий об’єкт на +віддаленому домені. + + + Типове значення: ipaAnchorUUID + + + + + + ipa_user_override_object_class (рядок) + + + Назва класу об’єктів для перевизначень користувачів. Використовується для +визначення того, чи знайдений об’єкт перевизначення пов’язано з користувачем +або групою. + + + Перевизначення користувачів можуть містити атрибути, задані + + + ldap_user_name + + + ldap_user_uid_number + + + ldap_user_gid_number + + + ldap_user_gecos + + + ldap_user_home_directory + + + ldap_user_shell + + + ldap_user_ssh_public_key + + + + + Типове значення: ipaUserOverride + + + + + + ipa_group_override_object_class (рядок) + + + Назва класу об’єктів для перевизначень груп. Використовується для визначення +того, чи знайдений об’єкт перевизначення пов’язано з користувачем або +групою. + + + Перевизначення груп можуть містити атрибути, задані + + + ldap_group_name + + + ldap_group_gid_number + + + + + Типове значення: ipaGroupOverride + + + + + + + + + + + + СЛУЖБА ПІДДОМЕНІВ + + Поведінка інструмента надання даних піддоменів IPA залежить від того, у який +спосіб його налаштовано: явний чи неявний. + + + Якщо у розділі домену sssd.conf буде знайдено запис параметра +«subdomains_provider = ipa», інструмент надання даних піддоменів IPA +налаштовано явно, отже всі запити піддоменів надсилатимуться серверу IPA, +якщо це потрібно. + + + Якщо у розділі домену sssdconf не встановлено параметр +«subdomains_provider», але встановлено параметр «id_provider = ipa», +інструмент надання даних піддоменів IPA налаштовано неявним чином. У цьому +випадку спроба запиту щодо піддомену зазнає невдачі і вказуватиме на те, що +на сервері не передбачено піддоменів, тобто його не налаштовано на довіру, +отже інструмент надання даних піддоменів IPA вимкнено. Щойно мине година або +відкриється доступ до інструмента надання даних IPA, інструмент надання +даних піддоменів буде знову увімкнено. + + + + + НАЛАШТОВУВАННЯ ДОВІРЕНИХ ДОМЕНІВ + + Крім того, деякі параметри налаштування може бути встановлено для довіреного +домену. Налаштування довіреного домену можна встановити за допомогою +підрозділу довіреного домену, як це показано у наведеному нижче +прикладі. Крім того, можна скористатися параметром +subdomain_inherit у батьківському домені. +[domain/ipa.domain.com/ad.domain.com] +ad_server = dc.ad.domain.com + + + + Щоб дізнатися більше, ознайомтеся зі сторінкою підручника щодо + sssd.conf +5 . + + + Перелік параметрів налаштовування для довіреного домену залежить від того, +як ви налаштували SSSD на сервері IPA або клієнт IPA. + + + ПАРАМЕТРИ, ЯКІ МОЖНА НАЛАШТУВАТИ НА ОСНОВНИХ СЕРВЕРАХ IPA + + У розділі піддомену на основному сервері IPA можна вказати такі параметри: + + + ad_server + + + ad_backup_server + + + ad_site + + + ldap_search_base + + + ldap_user_search_base + + + ldap_group_search_base + + + use_fully_qualified_names + + + + + + ПАРАМЕТРИ, ЯКІ МОЖНА НАЛАШТУВАТИ НА КЛІЄНТАХ IPA + + У розділі піддомену на клієнті IPA можна вказати такі параметри: + + + ad_server + + + ad_site + + + + + Зауважте, що якщо встановлено обидва параметри, буде враховано лише +ad_server. + + + Оскільки будь-який запит щодо ідентифікації користувача або групи від +довіреного домену, який започатковано клієнтом IPA, обробляється сервером +IPA, параметри ad_server і ad_site впливають +лише на те, який з DC AD виконуватиме процедуру розпізнавання. Зокрема, +адреси, які визначено за цими списками, буде записано до файлів +kdcinfo, читання яких виконуватиметься додатком пошуку +Kerberos. Будь ласка, зверніться до сторінки підручника щодо +sssd_krb5_locator_plugin +8 , щоб дізнатися більше про додаток +пошуку Kerberos. + + + + + + + + + + ПРИКЛАД + + У наведеному нижче прикладі припускаємо, що SSSD налаштовано належним чином, +а example.com є одним з доменів у розділі +[sssd]. У прикладі продемонстровано лише +параметри доступу, специфічні для засобу ipa. + + + +[domain/example.com] +id_provider = ipa +ipa_server = ipaserver.example.com +ipa_hostname = myhost.example.com + + + + + + + + diff --git a/src/man/uk/sssd-kcm.8.xml b/src/man/uk/sssd-kcm.8.xml new file mode 100644 index 0000000..b3c2cd0 --- /dev/null +++ b/src/man/uk/sssd-kcm.8.xml @@ -0,0 +1,304 @@ + + + +Сторінки підручника SSSD + + + + + sssd-kcm + 8 + Формати файлів та правила + + + + sssd-kcm + Керування кешем Kerberos SSSD + + + + ОПИС + + На цій сторінці підручника описано налаштування засобу керування кешем +Kerberos SSSD (Kerberos Cache Manager або KCM). KCM є процесом, який +зберігає, стежить і керує кешем реєстраційних даних Kerberos. Ідея створення +засобу походить із проєкту Heimdal Kerberos, хоча у бібліотеці Kerberos MIT +також надається підтримка з боку клієнта для кешу реєстраційних даних KCM +(докладніше про це нижче). + + + У конфігураціях, де кешем Kerberos керує KCM, бібліотека Kerberos (типово +використовується за допомогою якоїсь програми, наприклад +kinit1 +) є клієнтом KCM, а фонова служба KCM +вважається сервером KCM. Клієнт і сервер обмінюються даними +за допомогою сокета UNIX. + + + Сервер KCM стежити за кожним власником кешу реєстраційних даних і виконує +перевірку прав доступу на основі UID і GID клієнта KCM. Користувач root має +доступ до усіх кешів реєстраційних даних. + + + Кеш реєстраційних даних KCM має декілька цікавих властивостей: + + + + оскільки процес виконується у просторі користувача, він підлягає обмеженням +за простором назв UID, на відміну від набору ключів ядра + + + + + на відміну від кешу на основі наборів ключів ядра, який є спільним для усіх +контейнерів, сервер KCM є окремим процесом, чия точка входу є сокетом UNIX + + + + + реалізація у SSSD зберігає дані ccache у базі даних, файл якої типово +називається /var/lib/sss/secrets. За допомогою +цього файла ccache зберігаються протягом періодів перезапуску сервера KCM +або перезавантаження комп'ютера. + + + + Це надає змогу системі використовувати кеш реєстраційних даних із +врахуванням збірок, одночасно надаючи спільний доступ до кешу реєстраційних +даних для декількох контейнерів або без контейнерів взагалі шляхом +прив'язування-монтування сокета. + + + Час очікування на дії типового клієнта KCM дорівнює 5 хвилин, таке значення +надає більшу часу на взаємодію користувача із інструментами командного +рядка, зокрема kinit. + + + + + КОРИСТУВАННЯ КЕШЕМ РЕЄСТРАЦІЙНИХ ДАНИХ KCM + + Для використання кешу реєстраційних даних KCM його слід вибрати стандартним +типом реєстраційних даних у +krb5.conf5 +. Назвою кешу реєстраційних даних має бути лише +KCM: без будь-яких розширень шаблонами. Приклад: +[libdefaults] + default_ccache_name = KCM: + + + + Далі, слід визначити однаковий шлях до сокета UNIX для клієнтських бібліотек +Kerberos і сервера KCM. Типово, у обох випадках використовується однаковий +шлях /var/run/.heim_org.h5l.kcm-socket. Для +налаштовування бібліотеки Kerberos змініть значення її параметра +kcm_socket, як це описано на сторінці підручника + +krb5.conf5 +. + + + Нарешті, переконайтеся, що з сервером KCM SSSD можна встановити +зв'язок. Типово, служба KCM вмикається за допомогою сокета з +systemd 1 +. На відміну від інших служб SSSD, її не можна запустити +додаванням рядка kcm до інструкції service. + +systemctl start sssd-kcm.socket +systemctl enable sssd-kcm.socket + Будь ласка, зауважте, що +відповідні налаштування модулів вже могло бути виконано засобами вашого +дистрибутива. + + + + + СХОВИЩЕ КЕШУ РЕЄСТРАЦІЙНИХ ДАНИХ + + Кеші реєстраційних даних зберігаються у базі даних, дуже подібно до кешів +записів користувачів і груп SSSD. Типово, база даних зберігається у +/var/lib/sss/secrets. + + + + + ОТРИМАННЯ ДІАГНОСТИЧНОГО ЖУРНАЛУ + + Типово, служба sssd-kcm активує крізь сокет +systemd 1 +. Для створення діагностичних журналів додайте вказані нижче +рядки або безпосередньо до файла /etc/sssd/sssd.conf, +або як фрагмент налаштувань до каталогу +/etc/sssd/conf.d/: +[kcm] +debug_level = 10 + Далі, перезапустіть службу sssd-kcm: +systemctl restart sssd-kcm.service + Нарешті, виконайте дії, які не призводять до +бажаних для вас наслідків. Журнал KCM буде записано до +/var/log/sssd/sssd_kcm.log. Рекомендуємо вимкнути +ведення діагностичного журналу, якщо вам не потрібні діагностичні дані, +оскільки служба sssd-kcm може породжувати доволі великий обсяг діагностичних +даних. + + + Будь ласка, зауважте, що у поточній версії фрагменти налаштувань буде +оброблено, лише якщо взагалі існує основний файл налаштувань +/etc/sssd/sssd.conf. + + + + + ПОНОВЛЕННЯ + + Службу sssd-kcm можна налаштувати на спробу поновлення TGT для поновлюваних +TGT, які зберігаються у ccache KCM. Спроби поновлення виконуватимуться при +досягненні половини строку дії квитка. Поновлення KCM налаштовуються при +встановленні таких параметрів у розділі [kcm]: +tgt_renewal = true +krb5_renew_interval = 60m + + + + Крім того, SSSD може успадковувати параметри krb5 для поновлень з наявного +домену. + + +tgt_renewal = true +tgt_renewal_inherit = domain-name + + + Вказані нижче параметри krb5 можна налаштувати у розділі [kcm] для керування +поведінкою під час поновлення. Ці параметри докладно описано нижче + +krb5_renew_interval +krb5_renewable_lifetime +krb5_lifetime +krb5_validate +krb5_canonicalize +krb5_auth_timeout + + + + + + ПАРАМЕТРИ НАЛАШТУВАННЯ + + Налаштовування служби KCM виконується за допомогою розділу +kcm файла sssd.conf. Будь ласка, зауважте, що оскільки +активація служби KCM, зазвичай, відбувається за допомогою сокетів, після +внесення змін до розділу kcm файла sssd.conf достатньо +перезапустити службу sssd-kcm: +systemctl restart sssd-kcm.service + + + + Налаштування служби KCM виконують за допомогою kcm. Докладний +опис синтаксичних конструкцій налаштувань наведено у розділі ФОРМАТ +ФАЙЛА сторінки підручника щодо +sssd.conf 5 +. + + + Службі kcm можна передавати типові параметри служби SSSD, зокрема +debug_level та fd_limit Із повним списком +параметрів можна ознайомитися на сторінці підручника +sssd.conf 5 +. Крім того, передбачено декілька специфічних для KCM +параметрів. + + + + socket_path (рядок) + + + Сокет, на якому очікуватиме на з'єднання служба KCM. + + + Типове значення: +/var/run/.heim_org.h5l.kcm-socket + + + Зауваження: на платформах, де передбачено +підтримку systemd, шлях до сокета буде перезаписано шляхом, який визначено у +файлі модуля sssd-kcm.socket. + + + + + max_ccaches (ціле число) + + + Скільки кешів реєстраційних може мати даних база даних KCM для усіх +користувачів. + + + Типове значення: 0 (без обмежень, застосовується лише квота на кількість +кешів на UID) + + + + + max_uid_ccaches (ціле число) + + + Скільки кешів реєстраційних може мати даних база даних KCM для окремого +UID. Еквівалент значення кількість реєстраційних даних, які можна +ініціювати за допомогою kinit. + + + Типове значення: 64 + + + + + max_ccache_size (ціле число) + + + Наскільки великим може бути кеш реєстраційних даних окремого ccache. Ця +квота обчислюється для усіх квитків служб разом. + + + Типове значення: 65536 + + + + + tgt_renewal (булеве значення) + + + Вмикає функціональні можливості поновлень TGT. + + + Типове значення: False (автоматичні поновлення вимкнено) + + + + + tgt_renewal_inherit (рядок) + + + Домен, з якого слід успадковувати параметри krb5_*, для використання із +поновленнями TGT. + + + Типове значення: NULL + + + + + + + + + ТАКОЖ ПЕРЕГЛЯНЬТЕ + + sssd8 +, +sssd.conf5 +, + + + + diff --git a/src/man/uk/sssd-krb5.5.xml b/src/man/uk/sssd-krb5.5.xml new file mode 100644 index 0000000..31418d1 --- /dev/null +++ b/src/man/uk/sssd-krb5.5.xml @@ -0,0 +1,458 @@ + + + +Сторінки підручника SSSD + + + + + sssd-krb5 + 5 + Формати файлів та правила + + + + sssd-krb5 + Модуль надання даних Kerberos SSSD + + + + ОПИС + + На цій сторінці довідника описано налаштування засобу розпізнавання Kerberos +5 для sssd +8 . Щоб дізнатися більше про синтаксис +налаштування, зверніться до розділу «ФОРМАТ ФАЙЛА» сторінки довідника + sssd.conf +5 . + + + Модуль розпізнавання Kerberos 5 містити засоби розпізнавання та зміни +паролів. З метою отримання належних результатів його слід використовувати +разом з інструментом обробки профілів (наприклад, id_provider = ldap). Деякі +з даних, потрібних для роботи модуля розпізнавання Kerberos 5, має бути +надано інструментом обробки профілів, серед цих даних Kerberos Principal +Name (UPN) або реєстраційне ім’я користувача. У налаштуваннях інструменту +обробки профілів має бути запис з визначенням UPN. Докладні настанови щодо +визначення такого UPN має бути викладено на сторінці довідника (man) +відповідного інструменту обробки профілів. + + + У цьому інструменті керування даними також передбачено можливості керування +доступом, засновані на даних з файла k5login у домашньому каталозі +користувача. Докладніші відомості можна отримати з підручника до + +k5login5 +. Зауважте, що якщо файл .k5login виявиться порожнім, доступ +користувачеві буде заборонено. Щоб задіяти можливість керування доступом, +додайте рядок «access_provider = krb5» до ваших налаштувань SSSD. + + + У випадку, коли доступу до UPN у модулі профілів не передбачено, +sssd побудує UPN у форматі +ім’я_користувача@область_krb5. + + + + + + ПАРАМЕТРИ НАЛАШТУВАННЯ + + Якщо у домені SSSD використано auth-module krb5, має бути використано +вказані нижче параметри. Зверніться до сторінки довідника (man) + sssd.conf +5 , розділ «РОЗДІЛИ ДОМЕНІВ», щоб +дізнатися більше про налаштування домену SSSD. + + krb5_server, krb5_backup_server (рядок) + + + Визначає список IP-адрес або назв вузлів, відокремлених комами, серверів +Kerberos, з якими SSSD має встановлювати з’єднання. Список має бути +впорядковано за пріоритетом. Докладніше про резервування та додаткові +сервери можна дізнатися з розділу «РЕЗЕРВ». До адрес або назв вузлів може +бути додано номер порту (перед номером слід вписати двокрапку). Якщо +параметр матиме порожнє значення, буде увімкнено виявлення служб. Докладніше +про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ». + + + Під час використання виявлення служб для серверів KDC або kpasswd SSSD +спочатку намагається знайти записи DNS, у яких визначається протокол +_udp. Використання протоколу _tcp відбувається, лише якщо таких записів не +вдасться знайти. + + + У попередніх випусках SSSD цей параметр мав назву «krb5_kdcip». У поточній +версії передбачено розпізнавання цієї застарілої назви, але користувачам +варто перейти на використання «krb5_server» у файлах налаштувань. + + + + + + krb5_realm (рядок) + + + Назва області Kerberos. Цей параметр є обов’язковим, його неодмінно слід +вказати. + + + + + + krb5_kpasswd, krb5_backup_kpasswd (рядок) + + + Якщо службу зміни паролів не запущено на KDC, тут можна визначити +альтернативні сервери. До адрес або назв вузлів можна додати номер порту +(перед яким слід вписати двокрапку). + + + Додаткові відомості щодо резервних серверів можна знайти у розділі +«РЕЗЕРВ». Зауваження: навіть якщо список всіх серверів kpasswd буде +вичерпано, модуль не перемкнеться у автономний режим роботи, якщо +розпізнавання за KDC залишатиметься можливим. + + + Типове значення: використання KDC + + + + + + krb5_ccachedir (рядок) + + + Каталог для зберігання кешу реєстраційних даних. Тут також можна +використовувати усі замінники з krb5_ccname_template, окрім %d та +%P. Каталог створюється як конфіденційний, власником є користувач, права +доступу — 0700. + + + Типове значення: /tmp + + + + + + krb5_ccname_template (рядок) + + + Розташування кешу з реєстраційними даними користувача У поточній версії +передбачено підтримку трьох типів кешу реєстраційних даних: +FILE, DIR та +KEYRING:persistent. Кеш може бути вказано або у форматі +ТИП:РЕШТА, або у форматі абсолютного шляху (тоді +вважається, що типом кешу є FILE). У шаблоні передбачено +можливість використання таких послідовностей-замінників: + + %u + ім'я користувача + + + %U + ідентифікатор користувача + + + %p + назва реєстраційного запису + + + + %r + назва області + + + %h + домашній каталог + + + + %d + значення krb5_ccachedir + + + + + %P + ідентифікатор процесу клієнтської частини SSSD + + + + %% + символ відсотків («%») + + + Якщо шаблон завершується послідовністю +«XXXXXX», для безпечного створення назви файла використовується mkstemp(3). + + + Якщо використовуються типи KEYRING, єдиним підтримуваним механізмом є +«KEYRING:persistent:%U», тобто використання сховища ключів ядра Linux для +зберігання реєстраційних даних на основі поділу за UID. Цей варіант є +рекомендованим, оскільки це найбезпечніший та найпередбачуваніший спосіб. + + + Типове значення назви кешу реєстраційних даних буде запозичено з +загальносистемного профілю, що зберігається у файлі налаштувань krb5.conf, +розділ [libdefaults]. Назва параметра — default_ccache_name. Див. розділ +щодо розгортання параметрів (PARAMETER EXPANSION) у довідці щодо +krb5.conf(5), щоб отримати додаткові дані щодо формату розгортання, +використаного у krb5.conf. + + + ЗАУВАЖЕННЯ: майте на увазі, що шаблон розширення ccache libkrb5 з + krb5.conf +5 використовує інші послідовності +розширення, що не збігаються із використаними у SSSD. + + + Типове значення: (з libkrb5) + + + + + + krb5_keytab (рядок) + + + Розташування таблиці ключів, якою слід скористатися під час перевірки +реєстраційних даних, отриманих від KDC. + + + Типове значення: системна таблиця ключів, зазвичай +/etc/krb5.keytab + + + + + + krb5_store_password_if_offline (булівське значення) + + + Зберігати пароль користувача, якщо засіб перевірки перебуває поза мережею, і +використовувати його для запитів TGT після встановлення з’єднання з засобом +перевірки. + + + Зауваження: ця можливість у поточній версії доступна лише на платформі +Linux. Паролі зберігатимуться у форматі звичайного тексту (без шифрування) у +сховищі ключів ядра, потенційно до них може отримати доступ адміністративний +користувач (root), але йому для цього слід буде подолати деякі перешкоди. + + + Типове значення: false + + + + + + krb5_use_fast (рядок) + + + Вмикає безпечне тунелювання для гнучкого розпізнавання (flexible +authentication secure tunneling або FAST) для попереднього розпізнавання у +Kerberos. Передбачено такі варіанти: + + + never використовувати FAST, рівнозначний варіанту, за +якого значення цього параметра взагалі не задається. + + + try — використовувати FAST. Якщо на сервері не +передбачено підтримки FAST, продовжити розпізнавання без FAST. + + + demand — використовувати FAST. Якщо на сервері не +передбачено підтримки FAST, спроба розпізнавання зазнає невдачі. + + + Типове значення: не встановлено, тобто FAST не використовується. + + + Зауваження: будь ласка, зауважте, що для використання FAST потрібна таблиця +ключів або підтримка анонімного PKINIT. + + + Зауваження: у SSSD передбачено підтримку FAST лише у разі використання MIT +Kerberos версії 1.8 або новішої. Якщо SSSD буде використано зі старішою +версією MIT Kerberos і цим параметром, буде повідомлено про помилку у +налаштуваннях. + + + + + + krb5_fast_principal (рядок) + + + Визначає реєстраційний запис сервера, який слід використовувати для FAST. + + + + + + krb5_fast_use_anonymous_pkinit (булеве значення) + + + Якщо встановлено значення «true» намагатися скористатися анонімним PKINIT +замість таблиці ключів для отримання бажаних реєстраційних даних для FAST. У +цьому випадку параметри krb5_fast_principal буде проігноровано. + + + Типове значення: false + + + + + + krb5_use_kdcinfo (булеве значення) + + + Визначає, чи слід SSSD вказувати бібліотекам Kerberos, яку область і які +значення KDC слід використовувати. Типово, дію параметра увімкнено. Якщо ви +вимкнете його, вам слід налаштувати бібліотеку Kerberos за допомогою файла +налаштувань krb5.conf +5 . + + + Див. сторінку підручника (man) +sssd_krb5_locator_plugin +8 , щоб дізнатися більше про додаток +пошуку. + + + Типове значення: true + + + + + + krb5_kdcinfo_lookahead (рядок) + + + Якщо для krb5_use_kdcinfo встановлено значення true, ви можете обмежити +кількість серверів, які буде передано +sssd_krb5_locator_plugin +8 . Це може бути корисним, якщо за +допомогою запису SRV виявляється надто багато серверів. + + + Параметр krb5_kdcinfo_lookahead містить два числа, які відокремлено +двокрапкою. Перше число визначає кількість основних серверів, а друге — +кількість резервних серверів. + + + Наприклад, 10:0 означає «буде передано до 10 основних +серверів до +sssd_krb5_locator_plugin +8 », але не буде передано резервні +сервери + + + Типове значення: 3:1 + + + + + + krb5_use_enterprise_principal (булеве значення) + + + Визначає, чи слід вважати реєстраційні дані користувача даними промислового +рівня. Див. розділ 5 RFC 6806, щоб дізнатися більше про промислові +реєстраційні дані. + + + + Типове значення: false (надається AD: true) + + + Засіб надання даних IPA встановить для цього параметра значення «true», якщо +виявить, що сервер здатен обробляти реєстраційні дані промислового класу, і +параметр на встановлено явним чином у файлі налаштувань. + + + + + + krb5_use_subdomain_realm (булеве значення) + + + Визначає використання областей піддоменів для розпізнавання користувачів з +довірених доменів. Для цього параметра можна встановити значення «true», +якщо промислові реєстраційні записи використовуються із upnSuffixes, який не +є відомим KDC батьківського домену. Якщо для параметра встановлено значення +«true», SSSD спробує надіслати запит безпосередньо до KDC довіреного домену, +з якого прийшов користувач. + + + + Типове значення: false + + + + + + krb5_map_user (рядок) + + + Список прив’язок визначається як список пар «користувач:основа», де +«користувач» — ім’я користувача UNIX, а «основа» — частина щодо користувача +у реєстраційному записі kerberos. Ця прив’язка використовується, якщо +користувач проходить розпізнавання із використанням «auth_provider = krb5». + + + + приклад: +krb5_realm = REALM +krb5_map_user = joe:juser,dick:richard + + + + joe і dick — імена користувачів UNIX, а +juser і richard основні частини реєстраційних +записів kerberos. Для користувачів joe та, відповідно, +dick SSSD намагатиметься виконати ініціалізацію kinit як +juser@REALM і, відповідно, richard@REALM. + + + + Типове значення: not set + + + + + + + + + + + + + + + ПРИКЛАД + + У наведеному нижче прикладі припускається, що SSSD налаштовано належним +чином, а FOO є одним з доменів у розділі +[sssd]. У прикладі продемонстровано лише +налаштування розпізнавання аз допомогою Kerberos, там не вказано інструменту +обробки профілів. + + + +[domain/FOO] +auth_provider = krb5 +krb5_server = 192.168.1.1 +krb5_realm = EXAMPLE.COM + + + + + + + + diff --git a/src/man/uk/sssd-ldap-attributes.5.xml b/src/man/uk/sssd-ldap-attributes.5.xml new file mode 100644 index 0000000..4a3d4f9 --- /dev/null +++ b/src/man/uk/sssd-ldap-attributes.5.xml @@ -0,0 +1,1187 @@ + + + +Сторінки підручника SSSD + + + + + sssd-ldap-attributes + 5 + Формати файлів та правила + + + + sssd-ldap-attributes + Засіб надання даних LDAP SSSD: атрибути прив'язування + + + + ОПИС + + Цю сторінку підручника присвячено опису атрибутів прив'язування засобу +надання даних LDAP SSSD +sssd-ldap 5 +. Повний опис параметрів налаштовування засобу надання даних +LDAP SSSD наведено на сторінці підручника щодо +sssd-ldap 5 +. + + + + + АТРИБУТИ КОРИСТУВАЧА + + + + ldap_user_object_class (рядок) + + + Клас об’єктів запису користувача у LDAP. + + + Типове значення: posixAccount + + + + + + ldap_user_name (рядок) + + + Атрибут LDAP, що відповідає назві облікового запису користувача. + + + Типове значення: uid (rfc2307, rfc2307bis і IPA), sAMAccountName (AD) + + + + + + ldap_user_uid_number (рядок) + + + Атрибут LDAP, що відповідає ідентифікатору користувача. + + + Типове значення: uidNumber + + + + + + ldap_user_gid_number (рядок) + + + Атрибут LDAP, що відповідає ідентифікатору основної групи користувача. + + + Типове значення: gidNumber + + + + + + ldap_user_primary_group (рядок) + + + Атрибут основної групи Active Directory для встановлення відповідності +ідентифікатора. Зауважте, що цей атрибут слід встановлювати вручну, лише +якщо ви користуєтеся засобом надання даних ldap з прив'язкою +до ідентифікаторів. + + + Типове значення: unset (LDAP), primaryGroupID (AD) + + + + + + ldap_user_gecos (рядок) + + + Атрибут LDAP, що відповідає полю gecos користувача. + + + Типове значення: gecos + + + + + + ldap_user_home_directory (рядок) + + + Атрибут LDAP, що містить назву домашнього каталогу користувача. + + + Типове значення: homeDirectory (LDAP та IPA), unixHomeDirectory (AD) + + + + + + ldap_user_shell (рядок) + + + Атрибут LDAP, що містить шлях до типової командної оболонки користувача. + + + Типове значення: loginShell + + + + + + ldap_user_uuid (рядок) + + + Атрибут LDAP, що містить UUID/GUID об’єкта користувача LDAP. + + + Типове значення: не встановлено у загальному випадку, objectGUID для AD і +ipaUniqueID для IPA + + + + + + ldap_user_objectsid (рядок) + + + Атрибут LDAP, що містить objectSID об’єкта користувача LDAP. Зазвичай, +потрібен лише для серверів ActiveDirectory. + + + Типове значення: objectSid для ActiveDirectory, не встановлено для інших +серверів. + + + + + + ldap_user_modify_timestamp (рядок) + + + Атрибут LDAP, що містить часову позначку останньої зміни батьківського +об’єкта. + + + Типове значення: modifyTimestamp + + + + + + ldap_user_shadow_last_change (рядок) + + + У разі використання ldap_pwd_policy=shadow цей параметр містить назву +атрибута LDAP, який є відповідником параметра +shadow 5 + (дати останньої зміни пароля). + + + Типове значення: shadowLastChange + + + + + + ldap_user_shadow_min (рядок) + + + У разі використання ldap_pwd_policy=shadow цей параметр містить назву +атрибута LDAP, який є відповідником параметра +shadow 5 + (мінімального віку пароля). + + + Типове значення: shadowMin + + + + + + ldap_user_shadow_max (рядок) + + + У разі використання ldap_pwd_policy=shadow цей параметр містить назву +атрибута LDAP, який є відповідником параметра +shadow 5 + (максимального віку пароля). + + + Типове значення: shadowMax + + + + + + ldap_user_shadow_warning (рядок) + + + У разі використання ldap_pwd_policy=shadow цей параметр містить назву +атрибута LDAP, який є відповідником параметра +shadow 5 + (проміжку попередження щодо пароля). + + + Типове значення: shadowWarning + + + + + + ldap_user_shadow_inactive (рядок) + + + У разі використання ldap_pwd_policy=shadow цей параметр містить назву +атрибута LDAP, який є відповідником параметра +shadow 5 + (тривалості періоду невикористання пароля). + + + Типове значення: shadowInactive + + + + + + ldap_user_shadow_expire (рядок) + + + У разі використання ldap_pwd_policy=shadow або +ldap_account_expire_policy=shadow цей параметр містить назву атрибута LDAP, +який є відповідником параметра +shadow 5 + (дати завершення строку дії пароля). + + + Типове значення: shadowExpire + + + + + + ldap_user_krb_last_pwd_change (рядок) + + + Якщо використано значення ldap_pwd_policy=mit_kerberos, цей параметр містить +назву атрибута LDAP, у якому зберігається дата і час останньої зміни пароля +у kerberos. + + + Типове значення: krbLastPwdChange + + + + + + ldap_user_krb_password_expiration (рядок) + + + Якщо використано значення ldap_pwd_policy=mit_kerberos, цей параметр містить +назву атрибута LDAP, у якому зберігається дата і час завершення строку дії +поточного пароля. + + + Типове значення: krbPasswordExpiration + + + + + + ldap_user_ad_account_expires (рядок) + + + Якщо вказано ldap_account_expire_policy=ad, цей параметр містить назву +атрибута LDAP, у якому зберігаються дані щодо строку завершення дії +облікового запису. + + + Типове значення: accountExpires + + + + + + ldap_user_ad_user_account_control (рядок) + + + Якщо вказано ldap_account_expire_policy=ad, цей параметр містить назву +атрибута LDAP, у якому зберігаються дані щодо поля контрольного біта +облікового запису користувача. + + + Типове значення: userAccountControl + + + + + + ldap_ns_account_lock (рядок) + + + Якщо вказано ldap_account_expire_policy=rhds або еквівалентне налаштування, +цей параметр визначає, заборонено чи дозволено доступ. + + + Типове значення: nsAccountLock + + + + + + ldap_user_nds_login_disabled (рядок) + + + Якщо вказано ldap_account_expire_policy=nds, цей атрибут визначає, дозволено +чи заборонено доступ. + + + Типове значення: loginDisabled + + + + + + ldap_user_nds_login_expiration_time (рядок) + + + Якщо вказано ldap_account_expire_policy=nds, цей атрибут визначає дату, до +якої надано доступ. + + + Типове значення: loginDisabled + + + + + + ldap_user_nds_login_allowed_time_map (рядок) + + + Якщо вказано ldap_account_expire_policy=nds, цей атрибут визначає годити дня +тижня, коли надається доступ. + + + Типове значення: loginAllowedTimeMap + + + + + + ldap_user_principal (рядок) + + + Атрибут LDAP, що містить Kerberos User Principal Name (UPN) користувача. + + + Типове значення: krbPrincipalName + + + + + + ldap_user_extra_attrs (рядок) + + + Відокремлений комами список атрибутів LDAP, які SSSD має отримувати разом зі +звичайним набором атрибутів запису користувача. + + + Список може або містити лише назви атрибутів LDAP, або відокремлені +двокрапками кортежі з назви атрибута кешу SSSD та назви атрибута LDAP. Якщо +вказано лише назву атрибута LDAP, атрибут зберігається до кешу +буквально. Використання нетипової назви атрибута SSSD може бути потрібним +середовищам, де налаштовано декілька доменів SSSD з різними схемами LDAP. + + + Будь ласка, зауважте, що декілька назв атрибутів зарезервовано SSSD, зокрема +атрибут «name». SSSD повідомить про помилку, якщо будь-які із зарезервованих +назв атрибутів використано як назву додаткового атрибута. + + + Приклади: + + + ldap_user_extra_attrs = telephoneNumber + + + Зберегти атрибут «telephoneNumber» з LDAP як «telephoneNumber» до кешу. + + + ldap_user_extra_attrs = phone:telephoneNumber + + + Зберегти атрибут «telephoneNumber» з LDAP як «phone» до кешу. + + + Типове значення: not set + + + + + + ldap_user_ssh_public_key (рядок) + + + Атрибут LDAP, який містить відкриті ключі SSH користувача. + + + Типове значення: sshPublicKey + + + + + + ldap_user_fullname (рядок) + + + Атрибут LDAP, що відповідає повному імені користувача. + + + Типове значення: cn + + + + + + ldap_user_member_of (рядок) + + + Атрибут LDAP зі списком груп, у яких бере участь користувач. + + + Типове значення: memberOf + + + + + + ldap_user_authorized_service (рядок) + + + Якщо access_provider=ldap і ldap_access_order=authorized_service, SSSD +використовуватиме наявність атрибута authorizedService у записі користувача +LDAP для визначення прав доступу. + + + Спочатку визначаються явні заборони (!svc). Далі SSSD шукає явні дозволи +(svc) і нарешті загальні дозволи або allow_all (*). + + + Будь ласка, зауважте, що параметр налаштування ldap_access_order +має включати authorized_service, щоб +система змогла скористатися параметром ldap_user_authorized_service. + + + У деяких дистрибутивах (зокрема у Fedora-29+ або RHEL-8) службу PAM +systemd-user завжди включено до процедури входу до +системи. Тому при використанні керування доступом на основі даних служб +варто додавати службу systemd-user до списку дозволених +служб. + + + Типове значення: authorizedService + + + + + + ldap_user_authorized_host (рядок) + + + Якщо access_provider=ldap і ldap_access_order=host, SSSD використовуватиме +наявність атрибута host у записі користувача LDAP для визначення прав +доступу. + + + Спочатку визначаються явні заборони (!host). Далі SSSD шукає явні дозволи +(host) і нарешті загальні дозволи або allow_all (*). + + + Будь ласка, зауважте, що параметр налаштування ldap_access_order +має включати host, щоб можна було +скористатися параметром ldap_user_authorized_host. + + + Типове значення: host + + + + + + ldap_user_authorized_rhost (рядок) + + + Якщо access_provider=ldap і ldap_access_order=rhost, SSSD використовуватиме +наявність атрибута rhost у записі користувача LDAP для визначення прав +доступу. Те саме стосується і процесу перевірки вузла. + + + Спочатку визначаються явні заборони (!rhost). Далі SSSD шукає явні дозволи +(rhost) і нарешті загальні дозволи або allow_all (*). + + + Будь ласка, зауважте, що параметр налаштування ldap_access_order +має включати rhost, щоб можна було +скористатися параметром ldap_user_authorized_rhost. + + + Типове значення: rhost + + + + + + ldap_user_certificate (рядок) + + + Назва атрибута LDAP, що містить сертифікат X509 користувача. + + + Типове значення: userCertificate;binary + + + + + + ldap_user_email (рядок) + + + Назва атрибута LDAP, який містить адресу електронної пошти користувача. + + + Зауваження: якщо адреса електронної пошти користувача конфліктує із адресою +електронної пошти або повним ім'ям іншого користувача, SSSD не зможе +обслуговувати належним чином записи таких користувачів. Якщо з якоїсь +причини у декількох користувачів має бути одна адреса електронної пошти, +встановіть для цього параметра довільну назву атрибута, щоб вимкнути пошук і +вхід до системи за адресою електронної пошти. + + + Типове значення: mail + + + + + ldap_user_passkey (string) + + + Name of the LDAP attribute containing the passkey mapping data of the user. + + + Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD) + + + + + + + + + АТРИБУТИ ГРУПИ + + + + ldap_group_object_class (рядок) + + + Клас об’єктів запису групи у LDAP. + + + Типове значення: posixGroup + + + + + + ldap_group_name (рядок) + + + The LDAP attribute that corresponds to the group name. In an environment +with nested groups, this value must be an LDAP attribute which has a unique +name for every group. This requirement includes non-POSIX groups in the tree +of nested groups. + + + Типове значення: cn (rfc2307, rfc2307bis і IPA), sAMAccountName (AD) + + + + + + ldap_group_gid_number (рядок) + + + Атрибут LDAP, що відповідає ідентифікатору групи. + + + Типове значення: gidNumber + + + + + + ldap_group_member (рядок) + + + Атрибут LDAP, у якому містяться імена учасників групи. + + + Типове значення: memberuid (rfc2307) / member (rfc2307bis) + + + + + + ldap_group_uuid (рядок) + + + Атрибут LDAP, що містить UUID/GUID об’єкта групи LDAP. + + + Типове значення: не встановлено у загальному випадку, objectGUID для AD і +ipaUniqueID для IPA + + + + + + ldap_group_objectsid (рядок) + + + Атрибут LDAP, що містить objectSID об’єкта групи LDAP. Зазвичай, потрібен +лише для серверів ActiveDirectory. + + + Типове значення: objectSid для ActiveDirectory, не встановлено для інших +серверів. + + + + + + ldap_group_modify_timestamp (рядок) + + + Атрибут LDAP, що містить часову позначку останньої зміни батьківського +об’єкта. + + + Типове значення: modifyTimestamp + + + + + + ldap_group_type (рядок) + + + Атрибут LDAP, що містить ціле значення і позначає тип групи, а також, +можливо, інші прапорці. + + + Цей атрибут у поточній версії використовується лише засобом надання даних AD +для визначення, чи є група локальною групою домену і чи має бути її +відфільтровано у списку надійних (довірених) доменів. + + + Типове значення: groupType у засобі надання даних AD, у інших засобах не +встановлено + + + + + + ldap_group_external_member (рядок) + + + Атрибут LDAP, який посилається на записи учасників групи, які визначено у +зовнішньому домені. У поточній версії передбачено підтримку лише зовнішніх +записів учасників IPA. + + + Типове значення: ipaExternalMember у засобі надання даних IPA, у інших +засобах не визначено. + + + + + + + + + АТРИБУТИ МЕРЕЖЕВОЇ ГРУПИ + + + + ldap_netgroup_object_class (рядок) + + + Клас об’єктів запису мережевої групи (netgroup) у LDAP. + + + У надавачі даних IPA має бути використано ipa_netgroup_object_class. + + + Типове значення: nisNetgroup + + + + + + ldap_netgroup_name (рядок) + + + Атрибут LDAP, що відповідає назві мережевої групи (netgroup). + + + У надавачі даних IPA має бути використано ipa_netgroup_name. + + + Типове значення: cn + + + + + + ldap_netgroup_member (рядок) + + + Атрибут LDAP, у якому містяться імена учасників мережевої групи (netgroup). + + + У надавачі даних IPA має бути використано ipa_netgroup_member. + + + Типове значення: memberNisNetgroup + + + + + + ldap_netgroup_triple (рядок) + + + Атрибут LDAP, що містить трійки мережевої групи (вузол, користувач, домен). + + + Цим параметром не можна скористатися у надавачі даних IPA. + + + Типове значення: nisNetgroupTriple + + + + + + ldap_netgroup_modify_timestamp (рядок) + + + Атрибут LDAP, що містить часову позначку останньої зміни батьківського +об’єкта. + + + Цим параметром не можна скористатися у надавачі даних IPA. + + + Типове значення: modifyTimestamp + + + + + + + + + АТРИБУТИ ВУЗЛА + + + + ldap_host_object_class (рядок) + + + Клас об’єктів запису вузла у LDAP. + + + Типове значення: ipService + + + + + + ldap_host_name (рядок) + + + Атрибут LDAP, що відповідає назві вузла. + + + Типове значення: cn + + + + + + ldap_host_fqdn (рядок) + + + Атрибут LDAP, що відповідає повній назві вузла. + + + Типове значення: fqdn + + + + + + ldap_host_serverhostname (рядок) + + + Атрибут LDAP, що відповідає назві вузла. + + + Типове значення: serverHostname + + + + + + ldap_host_member_of (рядок) + + + Атрибут LDAP зі списком груп, у яких бере участь вузол. + + + Типове значення: memberOf + + + + + + ldap_host_ssh_public_key (рядок) + + + Атрибут LDAP, який містить відкриті ключі SSH вузла. + + + Типове значення: sshPublicKey + + + + + + ldap_host_uuid (рядок) + + + Атрибут LDAP, що містить UUID/GUID об’єкта вузла LDAP. + + + Типове значення: not set + + + + + + + + + АТРИБУТИ СЛУЖБИ + + + + ldap_service_object_class (рядок) + + + Клас об’єктів запису служби у LDAP. + + + Типове значення: ipService + + + + + + ldap_service_name (рядок) + + + Атрибут LDAP, що містить назву атрибутів служби та замінників цих атрибутів. + + + Типове значення: cn + + + + + + ldap_service_port (рядок) + + + Атрибут LDAP, що містить номер порту, яким керує ця служба. + + + Типове значення: ipServicePort + + + + + + ldap_service_proto (рядок) + + + Атрибут LDAP, що містить протоколи, за яким може працювати ця служба. + + + Типове значення: ipServiceProtocol + + + + + + + + + АТРИБУТИ SUDO + + + + ldap_sudorule_object_class (рядок) + + + Клас об’єктів запису правила sudo у LDAP. + + + Типове значення: sudoRole + + + + + + ldap_sudorule_name (рядок) + + + Атрибут LDAP, що відповідає назві правила sudo. + + + Типове значення: cn + + + + + + ldap_sudorule_command (рядок) + + + Атрибут LDAP, що відповідає назві команди. + + + Типове значення: sudoCommand + + + + + + ldap_sudorule_host (рядок) + + + Атрибут LDAP, який відповідає назві вузла (або IP-адресі вузла, IP-мережі +вузла, мережевій групі вузла) + + + Типове значення: sudoHost + + + + + + ldap_sudorule_user (рядок) + + + Атрибут LDAP, що відповідає назві імені користувача (або UID, назві групи +або назві мережевої групи користувача) + + + Типове значення: sudoUser + + + + + + ldap_sudorule_option (рядок) + + + Атрибут LDAP, що відповідає параметрам sudo. + + + Типове значення: sudoOption + + + + + + ldap_sudorule_runasuser (рядок) + + + Атрибут LDAP, що відповідає користувачеві, від імені якого можна виконувати +команди. + + + Типове значення: sudoRunAsUser + + + + + + ldap_sudorule_runasgroup (рядок) + + + Атрибут LDAP, що відповідає назві групи або GID, від імені якої можна +виконувати команди. + + + Типове значення: sudoRunAsGroup + + + + + + ldap_sudorule_notbefore (рядок) + + + Атрибут LDAP, що відповідає даті і часу набуття чинності правилом sudo. + + + Типове значення: sudoNotBefore + + + + + + ldap_sudorule_notafter (рядок) + + + Атрибут LDAP, що відповідає даті і часу втрати чинності правилом sudo. + + + Типове значення: sudoNotAfter + + + + + + ldap_sudorule_order (рядок) + + + Атрибут LDAP, що відповідає порядковому номеру правила. + + + Типове значення: sudoOrder + + + + + + + + + АТРИБУТИ AUTOFS + + + + + + + АТРИБУТИ ВУЗЛА IP + + + + ldap_iphost_object_class (рядок) + + + Клас об'єктів запису iphost у LDAP. + + + Типове значення: ipHost + + + + + + ldap_iphost_name (рядок) + + + Атрибут LDAP, що містить назву атрибутів IP вузла та замінників цих +атрибутів. + + + Типове значення: cn + + + + + + ldap_iphost_number (рядок) + + + Атрибут LDAP, який містить адресу IP вузла. + + + Типове значення: ipHostNumber + + + + + + + + + АТРИБУТИ МЕРЕЖІ IP + + + + ldap_ipnetwork_object_class (рядок) + + + Клас об'єктів запису ipnetwork у LDAP. + + + Типове значення: ipNetwork + + + + + + ldap_ipnetwork_name (рядок) + + + Атрибут LDAP, що містить назву атрибутів мережі IP та замінників цих +атрибутів. + + + Типове значення: cn + + + + + + ldap_ipnetwork_number (рядок) + + + Атрибут LDAP, який містить адресу мережі IP. + + + Типове значення: ipNetworkNumber + + + + + + + + + + + diff --git a/src/man/uk/sssd-ldap.5.xml b/src/man/uk/sssd-ldap.5.xml new file mode 100644 index 0000000..aa56d64 --- /dev/null +++ b/src/man/uk/sssd-ldap.5.xml @@ -0,0 +1,1805 @@ + + + +Сторінки підручника SSSD + + + + + sssd-ldap + 5 + Формати файлів та правила + + + + sssd-ldap + Модуль надання даних LDAP SSSD + + + + ОПИС + + На цій сторінці довідника описано налаштування доменів LDAP для + sssd 8 +. Щоб дізнатися більше про синтаксис налаштування, зверніться +до розділу «ФОРМАТ ФАЙЛА» сторінки довідника +sssd.conf 5 +. + + Ви можете налаштувати SSSD на використання декількох доменів LDAP. + + + LDAP back end supports id, auth, access and chpass providers. If you want to +authenticate against an LDAP server either TLS/SSL or LDAPS is +required. sssd does not support +authentication over an unencrypted channel. Even if the LDAP server is used +only as an identity provider, an encrypted channel is strongly +recommended. Please refer to ldap_access_filter config option +for more information about using LDAP as an access provider. + + + + + ПАРАМЕТРИ НАЛАШТУВАННЯ + + Всі загальні параметри налаштування, які стосуються доменів SSSD, також +стосуються і доменів LDAP. Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки +підручника sssd.conf +5 , щоб дізнатися більше. Зауважте, що +атрибути прив'язки до LDAP SSSD описано на сторінці підручника щодо + sssd-ldap-attributes +5 . + + ldap_uri, ldap_backup_uri (рядок) + + + Визначає список адрес серверів LDAP, відокремлених комами, з якими SSSD має +встановлювати з’єднання у порядку пріоритету. Зверніться до розділу +«РЕЗЕРВ», щоб дізнатися більше про перемикання на резервні ресурси та +додаткові сервери. Якщо не вказано, буде використано автоматичне виявлення +служб. Докладніші відомості можна знайти у розділі «ПОШУК СЛУЖБ». + + + Формат адреси має відповідати формату, що визначається RFC 2732: + + + ldap[s]://<вузол>[:порт] + + + У явних адресах IPv6 <вузол> має бути вказано у квадратних дужках, [] + + + приклад: ldap://[fc00::126:25]:389 + + + + + + ldap_chpass_uri, ldap_chpass_backup_uri (рядок) + + + Визначає список адрес серверів LDAP, відокремлених комами, з якими SSSD має +встановлювати з’єднання у порядку пріоритету для зміни пароля +користувача. Зверніться до розділу «РЕЗЕРВ», щоб дізнатися більше про +перемикання на резервні ресурси та додаткові сервери. + + + Для того, щоб уможливити визначення служб, слід встановити значення +параметра ldap_chpass_dns_service_name. + + + Типове значення: порожнє, тобто використовується ldap_uri. + + + + + + ldap_search_base (рядок) + + + Типова базова назва домену, яку слід використовувати для виконання дій від +імені користувача LDAP. + + + Починаючи з SSSD 1.7.0, у SSSD передбачено підтримку визначення декількох +основ для пошуку за допомогою таких синтаксичних конструкцій: + + + основа_пошуку[?діапазон?[фільтр][?основа_пошуку?діапазон?[фільтр]]*] + + + Діапазоном може бути одне зі значень, «base» (основа), «onelevel» (окремий +рівень) або «subtree» (піддерево). + + + Фільтром має бути коректний запис фільтрування LDAP, відповідно до +специфікації http://www.ietf.org/rfc/rfc2254.txt + + + Приклади: + + + ldap_search_base = dc=example,dc=com (еквівалентне до) ldap_search_base = +dc=example,dc=com?subtree? + + + ldap_search_base = +cn=host_specific,dc=example,dc=com?subtree?(host=thishost)?dc=example.com?subtree? + + + Зауваження: підтримки визначення декількох основ пошуку з посиланням на +об’єкти з однаковими назвами (наприклад груп з однаковою назвою у двох +різних основах пошуку) не передбачено. Такі визначення можуть призвести до +непередбачуваних результатів на клієнтських комп’ютерах. + + + Типове значення: якщо значення не встановлено, буде використано значення +атрибута defaultNamingContext або namingContexts з RootDSE сервера +LDAP. Якщо запису defaultNamingContext не існує або цей запис має порожнє +значення, буде використано namingContexts. Для роботи системи потрібно, щоб +атрибут namingContexts має єдине значення DN бази пошуку сервера +LDAP. Підтримки визначення декількох значень не передбачено. + + + + + + ldap_schema (рядок) + + + Визначає тип схеми, що використовується на сервері LDAP +призначення. Відповідно до вибраної схеми, типові назви атрибутів, отриманих +з сервера, можуть бути різними. Спосіб обробки атрибутів також може бути +різним. + + + У поточній версії передбачено підтримку чотирьох типів схем: + + + + rfc2307 + + + + + rfc2307bis + + + + + IPA + + + + + AD + + + + + + Основною відмінністю між цими типами схем є спосіб запису даних щодо участі +у групах на сервері. Відповідно до rfc2307, список учасників груп +впорядковується за користувачами у атрибуті +memberUid. Відповідно до rfc2307bis і IPA, список +учасників груп впорядковується за назвою домену (DN) і зберігається у +атрибуті member. Відповідно до типу схеми AD, +встановлюється відповідність зі значеннями Active Directory 2008r2. + + + Типове значення: rfc2307 + + + + + + ldap_pwmodify_mode (рядок) + + + Визначає дію, яку буде здійснено для зміни пароля користувача. + + + У поточній версії передбачено два режими: + + + + exop — розширена дія зі зміни пароля (RFC 3062) + + + + + ldap_modify — безпосереднє внесення змін до userPassword (не рекомендуємо). + + + + + + Зауваження: спочатку буде встановлено нове з'єднання для перевірки поточного +пароля шляхом прив'язування до системи від імені користувача, від якого +надійшов запит щодо зміни пароля. Якщо з'єднання вдасться встановити, його +буде використано для зміни пароля, тому у користувача має бути доступ до +запису атрибута userPassword. + + + Типове значення: exop + + + + + + ldap_default_bind_dn (рядок) + + + Типова назва домену прив’язки, яку слід використовувати для виконання дій +LDAP. + + + + + + ldap_default_authtok_type (рядок) + + + Тип розпізнавання для типової назви сервера прив’язки. + + + У поточній версії передбачено підтримку двох механізмів: + + + password + + + obfuscated_password + + + Типове значення: password + + + Щоб дізнатися більше, ознайомтеся зі сторінкою підручника щодо + sss_obfuscate +8 . + + + + + + ldap_default_authtok (рядок) + + + Лексема розпізнавання типової назви сервера прив’язки. + + + + + + ldap_force_upper_case_realm (булеве значення) + + + Деякі з серверів каталогів, наприклад Active Directory, можуть надавати +частину області адреси UPN лише малими літерами (літерами нижнього +регістру), що може призвести до невдалої спроби розпізнавання. Встановіть +ненульове значення цього параметра, якщо ви бажаєте використовувати назву +області у верхньому регістрі. + + + Типове значення: false + + + + + + ldap_enumeration_refresh_timeout (ціле число) + + + Визначає кількість секунд, протягом яких SSSD має очікувати до оновлення +свого кешу нумерованих записів. + + + Цей параметр також може бути встановлено для окремого піддомену або +успадковано за допомогою subdomain_inherit. + + + Типове значення: 300 + + + + + + ldap_purge_cache_timeout (ціле число) + + + Визначає частоту пошуків у кеші неактивних записів (зокрема груп без +учасників та користувачів, які ніколи не входили до системи) та вилучення +цих записів з метою економії місця. + + + Встановлення нульового значення цього параметра вимикає дію з очищення +кешу. Будь ласка, зауважте, що якщо увімкнено нумерацію, дія з очищення є +необхідною з метою виявлення записів, вилучених із сервера, її не можна +вимикати. Типово, дія з очищення, якщо увімкнено нумерацію, виконується +кожні 3 години. + + + Цей параметр також може бути встановлено для окремого піддомену або +успадковано за допомогою subdomain_inherit. + + + Типове значення: 0 (вимкнено) + + + + + + ldap_group_nesting_level (ціле число) + + + Якщо ldap_schema встановлено у значення формату схеми, у якому передбачено +підтримку вкладеності груп (наприклад RFC2307bis), цей параметр визначає +кількість рівнів вкладеності, які оброблятимуться SSSD. Значення цього +параметра буде проігноровано, якщо використано схему RFC2307. + + + Зауваження: за допомогою цього параметра визначається гарантований рівень +вкладеності груп для обробки під час будь-якого пошуку. Втім, може +бути повернуто і групи із більшим рівнем вкладеності, якщо під +час попередніх пошуків відбувалася обробка вищих рівнів вкладеності. Крім +того, послідовні пошуки інших груп можуть розширити набір результатів +початкового пошуку, якщо запити щодо пошуку надходять повторно. + + + Якщо значенням ldap_group_nesting_level є 0, вкладені групи взагалі не +оброблятимуться. Втім, якщо з’єднання встановлено з Active-Directory Server +2008 та новішими версіями з використанням id_provider=ad, +слід також вимкнути використання груп реєстраційних записів (Token-Groups) +встановленням для параметра ldap_use_tokengroups значення false з метою +обмеження вкладеності у групах. + + + Типове значення: 2 + + + + + + ldap_use_tokengroups + + + За допомогою цього параметра можна увімкнути або вимкнути використання +атрибута Token-Groups під час виконання initgroup для користувачів Active +Directory Server 2008 та новіших версій. + + + Цей параметр також може бути встановлено для окремого піддомену або +успадковано за допомогою subdomain_inherit. + + + Типове значення: True для AD і IPA, інакше False. + + + + + + ldap_host_search_base (рядок) + + + Необов’язковий. Використати вказаний рядок як основу пошуку об’єктів вузлів. + + + Ознайомтеся з розділом щодо «ldap_search_base», щоб дізнатися більше про +налаштування декількох основ пошуку. + + + Типове значення: значення ldap_search_base + + + + + + ldap_service_search_base (рядок) + + + + + ldap_iphost_search_base (рядок) + + + + + ldap_ipnetwork_search_base (рядок) + + + + + ldap_search_timeout (ціле число) + + + Визначає час очікування на дані (у секундах) для виконання пошуків ldap, +перш ніж пошук буде скасовано з поверненням кешованих даних (і переходом до +автономного режиму роботи) + + + Зауваження: роботу цього параметра буде змінено у наступних версіях +SSSD. Ймовірно, його буде колись замінено на послідовність часів очікування +для окремих типів пошуків. + + + Цей параметр також може бути встановлено для окремого піддомену або +успадковано за допомогою subdomain_inherit. + + + Типове значення: 6 + + + + + + ldap_enumeration_search_timeout (ціле число) + + + Визначає час очікування на дані (у секундах) для виконання пошуків номерів +користувачів та груп у ldap, перш ніж пошук буде скасовано з поверненням +кешованих даних (і переходом до автономного режиму роботи) + + + Цей параметр також може бути встановлено для окремого піддомену або +успадковано за допомогою subdomain_inherit. + + + Типове значення: 60 + + + + + + ldap_network_timeout (ціле число) + + + Визначає час очікування (у секундах), після завершення якого +poll 2 +/ select +2 з наступним +connect 2 + повертається до стану бездіяльності. + + + Цей параметр також може бути встановлено для окремого піддомену або +успадковано за допомогою subdomain_inherit. + + + Типове значення: 6 + + + + + + ldap_opt_timeout (ціле число) + + + Визначає час очікування (у секундах), після завершення якого виклики до +синхронних програмних інтерфейсів LDAP буде перервано, якщо не буде отримано +відповіді. Також керує часом очікування під час обміну даними з KDC у +випадку прив’язки SASL, часом очікування на дію з прив’язування LDAP, +розширеної операції зі зміни пароля та дії StartTLS. + + + Цей параметр також може бути встановлено для окремого піддомену або +успадковано за допомогою subdomain_inherit. + + + Типове значення: 8 + + + + + + ldap_connection_expire_timeout (ціле значення) + + + Визначає час очікування (у секундах), протягом якого підтримуватиметься +з’єднання з сервером LDAP. По завершенню цього часу буде зроблено спробу +повторно встановити з’єднання. У разі використання паралельно до SASL/GSSAPI +буде використано перше за часом значення (це значення або значення строку +дії TGT). + + + Якщо з'єднання є бездіяльним (жодна дія у ньому не виконується активно) +протягом ldap_opt_timeout секунд завершення строку дії, +його буде передчасно розірвано, щоб новий запит не міг потребувати, щоб +з'єднання лишалося відкритим після завершення його строку дії. Неявним +чином, це означає, що з'єднання завжди розриватимуться негайно і не +використовуватимуться повторно, якщо +ldap_connection_expire_timeout <= ldap_opt_timout + + + Цей час очікування може бути подовжено випадковим значенням, яке вказано +параметром ldap_connection_expire_offset + + + Цей параметр також може бути встановлено для окремого піддомену або +успадковано за допомогою subdomain_inherit. + + + Типове значення: 900 (15 хвилин) + + + + + + ldap_connection_expire_offset (ціле число) + + + Випадковий зсув від 0 до налаштованого значення, який буде додано до +ldap_connection_expire_timeout. + + + Цей параметр також може бути встановлено для окремого піддомену або +успадковано за допомогою subdomain_inherit. + + + Типове значення: 0 + + + + + + ldap_connection_idle_timeout (ціле значення) + + + Визначає час очікування (у секундах), протягом якого підтримуватиметься +бездіяльне з’єднання з сервером LDAP. Якщо з'єднання лишатиметься +бездіяльним понад цей час, з'єднання буде розірвано. + + + Ви можете вимкнути цей час очікування, встановивши значення 0. + + + Цей параметр також може бути встановлено для окремого піддомену або +успадковано за допомогою subdomain_inherit. + + + Типове значення: 900 (15 хвилин) + + + + + + ldap_page_size (ціле число) + + + Визначити кількість записів, які слід отримати з LDAP у відповідь на один +запит. На деяких серверах LDAP визначено обмеження максимальної кількості на +один запит. + + + Типове значення: 1000 + + + + + + ldap_disable_paging (булеве значення) + + + Вимикає контроль сторінок LDAP. Цим параметром слід скористатися, якщо +сервер LDAP повідомляє про підтримку контролю сторінок LDAP у своєму +RootDSE, але цю підтримку не увімкнено або вона не працює належним чином. + + + Приклад: сервери OpenLDAP з модулем контролю сторінок, встановленим на +сервері, але не увімкненим, повідомляють про підтримку у RootDSE, але цією +підтримкою не можна скористатися. + + + Приклад: 389 DS має ваду, пов’язану з тим, що здатен підтримувати лише один +процес контролю сторінок для одного з’єднання. У разі значного навантаження +це може призвести до відмови у виконанні запитів. + + + Типове значення: False + + + + + + ldap_disable_range_retrieval (булеве значення) + + + Вимкнути отримання діапазону Active Directory. + + + У Active Directory за допомогою правила MaxValRange (типове значення 1500 +записів) обмежується кількість записів, які може бути отримано під час +пошуку. Якщо у певній групі міститься більше записів учасників, до відповіді +буде включено специфічне для AD розширення діапазону. За допомогою цього +параметра можна вимкнути обробку розширення діапазону, отже великі групи +буде представлено як такі, у яких немає учасників. + + + Типове значення: False + + + + + + ldap_sasl_minssf (ціле значення) + + + Під час обміну даними з сервером LDAP за допомогою SASL визначає мінімальний +рівень захисту, потрібний для встановлення з’єднання. Значення цього +параметра визначається OpenLDAP. + + + Типове значення: типове для системи значення (зазвичай, визначається у +ldap.conf) + + + + + + ldap_sasl_maxssf (ціле число) + + + Під час обміну даними з сервером LDAP за допомогою SASL визначає +максимальний рівень захисту, потрібний для встановлення з’єднання. Значення +цього параметра визначається OpenLDAP. + + + Типове значення: типове для системи значення (зазвичай, визначається у +ldap.conf) + + + + + + ldap_deref_threshold (ціле число) + + + Вказує кількість учасників групи, записів яких має не вистачати у +зовнішньому кеші для запуску загального пошуку з розіменуванням. Якщо +пропущених записів буде менше за вказану кількість, пошук для них +виконуватиметься окремо. + + + Ви можете повністю вимкнути запити щодо розіменувань встановленням значення +0. Будь ласка, зауважте, що у коді SSSD, зокрема засобу надання даних HBAC +IPA, є інструкції, які реалізовано лише з використанням викликів щодо +розіменування, тому навіть явне вимикання розіменувань не призведе до +вимикання розіменувань у цих частинах коду, якщо на сервері передбачено +підтримку розіменувань і оголошено про керування розіменуваннями у об'єкті +rootDSE. + + + Пошук з розіменуванням — це отримання всіх записів учасників групи за одним +викликом LDAP. У різних серверах LDAP може бути передбачено різні способи +розіменування. У поточній версії передбачено підтримку серверів 389/RHDS, +OpenLDAP та Active Directory. + + + Зауваження: якщо у одній з основ пошуку визначається +фільтр пошуку, покращення швидкодії фільтрів розіменування буде вимкнено, +незалежно від використання цього параметра. + + + Типове значення: 10 + + + + + + ldap_ignore_unreadable_references (булеве значення) + + + Ігнорувати непридатні до читання записи LDAP, на які посилається атрибут +учасника групи. Якщо для цього параметра встановлено значення «false», буде +повернуто повідомлення про помилку, а дія завершиться помилкою, замість +простого ігнорування непридатного до читання запису. + + + Цей параметр може бути корисним, якщо використано надавач даних AD, і +обліковий запис комп'ютера, який sssd використовує для встановлення +з'єднання із AD, не має доступу до певного запису або піддерева LDAP з +міркувань безпеки. + + + Типове значення: False + + + + + + ldap_tls_reqcert (рядок) + + + Визначає перелік перевірок, які слід виконати для сертифікатів серверів у +сеансі TLS, якщо такі перевірки слід виконувати. Може бути визначено одне з +таких значень: + + + never = клієнт не надсилатиме запиту і не перевірятиме +жодних сертифікатів сервера. + + + allow = надіслати запит щодо сертифіката сервера. Якщо +сертифікат не буде надано, продовжити сеанс у звичайному режимі. Якщо буде +надано помилковий сертифікат, ігнорувати і продовжити сеанс у звичайному +режимі. + + + try = надіслати запит щодо сертифіката сервера. Якщо +сертифікат не буде надано, продовжити сеанс у звичайному режимі. Якщо буде +надано помилковий сертифікат, негайно перервати сеанс. + + + demand = надіслати запит щодо сертифіката сервера. Якщо +сертифікат не буде надано або буде надано помилковий сертифікат, негайно +перервати сеанс. + + + hard = те саме, що і demand + + + Типове значення: hard + + + + + + ldap_tls_cacert (рядок) + + + Визначає файл, який містить сертифікати для всіх служб сертифікації, які +розпізнаються sssd. + + + Типове значення: використовувати типові параметри OpenLDAP, що зберігаються +у /etc/openldap/ldap.conf + + + + + + ldap_tls_cacertdir (рядок) + + + Визначає шлях до каталогу, де у окремих файлах містяться сертифікати служб +сертифікації (CA). Типовими назвами файлів є хеші сертифікатів з додаванням +«.0». Для створення відповідних назв можна скористатися +cacertdir_rehash, якщо ця програма є доступною. + + + Типове значення: використовувати типові параметри OpenLDAP, що зберігаються +у /etc/openldap/ldap.conf + + + + + + ldap_tls_cert (рядок) + + + Визначає файл, який містить сертифікат для ключа клієнта. + + + Типове значення: not set + + + + + + ldap_tls_key (рядок) + + + Визначає файл, у якому міститься ключ клієнта. + + + Типове значення: not set + + + + + + ldap_tls_cipher_suite (рядок) + + + Визначає прийнятні комплекти програм для шифрування. Записи у типовому +списку слід відокремлювати комами. З форматом можна ознайомитися на сторінці +довідника до ldap.conf +5. + + + Типове значення: використовувати типові параметри OpenLDAP, що зберігаються +у /etc/openldap/ldap.conf + + + + + + ldap_id_use_start_tls (булеве значення) + + + Specifies that the id_provider connection must also use tls to protect the channel. +true is strongly recommended for security reasons. + + + Типове значення: false + + + + + + ldap_id_mapping (булеве значення) + + + Визначає, що SSSD має намагатися встановити відповідність ідентифікаторів +користувача і групи на основі атрибутів ldap_user_objectsid та +ldap_group_objectsid, замість атрибутів ldap_user_uid_number та +ldap_group_gid_number. + + + У поточній версії у цій можливості передбачено підтримку лише встановлення +відповідності objectSID у ActiveDirectory. + + + Типове значення: false + + + + + + ldap_min_id, ldap_max_id (ціле число) + + + На відміну від прив’язування ідентифікаторів на основі SID, яке +використовується, якщо параметр ldap_id_mapping має значення true, діапазон +дозволених ідентифікаторів для ldap_user_uid_number і ldap_group_gid_number +є необмеженим. У конфігураціях з піддоменами та довіреними доменами це може +призвести до конфліктів ідентифікаторів. Щоб уникнути конфліктів, можна +встановити значення ldap_min_id і ldap_max_id для обмеження дозволеного +діапазону ідентифікаторів, які буде прочитано безпосередньо з сервера. Після +цього піддомени можуть вибирати інші діапазони для прив’язування +ідентифікаторів. + + + Типове значення: не встановлено (обидва параметри встановлено у значення 0) + + + + + + ldap_sasl_mech (рядок) + + + Визначає механізм SASL, який слід використовувати. У поточній версії +перевірено і передбачено підтримку лише механізмів GSSAPI та GSS-SPNEGO. + + + Якщо у модулі обробки передбачено підтримку піддоменів, значення для +піддоменів ldap_sasl_mech буде автоматично успадковано від домену. Якщо для +якогось піддомену потрібне інше значення, його можна перезаписати +встановленням ldap_sasl_mech для цього піддомену окремо. Докладніший опис +можна знайти у розділі щодо довірених доменів у підручнику з +sssd.conf +5. + + + Типове значення: not set + + + + + + ldap_sasl_authid (рядок) + + + Визначає ідентифікатор уповноваження SASL, яким слід скористатися. Якщо +використовується GSSAPI/GSS-SPNEGO, цим ідентифікатором є реєстраційні дані +Kerberos, які використовуються для розпізнавання при доступі до +каталогу. Цей параметр може містити або повні реєстраційні дані (наприклад +host/myhost@EXAMPLE.COM) або просто назву реєстраційного запису (наприклад +host/myhost). Типово, значення не встановлено і використовуються такі +реєстраційні записи: +hostname@REALM +netbiosname$@REALM +host/hostname@REALM +*$@REALM +host/*@REALM +host/* + Якщо жоден +з них не буде знайдено, буде повернуто перший реєстраційний запис у таблиці +ключів. + + + Типове значення: вузол/назва_вузла@ОБЛАСТЬ + + + + + + ldap_sasl_realm (рядок) + + + Визначає область SASL, яку слід використовувати. Якщо не вказано значення, +типовим значенням цього параметра є значення krb5_realm. Якщо +ldap_sasl_authid також містить запис області, цей параметр буде +проігноровано. + + + Типове значення: значення krb5_realm. + + + + + + ldap_sasl_canonicalize (булеве значення) + + + Якщо встановлено значення true (1), бібліотека LDAP виконувати зворотній +пошук з метою переведення назв вузлів у канонічну форму під час прив’язки до +SASL. + + + Типове значення: false; + + + + + + ldap_krb5_keytab (рядок) + + + Визначає таблицю ключів, яку слід використовувати разом з +SASL/GSSAPI/GSS-SPNEGO. + + + Цей параметр також може бути встановлено для окремого піддомену або +успадковано за допомогою subdomain_inherit. + + + Типове значення: системна таблиця ключів, зазвичай +/etc/krb5.keytab + + + + + + ldap_krb5_init_creds (булеве значення) + + + Визначає, що id_provider має ініціалізувати реєстраційні дані Kerberos +(TGT). Цю дію буде виконано, лише якщо використовується SASL і вибрано +механізм GSSAPI або GSS-SPNEGO. + + + Типове значення: true + + + + + + ldap_krb5_ticket_lifetime (ціле число) + + + Визначає строк дії (у секундах) TGT, якщо використовується GSSAPI або +GSS-SPNEGO. + + + Цей параметр також може бути встановлено для окремого піддомену або +успадковано за допомогою subdomain_inherit. + + + Типове значення: 86400 (24 години) + + + + + + krb5_server, krb5_backup_server (рядок) + + + Визначає список IP-адрес або назв вузлів, відокремлених комами, серверів +Kerberos, з якими SSSD має встановлювати з’єднання. Список має бути +впорядковано за пріоритетом. Докладніше про резервування та додаткові +сервери можна дізнатися з розділу «РЕЗЕРВ». До адрес або назв вузлів може +бути додано номер порту (перед номером слід вписати двокрапку). Якщо +параметр матиме порожнє значення, буде увімкнено виявлення служб. Докладніше +про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ». + + + Під час використання виявлення служб для серверів KDC або kpasswd SSSD +спочатку намагається знайти записи DNS, у яких визначається протокол +_udp. Використання протоколу _tcp відбувається, лише якщо таких записів не +вдасться знайти. + + + У попередніх випусках SSSD цей параметр мав назву «krb5_kdcip». У поточній +версії передбачено розпізнавання цієї застарілої назви, але користувачам +варто перейти на використання «krb5_server» у файлах налаштувань. + + + + + + krb5_realm (рядок) + + + Вказати область Kerberos (для розпізнавання за SASL/GSSAPI/GSS-SPNEGO). + + + Типове значення: типове значення системи, +див. /etc/krb5.conf + + + + + + krb5_canonicalize (булеве значення) + + + Визначає, чи слід перетворювати реєстраційний запис вузла у канонічну форму +під час встановлення з’єднання з сервером LDAP. Цю можливість передбачено з +версії MIT Kerberos >= 1.7 + + + + Типове значення: false + + + + + + krb5_use_kdcinfo (булеве значення) + + + Визначає, чи слід SSSD вказувати бібліотекам Kerberos, яку область і які +значення KDC слід використовувати. Типово, дію параметра увімкнено. Якщо ви +вимкнете його, вам слід налаштувати бібліотеку Kerberos за допомогою файла +налаштувань krb5.conf +5 . + + + Див. сторінку підручника (man) +sssd_krb5_locator_plugin +8 , щоб дізнатися більше про додаток +пошуку. + + + Типове значення: true + + + + + + ldap_pwd_policy (рядок) + + + Визначає правил оцінки строку дії пароля на боці клієнта. Можна +використовувати такі значення: + + + none — не використовувати перевірки на боці клієнта. У +разі використання цього варіанта перевірку на боці сервера вимкнено не буде. + + + shadow — використовувати атрибути у стилі +shadow +5 для визначення того, чи чинним є +пароль. + + + mit_kerberos — використовувати атрибути MIT Kerberos +для визначення завершення строку дії пароля. У разі зміни пароля +скористайтеся chpass_provider=krb5 для оновлення цих атрибутів. + + + Типове значення: none + + + Зауваження: якщо правила поводження з паролями +налаштовано на боці сервера, ці правила мають пріоритет над правилами, +встановленими за допомогою цього параметра. + + + + + + ldap_referrals (булеве значення) + + + Визначає, чи має бути увімкнено автоматичне визначення напрямків пошуку. + + + Зауважте, що sssd підтримує визначення напрямків, лише якщо систему зібрано +з версією OpenLDAP 2.4.13 або новішою версією. + + + Перехід за спрямуваннями може призвести до значних втрат швидкодії у +середовищах, де такі спрямування використовуються широко. Прикладом такого +середовища може бути Microsoft Active Directory. Якщо у вашому середовищі +спрямування не є обов’язковими, встановлення для цього параметра значення +«false» може значно пришвидшити роботу. Отже, встановлення для цього +параметра значення false рекомендоване у випадку, коли надавач даних LDAP +SSSD використовується разом із модулем обробки Microsoft Active +Directory. Навіть якщо SSSD зможе переходити за посиланнями до іншого AD DC, +додаткові дані виявляться недоступними. + + + Типове значення: true + + + + + + ldap_dns_service_name (рядок) + + + Визначає назву служби, яку буде використано у разі вмикання визначення +служб. + + + Типове значення: ldap + + + + + + ldap_chpass_dns_service_name (рядок) + + + Визначає назву служби, яку буде використано для пошуку сервера LDAP, який +уможливлює зміну паролів, у разі вмикання визначення служб. + + + Типове значення: не встановлено, тобто пошук служб вимкнено + + + + + + ldap_chpass_update_last_change (булеве значення) + + + Визначає, чи слід оновлювати атрибут ldap_user_shadow_last_change даними +щодо кількості днів з часу виконання дії зі зміни пароля. + + + Рекомендуємо встановити цей параметр явним чином, якщо використано +"ldap_pwd_policy = shadow", щоб дати SSSD знати, оновлюватиме LDAP атрибут +shadowLastChange автоматично після зміни пароля чи SSSD має зробити це +окремо. + + + Типове значення: False + + + + + + ldap_access_filter (рядок) + + + Якщо використовується access_provider = ldap та ldap_access_order = filter +(типова поведінка), цей параметр є обов’язковим. Він вказує критерії +фільтрування LDAP, яким має задовольняти запис користувача для надання +доступу до цього вузла. Якщо визначено access_provider = ldap та +ldap_access_order = filter, а цей параметр не встановлено, доступ буде +заборонено всім користувачам. Щоб змінити таку типову поведінку системи, +скористайтеся параметром access_provider = permit. Будь ласка, зауважте, що +цей фільтр застосовуватиметься лише до запису користувача LDAP, отже +фільтрування, засноване на вкладених групах може не працювати (наприклад, +атрибут memberOf для записів AD вказує лише на безпосередні батьківські +записи). Якщо вам потрібне фільтрування, засноване на вкладених групах, будь +ласка, скористайтеся параметром +sssd-simple5 +. + + + Приклад: + + +access_provider = ldap +ldap_access_filter = (employeeType=admin) + + + У прикладі доступ до цього вузла обмежено користувачами, чий атрибут +employeeType встановлено у значення «admin». + + + Автономне кешування для цієї можливості обмежено визначенням того, чи було +надано користувачеві під час попередньої спроби увійти до системи з мережі +права доступу. Якщо під час останньої спроби увійти такі права було надано, +система продовжуватиме надавати права доступу у автономному режимі. Якщо ж +таких прав не було надано, у автономному режимі їх також не буде надано. + + + Типове значення: порожній рядок + + + + + + ldap_account_expire_policy (рядок) + + + За допомогою цього параметра може бути увімкнено визначення атрибутів +керування доступом на боці клієнта. + + + Будь ласка, зауважте, що завжди варто використовувати керування доступом на +боці сервера, тобто сервер LDAP має відмовляти у запитах щодо прив’язування +з відповідним кодом помилки, навіть якщо вказано правильний пароль. + + + Можна використовувати такі значення: + + + shadow: це значення ldap_user_shadow_expire допомагає +визначити, чи завершено строк дії облікового запису. + + + ad: скористатися значенням 32-бітового поля +ldap_user_ad_user_account_control і дозволити доступ, якщо другий біт має +нульове значення. Якщо атрибут не буде знайдено, доступ буде +дозволено. Також буде перевірено, чи не вичерпано строк дії облікового +запису. + + + rhds, ipa, +389ds: використовувати для перевірки доступу значення +ldap_ns_account_lock. + + + nds: для перевірки доступу використовувати значення +ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled і +ldap_user_nds_login_expiration_time. Якщо не буде виявлено жодного з цих +атрибутів, надати доступ. + + + Будь ласка, зауважте, що параметр налаштування ldap_access_order +має включати expire, щоб можна було +користуватися параметром ldap_account_expire_policy. + + + Типове значення: порожній рядок + + + + + + ldap_access_order (рядок) + + + Список відокремлених комами параметрів керування доступом. Можливі значення +списку: + + + filter: використовувати ldap_access_filter + + + lockout: використовувати блокування облікових +записів. Якщо встановлено, цей параметр забороняє доступ, якщо існує атрибут +ldap «pwdAccountLockedTime» і його значенням є «000001010000Z». Будь ласка, +ознайомтеся із документацією до параметра ldap_pwdlockout_dn. Зауважте, що +для працездатності цієї можливості слід встановити «access_provider = ldap». + + + Будь ласка, зауважте, що цей параметр має нижчий пріоритет за +параметр «ppolicy», його може бути вилучено у наступних випусках. + + + + ppolicy: використовувати блокування облікових +записів. Якщо встановлено, забороняє доступ у випадку наявності атрибута +ldap «pwdAccountLockedTime» рівного «000001010000Z» або такого, що +відповідає моменту часу у минулому. Значення атрибута «pwdAccountLockedTime» +має завершуватися на «Z», що позначає часовий пояс UTC. Підтримки інших +часових поясів у поточній версії не передбачено, їхнє використання +призводитиме до появи повідомлення про заборону доступу, коли користувачі +намагатимуться увійти до системи. Докладніший опис можна знайти у розділі +щодо параметра ldap_pwdlockout_dn. Будь ласка, зауважте, що для +працездатності цього параметра слід встановити значення «access_provider = +ldap». + + + + expire: використовувати ldap_account_expire_policy + + + pwd_expire_policy_reject, pwd_expire_policy_warn, +pwd_expire_policy_renew: Ці параметри корисні, якщо користувачам +потрібні попередження щодо скорого завершення строку дії пароля, і у +випадках, коли розпізнавання засновано на відмінних від паролів методах, +наприклад на ключах SSH. + + + The difference between these options is the action taken if user password is +expired: + + + + pwd_expire_policy_reject - user is denied to log in, + + + + + pwd_expire_policy_warn - user is still able to log in, + + + + + pwd_expire_policy_renew - user is prompted to change their password +immediately. + + + + + + Будь ласка, зауважте, що для того, щоб цим можна було скористатися, слід +встановити «access_provider = ldap». Крім того, слід встановити для +параметра «ldap_pwd_policy» відповідні правила поводження із паролями. + + + authorized_service: використовувати для визначення +можливості доступу атрибут authorizedService + + + host: за допомогою цього атрибута вузла можна визначити +права доступу + + + rhost: використовувати атрибут rhost для визначення +того, чи матиме віддалений вузол доступ + + + Будь ласка, зауважте, що значення поля rhost у pam встановлюється +програмою. Варто перевірити, що програма надсилає pam, перш ніж вмикати цей +варіант керування доступом. + + + Типове значення: filter + + + Зауважте, що програма повідомить про помилку, якщо одне значення було +використано декілька разів. + + + + + + ldap_pwdlockout_dn (рядок) + + + За допомогою цього параметра визначається DN запису правил поводження із +паролями на сервері LDAP. Будь ласка, зауважте, що те, що цього параметра не +буде у sssd.conf, у випадку увімкненого блокування облікових записів +призведе до заборони доступу, оскільки атрибути ppolicy на сервері LDAP не +можна буде перевірити належним чином. + + + Приклад: cn=ppolicy,ou=policies,dc=example,dc=com + + + Типове значення: cn=ppolicy,ou=policies,$ldap_search_base + + + + + + ldap_deref (рядок) + + + Визначає спосіб виконання розіменовування псевдонімів під час виконання +пошуку. Можливі такі варіанти: + + + never: ніколи не виконувати розіменування псевдонімів. + + + searching: розіменування псевдонімів відбувається у +межах основного об’єкта, а не на основі визначення місця основного об’єкта +пошуку. + + + finding: розіменування псевдонімів відбувається лише +під час визначення місця основного об’єкта пошуку. + + + always: розіменування псевдонімів відбувається як під +час пошуку, так і під час визначення місця основного об’єкта пошуку. + + + Типове значення: не встановлено (обробка бібліотеками LDAP клієнта за +сценарієм never) + + + + + + ldap_rfc2307_fallback_to_local_users (булеве значення) + + + Надає змогу зберігати локальних користувачів як учасників групи LDAP для +серверів, у яких використовується схема RFC2307. + + + У деяких середовищах, де використовується схема RFC2307, локальних +користувачів можна зробити учасниками груп LDAP додаванням імен цих +користувачів до атрибута memberUid. Узгодженість домену може бути +скомпрометовано, якщо буде виконано подібне додавання учасника, тому SSSD за +звичайних умов вилучає записи користувачів, яких «не вистачає», з кешованих +даних щодо участі у групах, щойно nsswitch спробує отримати дані щодо +користувачів за допомогою виклику getpw*() або initgroups(). + + + У разі використання цього параметра програма повертається до перевірки +посилань на локальних користувачів і кешує їх так, що наступні виклики +initgroups() розширюватимуть список локальних користувачів додатковими +групами LDAP. + + + Типове значення: false + + + + + + wildcard_limit (ціле число) + + + Визначає верхню межу для кількості записів, які отримуватимуться під час +пошуку з використанням символів-замінників. + + + У поточній версії пошук із використанням символів-замінників передбачено +лише для відповідача InfoPipe. + + + Типове значення: 1000 (часто розмір однієї сторінки) + + + + + + ldap_library_debug_level (ціле число) + + + Вмикає діагностику libldap із вказаним рівнем. Діагностичні повідомлення +libldap буде записано незалежно від загального debug_level. + + + OpenLDAP використовує бітову карту для вмикання діагностики для певних +компонентів, -1 увімкне повне виведення діагностичних даних. + + + Типове значення: 0 (діагностику libldap вимкнено) + + + + + + + + + + ПАРАМЕТРИ SUDO + + Докладні настанов щодо налаштовування sudo_provider можна знайти на сторінці +довідника (man) sssd-sudo +5 . + + + + + + ldap_sudo_full_refresh_interval (ціле число) + + + Проміжок часу у секундах між послідовними повними оновленнями правил sudo +SSSD у автоматичному режимі. Під час таких оновлень буде отримано повний +набір правил, що зберігаються на сервері. + + + Це значення має перевищувати значення +ldap_sudo_smart_refresh_interval + + + Ви можете вимкнути повне оновлення встановленням для цього параметра +значення 0. Втім, обов'язково має бути увімкнено або кмітливе або повне +оновлення. + + + Типове значення: 21600 (6 годин) + + + + + + ldap_sudo_smart_refresh_interval (ціле число) + + + Проміжок часу у секундах між послідовними кмітливими оновленнями правил sudo +SSSD у автоматичному режимі. Під час таких оновлень буде отримано всі дані +правил, USN яких перевищує найбільше значення сервера USN, яке відоме SSSD. + + + Якщо підтримки атрибутів USN на сервері не передбачено, буде використано +дані атрибута modifyTimestamp. + + + Зауваження: набільше значення USN можна оновити у три +способи: 1) повним і кмітливим оновленням sudo (якщо виявлено оновлені +правила), 2) нумеруванням користувачів і груп (якщо виявлено увімкнені і +оновлені записи користувачів або груп) і 3) повторним з'єднанням із сервером +(типово, кожні 15 хвилин, +див. ldap_connection_expire_timeout). + + + Ви можете вимкнути кмітливе оновлення встановленням для цього параметра +значення 0. Втім, обов'язково має бути увімкнено або кмітливе або повне +оновлення. + + + Типове значення: 900 (15 хвилин) + + + + + + ldap_sudo_random_offset (ціле число) + + + Випадковий зсув від 0 до налаштованого значення, який буде додано до +кмітливого і повного періодів оновлення кожного разу під час планування +регулярного завдання. Значення у секундах. + + + Зауважте, що цей випадковий зсув буде також застосовано під час першого +запуску SSSD, що затримає перше оновлення правил sudo. Затримка збільшує +час, протягом якого правила sudo є недоступними для використання. + + + Ви можете вимкнути цей зсув, встановивши значення 0. + + + Типове значення: 0 (вимкнено) + + + + + + ldap_sudo_use_host_filter (булеве значення) + + + Якщо визначено значення true, SSSD отримуватиме лише правила, що стосуються +цього комп’ютера (на основі адрес вузла або мережі у форматах IPv4 і IPv6 та +назв вузлів). + + + Типове значення: true + + + + + + ldap_sudo_hostnames (рядок) + + + Список назв вузлів або повних доменних назв, відокремлених пробілами, для +фільтрування списку правил. + + + Якщо значення цього параметра є порожнім, SSSD намагатиметься визначити +назву вузла та повну назву комп’ютера у домені у автоматичному режимі. + + + Якщо для ldap_sudo_use_host_filter встановлено значення +false, цей параметр ні на що не впливатиме. + + + Типове значення: не вказано + + + + + + ldap_sudo_ip (рядок) + + + Список адрес вузлів або мереж у форматах IPv4 і IPv6 для фільтрування списку +правил. + + + Якщо значення цього параметра є порожнім, SSSD намагатиметься визначити +адресу у автоматичному режимі. + + + Якщо для ldap_sudo_use_host_filter встановлено значення +false, цей параметр ні на що не впливатиме. + + + Типове значення: не вказано + + + + + + ldap_sudo_include_netgroups (булеве значення) + + + Якщо вказано значення true, SSSD отримуватиме всі правила, що містять +мережеву групу (netgroup) у атрибуті sudoHost. + + + Якщо для ldap_sudo_use_host_filter встановлено значення +false, цей параметр ні на що не впливатиме. + + + Типове значення: true + + + + + + ldap_sudo_include_regexp (булеве значення) + + + Якщо вказано значення true, SSSD отримуватиме всі правила, що містять шаблон +заміни у атрибуті sudoHost. + + + Якщо для ldap_sudo_use_host_filter встановлено значення +false, цей параметр ні на що не впливатиме. + + + + Використання символів-замінників є дуже обчислювально вартісною операцією +для сервера LDAP! + + + + Типове значення: false + + + + + + + На цій сторінці довідника наведено дані щодо відповідності назв +атрибутів. Докладний опис семантики атрибутів, пов’язаних з sudo, можна +знайти у довідці з +sudoers.ldap5 +. + + + + + ПАРАМЕТРИ AUTOFS + + Деякі типові значення параметрів, описаних нижче, залежать від бази даних +LDAP. + + + + + ldap_autofs_map_master_name (рядок) + + + Назва основної карти автоматичного монтування у LDAP. + + + Типове значення: auto.master + + + + + + + + + + + ДОДАТКОВІ ПАРАМЕТРИ + + Підтримку цих параметрів передбачено доменами LDAP, але користуватися ними +слід обережно. Будь ласка, використовуйте їх у налаштуваннях, лише якщо вам +відомі наслідки ваших дій. + + ldap_netgroup_search_base (рядок) + + + + + ldap_user_search_base (рядок) + + + + + ldap_group_search_base (рядок) + + + + + + + Якщо увімкнено параметр ldap_use_tokengroups, пошуки в Active +Directory не буде обмежено — він повертатиме усі дані щодо участі у групах, +навіть без прив'язки до GID. Рекомендуємо вимкнути цю можливість, якщо назви +груп показуються неправильно. + + + + ldap_sudo_search_base (рядок) + + + + + ldap_autofs_search_base (рядок) + + + + + + + + + + + + + + + ПРИКЛАД + + У наведеному нижче прикладі припускається, що SSSD налаштовано належним +чином, а LDAP встановлено на один з доменів з розділу +[domains]. + + + +[domain/LDAP] +id_provider = ldap +auth_provider = ldap +ldap_uri = ldap://ldap.mydomain.org +ldap_search_base = dc=mydomain,dc=org +ldap_tls_reqcert = demand +cache_credentials = true + + + + + ПРИКЛАД ФІЛЬТРА ДОСТУПУ LDAP + + У наведеному нижче прикладі припускається, що SSSD налаштовано належним +чином і використано ldap_access_order=lockout. + + + +[domain/LDAP] +id_provider = ldap +auth_provider = ldap +access_provider = ldap +ldap_access_order = lockout +ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org +ldap_uri = ldap://ldap.mydomain.org +ldap_search_base = dc=mydomain,dc=org +ldap_tls_reqcert = demand +cache_credentials = true + + + + + + ЗАУВАЖЕННЯ + + Описи деяких з параметрів налаштування на цій сторінці підручника засновано +на даних сторінки підручника (man) +ldap.conf 5 + з пакунка OpenLDAP 2.4. + + + + + + + diff --git a/src/man/uk/sssd-session-recording.5.xml b/src/man/uk/sssd-session-recording.5.xml new file mode 100644 index 0000000..9a639f7 --- /dev/null +++ b/src/man/uk/sssd-session-recording.5.xml @@ -0,0 +1,181 @@ + + + +Сторінки підручника SSSD + + + + + sssd-session-recording + 5 + Формати файлів та правила + + + + sssd-session-recording + Налаштовування записів сеансів за допомогою SSSD + + + + ОПИС + + На цій сторінці підручника описано налаштовування +sssd 8 +на роботу з tlog-rec-session +8 , частиною пакунка tlog, для +реалізації записування сеансів користувачів у текстових +терміналах. Докладний довідник щодо синтаксису налаштувань можна знайти у +розділі ФОРМАТ ФАЙЛА сторінки підручника з +sssd.conf 5 +. + + + SSSD можна налаштувати так, щоб уможливити запис усіх даних, які бачать або +вводять протягом сеансу у текстових терміналах вказані +користувачі. Наприклад, можна записувати дані щодо входу користувачів за +допомогою консолі або SSH. Сама SSSD нічого не записує, а лише забезпечує +запуск tlog-rec-session під час входу до системи користувача, щоб можна було +здійснювати запис відповідно до налаштувань. + + + Для користувачів, для яких увімкнено запис сеансів, SSSD замінює командну +оболонку користувача на tlog-rec-session у відповідях NSS і додає змінну, +яка вказує на початкову командну оболонку до середовища користувача у +налаштування сеансу PAM. Таким чином забезпечується запуск tlog-rec-session +замість командної оболонки користувача і надання даних про те, яку командну +оболонку слід запустити, щойно розпочнеться записування. + + + + + ПАРАМЕТРИ НАЛАШТУВАННЯ + + Цими параметрами можна скористатися для налаштовування запису сеансів. + + + + scope (рядок) + + + Один із вказаних нижче рядків, що визначають область запису сеансів: + + + "none" + + + Користувачі не записуються. + + + + + "some" + + + Запис вестиметься для користувачів і груп, вказаних параметрами +користувачі і групи. + + + + + "all" + + + Усі користувачі записуються. + + + + + + + Типове значення: none + + + + + users (рядок) + + + Список відокремлених комами записів користувачів, для яких увімкнено +записування сеансів. Належність до списку визначатиметься за іменами, +повернутими NSS, тобто після можливих замін пробілів, змін регістру символів +тощо. + + + Типове значення: порожнє. Не відповідає жодному користувачу. + + + + + groups (рядок) + + + Список відокремлених комами записів груп, для користувачів яких буде +увімкнено записування сеансів. Належність до списку визначатиметься за +назвами, повернутими NSS, тобто після можливих замін пробілів, змін регістру +символів тощо. + + + Зауваження: використання цього параметра (встановлення для нього будь-якого +значення) значно впливає на швидкодію, оскільки некешований запит щодо +користувача потребує отримання і встановлення відповідності груп, до яких +належить користувач. + + + Типове значення: порожнє. Не відповідає жодній групі. + + + + + exclude_users (рядок) + + + Список відокремлених комами записів користувачів, яких має бути виключено із +записування. Може бути застосовано лише разом із «scope=all». + + + Типове значення: порожнє. Не виключати жодного користувача. + + + + + exclude_groups (рядок) + + + Список відокремлених комами записів груп, учасників яких має бути виключено +із записування. Може бути застосовано лише разом із «scope=all». + + + Зауваження: використання цього параметра (встановлення для нього будь-якого +значення) значно впливає на швидкодію, оскільки некешований запит щодо +користувача потребує отримання і встановлення відповідності груп, до яких +належить користувач. + + + Типове значення: порожнє. Не виключати жодної групи. + + + + + + + + ПРИКЛАД + + У наведеному нижче фрагменті файла sssd.conf увімкнено запис сеансів для +користувачів contractor1 і contractor2» та групи students. + + + +[session_recording] +scope = some +users = contractor1, contractor2 +groups = students + + + + + + + + diff --git a/src/man/uk/sssd-simple.5.xml b/src/man/uk/sssd-simple.5.xml new file mode 100644 index 0000000..8e19a66 --- /dev/null +++ b/src/man/uk/sssd-simple.5.xml @@ -0,0 +1,152 @@ + + + +Сторінки підручника SSSD + + + + + sssd-simple + 5 + Формати файлів та правила + + + + sssd-simple + файл налаштувань інструмента керування доступом «simple» SSSD + + + + ОПИС + + На цій сторінці довідника описано налаштування простого засобу керування +доступом для sssd +8 . Щоб дізнатися більше про синтаксис +налаштування, зверніться до розділу «ФОРМАТ ФАЙЛА» сторінки довідника + sssd.conf +5 . + + + Простий засіб керування доступом надає або забороняє доступ на основі списку +допуску або заборони, складеного за назвами облікових записів користувачів +та групами. Використовуються такі правила: + + + Якщо всі списки є порожніми, доступ буде надано. + + + + Якщо вказано будь-який зі списків, обробка виконуватиметься за послідовністю +«допуск, потім заборона» (allow,deny). Це означає, що будь-яке з правил +заборони матиме пріоритет над будь-яким правилом допуску. + + + + + Якщо буде вказано один або обидва списки допуску («allow»), всім +користувачам поза цими списками доступ буде заборонено. + + + + + Якщо буде вказано лише списки заборони («deny»), всі користувачам поза цими +списками доступ буде надано. + + + + + + + + ПАРАМЕТРИ НАЛАШТУВАННЯ + Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки довідника (man) + sssd.conf +5 , щоб дізнатися більше про +налаштування домену SSSD. + + simple_allow_users (рядок) + + + Відокремлений комами список користувачів, яким дозволено вхід до системи. + + + + + + simple_deny_users (рядок) + + + Список користувачів, яким явно заборонено доступ; записи відокремлюються +комами. + + + + + simple_allow_groups (рядок) + + + Відокремлений комами список груп, користувачам яких дозволено вхід до +системи. Стосується лише груп у межах цього домену SSSD. Локальні групи не +обробляються. + + + + + + simple_deny_groups (рядок) + + + Відокремлений комами список груп, користувачам яких явно заборонено +доступ. Стосується лише груп у межах цього домену SSSD. Локальні групи не +обробляються. + + + + + + + Якщо не вказувати значень для жодного зі списків, вважатиметься, що параметр +не визначено. Пам’ятайте про це, якщо захочете створити параметри для +простого надавача автоматизованими скриптами. + + + Будь ласка, зауважте, що визначення обох параметрів, simple_allow_users і +simple_deny_users, є помилкою у налаштуванні. + + + + + ПРИКЛАД + + У наведеному нижче прикладі припускаємо, що SSSD налаштовано належним чином, +а example.com є одним з доменів у розділі +[sssd]. У прикладі продемонстровано лише +параметри, специфічні для простого засобу доступу. + + + +[domain/example.com] +access_provider = simple +simple_allow_users = user1, user2 + + + + + + ЗАУВАЖЕННЯ + + Повна обробка ієрархії участі у групах виконується до перевірки прав +доступу, отже, до списку груп доступу може бути включено навіть вкладені +групи. Будь ласка, зауважте, що на результати може вплинути значення +параметра «ldap_group_nesting_level». Вам слід встановити для нього достатнє +значення. Див. +sssd-ldap5 +. + + + + + + + diff --git a/src/man/uk/sssd-sudo.5.xml b/src/man/uk/sssd-sudo.5.xml new file mode 100644 index 0000000..b126ece --- /dev/null +++ b/src/man/uk/sssd-sudo.5.xml @@ -0,0 +1,233 @@ + + + +Сторінки підручника SSSD + + + + + sssd-sudo + 5 + Формати файлів та правила + + + + sssd-sudo + Налаштовування sudo за допомогою модуля SSSD + + + + ОПИС + + На цій сторінці підручника описано способи налаштовування +sudo 8 +на роботу у комплексі з sssd +8 та способи кешування правил sudo у +SSSD. + + + + + Налаштовування sudo на співпрацю з SSSD + + Щоб увімкнути SSSD як джерело правил sudo, додайте sss +до запису sudoers у файлі +nsswitch.conf 5 +. + + + Наприклад, щоб налаштувати sudo на першочерговий пошук правил у стандартному +файлі sudoers +5 (цей файл має містити правила, що +стосуються локальних користувачів), а потім у SSSD, у файлі nsswitch.conf +слід вказати такий рядок: + + + +sudoers: files sss + + + + Докладніші дані щодо налаштовування порядку пошуку у sudoers за допомогою +файла nsswitch.conf, а також дані щодо бази даних LDAP, у якій зберігаються +правила sudo каталогу, можна знайти на сторінці підручника +sudoers.ldap 5 +. + + + Зауваження: щоб у правилах sudo можна було +використовувати мережеві групи або групи вузлів IPA, вам слід належним чином +налаштувати nisdomainname +1 на назву домену NIS (назва цього +домену збігається з назвою домену IPA, якщо використовуються групи вузлів +IPA). + + + + + Налаштовування SSSD на отримання правил sudo + + На боці SSSD достатньо розширити список служб +дописуванням «sudo» до розділу [sssd] +sssd.conf 5 +. Щоб пришвидшити пошуку у LDAP, ви також можете налаштувати +базу пошуку для правил sudo за допомогою параметра +ldap_sudo_search_base. + + + У наведеному нижче прикладі показано, як налаштувати SSSD на отримання +правил sudo з сервера LDAP. + + + +[sssd] +config_file_version = 2 +services = nss, pam, sudo +domains = EXAMPLE + +[domain/EXAMPLE] +id_provider = ldap +sudo_provider = ldap +ldap_uri = ldap://example.com +ldap_sudo_search_base = ou=sudoers,dc=example,dc=com + Важливо зауважити, що на платформах, де +передбачено підтримку systemd, немає потреби додавати засіб надання даних +«sudo» до списку служб, оскільки він стає необов'язковим. Втім, замість +нього слід увімкнути sssd-sudo.socket. + + + Якщо SSSD налаштовано на використання IPA як засобу надання даних ID, засіб +надання даних sudo буде увімкнено автоматично. Базу пошуку sudo буде +налаштовано на використання природного для IPA дерева LDAP +(cn=sudo,$SUFFIX). Якщо у sssd.conf буде визначено будь-яку іншу базу +пошуку, використовуватиметься це значення. Для використання функціональних +можливостей sudo у IPA потреби у дереві compat (ou=sudoers,$SUFFIX) більше +немає. + + + + + Механізм кешування правил SUDO + + Найбільшою складністю під час розробки підтримки sudo у SSSD було +забезпечення роботи sudo з SSSD так, щоб для користувача джерело даних +надавало дані у один спосіб та з тією самою швидкістю, що і sudo, надаючи +при цьому якомога свіжіший набір правил. Щоб виконати ці умови, SSSD +використовує оновлення трьох типів. Будемо називати ці тип повним +оновленням, інтелектуальним оновленням та оновленням правил. + + + Використання типу інтелектуального оновлення полягає у +отриманні правил, які було додано або змінено з часу попереднього +оновлення. Основним призначенням оновлення такого типу є підтримання +актуального стану бази даних невеличкими порціями, які не спричиняють +значного навантаження на мережу. + + + У разі використання повного оновлення всі правила sudo, +що зберігаються у кеші, буде вилучено і замінено на всі правила, які +зберігаються на сервері. Таким чином, кеш буде узгоджено шляхом вилучення +всіх правил, які було вилучено на сервері. Втім, повне оновлення може значно +навантажувати канал з’єднання, а отже його варто використовувати лише +іноді. Проміжок між сеансами повного оновлення має залежати від розміру і +стабільності правил sudo. + + + У разі використання типу оновлення правил +забезпечується ненадання користувачам ширших дозволів, ніж це було визначено +на сервері. Оновлення цього типу виконується під час кожного запуску +користувачем sudo. Під час оновлення буде виявлено всі правила, які +стосуються користувача, перевірено, чи не завершено строк дії цих правил, і +повторно отримано правила, якщо строк дії правил завершено. Якщо якихось з +правил не буде виявлено на сервері, SSSD виконає позачергове повне +оновлення, оскільки може виявитися, що було вилучено набагато більше правил +(які стосуються інших користувачів). + + + Якщо увімкнено, SSSD зберігатиме лише правила, які можна застосувати до +цього комп’ютера. Це означає, що зберігатимуться правила, що містять у +атрибуті sudoHost одне з таких значень: + + + + + ключове слово ALL + + + + + шаблон заміни + + + + + мережеву групу (у форматі «+мережева група») + + + + + назву вузла або повну назву у домені цього комп’ютера + + + + + одну з IP-адрес цього комп’ютера + + + + + одну з IP-адрес мережі (у форматі «адреса/маска») + + + + + Для точного налаштовування поведінки передбачено доволі багато параметрів +Будь ласка, зверніться до розділу «ldap_sudo_*» у +sssd-ldap 5 + та «sudo_*» у +sssd.conf 5 +, щоб ознайомитися з докладним описом. + + + + + Коригування швидкодії + + SSSD використовує різні типи механізмів із складнішими або простішими +фільтрами LDAP для підтримання актуальності кешованих правил sudo. У типових +налаштуваннях використано значення, які мають задовольнити потреби більшості +наших користувачів, але у наступних абзацах міститься декілька підказок щодо +того, як скоригувати налаштування до ваших потреб. + + + 1. Індексуйте атрибути LDAP. Переконайтеся, що +індексуються такі атрибути LDAP: objectClass, cn, entryUSN та +modifyTimestamp. + + + 2. Встановіть ldap_sudo_search_base. Встановіть основу +для пошуку так, щоб вона вказувала на контейнер, який містить правила sudo +для обмеження області пошуку. + + + 3. Встановіть інтервал повного і кмітливого +оновлення. Якщо ваші правила sudo змінюються нечасто, і вам не +потрібне швидке оновлення кешованих правил на ваших клієнтах, ви можете +збільшити значення ldap_sudo_full_refresh_interval і +ldap_sudo_smart_refresh_interval. Крім того, варто +вимкнути кмітливе оновлення встановленням +ldap_sudo_smart_refresh_interval = 0. + + + 4. Якщо у вас багато клієнтів, вам варто збільшити значення +ldap_sudo_random_offset, щоб краще розподілити +навантаження на сервер. + + + + + + + diff --git a/src/man/uk/sssd-systemtap.5.xml b/src/man/uk/sssd-systemtap.5.xml new file mode 100644 index 0000000..4e81757 --- /dev/null +++ b/src/man/uk/sssd-systemtap.5.xml @@ -0,0 +1,433 @@ + + + +Сторінки підручника SSSD + + + + + sssd-systemtap + 5 + Формати файлів та правила + + + + sssd-systemtap + Дані systemtap SSSD + + + + ОПИС + + Цю сторінку підручника присвячено функціональним можливостям systemtap у + sssd 8 +. + + + Точки зондування SystemTap додано до різноманітних частин коду SSSD, щоб +полегшити усування вад та аналіз пов'язаних зі швидкодією проблем. + + + + + + Зразки скриптів SystemTap зберігаються у каталозі /usr/share/sssd/systemtap/ + + + + + Зонди і різноманітні функції визначено у +/usr/share/systemtap/tapset/sssd.stp і +/usr/share/systemtap/tapset/sssd_functions.stp, відповідно. + + + + + + + + ТОЧКИ ЗОНДУВАННЯ + + Дані у наведених нижче списках точок зондування та аргументів записано у +такому форматі: + + + + зонд $назва + + + Опис точки зондування + + +змінна1:тип даних +змінна2:тип даних +змінна3:тип даних +... + + + + + + + Зонди операцій із базою даних + + + + зонд sssd_transaction_start + + + Розпочати операцію sysdb, зондує функцію sysdb_transaction_start(). + + +nesting:ціле число +probestr:рядок + + + + + зонд sssd_transaction_cancel + + + Скасовування операції sysdb, зондує функцію sysdb_transaction_cancel() . + + +nesting:ціле число +probestr:рядок + + + + + зонд sssd_transaction_commit_before + + + Зондує функцію sysdb_transaction_commit_before(). + + +nesting:ціле число +probestr:рядок + + + + + зонд sssd_transaction_commit_after + + + Зондує функцію sysdb_transaction_commit_after(). + + +nesting:ціле число +probestr:рядок + + + + + + + + + Зонди пошуку у LDAP + + + + зонд sdap_search_send + + + Зондує функцію sdap_get_generic_ext_send(). + + +base:рядок +scope:ціле число +filter:рядок +attrs:рядок +probestr:рядок + + + + + зонд sdap_search_recv + + + Зондує функцію sdap_get_generic_ext_recv(). + + +base:рядок +scope:ціле число +filter:рядок +probestr:рядок + + + + + зонд sdap_parse_entry + + + Зондує функцію sdap_parse_entry(). Викликається повторно для кожного +отриманого атрибута. + + +attr:рядок +value:рядок + + + + + probe sdap_parse_entry_done + + + Зондує функцію sdap_parse_entry(). Викликається після завершення обробки +отриманого об'єкта. + + + + + зонд sdap_deref_send + + + Зондує функцію sdap_deref_search_send(). + + +base_dn:рядок +deref_attr:рядок +probestr:рядок + + + + + зонд sdap_deref_recv + + + Зондує функцію sdap_deref_search_recv(). + + +base:рядок +scope:ціле число +filter:рядок +probestr:рядок + + + + + + + + + Зонди запитів щодо облікових записів у LDAP + + + + зонд sdap_acct_req_send + + + Зондує функцію sdap_acct_req_send(). + + +entry_type:ціле число +filter_type:ціле число +filter_value:рядок +extra_value:рядок + + + + + зонд sdap_acct_req_recv + + + Зондує функцію sdap_acct_req_recv(). + + +entry_type:ціле число +filter_type:ціле число +filter_value:рядок +extra_value:рядок + + + + + + + + + Зонди пошуку користувачів у LDAP + + + + зонд sdap_search_user_send + + + Зондує функцію sdap_search_user_send(). + + +filter:рядок + + + + + зонд sdap_search_user_recv + + + Зондує функцію sdap_search_user_recv(). + + +filter:рядок + + + + + зонд sdap_search_user_save_begin + + + Зондує функцію sdap_search_user_save_begin(). + + +filter:рядок + + + + + зонд sdap_search_user_save_end + + + Зондує функцію sdap_search_user_save_end(). + + +filter:рядок + + + + + + + + + Зонди запитів до постачальника даних + + + + зонд dp_req_send + + + Подано запит до постачальника даних. + + +dp_req_domain:рядок +dp_req_name:рядок +dp_req_target:ціле число +dp_req_method:ціле число + + + + + зонд dp_req_done + + + Завершено виконання запиту до постачальника даних. + + +dp_req_name:рядок +dp_req_target:ціле число +dp_req_method:ціле число +dp_ret:ціле число +dp_errorstr:рядок + + + + + + + + + РІЗНОМАНІТНІ ФУНКЦІЇ + + Дані у наведених нижче списках точок зондування та аргументів записано у +такому форматі: + + + + функція acct_req_desc(entry_type) + + + Перетворення entry_type на рядок і повернення рядка + + + + + функція sssd_acct_req_probestr(fc_name, entry_type, filter_type, +filter_value, extra_value) + + + Створення рядка зонду на основі типу фільтрування + + + + + функція dp_target_str(target) + + + Перетворення target на рядок і повернення рядка + + + + + функція dp_method_str(target) + + + Перетворення методу на рядок і повернення рядка + + + + + + + + + + ЗРАЗКИ СКРИПТІВ SYSTEMTAP + + Запустіть скрипт SystemTap (stap +/usr/share/sssd/systemtap/<назва_скрипту>.stp), потім +виконайте дію із розпізнавання. Скрипт збере дані за допомогою зондів. + + + Скриптами SystemTap з пакунка є: + + + + dp_request.stp + + + Спостереження за швидкодією обробки запитів засобом надання даних. + + + + + id_perf.stp + + + Спостереження за швидкодією виконання команди id. + + + + + ldap_perf.stp + + + Спостереження за запитами LDAP. + + + + + nested_group_perf.stp + + + Швидкодія визначення назв для вкладених груп. + + + + + + + + + + diff --git a/src/man/uk/sssd.8.xml b/src/man/uk/sssd.8.xml new file mode 100644 index 0000000..5a19a50 --- /dev/null +++ b/src/man/uk/sssd.8.xml @@ -0,0 +1,249 @@ + + + +Сторінки підручника SSSD + + + + + sssd + 8 + + + + sssd + Фонова служба безпеки системи + + + + +sssd +параметри + + + + ОПИС + + У SSSD передбачено набір фонових служб для керування +доступом до віддалених каталогів та механізмами +розпізнавання. SSSD надає операційній системі інтерфейси +NSS і PAM, а також систему придатних для під’єднання модулів для +встановлення з’єднання з декількома різними джерелами даних щодо облікових +записів та інтерфейс D-Bus. SSSD також є основою для +систем перевірки клієнтських систем та служб обслуговування правил доступу +для проєктів, подібних до FreeIPA. SSSD надає стійкішу +базу даних для збереження записів локальних користувачів, а також додаткових +даних щодо користувачів. + + + + + ПАРАМЕТРИ + + + + , +РІВЕНЬ + + + + + + режим + + + + 1: додати часову позначку до діагностичних повідомлень. + + + 0: вимкнути часову позначку у діагностичних +повідомленнях + + + Типове значення: 1 + + + + + + режим + + + + 1: додати значення мікросекунд до часової позначки у +діагностичних повідомленнях + + + 0: вимкнути додавання мікросекунд до часової позначки + + + Типове значення: 0 + + + + + + значення + + + + Місце, куди SSSD надсилатиме повідомлення журналу. + + + stderr: переспрямувати діагностичні повідомлення до +стандартного виведення помилок. + + + files: переспрямувати діагностичні повідомлення до +файлів журналу. Типово файли журналів зберігаються у +/var/log/sssd, передбачено також окремий журнал для +кожної служби і домену SSSD. + + + journald: переспрямувати діагностичні повідомлення до +systemd-journald + + + Типове значення: не встановлено (резервною буде journald, якщо вона +доступна, інакше буде використано stderr) + + + + + + , + + + + Перейти у режим фонової служби після запуску. + + + + + + , + + + + Запустити програму у звичайному режимі, не створювати фонової служби. + + + + + + , + + + + Визначити нетиповий файл налаштувань. Типовим файлом налаштувань є +/etc/sssd/sssd.conf. Довідку щодо синтаксису та +параметрів файла налаштувань можна знайти на сторінці довідника (man) + sssd.conf +5 . + + + + + + , + + + + Не запускати SSSD, а лише оновити базу даних налаштувань на основі вмісту +/etc/sssd/sssd.conf і завершити роботу. + + + + + + , + + + + Подібний до --genconf, але наказує програмі освіжити лише +окремий розділу на основі файла налаштувань. Цей параметр корисний, в +основному, для виклику з файлів модулів systemd з метою дозволити +відповідачам, які активуються з сокетів, освіжати налаштування без потреби у +перезапуску адміністратором усього SSSD. + + + + + + + + + + + Вивести номер версії і завершити роботу. + + + + + + + + Сигнали + + + SIGTERM/SIGINT + + + Повідомляє SSSD, що слід поступово завершити роботу всіх дочірніх процесів, +а потім завершити роботу монітора. + + + + + SIGHUP + + + Повідомляє SSSD, що слід припинити запис до файлів діагностичних даних з +поточними дескрипторами, закрити і повторно відкрити ці файли. Цей сигнал +призначено для полегшення процедури архівування журналів за допомогою +програм, подібних до logrotate. + + + + + SIGUSR1 + + + Наказує SSSD імітувати автономну дію, тривалість якої визначається +параметром «offline_timeout». Найкориснішим застосуванням є тестування +служби. Сигнал може бути надіслано або процесу sssd, або процесу sssd_be +безпосередньо. + + + + + SIGUSR2 + + + Наказує SSSD перейти у режим роботи у мережі негайно. Найкориснішим +застосуванням є тестування служби. Сигнал може бути надіслано або процесу +sssd, або процесу sssd_be безпосередньо. + + + + + + + + ЗАУВАЖЕННЯ + + Якщо для змінної середовища SSS_NSS_USE_MEMCACHE встановлено значення «NO», +клієнтські програми не використовуватимуть fast у кеші у пам’яті. + + + Якщо для змінної середовища SSS_LOCKFREE встановлено значення «NO», +одночасні запити від декількох потоків обробки однієї програми буде +перетворено у послідовність запитів. + + + + + + + diff --git a/src/man/uk/sssd.conf.5.xml b/src/man/uk/sssd.conf.5.xml new file mode 100644 index 0000000..4cc2fb8 --- /dev/null +++ b/src/man/uk/sssd.conf.5.xml @@ -0,0 +1,4157 @@ + + +]> + +Сторінки підручника SSSD + + + + + sssd.conf + 5 + Формати файлів та правила + + + + sssd.conf + файл налаштування SSSD + + + + ФОРМАТ ФАЙЛА + + + Файл складено з використанням синтаксичний конструкцій у стилі ini, він +складається з розділів і окремих записів параметрів. Розділ починається з +рядка назви розділу у квадратних дужках і продовжується до початку нового +розділу. Приклад розділу з параметрами, які мають єдине і декілька значень: + +[розділ] +ключ = значення +ключ2 = значення2,значення3 + + + + + Типами даних є рядок (без символів лапок), ціле число і булеве значення +(можливі два значення — TRUE і FALSE). + + + + Рядок коментаря починається з символу решітки (#) або крапки +з комою (;). Підтримки вбудованих коментарів не передбачено. + + + + Для всіх розділів передбачено додатковий параметр +description. Його призначено лише для позначення +розділу. + + + + sssd.conf має бути звичайним файлом, власником якого є +користувач root. Права на читання та запис до цього файла повинен мати лише +користувач root. + + + + + ФРАГМЕНТИ НАЛАШТУВАНЬ З КАТАЛОГУ ВКЛЮЧЕННЯ + + + До файла налаштувань sssd.conf буде включено фрагменти +налаштувань з каталогу conf.d. Цією можливістю можна +буде скористатися, якщо SSSD було зібрано із бібліотекою libini версії 1.3.0 +або новішою. + + + + Будь-який файл, розташований у conf.d, назва якого +завершується на .conf і не починається з +крапки (.), буде використано разом із +sssd.conf для налаштовування SSSD. + + + + Фрагменти налаштувань з conf.d мають вищий пріоритет за +sssd.conf, вони мають вищий пріоритет за +sssd.conf, якщо виникне конфлікт. Якщо у +conf.d буде виявлено декілька фрагментів, їх буде +включено за абеткою (на основі параметрів локалі). Файли, які включаються +пізніше, мають вищий пріоритет. Числові префікси +(01_фрагмент.conf, +02_фрагмент.conf тощо) можуть допомогти у візуалізації +пріоритетності (більше число означає вищу пріоритетність). + + + + Файли фрагментів мають належати одному користувачеві і мати однакові права +доступу із файлом sssd.conf. Типовим власником є +root:root, а типовими правами доступу — 0600. + + + + + ЗАГАЛЬНІ ПАРАМЕТРИ + + Нижче наведено параметри, які можна використовувати у декількох розділах +налаштувань. + + + Параметри, які можна використовувати у всіх розділах + + + + debug_level (ціле число) + + + + debug (ціле число) + + + У SSSD 1.14 і новіших версіях з міркувань зручності також передбачено +альтернативний варіант debug для +debug_level. Якщо вказано одразу обидва варіанти, +буде використано варіант debug_level. + + + + + debug_timestamps (булеве значення) + + + Додати часову позначку до діагностичних повідомлень. Якщо для запису +діагностичного журналу у SSSD увімкнено journald, цей параметр буде +проігноровано. + + + Типове значення: true + + + + + debug_microseconds (булеве значення) + + + Додати значення мікросекунд до часової позначки у діагностичних +повідомлення. Якщо для запису діагностичного журналу у SSSD увімкнено +journald, цей параметр буде проігноровано. + + + Типове значення: false + + + + + debug_backtrace_enabled (булеве значення) + + + Увімкнути діагностичне зворотне трасування. + + + Якщо SSSD запущено із debug_level меншим за 9, увесь журнал роботи буде +записано у кільцевий буфер у пам'яті і скинуто до файла журналу при +виявленні будь-якої помилки до рівня `min(0x0040, debug_level)` включно +(тобто якщо debug_level явним чином встановлено у значення 0 або 1, лише +помилки відповідних рівнів вмикатимуть зворотне трасування, інакше кажучи, +помилки рівнів до 2). + + + Підтримку цієї можливості передбачено лише для `logger == files` (тобто, +встановлення цього значення не впливає на інші типи журналювання). + + + Типове значення: true + + + + + + + + + Параметри які можна використовувати у розділах SERVICE та DOMAIN + + + + timeout (ціле число) + + + Проміжок у секундах між циклами роботи цієї служби. Використовується для +перевірки працездатності процесу та його змоги відповідати на +запити. Зауважте, що після трьох пропущених циклів процес перерве своє +виконання самостійно. + + + Типове значення: 10 + + + + + + + + + + ОСОБЛИВІ РОЗДІЛИ + + + Розділ [sssd] + + Окремі функції у SSSD виконуються особливими службами SSSD, які запускаються +і зупиняються разом SSSD. Ці служби керуються окремою службою, яку часто +називають «монітором». Розділ [sssd] використовується для +налаштування монітора та деяких інших важливих параметрів, зокрема доменів +профілів. + Параметри розділу + + config_file_version (ціле число) + + + Визначає версію синтаксичних конструкцій файла налаштування. Для версій SSSD +0.6.0 та пізніших слід використовувати версію 2. + + + + + services + + + Список служб, відокремлених комами, які запускаються разом із sssd. Список служб є необов'язковим на платформах, де +передбачено підтримку systemd, оскільки там такі служби вмикаються за +допомогою сокетів або D-Bus. + + + Підтримувані служби: nss, pam , sudo +, autofs , ssh , +pac , ifp + + + Типово усі служби вимкнено. Адміністратор +має увімкнути дозволені до використання служби за допомогою такої команди: +"systemctl enable sssd-@service@.socket". + + + + + reconnection_retries (ціле число) + + + Кількість повторних спроб встановлення зв’язку зі службами або їх +перезапуску у разі аварійного завершення роботи інструменту надання даних до +визнання подальших спроб безнадійними. + + + Типове значення: 3 + + + + + domains + + + Домен — це база даних, у якій містяться дані щодо користувачів. SSSD може +одночасно використовувати декілька доменів. Вам слід вказати принаймні один +домен, інакше SSSD просто не запуститься. За допомогою цього параметра можна +вказати список доменів, впорядкованих за пріоритетністю під час надсилання +до них запитів щодо даних. Рекомендовано використовувати у назві домену лише +літери і цифри ASCII, дефіси, крапки та знаки підкреслювання. Не можна +використовувати символ «/». + + + + + re_expression (рядок) + + + Типовий формальний вираз, який описує спосіб поділу рядка з іменем +користувача і доменом на його частини. + + + Для кожного з доменів можна налаштувати окремий формальний вираз. Для деяких +з засобів надання ідентифікаторів передбачено типові формальні +вирази. Докладніше про ці формальні вирази можна дізнатися з довідки до +РОЗДІЛІВ ДОМЕНІВ. + + + + + full_name_format (рядок) + + + Сумісний з printf +3 формат, який описує спосіб +створення повного імені на основі імені користувача та компонентів назви +домену. + + + Передбачено використання таких замінників: + + %1$s + ім’я користувача + + + %2$s + + + назва домену у форматі, вказаному у файлі налаштувань SSSD. + + + + + %3$s + + + проста назва домену. Здебільшого використовується для доменів Active +Directory, налаштованих та автоматично виявлених за зв’язками довіри IPA. + + + + + + + Для кожного з доменів можна налаштувати окремий рядок формату. Докладніше +про ці рядки можна дізнатися з довідки до РОЗДІЛІВ ДОМЕНІВ. + + + + + monitor_resolv_conf (булеве значення) + + + Керує тим, чи SSSD має спостерігати за станом resolv.conf для визначення +моменту, коли слід оновити дані вбудованого інструмента визначення DNS. + + + Типове значення: true + + + + + try_inotify (булеве значення) + + + Типово, з метою спостереження за змінами у файлах налаштувань SSSD +намагається використати inotify. Якщо використати inotify не вдається, +виконуватиметься опитування resolv.conf кожні п’ять секунд. + + + Зрідка бажано не вдаватися навіть до спроб скористатися inotify. У цих +рідкісних випадках слід встановити для цього параметра значення «false». + + + Типове значення: «true» на платформах, де підтримується inotify. «false» на +інших платформах. + + + Зауваження: цей параметр ні на що не вплине на платформах, де inotify +недоступний. На цих платформах завжди використовуватиметься безпосереднє +опитування файла. + + + + + krb5_rcache_dir (рядок) + + + Каталог у файловій системі, де SSSD має зберігати файли кешу відтворення +Kerberos. + + + Цей параметр приймає особливе значення __LIBKRB5_DEFAULTS__, за допомогою +якого можна наказати SSSD надати змогу libkrb5 визначити відповідну адресу +для кешу відтворення. + + + Типове значення: визначається дистрибутивом та вказується під час +збирання. (__LIBKRB5_DEFAULTS__, якщо не вказано) + + + + + user (рядок) + + + The user to drop the privileges to where appropriate to avoid running as the +root user. Currently the only supported value is '&sssd_user_name;'. + + + + This option does not work when running socket-activated services, as the +user set up to run the processes is set up during compilation time. The way +to override the systemd unit files is by creating the appropriate files in +/etc/systemd/system/. Keep in mind that any change in the socket user, +group or permissions may result in a non-usable SSSD. The same may occur in +case of changes of the user running the NSS responder. + + + + Типове значення: не встановлено, процес буде запущено від імені root + + + + + default_domain_suffix (рядок) + + + Цей рядок буде використано як типову назву домену для всіх назв без +компонента назви домену. Основним призначенням використання цього рядка є +середовища, де основний домен призначено для керування правилами вузлів та +всіма користувачами, розташованими на надійному (довіреному) домені. За +допомогою цього параметра користувачі можуть входити до системи за допомогою +лише імені користувача без додавання до нього назви домену. + + + Please note that if this option is set all users from the primary domain +have to use their fully qualified name, e.g. user@domain.name, to log +in. Setting this option changes default of use_fully_qualified_names to +True. It is not allowed to use this option together with +use_fully_qualified_names set to False. One exception from this rule are domains +with id_provider=files that always try to match the behaviour +of nss_files and therefore their output is not qualified even when the +default_domain_suffix option is used. + + + Типове значення: not set + + + + + override_space (рядок) + + + За допомогою цього параметра можна змінити пробіли у іменах користувачів та +назвах груп вказаним симовлом, наприклад _. Ім’я користувача «john doe» буде +перетворено на «john_doe». Цю можливість було додано для сумісності із +скриптами командної оболонки, у яких виникають проблеми із обробкою пробілів +через типовий роздільник полів у оболонці. + + + Будь ласка, зауважте, що використання символу-замінника, який може бути +використано у іменах користувачів і назвах груп, є помилкою у +налаштуваннях. Якщо назва містить символ-замінник, SSSD спробує повернути +незмінену назву, але, загалом, результат пошуку буде невизначеним. + + + Типове значення: не встановлено (пробіли не замінятимуться) + + + + + certificate_verification (рядок) + + + За допомогою цього параметра можна виконати тонке налаштовування перевірки +сертифікатів на основі списку параметрів, відокремлених комами. Підтримувані +параметри: + + no_ocsp + + Вимикає перевірки протоколу стану мережевої сертифікації (Online Certificate +Status Protocol або OCSP). Це може знадобитися, якщо сервери OCSP, визначені +у сертифікаті, є недоступними з клієнта. + + + + soft_ocsp + + Якщо не вдасться встановити з'єднання із відповідачем OCSP, перевірку OCSP +буде пропущено. Цим параметром слід користуватися для того, щоб дозволити +розпізнавання тоді, коли система працює автономно, отже відповідач OCSP є +недоступним. + + + + ocsp_dgst + + Функція обчислення контрольної суми (хешу), яку буде використано для +створення ідентифікатора сертифіката для запиту OCSP. Можливі значення: + + sha1 + sha256 + sha384 + sha512 + + + Типове значення: sha1 (для уможливлення сумісності із відповідачем, який є +сумісним із RFC5019) + + + + + no_verification + + Повністю вимикає перевірку. Цим варіантом слід користуватися лише для +тестування. + + + + partial_chain + + Уможливити успішну перевірку, навіть якщо не вдасться побудувати +повний ланцюжок до самопідписаної прив'язки +довіри, якщо можна побудувати ланцюжок до довіреного сертифіката, який може +бути не самопідписаним. + + + + ocsp_default_responder=URL + + Встановлює типовий відповідач OCSP, який слід використовувати замість +визначеного у сертифікаті. Адресу слід замінити адресою типового +відповідача, наприклад http://example.com:80/ocsp. + + + + + ocsp_default_responder_signing_cert=НАЗВА + + У поточній версії програма ігнорує цей параметр. Усі потрібні сертифікати +мають бути у файлі PEM, який вказано параметром pam_cert_db_path. + + + + crl_file=/ШЛЯХ/ДО/ФАЙЛА/CRL + + Використовувати список відкликання сертифікатів (CRL) з вказаного файла під +час перевірки сертифіката. CRL має бути вказано у форматі PEM, +див. crl +1ssl , щоб дізнатися більше. + + + + soft_crl + + + Якщо строк дії списку відкликання сертифікатів (CRL) вичерпано, перевірки +CRL для відповідних сертифікатів буде проігноровано. Цим параметром слід +користуватися для уможливлення розпізнавання у системах, які працюють у +автономному режимі, коли оновлення CRL є неможливим. + + + + + + Обробник параметрів повідомлятиме про невідомі параметри і просто +ігноруватиме їх. + + + Типове значення: не встановлено, тобто перевірка сертифікатів нічим не +обмежуватиметься + + + + + disable_netlink (булеве значення) + + + Перехоплювачі SSSD у інтерфейсі netlink для стеження за змінами у маршрутах, +адресах, посилання та виконання певних дій. + + + Зміни стану SSSD, спричинені подіями netlink, можуть бути небажаними, їх +можна вимкнути встановленням для цього параметра значення «true» + + + Типове значення: false (виявлення змін у netlink) + + + + + enable_files_domain (булеве значення) + + + Якщо цю можливість увімкнено, SSSD дописуватиме неявний домен із +id_provider=files до усіх явним чином налаштованих доменів. + + + Типове значення: false + + + + + domain_resolution_order + + + Список доменів і піддоменів, відокремлених комами, який визначає порядок +пошуку, який використовуватиметься. Список не обов'язково включатиме усі +можливі домени, оскільки пошук у пропущених доменах відбуватиметься у +порядку, у якому їх вказано у параметрі налаштування +domains. Пошук у піддоменах, яких немає у списку +lookup_order, відбуватиметься у випадковому порядку для +кожного батьківського домену. + + + Please, note that when this option is set the output format of all commands +is always fully-qualified even when using short names for input , for all users but the ones managed by the +files provider . In case the administrator wants the output not +fully-qualified, the full_name_format option can be used as shown below: +full_name_format=%1$s However, keep in mind that during +login, login applications often canonicalize the username by calling + getpwnam +3 which, if a shortname is returned +for a qualified input (while trying to reach a user which exists in multiple +domains) might re-route the login attempt into the domain which uses +shortnames, making this workaround totally not recommended in cases where +usernames may overlap between domains. + + + Типове значення: не встановлено + + + + + implicit_pac_responder (булеве значення) + + + Відповідач PAC буде автоматично увімкнено для надавачів IPA і AD для +обчислення і перевірки PAC. Якщо відповідач слід вимкнути, встановіть для +цього параметра значення «false». + + + Типове значення: true + + + + + core_dumpable (булеве значення) + + + Цим параметром можна скористатися для загального забезпечення стійкості +системи: встановлення значення «false» забороняє дампи ядра для усіх +процесів SSSD з метою уникнення витоку паролів у форматі нешифрованого +тексту. Див. сторінку підручника щодо prctl:PR_SET_DUMPABLE, щоб дізнатися +більше. + + + Типове значення: true + + + + + passkey_verification (string) + + + With this parameter the passkey verification can be tuned with a comma +separated list of options. Supported options are: + + user_verification (boolean) + + Enable or disable the user verification (i.e. PIN, fingerprint) during +authentication. If enabled, the PIN will always be requested. + + + The default is that the key settings decide what to do. In the IPA or +kerberos pre-authentication case, this value will be overwritten by the +server. + + + + + + + + + + + + + + + РОЗДІЛИ СЛУЖБ + + У цьому розділі описано параметри, якими можна скористатися для налаштування +різноманітних служб. Ці параметри має бути зібрано у розділах з назвами +[$NAME]. Наприклад, параметри служби NSS зібрано +у розділі [nss] + + + + Загальні параметри налаштування служб + + Цими параметрами можна скористатися для налаштування будь-яких служб. + + + + reconnection_retries (ціле число) + + + Кількість повторних спроб встановлення зв’язку зі службами або їх +перезапуску у разі аварійного завершення роботи інструменту надання даних до +визнання подальших спроб безнадійними. + + + Типове значення: 3 + + + + + fd_limit + + + За допомогою цього параметра можна визначити максимальну кількість +дескрипторів файлів, які одночасно може бути відкрито цим процесом SSSD. У +системах, де SSSD надано можливості CAP_SYS_RESOURCE, цей параметр +використовуватиметься незалежно від інших параметрів системи. У системах без +цієї можливості, кількість дескрипторів визначатиметься найменшим зі значень +цього параметра і обмеженням "hard" у limits.conf. + + + Типове значення: 8192 (або обмеження у limits.conf "hard") + + + + + client_idle_timeout + + + За допомогою цього параметра можна визначити кількість секунд, протягом яких +клієнтська частина SSSD може утримувати дескриптор файла без здійснення за +його допомогою обміну даними. Таке обмеження потрібне для того, щоб уникнути +вичерпання ресурсів системи. Час очікування не може бути меншим за 10 +секунд. Якщо у налаштуваннях вказано менше значення, його буде скориговано +до 10 секунд. + + + Типове значення: 60, KCM: 300 + + + + + offline_timeout (ціле число) + + + Коли SSSD перемикається на автономний режим роботи, час, який має минути, +перш ніж буде здійснено спробу повернутися до режиму у мережі, +збільшуватиметься, відповідно до часу, проведеного у режимі +від’єднання. Типово, SSSD використовує нарощувальну поведінку для обчислення +затримки між повторними спробами. Тому час очікування для повторної спроби +буде довшим за час очікування попередньої спроби. Після кожної невдалої +спроби з'єднатися із мережею нове значення обчислюється за такою формулою: + + + new_delay = Minimum(old_delay * 2, offline_timeout_max) + +random[0...offline_timeout_random_offset] + + + Типовим значенням offline_timeout є 60. Типовим значенням +offline_timeout_max є 3600. Типовим значенням offline_timeout_random_offset +є 30. Кінцевий результат є кількістю секунд до наступної повторної спроби. + + + Зауважте, що максимальна тривалість кожного з інтервалів визначається +offline_timeout_max (окрім випадкової частини). + + + Типове значення: 60 + + + + + offline_timeout_max (ціле число) + + + Керує тим, на скільки можна збільшувати проміжок часу між спробами відновити +з'єднання із мережею після неуспішних спроби відновити з'єднання. + + + Значення 0 вимикає збільшення проміжку часу. + + + Значення цього параметра слід встановлювати у поєднанні зі значенням +параметра offline_timeout. + + + Якщо для offline_timeout встановлено значення 60 (типове значення), немає +сенсу встановлювати для offlinet_timeout_max значення, яке є меншим за 120, +оскільки перший же крок збільшення призведе до перевищення максимального +значення. Загальним правилом у цьому випадку має бути встановлення значення +offline_timeout_max, яке є принаймні учетверо більшим за offline_timeout. + + + Хоча можна вказати будь-яке значення від 0 до offline_timeout, результатом +стане перевизначення значення offline_timeout, тому не варто цього робити. + + + Типове значення: 3600 + + + + + offline_timeout_random_offset (ціле число) + + + Якщо SSSD працює в автономному режимі, програма виконує зондування +серверів-обробників із вказаними інтервалами часу: + + + new_delay = Minimum(old_delay * 2, offline_timeout_max) + +random[0...offline_timeout_random_offset] + + + Цей параметр керує значенням випадкового зсуву, яке буде використано у +наведеному вище рівнянні. Остаточне значення random_offset буде випадковим +числом у такому діапазоні: + + + [0 - offline_timeout_random_offset] + + + Значення 0 призводить до вимикання додавання випадкового зсуву. + + + Типове значення: 30 + + + + + responder_idle_timeout + + + Цей параметр визначає кількість секунд, протягом яких процес відповідача +SSSD може працювати без використання. Це значення обмежено з метою уникнення +вичерпання ресурсів системи. Мінімальним прийнятним значенням для цього +параметра є 60 секунд. Встановлення для цього параметра значення 0 (нуль) +означає, що для відповідача не встановлюватиметься ніякого часу +очікування. Цей параметр враховуватиметься, лише якщо SSSD зібрано з +підтримкою systemd і якщо служби активуються за допомогою або сокетів або +D-Bus. + + + Типове значення: 300 + + + + + cache_first + + + Цей параметр визначає, чи слід відповідачеві опитати усі кеші до надсилання +запису до модулів засобів надання даних. + + + Типове значення: false + + + Типове значення: true + + + + + + + + Параметри налаштування NSS + + Цими параметрами можна скористатися для налаштування служби Name Service +Switch (NSS або перемикання служби визначення назв). + + + + enum_cache_timeout (ціле число) + + + Тривалість зберігання переліків (запитів щодо даних всіх користувачів) у +кеші nss_sss у секундах + + + Типове значення: 120 + + + + + entry_cache_nowait_percentage (ціле число) + + + Можна встановити кеш записів для автоматичного оновлення записів у фоновому +режимі, якщо запит щодо них надходить у визначений у відсотках від +entry_cache_timeout для домену період часу. + + + Наприклад, якщо entry_cache_timeout домену встановлено у значення 30s, а +entry_cache_nowait_percentage — у значення 50 (у відсотках), записи, які +надійдуть за 15 секунд після останнього оновлення кешу, буде повернуто +одразу, але SSSD оновить власний кеш, отже наступні запити очікуватимуть на +розблокування після оновлення кешу. + + + Коректними значеннями цього параметра є 0-99. Ці значення відповідають +відсоткам entry_cache_timeout для кожного з доменів. З міркувань покращення +швидкодії це відсоткове значення ніколи не зменшуватиме час очікування +nowait до значення, меншого за 10 секунд. Визначення значення 0 вимкне цю +можливість. + + + Типове значення: 50 + + + + + entry_negative_timeout (ціле число) + + + Визначає кількість секунд, протягом яких nss_sss має кешувати негативні +результати пошуку у кеші (тобто запити щодо некоректних записів у базі +даних, зокрема неіснуючих) перед повторним запитом до сервера обробки. + + + Типове значення: 15 + + + + + local_negative_timeout (ціле число) + + + Визначає кількість секунд, протягом яких nss_sss має зберігати негативні +результати пошуку у кеші користувачів і груп, перші ніж намагатися знову +шукати їх за допомогою модуля надання даних. Встановлення значення 0 вимикає +цю можливість. + + + Типове значення: 14400 (4 години) + + + + + filter_users, filter_groups (рядок) + + + Виключити певних користувачів або групи зі списку отримання даних з бази +даних NSS sss. Таке виключення може бути корисним для облікових записів +керування системою. Цей параметр також можна встановлювати для кожного з +доменів окремо або включити до нього імена користувачів повністю для +обмеження списку користувачами лише з певного домену або за назвою +реєстраційного запису користувача (UPN). + + + ЗАУВАЖЕННЯ: параметр filter_groups не впливає на успадкованість вкладених +записів групи, оскільки фільтрування відбувається після їх передавання для +повернення за допомогою NSS. Наприклад, у списку групи, що містить вкладену +групу, яку відфільтровано, залишатимуться записи користувачів +відфільтрованої групи. + + + Типове значення: root + + + + + filter_users_in_groups (булеве значення) + + + Якщо ви хочете, щоб фільтровані користувачі залишалися учасниками груп, +встановіть для цього параметра значення «false». + + + Типове значення: true + + + + + + + fallback_homedir (рядок) + + + Встановити типовий шаблон назви домашнього каталогу користувача, якщо цей +каталог не вказано явним чином засобом надання даних домену. + + + Можливі варіанти значень для цього параметра збігаються з варіантами значень +для параметра override_homedir. + + + приклад: +fallback_homedir = /home/%u + + + + Типове значення: не встановлено (без замін для невстановлених домашніх +каталогів) + + + + + override_shell (рядок) + + + Перевизначити командну оболонку входу до системи для усіх користувачів. Цей +параметр має пріоритет над будь-якими іншими параметрами визначення +командної оболонки, якщо він діє. Його можна встановити або у розділі [nss] +або для кожного з доменів окремо. + + + Типове значення: не встановлено (SSSD використовуватиме значення, отримане +від LDAP) + + + + + allowed_shells (рядок) + + + Обмежити перелік можливих командних оболонок користувачів вказаними. Порядок +визначення оболонки є таким: + + + 1. Якщо оболонку вказано у /etc/shells, її буде використано. + + + 2. Якщо оболонку вказано у списку allowed_shells, але її немає у списку +/etc/shells, буде використано значення параметра +shell_fallback. + + + 3. Якщо оболонку не вказано у списку allowed_shells і її немає у списку +/etc/shells, буде використано оболонку nologin. + + + Для визначення будь-якої командної оболонки можна скористатися шаблоном +заміни (*). + + + Значенням (*) варто користуватися, якщо ви хочете скористатися +shell_fallback, коли командної оболонки користувача немає у «/etc/shells», а +супровід списку усіх командних оболонок у allowed_shells є надто марудною +справою. + + + Порожній рядок оболонки буде передано без обробки до libc. + + + Читання /etc/shells виконується лише під час запуску SSSD, +тобто у разі встановлення нової оболонки слід перезапустити SSSD. + + + Типове значення: не встановлено. Автоматично використовується оболонка +користувача. + + + + + vetoed_shells (рядок) + + + Замінити всі записи цих оболонок на shell_fallback + + + + + shell_fallback (рядок) + + + Типова оболонка, яку слід використовувати, якщо дозволеної оболонки у +системі не встановлено. + + + Типове значення: /bin/sh + + + + + default_shell + + + Типова командна оболонка, яку буде використано, якщо засобом надання даних +не було повернуто назви оболонки під час пошуку. Цей параметр можна вказати +або на загальному рівні у розділі [nss], або окремо для кожного з доменів. + + + Типове значення: не встановлено (повернути NULL, якщо оболонку не +встановлено і покластися на libc у визначенні потрібного програмі значення, +зазвичай /bin/sh) + + + + + get_domains_timeout (ціле число) + + + Визначає час у секундах, протягом якого список піддоменів вважатиметься +чинним. + + + Типове значення: 60 + + + + + memcache_timeout (ціле число) + + + Визначає час у секундах, протягом якого список піддоменів вважатиметься +чинним. Встановлення для цього параметра нульового значення вимикає кеш у +пам'яті. + + + Типове значення: 300 + + + Попередження: вимикання кешу у пам'яті значно погіршить швидкодію SSSD, ним +варто користуватися лише для тестування. + + + ЗАУВАЖЕННЯ: якщо для змінної середовища SSS_NSS_USE_MEMCACHE встановлено +значення «NO», клієнтські програми не використовуватимуть fast у кеші у +пам’яті. + + + + + memcache_size_passwd (ціле число) + + + Розмір (у мегабайтах) таблиці даних, розміщеної у швидкому кеші у пам'яті, +для запитів passwd. Встановлення розміру 0 вимкне кеш у пам'яті для passwd. + + + Типове значення: 8 + + + Попередження: вимикання кешу у пам'яті або дуже малий його розмір можуть +значно погіршити швидкодію SSSD. + + + ЗАУВАЖЕННЯ: якщо для змінної середовища SSS_NSS_USE_MEMCACHE встановлено +значення «NO», клієнтські програми не використовуватимуть fast у кеші у +пам’яті. + + + + + memcache_size_group (ціле число) + + + Розмір (у мегабайтах) таблиці даних, розміщеної у швидкому кеші у пам'яті, +для запитів group. Встановлення розміру 0 вимкне кеш у пам'яті для group. + + + Типове значення: 6 + + + Попередження: вимикання кешу у пам'яті або дуже малий його розмір можуть +значно погіршити швидкодію SSSD. + + + ЗАУВАЖЕННЯ: якщо для змінної середовища SSS_NSS_USE_MEMCACHE встановлено +значення «NO», клієнтські програми не використовуватимуть fast у кеші у +пам’яті. + + + + + memcache_size_initgroups (ціле число) + + + Розмір (у мегабайтах) таблиці даних, розміщеної у швидкому кеші у пам'яті, +для запитів initgroups. Встановлення розміру 0 вимкне кеш у пам'яті для +initgroups. + + + Типове значення: 10 + + + Попередження: вимикання кешу у пам'яті або дуже малий його розмір можуть +значно погіршити швидкодію SSSD. + + + ЗАУВАЖЕННЯ: якщо для змінної середовища SSS_NSS_USE_MEMCACHE встановлено +значення «NO», клієнтські програми не використовуватимуть fast у кеші у +пам’яті. + + + + + memcache_size_sid (ціле число) + + + Розмір (у мегабайтах) таблиці даних, розміщеної у швидкому кеші у пам'яті, +для пов'язаних із SID запитів. У поточній версії передбачено кешування у +швидкій пам'яті лише для запитів SID-за-ID і ID-за-SID. Встановлення розміру +0 вимкне кеш у пам'яті для SID. + + + Типове значення: 6 + + + Попередження: вимикання кешу у пам'яті або дуже малий його розмір можуть +значно погіршити швидкодію SSSD. + + + ЗАУВАЖЕННЯ: якщо для змінної середовища SSS_NSS_USE_MEMCACHE встановлено +значення «NO», клієнтські програми не використовуватимуть fast у кеші у +пам’яті. + + + + + user_attributes (рядок) + + + Деякі із додаткових запитів до відповідача NSS можуть повертати більшу +кількість атрибутів, ніж це визначено POSIX для інтерфейсу NSS. Списком +атрибутів можна керувати за допомогою цього параметра. Обробка виконується у +той самий спосіб, що і для параметра «user_attributes» відповідача InfoPipe +(див. sssd-ifp +5 , щоб дізнатися більше), але без +типових значень. + + + Щоб полегшити налаштовування відповідач NSS перевірятиме параметр InfoPipe +на те, чи не встановлено його для відповідача NSS. + + + Типове значення: не встановлено, резервне значення визначається за +параметром InfoPipe + + + + + pwfield (рядок) + + + Значення, яке повертають операції NSS, які повертають записи користувачів чи +груп, для поля password. + + + Типове значення: * + + + Зауваження: значення цього параметра можна встановлювати для кожного з +доменів окремо. При цьому це значення матиме вищий пріоритет за значення у +розділі [nss]. + + + Default: not set (remote domains), x (the files domain), + x (proxy domain with nss_files and sssd-shadowutils +target) + + + + + + + Параметри налаштування PAM + + Цими параметрами можна скористатися для налаштування служби Pluggable +Authentication Module (PAM або блокового модуля розпізнавання). + + + + offline_credentials_expiration (ціле число) + + + У разі неможливості встановлення з’єднання з сервером розпізнавання визначає +тривалість зберігання кешованих входів (у днях з часу останнього успішного +входу до системи). + + + Типове значення: 0 (без обмежень) + + + + + + offline_failed_login_attempts (ціле число) + + + У разі неможливості встановлення з’єднання з сервером розпізнавання визначає +дозволену кількість спроб входу з визначенням помилкового пароля. + + + Типове значення: 0 (без обмежень) + + + + + + offline_failed_login_delay (ціле число) + + + Час у хвилинах, який має пройти між досягненням значення +offline_failed_login_attempts і повторним вмиканням можливості входу до +системи. + + + Якщо встановлено значення 0, користувач не зможе пройти розпізнавання у +автономному режимі, якщо буде досягнуто значення +offline_failed_login_attempts. Лише успішне розпізнавання може знову +увімкнути можливість автономного розпізнавання. + + + Типове значення: 5 + + + + + + pam_verbosity (ціле число) + + + Керує типами повідомлень, які буде показано користувачеві під час +розпізнавання. Чим більшим є значення, тим більше повідомлень буде показано. + + + У поточній версії sssd передбачено підтримку таких значень: + + + 0: не показувати жодних повідомлень + + + 1: показувати лише важливі повідомлення + + + 2: показувати всі інформаційні повідомлення + + + 3: показувати всі повідомлення та діагностичні дані + + + Типове значення: 1 + + + + + + pam_response_filter (рядок) + + + Список рядків, відокремлених комами, за допомогою якого можна вилучати +(фільтрувати) дані, які надсилаються відповідачем PAM до модуля PAM +pam_sss. Існують різні тип відповідей, які надсилаються до pam_sss, +наприклад повідомлення, які показуються користувачеві, або змінні +середовища, які слід встановлювати за допомогою pam_sss. + + + Хоча повідомленнями вже можна керувати за допомогою параметра pam_verbosity, +за допомогою цього параметра можна відфільтрувати також інші типи +повідомлень. + + + У поточній версії передбачено підтримку таких фільтрів: + ENV + Не надсилати жодних змінних середовища до жодної служби. + + ENV:назва_змінної + Не надсилати змінної середовища назва_змінної до жодної служби. + + ENV:назва_змінної:служба + Не надсилати змінної середовища назва_змінної до вказаної служби. + + + + + Список рядків може бути або списком фільтрів, які встановлюють список +фільтрування і перевизначають типові фільтри, або до кожного елемента списку +може бути додано префікс «+» або «-», який додасть фільтр до наявного +типового фільтрування або вилучить його з наявного типового фільтрування, +відповідно. Будь ласка, зауважте, або що усі елементи списку повинні мати +префікси «+» або «-», або усі елементи списку не повинні містити +префіксів. Змішування стилів вважається помилкою. + + + Типове значення: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i + + + Приклад: -ENV:KRB5CCNAME:sudo-i вилучає фільтр зі списку типових + + + + + + pam_id_timeout (ціле число) + + + Для кожного з запитів PAM під час роботи SSSD система SSSD зробить спробу +негайно оновити кешовані дані щодо профілю користувача з метою переконатися, +що розпізнавання виконується на основі найсвіжіших даних. + + + Повний обмін даними сеансу PAM може включати декілька запитів PAM, зокрема +для керування обліковими записами та відкриття сеансів. За допомогою цього +параметра можна керувати (для окремих клієнтів-програм) тривалістю (у +секундах) кешування даних профілю з метою уникнути повторних викликів засобу +надання даних профілів. + + + Типове значення: 5 + + + + + + pam_pwd_expiration_warning (ціле число) + + + Показати попередження за вказану кількість днів перед завершенням дії +пароля. + + + Будь ласка, зауважте, що сервер обробки має надати дані щодо часу завершення +дії пароля. Якщо ці дані не буде виявлено, sssd не зможе показати +попередження. + + + Якщо встановлено нульове значення, цей фільтр не застосовуватиметься, тобто +якщо з сервера обробки надійде попередження щодо завершення строку дії, його +буде автоматично показано. + + + Цей параметр може бути перевизначено встановленням параметра +pwd_expiration_warning для окремого домену. + + + Типове значення: 0 + + + + + get_domains_timeout (ціле число) + + + Визначає час у секундах, протягом якого список піддоменів вважатиметься +чинним. + + + Типове значення: 60 + + + + + pam_trusted_users (рядок) + + + Визначає список відокремлених комами значень UID або імен користувачів, яким +дозволено виконувати обмін даними PAM із довіреними доменами. Користувачі, +яких не включено до цього списку, можуть отримувати доступ лише до доменів, +які позначено як загальнодоступні (public) за допомогою +pam_public_domains. Імена користувачів перетворюються на UID +під час запуску системи. + + + Типове значення: типово усі користувачі вважаються надійними (довіреними) + + + Будь ласка, зауважте, що користувачеві з UID 0 завжди мають доступ до +відповідача PAM, навіть якщо користувача немає у списку pam_trusted_users. + + + + + pam_public_domains (рядок) + + + Визначає список назв доменів, відокремлених комами, доступ до яких можуть +отримувати навіть ненадійні користувачі. + + + Визначено два спеціальних значення параметра pam_public_domains: + + + all (Ненадійним користувачам відкрито доступ до усіх доменів у відповідачі +PAM.) + + + none (Ненадійним користувачам заборонено доступ до усіх доменів PAM у +відповідачі.) + + + Типове значення: none + + + + + pam_account_expired_message (рядок) + + + Надає змогу встановити нетипове повідомлення щодо завершення строку дії, яке +замінити типове повідомлення «Доступ заборонено» («Permission denied»). + + + Зауваження: будь ласка, зверніть увагу на те, що повідомлення буде виведено +для служби SSH, лише якщо pam_verbosity не встановлено у значення 3 +(показувати усі повідомлення і діагностичні дані). + + + приклад: +pam_account_expired_message = Account expired, please contact help desk. + + + + Типове значення: none + + + + + pam_account_locked_message (рядок) + + + Надає змогу встановити нетипове повідомлення щодо блокування, яке замінити +типове повідомлення «Доступ заборонено» («Permission denied»). + + + приклад: +pam_account_locked_message = Account locked, please contact help desk. + + + + Типове значення: none + + + + + pam_passkey_auth (bool) + + + Enable passkey device based authentication. + + + Типове значення: False + + + + + passkey_debug_libfido2 (bool) + + + Enable libfido2 library debug messages. + + + Типове значення: False + + + + + pam_cert_auth (булеве значення) + + + Увімкнути сертифікацію на основі розпізнавання за смарткартками. Оскільки це +потребує додаткового обміну даним із смарткарткою, що затримує процес +розпізнавання, типово таку сертифікацію вимкнено. + + + Типове значення: False + + + + + pam_cert_db_path (рядок) + + + Шлях до бази даних сертифікатів. + + + Типове значення: + + /etc/sssd/pki/sssd_auth_ca_db.pem (шлях до файла із довіреними сертифікатами +служб сертифікації у форматі PEM) + + + + + + + + pam_cert_verification (рядок) + + + За допомогою цього параметра можна виконати тонке налаштовування перевірки +сертифікатів PAM на основі списку параметрів, відокремлених комами. Ці +параметри перевизначають значення certificate_verification у +розділі [sssd]. Підтримуваними параметрами є ті самі, що і у +certificate_verification. + + + приклад: +pam_cert_verification = partial_chain + + + + Типове значення: не встановлено, тобто слід використовувати типовий параметр +certificate_verification, який визначено у розділі +[sssd]. + + + + + p11_child_timeout (ціле число) + + + Час у секундах, протягом якого pam_sss очікуватиме на завершення роботи +p11_child. + + + Типове значення: 10 + + + + + passkey_child_timeout (integer) + + + How many seconds will the PAM responder wait for passkey_child to finish. + + + Типове значення: 15 + + + + + pam_app_services (рядок) + + + Визначає, яким службам PAM дозволено встановлювати з'єднання із доменами +типу application + + + Типове значення: не встановлено + + + + + pam_p11_allowed_services (ціле число) + + + Список назв служб PAM, відокремлених комами, для яких буде дозволено +використання смарткарток. + + + Можна додати іншу назву служби PAM до типового набору за допомогою +конструкції «+назва_служби» або явним чином вилучити назву служби PAM з +типового набору за допомогою конструкції «-назва_служби». Наприклад, щоб +замінити типову назву служби PAM для розпізнавання за смарткарткою +(наприклад, «login») з нетиповою назвою служби PAM (наприклад, +«my_pam_service»), вам слід скористатися такими налаштуваннями: +pam_p11_allowed_services = +my_pam_service, -login + + + + Типове значення: типовий набір назв служб PAM складається з таких значень: + + + + login + + + + + su + + + + + su-l + + + + + gdm-smartcard + + + + + gdm-password + + + + + kdm + + + + + sudo + + + + + sudo-i + + + + + gnome-screensaver + + + + + + + + p11_wait_for_card_timeout (ціле число) + + + Якщо обов'язковим є розпізнавання за смарткарткою, кількість додаткових +секунд, які буде додано до p11_child_timeout, протягом яких відповідача PAM +має чекати на вставлення смарткартки. + + + Типове значення: 60 + + + + + p11_uri (рядок) + + + Адреса PKCS#11 (докладніший опис можна знайти у RFC-7512), якою можна +скористатися для обмеження переліку пристроїв, які використовуються для +розпізнавання за допомогою смарткартки. Типово, p11_child зі складу SSSD +виконуватиме пошук слоту PKCS#11 (зчитувача), для якого встановлено прапорці +«removable» («портативний») і читатиме сертифікати із першого знайденого +слоту вставленого ключа. Якщо з комп'ютером буде з'єднано декілька +зчитувачів, можна скористатися p11_uri для повідомлення p11_child про те, що +слід використовувати вказаний зчитувач. + + + Приклади: +p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader + або +p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2 + Для визначення відповідної адреси, +ознайомтеся із файлом діагностичних даних p11_child. Крім того, можна +скористатися програмою GnuTLS p11tool, наприклад, із параметром --list-all, +який покаже і адреси PKCS#11. + + + Типове значення: none + + + + + pam_initgroups_scheme + + + Відповідач PAM може примусово застосувати пошук у мережі, щоб отримати +поточну групу членства користувача, який намагається увійти до системи. Цей +параметр керує тим, коли це слід робити. Передбачено можливість встановлення +таких значень: + always + Завжди виконувати пошук у мережі. Будь ласка, зауважте, що pam_id_timeout +буде все одно застосовано + + no_session + Виконувати пошук у мережі, лише якщо немає активного сеансу користувача, +тобто якщо користувач не працює у системі + + never + Ніколи не виконувати пошук у мережі примусово, використовувати дані з кешу, +аж доки вони не застаріють + + + + + Типове значення: no_session + + + + + pam_gssapi_services + + + Відокремлений комами список служб PAM, яким дозволено намагатися виконати +розпізнавання за GSSAPI за допомогою модуля pam_sss_gss.so. + + + Щоб вимкнути розпізнавання за GSSAPI, встановіть для цього параметра +значення - (дефіс). + + + Зауваження: значення цього параметра можна встановлювати для кожного з +доменів окремо, при цьому перевизначивши значення у розділі [pam]. Його +також можна встановити для довіреного домену, при цьому значення матиме +вищий пріоритет за значення у розділі домену. + + + Приклад: +pam_gssapi_services = sudo, sudo-i + + + + Типове значення: - (розпізнавання за GSSAPI вимкнено) + + + + + pam_gssapi_check_upn + + + Якщо має значення True, SSSD потребуватиме можливості прив'язки +реєстраційних даних користувача Kerberos, якого успішно розпізнано за +допомогою GSSAPI, до користувача, якого розпізнано. Розпізнавання +вважатиметься неуспішним, якщо перевірку не буде пройдено. + + + Якщо має значення False, розпізнаними вважатимуться усі користувачі, які +зможуть отримати бажаний квиток служби. + + + Зауваження: значення цього параметра можна встановлювати для кожного з +доменів окремо, при цьому перевизначивши значення у розділі [pam]. Його +також можна встановити для довіреного домену, при цьому значення матиме +вищий пріоритет за значення у розділі домену. + + + Типове значення: True + + + + + pam_gssapi_indicators_map + + + Для доступу до служби PAM, у якій можна спробувати розпізнавання GSSAPI з +використанням модуля pam_sss_gss.so, у квитку Kerberos має бути список +відокремлених комами індикаторів розпізнавання. + + + Кожен з елементів списку може бути або назвою індикатора розпізнавання, або +парою служба:індикатор. Для доступу до будь-якої служби PAM, +яку налаштовано на використання з +будуть потрібні індикатори без префіксів назв служб PAM. Список-результат +індикаторів для окремої служби PAM буде перевірено за індикаторами у квитку +Kerberos під час розпізнавання у pam_sss_gss.so. Буд-який індикатор з +квитка, який відповідає списку-результату індикаторів для служби PAM, +отримає доступ. Якщо відповідність не буде встановлено для жодного з +індикаторів, доступ буде заборонено. Якщо список-результат індикаторів для +служби PAM є порожнім, перевірка не закриватиме доступ для жодного запису. + + + Щоб вимкнути перевірку за індикаторами для розпізнавання за GSSAPI, +встановіть для цього параметра значення - (дефіс). Щоб +вимкнути перевірку для певної служби PAM, додайте служба:-. + + + Зауваження: значення цього параметра можна встановлювати для кожного з +доменів окремо, при цьому перевизначивши значення у розділі [pam]. Його +також можна встановити для довіреного домену, при цьому значення матиме +вищий пріоритет за значення у розділі домену. + + + У розгорнутих системах IPA з Kerberos передбачено підтримку таких +індикаторів розпізнавання: + + + pkinit — попереднє розпізнавання за допомогою сертифікатів X.509, які +зберігаються у файлах або на смарткартках. + + + hardened — попереднє розпізнавання SPAKE або будь-яке попереднє +розпізнавання у обгортці каналу FAST. + + + radius — попереднє розпізнавання за допомогою сервера RADIUS. + + + otp — попереднє розпізнавання за допомогою інтегрованого двофакторного +розпізнавання (2FA або одноразовий пароль, OTP) в IPA. + + + idp — попереднє розпізнавання за допомогою зовнішнього надавача даних +профілів. + + + + + Приклад: щоб встановити обов'язковість для доступу до служб SUDO отримання +користувачами їхніх квитків Kerberos із попереднім розпізнаванням за +сертифікатом X.509 (PKINIT), встановіть +pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit + + + + Типове значення: не встановлено (немає потреби у використанні індикаторів +розпізнавання) + + + + + + + + Параметри налаштування SUDO + + Цими параметрами можна скористатися для налаштовування служби sudo. Докладні +настанови щодо налаштовування +sudo 8 +на роботу з sssd +8 можна знайти на сторінці довідника + sssd-sudo +5 . + + + + sudo_timed (булеве значення) + + + Визначає, чи слід обробляти атрибути sudoNotBefore і sudoNotAfter, +призначені для визначення часових обмежень для записів sudoers. + + + Типове значення: false + + + + + + + sudo_threshold (ціле число) + + + Максимальна кількість застарілих правил, які можна оновлювати за один +крок. Якщо кількість застарілих правил є нижчою за це порогове значення, +правила буде оновлено за допомогою механізму rules +refresh. Якщо порогове значення перевищено, замість нього буде +використано full refresh з правил sudo. Це порогове значення +також стосується команди sudo IPA та групових пошуків команд. + + + Типове значення: 50 + + + + + + + + Параметри налаштування AUTOFS + + Цими параметрами можна скористатися для налаштування служби autofs. + + + + autofs_negative_timeout (ціле число) + + + Визначає кількість секунд, протягом яких відповідач autofs має кешувати +негативні результати пошуку у кеші (тобто запити щодо некоректних записів у +базі даних, зокрема неіснуючих) перед повторним запитом до сервера обробки. + + + Типове значення: 15 + + + + + + + + + Параметри налаштувань SSH + + Цими параметрами можна скористатися для налаштування служби SSH. + + + + ssh_hash_known_hosts (булеве значення) + + + Чи слід хешувати назви та адреси вузлів у керованому файлі known_hosts. + + + Типове значення: false + + + + + ssh_known_hosts_timeout (ціле число) + + + Кількість секунд, протягом яких запису вузла зберігатиметься у керованому +файлі known_hosts після надсилання запиту щодо ключів вузла. + + + Типове значення: 180 + + + + + ssh_use_certificate_keys (булеве значення) + + + Якщо встановлено значення true, sss_ssh_authorizedkeys +поверне ключі ssh, які походять від відкритого ключа сертифікатів X.509, які +також зберігаються у записі користувача. Докладніше про це на сторінці +підручника +sss_ssh_authorizedkeys +1 . + + + Типове значення: true + + + + + ssh_use_certificate_matching_rules (рядок) + + + Типово, відповідач SSH буде використовувати усі доступні правила +встановлення відповідності сертифікатів для фільтрування сертифікатів, тому +ключі SSH будуть створюватися лише на основі відповідних правилам +сертифікатів. За допомогою цього параметра можна обмежити перелік +використаних правил на основі списку назв правил прив'язки і відповідності, +відокремлених комами. Усі інші правила буде проігноровано. + + + Передбачено два спеціальних ключових слова «all_rules» та «no_rules», які +вмикають або вимикають усі правила, відповідно. Останній випадок означає, що +сертифікати не фільтруватимуться, а ключі ssh буде створено з усіх коректних +сертифікатів. + + + Якщо не налаштовано жодного правила, «all_rules» увімкне типове правило, яке +дозволяє використання усіх сертифікатів, які придатні для розпізнавання +клієнта. Це та сама поведінка, що для відповідача PAM, якщо увімкнено +розпізнавання за сертифікатом. + + + Визначення назви правила, якої не існує, вважатиметься помилкою. Якщо в +результаті не буде вибрано жодного правила, усі сертифікати буде +проігноровано. + + + Типове значення: не встановлено, рівнозначне до «all_rules» — буде +використано усі знайдені правила або типове правило + + + + + ca_db (рядок) + + + Шлях до сховища довірених сертифікатів CA. Параметр використовується для +перевірки сертифікатів користувачів до отримання з них відкритих ключів ssh. + + + Типове значення: + + /etc/sssd/pki/sssd_auth_ca_db.pem (шлях до файла із довіреними сертифікатами +служб сертифікації у форматі PEM) + + + + + + + + + + + Параметри налаштування відповідача PAC + + Відповідач PAC працює разом з додатком даних уповноваження для +sssd_pac_plugin.so зі складу MIT Kerberos та засобу надання даних +піддоменів. Цей додаток надсилає до відповідача PAC дані PAC під час +розпізнавання за допомогою GSSAPI. Засіб надання даних піддоменів збирає +дані щодо діапазонів SID і ID домену, до якого долучено клієнт, та +віддалених надійних доменів з локального контролера доменів. Якщо PAC +декодовано і визначено, виконуються деякі з таких дій: + + Якщо у кеші немає даних віддаленого користувача, запис цих даних буде +створено. UID буде визначено за допомогою SID, надійні домени матимуть UPG, +а gid матиме те саме значення, що і UID. Дані домашнього каталогу буде +засновано на значенні параметра subdomain_homedir. Типово, для командної +оболонки буде вибрано порожнє значення, тобто використовуватимуться типові +параметри системи. Значення для оболонки можна змінити за допомогою +параметра default_shell. + + Якщо існують SID груп з доменів, про які відомо SSSD, запис користувача буде +додано до цих груп. + + + + + Цими параметрами можна скористатися для налаштовування відповідача PAC. + + + + allowed_uids (рядок) + + + Визначає список значень UID або імен користувачів, відокремлених +комами. Користувачам з цього списку буде дозволено доступ до відповідача +PAC. UID за іменами користувачів визначатимуться під час запуску. + + + Типове значення: 0 (доступ до відповідача PAC має лише адміністративний +користувач (root)) + + + Будь ласка, зауважте, що хоча типово використовується UID 0, значення UID +буде перевизначено на основі цього параметра. Якщо ви хочете надати +адміністративному користувачеві (root) доступ до відповідача PAC, що може +бути типовим варіантом, вам слід додати до списку UID з правами доступу +запис 0. + + + + + pac_lifetime (ціле число) + + + Строк дії запису PAC у секундах. Якщо PAC є чинним, дані PAC можна +використовувати для визначення членства користувача у групі. + + + Типове значення: 300 + + + + + pac_check (рядок) + + + Застосувати додаткові перевірки до PAC квитка Kerberos, який доступний у +доменах Active Directory і FreeIPA, якщо це налаштовано. Будь ласка, +зауважте, що має бути увімкнено перевірку квитка Kerberos, щоб мати змогу +перевірити PAC, тобто для параметра krb5_validate має бути встановлено +значення «True», яке є типовим для надавачів даних IPA і AD. Якщо для +krb5_validate встановлено значення «False», перевірки PAC буде пропущено. + + + Вказаними нижче параметрами можна скористатися окремо або у форматі списку +відокремлених комами значень: + + no_check + + PAC не повинно бути, і навіть якщо він є, ніяких додаткових перевірок +виконано не буде. + + + + pac_present + + PAC має бути наявним у квитку служби, запит щодо якого SSSD надсилає за +допомогою TGT користувача. Якщо PAC є недоступним, спроба розпізнавання +зазнає невдачі. + + + + + check_upn + + Якщо PAC є, перевірити, чи є узгодженими дані назви реєстраційного запису +користувача (UPN). + + + + check_upn_allow_missing + + Цей параметр слід використовувати разом і «check_upn» і обробляє випадок, +коли для UPN встановлено значення на боці сервера, але його не прочитано +SSSD. Типовим прикладом є домен FreeIPA, де для «ldap_user_principal» +встановлено назву атрибуту, якого не існує. Так типово роблять для того, щоб +обійти проблеми в обробці промислових реєстраційних записів. Втім, це +виправлено вже певний час, і FreeIPA може обробляти промислові реєстраційні +записи без проблем. У встановленні «ldap_user_principal» більше немає +потреби. + У поточній версії цей параметр типово увімкнено, щоб уникнути регресій у +подібних середовищах. До системного журналу та діагностичного журналу SSSD +буде додано повідомлення у випадку виявлення UPN у PAC, але не у кеші +SSSD. Щоб уникнути появи такого повідомлення, слід перевірити, чи можна +вилучити параметр «ldap_user_principal». Якщо це неможливо, вилучення +«check_upn» призведе до пропускання перевірки, і повідомлення зникне з +журналу. + + + + upn_dns_info_present + + PAC має містити буфер UPN-DNS-INFO; неявним чином встановлює «check_upn». + + + + check_upn_dns_info_ex + + Якщо є PAC і доступним є розширення буфера UPN-DNS-INFO, перевірити, чи є +узгодженими дані у розширенні. + + + + upn_dns_info_ex_present + + PAC має містити розширення буфера UPN-DNS-INFO; неявним чином встановлює +«check_upn_dns_info_ex», «upn_dns_info_present» і «check_upn». + + + + + + + Типове значення: no_check (для надавачів AD та IPA — «check_upn, +check_upn_allow_missing, check_upn_dns_info_ex») + + + + + + + + Параметри налаштовування запису сеансів + + Запис сеансів працює у зв'язці з +tlog-rec-session 8 +, частиною пакунка tlog, для запису даних, які бачать і +вводять користувачі після входу до текстового термінала. Див. також + sssd-session-recording +5 . + + + Цими параметрами можна скористатися для налаштовування запису сеансів. + + + + scope (рядок) + + + Один із вказаних нижче рядків, що визначають область запису сеансів: + + + "none" + + + Користувачі не записуються. + + + + + "some" + + + Запис вестиметься для користувачів і груп, вказаних параметрами +користувачі і групи. + + + + + "all" + + + Усі користувачі записуються. + + + + + + + Типове значення: none + + + + + users (рядок) + + + Список відокремлених комами записів користувачів, для яких увімкнено +записування сеансів. Належність до списку визначатиметься за іменами, +повернутими NSS, тобто після можливих замін пробілів, змін регістру символів +тощо. + + + Типове значення: порожнє. Не відповідає жодному користувачу. + + + + + groups (рядок) + + + Список відокремлених комами записів груп, для користувачів яких буде +увімкнено записування сеансів. Належність до списку визначатиметься за +назвами, повернутими NSS, тобто після можливих замін пробілів, змін регістру +символів тощо. + + + Зауваження: використання цього параметра (встановлення для нього будь-якого +значення) значно впливає на швидкодію, оскільки некешований запит щодо +користувача потребує отримання і встановлення відповідності груп, до яких +належить користувач. + + + Типове значення: порожнє. Не відповідає жодній групі. + + + + + exclude_users (рядок) + + + Список відокремлених комами записів користувачів, яких має бути виключено із +записування. Може бути застосовано лише разом із «scope=all». + + + Типове значення: порожнє. Не виключати жодного користувача. + + + + + exclude_groups (рядок) + + + Список відокремлених комами записів груп, учасників яких має бути виключено +із записування. Може бути застосовано лише разом із «scope=all». + + + Зауваження: використання цього параметра (встановлення для нього будь-якого +значення) значно впливає на швидкодію, оскільки некешований запит щодо +користувача потребує отримання і встановлення відповідності груп, до яких +належить користувач. + + + Типове значення: порожнє. Не виключати жодної групи. + + + + + + + + + + РОЗДІЛИ ДОМЕНІВ + + Ці параметри налаштування може бути вказано у розділі налаштування домену, +тобто у розділі з назвою +[domain/НАЗВА] + + enabled + + + Явним чином увімкнути або вимкнути домен. Якщо має значення +true, домен завжди увімкнено. Якщо має +значення false, домен завжди вимкнено. Якщо +значення цього параметра не встановлено, домен увімкнено, лише якщо його +вказано у параметрі доменів у розділі [sssd]. + + + + + + domain_type (рядок) + + + Визначає, чи призначено домен для використання клієнтами у стандарті POSIX, +зокрема NSS, або програмами, які не потребують наявності або створення даних +POSIX. Інтерфейсам та інструментам операційних систем доступні лише об'єкти +з доменів POSIX. + + + Дозволеними значеннями цього параметра є posix і +application. + + + Домени POSIX доступні для усіх служб. Домени програм доступні лише з +відповідача InfoPipe (див. +sssd-ifp 5 +) і відповідача PAM. + + + ЗАУВАЖЕННЯ: належне тестування у поточній версії виконано лише для доменів +application з id_provider=ldap. + + + Щоб ознайомитися із простим способом налаштовування не-POSIX доменів, будь +ласка, ознайомтеся із розділом Домени програм. + + + Типове значення: posix + + + + + + min_id,max_id (ціле значення) + + + Обмеження UID і GID для домену. Якщо у домені міститься запис, що не +відповідає цим обмеженням, його буде проігноровано. + + + Для користувачів зміна цього параметра вплине на основне обмеження +GID. Запис користувача не буде повернуто до NSS, якщо UID або основний GID +не належать вказаному діапазону. Записи користувачів, які не є учасниками +основної групи і належать діапазону, буде виведено у звичайному режимі. + + + Ці обмеження на ідентифікатори стосуються і збереження записів до кешу, не +лише повернення записів за назвою або ідентифікатором. + + + Типові значення: 1 для min_id, 0 (без обмежень) для max_id + + + + + + enumerate (булеве значення) + + + Визначає, чи можна нумерувати домен, тобто, чи може домен створити список +усіх користувачів і груп, які у ньому містяться. Зауважте, що вмикання +нумерування не є обов'язковим для показу вторинних груп. Цей параметр може +мати такі значення: + + + TRUE = користувачі і групи нумеруються + + + FALSE = не використовувати нумерацію для цього домену + + + Типове значення: FALSE + + + Нумерування домену потребує від SSSD отримання і зберігання усіх записів +користувачів і груп із віддаленого сервера. + + + Зауваження: вмикання нумерації помірно знизить швидкодію SSSD на час +виконання нумерації. Нумерація може тривати до декількох хвилин після +запуску SSSD. Протягом виконання нумерації окремі запити щодо даних буде +надіслано безпосередньо до LDAP, хоча і з уповільненням через навантаження +системи виконанням нумерації. Збереження великої кількості записів до кешу +після завершення нумерації може також значно навантажити процесор, оскільки +повторне визначення параметрів участі також іноді є складним завданням. Це +може призвести до проблем із отриманням відповіді від процесу +sssd_be або навіть перезапуску усього засобу стеження. + + + Під час першого виконання нумерації запити щодо повних списків користувачів +та груп можуть не повертати жодних результатів, аж доки нумерацію не буде +завершено. + + + Крім того, вмикання нумерації може збільшити час, потрібний для виявлення +того, що мережеве з’єднання розірвано, оскільки потрібне буде збільшення +часу очікування для забезпечення успішного завершення пошуків нумерації. Щоб +отримати додаткову інформацію, зверніться до сторінок довідника (man) +відповідного використаного засобу обробки ідентифікаторів (id_provider). + + + З вказаних вище причин не рекомендуємо вам вмикати нумерацію, особливо у +об’ємних середовищах. + + + + + + subdomain_enumerate (рядок) + + + Визначає, чи слід нумерувати усі автоматично виявлені надійні (довірені) +домени. Підтримувані значення: + + all + Усі виявлені надійні домени буде пронумеровано + + + none + Нумерація виявлених надійних доменів не виконуватиметься + + +Якщо потрібно, можна вказати список з однієї або декількох назв надійних +доменів, для яких буде увімкнено нумерацію. + + + Типове значення: none + + + + + + entry_cache_timeout (ціле число) + + + Кількість секунд, протягом яких nss_sss вважатиме записи чинними, перш ніж +надсилати повторний запит до сервера + + + Дані щодо часових позначок завершення строку дії записів кешу зберігаються +як атрибути окремих об’єктів у кеші. Тому зміна часу очікування на дані у +кеші впливає лише на нові записи та записи, строк дії яких вичерпано. Для +примусового оновлення записів, які вже було кешовано, вам слід запустити +програму sss_cache +8 . + + + Типове значення: 5400 + + + + + + entry_cache_user_timeout (ціле число) + + + Кількість секунд, протягом яких nss_sss вважатиме записи користувачів +чинними, перш ніж надсилати повторний запит до сервера + + + Типове значення: entry_cache_timeout + + + + + + entry_cache_group_timeout (ціле число) + + + Кількість секунд, протягом яких nss_sss вважатиме записи груп чинними, перш +ніж надсилати повторний запит до сервера + + + Типове значення: entry_cache_timeout + + + + + + entry_cache_netgroup_timeout (ціле число) + + + Кількість секунд, протягом яких nss_sss вважатиме записи мережевих груп +чинними, перш ніж надсилати повторний запит до сервера + + + Типове значення: entry_cache_timeout + + + + + + entry_cache_service_timeout (ціле число) + + + Кількість секунд, протягом яких nss_sss вважатиме записи служб чинними, перш +ніж надсилати повторний запит до сервера + + + Типове значення: entry_cache_timeout + + + + + + entry_cache_resolver_timeout (ціле число) + + + Кількість секунд, протягом яких nss_sss вважатиме записи вузлів і мереж +чинними, перш ніж надсилати повторний запит до сервера + + + Типове значення: entry_cache_timeout + + + + + + entry_cache_sudo_timeout (ціле число) + + + Кількість секунд, протягом яких sudo вважатиме правила чинними, перш ніж +надсилати повторний запит до сервера + + + Типове значення: entry_cache_timeout + + + + + + entry_cache_autofs_timeout (ціле число) + + + Кількість секунд, протягом яких служба autofs вважатиме карти автомонтування +чинними, перш ніж надсилати повторний запит до сервера + + + Типове значення: entry_cache_timeout + + + + + + entry_cache_ssh_host_timeout (ціле число) + + + Кількість секунд, протягом яких слід зберігати ключ ssh вузла після +оновлення. Іншими словами, параметр визначає тривалість зберігання ключа +вузла у кеші. + + + Типове значення: entry_cache_timeout + + + + + + entry_cache_computer_timeout (ціле число) + + + Кількість секунд, протягом яких слід зберігати запис локального комп'ютера, +перш ніж надсилати запит до модуля обробки даних знову + + + Типове значення: entry_cache_timeout + + + + + + refresh_expired_interval (ціле число) + + + Визначає кількість секунд, протягом яких SSSD має очікувати до запуску +завдання з оновлення у фоновому режимі записів кешу, строк дії яких +вичерпано або майже вичерпано. + + + Під час фонового оновлення виконуватиметься обробка записів користувачів, +груп та мережевих груп у кеші. для записів користувачів, для яких +виконувалися дії з ініціювання груп (отримання даних щодо участі користувача +у групах, які типово виконуються під час входу до системи), буде оновлено і +запис користувача, і дані щодо участі у групах. + + + Цей параметр автоматично успадковується для усіх довірених доменів. + + + Варто визначити для цього параметра значення 3/4 * entry_cache_timeout. + + + Запис кешу буде оновлено фоновим завданням, якщо минуло 2/3 часу очікування +на застарівання кешу. Якщо у кеші вже є записи, фонове завдання звернеться +до значень часу очікування на застарівання початкових записів, а не +поточного значення у налаштуваннях. Це може призвести до ситуації, у якій +здаватиметься, що фонове завдання із оновлення записів не працює. Так +зроблено спеціально для удосконалення роботи в автономному режимі і +повторного використання наявних коректних записів у кеші. Щоб зробити +використання внесеної зміни постійним, користувачу варто вручну скасувати +чинність наявного кешу. + + + Типове значення: 0 (вимкнено) + + + + + + cache_credentials (булеве значення) + + + Determines if user credentials are also cached in the local LDB cache. The +cached credentials refer to passwords, which includes the first (long term) +factor of two-factor authentication, not other authentication +mechanisms. Passkey and Smartcard authentications are expected to work +offline as long as a successful online authentication is recorded in the +cache without additional configuration. + + + Take a note that while credentials are stored as a salted SHA512 hash, this +still potentially poses some security risk in case an attacker manages to +get access to a cache file (normally requires privileged access) and to +break a password using brute force attack. + + + Типове значення: FALSE + + + + + + cache_credentials_minimal_first_factor_length (ціле число) + + + Якщо використано двофакторне розпізнавання (2FA) і реєстраційні дані мають +зберігатися, це значення визначає мінімальну довжину першого фактора +розпізнавання (довготривалого пароля), який має бути збережено у форматі +контрольної суми SHA512 у кеші. + + + Таким чином забезпечується уникнення випадку, коли короткі PIN-коди +заснованої на PIN-кодах схеми 2FA зберігаються у кеші, що робить їх простою +мішенню атак із перебиранням паролів. + + + Типове значення: 8 + + + + + + account_cache_expiration (ціле число) + + + Кількість днів, протягом яких записи залишатимуться у кеші після успішного +входу до системи до вилучення під час спорожнення кешу. 0 — не вилучати +записи. Значення цього параметра має бути більшим або рівним значенню +offline_credentials_expiration. + + + Типове значення: 0 (без обмежень) + + + + + pwd_expiration_warning (ціле число) + + + Показати попередження за вказану кількість днів перед завершенням дії +пароля. + + + Якщо встановлено нульове значення, цей фільтр не застосовуватиметься, тобто +якщо з сервера обробки надійде попередження щодо завершення строку дії, його +буде автоматично показано. + + + Будь ласка, зауважте, що сервер обробки має надати дані щодо часу завершення +дії пароля. Якщо ці дані не буде виявлено, sssd не зможе показати +попередження. Крім того для цього сервера може бути вказано службу надання +даних розпізнавання. + + + Типове значення: 7 (Kerberos), 0 (LDAP) + + + + + + id_provider (рядок) + + + Засіб надання даних ідентифікації, який використовується для цього +домену. Серед підтримуваних засобів такі: + + + «proxy»: підтримка застарілого модуля надання даних NSS. + + + files: засіб надання даних FILES. Докладніше про те, як +працює віддзеркалення локальних користувачів і груп у SSSD, можна дізнатися +зі сторінки підручника +sssd-files 5 +. + + + ldap: засіб LDAP. Докладніше про налаштовування LDAP можна +дізнатися з довідки до +sssd-ldap 5 +. + + + ipa: FreeIPA and Red Hat Identity Management provider. See + sssd-ipa +5 for more information on configuring +FreeIPA. + + + ad: засіб Active Directory. Докладніші відомості щодо +налаштовування Active Directory викладено у довіднику з +sssd-ad 5 +. + + + + + + use_fully_qualified_names (булеве значення) + + + Використовувати ім’я та домен повністю (у форматі, визначеному +full_name_format домену) як ім’я користувача у системі, що повідомляється +NSS. + + + Якщо встановлено значення TRUE, всі запити до цього домену мають +використовувати повні назви. Наприклад, якщо використано домен LOCAL, який +містить запис користувача «test» user, getent passwd test +не покаже користувача, а getent passwd test@LOCAL покаже. + + + ЗАУВАЖЕННЯ: цей параметр не впливатиме на пошук у мережевих групах через +тенденцію до включення до таких груп вкладених мережевих груп. Для мережевих +груп, якщо задано неповну назву, буде виконано пошук у всіх доменах. + + + Типове значення: FALSE (TRUE для довірених доменів і піддоменів або якщо +використано default_domain_suffix) + + + + + ignore_group_members (булеве значення) + + + Не повертати записи учасників груп для пошуків груп. + + + Якщо встановлено значення TRUE, сервер LDAP не запитуватиме дані щодо +атрибутів участі у групах, а списки учасників груп не повертаються під час +обробки запитів щодо пошуку груп, зокрема +getgrnam 3 + або getgrgid +3 . Отже, getent group +$groupname поверне запитану групу так, наче вона була порожня. + + + Вмикання цього параметра може також значно пришвидшити перевірки засобу +надання доступу для участі у групі, особливо для груп, у яких багато +учасників. + + + Цей параметр також може бути встановлено для окремого піддомену або +успадковано за допомогою subdomain_inherit. + + + Типове значення: FALSE + + + + + auth_provider (рядок) + + + Служба розпізнавання, яку використано для цього домену. Серед підтримуваних +служб розпізнавання: + + + ldap — вбудоване розпізнавання LDAP. Докладніші відомості +щодо налаштовування LDAP викладено у довіднику з +sssd-ldap 5 +. + + + krb5 — вбудоване розпізнавання Kerberos. Докладніші відомості +щодо налаштовування Kerberos викладено у довіднику з +sssd-krb5 +. + + + ipa: FreeIPA and Red Hat Identity Management provider. See + sssd-ipa +5 for more information on configuring +FreeIPA. + + + ad: засіб Active Directory. Докладніші відомості щодо +налаштовування Active Directory викладено у довіднику з +sssd-ad 5 +. + + + proxy — трансльоване розпізнавання у іншій системі PAM. + + + none — вимкнути розпізнавання повністю. + + + Типове значення: буде використано id_provider, якщо цей +спосіб встановлено і можлива обробка запитів щодо розпізнавання. + + + + + access_provider (рядок) + + + Програма керування доступом для домену. Передбачено дві вбудованих програми +керування доступом (окрім всіх встановлених додаткових +серверів). Вбудованими програмами є: + + + permit дозволяти доступ завжди. Єдиний дозволений засіб +доступу для локального домену. + + + deny — завжди забороняти доступ. + + + ldap — вбудоване розпізнавання LDAP. Докладніші відомості +щодо налаштовування LDAP викладено у довіднику з +sssd-ldap 5 +. + + + ipa: FreeIPA and Red Hat Identity Management provider. See + sssd-ipa +5 for more information on configuring +FreeIPA. + + + ad: засіб Active Directory. Докладніші відомості щодо +налаштовування Active Directory викладено у довіднику з +sssd-ad 5 +. + + + simple — керування доступом на основі списків дозволу або +заборони. Докладніші відомості щодо налаштовування модуля доступу simple +можна знайти у довідці до +sssd-simple +5. + + + krb5 — керування доступом на основі .k5login. Докладніші +відомості щодо налаштовування Kerberos викладено у довіднику з + sssd-krb5 + . + + + proxy — для трансляції керування доступом до іншого модуля +PAM. + + + Типове значення: permit + + + + + chpass_provider (рядок) + + + Система, яка має обробляти дії зі зміни паролів для домену. Передбачено +підтримку таких систем зміни паролів: + + + ldap — змінити пароль, що зберігається на сервері +LDAP. Докладніші відомості щодо налаштовування LDAP викладено у довіднику з + sssd-ldap +5 . + + + krb5 — змінити пароль Kerberos. Докладніші відомості щодо +налаштовування Kerberos викладено у довіднику з +sssd-krb5 +. + + + ipa: FreeIPA and Red Hat Identity Management provider. See + sssd-ipa +5 for more information on configuring +FreeIPA. + + + ad: засіб Active Directory. Докладніші відомості щодо +налаштовування Active Directory викладено у довіднику з +sssd-ad 5 +. + + + proxy — трансльована зміна пароля у іншій системі PAM. + + + none — явно вимкнути можливість зміни пароля. + + + Типове значення: використовується «auth_provider», якщо встановлено значення +цього параметра і якщо система здатна обробляти запити щодо паролів. + + + + + + sudo_provider (рядок) + + + Служба SUDO, яку використано для цього домену. Серед підтримуваних служб +SUDO: + + + ldap для правил, що зберігаються у LDAP. Докладніше про +налаштовування LDAP можна дізнатися з довідки до +sssd-ldap 5 +. + + + ipa — те саме, що і ldap, але з типовими +параметрами IPA. + + + ad — те саме, що і ldap, але з типовими +параметрами AD. + + + none явним чином вимикає SUDO. + + + Типове значення: використовується значення id_provider, якщо +його встановлено. + + + З докладними настановами щодо налаштовування sudo_provider можна +ознайомитися за допомогою сторінки підручника (man) +sssd-sudo 5 +. Передбачено доволі багато параметрів налаштовування, якими +можна скористатися для коригування поведінки програми. Докладніший опис +можна знайти у розділах щодо «ldap_sudo_*»" у підручнику з +sssd-ldap 5 +. + + + Зауваження: правила sudo періодично отримуються у +фоновому режимі, якщо постачальник даних sudo не вимкнено явним +чином. Встановіть значення sudo_provider = None, щоб +вимкнути усі дії, пов'язані із sudo у SSSD, якщо ви взагалі не хочете +використовувати sudo у SSSD. + + + + + selinux_provider (рядок) + + + Засіб, який має відповідати за завантаження параметрів SELinux. Зауважте, що +цей засіб буде викликано одразу після завершення роботи служби надання +доступу. Передбачено підтримку таких засобів надання даних SELinux: + + + ipa для завантаження параметрів selinux з сервера +IPA. Докладніші відомості щодо налаштовування IPA викладено у довіднику з + sssd-ipa +5 . + + + none явним чином забороняє отримання даних щодо параметрів +SELinux. + + + Типове значення: буде використано id_provider, якщо цей +спосіб встановлено і можлива обробка запитів щодо завантаження SELinux. + + + + + subdomains_provider (рядок) + + + Засіб надання даних, який має обробляти отримання даних піддоменів. Це +значення має завжди збігатися зі значенням id_provider. Передбачено +підтримку таких засобів надання даних піддоменів: + + + ipa для завантаження списку піддоменів з сервера +IPA. Докладніші відомості щодо налаштовування IPA викладено у довіднику з + sssd-ipa +5 . + + + «ad», з якої слід завантажувати список піддоменів з сервера Active +Directory. Див. sssd-ad +5 , щоб дізнатися більше про +налаштовування засобу надання даних AD. + + + none забороняє ячним чином отримання даних піддоменів. + + + Типове значення: використовується значення id_provider, якщо +його встановлено. + + + + + session_provider (рядок) + + + Постачальник даних, який налаштовує завдання, пов'язані із сеансами +користувачів, і керує ними. Єдиним завданням сеансів користувача у поточній +версії є інтеграція із Fleet Commander, який працює лише з IPA. Підтримувані +постачальники даних сеансів: + + + ipa, щоб дозволити пов'язані із сеансами користувачів +завдання. + + + none — не виконувати жодних пов'язаних із сеансами +користувачів завдань. + + + Типове значення: використовується значення id_provider, якщо +його встановлено і дозволено виконувати пов'язані із сеансами завдання. + + + Зауваження: щоб ця можливість працювала як слід, SSSD +має бути запущено від імені користувача root, а не якогось іншого +непривілейованого користувача. + + + + + + autofs_provider (рядок) + + + Служба autofs, яку використано для цього домену. Серед підтримуваних служб +autofs: + + + ldap — завантажити карти, що зберігаються у LDAP. Докладніше +про налаштовування LDAP можна дізнатися з довідки до +sssd-ldap 5 +. + + + ipa — завантажити карти, що зберігається на сервері +IPA. Докладніші відомості щодо налаштовування IPA викладено у довіднику з + sssd-ipa + . + + + ad — завантажити карти, що зберігаються на сервері +AD. Див. sssd-ad +5 , щоб дізнатися більше про +налаштовування засобу надання даних AD. + + + none вимикає autofs повністю. + + + Типове значення: використовується значення id_provider, якщо +його встановлено. + + + + + + hostid_provider (рядок) + + + Засіб надання даних, який використовується для отримання даних щодо профілю +вузла. Серед підтримуваних засобів надання hostid: + + + ipa — завантажити профіль системи, що зберігається на сервері +IPA. Докладніші відомості щодо налаштовування IPA викладено у довіднику з + sssd-ipa + . + + + none вимикає hostid повністю. + + + Типове значення: використовується значення id_provider, якщо +його встановлено. + + + + + + resolver_provider (рядок) + + + Система, яка має обробляти дії зі пошуку вузлів та мереж. Передбачено +підтримку таких надавачів даних для визначення: + + + proxy для переспрямовування пошуків до іншої бібліотеки +NSS. Див. proxy_resolver_lib_name + + + ldap — отримати записи вузлів і мереж, які зберігаються у +LDAP. Докладніше про налаштовування LDAP можна дізнатися з довідки до + sssd-ldap +5 . + + + ad — отримати записи вузлів і мереж, які зберігаються на +сервері AD. Див. sssd-ad +5 , щоб дізнатися більше про +налаштовування засобу надання даних AD. + + + none забороняє ячним чином отримання даних вузлів і мереж. + + + Типове значення: використовується значення id_provider, якщо +його встановлено. + + + + + + re_expression (рядок) + + + Формальний вираз для цього домену, який описує спосіб поділи рядка, що +містить ім’я користувача та назву домену на ці компоненти. «Домен» може +відповідати назві домену налаштувань SSSD або, у випадку піддоменів довіри +IPA та доменів Active Directory, простій назві (NetBIOS) домену. + + + Default: +^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>[^@]+))$ +which allows two different styles for user names: + + + користувач + + + користувач@назва.домену + + + + + Default for the AD and IPA provider: +^(((?P<domain>[^\\]+)\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<name>[^@\\]+)))$ +which allows three different styles for user names: + + + користувач + + + користувач@назва.домену + + + домен\користувач + + + Перші два стилі відповідають загальним типовим стилям, а третій введено для +того, щоб полегшити інтеграцію користувачів з доменів Windows. + + + The default re_expression uses the @ character as a separator +between the name and the domain. As a result of this setting the default +does not accept the @ character in short names (as it is +allowed in Windows group names). If a user wishes to use short names with +@ they must create their own re_expression. + + + + + full_name_format (рядок) + + + Сумісний з printf +3 формат, який описує спосіб +створення повного імені на основі імені користувача та компонентів назви +домену. + + + Передбачено використання таких замінників: + + %1$s + ім’я користувача + + + %2$s + + + назва домену у форматі, вказаному у файлі налаштувань SSSD. + + + + + %3$s + + + проста назва домену. Здебільшого використовується для доменів Active +Directory, налаштованих та автоматично виявлених за зв’язками довіри IPA. + + + + + + + Типове значення: %1$s@%2$s. + + + + + + lookup_family_order (рядок) + + + Надає можливість вибрати бажане сімейство адрес, яке слід використовувати +під час виконання пошуків у DNS. + + + Передбачено підтримку таких значень: + + + ipv4_first: спробувати визначити адресу у форматі IPv4, у разі невдачі +спробувати формат IPv6 + + + ipv4_only: намагатися визначити назви вузлів лише у форматі адрес IPv4. + + + ipv6_first: спробувати визначити адресу у форматі IPv6, у разі невдачі +спробувати формат IPv4 + + + ipv6_only: намагатися визначити назви вузлів лише у форматі адрес IPv6. + + + Типове значення: ipv4_first + + + + + + dns_resolver_server_timeout (ціле число) + + + Визначає проміжок часу (у мілісекундах), протягом якого SSSD намагатиметься +обмінятися даними із сервером DNS, перш ніж пробувати наступний сервер DNS. + + + Надавач даних AD використовуватиме цей параметр також для визначення часу +очікування на відгук на луна-імпульс CLDAP. + + + Будь ласка, ознайомтеся із розділом РЕЗЕРВ, щоб дізнатися +більше про розв'язування питань, пов'язаних із службами. + + + Типове значення: 1000 + + + + + + dns_resolver_op_timeout (ціле число) + + + Визначає тривалість (у секундах) періоду, протягом якого програма чекатиме +на завершення виконання окремого запиту DNS (наприклад встановлення назви +вузла або запису SRV), перш ніж перейти до наступної назви вузла або пошуку +наступного DNS. + + + Будь ласка, ознайомтеся із розділом РЕЗЕРВ, щоб дізнатися +більше про розв'язування питань, пов'язаних із службами. + + + Типове значення: 3 + + + + + + dns_resolver_timeout (ціле число) + + + Визначає кількість часу (у секундах) очікування відповіді від внутрішньої +служби перемикання на резервний ресурс, перш ніж службу буде визначено +недоступним. Якщо час очікування буде перевищено, домен продовжуватиме +роботу у автономному режимі. + + + Будь ласка, ознайомтеся із розділом РЕЗЕРВ, щоб дізнатися +більше про розв'язування питань, пов'язаних із службами. + + + Типове значення: 6 + + + + + + dns_resolver_use_search_list (булеве значення) + + + Зазвичай, розв'язувач адрес DNS виконує пошук у списку доменів, який +визначено інструкцією «search» у файлі resolv.conf. Це може призвести до +затримок у середовищах, де DNS не налаштовано належним чином. + + + Якщо у налаштуваннях SSSD використано повні назви доменів (або _srv_), +встановлення для цього параметра значення FALSE може запобігти непотрібним +пошукам DNS у таких середовищах. + + + Типове значення: TRUE + + + + + + dns_discovery_domain (рядок) + + + Якщо у модулі обробки використовується визначення служб, вказує доменну +частину запиту визначення служб DNS. + + + Типова поведінка: використовувати назву домену з назви вузла комп’ютера. + + + + + + override_gid (ціле число) + + + Замірити значення основного GID на вказане. + + + + + + case_sensitive (рядок) + + + Зважати на регістр символів у назвах записів користувачів і груп. Можливі +значення: + + True + + + Враховується регістр. Це значення є некоректним для засобу надання даних AD. + + + + + False + + Без врахування регістру. + + + + Preserving + + + Те саме, що і False (без врахування регістру символів), але без переведення +у нижній регістр імен у результатах дій NSS. Зауважте, що альтернативні +імена (у випадку служб також назви протоколів) у виведених даних все одно +буде переведено у нижній регістр. + + + Якщо ви хочете встановити це значення для довіреного домену із надавачем +даних IPA, вам доведеться встановити його на боці клієнта і SSSD на сервері. + + + + + + + Цей параметр також може бути встановлено для окремого піддомену або +успадковано за допомогою subdomain_inherit. + + + Типове значення: True (False для засобу надання даних AD) + + + + + + subdomain_inherit (рядок) + + + Визначає список параметрів налаштування, які слід успадковувати для +піддомену. Будь ласка, зауважте, що успадковуватимуться лише вказані +параметри. У поточній версії передбачено можливість успадковування таких +параметрів: + + + ldap_search_timeout + + + ldap_network_timeout + + + ldap_opt_timeout + + + ldap_offline_timeout + + + ldap_enumeration_refresh_timeout + + + ldap_enumeration_refresh_offset + + + ldap_purge_cache_timeout + + + ldap_purge_cache_offset + + + ldap_krb5_keytab (значення krb5_keytab буде використано, якщо +ldap_krb5_keytab не встановлено явним чином) + + + ldap_krb5_ticket_lifetime + + + ldap_enumeration_search_timeout + + + ldap_connection_expire_timeout + + + ldap_connection_expire_offset + + + ldap_connection_idle_timeout + + + ldap_use_tokengroups + + + ldap_user_principal + + + ignore_group_members + + + auto_private_groups + + + case_sensitive + + + Приклад: +subdomain_inherit = ldap_purge_cache_timeout + + + + Типове значення: none + + + Зауваження: цей параметр працює лише для засобів надання даних IPA і AD. + + + + + + subdomain_homedir (рядок) + + + Використовувати вказаний домашній каталог як типовий для всіх піддоменів у +цьому домені у межах довіри AD IPA. Дані щодо можливих значень наведено у +описі параметра override_homedir. Крім того, +розгортання можна використовувати лише з +subdomain_homedir. + + %F + спрощена (NetBIOS) назва піддомену. + + + + + Це значення може бути перевизначено параметром +override_homedir. + + + Типове значення: /home/%d/%u + + + + + realmd_tags (рядок) + + + Різноманітні теґи, що зберігаються службою налаштовування realmd для цього +домену. + + + + + cached_auth_timeout (ціле число) + + + Визначає час у секундах з моменту останнього успішного розпізнавання у +мережі, для якого користувача буде розпізнано за допомогою кешованих +реєстраційних даних, доки SSSD перебуває у режимі «у мережі». Якщо +реєстраційні дані є помилковими, SSSD повертається до інтерактивного +розпізнавання. + + + Значення цього параметра успадковується усіма довіреними доменами. У +поточній версії не передбачено можливості встановлювати окремі різні +значення для різних довірених доменів. + + + Спеціальне значення 0 означає, що цю можливість вимкнено. + + + Будь ласка, зауважте, що якщо cached_auth_timeout має більше +значення за pam_id_timeout, модуль може бути викликано для +обробки initgroups. + + + Типове значення: 0 + + + + + local_auth_policy (string) + + + Local authentication methods policy. Some backends (i.e. LDAP, proxy +provider) only support a password based authentication, while others can +handle PKINIT based Smartcard authentication (AD, IPA), two-factor +authentication (IPA), or other methods against a central instance. By +default in such cases authentication is only performed with the methods +supported by the backend. + + + There are three possible values for this option: match, only, +enable. match is used to match offline and online states for +Kerberos methods. only ignores the online methods and only +offer the local ones. enable allows explicitly defining the methods for +local authentication. As an example, enable:passkey, only +enables passkey for local authentication. Multiple enable values should be +comma-separated, such as enable:passkey, enable:smartcard + + + Please note that if local Smartcard authentication is enabled and a +Smartcard is present, Smartcard authentication will be preferred over the +authentication methods supported by the backend. I.e. there will be a PIN +prompt instead of e.g. a password prompt. + + + The following configuration example allows local users to authenticate +locally using any enabled method (i.e. smartcard, passkey). +[domain/shadowutils] +id_provider = proxy +proxy_lib_name = files +auth_provider = none +local_auth_policy = only + + + + It is expected that the files provider ignores the +local_auth_policy option and supports Smartcard authentication by default. + + + Default: match + + + + + auto_private_groups (рядок) + + + Цей параметр приймає будь-яке з таких трьох доступних значень: + + true + + + Безумовно створює приватну групу користувача на основі номера UID +користувача. У цьому випадку номер GID буде проігноровано. + + + Зауваження: оскільки номер GID і приватна група користувача успадковуються з +номера UID, підтримки декількох записів із однаковим номером UID або GID у +цьому параметрі не передбачено. Іншими словами, вмикання цього параметра +примусово встановлює унікальність записів у просторі ідентифікаторів. + + + + + false + + + Завжди використовувати номер основної GID користувача. Номер GID має +вказувати на об'єкт групи у базі даних LDAP. + + + + + hybrid + + + Основна група створюється автоматично для записів користувача, значення UID +і GID яких збігаються і, одночасно, номер GID не відповідає справжньому +об'єкту групи у LDAP. Якщо значення є однаковими, але основне значення GID у +записі користувача також використовується як об'єкт групи, основний GID +цього користувача визначатиме цей об'єкт групи. + + + Якщо UID і GID користувача є різними, значення GID має відповідати запису +групи, інакше надійне визначення GID буде просто неможливим. + + + Ця можливість є корисною для середовищ, де бажаним є усування потреби у +супроводі окремих об'єктів груп для користувачів у приватних групах, але зі +збереженням наявних приватних груп для користувачів. + + + + + + + Для піддоменів типовим значенням є False для тих піддоменів, які пов'язано +із ідентифікаторами POSIX, і True для тих піддоменів, для яких +використовується автоматична прив'язка до ідентифікаторів. + + + Значення параметра auto_private_groups може встановлюватися або на рівні +окремих піддоменів у підрозділі, приклад: +[domain/forest.domain/sub.domain] +auto_private_groups = false + або на загальному рівні для усіх піддоменів у основному розділі +домену за допомогою параметра subdomain_inherit: +[domain/forest.domain] +subdomain_inherit = auto_private_groups +auto_private_groups = false + + + + + + + + + Параметри, які є чинними для доменів проксі. + + proxy_pam_target (рядок) + + + Комп’ютер, для якого виконує проксі-сервер PAM. + + + Default: not set by default, you have to take an existing pam configuration +or create a new one and add the service name here. As an alternative you can +enable local authentication with the local_auth_policy option. + + + + + + proxy_lib_name (рядок) + + + Назва бібліотеки NSS для використання у доменах з проксі-серверами. Функції +NSS шукаються у бібліотеці у форматі _nss_$(назва_бібліотеки)_$(функція), +наприклад _nss_files_getpwent. + + + + + + proxy_resolver_lib_name (рядок) + + + Назва бібліотеки NSS для використання для пошуку вузлів і мереж у доменах з +проксі-серверами. Функції NSS шукаються у бібліотеці у форматі +_nss_$(назва_бібліотеки)_$(функція), наприклад _nss_dns_gethostbyname2_r. + + + + + + proxy_fast_alias (булеве значення) + + + Під час пошуку запису користувача чи групи за назвою у системі надання даних +переадресації виконується вторинний пошук за ідентифікатором з метою +визначення «канонічної» форми назви, якщо результат знайдено за +альтернативною назвою (псевдонімом). Встановлення для цього параметра +значення «true» призведе до того, що SSSD виконуватиме пошук ідентифікатора +у кеші, щоб пришвидшити надання результатів. + + + Типове значення: false + + + + + + proxy_max_children (ціле число) + + + Цей параметр визначає кількість попередньо розгалужених дочірніх проксі. Він +корисний для високонавантажених середовищ SSSD, де sssd може вичерпати +кількість доступних дочірніх слотів, що може спричинити деякі вади через +використання черги запитів. + + + Типове значення: 10 + + + + + + + + + Домени програм (application) + + SSSD, з його інтерфейсом D-Bus (див. +sssd-ifp 5 +) є привабливим для програм як шлюз до каталогу LDAP, де +зберігаються дані користувачів і груп. Втім, на відміну від традиційного +формату роботи SSSD, де усі користувачі і групи або мають атрибути POSIX, +або ці атрибути може бути успадковано з SID Windows, у багатьох випадках +користувачі і групи у сценарії підтримки роботи програм не мають атрибутів +POSIX. Замість визначення розділу +[domain/НАЗВА] адміністратор може +визначити розділ +[application/НАЗВА], який на +внутрішньому рівні представляє домен типу application, який +може успадковувати параметр з традиційного домену SSSD. + + + Будь ласка, зауважте, що домен програм має так само явним чином увімкнено у +параметрі domains, отже порядок пошуку між доменом програм і +його доменом-близнюком у POSIX має бути встановлено належним чином. + + + Параметри доменів програм + + inherit_from (рядок) + + + Домен типу POSIX SSSD, з якого домен програм успадковує усі параметри. Далі, +домен програм поже додавати власні параметри до параметрів програми, які +розширюють або перевизначають параметри домену-близнюка. + + + Типове значення: не встановлено + + + + + + У наведеному нижче прикладі проілюстровано використання домену програм. У +цій конфігурації домен POSIX з'єднано із сервером LDAP, він використовується +операційною системою через відповідач NSS. Крім того, домен програм також +надсилає запит щодо атрибута telephoneNumber, зберігає його як атрибут phone +у кеші і робить атрибут phone доступним через інтерфейс D-Bus. + + +[sssd] +domains = appdom, posixdom + +[ifp] +user_attributes = +phone + +[domain/posixdom] +id_provider = ldap +ldap_uri = ldap://ldap.example.com +ldap_search_base = dc=example,dc=com + +[application/appdom] +inherit_from = posixdom +ldap_user_extra_attrs = phone:telephoneNumber + + + + + + + РОЗДІЛ ДОВІРЕНИХ ДОМЕНІВ + + Деякі параметри, які використовуються у розділі домену, можна також +використовувати у розділі довіреного домену, тобто у розділі, який +називається +[domain/НАЗВА_ДОМЕНУ/НАЗВА_ДОВІРЕНОГО_ДОМЕНУ]. +Де НАЗВА_ДОМЕНУ є справжнім базовим доменом для долучення. Приклади наведено +нижче. У поточній версії підтримуваними параметрами у розділі довіреного +домену є такі параметри: + + ldap_search_base, + ldap_user_search_base, + ldap_group_search_base, + ldap_netgroup_search_base, + ldap_service_search_base, + ldap_sasl_mech, + ad_server, + ad_backup_server, + ad_site, + use_fully_qualified_names + pam_gssapi_services + pam_gssapi_check_upn + + Докладніший опис цих параметрів можна знайти у окремих описах на сторінці +підручника. + + + + + РОЗДІЛ ПРИВ'ЯЗКИ СЕРТИФІКАТІВ + + Щоб уможливити розпізнавання за смарткартками та сертифікатами, SSSD повинна +мати можливість пов'язувати сертифікати із записами +користувачів. Забезпечити таку можливість можна додаванням повного +сертифіката до об'єкта LDAP користувача або локальним перевизначенням. Хоча +використання повного сертифіката є обов'язковим для використання можливості +розпізнавання за смарткарткою у (див. +sss_ssh_authorizedkeys +8 , щоб дізнатися більше), додавання +таких сертифікатів може бути марудною або навіть неможливою справою для +загального випадку, коли локальні служби використовують для розпізнавання +PAM. + + + Для додавання гнучкості прив'язкам у SSSD додано правила прив'язки і +встановлення відповідності (докладніше про це у розділі +sss-certmap 5 +). + + + Правила пов'язування та відповідності можна додати до налаштувань SSSD у +окремий розділ із назвою, подібною до +[certmap/НАЗВА_ДОМЕНУ/НАЗВА_ПРАВИЛА]. +У цьому розділі можна використовувати такі параметри: + + + + matchrule (рядок) + + + Буде виконано обробку лише тих сертифікатів зі смарткартки, які відповідають +цьому правилу. Усі інші сертифікати буде проігноровано. + + + Типове значення: KRB5:<EKU>clientAuth, тобто лише сертифікати, у яких +Extended Key Usage (розширене використання ключа) дорівнює +clientAuth + + + + + maprule (рядок) + + + Визначає спосіб пошуку користувача для вказаного сертифіката. + + + Типове значення: + + + LDAP:(userCertificate;binary={cert!bin}) для заснованих на LDAP надавачів +даних, зокрема ldap, AD та ipa. + + + RULE_NAME для надавача даних files, який намагається знайти +запис користувача і такою самою назвою. + + + + + + + domains (рядок) + + + Список відокремлених комами назв доменів, до яких слід застосовувати +правило. Типово, правило стосуватиметься лише домену, який налаштовано у +sssd.conf. Якщо для надавача даних передбачено підтримку піддоменів, цей +параметр можна використати і для додавання правила до піддоменів. + + + Типове значення: домен, який налаштовано у sssd.conf + + + + + priority (ціле число) + + + Ціле невід'ємне значення, яке визначає пріоритетність правила. Чим більшим є +значення, тим нижчою є пріоритетність. 0 — найвища +пріоритетність, а 4294967295 — найнижча. + + + Типове значення: найнижча пріоритетність + + + + + + Щоб спростити налаштовування із зменшити кількість параметрів +налаштовування, у надавачі даних files передбачено декілька +спеціальних властивостей: + + + + якщо не встановлено maprule, припускається, що значенням RULE_NAME є назва +відповідного облікового запису користувача + + + + + якщо maprule використовує обидва, назву облікового запису окремого +користувача або шаблон, подібний до +{назва_об'єкта_rfc822.коротка_назва}, слід брати у дужки, +наприклад (користувач) або +({назва_об'єкта_rfc822.коротка_назва}) + + + + + параметр domains буде проігноровано + + + + + + + + РОЗДІЛ НАЛАШТОВУВАННЯ ЗАПИТІВ + + Якщо існує спеціальний файл +(/var/lib/sss/pubconf/pam_preauth_available), модуль +PAM SSSD pam_sss надсилатиме запит до SSSD для визначення того, які методи +розпізнавання доступні для користувача, який намагається увійти до +системи. На основі отриманих результатів pam_sss надсилатиме запит до +користувача щодо відповідних реєстраційних даних. + + + Зростання кількості способів розпізнавання та можливість того, що для +окремого користувача передбачено декілька способів, призводить до того, що +евристика, яка використовується pam_sss для вибору запиту може не +спрацьовувати в усіх можливих випадках. Підвищення гнучкості системи у таких +випадках мають забезпечити описані нижче параметри. + + + Each supported authentication method has its own configuration subsection +under [prompting/...]. Currently there are: + + [prompting/password] + + для налаштовування запиту щодо пароля; дозволені параметри: password_prompt + для зміни рядка запиту пароля + + + + + + [prompting/2fa] + + для налаштовування запитів щодо двофакторного розпізнавання. Можливі +варіанти значень: first_prompt + для зміни рядка запиту для першого фактора + + second_prompt + для зміни рядка запиту для другого фактора + + single_prompt + булеве значення. Якщо True, буде виконано лише один запит із використанням +значення first_prompt. Припускатиметься, що обидва фактори введено як один +рядок. Будь ласка, зауважте, що тут може бути введено обидва фактори, навіть +якщо другий фактор не є обов'язковим. + + Якщо другий +фактор є необов'язковим і має бути збережено можливість входу або лише за +паролем, або за двома факторами, має бути використано двокроковий запит. + + + + + + + [prompting/passkey] + + to configure passkey authentication prompting, allowed options are: + + + interactive + + boolean value, if True prompt a message and wait before testing the presence +of a passkey device. Recommended if your device doesn’t have a tactile +trigger. + + + + + interactive_prompt + + to change the message of the interactive prompt. + + + + + touch + + boolean value, if True prompt a message to remind the user to touch the +device. + + + + + touch_prompt + + to change the message of the touch prompt. + + + + + + + + + + + Передбачено можливість додавання підрозділу для специфічних служб PAM, +наприклад [prompting/password/sshd], для окремої зміни запиту +для цієї служби. + + + + + ПРИКЛАДИ + + 1. Нижче наведено приклад типових налаштувань SSSD. Налаштування самого +домену не наведено, — щоб дізнатися більше про неї, ознайомтеся з +документацією щодо налаштовування доменів. +[sssd] +domains = LDAP +services = nss, pam +config_file_version = 2 + +[nss] +filter_groups = root +filter_users = root + +[pam] + +[domain/LDAP] +id_provider = ldap +ldap_uri = ldap://ldap.example.com +ldap_search_base = dc=example,dc=com + +auth_provider = krb5 +krb5_server = kerberos.example.com +krb5_realm = EXAMPLE.COM +cache_credentials = true + +min_id = 10000 +max_id = 20000 +enumerate = False + + + + 2. У наведеному нижче прикладі показано налаштування довіри AD у IPA, де ліс +AD складається з двох доменів у структурі батьківський-дочірній. Нехай домен +IPA (ipa.com) має стосунки довіри з доменом AD (ad.com). ad.com має дочірній +домен (child.ad.com). Щоб увімкнути скорочені назви у дочірньому домені, +слід скористатися наведеними нижче налаштуваннями. +[domain/ipa.com/child.ad.com] +use_fully_qualified_names = false + + + + 3. The following example shows the configuration of a certificate mapping +rule. It is valid for the configured domain my.domain and +additionally for the subdomains your.domain and uses the full +certificate in the search filter. +[certmap/my.domain/rule_name] +matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$ +maprule = (userCertificate;binary={cert!bin}) +domains = my.domain, your.domain +priority = 10 + + + + + + + + diff --git a/src/man/uk/sssd_krb5_localauth_plugin.8.xml b/src/man/uk/sssd_krb5_localauth_plugin.8.xml new file mode 100644 index 0000000..b329bfe --- /dev/null +++ b/src/man/uk/sssd_krb5_localauth_plugin.8.xml @@ -0,0 +1,68 @@ + + + +Сторінки підручника SSSD + + + + + sssd_krb5_localauth_plugin + 8 + + + + sssd_krb5_localauth_plugin + Додаток для локального уповноваження Kerberos + + + + ОПИС + + Додаток локального уповноваження Kerberos +sssd_krb5_localauth_plugin використовує libkrb5 для того, +щоб або знайти локальну назву для заданого реєстраційного запису Kerberos, +або для перевірки того, чи задана локальна назва і заданий реєстраційний +запис Kerberos є пов'язаними між собою. + + + SSSD обробляє локальні назви записів користувачів з віддаленого джерела і +може також читати назву реєстраційного запису користувача Kerberos з +віддаленого джерела. На основі цих даних SSSD може дуже просто обробити +згадані вище прив'язки, навіть якщо локальна назва і реєстраційний запис +Kerberos значно відрізняються. + + + Крім того, на основі даних, прочитаних з віддаленого джерела SSSD може +допомогти запобігти неочікуваним або небажаним прив'язкам у випадку, коли +назва запису користувача у реєстраційному записі Kerberos випадково +збігатиметься із локальною назвою запису іншого користувача. Типово, libkrb5 +може просто вилучити з реєстраційного запису Kerberos частину, яку пов'язано +із областю дії, для отримання локальної назви запису, що може призвести у +цьому випадку до помилкових прив'язок. + + + + + НАЛАШТУВАННЯ + + Додаток локального уповноваження Kerberos має бути явним чином увімкнено у +налаштуваннях Kerberos, див. +krb5.conf 5 +. SSSD автоматично створить фрагмент налаштувань із вмістом, +подібним до такого: +[plugins] + localauth = { + module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so + } + у +загальнодоступному каталозі фрагментів налаштувань SSSD Kerberos. Якщо цей +каталог включено до локальних налаштувань Kerberos, додаток буде увімкнено +автоматично. + + + + + + + diff --git a/src/man/uk/sssd_krb5_locator_plugin.8.xml b/src/man/uk/sssd_krb5_locator_plugin.8.xml new file mode 100644 index 0000000..692e1a7 --- /dev/null +++ b/src/man/uk/sssd_krb5_locator_plugin.8.xml @@ -0,0 +1,108 @@ + + + +Сторінки підручника SSSD + + + + + sssd_krb5_locator_plugin + 8 + + + + sssd_krb5_locator_plugin + Додаток локатора Kerberos + + + + ОПИС + + Для пошуку KDC для вказаної області Kerberos libkrb5 використовує додаток +пошуку Kerberos sssd_krb5_locator_plugin. SSSD надає +такий додаток для спрямовування усіх клієнтів Kerberos у системі до єдиного +KDC. Загалом, немає значення, з яким KDC клієнт обмінюється даними. Втім, +бувають випадки, наприклад, після зміни пароля, коли не усі KDC перебувають +в одному стані, оскільки нові дані має бути спочатку відтворено на усіх +серверах. Щоб уникнути неочікуваних помилок під час розпізнавання або навіть +блокування облікових записів, варто примусово обмежувати обмін даними до +одного KDC якомога довше. + + + libkrb5 шукатиме додаток пошуку у підкаталозі libkrb5 каталогу додатків +Kerberos, див. plugin_base_dir у +krb5.conf 5 +, щоб дізнатися більше. Додаток можна вимкнути лише +вилученням файла додатка. У налаштуваннях Kerberos не передбачено пунктів +для його вимикання. Втім, для вимикання додатка для окремих команд можна +скористатися змінною середовища SSSD_KRB5_LOCATOR_DISABLE. Крім того, можна +скористатися параметром SSSD krb5_use_kdcinfo=False з метою заборони +створення даних, які потрібні для роботи додатка. Якщо визначити цю змінну, +додаток викликатиметься, але не надаватиме дані функції виклику, отже +libkrb5 зможе повернутися до інших методів, які визначено у krb5.conf. + + + Додаток читає дані щодо KDC вказаної області з файла із назвою +kdcinfo.REALM. Цей файл має містити одну або декілька +назв DNS або IP-адрес або у форматі чисел, які відокремлено крапками, IPv4, +або у шістнадцятковому форматі IPv6. Можна додати необов'язковий номер порту +наприкінці, відокремивши його від решти запису двокрапкою. У цьому випадку, +як завжди, адресу IPv6 слід взяти у квадратні дужки. Коректними вважаються +такі записи: + + kdc.example.com + kdc.example.com:321 + 1.2.3.4 + 5.6.7.8:99 + 2001:db8:85a3::8a2e:370:7334 + [2001:db8:85a3::8a2e:370:7334]:321 + + Надавач даних розпізнавання krb5 SSSD, який використовується також +надавачами даних IPA та AD, додає до цього файла адресу поточного KDC або +контролера домену, який використовує SSSD. + + + У середовищах із придатними лише для читання або для читання запису KDC, де, +як очікується, клієнти використовуватимуть придатні лише для читання +екземпляри для виконання загальних завдань і користуватиметься призначеними +для запису KDC лише для внесення змін до налаштувань, зокрема зміни паролів, +kpasswdinfo.REALM також використовується для визначення +придатних до читання і запису KDC. Якщо цей файл існує для вказаної області, +його вміст буде використано додатком для надання відповідей на запити щодо +сервера kpasswd або kadmin чи щодо певного основного KDC MIT Kerberos. Якщо +адреса містить номер порту, для останньої мети використовуватиметься типовий +порт KDC 88. + + + + + ЗАУВАЖЕННЯ + + Підтримку використання додатків передбачено не у всіх реалізаціях +Kerberos. Якщо у вашій системі немає +sssd_krb5_locator_plugin, вам слід внести зміни до +/etc/krb5.conf, які відповідатимуть вашій версії Kerberos. + + + Якщо встановлено будь-яке значення змінної середовища +SSSD_KRB5_LOCATOR_DEBUG, діагностичні повідомлення надсилатимуться до +stderr. + + + Якщо встановлено будь-яке значення для змінної середовища +SSSD_KRB5_LOCATOR_DISABLE, додаток буде вимкнено і поверне функції виклику +лише KRB5_PLUGIN_NO_HANDLE. + + + Якщо встановлено будь-яке значення змінної середовища +SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES, додаток спробує визначити усі назви +DNS у файлі kdcinfo. Типово, додаток повертає функції виклику +KRB5_PLUGIN_NO_HANDLE негайно після першої ж невдалої спроби визначення DNS. + + + + + + + diff --git a/src/man/zh_CN/include/ad_modified_defaults.xml b/src/man/zh_CN/include/ad_modified_defaults.xml new file mode 100644 index 0000000..6ee0537 --- /dev/null +++ b/src/man/zh_CN/include/ad_modified_defaults.xml @@ -0,0 +1,104 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and AD provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_enterprise_principal = true + + + + + + LDAP Provider + + + + ldap_schema = ad + + + + + ldap_force_upper_case_realm = true + + + + + ldap_id_mapping = true + + + + + ldap_sasl_mech = GSS-SPNEGO + + + + + ldap_referrals = false + + + + + ldap_account_expire_policy = ad + + + + + ldap_use_tokengroups = true + + + + + ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM) + + + The AD provider looks for a different principal than the LDAP provider by +default, because in an Active Directory environment the principals are +divided into two groups - User Principals and Service Principals. Only User +Principal can be used to obtain a TGT and by default, computer object's +principal is constructed from its sAMAccountName and the AD realm. The +well-known host/hostname@REALM principal is a Service Principal and thus +cannot be used to get a TGT with. + + + + + + NSS configuration + + + + fallback_homedir = /home/%d/%u + + + The AD provider automatically sets "fallback_homedir = /home/%d/%u" to +provide personal home directories for users without the homeDirectory +attribute. If your AD Domain is properly populated with Posix attributes, +and you want to avoid this fallback behavior, you can explicitly set +"fallback_homedir = %o". + + + Note that the system typically expects a home directory in /home/%u +folder. If you decide to use a different directory structure, some other +parts of your system may need adjustments. + + + For example automated creation of home directories in combination with +selinux requires selinux adjustment, otherwise the home directory will be +created with wrong selinux context. + + + + + diff --git a/src/man/zh_CN/include/autofs_attributes.xml b/src/man/zh_CN/include/autofs_attributes.xml new file mode 100644 index 0000000..8016b31 --- /dev/null +++ b/src/man/zh_CN/include/autofs_attributes.xml @@ -0,0 +1,66 @@ + + + ldap_autofs_map_object_class (string) + + + The object class of an automount map entry in LDAP. + + + Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap + + + + + + ldap_autofs_map_name (string) + + + The name of an automount map entry in LDAP. + + + Default: nisMapName (rfc2307, autofs_provider=ad), otherwise +automountMapName + + + + + + ldap_autofs_entry_object_class (string) + + + The object class of an automount entry in LDAP. The entry usually +corresponds to a mount point. + + + Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount + + + + + + ldap_autofs_entry_key (string) + + + The key of an automount entry in LDAP. The entry usually corresponds to a +mount point. + + + Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey + + + + + + ldap_autofs_entry_value (string) + + + The key of an automount entry in LDAP. The entry usually corresponds to a +mount point. + + + Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise +automountInformation + + + + diff --git a/src/man/zh_CN/include/autofs_restart.xml b/src/man/zh_CN/include/autofs_restart.xml new file mode 100644 index 0000000..f31efe5 --- /dev/null +++ b/src/man/zh_CN/include/autofs_restart.xml @@ -0,0 +1,5 @@ + + Please note that the automounter only reads the master map on startup, so if +any autofs-related changes are made to the sssd.conf, you typically also +need to restart the automounter daemon after restarting the SSSD. + diff --git a/src/man/zh_CN/include/debug_levels.xml b/src/man/zh_CN/include/debug_levels.xml new file mode 100644 index 0000000..1f51573 --- /dev/null +++ b/src/man/zh_CN/include/debug_levels.xml @@ -0,0 +1,97 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Please note that each SSSD service logs into its own log file. Also please +note that enabling debug_level in the [sssd] +section only enables debugging just for the sssd process itself, not for the +responder or provider processes. The debug_level parameter +should be added to all sections that you wish to produce debug logs from. + + + In addition to changing the log level in the config file using the +debug_level parameter, which is persistent, but requires SSSD +restart, it is also possible to change the debug level on the fly using the + sss_debuglevel +8 tool. + + + Currently supported debug levels: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 9, 0x20000: Performance and +statistical data, please note that due to the way requests are processed +internally the logged execution time of a request might be longer than it +actually was. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Example: To log fatal failures, critical failures, +serious failures and function data use 0x0270. + + + Example: To log fatal failures, configuration settings, +function data, trace messages for internal control functions use 0x1310. + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/zh_CN/include/debug_levels_tools.xml b/src/man/zh_CN/include/debug_levels_tools.xml new file mode 100644 index 0000000..23f2f89 --- /dev/null +++ b/src/man/zh_CN/include/debug_levels_tools.xml @@ -0,0 +1,77 @@ + + + SSSD supports two representations for specifying the debug level. The +simplest is to specify a decimal value from 0-9, which represents enabling +that level and all lower-level debug messages. The more comprehensive option +is to specify a hexadecimal bitmask to enable or disable specific levels +(such as if you wish to suppress a level). + + + Currently supported debug levels: + + + 0, 0x0010: Fatal +failures. Anything that would prevent SSSD from starting up or causes it to +cease running. + + + 1, 0x0020: Critical failures. An +error that doesn't kill SSSD, but one that indicates that at least one major +feature is not going to work properly. + + + 2, 0x0040: Serious failures. An +error announcing that a particular request or operation has failed. + + + 3, 0x0080: Minor failures. These +are the errors that would percolate down to cause the operation failure of +2. + + + 4, 0x0100: Configuration settings. + + + 5, 0x0200: Function data. + + + 6, 0x0400: Trace messages for +operation functions. + + + 7, 0x1000: Trace messages for +internal control functions. + + + 8, 0x2000: Contents of +function-internal variables that may be interesting. + + + 9, 0x4000: Extremely low-level +tracing information. + + + 10, 0x10000: Even more low-level +libldb tracing information. Almost never really required. + + + To log required bitmask debug levels, simply add their numbers together as +shown in following examples: + + + Example: To log fatal failures, critical failures, +serious failures and function data use 0x0270. + + + Example: To log fatal failures, configuration settings, +function data, trace messages for internal control functions use 0x1310. + + + Note: The bitmask format of debug levels was introduced +in 1.7.0. + + + Default: 0x0070 (i.e. fatal, critical and serious +failures; corresponds to setting 2 in decimal notation) + + diff --git a/src/man/zh_CN/include/failover.xml b/src/man/zh_CN/include/failover.xml new file mode 100644 index 0000000..15d4fae --- /dev/null +++ b/src/man/zh_CN/include/failover.xml @@ -0,0 +1,120 @@ + + FAILOVER + + The failover feature allows back ends to automatically switch to a different +server if the current server fails. + + + Failover Syntax + + The list of servers is given as a comma-separated list; any number of spaces +is allowed around the comma. The servers are listed in order of +preference. The list can contain any number of servers. + + + For each failover-enabled config option, two variants exist: +primary and backup. The idea is +that servers in the primary list are preferred and backup servers are only +searched if no primary servers can be reached. If a backup server is +selected, a timeout of 31 seconds is set. After this timeout SSSD will +periodically try to reconnect to one of the primary servers. If it succeeds, +it will replace the current active (backup) server. + + + + The Failover Mechanism + + The failover mechanism distinguishes between a machine and a service. The +back end first tries to resolve the hostname of a given machine; if this +resolution attempt fails, the machine is considered offline. No further +attempts are made to connect to this machine for any other service. If the +resolution attempt succeeds, the back end tries to connect to a service on +this machine. If the service connection attempt fails, then only this +particular service is considered offline and the back end automatically +switches over to the next service. The machine is still considered online +and might still be tried for another service. + + + Further connection attempts are made to machines or services marked as +offline after a specified period of time; this is currently hard coded to 30 +seconds. + + + If there are no more machines to try, the back end as a whole switches to +offline mode, and then attempts to reconnect every 30 seconds. + + + + Failover time outs and tuning + + Resolving a server to connect to can be as simple as running a single DNS +query or can involve several steps, such as finding the correct site or +trying out multiple host names in case some of the configured servers are +not reachable. The more complex scenarios can take some time and SSSD needs +to balance between providing enough time to finish the resolution process +but on the other hand, not trying for too long before falling back to +offline mode. If the SSSD debug logs show that the server resolution is +timing out before a live server is contacted, you can consider changing the +time outs. + + + This section lists the available tunables. Please refer to their description +in the +sssd.conf5 +, manual page. + + + dns_resolver_server_timeout + + + + Time in milliseconds that sets how long would SSSD talk to a single DNS +server before trying next one. + + + Default: 1000 + + + + + + dns_resolver_op_timeout + + + + Time in seconds to tell how long would SSSD try to resolve single DNS query +(e.g. resolution of a hostname or an SRV record) before trying the next +hostname or discovery domain. + + + 默认: 3 + + + + + + dns_resolver_timeout + + + + How long would SSSD try to resolve a failover service. This service +resolution internally might include several steps, such as resolving DNS SRV +queries or locating the site. + + + Default: 6 + + + + + + + For LDAP-based providers, the resolve operation is performed as part of an +LDAP connection operation. Therefore, also the +ldap_opt_timeout timeout should be set to a larger value than +dns_resolver_timeout which in turn should be set to a larger +value than dns_resolver_op_timeout which should be larger +than dns_resolver_server_timeout. + + + diff --git a/src/man/zh_CN/include/homedir_substring.xml b/src/man/zh_CN/include/homedir_substring.xml new file mode 100644 index 0000000..d7533de --- /dev/null +++ b/src/man/zh_CN/include/homedir_substring.xml @@ -0,0 +1,17 @@ + + homedir_substring (string) + + + The value of this option will be used in the expansion of the +override_homedir option if the template contains the +format string %H. An LDAP directory entry can directly +contain this template so that this option can be used to expand the home +directory path for each client machine (or operating system). It can be set +per-domain or globally in the [nss] section. A value specified in a domain +section will override one set in the [nss] section. + + + Default: /home + + + diff --git a/src/man/zh_CN/include/ipa_modified_defaults.xml b/src/man/zh_CN/include/ipa_modified_defaults.xml new file mode 100644 index 0000000..4ad4b45 --- /dev/null +++ b/src/man/zh_CN/include/ipa_modified_defaults.xml @@ -0,0 +1,123 @@ + + MODIFIED DEFAULT OPTIONS + + Certain option defaults do not match their respective backend provider +defaults, these option names and IPA provider-specific defaults are listed +below: + + + KRB5 Provider + + + + krb5_validate = true + + + + + krb5_use_fast = try + + + + + krb5_canonicalize = true + + + + + + LDAP Provider - General + + + + ldap_schema = ipa_v1 + + + + + ldap_force_upper_case_realm = true + + + + + ldap_sasl_mech = GSSAPI + + + + + ldap_sasl_minssf = 56 + + + + + ldap_account_expire_policy = ipa + + + + + ldap_use_tokengroups = true + + + + + + LDAP Provider - User options + + + + ldap_user_member_of = memberOf + + + + + ldap_user_uuid = ipaUniqueID + + + + + ldap_user_ssh_public_key = ipaSshPubKey + + + + + ldap_user_auth_type = ipaUserAuthType + + + + + + LDAP Provider - Group options + + + + ldap_group_object_class = ipaUserGroup + + + + + ldap_group_object_class_alt = posixGroup + + + + + ldap_group_member = member + + + + + ldap_group_uuid = ipaUniqueID + + + + + ldap_group_objectsid = ipaNTSecurityIdentifier + + + + + ldap_group_external_member = ipaExternalMember + + + + + diff --git a/src/man/zh_CN/include/krb5_options.xml b/src/man/zh_CN/include/krb5_options.xml new file mode 100644 index 0000000..e13ba89 --- /dev/null +++ b/src/man/zh_CN/include/krb5_options.xml @@ -0,0 +1,153 @@ + + + krb5_auth_timeout (integer) + + + Timeout in seconds after an online authentication request or change password +request is aborted. If possible, the authentication request is continued +offline. + + + Default: 6 + + + + + + krb5_validate (boolean) + + + Verify with the help of krb5_keytab that the TGT obtained has not been +spoofed. The keytab is checked for entries sequentially, and the first entry +with a matching realm is used for validation. If no entry matches the realm, +the last entry in the keytab is used. This process can be used to validate +environments using cross-realm trust by placing the appropriate keytab entry +as the last entry or the only entry in the keytab file. + + + Default: false (IPA and AD provider: true) + + + Please note that the ticket validation is the first step when checking the +PAC (see 'pac_check' in the +sssd.conf 5 + manual page for details). If ticket validation is disabled +the PAC checks will be skipped as well. + + + + + + krb5_renewable_lifetime (string) + + + Request a renewable ticket with a total lifetime, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + Default: not set, i.e. the TGT is not renewable + + + + + + krb5_lifetime (string) + + + Request ticket with a lifetime, given as an integer immediately followed by +a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given s is assumed. + + + NOTE: It is not possible to mix units. To set the lifetime to one and a +half hours please use '90m' instead of '1h30m'. + + + Default: not set, i.e. the default ticket lifetime configured on the KDC. + + + + + + krb5_renew_interval (string) + + + The time in seconds between two checks if the TGT should be renewed. TGTs +are renewed if about half of their lifetime is exceeded, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + If this option is not set or is 0 the automatic renewal is disabled. + + + Default: not set + + + + + + krb5_canonicalize (boolean) + + + Specifies if the host and user principal should be canonicalized. This +feature is available with MIT Kerberos 1.7 and later versions. + + + + Default: false + + + + diff --git a/src/man/zh_CN/include/ldap_id_mapping.xml b/src/man/zh_CN/include/ldap_id_mapping.xml new file mode 100644 index 0000000..f80be8d --- /dev/null +++ b/src/man/zh_CN/include/ldap_id_mapping.xml @@ -0,0 +1,284 @@ + + ID MAPPING + + The ID-mapping feature allows SSSD to act as a client of Active Directory +without requiring administrators to extend user attributes to support POSIX +attributes for user and group identifiers. + + + NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are +ignored. This is to avoid the possibility of conflicts between +automatically-assigned and manually-assigned values. If you need to use +manually-assigned values, ALL values must be manually-assigned. + + + Please note that changing the ID mapping related configuration options will +cause user and group IDs to change. At the moment, SSSD does not support +changing IDs, so the SSSD database must be removed. Because cached passwords +are also stored in the database, removing the database should only be +performed while the authentication servers are reachable, otherwise users +might get locked out. In order to cache the password, an authentication must +be performed. It is not sufficient to use +sss_cache 8 + to remove the database, rather the process consists of: + + + + Making sure the remote servers are reachable + + + + + Stopping the SSSD service + + + + + Removing the database + + + + + Starting the SSSD service + + + + Moreover, as the change of IDs might necessitate the adjustment of other +system properties such as file and directory ownership, it's advisable to +plan ahead and test the ID mapping configuration thoroughly. + + + + Mapping Algorithm + + Active Directory provides an objectSID for every user and group object in +the directory. This objectSID can be broken up into components that +represent the Active Directory domain identity and the relative identifier +(RID) of the user or group object. + + + The SSSD ID-mapping algorithm takes a range of available UIDs and divides it +into equally-sized component sections - called "slices"-. Each slice +represents the space available to an Active Directory domain. + + + When a user or group entry for a particular domain is encountered for the +first time, the SSSD allocates one of the available slices for that +domain. In order to make this slice-assignment repeatable on different +client machines, we select the slice based on the following algorithm: + + + The SID string is passed through the murmurhash3 algorithm to convert it to +a 32-bit hashed value. We then take the modulus of this value with the total +number of available slices to pick the slice. + + + NOTE: It is possible to encounter collisions in the hash and subsequent +modulus. In these situations, we will select the next available slice, but +it may not be possible to reproduce the same exact set of slices on other +machines (since the order that they are encountered will determine their +slice). In this situation, it is recommended to either switch to using +explicit POSIX attributes in Active Directory (disabling ID-mapping) or +configure a default domain to guarantee that at least one is always +consistent. See Configuration for details. + + + + + Configuration + + Minimum configuration (in the [domain/DOMAINNAME] section): + + + +ldap_id_mapping = True +ldap_schema = ad + + + + The default configuration results in configuring 10,000 slices, each capable +of holding up to 200,000 IDs, starting from 200,000 and going up to +2,000,200,000. This should be sufficient for most deployments. + + + Advanced Configuration + + + ldap_idmap_range_min (integer) + + + Specifies the lower (inclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +can be used for the mapping. + + + NOTE: This option is different from min_id in that +min_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +min_id be less-than or equal to +ldap_idmap_range_min + + + Default: 200000 + + + + + ldap_idmap_range_max (integer) + + + Specifies the upper (exclusive) bound of the range of POSIX IDs to use for +mapping Active Directory user and group SIDs. It is the first POSIX ID which +cannot be used for the mapping anymore, i.e. one larger than the last one +which can be used for the mapping. + + + NOTE: This option is different from max_id in that +max_id acts to filter the output of requests to this domain, +whereas this option controls the range of ID assignment. This is a subtle +distinction, but the good general advice would be to have +max_id be greater-than or equal to +ldap_idmap_range_max + + + Default: 2000200000 + + + + + ldap_idmap_range_size (integer) + + + Specifies the number of IDs available for each slice. If the range size +does not divide evenly into the min and max values, it will create as many +complete slices as it can. + + + NOTE: The value of this option must be at least as large as the highest user +RID planned for use on the Active Directory server. User lookups and login +will fail for any user whose RID is greater than this value. + + + For example, if your most recently-added Active Directory user has +objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, +ldap_idmap_range_size must be at least 1108 as range size is +equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1). + + + It is important to plan ahead for future expansion, as changing this value +will result in changing all of the ID mappings on the system, leading to +users with different local IDs than they previously had. + + + Default: 200000 + + + + + ldap_idmap_default_domain_sid (string) + + + Specify the domain SID of the default domain. This will guarantee that this +domain will always be assigned to slice zero in the ID map, bypassing the +murmurhash algorithm described above. + + + Default: not set + + + + + ldap_idmap_default_domain (string) + + + Specify the name of the default domain. + + + Default: not set + + + + + ldap_idmap_autorid_compat (boolean) + + + Changes the behavior of the ID-mapping algorithm to behave more similarly to +winbind's idmap_autorid algorithm. + + + When this option is configured, domains will be allocated starting with +slice zero and increasing monotonically with each additional domain. + + + NOTE: This algorithm is non-deterministic (it depends on the order that +users and groups are requested). If this mode is required for compatibility +with machines running winbind, it is recommended to also use the +ldap_idmap_default_domain_sid option to guarantee that at +least one domain is consistently allocated to slice zero. + + + Default: False + + + + + ldap_idmap_helper_table_size (integer) + + + Maximal number of secondary slices that is tried when performing mapping +from UNIX id to SID. + + + Note: Additional secondary slices might be generated when SID is being +mapped to UNIX id and RID part of SID is out of range for secondary slices +generated so far. If value of ldap_idmap_helper_table_size is equal to 0 +then no additional secondary slices are generated. + + + Default: 10 + + + + + + + + + Well-Known SIDs + + SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a +special hardcoded meaning. Since the generic users and groups related to +those Well-Known SIDs have no equivalent in a Linux/UNIX environment no +POSIX IDs are available for those objects. + + + The SID name space is organized in authorities which can be seen as +different domains. The authorities for the Well-Known SIDs are + + Null Authority + World Authority + Local Authority + Creator Authority + Mandatory Label Authority + Authentication Authority + NT Authority + Built-in + + The capitalized version of these names are used as domain names when +returning the fully qualified name of a Well-Known SID. + + + Since some utilities allow to modify SID based access control information +with the help of a name instead of using the SID directly SSSD supports to +look up the SID by the name as well. To avoid collisions only the fully +qualified names can be used to look up Well-Known SIDs. As a result the +domain names NULL AUTHORITY, WORLD AUTHORITY, +LOCAL AUTHORITY, CREATOR AUTHORITY, +MANDATORY LABEL AUTHORITY, AUTHENTICATION +AUTHORITY, NT AUTHORITY and BUILTIN +should not be used as domain names in sssd.conf. + + + + diff --git a/src/man/zh_CN/include/ldap_search_bases.xml b/src/man/zh_CN/include/ldap_search_bases.xml new file mode 100644 index 0000000..189f862 --- /dev/null +++ b/src/man/zh_CN/include/ldap_search_bases.xml @@ -0,0 +1,31 @@ + + + An optional base DN, search scope and LDAP filter to restrict LDAP searches +for this attribute type. + + + syntax: +search_base[?scope?[filter][?search_base?scope?[filter]]*] + + + + The scope can be one of "base", "onelevel" or "subtree". The scope functions +as specified in section 4.5.1.2 of http://tools.ietf.org/html/rfc4511 + + + The filter must be a valid LDAP search filter as specified by +http://www.ietf.org/rfc/rfc2254.txt + + + For examples of this syntax, please refer to the +ldap_search_base examples section. + + + Default: the value of ldap_search_base + + + Please note that specifying scope or filter is not supported for searches +against an Active Directory Server that might yield a large number of +results and trigger the Range Retrieval extension in the response. + + diff --git a/src/man/zh_CN/include/local.xml b/src/man/zh_CN/include/local.xml new file mode 100644 index 0000000..ce849a3 --- /dev/null +++ b/src/man/zh_CN/include/local.xml @@ -0,0 +1,17 @@ + + THE LOCAL DOMAIN + + In order to function correctly, a domain with +id_provider=local must be created and the SSSD must be +running. + + + The administrator might want to use the SSSD local users instead of +traditional UNIX users in cases where the group nesting (see +sss_groupadd 8 +) is needed. The local users are also useful for testing and +development of the SSSD without having to deploy a full remote server. The +sss_user* and sss_group* tools use a +local LDB storage to store users and groups. + + diff --git a/src/man/zh_CN/include/override_homedir.xml b/src/man/zh_CN/include/override_homedir.xml new file mode 100644 index 0000000..68a1c5e --- /dev/null +++ b/src/man/zh_CN/include/override_homedir.xml @@ -0,0 +1,78 @@ + +override_homedir (string) + + + Override the user's home directory. You can either provide an absolute value +or a template. In the template, the following sequences are substituted: + + + %u + login name + + + %U + UID number + + + %d + domain name + + + %f + fully qualified user name (user@domain) + + + %l + The first letter of the login name. + + + %P + UPN - User Principal Name (name@REALM) + + + %o + + The original home directory retrieved from the identity provider. + + + + %h + + The original home directory retrieved from the identity provider, but in +lower case. + + + + %H + + The value of configure option homedir_substring. + + + + %% + a literal '%' + + + + + + This option can also be set per-domain. + + + example: +override_homedir = /home/%u + + + + Default: Not set (SSSD will use the value retrieved from LDAP) + + + Please note, the home directory from a specific override for the user, +either locally (see +sss_override +8) or centrally managed IPA +id-overrides, has a higher precedence and will be used instead of the value +given by override_homedir. + + + diff --git a/src/man/zh_CN/include/param_help.xml b/src/man/zh_CN/include/param_help.xml new file mode 100644 index 0000000..d28020b --- /dev/null +++ b/src/man/zh_CN/include/param_help.xml @@ -0,0 +1,10 @@ + + + , + + + + Display help message and exit. + + + diff --git a/src/man/zh_CN/include/param_help_py.xml b/src/man/zh_CN/include/param_help_py.xml new file mode 100644 index 0000000..a2478bf --- /dev/null +++ b/src/man/zh_CN/include/param_help_py.xml @@ -0,0 +1,10 @@ + + + , + + + + Display help message and exit. + + + diff --git a/src/man/zh_CN/include/seealso.xml b/src/man/zh_CN/include/seealso.xml new file mode 100644 index 0000000..f185cb2 --- /dev/null +++ b/src/man/zh_CN/include/seealso.xml @@ -0,0 +1,49 @@ + + 另见 + + sssd8 +, +sssd.conf5 +, +sssd-ldap5 +, +sssd-ldap-attributes5 +, +sssd-krb55 +, +sssd-simple5 +, +sssd-ipa5 +, +sssd-ad5 +, +sssd-files5 +, +sssd-sudo 5 +, +sssd-session-recording +5 , +sss_cache8 +, +sss_debuglevel8 +, +sss_obfuscate8 +, +sss_seed8 +, +sssd_krb5_locator_plugin8 +, +sss_ssh_authorizedkeys +8 , +sss_ssh_knownhostsproxy +8 , sssd-ifp +5 , +pam_sss8 +. +sss_rpcidmapd 5 + +sssd-systemtap 5 + + + diff --git a/src/man/zh_CN/include/service_discovery.xml b/src/man/zh_CN/include/service_discovery.xml new file mode 100644 index 0000000..2e417a9 --- /dev/null +++ b/src/man/zh_CN/include/service_discovery.xml @@ -0,0 +1,41 @@ + + SERVICE DISCOVERY + + The service discovery feature allows back ends to automatically find the +appropriate servers to connect to using a special DNS query. This feature is +not supported for backup servers. + + + Configuration + + If no servers are specified, the back end automatically uses service +discovery to try to find a server. Optionally, the user may choose to use +both fixed server addresses and service discovery by inserting a special +keyword, _srv_, in the list of servers. The order of +preference is maintained. This feature is useful if, for example, the user +prefers to use service discovery whenever possible, and fall back to a +specific server when no servers can be discovered using DNS. + + + + The domain name + + Please refer to the dns_discovery_domain parameter in the + sssd.conf +5 manual page for more details. + + + + The protocol + + The queries usually specify _tcp as the protocol. Exceptions are documented +in respective option description. + + + + See Also + + For more information on the service discovery mechanism, refer to RFC 2782. + + + diff --git a/src/man/zh_CN/include/upstream.xml b/src/man/zh_CN/include/upstream.xml new file mode 100644 index 0000000..2a4ad16 --- /dev/null +++ b/src/man/zh_CN/include/upstream.xml @@ -0,0 +1,3 @@ + +SSSD The SSSD upstream - +https://github.com/SSSD/sssd/ -- cgit v1.2.3